diff options
Diffstat (limited to 'lib/libssl/src')
150 files changed, 2933 insertions, 1359 deletions
diff --git a/lib/libssl/src/CHANGES b/lib/libssl/src/CHANGES index b139cf62448..a0de5abb60c 100644 --- a/lib/libssl/src/CHANGES +++ b/lib/libssl/src/CHANGES @@ -2,6 +2,64 @@ OpenSSL CHANGES _______________ + Changes between 1.0.0d and 1.0.0e [6 Sep 2011] + + *) Fix bug where CRLs with nextUpdate in the past are sometimes accepted + by initialising X509_STORE_CTX properly. (CVE-2011-3207) + [Kaspar Brand <ossl@velox.ch>] + + *) Fix SSL memory handling for (EC)DH ciphersuites, in particular + for multi-threaded use of ECDH. (CVE-2011-3210) + [Adam Langley (Google)] + + *) Fix x509_name_ex_d2i memory leak on bad inputs. + [Bodo Moeller] + + *) Remove hard coded ecdsaWithSHA1 signature tests in ssl code and check + signature public key algorithm by using OID xref utilities instead. + Before this you could only use some ECC ciphersuites with SHA1 only. + [Steve Henson] + + *) Add protection against ECDSA timing attacks as mentioned in the paper + by Billy Bob Brumley and Nicola Tuveri, see: + + http://eprint.iacr.org/2011/232.pdf + + [Billy Bob Brumley and Nicola Tuveri] + + Changes between 1.0.0c and 1.0.0d [8 Feb 2011] + + *) Fix parsing of OCSP stapling ClientHello extension. CVE-2011-0014 + [Neel Mehta, Adam Langley, Bodo Moeller (Google)] + + *) Fix bug in string printing code: if *any* escaping is enabled we must + escape the escape character (backslash) or the resulting string is + ambiguous. + [Steve Henson] + + Changes between 1.0.0b and 1.0.0c [2 Dec 2010] + + *) Disable code workaround for ancient and obsolete Netscape browsers + and servers: an attacker can use it in a ciphersuite downgrade attack. + Thanks to Martin Rex for discovering this bug. CVE-2010-4180 + [Steve Henson] + + *) Fixed J-PAKE implementation error, originally discovered by + Sebastien Martini, further info and confirmation from Stefan + Arentz and Feng Hao. Note that this fix is a security fix. CVE-2010-4252 + [Ben Laurie] + + Changes between 1.0.0a and 1.0.0b [16 Nov 2010] + + *) Fix extension code to avoid race conditions which can result in a buffer + overrun vulnerability: resumed sessions must not be modified as they can + be shared by multiple threads. CVE-2010-3864 + [Steve Henson] + + *) Fix WIN32 build system to correctly link an ENGINE directory into + a DLL. + [Steve Henson] + Changes between 1.0.0 and 1.0.0a [01 Jun 2010] *) Check return value of int_rsa_verify in pkey_rsa_verifyrecover @@ -849,7 +907,73 @@ *) Change 'Configure' script to enable Camellia by default. [NTT] - Changes between 0.9.8n and 0.9.8o [xx XXX xxxx] + Changes between 0.9.8r and 0.9.8s [xx XXX xxxx] + + *) Fix SSL memory handling for (EC)DH ciphersuites, in particular + for multi-threaded use of ECDH. + [Adam Langley (Google)] + + *) Fix x509_name_ex_d2i memory leak on bad inputs. + [Bodo Moeller] + + *) Add protection against ECDSA timing attacks as mentioned in the paper + by Billy Bob Brumley and Nicola Tuveri, see: + + http://eprint.iacr.org/2011/232.pdf + + [Billy Bob Brumley and Nicola Tuveri] + + Changes between 0.9.8q and 0.9.8r [8 Feb 2011] + + *) Fix parsing of OCSP stapling ClientHello extension. CVE-2011-0014 + [Neel Mehta, Adam Langley, Bodo Moeller (Google)] + + *) Fix bug in string printing code: if *any* escaping is enabled we must + escape the escape character (backslash) or the resulting string is + ambiguous. + [Steve Henson] + + Changes between 0.9.8p and 0.9.8q [2 Dec 2010] + + *) Disable code workaround for ancient and obsolete Netscape browsers + and servers: an attacker can use it in a ciphersuite downgrade attack. + Thanks to Martin Rex for discovering this bug. CVE-2010-4180 + [Steve Henson] + + *) Fixed J-PAKE implementation error, originally discovered by + Sebastien Martini, further info and confirmation from Stefan + Arentz and Feng Hao. Note that this fix is a security fix. CVE-2010-4252 + [Ben Laurie] + + Changes between 0.9.8o and 0.9.8p [16 Nov 2010] + + *) Fix extension code to avoid race conditions which can result in a buffer + overrun vulnerability: resumed sessions must not be modified as they can + be shared by multiple threads. CVE-2010-3864 + [Steve Henson] + + *) Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939 + [Steve Henson] + + *) Don't reencode certificate when calculating signature: cache and use + the original encoding instead. This makes signature verification of + some broken encodings work correctly. + [Steve Henson] + + *) ec2_GF2m_simple_mul bugfix: compute correct result if the output EC_POINT + is also one of the inputs. + [Emilia Käsper <emilia.kasper@esat.kuleuven.be> (Google)] + + *) Don't repeatedly append PBE algorithms to table if they already exist. + Sort table on each new add. This effectively makes the table read only + after all algorithms are added and subsequent calls to PKCS12_pbe_add + etc are non-op. + [Steve Henson] + + Changes between 0.9.8n and 0.9.8o [01 Jun 2010] + + [NB: OpenSSL 0.9.8o and later 0.9.8 patch levels were released after + OpenSSL 1.0.0.] *) Correct a typo in the CMS ASN1 module which can result in invalid memory access or freeing data twice (CVE-2010-0742) @@ -860,6 +984,12 @@ SSL_library_init and not OpenSSL_add_all_algorithms() will fail. [Steve Henson] + *) VMS fixes: + Reduce copying into .apps and .test in makevms.com + Don't try to use blank CA certificate in CA.com + Allow use of C files from original directories in maketests.com + [Steven M. Schweda" <sms@antinode.info>] + Changes between 0.9.8m and 0.9.8n [24 Mar 2010] *) When rejecting SSL/TLS records due to an incorrect version number, never @@ -868,8 +998,8 @@ - OpenSSL 0.9.8f if 'short' is longer than 16 bits, the previous behavior could result in a read attempt at NULL when receiving specific incorrect SSL/TLS records once record payload - protection is active. (CVE-2010-####) - [Bodo Moeller, Adam Langley] + protection is active. (CVE-2010-0740) + [Bodo Moeller, Adam Langley <agl@chromium.org>] *) Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL could be crashed if the relevant tables were not present (e.g. chrooted). diff --git a/lib/libssl/src/Configure b/lib/libssl/src/Configure index e3b13b9d435..429ab2e5eb6 100644 --- a/lib/libssl/src/Configure +++ b/lib/libssl/src/Configure @@ -492,6 +492,8 @@ my %table=( # Win64 targets, WIN64I denotes IA-64 and WIN64A - AMD64 "VC-WIN64I","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ias:win32", "VC-WIN64A","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:x86_64cpuid.o:bn_asm.o x86_64-mont.o::aes-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:auto:win32", +"debug-VC-WIN64I","cl:-W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ias:win32", +"debug-VC-WIN64A","cl:-W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:x86_64cpuid.o:bn_asm.o x86_64-mont.o::aes-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:auto:win32", # x86 Win32 target defaults to ANSI API, if you want UNICODE, complement # 'perl Configure VC-WIN32' with '-DUNICODE -D_UNICODE' "VC-WIN32","cl:-W3 -WX -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32", @@ -583,6 +585,7 @@ my %table=( ); my @MK1MF_Builds=qw(VC-WIN64I VC-WIN64A + debug-VC-WIN64I debug-VC-WIN64A VC-NT VC-CE VC-WIN32 debug-VC-WIN32 BC-32 netware-clib netware-clib-bsdsock @@ -1093,6 +1096,12 @@ my $ar = $ENV{'AR'} || "ar"; my $arflags = $fields[$idx_arflags]; my $multilib = $fields[$idx_multilib]; +# if $prefix/lib$multilib is not an existing directory, then +# assume that it's not searched by linker automatically, in +# which case adding $multilib suffix causes more grief than +# we're ready to tolerate, so don't... +$multilib="" if !-d "$prefix/lib$multilib"; + $libdir="lib$multilib" if $libdir eq ""; $cflags = "$cflags$exp_cflags"; @@ -1102,6 +1111,12 @@ my ($prelflags,$postlflags)=split('%',$lflags); if (defined($postlflags)) { $lflags=$postlflags; } else { $lflags=$prelflags; undef $prelflags; } +if ($target =~ /^mingw/ && `$cc --target-help 2>&1` !~ m/\-mno\-cygwin/m) + { + $cflags =~ s/\-mno\-cygwin\s*//; + $shared_ldflag =~ s/\-mno\-cygwin\s*//; + } + my $no_shared_warn=0; my $no_user_cflags=0; diff --git a/lib/libssl/src/FAQ b/lib/libssl/src/FAQ index becee6663f9..fe54856a62e 100644 --- a/lib/libssl/src/FAQ +++ b/lib/libssl/src/FAQ @@ -52,6 +52,9 @@ OpenSSL - Frequently Asked Questions * Why does the OpenSSL test suite fail in sha512t on x86 CPU? * Why does compiler fail to compile sha512.c? * Test suite still fails, what to do? +* I think I've found a bug, what should I do? +* I'm SURE I've found a bug, how do I report it? +* I've found a security issue, how do I report it? [PROG] Questions about programming with OpenSSL @@ -79,7 +82,7 @@ OpenSSL - Frequently Asked Questions * Which is the current version of OpenSSL? The current version is available from <URL: http://www.openssl.org>. -OpenSSL 1.0.0a was released on Jun 1st, 2010. +OpenSSL 1.0.0e was released on Sep 6th, 2011. In addition to the current stable release, you can also access daily snapshots of the OpenSSL development version at <URL: @@ -131,7 +134,7 @@ OpenSSL. Information on the OpenSSL mailing lists is available from * Where can I get a compiled version of OpenSSL? You can finder pointers to binary distributions in -http://www.openssl.org/related/binaries.html . +<URL: http://www.openssl.org/related/binaries.html> . Some applications that use OpenSSL are distributed in binary form. When using such an application, you don't need to install OpenSSL @@ -463,7 +466,7 @@ administrators. Other projects do have other policies so you can for example extract the CA bundle used by Mozilla and/or modssl as described in this article: - http://www.mail-archive.com/modssl-users@modssl.org/msg16980.html + <URL: http://www.mail-archive.com/modssl-users@modssl.org/msg16980.html> [BUILD] ======================================================================= @@ -505,7 +508,7 @@ when you run the test suite (using "make test"). The message returned is "bc: 1 not implemented". The best way to deal with this is to find another implementation of bc -and compile/install it. GNU bc (see http://www.gnu.org/software/software.html +and compile/install it. GNU bc (see <URL: http://www.gnu.org/software/software.html> for download instructions) can be safely used, for example. @@ -516,7 +519,7 @@ that the OpenSSL bntest throws at it. This gets triggered when you run the test suite (using "make test"). The message returned is "bc: stack empty". The best way to deal with this is to find another implementation of bc -and compile/install it. GNU bc (see http://www.gnu.org/software/software.html +and compile/install it. GNU bc (see <URL: http://www.gnu.org/software/software.html> for download instructions) can be safely used, for example. @@ -709,6 +712,46 @@ never make sense, and tend to emerge when you least expect them. In order to identify one, drop optimization level, e.g. by editing CFLAG line in top-level Makefile, recompile and re-run the test. +* I think I've found a bug, what should I do? + +If you are a new user then it is quite likely you haven't found a bug and +something is happening you aren't familiar with. Check this FAQ, the associated +documentation and the mailing lists for similar queries. If you are still +unsure whether it is a bug or not submit a query to the openssl-users mailing +list. + + +* I'm SURE I've found a bug, how do I report it? + +Bug reports with no security implications should be sent to the request +tracker. This can be done by mailing the report to <rt@openssl.org> (or its +alias <openssl-bugs@openssl.org>), please note that messages sent to the +request tracker also appear in the public openssl-dev mailing list. + +The report should be in plain text. Any patches should be sent as +plain text attachments because some mailers corrupt patches sent inline. +If your issue affects multiple versions of OpenSSL check any patches apply +cleanly and, if possible include patches to each affected version. + +The report should be given a meaningful subject line briefly summarising the +issue. Just "bug in OpenSSL" or "bug in OpenSSL 0.9.8n" is not very helpful. + +By sending reports to the request tracker the bug can then be given a priority +and assigned to the appropriate maintainer. The history of discussions can be +accessed and if the issue has been addressed or a reason why not. If patches +are only sent to openssl-dev they can be mislaid if a team member has to +wade through months of old messages to review the discussion. + +See also <URL: http://www.openssl.org/support/rt.html> + + +* I've found a security issue, how do I report it? + +If you think your bug has security implications then please send it to +openssl-security@openssl.org if you don't get a prompt reply at least +acknowledging receipt then resend or mail it directly to one of the +more active team members (e.g. Steve). + [PROG] ======================================================================== * Is OpenSSL thread-safe? diff --git a/lib/libssl/src/INSTALL.VMS b/lib/libssl/src/INSTALL.VMS index 7658f64e1d7..e5d43a57ab5 100644 --- a/lib/libssl/src/INSTALL.VMS +++ b/lib/libssl/src/INSTALL.VMS @@ -71,7 +71,7 @@ the top to understand how to use them. However, if you want to compile all you can get, the simplest is to use MAKEVMS.COM in the top directory. The syntax is the following: - @MAKEVMS <option> <rsaref-p> <debug-p> [<compiler>] + @MAKEVMS <option> <bits> <debug-p> [<compiler>] <option> must be one of the following: @@ -87,24 +87,11 @@ directory. The syntax is the following: TEST Just build the "[.xxx.EXE.TEST]" test programs for OpenSSL. APPS Just build the "[.xxx.EXE.APPS]" application programs for OpenSSL. -<rsaref-p> must be one of the following: +<bits> must be one of the following: - RSAREF compile using the RSAREF Library - NORSAREF compile without using RSAREF - -Note 0: The RSAREF library IS NO LONGER NEEDED. The RSA patent - expires September 20, 2000, and RSA Security chose to make - the algorithm public domain two weeks before that. - -Note 1: If you still want to use RSAREF, the library is NOT INCLUDED - and you have to download it. RSA Security doesn't carry it - any more, but there are a number of places where you can find - it. You have to get the ".tar-Z" file as the ".zip" file - doesn't have the directory structure stored. You have to - extract the file into the [.RSAREF] directory as that is where - the scripts will look for the files. - -Note 2: I have never done this, so I've no idea if it works or not. + "" compile using default pointer size + 32 compile using 32 bit pointer size + 64 compile using 64 bit pointer size <debug-p> must be one of the following: @@ -117,12 +104,13 @@ Note 2: I have never done this, so I've no idea if it works or not. GNUC For GNU C. -You will find the crypto library in [.xxx.EXE.CRYPTO], called LIBCRYPTO.OLB, -where xxx is VAX or AXP. You will find the SSL library in [.xxx.EXE.SSL], -named LIBSSL.OLB, and you will find a bunch of useful programs in -[.xxx.EXE.APPS]. However, these shouldn't be used right off unless it's -just to test them. For production use, make sure you install first, see -Installation below. +You will find the crypto library in [.xxx.EXE.CRYPTO] (where xxx is VAX, +ALPHA or IA64), called SSL_LIBCRYPTO32.OLB or SSL_LIBCRYPTO.OLB depending +on how it was built. You will find the SSL library in [.xxx.EXE.SSL], +named SSL_LIBSSL32.OLB or SSL_LIBSSL.OLB, and you will find a bunch of +useful programs in [.xxx.EXE.APPS]. However, these shouldn't be used +right off unless it's just to test them. For production use, make sure +you install first, see Installation below. Note 1: Some programs in this package require a TCP/IP library. @@ -170,12 +158,14 @@ Installation: Installation is easy, just do the following: - @INSTALL <root> + @INSTALL <root> <bits> <root> is the directory in which everything will be installed, subdirectories, libraries, header files, programs and startup command procedures. +<bits> works the same way as for MAKEVMS.COM + N.B.: INSTALL.COM builds a new directory structure, different from the directory tree where you have now build OpenSSL. @@ -196,6 +186,10 @@ following command procedures: sets up the symbols to the applications. Should be called from for example SYS$MANAGER:SYLOGIN.COM + OPENSSL_UNDO.COM + + deassigns the logical names created with OPENSSL_STARTUP.COM. + The logical names that are set up are the following: SSLROOT a dotted concealed logical name pointing at the @@ -203,7 +197,6 @@ The logical names that are set up are the following: SSLCERTS Initially an empty directory, this is the default location for certificate files. - SSLMISC Various scripts. SSLPRIVATE Initially an empty directory, this is the default location for private key files. @@ -211,8 +204,9 @@ The logical names that are set up are the following: programs. SSLINCLUDE Contains the header files needed if you want to compile programs with libcrypto or libssl. - SSLLIB Contains the OpenSSL library files (LIBCRYPTO.OLB - and LIBSSL.OLB) themselves. + SSLLIB Contains the OpenSSL library files themselves: + - SSL_LIBCRYPTO32.OLB and SSL_LIBSSL32.OLB or + - SSL_LIBCRYPTO.OLB and SSL_LIBSSL.OLB OPENSSL Same as SSLINCLUDE. This is because the standard way to include OpenSSL header files from version @@ -296,4 +290,4 @@ have any ideas. -- Richard Levitte <richard@levitte.org> -2000-02-27 +2000-02-27, 2011-03-18 diff --git a/lib/libssl/src/INSTALL.W32 b/lib/libssl/src/INSTALL.W32 index 77441f1ef3f..d23c4baf625 100644 --- a/lib/libssl/src/INSTALL.W32 +++ b/lib/libssl/src/INSTALL.W32 @@ -185,6 +185,15 @@ required. Run the installers and do whatever magic they say it takes to start MSYS bash shell with GNU tools on its PATH. + N.B. Since source tar-ball can contain symbolic links, it's essential + that you use accompanying MSYS tar to unpack the source. It will + either handle them in one way or another or fail to extract them, + which does the trick too. Latter means that you may safely ignore all + "cannot create symlink" messages, as they will be "re-created" at + configure stage by copying corresponding files. Alternative programs + were observed to create empty files instead, which results in build + failure. + * Compile OpenSSL: $ ./config @@ -297,7 +306,18 @@ desktop, which is not available to service processes. The toolkit is designed to detect in which context it's currently executed, GUI, console app or service, and act accordingly, namely whether or not to - actually make GUI calls. + actually make GUI calls. Additionally those who wish to + /DELAYLOAD:GDI32.DLL and /DELAYLOAD:USER32.DLL and actually keep them + off service process should consider implementing and exporting from + .exe image in question own _OPENSSL_isservice not relying on USER32.DLL. + E.g., on Windows Vista and later you could: + + __declspec(dllexport) __cdecl BOOL _OPENSSL_isservice(void) + { DWORD sess; + if (ProcessIdToSessionId(GetCurrentProcessId(),&sess)) + return sess==0; + return FALSE; + } If you link with OpenSSL .DLLs, then you're expected to include into your application code small "shim" snippet, which provides glue between diff --git a/lib/libssl/src/LICENSE b/lib/libssl/src/LICENSE index a2c4adcbe6a..e47d101f102 100644 --- a/lib/libssl/src/LICENSE +++ b/lib/libssl/src/LICENSE @@ -12,7 +12,7 @@ --------------- /* ==================================================================== - * Copyright (c) 1998-2008 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/lib/libssl/src/Makefile b/lib/libssl/src/Makefile index 47bb99c40b0..445e15d671e 100644 --- a/lib/libssl/src/Makefile +++ b/lib/libssl/src/Makefile @@ -4,7 +4,7 @@ ## Makefile for OpenSSL ## -VERSION=1.0.0a +VERSION=1.0.0e MAJOR=1 MINOR=0.0 SHLIB_VERSION_NUMBER=1.0.0 diff --git a/lib/libssl/src/Makefile.shared b/lib/libssl/src/Makefile.shared index 3569832f1b9..e753f44e18f 100644 --- a/lib/libssl/src/Makefile.shared +++ b/lib/libssl/src/Makefile.shared @@ -135,7 +135,7 @@ LINK_SO_A_VIA_O= \ ALL=$$ALLSYMSFLAGS; ALLSYMSFLAGS=; NOALLSYMSFLAGS=; \ ( $(SET_X); \ ld $(LDFLAGS) -r -o lib$(LIBNAME).o $$ALL lib$(LIBNAME).a $(LIBEXTRAS) ); \ - $(LINK_SO) && rm -f $(LIBNAME).o + $(LINK_SO) && rm -f lib$(LIBNAME).o LINK_SO_A_UNPACKED= \ UNPACKDIR=link_tmp.$$$$; rm -rf $$UNPACKDIR; mkdir $$UNPACKDIR; \ @@ -207,17 +207,29 @@ link_app.bsd: fi; $(LINK_APP) # For Darwin AKA Mac OS/X (dyld) -# link_o.darwin produces .so, because we let it use dso_dlfcn module, -# which has .so extension hard-coded. One can argue that one should -# develop special dso module for MacOS X. At least manual encourages -# to use native NSModule(3) API and refers to dlfcn as termporary hack. +# Originally link_o.darwin produced .so, because it was hard-coded +# in dso_dlfcn module. At later point dso_dlfcn switched to .dylib +# extension in order to allow for run-time linking with vendor- +# supplied shared libraries such as libz, so that link_o.darwin had +# to be harmonized with it. This caused minor controversy, because +# it was believed that dlopen can't be used to dynamically load +# .dylib-s, only so called bundle modules (ones linked with -bundle +# flag). The belief seems to be originating from pre-10.4 release, +# where dlfcn functionality was emulated by dlcompat add-on. In +# 10.4 dlopen was rewritten as native part of dyld and is documented +# to be capable of loading both dynamic libraries and bundles. In +# order to provide compatibility with pre-10.4 dlopen, modules are +# linked with -bundle flag, which makes .dylib extension misleading. +# It works, because dlopen is [and always was] extension-agnostic. +# Alternative to this heuristic approach is to develop specific +# MacOS X dso module relying on whichever "native" dyld interface. link_o.darwin: @ $(CALC_VERSIONS); \ SHLIB=lib$(LIBNAME); \ - SHLIB_SUFFIX=.so; \ + SHLIB_SUFFIX=.dylib; \ ALLSYMSFLAGS='-all_load'; \ NOALLSYMSFLAGS=''; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS)"; \ + SHAREDFLAGS="$(CFLAGS) `echo $(SHARED_LDFLAGS) | sed s/dynamiclib/bundle/`"; \ if [ -n "$(LIBVERSION)" ]; then \ SHAREDFLAGS="$$SHAREDFLAGS -current_version $(LIBVERSION)"; \ fi; \ diff --git a/lib/libssl/src/NEWS b/lib/libssl/src/NEWS index 3a787ea06ce..672810dcc71 100644 --- a/lib/libssl/src/NEWS +++ b/lib/libssl/src/NEWS @@ -5,12 +5,38 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 1.0.0d and OpenSSL 1.0.0e: + + o Fix for CRL vulnerability issue CVE-2011-3207 + o Fix for ECDH crashes CVE-2011-3210 + o Protection against EC timing attacks. + o Support ECDH ciphersuites for certificates using SHA2 algorithms. + o Various DTLS fixes. + + Major changes between OpenSSL 1.0.0c and OpenSSL 1.0.0d: + + o Fix for security issue CVE-2011-0014 + + Major changes between OpenSSL 1.0.0b and OpenSSL 1.0.0c: + + o Fix for security issue CVE-2010-4180 + o Fix for CVE-2010-4252 + o Fix mishandling of absent EC point format extension. + o Fix various platform compilation issues. + o Corrected fix for security issue CVE-2010-3864. + + Major changes between OpenSSL 1.0.0a and OpenSSL 1.0.0b: + + o Fix for security issue CVE-2010-3864. + o Fix for CVE-2010-2939 + o Fix WIN32 build system for GOST ENGINE. + Major changes between OpenSSL 1.0.0 and OpenSSL 1.0.0a: o Fix for security issue CVE-2010-1633. o GOST MAC and CFB fixes. - Major changes between OpenSSL 0.9.8n and OpenSSL 1.0: + Major changes between OpenSSL 0.9.8n and OpenSSL 1.0.0: o RFC3280 path validation: sufficient to process PKITS tests. o Integrated support for PVK files and keyblobs. @@ -33,6 +59,19 @@ o Opaque PRF Input TLS extension support. o Updated time routines to avoid OS limitations. + Major changes between OpenSSL 0.9.8q and OpenSSL 0.9.8r: + + o Fix for security issue CVE-2011-0014 + + Major changes between OpenSSL 0.9.8p and OpenSSL 0.9.8q: + + o Fix for security issue CVE-2010-4180 + o Fix for CVE-2010-4252 + + Major changes between OpenSSL 0.9.8o and OpenSSL 0.9.8p: + + o Fix for security issue CVE-2010-3864. + Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o: o Fix for security issue CVE-2010-0742. diff --git a/lib/libssl/src/PROBLEMS b/lib/libssl/src/PROBLEMS index ed3c1745352..d247470f061 100644 --- a/lib/libssl/src/PROBLEMS +++ b/lib/libssl/src/PROBLEMS @@ -36,7 +36,9 @@ may differ on your machine. As long as Apple doesn't fix the problem with ld, this problem building -OpenSSL will remain as is. +OpenSSL will remain as is. Well, the problem was addressed in 0.9.8f by +passing -Wl,-search_paths_first, but it's unknown if the flag was +supported from the initial MacOS X release. * Parallell make leads to errors diff --git a/lib/libssl/src/README b/lib/libssl/src/README index c1d0a5fd52e..898437989af 100644 --- a/lib/libssl/src/README +++ b/lib/libssl/src/README @@ -1,7 +1,7 @@ - OpenSSL 1.0.0a 1 Jun 2010 + OpenSSL 1.0.0e 6 Sep 2011 - Copyright (c) 1998-2010 The OpenSSL Project + Copyright (c) 1998-2011 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson All rights reserved. diff --git a/lib/libssl/src/VMS/mkshared.com b/lib/libssl/src/VMS/mkshared.com index c8acd2adebc..794e1de62a5 100644 --- a/lib/libssl/src/VMS/mkshared.com +++ b/lib/libssl/src/VMS/mkshared.com @@ -1,85 +1,162 @@ -$! MKSHARED.COM -- script to created shareable images on VMS +$! MKSHARED.COM -- Create shareable images. $! -$! No command line parameters. This should be run at the start of the source -$! tree (the same directory where one finds INSTALL.VMS). +$! P1: "64" for 64-bit pointers. $! -$! Input: [.UTIL]LIBEAY.NUM,[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB -$! [.UTIL]SSLEAY.NUM,[.xxx.EXE.SSL]LIBSSL.OLB -$! Output: [.xxx.EXE.CRYPTO]LIBCRYPTO.OPT,.MAP,.EXE -$! [.xxx.EXE.SSL]LIBSSL.OPT,.MAP,.EXE +$! P2: Zlib object library path (optional). +$! +$! Input: [.UTIL]LIBEAY.NUM,[.xxx.EXE.CRYPTO]SSL_LIBCRYPTO[32].OLB +$! [.UTIL]SSLEAY.NUM,[.xxx.EXE.SSL]SSL_LIBSSL[32].OLB +$! Output: [.xxx.EXE.CRYPTO]SSL_LIBCRYPTO_SHR[32].OPT,.MAP,.EXE +$! [.xxx.EXE.SSL]SSL_LIBSSL_SRH[32].OPT,.MAP,.EXE $! $! So far, tests have only been made on VMS for Alpha. VAX will come in time. $! =========================================================================== -$ +$! +$! Announce/identify. +$! +$ proc = f$environment( "procedure") +$ write sys$output "@@@ "+ - + f$parse( proc, , , "name")+ f$parse( proc, , , "type") +$! +$! Save the original default device:[directory]. +$! +$ def_orig = f$environment( "default") +$ on error then goto tidy +$ on control_c then goto tidy +$! +$! SET DEFAULT to the main kit directory. +$! +$ proc = f$environment("procedure") +$ proc = f$parse( "A.;", proc)- "A.;" +$ set default 'proc' +$ set default [-] +$! $! ----- Prepare info for processing: version number and file info $ gosub read_version_info $ if libver .eqs. "" $ then $ write sys$error "ERROR: Couldn't find any library version info..." -$ exit +$ go to tidy: $ endif $ -$ if (f$getsyi("cpu").lt.128) +$ if (f$getsyi("cpu") .lt. 128) $ then -$ arch := VAX +$ arch_vax = 1 +$ arch = "VAX" $ else -$ arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if (arch .eqs. "") then arch = "UNK" +$ arch_vax = 0 +$ arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") +$ if (arch .eqs. "") then arch = "UNK" $ endif -$ -$ if arch .nes. "VAX" +$! +$ archd = arch +$ lib32 = "32" +$ shr = "SHR32" +$! +$ if (p1 .nes. "") $ then -$ arch_vax = 0 +$ if (p1 .eqs. "64") +$ then +$ archd = arch+ "_64" +$ lib32 = "" +$ shr = "SHR" +$ else +$ if (p1 .nes. "32") +$ then +$ write sys$output "Second argument invalid." +$ write sys$output "It should be "32", "64", or nothing." +$ exit +$ endif +$ endif +$ endif +$! +$ ZLIB = p2 +$ zlib_lib = "" +$ if (ZLIB .nes. "") +$ then +$ file2 = f$parse( ZLIB, "libz.olb", , , "syntax_only") +$ if (f$search( file2) .eqs. "") +$ then +$ write sys$output "" +$ write sys$output "The Option ", ZLIB, " Is Invalid." +$ write sys$output " Can't find library: ''file2'" +$ write sys$output "" +$ goto tidy +$ endif +$ zlib_lib = ", ''file2' /library" +$ endif +$! +$ if (arch_vax) +$ then +$ libtit = "CRYPTO_TRANSFER_VECTOR" $ libid = "Crypto" $ libnum = "[.UTIL]LIBEAY.NUM" -$ libdir = "[.''ARCH'.EXE.CRYPTO]" -$ libolb = "''libdir'LIBCRYPTO.OLB" -$ libopt = "''libdir'LIBCRYPTO.OPT" -$ libmap = "''libdir'LIBCRYPTO.MAP" -$ libgoal= "''libdir'LIBCRYPTO.EXE" +$ libdir = "[.''ARCHD'.EXE.CRYPTO]" +$ libmar = "''libdir'SSL_LIBCRYPTO_''shr'.MAR" +$ libolb = "''libdir'SSL_LIBCRYPTO''lib32'.OLB" +$ libopt = "''libdir'SSL_LIBCRYPTO_''shr'.OPT" +$ libobj = "''libdir'SSL_LIBCRYPTO_''shr'.OBJ" +$ libmap = "''libdir'SSL_LIBCRYPTO_''shr'.MAP" +$ libgoal= "''libdir'SSL_LIBCRYPTO_''shr'.EXE" $ libref = "" -$ gosub create_nonvax_shr +$ libvec = "LIBCRYPTO" +$ if f$search( libolb) .nes. "" then gosub create_vax_shr +$ libtit = "SSL_TRANSFER_VECTOR" $ libid = "SSL" $ libnum = "[.UTIL]SSLEAY.NUM" -$ libdir = "[.''ARCH'.EXE.SSL]" -$ libolb = "''libdir'LIBSSL.OLB" -$ libopt = "''libdir'LIBSSL.OPT" -$ libmap = "''libdir'LIBSSL.MAP" -$ libgoal= "''libdir'LIBSSL.EXE" -$ libref = "[.''ARCH'.EXE.CRYPTO]LIBCRYPTO.EXE" -$ gosub create_nonvax_shr +$ libdir = "[.''ARCHD'.EXE.SSL]" +$ libmar = "''libdir'SSL_LIBSSL_''shr'.MAR" +$ libolb = "''libdir'SSL_LIBSSL''lib32'.OLB" +$ libopt = "''libdir'SSL_LIBSSL_''shr'.OPT" +$ libobj = "''libdir'SSL_LIBSSL_''shr'.OBJ" +$ libmap = "''libdir'SSL_LIBSSL_''shr'.MAP" +$ libgoal= "''libdir'SSL_LIBSSL_''shr'.EXE" +$ libref = "[.''ARCHD'.EXE.CRYPTO]SSL_LIBCRYPTO_''shr'.EXE" +$ libvec = "LIBSSL" +$ if f$search( libolb) .nes. "" then gosub create_vax_shr $ else -$ arch_vax = 1 -$ libtit = "CRYPTO_TRANSFER_VECTOR" $ libid = "Crypto" $ libnum = "[.UTIL]LIBEAY.NUM" -$ libdir = "[.''ARCH'.EXE.CRYPTO]" -$ libmar = "''libdir'LIBCRYPTO.MAR" -$ libolb = "''libdir'LIBCRYPTO.OLB" -$ libopt = "''libdir'LIBCRYPTO.OPT" -$ libobj = "''libdir'LIBCRYPTO.OBJ" -$ libmap = "''libdir'LIBCRYPTO.MAP" -$ libgoal= "''libdir'LIBCRYPTO.EXE" +$ libdir = "[.''ARCHD'.EXE.CRYPTO]" +$ libolb = "''libdir'SSL_LIBCRYPTO''lib32'.OLB" +$ libopt = "''libdir'SSL_LIBCRYPTO_''shr'.OPT" +$ libmap = "''libdir'SSL_LIBCRYPTO_''shr'.MAP" +$ libgoal= "''libdir'SSL_LIBCRYPTO_''shr'.EXE" $ libref = "" -$ libvec = "LIBCRYPTO" -$ gosub create_vax_shr -$ libtit = "SSL_TRANSFER_VECTOR" +$ if f$search( libolb) .nes. "" then gosub create_nonvax_shr $ libid = "SSL" $ libnum = "[.UTIL]SSLEAY.NUM" -$ libdir = "[.''ARCH'.EXE.SSL]" -$ libmar = "''libdir'LIBSSL.MAR" -$ libolb = "''libdir'LIBSSL.OLB" -$ libopt = "''libdir'LIBSSL.OPT" -$ libobj = "''libdir'LIBSSL.OBJ" -$ libmap = "''libdir'LIBSSL.MAP" -$ libgoal= "''libdir'LIBSSL.EXE" -$ libref = "[.''ARCH'.EXE.CRYPTO]LIBCRYPTO.EXE" -$ libvec = "LIBSSL" -$ gosub create_vax_shr +$ libdir = "[.''ARCHD'.EXE.SSL]" +$ libolb = "''libdir'SSL_LIBSSL''lib32'.OLB" +$ libopt = "''libdir'SSL_LIBSSL_''shr'.OPT" +$ libmap = "''libdir'SSL_LIBSSL_''shr'.MAP" +$ libgoal= "''libdir'SSL_LIBSSL_''shr'.EXE" +$ libref = "[.''ARCHD'.EXE.CRYPTO]SSL_LIBCRYPTO_''shr'.EXE" +$ if f$search( libolb) .nes. "" then gosub create_nonvax_shr $ endif +$! +$ tidy: +$! +$! Close any open files. +$! +$ if (f$trnlnm( "libnum", "LNM$PROCESS", 0, "SUPERVISOR") .nes. "") then - + close libnum +$! +$ if (f$trnlnm( "mar", "LNM$PROCESS", 0, "SUPERVISOR") .nes. "") then - + close mar +$! +$ if (f$trnlnm( "opt", "LNM$PROCESS", 0, "SUPERVISOR") .nes. "") then - + close opt +$! +$ if (f$trnlnm( "vf", "LNM$PROCESS", 0, "SUPERVISOR") .nes. "") then - + close vf +$! +$! Restore the original default device:[directory]. +$! +$ set default 'def_orig' $ exit $ -$! ----- Soubroutines to build the shareable libraries +$! ----- Subroutines to build the shareable libraries $! For each supported architecture, there's a main shareable library $! creator, which is called from the main code above. $! The creator will define a number of variables to tell the next levels of @@ -111,9 +188,9 @@ $! ----- Subroutines for non-VAX $! ----- $! The creator routine $ create_nonvax_shr: -$ open/write opt 'libopt' +$ open /write opt 'libopt' $ write opt "identification=""",libid," ",libverstr,"""" -$ write opt libolb,"/lib" +$ write opt libolb, " /library" $ if libref .nes. "" then write opt libref,"/SHARE" $ write opt "SYMBOL_VECTOR=(-" $ libfirstentry := true @@ -124,7 +201,8 @@ $ gosub read_func_num $ write opt ")" $ write opt "GSMATCH=",libvmatch,",",libver $ close opt -$ link/map='libmap'/full/share='libgoal' 'libopt'/option +$ link /map = 'libmap' /full /share = 'libgoal' 'libopt' /options - + 'zlib_lib' $ return $ $! The record writer routine @@ -158,7 +236,7 @@ $! ----- Subroutines for VAX $! ----- $! The creator routine $ create_vax_shr: -$ open/write mar 'libmar' +$ open /write mar 'libmar' $ type sys$input:/out=mar: ; ; Transfer vector for VAX shareable image @@ -193,10 +271,10 @@ $! libwriter := write_vax_vtransfer_entry $! gosub read_func_num $ write mar " .END" $ close mar -$ open/write opt 'libopt' +$ open /write opt 'libopt' $ write opt "identification=""",libid," ",libverstr,"""" $ write opt libobj -$ write opt libolb,"/lib" +$ write opt libolb, " /library" $ if libref .nes. "" then write opt libref,"/SHARE" $ type sys$input:/out=opt: ! @@ -215,7 +293,8 @@ $ libwriter := write_vax_psect_attr $ gosub read_func_num $ close opt $ macro/obj='libobj' 'libmar' -$ link/map='libmap'/full/share='libgoal' 'libopt'/option +$ link /map = 'libmap' /full /share = 'libgoal' 'libopt' /options - + 'zlib_lib' $ return $ $! The record writer routine for VAX functions @@ -237,9 +316,9 @@ $ return $ $! ----- Common subroutines $! ----- -$! The .num file reader. This one has great responsability. +$! The .num file reader. This one has great responsibility. $ read_func_num: -$ open libnum 'libnum' +$ open /read libnum 'libnum' $ goto read_nums $ $ read_nums: @@ -247,27 +326,30 @@ $ libentrynum=0 $ liblastentry:=false $ entrycount=0 $ loop: -$ read/end=loop_end/err=loop_end libnum line -$ entrynum=f$int(f$element(1," ",f$edit(line,"COMPRESS,TRIM"))) -$ entryinfo=f$element(2," ",f$edit(line,"COMPRESS,TRIM")) -$ curentry=f$element(0," ",f$edit(line,"COMPRESS,TRIM")) -$ info_exist=f$element(0,":",entryinfo) -$ info_platforms=","+f$element(1,":",entryinfo)+"," -$ info_kind=f$element(2,":",entryinfo) -$ info_algorithms=","+f$element(3,":",entryinfo)+"," +$ read /end=loop_end /err=loop_end libnum line +$ lin = f$edit( line, "COMPRESS,TRIM") +$! Skip a "#" comment line. +$ if (f$extract( 0, 1, lin) .eqs. "#") then goto loop +$ entrynum = f$int(f$element( 1, " ", lin)) +$ entryinfo = f$element( 2, " ", lin) +$ curentry = f$element( 0, " ", lin) +$ info_exist = f$element( 0, ":", entryinfo) +$ info_platforms = ","+ f$element(1, ":", entryinfo)+ "," +$ info_kind = f$element( 2, ":", entryinfo) +$ info_algorithms = ","+ f$element( 3, ":", entryinfo)+ "," $ if info_exist .eqs. "NOEXIST" then goto loop $ truesum = 0 $ falsesum = 0 $ negatives = 1 $ plat_i = 0 $ loop1: -$ plat_entry = f$element(plat_i,",",info_platforms) +$ plat_entry = f$element( plat_i, ",", info_platforms) $ plat_i = plat_i + 1 $ if plat_entry .eqs. "" then goto loop1 $ if plat_entry .nes. "," $ then $ if f$extract(0,1,plat_entry) .nes. "!" then negatives = 0 -$ if f$getsyi("CPU") .lt. 128 +$ if (arch_vax) $ then $ if plat_entry .eqs. "EXPORT_VAR_AS_FUNCTION" then - $ truesum = truesum + 1 @@ -276,6 +358,7 @@ $ falsesum = falsesum + 1 $ endif $! $ if ((plat_entry .eqs. "VMS") .or. - + ((plat_entry .eqs. "ZLIB") .and. (ZLIB .nes. "")) .or. - (arch_vax .and. (plat_entry .eqs. "VMSVAX"))) then - truesum = truesum + 1 $! @@ -345,7 +428,7 @@ $ $! The version number reader $ read_version_info: $ libver = "" -$ open/read vf [.CRYPTO]OPENSSLV.H +$ open /read vf [.CRYPTO]OPENSSLV.H $ loop_rvi: $ read/err=endloop_rvi/end=endloop_rvi vf rvi_line $ if rvi_line - "SHLIB_VERSION_NUMBER """ .eqs. rvi_line then - diff --git a/lib/libssl/src/apps/CA.com b/lib/libssl/src/apps/CA.com index 69b7bb3fd8b..2c0d465274f 100644 --- a/lib/libssl/src/apps/CA.com +++ b/lib/libssl/src/apps/CA.com @@ -37,14 +37,25 @@ $ VERIFY = openssl + " verify" $ X509 = openssl + " x509" $ PKCS12 = openssl + " pkcs12" $ echo = "write sys$Output" +$ RET = 1 +$! +$! 2010-12-20 SMS. +$! Use a concealed logical name to reduce command line lengths, to +$! avoid DCL errors on VAX: +$! %DCL-W-TKNOVF, command element is too long - shorten +$! (Path segments like "openssl-1_0_1-stable-SNAP-20101217" accumulate +$! quickly.) +$! +$ CATOP = F$PARSE( F$ENVIRONMENT( "DEFAULT"), "[]")- "].;"+ ".demoCA.]" +$ define /translation_attributes = concealed CATOP 'CATOP' $! -$ s = F$PARSE(F$ENVIRONMENT("DEFAULT"),"[]") - "].;" -$ CATOP := 's'.demoCA -$ CAKEY := ]cakey.pem -$ CACERT := ]cacert.pem +$ on error then goto clean_up +$ on control_y then goto clean_up +$! +$ CAKEY = "CATOP:[private]cakey.pem" +$ CACERT = "CATOP:[000000]cacert.pem" $ $ __INPUT := SYS$COMMAND -$ RET = 1 $! $ i = 1 $opt_loop: @@ -55,7 +66,7 @@ $ $ IF (prog_opt .EQS. "?" .OR. prog_opt .EQS. "-h" .OR. prog_opt .EQS. "-help") $ THEN $ echo "usage: CA -newcert|-newreq|-newca|-sign|-verify" -$ exit +$ goto clean_up $ ENDIF $! $ IF (prog_opt .EQS. "-input") @@ -69,7 +80,7 @@ $! $ IF (prog_opt .EQS. "-newcert") $ THEN $ ! Create a certificate. -$ DEFINE/USER SYS$INPUT '__INPUT' +$ DEFINE /USER_MODE SYS$INPUT '__INPUT' $ REQ -new -x509 -keyout newreq.pem -out newreq.pem 'DAYS' $ RET=$STATUS $ echo "Certificate (and private key) is in newreq.pem" @@ -79,7 +90,7 @@ $! $ IF (prog_opt .EQS. "-newreq") $ THEN $ ! Create a certificate request -$ DEFINE/USER SYS$INPUT '__INPUT' +$ DEFINE /USER_MODE SYS$INPUT '__INPUT' $ REQ -new -keyout newreq.pem -out newreq.pem 'DAYS' $ RET=$STATUS $ echo "Request (and private key) is in newreq.pem" @@ -90,41 +101,40 @@ $ IF (prog_opt .EQS. "-newca") $ THEN $ ! If explicitly asked for or it doesn't exist then setup the directory $ ! structure that Eric likes to manage things. -$ IF F$SEARCH(CATOP+"]serial.") .EQS. "" +$ IF F$SEARCH( "CATOP:[000000]serial.") .EQS. "" $ THEN -$ CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'] -$ CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.certs] -$ CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.crl] -$ CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.newcerts] -$ CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.private] +$ CREATE /DIRECTORY /PROTECTION=OWNER:RWED CATOP:[000000] +$ CREATE /DIRECTORY /PROTECTION=OWNER:RWED CATOP:[certs] +$ CREATE /DIRECTORY /PROTECTION=OWNER:RWED CATOP:[crl] +$ CREATE /DIRECTORY /PROTECTION=OWNER:RWED CATOP:[newcerts] +$ CREATE /DIRECTORY /PROTECTION=OWNER:RWED CATOP:[private] $ -$ OPEN /WRITE ser_file 'CATOP']serial. +$ OPEN /WRITE ser_file CATOP:[000000]serial. $ WRITE ser_file "01" $ CLOSE ser_file -$ APPEND/NEW NL: 'CATOP']index.txt +$ APPEND /NEW_VERSION NL: CATOP:[000000]index.txt $ $ ! The following is to make sure access() doesn't get confused. It $ ! really needs one file in the directory to give correct answers... -$ COPY NLA0: 'CATOP'.certs].; -$ COPY NLA0: 'CATOP'.crl].; -$ COPY NLA0: 'CATOP'.newcerts].; -$ COPY NLA0: 'CATOP'.private].; +$ COPY NLA0: CATOP:[certs].; +$ COPY NLA0: CATOP:[crl].; +$ COPY NLA0: CATOP:[newcerts].; +$ COPY NLA0: CATOP:[private].; $ ENDIF $! -$ IF F$SEARCH(CATOP+".private"+CAKEY) .EQS. "" +$ IF F$SEARCH( CAKEY) .EQS. "" $ THEN $ READ '__INPUT' FILE - - /PROMPT="CA certificate filename (or enter to create)" + /PROMPT="CA certificate filename (or enter to create): " $ IF (FILE .NES. "") .AND. (F$SEARCH(FILE) .NES. "") $ THEN -$ COPY 'FILE' 'CATOP'.private'CAKEY' -$ RET=$STATUS +$ COPY 'FILE' 'CAKEY' +$ RET=$STATUS $ ELSE $ echo "Making CA certificate ..." -$ DEFINE/USER SYS$INPUT '__INPUT' -$ REQ -new -x509 -keyout 'CATOP'.private'CAKEY' - - -out 'CATOP''CACERT' 'DAYS' -$ RET=$STATUS +$ DEFINE /USER_MODE SYS$INPUT '__INPUT' +$ REQ -new -x509 -keyout 'CAKEY' -out 'CACERT' 'DAYS' +$ RET=$STATUS $ ENDIF $ ENDIF $ GOTO opt_loop_continue @@ -135,16 +145,16 @@ $ THEN $ i = i + 1 $ cname = P'i' $ IF cname .EQS. "" THEN cname = "My certificate" -$ PKCS12 -in newcert.pem -inkey newreq.pem -certfile 'CATOP''CACERT - - -out newcert.p12 -export -name "''cname'" +$ PKCS12 -in newcert.pem -inkey newreq.pem -certfile 'CACERT' - + -out newcert.p12 -export -name "''cname'" $ RET=$STATUS -$ exit RET +$ goto clean_up $ ENDIF $! $ IF (prog_opt .EQS. "-xsign") $ THEN $! -$ DEFINE/USER SYS$INPUT '__INPUT' +$ DEFINE /USER_MODE SYS$INPUT '__INPUT' $ CA -policy policy_anything -infiles newreq.pem $ RET=$STATUS $ GOTO opt_loop_continue @@ -153,7 +163,7 @@ $! $ IF ((prog_opt .EQS. "-sign") .OR. (prog_opt .EQS. "-signreq")) $ THEN $! -$ DEFINE/USER SYS$INPUT '__INPUT' +$ DEFINE /USER_MODE SYS$INPUT '__INPUT' $ CA -policy policy_anything -out newcert.pem -infiles newreq.pem $ RET=$STATUS $ type newcert.pem @@ -165,9 +175,9 @@ $ IF (prog_opt .EQS. "-signcert") $ THEN $! $ echo "Cert passphrase will be requested twice - bug?" -$ DEFINE/USER SYS$INPUT '__INPUT' +$ DEFINE /USER_MODE SYS$INPUT '__INPUT' $ X509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem -$ DEFINE/USER SYS$INPUT '__INPUT' +$ DEFINE /USER_MODE SYS$INPUT '__INPUT' $ CA -policy policy_anything -out newcert.pem -infiles tmp.pem y y @@ -182,17 +192,17 @@ $! $ i = i + 1 $ IF (p'i' .EQS. "") $ THEN -$ DEFINE/USER SYS$INPUT '__INPUT' -$ VERIFY "-CAfile" 'CATOP''CACERT' newcert.pem +$ DEFINE /USER_MODE SYS$INPUT '__INPUT' +$ VERIFY "-CAfile" 'CACERT' newcert.pem $ ELSE $ j = i $ verify_opt_loop: $ IF j .GT. 8 THEN GOTO verify_opt_loop_end $ IF p'j' .NES. "" $ THEN -$ DEFINE/USER SYS$INPUT '__INPUT' +$ DEFINE /USER_MODE SYS$INPUT '__INPUT' $ __tmp = p'j' -$ VERIFY "-CAfile" 'CATOP''CACERT' '__tmp' +$ VERIFY "-CAfile" 'CACERT' '__tmp' $ tmp=$STATUS $ IF tmp .NE. 0 THEN RET=tmp $ ENDIF @@ -208,8 +218,8 @@ $ IF (prog_opt .NES. "") $ THEN $! $ echo "Unknown argument ''prog_opt'" -$ -$ EXIT 3 +$ RET = 3 +$ goto clean_up $ ENDIF $ $opt_loop_continue: @@ -217,4 +227,10 @@ $ i = i + 1 $ GOTO opt_loop $ $opt_loop_end: +$! +$clean_up: +$! +$ if f$trnlnm( "CATOP", "LNM$PROCESS") .nes. "" then - + deassign /process CATOP +$! $ EXIT 'RET' diff --git a/lib/libssl/src/apps/apps.c b/lib/libssl/src/apps/apps.c index acc50df04e8..feb7ed46e63 100644 --- a/lib/libssl/src/apps/apps.c +++ b/lib/libssl/src/apps/apps.c @@ -257,6 +257,8 @@ int args_from_file(char *file, int *argc, char **argv[]) int str2fmt(char *s) { + if (s == NULL) + return FORMAT_UNDEF; if ((*s == 'D') || (*s == 'd')) return(FORMAT_ASN1); else if ((*s == 'T') || (*s == 't')) @@ -377,13 +379,12 @@ void program_name(char *in, char *out, int size) int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[]) { - int num,len,i; + int num,i; char *p; *argc=0; *argv=NULL; - len=strlen(buf); i=0; if (arg->count == 0) { @@ -797,7 +798,9 @@ X509 *load_cert(BIO *err, const char *file, int format, if (file == NULL) { #ifdef _IONBF +# ifndef OPENSSL_NO_SETVBUF_IONBF setvbuf(stdin, NULL, _IONBF, 0); +# endif /* ndef OPENSSL_NO_SETVBUF_IONBF */ #endif BIO_set_fp(cert,stdin,BIO_NOCLOSE); } @@ -898,7 +901,9 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin, if (file == NULL && maybe_stdin) { #ifdef _IONBF +# ifndef OPENSSL_NO_SETVBUF_IONBF setvbuf(stdin, NULL, _IONBF, 0); +# endif /* ndef OPENSSL_NO_SETVBUF_IONBF */ #endif BIO_set_fp(key,stdin,BIO_NOCLOSE); } @@ -987,7 +992,9 @@ EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin, if (file == NULL && maybe_stdin) { #ifdef _IONBF +# ifndef OPENSSL_NO_SETVBUF_IONBF setvbuf(stdin, NULL, _IONBF, 0); +# endif /* ndef OPENSSL_NO_SETVBUF_IONBF */ #endif BIO_set_fp(key,stdin,BIO_NOCLOSE); } diff --git a/lib/libssl/src/apps/asn1pars.c b/lib/libssl/src/apps/asn1pars.c index b5d65e725b8..0d6607071fe 100644 --- a/lib/libssl/src/apps/asn1pars.c +++ b/lib/libssl/src/apps/asn1pars.c @@ -408,6 +408,7 @@ static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf) atyp = ASN1_generate_nconf(genstr, cnf); NCONF_free(cnf); + cnf = NULL; if (!atyp) return -1; diff --git a/lib/libssl/src/apps/dh.c b/lib/libssl/src/apps/dh.c index e9609d630d9..dee9c01fcec 100644 --- a/lib/libssl/src/apps/dh.c +++ b/lib/libssl/src/apps/dh.c @@ -88,9 +88,6 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { -#ifndef OPENSSL_NO_ENGINE - ENGINE *e = NULL; -#endif DH *dh=NULL; int i,badops=0,text=0; BIO *in=NULL,*out=NULL; @@ -189,7 +186,7 @@ bad: ERR_load_crypto_strings(); #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + setup_engine(bio_err, engine, 0); #endif in=BIO_new(BIO_s_file()); diff --git a/lib/libssl/src/apps/dhparam.c b/lib/libssl/src/apps/dhparam.c index 5fab29eb87b..b47097cbb22 100644 --- a/lib/libssl/src/apps/dhparam.c +++ b/lib/libssl/src/apps/dhparam.c @@ -149,9 +149,6 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { -#ifndef OPENSSL_NO_ENGINE - ENGINE *e = NULL; -#endif DH *dh=NULL; int i,badops=0,text=0; #ifndef OPENSSL_NO_DSA @@ -270,7 +267,7 @@ bad: ERR_load_crypto_strings(); #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + setup_engine(bio_err, engine, 0); #endif if (g && !num) diff --git a/lib/libssl/src/apps/dsaparam.c b/lib/libssl/src/apps/dsaparam.c index 4305a739b33..fe72c1d3dfa 100644 --- a/lib/libssl/src/apps/dsaparam.c +++ b/lib/libssl/src/apps/dsaparam.c @@ -111,9 +111,6 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { -#ifndef OPENSSL_NO_ENGINE - ENGINE *e = NULL; -#endif DSA *dsa=NULL; int i,badops=0,text=0; BIO *in=NULL,*out=NULL; @@ -278,7 +275,7 @@ bad: } #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + setup_engine(bio_err, engine, 0); #endif if (need_rand) @@ -357,12 +354,10 @@ bad: if (C) { unsigned char *data; - int l,len,bits_p,bits_q,bits_g; + int l,len,bits_p; len=BN_num_bytes(dsa->p); bits_p=BN_num_bits(dsa->p); - bits_q=BN_num_bits(dsa->q); - bits_g=BN_num_bits(dsa->g); data=(unsigned char *)OPENSSL_malloc(len+20); if (data == NULL) { diff --git a/lib/libssl/src/apps/enc.c b/lib/libssl/src/apps/enc.c index 3c2c91e920d..076225c4cb5 100644 --- a/lib/libssl/src/apps/enc.c +++ b/lib/libssl/src/apps/enc.c @@ -101,9 +101,6 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { -#ifndef OPENSSL_NO_ENGINE - ENGINE *e = NULL; -#endif static const char magic[]="Salted__"; char mbuf[sizeof magic-1]; char *strbuf=NULL; @@ -328,7 +325,7 @@ bad: } #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + setup_engine(bio_err, engine, 0); #endif if (md && (dgst=EVP_get_digestbyname(md)) == NULL) @@ -396,8 +393,10 @@ bad: if (inf == NULL) { +#ifndef OPENSSL_NO_SETVBUF_IONBF if (bufsize != NULL) setvbuf(stdin, (char *)NULL, _IONBF, 0); +#endif /* ndef OPENSSL_NO_SETVBUF_IONBF */ BIO_set_fp(in,stdin,BIO_NOCLOSE); } else @@ -450,8 +449,10 @@ bad: if (outf == NULL) { BIO_set_fp(out,stdout,BIO_NOCLOSE); +#ifndef OPENSSL_NO_SETVBUF_IONBF if (bufsize != NULL) setvbuf(stdout, (char *)NULL, _IONBF, 0); +#endif /* ndef OPENSSL_NO_SETVBUF_IONBF */ #ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); diff --git a/lib/libssl/src/apps/gendh.c b/lib/libssl/src/apps/gendh.c index caa7327a100..4ec776ba939 100644 --- a/lib/libssl/src/apps/gendh.c +++ b/lib/libssl/src/apps/gendh.c @@ -89,9 +89,6 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { BN_GENCB cb; -#ifndef OPENSSL_NO_ENGINE - ENGINE *e = NULL; -#endif DH *dh=NULL; int ret=1,num=DEFBITS; int g=2; @@ -163,7 +160,7 @@ bad: } #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + setup_engine(bio_err, engine, 0); #endif out=BIO_new(BIO_s_file()); diff --git a/lib/libssl/src/apps/gendsa.c b/lib/libssl/src/apps/gendsa.c index 22c39629e5c..62ea9779051 100644 --- a/lib/libssl/src/apps/gendsa.c +++ b/lib/libssl/src/apps/gendsa.c @@ -78,9 +78,6 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { -#ifndef OPENSSL_NO_ENGINE - ENGINE *e = NULL; -#endif DSA *dsa=NULL; int ret=1; char *outfile=NULL; @@ -206,7 +203,7 @@ bad: } #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + setup_engine(bio_err, engine, 0); #endif if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) { diff --git a/lib/libssl/src/apps/makeapps.com b/lib/libssl/src/apps/makeapps.com index 58f2865623a..71417a86b06 100644 --- a/lib/libssl/src/apps/makeapps.com +++ b/lib/libssl/src/apps/makeapps.com @@ -39,11 +39,35 @@ $! P4, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up) $! $! P5, if defined, sets a choice of programs to compile. $! +$! P6, if defined, specifies the C pointer size. Ignored on VAX. +$! ("64=ARGV" gives more efficient code with HP C V7.3 or newer.) +$! Supported values are: +$! +$! "" Compile with default (/NOPOINTER_SIZE) +$! 32 Compile with /POINTER_SIZE=32 (SHORT) +$! 64 Compile with /POINTER_SIZE=64[=ARGV] (LONG[=ARGV]) +$! (Automatically select ARGV if compiler supports it.) +$! 64= Compile with /POINTER_SIZE=64 (LONG). +$! 64=ARGV Compile with /POINTER_SIZE=64=ARGV (LONG=ARGV). +$! +$! P7, if defined, specifies a directory where ZLIB files (zlib.h, +$! libz.olb) may be found. Optionally, a non-default object library +$! name may be included ("dev:[dir]libz_64.olb", for example). +$! +$! +$! Announce/identify. +$! +$ proc = f$environment( "procedure") +$ write sys$output "@@@ "+ - + f$parse( proc, , , "name")+ f$parse( proc, , , "type") +$! +$ on control_c then goto exit $! $! Define A TCP/IP Library That We Will Need To Link To. $! (That Is, If We Need To Link To One.) $! $ TCPIP_LIB = "" +$ ZLIB_LIB = "" $! $! Check What Architecture We Are Using. $! @@ -67,29 +91,45 @@ $! End The Architecture Check. $! $ ENDIF $! +$ ARCHD = ARCH +$ LIB32 = "32" +$ OPT_FILE = "" +$ POINTER_SIZE = "" +$! $! Define what programs should be compiled $! $ PROGRAMS := OPENSSL $! +$! Check To Make Sure We Have Valid Command Line Parameters. +$! +$ GOSUB CHECK_OPTIONS +$! $! Define The CRYPTO Library. $! -$ CRYPTO_LIB := SYS$DISK:[-.'ARCH'.EXE.CRYPTO]LIBCRYPTO.OLB +$ CRYPTO_LIB := SYS$DISK:[-.'ARCHD'.EXE.CRYPTO]SSL_LIBCRYPTO'LIB32'.OLB $! $! Define The SSL Library. $! -$ SSL_LIB := SYS$DISK:[-.'ARCH'.EXE.SSL]LIBSSL.OLB +$ SSL_LIB := SYS$DISK:[-.'ARCHD'.EXE.SSL]SSL_LIBSSL'LIB32'.OLB $! -$! Define The OBJ Directory. +$! Define The OBJ and EXE Directories. $! -$ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.APPS] +$ OBJ_DIR := SYS$DISK:[-.'ARCHD'.OBJ.APPS] +$ EXE_DIR := SYS$DISK:[-.'ARCHD'.EXE.APPS] $! -$! Define The EXE Directory. +$! Specify the destination directory in any /MAP option. $! -$ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.APPS] +$ if (LINKMAP .eqs. "MAP") +$ then +$ LINKMAP = LINKMAP+ "=''EXE_DIR'" +$ endif $! -$! Check To Make Sure We Have Valid Command Line Parameters. +$! Add the location prefix to the linker options file name. $! -$ GOSUB CHECK_OPTIONS +$ if (OPT_FILE .nes. "") +$ then +$ OPT_FILE = EXE_DIR+ OPT_FILE +$ endif $! $! Initialise logical names and such $! @@ -97,7 +137,7 @@ $ GOSUB INITIALISE $! $! Tell The User What Kind of Machine We Run On. $! -$ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine." +$ WRITE SYS$OUTPUT "Host system architecture: ''ARCHD'" $! $! Check To See If The OBJ Directory Exists. $! @@ -145,6 +185,9 @@ $ LIB_OPENSSL = "VERIFY,ASN1PARS,REQ,DGST,DH,DHPARAM,ENC,PASSWD,GENDH,ERRSTR,"+- "S_TIME,APPS,S_CB,S_SOCKET,APP_RAND,VERSION,SESS_ID,"+- "CIPHERS,NSEQ,PKCS12,PKCS8,PKEY,PKEYPARAM,PKEYUTL,"+ - "SPKAC,SMIME,CMS,RAND,ENGINE,OCSP,PRIME,TS" +$! +$ LIB_OPENSSL = LIB_OPENSSL+ ",VMS_DECC_INIT" +$! $ TCPIP_PROGRAMS = ",," $ IF COMPILER .EQS. "VAXC" THEN - TCPIP_PROGRAMS = ",OPENSSL," @@ -202,7 +245,7 @@ $ LIB_COUNTER = -1 $! $! Create a .OPT file for the object files $! -$ OPEN/WRITE OBJECTS 'EXE_DIR''CURRENT_APP'.OPT +$ OPEN /WRITE OBJECTS 'EXE_DIR''CURRENT_APP'.OPT $! $! Top Of The File Loop. $! @@ -289,34 +332,18 @@ $ GOTO NEXT_APP $ ENDIF $! $! Link The Program. -$! Check To See If We Are To Link With A Specific TCP/IP Library. $! $ ON WARNING THEN GOTO NEXT_APP $! -$ IF (TCPIP_LIB.NES."") -$ THEN -$! $! Don't Link With The RSAREF Routines And TCP/IP Library. $! -$ LINK/'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' - - 'EXE_DIR''CURRENT_APP'.OPT/OPTION, - - 'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY, - - 'TCPIP_LIB','OPT_FILE'/OPTION -$! -$! Else... -$! -$ ELSE -$! -$! Don't Link With The RSAREF Routines And Link With A TCP/IP Library. -$! -$ LINK/'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' - - 'EXE_DIR''CURRENT_APP'.OPT/OPTION, - - 'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY, - - 'OPT_FILE'/OPTION -$! -$! End The TCP/IP Library Check. -$! -$ ENDIF +$ LINK /'DEBUGGER' /'LINKMAP' /'TRACEBACK' /EXE='EXE_FILE' - + 'EXE_DIR''CURRENT_APP'.OPT /OPTIONS, - + 'SSL_LIB' /LIBRARY, - + 'CRYPTO_LIB' /LIBRARY - + 'TCPIP_LIB' - + 'ZLIB_LIB' - + ,'OPT_FILE' /OPTIONS $! $! Go Back And Do It Again. $! @@ -351,7 +378,7 @@ $! $ CREATE 'OPT_FILE' $DECK ! -! Default System Options File To Link Agianst +! Default System Options File To Link Against ! The Sharable VAX C Runtime Library. ! SYS$SHARE:VAXCRTL.EXE/SHARE @@ -380,7 +407,7 @@ $! $ CREATE 'OPT_FILE' $DECK ! -! Default System Options File To Link Agianst +! Default System Options File To Link Against ! The Sharable C Runtime Library. ! GNU_CC:[000000]GCCLIB/LIBRARY @@ -415,7 +442,7 @@ $! $ CREATE 'OPT_FILE' $DECK ! -! Default System Options File To Link Agianst +! Default System Options File To Link Against ! The Sharable DEC C Runtime Library. ! SYS$SHARE:DECC$SHR.EXE/SHARE @@ -430,7 +457,7 @@ $! $ CREATE 'OPT_FILE' $DECK ! -! Default System Options File For non-VAX To Link Agianst +! Default System Options File For non-VAX To Link Against ! The Sharable C Runtime Library. ! SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE @@ -514,14 +541,15 @@ $! $ IF (P1.EQS."NODEBUG") $ THEN $! -$! P1 Is NODEBUG, So Compile Without Debugger Information. +$! P1 Is NODEBUG, So Compile Without Debugger Information. $! -$ DEBUGGER = "NODEBUG" -$ TRACEBACK = "NOTRACEBACK" -$ GCC_OPTIMIZE = "OPTIMIZE" -$ CC_OPTIMIZE = "OPTIMIZE" -$ WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile." -$ WRITE SYS$OUTPUT "Compiling With Compiler Optimization." +$ DEBUGGER = "NODEBUG" +$ LINKMAP = "NOMAP" +$ TRACEBACK = "NOTRACEBACK" +$ GCC_OPTIMIZE = "OPTIMIZE" +$ CC_OPTIMIZE = "OPTIMIZE" +$ WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile." +$ WRITE SYS$OUTPUT "Compiling With Compiler Optimization." $! $! Else... $! @@ -535,6 +563,7 @@ $! $! Compile With Debugger Information. $! $ DEBUGGER = "DEBUG" +$ LINKMAP = "MAP" $ TRACEBACK = "TRACEBACK" $ GCC_OPTIMIZE = "NOOPTIMIZE" $ CC_OPTIMIZE = "NOOPTIMIZE" @@ -542,7 +571,7 @@ $ WRITE SYS$OUTPUT "Debugger Information Will Be Produced During Compile." $ WRITE SYS$OUTPUT "Compiling Without Compiler Optimization." $ ELSE $! -$! Tell The User Entered An Invalid Option.. +$! Tell The User Entered An Invalid Option. $! $ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT "The Option ",P1," Is Invalid. The Valid Options Are:" @@ -563,6 +592,87 @@ $! End The P1 Check. $! $ ENDIF $! +$! Check P6 (POINTER_SIZE). +$! +$ IF (P6 .NES. "") .AND. (ARCH .NES. "VAX") +$ THEN +$! +$ IF (P6 .EQS. "32") +$ THEN +$ POINTER_SIZE = " /POINTER_SIZE=32" +$ ELSE +$ POINTER_SIZE = F$EDIT( P6, "COLLAPSE, UPCASE") +$ IF ((POINTER_SIZE .EQS. "64") .OR. - + (POINTER_SIZE .EQS. "64=") .OR. - + (POINTER_SIZE .EQS. "64=ARGV")) +$ THEN +$ ARCHD = ARCH+ "_64" +$ LIB32 = "" +$ IF (F$EXTRACT( 2, 1, POINTER_SIZE) .EQS. "=") +$ THEN +$! Explicit user choice: "64" or "64=ARGV". +$ IF (POINTER_SIZE .EQS. "64=") THEN POINTER_SIZE = "64" +$ ELSE +$ SET NOON +$ DEFINE /USER_MODE SYS$OUTPUT NL: +$ DEFINE /USER_MODE SYS$ERROR NL: +$ CC /NOLIST /NOOBJECT /POINTER_SIZE=64=ARGV NL: +$ IF ($STATUS .AND. %X0FFF0000) .EQ. %X00030000 +$ THEN +$ ! If we got here, it means DCL complained like this: +$ ! %DCL-W-NOVALU, value not allowed - remove value specification +$ ! \64=\ +$ ! +$ ! If the compiler was run, logicals defined in /USER would +$ ! have been deassigned automatically. However, when DCL +$ ! complains, they aren't, so we do it here (it might be +$ ! unnecessary, but just in case there will be another error +$ ! message further on that we don't want to miss) +$ DEASSIGN /USER_MODE SYS$ERROR +$ DEASSIGN /USER_MODE SYS$OUTPUT +$ ELSE +$ POINTER_SIZE = POINTER_SIZE + "=ARGV" +$ ENDIF +$ SET ON +$ ENDIF +$ POINTER_SIZE = " /POINTER_SIZE=''POINTER_SIZE'" +$! +$ ELSE +$! +$! Tell The User Entered An Invalid Option. +$! +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT "The Option ", P6, - + " Is Invalid. The Valid Options Are:" +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT - + " """" : Compile with default (short) pointers." +$ WRITE SYS$OUTPUT - + " 32 : Compile with 32-bit (short) pointers." +$ WRITE SYS$OUTPUT - + " 64 : Compile with 64-bit (long) pointers (auto ARGV)." +$ WRITE SYS$OUTPUT - + " 64= : Compile with 64-bit (long) pointers (no ARGV)." +$ WRITE SYS$OUTPUT - + " 64=ARGV : Compile with 64-bit (long) pointers (ARGV)." +$ WRITE SYS$OUTPUT "" +$! +$! Time To EXIT. +$! +$ EXIT +$! +$ ENDIF +$! +$ ENDIF +$! +$! End The P6 (POINTER_SIZE) Check. +$! +$ ENDIF +$! +$! Set basic C compiler /INCLUDE directories. +$! +$ CC_INCLUDES = "SYS$DISK:[-],SYS$DISK:[-.CRYPTO]" +$! $! Check To See If P2 Is Blank. $! $ IF (P2.EQS."") @@ -663,11 +773,64 @@ $ CCDEFS = "MONOLITH" $ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS $ CCEXTRAFLAGS = "" $ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS -$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR" +$ CCDISABLEWARNINGS = "" !!! "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR" $ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN - CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS $! -$! Check To See If The User Entered A Valid Paramter. +$! Check To See If We Have A ZLIB Option. +$! +$ ZLIB = P7 +$ IF (ZLIB .NES. "") +$ THEN +$! +$! Check for expected ZLIB files. +$! +$ err = 0 +$ file1 = f$parse( "zlib.h", ZLIB, , , "SYNTAX_ONLY") +$ if (f$search( file1) .eqs. "") +$ then +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid." +$ WRITE SYS$OUTPUT " Can't find header: ''file1'" +$ err = 1 +$ endif +$ file1 = f$parse( "A.;", ZLIB)- "A.;" +$! +$ file2 = f$parse( ZLIB, "libz.olb", , , "SYNTAX_ONLY") +$ if (f$search( file2) .eqs. "") +$ then +$ if (err .eq. 0) +$ then +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid." +$ endif +$ WRITE SYS$OUTPUT " Can't find library: ''file2'" +$ WRITE SYS$OUTPUT "" +$ err = err+ 2 +$ endif +$ if (err .eq. 1) +$ then +$ WRITE SYS$OUTPUT "" +$ endif +$! +$ if (err .ne. 0) +$ then +$ EXIT +$ endif +$! +$ CCDEFS = """ZLIB=1"", "+ CCDEFS +$ CC_INCLUDES = CC_INCLUDES+ ", "+ file1 +$ ZLIB_LIB = ", ''file2' /library" +$! +$! Print info +$! +$ WRITE SYS$OUTPUT "ZLIB library spec: ", file2 +$! +$! End The ZLIB Check. +$! +$ ENDIF +$! +$! Check To See If The User Entered A Valid Parameter. $! $ IF (P2.EQS."VAXC").OR.(P2.EQS."DECC").OR.(P2.EQS."GNUC") $ THEN @@ -690,13 +853,13 @@ $! $ CC = "CC" $ IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" - THEN CC = "CC/DECC" -$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + - - "/NOLIST/PREFIX=ALL" + - - "/INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + CCEXTRAFLAGS +$ CC = CC + " /''CC_OPTIMIZE' /''DEBUGGER' /STANDARD=RELAXED"+ - + "''POINTER_SIZE' /NOLIST /PREFIX=ALL" + - + " /INCLUDE=(''CC_INCLUDES') " + CCEXTRAFLAGS $! $! Define The Linker Options File Name. $! -$ OPT_FILE = "''EXE_DIR'VAX_DECC_OPTIONS.OPT" +$ OPT_FILE = "VAX_DECC_OPTIONS.OPT" $! $! End DECC Check. $! @@ -724,7 +887,7 @@ $ EXIT $ ENDIF $ IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC" $ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + - - "/INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + CCEXTRAFLAGS + "/INCLUDE=(''CC_INCLUDES')" + CCEXTRAFLAGS $ CCDEFS = CCDEFS + ",""VAXC""" $! $! Define <sys> As SYS$COMMON:[SYSLIB] @@ -733,7 +896,7 @@ $ DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB] $! $! Define The Linker Options File Name. $! -$ OPT_FILE = "''EXE_DIR'VAX_VAXC_OPTIONS.OPT" +$ OPT_FILE = "VAX_VAXC_OPTIONS.OPT" $! $! End VAXC Check $! @@ -756,11 +919,11 @@ $! Use GNU C... $! $ IF F$TYPE(GCC) .EQS. "" THEN GCC := GCC $ CC = GCC+"/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + - - "/INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + CCEXTRAFLAGS + "/INCLUDE=(''CC_INCLUDES')" + CCEXTRAFLAGS $! $! Define The Linker Options File Name. $! -$ OPT_FILE = "''EXE_DIR'VAX_GNUC_OPTIONS.OPT" +$ OPT_FILE = "VAX_GNUC_OPTIONS.OPT" $! $! End The GNU C Check. $! @@ -802,7 +965,7 @@ $ THEN $! $! Set the library to use SOCKETSHR $! -$ TCPIP_LIB = "SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT/OPT" +$ TCPIP_LIB = ",SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT /OPTIONS" $! $! Done with SOCKETSHR $! @@ -828,13 +991,13 @@ $ THEN $! $! Set the library to use UCX. $! -$ TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT/OPT" +$ TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT /OPTIONS" $ IF F$TRNLNM("UCX$IPC_SHR") .NES. "" $ THEN -$ TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT/OPT" +$ TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT /OPTIONS" $ ELSE $ IF COMPILER .NES. "DECC" .AND. ARCH .EQS. "VAX" THEN - - TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT/OPT" + TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT /OPTIONS" $ ENDIF $! $! Done with UCX @@ -848,7 +1011,7 @@ $ THEN $! $! Set the library to use TCPIP. $! -$ TCPIP_LIB = "SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT/OPT" +$ TCPIP_LIB = ",SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT /OPTIONS" $! $! Done with TCPIP $! @@ -873,7 +1036,7 @@ $ CCDEFS = CCDEFS + ",TCPIP_TYPE_''P3'" $! $! Print info $! -$ WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB +$ WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB- "," $! $! Else The User Entered An Invalid Argument. $! @@ -903,13 +1066,13 @@ $ IF COMPILER .EQS. "DECC" $ THEN $ IF CCDISABLEWARNINGS .NES. "" $ THEN -$ CCDISABLEWARNINGS = "/WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))" +$ CCDISABLEWARNINGS = " /WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))" $ ENDIF $ ELSE $ CCDISABLEWARNINGS = "" $ ENDIF -$ CC2 = CC + "/DEFINE=(" + CCDEFS + ",_POSIX_C_SOURCE)" + CCDISABLEWARNINGS -$ CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS +$ CC2 = CC + " /DEFINE=(" + CCDEFS + ",_POSIX_C_SOURCE)" + CCDISABLEWARNINGS +$ CC = CC + " /DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS $! $! Show user the result $! @@ -975,7 +1138,7 @@ $ __INCLUDE = __TOP + "INCLUDE.OPENSSL]" $! $! Set up the logical name OPENSSL to point at the include directory $! -$ DEFINE OPENSSL/NOLOG '__INCLUDE' +$ DEFINE OPENSSL /NOLOG '__INCLUDE' $! $! Done $! @@ -983,15 +1146,24 @@ $ RETURN $! $ CLEANUP: $! -$! Restore the logical name OPENSSL if it had a value +$! Restore the saved logical name OPENSSL, if it had a value. $! -$ IF __SAVE_OPENSSL .EQS. "" -$ THEN -$ DEASSIGN OPENSSL -$ ELSE -$ DEFINE/NOLOG OPENSSL '__SAVE_OPENSSL' -$ ENDIF +$ if (f$type( __SAVE_OPENSSL) .nes. "") +$ then +$ IF __SAVE_OPENSSL .EQS. "" +$ THEN +$ DEASSIGN OPENSSL +$ ELSE +$ DEFINE /NOLOG OPENSSL '__SAVE_OPENSSL' +$ ENDIF +$ endif +$! +$! Close any open files. +$! +$ if (f$trnlnm( "objects", "LNM$PROCESS", 0, "SUPERVISOR") .nes. "") then - + close objects $! $! Done $! $ RETURN +$! diff --git a/lib/libssl/src/apps/openssl.c b/lib/libssl/src/apps/openssl.c index 851e6397358..dab057bbff8 100644 --- a/lib/libssl/src/apps/openssl.c +++ b/lib/libssl/src/apps/openssl.c @@ -212,8 +212,13 @@ static void lock_dbg_cb(int mode, int type, const char *file, int line) } } +#if defined( OPENSSL_SYS_VMS) && (__INITIAL_POINTER_SIZE == 64) +# define ARGV _Argv +#else +# define ARGV Argv +#endif -int main(int Argc, char *Argv[]) +int main(int Argc, char *ARGV[]) { ARGS arg; #define PROG_NAME_SIZE 39 @@ -227,7 +232,55 @@ int main(int Argc, char *Argv[]) char **argv,*p; LHASH_OF(FUNCTION) *prog=NULL; long errline; - + +#if defined( OPENSSL_SYS_VMS) && (__INITIAL_POINTER_SIZE == 64) + /* 2011-03-22 SMS. + * If we have 32-bit pointers everywhere, then we're safe, and + * we bypass this mess, as on non-VMS systems. (See ARGV, + * above.) + * Problem 1: Compaq/HP C before V7.3 always used 32-bit + * pointers for argv[]. + * Fix 1: For a 32-bit argv[], when we're using 64-bit pointers + * everywhere else, we always allocate and use a 64-bit + * duplicate of argv[]. + * Problem 2: Compaq/HP C V7.3 (Alpha, IA64) before ECO1 failed + * to NULL-terminate a 64-bit argv[]. (As this was written, the + * compiler ECO was available only on IA64.) + * Fix 2: Unless advised not to (VMS_TRUST_ARGV), we test a + * 64-bit argv[argc] for NULL, and, if necessary, use a + * (properly) NULL-terminated (64-bit) duplicate of argv[]. + * The same code is used in either case to duplicate argv[]. + * Some of these decisions could be handled in preprocessing, + * but the code tends to get even uglier, and the penalty for + * deciding at compile- or run-time is tiny. + */ + char **Argv = NULL; + int free_Argv = 0; + + if ((sizeof( _Argv) < 8) /* 32-bit argv[]. */ +# if !defined( VMS_TRUST_ARGV) + || (_Argv[ Argc] != NULL) /* Untrusted argv[argc] not NULL. */ +# endif + ) + { + int i; + Argv = OPENSSL_malloc( (Argc+ 1)* sizeof( char *)); + if (Argv == NULL) + { ret = -1; goto end; } + for(i = 0; i < Argc; i++) + Argv[i] = _Argv[i]; + Argv[ Argc] = NULL; /* Certain NULL termination. */ + free_Argv = 1; + } + else + { + /* Use the known-good 32-bit argv[] (which needs the + * type cast to satisfy the compiler), or the trusted or + * tested-good 64-bit argv[] as-is. */ + Argv = (char **)_Argv; + } +#endif /* defined( OPENSSL_SYS_VMS) && (__INITIAL_POINTER_SIZE == 64) */ + arg.data=NULL; arg.count=0; @@ -373,6 +426,13 @@ end: BIO_free(bio_err); bio_err=NULL; } +#if defined( OPENSSL_SYS_VMS) && (__INITIAL_POINTER_SIZE == 64) + /* Free any duplicate Argv[] storage. */ + if (free_Argv) + { + OPENSSL_free(Argv); + } +#endif OPENSSL_EXIT(ret); } diff --git a/lib/libssl/src/apps/pkcs12.c b/lib/libssl/src/apps/pkcs12.c index 514a02e0f12..b54c6f84a4a 100644 --- a/lib/libssl/src/apps/pkcs12.c +++ b/lib/libssl/src/apps/pkcs12.c @@ -647,7 +647,7 @@ int MAIN(int argc, char **argv) if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass); - if (options & INFO) BIO_printf (bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get (p12->mac->iter) : 1); + if ((options & INFO) && p12->mac) BIO_printf (bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get (p12->mac->iter) : 1); if(macver) { #ifdef CRYPTO_MDEBUG CRYPTO_push_info("verify MAC"); diff --git a/lib/libssl/src/apps/pkcs7.c b/lib/libssl/src/apps/pkcs7.c index 86d31b99a71..ae6cd33f738 100644 --- a/lib/libssl/src/apps/pkcs7.c +++ b/lib/libssl/src/apps/pkcs7.c @@ -82,9 +82,6 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { -#ifndef OPENSSL_NO_ENGINE - ENGINE *e = NULL; -#endif PKCS7 *p7=NULL; int i,badops=0; BIO *in=NULL,*out=NULL; @@ -182,7 +179,7 @@ bad: ERR_load_crypto_strings(); #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + setup_engine(bio_err, engine, 0); #endif in=BIO_new(BIO_s_file()); diff --git a/lib/libssl/src/apps/rand.c b/lib/libssl/src/apps/rand.c index 44a1d46a03c..790e79592c1 100644 --- a/lib/libssl/src/apps/rand.c +++ b/lib/libssl/src/apps/rand.c @@ -77,9 +77,6 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { -#ifndef OPENSSL_NO_ENGINE - ENGINE *e = NULL; -#endif int i, r, ret = 1; int badopt; char *outfile = NULL; @@ -178,7 +175,7 @@ int MAIN(int argc, char **argv) } #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + setup_engine(bio_err, engine, 0); #endif app_RAND_load_file(NULL, bio_err, (inrand != NULL)); diff --git a/lib/libssl/src/apps/s_server.c b/lib/libssl/src/apps/s_server.c index 1a06d19bb14..8a0c34cf0f0 100644 --- a/lib/libssl/src/apps/s_server.c +++ b/lib/libssl/src/apps/s_server.c @@ -2254,11 +2254,10 @@ static int www_body(char *hostname, int s, unsigned char *context) { char *buf=NULL; int ret=1; - int i,j,k,blank,dot; + int i,j,k,dot; SSL *con; const SSL_CIPHER *c; BIO *io,*ssl_bio,*sbio; - long total_bytes; buf=OPENSSL_malloc(bufsize); if (buf == NULL) return(0); @@ -2329,7 +2328,6 @@ static int www_body(char *hostname, int s, unsigned char *context) SSL_set_msg_callback_arg(con, bio_s_out); } - blank=0; for (;;) { if (hack) @@ -2559,7 +2557,6 @@ static int www_body(char *hostname, int s, unsigned char *context) BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n"); } /* send the file */ - total_bytes=0; for (;;) { i=BIO_read(file,buf,bufsize); diff --git a/lib/libssl/src/apps/s_socket.c b/lib/libssl/src/apps/s_socket.c index 8eb3e91a9f5..24880a9a08b 100644 --- a/lib/libssl/src/apps/s_socket.c +++ b/lib/libssl/src/apps/s_socket.c @@ -321,7 +321,7 @@ static int init_server_long(int *sock, int port, char *ip, int type) { int ret=0; struct sockaddr_in server; - int s= -1,i; + int s= -1; if (!ssl_sock_init()) return(0); @@ -360,7 +360,6 @@ static int init_server_long(int *sock, int port, char *ip, int type) } /* Make it 128 for linux */ if (type==SOCK_STREAM && listen(s,128) == -1) goto err; - i=0; *sock=s; ret=1; err: @@ -378,7 +377,7 @@ static int init_server(int *sock, int port, int type) static int do_accept(int acc_sock, int *sock, char **host) { - int ret,i; + int ret; struct hostent *h1,*h2; static struct sockaddr_in from; int len; @@ -401,6 +400,7 @@ redoit: if (ret == INVALID_SOCKET) { #if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)) + int i; i=WSAGetLastError(); BIO_printf(bio_err,"accept error %d\n",i); #else @@ -455,7 +455,6 @@ redoit: BIO_printf(bio_err,"gethostbyname failure\n"); return(0); } - i=0; if (h2->h_addrtype != AF_INET) { BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n"); diff --git a/lib/libssl/src/apps/speed.c b/lib/libssl/src/apps/speed.c index 539bfff2206..65f85fecf7f 100644 --- a/lib/libssl/src/apps/speed.c +++ b/lib/libssl/src/apps/speed.c @@ -334,9 +334,6 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { -#ifndef OPENSSL_NO_ENGINE - ENGINE *e = NULL; -#endif unsigned char *buf=NULL,*buf2=NULL; int mret=1; long count=0,save_count=0; @@ -430,7 +427,6 @@ int MAIN(int argc, char **argv) unsigned char DES_iv[8]; unsigned char iv[2*MAX_BLOCK_SIZE/8]; #ifndef OPENSSL_NO_DES - DES_cblock *buf_as_des_cblock = NULL; static DES_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0}; static DES_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12}; static DES_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34}; @@ -644,9 +640,6 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err,"out of memory\n"); goto end; } -#ifndef OPENSSL_NO_DES - buf_as_des_cblock = (DES_cblock *)buf; -#endif if ((buf2=(unsigned char *)OPENSSL_malloc((int)BUFSIZE)) == NULL) { BIO_printf(bio_err,"out of memory\n"); @@ -721,7 +714,7 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err,"no engine given\n"); goto end; } - e = setup_engine(bio_err, *argv, 0); + setup_engine(bio_err, *argv, 0); /* j will be increased again further down. We just don't want speed to confuse an engine with an algorithm, especially when none is given (which @@ -1237,7 +1230,8 @@ int MAIN(int argc, char **argv) count*=2; Time_F(START); for (it=count; it; it--) - DES_ecb_encrypt(buf_as_des_cblock,buf_as_des_cblock, + DES_ecb_encrypt((DES_cblock *)buf, + (DES_cblock *)buf, &sch,DES_ENCRYPT); d=Time_F(STOP); } while (d <3); @@ -2709,6 +2703,7 @@ static int do_multi(int multi) else rsa_results[k][1]=d; } +#ifndef OPENSSL_NO_DSA else if(!strncmp(buf,"+F3:",4)) { int k; @@ -2730,6 +2725,7 @@ static int do_multi(int multi) else dsa_results[k][1]=d; } +#endif #ifndef OPENSSL_NO_ECDSA else if(!strncmp(buf,"+F4:",4)) { diff --git a/lib/libssl/src/apps/x509.c b/lib/libssl/src/apps/x509.c index e7e46d7b632..ed1e8c69ad6 100644 --- a/lib/libssl/src/apps/x509.c +++ b/lib/libssl/src/apps/x509.c @@ -556,7 +556,6 @@ bad: if (reqfile) { EVP_PKEY *pkey; - X509_CINF *ci; BIO *in; if (!sign_flag && !CA_flag) @@ -624,7 +623,6 @@ bad: print_name(bio_err, "subject=", X509_REQ_get_subject_name(req), nmflag); if ((x=X509_new()) == NULL) goto end; - ci=x->cert_info; if (sno == NULL) { diff --git a/lib/libssl/src/config b/lib/libssl/src/config index 965884a6277..cf64ec563e6 100644 --- a/lib/libssl/src/config +++ b/lib/libssl/src/config @@ -825,6 +825,10 @@ esac # options="$options -DATALLA" #fi +($CC -Wa,--help -c -o /dev/null -x assembler /dev/null 2>&1 | \ + grep \\--noexecstack) 2>&1 > /dev/null && \ + options="$options -Wa,--noexecstack" + # gcc < 2.8 does not support -march=ultrasparc if [ "$OUT" = solaris-sparcv9-gcc -a $GCCVER -lt 28 ] then diff --git a/lib/libssl/src/crypto/Makefile b/lib/libssl/src/crypto/Makefile index c1033f6d776..85d9f249c5c 100644 --- a/lib/libssl/src/crypto/Makefile +++ b/lib/libssl/src/crypto/Makefile @@ -74,7 +74,9 @@ x86_64cpuid.s: x86_64cpuid.pl $(PERL) x86_64cpuid.pl $(PERLASM_SCHEME) > $@ ia64cpuid.s: ia64cpuid.S $(CC) $(CFLAGS) -E ia64cpuid.S > $@ -ppccpuid.s: ppccpuid.pl; $(PERL) ppccpuid.pl $(PERLASM_SCHEME) $@ +ppccpuid.s: ppccpuid.pl; $(PERL) ppccpuid.pl $(PERLASM_SCHEME) $@ +alphacpuid.s: alphacpuid.pl + $(PERL) $< | $(CC) -E - | tee $@ > /dev/null testapps: [ -z "$(THIS)" ] || ( if echo $(SDIRS) | fgrep ' des '; \ diff --git a/lib/libssl/src/crypto/asn1/a_int.c b/lib/libssl/src/crypto/asn1/a_int.c index c6fd204ae3b..3348b8762cc 100644 --- a/lib/libssl/src/crypto/asn1/a_int.c +++ b/lib/libssl/src/crypto/asn1/a_int.c @@ -273,7 +273,7 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, { ASN1_INTEGER *ret=NULL; const unsigned char *p; - unsigned char *to,*s; + unsigned char *s; long len; int inf,tag,xclass; int i; @@ -308,7 +308,6 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, i=ERR_R_MALLOC_FAILURE; goto err; } - to=s; ret->type=V_ASN1_INTEGER; if(len) { if ((*p == 0) && (len != 1)) diff --git a/lib/libssl/src/crypto/asn1/a_object.c b/lib/libssl/src/crypto/asn1/a_object.c index e5fbe7cbb10..3978c9150d8 100644 --- a/lib/libssl/src/crypto/asn1/a_object.c +++ b/lib/libssl/src/crypto/asn1/a_object.c @@ -139,7 +139,7 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_INVALID_DIGIT); goto err; } - if (!use_bn && l > (ULONG_MAX / 10L)) + if (!use_bn && l >= ((ULONG_MAX - 80) / 10L)) { use_bn = 1; if (!bl) @@ -293,7 +293,7 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, /* Sanity check OID encoding: can't have leading 0x80 in * subidentifiers, see: X.690 8.19.2 */ - for (i = 0, p = *pp + 1; i < len - 1; i++, p++) + for (i = 0, p = *pp; i < len; i++, p++) { if (*p == 0x80 && (!i || !(p[-1] & 0x80))) { diff --git a/lib/libssl/src/crypto/asn1/a_strex.c b/lib/libssl/src/crypto/asn1/a_strex.c index 7fc14d3296c..264ebf2393a 100644 --- a/lib/libssl/src/crypto/asn1/a_strex.c +++ b/lib/libssl/src/crypto/asn1/a_strex.c @@ -74,6 +74,11 @@ #define CHARTYPE_BS_ESC (ASN1_STRFLGS_ESC_2253 | CHARTYPE_FIRST_ESC_2253 | CHARTYPE_LAST_ESC_2253) +#define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \ + ASN1_STRFLGS_ESC_QUOTE | \ + ASN1_STRFLGS_ESC_CTRL | \ + ASN1_STRFLGS_ESC_MSB) + /* Three IO functions for sending data to memory, a BIO and * and a FILE pointer. @@ -148,6 +153,13 @@ static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes, ch if(!io_ch(arg, tmphex, 3)) return -1; return 3; } + /* If we get this far and do any escaping at all must escape + * the escape character itself: backslash. + */ + if (chtmp == '\\' && flags & ESC_FLAGS) { + if(!io_ch(arg, "\\\\", 2)) return -1; + return 2; + } if(!io_ch(arg, &chtmp, 1)) return -1; return 1; } @@ -292,11 +304,6 @@ static const signed char tag2nbyte[] = { 4, -1, 2 /* 28-30 */ }; -#define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \ - ASN1_STRFLGS_ESC_QUOTE | \ - ASN1_STRFLGS_ESC_CTRL | \ - ASN1_STRFLGS_ESC_MSB) - /* This is the main function, print out an * ASN1_STRING taking note of various escape * and display options. Returns number of diff --git a/lib/libssl/src/crypto/asn1/a_strnid.c b/lib/libssl/src/crypto/asn1/a_strnid.c index 753021a7a2a..2fc48c1551a 100644 --- a/lib/libssl/src/crypto/asn1/a_strnid.c +++ b/lib/libssl/src/crypto/asn1/a_strnid.c @@ -95,7 +95,7 @@ unsigned long ASN1_STRING_get_default_mask(void) * default: the default value, Printable, T61, BMP. */ -int ASN1_STRING_set_default_mask_asc(char *p) +int ASN1_STRING_set_default_mask_asc(const char *p) { unsigned long mask; char *end; diff --git a/lib/libssl/src/crypto/asn1/asn1.h b/lib/libssl/src/crypto/asn1/asn1.h index f7718b5a94b..59540e4e799 100644 --- a/lib/libssl/src/crypto/asn1/asn1.h +++ b/lib/libssl/src/crypto/asn1/asn1.h @@ -1067,7 +1067,7 @@ ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d, ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_OCTET_STRING **oct); void ASN1_STRING_set_default_mask(unsigned long mask); -int ASN1_STRING_set_default_mask_asc(char *p); +int ASN1_STRING_set_default_mask_asc(const char *p); unsigned long ASN1_STRING_get_default_mask(void); int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len, int inform, unsigned long mask); diff --git a/lib/libssl/src/crypto/asn1/n_pkey.c b/lib/libssl/src/crypto/asn1/n_pkey.c index 60bc437938c..e7d04390625 100644 --- a/lib/libssl/src/crypto/asn1/n_pkey.c +++ b/lib/libssl/src/crypto/asn1/n_pkey.c @@ -242,7 +242,7 @@ RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, int sgckey) { RSA *ret=NULL; - const unsigned char *p, *kp; + const unsigned char *p; NETSCAPE_ENCRYPTED_PKEY *enckey = NULL; p = *pp; @@ -265,7 +265,6 @@ RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM); goto err; } - kp = enckey->enckey->digest->data; if (cb == NULL) cb=EVP_read_pw_string; if ((ret=d2i_RSA_NET_2(a, enckey->enckey->digest,cb, sgckey)) == NULL) goto err; diff --git a/lib/libssl/src/crypto/asn1/t_crl.c b/lib/libssl/src/crypto/asn1/t_crl.c index bdb244c015b..ee5a687ce83 100644 --- a/lib/libssl/src/crypto/asn1/t_crl.c +++ b/lib/libssl/src/crypto/asn1/t_crl.c @@ -87,7 +87,7 @@ int X509_CRL_print(BIO *out, X509_CRL *x) STACK_OF(X509_REVOKED) *rev; X509_REVOKED *r; long l; - int i, n; + int i; char *p; BIO_printf(out, "Certificate Revocation List (CRL):\n"); @@ -107,7 +107,6 @@ int X509_CRL_print(BIO *out, X509_CRL *x) else BIO_printf(out,"NONE"); BIO_printf(out,"\n"); - n=X509_CRL_get_ext_count(x); X509V3_extensions_print(out, "CRL extensions", x->crl->extensions, 0, 8); diff --git a/lib/libssl/src/crypto/asn1/tasn_dec.c b/lib/libssl/src/crypto/asn1/tasn_dec.c index 3bee439968e..87d7dfdf5c3 100644 --- a/lib/libssl/src/crypto/asn1/tasn_dec.c +++ b/lib/libssl/src/crypto/asn1/tasn_dec.c @@ -168,7 +168,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, int i; int otag; int ret = 0; - ASN1_VALUE *pchval, **pchptr, *ptmpval; + ASN1_VALUE **pchptr, *ptmpval; if (!pval) return 0; if (aux && aux->asn1_cb) @@ -319,7 +319,6 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, goto err; } /* CHOICE type, try each possibility in turn */ - pchval = NULL; p = *in; for (i = 0, tt=it->templates; i < it->tcount; i++, tt++) { diff --git a/lib/libssl/src/crypto/asn1/x_name.c b/lib/libssl/src/crypto/asn1/x_name.c index caa4409feb2..49be08b4daa 100644 --- a/lib/libssl/src/crypto/asn1/x_name.c +++ b/lib/libssl/src/crypto/asn1/x_name.c @@ -214,7 +214,9 @@ static int x509_name_ex_d2i(ASN1_VALUE **val, *val = nm.a; *in = p; return ret; - err: +err: + if (nm.x != NULL) + X509_NAME_free(nm.x); ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR); return 0; } @@ -464,7 +466,8 @@ static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in) } else { - *to++ = tolower(*from++); + *to++ = tolower(*from); + from++; i++; } } diff --git a/lib/libssl/src/crypto/asn1/x_x509.c b/lib/libssl/src/crypto/asn1/x_x509.c index dafd3cc9211..de3df9eb51c 100644 --- a/lib/libssl/src/crypto/asn1/x_x509.c +++ b/lib/libssl/src/crypto/asn1/x_x509.c @@ -63,7 +63,7 @@ #include <openssl/x509.h> #include <openssl/x509v3.h> -ASN1_SEQUENCE(X509_CINF) = { +ASN1_SEQUENCE_enc(X509_CINF, enc, 0) = { ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0), ASN1_SIMPLE(X509_CINF, serialNumber, ASN1_INTEGER), ASN1_SIMPLE(X509_CINF, signature, X509_ALGOR), @@ -74,7 +74,7 @@ ASN1_SEQUENCE(X509_CINF) = { ASN1_IMP_OPT(X509_CINF, issuerUID, ASN1_BIT_STRING, 1), ASN1_IMP_OPT(X509_CINF, subjectUID, ASN1_BIT_STRING, 2), ASN1_EXP_SEQUENCE_OF_OPT(X509_CINF, extensions, X509_EXTENSION, 3) -} ASN1_SEQUENCE_END(X509_CINF) +} ASN1_SEQUENCE_END_enc(X509_CINF, X509_CINF) IMPLEMENT_ASN1_FUNCTIONS(X509_CINF) /* X509 top level structure needs a bit of customisation */ diff --git a/lib/libssl/src/crypto/bio/b_sock.c b/lib/libssl/src/crypto/bio/b_sock.c index 12b0a53a81c..d47310d650c 100644 --- a/lib/libssl/src/crypto/bio/b_sock.c +++ b/lib/libssl/src/crypto/bio/b_sock.c @@ -551,7 +551,30 @@ int BIO_socket_ioctl(int fd, long type, void *arg) #ifdef __DJGPP__ i=ioctlsocket(fd,type,(char *)arg); #else - i=ioctlsocket(fd,type,arg); +# if defined(OPENSSL_SYS_VMS) + /* 2011-02-18 SMS. + * VMS ioctl() can't tolerate a 64-bit "void *arg", but we + * observe that all the consumers pass in an "unsigned long *", + * so we arrange a local copy with a short pointer, and use + * that, instead. + */ +# if __INITIAL_POINTER_SIZE == 64 +# define ARG arg_32p +# pragma pointer_size save +# pragma pointer_size 32 + unsigned long arg_32; + unsigned long *arg_32p; +# pragma pointer_size restore + arg_32p = &arg_32; + arg_32 = *((unsigned long *) arg); +# else /* __INITIAL_POINTER_SIZE == 64 */ +# define ARG arg +# endif /* __INITIAL_POINTER_SIZE == 64 [else] */ +# else /* defined(OPENSSL_SYS_VMS) */ +# define ARG arg +# endif /* defined(OPENSSL_SYS_VMS) [else] */ + + i=ioctlsocket(fd,type,ARG); #endif /* __DJGPP__ */ if (i < 0) SYSerr(SYS_F_IOCTLSOCKET,get_last_socket_error()); @@ -660,6 +683,7 @@ int BIO_get_accept_socket(char *host, int bind_mode) * note that commonly IPv6 wildchard socket can service * IPv4 connections just as well... */ memset(&hint,0,sizeof(hint)); + hint.ai_flags = AI_PASSIVE; if (h) { if (strchr(h,':')) @@ -672,7 +696,10 @@ int BIO_get_accept_socket(char *host, int bind_mode) #endif } else if (h[0]=='*' && h[1]=='\0') + { + hint.ai_family = AF_INET; h=NULL; + } } if ((*p_getaddrinfo.f)(h,p,&hint,&res)) break; diff --git a/lib/libssl/src/crypto/bio/bf_nbio.c b/lib/libssl/src/crypto/bio/bf_nbio.c index c72a23c2e1b..028616c0648 100644 --- a/lib/libssl/src/crypto/bio/bf_nbio.c +++ b/lib/libssl/src/crypto/bio/bf_nbio.c @@ -125,7 +125,6 @@ static int nbiof_free(BIO *a) static int nbiof_read(BIO *b, char *out, int outl) { - NBIO_TEST *nt; int ret=0; #if 1 int num; @@ -134,7 +133,6 @@ static int nbiof_read(BIO *b, char *out, int outl) if (out == NULL) return(0); if (b->next_bio == NULL) return(0); - nt=(NBIO_TEST *)b->ptr; BIO_clear_retry_flags(b); #if 1 diff --git a/lib/libssl/src/crypto/bio/bio_lib.c b/lib/libssl/src/crypto/bio/bio_lib.c index 77f4de9c324..e12bc3a2ca4 100644 --- a/lib/libssl/src/crypto/bio/bio_lib.c +++ b/lib/libssl/src/crypto/bio/bio_lib.c @@ -110,7 +110,7 @@ int BIO_set(BIO *bio, BIO_METHOD *method) int BIO_free(BIO *a) { - int ret=0,i; + int i; if (a == NULL) return(0); @@ -133,7 +133,7 @@ int BIO_free(BIO *a) CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data); if ((a->method == NULL) || (a->method->destroy == NULL)) return(1); - ret=a->method->destroy(a); + a->method->destroy(a); OPENSSL_free(a); return(1); } diff --git a/lib/libssl/src/crypto/bio/bss_acpt.c b/lib/libssl/src/crypto/bio/bss_acpt.c index 826f761143c..5d49e1a72bc 100644 --- a/lib/libssl/src/crypto/bio/bss_acpt.c +++ b/lib/libssl/src/crypto/bio/bss_acpt.c @@ -340,7 +340,6 @@ static int acpt_write(BIO *b, const char *in, int inl) static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr) { - BIO *dbio; int *ip; long ret=1; BIO_ACCEPT *data; @@ -437,8 +436,8 @@ static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr) ret=(long)data->bind_mode; break; case BIO_CTRL_DUP: - dbio=(BIO *)ptr; -/* if (data->param_port) EAY EAY +/* dbio=(BIO *)ptr; + if (data->param_port) EAY EAY BIO_set_port(dbio,data->param_port); if (data->param_hostname) BIO_set_hostname(dbio,data->param_hostname); diff --git a/lib/libssl/src/crypto/bio/bss_dgram.c b/lib/libssl/src/crypto/bio/bss_dgram.c index eb7e3654677..71ebe987b63 100644 --- a/lib/libssl/src/crypto/bio/bss_dgram.c +++ b/lib/libssl/src/crypto/bio/bss_dgram.c @@ -57,7 +57,6 @@ * */ -#ifndef OPENSSL_NO_DGRAM #include <stdio.h> #include <errno.h> @@ -65,6 +64,7 @@ #include "cryptlib.h" #include <openssl/bio.h> +#ifndef OPENSSL_NO_DGRAM #if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) #include <sys/timeb.h> @@ -308,7 +308,6 @@ static int dgram_read(BIO *b, char *out, int outl) OPENSSL_assert(sa.len.s<=sizeof(sa.peer)); sa.len.i = (int)sa.len.s; } - dgram_reset_rcv_timeout(b); if ( ! data->connected && ret >= 0) BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &sa.peer); @@ -322,6 +321,8 @@ static int dgram_read(BIO *b, char *out, int outl) data->_errno = get_last_socket_error(); } } + + dgram_reset_rcv_timeout(b); } return(ret); } @@ -340,7 +341,7 @@ static int dgram_write(BIO *b, const char *in, int inl) if (data->peer.sa.sa_family == AF_INET) peerlen = sizeof(data->peer.sa_in); -#if OPENSSL_USE_IVP6 +#if OPENSSL_USE_IPV6 else if (data->peer.sa.sa_family == AF_INET6) peerlen = sizeof(data->peer.sa_in6); #endif @@ -745,9 +746,13 @@ static int BIO_dgram_should_retry(int i) { err=get_last_socket_error(); -#if defined(OPENSSL_SYS_WINDOWS) && 0 /* more microsoft stupidity? perhaps not? Ben 4/1/99 */ - if ((i == -1) && (err == 0)) - return(1); +#if defined(OPENSSL_SYS_WINDOWS) + /* If the socket return value (i) is -1 + * and err is unexpectedly 0 at this point, + * the error code was overwritten by + * another system call before this error + * handling is called. + */ #endif return(BIO_dgram_non_fatal_error(err)); @@ -810,7 +815,6 @@ int BIO_dgram_non_fatal_error(int err) } return(0); } -#endif static void get_current_time(struct timeval *t) { @@ -828,3 +832,5 @@ static void get_current_time(struct timeval *t) gettimeofday(t, NULL); #endif } + +#endif diff --git a/lib/libssl/src/crypto/bio/bss_file.c b/lib/libssl/src/crypto/bio/bss_file.c index 8bfa0bcd97d..b954fe7ebc8 100644 --- a/lib/libssl/src/crypto/bio/bss_file.c +++ b/lib/libssl/src/crypto/bio/bss_file.c @@ -123,6 +123,7 @@ BIO *BIO_new_file(const char *filename, const char *mode) #if defined(_WIN32) && defined(CP_UTF8) int sz, len_0 = (int)strlen(filename)+1; + DWORD flags; /* * Basically there are three cases to cover: a) filename is @@ -136,17 +137,22 @@ BIO *BIO_new_file(const char *filename, const char *mode) * ERROR_NO_UNICODE_TRANSLATION, in which case we fall * back to fopen... */ - if ((sz=MultiByteToWideChar(CP_UTF8,MB_ERR_INVALID_CHARS, + if ((sz=MultiByteToWideChar(CP_UTF8,(flags=MB_ERR_INVALID_CHARS), + filename,len_0,NULL,0))>0 || + (GetLastError()==ERROR_INVALID_FLAGS && + (sz=MultiByteToWideChar(CP_UTF8,(flags=0), filename,len_0,NULL,0))>0) + ) { WCHAR wmode[8]; WCHAR *wfilename = _alloca(sz*sizeof(WCHAR)); - if (MultiByteToWideChar(CP_UTF8,MB_ERR_INVALID_CHARS, + if (MultiByteToWideChar(CP_UTF8,flags, filename,len_0,wfilename,sz) && MultiByteToWideChar(CP_UTF8,0,mode,strlen(mode)+1, wmode,sizeof(wmode)/sizeof(wmode[0])) && - (file=_wfopen(wfilename,wmode))==NULL && errno==ENOENT + (file=_wfopen(wfilename,wmode))==NULL && + (errno==ENOENT || errno==EBADF) ) /* UTF-8 decode succeeded, but no file, filename * could still have been locale-ized... */ file = fopen(filename,mode); diff --git a/lib/libssl/src/crypto/bio/bss_log.c b/lib/libssl/src/crypto/bio/bss_log.c index 7ead044b376..b7dce5c1a27 100644 --- a/lib/libssl/src/crypto/bio/bss_log.c +++ b/lib/libssl/src/crypto/bio/bss_log.c @@ -75,6 +75,15 @@ # include <descrip.h> # include <lib$routines.h> # include <starlet.h> +/* Some compiler options may mask the declaration of "_malloc32". */ +# if __INITIAL_POINTER_SIZE && defined _ANSI_C_SOURCE +# if __INITIAL_POINTER_SIZE == 64 +# pragma pointer_size save +# pragma pointer_size 32 + void * _malloc32 (__size_t); +# pragma pointer_size restore +# endif /* __INITIAL_POINTER_SIZE == 64 */ +# endif /* __INITIAL_POINTER_SIZE && defined _ANSI_C_SOURCE */ #elif defined(__ultrix) # include <sys/syslog.h> #elif defined(OPENSSL_SYS_NETWARE) @@ -300,7 +309,24 @@ static void xopenlog(BIO* bp, char* name, int level) static void xsyslog(BIO *bp, int priority, const char *string) { struct dsc$descriptor_s opc_dsc; + +/* Arrange 32-bit pointer to opcdef buffer and malloc(), if needed. */ +#if __INITIAL_POINTER_SIZE == 64 +# pragma pointer_size save +# pragma pointer_size 32 +# define OPCDEF_TYPE __char_ptr32 +# define OPCDEF_MALLOC _malloc32 +#else /* __INITIAL_POINTER_SIZE == 64 */ +# define OPCDEF_TYPE char * +# define OPCDEF_MALLOC OPENSSL_malloc +#endif /* __INITIAL_POINTER_SIZE == 64 [else] */ + struct opcdef *opcdef_p; + +#if __INITIAL_POINTER_SIZE == 64 +# pragma pointer_size restore +#endif /* __INITIAL_POINTER_SIZE == 64 */ + char buf[10240]; unsigned int len; struct dsc$descriptor_s buf_dsc; @@ -326,8 +352,8 @@ static void xsyslog(BIO *bp, int priority, const char *string) lib$sys_fao(&fao_cmd, &len, &buf_dsc, priority_tag, string); - /* we know there's an 8 byte header. That's documented */ - opcdef_p = (struct opcdef *) OPENSSL_malloc(8 + len); + /* We know there's an 8-byte header. That's documented. */ + opcdef_p = OPCDEF_MALLOC( 8+ len); opcdef_p->opc$b_ms_type = OPC$_RQ_RQST; memcpy(opcdef_p->opc$z_ms_target_classes, &VMS_OPC_target, 3); opcdef_p->opc$l_ms_rqstid = 0; @@ -335,7 +361,7 @@ static void xsyslog(BIO *bp, int priority, const char *string) opc_dsc.dsc$b_dtype = DSC$K_DTYPE_T; opc_dsc.dsc$b_class = DSC$K_CLASS_S; - opc_dsc.dsc$a_pointer = (char *)opcdef_p; + opc_dsc.dsc$a_pointer = (OPCDEF_TYPE) opcdef_p; opc_dsc.dsc$w_length = len + 8; sys$sndopr(opc_dsc, 0); diff --git a/lib/libssl/src/crypto/bn/bn.h b/lib/libssl/src/crypto/bn/bn.h index e484b7fc116..a0bc47837dc 100644 --- a/lib/libssl/src/crypto/bn/bn.h +++ b/lib/libssl/src/crypto/bn/bn.h @@ -253,6 +253,24 @@ extern "C" { #define BN_HEX_FMT2 "%08X" #endif +/* 2011-02-22 SMS. + * In various places, a size_t variable or a type cast to size_t was + * used to perform integer-only operations on pointers. This failed on + * VMS with 64-bit pointers (CC /POINTER_SIZE = 64) because size_t is + * still only 32 bits. What's needed in these cases is an integer type + * with the same size as a pointer, which size_t is not certain to be. + * The only fix here is VMS-specific. + */ +#if defined(OPENSSL_SYS_VMS) +# if __INITIAL_POINTER_SIZE == 64 +# define PTR_SIZE_INT long long +# else /* __INITIAL_POINTER_SIZE == 64 */ +# define PTR_SIZE_INT int +# endif /* __INITIAL_POINTER_SIZE == 64 [else] */ +#else /* defined(OPENSSL_SYS_VMS) */ +# define PTR_SIZE_INT size_t +#endif /* defined(OPENSSL_SYS_VMS) [else] */ + #define BN_DEFAULT_BITS 1280 #define BN_FLG_MALLOCED 0x01 diff --git a/lib/libssl/src/crypto/bn/bn_exp2.c b/lib/libssl/src/crypto/bn/bn_exp2.c index b3f43cec8c1..bd0c34b91bc 100644 --- a/lib/libssl/src/crypto/bn/bn_exp2.c +++ b/lib/libssl/src/crypto/bn/bn_exp2.c @@ -301,7 +301,8 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1, r_is_one = 0; } } - BN_from_montgomery(rr,r,mont,ctx); + if (!BN_from_montgomery(rr,r,mont,ctx)) + goto err; ret=1; err: if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont); diff --git a/lib/libssl/src/crypto/bn/bn_gf2m.c b/lib/libssl/src/crypto/bn/bn_gf2m.c index 527b0fa15be..432a3aa3383 100644 --- a/lib/libssl/src/crypto/bn/bn_gf2m.c +++ b/lib/libssl/src/crypto/bn/bn_gf2m.c @@ -545,6 +545,7 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) { while (!BN_is_odd(u)) { + if (BN_is_zero(u)) goto err; if (!BN_rshift1(u, u)) goto err; if (BN_is_odd(b)) { diff --git a/lib/libssl/src/crypto/bn/bn_mont.c b/lib/libssl/src/crypto/bn/bn_mont.c index 7224637ab31..1a866880f53 100644 --- a/lib/libssl/src/crypto/bn/bn_mont.c +++ b/lib/libssl/src/crypto/bn/bn_mont.c @@ -277,7 +277,7 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) m1|=m2; /* (al!=ri) */ m1|=(0-(size_t)v); /* (al!=ri || v) */ m1&=~m2; /* (al!=ri || v) && !al>ri */ - nrp=(BN_ULONG *)(((size_t)rp&~m1)|((size_t)ap&m1)); + nrp=(BN_ULONG *)(((PTR_SIZE_INT)rp&~m1)|((PTR_SIZE_INT)ap&m1)); } /* 'i<ri' is chosen to eliminate dependency on input data, even diff --git a/lib/libssl/src/crypto/bn/bn_mul.c b/lib/libssl/src/crypto/bn/bn_mul.c index a0e9ec3b469..12e5be80eb2 100644 --- a/lib/libssl/src/crypto/bn/bn_mul.c +++ b/lib/libssl/src/crypto/bn/bn_mul.c @@ -551,7 +551,7 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, int tna, int tnb, BN_ULONG *t) { int i,j,n2=n*2; - int c1,c2,neg,zero; + int c1,c2,neg; BN_ULONG ln,lo,*p; # ifdef BN_COUNT @@ -567,7 +567,7 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, /* r=(a[0]-a[1])*(b[1]-b[0]) */ c1=bn_cmp_part_words(a,&(a[n]),tna,n-tna); c2=bn_cmp_part_words(&(b[n]),b,tnb,tnb-n); - zero=neg=0; + neg=0; switch (c1*3+c2) { case -4: @@ -575,7 +575,6 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */ break; case -3: - zero=1; /* break; */ case -2: bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */ @@ -585,7 +584,6 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, case -1: case 0: case 1: - zero=1; /* break; */ case 2: bn_sub_part_words(t, a, &(a[n]),tna,n-tna); /* + */ @@ -593,7 +591,6 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, neg=1; break; case 3: - zero=1; /* break; */ case 4: bn_sub_part_words(t, a, &(a[n]),tna,n-tna); @@ -1012,7 +1009,6 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) { if (i >= -1 && i <= 1) { - int sav_j =0; /* Find out the power of two lower or equal to the longest of the two numbers */ if (i >= 0) @@ -1023,7 +1019,6 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) { j = BN_num_bits_word((BN_ULONG)bl); } - sav_j = j; j = 1<<(j-1); assert(j <= al || j <= bl); k = j+j; diff --git a/lib/libssl/src/crypto/bn/bn_nist.c b/lib/libssl/src/crypto/bn/bn_nist.c index 2ca5b013911..c6de032696e 100644 --- a/lib/libssl/src/crypto/bn/bn_nist.c +++ b/lib/libssl/src/crypto/bn/bn_nist.c @@ -354,7 +354,7 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, buf[BN_NIST_192_TOP], c_d[BN_NIST_192_TOP], *res; - size_t mask; + PTR_SIZE_INT mask; static const BIGNUM _bignum_nist_p_192_sqr = { (BN_ULONG *)_nist_p_192_sqr, sizeof(_nist_p_192_sqr)/sizeof(_nist_p_192_sqr[0]), @@ -405,9 +405,10 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, * 'tmp=result-modulus; if (!carry || !borrow) result=tmp;' * this is what happens below, but without explicit if:-) a. */ - mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_192[0],BN_NIST_192_TOP); - mask &= 0-(size_t)carry; - res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask)); + mask = 0-(PTR_SIZE_INT)bn_sub_words(c_d,r_d,_nist_p_192[0],BN_NIST_192_TOP); + mask &= 0-(PTR_SIZE_INT)carry; + res = (BN_ULONG *) + (((PTR_SIZE_INT)c_d&~mask) | ((PTR_SIZE_INT)r_d&mask)); nist_cp_bn(r_d, res, BN_NIST_192_TOP); r->top = BN_NIST_192_TOP; bn_correct_top(r); @@ -438,8 +439,8 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, buf[BN_NIST_224_TOP], c_d[BN_NIST_224_TOP], *res; - size_t mask; - union { bn_addsub_f f; size_t p; } u; + PTR_SIZE_INT mask; + union { bn_addsub_f f; PTR_SIZE_INT p; } u; static const BIGNUM _bignum_nist_p_224_sqr = { (BN_ULONG *)_nist_p_224_sqr, sizeof(_nist_p_224_sqr)/sizeof(_nist_p_224_sqr[0]), @@ -510,16 +511,18 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, * to be compared to the modulus and conditionally * adjusted by *subtracting* the latter. */ carry = (int)bn_add_words(r_d,r_d,_nist_p_224[-carry-1],BN_NIST_224_TOP); - mask = 0-(size_t)carry; - u.p = ((size_t)bn_sub_words&mask) | ((size_t)bn_add_words&~mask); + mask = 0-(PTR_SIZE_INT)carry; + u.p = ((PTR_SIZE_INT)bn_sub_words&mask) | + ((PTR_SIZE_INT)bn_add_words&~mask); } else carry = 1; /* otherwise it's effectively same as in BN_nist_mod_192... */ - mask = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_224[0],BN_NIST_224_TOP); - mask &= 0-(size_t)carry; - res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask)); + mask = 0-(PTR_SIZE_INT)(*u.f)(c_d,r_d,_nist_p_224[0],BN_NIST_224_TOP); + mask &= 0-(PTR_SIZE_INT)carry; + res = (BN_ULONG *)(((PTR_SIZE_INT)c_d&~mask) | + ((PTR_SIZE_INT)r_d&mask)); nist_cp_bn(r_d, res, BN_NIST_224_TOP); r->top = BN_NIST_224_TOP; bn_correct_top(r); @@ -549,8 +552,8 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, buf[BN_NIST_256_TOP], c_d[BN_NIST_256_TOP], *res; - size_t mask; - union { bn_addsub_f f; size_t p; } u; + PTR_SIZE_INT mask; + union { bn_addsub_f f; PTR_SIZE_INT p; } u; static const BIGNUM _bignum_nist_p_256_sqr = { (BN_ULONG *)_nist_p_256_sqr, sizeof(_nist_p_256_sqr)/sizeof(_nist_p_256_sqr[0]), @@ -629,15 +632,17 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, else if (carry < 0) { carry = (int)bn_add_words(r_d,r_d,_nist_p_256[-carry-1],BN_NIST_256_TOP); - mask = 0-(size_t)carry; - u.p = ((size_t)bn_sub_words&mask) | ((size_t)bn_add_words&~mask); + mask = 0-(PTR_SIZE_INT)carry; + u.p = ((PTR_SIZE_INT)bn_sub_words&mask) | + ((PTR_SIZE_INT)bn_add_words&~mask); } else carry = 1; - mask = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_256[0],BN_NIST_256_TOP); - mask &= 0-(size_t)carry; - res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask)); + mask = 0-(PTR_SIZE_INT)(*u.f)(c_d,r_d,_nist_p_256[0],BN_NIST_256_TOP); + mask &= 0-(PTR_SIZE_INT)carry; + res = (BN_ULONG *)(((PTR_SIZE_INT)c_d&~mask) | + ((PTR_SIZE_INT)r_d&mask)); nist_cp_bn(r_d, res, BN_NIST_256_TOP); r->top = BN_NIST_256_TOP; bn_correct_top(r); @@ -671,8 +676,8 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, buf[BN_NIST_384_TOP], c_d[BN_NIST_384_TOP], *res; - size_t mask; - union { bn_addsub_f f; size_t p; } u; + PTR_SIZE_INT mask; + union { bn_addsub_f f; PTR_SIZE_INT p; } u; static const BIGNUM _bignum_nist_p_384_sqr = { (BN_ULONG *)_nist_p_384_sqr, sizeof(_nist_p_384_sqr)/sizeof(_nist_p_384_sqr[0]), @@ -754,15 +759,17 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, else if (carry < 0) { carry = (int)bn_add_words(r_d,r_d,_nist_p_384[-carry-1],BN_NIST_384_TOP); - mask = 0-(size_t)carry; - u.p = ((size_t)bn_sub_words&mask) | ((size_t)bn_add_words&~mask); + mask = 0-(PTR_SIZE_INT)carry; + u.p = ((PTR_SIZE_INT)bn_sub_words&mask) | + ((PTR_SIZE_INT)bn_add_words&~mask); } else carry = 1; - mask = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_384[0],BN_NIST_384_TOP); - mask &= 0-(size_t)carry; - res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask)); + mask = 0-(PTR_SIZE_INT)(*u.f)(c_d,r_d,_nist_p_384[0],BN_NIST_384_TOP); + mask &= 0-(PTR_SIZE_INT)carry; + res = (BN_ULONG *)(((PTR_SIZE_INT)c_d&~mask) | + ((PTR_SIZE_INT)r_d&mask)); nist_cp_bn(r_d, res, BN_NIST_384_TOP); r->top = BN_NIST_384_TOP; bn_correct_top(r); @@ -781,7 +788,7 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_ULONG *r_d, *a_d = a->d, t_d[BN_NIST_521_TOP], val,tmp,*res; - size_t mask; + PTR_SIZE_INT mask; static const BIGNUM _bignum_nist_p_521_sqr = { (BN_ULONG *)_nist_p_521_sqr, sizeof(_nist_p_521_sqr)/sizeof(_nist_p_521_sqr[0]), @@ -826,8 +833,9 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, r_d[i] &= BN_NIST_521_TOP_MASK; bn_add_words(r_d,r_d,t_d,BN_NIST_521_TOP); - mask = 0-(size_t)bn_sub_words(t_d,r_d,_nist_p_521,BN_NIST_521_TOP); - res = (BN_ULONG *)(((size_t)t_d&~mask) | ((size_t)r_d&mask)); + mask = 0-(PTR_SIZE_INT)bn_sub_words(t_d,r_d,_nist_p_521,BN_NIST_521_TOP); + res = (BN_ULONG *)(((PTR_SIZE_INT)t_d&~mask) | + ((PTR_SIZE_INT)r_d&mask)); nist_cp_bn(r_d,res,BN_NIST_521_TOP); r->top = BN_NIST_521_TOP; bn_correct_top(r); diff --git a/lib/libssl/src/crypto/comp/c_rle.c b/lib/libssl/src/crypto/comp/c_rle.c index efd366fa223..18bceae51e7 100644 --- a/lib/libssl/src/crypto/comp/c_rle.c +++ b/lib/libssl/src/crypto/comp/c_rle.c @@ -46,7 +46,7 @@ static int rle_expand_block(COMP_CTX *ctx, unsigned char *out, { int i; - if (olen < (ilen-1)) + if (ilen == 0 || olen < (ilen-1)) { /* ZZZZZZZZZZZZZZZZZZZZZZ */ return(-1); @@ -59,4 +59,3 @@ static int rle_expand_block(COMP_CTX *ctx, unsigned char *out, } return(ilen-1); } - diff --git a/lib/libssl/src/crypto/conf/conf_api.c b/lib/libssl/src/crypto/conf/conf_api.c index 22617e5fa18..f5fcbb9f6b1 100644 --- a/lib/libssl/src/crypto/conf/conf_api.c +++ b/lib/libssl/src/crypto/conf/conf_api.c @@ -64,6 +64,7 @@ #endif #include <assert.h> +#include <stdlib.h> #include <string.h> #include <openssl/conf.h> #include <openssl/conf_api.h> @@ -285,7 +286,7 @@ CONF_VALUE *_CONF_new_section(CONF *conf, const char *section) v->value=(char *)sk; vv=lh_CONF_VALUE_insert(conf->data,v); - assert(vv == NULL); + OPENSSL_assert(vv == NULL); ok=1; err: if (!ok) diff --git a/lib/libssl/src/crypto/conf/conf_def.c b/lib/libssl/src/crypto/conf/conf_def.c index 0b571b03942..cf951320af8 100644 --- a/lib/libssl/src/crypto/conf/conf_def.c +++ b/lib/libssl/src/crypto/conf/conf_def.c @@ -213,13 +213,12 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) int bufnum=0,i,ii; BUF_MEM *buff=NULL; char *s,*p,*end; - int again,n; + int again; long eline=0; char btmp[DECIMAL_SIZE(eline)+1]; CONF_VALUE *v=NULL,*tv; CONF_VALUE *sv=NULL; char *section=NULL,*buf; - STACK_OF(CONF_VALUE) *section_sk=NULL,*ts; char *start,*psection,*pname; void *h = (void *)(conf->data); @@ -250,7 +249,6 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) CONF_R_UNABLE_TO_CREATE_NEW_SECTION); goto err; } - section_sk=(STACK_OF(CONF_VALUE) *)sv->value; bufnum=0; again=0; @@ -309,7 +307,6 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) buf=buff->data; clear_comments(conf, buf); - n=strlen(buf); s=eat_ws(conf, buf); if (IS_EOF(conf,*s)) continue; /* blank line */ if (*s == '[') @@ -343,7 +340,6 @@ again: CONF_R_UNABLE_TO_CREATE_NEW_SECTION); goto err; } - section_sk=(STACK_OF(CONF_VALUE) *)sv->value; continue; } else @@ -406,13 +402,9 @@ again: CONF_R_UNABLE_TO_CREATE_NEW_SECTION); goto err; } - ts=(STACK_OF(CONF_VALUE) *)tv->value; } else - { tv=sv; - ts=section_sk; - } #if 1 if (_CONF_add_string(conf, tv, v) == 0) { @@ -465,9 +457,6 @@ err: static void clear_comments(CONF *conf, char *p) { - char *to; - - to=p; for (;;) { if (IS_FCOMMENT(conf,*p)) diff --git a/lib/libssl/src/crypto/cryptlib.c b/lib/libssl/src/crypto/cryptlib.c index b4449b86d68..24fe123e143 100644 --- a/lib/libssl/src/crypto/cryptlib.c +++ b/lib/libssl/src/crypto/cryptlib.c @@ -731,7 +731,6 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, case DLL_THREAD_ATTACH: break; case DLL_THREAD_DETACH: - ERR_remove_state(0); break; case DLL_PROCESS_DETACH: break; @@ -743,6 +742,16 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, #if defined(_WIN32) && !defined(__CYGWIN__) #include <tchar.h> #include <signal.h> +#ifdef __WATCOMC__ +#if defined(_UNICODE) || defined(__UNICODE__) +#define _vsntprintf _vsnwprintf +#else +#define _vsntprintf _vsnprintf +#endif +#endif +#ifdef _MSC_VER +#define alloca _alloca +#endif #if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333 int OPENSSL_isservice(void) @@ -773,11 +782,7 @@ int OPENSSL_isservice(void) if (len>512) return -1; /* paranoia */ len++,len&=~1; /* paranoia */ -#ifdef _MSC_VER - name=(WCHAR *)_alloca(len+sizeof(WCHAR)); -#else name=(WCHAR *)alloca(len+sizeof(WCHAR)); -#endif if (!GetUserObjectInformationW (h,UOI_NAME,name,len,&len)) return -1; @@ -822,11 +827,7 @@ void OPENSSL_showfatal (const char *fmta,...) size_t len_0=strlen(fmta)+1,i; WCHAR *fmtw; -#ifdef _MSC_VER - fmtw = (WCHAR *)_alloca (len_0*sizeof(WCHAR)); -#else - fmtw = (WCHAR *)alloca (len_0*sizeof(WCHAR)); -#endif + fmtw = (WCHAR *)alloca(len_0*sizeof(WCHAR)); if (fmtw == NULL) { fmt=(const TCHAR *)L"no stack?"; break; } #ifndef OPENSSL_NO_MULTIBYTE diff --git a/lib/libssl/src/crypto/crypto-lib.com b/lib/libssl/src/crypto/crypto-lib.com index a4b66350911..a29c0afd93f 100644 --- a/lib/libssl/src/crypto/crypto-lib.com +++ b/lib/libssl/src/crypto/crypto-lib.com @@ -47,11 +47,33 @@ $! P6, if defined, sets a choice of crypto methods to compile. $! WARNING: this should only be done to recompile some part of an already $! fully compiled library. $! +$! P7, if defined, specifies the C pointer size. Ignored on VAX. +$! ("64=ARGV" gives more efficient code with HP C V7.3 or newer.) +$! Supported values are: +$! +$! "" Compile with default (/NOPOINTER_SIZE) +$! 32 Compile with /POINTER_SIZE=32 (SHORT) +$! 64 Compile with /POINTER_SIZE=64[=ARGV] (LONG[=ARGV]). +$! (Automatically select ARGV if compiler supports it.) +$! 64= Compile with /POINTER_SIZE=64 (LONG). +$! 64=ARGV Compile with /POINTER_SIZE=64=ARGV (LONG=ARGV). +$! +$! P8, if defined, specifies a directory where ZLIB files (zlib.h, +$! libz.olb) may be found. Optionally, a non-default object library +$! name may be included ("dev:[dir]libz_64.olb", for example). +$! +$! +$! Announce/identify. +$! +$ proc = f$environment( "procedure") +$ write sys$output "@@@ "+ - + f$parse( proc, , , "name")+ f$parse( proc, , , "type") $! $! Define A TCP/IP Library That We Will Need To Link To. $! (That Is, If We Need To Link To One.) $! $ TCPIP_LIB = "" +$ ZLIB_LIB = "" $! $! Check Which Architecture We Are Using. $! @@ -75,6 +97,11 @@ $! End The Architecture Check. $! $ ENDIF $! +$ ARCHD = ARCH +$ LIB32 = "32" +$ OPT_FILE = "" +$ POINTER_SIZE = "" +$! $! Define The Different Encryption Types. $! NOTE: Some might think this list ugly. However, it's made this way to $! reflect the SDIRS variable in [-]Makefile.org as closely as possible, @@ -91,17 +118,29 @@ $ ENCRYPT_TYPES = "Basic,"+ - "EVP,EVP_2,EVP_3,ASN1,ASN1_2,PEM,X509,X509V3,"+ - "CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,UI,KRB5,"+ - "STORE,CMS,PQUEUE,TS,JPAKE" -$! Define The OBJ Directory. $! -$ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.CRYPTO] +$! Check To Make Sure We Have Valid Command Line Parameters. +$! +$ GOSUB CHECK_OPTIONS $! -$! Define The EXE Directory. +$! Define The OBJ and EXE Directories. $! -$ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.CRYPTO] +$ OBJ_DIR := SYS$DISK:[-.'ARCHD'.OBJ.CRYPTO] +$ EXE_DIR := SYS$DISK:[-.'ARCHD'.EXE.CRYPTO] $! -$! Check To Make Sure We Have Valid Command Line Parameters. +$! Specify the destination directory in any /MAP option. $! -$ GOSUB CHECK_OPTIONS +$ if (LINKMAP .eqs. "MAP") +$ then +$ LINKMAP = LINKMAP+ "=''EXE_DIR'" +$ endif +$! +$! Add the location prefix to the linker options file name. +$! +$ if (OPT_FILE .nes. "") +$ then +$ OPT_FILE = EXE_DIR+ OPT_FILE +$ endif $! $! Initialise logical names and such $! @@ -109,7 +148,7 @@ $ GOSUB INITIALISE $! $! Tell The User What Kind of Machine We Run On. $! -$ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine." +$ WRITE SYS$OUTPUT "Host system architecture: ''ARCHD'" $! $! $! Check To See If The Architecture Specific OBJ Directory Exists. @@ -140,11 +179,11 @@ $ ENDIF $! $! Define The Library Name. $! -$ LIB_NAME := 'EXE_DIR'LIBCRYPTO.OLB +$ LIB_NAME := 'EXE_DIR'SSL_LIBCRYPTO'LIB32'.OLB $! $! Define The CRYPTO-LIB We Are To Use. $! -$ CRYPTO_LIB := 'EXE_DIR'LIBCRYPTO.OLB +$ CRYPTO_LIB := 'EXE_DIR'SSL_LIBCRYPTO'LIB32'.OLB $! $! Check To See If We Already Have A "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" Library... $! @@ -193,7 +232,7 @@ $ LIB_CAST = "c_skey,c_ecb,c_enc,c_cfb64,c_ofb64" $ LIB_CAMELLIA = "camellia,cmll_misc,cmll_ecb,cmll_cbc,cmll_ofb,"+ - "cmll_cfb,cmll_ctr" $ LIB_SEED = "seed,seed_ecb,seed_cbc,seed_cfb,seed_ofb" -$ LIB_MODES = "cbc128,ctr128,cfb128,ofb128" +$ LIB_MODES = "cbc128,ctr128,cts128,cfb128,ofb128" $ LIB_BN_ASM = "[.asm]vms.mar,vms-helper" $ IF F$TRNLNM("OPENSSL_NO_ASM") .OR. ARCH .NES. "VAX" THEN - LIB_BN_ASM = "bn_asm" @@ -301,15 +340,23 @@ $ LIB_JPAKE = "jpake,jpake_err" $! $! Setup exceptional compilations $! -$ ! Add definitions for no threads on OpenVMS 7.1 and higher +$ CC3_SHOWN = 0 +$ CC4_SHOWN = 0 +$ CC5_SHOWN = 0 +$ CC6_SHOWN = 0 +$! +$! The following lists must have leading and trailing commas, and no +$! embedded spaces. (They are scanned for ",name,".) +$! +$ ! Add definitions for no threads on OpenVMS 7.1 and higher. $ COMPILEWITH_CC3 = ",bss_rtcp," -$ ! Disable the DOLLARID warning -$ COMPILEWITH_CC4 = ",a_utctm,bss_log,o_time,o_dir" -$ ! Disable disjoint optimization +$ ! Disable the DOLLARID warning. Not needed with /STANDARD=RELAXED. +$ COMPILEWITH_CC4 = "" !!! ",a_utctm,bss_log,o_time,o_dir," +$ ! Disable disjoint optimization on VAX with DECC. $ COMPILEWITH_CC5 = ",md2_dgst,md4_dgst,md5_dgst,mdc2dgst," + - "seed,sha_dgst,sha1dgst,rmd_dgst,bf_enc," -$ ! Disable the MIXLINKAGE warning -$ COMPILEWITH_CC6 = ",enc_read,set_key," +$ ! Disable the MIXLINKAGE warning. +$ COMPILEWITH_CC6 = "" !!! ",enc_read,set_key," $! $! Figure Out What Other Modules We Are To Build. $! @@ -515,31 +562,60 @@ $ WRITE SYS$OUTPUT "Compiling The ",FILE_NAME," File. (",BUILDALL,",",STATE," $ ENDIF $ IF (MODULE_NAME.NES."") $ THEN -$ WRITE SYS$OUTPUT " ",FILE_NAME,"" +$ WRITE SYS$OUTPUT " ",FILE_NAME,"" $ ENDIF $! $! Compile The File. $! $ ON ERROR THEN GOTO NEXT_FILE -$ FILE_NAME0 = F$ELEMENT(0,".",FILE_NAME) +$ FILE_NAME0 = ","+ F$ELEMENT(0,".",FILE_NAME)+ "," $ IF FILE_NAME - ".mar" .NES. FILE_NAME $ THEN $ MACRO/OBJECT='OBJECT_FILE' 'SOURCE_FILE' $ ELSE $ IF COMPILEWITH_CC3 - FILE_NAME0 .NES. COMPILEWITH_CC3 $ THEN +$ write sys$output " \Using special rule (3)" +$ if (.not. CC3_SHOWN) +$ then +$ CC3_SHOWN = 1 +$ x = " "+ CC3 +$ write /symbol sys$output x +$ endif $ CC3/OBJECT='OBJECT_FILE' 'SOURCE_FILE' $ ELSE $ IF COMPILEWITH_CC4 - FILE_NAME0 .NES. COMPILEWITH_CC4 $ THEN +$ write /symbol sys$output " \Using special rule (4)" +$ if (.not. CC4_SHOWN) +$ then +$ CC4_SHOWN = 1 +$ x = " "+ CC4 +$ write /symbol sys$output x +$ endif $ CC4/OBJECT='OBJECT_FILE' 'SOURCE_FILE' $ ELSE -$ IF COMPILEWITH_CC5 - FILE_NAME0 .NES. COMPILEWITH_CC5 +$ IF CC5_DIFFERENT .AND. - + (COMPILEWITH_CC5 - FILE_NAME0 .NES. COMPILEWITH_CC5) $ THEN +$ write sys$output " \Using special rule (5)" +$ if (.not. CC5_SHOWN) +$ then +$ CC5_SHOWN = 1 +$ x = " "+ CC5 +$ write /symbol sys$output x +$ endif $ CC5/OBJECT='OBJECT_FILE' 'SOURCE_FILE' $ ELSE $ IF COMPILEWITH_CC6 - FILE_NAME0 .NES. COMPILEWITH_CC6 $ THEN +$ write sys$output " \Using special rule (6)" +$ if (.not. CC6_SHOWN) +$ then +$ CC6_SHOWN = 1 +$ x = " "+ CC6 +$ write /symbol sys$output x +$ endif $ CC6/OBJECT='OBJECT_FILE' 'SOURCE_FILE' $ ELSE $ CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE' @@ -586,38 +662,22 @@ $! SHOW SYMBOL APPLICATION* $! $! Tell the user what happens $! -$ WRITE SYS$OUTPUT " ",APPLICATION,".exe" +$ WRITE SYS$OUTPUT " ",APPLICATION,".exe" $! $! Link The Program. $! $ ON ERROR THEN GOTO NEXT_APPLICATION $! -$! Check To See If We Are To Link With A Specific TCP/IP Library. +$! Link With A TCP/IP Library. $! -$ IF (TCPIP_LIB.NES."") -$ THEN +$ LINK /'DEBUGGER' /'LINKMAP' /'TRACEBACK' - + /EXE='EXE_DIR''APPLICATION'.EXE - + 'OBJ_DIR''APPLICATION_OBJECTS', - + 'CRYPTO_LIB'/LIBRARY - + 'TCPIP_LIB' - + 'ZLIB_LIB' - + ,'OPT_FILE' /OPTIONS $! -$! Link With A TCP/IP Library. -$! -$ LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR''APPLICATION'.EXE - - 'OBJ_DIR''APPLICATION_OBJECTS', - - 'CRYPTO_LIB'/LIBRARY, - - 'TCPIP_LIB','OPT_FILE'/OPTION -$! -$! Else... -$! -$ ELSE -$! -$! Don't Link With A TCP/IP Library. -$! -$ LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR''APPLICATION'.EXE - - 'OBJ_DIR''APPLICATION_OBJECTS',- - 'CRYPTO_LIB'/LIBRARY, - - 'OPT_FILE'/OPTION -$! -$! End The TCP/IP Library Check. -$! -$ ENDIF $ GOTO NEXT_APPLICATION $ APPLICATION_DONE: $ ENDIF @@ -656,7 +716,7 @@ $! $ CREATE 'OPT_FILE' $DECK ! -! Default System Options File To Link Agianst +! Default System Options File To Link Against ! The Sharable VAX C Runtime Library. ! SYS$SHARE:VAXCRTL.EXE/SHARE @@ -685,7 +745,7 @@ $! $ CREATE 'OPT_FILE' $DECK ! -! Default System Options File To Link Agianst +! Default System Options File To Link Against ! The Sharable C Runtime Library. ! GNU_CC:[000000]GCCLIB/LIBRARY @@ -720,7 +780,7 @@ $! $ CREATE 'OPT_FILE' $DECK ! -! Default System Options File To Link Agianst +! Default System Options File To Link Against ! The Sharable DEC C Runtime Library. ! SYS$SHARE:DECC$SHR.EXE/SHARE @@ -735,7 +795,7 @@ $! $ CREATE 'OPT_FILE' $DECK ! -! Default System Options File For non-VAX To Link Agianst +! Default System Options File For non-VAX To Link Against ! The Sharable C Runtime Library. ! SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE @@ -756,7 +816,7 @@ $ ENDIF $! $! Tell The User What Linker Option File We Are Using. $! -$ WRITE SYS$OUTPUT "Using Linker Option File ",OPT_FILE,"." +$ WRITE SYS$OUTPUT "Using Linker Option File ",OPT_FILE,"." $! $! Time To RETURN. $! @@ -803,8 +863,8 @@ $ WRITE SYS$OUTPUT " APPS : To Compile Just The [.xxx.EXE.CRYPTO]*.E $ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT " Where 'xxx' Stands For:" $ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT " ALPHA : Alpha Architecture." -$ WRITE SYS$OUTPUT " IA64 : IA64 Architecture." +$ WRITE SYS$OUTPUT " ALPHA[64]: Alpha Architecture." +$ WRITE SYS$OUTPUT " IA64[64] : IA64 Architecture." $ WRITE SYS$OUTPUT " VAX : VAX Architecture." $ WRITE SYS$OUTPUT "" $! @@ -825,15 +885,16 @@ $! $ IF (P2.EQS."NODEBUG") $ THEN $! -$! P2 Is NODEBUG, So Compile Without The Debugger Information. +$! P2 Is NODEBUG, So Compile Without The Debugger Information. $! -$ DEBUGGER = "NODEBUG" -$ TRACEBACK = "NOTRACEBACK" -$ GCC_OPTIMIZE = "OPTIMIZE" -$ CC_OPTIMIZE = "OPTIMIZE" -$ MACRO_OPTIMIZE = "OPTIMIZE" -$ WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile." -$ WRITE SYS$OUTPUT "Compiling With Compiler Optimization." +$ DEBUGGER = "NODEBUG" +$ LINKMAP = "NOMAP" +$ TRACEBACK = "NOTRACEBACK" +$ GCC_OPTIMIZE = "OPTIMIZE" +$ CC_OPTIMIZE = "OPTIMIZE" +$ MACRO_OPTIMIZE = "OPTIMIZE" +$ WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile." +$ WRITE SYS$OUTPUT "Compiling With Compiler Optimization." $ ELSE $! $! Check To See If We Are To Compile With Debugger Information. @@ -844,6 +905,7 @@ $! $! Compile With Debugger Information. $! $ DEBUGGER = "DEBUG" +$ LINKMAP = "MAP" $ TRACEBACK = "TRACEBACK" $ GCC_OPTIMIZE = "NOOPTIMIZE" $ CC_OPTIMIZE = "NOOPTIMIZE" @@ -852,7 +914,7 @@ $ WRITE SYS$OUTPUT "Debugger Information Will Be Produced During Compile." $ WRITE SYS$OUTPUT "Compiling Without Compiler Optimization." $ ELSE $! -$! They Entered An Invalid Option.. +$! They Entered An Invalid Option. $! $ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT "The Option ",P2," Is Invalid. The Valid Options Are:" @@ -907,6 +969,60 @@ $! End The P5 Check. $! $ ENDIF $! +$! Check P7 (POINTER_SIZE). +$! +$ IF (P7 .NES. "") .AND. (ARCH .NES. "VAX") +$ THEN +$! +$ IF (P7 .EQS. "32") +$ THEN +$ POINTER_SIZE = " /POINTER_SIZE=32" +$ ELSE +$ POINTER_SIZE = F$EDIT( P7, "COLLAPSE, UPCASE") +$ IF ((POINTER_SIZE .EQS. "64") .OR. - + (POINTER_SIZE .EQS. "64=") .OR. - + (POINTER_SIZE .EQS. "64=ARGV")) +$ THEN +$ ARCHD = ARCH+ "_64" +$ LIB32 = "" +$ POINTER_SIZE = " /POINTER_SIZE=64" +$ ELSE +$! +$! Tell The User Entered An Invalid Option. +$! +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT "The Option ", P7, - + " Is Invalid. The Valid Options Are:" +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT - + " """" : Compile with default (short) pointers." +$ WRITE SYS$OUTPUT - + " 32 : Compile with 32-bit (short) pointers." +$ WRITE SYS$OUTPUT - + " 64 : Compile with 64-bit (long) pointers (auto ARGV)." +$ WRITE SYS$OUTPUT - + " 64= : Compile with 64-bit (long) pointers (no ARGV)." +$ WRITE SYS$OUTPUT - + " 64=ARGV : Compile with 64-bit (long) pointers (ARGV)." +$ WRITE SYS$OUTPUT "" +$! +$! Time To EXIT. +$! +$ EXIT +$! +$ ENDIF +$! +$ ENDIF +$! +$! End The P7 (POINTER_SIZE) Check. +$! +$ ENDIF +$! +$! Set basic C compiler /INCLUDE directories. +$! +$ CC_INCLUDES = "SYS$DISK:[.''ARCHD'],SYS$DISK:[],SYS$DISK:[-],"+ - + "SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1]" +$! $! Check To See If P3 Is Blank. $! $ IF (P3.EQS."") @@ -1007,11 +1123,64 @@ $ CCDEFS = "TCPIP_TYPE_''P4',DSO_VMS" $ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS $ CCEXTRAFLAGS = "" $ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS -$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR" +$ CCDISABLEWARNINGS = "" !!! "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR" $ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN - CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS $! -$! Check To See If The User Entered A Valid Paramter. +$! Check To See If We Have A ZLIB Option. +$! +$ ZLIB = P8 +$ IF (ZLIB .NES. "") +$ THEN +$! +$! Check for expected ZLIB files. +$! +$ err = 0 +$ file1 = f$parse( "zlib.h", ZLIB, , , "SYNTAX_ONLY") +$ if (f$search( file1) .eqs. "") +$ then +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid." +$ WRITE SYS$OUTPUT " Can't find header: ''file1'" +$ err = 1 +$ endif +$ file1 = f$parse( "A.;", ZLIB)- "A.;" +$! +$ file2 = f$parse( ZLIB, "libz.olb", , , "SYNTAX_ONLY") +$ if (f$search( file2) .eqs. "") +$ then +$ if (err .eq. 0) +$ then +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid." +$ endif +$ WRITE SYS$OUTPUT " Can't find library: ''file2'" +$ WRITE SYS$OUTPUT "" +$ err = err+ 2 +$ endif +$ if (err .eq. 1) +$ then +$ WRITE SYS$OUTPUT "" +$ endif +$! +$ if (err .ne. 0) +$ then +$ EXIT +$ endif +$! +$ CCDEFS = """ZLIB=1"", "+ CCDEFS +$ CC_INCLUDES = CC_INCLUDES+ ", "+ file1 +$ ZLIB_LIB = ", ''file2' /library" +$! +$! Print info +$! +$ WRITE SYS$OUTPUT "ZLIB library spec: ", file2 +$! +$! End The ZLIB Check. +$! +$ ENDIF +$! +$! Check To See If The User Entered A Valid Parameter. $! $ IF (P3.EQS."VAXC").OR.(P3.EQS."DECC").OR.(P3.EQS."GNUC") $ THEN @@ -1034,14 +1203,14 @@ $! $ CC = "CC" $ IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" - THEN CC = "CC/DECC" -$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + - - "/NOLIST/PREFIX=ALL" + - - "/INCLUDE=(SYS$DISK:[],SYS$DISK:[._''ARCH'],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + - - CCEXTRAFLAGS +$ CC = CC + " /''CC_OPTIMIZE' /''DEBUGGER' /STANDARD=RELAXED"+ - + "''POINTER_SIZE' /NOLIST /PREFIX=ALL" + - + " /INCLUDE=(''CC_INCLUDES')"+ - + CCEXTRAFLAGS $! $! Define The Linker Options File Name. $! -$ OPT_FILE = "''EXE_DIR'VAX_DECC_OPTIONS.OPT" +$ OPT_FILE = "VAX_DECC_OPTIONS.OPT" $! $! End DECC Check. $! @@ -1070,7 +1239,7 @@ $ EXIT $ ENDIF $ IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC" $ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + - - "/INCLUDE=(SYS$DISK:[],SYS$DISK:[._''ARCH'],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + - + "/INCLUDE=(''CC_INCLUDES')"+ - CCEXTRAFLAGS $ CCDEFS = """VAXC""," + CCDEFS $! @@ -1080,7 +1249,7 @@ $ DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB] $! $! Define The Linker Options File Name. $! -$ OPT_FILE = "''EXE_DIR'VAX_VAXC_OPTIONS.OPT" +$ OPT_FILE = "VAX_VAXC_OPTIONS.OPT" $! $! End VAXC Check $! @@ -1102,12 +1271,12 @@ $! $! Use GNU C... $! $ CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + - - "/INCLUDE=(SYS$DISK:[],SYS$DISK:[._''ARCH'],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + - + "/INCLUDE=(''CC_INCLUDES')"+ - CCEXTRAFLAGS $! $! Define The Linker Options File Name. $! -$ OPT_FILE = "''EXE_DIR'VAX_GNUC_OPTIONS.OPT" +$ OPT_FILE = "VAX_GNUC_OPTIONS.OPT" $! $! End The GNU C Check. $! @@ -1128,22 +1297,24 @@ $ CC6DISABLEWARNINGS = "MIXLINKAGE" $ ELSE $ CC4DISABLEWARNINGS = CCDISABLEWARNINGS + ",DOLLARID" $ CC6DISABLEWARNINGS = CCDISABLEWARNINGS + ",MIXLINKAGE" -$ CCDISABLEWARNINGS = "/WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))" +$ CCDISABLEWARNINGS = " /WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))" $ ENDIF -$ CC4DISABLEWARNINGS = "/WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))" -$ CC6DISABLEWARNINGS = "/WARNING=(DISABLE=(" + CC6DISABLEWARNINGS + "))" +$ CC4DISABLEWARNINGS = " /WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))" +$ CC6DISABLEWARNINGS = " /WARNING=(DISABLE=(" + CC6DISABLEWARNINGS + "))" $ ELSE $ CCDISABLEWARNINGS = "" $ CC4DISABLEWARNINGS = "" $ CC6DISABLEWARNINGS = "" $ ENDIF -$ CC3 = CC + "/DEFINE=(" + CCDEFS + ISSEVEN + ")" + CCDISABLEWARNINGS -$ CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS +$ CC3 = CC + " /DEFINE=(" + CCDEFS + ISSEVEN + ")" + CCDISABLEWARNINGS +$ CC = CC + " /DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS $ IF ARCH .EQS. "VAX" .AND. COMPILER .EQS. "DECC" .AND. P2 .NES. "DEBUG" $ THEN -$ CC5 = CC + "/OPTIMIZE=NODISJOINT" +$ CC5 = CC + " /OPTIMIZE=NODISJOINT" +$ CC5_DIFFERENT = 1 $ ELSE -$ CC5 = CC + "/NOOPTIMIZE" +$ CC5 = CC +$ CC5_DIFFERENT = 0 $ ENDIF $ CC4 = CC - CCDISABLEWARNINGS + CC4DISABLEWARNINGS $ CC6 = CC - CCDISABLEWARNINGS + CC6DISABLEWARNINGS @@ -1196,7 +1367,7 @@ $ THEN $! $! Set the library to use SOCKETSHR $! -$ TCPIP_LIB = "SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT/OPT" +$ TCPIP_LIB = ",SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT /OPTIONS" $! $! Done with SOCKETSHR $! @@ -1222,13 +1393,13 @@ $ THEN $! $! Set the library to use UCX. $! -$ TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT/OPT" +$ TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT /OPTIONS" $ IF F$TRNLNM("UCX$IPC_SHR") .NES. "" $ THEN -$ TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT/OPT" +$ TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT /OPTIONS" $ ELSE $ IF COMPILER .NES. "DECC" .AND. ARCH .EQS. "VAX" THEN - - TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT/OPT" + TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT /OPTIONS" $ ENDIF $! $! Done with UCX @@ -1242,7 +1413,7 @@ $ THEN $! $! Set the library to use TCPIP (post UCX). $! -$ TCPIP_LIB = "SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT/OPT" +$ TCPIP_LIB = ",SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT /OPTIONS" $! $! Done with TCPIP $! @@ -1263,7 +1434,7 @@ $ ENDIF $! $! Print info $! -$ WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB +$ WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB- "," $! $! Else The User Entered An Invalid Argument. $! diff --git a/lib/libssl/src/crypto/dsa/dsa_gen.c b/lib/libssl/src/crypto/dsa/dsa_gen.c index 0fcd25f8b0a..cb0b4538a49 100644 --- a/lib/libssl/src/crypto/dsa/dsa_gen.c +++ b/lib/libssl/src/crypto/dsa/dsa_gen.c @@ -120,7 +120,7 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, BIGNUM *r0,*W,*X,*c,*test; BIGNUM *g=NULL,*q=NULL,*p=NULL; BN_MONT_CTX *mont=NULL; - int i, k,n=0,b,m=0, qsize = qbits >> 3; + int i, k, n=0, m=0, qsize = qbits >> 3; int counter=0; int r=0; BN_CTX *ctx=NULL; @@ -232,7 +232,6 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, /* "offset = 2" */ n=(bits-1)/160; - b=(bits-1)-n*160; for (;;) { diff --git a/lib/libssl/src/crypto/dsa/dsa_ossl.c b/lib/libssl/src/crypto/dsa/dsa_ossl.c index 4fead07e80f..a3ddd7d2816 100644 --- a/lib/libssl/src/crypto/dsa/dsa_ossl.c +++ b/lib/libssl/src/crypto/dsa/dsa_ossl.c @@ -148,15 +148,6 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) s=BN_new(); if (s == NULL) goto err; - - /* reject a excessive digest length (currently at most - * dsa-with-SHA256 is supported) */ - if (dlen > SHA256_DIGEST_LENGTH) - { - reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE; - goto err; - } - ctx=BN_CTX_new(); if (ctx == NULL) goto err; @@ -185,7 +176,7 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */ if (!BN_add(s, &xr, &m)) goto err; /* s = m + xr */ if (BN_cmp(s,dsa->q) > 0) - BN_sub(s,s,dsa->q); + if (!BN_sub(s,s,dsa->q)) goto err; if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err; ret=DSA_SIG_new(); @@ -325,15 +316,6 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MODULUS_TOO_LARGE); return -1; } - - /* reject a excessive digest length (currently at most - * dsa-with-SHA256 is supported) */ - if (dgst_len > SHA256_DIGEST_LENGTH) - { - DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); - return -1; - } - BN_init(&u1); BN_init(&u2); BN_init(&t1); diff --git a/lib/libssl/src/crypto/dso/dso_dlfcn.c b/lib/libssl/src/crypto/dso/dso_dlfcn.c index 578a20d91d9..e78004903c3 100644 --- a/lib/libssl/src/crypto/dso/dso_dlfcn.c +++ b/lib/libssl/src/crypto/dso/dso_dlfcn.c @@ -85,6 +85,7 @@ DSO_METHOD *DSO_METHOD_dlfcn(void) # define HAVE_DLINFO 1 # if defined(_AIX) || defined(__CYGWIN__) || \ defined(__SCO_VERSION__) || defined(_SCO_ELF) || \ + (defined(__osf__) && !defined(RTLD_NEXT)) || \ (defined(__OpenBSD__) && (!defined(__ELF__) || !defined(RTLD_SELF))) # undef HAVE_DLINFO # endif diff --git a/lib/libssl/src/crypto/dso/dso_vms.c b/lib/libssl/src/crypto/dso/dso_vms.c index 321512772aa..eee20d14f12 100644 --- a/lib/libssl/src/crypto/dso/dso_vms.c +++ b/lib/libssl/src/crypto/dso/dso_vms.c @@ -68,8 +68,20 @@ #include <stsdef.h> #include <descrip.h> #include <starlet.h> +#include "vms_rms.h" #endif +/* Some compiler options may mask the declaration of "_malloc32". */ +#if __INITIAL_POINTER_SIZE && defined _ANSI_C_SOURCE +# if __INITIAL_POINTER_SIZE == 64 +# pragma pointer_size save +# pragma pointer_size 32 + void * _malloc32 (__size_t); +# pragma pointer_size restore +# endif /* __INITIAL_POINTER_SIZE == 64 */ +#endif /* __INITIAL_POINTER_SIZE && defined _ANSI_C_SOURCE */ + + #ifndef OPENSSL_SYS_VMS DSO_METHOD *DSO_METHOD_vms(void) { @@ -121,14 +133,13 @@ typedef struct dso_internal_st /* This should contain the name only, no directory, * no extension, nothing but a name. */ struct dsc$descriptor_s filename_dsc; - char filename[FILENAME_MAX+1]; + char filename[ NAMX_MAXRSS+ 1]; /* This contains whatever is not in filename, if needed. * Normally not defined. */ struct dsc$descriptor_s imagename_dsc; - char imagename[FILENAME_MAX+1]; + char imagename[ NAMX_MAXRSS+ 1]; } DSO_VMS_INTERNAL; - DSO_METHOD *DSO_METHOD_vms(void) { return(&dso_meth_vms); @@ -139,7 +150,22 @@ static int vms_load(DSO *dso) void *ptr = NULL; /* See applicable comments in dso_dl.c */ char *filename = DSO_convert_filename(dso, NULL); - DSO_VMS_INTERNAL *p; + +/* Ensure 32-bit pointer for "p", and appropriate malloc() function. */ +#if __INITIAL_POINTER_SIZE == 64 +# define DSO_MALLOC _malloc32 +# pragma pointer_size save +# pragma pointer_size 32 +#else /* __INITIAL_POINTER_SIZE == 64 */ +# define DSO_MALLOC OPENSSL_malloc +#endif /* __INITIAL_POINTER_SIZE == 64 [else] */ + + DSO_VMS_INTERNAL *p = NULL; + +#if __INITIAL_POINTER_SIZE == 64 +# pragma pointer_size restore +#endif /* __INITIAL_POINTER_SIZE == 64 */ + const char *sp1, *sp2; /* Search result */ if(filename == NULL) @@ -192,7 +218,7 @@ static int vms_load(DSO *dso) goto err; } - p = (DSO_VMS_INTERNAL *)OPENSSL_malloc(sizeof(DSO_VMS_INTERNAL)); + p = DSO_MALLOC(sizeof(DSO_VMS_INTERNAL)); if(p == NULL) { DSOerr(DSO_F_VMS_LOAD,ERR_R_MALLOC_FAILURE); @@ -290,18 +316,38 @@ void vms_bind_sym(DSO *dso, const char *symname, void **sym) int flags = 0; #endif struct dsc$descriptor_s symname_dsc; - *sym = NULL; - symname_dsc.dsc$w_length = strlen(symname); - symname_dsc.dsc$b_dtype = DSC$K_DTYPE_T; - symname_dsc.dsc$b_class = DSC$K_CLASS_S; - symname_dsc.dsc$a_pointer = (char *)symname; /* The cast is needed */ +/* Arrange 32-bit pointer to (copied) string storage, if needed. */ +#if __INITIAL_POINTER_SIZE == 64 +# define SYMNAME symname_32p +# pragma pointer_size save +# pragma pointer_size 32 + char *symname_32p; +# pragma pointer_size restore + char symname_32[ NAMX_MAXRSS+ 1]; +#else /* __INITIAL_POINTER_SIZE == 64 */ +# define SYMNAME ((char *) symname) +#endif /* __INITIAL_POINTER_SIZE == 64 [else] */ + + *sym = NULL; if((dso == NULL) || (symname == NULL)) { DSOerr(DSO_F_VMS_BIND_SYM,ERR_R_PASSED_NULL_PARAMETER); return; } + +#if __INITIAL_POINTER_SIZE == 64 + /* Copy the symbol name to storage with a 32-bit pointer. */ + symname_32p = symname_32; + strcpy( symname_32p, symname); +#endif /* __INITIAL_POINTER_SIZE == 64 [else] */ + + symname_dsc.dsc$w_length = strlen(SYMNAME); + symname_dsc.dsc$b_dtype = DSC$K_DTYPE_T; + symname_dsc.dsc$b_class = DSC$K_CLASS_S; + symname_dsc.dsc$a_pointer = SYMNAME; + if(sk_void_num(dso->meth_data) < 1) { DSOerr(DSO_F_VMS_BIND_SYM,DSO_R_STACK_ERROR); @@ -372,64 +418,60 @@ static DSO_FUNC_TYPE vms_bind_func(DSO *dso, const char *symname) return sym; } + static char *vms_merger(DSO *dso, const char *filespec1, const char *filespec2) { int status; int filespec1len, filespec2len; struct FAB fab; -#ifdef NAML$C_MAXRSS - struct NAML nam; - char esa[NAML$C_MAXRSS]; -#else - struct NAM nam; - char esa[NAM$C_MAXRSS]; -#endif + struct NAMX_STRUCT nam; + char esa[ NAMX_MAXRSS+ 1]; char *merged; +/* Arrange 32-bit pointer to (copied) string storage, if needed. */ +#if __INITIAL_POINTER_SIZE == 64 +# define FILESPEC1 filespec1_32p; +# define FILESPEC2 filespec2_32p; +# pragma pointer_size save +# pragma pointer_size 32 + char *filespec1_32p; + char *filespec2_32p; +# pragma pointer_size restore + char filespec1_32[ NAMX_MAXRSS+ 1]; + char filespec2_32[ NAMX_MAXRSS+ 1]; +#else /* __INITIAL_POINTER_SIZE == 64 */ +# define FILESPEC1 ((char *) filespec1) +# define FILESPEC2 ((char *) filespec2) +#endif /* __INITIAL_POINTER_SIZE == 64 [else] */ + if (!filespec1) filespec1 = ""; if (!filespec2) filespec2 = ""; filespec1len = strlen(filespec1); filespec2len = strlen(filespec2); +#if __INITIAL_POINTER_SIZE == 64 + /* Copy the file names to storage with a 32-bit pointer. */ + filespec1_32p = filespec1_32; + filespec2_32p = filespec2_32; + strcpy( filespec1_32p, filespec1); + strcpy( filespec2_32p, filespec2); +#endif /* __INITIAL_POINTER_SIZE == 64 [else] */ + fab = cc$rms_fab; -#ifdef NAML$C_MAXRSS - nam = cc$rms_naml; -#else - nam = cc$rms_nam; -#endif + nam = CC_RMS_NAMX; - fab.fab$l_fna = (char *)filespec1; - fab.fab$b_fns = filespec1len; - fab.fab$l_dna = (char *)filespec2; - fab.fab$b_dns = filespec2len; -#ifdef NAML$C_MAXRSS - if (filespec1len > NAM$C_MAXRSS) - { - fab.fab$l_fna = 0; - fab.fab$b_fns = 0; - nam.naml$l_long_filename = (char *)filespec1; - nam.naml$l_long_filename_size = filespec1len; - } - if (filespec2len > NAM$C_MAXRSS) - { - fab.fab$l_dna = 0; - fab.fab$b_dns = 0; - nam.naml$l_long_defname = (char *)filespec2; - nam.naml$l_long_defname_size = filespec2len; - } - nam.naml$l_esa = esa; - nam.naml$b_ess = NAM$C_MAXRSS; - nam.naml$l_long_expand = esa; - nam.naml$l_long_expand_alloc = sizeof(esa); - nam.naml$b_nop = NAM$M_SYNCHK | NAM$M_PWD; - nam.naml$v_no_short_upcase = 1; - fab.fab$l_naml = &nam; -#else - nam.nam$l_esa = esa; - nam.nam$b_ess = NAM$C_MAXRSS; - nam.nam$b_nop = NAM$M_SYNCHK | NAM$M_PWD; - fab.fab$l_nam = &nam; -#endif + FAB_OR_NAML( fab, nam).FAB_OR_NAML_FNA = FILESPEC1; + FAB_OR_NAML( fab, nam).FAB_OR_NAML_FNS = filespec1len; + FAB_OR_NAML( fab, nam).FAB_OR_NAML_DNA = FILESPEC2; + FAB_OR_NAML( fab, nam).FAB_OR_NAML_DNS = filespec2len; + NAMX_DNA_FNA_SET( fab) + + nam.NAMX_ESA = esa; + nam.NAMX_ESS = NAMX_MAXRSS; + nam.NAMX_NOP = NAM$M_SYNCHK | NAM$M_PWD; + SET_NAMX_NO_SHORT_UPCASE( nam); + + fab.FAB_NAMX = &nam; status = sys$parse(&fab, 0, 0); @@ -460,33 +502,12 @@ static char *vms_merger(DSO *dso, const char *filespec1, const char *filespec2) } return(NULL); } -#ifdef NAML$C_MAXRSS - if (nam.naml$l_long_expand_size) - { - merged = OPENSSL_malloc(nam.naml$l_long_expand_size + 1); - if(!merged) - goto malloc_err; - strncpy(merged, nam.naml$l_long_expand, - nam.naml$l_long_expand_size); - merged[nam.naml$l_long_expand_size] = '\0'; - } - else - { - merged = OPENSSL_malloc(nam.naml$b_esl + 1); - if(!merged) - goto malloc_err; - strncpy(merged, nam.naml$l_esa, - nam.naml$b_esl); - merged[nam.naml$b_esl] = '\0'; - } -#else - merged = OPENSSL_malloc(nam.nam$b_esl + 1); + + merged = OPENSSL_malloc( nam.NAMX_ESL+ 1); if(!merged) goto malloc_err; - strncpy(merged, nam.nam$l_esa, - nam.nam$b_esl); - merged[nam.nam$b_esl] = '\0'; -#endif + strncpy( merged, nam.NAMX_ESA, nam.NAMX_ESL); + merged[ nam.NAMX_ESL] = '\0'; return(merged); malloc_err: DSOerr(DSO_F_VMS_MERGER, diff --git a/lib/libssl/src/crypto/ec/ec2_smpl.c b/lib/libssl/src/crypto/ec/ec2_smpl.c index cf357b462a2..af94458ca7b 100644 --- a/lib/libssl/src/crypto/ec/ec2_smpl.c +++ b/lib/libssl/src/crypto/ec/ec2_smpl.c @@ -937,6 +937,9 @@ int ec_GF2m_simple_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT { return EC_POINT_is_at_infinity(group, b) ? 0 : 1; } + + if (EC_POINT_is_at_infinity(group, b)) + return 1; if (a->Z_is_one && b->Z_is_one) { diff --git a/lib/libssl/src/crypto/ec/ec_mult.c b/lib/libssl/src/crypto/ec/ec_mult.c index f05df5332e1..19f21675fbd 100644 --- a/lib/libssl/src/crypto/ec/ec_mult.c +++ b/lib/libssl/src/crypto/ec/ec_mult.c @@ -169,11 +169,13 @@ static void ec_pre_comp_clear_free(void *pre_) EC_POINT **p; for (p = pre->points; *p != NULL; p++) + { EC_POINT_clear_free(*p); - OPENSSL_cleanse(pre->points, sizeof pre->points); + OPENSSL_cleanse(p, sizeof *p); + } OPENSSL_free(pre->points); } - OPENSSL_cleanse(pre, sizeof pre); + OPENSSL_cleanse(pre, sizeof *pre); OPENSSL_free(pre); } diff --git a/lib/libssl/src/crypto/ec/ecp_smpl.c b/lib/libssl/src/crypto/ec/ecp_smpl.c index 4d26f8bdf69..66a92e2a900 100644 --- a/lib/libssl/src/crypto/ec/ecp_smpl.c +++ b/lib/libssl/src/crypto/ec/ecp_smpl.c @@ -1406,6 +1406,9 @@ int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT * { return EC_POINT_is_at_infinity(group, b) ? 0 : 1; } + + if (EC_POINT_is_at_infinity(group, b)) + return 1; if (a->Z_is_one && b->Z_is_one) { diff --git a/lib/libssl/src/crypto/engine/engine.h b/lib/libssl/src/crypto/engine/engine.h index 8ad11b15d79..9d73abac8e1 100644 --- a/lib/libssl/src/crypto/engine/engine.h +++ b/lib/libssl/src/crypto/engine/engine.h @@ -678,6 +678,7 @@ typedef struct st_dynamic_fns { * can be fully instantiated with IMPLEMENT_DYNAMIC_CHECK_FN(). */ typedef unsigned long (*dynamic_v_check_fn)(unsigned long ossl_version); #define IMPLEMENT_DYNAMIC_CHECK_FN() \ + OPENSSL_EXPORT unsigned long v_check(unsigned long v); \ OPENSSL_EXPORT unsigned long v_check(unsigned long v) { \ if(v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \ return 0; } @@ -701,6 +702,8 @@ typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id, const dynamic_fns *fns); #define IMPLEMENT_DYNAMIC_BIND_FN(fn) \ OPENSSL_EXPORT \ + int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns); \ + OPENSSL_EXPORT \ int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \ if(ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \ if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \ diff --git a/lib/libssl/src/crypto/evp/encode.c b/lib/libssl/src/crypto/evp/encode.c index b42c7472493..28546a84bc2 100644 --- a/lib/libssl/src/crypto/evp/encode.c +++ b/lib/libssl/src/crypto/evp/encode.c @@ -235,7 +235,7 @@ void EVP_DecodeInit(EVP_ENCODE_CTX *ctx) int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl) { - int seof= -1,eof=0,rv= -1,ret=0,i,v,tmp,n,ln,tmp2,exp_nl; + int seof= -1,eof=0,rv= -1,ret=0,i,v,tmp,n,ln,exp_nl; unsigned char *d; n=ctx->num; @@ -319,7 +319,6 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, * lines. We process the line and then need to * accept the '\n' */ if ((v != B64_EOF) && (n >= 64)) exp_nl=1; - tmp2=v; if (n > 0) { v=EVP_DecodeBlock(out,d,n); diff --git a/lib/libssl/src/crypto/evp/evp_enc.c b/lib/libssl/src/crypto/evp/evp_enc.c index bead6a2170a..c268d25cb4e 100644 --- a/lib/libssl/src/crypto/evp/evp_enc.c +++ b/lib/libssl/src/crypto/evp/evp_enc.c @@ -204,6 +204,7 @@ skip_to_init: case EVP_CIPH_OFB_MODE: ctx->num = 0; + /* fall-through */ case EVP_CIPH_CBC_MODE: diff --git a/lib/libssl/src/crypto/evp/evp_test.c b/lib/libssl/src/crypto/evp/evp_test.c index 902efac975a..55c7cdfdccf 100644 --- a/lib/libssl/src/crypto/evp/evp_test.c +++ b/lib/libssl/src/crypto/evp/evp_test.c @@ -435,6 +435,7 @@ int main(int argc,char **argv) EXIT(3); } } + fclose(f); #ifndef OPENSSL_NO_ENGINE ENGINE_cleanup(); diff --git a/lib/libssl/src/crypto/evp/p_lib.c b/lib/libssl/src/crypto/evp/p_lib.c index 1916c616991..e26ccd0d086 100644 --- a/lib/libssl/src/crypto/evp/p_lib.c +++ b/lib/libssl/src/crypto/evp/p_lib.c @@ -411,7 +411,10 @@ void EVP_PKEY_free(EVP_PKEY *x) static void EVP_PKEY_free_it(EVP_PKEY *x) { if (x->ameth && x->ameth->pkey_free) + { x->ameth->pkey_free(x); + x->pkey.ptr = NULL; + } #ifndef OPENSSL_NO_ENGINE if (x->engine) { diff --git a/lib/libssl/src/crypto/evp/p_sign.c b/lib/libssl/src/crypto/evp/p_sign.c index 8df6d48a7ec..bb893f5bde4 100644 --- a/lib/libssl/src/crypto/evp/p_sign.c +++ b/lib/libssl/src/crypto/evp/p_sign.c @@ -81,7 +81,7 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen, unsigned char m[EVP_MAX_MD_SIZE]; unsigned int m_len; int i,ok=0,v; - MS_STATIC EVP_MD_CTX tmp_ctx; + EVP_MD_CTX tmp_ctx; *siglen=0; EVP_MD_CTX_init(&tmp_ctx); diff --git a/lib/libssl/src/crypto/evp/p_verify.c b/lib/libssl/src/crypto/evp/p_verify.c index 8db46412f37..41d4b671301 100644 --- a/lib/libssl/src/crypto/evp/p_verify.c +++ b/lib/libssl/src/crypto/evp/p_verify.c @@ -68,7 +68,7 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, unsigned char m[EVP_MAX_MD_SIZE]; unsigned int m_len; int i,ok=0,v; - MS_STATIC EVP_MD_CTX tmp_ctx; + EVP_MD_CTX tmp_ctx; EVP_MD_CTX_init(&tmp_ctx); EVP_MD_CTX_copy_ex(&tmp_ctx,ctx); diff --git a/lib/libssl/src/crypto/hmac/hmac.c b/lib/libssl/src/crypto/hmac/hmac.c index 45015fe754d..6c98fc43a31 100644 --- a/lib/libssl/src/crypto/hmac/hmac.c +++ b/lib/libssl/src/crypto/hmac/hmac.c @@ -138,12 +138,9 @@ int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len) int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len) { - int j; unsigned int i; unsigned char buf[EVP_MAX_MD_SIZE]; - j=EVP_MD_block_size(ctx->md); - if (!EVP_DigestFinal_ex(&ctx->md_ctx,buf,&i)) goto err; if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->o_ctx)) diff --git a/lib/libssl/src/crypto/md32_common.h b/lib/libssl/src/crypto/md32_common.h index 1cb783944ea..bb7381952a2 100644 --- a/lib/libssl/src/crypto/md32_common.h +++ b/lib/libssl/src/crypto/md32_common.h @@ -165,7 +165,7 @@ asm ( \ "roll %1,%0" \ : "=r"(ret) \ - : "I"(n), "0"(a) \ + : "I"(n), "0"((unsigned int)(a)) \ : "cc"); \ ret; \ }) @@ -383,6 +383,7 @@ int HASH_FINAL (unsigned char *md, HASH_CTX *c) } #ifndef MD32_REG_T +#if defined(__alpha) || defined(__sparcv9) || defined(__mips) #define MD32_REG_T long /* * This comment was originaly written for MD5, which is why it @@ -400,9 +401,15 @@ int HASH_FINAL (unsigned char *md, HASH_CTX *c) * Well, to be honest it should say that this *prevents* * performance degradation. * <appro@fy.chalmers.se> - * Apparently there're LP64 compilers that generate better - * code if A-D are declared int. Most notably GCC-x86_64 - * generates better code. + */ +#else +/* + * Above is not absolute and there are LP64 compilers that + * generate better code if MD32_REG_T is defined int. The above + * pre-processor condition reflects the circumstances under which + * the conclusion was made and is subject to further extension. * <appro@fy.chalmers.se> */ +#define MD32_REG_T int +#endif #endif diff --git a/lib/libssl/src/crypto/o_time.c b/lib/libssl/src/crypto/o_time.c index eecbdd19f0c..9030fdef7ae 100644 --- a/lib/libssl/src/crypto/o_time.c +++ b/lib/libssl/src/crypto/o_time.c @@ -64,12 +64,18 @@ #include "o_time.h" #ifdef OPENSSL_SYS_VMS -# include <libdtdef.h> -# include <lib$routines.h> -# include <lnmdef.h> -# include <starlet.h> -# include <descrip.h> -# include <stdlib.h> +# if __CRTL_VER >= 70000000 && \ + (defined _POSIX_C_SOURCE || !defined _ANSI_C_SOURCE) +# define VMS_GMTIME_OK +# endif +# ifndef VMS_GMTIME_OK +# include <libdtdef.h> +# include <lib$routines.h> +# include <lnmdef.h> +# include <starlet.h> +# include <descrip.h> +# include <stdlib.h> +# endif /* ndef VMS_GMTIME_OK */ #endif struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result) @@ -81,7 +87,7 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result) so we don't even look at the return value */ gmtime_r(timer,result); ts = result; -#elif !defined(OPENSSL_SYS_VMS) +#elif !defined(OPENSSL_SYS_VMS) || defined(VMS_GMTIME_OK) ts = gmtime(timer); if (ts == NULL) return NULL; @@ -89,7 +95,7 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result) memcpy(result, ts, sizeof(struct tm)); ts = result; #endif -#ifdef OPENSSL_SYS_VMS +#if defined( OPENSSL_SYS_VMS) && !defined( VMS_GMTIME_OK) if (ts == NULL) { static $DESCRIPTOR(tabnam,"LNM$DCL_LOGICAL"); diff --git a/lib/libssl/src/crypto/ocsp/ocsp_ht.c b/lib/libssl/src/crypto/ocsp/ocsp_ht.c index 12bbfcffd13..af5fc16691d 100644 --- a/lib/libssl/src/crypto/ocsp/ocsp_ht.c +++ b/lib/libssl/src/crypto/ocsp/ocsp_ht.c @@ -397,11 +397,12 @@ int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx) case OHS_ASN1_HEADER: - /* Now reading ASN1 header: can read at least 6 bytes which - * is more than enough for any valid ASN1 SEQUENCE header + /* Now reading ASN1 header: can read at least 2 bytes which + * is enough for ASN1 SEQUENCE header and either length field + * or at least the length of the length field. */ n = BIO_get_mem_data(rctx->mem, &p); - if (n < 6) + if (n < 2) goto next_io; /* Check it is an ASN1 SEQUENCE */ @@ -414,6 +415,11 @@ int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx) /* Check out length field */ if (*p & 0x80) { + /* If MSB set on initial length octet we can now + * always read 6 octets: make sure we have them. + */ + if (n < 6) + goto next_io; n = *p & 0x7F; /* Not NDEF or excessive length */ if (!n || (n > 4)) diff --git a/lib/libssl/src/crypto/ocsp/ocsp_lib.c b/lib/libssl/src/crypto/ocsp/ocsp_lib.c index 36905d76cd4..e92b86c0609 100644 --- a/lib/libssl/src/crypto/ocsp/ocsp_lib.c +++ b/lib/libssl/src/crypto/ocsp/ocsp_lib.c @@ -170,14 +170,14 @@ int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pss char *host, *port; - /* dup the buffer since we are going to mess with it */ - buf = BUF_strdup(url); - if (!buf) goto mem_err; - *phost = NULL; *pport = NULL; *ppath = NULL; + /* dup the buffer since we are going to mess with it */ + buf = BUF_strdup(url); + if (!buf) goto mem_err; + /* Check for initial colon */ p = strchr(buf, ':'); diff --git a/lib/libssl/src/crypto/ocsp/ocsp_prn.c b/lib/libssl/src/crypto/ocsp/ocsp_prn.c index 1695c9c4ad5..87608ff399b 100644 --- a/lib/libssl/src/crypto/ocsp/ocsp_prn.c +++ b/lib/libssl/src/crypto/ocsp/ocsp_prn.c @@ -182,7 +182,6 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags) { int i, ret = 0; long l; - unsigned char *p; OCSP_CERTID *cid = NULL; OCSP_BASICRESP *br = NULL; OCSP_RESPID *rid = NULL; @@ -207,7 +206,6 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags) return 1; } - p = ASN1_STRING_data(rb->response); i = ASN1_STRING_length(rb->response); if (!(br = OCSP_response_get1_basic(o))) goto err; rd = br->tbsResponseData; diff --git a/lib/libssl/src/crypto/opensslv.h b/lib/libssl/src/crypto/opensslv.h index 2fb110fa0e2..310a3387be2 100644 --- a/lib/libssl/src/crypto/opensslv.h +++ b/lib/libssl/src/crypto/opensslv.h @@ -25,11 +25,11 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -#define OPENSSL_VERSION_NUMBER 0x1000001fL +#define OPENSSL_VERSION_NUMBER 0x1000005fL #ifdef OPENSSL_FIPS -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0a-fips 1 Jun 2010" +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0e-fips 6 Sep 2011" #else -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0a 1 Jun 2010" +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0e 6 Sep 2011" #endif #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/lib/libssl/src/crypto/pem/pem_lib.c b/lib/libssl/src/crypto/pem/pem_lib.c index 42e4861bc14..cfc89a99215 100644 --- a/lib/libssl/src/crypto/pem/pem_lib.c +++ b/lib/libssl/src/crypto/pem/pem_lib.c @@ -482,7 +482,6 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen, int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher) { - int o; const EVP_CIPHER *enc=NULL; char *p,c; char **header_pp = &header; @@ -522,7 +521,6 @@ int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher) header++; } *header='\0'; - o=OBJ_sn2nid(p); cipher->cipher=enc=EVP_get_cipherbyname(p); *header=c; header++; diff --git a/lib/libssl/src/crypto/perlasm/cbc.pl b/lib/libssl/src/crypto/perlasm/cbc.pl index e43dc9ae15e..6fc2510905b 100644 --- a/lib/libssl/src/crypto/perlasm/cbc.pl +++ b/lib/libssl/src/crypto/perlasm/cbc.pl @@ -158,7 +158,6 @@ sub cbc &jmp_ptr($count); &set_label("ej7"); - &xor("edx", "edx") if $ppro; # ppro friendly &movb(&HB("edx"), &BP(6,$in,"",0)); &shl("edx",8); &set_label("ej6"); @@ -170,7 +169,6 @@ sub cbc &jmp(&label("ejend")); &set_label("ej3"); &movb(&HB("ecx"), &BP(2,$in,"",0)); - &xor("ecx", "ecx") if $ppro; # ppro friendly &shl("ecx",8); &set_label("ej2"); &movb(&HB("ecx"), &BP(1,$in,"",0)); diff --git a/lib/libssl/src/crypto/perlasm/x86_64-xlate.pl b/lib/libssl/src/crypto/perlasm/x86_64-xlate.pl index d66ad240959..68b4c1ca809 100755 --- a/lib/libssl/src/crypto/perlasm/x86_64-xlate.pl +++ b/lib/libssl/src/crypto/perlasm/x86_64-xlate.pl @@ -167,7 +167,7 @@ my %globals; } elsif ($self->{op} =~ /^(pop|push)f/) { $self->{op} .= $self->{sz}; } elsif ($self->{op} eq "call" && $current_segment eq ".CRT\$XCU") { - $self->{op} = "ALIGN\t8\n\tDQ"; + $self->{op} = "\tDQ"; } $self->{op}; } @@ -546,6 +546,8 @@ my %globals; if ($line=~/\.([px])data/) { $v.=" rdata align="; $v.=$1 eq "p"? 4 : 8; + } elsif ($line=~/\.CRT\$/i) { + $v.=" rdata align=8"; } } else { $v="$current_segment\tENDS\n" if ($current_segment); @@ -553,6 +555,8 @@ my %globals; if ($line=~/\.([px])data/) { $v.=" READONLY"; $v.=" ALIGN(".($1 eq "p" ? 4 : 8).")" if ($masm>=$masmref); + } elsif ($line=~/\.CRT\$/i) { + $v.=" READONLY DWORD"; } } $current_segment = $line; diff --git a/lib/libssl/src/crypto/pkcs12/p12_key.c b/lib/libssl/src/crypto/pkcs12/p12_key.c index a29794bbbc1..424203f648a 100644 --- a/lib/libssl/src/crypto/pkcs12/p12_key.c +++ b/lib/libssl/src/crypto/pkcs12/p12_key.c @@ -107,6 +107,7 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, unsigned char *B, *D, *I, *p, *Ai; int Slen, Plen, Ilen, Ijlen; int i, j, u, v; + int ret = 0; BIGNUM *Ij, *Bpl1; /* These hold Ij and B + 1 */ EVP_MD_CTX ctx; #ifdef DEBUG_KEYGEN @@ -144,10 +145,8 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, I = OPENSSL_malloc (Ilen); Ij = BN_new(); Bpl1 = BN_new(); - if (!D || !Ai || !B || !I || !Ij || !Bpl1) { - PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_MALLOC_FAILURE); - return 0; - } + if (!D || !Ai || !B || !I || !Ij || !Bpl1) + goto err; for (i = 0; i < v; i++) D[i] = id; p = I; for (i = 0; i < Slen; i++) *p++ = salt[i % saltlen]; @@ -164,28 +163,22 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, } memcpy (out, Ai, min (n, u)); if (u >= n) { - OPENSSL_free (Ai); - OPENSSL_free (B); - OPENSSL_free (D); - OPENSSL_free (I); - BN_free (Ij); - BN_free (Bpl1); - EVP_MD_CTX_cleanup(&ctx); #ifdef DEBUG_KEYGEN fprintf(stderr, "Output KEY (length %d)\n", tmpn); h__dump(tmpout, tmpn); #endif - return 1; + ret = 1; + goto end; } n -= u; out += u; for (j = 0; j < v; j++) B[j] = Ai[j % u]; /* Work out B + 1 first then can use B as tmp space */ - BN_bin2bn (B, v, Bpl1); - BN_add_word (Bpl1, 1); + if (!BN_bin2bn (B, v, Bpl1)) goto err; + if (!BN_add_word (Bpl1, 1)) goto err; for (j = 0; j < Ilen ; j+=v) { - BN_bin2bn (I + j, v, Ij); - BN_add (Ij, Ij, Bpl1); + if (!BN_bin2bn (I + j, v, Ij)) goto err; + if (!BN_add (Ij, Ij, Bpl1)) goto err; BN_bn2bin (Ij, B); Ijlen = BN_num_bytes (Ij); /* If more than 2^(v*8) - 1 cut off MSB */ @@ -201,6 +194,19 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, } else BN_bn2bin (Ij, I + j); } } + +err: + PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_MALLOC_FAILURE); + +end: + OPENSSL_free (Ai); + OPENSSL_free (B); + OPENSSL_free (D); + OPENSSL_free (I); + BN_free (Ij); + BN_free (Bpl1); + EVP_MD_CTX_cleanup(&ctx); + return ret; } #ifdef DEBUG_KEYGEN void h__dump (unsigned char *p, int len) diff --git a/lib/libssl/src/crypto/pkcs7/pk7_doit.c b/lib/libssl/src/crypto/pkcs7/pk7_doit.c index 451de844894..3bf1a367bbd 100644 --- a/lib/libssl/src/crypto/pkcs7/pk7_doit.c +++ b/lib/libssl/src/crypto/pkcs7/pk7_doit.c @@ -422,7 +422,6 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) X509_ALGOR *enc_alg=NULL; STACK_OF(X509_ALGOR) *md_sk=NULL; STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL; - X509_ALGOR *xalg=NULL; PKCS7_RECIP_INFO *ri=NULL; i=OBJ_obj2nid(p7->type); @@ -445,7 +444,6 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE); goto err; } - xalg=p7->d.signed_and_enveloped->enc_data->algorithm; break; case NID_pkcs7_enveloped: rsk=p7->d.enveloped->recipientinfo; @@ -457,7 +455,6 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE); goto err; } - xalg=p7->d.enveloped->enc_data->algorithm; break; default: PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); diff --git a/lib/libssl/src/crypto/pkcs7/pk7_lib.c b/lib/libssl/src/crypto/pkcs7/pk7_lib.c index 3ca0952792a..d411269b50b 100644 --- a/lib/libssl/src/crypto/pkcs7/pk7_lib.c +++ b/lib/libssl/src/crypto/pkcs7/pk7_lib.c @@ -591,7 +591,6 @@ X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si) int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher) { int i; - ASN1_OBJECT *objtmp; PKCS7_ENC_CONTENT *ec; i=OBJ_obj2nid(p7->type); @@ -614,7 +613,6 @@ int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher) PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER); return(0); } - objtmp = OBJ_nid2obj(i); ec->cipher = cipher; return 1; diff --git a/lib/libssl/src/crypto/rand/md_rand.c b/lib/libssl/src/crypto/rand/md_rand.c index 88088ce73c3..b2f04ff13ec 100644 --- a/lib/libssl/src/crypto/rand/md_rand.c +++ b/lib/libssl/src/crypto/rand/md_rand.c @@ -476,11 +476,14 @@ static int ssleay_rand_bytes(unsigned char *buf, int num) MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c)); #ifndef PURIFY /* purify complains */ - /* DO NOT REMOVE THE FOLLOWING CALL TO MD_Update()! */ + /* The following line uses the supplied buffer as a small + * source of entropy: since this buffer is often uninitialised + * it may cause programs such as purify or valgrind to + * complain. So for those builds it is not used: the removal + * of such a small source of entropy has negligible impact on + * security. + */ MD_Update(&m,buf,j); - /* We know that line may cause programs such as - purify and valgrind to complain about use of - uninitialized data. */ #endif k=(st_idx+MD_DIGEST_LENGTH/2)-st_num; diff --git a/lib/libssl/src/crypto/rand/rand_vms.c b/lib/libssl/src/crypto/rand/rand_vms.c index 1267a3acae7..0bfd8ff7e46 100644 --- a/lib/libssl/src/crypto/rand/rand_vms.c +++ b/lib/libssl/src/crypto/rand/rand_vms.c @@ -69,6 +69,17 @@ # pragma message disable DOLLARID #endif +/* Use 32-bit pointers almost everywhere. Define the type to which to + * cast a pointer passed to an external function. + */ +#if __INITIAL_POINTER_SIZE == 64 +# define PTR_T __void_ptr64 +# pragma pointer_size save +# pragma pointer_size 32 +#else /* __INITIAL_POINTER_SIZE == 64 */ +# define PTR_T void * +#endif /* __INITIAL_POINTER_SIZE == 64 [else] */ + static struct items_data_st { short length, code; /* length is amount of bytes */ @@ -125,11 +136,12 @@ int RAND_poll(void) { if (status == SS$_NORMAL) { - RAND_add(data_buffer, total_length, total_length/2); + RAND_add( (PTR_T)data_buffer, total_length, + total_length/2); } } sys$gettim(iosb); - RAND_add((unsigned char *)iosb, sizeof(iosb), sizeof(iosb)/2); + RAND_add( (PTR_T)iosb, sizeof(iosb), sizeof(iosb)/2); return 1; } diff --git a/lib/libssl/src/crypto/rand/randfile.c b/lib/libssl/src/crypto/rand/randfile.c index 4ed40b7b70a..bc7d9c58049 100644 --- a/lib/libssl/src/crypto/rand/randfile.c +++ b/lib/libssl/src/crypto/rand/randfile.c @@ -144,7 +144,9 @@ int RAND_load_file(const char *file, long bytes) * I/O because we will waste system entropy. */ bytes = (bytes == -1) ? 2048 : bytes; /* ok, is 2048 enough? */ +#ifndef OPENSSL_NO_SETVBUF_IONBF setvbuf(in, NULL, _IONBF, 0); /* don't do buffered reads */ +#endif /* ndef OPENSSL_NO_SETVBUF_IONBF */ } #endif for (;;) @@ -269,7 +271,6 @@ err: const char *RAND_file_name(char *buf, size_t size) { char *s=NULL; - int ok = 0; #ifdef __OpenBSD__ struct stat sb; #endif @@ -298,7 +299,6 @@ const char *RAND_file_name(char *buf, size_t size) BUF_strlcat(buf,"/",size); #endif BUF_strlcat(buf,RFILE,size); - ok = 1; } else buf[0] = '\0'; /* no file name */ @@ -312,7 +312,7 @@ const char *RAND_file_name(char *buf, size_t size) * to something hopefully decent if that isn't available. */ - if (!ok) + if (!buf[0]) if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) { return(NULL); } diff --git a/lib/libssl/src/crypto/rsa/rsa_eay.c b/lib/libssl/src/crypto/rsa/rsa_eay.c index c5eaeeae6bd..7c941885f07 100644 --- a/lib/libssl/src/crypto/rsa/rsa_eay.c +++ b/lib/libssl/src/crypto/rsa/rsa_eay.c @@ -675,7 +675,7 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from, rsa->_method_mod_n)) goto err; if ((padding == RSA_X931_PADDING) && ((ret->d[0] & 0xf) != 12)) - BN_sub(ret, rsa->n, ret); + if (!BN_sub(ret, rsa->n, ret)) goto err; p=buf; i=BN_bn2bin(ret,p); diff --git a/lib/libssl/src/crypto/rsa/rsa_oaep.c b/lib/libssl/src/crypto/rsa/rsa_oaep.c index e238d10e5cc..18d307ea9e1 100644 --- a/lib/libssl/src/crypto/rsa/rsa_oaep.c +++ b/lib/libssl/src/crypto/rsa/rsa_oaep.c @@ -189,34 +189,40 @@ int PKCS1_MGF1(unsigned char *mask, long len, EVP_MD_CTX c; unsigned char md[EVP_MAX_MD_SIZE]; int mdlen; + int rv = -1; EVP_MD_CTX_init(&c); mdlen = EVP_MD_size(dgst); if (mdlen < 0) - return -1; + goto err; for (i = 0; outlen < len; i++) { cnt[0] = (unsigned char)((i >> 24) & 255); cnt[1] = (unsigned char)((i >> 16) & 255); cnt[2] = (unsigned char)((i >> 8)) & 255; cnt[3] = (unsigned char)(i & 255); - EVP_DigestInit_ex(&c,dgst, NULL); - EVP_DigestUpdate(&c, seed, seedlen); - EVP_DigestUpdate(&c, cnt, 4); + if (!EVP_DigestInit_ex(&c,dgst, NULL) + || !EVP_DigestUpdate(&c, seed, seedlen) + || !EVP_DigestUpdate(&c, cnt, 4)) + goto err; if (outlen + mdlen <= len) { - EVP_DigestFinal_ex(&c, mask + outlen, NULL); + if (!EVP_DigestFinal_ex(&c, mask + outlen, NULL)) + goto err; outlen += mdlen; } else { - EVP_DigestFinal_ex(&c, md, NULL); + if (!EVP_DigestFinal_ex(&c, md, NULL)) + goto err; memcpy(mask + outlen, md, len - outlen); outlen = len; } } + rv = 0; + err: EVP_MD_CTX_cleanup(&c); - return 0; + return rv; } static int MGF1(unsigned char *mask, long len, const unsigned char *seed, diff --git a/lib/libssl/src/crypto/stack/safestack.h b/lib/libssl/src/crypto/stack/safestack.h index 891cb84a514..3e76aa58f5f 100644 --- a/lib/libssl/src/crypto/stack/safestack.h +++ b/lib/libssl/src/crypto/stack/safestack.h @@ -179,7 +179,8 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) sk_is_sorted(CHECKED_STACK_OF(type, st)) #define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - (STACK_OF(type) *)d2i_ASN1_SET((STACK_OF(OPENSSL_BLOCK) **)CHECKED_STACK_OF(type, st), \ + (STACK_OF(type) *)d2i_ASN1_SET( \ + (STACK_OF(OPENSSL_BLOCK) **)CHECKED_PTR_OF(STACK_OF(type)*, st), \ pp, length, \ CHECKED_D2I_OF(type, d2i_func), \ CHECKED_SK_FREE_FUNC(type, free_func), \ @@ -2030,79 +2031,79 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) #define sk_void_sort(st) SKM_sk_sort(void, (st)) #define sk_void_is_sorted(st) SKM_sk_is_sorted(void, (st)) -#define sk_OPENSSL_BLOCK_new(cmp) ((STACK_OF(OPENSSL_BLOCK) *)sk_new(CHECKED_SK_CMP_FUNC(void, cmp))) -#define sk_OPENSSL_BLOCK_new_null() ((STACK_OF(OPENSSL_BLOCK) *)sk_new_null()) -#define sk_OPENSSL_BLOCK_push(st, val) sk_push(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, val)) -#define sk_OPENSSL_BLOCK_find(st, val) sk_find(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, val)) -#define sk_OPENSSL_BLOCK_value(st, i) ((OPENSSL_BLOCK)sk_value(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), i)) -#define sk_OPENSSL_BLOCK_num(st) SKM_sk_num(OPENSSL_BLOCK, st) -#define sk_OPENSSL_BLOCK_pop_free(st, free_func) sk_pop_free(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_SK_FREE_FUNC2(OPENSSL_BLOCK, free_func)) -#define sk_OPENSSL_BLOCK_insert(st, val, i) sk_insert(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, val), i) -#define sk_OPENSSL_BLOCK_free(st) SKM_sk_free(OPENSSL_BLOCK, st) -#define sk_OPENSSL_BLOCK_set(st, i, val) sk_set((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), i, CHECKED_PTR_OF(void, val)) -#define sk_OPENSSL_BLOCK_zero(st) SKM_sk_zero(OPENSSL_BLOCK, (st)) -#define sk_OPENSSL_BLOCK_unshift(st, val) sk_unshift((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, val)) -#define sk_OPENSSL_BLOCK_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_CONST_PTR_OF(void, val)) -#define sk_OPENSSL_BLOCK_delete(st, i) SKM_sk_delete(OPENSSL_BLOCK, (st), (i)) -#define sk_OPENSSL_BLOCK_delete_ptr(st, ptr) (OPENSSL_BLOCK *)sk_delete_ptr((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, ptr)) -#define sk_OPENSSL_BLOCK_set_cmp_func(st, cmp) \ - ((int (*)(const void * const *,const void * const *)) \ - sk_set_cmp_func((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_SK_CMP_FUNC(void, cmp))) -#define sk_OPENSSL_BLOCK_dup(st) SKM_sk_dup(OPENSSL_BLOCK, st) -#define sk_OPENSSL_BLOCK_shift(st) SKM_sk_shift(OPENSSL_BLOCK, (st)) -#define sk_OPENSSL_BLOCK_pop(st) (void *)sk_pop((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st)) -#define sk_OPENSSL_BLOCK_sort(st) SKM_sk_sort(OPENSSL_BLOCK, (st)) -#define sk_OPENSSL_BLOCK_is_sorted(st) SKM_sk_is_sorted(OPENSSL_BLOCK, (st)) +#define sk_OPENSSL_STRING_new(cmp) ((STACK_OF(OPENSSL_STRING) *)sk_new(CHECKED_SK_CMP_FUNC(char, cmp))) +#define sk_OPENSSL_STRING_new_null() ((STACK_OF(OPENSSL_STRING) *)sk_new_null()) +#define sk_OPENSSL_STRING_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val)) +#define sk_OPENSSL_STRING_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val)) +#define sk_OPENSSL_STRING_value(st, i) ((OPENSSL_STRING)sk_value(CHECKED_STACK_OF(OPENSSL_STRING, st), i)) +#define sk_OPENSSL_STRING_num(st) SKM_sk_num(OPENSSL_STRING, st) +#define sk_OPENSSL_STRING_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_SK_FREE_FUNC2(OPENSSL_STRING, free_func)) +#define sk_OPENSSL_STRING_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val), i) +#define sk_OPENSSL_STRING_free(st) SKM_sk_free(OPENSSL_STRING, st) +#define sk_OPENSSL_STRING_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_STRING, st), i, CHECKED_PTR_OF(char, val)) +#define sk_OPENSSL_STRING_zero(st) SKM_sk_zero(OPENSSL_STRING, (st)) +#define sk_OPENSSL_STRING_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val)) +#define sk_OPENSSL_STRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_CONST_PTR_OF(char, val)) +#define sk_OPENSSL_STRING_delete(st, i) SKM_sk_delete(OPENSSL_STRING, (st), (i)) +#define sk_OPENSSL_STRING_delete_ptr(st, ptr) (OPENSSL_STRING *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, ptr)) +#define sk_OPENSSL_STRING_set_cmp_func(st, cmp) \ + ((int (*)(const char * const *,const char * const *)) \ + sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_SK_CMP_FUNC(char, cmp))) +#define sk_OPENSSL_STRING_dup(st) SKM_sk_dup(OPENSSL_STRING, st) +#define sk_OPENSSL_STRING_shift(st) SKM_sk_shift(OPENSSL_STRING, (st)) +#define sk_OPENSSL_STRING_pop(st) (char *)sk_pop(CHECKED_STACK_OF(OPENSSL_STRING, st)) +#define sk_OPENSSL_STRING_sort(st) SKM_sk_sort(OPENSSL_STRING, (st)) +#define sk_OPENSSL_STRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_STRING, (st)) #define sk_OPENSSL_PSTRING_new(cmp) ((STACK_OF(OPENSSL_PSTRING) *)sk_new(CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp))) #define sk_OPENSSL_PSTRING_new_null() ((STACK_OF(OPENSSL_PSTRING) *)sk_new_null()) -#define sk_OPENSSL_PSTRING_push(st, val) sk_push(CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_PTR_OF(OPENSSL_STRING, val)) -#define sk_OPENSSL_PSTRING_find(st, val) sk_find(CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_PTR_OF(OPENSSL_STRING, val)) -#define sk_OPENSSL_PSTRING_value(st, i) ((OPENSSL_PSTRING)sk_value(CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), i)) +#define sk_OPENSSL_PSTRING_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val)) +#define sk_OPENSSL_PSTRING_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val)) +#define sk_OPENSSL_PSTRING_value(st, i) ((OPENSSL_PSTRING)sk_value(CHECKED_STACK_OF(OPENSSL_PSTRING, st), i)) #define sk_OPENSSL_PSTRING_num(st) SKM_sk_num(OPENSSL_PSTRING, st) -#define sk_OPENSSL_PSTRING_pop_free(st, free_func) sk_pop_free(CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_SK_FREE_FUNC2(OPENSSL_PSTRING, free_func)) -#define sk_OPENSSL_PSTRING_insert(st, val, i) sk_insert(CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_PTR_OF(OPENSSL_STRING, val), i) +#define sk_OPENSSL_PSTRING_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_SK_FREE_FUNC2(OPENSSL_PSTRING, free_func)) +#define sk_OPENSSL_PSTRING_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val), i) #define sk_OPENSSL_PSTRING_free(st) SKM_sk_free(OPENSSL_PSTRING, st) -#define sk_OPENSSL_PSTRING_set(st, i, val) sk_set((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), i, CHECKED_PTR_OF(OPENSSL_STRING, val)) +#define sk_OPENSSL_PSTRING_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_PSTRING, st), i, CHECKED_PTR_OF(OPENSSL_STRING, val)) #define sk_OPENSSL_PSTRING_zero(st) SKM_sk_zero(OPENSSL_PSTRING, (st)) -#define sk_OPENSSL_PSTRING_unshift(st, val) sk_unshift((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_PTR_OF(OPENSSL_STRING, val)) +#define sk_OPENSSL_PSTRING_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val)) #define sk_OPENSSL_PSTRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_CONST_PTR_OF(OPENSSL_STRING, val)) #define sk_OPENSSL_PSTRING_delete(st, i) SKM_sk_delete(OPENSSL_PSTRING, (st), (i)) -#define sk_OPENSSL_PSTRING_delete_ptr(st, ptr) (OPENSSL_PSTRING *)sk_delete_ptr((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_PTR_OF(OPENSSL_STRING, ptr)) +#define sk_OPENSSL_PSTRING_delete_ptr(st, ptr) (OPENSSL_PSTRING *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, ptr)) #define sk_OPENSSL_PSTRING_set_cmp_func(st, cmp) \ ((int (*)(const OPENSSL_STRING * const *,const OPENSSL_STRING * const *)) \ - sk_set_cmp_func((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp))) + sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp))) #define sk_OPENSSL_PSTRING_dup(st) SKM_sk_dup(OPENSSL_PSTRING, st) #define sk_OPENSSL_PSTRING_shift(st) SKM_sk_shift(OPENSSL_PSTRING, (st)) -#define sk_OPENSSL_PSTRING_pop(st) (OPENSSL_STRING *)sk_pop((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st)) +#define sk_OPENSSL_PSTRING_pop(st) (OPENSSL_STRING *)sk_pop(CHECKED_STACK_OF(OPENSSL_PSTRING, st)) #define sk_OPENSSL_PSTRING_sort(st) SKM_sk_sort(OPENSSL_PSTRING, (st)) #define sk_OPENSSL_PSTRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_PSTRING, (st)) -#define sk_OPENSSL_STRING_new(cmp) ((STACK_OF(OPENSSL_STRING) *)sk_new(CHECKED_SK_CMP_FUNC(char, cmp))) -#define sk_OPENSSL_STRING_new_null() ((STACK_OF(OPENSSL_STRING) *)sk_new_null()) -#define sk_OPENSSL_STRING_push(st, val) sk_push(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val)) -#define sk_OPENSSL_STRING_find(st, val) sk_find(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val)) -#define sk_OPENSSL_STRING_value(st, i) ((OPENSSL_STRING)sk_value(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), i)) -#define sk_OPENSSL_STRING_num(st) SKM_sk_num(OPENSSL_STRING, st) -#define sk_OPENSSL_STRING_pop_free(st, free_func) sk_pop_free(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_SK_FREE_FUNC2(OPENSSL_STRING, free_func)) -#define sk_OPENSSL_STRING_insert(st, val, i) sk_insert(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val), i) -#define sk_OPENSSL_STRING_free(st) SKM_sk_free(OPENSSL_STRING, st) -#define sk_OPENSSL_STRING_set(st, i, val) sk_set((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), i, CHECKED_PTR_OF(char, val)) -#define sk_OPENSSL_STRING_zero(st) SKM_sk_zero(OPENSSL_STRING, (st)) -#define sk_OPENSSL_STRING_unshift(st, val) sk_unshift((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val)) -#define sk_OPENSSL_STRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_CONST_PTR_OF(char, val)) -#define sk_OPENSSL_STRING_delete(st, i) SKM_sk_delete(OPENSSL_STRING, (st), (i)) -#define sk_OPENSSL_STRING_delete_ptr(st, ptr) (OPENSSL_STRING *)sk_delete_ptr((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, ptr)) -#define sk_OPENSSL_STRING_set_cmp_func(st, cmp) \ - ((int (*)(const char * const *,const char * const *)) \ - sk_set_cmp_func((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_SK_CMP_FUNC(char, cmp))) -#define sk_OPENSSL_STRING_dup(st) SKM_sk_dup(OPENSSL_STRING, st) -#define sk_OPENSSL_STRING_shift(st) SKM_sk_shift(OPENSSL_STRING, (st)) -#define sk_OPENSSL_STRING_pop(st) (char *)sk_pop((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st)) -#define sk_OPENSSL_STRING_sort(st) SKM_sk_sort(OPENSSL_STRING, (st)) -#define sk_OPENSSL_STRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_STRING, (st)) +#define sk_OPENSSL_BLOCK_new(cmp) ((STACK_OF(OPENSSL_BLOCK) *)sk_new(CHECKED_SK_CMP_FUNC(void, cmp))) +#define sk_OPENSSL_BLOCK_new_null() ((STACK_OF(OPENSSL_BLOCK) *)sk_new_null()) +#define sk_OPENSSL_BLOCK_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val)) +#define sk_OPENSSL_BLOCK_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val)) +#define sk_OPENSSL_BLOCK_value(st, i) ((OPENSSL_BLOCK)sk_value(CHECKED_STACK_OF(OPENSSL_BLOCK, st), i)) +#define sk_OPENSSL_BLOCK_num(st) SKM_sk_num(OPENSSL_BLOCK, st) +#define sk_OPENSSL_BLOCK_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_SK_FREE_FUNC2(OPENSSL_BLOCK, free_func)) +#define sk_OPENSSL_BLOCK_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val), i) +#define sk_OPENSSL_BLOCK_free(st) SKM_sk_free(OPENSSL_BLOCK, st) +#define sk_OPENSSL_BLOCK_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_BLOCK, st), i, CHECKED_PTR_OF(void, val)) +#define sk_OPENSSL_BLOCK_zero(st) SKM_sk_zero(OPENSSL_BLOCK, (st)) +#define sk_OPENSSL_BLOCK_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val)) +#define sk_OPENSSL_BLOCK_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_CONST_PTR_OF(void, val)) +#define sk_OPENSSL_BLOCK_delete(st, i) SKM_sk_delete(OPENSSL_BLOCK, (st), (i)) +#define sk_OPENSSL_BLOCK_delete_ptr(st, ptr) (OPENSSL_BLOCK *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, ptr)) +#define sk_OPENSSL_BLOCK_set_cmp_func(st, cmp) \ + ((int (*)(const void * const *,const void * const *)) \ + sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_SK_CMP_FUNC(void, cmp))) +#define sk_OPENSSL_BLOCK_dup(st) SKM_sk_dup(OPENSSL_BLOCK, st) +#define sk_OPENSSL_BLOCK_shift(st) SKM_sk_shift(OPENSSL_BLOCK, (st)) +#define sk_OPENSSL_BLOCK_pop(st) (void *)sk_pop(CHECKED_STACK_OF(OPENSSL_BLOCK, st)) +#define sk_OPENSSL_BLOCK_sort(st) SKM_sk_sort(OPENSSL_BLOCK, (st)) +#define sk_OPENSSL_BLOCK_is_sorted(st) SKM_sk_is_sorted(OPENSSL_BLOCK, (st)) #define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ diff --git a/lib/libssl/src/crypto/x509/x509.h b/lib/libssl/src/crypto/x509/x509.h index 604f4fb27fb..e6f8a40395b 100644 --- a/lib/libssl/src/crypto/x509/x509.h +++ b/lib/libssl/src/crypto/x509/x509.h @@ -258,6 +258,7 @@ typedef struct x509_cinf_st ASN1_BIT_STRING *issuerUID; /* [ 1 ] optional in v2 */ ASN1_BIT_STRING *subjectUID; /* [ 2 ] optional in v2 */ STACK_OF(X509_EXTENSION) *extensions; /* [ 3 ] optional in v3 */ + ASN1_ENCODING enc; } X509_CINF; /* This stuff is certificate "auxiliary info" diff --git a/lib/libssl/src/crypto/x509/x509_vfy.c b/lib/libssl/src/crypto/x509/x509_vfy.c index 87ebf62525c..5a0b0249b40 100644 --- a/lib/libssl/src/crypto/x509/x509_vfy.c +++ b/lib/libssl/src/crypto/x509/x509_vfy.c @@ -703,6 +703,7 @@ static int check_cert(X509_STORE_CTX *ctx) x = sk_X509_value(ctx->chain, cnum); ctx->current_cert = x; ctx->current_issuer = NULL; + ctx->current_crl_score = 0; ctx->current_reasons = 0; while (ctx->current_reasons != CRLDP_ALL_REASONS) { @@ -2015,6 +2016,9 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, ctx->error_depth=0; ctx->current_cert=NULL; ctx->current_issuer=NULL; + ctx->current_crl=NULL; + ctx->current_crl_score=0; + ctx->current_reasons=0; ctx->tree = NULL; ctx->parent = NULL; @@ -2034,7 +2038,7 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, if (store) ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param); else - ctx->param->flags |= X509_VP_FLAG_DEFAULT|X509_VP_FLAG_ONCE; + ctx->param->inh_flags |= X509_VP_FLAG_DEFAULT|X509_VP_FLAG_ONCE; if (store) { diff --git a/lib/libssl/src/crypto/x509/x_all.c b/lib/libssl/src/crypto/x509/x_all.c index ebae30b7013..8ec88c215a4 100644 --- a/lib/libssl/src/crypto/x509/x_all.c +++ b/lib/libssl/src/crypto/x509/x_all.c @@ -90,6 +90,7 @@ int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r) int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) { + x->cert_info->enc.modified = 1; return(ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), x->cert_info->signature, x->sig_alg, x->signature, x->cert_info,pkey,md)); } diff --git a/lib/libssl/src/crypto/x509v3/pcy_tree.c b/lib/libssl/src/crypto/x509v3/pcy_tree.c index 92f6b245567..bb9777348f8 100644 --- a/lib/libssl/src/crypto/x509v3/pcy_tree.c +++ b/lib/libssl/src/crypto/x509v3/pcy_tree.c @@ -341,9 +341,8 @@ static int tree_link_nodes(X509_POLICY_LEVEL *curr, const X509_POLICY_CACHE *cache) { int i; - X509_POLICY_LEVEL *last; X509_POLICY_DATA *data; - last = curr - 1; + for (i = 0; i < sk_X509_POLICY_DATA_num(cache->data); i++) { data = sk_X509_POLICY_DATA_value(cache->data, i); diff --git a/lib/libssl/src/crypto/x509v3/v3_addr.c b/lib/libssl/src/crypto/x509v3/v3_addr.c index 9087d66e0ad..0d70e8696d9 100644 --- a/lib/libssl/src/crypto/x509v3/v3_addr.c +++ b/lib/libssl/src/crypto/x509v3/v3_addr.c @@ -177,12 +177,18 @@ static int i2r_address(BIO *out, unsigned char addr[ADDR_RAW_BUF_LEN]; int i, n; + if (bs->length < 0) + return 0; switch (afi) { case IANA_AFI_IPV4: + if (bs->length > 4) + return 0; addr_expand(addr, bs, 4, fill); BIO_printf(out, "%d.%d.%d.%d", addr[0], addr[1], addr[2], addr[3]); break; case IANA_AFI_IPV6: + if (bs->length > 16) + return 0; addr_expand(addr, bs, 16, fill); for (n = 16; n > 1 && addr[n-1] == 0x00 && addr[n-2] == 0x00; n -= 2) ; diff --git a/lib/libssl/src/crypto/x509v3/v3_asid.c b/lib/libssl/src/crypto/x509v3/v3_asid.c index 56702f86b93..3f434c06038 100644 --- a/lib/libssl/src/crypto/x509v3/v3_asid.c +++ b/lib/libssl/src/crypto/x509v3/v3_asid.c @@ -61,7 +61,6 @@ #include <stdio.h> #include <string.h> -#include <assert.h> #include "cryptlib.h" #include <openssl/conf.h> #include <openssl/asn1.h> @@ -172,11 +171,11 @@ static int ASIdOrRange_cmp(const ASIdOrRange * const *a_, { const ASIdOrRange *a = *a_, *b = *b_; - assert((a->type == ASIdOrRange_id && a->u.id != NULL) || + OPENSSL_assert((a->type == ASIdOrRange_id && a->u.id != NULL) || (a->type == ASIdOrRange_range && a->u.range != NULL && a->u.range->min != NULL && a->u.range->max != NULL)); - assert((b->type == ASIdOrRange_id && b->u.id != NULL) || + OPENSSL_assert((b->type == ASIdOrRange_id && b->u.id != NULL) || (b->type == ASIdOrRange_range && b->u.range != NULL && b->u.range->min != NULL && b->u.range->max != NULL)); @@ -215,7 +214,7 @@ int v3_asid_add_inherit(ASIdentifiers *asid, int which) if (*choice == NULL) { if ((*choice = ASIdentifierChoice_new()) == NULL) return 0; - assert((*choice)->u.inherit == NULL); + OPENSSL_assert((*choice)->u.inherit == NULL); if (((*choice)->u.inherit = ASN1_NULL_new()) == NULL) return 0; (*choice)->type = ASIdentifierChoice_inherit; @@ -250,7 +249,7 @@ int v3_asid_add_id_or_range(ASIdentifiers *asid, if (*choice == NULL) { if ((*choice = ASIdentifierChoice_new()) == NULL) return 0; - assert((*choice)->u.asIdsOrRanges == NULL); + OPENSSL_assert((*choice)->u.asIdsOrRanges == NULL); (*choice)->u.asIdsOrRanges = sk_ASIdOrRange_new(ASIdOrRange_cmp); if ((*choice)->u.asIdsOrRanges == NULL) return 0; @@ -286,7 +285,7 @@ static void extract_min_max(ASIdOrRange *aor, ASN1_INTEGER **min, ASN1_INTEGER **max) { - assert(aor != NULL && min != NULL && max != NULL); + OPENSSL_assert(aor != NULL && min != NULL && max != NULL); switch (aor->type) { case ASIdOrRange_id: *min = aor->u.id; @@ -373,7 +372,7 @@ static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice) int v3_asid_is_canonical(ASIdentifiers *asid) { return (asid == NULL || - (ASIdentifierChoice_is_canonical(asid->asnum) || + (ASIdentifierChoice_is_canonical(asid->asnum) && ASIdentifierChoice_is_canonical(asid->rdi))); } @@ -395,7 +394,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice) /* * We have a list. Sort it. */ - assert(choice->type == ASIdentifierChoice_asIdsOrRanges); + OPENSSL_assert(choice->type == ASIdentifierChoice_asIdsOrRanges); sk_ASIdOrRange_sort(choice->u.asIdsOrRanges); /* @@ -413,7 +412,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice) /* * Make sure we're properly sorted (paranoia). */ - assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0); + OPENSSL_assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0); /* * Check for overlaps. @@ -472,7 +471,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice) } } - assert(ASIdentifierChoice_is_canonical(choice)); /* Paranoia */ + OPENSSL_assert(ASIdentifierChoice_is_canonical(choice)); /* Paranoia */ ret = 1; @@ -709,9 +708,9 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx, int i, ret = 1, inherit_as = 0, inherit_rdi = 0; X509 *x; - assert(chain != NULL && sk_X509_num(chain) > 0); - assert(ctx != NULL || ext != NULL); - assert(ctx == NULL || ctx->verify_cb != NULL); + OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0); + OPENSSL_assert(ctx != NULL || ext != NULL); + OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL); /* * Figure out where to start. If we don't have an extension to @@ -724,7 +723,7 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx, } else { i = 0; x = sk_X509_value(chain, i); - assert(x != NULL); + OPENSSL_assert(x != NULL); if ((ext = x->rfc3779_asid) == NULL) goto done; } @@ -757,7 +756,7 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx, */ for (i++; i < sk_X509_num(chain); i++) { x = sk_X509_value(chain, i); - assert(x != NULL); + OPENSSL_assert(x != NULL); if (x->rfc3779_asid == NULL) { if (child_as != NULL || child_rdi != NULL) validation_err(X509_V_ERR_UNNESTED_RESOURCE); @@ -800,7 +799,7 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx, /* * Trust anchor can't inherit. */ - assert(x != NULL); + OPENSSL_assert(x != NULL); if (x->rfc3779_asid != NULL) { if (x->rfc3779_asid->asnum != NULL && x->rfc3779_asid->asnum->type == ASIdentifierChoice_inherit) diff --git a/lib/libssl/src/doc/apps/smime.pod b/lib/libssl/src/doc/apps/smime.pod index 42c0733bcbc..e4e89af847a 100644 --- a/lib/libssl/src/doc/apps/smime.pod +++ b/lib/libssl/src/doc/apps/smime.pod @@ -343,7 +343,7 @@ Create a cleartext signed message: openssl smime -sign -in message.txt -text -out mail.msg \ -signer mycert.pem -Create an opaque signed message +Create an opaque signed message: openssl smime -sign -in message.txt -text -out mail.msg -nodetach \ -signer mycert.pem @@ -397,11 +397,11 @@ it with: -----BEGIN PKCS7----- -----END PKCS7----- -and using the command, +and using the command: openssl smime -verify -inform PEM -in signature.pem -content content.txt -alternatively you can base64 decode the signature and use +Alternatively you can base64 decode the signature and use: openssl smime -verify -inform DER -in signature.der -content content.txt @@ -427,7 +427,7 @@ Ideally a database should be maintained of a certificates for each email address. The code doesn't currently take note of the permitted symmetric encryption -algorithms as supplied in the SMIMECapabilities signed attribute. this means the +algorithms as supplied in the SMIMECapabilities signed attribute. This means the user has to manually include the correct encryption algorithm. It should store the list of permitted ciphers in a database and only use those. diff --git a/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod b/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod index 310db84b314..cc588f3a78f 100644 --- a/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod +++ b/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod @@ -78,18 +78,7 @@ this breaks this server so 16 bytes is the way to go. =item SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG -ssl3.netscape.com:443, first a connection is established with RC4-MD5. -If it is then resumed, we end up using DES-CBC3-SHA. It should be -RC4-MD5 according to 7.6.1.3, 'cipher_suite'. - -Netscape-Enterprise/2.01 (https://merchant.netscape.com) has this bug. -It only really shows up when connecting via SSLv2/v3 then reconnecting -via SSLv3. The cipher list changes.... - -NEW INFORMATION. Try connecting with a cipher list of just -DES-CBC-SHA:RC4-MD5. For some weird reason, each new connection uses -RC4-MD5, but a re-connect tries to use DES-CBC-SHA. So netscape, when -doing a re-connect, always takes the first cipher in the cipher list. +As of OpenSSL 0.9.8q and 1.0.0c, this option has no effect. =item SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG diff --git a/lib/libssl/src/doc/ssl/ssl.pod b/lib/libssl/src/doc/ssl/ssl.pod index 2af2723bbf5..88aaebf3f64 100644 --- a/lib/libssl/src/doc/ssl/ssl.pod +++ b/lib/libssl/src/doc/ssl/ssl.pod @@ -158,7 +158,7 @@ Constructor for the SSLv3 SSL_METHOD structure for combined client and server. Constructor for the TLSv1 SSL_METHOD structure for a dedicated client. -=item cosnt SSL_METHOD *B<TLSv1_server_method>(void); +=item const SSL_METHOD *B<TLSv1_server_method>(void); Constructor for the TLSv1 SSL_METHOD structure for a dedicated server. diff --git a/lib/libssl/src/engines/Makefile b/lib/libssl/src/engines/Makefile index e0242059b7d..2fa9534401b 100644 --- a/lib/libssl/src/engines/Makefile +++ b/lib/libssl/src/engines/Makefile @@ -114,7 +114,7 @@ install: if [ "$(PLATFORM)" != "Cygwin" ]; then \ case "$(CFLAGS)" in \ *DSO_BEOS*) sfx=".so";; \ - *DSO_DLFCN*) sfx=".so";; \ + *DSO_DLFCN*) sfx=`expr "$(SHLIB_EXT)" : '.*\(\.[a-z][a-z]*\)' \| ".so"`;; \ *DSO_DL*) sfx=".sl";; \ *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \ *) sfx=".bad";; \ diff --git a/lib/libssl/src/engines/e_capi.c b/lib/libssl/src/engines/e_capi.c index e2a7cb58b00..24b620fc07f 100644 --- a/lib/libssl/src/engines/e_capi.c +++ b/lib/libssl/src/engines/e_capi.c @@ -76,10 +76,16 @@ * CertGetCertificateContextProperty. CERT_KEY_PROV_INFO_PROP_ID is * one of possible values you can pass to function in question. By * checking if it's defined we can see if wincrypt.h and accompanying - * crypt32.lib are in shape. Yes, it's rather "weak" test and if - * compilation fails, then re-configure with -DOPENSSL_NO_CAPIENG. + * crypt32.lib are in shape. The native MingW32 headers up to and + * including __W32API_VERSION 3.14 lack of struct DSSPUBKEY and the + * defines CERT_STORE_PROV_SYSTEM_A and CERT_STORE_READONLY_FLAG, + * so we check for these too and avoid compiling. + * Yes, it's rather "weak" test and if compilation fails, + * then re-configure with -DOPENSSL_NO_CAPIENG. */ -#ifdef CERT_KEY_PROV_INFO_PROP_ID +#if defined(CERT_KEY_PROV_INFO_PROP_ID) && \ + defined(CERT_STORE_PROV_SYSTEM_A) && \ + defined(CERT_STORE_READONLY_FLAG) # define __COMPILE_CAPIENG #endif /* CERT_KEY_PROV_INFO_PROP_ID */ #endif /* OPENSSL_NO_CAPIENG */ @@ -1808,6 +1814,8 @@ static int cert_select_dialog(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs) #include <openssl/engine.h> #ifndef OPENSSL_NO_DYNAMIC_ENGINE OPENSSL_EXPORT +int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns); +OPENSSL_EXPORT int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { return 0; } IMPLEMENT_DYNAMIC_CHECK_FN() #else diff --git a/lib/libssl/src/engines/e_capi_err.h b/lib/libssl/src/engines/e_capi_err.h index 4c749ec43d9..efa70010381 100644 --- a/lib/libssl/src/engines/e_capi_err.h +++ b/lib/libssl/src/engines/e_capi_err.h @@ -55,6 +55,10 @@ #ifndef HEADER_CAPI_ERR_H #define HEADER_CAPI_ERR_H +#ifdef __cplusplus +extern "C" { +#endif + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. diff --git a/lib/libssl/src/engines/e_gmp.c b/lib/libssl/src/engines/e_gmp.c index c1f5601b62b..a3d47151ea1 100644 --- a/lib/libssl/src/engines/e_gmp.c +++ b/lib/libssl/src/engines/e_gmp.c @@ -471,6 +471,8 @@ static int bind_fn(ENGINE *e, const char *id) IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) #else OPENSSL_EXPORT +int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns); +OPENSSL_EXPORT int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { return 0; } #endif #endif /* !OPENSSL_NO_DYNAMIC_ENGINE */ diff --git a/lib/libssl/src/engines/e_ubsec.c b/lib/libssl/src/engines/e_ubsec.c index 9b747b9aeae..aa5709bd8cf 100644 --- a/lib/libssl/src/engines/e_ubsec.c +++ b/lib/libssl/src/engines/e_ubsec.c @@ -630,10 +630,8 @@ static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *dq, const BIGNUM *qinv, BN_CTX *ctx) { int y_len, - m_len, fd; - m_len = BN_num_bytes(p) + BN_num_bytes(q) + 1; y_len = BN_num_bits(p) + BN_num_bits(q); /* Check if hardware can't handle this argument. */ diff --git a/lib/libssl/src/install.com b/lib/libssl/src/install.com index d15c23a8325..6a0ea2d4de7 100644 --- a/lib/libssl/src/install.com +++ b/lib/libssl/src/install.com @@ -3,99 +3,134 @@ $! $! Author: Richard Levitte <richard@levitte.org> $! Time of creation: 22-MAY-1998 10:13 $! -$! P1 root of the directory tree -$! -$ DEF_ORIG = F$ENVIRONMENT( "DEFAULT") -$ ON ERROR THEN GOTO TIDY -$ ON CONTROL_C THEN GOTO TIDY -$ -$ IF P1 .EQS. "" -$ THEN -$ WRITE SYS$OUTPUT "First argument missing." -$ WRITE SYS$OUTPUT - - "It Should be the directory where you want things installed." -$ EXIT -$ ENDIF -$ -$ IF (F$GETSYI("CPU").LT.128) -$ THEN -$ ARCH := VAX -$ ELSE -$ ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE") -$ IF (ARCH .EQS. "") THEN ARCH = "UNK" -$ ENDIF -$ -$ ROOT = F$PARSE(P1,"[]A.;0",,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0" -$ ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY") -$ ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") - +$! P1 root of the directory tree +$! P2 "64" for 64-bit pointers. +$! +$! +$! Announce/identify. +$! +$ proc = f$environment( "procedure") +$ write sys$output "@@@ "+ - + f$parse( proc, , , "name")+ f$parse( proc, , , "type") +$! +$ def_orig = f$environment( "default") +$ on error then goto tidy +$ on control_c then goto tidy +$! +$ if (p1 .eqs. "") +$ then +$ write sys$output "First argument missing." +$ write sys$output - + "It should be the directory where you want things installed." +$ exit +$ endif +$! +$ if (f$getsyi("cpu") .lt. 128) +$ then +$ arch = "VAX" +$ else +$ arch = f$edit( f$getsyi( "arch_name"), "upcase") +$ if (arch .eqs. "") then arch = "UNK" +$ endif +$! +$ archd = arch +$! +$ if (p2 .nes. "") +$ then +$ if (p2 .eqs. "64") +$ then +$ archd = arch+ "_64" +$ else +$ if (p2 .nes. "32") +$ then +$ write sys$output "Second argument invalid." +$ write sys$output "It should be "32", "64", or nothing." +$ exit +$ endif +$ endif +$ endif +$! +$ root = f$parse( p1, "[]A.;0", , , "syntax_only, no_conceal") - "A.;0" +$ root_dev = f$parse( root, , , "device", "syntax_only") +$ root_dir = f$parse( root, , , "directory", "syntax_only") - - ".][000000" - "[000000." - "][" - "[" - "]" -$ ROOT = ROOT_DEV + "[" + ROOT_DIR -$ -$ DEFINE/NOLOG WRK_SSLROOT 'ROOT'.] /TRANS=CONC -$ DEFINE/NOLOG WRK_SSLXLIB WRK_SSLROOT:['ARCH'_LIB] -$ DEFINE/NOLOG WRK_SSLLIB WRK_SSLROOT:[LIB] -$ DEFINE/NOLOG WRK_SSLINCLUDE WRK_SSLROOT:[INCLUDE] -$ DEFINE/NOLOG WRK_SSLXEXE WRK_SSLROOT:['ARCH'_EXE] -$ DEFINE/NOLOG WRK_SSLCERTS WRK_SSLROOT:[CERTS] -$ DEFINE/NOLOG WRK_SSLPRIVATE WRK_SSLROOT:[PRIVATE] -$ +$ root = root_dev + "[" + root_dir +$! +$ define /nolog wrk_sslroot 'root'.] /trans=conc +$ define /nolog wrk_sslcerts wrk_sslroot:[certs] +$ define /nolog wrk_sslinclude wrk_sslroot:[include] +$ define /nolog wrk_ssllib wrk_sslroot:[lib] +$ define /nolog wrk_sslprivate wrk_sslroot:[private] +$ define /nolog wrk_sslxexe wrk_sslroot:['archd'_exe] +$ define /nolog wrk_sslxlib wrk_sslroot:['arch'_lib] $! $! Exhibit the destination directory. $! -$ WRITE SYS$OUTPUT " Installing to (WRK_SSLROOT) =" -$ WRITE SYS$OUTPUT " ''f$trnlnm( "WRK_SSLROOT")'" -$ WRITE SYS$OUTPUT "" -$ -$ IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN - - CREATE/DIR/LOG WRK_SSLROOT:[000000] -$ IF F$PARSE("WRK_SSLXEXE:") .EQS. "" THEN - - CREATE/DIR/LOG WRK_SSLXEXE: -$ IF F$PARSE("WRK_SSLXLIB:") .EQS. "" THEN - - CREATE/DIR/LOG WRK_SSLXLIB: -$ IF F$PARSE("WRK_SSLLIB:") .EQS. "" THEN - - CREATE/DIR/LOG WRK_SSLLIB: -$ IF F$PARSE("WRK_SSLINCLUDE:") .EQS. "" THEN - - CREATE/DIR/LOG WRK_SSLINCLUDE: -$ IF F$PARSE("WRK_SSLCERTS:") .EQS. "" THEN - - CREATE/DIR/LOG WRK_SSLCERTS: -$ IF F$PARSE("WRK_SSLPRIVATE:") .EQS. "" THEN - - CREATE/DIR/LOG WRK_SSLPRIVATE: -$ IF F$PARSE("WRK_SSLROOT:[VMS]") .EQS. "" THEN - - CREATE/DIR/LOG WRK_SSLROOT:[VMS] -$ -$ SDIRS := CRYPTO,SSL,APPS,VMS!,RSAREF,TEST,TOOLS -$ EXHEADER := e_os2.h -$ -$ COPY 'EXHEADER' WRK_SSLINCLUDE: /LOG -$ SET FILE/PROT=WORLD:RE WRK_SSLINCLUDE:'EXHEADER' -$ -$ I = 0 -$ LOOP_SDIRS: -$ D = F$ELEMENT(I, ",", SDIRS) -$ I = I + 1 -$ IF D .EQS. "," THEN GOTO LOOP_SDIRS_END -$ WRITE SYS$OUTPUT "Installing ",D," files." -$ SET DEFAULT [.'D'] -$ @INSTALL 'ROOT'] -$ SET DEFAULT [-] -$ GOTO LOOP_SDIRS -$ LOOP_SDIRS_END: -$ -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT " Installation done!" -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT " You might want to purge ",ROOT,"...]" -$ WRITE SYS$OUTPUT "" -$ -$ TIDY: -$ SET DEFAULT 'DEF_ORIG' -$ -$ DEASSIGN WRK_SSLROOT -$ DEASSIGN WRK_SSLXLIB -$ DEASSIGN WRK_SSLLIB -$ DEASSIGN WRK_SSLINCLUDE -$ DEASSIGN WRK_SSLXEXE -$ DEASSIGN WRK_SSLCERTS -$ DEASSIGN WRK_SSLPRIVATE -$ -$ EXIT +$ write sys$output " Installing to (WRK_SSLROOT) =" +$ write sys$output " ''f$trnlnm( "wrk_sslroot")'" +$ write sys$output "" +$! +$ if f$parse("wrk_sslroot:[000000]") .eqs. "" then - + create /directory /log wrk_sslroot:[000000] +$ if f$parse("wrk_sslxexe:") .eqs. "" then - + create /directory /log wrk_sslxexe: +$ if f$parse("wrk_sslxlib:") .eqs. "" then - + create /directory /log wrk_sslxlib: +$ if f$parse("wrk_ssllib:") .eqs. "" then - + create /directory /log wrk_ssllib: +$ if f$parse("wrk_sslinclude:") .eqs. "" then - + create /directory /log wrk_sslinclude: +$ if f$parse("wrk_sslcerts:") .eqs. "" then - + create /directory /log wrk_sslcerts: +$ if f$parse("wrk_sslprivate:") .eqs. "" then - + create /directory /log wrk_sslprivate: +$ if f$parse("wrk_sslroot:[VMS]") .EQS. "" THEN - + create /directory /log wrk_sslroot:[VMS] +$! +$ sdirs := CRYPTO, SSL, APPS, VMS !!!, RSAREF, TEST, TOOLS +$ exheader := e_os2.h +$! +$ copy /protection = w:re 'exheader' wrk_sslinclude: /log +$! +$ i = 0 +$ loop_sdirs: +$ d = f$edit( f$element(i, ",", sdirs), "trim") +$ i = i + 1 +$ if d .eqs. "," then goto loop_sdirs_end +$ write sys$output "Installing ", d, " files." +$ set default [.'d'] +$ @ install-'d'.com 'root'] 'p2' +$ set default 'def_orig' +$ goto loop_sdirs +$ loop_sdirs_end: +$! +$ write sys$output "" +$ write sys$output " Installation done!" +$ write sys$output "" +$ if (f$search( root+ "...]*.*;-1") .nes. "") +$ then +$ write sys$output " You might want to purge ", root, "...]" +$ write sys$output "" +$ endif +$! +$ tidy: +$! +$ set default 'def_orig' +$! +$ call deass wrk_sslroot +$ call deass wrk_sslcerts +$ call deass wrk_sslinclude +$ call deass wrk_ssllib +$ call deass wrk_sslprivate +$ call deass wrk_sslxexe +$ call deass wrk_sslxlib +$! +$ exit +$! +$ deass: subroutine +$ if (f$trnlnm( p1, "LNM$PROCESS") .nes. "") +$ then +$ deassign /process 'p1' +$ endif +$ endsubroutine +$! diff --git a/lib/libssl/src/makevms.com b/lib/libssl/src/makevms.com index b46e69a4239..eb22f20db29 100644 --- a/lib/libssl/src/makevms.com +++ b/lib/libssl/src/makevms.com @@ -15,7 +15,7 @@ $! The "xxx" denotes the machine architecture of ALPHA, IA64 or VAX. $! $! This procedures accepts two command line options listed below. $! -$! Specify one of the following build options for P1. +$! P1 specifies one of the following build options: $! $! ALL Just build "everything". $! CONFIG Just build the "[.CRYPTO._xxx]OPENSSLCONF.H" file. @@ -31,14 +31,21 @@ $! TEST Just build the "[.xxx.EXE.TEST]" test programs for OpenSSL. $! APPS Just build the "[.xxx.EXE.APPS]" application programs for OpenSSL. $! ENGINES Just build the "[.xxx.EXE.ENGINES]" application programs for OpenSSL. $! +$! P2, if defined, specifies the C pointer size. Ignored on VAX. +$! ("64=ARGV" gives more efficient code with HP C V7.3 or newer.) +$! Supported values are: $! -$! P2 is ignored (it was used to denote if RSAref should be used or not, -$! and is simply kept so surrounding scripts don't get confused) +$! "" Compile with default (/NOPOINTER_SIZE). +$! 32 Compile with /POINTER_SIZE=32 (SHORT). +$! 64 Compile with /POINTER_SIZE=64[=ARGV] (LONG[=ARGV]). +$! (Automatically select ARGV if compiler supports it.) +$! 64= Compile with /POINTER_SIZE=64 (LONG). +$! 64=ARGV Compile with /POINTER_SIZE=64=ARGV (LONG=ARGV). $! -$! Specify DEBUG or NODEBUG as P3 to compile with or without debugging -$! information. +$! P3 specifies DEBUG or NODEBUG, to compile with or without debugging +$! information. $! -$! Specify which compiler as P4 to try to compile under. +$! P4 specifies which compiler to try to compile under. $! $! VAXC For VAX C. $! DECC For DEC C. @@ -60,8 +67,18 @@ $! NONE to avoid specifying which TCP/IP implementation to $! use at build time (this works with DEC C). This is $! the default. $! -$! P6, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up) +$! P6, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up). $! +$! P7, if defined, specifies a directory where ZLIB files (zlib.h, +$! libz.olb) may be found. Optionally, a non-default object library +$! name may be included ("dev:[dir]libz_64.olb", for example). +$! +$! +$! Announce/identify. +$! +$ proc = f$environment( "procedure") +$ write sys$output "@@@ "+ - + f$parse( proc, , , "name")+ f$parse( proc, , , "type") $! $ DEF_ORIG = F$ENVIRONMENT( "DEFAULT") $ ON ERROR THEN GOTO TIDY @@ -99,6 +116,10 @@ $! End The Architecture Check. $! $ ENDIF $! +$ ARCHD = ARCH +$ LIB32 = "32" +$ POINTER_SIZE = "" +$! $! Get VMS version. $! $ VMS_VERSION = f$edit( f$getsyi( "VERSION"), "TRIM") @@ -173,12 +194,12 @@ $ CONFIG: $! $! Tell The User We Are Creating The [.CRYPTO._xxx]OPENSSLCONF.H File. $! -$ WRITE SYS$OUTPUT "Creating [.CRYPTO._''ARCH']OPENSSLCONF.H Include File." +$ WRITE SYS$OUTPUT "Creating [.CRYPTO.''ARCHD']OPENSSLCONF.H Include File." $! $! First, make sure the directory exists. $! -$ IF F$PARSE("SYS$DISK:[.CRYPTO._''ARCH']") .EQS. "" THEN - - CREATE/DIRECTORY SYS$DISK:[.CRYPTO._'ARCH'] +$ IF F$PARSE("SYS$DISK:[.CRYPTO.''ARCHD']") .EQS. "" THEN - + CREATE/DIRECTORY SYS$DISK:[.CRYPTO.'ARCHD'] $! $! Different tar/UnZip versions/option may have named the file differently $ IF F$SEARCH("[.crypto]opensslconf.h_in") .NES. "" @@ -204,7 +225,7 @@ $! $! Create The [.CRYPTO._xxx]OPENSSLCONF.H File. $! Make sure it has the right format. $! -$ OSCH_NAME = "SYS$DISK:[.CRYPTO._''ARCH']OPENSSLCONF.H" +$ OSCH_NAME = "SYS$DISK:[.CRYPTO.''ARCHD']OPENSSLCONF.H" $ CREATE /FDL=SYS$INPUT: 'OSCH_NAME' RECORD FORMAT stream_lf @@ -223,7 +244,7 @@ $ WRITE H_FILE "# define OPENSSL_SYS_VMS" $ WRITE H_FILE "#endif" $ $! One of the best way to figure out what the list should be is to do -$! the followin on a Unix system: +$! the following on a Unix system: $! grep OPENSSL_NO_ crypto/*/*.h ssl/*.h engines/*.h engines/*/*.h|grep ':# *if'|sed -e 's/^.*def //'|sort|uniq $! For that reason, the list will also always end up in alphabetical order $ CONFIG_LOGICALS := AES,- @@ -321,7 +342,7 @@ $ $! Architecture specific rule addtions $ IF ARCH .EQS. "VAX" $ THEN -$ ! Disable algorithms that require 64 bit integers in C +$ ! Disable algorithms that require 64-bit integers in C $ CONFIG_DISABLE_RULES = CONFIG_DISABLE_RULES + - ";/GOST" + - ";/WHIRLPOOL" @@ -350,7 +371,8 @@ $ $! Apply cascading disable rules $ CONFIG_DISABLE_I = 0 $ CONFIG_DISABLE_LOOP0: -$ CONFIG_DISABLE_E = F$EDIT(F$ELEMENT(CONFIG_DISABLE_I,";",CONFIG_DISABLE_RULES),"TRIM") +$ CONFIG_DISABLE_E = F$EDIT(F$ELEMENT(CONFIG_DISABLE_I,";", - + CONFIG_DISABLE_RULES),"TRIM") $ CONFIG_DISABLE_I = CONFIG_DISABLE_I + 1 $ IF CONFIG_DISABLE_E .EQS. "" THEN GOTO CONFIG_DISABLE_LOOP0 $ IF CONFIG_DISABLE_E .EQS. ";" THEN GOTO CONFIG_DISABLE_LOOP0_END @@ -360,7 +382,8 @@ $ CONFIG_DISABLE_DEPENDENTS = F$EDIT(F$ELEMENT(1,"/",CONFIG_DISABLE_E),"TRIM") $ TO_DISABLE := YES $ CONFIG_ALGO_I = 0 $ CONFIG_DISABLE_LOOP1: -$ CONFIG_ALGO_E = F$EDIT(F$ELEMENT(CONFIG_ALGO_I,",",CONFIG_DISABLE_ALGOS),"TRIM") +$ CONFIG_ALGO_E = F$EDIT(F$ELEMENT(CONFIG_ALGO_I,",", - + CONFIG_DISABLE_ALGOS),"TRIM") $ CONFIG_ALGO_I = CONFIG_ALGO_I + 1 $ IF CONFIG_ALGO_E .EQS. "" THEN GOTO CONFIG_DISABLE_LOOP1 $ IF CONFIG_ALGO_E .EQS. "," THEN GOTO CONFIG_DISABLE_LOOP1_END @@ -377,7 +400,8 @@ $ IF TO_DISABLE $ THEN $ CONFIG_DEPENDENT_I = 0 $ CONFIG_DISABLE_LOOP2: -$ CONFIG_DEPENDENT_E = F$EDIT(F$ELEMENT(CONFIG_DEPENDENT_I,",",CONFIG_DISABLE_DEPENDENTS),"TRIM") +$ CONFIG_DEPENDENT_E = F$EDIT(F$ELEMENT(CONFIG_DEPENDENT_I,",", - + CONFIG_DISABLE_DEPENDENTS),"TRIM") $ CONFIG_DEPENDENT_I = CONFIG_DEPENDENT_I + 1 $ IF CONFIG_DEPENDENT_E .EQS. "" THEN GOTO CONFIG_DISABLE_LOOP2 $ IF CONFIG_DEPENDENT_E .EQS. "," THEN GOTO CONFIG_DISABLE_LOOP2_END @@ -385,7 +409,8 @@ $ CONFIG_DISABLED_'CONFIG_DEPENDENT_E' := YES $ CONFIG_ENABLED_'CONFIG_DEPENDENT_E' := NO $ ! Better not to assume defaults at this point... $ CONFIG_CHANGED_'CONFIG_DEPENDENT_E' := YES -$ WRITE SYS$ERROR "''CONFIG_DEPENDENT_E' disabled by rule ''CONFIG_DISABLE_E'" +$ WRITE SYS$ERROR - + "''CONFIG_DEPENDENT_E' disabled by rule ''CONFIG_DISABLE_E'" $ GOTO CONFIG_DISABLE_LOOP2 $ CONFIG_DISABLE_LOOP2_END: $ ENDIF @@ -395,7 +420,8 @@ $ $! Apply cascading enable rules $ CONFIG_ENABLE_I = 0 $ CONFIG_ENABLE_LOOP0: -$ CONFIG_ENABLE_E = F$EDIT(F$ELEMENT(CONFIG_ENABLE_I,";",CONFIG_ENABLE_RULES),"TRIM") +$ CONFIG_ENABLE_E = F$EDIT(F$ELEMENT(CONFIG_ENABLE_I,";", - + CONFIG_ENABLE_RULES),"TRIM") $ CONFIG_ENABLE_I = CONFIG_ENABLE_I + 1 $ IF CONFIG_ENABLE_E .EQS. "" THEN GOTO CONFIG_ENABLE_LOOP0 $ IF CONFIG_ENABLE_E .EQS. ";" THEN GOTO CONFIG_ENABLE_LOOP0_END @@ -405,7 +431,8 @@ $ CONFIG_ENABLE_DEPENDENTS = F$EDIT(F$ELEMENT(1,"/",CONFIG_ENABLE_E),"TRIM") $ TO_ENABLE := YES $ CONFIG_ALGO_I = 0 $ CONFIG_ENABLE_LOOP1: -$ CONFIG_ALGO_E = F$EDIT(F$ELEMENT(CONFIG_ALGO_I,",",CONFIG_ENABLE_ALGOS),"TRIM") +$ CONFIG_ALGO_E = F$EDIT(F$ELEMENT(CONFIG_ALGO_I,",", - + CONFIG_ENABLE_ALGOS),"TRIM") $ CONFIG_ALGO_I = CONFIG_ALGO_I + 1 $ IF CONFIG_ALGO_E .EQS. "" THEN GOTO CONFIG_ENABLE_LOOP1 $ IF CONFIG_ALGO_E .EQS. "," THEN GOTO CONFIG_ENABLE_LOOP1_END @@ -422,7 +449,8 @@ $ IF TO_ENABLE $ THEN $ CONFIG_DEPENDENT_I = 0 $ CONFIG_ENABLE_LOOP2: -$ CONFIG_DEPENDENT_E = F$EDIT(F$ELEMENT(CONFIG_DEPENDENT_I,",",CONFIG_ENABLE_DEPENDENTS),"TRIM") +$ CONFIG_DEPENDENT_E = F$EDIT(F$ELEMENT(CONFIG_DEPENDENT_I,",", - + CONFIG_ENABLE_DEPENDENTS),"TRIM") $ CONFIG_DEPENDENT_I = CONFIG_DEPENDENT_I + 1 $ IF CONFIG_DEPENDENT_E .EQS. "" THEN GOTO CONFIG_ENABLE_LOOP2 $ IF CONFIG_DEPENDENT_E .EQS. "," THEN GOTO CONFIG_ENABLE_LOOP2_END @@ -430,7 +458,8 @@ $ CONFIG_DISABLED_'CONFIG_DEPENDENT_E' := NO $ CONFIG_ENABLED_'CONFIG_DEPENDENT_E' := YES $ ! Better not to assume defaults at this point... $ CONFIG_CHANGED_'CONFIG_DEPENDENT_E' := YES -$ WRITE SYS$ERROR "''CONFIG_DEPENDENT_E' enabled by rule ''CONFIG_ENABLE_E'" +$ WRITE SYS$ERROR - + "''CONFIG_DEPENDENT_E' enabled by rule ''CONFIG_ENABLE_E'" $ GOTO CONFIG_ENABLE_LOOP2 $ CONFIG_ENABLE_LOOP2_END: $ ENDIF @@ -460,6 +489,17 @@ $ ENDIF $ GOTO CONFIG_LOG_LOOP2 $ CONFIG_LOG_LOOP2_END: $! +$ WRITE H_FILE "" +$ WRITE H_FILE "/* 2011-02-23 SMS." +$ WRITE H_FILE " * On VMS (V8.3), setvbuf() doesn't support a 64-bit" +$ WRITE H_FILE " * ""in"" pointer, and the help says:" +$ WRITE H_FILE " * Please note that the previously documented" +$ WRITE H_FILE " * value _IONBF is not supported." +$ WRITE H_FILE " * So, skip it on VMS." +$ WRITE H_FILE " */" +$ WRITE H_FILE "#define OPENSSL_NO_SETVBUF_IONBF" +$ WRITE H_FILE "" +$! $! Add in the common "crypto/opensslconf.h.in". $! $ TYPE 'OPENSSLCONF_H_IN' /OUTPUT=H_FILE: @@ -552,7 +592,7 @@ $ CLOSE H_FILE $! $! Purge The [.CRYPTO._xxx]OPENSSLCONF.H file $! -$ PURGE SYS$DISK:[.CRYPTO._'ARCH']OPENSSLCONF.H +$ PURGE SYS$DISK:[.CRYPTO.'ARCHD']OPENSSLCONF.H $! $! That's All, Time To RETURN. $! @@ -564,11 +604,11 @@ $ BUILDINF: $! $! Tell The User We Are Creating The [.CRYPTO._xxx]BUILDINF.H File. $! -$ WRITE SYS$OUTPUT "Creating [.CRYPTO._''ARCH']BUILDINF.H Include File." +$ WRITE SYS$OUTPUT "Creating [.CRYPTO.''ARCHD']BUILDINF.H Include File." $! $! Create The [.CRYPTO._xxx]BUILDINF.H File. $! -$ BIH_NAME = "SYS$DISK:[.CRYPTO._''ARCH']BUILDINF.H" +$ BIH_NAME = "SYS$DISK:[.CRYPTO.''ARCHD']BUILDINF.H" $ CREATE /FDL=SYS$INPUT: 'BIH_NAME' RECORD FORMAT stream_lf @@ -581,8 +621,19 @@ $ TIME = F$TIME() $! $! Write The [.CRYPTO._xxx]BUILDINF.H File. $! -$ WRITE H_FILE "#define CFLAGS """" /* Not filled in for now */" -$ WRITE H_FILE "#define PLATFORM ""VMS ''ARCH' ''VMS_VERSION'""" +$ CFLAGS = "" +$ if (POINTER_SIZE .nes. "") +$ then +$ CFLAGS = CFLAGS+ "/POINTER_SIZE=''POINTER_SIZE'" +$ endif +$ if (ZLIB .nes. "") +$ then +$ if (CFLAGS .nes. "") then CFLAGS = CFLAGS+ " " +$ CFLAGS = CFLAGS+ "/DEFINE=ZLIB" +$ endif +$! +$ WRITE H_FILE "#define CFLAGS ""''CFLAGS'""" +$ WRITE H_FILE "#define PLATFORM ""VMS ''ARCHD' ''VMS_VERSION'""" $ WRITE H_FILE "#define DATE ""''TIME'"" " $! $! Close The [.CRYPTO._xxx]BUILDINF.H File. @@ -591,7 +642,12 @@ $ CLOSE H_FILE $! $! Purge The [.CRYPTO._xxx]BUILDINF.H File. $! -$ PURGE SYS$DISK:[.CRYPTO._'ARCH']BUILDINF.H +$ PURGE SYS$DISK:[.CRYPTO.'ARCHD']BUILDINF.H +$! +$! Delete [.CRYPTO]BUILDINF.H File, as there might be some residue from Unix. +$! +$ IF F$SEARCH("[.CRYPTO]BUILDINF.H") .NES. "" THEN - + DELETE SYS$DISK:[.CRYPTO]BUILDINF.H;* $! $! That's All, Time To RETURN. $! @@ -601,44 +657,58 @@ $! Copy a lot of files around. $! $ SOFTLINKS: $! -$! Tell The User We Are Partly Rebuilding The [.APPS] Directory. -$! -$ WRITE SYS$OUTPUT "Rebuilding The '[.APPS]MD4.C' File." -$! -$ DELETE SYS$DISK:[.APPS]MD4.C;* -$! -$! Copy MD4.C from [.CRYPTO.MD4] into [.APPS] -$! -$ COPY SYS$DISK:[.CRYPTO.MD4]MD4.C SYS$DISK:[.APPS] -$! -$! Tell The User We Are Rebuilding The [.INCLUDE.OPENSSL] Directory. -$! -$ WRITE SYS$OUTPUT "Rebuilding The '[.INCLUDE.OPENSSL]' Directory." -$! -$! First, make sure the directory exists -$! -$ IF F$PARSE("SYS$DISK:[.INCLUDE.OPENSSL]") .EQS. "" THEN - - CREATE/DIRECTORY SYS$DISK:[.INCLUDE.OPENSSL] +$!!!! Tell The User We Are Partly Rebuilding The [.APPS] Directory. +$!!!! +$!!! WRITE SYS$OUTPUT "Rebuilding The '[.APPS]MD4.C' File." +$!!!! +$!!! DELETE SYS$DISK:[.APPS]MD4.C;* +$!!!! +$!!!! Copy MD4.C from [.CRYPTO.MD4] into [.APPS] +$!!!! +$!!! COPY SYS$DISK:[.CRYPTO.MD4]MD4.C SYS$DISK:[.APPS] +$! +$! Ensure that the [.include.openssl] directory contains a full set of +$! real header files. The distribution kit may have left real or fake +$! symlinks there. Rather than think about what's there, simply delete +$! the destination files (fake or real symlinks) before copying the real +$! header files in. (Copying a real header file onto a real symlink +$! merely duplicates the real header file at its source.) +$! +$! Tell The User We Are Rebuilding The [.include.openssl] Directory. +$! +$ WRITE SYS$OUTPUT "Rebuilding The '[.include.openssl]' Directory." +$! +$! First, make sure the directory exists. If it did exist, delete all +$! the existing header files (or fake or real symlinks). +$! +$ if f$parse( "sys$disk:[.include.openssl]") .eqs. "" +$ then +$ create /directory sys$disk:[.include.openssl] +$ else +$ delete sys$disk:[.include.openssl]*.h;* +$ endif $! $! Copy All The ".H" Files From The Main Directory. $! $ EXHEADER := e_os2.h -$ COPY 'EXHEADER' SYS$DISK:[.INCLUDE.OPENSSL] +$ copy 'exheader' sys$disk:[.include.openssl] $! $! Copy All The ".H" Files From The [.CRYPTO] Directory Tree. $! -$ SDIRS := ,- - _'ARCH',- - OBJECTS,- - MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,WHRLPOOL,- - DES,AES,RC2,RC4,RC5,IDEA,BF,CAST,CAMELLIA,SEED,MODES,- - BN,EC,RSA,DSA,ECDSA,DH,ECDH,DSO,ENGINE,- - BUFFER,BIO,STACK,LHASH,RAND,ERR,- - EVP,ASN1,PEM,X509,X509V3,CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,UI,KRB5,- - STORE,CMS,PQUEUE,TS,JPAKE -$ EXHEADER_ := crypto.h,opensslv.h,ebcdic.h,symhacks.h,ossl_typ.h -$ EXHEADER__'ARCH' := opensslconf.h -$ EXHEADER_OBJECTS := objects.h,obj_mac.h +$ SDIRS := , - + 'ARCHD', - + OBJECTS, - + MD2, MD4, MD5, SHA, MDC2, HMAC, RIPEMD, WHRLPOOL, - + DES, AES, RC2, RC4, RC5, IDEA, BF, CAST, CAMELLIA, SEED, MODES, - + BN, EC, RSA, DSA, ECDSA, DH, ECDH, DSO, ENGINE, - + BUFFER, BIO, STACK, LHASH, RAND, ERR, - + EVP, ASN1, PEM, X509, X509V3, CONF, TXT_DB, PKCS7, PKCS12, - + COMP, OCSP, UI, KRB5, - + STORE, CMS, PQUEUE, TS, JPAKE +$! +$ EXHEADER_ := crypto.h, opensslv.h, ebcdic.h, symhacks.h, ossl_typ.h +$ EXHEADER_'ARCHD' := opensslconf.h +$ EXHEADER_OBJECTS := objects.h, obj_mac.h $ EXHEADER_MD2 := md2.h $ EXHEADER_MD4 := md4.h $ EXHEADER_MD5 := md5.h @@ -647,7 +717,7 @@ $ EXHEADER_MDC2 := mdc2.h $ EXHEADER_HMAC := hmac.h $ EXHEADER_RIPEMD := ripemd.h $ EXHEADER_WHRLPOOL := whrlpool.h -$ EXHEADER_DES := des.h,des_old.h +$ EXHEADER_DES := des.h, des_old.h $ EXHEADER_AES := aes.h $ EXHEADER_RC2 := rc2.h $ EXHEADER_RC4 := rc4.h @@ -669,66 +739,64 @@ $ EXHEADER_DSO := dso.h $ EXHEADER_ENGINE := engine.h $ EXHEADER_BUFFER := buffer.h $ EXHEADER_BIO := bio.h -$ EXHEADER_STACK := stack.h,safestack.h +$ EXHEADER_STACK := stack.h, safestack.h $ EXHEADER_LHASH := lhash.h $ EXHEADER_RAND := rand.h $ EXHEADER_ERR := err.h $ EXHEADER_EVP := evp.h -$ EXHEADER_ASN1 := asn1.h,asn1_mac.h,asn1t.h -$ EXHEADER_PEM := pem.h,pem2.h -$ EXHEADER_X509 := x509.h,x509_vfy.h +$ EXHEADER_ASN1 := asn1.h, asn1_mac.h, asn1t.h +$ EXHEADER_PEM := pem.h, pem2.h +$ EXHEADER_X509 := x509.h, x509_vfy.h $ EXHEADER_X509V3 := x509v3.h -$ EXHEADER_CONF := conf.h,conf_api.h +$ EXHEADER_CONF := conf.h, conf_api.h $ EXHEADER_TXT_DB := txt_db.h $ EXHEADER_PKCS7 := pkcs7.h $ EXHEADER_PKCS12 := pkcs12.h $ EXHEADER_COMP := comp.h $ EXHEADER_OCSP := ocsp.h -$ EXHEADER_UI := ui.h,ui_compat.h +$ EXHEADER_UI := ui.h, ui_compat.h $ EXHEADER_KRB5 := krb5_asn.h -$!EXHEADER_STORE := store.h,str_compat.h +$!!! EXHEADER_STORE := store.h, str_compat.h $ EXHEADER_STORE := store.h $ EXHEADER_CMS := cms.h $ EXHEADER_PQUEUE := pqueue.h $ EXHEADER_TS := ts.h $ EXHEADER_JPAKE := jpake.h -$ -$ I = 0 -$ LOOP_SDIRS: -$ D = F$EDIT(F$ELEMENT(I, ",", SDIRS),"TRIM") -$ I = I + 1 -$ IF D .EQS. "," THEN GOTO LOOP_SDIRS_END -$ tmp = EXHEADER_'D' -$ IF D .EQS. "" -$ THEN -$ COPY [.CRYPTO]'tmp' SYS$DISK:[.INCLUDE.OPENSSL] !/LOG -$ ELSE -$ COPY [.CRYPTO.'D']'tmp' SYS$DISK:[.INCLUDE.OPENSSL] !/LOG -$ ENDIF -$ GOTO LOOP_SDIRS -$ LOOP_SDIRS_END: +$! +$ i = 0 +$ loop_sdirs: +$ sdir = f$edit( f$element( i, ",", sdirs), "trim") +$ i = i + 1 +$ if (sdir .eqs. ",") then goto loop_sdirs_end +$ hdr_list = exheader_'sdir' +$ if (sdir .nes. "") then sdir = "."+ sdir +$ copy [.crypto'sdir']'hdr_list' sys$disk:[.include.openssl] +$ goto loop_sdirs +$ loop_sdirs_end: $! $! Copy All The ".H" Files From The [.SSL] Directory. $! -$ EXHEADER := ssl.h,ssl2.h,ssl3.h,ssl23.h,tls1.h,dtls1.h,kssl.h -$ COPY SYS$DISK:[.SSL]'EXHEADER' SYS$DISK:[.INCLUDE.OPENSSL] +$! (keep these in the same order as ssl/Makefile) +$ EXHEADER := ssl.h, ssl2.h, ssl3.h, ssl23.h, tls1.h, dtls1.h, kssl.h +$ copy sys$disk:[.ssl]'exheader' sys$disk:[.include.openssl] $! -$! Purge all doubles +$! Purge the [.include.openssl] header files. $! -$ PURGE SYS$DISK:[.INCLUDE.OPENSSL]*.H +$ purge sys$disk:[.include.openssl]*.h $! $! That's All, Time To RETURN. $! $ RETURN $! -$! Build The "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" Library. +$! Build The "[.xxx.EXE.CRYPTO]SSL_LIBCRYPTO''LIB32'.OLB" Library. $! $ CRYPTO: $! $! Tell The User What We Are Doing. $! $ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "Building The [.",ARCH,".EXE.CRYPTO]LIBCRYPTO.OLB Library." +$ WRITE SYS$OUTPUT - + "Building The [.",ARCHD,".EXE.CRYPTO]SSL_LIBCRYPTO''LIB32'.OLB Library." $! $! Go To The [.CRYPTO] Directory. $! @@ -736,11 +804,13 @@ $ SET DEFAULT SYS$DISK:[.CRYPTO] $! $! Build The [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library. $! -$ @CRYPTO-LIB LIBRARY 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" "''ISSEVEN'" "''BUILDPART'" +$ @CRYPTO-LIB LIBRARY 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" - + "''ISSEVEN'" "''BUILDPART'" "''POINTER_SIZE'" "''ZLIB'" $! $! Build The [.xxx.EXE.CRYPTO]*.EXE Test Applications. $! -$ @CRYPTO-LIB APPS 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" 'ISSEVEN' "''BUILDPART'" +$ @CRYPTO-LIB APPS 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" - + "''ISSEVEN'" "''BUILDPART'" "''POINTER_SIZE'" "''ZLIB'" $! $! Go Back To The Main Directory. $! @@ -750,14 +820,15 @@ $! Time To RETURN. $! $ RETURN $! -$! Build The "[.xxx.EXE.SSL]LIBSSL.OLB" Library. +$! Build The "[.xxx.EXE.SSL]SSL_LIBSSL''LIB32'.OLB" Library. $! $ SSL: $! $! Tell The User What We Are Doing. $! $ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "Building The [.",ARCH,".EXE.SSL]LIBSSL.OLB Library." +$ WRITE SYS$OUTPUT - + "Building The [.",ARCHD,".EXE.SSL]SSL_LIBSSL''LIB32'.OLB Library." $! $! Go To The [.SSL] Directory. $! @@ -765,7 +836,8 @@ $ SET DEFAULT SYS$DISK:[.SSL] $! $! Build The [.xxx.EXE.SSL]LIBSSL.OLB Library. $! -$ @SSL-LIB LIBRARY 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" 'ISSEVEN' +$ @SSL-LIB LIBRARY 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" - + "''ISSEVEN'" "''POINTER_SIZE'" "''ZLIB'" $! $! Go Back To The Main Directory. $! @@ -782,7 +854,8 @@ $! $! Tell The User What We Are Doing. $! $ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "Building DECNet Based SSL Engine, [.",ARCH,".EXE.SSL]SSL_TASK.EXE" +$ WRITE SYS$OUTPUT - + "Building DECNet Based SSL Engine, [.",ARCHD,".EXE.SSL]SSL_TASK.EXE" $! $! Go To The [.SSL] Directory. $! @@ -790,7 +863,8 @@ $ SET DEFAULT SYS$DISK:[.SSL] $! $! Build The [.xxx.EXE.SSL]SSL_TASK.EXE $! -$ @SSL-LIB SSL_TASK 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" 'ISSEVEN' +$ @SSL-LIB SSL_TASK 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" - + "''ISSEVEN'" "''POINTER_SIZE'" "''ZLIB'" $! $! Go Back To The Main Directory. $! @@ -807,7 +881,7 @@ $! $! Tell The User What We Are Doing. $! $ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "Building The OpenSSL [.",ARCH,".EXE.TEST] Test Utilities." +$ WRITE SYS$OUTPUT "Building The OpenSSL [.",ARCHD,".EXE.TEST] Test Utilities." $! $! Go To The [.TEST] Directory. $! @@ -815,7 +889,8 @@ $ SET DEFAULT SYS$DISK:[.TEST] $! $! Build The Test Programs. $! -$ @MAKETESTS 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" 'ISSEVEN' +$ @MAKETESTS 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" "''ISSEVEN'" - + "''POINTER_SIZE'" "''ZLIB'" $! $! Go Back To The Main Directory. $! @@ -832,7 +907,7 @@ $! $! Tell The User What We Are Doing. $! $ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "Building OpenSSL [.",ARCH,".EXE.APPS] Applications." +$ WRITE SYS$OUTPUT "Building OpenSSL [.",ARCHD,".EXE.APPS] Applications." $! $! Go To The [.APPS] Directory. $! @@ -840,7 +915,8 @@ $ SET DEFAULT SYS$DISK:[.APPS] $! $! Build The Application Programs. $! -$ @MAKEAPPS 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" 'ISSEVEN' +$ @MAKEAPPS 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" "''ISSEVEN'" - + "" "''POINTER_SIZE'" "''ZLIB'" $! $! Go Back To The Main Directory. $! @@ -857,7 +933,7 @@ $! $! Tell The User What We Are Doing. $! $ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "Building OpenSSL [.",ARCH,".EXE.ENGINES] Engines." +$ WRITE SYS$OUTPUT "Building OpenSSL [.",ARCHD,".EXE.ENGINES] Engines." $! $! Go To The [.ENGINES] Directory. $! @@ -865,7 +941,8 @@ $ SET DEFAULT SYS$DISK:[.ENGINES] $! $! Build The Application Programs. $! -$ @MAKEENGINES ENGINES 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" 'ISSEVEN' "''BUILDPART'" +$ @MAKEENGINES ENGINES 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" - + "''ISSEVEN'" "''BUILDPART'" "''POINTER_SIZE'" "''ZLIB'" $! $! Go Back To The Main Directory. $! @@ -922,9 +999,9 @@ $! $! Tell The User We Don't Know What They Want. $! $ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "USAGE: @MAKEVMS.COM [Target] [not-used option] [Debug option] <Compiler>" +$ WRITE SYS$OUTPUT "USAGE: @MAKEVMS.COM [Target] [Pointer size] [Debug option] <Compiler>" $ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "Example: @MAKEVMS.COM ALL NORSAREF NODEBUG " +$ WRITE SYS$OUTPUT "Example: @MAKEVMS.COM ALL """" NODEBUG " $ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT "The Target ",P1," Is Invalid. The Valid Target Options Are:" $ WRITE SYS$OUTPUT "" @@ -944,8 +1021,8 @@ $ WRITE SYS$OUTPUT " ENGINES : To Build Just The ENGINES" $ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT " Where 'xxx' Stands For:" $ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT " ALPHA : Alpha Architecture." -$ WRITE SYS$OUTPUT " IA64 : IA64 Architecture." +$ WRITE SYS$OUTPUT " ALPHA[64]: Alpha Architecture." +$ WRITE SYS$OUTPUT " IA64[64] : IA64 Architecture." $ WRITE SYS$OUTPUT " VAX : VAX Architecture." $ WRITE SYS$OUTPUT "" $! @@ -961,6 +1038,54 @@ $! End The P1 Check. $! $ ENDIF $! +$! Check P2 (POINTER_SIZE). +$! +$ IF (P2 .NES. "") .AND. (ARCH .NES. "VAX") +$ THEN +$! +$ IF (P2 .EQS. "32") +$ THEN +$ POINTER_SIZE = "32" +$ ELSE +$ POINTER_SIZE = F$EDIT( P2, "COLLAPSE, UPCASE") +$ IF ((POINTER_SIZE .EQS. "64") .OR. - + (POINTER_SIZE .EQS. "64=") .OR. - + (POINTER_SIZE .EQS. "64=ARGV")) +$ THEN +$ ARCHD = ARCH+ "_64" +$ LIB32 = "" +$ ELSE +$! +$! Tell The User Entered An Invalid Option. +$! +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT "The Option ", P2, - + " Is Invalid. The Valid Options Are:" +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT - + " """" : Compile with default (short) pointers." +$ WRITE SYS$OUTPUT - + " 32 : Compile with 32-bit (short) pointers." +$ WRITE SYS$OUTPUT - + " 64 : Compile with 64-bit (long) pointers (auto ARGV)." +$ WRITE SYS$OUTPUT - + " 64= : Compile with 64-bit (long) pointers (no ARGV)." +$ WRITE SYS$OUTPUT - + " 64=ARGV : Compile with 64-bit (long) pointers (ARGV)." +$ WRITE SYS$OUTPUT "" +$! +$! Time To EXIT. +$! +$ GOTO TIDY +$! +$ ENDIF +$! +$ ENDIF +$! +$! End The P2 (POINTER_SIZE) Check. +$! +$ ENDIF +$! $! Check To See If P3 Is Blank. $! $ IF (P3.EQS."NODEBUG") @@ -987,7 +1112,7 @@ $! Else... $! $ ELSE $! -$! Tell The User Entered An Invalid Option.. +$! Tell The User Entered An Invalid Option. $! $ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT "The Option ",P3," Is Invalid. The Valid Options Are:" @@ -1066,7 +1191,7 @@ $! Else... $! $ ELSE $! -$! Check To See If The User Entered A Valid Paramter. +$! Check To See If The User Entered A Valid Parameter. $! $ IF (P4.EQS."VAXC").OR.(P4.EQS."DECC").OR.(P4.EQS."GNUC")!.OR.(P4.EQS."LINK") $ THEN @@ -1165,7 +1290,8 @@ $! End The P4 Check. $! $ ENDIF $! -$! Time to check the contents of P5, and to make sure we get the correct library. +$! Time to check the contents of P5, and to make sure we get the correct +$! library. $! $ IF P5.EQS."SOCKETSHR" .OR. P5.EQS."MULTINET" .OR. P5.EQS."UCX" - .OR. P5.EQS."TCPIP" .OR. P5.EQS."NONE" @@ -1178,7 +1304,7 @@ $ THEN $! $! Set the library to use SOCKETSHR $! -$ TCPIP_LIB = "SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT/OPT" +$ TCPIP_LIB = "SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT /OPTIONS" $! $! Tell the user $! @@ -1212,7 +1338,7 @@ $ THEN $! $! Set the library to use UCX. $! -$ TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT/OPT" +$ TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT /OPTIONS" $! $! Tell the user $! @@ -1229,7 +1355,7 @@ $ THEN $! $! Set the library to use TCPIP (post UCX). $! -$ TCPIP_LIB = "SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT/OPT" +$ TCPIP_LIB = "SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT /OPTIONS" $! $! Tell the user $! @@ -1339,11 +1465,69 @@ $! End The P6 Check. $! $ ENDIF $! +$! +$! Check To See If We Have A ZLIB Option. +$! +$ ZLIB = P7 +$ IF (ZLIB .NES. "") +$ THEN +$! +$! Check for expected ZLIB files. +$! +$ err = 0 +$ file1 = f$parse( "zlib.h", ZLIB, , , "SYNTAX_ONLY") +$ if (f$search( file1) .eqs. "") +$ then +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid." +$ WRITE SYS$OUTPUT " Can't find header: ''file1'" +$ err = 1 +$ endif +$! +$ file2 = f$parse( ZLIB, "libz.olb", , , "SYNTAX_ONLY") +$ if (f$search( file2) .eqs. "") +$ then +$ if (err .eq. 0) +$ then +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid." +$ endif +$ WRITE SYS$OUTPUT " Can't find library: ''file2'" +$ WRITE SYS$OUTPUT "" +$ err = err+ 2 +$ endif +$ if (err .eq. 1) +$ then +$ WRITE SYS$OUTPUT "" +$ endif +$! +$ if (err .ne. 0) +$ then +$ GOTO TIDY +$ endif +$! +$! Print info +$! +$ WRITE SYS$OUTPUT "ZLIB library spec: ", file2 +$! +$! End The ZLIB Check. +$! +$ ENDIF +$! $! Time To RETURN... $! $ RETURN $! $ TIDY: +$! +$! Close any open files. +$! +$ if (f$trnlnm( "h_file", "LNM$PROCESS", 0, "SUPERVISOR") .nes. "") then - + close h_file +$! +$! Restore the original default device:[directory]. +$! $ SET DEFAULT 'DEF_ORIG' +$! $ EXIT $! diff --git a/lib/libssl/src/openssl.spec b/lib/libssl/src/openssl.spec index bed337b6383..e4db875539d 100644 --- a/lib/libssl/src/openssl.spec +++ b/lib/libssl/src/openssl.spec @@ -2,15 +2,15 @@ %define libmaj 1 %define libmin 0 %define librel 0 -%define librev a +%define librev e Release: 1 %define openssldir /var/ssl Summary: Secure Sockets Layer and cryptography libraries and tools Name: openssl -Version: %{libmaj}.%{libmin}.%{librel} -#Version: %{libmaj}.%{libmin}.%{librel}%{librev} +#Version: %{libmaj}.%{libmin}.%{librel} +Version: %{libmaj}.%{libmin}.%{librel}%{librev} Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz Copyright: Freely distributable Group: System Environment/Libraries diff --git a/lib/libssl/src/ssl/bio_ssl.c b/lib/libssl/src/ssl/bio_ssl.c index af319af302a..eedac8a3fcf 100644 --- a/lib/libssl/src/ssl/bio_ssl.c +++ b/lib/libssl/src/ssl/bio_ssl.c @@ -348,7 +348,11 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr) break; case BIO_C_SET_SSL: if (ssl != NULL) + { ssl_free(b); + if (!ssl_new(b)) + return 0; + } b->shutdown=(int)num; ssl=(SSL *)ptr; ((BIO_SSL *)b->ptr)->ssl=ssl; diff --git a/lib/libssl/src/ssl/d1_clnt.c b/lib/libssl/src/ssl/d1_clnt.c index 5bc9eb6603f..089fa4c7f82 100644 --- a/lib/libssl/src/ssl/d1_clnt.c +++ b/lib/libssl/src/ssl/d1_clnt.c @@ -407,7 +407,8 @@ int dtls1_connect(SSL *s) case SSL3_ST_CW_CHANGE_A: case SSL3_ST_CW_CHANGE_B: - dtls1_start_timer(s); + if (!s->hit) + dtls1_start_timer(s); ret=dtls1_send_change_cipher_spec(s, SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B); if (ret <= 0) goto end; @@ -442,7 +443,8 @@ int dtls1_connect(SSL *s) case SSL3_ST_CW_FINISHED_A: case SSL3_ST_CW_FINISHED_B: - dtls1_start_timer(s); + if (!s->hit) + dtls1_start_timer(s); ret=dtls1_send_finished(s, SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B, s->method->ssl3_enc->client_finished_label, diff --git a/lib/libssl/src/ssl/d1_pkt.c b/lib/libssl/src/ssl/d1_pkt.c index a5439d544fb..39aac73e104 100644 --- a/lib/libssl/src/ssl/d1_pkt.c +++ b/lib/libssl/src/ssl/d1_pkt.c @@ -296,9 +296,6 @@ dtls1_process_buffered_records(SSL *s) item = pqueue_peek(s->d1->unprocessed_rcds.q); if (item) { - DTLS1_RECORD_DATA *rdata; - rdata = (DTLS1_RECORD_DATA *)item->data; - /* Check if epoch is current. */ if (s->d1->unprocessed_rcds.epoch != s->d1->r_epoch) return(1); /* Nothing to do. */ @@ -412,11 +409,12 @@ dtls1_process_record(SSL *s) enc_err = s->method->ssl3_enc->enc(s,0); if (enc_err <= 0) { - if (enc_err == 0) - /* SSLerr() and ssl3_send_alert() have been called */ - goto err; - - /* otherwise enc_err == -1 */ + /* decryption failed, silently discard message */ + if (enc_err < 0) + { + rr->length = 0; + s->packet_length = 0; + } goto err; } @@ -528,14 +526,12 @@ int dtls1_get_record(SSL *s) int ssl_major,ssl_minor; int i,n; SSL3_RECORD *rr; - SSL_SESSION *sess; unsigned char *p = NULL; unsigned short version; DTLS1_BITMAP *bitmap; unsigned int is_next_epoch; rr= &(s->s3->rrec); - sess=s->session; /* The epoch may have changed. If so, process all the * pending records. This is a non-blocking operation. */ @@ -662,10 +658,12 @@ again: /* If this record is from the next epoch (either HM or ALERT), * and a handshake is currently in progress, buffer it since it - * cannot be processed at this time. */ + * cannot be processed at this time. However, do not buffer + * anything while listening. + */ if (is_next_epoch) { - if (SSL_in_init(s) || s->in_handshake) + if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen) { dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num); } diff --git a/lib/libssl/src/ssl/d1_srvr.c b/lib/libssl/src/ssl/d1_srvr.c index 301ceda7a57..a6a4c87ea64 100644 --- a/lib/libssl/src/ssl/d1_srvr.c +++ b/lib/libssl/src/ssl/d1_srvr.c @@ -150,6 +150,7 @@ int dtls1_accept(SSL *s) unsigned long alg_k; int ret= -1; int new_state,state,skip=0; + int listen; RAND_add(&Time,sizeof(Time),0); ERR_clear_error(); @@ -159,11 +160,15 @@ int dtls1_accept(SSL *s) cb=s->info_callback; else if (s->ctx->info_callback != NULL) cb=s->ctx->info_callback; + + listen = s->d1->listen; /* init things to blank */ s->in_handshake++; if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); + s->d1->listen = listen; + if (s->cert == NULL) { SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_NO_CERTIFICATE_SET); @@ -273,11 +278,23 @@ int dtls1_accept(SSL *s) s->init_num=0; + /* Reflect ClientHello sequence to remain stateless while listening */ + if (listen) + { + memcpy(s->s3->write_sequence, s->s3->read_sequence, sizeof(s->s3->write_sequence)); + } + /* If we're just listening, stop here */ - if (s->d1->listen && s->state == SSL3_ST_SW_SRVR_HELLO_A) + if (listen && s->state == SSL3_ST_SW_SRVR_HELLO_A) { ret = 2; s->d1->listen = 0; + /* Set expected sequence numbers + * to continue the handshake. + */ + s->d1->handshake_read_seq = 2; + s->d1->handshake_write_seq = 1; + s->d1->next_handshake_write_seq = 1; goto end; } @@ -286,7 +303,6 @@ int dtls1_accept(SSL *s) case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: - dtls1_start_timer(s); ret = dtls1_send_hello_verify_request(s); if ( ret <= 0) goto end; s->state=SSL3_ST_SW_FLUSH; @@ -736,9 +752,6 @@ int dtls1_send_hello_verify_request(SSL *s) /* number of bytes to write */ s->init_num=p-buf; s->init_off=0; - - /* buffer the message to handle re-xmits */ - dtls1_buffer_message(s, 0); } /* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */ @@ -1017,12 +1030,11 @@ int dtls1_send_server_key_exchange(SSL *s) SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); goto err; } - if (!EC_KEY_up_ref(ecdhp)) + if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) { SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); goto err; } - ecdh = ecdhp; s->s3->tmp.ecdh=ecdh; if ((EC_KEY_get0_public_key(ecdh) == NULL) || diff --git a/lib/libssl/src/ssl/s23_lib.c b/lib/libssl/src/ssl/s23_lib.c index e3fce534304..3bf728318a4 100644 --- a/lib/libssl/src/ssl/s23_lib.c +++ b/lib/libssl/src/ssl/s23_lib.c @@ -92,15 +92,8 @@ const SSL_CIPHER *ssl23_get_cipher(unsigned int u) * available */ const SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p) { - SSL_CIPHER c; const SSL_CIPHER *cp; - unsigned long id; - int n; - n=ssl3_num_ciphers(); - id=0x03000000|((unsigned long)p[0]<<16L)| - ((unsigned long)p[1]<<8L)|(unsigned long)p[2]; - c.id=id; cp=ssl3_get_cipher_by_char(p); #ifndef OPENSSL_NO_SSL2 if (cp == NULL) diff --git a/lib/libssl/src/ssl/s2_srvr.c b/lib/libssl/src/ssl/s2_srvr.c index 1434e734dd0..bc885e8e7f6 100644 --- a/lib/libssl/src/ssl/s2_srvr.c +++ b/lib/libssl/src/ssl/s2_srvr.c @@ -403,13 +403,14 @@ static int get_client_master_key(SSL *s) p+=3; n2s(p,i); s->s2->tmp.clear=i; n2s(p,i); s->s2->tmp.enc=i; - n2s(p,i); s->session->key_arg_length=i; - if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH) + n2s(p,i); + if(i > SSL_MAX_KEY_ARG_LENGTH) { ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_KEY_ARG_TOO_LONG); return -1; } + s->session->key_arg_length=i; s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B; } @@ -697,7 +698,6 @@ static int server_hello(SSL *s) { unsigned char *p,*d; int n,hit; - STACK_OF(SSL_CIPHER) *sk; p=(unsigned char *)s->init_buf->data; if (s->state == SSL2_ST_SEND_SERVER_HELLO_A) @@ -778,7 +778,6 @@ static int server_hello(SSL *s) /* lets send out the ciphers we like in the * prefered order */ - sk= s->session->ciphers; n=ssl_cipher_list_to_bytes(s,s->session->ciphers,d,0); d+=n; s2n(n,p); /* add cipher length */ diff --git a/lib/libssl/src/ssl/s3_clnt.c b/lib/libssl/src/ssl/s3_clnt.c index 8cc291b9228..50bd415b568 100644 --- a/lib/libssl/src/ssl/s3_clnt.c +++ b/lib/libssl/src/ssl/s3_clnt.c @@ -1511,6 +1511,7 @@ int ssl3_get_key_exchange(SSL *s) s->session->sess_cert->peer_ecdh_tmp=ecdh; ecdh=NULL; BN_CTX_free(bn_ctx); + bn_ctx = NULL; EC_POINT_free(srvr_ecpoint); srvr_ecpoint = NULL; } @@ -2242,6 +2243,7 @@ int ssl3_send_client_key_exchange(SSL *s) if (!DH_generate_key(dh_clnt)) { SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB); + DH_free(dh_clnt); goto err; } @@ -2253,6 +2255,7 @@ int ssl3_send_client_key_exchange(SSL *s) if (n <= 0) { SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB); + DH_free(dh_clnt); goto err; } diff --git a/lib/libssl/src/ssl/s3_enc.c b/lib/libssl/src/ssl/s3_enc.c index 3d7aec97a20..58386e1ba03 100644 --- a/lib/libssl/src/ssl/s3_enc.c +++ b/lib/libssl/src/ssl/s3_enc.c @@ -214,7 +214,7 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) int ssl3_change_cipher_state(SSL *s, int which) { - unsigned char *p,*key_block,*mac_secret; + unsigned char *p,*mac_secret; unsigned char exp_key[EVP_MAX_KEY_LENGTH]; unsigned char exp_iv[EVP_MAX_IV_LENGTH]; unsigned char *ms,*key,*iv,*er1,*er2; @@ -239,7 +239,6 @@ int ssl3_change_cipher_state(SSL *s, int which) else comp=s->s3->tmp.new_compression->method; #endif - key_block=s->s3->tmp.key_block; if (which & SSL3_CC_READ) { diff --git a/lib/libssl/src/ssl/s3_lib.c b/lib/libssl/src/ssl/s3_lib.c index d6b047c9955..62c791cb724 100644 --- a/lib/libssl/src/ssl/s3_lib.c +++ b/lib/libssl/src/ssl/s3_lib.c @@ -2198,11 +2198,17 @@ void ssl3_clear(SSL *s) } #ifndef OPENSSL_NO_DH if (s->s3->tmp.dh != NULL) + { DH_free(s->s3->tmp.dh); + s->s3->tmp.dh = NULL; + } #endif #ifndef OPENSSL_NO_ECDH if (s->s3->tmp.ecdh != NULL) + { EC_KEY_free(s->s3->tmp.ecdh); + s->s3->tmp.ecdh = NULL; + } #endif rp = s->s3->rbuf.buf; diff --git a/lib/libssl/src/ssl/s3_pkt.c b/lib/libssl/src/ssl/s3_pkt.c index e3f6050a26a..f9b3629cf78 100644 --- a/lib/libssl/src/ssl/s3_pkt.c +++ b/lib/libssl/src/ssl/s3_pkt.c @@ -246,7 +246,8 @@ int ssl3_read_n(SSL *s, int n, int max, int extend) if (i <= 0) { rb->left = left; - if (s->mode & SSL_MODE_RELEASE_BUFFERS) + if (s->mode & SSL_MODE_RELEASE_BUFFERS && + SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER) if (len+left == 0) ssl3_release_read_buffer(s); return(i); @@ -846,7 +847,8 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, { wb->left=0; wb->offset+=i; - if (s->mode & SSL_MODE_RELEASE_BUFFERS) + if (s->mode & SSL_MODE_RELEASE_BUFFERS && + SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER) ssl3_release_write_buffer(s); s->rwstate=SSL_NOTHING; return(s->s3->wpend_ret); diff --git a/lib/libssl/src/ssl/s3_srvr.c b/lib/libssl/src/ssl/s3_srvr.c index 61ee0a3e422..c3b5ff33ff8 100644 --- a/lib/libssl/src/ssl/s3_srvr.c +++ b/lib/libssl/src/ssl/s3_srvr.c @@ -768,9 +768,7 @@ int ssl3_check_client_hello(SSL *s) if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO) { /* Throw away what we have done so far in the current handshake, - * which will now be aborted. (A full SSL_clear would be too much.) - * I hope that tmp.dh is the only thing that may need to be cleared - * when a handshake is not completed ... */ + * which will now be aborted. (A full SSL_clear would be too much.) */ #ifndef OPENSSL_NO_DH if (s->s3->tmp.dh != NULL) { @@ -778,6 +776,13 @@ int ssl3_check_client_hello(SSL *s) s->s3->tmp.dh = NULL; } #endif +#ifndef OPENSSL_NO_ECDH + if (s->s3->tmp.ecdh != NULL) + { + EC_KEY_free(s->s3->tmp.ecdh); + s->s3->tmp.ecdh = NULL; + } +#endif return 2; } return 1; @@ -1491,7 +1496,6 @@ int ssl3_send_server_key_exchange(SSL *s) if (s->s3->tmp.dh != NULL) { - DH_free(dh); SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); goto err; } @@ -1552,7 +1556,6 @@ int ssl3_send_server_key_exchange(SSL *s) if (s->s3->tmp.ecdh != NULL) { - EC_KEY_free(s->s3->tmp.ecdh); SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); goto err; } @@ -1563,12 +1566,11 @@ int ssl3_send_server_key_exchange(SSL *s) SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); goto err; } - if (!EC_KEY_up_ref(ecdhp)) + if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) { SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); goto err; } - ecdh = ecdhp; s->s3->tmp.ecdh=ecdh; if ((EC_KEY_get0_public_key(ecdh) == NULL) || @@ -1731,6 +1733,7 @@ int ssl3_send_server_key_exchange(SSL *s) (unsigned char *)encodedPoint, encodedlen); OPENSSL_free(encodedPoint); + encodedPoint = NULL; p += encodedlen; } #endif @@ -2440,6 +2443,12 @@ int ssl3_get_client_key_exchange(SSL *s) /* Get encoded point length */ i = *p; p += 1; + if (n != 1 + i) + { + SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, + ERR_R_EC_LIB); + goto err; + } if (EC_POINT_oct2point(group, clnt_ecpoint, p, i, bn_ctx) == 0) { @@ -2584,12 +2593,19 @@ int ssl3_get_client_key_exchange(SSL *s) { int ret = 0; EVP_PKEY_CTX *pkey_ctx; - EVP_PKEY *client_pub_pkey = NULL; + EVP_PKEY *client_pub_pkey = NULL, *pk = NULL; unsigned char premaster_secret[32], *start; - size_t outlen=32, inlen; + size_t outlen=32, inlen; + unsigned long alg_a; /* Get our certificate private key*/ - pkey_ctx = EVP_PKEY_CTX_new(s->cert->key->privatekey,NULL); + alg_a = s->s3->tmp.new_cipher->algorithm_auth; + if (alg_a & SSL_aGOST94) + pk = s->cert->pkeys[SSL_PKEY_GOST94].privatekey; + else if (alg_a & SSL_aGOST01) + pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey; + + pkey_ctx = EVP_PKEY_CTX_new(pk,NULL); EVP_PKEY_decrypt_init(pkey_ctx); /* If client certificate is present and is of the same type, maybe * use it for key exchange. Don't mind errors from diff --git a/lib/libssl/src/ssl/ssl-lib.com b/lib/libssl/src/ssl/ssl-lib.com index c5ca9e1df71..180f3a2d883 100644 --- a/lib/libssl/src/ssl/ssl-lib.com +++ b/lib/libssl/src/ssl/ssl-lib.com @@ -42,11 +42,33 @@ $! SOCKETSHR for SOCKETSHR+NETLIB $! $! P5, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up) $! +$! P6, if defined, specifies the C pointer size. Ignored on VAX. +$! ("64=ARGV" gives more efficient code with HP C V7.3 or newer.) +$! Supported values are: +$! +$! "" Compile with default (/NOPOINTER_SIZE) +$! 32 Compile with /POINTER_SIZE=32 (SHORT) +$! 64 Compile with /POINTER_SIZE=64[=ARGV] (LONG[=ARGV]) +$! (Automatically select ARGV if compiler supports it.) +$! 64= Compile with /POINTER_SIZE=64 (LONG). +$! 64=ARGV Compile with /POINTER_SIZE=64=ARGV (LONG=ARGV). +$! +$! P7, if defined, specifies a directory where ZLIB files (zlib.h, +$! libz.olb) may be found. Optionally, a non-default object library +$! name may be included ("dev:[dir]libz_64.olb", for example). +$! +$! +$! Announce/identify. +$! +$ proc = f$environment( "procedure") +$ write sys$output "@@@ "+ - + f$parse( proc, , , "name")+ f$parse( proc, , , "type") $! $! Define A TCP/IP Library That We Will Need To Link To. $! (That Is, If We Need To Link To One.) $! $ TCPIP_LIB = "" +$ ZLIB_LIB = "" $! $! Check What Architecture We Are Using. $! @@ -70,17 +92,33 @@ $! End The Architecture Check. $! $ ENDIF $! -$! Define The OBJ Directory. +$ ARCHD = ARCH +$ LIB32 = "32" +$ OPT_FILE = "" +$ POINTER_SIZE = "" $! -$ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.SSL] +$! Check To Make Sure We Have Valid Command Line Parameters. $! -$! Define The EXE Directory. +$ GOSUB CHECK_OPTIONS $! -$ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.SSL] +$! Define The OBJ and EXE Directories. $! -$! Check To Make Sure We Have Valid Command Line Parameters. +$ OBJ_DIR := SYS$DISK:[-.'ARCHD'.OBJ.SSL] +$ EXE_DIR := SYS$DISK:[-.'ARCHD'.EXE.SSL] $! -$ GOSUB CHECK_OPTIONS +$! Specify the destination directory in any /MAP option. +$! +$ if (LINKMAP .eqs. "MAP") +$ then +$ LINKMAP = LINKMAP+ "=''EXE_DIR'" +$ endif +$! +$! Add the location prefix to the linker options file name. +$! +$ if (OPT_FILE .nes. "") +$ then +$ OPT_FILE = EXE_DIR+ OPT_FILE +$ endif $! $! Initialise logical names and such $! @@ -88,7 +126,7 @@ $ GOSUB INITIALISE $! $! Tell The User What Kind of Machine We Run On. $! -$ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine." +$ WRITE SYS$OUTPUT "Host system architecture: ''ARCHD'" $! $! Check To See If The Architecture Specific OBJ Directory Exists. $! @@ -118,11 +156,15 @@ $ ENDIF $! $! Define The Library Name. $! -$ SSL_LIB := 'EXE_DIR'LIBSSL.OLB +$ SSL_LIB := 'EXE_DIR'SSL_LIBSSL'LIB32'.OLB $! $! Define The CRYPTO-LIB We Are To Use. $! -$ CRYPTO_LIB := SYS$DISK:[-.'ARCH'.EXE.CRYPTO]LIBCRYPTO.OLB +$ CRYPTO_LIB := SYS$DISK:[-.'ARCHD'.EXE.CRYPTO]SSL_LIBCRYPTO'LIB32'.OLB +$! +$! Set up exceptional compilations. +$! +$ CC5_SHOWN = 0 $! $! Check To See What We Are To Do. $! @@ -156,7 +198,7 @@ $! Compile The Library. $! $ LIBRARY: $! -$! Check To See If We Already Have A "[.xxx.EXE.SSL]LIBSSL.OLB" Library... +$! Check To See If We Already Have A "[.xxx.EXE.SSL]SSL_LIBSSL''LIB32'.OLB" Library... $! $ IF (F$SEARCH(SSL_LIB).EQS."") $ THEN @@ -182,6 +224,8 @@ $ LIB_SSL = "s2_meth,s2_srvr,s2_clnt,s2_lib,s2_enc,s2_pkt,"+ - "ssl_asn1,ssl_txt,ssl_algs,"+ - "bio_ssl,ssl_err,kssl,t1_reneg" $! +$ COMPILEWITH_CC5 = "" +$! $! Tell The User That We Are Compiling The Library. $! $ WRITE SYS$OUTPUT "Building The ",SSL_LIB," Library." @@ -295,42 +339,47 @@ $! End The SSL_TASK.C File Check. $! $ ENDIF $! +$ COMPILEWITH_CC5 = "" !!! ",ssl_task," +$! +$! Tell The User We Are Creating The SSL_TASK. +$! $! Tell The User We Are Creating The SSL_TASK. $! $ WRITE SYS$OUTPUT "Creating SSL_TASK OSU HTTP SSL Engine." $! +$! Tell The User What File We Are Compiling. +$! +$ FILE_NAME = "ssl_task" +$ WRITE SYS$OUTPUT " ",FILE_NAME,".c" +$! $! Compile The File. $! $ ON ERROR THEN GOTO SSL_TASK_END -$ CC5/OBJECT='OBJ_DIR'SSL_TASK.OBJ SYS$DISK:[]SSL_TASK.C $! -$! Link The Program. -$! Check To See If We Are To Link With A Specific TCP/IP Library. -$! -$ IF (TCPIP_LIB.NES."") +$ FILE_NAME0 = ","+ F$ELEMENT(0,".",FILE_NAME)+ "," +$ IF COMPILEWITH_CC5 - FILE_NAME0 .NES. COMPILEWITH_CC5 $ THEN -$! -$! Link With TCP/IP Library. -$! -$ LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR'SSL_TASK.EXE - - 'OBJ_DIR'SSL_TASK.OBJ, - - 'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY, - - 'TCPIP_LIB','OPT_FILE'/OPTION -$! -$! Else... -$! +$ if (.not. CC5_SHOWN) +$ then +$ CC5_SHOWN = 1 +$ write sys$output " \Using special rule (5)" +$ x = " "+ CC5 +$ write /symbol sys$output x +$ endif +$ CC5 /OBJECT='OBJ_DIR''FILE_NAME'.OBJ SYS$DISK:[]'FILE_NAME'.C $ ELSE +$ CC /OBJECT='OBJ_DIR''FILE_NAME'.OBJ SYS$DISK:[]'FILE_NAME'.C +$ ENDIF $! -$! Don't Link With TCP/IP Library. -$! -$ LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR'SSL_TASK.EXE - - 'OBJ_DIR'SSL_TASK.OBJ,- - 'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY, - - 'OPT_FILE'/OPTION -$! -$! End The TCP/IP Library Check. +$! Link The Program. $! -$ ENDIF +$ LINK /'DEBUGGER' /'LINKMAP' /'TRACEBACK' /EXE='EXE_DIR'SSL_TASK.EXE - + 'OBJ_DIR'SSL_TASK.OBJ, - + 'SSL_LIB'/LIBRARY, - + 'CRYPTO_LIB'/LIBRARY - + 'TCPIP_LIB' - + 'ZLIB_LIB' - + ,'OPT_FILE' /OPTIONS $! $! Time To Return. $! @@ -356,7 +405,7 @@ $! $ CREATE 'OPT_FILE' $DECK ! -! Default System Options File To Link Agianst +! Default System Options File To Link Against ! The Sharable VAX C Runtime Library. ! SYS$SHARE:VAXCRTL.EXE/SHARE @@ -385,7 +434,7 @@ $! $ CREATE 'OPT_FILE' $DECK ! -! Default System Options File To Link Agianst +! Default System Options File To Link Against ! The Sharable C Runtime Library. ! GNU_CC:[000000]GCCLIB/LIBRARY @@ -420,7 +469,7 @@ $! $ CREATE 'OPT_FILE' $DECK ! -! Default System Options File To Link Agianst +! Default System Options File To Link Against ! The Sharable DEC C Runtime Library. ! SYS$SHARE:DECC$SHR.EXE/SHARE @@ -435,7 +484,7 @@ $! $ CREATE 'OPT_FILE' $DECK ! -! Default System Options File For non-VAX To Link Agianst +! Default System Options File For non-VAX To Link Against ! The Sharable C Runtime Library. ! SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE @@ -548,8 +597,8 @@ $ WRITE SYS$OUTPUT " SSL_TASK : To Compile Just The [.xxx.EXE.SSL]SSL_TA $ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT " Where 'xxx' Stands For:" $ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT " ALPHA : Alpha Architecture." -$ WRITE SYS$OUTPUT " IA64 : IA64 Architecture." +$ WRITE SYS$OUTPUT " ALPHA[64]: Alpha Architecture." +$ WRITE SYS$OUTPUT " IA64[64] : IA64 Architecture." $ WRITE SYS$OUTPUT " VAX : VAX Architecture." $ WRITE SYS$OUTPUT "" $! @@ -570,14 +619,15 @@ $! $ IF (P2.EQS."NODEBUG") $ THEN $! -$! P2 Is NODEBUG, So Compile Without Debugger Information. +$! P2 Is NODEBUG, So Compile Without Debugger Information. $! -$ DEBUGGER = "NODEBUG" -$ TRACEBACK = "NOTRACEBACK" -$ GCC_OPTIMIZE = "OPTIMIZE" -$ CC_OPTIMIZE = "OPTIMIZE" -$ WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile." -$ WRITE SYS$OUTPUT "Compiling With Compiler Optimization." +$ DEBUGGER = "NODEBUG" +$ LINKMAP = "NOMAP" +$ TRACEBACK = "NOTRACEBACK" +$ GCC_OPTIMIZE = "OPTIMIZE" +$ CC_OPTIMIZE = "OPTIMIZE" +$ WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile." +$ WRITE SYS$OUTPUT "Compiling With Compiler Optimization." $! $! Else... $! @@ -591,6 +641,7 @@ $! $! Compile With Debugger Information. $! $ DEBUGGER = "DEBUG" +$ LINKMAP = "MAP" $ TRACEBACK = "TRACEBACK" $ GCC_OPTIMIZE = "NOOPTIMIZE" $ CC_OPTIMIZE = "NOOPTIMIZE" @@ -598,7 +649,7 @@ $ WRITE SYS$OUTPUT "Debugger Information Will Be Produced During Compile." $ WRITE SYS$OUTPUT "Compiling Without Compiler Optimization." $ ELSE $! -$! Tell The User Entered An Invalid Option.. +$! Tell The User Entered An Invalid Option. $! $ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT "The Option ",P2," Is Invalid. The Valid Options Are:" @@ -653,6 +704,59 @@ $! End The P5 Check. $! $ ENDIF $! +$! Check P6 (POINTER_SIZE). +$! +$ IF (P6 .NES. "") .AND. (ARCH .NES. "VAX") +$ THEN +$! +$ IF (P6 .EQS. "32") +$ THEN +$ POINTER_SIZE = " /POINTER_SIZE=32" +$ ELSE +$ POINTER_SIZE = F$EDIT( P6, "COLLAPSE, UPCASE") +$ IF ((POINTER_SIZE .EQS. "64") .OR. - + (POINTER_SIZE .EQS. "64=") .OR. - + (POINTER_SIZE .EQS. "64=ARGV")) +$ THEN +$ ARCHD = ARCH+ "_64" +$ LIB32 = "" +$ POINTER_SIZE = " /POINTER_SIZE=64" +$ ELSE +$! +$! Tell The User Entered An Invalid Option. +$! +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT "The Option ", P6, - + " Is Invalid. The Valid Options Are:" +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT - + " """" : Compile with default (short) pointers." +$ WRITE SYS$OUTPUT - + " 32 : Compile with 32-bit (short) pointers." +$ WRITE SYS$OUTPUT - + " 64 : Compile with 64-bit (long) pointers (auto ARGV)." +$ WRITE SYS$OUTPUT - + " 64= : Compile with 64-bit (long) pointers (no ARGV)." +$ WRITE SYS$OUTPUT - + " 64=ARGV : Compile with 64-bit (long) pointers (ARGV)." +$ WRITE SYS$OUTPUT "" +$! +$! Time To EXIT. +$! +$ EXIT +$! +$ ENDIF +$! +$ ENDIF +$! +$! End The P6 (POINTER_SIZE) Check. +$! +$ ENDIF +$! +$! Set basic C compiler /INCLUDE directories. +$! +$ CC_INCLUDES = "SYS$DISK:[-.CRYPTO],SYS$DISK:[-]" +$! $! Check To See If P3 Is Blank. $! $ IF (P3.EQS."") @@ -753,11 +857,64 @@ $ CCDEFS = "TCPIP_TYPE_''P4'" $ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS $ CCEXTRAFLAGS = "" $ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS -$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR" +$ CCDISABLEWARNINGS = "" !!! "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR" $ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN - CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS $! -$! Check To See If The User Entered A Valid Paramter. +$! Check To See If We Have A ZLIB Option. +$! +$ ZLIB = P7 +$ IF (ZLIB .NES. "") +$ THEN +$! +$! Check for expected ZLIB files. +$! +$ err = 0 +$ file1 = f$parse( "zlib.h", ZLIB, , , "SYNTAX_ONLY") +$ if (f$search( file1) .eqs. "") +$ then +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid." +$ WRITE SYS$OUTPUT " Can't find header: ''file1'" +$ err = 1 +$ endif +$ file1 = f$parse( "A.;", ZLIB)- "A.;" +$! +$ file2 = f$parse( ZLIB, "libz.olb", , , "SYNTAX_ONLY") +$ if (f$search( file2) .eqs. "") +$ then +$ if (err .eq. 0) +$ then +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid." +$ endif +$ WRITE SYS$OUTPUT " Can't find library: ''file2'" +$ WRITE SYS$OUTPUT "" +$ err = err+ 2 +$ endif +$ if (err .eq. 1) +$ then +$ WRITE SYS$OUTPUT "" +$ endif +$! +$ if (err .ne. 0) +$ then +$ EXIT +$ endif +$! +$ CCDEFS = """ZLIB=1"", "+ CCDEFS +$ CC_INCLUDES = CC_INCLUDES+ ", "+ file1 +$ ZLIB_LIB = ", ''file2' /library" +$! +$! Print info +$! +$ WRITE SYS$OUTPUT "ZLIB library spec: ", file2 +$! +$! End The ZLIB Check. +$! +$ ENDIF +$! +$! Check To See If The User Entered A Valid Parameter. $! $ IF (P3.EQS."VAXC").OR.(P3.EQS."DECC").OR.(P3.EQS."GNUC") $ THEN @@ -780,13 +937,13 @@ $! $ CC = "CC" $ IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" - THEN CC = "CC/DECC" -$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + - - "/NOLIST/PREFIX=ALL" + - - "/INCLUDE=(SYS$DISK:[-.CRYPTO],SYS$DISK:[-])" + CCEXTRAFLAGS +$ CC = CC + " /''CC_OPTIMIZE' /''DEBUGGER' /STANDARD=RELAXED"+ - + "''POINTER_SIZE' /NOLIST /PREFIX=ALL" + - + " /INCLUDE=(''CC_INCLUDES') " + CCEXTRAFLAGS $! $! Define The Linker Options File Name. $! -$ OPT_FILE = "''EXE_DIR'VAX_DECC_OPTIONS.OPT" +$ OPT_FILE = "VAX_DECC_OPTIONS.OPT" $! $! End DECC Check. $! @@ -815,7 +972,7 @@ $ EXIT $ ENDIF $ IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC" $ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + - - "/INCLUDE=(SYS$DISK:[-.CRYPTO],SYS$DISK:[-])" + CCEXTRAFLAGS + "/INCLUDE=(''CC_INCLUDES')" + CCEXTRAFLAGS $ CCDEFS = CCDEFS + ",""VAXC""" $! $! Define <sys> As SYS$COMMON:[SYSLIB] @@ -824,7 +981,7 @@ $ DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB] $! $! Define The Linker Options File Name. $! -$ OPT_FILE = "''EXE_DIR'VAX_VAXC_OPTIONS.OPT" +$ OPT_FILE = "VAX_VAXC_OPTIONS.OPT" $! $! End VAXC Check $! @@ -847,11 +1004,11 @@ $! Use GNU C... $! $ IF F$TYPE(GCC) .EQS. "" THEN GCC := GCC $ CC = GCC+"/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + - - "/INCLUDE=(SYS$DISK:[-.CRYPTO],SYS$DISK:[-])" + CCEXTRAFLAGS + "/INCLUDE=(''CC_INCLUDES')" + CCEXTRAFLAGS $! $! Define The Linker Options File Name. $! -$ OPT_FILE = "''EXE_DIR'VAX_GNUC_OPTIONS.OPT" +$ OPT_FILE = "VAX_GNUC_OPTIONS.OPT" $! $! End The GNU C Check. $! @@ -870,16 +1027,16 @@ $ THEN $ CC4DISABLEWARNINGS = "DOLLARID" $ ELSE $ CC4DISABLEWARNINGS = CCDISABLEWARNINGS + ",DOLLARID" -$ CCDISABLEWARNINGS = "/WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))" +$ CCDISABLEWARNINGS = " /WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))" $ ENDIF -$ CC4DISABLEWARNINGS = "/WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))" +$ CC4DISABLEWARNINGS = " /WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))" $ ELSE $ CCDISABLEWARNINGS = "" $ CC4DISABLEWARNINGS = "" $ ENDIF -$ CC2 = CC + "/DEFINE=(" + CCDEFS + ",_POSIX_C_SOURCE)" + CCDISABLEWARNINGS -$ CC3 = CC + "/DEFINE=(" + CCDEFS + ISSEVEN + ")" + CCDISABLEWARNINGS -$ CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS +$ CC2 = CC + " /DEFINE=(" + CCDEFS + ",_POSIX_C_SOURCE)" + CCDISABLEWARNINGS +$ CC3 = CC + " /DEFINE=(" + CCDEFS + ISSEVEN + ")" + CCDISABLEWARNINGS +$ CC = CC + " /DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS $ IF COMPILER .EQS. "DECC" $ THEN $ CC4 = CC - CCDISABLEWARNINGS + CC4DISABLEWARNINGS @@ -925,7 +1082,7 @@ $ THEN $! $! Set the library to use SOCKETSHR $! -$ TCPIP_LIB = "SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT/OPT" +$ TCPIP_LIB = ",SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT /OPTIONS" $! $! Done with SOCKETSHR $! @@ -951,13 +1108,13 @@ $ THEN $! $! Set the library to use UCX. $! -$ TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT/OPT" +$ TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT /OPTIONS" $ IF F$TRNLNM("UCX$IPC_SHR") .NES. "" $ THEN -$ TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT/OPT" +$ TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT /OPTIONS" $ ELSE $ IF COMPILER .NES. "DECC" .AND. ARCH .EQS. "VAX" THEN - - TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT/OPT" + TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT /OPTIONS" $ ENDIF $! $! Done with UCX @@ -971,7 +1128,7 @@ $ THEN $! $! Set the library to use TCPIP (post UCX). $! -$ TCPIP_LIB = "SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT/OPT" +$ TCPIP_LIB = ",SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT /OPTIONS" $! $! Done with TCPIP $! @@ -992,7 +1149,7 @@ $ ENDIF $! $! Print info $! -$ WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB +$ WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB- "," $! $! Else The User Entered An Invalid Argument. $! diff --git a/lib/libssl/src/ssl/ssl_asn1.c b/lib/libssl/src/ssl/ssl_asn1.c index 28709978b53..d7f4c6087e3 100644 --- a/lib/libssl/src/ssl/ssl_asn1.c +++ b/lib/libssl/src/ssl/ssl_asn1.c @@ -357,7 +357,7 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length) { - int version,ssl_version=0,i; + int ssl_version=0,i; long id; ASN1_INTEGER ai,*aip; ASN1_OCTET_STRING os,*osp; @@ -371,7 +371,6 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, ai.data=NULL; ai.length=0; M_ASN1_D2I_get_x(ASN1_INTEGER,aip,d2i_ASN1_INTEGER); - version=(int)ASN1_INTEGER_get(aip); if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; } /* we don't care about the version right now :-) */ diff --git a/lib/libssl/src/ssl/ssl_ciph.c b/lib/libssl/src/ssl/ssl_ciph.c index bee3507ea18..a8ce186b783 100644 --- a/lib/libssl/src/ssl/ssl_ciph.c +++ b/lib/libssl/src/ssl/ssl_ciph.c @@ -1027,7 +1027,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str, const SSL_CIPHER **ca_list) { unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength; - const char *l, *start, *buf; + const char *l, *buf; int j, multi, found, rule, retval, ok, buflen; unsigned long cipher_id = 0; char ch; @@ -1064,7 +1064,6 @@ static int ssl_cipher_process_rulestr(const char *rule_str, alg_ssl = 0; algo_strength = 0; - start=l; for (;;) { ch = *l; @@ -1456,7 +1455,7 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) int is_export,pkl,kl; const char *ver,*exp_str; const char *kx,*au,*enc,*mac; - unsigned long alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl,alg2,alg_s; + unsigned long alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl,alg2; #ifdef KSSL_DEBUG static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx/%lx/%lx/%lx/%lx\n"; #else @@ -1469,7 +1468,6 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) alg_mac = cipher->algorithm_mac; alg_ssl = cipher->algorithm_ssl; - alg_s=cipher->algo_strength; alg2=cipher->algorithm2; is_export=SSL_C_IS_EXPORT(cipher); diff --git a/lib/libssl/src/ssl/ssl_lib.c b/lib/libssl/src/ssl/ssl_lib.c index 497515f9ec4..a3c9309488a 100644 --- a/lib/libssl/src/ssl/ssl_lib.c +++ b/lib/libssl/src/ssl/ssl_lib.c @@ -1830,7 +1830,7 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) #endif X509 *x = NULL; EVP_PKEY *ecc_pkey = NULL; - int signature_nid = 0; + int signature_nid = 0, pk_nid = 0, md_nid = 0; if (c == NULL) return; @@ -1960,18 +1960,15 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) EVP_PKEY_bits(ecc_pkey) : 0; EVP_PKEY_free(ecc_pkey); if ((x->sig_alg) && (x->sig_alg->algorithm)) + { signature_nid = OBJ_obj2nid(x->sig_alg->algorithm); + OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid); + } #ifndef OPENSSL_NO_ECDH if (ecdh_ok) { - const char *sig = OBJ_nid2ln(signature_nid); - if (sig == NULL) - { - ERR_clear_error(); - sig = "unknown"; - } - - if (strstr(sig, "WithRSA")) + + if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa) { mask_k|=SSL_kECDHr; mask_a|=SSL_aECDH; @@ -1982,7 +1979,7 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) } } - if (signature_nid == NID_ecdsa_with_SHA1) + if (pk_nid == NID_X9_62_id_ecPublicKey) { mask_k|=SSL_kECDHe; mask_a|=SSL_aECDH; @@ -2036,7 +2033,7 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs) unsigned long alg_k, alg_a; EVP_PKEY *pkey = NULL; int keysize = 0; - int signature_nid = 0; + int signature_nid = 0, md_nid = 0, pk_nid = 0; alg_k = cs->algorithm_mkey; alg_a = cs->algorithm_auth; @@ -2054,7 +2051,10 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs) /* This call populates the ex_flags field correctly */ X509_check_purpose(x, -1, 0); if ((x->sig_alg) && (x->sig_alg->algorithm)) + { signature_nid = OBJ_obj2nid(x->sig_alg->algorithm); + OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid); + } if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr) { /* key usage, if present, must allow key agreement */ @@ -2066,7 +2066,7 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs) if (alg_k & SSL_kECDHe) { /* signature alg must be ECDSA */ - if (signature_nid != NID_ecdsa_with_SHA1) + if (pk_nid != NID_X9_62_id_ecPublicKey) { SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE); return 0; @@ -2076,13 +2076,7 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs) { /* signature alg must be RSA */ - const char *sig = OBJ_nid2ln(signature_nid); - if (sig == NULL) - { - ERR_clear_error(); - sig = "unknown"; - } - if (strstr(sig, "WithRSA") == NULL) + if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa) { SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE); return 0; @@ -2107,23 +2101,12 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs) /* THIS NEEDS CLEANING UP */ X509 *ssl_get_server_send_cert(SSL *s) { - unsigned long alg_k,alg_a,mask_k,mask_a; + unsigned long alg_k,alg_a; CERT *c; - int i,is_export; + int i; c=s->cert; ssl_set_cert_masks(c, s->s3->tmp.new_cipher); - is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher); - if (is_export) - { - mask_k = c->export_mask_k; - mask_a = c->export_mask_a; - } - else - { - mask_k = c->mask_k; - mask_a = c->mask_a; - } alg_k = s->s3->tmp.new_cipher->algorithm_mkey; alg_a = s->s3->tmp.new_cipher->algorithm_auth; diff --git a/lib/libssl/src/ssl/ssltest.c b/lib/libssl/src/ssl/ssltest.c index 1d8ba372bcc..08c90478f48 100644 --- a/lib/libssl/src/ssl/ssltest.c +++ b/lib/libssl/src/ssl/ssltest.c @@ -1432,7 +1432,6 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) BIO *c_bio=NULL; BIO *s_bio=NULL; int c_r,c_w,s_r,s_w; - int c_want,s_want; int i,j; int done=0; int c_write,s_write; @@ -1467,8 +1466,6 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) c_r=0; s_r=1; c_w=1; s_w=0; - c_want=W_WRITE; - s_want=0; c_write=1,s_write=0; /* We can always do writes */ diff --git a/lib/libssl/src/ssl/t1_enc.c b/lib/libssl/src/ssl/t1_enc.c index 9719541f2b4..793ea43e902 100644 --- a/lib/libssl/src/ssl/t1_enc.c +++ b/lib/libssl/src/ssl/t1_enc.c @@ -157,7 +157,7 @@ static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec, const void *seed5, int seed5_len, unsigned char *out, int olen) { - int chunk,n; + int chunk; unsigned int j; HMAC_CTX ctx; HMAC_CTX ctx_tmp; @@ -187,7 +187,6 @@ static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec, if (!HMAC_Final(&ctx,A1,&A1_len)) goto err; - n=0; for (;;) { if (!HMAC_Init_ex(&ctx,NULL,0,NULL,NULL)) /* re-init */ @@ -309,13 +308,13 @@ static int tls1_generate_key_block(SSL *s, unsigned char *km, int tls1_change_cipher_state(SSL *s, int which) { static const unsigned char empty[]=""; - unsigned char *p,*key_block,*mac_secret; + unsigned char *p,*mac_secret; unsigned char *exp_label; unsigned char tmp1[EVP_MAX_KEY_LENGTH]; unsigned char tmp2[EVP_MAX_KEY_LENGTH]; unsigned char iv1[EVP_MAX_IV_LENGTH*2]; unsigned char iv2[EVP_MAX_IV_LENGTH*2]; - unsigned char *ms,*key,*iv,*er1,*er2; + unsigned char *ms,*key,*iv; int client_write; EVP_CIPHER_CTX *dd; const EVP_CIPHER *c; @@ -337,7 +336,6 @@ int tls1_change_cipher_state(SSL *s, int which) #ifndef OPENSSL_NO_COMP comp=s->s3->tmp.new_compression; #endif - key_block=s->s3->tmp.key_block; #ifdef KSSL_DEBUG printf("tls1_change_cipher_state(which= %d) w/\n", which); @@ -448,8 +446,6 @@ int tls1_change_cipher_state(SSL *s, int which) cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl; /* Was j=(exp)?5:EVP_CIPHER_key_length(c); */ k=EVP_CIPHER_iv_length(c); - er1= &(s->s3->client_random[0]); - er2= &(s->s3->server_random[0]); if ( (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || (which == SSL3_CHANGE_CIPHER_SERVER_READ)) { @@ -880,7 +876,7 @@ int tls1_final_finish_mac(SSL *s, int tls1_mac(SSL *ssl, unsigned char *md, int send) { SSL3_RECORD *rec; - unsigned char *mac_sec,*seq; + unsigned char *seq; EVP_MD_CTX *hash; size_t md_size; int i; @@ -892,14 +888,12 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send) if (send) { rec= &(ssl->s3->wrec); - mac_sec= &(ssl->s3->write_mac_secret[0]); seq= &(ssl->s3->write_sequence[0]); hash=ssl->write_hash; } else { rec= &(ssl->s3->rrec); - mac_sec= &(ssl->s3->read_mac_secret[0]); seq= &(ssl->s3->read_sequence[0]); hash=ssl->read_hash; } diff --git a/lib/libssl/src/ssl/t1_lib.c b/lib/libssl/src/ssl/t1_lib.c index 0baa70663aa..85371c87b8e 100644 --- a/lib/libssl/src/ssl/t1_lib.c +++ b/lib/libssl/src/ssl/t1_lib.c @@ -1013,9 +1013,9 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al) { + unsigned short length; unsigned short type; unsigned short size; - unsigned short len; unsigned char *data = *p; int tlsext_servername = 0; int renegotiate_seen = 0; @@ -1023,7 +1023,12 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in if (data >= (d+n-2)) goto ri_check; - n2s(data,len); + n2s(data,length); + if (data+length != d+n) + { + *al = SSL_AD_DECODE_ERROR; + return 0; + } while(data <= (d+n-4)) { @@ -1453,23 +1458,20 @@ int ssl_check_serverhello_tlsext(SSL *s) int al = SSL_AD_UNRECOGNIZED_NAME; #ifndef OPENSSL_NO_EC - /* If we are client and using an elliptic curve cryptography cipher suite, then server - * must return a an EC point formats lists containing uncompressed. + /* If we are client and using an elliptic curve cryptography cipher + * suite, then if server returns an EC point formats lists extension + * it must contain uncompressed. */ unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth; if ((s->tlsext_ecpointformatlist != NULL) && (s->tlsext_ecpointformatlist_length > 0) && + (s->session->tlsext_ecpointformatlist != NULL) && (s->session->tlsext_ecpointformatlist_length > 0) && ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA))) { /* we are using an ECC cipher */ size_t i; unsigned char *list; int found_uncompressed = 0; - if ((s->session->tlsext_ecpointformatlist == NULL) || (s->session->tlsext_ecpointformatlist_length == 0)) - { - SSLerr(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT,SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST); - return -1; - } list = s->session->tlsext_ecpointformatlist; for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++) { diff --git a/lib/libssl/src/test/maketests.com b/lib/libssl/src/test/maketests.com index ca072f1d11b..386e5cf3c16 100644 --- a/lib/libssl/src/test/maketests.com +++ b/lib/libssl/src/test/maketests.com @@ -25,7 +25,7 @@ $! VAXC For VAX C. $! DECC For DEC C. $! GNUC For GNU C. $! -$! If you don't speficy a compiler, it will try to determine which +$! If you don't specify a compiler, it will try to determine which $! "C" compiler to use. $! $! P3, if defined, sets a TCP/IP library to use, through one of the following @@ -37,46 +37,87 @@ $! $! P4, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up) $! $! +$! P5, if defined, specifies the C pointer size. Ignored on VAX. +$! ("64=ARGV" gives more efficient code with HP C V7.3 or newer.) +$! Supported values are: +$! +$! "" Compile with default (/NOPOINTER_SIZE) +$! 32 Compile with /POINTER_SIZE=32 (SHORT) +$! 64 Compile with /POINTER_SIZE=64[=ARGV] (LONG[=ARGV]) +$! (Automatically select ARGV if compiler supports it.) +$! 64= Compile with /POINTER_SIZE=64 (LONG). +$! 64=ARGV Compile with /POINTER_SIZE=64=ARGV (LONG=ARGV). +$! +$! P6, if defined, specifies a directory where ZLIB files (zlib.h, +$! libz.olb) may be found. Optionally, a non-default object library +$! name may be included ("dev:[dir]libz_64.olb", for example). +$! +$! +$! Announce/identify. +$! +$ proc = f$environment( "procedure") +$ write sys$output "@@@ "+ - + f$parse( proc, , , "name")+ f$parse( proc, , , "type") +$! $! Define A TCP/IP Library That We Will Need To Link To. -$! (That is, If Wee Need To Link To One.) +$! (That is, If We Need To Link To One.) $! $ TCPIP_LIB = "" +$ ZLIB_LIB = "" $! $! Check Which Architecture We Are Using. $! -$ if (f$getsyi( "HW_MODEL") .lt. 1024) +$ if (f$getsyi( "cpu") .lt. 128) $ then -$ arch = "VAX" +$ ARCH = "VAX" $ else -$ arch = "" -$ arch = arch+ f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if (arch .eqs. "") then arch = "UNK" +$ ARCH = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") +$ if (ARCH .eqs. "") then ARCH = "UNK" $ endif $! -$! Define The OBJ and EXE Directories (EXE before CHECK_OPTIONS). -$! -$ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.TEST] -$ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.TEST] +$ ARCHD = ARCH +$ LIB32 = "32" +$ OPT_FILE = "" +$ POINTER_SIZE = "" $! $! Check To Make Sure We Have Valid Command Line Parameters. $! $ GOSUB CHECK_OPTIONS $! +$! Define The OBJ and EXE Directories. +$! +$ OBJ_DIR := SYS$DISK:[-.'ARCHD'.OBJ.TEST] +$ EXE_DIR := SYS$DISK:[-.'ARCHD'.EXE.TEST] +$! +$! Specify the destination directory in any /MAP option. +$! +$ if (LINKMAP .eqs. "MAP") +$ then +$ LINKMAP = LINKMAP+ "=''EXE_DIR'" +$ endif +$! +$! Add the location prefix to the linker options file name. +$! +$ if (OPT_FILE .nes. "") +$ then +$ OPT_FILE = EXE_DIR+ OPT_FILE +$ endif +$! $! Initialise logical names and such $! $ GOSUB INITIALISE $! $! Tell The User What Kind of Machine We Run On. $! -$ WRITE SYS$OUTPUT "Compiling On ''ARCH'." +$ WRITE SYS$OUTPUT "Host system architecture: ''ARCHD'" $! $! Define The CRYPTO-LIB We Are To Use. $! -$ CRYPTO_LIB := SYS$DISK:[-.'ARCH'.EXE.CRYPTO]LIBCRYPTO.OLB +$ CRYPTO_LIB := SYS$DISK:[-.'ARCHD'.EXE.CRYPTO]SSL_LIBCRYPTO'LIB32'.OLB $! $! Define The SSL We Are To Use. $! -$ SSL_LIB := SYS$DISK:[-.'ARCH'.EXE.SSL]LIBSSL.OLB +$ SSL_LIB := SYS$DISK:[-.'ARCHD'.EXE.SSL]SSL_LIBSSL'LIB32'.OLB $! $! Create the OBJ and EXE Directories, if needed. $! @@ -105,7 +146,7 @@ $ TEST_FILES = "BNTEST,ECTEST,ECDSATEST,ECDHTEST,IDEATEST,"+ - "MDC2TEST,RMDTEST,"+ - "RANDTEST,DHTEST,ENGINETEST,"+ - "BFTEST,CASTTEST,SSLTEST,EXPTEST,DSATEST,RSA_TEST,"+ - - "EVP_TEST,JPAKETEST" + "EVP_TEST,IGETEST,JPAKETEST,ASN1TEST" $! Should we add MTTEST,PQ_TEST,LH_TEST,DIVTEST,TABTEST as well? $! $! Additional directory information. @@ -139,8 +180,9 @@ $ T_D_EXPTEST := [-.crypto.bn] $ T_D_DSATEST := [-.crypto.dsa] $ T_D_RSA_TEST := [-.crypto.rsa] $ T_D_EVP_TEST := [-.crypto.evp] -$ T_D_JPAKETEST := [-.crypto.jpake] $ T_D_IGETEST := [-.test] +$ T_D_JPAKETEST := [-.crypto.jpake] +$ T_D_ASN1TEST := [-.test] $! $ TCPIP_PROGRAMS = ",," $ IF COMPILER .EQS. "VAXC" THEN - @@ -223,33 +265,15 @@ $! $! Link The Program, Check To See If We Need To Link With RSAREF Or Not. $! Check To See If We Are To Link With A Specific TCP/IP Library. $! -$ IF (TCPIP_LIB.NES."") -$ THEN -$! $! Don't Link With The RSAREF Routines And TCP/IP Library. $! -$ LINK /'DEBUGGER' /'TRACEBACK' /EXECTABLE = 'EXE_FILE' - - 'OBJECT_FILE', - - 'SSL_LIB' /LIBRARY, - - 'CRYPTO_LIB' /LIBRARY, - - 'TCPIP_LIB', - - 'OPT_FILE' /OPTIONS -$! -$! Else... -$! -$ ELSE -$! -$! Don't Link With The RSAREF Routines And Link With A TCP/IP Library. -$! -$ LINK /'DEBUGGER' /'TRACEBACK' /EXECUTABLE = 'EXE_FILE' - - 'OBJECT_FILE', - - 'SSL_LIB' /LIBRARY, - - 'CRYPTO_LIB' /LIBRARY, - - 'OPT_FILE' /OPTIONS -$! -$! End The TCP/IP Library Check. -$! -$ ENDIF +$ LINK /'DEBUGGER' /'LINKMAP' /'TRACEBACK' /EXECTABLE = 'EXE_FILE' - + 'OBJECT_FILE', - + 'SSL_LIB' /LIBRARY, - + 'CRYPTO_LIB' /LIBRARY - + 'TCPIP_LIB' - + 'ZLIB_LIB' - + ,'OPT_FILE' /OPTIONS $! $! Go Back And Do It Again. $! @@ -313,7 +337,7 @@ $! $ CREATE 'OPT_FILE' $DECK ! -! Default System Options File To Link Agianst +! Default System Options File To Link Against ! The Sharable C Runtime Library. ! GNU_CC:[000000]GCCLIB.OLB /LIBRARY @@ -348,7 +372,7 @@ $! $ CREATE 'OPT_FILE' $DECK ! -! Default System Options File To Link Agianst +! Default System Options File To Link Against ! The Sharable DEC C Runtime Library. ! SYS$SHARE:DECC$SHR.EXE /SHAREABLE @@ -363,7 +387,7 @@ $! $ CREATE 'OPT_FILE' $DECK ! -! Default System Options File For non-VAX To Link Agianst +! Default System Options File For non-VAX To Link Against ! The Sharable C Runtime Library. ! SYS$SHARE:CMA$OPEN_LIB_SHR.EXE /SHAREABLE @@ -442,19 +466,24 @@ $! Check The User's Options. $! $ CHECK_OPTIONS: $! +$! Set basic C compiler /INCLUDE directories. +$! +$ CC_INCLUDES = "SYS$DISK:[-],SYS$DISK:[-.CRYPTO]" +$! $! Check To See If P1 Is Blank. $! $ IF (P1.EQS."NODEBUG") $ THEN $! -$! P1 Is NODEBUG, So Compile Without Debugger Information. +$! P1 Is NODEBUG, So Compile Without Debugger Information. $! -$ DEBUGGER = "NODEBUG" -$ TRACEBACK = "NOTRACEBACK" -$ GCC_OPTIMIZE = "OPTIMIZE" -$ CC_OPTIMIZE = "OPTIMIZE" -$ WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile." -$ WRITE SYS$OUTPUT "Compiling With Compiler Optimization." +$ DEBUGGER = "NODEBUG" +$ LINKMAP = "NOMAP" +$ TRACEBACK = "NOTRACEBACK" +$ GCC_OPTIMIZE = "OPTIMIZE" +$ CC_OPTIMIZE = "OPTIMIZE" +$ WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile." +$ WRITE SYS$OUTPUT "Compiling With Compiler Optimization." $! $! Else... $! @@ -468,6 +497,7 @@ $! $! Compile With Debugger Information. $! $ DEBUGGER = "DEBUG" +$ LINKMAP = "MAP" $ TRACEBACK = "TRACEBACK" $ GCC_OPTIMIZE = "NOOPTIMIZE" $ CC_OPTIMIZE = "NOOPTIMIZE" @@ -478,7 +508,7 @@ $! Else... $! $ ELSE $! -$! Tell The User Entered An Invalid Option.. +$! Tell The User Entered An Invalid Option. $! $ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT "The Option ",P1," Is Invalid. The Valid Options Are:" @@ -491,11 +521,87 @@ $! Time To EXIT. $! $ EXIT $! -$! End The Valid Arguement Check. +$! End The Valid Argument Check. +$! +$ ENDIF +$! +$! End The P1 Check. +$! +$ ENDIF +$! +$! Check P5 (POINTER_SIZE). +$! +$ IF (P5 .NES. "") .AND. (ARCH .NES. "VAX") +$ THEN +$! +$ IF (P5 .EQS. "32") +$ THEN +$ POINTER_SIZE = " /POINTER_SIZE=32" +$ ELSE +$ POINTER_SIZE = F$EDIT( P5, "COLLAPSE, UPCASE") +$ IF ((POINTER_SIZE .EQS. "64") .OR. - + (POINTER_SIZE .EQS. "64=") .OR. - + (POINTER_SIZE .EQS. "64=ARGV")) +$ THEN +$ ARCHD = ARCH+ "_64" +$ LIB32 = "" +$ IF (F$EXTRACT( 2, 1, POINTER_SIZE) .EQS. "=") +$ THEN +$! Explicit user choice: "64" or "64=ARGV". +$ IF (POINTER_SIZE .EQS. "64=") THEN POINTER_SIZE = "64" +$ ELSE +$ SET NOON +$ DEFINE /USER_MODE SYS$OUTPUT NL: +$ DEFINE /USER_MODE SYS$ERROR NL: +$ CC /NOLIST /NOOBJECT /POINTER_SIZE=64=ARGV NL: +$ IF ($STATUS .AND. %X0FFF0000) .EQ. %X00030000 +$ THEN +$ ! If we got here, it means DCL complained like this: +$ ! %DCL-W-NOVALU, value not allowed - remove value specification +$ ! \64=\ +$ ! +$ ! If the compiler was run, logicals defined in /USER would +$ ! have been deassigned automatically. However, when DCL +$ ! complains, they aren't, so we do it here (it might be +$ ! unnecessary, but just in case there will be another error +$ ! message further on that we don't want to miss) +$ DEASSIGN /USER_MODE SYS$ERROR +$ DEASSIGN /USER_MODE SYS$OUTPUT +$ ELSE +$ POINTER_SIZE = POINTER_SIZE + "=ARGV" +$ ENDIF +$ SET ON +$ ENDIF +$ POINTER_SIZE = " /POINTER_SIZE=''POINTER_SIZE'" +$ ELSE +$! +$! Tell The User Entered An Invalid Option. +$! +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT "The Option ", P5, - + " Is Invalid. The Valid Options Are:" +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT - + " """" : Compile with default (short) pointers." +$ WRITE SYS$OUTPUT - + " 32 : Compile with 32-bit (short) pointers." +$ WRITE SYS$OUTPUT - + " 64 : Compile with 64-bit (long) pointers (auto ARGV)." +$ WRITE SYS$OUTPUT - + " 64= : Compile with 64-bit (long) pointers (no ARGV)." +$ WRITE SYS$OUTPUT - + " 64=ARGV : Compile with 64-bit (long) pointers (ARGV)." +$ WRITE SYS$OUTPUT "" +$! +$! Time To EXIT. +$! +$ EXIT +$! +$ ENDIF $! $ ENDIF $! -$! End The P2 Check. +$! End The P5 (POINTER_SIZE) Check. $! $ ENDIF $! @@ -599,11 +705,64 @@ $ CCDEFS = "TCPIP_TYPE_''P3'" $ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS $ CCEXTRAFLAGS = "" $ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS -$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR" +$ CCDISABLEWARNINGS = "" !!! "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR" $ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN - CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS $! -$! Check To See If The User Entered A Valid Paramter. +$! Check To See If We Have A ZLIB Option. +$! +$ ZLIB = P6 +$ IF (ZLIB .NES. "") +$ THEN +$! +$! Check for expected ZLIB files. +$! +$ err = 0 +$ file1 = f$parse( "zlib.h", ZLIB, , , "SYNTAX_ONLY") +$ if (f$search( file1) .eqs. "") +$ then +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid." +$ WRITE SYS$OUTPUT " Can't find header: ''file1'" +$ err = 1 +$ endif +$ file1 = f$parse( "A.;", ZLIB)- "A.;" +$! +$ file2 = f$parse( ZLIB, "libz.olb", , , "SYNTAX_ONLY") +$ if (f$search( file2) .eqs. "") +$ then +$ if (err .eq. 0) +$ then +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid." +$ endif +$ WRITE SYS$OUTPUT " Can't find library: ''file2'" +$ WRITE SYS$OUTPUT "" +$ err = err+ 2 +$ endif +$ if (err .eq. 1) +$ then +$ WRITE SYS$OUTPUT "" +$ endif +$! +$ if (err .ne. 0) +$ then +$ GOTO EXIT +$ endif +$! +$ CCDEFS = """ZLIB=1"", "+ CCDEFS +$ CC_INCLUDES = CC_INCLUDES+ ", "+ file1 +$ ZLIB_LIB = ", ''file2' /library" +$! +$! Print info +$! +$ WRITE SYS$OUTPUT "ZLIB library spec: ", file2 +$! +$! End The P8 Check. +$! +$ ENDIF +$! +$! Check To See If The User Entered A Valid Parameter. $! $ IF (P2.EQS."VAXC").OR.(P2.EQS."DECC").OR.(P2.EQS."GNUC") $ THEN @@ -626,13 +785,13 @@ $! $ CC = "CC" $ IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" - THEN CC = "CC /DECC" -$ CC = CC + "/''CC_OPTIMIZE' /''DEBUGGER' /STANDARD=ANSI89" + - - "/NOLIST /PREFIX=ALL" + - - "/INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + CCEXTRAFLAGS +$ CC = CC + " /''CC_OPTIMIZE' /''DEBUGGER' /STANDARD=RELAXED"+ - + "''POINTER_SIZE' /NOLIST /PREFIX=ALL" + - + " /INCLUDE=(''CC_INCLUDES') " + CCEXTRAFLAGS $! $! Define The Linker Options File Name. $! -$ OPT_FILE = "''EXE_DIR'VAX_DECC_OPTIONS.OPT" +$ OPT_FILE = "VAX_DECC_OPTIONS.OPT" $! $! End DECC Check. $! @@ -661,7 +820,7 @@ $ EXIT $ ENDIF $ IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC /VAXC" $ CC = CC + "/''CC_OPTIMIZE' /''DEBUGGER' /NOLIST" + - - "/INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + CCEXTRAFLAGS + "/INCLUDE=(''CC_INCLUDES')" + CCEXTRAFLAGS $ CCDEFS = CCDEFS + ",""VAXC""" $! $! Define <sys> As SYS$COMMON:[SYSLIB] @@ -670,7 +829,7 @@ $ DEFINE /NOLOG SYS SYS$COMMON:[SYSLIB] $! $! Define The Linker Options File Name. $! -$ OPT_FILE = "''EXE_DIR'VAX_VAXC_OPTIONS.OPT" +$ OPT_FILE = "VAX_VAXC_OPTIONS.OPT" $! $! End VAXC Check $! @@ -692,11 +851,11 @@ $! $! Use GNU C... $! $ CC = "GCC /NOCASE_HACK /''GCC_OPTIMIZE' /''DEBUGGER' /NOLIST" + - - "/INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + CCEXTRAFLAGS + "/INCLUDE=(''CC_INCLUDES')" + CCEXTRAFLAGS $! $! Define The Linker Options File Name. $! -$ OPT_FILE = "''EXE_DIR'VAX_GNUC_OPTIONS.OPT" +$ OPT_FILE = "VAX_GNUC_OPTIONS.OPT" $! $! End The GNU C Check. $! @@ -715,20 +874,20 @@ $ THEN $ CC4DISABLEWARNINGS = "DOLLARID" $ ELSE $ CC4DISABLEWARNINGS = CCDISABLEWARNINGS + ",DOLLARID" -$ CCDISABLEWARNINGS = "/WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))" +$ CCDISABLEWARNINGS = " /WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))" $ ENDIF -$ CC4DISABLEWARNINGS = "/WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))" +$ CC4DISABLEWARNINGS = " /WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))" $ ELSE $ CCDISABLEWARNINGS = "" $ CC4DISABLEWARNINGS = "" $ ENDIF -$ CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS +$ CC = CC + " /DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS $! $! Show user the result $! $ WRITE /SYMBOL SYS$OUTPUT "Main Compiling Command: ", CC $! -$! Else The User Entered An Invalid Arguement. +$! Else The User Entered An Invalid Argument. $! $ ELSE $! @@ -760,7 +919,7 @@ $ THEN $! $! Set the library to use SOCKETSHR $! -$ TCPIP_LIB = "SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT /OPTIONS" +$ TCPIP_LIB = ",SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT /OPTIONS" $! $! Done with SOCKETSHR $! @@ -786,13 +945,13 @@ $ THEN $! $! Set the library to use UCX. $! -$ TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT /OPTIONS" +$ TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT /OPTIONS" $ IF F$TRNLNM("UCX$IPC_SHR") .NES. "" $ THEN -$ TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT /OPTIONS" +$ TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT /OPTIONS" $ ELSE $ IF COMPILER .NES. "DECC" .AND. ARCH .EQS. "VAX" THEN - - TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT /OPTIONS" + TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT /OPTIONS" $ ENDIF $! $! Done with UCX @@ -806,7 +965,7 @@ $ THEN $! $! Set the library to use TCPIP (post UCX). $! -$ TCPIP_LIB = "SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT /OPTIONS" +$ TCPIP_LIB = ",SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT /OPTIONS" $! $! Done with TCPIP $! @@ -827,9 +986,9 @@ $ ENDIF $! $! Print info $! -$ WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB +$ WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB- "," $! -$! Else The User Entered An Invalid Arguement. +$! Else The User Entered An Invalid Argument. $! $ ELSE $! diff --git a/lib/libssl/src/test/tcrl.com b/lib/libssl/src/test/tcrl.com index 1f606eb8508..dd96a2b6dd7 100644 --- a/lib/libssl/src/test/tcrl.com +++ b/lib/libssl/src/test/tcrl.com @@ -1,14 +1,17 @@ $! TCRL.COM -- Tests crl keys $ -$ __arch := VAX +$ __arch = "VAX" $ if f$getsyi("cpu") .ge. 128 then - __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if __arch .eqs. "" then __arch := UNK -$ exe_dir := sys$disk:[-.'__arch'.exe.apps] +$ if __arch .eqs. "" then __arch = "UNK" +$! +$ if (p2 .eqs. "64") then __arch = __arch+ "_64" +$! +$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" $ -$ cmd := mcr 'exe_dir'openssl crl +$ cmd = "mcr ''exe_dir'openssl crl" $ -$ t := testcrl.pem +$ t = "testcrl.pem" $ if p1 .nes. "" then t = p1 $ $ write sys$output "testing CRL conversions" diff --git a/lib/libssl/src/test/testca.com b/lib/libssl/src/test/testca.com index ec7e56dad65..78cda9ec5a8 100644 --- a/lib/libssl/src/test/testca.com +++ b/lib/libssl/src/test/testca.com @@ -1,11 +1,13 @@ $! TESTCA.COM $ -$ __arch := VAX +$ __arch = "VAX" $ if f$getsyi("cpu") .ge. 128 then - __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if __arch .eqs. "" then __arch := UNK +$ if __arch .eqs. "" then __arch = "UNK" +$! +$ if (p1 .eqs. "64") then __arch = __arch+ "_64" $ -$ openssl := mcr 'exe_dir'openssl +$ openssl = "mcr ''exe_dir'openssl" $ $ SSLEAY_CONFIG="-config ""CAss.cnf""" $ diff --git a/lib/libssl/src/test/testenc.com b/lib/libssl/src/test/testenc.com index 621d9a21264..75acd6f07fa 100644 --- a/lib/libssl/src/test/testenc.com +++ b/lib/libssl/src/test/testenc.com @@ -1,13 +1,16 @@ $! TESTENC.COM -- Test encoding and decoding $ -$ __arch := VAX +$ __arch = "VAX" $ if f$getsyi("cpu") .ge. 128 then - __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if __arch .eqs. "" then __arch := UNK +$ if __arch .eqs. "" then __arch = "UNK" +$! +$ if (p1 .eqs. 64) then __arch = __arch+ "_64" $ -$ testsrc := makefile. -$ test := p.txt -$ cmd := mcr 'exe_dir'openssl +$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" +$ testsrc = "makefile." +$ test = "p.txt" +$ cmd = "mcr ''exe_dir'openssl" $ $ if f$search(test) .nes. "" then delete 'test';* $ convert/fdl=sys$input: 'testsrc' 'test' diff --git a/lib/libssl/src/test/testgen.com b/lib/libssl/src/test/testgen.com index a4bc574bec5..e076da2f306 100644 --- a/lib/libssl/src/test/testgen.com +++ b/lib/libssl/src/test/testgen.com @@ -1,14 +1,15 @@ -$! TETSGEN.COM +$! TESTGEN.COM $ -$ __arch := VAX +$ __arch = "VAX" $ if f$getsyi("cpu") .ge. 128 then - __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if __arch .eqs. "" then __arch := UNK -$ exe_dir := sys$disk:[-.'__arch'.exe.apps] +$ if __arch .eqs. "" then __arch = "UNK" +$ if (p1 .eqs. 64) then __arch = __arch+ "_64" +$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" $ -$ T := testcert +$ T = "testcert" $ KEY = 512 -$ CA := [-.certs]testca.pem +$ CA = "[-.certs]testca.pem" $ $ set noon $ if f$search(T+".1;*") .nes. "" then delete 'T'.1;* @@ -20,7 +21,8 @@ $ write sys$output "generating certificate request" $ $ append/new nl: .rnd $ open/append random_file .rnd -$ write random_file "string to make the random number generator think it has entropy" +$ write random_file - + "string to make the random number generator think it has entropy" $ close random_file $ $ set noon @@ -33,8 +35,10 @@ $ then $ req_new="-newkey dsa:[-.apps]dsa512.pem" $ else $ req_new="-new" -$ write sys$output "There should be a 2 sequences of .'s and some +'s." -$ write sys$output "There should not be more that at most 80 per line" +$ write sys$output - + "There should be a 2 sequences of .'s and some +'s." +$ write sys$output - + "There should not be more that at most 80 per line" $ endif $ $ write sys$output "This could take some time." diff --git a/lib/libssl/src/test/tests.com b/lib/libssl/src/test/tests.com index d151cd39553..373dd16eacb 100644 --- a/lib/libssl/src/test/tests.com +++ b/lib/libssl/src/test/tests.com @@ -1,22 +1,43 @@ $! TESTS.COM -- Performs the necessary tests $! $! P1 tests to be performed. Empty means all. -$ +$! P2 Pointer size: "", "32", or "64". +$! +$! Announce/identify. +$! +$ proc = f$environment( "procedure") +$ write sys$output "@@@ "+ - + f$parse( proc, , , "name")+ f$parse( proc, , , "type") +$! $ __proc = f$element(0,";",f$environment("procedure")) $ __here = f$parse(f$parse("A.;",__proc) - "A.;","[]A.;") - "A.;" $ __save_default = f$environment("default") -$ __arch := VAX +$ __arch = "VAX" $ if f$getsyi("cpu") .ge. 128 then - __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if __arch .eqs. "" then __arch := UNK -$ texe_dir := sys$disk:[-.'__arch'.exe.test] -$ exe_dir := sys$disk:[-.'__arch'.exe.apps] -$ -$ sslroot = f$parse("sys$disk:[-.apps];",,,,"syntax_only") - "].;"+ ".]" -$ define /translation_attributes = concealed sslroot 'sslroot' +$ if __arch .eqs. "" then __arch = "UNK" +$! +$ __archd = __arch +$ pointer_size = "" +$ if (p2 .eq. "64") +$ then +$ pointer_size = "64" +$ __archd = __arch+ "_64" +$ endif +$! +$ texe_dir := sys$disk:[-.'__archd'.exe.test] +$ exe_dir := sys$disk:[-.'__archd'.exe.apps] $ $ set default '__here' $ +$ ROOT = F$PARSE("sys$disk:[-]A.;0",,,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0" +$ ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY") +$ ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") - + - ".][000000" - "[000000." - "][" - "[" - "]" +$ ROOT = ROOT_DEV + "[" + ROOT_DIR +$ DEFINE/NOLOG SSLROOT 'ROOT'.APPS.] /TRANS=CONC +$ openssl_conf := sslroot:[000000]openssl-vms.cnf +$ $ on control_y then goto exit $ on error then goto exit $ @@ -70,17 +91,19 @@ $ ENGINETEST := enginetest $ EVPTEST := evp_test $ IGETEST := igetest $ JPAKETEST := jpaketest -$ +$ ASN1TEST := asn1test +$! $ tests_i = 0 $ loop_tests: $ tests_e = f$element(tests_i,",",tests) $ tests_i = tests_i + 1 $ if tests_e .eqs. "," then goto exit +$ write sys$output "---> ''tests_e'" $ gosub 'tests_e' $ goto loop_tests $ $ test_evp: -$ mcr 'texe_dir''evptest' evptests.txt +$ mcr 'texe_dir''evptest' 'ROOT'.CRYPTO.EVP]evptests.txt $ return $ test_des: $ mcr 'texe_dir''destest' @@ -132,68 +155,109 @@ $ test_rand: $ mcr 'texe_dir''randtest' $ return $ test_enc: -$ @testenc.com +$ @testenc.com 'pointer_size' $ return $ test_x509: -$ define sys$error nla0: +$ set noon +$ define sys$error test_x509.err $ write sys$output "test normal x509v1 certificate" -$ @tx509.com +$ @tx509.com "" 'pointer_size' $ write sys$output "test first x509v3 certificate" -$ @tx509.com v3-cert1.pem +$ @tx509.com v3-cert1.pem 'pointer_size' $ write sys$output "test second x509v3 certificate" -$ @tx509.com v3-cert2.pem +$ @tx509.com v3-cert2.pem 'pointer_size' $ deassign sys$error +$ set on $ return $ test_rsa: -$ define sys$error nla0: -$ @trsa.com +$ set noon +$ define sys$error test_rsa.err +$ @trsa.com "" 'pointer_size' $ deassign sys$error $ mcr 'texe_dir''rsatest' +$ set on $ return $ test_crl: -$ define sys$error nla0: -$ @tcrl.com +$ set noon +$ define sys$error test_crl.err +$ @tcrl.com "" 'pointer_size' $ deassign sys$error +$ set on $ return $ test_sid: -$ define sys$error nla0: -$ @tsid.com +$ set noon +$ define sys$error test_sid.err +$ @tsid.com "" 'pointer_size' $ deassign sys$error +$ set on $ return $ test_req: -$ define sys$error nla0: -$ @treq.com -$ @treq.com testreq2.pem +$ set noon +$ define sys$error test_req.err +$ @treq.com "" 'pointer_size' +$ @treq.com testreq2.pem 'pointer_size' $ deassign sys$error +$ set on $ return $ test_pkcs7: -$ define sys$error nla0: -$ @tpkcs7.com -$ @tpkcs7d.com +$ set noon +$ define sys$error test_pkcs7.err +$ @tpkcs7.com "" 'pointer_size' +$ @tpkcs7d.com "" 'pointer_size' $ deassign sys$error +$ set on $ return $ test_bn: -$ write sys$output "starting big number library test, could take a while..." -$ create bntest-vms.fdl +$ write sys$output - + "starting big number library test, could take a while..." +$ set noon +$ define sys$error test_bn.err +$ define sys$output test_bn.out +$ @ bctest.com +$ status = $status +$ deassign sys$error +$ deassign sys$output +$ set on +$ if (status) +$ then +$ create /fdl = sys$input bntest-vms.tmp +FILE + ORGANIZATION sequential +RECORD + FORMAT stream_lf +$ define /user_mode sys$output bntest-vms.tmp +$ mcr 'texe_dir''bntest' +$ define /user_mode sys$input bntest-vms.tmp +$ define /user_mode sys$output bntest-vms.out +$ bc +$ @ bntest.com bntest-vms.out +$ status = $status +$ if (status) +$ then +$ delete bntest-vms.out;* +$ delete bntest-vms.tmp;* +$ endif +$ else +$ create /fdl = sys$input bntest-vms.sh FILE ORGANIZATION sequential RECORD FORMAT stream_lf -$ create/fdl=bntest-vms.fdl bntest-vms.sh -$ open/append foo bntest-vms.sh -$ type/output=foo: sys$input: +$ open /append bntest_file bntest-vms.sh +$ type /output = bntest_file sys$input: << __FOO__ sh -c "`sh ./bctest`" | perl -e '$i=0; while (<STDIN>) {if (/^test (.*)/) {print STDERR "\nverify $1";} elsif (!/^0$/) {die "\nFailed! bc: $_";} else {print STDERR "."; $i++;}} print STDERR "\n$i tests passed\n"' -$ define/user sys$output bntest-vms.tmp -$ mcr 'texe_dir''bntest' -$ copy bntest-vms.tmp foo: -$ delete bntest-vms.tmp;* -$ type/output=foo: sys$input: +$ define /user_mode sys$output bntest-vms.tmp +$ mcr 'texe_dir''bntest' +$ copy bntest-vms.tmp bntest_file +$ delete bntest-vms.tmp;* +$ type /output = bntest_file sys$input: __FOO__ -$ close foo -$ write sys$output "-- copy the [.test]bntest-vms.sh and [.test]bctest files to a Unix system and" -$ write sys$output "-- run bntest-vms.sh through sh or bash to verify that the bignum operations" -$ write sys$output "-- went well." -$ write sys$output "" +$ close bntest_file +$ write sys$output "-- copy the [.test]bntest-vms.sh and [.test]bctest files to a Unix system and" +$ write sys$output "-- run bntest-vms.sh through sh or bash to verify that the bignum operations" +$ write sys$output "-- went well." +$ write sys$output "" +$ endif $ write sys$output "test a^b%c implementations" $ mcr 'texe_dir''exptest' $ return @@ -212,7 +276,7 @@ $ return $ test_verify: $ write sys$output "The following command should have some OK's and some failures" $ write sys$output "There are definitly a few expired certificates" -$ @tverify.com +$ @tverify.com 'pointer_size' $ return $ test_dh: $ write sys$output "Generate a set of DH parameters" @@ -224,7 +288,7 @@ $ mcr 'texe_dir''dsatest' $ return $ test_gen: $ write sys$output "Generate and verify a certificate request" -$ @testgen.com +$ @testgen.com 'pointer_size' $ return $ maybe_test_ss: $ testss_RDT = f$cvtime(f$file_attributes("testss.com","RDT")) @@ -237,7 +301,7 @@ $ if f$cvtime(f$file_attributes("certCA.ss","RDT")) .les. testss_RDT then - $ return $ test_ss: $ write sys$output "Generate and certify a test certificate" -$ @testss.com +$ @testss.com 'pointer_size' $ return $ test_engine: $ write sys$output "Manipulate the ENGINE structures" @@ -246,11 +310,11 @@ $ return $ test_ssl: $ write sys$output "test SSL protocol" $ gosub maybe_test_ss -$ @testssl.com keyU.ss certU.ss certCA.ss +$ @testssl.com keyU.ss certU.ss certCA.ss 'pointer_size' $ return $ test_ca: $ set noon -$ define/user sys$output nla0: +$ define /user_mode sys$output test_ca.out $ mcr 'exe_dir'openssl no-rsa $ save_severity=$SEVERITY $ set on @@ -259,7 +323,7 @@ $ then $ write sys$output "skipping CA.com test -- requires RSA" $ else $ write sys$output "Generate and certify a test certificate via the 'ca' program" -$ @testca.com +$ @testca.com 'pointer_size' $ endif $ return $ test_aes: @@ -268,7 +332,7 @@ $! !mcr 'texe_dir''aestest' $ return $ test_tsa: $ set noon -$ define/user sys$output nla0: +$ define /user_mode sys$output nla0: $ mcr 'exe_dir'openssl no-rsa $ save_severity=$SEVERITY $ set on @@ -276,7 +340,7 @@ $ if save_severity $ then $ write sys$output "skipping testtsa.com test -- requires RSA" $ else -$ @testtsa.com +$ @testtsa.com "" "" "" 'pointer_size' $ endif $ return $ test_ige: @@ -289,11 +353,14 @@ $ mcr 'texe_dir''jpaketest' $ return $ test_cms: $ write sys$output "CMS consistency test" +$ ! Define the logical name used to find openssl.exe in the perl script. +$ define /user_mode osslx 'exe_dir' $ perl CMS-TEST.PL $ return $ $ $ exit: +$ mcr 'exe_dir'openssl version -a $ set default '__save_default' $ deassign sslroot $ exit diff --git a/lib/libssl/src/test/testss.com b/lib/libssl/src/test/testss.com index 6598106b09d..32a74d0fc21 100644 --- a/lib/libssl/src/test/testss.com +++ b/lib/libssl/src/test/testss.com @@ -1,16 +1,19 @@ $! TESTSS.COM $ -$ __arch := VAX +$ __arch = "VAX" $ if f$getsyi("cpu") .ge. 128 then - __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if __arch .eqs. "" then __arch := UNK -$ exe_dir := sys$disk:[-.'__arch'.exe.apps] +$ if __arch .eqs. "" then __arch = "UNK" +$! +$ if (p1 .eqs. "64") then __arch = __arch+ "_64" +$! +$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" $ $ digest="-md5" -$ reqcmd := mcr 'exe_dir'openssl req -$ x509cmd := mcr 'exe_dir'openssl x509 'digest' -$ verifycmd := mcr 'exe_dir'openssl verify -$ dummycnf := sys$disk:[-.apps]openssl-vms.cnf +$ reqcmd = "mcr ''exe_dir'openssl req" +$ x509cmd = "mcr ''exe_dir'openssl x509 ''digest'" +$ verifycmd = "mcr ''exe_dir'openssl verify" +$ dummycnf = "sys$disk:[-.apps]openssl-vms.cnf" $ $ CAkey="""keyCA.ss""" $ CAcert="""certCA.ss""" diff --git a/lib/libssl/src/test/testssl.com b/lib/libssl/src/test/testssl.com index 9c83afba047..f19edc4719f 100644 --- a/lib/libssl/src/test/testssl.com +++ b/lib/libssl/src/test/testssl.com @@ -1,11 +1,14 @@ $! TESTSSL.COM $ -$ __arch := VAX +$ __arch = "VAX" $ if f$getsyi("cpu") .ge. 128 then - __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if __arch .eqs. "" then __arch := UNK -$ texe_dir := sys$disk:[-.'__arch'.exe.test] -$ exe_dir := sys$disk:[-.'__arch'.exe.apps] +$ if __arch .eqs. "" then __arch = "UNK" +$! +$ if (p4 .eqs. "64") then __arch = __arch+ "_64" +$! +$ texe_dir = "sys$disk:[-.''__arch'.exe.test]" +$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" $ $ if p1 .eqs. "" $ then @@ -19,21 +22,21 @@ $ cert="[-.apps]server.pem" $ else $ cert=p2 $ endif -$ ssltest := mcr 'texe_dir'ssltest -key 'key' -cert 'cert' -c_key 'key' -c_cert 'cert' -$ +$ ssltest = "mcr ''texe_dir'ssltest -key ''key'"+ - + " -cert ''cert' -c_key ''key' -c_cert ''cert'" +$! +$ set noon $ define/user sys$output testssl-x509-output. $ define/user sys$error nla0: $ mcr 'exe_dir'openssl x509 -in 'cert' -text -noout -$ set noon $ define/user sys$error nla0: $ search/output=nla0: testssl-x509-output. "DSA Public Key"/exact $ if $severity .eq. 1 $ then -$ dsa_cert := YES +$ dsa_cert = "YES" $ else -$ dsa_cert := NO +$ dsa_cert = "NO" $ endif -$ set on $ delete testssl-x509-output.;* $ $ if p3 .eqs. "" @@ -161,14 +164,12 @@ $ if $severity .ne. 1 then goto exit3 $ $!########################################################################### $ -$ set noon $ define/user sys$output nla0: $ mcr 'exe_dir'openssl no-rsa $ no_rsa=$SEVERITY $ define/user sys$output nla0: $ mcr 'exe_dir'openssl no-dh $ no_dh=$SEVERITY -$ set on $ $ if no_dh $ then @@ -203,4 +204,5 @@ $ exit3: $ RET = 3 $ exit: $ if p3 .eqs. "" then delete certs.tmp;* +$ set on $ exit 'RET' diff --git a/lib/libssl/src/test/tpkcs7.com b/lib/libssl/src/test/tpkcs7.com index e107cc141a8..3fc4982bb00 100644 --- a/lib/libssl/src/test/tpkcs7.com +++ b/lib/libssl/src/test/tpkcs7.com @@ -1,14 +1,17 @@ $! TPKCS7.COM -- Tests pkcs7 keys $ -$ __arch := VAX +$ __arch = "VAX" $ if f$getsyi("cpu") .ge. 128 then - __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if __arch .eqs. "" then __arch := UNK -$ exe_dir := sys$disk:[-.'__arch'.exe.apps] +$ if __arch .eqs. "" then __arch = "UNK" +$! +$ if (p2 .eqs. "64") then __arch = __arch+ "_64" +$! +$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" $ -$ cmd := mcr 'exe_dir'openssl pkcs7 +$ cmd = "mcr ''exe_dir'openssl pkcs7" $ -$ t := testp7.pem +$ t = "testp7.pem" $ if p1 .nes. "" then t = p1 $ $ write sys$output "testing PKCS7 conversions" diff --git a/lib/libssl/src/test/tpkcs7d.com b/lib/libssl/src/test/tpkcs7d.com index 5ff653ccee0..eea8c888ee6 100644 --- a/lib/libssl/src/test/tpkcs7d.com +++ b/lib/libssl/src/test/tpkcs7d.com @@ -1,14 +1,17 @@ $! TPKCS7.COM -- Tests pkcs7 keys $ -$ __arch := VAX +$ __arch = "VAX" $ if f$getsyi("cpu") .ge. 128 then - __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if __arch .eqs. "" then __arch := UNK -$ exe_dir := sys$disk:[-.'__arch'.exe.apps] +$ if __arch .eqs. "" then __arch = "UNK" +$! +$ if (p2 .eqs. "64") then __arch = __arch+ "_64" +$! +$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" $ -$ cmd := mcr 'exe_dir'openssl pkcs7 +$ cmd = "mcr ''exe_dir'openssl pkcs7" $ -$ t := pkcs7-1.pem +$ t = "pkcs7-1.pem" $ if p1 .nes. "" then t = p1 $ $ write sys$output "testing PKCS7 conversions (2)" diff --git a/lib/libssl/src/test/treq.com b/lib/libssl/src/test/treq.com index d2594be6a7e..acf08b79efd 100644 --- a/lib/libssl/src/test/treq.com +++ b/lib/libssl/src/test/treq.com @@ -1,14 +1,17 @@ $! TREQ.COM -- Tests req keys $ -$ __arch := VAX +$ __arch = "VAX" $ if f$getsyi("cpu") .ge. 128 then - __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if __arch .eqs. "" then __arch := UNK -$ exe_dir := sys$disk:[-.'__arch'.exe.apps] +$ if __arch .eqs. "" then __arch = "UNK" +$! +$ if (p2 .eqs. "64") then __arch = __arch+ "_64" +$! +$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" $ -$ cmd := mcr 'exe_dir'openssl req -config [-.apps]openssl-vms.cnf +$ cmd = "mcr ''exe_dir'openssl req -config [-.apps]openssl-vms.cnf" $ -$ t := testreq.pem +$ t = "testreq.pem" $ if p1 .nes. "" then t = p1 $ $ write sys$output "testing req conversions" diff --git a/lib/libssl/src/test/trsa.com b/lib/libssl/src/test/trsa.com index d3a8a605b78..54180843ee0 100644 --- a/lib/libssl/src/test/trsa.com +++ b/lib/libssl/src/test/trsa.com @@ -1,10 +1,13 @@ $! TRSA.COM -- Tests rsa keys $ -$ __arch := VAX +$ __arch = "VAX" $ if f$getsyi("cpu") .ge. 128 then - __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if __arch .eqs. "" then __arch := UNK -$ exe_dir := sys$disk:[-.'__arch'.exe.apps] +$ if __arch .eqs. "" then __arch = "UNK" +$! +$ if (p2 .eqs. "64") then __arch = __arch+ "_64" +$! +$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" $ $ set noon $ define/user sys$output nla0: @@ -17,9 +20,9 @@ $ write sys$output "skipping RSA conversion test" $ exit $ endif $ -$ cmd := mcr 'exe_dir'openssl rsa +$ cmd = "mcr ''exe_dir'openssl rsa" $ -$ t := testrsa.pem +$ t = "testrsa.pem" $ if p1 .nes. "" then t = p1 $ $ write sys$output "testing RSA conversions" diff --git a/lib/libssl/src/test/tsid.com b/lib/libssl/src/test/tsid.com index 267ace11353..b6c4e49473e 100644 --- a/lib/libssl/src/test/tsid.com +++ b/lib/libssl/src/test/tsid.com @@ -1,14 +1,17 @@ $! TSID.COM -- Tests sid keys $ -$ __arch := VAX +$ __arch = "VAX" $ if f$getsyi("cpu") .ge. 128 then - __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if __arch .eqs. "" then __arch := UNK -$ exe_dir := sys$disk:[-.'__arch'.exe.apps] +$ if __arch .eqs. "" then __arch = "UNK" +$! +$ if (p2 .eqs. "64") then __arch = __arch+ "_64" +$! +$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" $ -$ cmd := mcr 'exe_dir'openssl sess_id +$ cmd = "mcr ''exe_dir'openssl sess_id" $ -$ t := testsid.pem +$ t = "testsid.pem" $ if p1 .nes. "" then t = p1 $ $ write sys$output "testing session-id conversions" diff --git a/lib/libssl/src/test/tverify.com b/lib/libssl/src/test/tverify.com index 01431f4aac1..d888344637e 100644 --- a/lib/libssl/src/test/tverify.com +++ b/lib/libssl/src/test/tverify.com @@ -1,13 +1,15 @@ $! TVERIFY.COM $ -$ __arch := VAX +$ __arch = "VAX" $ if f$getsyi("cpu") .ge. 128 then - __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if __arch .eqs. "" then __arch := UNK +$ if __arch .eqs. "" then __arch = "UNK" +$! +$ if (p1 .eqs. "64") then __arch = __arch+ "_64" $! $ line_max = 255 ! Could be longer on modern non-VAX. $ temp_file_name = "certs_"+ f$getjpi( "", "PID")+ ".tmp" -$ exe_dir := sys$disk:[-.'__arch'.exe.apps] +$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" $ cmd = "mcr ''exe_dir'openssl verify ""-CAfile"" ''temp_file_name'" $ cmd_len = f$length( cmd) $ pems = "[-.certs...]*.pem" @@ -19,7 +21,7 @@ $! $! Loop through all the certificate files. $! $ args = "" -$ old_f := +$ old_f = "" $ loop_file: $ f = f$search( pems) $ if ((f .nes. "") .and. (f .nes. old_f)) diff --git a/lib/libssl/src/test/tx509.com b/lib/libssl/src/test/tx509.com index 399eb014901..93ce988b418 100644 --- a/lib/libssl/src/test/tx509.com +++ b/lib/libssl/src/test/tx509.com @@ -1,14 +1,17 @@ $! TX509.COM -- Tests x509 certificates $ -$ __arch := VAX +$ __arch = "VAX" $ if f$getsyi("cpu") .ge. 128 then - __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if __arch .eqs. "" then __arch := UNK -$ exe_dir := sys$disk:[-.'__arch'.exe.apps] +$ if __arch .eqs. "" then __arch = "UNK" +$! +$ if (p2 .eqs. "64") then __arch = __arch+ "_64" +$! +$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" $ -$ cmd := mcr 'exe_dir'openssl x509 +$ cmd = "mcr ''exe_dir'openssl x509" $ -$ t := testx509.pem +$ t = "testx509.pem" $ if p1 .nes. "" then t = p1 $ $ write sys$output "testing X509 conversions" diff --git a/lib/libssl/src/util/cygwin.sh b/lib/libssl/src/util/cygwin.sh index a4f2e740b42..d6228521e66 100644 --- a/lib/libssl/src/util/cygwin.sh +++ b/lib/libssl/src/util/cygwin.sh @@ -8,7 +8,7 @@ #set -x CONFIG_OPTIONS="--prefix=/usr shared zlib no-idea no-rc5" -INSTALL_PREFIX=/tmp/install +INSTALL_PREFIX=/tmp/install/INSTALL VERSION= SUBVERSION=$1 @@ -124,8 +124,12 @@ strip usr/bin/*.exe usr/bin/*.dll usr/lib/engines/*.so chmod u-w usr/lib/engines/*.so # Runtime package -find etc usr/bin usr/lib/engines usr/share/doc usr/ssl/certs \ - usr/ssl/man/man[157] usr/ssl/misc usr/ssl/openssl.cnf usr/ssl/private \ +tar cjf libopenssl${VERSION//[!0-9]/}-${VERSION}-${SUBVERSION}.tar.bz2 \ + usr/bin/cyg*dll +# Base package +find etc usr/bin/openssl.exe usr/bin/c_rehash usr/lib/engines usr/share/doc \ + usr/ssl/certs usr/ssl/man/man[157] usr/ssl/misc usr/ssl/openssl.cnf \ + usr/ssl/private \ -empty -o \! -type d | tar cjfT openssl-${VERSION}-${SUBVERSION}.tar.bz2 - # Development package @@ -135,6 +139,7 @@ tar cjfT openssl-devel-${VERSION}-${SUBVERSION}.tar.bz2 - ls -l openssl-${VERSION}-${SUBVERSION}.tar.bz2 ls -l openssl-devel-${VERSION}-${SUBVERSION}.tar.bz2 +ls -l libopenssl${VERSION//[!0-9]/}-${VERSION}-${SUBVERSION}.tar.bz2 cleanup diff --git a/lib/libssl/src/util/libeay.num b/lib/libssl/src/util/libeay.num index c68047e9557..1467ab62433 100644 --- a/lib/libssl/src/util/libeay.num +++ b/lib/libssl/src/util/libeay.num @@ -4178,4 +4178,20 @@ UI_method_get_prompt_constructr 4550 EXIST:VMS:FUNCTION: UI_method_set_prompt_constructor 4551 EXIST:!VMS:FUNCTION: UI_method_set_prompt_constructr 4551 EXIST:VMS:FUNCTION: EVP_read_pw_string_min 4552 EXIST::FUNCTION: -ENGINE_load_aesni 4553 EXIST::FUNCTION:ENGINE +CRYPTO_cts128_encrypt 4553 EXIST::FUNCTION: +CRYPTO_cts128_decrypt_block 4554 EXIST::FUNCTION: +CRYPTO_cfb128_1_encrypt 4555 EXIST::FUNCTION: +CRYPTO_cbc128_encrypt 4556 EXIST::FUNCTION: +CRYPTO_ctr128_encrypt 4557 EXIST::FUNCTION: +CRYPTO_ofb128_encrypt 4558 EXIST::FUNCTION: +CRYPTO_cts128_decrypt 4559 EXIST::FUNCTION: +CRYPTO_cts128_encrypt_block 4560 EXIST::FUNCTION: +CRYPTO_cbc128_decrypt 4561 EXIST::FUNCTION: +CRYPTO_cfb128_encrypt 4562 EXIST::FUNCTION: +CRYPTO_cfb128_8_encrypt 4563 EXIST::FUNCTION: +OPENSSL_strcasecmp 4564 EXIST::FUNCTION: +OPENSSL_memcmp 4565 EXIST::FUNCTION: +OPENSSL_strncasecmp 4566 EXIST::FUNCTION: +OPENSSL_gmtime 4567 EXIST::FUNCTION: +OPENSSL_gmtime_adj 4568 EXIST::FUNCTION: +ENGINE_load_aesni 4569 EXIST::FUNCTION:ENGINE diff --git a/lib/libssl/src/util/mk1mf.pl b/lib/libssl/src/util/mk1mf.pl index 780029a03fd..1dcef2b8a24 100644 --- a/lib/libssl/src/util/mk1mf.pl +++ b/lib/libssl/src/util/mk1mf.pl @@ -13,6 +13,7 @@ $banner="\t\@echo Building OpenSSL"; my $no_static_engine = 1; my $engines = ""; +my $otherlibs = ""; local $zlib_opt = 0; # 0 = no zlib, 1 = static, 2 = dynamic local $zlib_lib = ""; local $perl_asm = 0; # 1 to autobuild asm files from perl scripts @@ -266,6 +267,7 @@ $cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5; $cflags.=" -DOPENSSL_NO_EC" if $no_ec; $cflags.=" -DOPENSSL_NO_ECDSA" if $no_ecdsa; $cflags.=" -DOPENSSL_NO_ECDH" if $no_ecdh; +$cflags.=" -DOPENSSL_NO_GOST" if $no_gost; $cflags.=" -DOPENSSL_NO_ENGINE" if $no_engine; $cflags.=" -DOPENSSL_NO_HW" if $no_hw; $cflags.=" -DOPENSSL_NO_JPAKE" if $no_jpake; @@ -356,6 +358,12 @@ for (;;) $lib=$val; $lib =~ s/^.*\/([^\/]+)$/$1/; } + if ($key eq "LIBNAME" && $no_static_engine) + { + $lib=$val; + $lib =~ s/^.*\/([^\/]+)$/$1/; + $otherlibs .= " $lib"; + } if ($key eq "EXHEADER") { $exheader.=&var_add($dir,$val, 1); } @@ -658,7 +666,7 @@ foreach (split(/\s+/,$test)) $rules.=&do_link_rule("\$(TEST_D)$o$t$exep",$tt,"\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)"); } -$defs.=&do_defs("E_SHLIB",$engines,"\$(ENG_D)",$shlibp); +$defs.=&do_defs("E_SHLIB",$engines . $otherlibs,"\$(ENG_D)",$shlibp); foreach (split(/\s+/,$engines)) { @@ -671,6 +679,14 @@ foreach (split(/\s+/,$engines)) $rules.= &do_lib_rule("\$(SSLOBJ)","\$(O_SSL)",$ssl,$shlib,"\$(SO_SSL)"); $rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)"); +foreach (split(" ",$otherlibs)) + { + my $uc = $_; + $uc =~ tr /a-z/A-Z/; + $rules.= &do_lib_rule("\$(${uc}OBJ)","\$(ENG_D)$o$_$shlibp", "", $shlib, ""); + + } + $rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)"); print $defs; @@ -708,6 +724,7 @@ sub var_add return("") if $no_dsa && $dir =~ /\/dsa/; return("") if $no_dh && $dir =~ /\/dh/; return("") if $no_ec && $dir =~ /\/ec/; + return("") if $no_gost && $dir =~ /\/ccgost/; return("") if $no_cms && $dir =~ /\/cms/; return("") if $no_jpake && $dir =~ /\/jpake/; if ($no_des && $dir =~ /\/des/) @@ -1047,6 +1064,7 @@ sub read_options "no-ec" => \$no_ec, "no-ecdsa" => \$no_ecdsa, "no-ecdh" => \$no_ecdh, + "no-gost" => \$no_gost, "no-engine" => \$no_engine, "no-hw" => \$no_hw, "just-ssl" => diff --git a/lib/libssl/src/util/mkdef.pl b/lib/libssl/src/util/mkdef.pl index a4a17e3ae9f..ab473290974 100644 --- a/lib/libssl/src/util/mkdef.pl +++ b/lib/libssl/src/util/mkdef.pl @@ -257,6 +257,8 @@ $ssl.=" ssl/tls1.h"; my $crypto ="crypto/crypto.h"; $crypto.=" crypto/o_dir.h"; +$crypto.=" crypto/o_str.h"; +$crypto.=" crypto/o_time.h"; $crypto.=" crypto/des/des.h crypto/des/des_old.h" ; # unless $no_des; $crypto.=" crypto/idea/idea.h" ; # unless $no_idea; $crypto.=" crypto/rc4/rc4.h" ; # unless $no_rc4; @@ -316,6 +318,7 @@ $crypto.=" crypto/krb5/krb5_asn.h"; $crypto.=" crypto/pqueue/pqueue.h"; $crypto.=" crypto/cms/cms.h"; $crypto.=" crypto/jpake/jpake.h"; +$crypto.=" crypto/modes/modes.h"; my $symhacks="crypto/symhacks.h"; diff --git a/lib/libssl/src/util/mkerr.pl b/lib/libssl/src/util/mkerr.pl index 15b774f2772..2c99467d340 100644 --- a/lib/libssl/src/util/mkerr.pl +++ b/lib/libssl/src/util/mkerr.pl @@ -391,7 +391,7 @@ foreach $lib (keys %csrc) } else { push @out, "/* ====================================================================\n", -" * Copyright (c) 2001-2010 The OpenSSL Project. All rights reserved.\n", +" * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved.\n", " *\n", " * Redistribution and use in source and binary forms, with or without\n", " * modification, are permitted provided that the following conditions\n", @@ -576,7 +576,7 @@ EOF print OUT <<"EOF"; /* $cfile */ /* ==================================================================== - * Copyright (c) 1999-2010 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/lib/libssl/src/util/mkstack.pl b/lib/libssl/src/util/mkstack.pl index 6a43757c95b..f708610a788 100644 --- a/lib/libssl/src/util/mkstack.pl +++ b/lib/libssl/src/util/mkstack.pl @@ -104,25 +104,25 @@ EOF #define sk_${t1}_new(cmp) ((STACK_OF($t1) *)sk_new(CHECKED_SK_CMP_FUNC($t2, cmp))) #define sk_${t1}_new_null() ((STACK_OF($t1) *)sk_new_null()) -#define sk_${t1}_push(st, val) sk_push(CHECKED_PTR_OF(STACK_OF($t1), st), CHECKED_PTR_OF($t2, val)) -#define sk_${t1}_find(st, val) sk_find(CHECKED_PTR_OF(STACK_OF($t1), st), CHECKED_PTR_OF($t2, val)) -#define sk_${t1}_value(st, i) (($t1)sk_value(CHECKED_PTR_OF(STACK_OF($t1), st), i)) +#define sk_${t1}_push(st, val) sk_push(CHECKED_STACK_OF($t1, st), CHECKED_PTR_OF($t2, val)) +#define sk_${t1}_find(st, val) sk_find(CHECKED_STACK_OF($t1, st), CHECKED_PTR_OF($t2, val)) +#define sk_${t1}_value(st, i) (($t1)sk_value(CHECKED_STACK_OF($t1, st), i)) #define sk_${t1}_num(st) SKM_sk_num($t1, st) -#define sk_${t1}_pop_free(st, free_func) sk_pop_free(CHECKED_PTR_OF(STACK_OF($t1), st), CHECKED_SK_FREE_FUNC2($t1, free_func)) -#define sk_${t1}_insert(st, val, i) sk_insert(CHECKED_PTR_OF(STACK_OF($t1), st), CHECKED_PTR_OF($t2, val), i) +#define sk_${t1}_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF($t1, st), CHECKED_SK_FREE_FUNC2($t1, free_func)) +#define sk_${t1}_insert(st, val, i) sk_insert(CHECKED_STACK_OF($t1, st), CHECKED_PTR_OF($t2, val), i) #define sk_${t1}_free(st) SKM_sk_free(${t1}, st) -#define sk_${t1}_set(st, i, val) sk_set((_STACK *)CHECKED_PTR_OF(STACK_OF($t1), st), i, CHECKED_PTR_OF($t2, val)) +#define sk_${t1}_set(st, i, val) sk_set(CHECKED_STACK_OF($t1, st), i, CHECKED_PTR_OF($t2, val)) #define sk_${t1}_zero(st) SKM_sk_zero($t1, (st)) -#define sk_${t1}_unshift(st, val) sk_unshift((_STACK *)CHECKED_PTR_OF(STACK_OF($t1), st), CHECKED_PTR_OF($t2, val)) +#define sk_${t1}_unshift(st, val) sk_unshift(CHECKED_STACK_OF($t1, st), CHECKED_PTR_OF($t2, val)) #define sk_${t1}_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF($t1), st), CHECKED_CONST_PTR_OF($t2, val)) #define sk_${t1}_delete(st, i) SKM_sk_delete($t1, (st), (i)) -#define sk_${t1}_delete_ptr(st, ptr) ($t1 *)sk_delete_ptr((_STACK *)CHECKED_PTR_OF(STACK_OF($t1), st), CHECKED_PTR_OF($t2, ptr)) +#define sk_${t1}_delete_ptr(st, ptr) ($t1 *)sk_delete_ptr(CHECKED_STACK_OF($t1, st), CHECKED_PTR_OF($t2, ptr)) #define sk_${t1}_set_cmp_func(st, cmp) \\ ((int (*)(const $t2 * const *,const $t2 * const *)) \\ - sk_set_cmp_func((_STACK *)CHECKED_PTR_OF(STACK_OF($t1), st), CHECKED_SK_CMP_FUNC($t2, cmp))) + sk_set_cmp_func(CHECKED_STACK_OF($t1, st), CHECKED_SK_CMP_FUNC($t2, cmp))) #define sk_${t1}_dup(st) SKM_sk_dup($t1, st) #define sk_${t1}_shift(st) SKM_sk_shift($t1, (st)) -#define sk_${t1}_pop(st) ($t2 *)sk_pop((_STACK *)CHECKED_PTR_OF(STACK_OF($t1), st)) +#define sk_${t1}_pop(st) ($t2 *)sk_pop(CHECKED_STACK_OF($t1, st)) #define sk_${t1}_sort(st) SKM_sk_sort($t1, (st)) #define sk_${t1}_is_sorted(st) SKM_sk_is_sorted($t1, (st)) diff --git a/lib/libssl/src/util/pl/VC-32.pl b/lib/libssl/src/util/pl/VC-32.pl index c3e29fda965..5f25fc41bfa 100644 --- a/lib/libssl/src/util/pl/VC-32.pl +++ b/lib/libssl/src/util/pl/VC-32.pl @@ -138,8 +138,8 @@ else } # generate symbols.pdb unconditionally -$app_cflag.=" /Zi /Fd$tmp_def/app"; -$lib_cflag.=" /Zi /Fd$tmp_def/lib"; +$app_cflag.=" /Zi /Fd\$(TMP_D)/app"; +$lib_cflag.=" /Zi /Fd\$(TMP_D)/lib"; $lflags.=" /debug"; $obj='.obj'; @@ -195,7 +195,7 @@ if ($FLAVOR =~ /WIN64A/) { my $ver=`nasm -v 2>NUL`; my $vew=`nasmw -v 2>NUL`; # pick newest version - $asm=($ver gt $vew?"nasm":"nasmw")." -f win32"; + $asm=($ver ge $vew?"nasm":"nasmw")." -f win32"; $asmtype="win32n"; $afile='-o '; } else { |