Import OpenSSL 1.0.2k.
This commit is contained in:
parent
e656c34a18
commit
5315173646
61
CHANGES
61
CHANGES
@ -2,6 +2,67 @@
|
||||
OpenSSL CHANGES
|
||||
_______________
|
||||
|
||||
Changes between 1.0.2j and 1.0.2k [26 Jan 2017]
|
||||
|
||||
*) Truncated packet could crash via OOB read
|
||||
|
||||
If one side of an SSL/TLS path is running on a 32-bit host and a specific
|
||||
cipher is being used, then a truncated packet can cause that host to
|
||||
perform an out-of-bounds read, usually resulting in a crash.
|
||||
|
||||
This issue was reported to OpenSSL by Robert Święcki of Google.
|
||||
(CVE-2017-3731)
|
||||
[Andy Polyakov]
|
||||
|
||||
*) BN_mod_exp may produce incorrect results on x86_64
|
||||
|
||||
There is a carry propagating bug in the x86_64 Montgomery squaring
|
||||
procedure. No EC algorithms are affected. Analysis suggests that attacks
|
||||
against RSA and DSA as a result of this defect would be very difficult to
|
||||
perform and are not believed likely. Attacks against DH are considered just
|
||||
feasible (although very difficult) because most of the work necessary to
|
||||
deduce information about a private key may be performed offline. The amount
|
||||
of resources required for such an attack would be very significant and
|
||||
likely only accessible to a limited number of attackers. An attacker would
|
||||
additionally need online access to an unpatched system using the target
|
||||
private key in a scenario with persistent DH parameters and a private
|
||||
key that is shared between multiple clients. For example this can occur by
|
||||
default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very
|
||||
similar to CVE-2015-3193 but must be treated as a separate problem.
|
||||
|
||||
This issue was reported to OpenSSL by the OSS-Fuzz project.
|
||||
(CVE-2017-3732)
|
||||
[Andy Polyakov]
|
||||
|
||||
*) Montgomery multiplication may produce incorrect results
|
||||
|
||||
There is a carry propagating bug in the Broadwell-specific Montgomery
|
||||
multiplication procedure that handles input lengths divisible by, but
|
||||
longer than 256 bits. Analysis suggests that attacks against RSA, DSA
|
||||
and DH private keys are impossible. This is because the subroutine in
|
||||
question is not used in operations with the private key itself and an input
|
||||
of the attacker's direct choice. Otherwise the bug can manifest itself as
|
||||
transient authentication and key negotiation failures or reproducible
|
||||
erroneous outcome of public-key operations with specially crafted input.
|
||||
Among EC algorithms only Brainpool P-512 curves are affected and one
|
||||
presumably can attack ECDH key negotiation. Impact was not analyzed in
|
||||
detail, because pre-requisites for attack are considered unlikely. Namely
|
||||
multiple clients have to choose the curve in question and the server has to
|
||||
share the private key among them, neither of which is default behaviour.
|
||||
Even then only clients that chose the curve will be affected.
|
||||
|
||||
This issue was publicly reported as transient failures and was not
|
||||
initially recognized as a security issue. Thanks to Richard Morgan for
|
||||
providing reproducible case.
|
||||
(CVE-2016-7055)
|
||||
[Andy Polyakov]
|
||||
|
||||
*) OpenSSL now fails if it receives an unrecognised record type in TLS1.0
|
||||
or TLS1.1. Previously this only happened in SSLv3 and TLS1.2. This is to
|
||||
prevent issues where no progress is being made and the peer continually
|
||||
sends unrecognised record types, using up resources processing them.
|
||||
[Matt Caswell]
|
||||
|
||||
Changes between 1.0.2i and 1.0.2j [26 Sep 2016]
|
||||
|
||||
*) Missing CRL sanity check
|
||||
|
55
CONTRIBUTING
55
CONTRIBUTING
@ -1,4 +1,4 @@
|
||||
HOW TO CONTRIBUTE TO PATCHES OpenSSL
|
||||
HOW TO CONTRIBUTE PATCHES TO OpenSSL
|
||||
------------------------------------
|
||||
|
||||
(Please visit https://www.openssl.org/community/getting-started.html for
|
||||
@ -11,34 +11,12 @@ OpenSSL community you might want to discuss it on the openssl-dev mailing
|
||||
list first. Someone may be already working on the same thing or there
|
||||
may be a good reason as to why that feature isn't implemented.
|
||||
|
||||
The best way to submit a patch is to make a pull request on GitHub.
|
||||
(It is not necessary to send mail to rt@openssl.org to open a ticket!)
|
||||
If you think the patch could use feedback from the community, please
|
||||
start a thread on openssl-dev.
|
||||
To submit a patch, make a pull request on GitHub. If you think the patch
|
||||
could use feedback from the community, please start a thread on openssl-dev
|
||||
to discuss it.
|
||||
|
||||
You can also submit patches by sending it as mail to rt@openssl.org.
|
||||
Please include the word "PATCH" and an explanation of what the patch
|
||||
does in the subject line. If you do this, our preferred format is "git
|
||||
format-patch" output. For example to provide a patch file containing the
|
||||
last commit in your local git repository use the following command:
|
||||
|
||||
% git format-patch --stdout HEAD^ >mydiffs.patch
|
||||
|
||||
Another method of creating an acceptable patch file without using git is as
|
||||
follows:
|
||||
|
||||
% cd openssl-work
|
||||
...make your changes...
|
||||
% ./Configure dist; make clean
|
||||
% cd ..
|
||||
% diff -ur openssl-orig openssl-work >mydiffs.patch
|
||||
|
||||
Note that pull requests are generally easier for the team, and community, to
|
||||
work with. Pull requests benefit from all of the standard GitHub features,
|
||||
including code review tools, simpler integration, and CI build support.
|
||||
|
||||
No matter how a patch is submitted, the following items will help make
|
||||
the acceptance and review process faster:
|
||||
Having addressed the following items before the PR will help make the
|
||||
acceptance and review process faster:
|
||||
|
||||
1. Anything other than trivial contributions will require a contributor
|
||||
licensing agreement, giving us permission to use your code. See
|
||||
@ -55,21 +33,22 @@ the acceptance and review process faster:
|
||||
in the file LICENSE in the source distribution or at
|
||||
https://www.openssl.org/source/license.html
|
||||
|
||||
3. Patches should be as current as possible. When using GitHub, please
|
||||
expect to have to rebase and update often. Note that we do not accept merge
|
||||
commits. You will be asked to remove them before a patch is considered
|
||||
acceptable.
|
||||
3. Patches should be as current as possible; expect to have to rebase
|
||||
often. We do not accept merge commits; You will be asked to remove
|
||||
them before a patch is considered acceptable.
|
||||
|
||||
4. Patches should follow our coding style (see
|
||||
https://www.openssl.org/policies/codingstyle.html) and compile without
|
||||
warnings. Where gcc or clang is availble you should use the
|
||||
--strict-warnings Configure option. OpenSSL compiles on many varied
|
||||
platforms: try to ensure you only use portable features.
|
||||
Clean builds via Travis and AppVeyor are expected, and done whenever
|
||||
a PR is created or updated.
|
||||
|
||||
5. When at all possible, patches should include tests. These can either be
|
||||
added to an existing test, or completely new. Please see test/README
|
||||
for information on the test framework.
|
||||
5. When at all possible, patches should include tests. These can
|
||||
either be added to an existing test, or completely new. Please see
|
||||
test/README for information on the test framework.
|
||||
|
||||
6. New features or changed functionality must include documentation. Please
|
||||
look at the "pod" files in doc/apps, doc/crypto and doc/ssl for examples of
|
||||
our style.
|
||||
6. New features or changed functionality must include
|
||||
documentation. Please look at the "pod" files in doc/apps, doc/crypto
|
||||
and doc/ssl for examples of our style.
|
||||
|
34
Configure
34
Configure
@ -7,6 +7,7 @@ eval 'exec perl -S $0 ${1+"$@"}'
|
||||
|
||||
require 5.000;
|
||||
use strict;
|
||||
use File::Compare;
|
||||
|
||||
# see INSTALL for instructions.
|
||||
|
||||
@ -57,12 +58,13 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimenta
|
||||
# zlib-dynamic Like "zlib", but the zlib library is expected to be a shared
|
||||
# library and will be loaded in run-time by the OpenSSL library.
|
||||
# sctp include SCTP support
|
||||
# 386 generate 80386 code
|
||||
# enable-weak-ssl-ciphers
|
||||
# Enable EXPORT and LOW SSLv3 ciphers that are disabled by
|
||||
# default. Note, weak SSLv2 ciphers are unconditionally
|
||||
# disabled.
|
||||
# no-sse2 disables IA-32 SSE2 code, above option implies no-sse2
|
||||
# 386 generate 80386 code in assembly modules
|
||||
# no-sse2 disables IA-32 SSE2 code in assembly modules, the above
|
||||
# mentioned '386' option implies this one
|
||||
# no-<cipher> build without specified algorithm (rsa, idea, rc5, ...)
|
||||
# -<xxx> +<xxx> compiler options are passed through
|
||||
#
|
||||
@ -1792,8 +1794,16 @@ while (<IN>)
|
||||
}
|
||||
close(IN);
|
||||
close(OUT);
|
||||
rename($Makefile,"$Makefile.bak") || die "unable to rename $Makefile\n" if -e $Makefile;
|
||||
rename("$Makefile.new",$Makefile) || die "unable to rename $Makefile.new\n";
|
||||
if ((compare($Makefile, "$Makefile.new"))
|
||||
or file_newer('Configure', $Makefile)
|
||||
or file_newer('config', $Makefile)
|
||||
or file_newer('Makefile.org', $Makefile))
|
||||
{
|
||||
rename($Makefile,"$Makefile.bak") || die "unable to rename $Makefile\n" if -e $Makefile;
|
||||
rename("$Makefile.new",$Makefile) || die "unable to rename $Makefile.new\n";
|
||||
}
|
||||
else
|
||||
{ unlink("$Makefile.new"); }
|
||||
|
||||
print "CC =$cc\n";
|
||||
print "CFLAG =$cflags\n";
|
||||
@ -1985,9 +1995,13 @@ print OUT "#ifdef __cplusplus\n";
|
||||
print OUT "}\n";
|
||||
print OUT "#endif\n";
|
||||
close(OUT);
|
||||
rename("crypto/opensslconf.h","crypto/opensslconf.h.bak") || die "unable to rename crypto/opensslconf.h\n" if -e "crypto/opensslconf.h";
|
||||
rename("crypto/opensslconf.h.new","crypto/opensslconf.h") || die "unable to rename crypto/opensslconf.h.new\n";
|
||||
|
||||
if (compare("crypto/opensslconf.h.new","crypto/opensslconf.h"))
|
||||
{
|
||||
rename("crypto/opensslconf.h","crypto/opensslconf.h.bak") || die "unable to rename crypto/opensslconf.h\n" if -e "crypto/opensslconf.h";
|
||||
rename("crypto/opensslconf.h.new","crypto/opensslconf.h") || die "unable to rename crypto/opensslconf.h.new\n";
|
||||
}
|
||||
else
|
||||
{ unlink("crypto/opensslconf.h.new"); }
|
||||
|
||||
# Fix the date
|
||||
|
||||
@ -2289,3 +2303,9 @@ sub test_sanity
|
||||
print STDERR "No sanity errors detected!\n" if $errorcnt == 0;
|
||||
return $errorcnt;
|
||||
}
|
||||
|
||||
sub file_newer
|
||||
{
|
||||
my ($file1, $file2) = @_;
|
||||
return (stat($file1))[9] > (stat($file2))[9]
|
||||
}
|
||||
|
65
INSTALL
65
INSTALL
@ -74,24 +74,26 @@
|
||||
|
||||
no-asm Do not use assembler code.
|
||||
|
||||
386 Use the 80386 instruction set only (the default x86 code is
|
||||
more efficient, but requires at least a 486). Note: Use
|
||||
compiler flags for any other CPU specific configuration,
|
||||
e.g. "-m32" to build x86 code on an x64 system.
|
||||
386 In 32-bit x86 builds, when generating assembly modules,
|
||||
use the 80386 instruction set only (the default x86 code
|
||||
is more efficient, but requires at least a 486). Note:
|
||||
This doesn't affect code generated by compiler, you're
|
||||
likely to complement configuration command line with
|
||||
suitable compiler-specific option.
|
||||
|
||||
no-sse2 Exclude SSE2 code pathes. Normally SSE2 extention is
|
||||
detected at run-time, but the decision whether or not the
|
||||
machine code will be executed is taken solely on CPU
|
||||
capability vector. This means that if you happen to run OS
|
||||
kernel which does not support SSE2 extension on Intel P4
|
||||
processor, then your application might be exposed to
|
||||
"illegal instruction" exception. There might be a way
|
||||
to enable support in kernel, e.g. FreeBSD kernel can be
|
||||
compiled with CPU_ENABLE_SSE, and there is a way to
|
||||
disengage SSE2 code pathes upon application start-up,
|
||||
but if you aim for wider "audience" running such kernel,
|
||||
consider no-sse2. Both 386 and no-asm options above imply
|
||||
no-sse2.
|
||||
no-sse2 Exclude SSE2 code paths from 32-bit x86 assembly modules.
|
||||
Normally SSE2 extension is detected at run-time, but the
|
||||
decision whether or not the machine code will be executed
|
||||
is taken solely on CPU capability vector. This means that
|
||||
if you happen to run OS kernel which does not support SSE2
|
||||
extension on Intel P4 processor, then your application
|
||||
might be exposed to "illegal instruction" exception.
|
||||
There might be a way to enable support in kernel, e.g.
|
||||
FreeBSD kernel can be compiled with CPU_ENABLE_SSE, and
|
||||
there is a way to disengage SSE2 code paths upon application
|
||||
start-up, but if you aim for wider "audience" running
|
||||
such kernel, consider no-sse2. Both the 386 and
|
||||
no-asm options imply no-sse2.
|
||||
|
||||
no-<cipher> Build without the specified cipher (bf, cast, des, dh, dsa,
|
||||
hmac, md2, md5, mdc2, rc2, rc4, rc5, rsa, sha).
|
||||
@ -101,7 +103,12 @@
|
||||
-Dxxx, -lxxx, -Lxxx, -fxxx, -mXXX, -Kxxx These system specific options will
|
||||
be passed through to the compiler to allow you to
|
||||
define preprocessor symbols, specify additional libraries,
|
||||
library directories or other compiler options.
|
||||
library directories or other compiler options. It might be
|
||||
worth noting that some compilers generate code specifically
|
||||
for processor the compiler currently executes on. This is
|
||||
not necessarily what you might have in mind, since it might
|
||||
be unsuitable for execution on other, typically older,
|
||||
processor. Consult your compiler documentation.
|
||||
|
||||
-DHAVE_CRYPTODEV Enable the BSD cryptodev engine even if we are not using
|
||||
BSD. Useful if you are running ocf-linux or something
|
||||
@ -159,18 +166,18 @@
|
||||
OpenSSL binary ("openssl"). The libraries will be built in the top-level
|
||||
directory, and the binary will be in the "apps" directory.
|
||||
|
||||
If "make" fails, look at the output. There may be reasons for
|
||||
the failure that aren't problems in OpenSSL itself (like missing
|
||||
standard headers). If it is a problem with OpenSSL itself, please
|
||||
report the problem to <openssl-bugs@openssl.org> (note that your
|
||||
message will be recorded in the request tracker publicly readable
|
||||
at https://www.openssl.org/community/index.html#bugs and will be
|
||||
forwarded to a public mailing list). Include the output of "make
|
||||
report" in your message. Please check out the request tracker. Maybe
|
||||
the bug was already reported or has already been fixed.
|
||||
If the build fails, look at the output. There may be reasons
|
||||
for the failure that aren't problems in OpenSSL itself (like
|
||||
missing standard headers). If you are having problems you can
|
||||
get help by sending an email to the openssl-users email list (see
|
||||
https://www.openssl.org/community/mailinglists.html for details). If
|
||||
it is a bug with OpenSSL itself, please open an issue on GitHub, at
|
||||
https://github.com/openssl/openssl/issues. Please review the existing
|
||||
ones first; maybe the bug was already reported or has already been
|
||||
fixed.
|
||||
|
||||
[If you encounter assembler error messages, try the "no-asm"
|
||||
configuration option as an immediate fix.]
|
||||
(If you encounter assembler error messages, try the "no-asm"
|
||||
configuration option as an immediate fix.)
|
||||
|
||||
Compiling parts of OpenSSL with gcc and others with the system
|
||||
compiler will result in unresolved symbols on some systems.
|
||||
|
5
Makefile
5
Makefile
@ -4,7 +4,7 @@
|
||||
## Makefile for OpenSSL
|
||||
##
|
||||
|
||||
VERSION=1.0.2j
|
||||
VERSION=1.0.2k
|
||||
MAJOR=1
|
||||
MINOR=0.2
|
||||
SHLIB_VERSION_NUMBER=1.0.0
|
||||
@ -203,7 +203,8 @@ CLEARENV= TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS} \
|
||||
$${ASFLAGS+ASFLAGS} $${AFLAGS+AFLAGS} \
|
||||
$${LDCMD+LDCMD} $${LDFLAGS+LDFLAGS} $${SCRIPTS+SCRIPTS} \
|
||||
$${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS} \
|
||||
$${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS}
|
||||
$${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS} \
|
||||
$${APPS+APPS}
|
||||
|
||||
# LC_ALL=C ensures that error [and other] messages are delivered in
|
||||
# same language for uniform treatment.
|
||||
|
@ -201,7 +201,8 @@ CLEARENV= TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS} \
|
||||
$${ASFLAGS+ASFLAGS} $${AFLAGS+AFLAGS} \
|
||||
$${LDCMD+LDCMD} $${LDFLAGS+LDFLAGS} $${SCRIPTS+SCRIPTS} \
|
||||
$${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS} \
|
||||
$${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS}
|
||||
$${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS} \
|
||||
$${APPS+APPS}
|
||||
|
||||
# LC_ALL=C ensures that error [and other] messages are delivered in
|
||||
# same language for uniform treatment.
|
||||
|
8
NEWS
8
NEWS
@ -5,9 +5,15 @@
|
||||
This file gives a brief overview of the major changes between each OpenSSL
|
||||
release. For more details please read the CHANGES file.
|
||||
|
||||
Major changes between OpenSSL 1.0.2j and OpenSSL 1.0.2k [26 Jan 2017]
|
||||
|
||||
o Truncated packet could crash via OOB read (CVE-2017-3731)
|
||||
o BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)
|
||||
o Montgomery multiplication may produce incorrect results (CVE-2016-7055)
|
||||
|
||||
Major changes between OpenSSL 1.0.2i and OpenSSL 1.0.2j [26 Sep 2016]
|
||||
|
||||
o Fix Use After Free for large message sizes (CVE-2016-6309)
|
||||
o Missing CRL sanity check (CVE-2016-7052)
|
||||
|
||||
Major changes between OpenSSL 1.0.2h and OpenSSL 1.0.2i [22 Sep 2016]
|
||||
|
||||
|
36
README
36
README
@ -1,5 +1,5 @@
|
||||
|
||||
OpenSSL 1.0.2j 26 Sep 2016
|
||||
OpenSSL 1.0.2k 26 Jan 2017
|
||||
|
||||
Copyright (c) 1998-2015 The OpenSSL Project
|
||||
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
|
||||
@ -66,13 +66,13 @@
|
||||
If you have any problems with OpenSSL then please take the following steps
|
||||
first:
|
||||
|
||||
- Download the current snapshot from ftp://ftp.openssl.org/snapshot/
|
||||
- Download the latest version from the repository
|
||||
to see if the problem has already been addressed
|
||||
- Remove ASM versions of libraries
|
||||
- Configure with no-asm
|
||||
- Remove compiler optimisation flags
|
||||
|
||||
If you wish to report a bug then please include the following information in
|
||||
any bug report:
|
||||
If you wish to report a bug then please include the following information
|
||||
and create an issue on GitHub:
|
||||
|
||||
- On Unix systems:
|
||||
Self-test report generated by 'make report'
|
||||
@ -84,27 +84,9 @@
|
||||
- Problem Description (steps that will reproduce the problem, if known)
|
||||
- Stack Traceback (if the application dumps core)
|
||||
|
||||
Email the report to:
|
||||
|
||||
rt@openssl.org
|
||||
|
||||
In order to avoid spam, this is a moderated mailing list, and it might
|
||||
take a day for the ticket to show up. (We also scan posts to make sure
|
||||
that security disclosures aren't publically posted by mistake.) Mail
|
||||
to this address is recorded in the public RT (request tracker) database
|
||||
(see https://www.openssl.org/community/index.html#bugs for details) and
|
||||
also forwarded the public openssl-dev mailing list. Confidential mail
|
||||
may be sent to openssl-security@openssl.org (PGP key available from the
|
||||
key servers).
|
||||
|
||||
Please do NOT use this for general assistance or support queries.
|
||||
Just because something doesn't work the way you expect does not mean it
|
||||
is necessarily a bug in OpenSSL.
|
||||
|
||||
You can also make GitHub pull requests. If you do this, please also send
|
||||
mail to rt@openssl.org with a link to the PR so that we can more easily
|
||||
keep track of it.
|
||||
|
||||
HOW TO CONTRIBUTE TO OpenSSL
|
||||
----------------------------
|
||||
|
||||
@ -113,7 +95,7 @@
|
||||
LEGALITIES
|
||||
----------
|
||||
|
||||
A number of nations, in particular the U.S., restrict the use or export
|
||||
of cryptography. If you are potentially subject to such restrictions
|
||||
you should seek competent professional legal advice before attempting to
|
||||
develop or distribute cryptographic code.
|
||||
A number of nations restrict the use or export of cryptography. If you
|
||||
are potentially subject to such restrictions you should seek competent
|
||||
professional legal advice before attempting to develop or distribute
|
||||
cryptographic code.
|
||||
|
17
apps/apps.c
17
apps/apps.c
@ -972,7 +972,10 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
|
||||
if (!e)
|
||||
BIO_printf(err, "no engine specified\n");
|
||||
else {
|
||||
if (ENGINE_init(e)) {
|
||||
pkey = ENGINE_load_private_key(e, file, ui_method, &cb_data);
|
||||
ENGINE_finish(e);
|
||||
}
|
||||
if (!pkey) {
|
||||
BIO_printf(err, "cannot load %s from engine\n", key_descrip);
|
||||
ERR_print_errors(err);
|
||||
@ -1532,11 +1535,13 @@ static ENGINE *try_load_engine(BIO *err, const char *engine, int debug)
|
||||
}
|
||||
return e;
|
||||
}
|
||||
#endif
|
||||
|
||||
ENGINE *setup_engine(BIO *err, const char *engine, int debug)
|
||||
{
|
||||
ENGINE *e = NULL;
|
||||
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
if (engine) {
|
||||
if (strcmp(engine, "auto") == 0) {
|
||||
BIO_printf(err, "enabling auto ENGINE support\n");
|
||||
@ -1561,13 +1566,19 @@ ENGINE *setup_engine(BIO *err, const char *engine, int debug)
|
||||
}
|
||||
|
||||
BIO_printf(err, "engine \"%s\" set.\n", ENGINE_get_id(e));
|
||||
|
||||
/* Free our "structural" reference. */
|
||||
ENGINE_free(e);
|
||||
}
|
||||
#endif
|
||||
return e;
|
||||
}
|
||||
|
||||
void release_engine(ENGINE *e)
|
||||
{
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
if (e != NULL)
|
||||
/* Free our "structural" reference. */
|
||||
ENGINE_free(e);
|
||||
#endif
|
||||
}
|
||||
|
||||
int load_config(BIO *err, CONF *cnf)
|
||||
{
|
||||
|
@ -259,9 +259,9 @@ STACK_OF(X509_CRL) *load_crls(BIO *err, const char *file, int format,
|
||||
const char *pass, ENGINE *e,
|
||||
const char *cert_descrip);
|
||||
X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath);
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
|
||||
ENGINE *setup_engine(BIO *err, const char *engine, int debug);
|
||||
# endif
|
||||
void release_engine(ENGINE *e);
|
||||
|
||||
# ifndef OPENSSL_NO_OCSP
|
||||
OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,
|
||||
|
@ -319,9 +319,7 @@ int MAIN(int argc, char **argv)
|
||||
#define BSIZE 256
|
||||
MS_STATIC char buf[3][BSIZE];
|
||||
char *randfile = NULL;
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
char *engine = NULL;
|
||||
#endif
|
||||
char *tofree = NULL;
|
||||
DB_ATTR db_attr;
|
||||
|
||||
@ -595,9 +593,7 @@ int MAIN(int argc, char **argv)
|
||||
if (!load_config(bio_err, conf))
|
||||
goto err;
|
||||
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
#endif
|
||||
|
||||
/* Lets get the config section we are using */
|
||||
if (section == NULL) {
|
||||
@ -1485,6 +1481,7 @@ int MAIN(int argc, char **argv)
|
||||
X509_CRL_free(crl);
|
||||
NCONF_free(conf);
|
||||
NCONF_free(extconf);
|
||||
release_engine(e);
|
||||
OBJ_cleanup();
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
@ -2227,7 +2224,6 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey,
|
||||
sk = CONF_get_section(parms, "default");
|
||||
if (sk_CONF_VALUE_num(sk) == 0) {
|
||||
BIO_printf(bio_err, "no name/value pairs found in %s\n", infile);
|
||||
CONF_free(parms);
|
||||
goto err;
|
||||
}
|
||||
|
||||
|
@ -143,9 +143,7 @@ int MAIN(int argc, char **argv)
|
||||
const EVP_MD *sign_md = NULL;
|
||||
int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
|
||||
int rctformat = FORMAT_SMIME, keyform = FORMAT_PEM;
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
char *engine = NULL;
|
||||
# endif
|
||||
unsigned char *secret_key = NULL, *secret_keyid = NULL;
|
||||
unsigned char *pwri_pass = NULL, *pwri_tmp = NULL;
|
||||
size_t secret_keylen = 0, secret_keyidlen = 0;
|
||||
@ -665,9 +663,7 @@ int MAIN(int argc, char **argv)
|
||||
"cert.pem recipient certificate(s) for encryption\n");
|
||||
goto end;
|
||||
}
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
# endif
|
||||
|
||||
if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
|
||||
BIO_printf(bio_err, "Error getting password\n");
|
||||
@ -1170,6 +1166,7 @@ int MAIN(int argc, char **argv)
|
||||
EVP_PKEY_free(key);
|
||||
CMS_ContentInfo_free(cms);
|
||||
CMS_ContentInfo_free(rcms);
|
||||
release_engine(e);
|
||||
BIO_free(rctin);
|
||||
BIO_free(in);
|
||||
BIO_free(indata);
|
||||
|
@ -537,6 +537,7 @@ int MAIN(int argc, char **argv)
|
||||
OPENSSL_free(sigbuf);
|
||||
if (bmd != NULL)
|
||||
BIO_free(bmd);
|
||||
release_engine(e);
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(err);
|
||||
}
|
||||
|
@ -94,9 +94,7 @@ int MAIN(int argc, char **argv)
|
||||
BIO *in = NULL, *out = NULL;
|
||||
int informat, outformat, check = 0, noout = 0, C = 0, ret = 1;
|
||||
char *infile, *outfile, *prog;
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
char *engine;
|
||||
# endif
|
||||
|
||||
apps_startup();
|
||||
|
||||
@ -107,9 +105,7 @@ int MAIN(int argc, char **argv)
|
||||
if (!load_config(bio_err, NULL))
|
||||
goto end;
|
||||
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
engine = NULL;
|
||||
# endif
|
||||
infile = NULL;
|
||||
outfile = NULL;
|
||||
informat = FORMAT_PEM;
|
||||
@ -183,9 +179,7 @@ int MAIN(int argc, char **argv)
|
||||
|
||||
ERR_load_crypto_strings();
|
||||
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
setup_engine(bio_err, engine, 0);
|
||||
# endif
|
||||
|
||||
in = BIO_new(BIO_s_file());
|
||||
out = BIO_new(BIO_s_file());
|
||||
|
@ -159,9 +159,8 @@ int MAIN(int argc, char **argv)
|
||||
int informat, outformat, check = 0, noout = 0, C = 0, ret = 1;
|
||||
char *infile, *outfile, *prog;
|
||||
char *inrand = NULL;
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
char *engine = NULL;
|
||||
# endif
|
||||
ENGINE *e = NULL;
|
||||
int num = 0, g = 0;
|
||||
|
||||
apps_startup();
|
||||
@ -270,9 +269,7 @@ int MAIN(int argc, char **argv)
|
||||
|
||||
ERR_load_crypto_strings();
|
||||
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
setup_engine(bio_err, engine, 0);
|
||||
# endif
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
|
||||
if (g && !num)
|
||||
num = DEFBITS;
|
||||
@ -512,6 +509,7 @@ int MAIN(int argc, char **argv)
|
||||
BIO_free_all(out);
|
||||
if (dh != NULL)
|
||||
DH_free(dh);
|
||||
release_engine(e);
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
|
@ -106,9 +106,7 @@ int MAIN(int argc, char **argv)
|
||||
int informat, outformat, text = 0, noout = 0;
|
||||
int pubin = 0, pubout = 0;
|
||||
char *infile, *outfile, *prog;
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
char *engine;
|
||||
# endif
|
||||
char *passargin = NULL, *passargout = NULL;
|
||||
char *passin = NULL, *passout = NULL;
|
||||
int modulus = 0;
|
||||
@ -124,9 +122,7 @@ int MAIN(int argc, char **argv)
|
||||
if (!load_config(bio_err, NULL))
|
||||
goto end;
|
||||
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
engine = NULL;
|
||||
# endif
|
||||
infile = NULL;
|
||||
outfile = NULL;
|
||||
informat = FORMAT_PEM;
|
||||
@ -239,9 +235,7 @@ int MAIN(int argc, char **argv)
|
||||
|
||||
ERR_load_crypto_strings();
|
||||
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
# endif
|
||||
|
||||
if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
|
||||
BIO_printf(bio_err, "Error getting passwords\n");
|
||||
@ -358,6 +352,7 @@ int MAIN(int argc, char **argv)
|
||||
BIO_free_all(out);
|
||||
if (dsa != NULL)
|
||||
DSA_free(dsa);
|
||||
release_engine(e);
|
||||
if (passin)
|
||||
OPENSSL_free(passin);
|
||||
if (passout)
|
||||
|
@ -121,9 +121,8 @@ int MAIN(int argc, char **argv)
|
||||
char *infile, *outfile, *prog, *inrand = NULL;
|
||||
int numbits = -1, num, genkey = 0;
|
||||
int need_rand = 0;
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
char *engine = NULL;
|
||||
# endif
|
||||
ENGINE *e = NULL;
|
||||
# ifdef GENCB_TEST
|
||||
int timebomb = 0;
|
||||
# endif
|
||||
@ -263,9 +262,7 @@ int MAIN(int argc, char **argv)
|
||||
}
|
||||
}
|
||||
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
setup_engine(bio_err, engine, 0);
|
||||
# endif
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
|
||||
if (need_rand) {
|
||||
app_RAND_load_file(NULL, bio_err, (inrand != NULL));
|
||||
@ -433,6 +430,7 @@ int MAIN(int argc, char **argv)
|
||||
BIO_free_all(out);
|
||||
if (dsa != NULL)
|
||||
DSA_free(dsa);
|
||||
release_engine(e);
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
|
@ -95,6 +95,7 @@ int MAIN(int argc, char **argv)
|
||||
int informat, outformat, text = 0, noout = 0;
|
||||
int pubin = 0, pubout = 0, param_out = 0;
|
||||
char *infile, *outfile, *prog, *engine;
|
||||
ENGINE *e = NULL;
|
||||
char *passargin = NULL, *passargout = NULL;
|
||||
char *passin = NULL, *passout = NULL;
|
||||
point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;
|
||||
@ -235,9 +236,7 @@ int MAIN(int argc, char **argv)
|
||||
|
||||
ERR_load_crypto_strings();
|
||||
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
setup_engine(bio_err, engine, 0);
|
||||
# endif
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
|
||||
if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
|
||||
BIO_printf(bio_err, "Error getting passwords\n");
|
||||
@ -349,6 +348,7 @@ int MAIN(int argc, char **argv)
|
||||
BIO_free_all(out);
|
||||
if (eckey)
|
||||
EC_KEY_free(eckey);
|
||||
release_engine(e);
|
||||
if (passin)
|
||||
OPENSSL_free(passin);
|
||||
if (passout)
|
||||
|
@ -131,6 +131,7 @@ int MAIN(int argc, char **argv)
|
||||
BIO *in = NULL, *out = NULL;
|
||||
int informat, outformat, noout = 0, C = 0, ret = 1;
|
||||
char *engine = NULL;
|
||||
ENGINE *e = NULL;
|
||||
|
||||
BIGNUM *ec_p = NULL, *ec_a = NULL, *ec_b = NULL,
|
||||
*ec_gen = NULL, *ec_order = NULL, *ec_cofactor = NULL;
|
||||
@ -311,9 +312,7 @@ int MAIN(int argc, char **argv)
|
||||
}
|
||||
}
|
||||
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
setup_engine(bio_err, engine, 0);
|
||||
# endif
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
|
||||
if (list_curves) {
|
||||
EC_builtin_curve *curves = NULL;
|
||||
@ -620,12 +619,13 @@ int MAIN(int argc, char **argv)
|
||||
BN_free(ec_cofactor);
|
||||
if (buffer)
|
||||
OPENSSL_free(buffer);
|
||||
if (group != NULL)
|
||||
EC_GROUP_free(group);
|
||||
release_engine(e);
|
||||
if (in != NULL)
|
||||
BIO_free(in);
|
||||
if (out != NULL)
|
||||
BIO_free_all(out);
|
||||
if (group != NULL)
|
||||
EC_GROUP_free(group);
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
|
@ -126,9 +126,8 @@ int MAIN(int argc, char **argv)
|
||||
NULL, *wbio = NULL;
|
||||
#define PROG_NAME_SIZE 39
|
||||
char pname[PROG_NAME_SIZE + 1];
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
char *engine = NULL;
|
||||
#endif
|
||||
ENGINE *e = NULL;
|
||||
const EVP_MD *dgst = NULL;
|
||||
int non_fips_allow = 0;
|
||||
|
||||
@ -322,9 +321,7 @@ int MAIN(int argc, char **argv)
|
||||
argv++;
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
setup_engine(bio_err, engine, 0);
|
||||
#endif
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
|
||||
if (cipher && EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {
|
||||
BIO_printf(bio_err,
|
||||
@ -674,6 +671,7 @@ int MAIN(int argc, char **argv)
|
||||
if (bzl != NULL)
|
||||
BIO_free(bzl);
|
||||
#endif
|
||||
release_engine(e);
|
||||
if (pass)
|
||||
OPENSSL_free(pass);
|
||||
apps_shutdown();
|
||||
|
@ -96,9 +96,7 @@ int MAIN(int argc, char **argv)
|
||||
int g = 2;
|
||||
char *outfile = NULL;
|
||||
char *inrand = NULL;
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
char *engine = NULL;
|
||||
# endif
|
||||
BIO *out = NULL;
|
||||
|
||||
apps_startup();
|
||||
@ -162,9 +160,7 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf(bio_err, " the random number generator\n");
|
||||
goto end;
|
||||
}
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
setup_engine(bio_err, engine, 0);
|
||||
# endif
|
||||
|
||||
out = BIO_new(BIO_s_file());
|
||||
if (out == NULL) {
|
||||
|
@ -85,9 +85,8 @@ int MAIN(int argc, char **argv)
|
||||
char *passargout = NULL, *passout = NULL;
|
||||
BIO *out = NULL, *in = NULL;
|
||||
const EVP_CIPHER *enc = NULL;
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
char *engine = NULL;
|
||||
# endif
|
||||
ENGINE *e = NULL;
|
||||
|
||||
apps_startup();
|
||||
|
||||
@ -206,9 +205,7 @@ int MAIN(int argc, char **argv)
|
||||
" - a DSA parameter file as generated by the dsaparam command\n");
|
||||
goto end;
|
||||
}
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
setup_engine(bio_err, engine, 0);
|
||||
# endif
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
|
||||
if (!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
|
||||
BIO_printf(bio_err, "Error getting password\n");
|
||||
@ -273,6 +270,7 @@ int MAIN(int argc, char **argv)
|
||||
BIO_free_all(out);
|
||||
if (dsa != NULL)
|
||||
DSA_free(dsa);
|
||||
release_engine(e);
|
||||
if (passout)
|
||||
OPENSSL_free(passout);
|
||||
apps_shutdown();
|
||||
|
@ -275,9 +275,9 @@ int MAIN(int argc, char **argv)
|
||||
if (out)
|
||||
BIO_free_all(out);
|
||||
BIO_free(in);
|
||||
release_engine(e);
|
||||
if (pass)
|
||||
OPENSSL_free(pass);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
@ -91,9 +91,7 @@ int MAIN(int, char **);
|
||||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
BN_GENCB cb;
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
ENGINE *e = NULL;
|
||||
# endif
|
||||
int ret = 1;
|
||||
int i, num = DEFBITS;
|
||||
long l;
|
||||
@ -101,9 +99,7 @@ int MAIN(int argc, char **argv)
|
||||
unsigned long f4 = RSA_F4;
|
||||
char *outfile = NULL;
|
||||
char *passargout = NULL, *passout = NULL;
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
char *engine = NULL;
|
||||
# endif
|
||||
char *inrand = NULL;
|
||||
BIO *out = NULL;
|
||||
BIGNUM *bn = BN_new();
|
||||
@ -240,9 +236,7 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf(bio_err, "Error getting password\n");
|
||||
goto err;
|
||||
}
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
# endif
|
||||
|
||||
if (outfile == NULL) {
|
||||
BIO_set_fp(out, stdout, BIO_NOCLOSE);
|
||||
@ -314,6 +308,7 @@ int MAIN(int argc, char **argv)
|
||||
RSA_free(rsa);
|
||||
if (out)
|
||||
BIO_free_all(out);
|
||||
release_engine(e);
|
||||
if (passout)
|
||||
OPENSSL_free(passout);
|
||||
if (ret != 0)
|
||||
|
@ -129,9 +129,7 @@ int MAIN(int argc, char **argv)
|
||||
char *inrand = NULL;
|
||||
char *macalg = NULL;
|
||||
char *CApath = NULL, *CAfile = NULL;
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
char *engine = NULL;
|
||||
# endif
|
||||
|
||||
apps_startup();
|
||||
|
||||
@ -406,9 +404,7 @@ int MAIN(int argc, char **argv)
|
||||
"-LMK Add local machine keyset attribute to private key\n");
|
||||
goto end;
|
||||
}
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
# endif
|
||||
|
||||
if (passarg) {
|
||||
if (export_cert)
|
||||
@ -756,6 +752,7 @@ int MAIN(int argc, char **argv)
|
||||
# ifdef CRYPTO_MDEBUG
|
||||
CRYPTO_remove_all_info();
|
||||
# endif
|
||||
release_engine(e);
|
||||
BIO_free(in);
|
||||
BIO_free_all(out);
|
||||
if (canames)
|
||||
@ -1110,4 +1107,6 @@ static int set_pbe(BIO *err, int *ppbe, const char *str)
|
||||
return 1;
|
||||
}
|
||||
|
||||
#else
|
||||
static void *dummy = &dummy;
|
||||
#endif
|
||||
|
@ -90,9 +90,8 @@ int MAIN(int argc, char **argv)
|
||||
char *infile, *outfile, *prog;
|
||||
int print_certs = 0, text = 0, noout = 0, p7_print = 0;
|
||||
int ret = 1;
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
char *engine = NULL;
|
||||
#endif
|
||||
ENGINE *e = NULL;
|
||||
|
||||
apps_startup();
|
||||
|
||||
@ -175,9 +174,7 @@ int MAIN(int argc, char **argv)
|
||||
|
||||
ERR_load_crypto_strings();
|
||||
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
setup_engine(bio_err, engine, 0);
|
||||
#endif
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
|
||||
in = BIO_new(BIO_s_file());
|
||||
out = BIO_new(BIO_s_file());
|
||||
@ -303,6 +300,7 @@ int MAIN(int argc, char **argv)
|
||||
end:
|
||||
if (p7 != NULL)
|
||||
PKCS7_free(p7);
|
||||
release_engine(e);
|
||||
if (in != NULL)
|
||||
BIO_free(in);
|
||||
if (out != NULL)
|
||||
|
@ -87,9 +87,7 @@ int MAIN(int argc, char **argv)
|
||||
char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL;
|
||||
int badarg = 0;
|
||||
int ret = 1;
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
char *engine = NULL;
|
||||
#endif
|
||||
|
||||
if (bio_err == NULL)
|
||||
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
|
||||
@ -223,9 +221,7 @@ int MAIN(int argc, char **argv)
|
||||
#endif
|
||||
goto end;
|
||||
}
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
#endif
|
||||
|
||||
if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
|
||||
BIO_printf(bio_err, "Error getting passwords\n");
|
||||
@ -391,6 +387,7 @@ int MAIN(int argc, char **argv)
|
||||
X509_SIG_free(p8);
|
||||
PKCS8_PRIV_KEY_INFO_free(p8inf);
|
||||
EVP_PKEY_free(pkey);
|
||||
release_engine(e);
|
||||
BIO_free_all(out);
|
||||
BIO_free(in);
|
||||
if (passin)
|
||||
|
@ -79,9 +79,7 @@ int MAIN(int argc, char **argv)
|
||||
EVP_PKEY *pkey = NULL;
|
||||
char *passin = NULL, *passout = NULL;
|
||||
int badarg = 0;
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
char *engine = NULL;
|
||||
#endif
|
||||
int ret = 1;
|
||||
|
||||
if (bio_err == NULL)
|
||||
@ -178,9 +176,7 @@ int MAIN(int argc, char **argv)
|
||||
#endif
|
||||
return 1;
|
||||
}
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
#endif
|
||||
|
||||
if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
|
||||
BIO_printf(bio_err, "Error getting passwords\n");
|
||||
@ -240,6 +236,7 @@ int MAIN(int argc, char **argv)
|
||||
|
||||
end:
|
||||
EVP_PKEY_free(pkey);
|
||||
release_engine(e);
|
||||
BIO_free_all(out);
|
||||
BIO_free(in);
|
||||
if (passin)
|
||||
|
@ -74,9 +74,8 @@ int MAIN(int argc, char **argv)
|
||||
int text = 0, noout = 0;
|
||||
EVP_PKEY *pkey = NULL;
|
||||
int badarg = 0;
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
char *engine = NULL;
|
||||
#endif
|
||||
ENGINE *e = NULL;
|
||||
int ret = 1;
|
||||
|
||||
if (bio_err == NULL)
|
||||
@ -134,9 +133,7 @@ int MAIN(int argc, char **argv)
|
||||
#endif
|
||||
return 1;
|
||||
}
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
setup_engine(bio_err, engine, 0);
|
||||
#endif
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
|
||||
if (infile) {
|
||||
if (!(in = BIO_new_file(infile, "r"))) {
|
||||
@ -178,6 +175,7 @@ int MAIN(int argc, char **argv)
|
||||
|
||||
end:
|
||||
EVP_PKEY_free(pkey);
|
||||
release_engine(e);
|
||||
BIO_free_all(out);
|
||||
BIO_free(in);
|
||||
|
||||
|
@ -357,6 +357,7 @@ int MAIN(int argc, char **argv)
|
||||
end:
|
||||
if (ctx)
|
||||
EVP_PKEY_CTX_free(ctx);
|
||||
release_engine(e);
|
||||
BIO_free(in);
|
||||
BIO_free_all(out);
|
||||
if (buf_in != NULL)
|
||||
|
12
apps/prime.c
12
apps/prime.c
@ -128,16 +128,24 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf(bio_out, "%s\n", s);
|
||||
OPENSSL_free(s);
|
||||
} else {
|
||||
int r;
|
||||
|
||||
if (hex)
|
||||
BN_hex2bn(&bn, argv[0]);
|
||||
r = BN_hex2bn(&bn, argv[0]);
|
||||
else
|
||||
BN_dec2bn(&bn, argv[0]);
|
||||
r = BN_dec2bn(&bn, argv[0]);
|
||||
|
||||
if(!r) {
|
||||
BIO_printf(bio_err, "Failed to process value (%s)\n", argv[0]);
|
||||
goto end;
|
||||
}
|
||||
|
||||
BN_print(bio_out, bn);
|
||||
BIO_printf(bio_out, " is %sprime\n",
|
||||
BN_is_prime_ex(bn, checks, NULL, NULL) ? "" : "not ");
|
||||
}
|
||||
|
||||
end:
|
||||
BN_free(bn);
|
||||
BIO_free_all(bio_out);
|
||||
|
||||
|
@ -86,9 +86,8 @@ int MAIN(int argc, char **argv)
|
||||
int hex = 0;
|
||||
BIO *out = NULL;
|
||||
int num = -1;
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
ENGINE *e = NULL;
|
||||
char *engine = NULL;
|
||||
#endif
|
||||
|
||||
apps_startup();
|
||||
|
||||
@ -162,9 +161,7 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf(bio_err, "-hex - hex encode output\n");
|
||||
goto err;
|
||||
}
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
setup_engine(bio_err, engine, 0);
|
||||
#endif
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
|
||||
app_RAND_load_file(NULL, bio_err, (inrand != NULL));
|
||||
if (inrand != NULL)
|
||||
@ -222,6 +219,7 @@ int MAIN(int argc, char **argv)
|
||||
|
||||
err:
|
||||
ERR_print_errors(bio_err);
|
||||
release_engine(e);
|
||||
if (out)
|
||||
BIO_free_all(out);
|
||||
apps_shutdown();
|
||||
|
@ -179,9 +179,7 @@ int MAIN(int argc, char **argv)
|
||||
int nodes = 0, kludge = 0, newhdr = 0, subject = 0, pubkey = 0;
|
||||
char *infile, *outfile, *prog, *keyfile = NULL, *template =
|
||||
NULL, *keyout = NULL;
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
char *engine = NULL;
|
||||
#endif
|
||||
char *extensions = NULL;
|
||||
char *req_exts = NULL;
|
||||
const EVP_CIPHER *cipher = NULL;
|
||||
@ -595,9 +593,7 @@ int MAIN(int argc, char **argv)
|
||||
if ((in == NULL) || (out == NULL))
|
||||
goto end;
|
||||
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
#endif
|
||||
|
||||
if (keyfile != NULL) {
|
||||
pkey = load_key(bio_err, keyfile, keyform, 0, passin, e,
|
||||
@ -1040,6 +1036,7 @@ int MAIN(int argc, char **argv)
|
||||
X509_REQ_free(req);
|
||||
X509_free(x509ss);
|
||||
ASN1_INTEGER_free(serial);
|
||||
release_engine(e);
|
||||
if (passargin && passin)
|
||||
OPENSSL_free(passin);
|
||||
if (passargout && passout)
|
||||
|
@ -111,9 +111,7 @@ int MAIN(int argc, char **argv)
|
||||
char *infile, *outfile, *prog;
|
||||
char *passargin = NULL, *passargout = NULL;
|
||||
char *passin = NULL, *passout = NULL;
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
char *engine = NULL;
|
||||
# endif
|
||||
int modulus = 0;
|
||||
|
||||
int pvk_encr = 2;
|
||||
@ -254,9 +252,7 @@ int MAIN(int argc, char **argv)
|
||||
|
||||
ERR_load_crypto_strings();
|
||||
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
# endif
|
||||
|
||||
if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
|
||||
BIO_printf(bio_err, "Error getting passwords\n");
|
||||
@ -419,6 +415,7 @@ int MAIN(int argc, char **argv)
|
||||
} else
|
||||
ret = 0;
|
||||
end:
|
||||
release_engine(e);
|
||||
if (out != NULL)
|
||||
BIO_free_all(out);
|
||||
if (rsa != NULL)
|
||||
|
@ -88,9 +88,7 @@ int MAIN(int argc, char **argv)
|
||||
ENGINE *e = NULL;
|
||||
BIO *in = NULL, *out = NULL;
|
||||
char *infile = NULL, *outfile = NULL;
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
char *engine = NULL;
|
||||
# endif
|
||||
char *keyfile = NULL;
|
||||
char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY;
|
||||
int keyform = FORMAT_PEM;
|
||||
@ -195,9 +193,7 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf(bio_err, "A private key is needed for this operation\n");
|
||||
goto end;
|
||||
}
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
# endif
|
||||
if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
|
||||
BIO_printf(bio_err, "Error getting password\n");
|
||||
goto end;
|
||||
@ -327,6 +323,7 @@ int MAIN(int argc, char **argv)
|
||||
BIO_write(out, rsa_out, rsa_outlen);
|
||||
end:
|
||||
RSA_free(rsa);
|
||||
release_engine(e);
|
||||
BIO_free(in);
|
||||
BIO_free_all(out);
|
||||
if (rsa_in)
|
||||
|
@ -548,12 +548,12 @@ long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
|
||||
|
||||
if (cmd == (BIO_CB_READ | BIO_CB_RETURN)) {
|
||||
BIO_printf(out, "read from %p [%p] (%lu bytes => %ld (0x%lX))\n",
|
||||
(void *)bio, argp, (unsigned long)argi, ret, ret);
|
||||
(void *)bio, (void *)argp, (unsigned long)argi, ret, ret);
|
||||
BIO_dump(out, argp, (int)ret);
|
||||
return (ret);
|
||||
} else if (cmd == (BIO_CB_WRITE | BIO_CB_RETURN)) {
|
||||
BIO_printf(out, "write to %p [%p] (%lu bytes => %ld (0x%lX))\n",
|
||||
(void *)bio, argp, (unsigned long)argi, ret, ret);
|
||||
(void *)bio, (void *)argp, (unsigned long)argi, ret, ret);
|
||||
BIO_dump(out, argp, (int)ret);
|
||||
}
|
||||
return (ret);
|
||||
|
@ -694,12 +694,12 @@ int MAIN(int argc, char **argv)
|
||||
char *inrand = NULL;
|
||||
int mbuf_len = 0;
|
||||
struct timeval timeout, *timeoutp;
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
char *engine_id = NULL;
|
||||
ENGINE *e = NULL;
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
char *ssl_client_engine_id = NULL;
|
||||
ENGINE *ssl_client_engine = NULL;
|
||||
#endif
|
||||
ENGINE *e = NULL;
|
||||
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5)
|
||||
struct timeval tv;
|
||||
# if defined(OPENSSL_SYS_BEOS_R5)
|
||||
@ -1186,8 +1186,8 @@ int MAIN(int argc, char **argv)
|
||||
next_proto.data = NULL;
|
||||
#endif
|
||||
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
e = setup_engine(bio_err, engine_id, 1);
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
if (ssl_client_engine_id) {
|
||||
ssl_client_engine = ENGINE_by_id(ssl_client_engine_id);
|
||||
if (!ssl_client_engine) {
|
||||
@ -2123,6 +2123,7 @@ int MAIN(int argc, char **argv)
|
||||
OPENSSL_cleanse(mbuf, BUFSIZZ);
|
||||
OPENSSL_free(mbuf);
|
||||
}
|
||||
release_engine(e);
|
||||
if (bio_c_out != NULL) {
|
||||
BIO_free(bio_c_out);
|
||||
bio_c_out = NULL;
|
||||
|
@ -328,9 +328,7 @@ static char *keymatexportlabel = NULL;
|
||||
static int keymatexportlen = 20;
|
||||
|
||||
static int hack = 0;
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
static char *engine_id = NULL;
|
||||
#endif
|
||||
static const char *session_id_prefix = NULL;
|
||||
|
||||
static int enable_timeouts = 0;
|
||||
@ -484,9 +482,7 @@ static void s_server_init(void)
|
||||
s_quiet = 0;
|
||||
s_brief = 0;
|
||||
hack = 0;
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
engine_id = NULL;
|
||||
# endif
|
||||
}
|
||||
#endif
|
||||
|
||||
@ -1603,9 +1599,7 @@ int MAIN(int argc, char *argv[])
|
||||
SSL_load_error_strings();
|
||||
OpenSSL_add_ssl_algorithms();
|
||||
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
e = setup_engine(bio_err, engine_id, 1);
|
||||
#endif
|
||||
|
||||
if (!app_passwd(bio_err, passarg, dpassarg, &pass, &dpass)) {
|
||||
BIO_printf(bio_err, "Error getting password\n");
|
||||
@ -2129,6 +2123,7 @@ int MAIN(int argc, char *argv[])
|
||||
if (jpake_secret && psk_key)
|
||||
OPENSSL_free(psk_key);
|
||||
#endif
|
||||
release_engine(e);
|
||||
if (bio_s_out != NULL) {
|
||||
BIO_free(bio_s_out);
|
||||
bio_s_out = NULL;
|
||||
|
@ -114,9 +114,7 @@ int MAIN(int argc, char **argv)
|
||||
const EVP_MD *sign_md = NULL;
|
||||
int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
|
||||
int keyform = FORMAT_PEM;
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
char *engine = NULL;
|
||||
#endif
|
||||
|
||||
X509_VERIFY_PARAM *vpm = NULL;
|
||||
|
||||
@ -461,9 +459,7 @@ int MAIN(int argc, char **argv)
|
||||
"cert.pem recipient certificate(s) for encryption\n");
|
||||
goto end;
|
||||
}
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
#endif
|
||||
|
||||
if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
|
||||
BIO_printf(bio_err, "Error getting password\n");
|
||||
@ -736,6 +732,7 @@ int MAIN(int argc, char **argv)
|
||||
X509_free(signer);
|
||||
EVP_PKEY_free(key);
|
||||
PKCS7_free(p7);
|
||||
release_engine(e);
|
||||
BIO_free(in);
|
||||
BIO_free(indata);
|
||||
BIO_free_all(out);
|
||||
|
14
apps/speed.c
14
apps/speed.c
@ -372,6 +372,7 @@ int MAIN(int, char **);
|
||||
|
||||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
ENGINE *e = NULL;
|
||||
unsigned char *buf = NULL, *buf2 = NULL;
|
||||
int mret = 1;
|
||||
long count = 0, save_count = 0;
|
||||
@ -669,6 +670,10 @@ int MAIN(int argc, char **argv)
|
||||
ecdh_b[i] = NULL;
|
||||
}
|
||||
# endif
|
||||
# ifndef OPENSSL_NO_RSA
|
||||
for (i = 0; i < RSA_NUM; i++)
|
||||
rsa_key[i] = NULL;
|
||||
# endif
|
||||
|
||||
if (bio_err == NULL)
|
||||
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
|
||||
@ -677,12 +682,6 @@ int MAIN(int argc, char **argv)
|
||||
if (!load_config(bio_err, NULL))
|
||||
goto end;
|
||||
|
||||
# ifndef OPENSSL_NO_RSA
|
||||
memset(rsa_key, 0, sizeof(rsa_key));
|
||||
for (i = 0; i < RSA_NUM; i++)
|
||||
rsa_key[i] = NULL;
|
||||
# endif
|
||||
|
||||
if ((buf = (unsigned char *)OPENSSL_malloc((int)BUFSIZE)) == NULL) {
|
||||
BIO_printf(bio_err, "out of memory\n");
|
||||
goto end;
|
||||
@ -749,7 +748,7 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf(bio_err, "no engine given\n");
|
||||
goto end;
|
||||
}
|
||||
setup_engine(bio_err, *argv, 0);
|
||||
e = setup_engine(bio_err, *argv, 0);
|
||||
/*
|
||||
* j will be increased again further down. We just don't want
|
||||
* speed to confuse an engine with an algorithm, especially when
|
||||
@ -2526,6 +2525,7 @@ int MAIN(int argc, char **argv)
|
||||
}
|
||||
# endif
|
||||
|
||||
release_engine(e);
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(mret);
|
||||
}
|
||||
|
@ -94,9 +94,7 @@ int MAIN(int argc, char **argv)
|
||||
CONF *conf = NULL;
|
||||
NETSCAPE_SPKI *spki = NULL;
|
||||
EVP_PKEY *pkey = NULL;
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
char *engine = NULL;
|
||||
#endif
|
||||
|
||||
apps_startup();
|
||||
|
||||
@ -185,9 +183,7 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf(bio_err, "Error getting password\n");
|
||||
goto end;
|
||||
}
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
#endif
|
||||
|
||||
if (keyfile) {
|
||||
pkey = load_key(bio_err,
|
||||
@ -305,6 +301,7 @@ int MAIN(int argc, char **argv)
|
||||
BIO_free(in);
|
||||
BIO_free_all(out);
|
||||
EVP_PKEY_free(pkey);
|
||||
release_engine(e);
|
||||
if (passin)
|
||||
OPENSSL_free(passin);
|
||||
apps_shutdown();
|
||||
|
@ -293,9 +293,8 @@ int MAIN(int argc, char **argv)
|
||||
int i;
|
||||
long errorline = -1;
|
||||
char *randfile = NULL;
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
ENGINE *e = NULL;
|
||||
char *engine = NULL;
|
||||
# endif
|
||||
char *tofree = NULL;
|
||||
DB_ATTR db_attr;
|
||||
|
||||
@ -411,9 +410,7 @@ int MAIN(int argc, char **argv)
|
||||
|
||||
ERR_load_crypto_strings();
|
||||
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
setup_engine(bio_err, engine, 0);
|
||||
# endif
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
|
||||
if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
|
||||
BIO_printf(bio_err, "Error getting passwords\n");
|
||||
@ -760,6 +757,7 @@ int MAIN(int argc, char **argv)
|
||||
if (db)
|
||||
free_index(db);
|
||||
|
||||
release_engine(e);
|
||||
OBJ_cleanup();
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
|
@ -89,9 +89,7 @@ int MAIN(int argc, char **argv)
|
||||
X509_LOOKUP *lookup = NULL;
|
||||
X509_VERIFY_PARAM *vpm = NULL;
|
||||
int crl_download = 0;
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
char *engine = NULL;
|
||||
#endif
|
||||
|
||||
cert_ctx = X509_STORE_new();
|
||||
if (cert_ctx == NULL)
|
||||
@ -160,9 +158,7 @@ int MAIN(int argc, char **argv)
|
||||
break;
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
#endif
|
||||
|
||||
if (vpm)
|
||||
X509_STORE_set1_param(cert_ctx, vpm);
|
||||
@ -255,6 +251,7 @@ int MAIN(int argc, char **argv)
|
||||
sk_X509_pop_free(untrusted, X509_free);
|
||||
sk_X509_pop_free(trusted, X509_free);
|
||||
sk_X509_CRL_pop_free(crls, X509_CRL_free);
|
||||
release_engine(e);
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret < 0 ? 2 : ret);
|
||||
}
|
||||
|
@ -218,9 +218,7 @@ int MAIN(int argc, char **argv)
|
||||
char *checkhost = NULL;
|
||||
char *checkemail = NULL;
|
||||
char *checkip = NULL;
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
char *engine = NULL;
|
||||
#endif
|
||||
|
||||
reqfile = 0;
|
||||
|
||||
@ -501,9 +499,7 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf(bio_err, "%s", *pp);
|
||||
goto end;
|
||||
}
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
#endif
|
||||
|
||||
if (need_rand)
|
||||
app_RAND_load_file(NULL, bio_err, 0);
|
||||
@ -1040,6 +1036,7 @@ int MAIN(int argc, char **argv)
|
||||
ASN1_INTEGER_free(sno);
|
||||
sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free);
|
||||
sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free);
|
||||
release_engine(e);
|
||||
if (passin)
|
||||
OPENSSL_free(passin);
|
||||
apps_shutdown();
|
||||
|
@ -1568,8 +1568,8 @@ ___
|
||||
}
|
||||
|
||||
########################################################################
|
||||
# void AES_xts_encrypt(const char *inp,char *out,size_t len,
|
||||
# const AES_KEY *key1, const AES_KEY *key2,
|
||||
# void AES_xts_encrypt(const unsigned char *inp, unsigned char *out,
|
||||
# size_t len, const AES_KEY *key1, const AES_KEY *key2,
|
||||
# const unsigned char iv[16]);
|
||||
#
|
||||
{
|
||||
@ -1937,8 +1937,8 @@ $code.=<<___;
|
||||
br $ra
|
||||
.size AES_xts_encrypt,.-AES_xts_encrypt
|
||||
___
|
||||
# void AES_xts_decrypt(const char *inp,char *out,size_t len,
|
||||
# const AES_KEY *key1, const AES_KEY *key2,
|
||||
# void AES_xts_decrypt(const unsigned char *inp, unsigned char *out,
|
||||
# size_t len, const AES_KEY *key1, const AES_KEY *key2,
|
||||
# const unsigned char iv[16]);
|
||||
#
|
||||
$code.=<<___;
|
||||
|
@ -91,12 +91,11 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
|
||||
unsigned char *salt, int saltlen,
|
||||
unsigned char *aiv, int prf_nid)
|
||||
{
|
||||
X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL;
|
||||
X509_ALGOR *scheme = NULL, *ret = NULL;
|
||||
int alg_nid, keylen;
|
||||
EVP_CIPHER_CTX ctx;
|
||||
unsigned char iv[EVP_MAX_IV_LENGTH];
|
||||
PBE2PARAM *pbe2 = NULL;
|
||||
ASN1_OBJECT *obj;
|
||||
|
||||
alg_nid = EVP_CIPHER_type(cipher);
|
||||
if (alg_nid == NID_undef) {
|
||||
@ -104,7 +103,6 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
|
||||
ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
|
||||
goto err;
|
||||
}
|
||||
obj = OBJ_nid2obj(alg_nid);
|
||||
|
||||
if (!(pbe2 = PBE2PARAM_new()))
|
||||
goto merr;
|
||||
@ -112,7 +110,7 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
|
||||
/* Setup the AlgorithmIdentifier for the encryption scheme */
|
||||
scheme = pbe2->encryption;
|
||||
|
||||
scheme->algorithm = obj;
|
||||
scheme->algorithm = OBJ_nid2obj(alg_nid);
|
||||
if (!(scheme->parameter = ASN1_TYPE_new()))
|
||||
goto merr;
|
||||
|
||||
@ -188,11 +186,9 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
|
||||
err:
|
||||
PBE2PARAM_free(pbe2);
|
||||
/* Note 'scheme' is freed as part of pbe2 */
|
||||
X509_ALGOR_free(kalg);
|
||||
X509_ALGOR_free(ret);
|
||||
|
||||
return NULL;
|
||||
|
||||
}
|
||||
|
||||
X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
|
||||
|
@ -254,6 +254,7 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
|
||||
|
||||
for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++) {
|
||||
int nid;
|
||||
|
||||
ext = sk_X509_EXTENSION_value(exts, idx);
|
||||
nid = OBJ_obj2nid(ext->object);
|
||||
if (nid == NID_freshest_crl)
|
||||
@ -263,7 +264,7 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
|
||||
if ((nid == NID_issuing_distribution_point)
|
||||
|| (nid == NID_authority_key_identifier)
|
||||
|| (nid == NID_delta_crl))
|
||||
break;;
|
||||
continue;
|
||||
crl->flags |= EXFLAG_CRITICAL;
|
||||
break;
|
||||
}
|
||||
|
@ -1148,18 +1148,17 @@ $code.=<<___;
|
||||
mulx 2*8($aptr),%r15,%r13 # ...
|
||||
adox -3*8($tptr),%r11
|
||||
adcx %r15,%r12
|
||||
adox $zero,%r12
|
||||
adox -2*8($tptr),%r12
|
||||
adcx $zero,%r13
|
||||
adox $zero,%r13
|
||||
|
||||
mov $bptr,8(%rsp) # off-load &b[i]
|
||||
.byte 0x67
|
||||
mov $mi,%r15
|
||||
imulq 24(%rsp),$mi # "t[0]"*n0
|
||||
xor %ebp,%ebp # xor $zero,$zero # cf=0, of=0
|
||||
|
||||
mulx 3*8($aptr),%rax,%r14
|
||||
mov $mi,%rdx
|
||||
adox -2*8($tptr),%r12
|
||||
adcx %rax,%r13
|
||||
adox -1*8($tptr),%r13
|
||||
adcx $zero,%r14
|
||||
|
@ -1925,6 +1925,7 @@ __bn_sqr8x_reduction:
|
||||
|
||||
.align 32
|
||||
.L8x_tail_done:
|
||||
xor %rax,%rax
|
||||
add (%rdx),%r8 # can this overflow?
|
||||
adc \$0,%r9
|
||||
adc \$0,%r10
|
||||
@ -1932,10 +1933,8 @@ __bn_sqr8x_reduction:
|
||||
adc \$0,%r12
|
||||
adc \$0,%r13
|
||||
adc \$0,%r14
|
||||
adc \$0,%r15 # can't overflow, because we
|
||||
# started with "overhung" part
|
||||
# of multiplication
|
||||
xor %rax,%rax
|
||||
adc \$0,%r15
|
||||
adc \$0,%rax
|
||||
|
||||
neg $carry
|
||||
.L8x_no_tail:
|
||||
@ -3375,6 +3374,7 @@ __bn_sqrx8x_reduction:
|
||||
|
||||
.align 32
|
||||
.Lsqrx8x_tail_done:
|
||||
xor %rax,%rax
|
||||
add 24+8(%rsp),%r8 # can this overflow?
|
||||
adc \$0,%r9
|
||||
adc \$0,%r10
|
||||
@ -3382,10 +3382,8 @@ __bn_sqrx8x_reduction:
|
||||
adc \$0,%r12
|
||||
adc \$0,%r13
|
||||
adc \$0,%r14
|
||||
adc \$0,%r15 # can't overflow, because we
|
||||
# started with "overhung" part
|
||||
# of multiplication
|
||||
mov $carry,%rax # xor %rax,%rax
|
||||
adc \$0,%r15
|
||||
adc \$0,%rax
|
||||
|
||||
sub 16+8(%rsp),$carry # mov 16(%rsp),%cf
|
||||
.Lsqrx8x_no_tail: # %cf is 0 if jumped here
|
||||
@ -3400,7 +3398,7 @@ __bn_sqrx8x_reduction:
|
||||
adc 8*5($tptr),%r13
|
||||
adc 8*6($tptr),%r14
|
||||
adc 8*7($tptr),%r15
|
||||
adc %rax,%rax # top-most carry
|
||||
adc \$0,%rax # top-most carry
|
||||
|
||||
mov 32+8(%rsp),%rbx # n0
|
||||
mov 8*8($tptr,%rcx),%rdx # modulo-scheduled "%r8"
|
||||
|
@ -180,8 +180,9 @@ int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
if (r != rr)
|
||||
BN_copy(r, rr);
|
||||
if (r != rr && BN_copy(r, rr) == NULL)
|
||||
goto err;
|
||||
|
||||
ret = 1;
|
||||
err:
|
||||
BN_CTX_end(ctx);
|
||||
|
@ -1083,8 +1083,9 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
|
||||
end:
|
||||
#endif
|
||||
bn_correct_top(rr);
|
||||
if (r != rr)
|
||||
BN_copy(r, rr);
|
||||
if (r != rr && BN_copy(r, rr) == NULL)
|
||||
goto err;
|
||||
|
||||
ret = 1;
|
||||
err:
|
||||
bn_check_top(r);
|
||||
|
@ -283,7 +283,8 @@ int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed,
|
||||
BIGNUM *t;
|
||||
if ((t = BN_CTX_get(ctx)) == NULL)
|
||||
goto err;
|
||||
BN_copy(t, a);
|
||||
if (BN_copy(t, a) == NULL)
|
||||
goto err;
|
||||
t->neg = 0;
|
||||
A = t;
|
||||
} else
|
||||
|
@ -143,8 +143,9 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
|
||||
rr->top = max - 1;
|
||||
else
|
||||
rr->top = max;
|
||||
if (rr != r)
|
||||
BN_copy(r, rr);
|
||||
if (r != rr && BN_copy(r, rr) == NULL)
|
||||
goto err;
|
||||
|
||||
ret = 1;
|
||||
err:
|
||||
bn_check_top(rr);
|
||||
|
@ -401,9 +401,12 @@ static int cms_wrap_init(CMS_KeyAgreeRecipientInfo *kari,
|
||||
* Pick a cipher based on content encryption cipher. If it is DES3 use
|
||||
* DES3 wrap otherwise use AES wrap similar to key size.
|
||||
*/
|
||||
#ifndef OPENSSL_NO_DES
|
||||
if (EVP_CIPHER_type(cipher) == NID_des_ede3_cbc)
|
||||
kekcipher = EVP_des_ede3_wrap();
|
||||
else if (keylen <= 16)
|
||||
else
|
||||
#endif
|
||||
if (keylen <= 16)
|
||||
kekcipher = EVP_aes_128_wrap();
|
||||
else if (keylen <= 24)
|
||||
kekcipher = EVP_aes_192_wrap();
|
||||
|
@ -223,6 +223,8 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
|
||||
goto err;
|
||||
BN_CTX_start(ctx);
|
||||
tmp = BN_CTX_get(ctx);
|
||||
if (tmp == NULL)
|
||||
goto err;
|
||||
|
||||
if (dh->priv_key == NULL) {
|
||||
DHerr(DH_F_COMPUTE_KEY, DH_R_NO_PRIVATE_VALUE);
|
||||
|
@ -180,7 +180,7 @@ static int pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
|
||||
DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE);
|
||||
return 0;
|
||||
}
|
||||
dctx->md = p2;
|
||||
dctx->pmd = p2;
|
||||
return 1;
|
||||
|
||||
case EVP_PKEY_CTRL_MD:
|
||||
|
@ -267,7 +267,7 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group,
|
||||
BN_CTX *ctx)
|
||||
{
|
||||
BIGNUM *x1, *x2, *z1, *z2;
|
||||
int ret = 0, i;
|
||||
int ret = 0, i, group_top;
|
||||
BN_ULONG mask, word;
|
||||
|
||||
if (r == point) {
|
||||
@ -297,10 +297,12 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group,
|
||||
x2 = &r->X;
|
||||
z2 = &r->Y;
|
||||
|
||||
bn_wexpand(x1, group->field.top);
|
||||
bn_wexpand(z1, group->field.top);
|
||||
bn_wexpand(x2, group->field.top);
|
||||
bn_wexpand(z2, group->field.top);
|
||||
group_top = group->field.top;
|
||||
if (bn_wexpand(x1, group_top) == NULL
|
||||
|| bn_wexpand(z1, group_top) == NULL
|
||||
|| bn_wexpand(x2, group_top) == NULL
|
||||
|| bn_wexpand(z2, group_top) == NULL)
|
||||
goto err;
|
||||
|
||||
if (!BN_GF2m_mod_arr(x1, &point->X, group->poly))
|
||||
goto err; /* x1 = x */
|
||||
@ -329,14 +331,14 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group,
|
||||
for (; i >= 0; i--) {
|
||||
word = scalar->d[i];
|
||||
while (mask) {
|
||||
BN_consttime_swap(word & mask, x1, x2, group->field.top);
|
||||
BN_consttime_swap(word & mask, z1, z2, group->field.top);
|
||||
BN_consttime_swap(word & mask, x1, x2, group_top);
|
||||
BN_consttime_swap(word & mask, z1, z2, group_top);
|
||||
if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx))
|
||||
goto err;
|
||||
if (!gf2m_Mdouble(group, x1, z1, ctx))
|
||||
goto err;
|
||||
BN_consttime_swap(word & mask, x1, x2, group->field.top);
|
||||
BN_consttime_swap(word & mask, z1, z2, group->field.top);
|
||||
BN_consttime_swap(word & mask, x1, x2, group_top);
|
||||
BN_consttime_swap(word & mask, z1, z2, group_top);
|
||||
mask >>= 1;
|
||||
}
|
||||
mask = BN_TBIT;
|
||||
|
@ -212,7 +212,9 @@ static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
|
||||
BN_CTX_end(ctx);
|
||||
if (ctx)
|
||||
BN_CTX_free(ctx);
|
||||
if (buf)
|
||||
if (buf) {
|
||||
OPENSSL_cleanse(buf, buflen);
|
||||
OPENSSL_free(buf);
|
||||
}
|
||||
return (ret);
|
||||
}
|
||||
|
@ -868,6 +868,9 @@ void ERR_error_string_n(unsigned long e, char *buf, size_t len)
|
||||
const char *ls, *fs, *rs;
|
||||
unsigned long l, f, r;
|
||||
|
||||
if (len == 0)
|
||||
return;
|
||||
|
||||
l = ERR_GET_LIB(e);
|
||||
f = ERR_GET_FUNC(e);
|
||||
r = ERR_GET_REASON(e);
|
||||
|
@ -155,10 +155,10 @@ void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out,
|
||||
const unsigned char ivec[AES_BLOCK_SIZE]);
|
||||
# endif
|
||||
# ifdef AES_XTS_ASM
|
||||
void AES_xts_encrypt(const char *inp, char *out, size_t len,
|
||||
void AES_xts_encrypt(const unsigned char *inp, unsigned char *out, size_t len,
|
||||
const AES_KEY *key1, const AES_KEY *key2,
|
||||
const unsigned char iv[16]);
|
||||
void AES_xts_decrypt(const char *inp, char *out, size_t len,
|
||||
void AES_xts_decrypt(const unsigned char *inp, unsigned char *out, size_t len,
|
||||
const AES_KEY *key1, const AES_KEY *key2,
|
||||
const unsigned char iv[16]);
|
||||
# endif
|
||||
|
@ -269,6 +269,8 @@ static int rc4_hmac_md5_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
|
||||
len = p[arg - 2] << 8 | p[arg - 1];
|
||||
|
||||
if (!ctx->encrypt) {
|
||||
if (len < MD5_DIGEST_LENGTH)
|
||||
return -1;
|
||||
len -= MD5_DIGEST_LENGTH;
|
||||
p[arg - 2] = len >> 8;
|
||||
p[arg - 1] = len;
|
||||
|
@ -1370,6 +1370,7 @@ void EVP_add_alg_module(void);
|
||||
* The following lines are auto generated by the script mkerr.pl. Any changes
|
||||
* made after this point may be overwritten when the script is next run.
|
||||
*/
|
||||
|
||||
void ERR_load_EVP_strings(void);
|
||||
|
||||
/* Error codes for the EVP functions. */
|
||||
@ -1489,6 +1490,7 @@ void ERR_load_EVP_strings(void);
|
||||
# define EVP_R_INPUT_NOT_INITIALIZED 111
|
||||
# define EVP_R_INVALID_DIGEST 152
|
||||
# define EVP_R_INVALID_FIPS_MODE 168
|
||||
# define EVP_R_INVALID_KEY 171
|
||||
# define EVP_R_INVALID_KEY_LENGTH 130
|
||||
# define EVP_R_INVALID_OPERATION 148
|
||||
# define EVP_R_IV_TOO_LARGE 102
|
||||
@ -1528,7 +1530,7 @@ void ERR_load_EVP_strings(void);
|
||||
# define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109
|
||||
# define EVP_R_WRONG_PUBLIC_KEY_TYPE 110
|
||||
|
||||
#ifdef __cplusplus
|
||||
# ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
# endif
|
||||
#endif
|
||||
|
@ -1,6 +1,6 @@
|
||||
/* crypto/evp/evp_err.c */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1999-2013 The OpenSSL Project. All rights reserved.
|
||||
* Copyright (c) 1999-2016 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
@ -192,6 +192,7 @@ static ERR_STRING_DATA EVP_str_reasons[] = {
|
||||
{ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED), "input not initialized"},
|
||||
{ERR_REASON(EVP_R_INVALID_DIGEST), "invalid digest"},
|
||||
{ERR_REASON(EVP_R_INVALID_FIPS_MODE), "invalid fips mode"},
|
||||
{ERR_REASON(EVP_R_INVALID_KEY), "invalid key"},
|
||||
{ERR_REASON(EVP_R_INVALID_KEY_LENGTH), "invalid key length"},
|
||||
{ERR_REASON(EVP_R_INVALID_OPERATION), "invalid operation"},
|
||||
{ERR_REASON(EVP_R_IV_TOO_LARGE), "iv too large"},
|
||||
|
@ -65,17 +65,19 @@
|
||||
#include "evp_locl.h"
|
||||
|
||||
#define M_check_autoarg(ctx, arg, arglen, err) \
|
||||
if (ctx->pmeth->flags & EVP_PKEY_FLAG_AUTOARGLEN) \
|
||||
{ \
|
||||
if (ctx->pmeth->flags & EVP_PKEY_FLAG_AUTOARGLEN) { \
|
||||
size_t pksize = (size_t)EVP_PKEY_size(ctx->pkey); \
|
||||
if (!arg) \
|
||||
{ \
|
||||
\
|
||||
if (pksize == 0) { \
|
||||
EVPerr(err, EVP_R_INVALID_KEY); /*ckerr_ignore*/ \
|
||||
return 0; \
|
||||
} \
|
||||
if (!arg) { \
|
||||
*arglen = pksize; \
|
||||
return 1; \
|
||||
} \
|
||||
else if (*arglen < pksize) \
|
||||
{ \
|
||||
EVPerr(err, EVP_R_BUFFER_TOO_SMALL); /*ckerr_ignore*/\
|
||||
if (*arglen < pksize) { \
|
||||
EVPerr(err, EVP_R_BUFFER_TOO_SMALL); /*ckerr_ignore*/ \
|
||||
return 0; \
|
||||
} \
|
||||
}
|
||||
|
@ -199,6 +199,7 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id)
|
||||
EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags)
|
||||
{
|
||||
EVP_PKEY_METHOD *pmeth;
|
||||
|
||||
pmeth = OPENSSL_malloc(sizeof(EVP_PKEY_METHOD));
|
||||
if (!pmeth)
|
||||
return NULL;
|
||||
@ -207,33 +208,6 @@ EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags)
|
||||
|
||||
pmeth->pkey_id = id;
|
||||
pmeth->flags = flags | EVP_PKEY_FLAG_DYNAMIC;
|
||||
|
||||
pmeth->init = 0;
|
||||
pmeth->copy = 0;
|
||||
pmeth->cleanup = 0;
|
||||
pmeth->paramgen_init = 0;
|
||||
pmeth->paramgen = 0;
|
||||
pmeth->keygen_init = 0;
|
||||
pmeth->keygen = 0;
|
||||
pmeth->sign_init = 0;
|
||||
pmeth->sign = 0;
|
||||
pmeth->verify_init = 0;
|
||||
pmeth->verify = 0;
|
||||
pmeth->verify_recover_init = 0;
|
||||
pmeth->verify_recover = 0;
|
||||
pmeth->signctx_init = 0;
|
||||
pmeth->signctx = 0;
|
||||
pmeth->verifyctx_init = 0;
|
||||
pmeth->verifyctx = 0;
|
||||
pmeth->encrypt_init = 0;
|
||||
pmeth->encrypt = 0;
|
||||
pmeth->decrypt_init = 0;
|
||||
pmeth->decrypt = 0;
|
||||
pmeth->derive_init = 0;
|
||||
pmeth->derive = 0;
|
||||
pmeth->ctrl = 0;
|
||||
pmeth->ctrl_str = 0;
|
||||
|
||||
return pmeth;
|
||||
}
|
||||
|
||||
|
@ -100,7 +100,7 @@ static void ctr128_inc_aligned(unsigned char *counter)
|
||||
--n;
|
||||
d = data[n] += c;
|
||||
/* did addition carry? */
|
||||
c = ((d - c) ^ d) >> (sizeof(size_t) * 8 - 1);
|
||||
c = ((d - c) & ~d) >> (sizeof(size_t) * 8 - 1);
|
||||
} while (n);
|
||||
}
|
||||
#endif
|
||||
|
@ -30,11 +30,11 @@ extern "C" {
|
||||
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
|
||||
* major minor fix final patch/beta)
|
||||
*/
|
||||
# define OPENSSL_VERSION_NUMBER 0x100020afL
|
||||
# define OPENSSL_VERSION_NUMBER 0x100020bfL
|
||||
# ifdef OPENSSL_FIPS
|
||||
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2j-fips 26 Sep 2016"
|
||||
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2k-fips 26 Jan 2017"
|
||||
# else
|
||||
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2j 26 Sep 2016"
|
||||
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2k 26 Jan 2017"
|
||||
# endif
|
||||
# define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
|
||||
|
||||
|
@ -250,11 +250,18 @@ my %globals;
|
||||
$self->{base} =~ s/^[er](.?[0-9xpi])[d]?$/r\1/;
|
||||
|
||||
# Solaris /usr/ccs/bin/as can't handle multiplications
|
||||
# in $self->{label}, new gas requires sign extension...
|
||||
# in $self->{label}...
|
||||
use integer;
|
||||
$self->{label} =~ s/(?<![\w\$\.])(0x?[0-9a-f]+)/oct($1)/egi;
|
||||
$self->{label} =~ s/\b([0-9]+\s*[\*\/\%]\s*[0-9]+)\b/eval($1)/eg;
|
||||
|
||||
# Some assemblers insist on signed presentation of 32-bit
|
||||
# offsets, but sign extension is a tricky business in perl...
|
||||
if ((1<<31)<<1) {
|
||||
$self->{label} =~ s/\b([0-9]+)\b/$1<<32>>32/eg;
|
||||
} else {
|
||||
$self->{label} =~ s/\b([0-9]+)\b/$1>>0/eg;
|
||||
}
|
||||
|
||||
if (!$self->{label} && $self->{index} && $self->{scale}==1 &&
|
||||
$self->{base} =~ /(rbp|r13)/) {
|
||||
|
@ -142,7 +142,8 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
|
||||
if (!rsa->iqmp && ((rsa->iqmp = BN_new()) == NULL))
|
||||
goto err;
|
||||
|
||||
BN_copy(rsa->e, e_value);
|
||||
if (BN_copy(rsa->e, e_value) == NULL)
|
||||
goto err;
|
||||
|
||||
/* generate p and q */
|
||||
for (;;) {
|
||||
|
@ -89,17 +89,21 @@ int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
|
||||
}
|
||||
|
||||
if (PKCS1_MGF1(dbmask, emlen - mdlen, seed, mdlen, mgf1md) < 0)
|
||||
return 0;
|
||||
goto err;
|
||||
for (i = 0; i < emlen - mdlen; i++)
|
||||
db[i] ^= dbmask[i];
|
||||
|
||||
if (PKCS1_MGF1(seedmask, mdlen, db, emlen - mdlen, mgf1md) < 0)
|
||||
return 0;
|
||||
goto err;
|
||||
for (i = 0; i < mdlen; i++)
|
||||
seed[i] ^= seedmask[i];
|
||||
|
||||
OPENSSL_free(dbmask);
|
||||
return 1;
|
||||
|
||||
err:
|
||||
OPENSSL_free(dbmask);
|
||||
return 0;
|
||||
}
|
||||
|
||||
int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
|
||||
|
@ -373,6 +373,10 @@ static int pkey_rsa_verify(EVP_PKEY_CTX *ctx,
|
||||
if (rctx->pad_mode == RSA_PKCS1_PADDING)
|
||||
return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen,
|
||||
sig, siglen, rsa);
|
||||
if (tbslen != (size_t)EVP_MD_size(rctx->md)) {
|
||||
RSAerr(RSA_F_PKEY_RSA_VERIFY, RSA_R_INVALID_DIGEST_LENGTH);
|
||||
return -1;
|
||||
}
|
||||
if (rctx->pad_mode == RSA_X931_PADDING) {
|
||||
if (pkey_rsa_verifyrecover(ctx, NULL, &rslen, sig, siglen) <= 0)
|
||||
return 0;
|
||||
|
@ -3,6 +3,7 @@
|
||||
#include <string.h>
|
||||
#include <setjmp.h>
|
||||
#include <signal.h>
|
||||
#include "cryptlib.h"
|
||||
|
||||
extern unsigned long OPENSSL_s390xcap_P[];
|
||||
|
||||
|
@ -164,7 +164,7 @@ static int general_allocate_string(UI *ui, const char *prompt,
|
||||
UI_STRING *s = general_allocate_prompt(ui, prompt, prompt_freeable,
|
||||
type, input_flags, result_buf);
|
||||
|
||||
if (s) {
|
||||
if (s != NULL) {
|
||||
if (allocate_string_stack(ui) >= 0) {
|
||||
s->_.string_data.result_minsize = minsize;
|
||||
s->_.string_data.result_maxsize = maxsize;
|
||||
@ -197,8 +197,8 @@ static int general_allocate_boolean(UI *ui,
|
||||
} else if (cancel_chars == NULL) {
|
||||
UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN, ERR_R_PASSED_NULL_PARAMETER);
|
||||
} else {
|
||||
for (p = ok_chars; *p; p++) {
|
||||
if (strchr(cancel_chars, *p)) {
|
||||
for (p = ok_chars; *p != '\0'; p++) {
|
||||
if (strchr(cancel_chars, *p) != NULL) {
|
||||
UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN,
|
||||
UI_R_COMMON_OK_AND_CANCEL_CHARACTERS);
|
||||
}
|
||||
@ -207,7 +207,7 @@ static int general_allocate_boolean(UI *ui,
|
||||
s = general_allocate_prompt(ui, prompt, prompt_freeable,
|
||||
type, input_flags, result_buf);
|
||||
|
||||
if (s) {
|
||||
if (s != NULL) {
|
||||
if (allocate_string_stack(ui) >= 0) {
|
||||
s->_.boolean_data.action_desc = action_desc;
|
||||
s->_.boolean_data.ok_chars = ok_chars;
|
||||
@ -243,7 +243,7 @@ int UI_dup_input_string(UI *ui, const char *prompt, int flags,
|
||||
{
|
||||
char *prompt_copy = NULL;
|
||||
|
||||
if (prompt) {
|
||||
if (prompt != NULL) {
|
||||
prompt_copy = BUF_strdup(prompt);
|
||||
if (prompt_copy == NULL) {
|
||||
UIerr(UI_F_UI_DUP_INPUT_STRING, ERR_R_MALLOC_FAILURE);
|
||||
@ -271,7 +271,7 @@ int UI_dup_verify_string(UI *ui, const char *prompt, int flags,
|
||||
{
|
||||
char *prompt_copy = NULL;
|
||||
|
||||
if (prompt) {
|
||||
if (prompt != NULL) {
|
||||
prompt_copy = BUF_strdup(prompt);
|
||||
if (prompt_copy == NULL) {
|
||||
UIerr(UI_F_UI_DUP_VERIFY_STRING, ERR_R_MALLOC_FAILURE);
|
||||
@ -302,7 +302,7 @@ int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,
|
||||
char *ok_chars_copy = NULL;
|
||||
char *cancel_chars_copy = NULL;
|
||||
|
||||
if (prompt) {
|
||||
if (prompt != NULL) {
|
||||
prompt_copy = BUF_strdup(prompt);
|
||||
if (prompt_copy == NULL) {
|
||||
UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE);
|
||||
@ -310,7 +310,7 @@ int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,
|
||||
}
|
||||
}
|
||||
|
||||
if (action_desc) {
|
||||
if (action_desc != NULL) {
|
||||
action_desc_copy = BUF_strdup(action_desc);
|
||||
if (action_desc_copy == NULL) {
|
||||
UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE);
|
||||
@ -318,7 +318,7 @@ int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,
|
||||
}
|
||||
}
|
||||
|
||||
if (ok_chars) {
|
||||
if (ok_chars != NULL) {
|
||||
ok_chars_copy = BUF_strdup(ok_chars);
|
||||
if (ok_chars_copy == NULL) {
|
||||
UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE);
|
||||
@ -326,7 +326,7 @@ int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,
|
||||
}
|
||||
}
|
||||
|
||||
if (cancel_chars) {
|
||||
if (cancel_chars != NULL) {
|
||||
cancel_chars_copy = BUF_strdup(cancel_chars);
|
||||
if (cancel_chars_copy == NULL) {
|
||||
UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE);
|
||||
@ -359,7 +359,7 @@ int UI_dup_info_string(UI *ui, const char *text)
|
||||
{
|
||||
char *text_copy = NULL;
|
||||
|
||||
if (text) {
|
||||
if (text != NULL) {
|
||||
text_copy = BUF_strdup(text);
|
||||
if (text_copy == NULL) {
|
||||
UIerr(UI_F_UI_DUP_INFO_STRING, ERR_R_MALLOC_FAILURE);
|
||||
@ -381,7 +381,7 @@ int UI_dup_error_string(UI *ui, const char *text)
|
||||
{
|
||||
char *text_copy = NULL;
|
||||
|
||||
if (text) {
|
||||
if (text != NULL) {
|
||||
text_copy = BUF_strdup(text);
|
||||
if (text_copy == NULL) {
|
||||
UIerr(UI_F_UI_DUP_ERROR_STRING, ERR_R_MALLOC_FAILURE);
|
||||
@ -397,7 +397,7 @@ char *UI_construct_prompt(UI *ui, const char *object_desc,
|
||||
{
|
||||
char *prompt = NULL;
|
||||
|
||||
if (ui->meth->ui_construct_prompt)
|
||||
if (ui->meth->ui_construct_prompt != NULL)
|
||||
prompt = ui->meth->ui_construct_prompt(ui, object_desc, object_name);
|
||||
else {
|
||||
char prompt1[] = "Enter ";
|
||||
@ -408,7 +408,7 @@ char *UI_construct_prompt(UI *ui, const char *object_desc,
|
||||
if (object_desc == NULL)
|
||||
return NULL;
|
||||
len = sizeof(prompt1) - 1 + strlen(object_desc);
|
||||
if (object_name)
|
||||
if (object_name != NULL)
|
||||
len += sizeof(prompt2) - 1 + strlen(object_name);
|
||||
len += sizeof(prompt3) - 1;
|
||||
|
||||
@ -417,7 +417,7 @@ char *UI_construct_prompt(UI *ui, const char *object_desc,
|
||||
return NULL;
|
||||
BUF_strlcpy(prompt, prompt1, len + 1);
|
||||
BUF_strlcat(prompt, object_desc, len + 1);
|
||||
if (object_name) {
|
||||
if (object_name != NULL) {
|
||||
BUF_strlcat(prompt, prompt2, len + 1);
|
||||
BUF_strlcat(prompt, object_name, len + 1);
|
||||
}
|
||||
@ -459,7 +459,8 @@ static int print_error(const char *str, size_t len, UI *ui)
|
||||
uis.type = UIT_ERROR;
|
||||
uis.out_string = str;
|
||||
|
||||
if (ui->meth->ui_write_string && !ui->meth->ui_write_string(ui, &uis))
|
||||
if (ui->meth->ui_write_string != NULL
|
||||
&& ui->meth->ui_write_string(ui, &uis) <= 0)
|
||||
return -1;
|
||||
return 0;
|
||||
}
|
||||
@ -468,24 +469,28 @@ int UI_process(UI *ui)
|
||||
{
|
||||
int i, ok = 0;
|
||||
|
||||
if (ui->meth->ui_open_session && !ui->meth->ui_open_session(ui))
|
||||
return -1;
|
||||
if (ui->meth->ui_open_session != NULL
|
||||
&& ui->meth->ui_open_session(ui) <= 0) {
|
||||
ok = -1;
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (ui->flags & UI_FLAG_PRINT_ERRORS)
|
||||
ERR_print_errors_cb((int (*)(const char *, size_t, void *))
|
||||
print_error, (void *)ui);
|
||||
|
||||
for (i = 0; i < sk_UI_STRING_num(ui->strings); i++) {
|
||||
if (ui->meth->ui_write_string
|
||||
&& !ui->meth->ui_write_string(ui,
|
||||
sk_UI_STRING_value(ui->strings, i)))
|
||||
if (ui->meth->ui_write_string != NULL
|
||||
&& (ui->meth->ui_write_string(ui,
|
||||
sk_UI_STRING_value(ui->strings, i))
|
||||
<= 0))
|
||||
{
|
||||
ok = -1;
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
|
||||
if (ui->meth->ui_flush)
|
||||
if (ui->meth->ui_flush != NULL)
|
||||
switch (ui->meth->ui_flush(ui)) {
|
||||
case -1: /* Interrupt/Cancel/something... */
|
||||
ok = -2;
|
||||
@ -499,7 +504,7 @@ int UI_process(UI *ui)
|
||||
}
|
||||
|
||||
for (i = 0; i < sk_UI_STRING_num(ui->strings); i++) {
|
||||
if (ui->meth->ui_read_string) {
|
||||
if (ui->meth->ui_read_string != NULL) {
|
||||
switch (ui->meth->ui_read_string(ui,
|
||||
sk_UI_STRING_value(ui->strings,
|
||||
i))) {
|
||||
@ -516,7 +521,8 @@ int UI_process(UI *ui)
|
||||
}
|
||||
}
|
||||
err:
|
||||
if (ui->meth->ui_close_session && !ui->meth->ui_close_session(ui))
|
||||
if (ui->meth->ui_close_session != NULL
|
||||
&& ui->meth->ui_close_session(ui) <= 0)
|
||||
return -1;
|
||||
return ok;
|
||||
}
|
||||
@ -612,48 +618,48 @@ void UI_destroy_method(UI_METHOD *ui_method)
|
||||
|
||||
int UI_method_set_opener(UI_METHOD *method, int (*opener) (UI *ui))
|
||||
{
|
||||
if (method) {
|
||||
if (method != NULL) {
|
||||
method->ui_open_session = opener;
|
||||
return 0;
|
||||
} else
|
||||
}
|
||||
return -1;
|
||||
}
|
||||
|
||||
int UI_method_set_writer(UI_METHOD *method,
|
||||
int (*writer) (UI *ui, UI_STRING *uis))
|
||||
{
|
||||
if (method) {
|
||||
if (method != NULL) {
|
||||
method->ui_write_string = writer;
|
||||
return 0;
|
||||
} else
|
||||
}
|
||||
return -1;
|
||||
}
|
||||
|
||||
int UI_method_set_flusher(UI_METHOD *method, int (*flusher) (UI *ui))
|
||||
{
|
||||
if (method) {
|
||||
if (method != NULL) {
|
||||
method->ui_flush = flusher;
|
||||
return 0;
|
||||
} else
|
||||
}
|
||||
return -1;
|
||||
}
|
||||
|
||||
int UI_method_set_reader(UI_METHOD *method,
|
||||
int (*reader) (UI *ui, UI_STRING *uis))
|
||||
{
|
||||
if (method) {
|
||||
if (method != NULL) {
|
||||
method->ui_read_string = reader;
|
||||
return 0;
|
||||
} else
|
||||
}
|
||||
return -1;
|
||||
}
|
||||
|
||||
int UI_method_set_closer(UI_METHOD *method, int (*closer) (UI *ui))
|
||||
{
|
||||
if (method) {
|
||||
if (method != NULL) {
|
||||
method->ui_close_session = closer;
|
||||
return 0;
|
||||
} else
|
||||
}
|
||||
return -1;
|
||||
}
|
||||
|
||||
@ -664,54 +670,54 @@ int UI_method_set_prompt_constructor(UI_METHOD *method,
|
||||
const char
|
||||
*object_name))
|
||||
{
|
||||
if (method) {
|
||||
if (method != NULL) {
|
||||
method->ui_construct_prompt = prompt_constructor;
|
||||
return 0;
|
||||
} else
|
||||
}
|
||||
return -1;
|
||||
}
|
||||
|
||||
int (*UI_method_get_opener(UI_METHOD *method)) (UI *) {
|
||||
if (method)
|
||||
int (*UI_method_get_opener(UI_METHOD *method)) (UI *)
|
||||
{
|
||||
if (method != NULL)
|
||||
return method->ui_open_session;
|
||||
else
|
||||
return NULL;
|
||||
}
|
||||
|
||||
int (*UI_method_get_writer(UI_METHOD *method)) (UI *, UI_STRING *) {
|
||||
if (method)
|
||||
int (*UI_method_get_writer(UI_METHOD *method)) (UI *, UI_STRING *)
|
||||
{
|
||||
if (method != NULL)
|
||||
return method->ui_write_string;
|
||||
else
|
||||
return NULL;
|
||||
}
|
||||
|
||||
int (*UI_method_get_flusher(UI_METHOD *method)) (UI *) {
|
||||
if (method)
|
||||
int (*UI_method_get_flusher(UI_METHOD *method)) (UI *)
|
||||
{
|
||||
if (method != NULL)
|
||||
return method->ui_flush;
|
||||
else
|
||||
return NULL;
|
||||
}
|
||||
|
||||
int (*UI_method_get_reader(UI_METHOD *method)) (UI *, UI_STRING *) {
|
||||
if (method)
|
||||
int (*UI_method_get_reader(UI_METHOD *method)) (UI *, UI_STRING *)
|
||||
{
|
||||
if (method != NULL)
|
||||
return method->ui_read_string;
|
||||
else
|
||||
return NULL;
|
||||
}
|
||||
|
||||
int (*UI_method_get_closer(UI_METHOD *method)) (UI *) {
|
||||
if (method)
|
||||
int (*UI_method_get_closer(UI_METHOD *method)) (UI *)
|
||||
{
|
||||
if (method != NULL)
|
||||
return method->ui_close_session;
|
||||
else
|
||||
return NULL;
|
||||
}
|
||||
|
||||
char *(*UI_method_get_prompt_constructor(UI_METHOD *method)) (UI *,
|
||||
const char *,
|
||||
const char *) {
|
||||
if (method)
|
||||
const char *)
|
||||
{
|
||||
if (method != NULL)
|
||||
return method->ui_construct_prompt;
|
||||
else
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
@ -440,7 +440,7 @@ static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl)
|
||||
# else
|
||||
p = fgets(result, maxsize, tty_in);
|
||||
# endif
|
||||
if (!p)
|
||||
if (p == NULL)
|
||||
goto error;
|
||||
if (feof(tty_in))
|
||||
goto error;
|
||||
@ -508,19 +508,32 @@ static int open_console(UI *ui)
|
||||
if (errno == EINVAL)
|
||||
is_a_tty = 0;
|
||||
else
|
||||
# endif
|
||||
# ifdef ENODEV
|
||||
/*
|
||||
* MacOS X returns ENODEV (Operation not supported by device),
|
||||
* which seems appropriate.
|
||||
*/
|
||||
if (errno == ENODEV)
|
||||
is_a_tty = 0;
|
||||
else
|
||||
# endif
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
status = sys$assign(&terminal, &channel, 0, 0);
|
||||
|
||||
/* if there isn't a TT device, something is very wrong */
|
||||
if (status != SS$_NORMAL)
|
||||
return 0;
|
||||
status =
|
||||
sys$qiow(0, channel, IO$_SENSEMODE, &iosb, 0, 0, tty_orig, 12, 0, 0,
|
||||
0, 0);
|
||||
|
||||
status = sys$qiow(0, channel, IO$_SENSEMODE, &iosb, 0, 0, tty_orig, 12,
|
||||
0, 0, 0, 0);
|
||||
|
||||
/* If IO$_SENSEMODE doesn't work, this is not a terminal device */
|
||||
if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
|
||||
return 0;
|
||||
is_a_tty = 0;
|
||||
#endif
|
||||
return 1;
|
||||
}
|
||||
@ -537,14 +550,15 @@ static int noecho_console(UI *ui)
|
||||
return 0;
|
||||
#endif
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
if (is_a_tty) {
|
||||
tty_new[0] = tty_orig[0];
|
||||
tty_new[1] = tty_orig[1] | TT$M_NOECHO;
|
||||
tty_new[2] = tty_orig[2];
|
||||
status =
|
||||
sys$qiow(0, channel, IO$_SETMODE, &iosb, 0, 0, tty_new, 12, 0, 0, 0,
|
||||
0);
|
||||
status = sys$qiow(0, channel, IO$_SETMODE, &iosb, 0, 0, tty_new, 12,
|
||||
0, 0, 0, 0);
|
||||
if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
return 1;
|
||||
}
|
||||
@ -561,14 +575,15 @@ static int echo_console(UI *ui)
|
||||
return 0;
|
||||
#endif
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
if (is_a_tty) {
|
||||
tty_new[0] = tty_orig[0];
|
||||
tty_new[1] = tty_orig[1] & ~TT$M_NOECHO;
|
||||
tty_new[2] = tty_orig[2];
|
||||
status =
|
||||
sys$qiow(0, channel, IO$_SETMODE, &iosb, 0, 0, tty_new, 12, 0, 0, 0,
|
||||
0);
|
||||
status = sys$qiow(0, channel, IO$_SETMODE, &iosb, 0, 0, tty_new, 12,
|
||||
0, 0, 0, 0);
|
||||
if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
return 1;
|
||||
}
|
||||
@ -581,6 +596,8 @@ static int close_console(UI *ui)
|
||||
fclose(tty_out);
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
status = sys$dassgn(channel);
|
||||
if (status != SS$_NORMAL)
|
||||
return 0;
|
||||
#endif
|
||||
CRYPTO_w_unlock(CRYPTO_LOCK_UI);
|
||||
|
||||
|
@ -26,6 +26,7 @@ B<openssl> B<ocsp>
|
||||
[B<-no_nonce>]
|
||||
[B<-url URL>]
|
||||
[B<-host host:n>]
|
||||
[B<-header name value>]
|
||||
[B<-path>]
|
||||
[B<-CApath dir>]
|
||||
[B<-CAfile file>]
|
||||
@ -135,6 +136,14 @@ if the B<host> option is present then the OCSP request is sent to the host
|
||||
B<hostname> on port B<port>. B<path> specifies the HTTP path name to use
|
||||
or "/" by default.
|
||||
|
||||
=item B<-header name value>
|
||||
|
||||
If sending a request to an OCSP server, then the specified header name and
|
||||
value are added to the HTTP request. Note that the B<name> and B<value> must
|
||||
be specified as two separate parameters, not as a single quoted string, and
|
||||
that the header name does not have the trailing colon.
|
||||
Some OCSP responders require a Host header; use this flag to provide it.
|
||||
|
||||
=item B<-timeout seconds>
|
||||
|
||||
connection timeout to the OCSP responder in seconds
|
||||
|
@ -10,7 +10,7 @@ EVP_DigestSignInit, EVP_DigestSignUpdate, EVP_DigestSignFinal - EVP signing func
|
||||
|
||||
int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
||||
const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
|
||||
int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
|
||||
int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt);
|
||||
int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen);
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
@ -10,7 +10,7 @@ EVP_DigestVerifyInit, EVP_DigestVerifyUpdate, EVP_DigestVerifyFinal - EVP signat
|
||||
|
||||
int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
||||
const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
|
||||
int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
|
||||
int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt);
|
||||
int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, size_t siglen);
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
@ -52,7 +52,7 @@ it is called as B<BN_GENCB_call(cb, 3, 0)>.
|
||||
The process is then repeated for prime q with B<BN_GENCB_call(cb, 3, 1)>.
|
||||
|
||||
RSA_generate_key is deprecated (new applications should use
|
||||
RSA_generate_key_ex instead). RSA_generate_key works in the same was as
|
||||
RSA_generate_key_ex instead). RSA_generate_key works in the same way as
|
||||
RSA_generate_key_ex except it uses "old style" call backs. See
|
||||
L<BN_generate_prime(3)|BN_generate_prime(3)> for further details.
|
||||
|
||||
|
@ -83,10 +83,9 @@ Process all entries:
|
||||
|
||||
Process all commonName entries:
|
||||
|
||||
int loc;
|
||||
int lastpos = -1;
|
||||
X509_NAME_ENTRY *e;
|
||||
|
||||
loc = -1;
|
||||
for (;;)
|
||||
{
|
||||
lastpos = X509_NAME_get_index_by_NID(nm, NID_commonName, lastpos);
|
||||
|
@ -23,9 +23,11 @@ can be extensively customised by use of the B<flags> parameter.
|
||||
X509_NAME_print_ex_fp() is identical to X509_NAME_print_ex() except the output is
|
||||
written to FILE pointer B<fp>.
|
||||
|
||||
X509_NAME_oneline() prints an ASCII version of B<a> to B<buf>. At most B<size>
|
||||
bytes will be written. If B<buf> is B<NULL> then a buffer is dynamically allocated
|
||||
and returned, otherwise B<buf> is returned.
|
||||
X509_NAME_oneline() prints an ASCII version of B<a> to B<buf>.
|
||||
If B<buf> is B<NULL> then a buffer is dynamically allocated and returned, and
|
||||
B<size> is ignored.
|
||||
Otherwise, at most B<size> bytes will be written, including the ending '\0',
|
||||
and B<buf> is returned.
|
||||
|
||||
X509_NAME_print() prints out B<name> to B<bp> indenting each line by B<obase>
|
||||
characters. Multiple lines are used if the output (including indent) exceeds
|
||||
|
@ -30,7 +30,7 @@ server. It can only send exactly one id. The server then either
|
||||
agrees to reuse the session or it starts a full handshake (to create a new
|
||||
session).
|
||||
|
||||
A server will lookup up the session in its internal session storage. If the
|
||||
A server will look up the session in its internal session storage. If the
|
||||
session is not found in internal storage or lookups for the internal storage
|
||||
have been deactivated (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP), the server will try
|
||||
the external storage if available.
|
||||
|
@ -38,12 +38,13 @@ if and only if B<ret E<gt> 0>.
|
||||
|
||||
=item SSL_ERROR_ZERO_RETURN
|
||||
|
||||
The TLS/SSL connection has been closed. If the protocol version is SSL 3.0
|
||||
or TLS 1.0, this result code is returned only if a closure
|
||||
alert has occurred in the protocol, i.e. if the connection has been
|
||||
closed cleanly. Note that in this case B<SSL_ERROR_ZERO_RETURN>
|
||||
does not necessarily indicate that the underlying transport
|
||||
has been closed.
|
||||
The TLS/SSL connection has been closed.
|
||||
If the protocol version is SSL 3.0 or higher, this result code is returned only
|
||||
if a closure alert has occurred in the protocol, i.e. if the connection has been
|
||||
closed cleanly.
|
||||
Note that in this case B<SSL_ERROR_ZERO_RETURN> does not necessarily
|
||||
indicate that the underlying transport has been closed.
|
||||
|
||||
|
||||
=item SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE
|
||||
|
||||
@ -89,12 +90,9 @@ Details depend on the application.
|
||||
|
||||
=item SSL_ERROR_SYSCALL
|
||||
|
||||
Some I/O error occurred. The OpenSSL error queue may contain more
|
||||
information on the error. If the error queue is empty
|
||||
(i.e. ERR_get_error() returns 0), B<ret> can be used to find out more
|
||||
about the error: If B<ret == 0>, an EOF was observed that violates
|
||||
the protocol. If B<ret == -1>, the underlying B<BIO> reported an
|
||||
I/O error (for socket I/O on Unix systems, consult B<errno> for details).
|
||||
Some non-recoverable I/O error occurred.
|
||||
The OpenSSL error queue may contain more information on the error.
|
||||
For socket I/O on Unix systems, consult B<errno> for details.
|
||||
|
||||
=item SSL_ERROR_SSL
|
||||
|
||||
|
@ -81,33 +81,29 @@ The following return values can occur:
|
||||
|
||||
=over 4
|
||||
|
||||
=item E<gt>0
|
||||
=item E<gt> 0
|
||||
|
||||
The read operation was successful; the return value is the number of
|
||||
bytes actually read from the TLS/SSL connection.
|
||||
The read operation was successful.
|
||||
The return value is the number of bytes actually read from the TLS/SSL
|
||||
connection.
|
||||
|
||||
=item Z<>0
|
||||
=item Z<><= 0
|
||||
|
||||
The read operation was not successful. The reason may either be a clean
|
||||
shutdown due to a "close notify" alert sent by the peer (in which case
|
||||
the SSL_RECEIVED_SHUTDOWN flag in the ssl shutdown state is set
|
||||
(see L<SSL_shutdown(3)|SSL_shutdown(3)>,
|
||||
L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>). It is also possible, that
|
||||
the peer simply shut down the underlying transport and the shutdown is
|
||||
incomplete. Call SSL_get_error() with the return value B<ret> to find out,
|
||||
whether an error occurred or the connection was shut down cleanly
|
||||
(SSL_ERROR_ZERO_RETURN).
|
||||
|
||||
=item E<lt>0
|
||||
|
||||
The read operation was not successful, because either the connection was closed,
|
||||
an error occurred or action must be taken by the calling process.
|
||||
Call L<SSL_get_error(3)> with the return value B<ret> to find out the reason.
|
||||
|
||||
SSLv2 (deprecated) does not support a shutdown alert protocol, so it can
|
||||
only be detected, whether the underlying connection was closed. It cannot
|
||||
be checked, whether the closure was initiated by the peer or by something
|
||||
else.
|
||||
|
||||
=item E<lt>0
|
||||
|
||||
The read operation was not successful, because either an error occurred
|
||||
or action must be taken by the calling process. Call SSL_get_error() with the
|
||||
return value B<ret> to find out the reason.
|
||||
Old documentation indicated a difference between 0 and -1, and that -1 was
|
||||
retryable.
|
||||
You should instead call SSL_get_error() to find out if it's retryable.
|
||||
|
||||
=back
|
||||
|
||||
|
@ -74,27 +74,24 @@ The following return values can occur:
|
||||
|
||||
=over 4
|
||||
|
||||
=item E<gt>0
|
||||
=item E<gt> 0
|
||||
|
||||
The write operation was successful, the return value is the number of
|
||||
bytes actually written to the TLS/SSL connection.
|
||||
|
||||
=item Z<>0
|
||||
=item Z<><= 0
|
||||
|
||||
The write operation was not successful. Probably the underlying connection
|
||||
was closed. Call SSL_get_error() with the return value B<ret> to find out,
|
||||
whether an error occurred or the connection was shut down cleanly
|
||||
(SSL_ERROR_ZERO_RETURN).
|
||||
The write operation was not successful, because either the connection was
|
||||
closed, an error occurred or action must be taken by the calling process.
|
||||
Call SSL_get_error() with the return value B<ret> to find out the reason.
|
||||
|
||||
SSLv2 (deprecated) does not support a shutdown alert protocol, so it can
|
||||
only be detected, whether the underlying connection was closed. It cannot
|
||||
be checked, why the closure happened.
|
||||
|
||||
=item E<lt>0
|
||||
|
||||
The write operation was not successful, because either an error occurred
|
||||
or action must be taken by the calling process. Call SSL_get_error() with the
|
||||
return value B<ret> to find out the reason.
|
||||
Old documentation indicated a difference between 0 and -1, and that -1 was
|
||||
retryable.
|
||||
You should instead call SSL_get_error() to find out if it's retryable.
|
||||
|
||||
=back
|
||||
|
||||
|
@ -32,7 +32,7 @@ lib: $(LIBOBJ)
|
||||
$(MAKE) -f $(TOP)/Makefile.shared -e \
|
||||
LIBNAME=$(LIBNAME) \
|
||||
LIBEXTRAS='$(LIBOBJ)' \
|
||||
LIBDEPS='-L$(TOP) -lcrypto' \
|
||||
LIBDEPS='-L$(TOP) -lcrypto $(EX_LIBS)' \
|
||||
link_o.$(SHLIB_TARGET); \
|
||||
else \
|
||||
$(AR) $(LIB) $(LIBOBJ); \
|
||||
|
@ -756,6 +756,7 @@ int main(int argc, char *argv[])
|
||||
BIO *rbio;
|
||||
BIO *wbio;
|
||||
BIO *err;
|
||||
time_t now = 0;
|
||||
int testresult = 0;
|
||||
int ret;
|
||||
int i;
|
||||
@ -773,7 +774,9 @@ int main(int argc, char *argv[])
|
||||
RAND_bytes(master_secret, sizeof(master_secret));
|
||||
RAND_bytes(cookie, sizeof(cookie));
|
||||
RAND_bytes(server_random + 4, sizeof(server_random) - 4);
|
||||
time((void *)server_random);
|
||||
|
||||
now = time(NULL);
|
||||
memcpy(server_random, &now, sizeof(now));
|
||||
|
||||
sess = client_session();
|
||||
if (sess == NULL) {
|
||||
|
@ -63,6 +63,9 @@
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/buffer.h>
|
||||
|
||||
/*
|
||||
* Return values are as per SSL_write()
|
||||
*/
|
||||
int ssl23_write_bytes(SSL *s)
|
||||
{
|
||||
int i, num, tot;
|
||||
@ -77,7 +80,7 @@ int ssl23_write_bytes(SSL *s)
|
||||
if (i <= 0) {
|
||||
s->init_off = tot;
|
||||
s->init_num = num;
|
||||
return (i);
|
||||
return i;
|
||||
}
|
||||
s->rwstate = SSL_NOTHING;
|
||||
if (i == num)
|
||||
@ -88,7 +91,10 @@ int ssl23_write_bytes(SSL *s)
|
||||
}
|
||||
}
|
||||
|
||||
/* return regularly only when we have read (at least) 'n' bytes */
|
||||
/* return regularly only when we have read (at least) 'n' bytes
|
||||
*
|
||||
* Return values are as per SSL_read()
|
||||
*/
|
||||
int ssl23_read_bytes(SSL *s, int n)
|
||||
{
|
||||
unsigned char *p;
|
||||
@ -102,7 +108,7 @@ int ssl23_read_bytes(SSL *s, int n)
|
||||
j = BIO_read(s->rbio, (char *)&(p[s->packet_length]),
|
||||
n - s->packet_length);
|
||||
if (j <= 0)
|
||||
return (j);
|
||||
return j;
|
||||
s->rwstate = SSL_NOTHING;
|
||||
s->packet_length += j;
|
||||
if (s->packet_length >= (unsigned int)n)
|
||||
|
@ -254,7 +254,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = {
|
||||
SSL_3DES,
|
||||
SSL_MD5,
|
||||
SSL_SSLV2,
|
||||
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH,
|
||||
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
|
||||
0,
|
||||
112,
|
||||
168,
|
||||
|
10
ssl/s2_pkt.c
10
ssl/s2_pkt.c
@ -307,6 +307,9 @@ int ssl2_peek(SSL *s, void *buf, int len)
|
||||
return ssl2_read_internal(s, buf, len, 1);
|
||||
}
|
||||
|
||||
/*
|
||||
* Return values are as per SSL_read()
|
||||
*/
|
||||
static int read_n(SSL *s, unsigned int n, unsigned int max,
|
||||
unsigned int extend)
|
||||
{
|
||||
@ -374,7 +377,7 @@ static int read_n(SSL *s, unsigned int n, unsigned int max,
|
||||
# endif
|
||||
if (i <= 0) {
|
||||
s->s2->rbuf_left += newb;
|
||||
return (i);
|
||||
return i;
|
||||
}
|
||||
newb += i;
|
||||
}
|
||||
@ -441,6 +444,9 @@ int ssl2_write(SSL *s, const void *_buf, int len)
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Return values are as per SSL_write()
|
||||
*/
|
||||
static int write_pending(SSL *s, const unsigned char *buf, unsigned int len)
|
||||
{
|
||||
int i;
|
||||
@ -477,7 +483,7 @@ static int write_pending(SSL *s, const unsigned char *buf, unsigned int len)
|
||||
s->rwstate = SSL_NOTHING;
|
||||
return (s->s2->wpend_ret);
|
||||
} else if (i <= 0)
|
||||
return (i);
|
||||
return i;
|
||||
s->s2->wpend_off += i;
|
||||
s->s2->wpend_len -= i;
|
||||
}
|
||||
|
@ -1710,12 +1710,6 @@ int ssl3_get_key_exchange(SSL *s)
|
||||
}
|
||||
p += i;
|
||||
|
||||
if (BN_is_zero(dh->p)) {
|
||||
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_P_VALUE);
|
||||
goto f_err;
|
||||
}
|
||||
|
||||
|
||||
if (2 > n - param_len) {
|
||||
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
|
||||
goto f_err;
|
||||
@ -1736,11 +1730,6 @@ int ssl3_get_key_exchange(SSL *s)
|
||||
}
|
||||
p += i;
|
||||
|
||||
if (BN_is_zero(dh->g)) {
|
||||
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_G_VALUE);
|
||||
goto f_err;
|
||||
}
|
||||
|
||||
if (2 > n - param_len) {
|
||||
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
|
||||
goto f_err;
|
||||
@ -1767,6 +1756,39 @@ int ssl3_get_key_exchange(SSL *s)
|
||||
goto f_err;
|
||||
}
|
||||
|
||||
/*-
|
||||
* Check that p and g are suitable enough
|
||||
*
|
||||
* p is odd
|
||||
* 1 < g < p - 1
|
||||
*/
|
||||
{
|
||||
BIGNUM *tmp = NULL;
|
||||
|
||||
if (!BN_is_odd(dh->p)) {
|
||||
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_P_VALUE);
|
||||
goto f_err;
|
||||
}
|
||||
if (BN_is_negative(dh->g) || BN_is_zero(dh->g)
|
||||
|| BN_is_one(dh->g)) {
|
||||
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_G_VALUE);
|
||||
goto f_err;
|
||||
}
|
||||
if ((tmp = BN_new()) == NULL
|
||||
|| BN_copy(tmp, dh->p) == NULL
|
||||
|| !BN_sub_word(tmp, 1)) {
|
||||
BN_free(tmp);
|
||||
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
|
||||
goto err;
|
||||
}
|
||||
if (BN_cmp(dh->g, tmp) >= 0) {
|
||||
BN_free(tmp);
|
||||
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_G_VALUE);
|
||||
goto f_err;
|
||||
}
|
||||
BN_free(tmp);
|
||||
}
|
||||
|
||||
# ifndef OPENSSL_NO_RSA
|
||||
if (alg_a & SSL_aRSA)
|
||||
pkey =
|
||||
|
23
ssl/s3_pkt.c
23
ssl/s3_pkt.c
@ -136,6 +136,9 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
|
||||
unsigned int len, int create_empty_fragment);
|
||||
static int ssl3_get_record(SSL *s);
|
||||
|
||||
/*
|
||||
* Return values are as per SSL_read()
|
||||
*/
|
||||
int ssl3_read_n(SSL *s, int n, int max, int extend)
|
||||
{
|
||||
/*
|
||||
@ -1082,7 +1085,10 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* if s->s3->wbuf.left != 0, we need to call this */
|
||||
/* if s->s3->wbuf.left != 0, we need to call this
|
||||
*
|
||||
* Return values are as per SSL_write(), i.e.
|
||||
*/
|
||||
int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
|
||||
unsigned int len)
|
||||
{
|
||||
@ -1122,7 +1128,7 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
|
||||
*/
|
||||
wb->left = 0;
|
||||
}
|
||||
return (i);
|
||||
return i;
|
||||
}
|
||||
wb->offset += i;
|
||||
wb->left -= i;
|
||||
@ -1593,16 +1599,13 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
|
||||
|
||||
switch (rr->type) {
|
||||
default:
|
||||
#ifndef OPENSSL_NO_TLS
|
||||
/*
|
||||
* TLS up to v1.1 just ignores unknown message types: TLS v1.2 give
|
||||
* an unexpected message alert.
|
||||
* TLS 1.0 and 1.1 say you SHOULD ignore unrecognised record types, but
|
||||
* TLS 1.2 says you MUST send an unexpected message alert. We use the
|
||||
* TLS 1.2 behaviour for all protocol versions to prevent issues where
|
||||
* no progress is being made and the peer continually sends unrecognised
|
||||
* record types, using up resources processing them.
|
||||
*/
|
||||
if (s->version >= TLS1_VERSION && s->version <= TLS1_1_VERSION) {
|
||||
rr->length = 0;
|
||||
goto start;
|
||||
}
|
||||
#endif
|
||||
al = SSL_AD_UNEXPECTED_MESSAGE;
|
||||
SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
|
||||
goto f_err;
|
||||
|
@ -506,7 +506,7 @@ int ssl3_accept(SSL *s)
|
||||
* if SSL_VERIFY_CLIENT_ONCE is set, don't request cert
|
||||
* during re-negotiation:
|
||||
*/
|
||||
((s->session->peer != NULL) &&
|
||||
(s->s3->tmp.finish_md_len != 0 &&
|
||||
(s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
|
||||
/*
|
||||
* never request cert in anonymous ciphersuites (see
|
||||
@ -1465,9 +1465,9 @@ int ssl3_get_client_hello(SSL *s)
|
||||
|
||||
/* Handles TLS extensions that we couldn't check earlier */
|
||||
if (s->version >= SSL3_VERSION) {
|
||||
if (ssl_check_clienthello_tlsext_late(s) <= 0) {
|
||||
if (!ssl_check_clienthello_tlsext_late(s, &al)) {
|
||||
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT);
|
||||
goto err;
|
||||
goto f_err;
|
||||
}
|
||||
}
|
||||
|
||||
@ -1601,6 +1601,9 @@ int ssl3_send_server_key_exchange(SSL *s)
|
||||
unsigned int u;
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_DH
|
||||
# ifdef OPENSSL_NO_RSA
|
||||
int j;
|
||||
# endif
|
||||
DH *dh = NULL, *dhp;
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_ECDH
|
||||
@ -1861,6 +1864,16 @@ int ssl3_send_server_key_exchange(SSL *s)
|
||||
if ((i == 2) && (type & SSL_kSRP))
|
||||
n += 1 + nr[i];
|
||||
else
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_DH
|
||||
/*
|
||||
* for interoperability with some versions of the Microsoft TLS
|
||||
* stack, we need to zero pad the DHE pub key to the same length
|
||||
* as the prime, so use the length of the prime here
|
||||
*/
|
||||
if ((i == 2) && (type & (SSL_kEDH)))
|
||||
n += 2 + nr[0];
|
||||
else
|
||||
#endif
|
||||
n += 2 + nr[i];
|
||||
}
|
||||
@ -1895,6 +1908,20 @@ int ssl3_send_server_key_exchange(SSL *s)
|
||||
*p = nr[i];
|
||||
p++;
|
||||
} else
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_DH
|
||||
/*
|
||||
* for interoperability with some versions of the Microsoft TLS
|
||||
* stack, we need to zero pad the DHE pub key to the same length
|
||||
* as the prime
|
||||
*/
|
||||
if ((i == 2) && (type & (SSL_kEDH))) {
|
||||
s2n(nr[0], p);
|
||||
for (j = 0; j < (nr[0] - nr[2]); ++j) {
|
||||
*p = 0;
|
||||
++p;
|
||||
}
|
||||
} else
|
||||
#endif
|
||||
s2n(nr[i], p);
|
||||
BN_bn2bin(r[i], p);
|
||||
|
@ -315,7 +315,7 @@ CERT *ssl_cert_dup(CERT *cert)
|
||||
OPENSSL_malloc(cert->pkeys[i].serverinfo_length);
|
||||
if (ret->pkeys[i].serverinfo == NULL) {
|
||||
SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE);
|
||||
return NULL;
|
||||
goto err;
|
||||
}
|
||||
ret->pkeys[i].serverinfo_length =
|
||||
cert->pkeys[i].serverinfo_length;
|
||||
@ -392,9 +392,7 @@ CERT *ssl_cert_dup(CERT *cert)
|
||||
|
||||
return (ret);
|
||||
|
||||
#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH)
|
||||
err:
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
if (ret->rsa_tmp != NULL)
|
||||
RSA_free(ret->rsa_tmp);
|
||||
|
@ -753,6 +753,7 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
|
||||
"tls illegal exporter label"},
|
||||
{ERR_REASON(SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST),
|
||||
"tls invalid ecpointformat list"},
|
||||
{ERR_REASON(SSL_R_TOO_MANY_WARN_ALERTS), "too many warn alerts"},
|
||||
{ERR_REASON(SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST),
|
||||
"tls peer did not respond with certificate list"},
|
||||
{ERR_REASON(SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG),
|
||||
|
@ -2030,10 +2030,8 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
|
||||
ret->rbuf_freelist->len = 0;
|
||||
ret->rbuf_freelist->head = NULL;
|
||||
ret->wbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST));
|
||||
if (!ret->wbuf_freelist) {
|
||||
OPENSSL_free(ret->rbuf_freelist);
|
||||
if (!ret->wbuf_freelist)
|
||||
goto err;
|
||||
}
|
||||
ret->wbuf_freelist->chunklen = 0;
|
||||
ret->wbuf_freelist->len = 0;
|
||||
ret->wbuf_freelist->head = NULL;
|
||||
|
@ -1384,7 +1384,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
|
||||
int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data,
|
||||
unsigned char *limit);
|
||||
int tls1_set_server_sigalgs(SSL *s);
|
||||
int ssl_check_clienthello_tlsext_late(SSL *s);
|
||||
int ssl_check_clienthello_tlsext_late(SSL *s, int *al);
|
||||
int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data,
|
||||
unsigned char *d, int n);
|
||||
int ssl_prepare_clienthello_tlsext(SSL *s);
|
||||
|
@ -769,6 +769,15 @@ int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c)
|
||||
* obtain the same session from an external cache)
|
||||
*/
|
||||
s = NULL;
|
||||
} else if (s == NULL &&
|
||||
lh_SSL_SESSION_retrieve(ctx->sessions, c) == NULL) {
|
||||
/* s == NULL can also mean OOM error in lh_SSL_SESSION_insert ... */
|
||||
|
||||
/*
|
||||
* ... so take back the extra reference and also don't add
|
||||
* the session to the SSL_SESSION_list at this time
|
||||
*/
|
||||
s = c;
|
||||
}
|
||||
|
||||
/* Put at the head of the queue unless it is already in the cache */
|
||||
|
265
ssl/t1_lib.c
265
ssl/t1_lib.c
@ -132,6 +132,9 @@ static int ssl_check_clienthello_tlsext_early(SSL *s);
|
||||
int ssl_check_serverhello_tlsext(SSL *s);
|
||||
#endif
|
||||
|
||||
#define CHECKLEN(curr, val, limit) \
|
||||
(((curr) >= (limit)) || (size_t)((limit) - (curr)) < (size_t)(val))
|
||||
|
||||
SSL3_ENC_METHOD TLSv1_enc_data = {
|
||||
tls1_enc,
|
||||
tls1_mac,
|
||||
@ -1263,8 +1266,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
|
||||
|
||||
if (s->tlsext_hostname != NULL) {
|
||||
/* Add TLS extension servername to the Client Hello message */
|
||||
unsigned long size_str;
|
||||
long lenmax;
|
||||
size_t size_str;
|
||||
|
||||
/*-
|
||||
* check for enough space.
|
||||
@ -1274,10 +1276,8 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
|
||||
* 2 for hostname length
|
||||
* + hostname length
|
||||
*/
|
||||
|
||||
if ((lenmax = limit - ret - 9) < 0
|
||||
|| (size_str =
|
||||
strlen(s->tlsext_hostname)) > (unsigned long)lenmax)
|
||||
size_str = strlen(s->tlsext_hostname);
|
||||
if (CHECKLEN(ret, 9 + size_str, limit))
|
||||
return NULL;
|
||||
|
||||
/* extension type and length */
|
||||
@ -1321,7 +1321,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
|
||||
if (s->srp_ctx.login != NULL) { /* Add TLS extension SRP username to the
|
||||
* Client Hello message */
|
||||
|
||||
int login_len = strlen(s->srp_ctx.login);
|
||||
size_t login_len = strlen(s->srp_ctx.login);
|
||||
if (login_len > 255 || login_len == 0) {
|
||||
SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
|
||||
return NULL;
|
||||
@ -1333,7 +1333,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
|
||||
* 1 for the srp user identity
|
||||
* + srp user identity length
|
||||
*/
|
||||
if ((limit - ret - 5 - login_len) < 0)
|
||||
if (CHECKLEN(ret, 5 + login_len, limit))
|
||||
return NULL;
|
||||
|
||||
/* fill in the extension */
|
||||
@ -1350,20 +1350,23 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
|
||||
/*
|
||||
* Add TLS extension ECPointFormats to the ClientHello message
|
||||
*/
|
||||
long lenmax;
|
||||
const unsigned char *pcurves, *pformats;
|
||||
size_t num_curves, num_formats, curves_list_len;
|
||||
|
||||
tls1_get_formatlist(s, &pformats, &num_formats);
|
||||
|
||||
if ((lenmax = limit - ret - 5) < 0)
|
||||
return NULL;
|
||||
if (num_formats > (size_t)lenmax)
|
||||
return NULL;
|
||||
if (num_formats > 255) {
|
||||
SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
|
||||
return NULL;
|
||||
}
|
||||
/*-
|
||||
* check for enough space.
|
||||
* 4 bytes for the ec point formats type and extension length
|
||||
* 1 byte for the length of the formats
|
||||
* + formats length
|
||||
*/
|
||||
if (CHECKLEN(ret, 5 + num_formats, limit))
|
||||
return NULL;
|
||||
|
||||
s2n(TLSEXT_TYPE_ec_point_formats, ret);
|
||||
/* The point format list has 1-byte length. */
|
||||
@ -1379,15 +1382,20 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
|
||||
if (!tls1_get_curvelist(s, 0, &pcurves, &num_curves))
|
||||
return NULL;
|
||||
|
||||
if ((lenmax = limit - ret - 6) < 0)
|
||||
return NULL;
|
||||
if (num_curves > (size_t)lenmax / 2)
|
||||
return NULL;
|
||||
if (num_curves > 65532 / 2) {
|
||||
SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
|
||||
return NULL;
|
||||
}
|
||||
curves_list_len = 2 * num_curves;
|
||||
/*-
|
||||
* check for enough space.
|
||||
* 4 bytes for the ec curves type and extension length
|
||||
* 2 bytes for the curve list length
|
||||
* + curve list length
|
||||
*/
|
||||
if (CHECKLEN(ret, 6 + curves_list_len, limit))
|
||||
return NULL;
|
||||
|
||||
s2n(TLSEXT_TYPE_elliptic_curves, ret);
|
||||
s2n(curves_list_len + 2, ret);
|
||||
s2n(curves_list_len, ret);
|
||||
@ -1397,7 +1405,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
|
||||
# endif /* OPENSSL_NO_EC */
|
||||
|
||||
if (!(SSL_get_options(s) & SSL_OP_NO_TICKET)) {
|
||||
int ticklen;
|
||||
size_t ticklen;
|
||||
if (!s->new_session && s->session && s->session->tlsext_tick)
|
||||
ticklen = s->session->tlsext_ticklen;
|
||||
else if (s->session && s->tlsext_session_ticket &&
|
||||
@ -1418,11 +1426,11 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
|
||||
* Check for enough room 2 for extension type, 2 for len rest for
|
||||
* ticket
|
||||
*/
|
||||
if ((long)(limit - ret - 4 - ticklen) < 0)
|
||||
if (CHECKLEN(ret, 4 + ticklen, limit))
|
||||
return NULL;
|
||||
s2n(TLSEXT_TYPE_session_ticket, ret);
|
||||
s2n(ticklen, ret);
|
||||
if (ticklen) {
|
||||
if (ticklen > 0) {
|
||||
memcpy(ret, s->session->tlsext_tick, ticklen);
|
||||
ret += ticklen;
|
||||
}
|
||||
@ -1433,7 +1441,14 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
|
||||
size_t salglen;
|
||||
const unsigned char *salg;
|
||||
salglen = tls12_get_psigalgs(s, &salg);
|
||||
if ((size_t)(limit - ret) < salglen + 6)
|
||||
|
||||
/*-
|
||||
* check for enough space.
|
||||
* 4 bytes for the sigalgs type and extension length
|
||||
* 2 bytes for the sigalg list length
|
||||
* + sigalg list length
|
||||
*/
|
||||
if (CHECKLEN(ret, salglen + 6, limit))
|
||||
return NULL;
|
||||
s2n(TLSEXT_TYPE_signature_algorithms, ret);
|
||||
s2n(salglen + 2, ret);
|
||||
@ -1460,30 +1475,42 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
|
||||
|
||||
if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp) {
|
||||
int i;
|
||||
long extlen, idlen, itmp;
|
||||
size_t extlen, idlen;
|
||||
int lentmp;
|
||||
OCSP_RESPID *id;
|
||||
|
||||
idlen = 0;
|
||||
for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++) {
|
||||
id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i);
|
||||
itmp = i2d_OCSP_RESPID(id, NULL);
|
||||
if (itmp <= 0)
|
||||
lentmp = i2d_OCSP_RESPID(id, NULL);
|
||||
if (lentmp <= 0)
|
||||
return NULL;
|
||||
idlen += itmp + 2;
|
||||
idlen += (size_t)lentmp + 2;
|
||||
}
|
||||
|
||||
if (s->tlsext_ocsp_exts) {
|
||||
extlen = i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, NULL);
|
||||
if (extlen < 0)
|
||||
lentmp = i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, NULL);
|
||||
if (lentmp < 0)
|
||||
return NULL;
|
||||
extlen = (size_t)lentmp;
|
||||
} else
|
||||
extlen = 0;
|
||||
|
||||
if ((long)(limit - ret - 7 - extlen - idlen) < 0)
|
||||
return NULL;
|
||||
s2n(TLSEXT_TYPE_status_request, ret);
|
||||
if (extlen + idlen > 0xFFF0)
|
||||
return NULL;
|
||||
/*
|
||||
* 2 bytes for status request type
|
||||
* 2 bytes for status request len
|
||||
* 1 byte for OCSP request type
|
||||
* 2 bytes for length of ids
|
||||
* 2 bytes for length of extensions
|
||||
* + length of ids
|
||||
* + length of extensions
|
||||
*/
|
||||
if (CHECKLEN(ret, 9 + idlen + extlen, limit))
|
||||
return NULL;
|
||||
|
||||
s2n(TLSEXT_TYPE_status_request, ret);
|
||||
s2n(extlen + idlen + 5, ret);
|
||||
*(ret++) = TLSEXT_STATUSTYPE_ocsp;
|
||||
s2n(idlen, ret);
|
||||
@ -1493,9 +1520,9 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
|
||||
id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i);
|
||||
/* skip over id len */
|
||||
ret += 2;
|
||||
itmp = i2d_OCSP_RESPID(id, &ret);
|
||||
lentmp = i2d_OCSP_RESPID(id, &ret);
|
||||
/* write id len */
|
||||
s2n(itmp, q);
|
||||
s2n(lentmp, q);
|
||||
}
|
||||
s2n(extlen, ret);
|
||||
if (extlen > 0)
|
||||
@ -1503,8 +1530,15 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
|
||||
}
|
||||
# ifndef OPENSSL_NO_HEARTBEATS
|
||||
/* Add Heartbeat extension */
|
||||
if ((limit - ret - 4 - 1) < 0)
|
||||
|
||||
/*-
|
||||
* check for enough space.
|
||||
* 4 bytes for the heartbeat ext type and extension length
|
||||
* 1 byte for the mode
|
||||
*/
|
||||
if (CHECKLEN(ret, 5, limit))
|
||||
return NULL;
|
||||
|
||||
s2n(TLSEXT_TYPE_heartbeat, ret);
|
||||
s2n(1, ret);
|
||||
/*-
|
||||
@ -1524,7 +1558,12 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
|
||||
* The client advertises an emtpy extension to indicate its support
|
||||
* for Next Protocol Negotiation
|
||||
*/
|
||||
if (limit - ret - 4 < 0)
|
||||
|
||||
/*-
|
||||
* check for enough space.
|
||||
* 4 bytes for the NPN ext type and extension length
|
||||
*/
|
||||
if (CHECKLEN(ret, 4, limit))
|
||||
return NULL;
|
||||
s2n(TLSEXT_TYPE_next_proto_neg, ret);
|
||||
s2n(0, ret);
|
||||
@ -1532,7 +1571,13 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
|
||||
# endif
|
||||
|
||||
if (s->alpn_client_proto_list && !s->s3->tmp.finish_md_len) {
|
||||
if ((size_t)(limit - ret) < 6 + s->alpn_client_proto_list_len)
|
||||
/*-
|
||||
* check for enough space.
|
||||
* 4 bytes for the ALPN type and extension length
|
||||
* 2 bytes for the ALPN protocol list length
|
||||
* + ALPN protocol list length
|
||||
*/
|
||||
if (CHECKLEN(ret, 6 + s->alpn_client_proto_list_len, limit))
|
||||
return NULL;
|
||||
s2n(TLSEXT_TYPE_application_layer_protocol_negotiation, ret);
|
||||
s2n(2 + s->alpn_client_proto_list_len, ret);
|
||||
@ -1547,7 +1592,12 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
|
||||
|
||||
ssl_add_clienthello_use_srtp_ext(s, 0, &el, 0);
|
||||
|
||||
if ((limit - ret - 4 - el) < 0)
|
||||
/*-
|
||||
* check for enough space.
|
||||
* 4 bytes for the SRTP type and extension length
|
||||
* + SRTP profiles length
|
||||
*/
|
||||
if (CHECKLEN(ret, 4 + el, limit))
|
||||
return NULL;
|
||||
|
||||
s2n(TLSEXT_TYPE_use_srtp, ret);
|
||||
@ -1587,6 +1637,17 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
|
||||
else
|
||||
hlen = 0;
|
||||
|
||||
/*-
|
||||
* check for enough space. Strictly speaking we know we've already
|
||||
* got enough space because to get here the message size is < 0x200,
|
||||
* but we know that we've allocated far more than that in the buffer
|
||||
* - but for consistency and robustness we're going to check anyway.
|
||||
*
|
||||
* 4 bytes for the padding type and extension length
|
||||
* + padding length
|
||||
*/
|
||||
if (CHECKLEN(ret, 4 + hlen, limit))
|
||||
return NULL;
|
||||
s2n(TLSEXT_TYPE_padding, ret);
|
||||
s2n(hlen, ret);
|
||||
memset(ret, 0, hlen);
|
||||
@ -1644,7 +1705,12 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if ((limit - ret - 4 - el) < 0)
|
||||
/*-
|
||||
* check for enough space.
|
||||
* 4 bytes for the reneg type and extension length
|
||||
* + reneg data length
|
||||
*/
|
||||
if (CHECKLEN(ret, 4 + el, limit))
|
||||
return NULL;
|
||||
|
||||
s2n(TLSEXT_TYPE_renegotiate, ret);
|
||||
@ -1664,19 +1730,23 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
|
||||
/*
|
||||
* Add TLS extension ECPointFormats to the ServerHello message
|
||||
*/
|
||||
long lenmax;
|
||||
|
||||
tls1_get_formatlist(s, &plist, &plistlen);
|
||||
|
||||
if ((lenmax = limit - ret - 5) < 0)
|
||||
return NULL;
|
||||
if (plistlen > (size_t)lenmax)
|
||||
return NULL;
|
||||
if (plistlen > 255) {
|
||||
SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/*-
|
||||
* check for enough space.
|
||||
* 4 bytes for the ec points format type and extension length
|
||||
* 1 byte for the points format list length
|
||||
* + length of points format list
|
||||
*/
|
||||
if (CHECKLEN(ret, 5 + plistlen, limit))
|
||||
return NULL;
|
||||
|
||||
s2n(TLSEXT_TYPE_ec_point_formats, ret);
|
||||
s2n(plistlen + 1, ret);
|
||||
*(ret++) = (unsigned char)plistlen;
|
||||
@ -1691,14 +1761,22 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
|
||||
# endif /* OPENSSL_NO_EC */
|
||||
|
||||
if (s->tlsext_ticket_expected && !(SSL_get_options(s) & SSL_OP_NO_TICKET)) {
|
||||
if ((long)(limit - ret - 4) < 0)
|
||||
/*-
|
||||
* check for enough space.
|
||||
* 4 bytes for the Ticket type and extension length
|
||||
*/
|
||||
if (CHECKLEN(ret, 4, limit))
|
||||
return NULL;
|
||||
s2n(TLSEXT_TYPE_session_ticket, ret);
|
||||
s2n(0, ret);
|
||||
}
|
||||
|
||||
if (s->tlsext_status_expected) {
|
||||
if ((long)(limit - ret - 4) < 0)
|
||||
/*-
|
||||
* check for enough space.
|
||||
* 4 bytes for the Status request type and extension length
|
||||
*/
|
||||
if (CHECKLEN(ret, 4, limit))
|
||||
return NULL;
|
||||
s2n(TLSEXT_TYPE_status_request, ret);
|
||||
s2n(0, ret);
|
||||
@ -1726,7 +1804,12 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
|
||||
|
||||
ssl_add_serverhello_use_srtp_ext(s, 0, &el, 0);
|
||||
|
||||
if ((limit - ret - 4 - el) < 0)
|
||||
/*-
|
||||
* check for enough space.
|
||||
* 4 bytes for the SRTP profiles type and extension length
|
||||
* + length of the SRTP profiles list
|
||||
*/
|
||||
if (CHECKLEN(ret, 4 + el, limit))
|
||||
return NULL;
|
||||
|
||||
s2n(TLSEXT_TYPE_use_srtp, ret);
|
||||
@ -1751,16 +1834,23 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
|
||||
0x2a, 0x85, 0x03, 0x02, 0x02, 0x16, 0x30, 0x08,
|
||||
0x06, 0x06, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x17
|
||||
};
|
||||
if (limit - ret < 36)
|
||||
|
||||
/* check for enough space. */
|
||||
if (CHECKLEN(ret, sizeof(cryptopro_ext), limit))
|
||||
return NULL;
|
||||
memcpy(ret, cryptopro_ext, 36);
|
||||
ret += 36;
|
||||
memcpy(ret, cryptopro_ext, sizeof(cryptopro_ext));
|
||||
ret += sizeof(cryptopro_ext);
|
||||
|
||||
}
|
||||
# ifndef OPENSSL_NO_HEARTBEATS
|
||||
/* Add Heartbeat extension if we've received one */
|
||||
if (s->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED) {
|
||||
if ((limit - ret - 4 - 1) < 0)
|
||||
/*-
|
||||
* check for enough space.
|
||||
* 4 bytes for the Heartbeat type and extension length
|
||||
* 1 byte for the mode
|
||||
*/
|
||||
if (CHECKLEN(ret, 5, limit))
|
||||
return NULL;
|
||||
s2n(TLSEXT_TYPE_heartbeat, ret);
|
||||
s2n(1, ret);
|
||||
@ -1789,7 +1879,12 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
|
||||
s->
|
||||
ctx->next_protos_advertised_cb_arg);
|
||||
if (r == SSL_TLSEXT_ERR_OK) {
|
||||
if ((long)(limit - ret - 4 - npalen) < 0)
|
||||
/*-
|
||||
* check for enough space.
|
||||
* 4 bytes for the NPN type and extension length
|
||||
* + length of protocols list
|
||||
*/
|
||||
if (CHECKLEN(ret, 4 + npalen, limit))
|
||||
return NULL;
|
||||
s2n(TLSEXT_TYPE_next_proto_neg, ret);
|
||||
s2n(npalen, ret);
|
||||
@ -1804,9 +1899,16 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
|
||||
|
||||
if (s->s3->alpn_selected) {
|
||||
const unsigned char *selected = s->s3->alpn_selected;
|
||||
unsigned len = s->s3->alpn_selected_len;
|
||||
size_t len = s->s3->alpn_selected_len;
|
||||
|
||||
if ((long)(limit - ret - 4 - 2 - 1 - len) < 0)
|
||||
/*-
|
||||
* check for enough space.
|
||||
* 4 bytes for the ALPN type and extension length
|
||||
* 2 bytes for ALPN data length
|
||||
* 1 byte for selected protocol length
|
||||
* + length of the selected protocol
|
||||
*/
|
||||
if (CHECKLEN(ret, 7 + len, limit))
|
||||
return NULL;
|
||||
s2n(TLSEXT_TYPE_application_layer_protocol_negotiation, ret);
|
||||
s2n(3 + len, ret);
|
||||
@ -1966,11 +2068,10 @@ static int tls1_alpn_handle_client_hello(SSL *s, const unsigned char *data,
|
||||
|
||||
/*
|
||||
* Process the ALPN extension in a ClientHello.
|
||||
* ret: a pointer to the TLSEXT return value: SSL_TLSEXT_ERR_*
|
||||
* al: a pointer to the alert value to send in the event of a failure.
|
||||
* returns 1 on success, 0 on failure: al/ret set only on failure
|
||||
* returns 1 on success, 0 on failure: al set only on failure
|
||||
*/
|
||||
static int tls1_alpn_handle_client_hello_late(SSL *s, int *ret, int *al)
|
||||
static int tls1_alpn_handle_client_hello_late(SSL *s, int *al)
|
||||
{
|
||||
const unsigned char *selected = NULL;
|
||||
unsigned char selected_len = 0;
|
||||
@ -1986,7 +2087,6 @@ static int tls1_alpn_handle_client_hello_late(SSL *s, int *ret, int *al)
|
||||
s->s3->alpn_selected = OPENSSL_malloc(selected_len);
|
||||
if (s->s3->alpn_selected == NULL) {
|
||||
*al = SSL_AD_INTERNAL_ERROR;
|
||||
*ret = SSL_TLSEXT_ERR_ALERT_FATAL;
|
||||
return 0;
|
||||
}
|
||||
memcpy(s->s3->alpn_selected, selected, selected_len);
|
||||
@ -3064,10 +3164,12 @@ int tls1_set_server_sigalgs(SSL *s)
|
||||
return 0;
|
||||
}
|
||||
|
||||
int ssl_check_clienthello_tlsext_late(SSL *s)
|
||||
/*
|
||||
* Upon success, returns 1.
|
||||
* Upon failure, returns 0 and sets |al| to the appropriate fatal alert.
|
||||
*/
|
||||
int ssl_check_clienthello_tlsext_late(SSL *s, int *al)
|
||||
{
|
||||
int ret = SSL_TLSEXT_ERR_OK;
|
||||
int al;
|
||||
|
||||
/*
|
||||
* If status request then ask callback what to do. Note: this must be
|
||||
@ -3076,21 +3178,18 @@ int ssl_check_clienthello_tlsext_late(SSL *s)
|
||||
* influence which certificate is sent
|
||||
*/
|
||||
if ((s->tlsext_status_type != -1) && s->ctx && s->ctx->tlsext_status_cb) {
|
||||
int r;
|
||||
int ret;
|
||||
CERT_PKEY *certpkey;
|
||||
certpkey = ssl_get_server_send_pkey(s);
|
||||
/* If no certificate can't return certificate status */
|
||||
if (certpkey == NULL) {
|
||||
s->tlsext_status_expected = 0;
|
||||
return 1;
|
||||
}
|
||||
if (certpkey != NULL) {
|
||||
/*
|
||||
* Set current certificate to one we will use so SSL_get_certificate
|
||||
* et al can pick it up.
|
||||
*/
|
||||
s->cert->key = certpkey;
|
||||
r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
|
||||
switch (r) {
|
||||
ret = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
|
||||
switch (ret) {
|
||||
/* We don't want to send a status request response */
|
||||
case SSL_TLSEXT_ERR_NOACK:
|
||||
s->tlsext_status_expected = 0;
|
||||
@ -3099,35 +3198,21 @@ int ssl_check_clienthello_tlsext_late(SSL *s)
|
||||
case SSL_TLSEXT_ERR_OK:
|
||||
if (s->tlsext_ocsp_resp)
|
||||
s->tlsext_status_expected = 1;
|
||||
else
|
||||
s->tlsext_status_expected = 0;
|
||||
break;
|
||||
/* something bad happened */
|
||||
case SSL_TLSEXT_ERR_ALERT_FATAL:
|
||||
ret = SSL_TLSEXT_ERR_ALERT_FATAL;
|
||||
al = SSL_AD_INTERNAL_ERROR;
|
||||
goto err;
|
||||
}
|
||||
} else
|
||||
s->tlsext_status_expected = 0;
|
||||
|
||||
if (!tls1_alpn_handle_client_hello_late(s, &ret, &al)) {
|
||||
goto err;
|
||||
}
|
||||
|
||||
err:
|
||||
switch (ret) {
|
||||
case SSL_TLSEXT_ERR_ALERT_FATAL:
|
||||
ssl3_send_alert(s, SSL3_AL_FATAL, al);
|
||||
return -1;
|
||||
|
||||
case SSL_TLSEXT_ERR_ALERT_WARNING:
|
||||
ssl3_send_alert(s, SSL3_AL_WARNING, al);
|
||||
return 1;
|
||||
|
||||
default:
|
||||
return 1;
|
||||
*al = SSL_AD_INTERNAL_ERROR;
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (!tls1_alpn_handle_client_hello_late(s, al)) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
int ssl_check_serverhello_tlsext(SSL *s)
|
||||
|
11
util/domd
11
util/domd
@ -11,7 +11,9 @@ if [ "$1" = "-MD" ]; then
|
||||
fi
|
||||
if [ "$MAKEDEPEND" = "" ]; then MAKEDEPEND=makedepend; fi
|
||||
|
||||
cp Makefile Makefile.save
|
||||
# Preserve Makefile timestamp by moving instead of copying (cp -p is GNU only)
|
||||
mv Makefile Makefile.save
|
||||
cp Makefile.save Makefile
|
||||
# fake the presence of Kerberos
|
||||
touch $TOP/krb5.h
|
||||
if ${MAKEDEPEND} --version 2>&1 | grep "clang" > /dev/null ||
|
||||
@ -32,7 +34,12 @@ else
|
||||
${PERL} $TOP/util/clean-depend.pl < Makefile > Makefile.new
|
||||
RC=$?
|
||||
fi
|
||||
mv Makefile.new Makefile
|
||||
if ! cmp -s Makefile.save Makefile.new; then
|
||||
mv Makefile.new Makefile
|
||||
else
|
||||
mv Makefile.save Makefile
|
||||
rm -f Makefile.new
|
||||
fi
|
||||
# unfake the presence of Kerberos
|
||||
rm $TOP/krb5.h
|
||||
|
||||
|
@ -55,9 +55,11 @@ if ($^O eq "msys") { $symlink_exists=0 };
|
||||
foreach $file (@files) {
|
||||
my $err = "";
|
||||
if ($symlink_exists) {
|
||||
if (!-l "$from/$file") {
|
||||
unlink "$from/$file";
|
||||
symlink("$to/$file", "$from/$file") or $err = " [$!]";
|
||||
} else {
|
||||
}
|
||||
} elsif (-d "$from" && (!-f "$from/$file" || ((stat("$file"))[9] > (stat("$from/$file"))[9]))) {
|
||||
unlink "$from/$file";
|
||||
open (OLD, "<$file") or die "Can't open $file: $!";
|
||||
open (NEW, ">$from/$file") or die "Can't open $from/$file: $!";
|
||||
|
Loading…
Reference in New Issue
Block a user