Merge ^/head r294961 through r295350.

This commit is contained in:
dim 2016-02-06 14:07:17 +00:00
commit 0abf59f0ae
1021 changed files with 28928 additions and 22153 deletions

View File

@ -136,6 +136,7 @@ TGTS+= ${BITGTS}
.ORDER: buildworld installworld
.ORDER: buildworld distributeworld
.ORDER: buildworld buildkernel
.ORDER: installworld distribution
.ORDER: buildkernel installkernel
.ORDER: buildkernel installkernel.debug
.ORDER: buildkernel reinstallkernel
@ -328,7 +329,7 @@ bmake: .PHONY
${MMAKE} all; \
${MMAKE} install DESTDIR=${MYMAKE:H} BINDIR=
tinderbox toolchains kernel-toolchains: upgrade_checks
tinderbox toolchains kernel-toolchains kernels worlds: upgrade_checks
tinderbox:
@cd ${.CURDIR}; ${SUB_MAKE} DOING_TINDERBOX=YES universe
@ -339,6 +340,12 @@ toolchains:
kernel-toolchains:
@cd ${.CURDIR}; ${SUB_MAKE} UNIVERSE_TARGET=kernel-toolchain universe
kernels:
@cd ${.CURDIR}; ${SUB_MAKE} UNIVERSE_TARGET=buildkernel universe
worlds:
@cd ${.CURDIR}; ${SUB_MAKE} UNIVERSE_TARGET=buildworld universe
#
# universe
#

View File

@ -72,7 +72,7 @@ SRCDIR?= ${.CURDIR}
SUBDIR= ${SUBDIR_OVERRIDE}
.else
SUBDIR= lib libexec
.if make(install*)
.if !defined(NO_ROOT) && (make(installworld) || make(install))
# Ensure libraries are installed before progressing.
SUBDIR+=.WAIT
.endif
@ -127,7 +127,7 @@ SUBDIR+= ${_DIR}
# by calling 'makedb' in share/man. This is only relevant for
# install/distribute so they build the whatis file after every manpage is
# installed.
.if make(install*)
.if make(installworld) || make(install)
SUBDIR+=.WAIT
.endif
SUBDIR+=etc
@ -1083,16 +1083,14 @@ redistribute: .MAKE .PHONY
DISTRIBUTION=lib32
.endif
distrib-dirs: .MAKE .PHONY
${_+_}cd ${.CURDIR}/etc; ${CROSSENV} PATH=${TMPPATH} ${MAKE} \
${IMAKE_INSTALL} ${IMAKE_MTREE} METALOG=${METALOG} ${.TARGET}
distribution: .MAKE .PHONY
distrib-dirs distribution: .MAKE .PHONY
${_+_}cd ${.CURDIR}/etc; ${CROSSENV} PATH=${TMPPATH} ${MAKE} \
${IMAKE_INSTALL} ${IMAKE_MTREE} METALOG=${METALOG} ${.TARGET}
.if make(distribution)
${_+_}cd ${.CURDIR}; ${CROSSENV} PATH=${TMPPATH} \
${MAKE} -f Makefile.inc1 ${IMAKE_INSTALL} \
METALOG=${METALOG} installconfig
.endif
#
# buildkernel and installkernel

View File

@ -31,6 +31,13 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 11.x IS SLOW:
disable the most expensive debugging functionality run
"ln -s 'abort:false,junk:false' /etc/malloc.conf".)
20160129:
Building ZFS pools on top of zvols is prohibited by default. That
feature has never worked safely; it's always been prone to deadlocks.
Using a zvol as the backing store for a VM guest's virtual disk will
still work, even if the guest is using ZFS. Legacy behavior can be
restored by setting vfs.zfs.vol.recursive=1.
20160119:
The NONE and HPN patches has been removed from OpenSSH. They are
still available in the security/openssh-portable port.

View File

@ -51,41 +51,40 @@ FILESDIR= ${SHAREDIR}/examples/tcsh
FILES= complete.tcsh csh-mode.el
.endif
CATALOGS= et:et_EE.ISO8859-15 \
finnish:fi_FI.ISO8859-1 \
french:fr_FR.ISO8859-1 \
german:de_DE.ISO8859-1 \
greek:el_GR.ISO8859-7 \
italian:it_IT.ISO8859-1 \
ja:ja_JP.eucJP \
russian:ru_RU.KOI8-R \
spanish:es_ES.ISO8859-1 \
ukrainian:uk_UA.KOI8-U
CATALOGS= et:et_EE.UTF-8 \
finnish:fi_FI.UTF-8 \
french:fr_FR.UTF-8 \
german:de_DE.UTF-8 \
greek:el_GR.UTF-8 \
italian:it_IT.UTF-8 \
ja:ja_JP.UTF-8 \
russian:ru_RU.UTF-8 \
spanish:es_ES.UTF-8 \
ukrainian:uk_UA.UTF-8
NLSLINKS_fi_FI.ISO8859-1= fi_FI.ISO8859-15
NLSLINKS_fr_FR.ISO8859-1= fr_BE.ISO8859-1 fr_BE.ISO8859-15 \
fr_CA.ISO8859-1 fr_CA.ISO8859-15 fr_CH.ISO8859-1 \
fr_CH.ISO8859-15 fr_FR.ISO8859-15
NLSLINKS_de_DE.ISO8859-1= de_AT.ISO8859-1 de_AT.ISO8859-15 de_CH.ISO8859-1 \
de_CH.ISO8859-15 de_DE.ISO8859-15
NLSLINKS_it_IT.ISO8859-1= it_CH.ISO8859-1 it_CH.ISO8859-15 it_IT.ISO8859-15
NLSLINKS_es_ES.ISO8859-1= es_ES.ISO8859-15
NLSLINKS_de_DE.UTF-8 = de_AT.UTF-8 de_CH.UTF-8
NLSLINKS_fr_FR.UTF-8 = fr_BE.UTF-8 fr_CA.UTF-8 fr_CH.UTF-8
NLSLINKS_it_IT.UTF-8 = it_CH.UTF-8
.if ${MK_NLS_CATALOGS} == "no" || defined(RESCUE)
CFLAGS+= -DNO_NLS_CATALOGS
.else
CFLAGS+= -DHAVE_ICONV
.if ${MK_ICONV} != "no"
NLSLINKS_de_DE.ISO8859-1 += de_AT.UTF-8 de_CH.UTF-8 de_DE.UTF-8
NLSLINKS_el_GR.ISO8859-7 = el_GR.UTF-8
NLSLINKS_es_ES.ISO8859-1 += es_ES.UTF-8
NLSLINKS_et_EE.ISO8859-15 = et_EE.UTF-8
NLSLINKS_fi_FI.ISO8859-1 += fi_FI.UTF-8
NLSLINKS_fr_FR.ISO8859-1 += fr_BE.UTF-8 fr_CA.UTF-8 fr_CH.UTF-8 fr_FR.UTF-8
NLSLINKS_it_IT.ISO8859-1 += it_CH.UTF-8 it_IT.UTF-8
NLSLINKS_ja_JP.eucJP = ja_JP.SJIS ja_JP.UTF-8
NLSLINKS_ru_RU.KOI8-R = ru_RU.CP1251 ru_RU.CP866 ru_RU.ISO8859-5 ru_RU.UTF-8
NLSLINKS_uk_UA.KOI8-U = uk_UA.ISO8859-5 uk_UA.UTF-8
NLSLINKS_de_DE.UTF-8 += de_AT.ISO8859-1 de_AT.ISO8859-15 de_CH.ISO8859-1 \
de_CH.ISO8859-15 de_DE.ISO8859-1 de_DE.ISO8859-15
NLSLINKS_el_GR.UTF-8 = el_GR.ISO8859-7
NLSLINKS_es_ES.UTF-8 = es_ES.ISO8859-1 es_ES.ISO8859-15
NLSLINKS_et_EE.UTF-8 = et_EE.ISO8859-15
NLSLINKS_fi_FI.UTF-8 = fi_FI.ISO8859-1 fi_FI.ISO8859-15
NLSLINKS_fr_FR.UTF-8 += fr_BE.ISO8859-1 fr_BE.ISO8859-15 \
fr_CA.ISO8859-1 fr_CA.ISO8859-15 fr_CH.ISO8859-1 \
fr_CH.ISO8859-15 fr_FR.ISO8859-1 fr_FR.ISO8859-15
NLSLINKS_it_IT.UTF-8 += it_CH.ISO8859-1 it_CH.ISO8859-15 it_IT.ISO8859-1 \
it_IT.ISO8859-15
NLSLINKS_ja_JP.UTF-8 = ja_JP.SJIS ja_JP.eucJP
NLSLINKS_ru_RU.UTF-8 = ru_RU.CP1251 ru_RU.CP866 ru_RU.ISO8859-5 ru_RU.KOI8-R
NLSLINKS_uk_UA.UTF-8 = uk_UA.ISO8859-5 uk_UA.KOI8-U
.else
# Above links can be installed from ports/shells/tcsh_nls

View File

@ -36,9 +36,9 @@
#undef iconv_close
#define ICONVLIB "libiconv.so"
#define ICONV_ENGINE "iconv"
#define ICONV_OPEN "iconv_open"
#define ICONV_CLOSE "iconv_close"
#define ICONV_ENGINE "libiconv"
#define ICONV_OPEN "libiconv_open"
#define ICONV_CLOSE "libiconv_close"
typedef iconv_t iconv_open_t(const char *, const char *);

View File

@ -360,6 +360,46 @@ c_conv(const void *a, const void *b)
((const struct conv *)b)->name));
}
static uintmax_t
postfix_to_mult(const char expr)
{
uintmax_t mult;
mult = 0;
switch (expr) {
case 'B':
case 'b':
mult = 512;
break;
case 'K':
case 'k':
mult = 1 << 10;
break;
case 'M':
case 'm':
mult = 1 << 20;
break;
case 'G':
case 'g':
mult = 1 << 30;
break;
case 'T':
case 't':
mult = (uintmax_t)1 << 40;
break;
case 'P':
case 'p':
mult = (uintmax_t)1 << 50;
break;
case 'W':
case 'w':
mult = sizeof(int);
break;
}
return (mult);
}
/*
* Convert an expression of the following forms to a uintmax_t.
* 1) A positive decimal number.
@ -386,31 +426,7 @@ get_num(const char *val)
if (expr == val) /* No valid digits. */
errx(1, "%s: illegal numeric value", oper);
mult = 0;
switch (*expr) {
case 'B':
case 'b':
mult = 512;
break;
case 'K':
case 'k':
mult = 1 << 10;
break;
case 'M':
case 'm':
mult = 1 << 20;
break;
case 'G':
case 'g':
mult = 1 << 30;
break;
case 'W':
case 'w':
mult = sizeof(int);
break;
default:
;
}
mult = postfix_to_mult(*expr);
if (mult != 0) {
prevnum = num;
@ -460,29 +476,7 @@ get_off_t(const char *val)
if (expr == val) /* No valid digits. */
errx(1, "%s: illegal numeric value", oper);
mult = 0;
switch (*expr) {
case 'B':
case 'b':
mult = 512;
break;
case 'K':
case 'k':
mult = 1 << 10;
break;
case 'M':
case 'm':
mult = 1 << 20;
break;
case 'G':
case 'g':
mult = 1 << 30;
break;
case 'W':
case 'w':
mult = sizeof(int);
break;
}
mult = postfix_to_mult(*expr);
if (mult != 0) {
prevnum = num;

View File

@ -32,7 +32,7 @@
.\" @(#)dd.1 8.2 (Berkeley) 1/13/94
.\" $FreeBSD$
.\"
.Dd August 28, 2014
.Dd February 4, 2016
.Dt DD 1
.Os
.Sh NAME
@ -332,10 +332,13 @@ If the number ends with a
.Dq Li k ,
.Dq Li m ,
.Dq Li g ,
.Dq Li t ,
.Dq Li p ,
or
.Dq Li w ,
the
number is multiplied by 512, 1024 (1K), 1048576 (1M), 1073741824 (1G)
number is multiplied by 512, 1024 (1K), 1048576 (1M), 1073741824 (1G),
1099511627776 (1T), 1125899906842624 (1P)
or the number of bytes in an integer, respectively.
Two or more numbers may be separated by an
.Dq Li x

View File

@ -70,6 +70,7 @@ struct redirtab {
struct redirtab *next;
int renamed[10];
int fd0_redirected;
unsigned int empty_redirs;
};
@ -82,6 +83,9 @@ static struct redirtab *redirlist;
*/
static int fd0_redirected = 0;
/* Number of redirtabs that have not been allocated. */
static unsigned int empty_redirs = 0;
static void openredirect(union node *, char[10 ]);
static int openhere(union node *);
@ -115,12 +119,17 @@ redirect(union node *redir, int flags)
memory[i] = 0;
memory[1] = flags & REDIR_BACKQ;
if (flags & REDIR_PUSH) {
empty_redirs++;
if (redir != NULL) {
sv = ckmalloc(sizeof (struct redirtab));
for (i = 0 ; i < 10 ; i++)
sv->renamed[i] = EMPTY;
sv->fd0_redirected = fd0_redirected;
sv->empty_redirs = empty_redirs - 1;
sv->next = redirlist;
redirlist = sv;
empty_redirs = 0;
}
}
for (n = redir ; n ; n = n->nfile.next) {
fd = n->nfile.fd;
@ -303,6 +312,12 @@ popredir(void)
struct redirtab *rp = redirlist;
int i;
INTOFF;
if (empty_redirs > 0) {
empty_redirs--;
INTON;
return;
}
for (i = 0 ; i < 10 ; i++) {
if (rp->renamed[i] != EMPTY) {
if (rp->renamed[i] >= 0) {
@ -313,8 +328,8 @@ popredir(void)
}
}
}
INTOFF;
fd0_redirected = rp->fd0_redirected;
empty_redirs = rp->empty_redirs;
redirlist = rp->next;
ckfree(rp);
INTON;

View File

@ -32,7 +32,7 @@
.\" from: @(#)sh.1 8.6 (Berkeley) 5/4/95
.\" $FreeBSD$
.\"
.Dd August 29, 2015
.Dd January 30, 2016
.Dt SH 1
.Os
.Sh NAME
@ -1952,13 +1952,20 @@ Execute the specified built-in command,
This is useful when the user wishes to override a shell function
with the same name as a built-in command.
.It Ic cd Oo Fl L | P Oc Oo Fl e Oc Op Ar directory
.It Ic cd Fl
Switch to the specified
.Ar directory ,
or to the directory specified in the
to the directory specified in the
.Va HOME
environment variable if no
.Ar directory
is specified.
is specified or
to the directory specified in the
.Va OLDPWD
environment variable if
.Ar directory
is
.Fl .
If
.Ar directory
does not begin with
@ -1982,10 +1989,12 @@ the
.Ic cd
command will print out the name of the directory
that it actually switched to
if this is different from the name that the user gave.
These may be different either because the
if the
.Va CDPATH
mechanism was used or because a symbolic link was crossed.
mechanism was used or if
.Ar directory
was
.Fl .
.Pp
If the
.Fl P
@ -2774,6 +2783,10 @@ Initialization file for interactive shells.
Locale settings.
These are inherited by children of the shell,
and is used in a limited manner by the shell itself.
.It Ev OLDPWD
The previous current directory.
This is used and updated by
.Ic cd .
.It Ev PWD
An absolute pathname for the current directory,
possibly containing symbolic links.

View File

@ -120,51 +120,53 @@ enum token {
#define TOKEN_TYPE(token) ((token) & 0xff00)
static struct t_op {
char op_text[4];
static const struct t_op {
char op_text[2];
short op_num;
} const ops [] = {
{"-r", FILRD},
{"-w", FILWR},
{"-x", FILEX},
{"-e", FILEXIST},
{"-f", FILREG},
{"-d", FILDIR},
{"-c", FILCDEV},
{"-b", FILBDEV},
{"-p", FILFIFO},
{"-u", FILSUID},
{"-g", FILSGID},
{"-k", FILSTCK},
{"-s", FILGZ},
{"-t", FILTT},
{"-z", STREZ},
{"-n", STRNZ},
{"-h", FILSYM}, /* for backwards compat */
{"-O", FILUID},
{"-G", FILGID},
{"-L", FILSYM},
{"-S", FILSOCK},
} ops1[] = {
{"=", STREQ},
{"==", STREQ},
{"!=", STRNE},
{"<", STRLT},
{">", STRGT},
{"-eq", INTEQ},
{"-ne", INTNE},
{"-ge", INTGE},
{"-gt", INTGT},
{"-le", INTLE},
{"-lt", INTLT},
{"-nt", FILNT},
{"-ot", FILOT},
{"-ef", FILEQ},
{"!", UNOT},
{"-a", BAND},
{"-o", BOR},
{"(", LPAREN},
{")", RPAREN},
{"", 0}
}, opsm1[] = {
{"r", FILRD},
{"w", FILWR},
{"x", FILEX},
{"e", FILEXIST},
{"f", FILREG},
{"d", FILDIR},
{"c", FILCDEV},
{"b", FILBDEV},
{"p", FILFIFO},
{"u", FILSUID},
{"g", FILSGID},
{"k", FILSTCK},
{"s", FILGZ},
{"t", FILTT},
{"z", STREZ},
{"n", STRNZ},
{"h", FILSYM}, /* for backwards compat */
{"O", FILUID},
{"G", FILGID},
{"L", FILSYM},
{"S", FILSOCK},
{"a", BAND},
{"o", BOR},
}, ops2[] = {
{"==", STREQ},
{"!=", STRNE},
}, opsm2[] = {
{"eq", INTEQ},
{"ne", INTNE},
{"ge", INTGE},
{"gt", INTGT},
{"le", INTLE},
{"lt", INTLT},
{"nt", FILNT},
{"ot", FILOT},
{"ef", FILEQ},
};
static int nargc;
@ -416,35 +418,71 @@ filstat(char *nm, enum token mode)
}
}
static enum token
t_lex(char *s)
static int
find_op_1char(const struct t_op *op, const struct t_op *end, const char *s)
{
struct t_op const *op = ops;
char c;
if (s == 0) {
return EOI;
}
while (*op->op_text) {
if (strcmp(s, op->op_text) == 0) {
if (((TOKEN_TYPE(op->op_num) == UNOP ||
TOKEN_TYPE(op->op_num) == BUNOP)
&& isunopoperand()) ||
(op->op_num == LPAREN && islparenoperand()) ||
(op->op_num == RPAREN && isrparenoperand()))
break;
c = s[0];
while (op != end) {
if (c == *op->op_text)
return op->op_num;
}
op++;
}
return OPERAND;
}
static int
find_op_2char(const struct t_op *op, const struct t_op *end, const char *s)
{
while (op != end) {
if (s[0] == op->op_text[0] && s[1] == op->op_text[1])
return op->op_num;
op++;
}
return OPERAND;
}
static int
find_op(const char *s)
{
if (s[0] == '\0')
return OPERAND;
else if (s[1] == '\0')
return find_op_1char(ops1, (&ops1)[1], s);
else if (s[2] == '\0')
return s[0] == '-' ? find_op_1char(opsm1, (&opsm1)[1], s + 1) :
find_op_2char(ops2, (&ops2)[1], s);
else if (s[3] == '\0')
return s[0] == '-' ? find_op_2char(opsm2, (&opsm2)[1], s + 1) :
OPERAND;
else
return OPERAND;
}
static enum token
t_lex(char *s)
{
int num;
if (s == 0) {
return EOI;
}
num = find_op(s);
if (((TOKEN_TYPE(num) == UNOP || TOKEN_TYPE(num) == BUNOP)
&& isunopoperand()) ||
(num == LPAREN && islparenoperand()) ||
(num == RPAREN && isrparenoperand()))
return OPERAND;
return num;
}
static int
isunopoperand(void)
{
struct t_op const *op = ops;
char *s;
char *t;
int num;
if (nargc == 1)
return 1;
@ -452,20 +490,16 @@ isunopoperand(void)
if (nargc == 2)
return parenlevel == 1 && strcmp(s, ")") == 0;
t = *(t_wp + 2);
while (*op->op_text) {
if (strcmp(s, op->op_text) == 0)
return TOKEN_TYPE(op->op_num) == BINOP &&
num = find_op(s);
return TOKEN_TYPE(num) == BINOP &&
(parenlevel == 0 || t[0] != ')' || t[1] != '\0');
op++;
}
return 0;
}
static int
islparenoperand(void)
{
struct t_op const *op = ops;
char *s;
int num;
if (nargc == 1)
return 1;
@ -474,12 +508,8 @@ islparenoperand(void)
return parenlevel == 1 && strcmp(s, ")") == 0;
if (nargc != 3)
return 0;
while (*op->op_text) {
if (strcmp(s, op->op_text) == 0)
return TOKEN_TYPE(op->op_num) == BINOP;
op++;
}
return 0;
num = find_op(s);
return TOKEN_TYPE(num) == BINOP;
}
static int

View File

@ -26,6 +26,7 @@
/*
* Copyright (c) 2012 by Delphix. All rights reserved.
* Copyright (c) 2015 by Syneto S.R.L. All rights reserved.
*/
/*
@ -246,8 +247,9 @@ zpool_get_features(zpool_handle_t *zhp)
config = zpool_get_config(zhp, NULL);
}
verify(nvlist_lookup_nvlist(config, ZPOOL_CONFIG_FEATURE_STATS,
&features) == 0);
if (nvlist_lookup_nvlist(config, ZPOOL_CONFIG_FEATURE_STATS,
&features) != 0)
return (NULL);
return (features);
}

View File

@ -982,7 +982,7 @@ handle_rtmsg(struct rt_msghdr *rtm)
{
struct sockaddr *addrs[RTAX_MAX];
struct if_msghdr *ifm;
struct ifa_msghdr ifam;
struct ifa_msghdr ifam, *ifamp;
struct ifma_msghdr *ifmam;
#ifdef RTM_IFANNOUNCE
struct if_announcemsghdr *ifan;
@ -1002,8 +1002,9 @@ handle_rtmsg(struct rt_msghdr *rtm)
switch (rtm->rtm_type) {
case RTM_NEWADDR:
memcpy(&ifam, rtm, sizeof(ifam));
mib_extract_addrs(ifam.ifam_addrs, (u_char *)(&ifam + 1), addrs);
ifamp = (struct ifa_msghdr *)rtm;
memcpy(&ifam, ifamp, sizeof(ifam));
mib_extract_addrs(ifam.ifam_addrs, (u_char *)(ifamp + 1), addrs);
if (addrs[RTAX_IFA] == NULL || addrs[RTAX_NETMASK] == NULL)
break;
@ -1029,8 +1030,9 @@ handle_rtmsg(struct rt_msghdr *rtm)
break;
case RTM_DELADDR:
memcpy(&ifam, rtm, sizeof(ifam));
mib_extract_addrs(ifam.ifam_addrs, (u_char *)(&ifam + 1), addrs);
ifamp = (struct ifa_msghdr *)rtm;
memcpy(&ifam, ifamp, sizeof(ifam));
mib_extract_addrs(ifam.ifam_addrs, (u_char *)(ifamp + 1), addrs);
if (addrs[RTAX_IFA] == NULL)
break;

View File

@ -1053,8 +1053,9 @@ static struct {
static const char *
r_type(unsigned int mach, unsigned int type)
{
static char s_type[32];
switch(mach) {
case EM_NONE: return "";
case EM_386:
case EM_IAMCU:
switch(type) {
@ -1089,8 +1090,8 @@ r_type(unsigned int mach, unsigned int type)
case 35: return "R_386_TLS_DTPMOD32";
case 36: return "R_386_TLS_DTPOFF32";
case 37: return "R_386_TLS_TPOFF32";
default: return "";
}
break;
case EM_AARCH64:
switch(type) {
case 0: return "R_AARCH64_NONE";
@ -1145,6 +1146,16 @@ r_type(unsigned int mach, unsigned int type)
case 311: return "R_AARCH64_ADR_GOT_PAGE";
case 312: return "R_AARCH64_LD64_GOT_LO12_NC";
case 313: return "R_AARCH64_LD64_GOTPAGE_LO15";
case 560: return "R_AARCH64_TLSDESC_LD_PREL19";
case 561: return "R_AARCH64_TLSDESC_ADR_PREL21";
case 562: return "R_AARCH64_TLSDESC_ADR_PAGE21";
case 563: return "R_AARCH64_TLSDESC_LD64_LO12";
case 564: return "R_AARCH64_TLSDESC_ADD_LO12";
case 565: return "R_AARCH64_TLSDESC_OFF_G1";
case 566: return "R_AARCH64_TLSDESC_OFF_G0_NC";
case 567: return "R_AARCH64_TLSDESC_LDR";
case 568: return "R_AARCH64_TLSDESC_ADD";
case 569: return "R_AARCH64_TLSDESC_CALL";
case 1024: return "R_AARCH64_COPY";
case 1025: return "R_AARCH64_GLOB_DAT";
case 1026: return "R_AARCH64_JUMP_SLOT";
@ -1154,8 +1165,8 @@ r_type(unsigned int mach, unsigned int type)
case 1030: return "R_AARCH64_TLS_TPREL64";
case 1031: return "R_AARCH64_TLSDESC";
case 1032: return "R_AARCH64_IRELATIVE";
default: return "";
}
break;
case EM_ARM:
switch(type) {
case 0: return "R_ARM_NONE";
@ -1206,8 +1217,8 @@ r_type(unsigned int mach, unsigned int type)
case 253: return "R_ARM_RABS32";
case 254: return "R_ARM_RPC24";
case 255: return "R_ARM_RBASE";
default: return "";
}
break;
case EM_IA_64:
switch(type) {
case 0: return "R_IA_64_NONE";
@ -1290,8 +1301,8 @@ r_type(unsigned int mach, unsigned int type)
case 182: return "R_IA_64_DTPREL64MSB";
case 183: return "R_IA_64_DTPREL64LSB";
case 186: return "R_IA_64_LTOFF_DTPREL22";
default: return "";
}
break;
case EM_MIPS:
switch(type) {
case 0: return "R_MIPS_NONE";
@ -1324,9 +1335,8 @@ r_type(unsigned int mach, unsigned int type)
case 48: return "R_MIPS_TLS_TPREL64";
case 49: return "R_MIPS_TLS_TPREL_HI16";
case 50: return "R_MIPS_TLS_TPREL_LO16";
default: return "";
}
break;
case EM_PPC:
switch(type) {
case 0: return "R_PPC_NONE";
@ -1406,8 +1416,8 @@ r_type(unsigned int mach, unsigned int type)
case 114: return "R_PPC_EMB_RELST_HA";
case 115: return "R_PPC_EMB_BIT_FLD";
case 116: return "R_PPC_EMB_RELSDA";
default: return "";
}
break;
case EM_RISCV:
switch(type) {
case 0: return "R_RISCV_NONE";
@ -1453,6 +1463,7 @@ r_type(unsigned int mach, unsigned int type)
case 44: return "R_RISCV_RVC_BRANCH";
case 45: return "R_RISCV_RVC_JUMP";
}
break;
case EM_SPARC:
case EM_SPARCV9:
switch(type) {
@ -1536,8 +1547,8 @@ r_type(unsigned int mach, unsigned int type)
case 77: return "R_SPARC_TLS_DTPOFF64";
case 78: return "R_SPARC_TLS_TPOFF32";
case 79: return "R_SPARC_TLS_TPOFF64";
default: return "";
}
break;
case EM_X86_64:
switch(type) {
case 0: return "R_X86_64_NONE";
@ -1578,10 +1589,12 @@ r_type(unsigned int mach, unsigned int type)
case 35: return "R_X86_64_TLSDESC_CALL";
case 36: return "R_X86_64_TLSDESC";
case 37: return "R_X86_64_IRELATIVE";
default: return "";
}
default: return "";
break;
}
snprintf(s_type, sizeof(s_type), "<unknown: %#x>", type);
return (s_type);
}
static const char *

View File

@ -1,8 +0,0 @@
*.log
*.trs
*.plist
test_basic
test_generate
test_schema
test_speed

View File

@ -1,46 +0,0 @@
# Object files
*.o
# Libraries
*.lib
*.a
# Shared objects (inc. Windows DLLs)
*.dll
*.so
*.so.*
*.dylib
# Executables
*.exe
*.app
*~
*.orig
aclocal.m4
ar-lib
autom4te.cache
build
compile
config.guess
config.h.in
config.sub
depcomp
install-sh
ltmain.sh
missing
m4
Makefile.in
configure
.DS_Store
xoconfig.h.in
xo_config.h.in
.gdbinit
.gdbinit.local
xtest
xtest.dSYM
tests/w

View File

@ -5,7 +5,6 @@
PROG= cmatose
MAN=
SRCS= cmatose.c
LDADD+= -libverbs -lrdmacm -lpthread
LDADD+= -lmlx4
LIBADD= ibverbs rdmacm pthread mlx4
.include <bsd.prog.mk>

View File

@ -5,7 +5,6 @@
PROG= mckey
MAN=
SRCS= mckey.c
LDADD+= -libverbs -lrdmacm -lpthread
LDADD+= -lmlx4
LIBADD= ibverbs rdmacm pthread mlx4
.include <bsd.prog.mk>

View File

@ -5,7 +5,6 @@
PROG= udaddy
MAN=
SRCS= udaddy.c
LDADD+= -libverbs -lrdmacm -lpthread
LDADD+= -lmlx4
LIBADD= ibverbs rdmacm pthread mlx4
.include <bsd.prog.mk>

View File

@ -1,5 +1,5 @@
PKG= openresolv
VERSION= 3.7.0
VERSION= 3.7.1
# Nasty hack so that make clean works without configure being run
_CONFIG_MK!= test -e config.mk && echo config.mk || echo config-null.mk
@ -37,7 +37,7 @@ SED_RESTARTCMD= -e 's:@RESTARTCMD \(.*\)@:${RESTARTCMD}:g'
DISTPREFIX?= ${PKG}-${VERSION}
DISTFILEGZ?= ${DISTPREFIX}.tar.gz
DISTFILE?= ${DISTPREFIX}.tar.bz2
DISTFILE?= ${DISTPREFIX}.tar.xz
FOSSILID?= current
.SUFFIXES: .in
@ -77,9 +77,9 @@ install: proginstall maninstall
import:
rm -rf /tmp/${DISTPREFIX}
${INSTALL} -d /tmp/${DISTPREFIX}
cp README ${SRCS} /tmp/${DISPREFIX}
cp README ${SRCS} /tmp/${DISTPREFIX}
dist:
fossil tarball --name ${DISTPREFIX} ${FOSSILID} ${DISTFILEGZ}
gunzip -c ${DISTFILEGZ} | bzip2 >${DISTFILE}
gunzip -c ${DISTFILEGZ} | xz >${DISTFILE}
rm ${DISTFILEGZ}

View File

@ -22,7 +22,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.Dd April 27, 2014
.Dd April 27, 2015
.Dt RESOLVCONF 8
.Os
.Sh NAME

View File

@ -22,7 +22,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.Dd March 20, 2015
.Dd May 14, 2015
.Dt RESOLVCONF.CONF 5
.Os
.Sh NAME
@ -91,6 +91,11 @@ To remove a block, you can use 192.168.*
These interfaces name servers will only be queried for the domains listed
in their resolv.conf.
Useful for VPN domains.
Setting
.Sy private_interfaces Ns ="*"
will stop the forwarding of the root zone and allows the local resolver to
recursively query the root servers directly.
Requires a local nameserver other than libc.
This is equivalent to the
.Nm resolvconf -p
option.
@ -149,7 +154,7 @@ When set to /dev/null or NULL,
.Sy resolv_conf_local_only
is defaulted to NO,
.Sy local_nameservers
is unset unless overriden and only the information set in
is unset unless overridden and only the information set in
.Nm
is written to
.Sy resolv_conf .
@ -271,7 +276,7 @@ Each subscriber attempts to automatically configure itself, but not every
distribution has been catered for.
Also, users could equally want to use a different version from the one
installed by default, such as bind8 and bind9.
To accomodate this, the subscribers have these files in configurable
To accommodate this, the subscribers have these files in configurable
variables, documented below.
.Pp
.Bl -tag -width indent

View File

@ -50,7 +50,6 @@ elif [ -d "$SYSCONFDIR/resolvconf" ]; then
interface_order="$(cat "$SYSCONFDIR"/interface-order)"
fi
fi
TMPDIR="$VARDIR/tmp"
IFACEDIR="$VARDIR/interfaces"
METRICDIR="$VARDIR/metrics"
PRIVATEDIR="$VARDIR/private"

View File

@ -45,7 +45,8 @@ for d in $DOMAINS; do
ns="${d#*:}"
case "$unbound_insecure" in
[Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1)
newconf="$newconf${NL}domain-insecure: \"$dn\""
newconf="$newconf${NL}server:$NL"
newconf="$newconf domain-insecure: \"$dn\"$NL"
;;
esac
newconf="$newconf${NL}forward-zone:$NL name: \"$dn\"$NL"

View File

@ -42,6 +42,7 @@ __FBSDID("$FreeBSD$");
#include <fcntl.h>
#include <stdio.h>
#include <unistd.h>
#include <string.h>
#include <strings.h>
#include <stdlib.h>
#include <sysexits.h>

View File

@ -1,38 +0,0 @@
*.lo
*.o
/.libs/
/Makefile
/autom4te.cache/
/config.h
/config.log
/config.status
/dnstap/dnstap_config.h
/doc/example.conf
/doc/libunbound.3
/doc/unbound-anchor.8
/doc/unbound-checkconf.8
/doc/unbound-control.8
/doc/unbound-host.1
/doc/unbound.8
/doc/unbound.conf.5
/libtool
/libunbound.la
/smallapp/unbound-control-setup.sh
/unbound
/unbound-anchor
/unbound-checkconf
/unbound-control
/unbound-control-setup
/unbound-host
/unbound.h
/asynclook
/delayer
/lock-verify
/memstats
/perf
/petal
/pktview
/streamtcp
/testbound
/unittest

View File

@ -45,7 +45,7 @@
# Authentication:
#LoginGraceTime 2m
#PermitRootLogin prohibit-password
#PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

View File

@ -1217,7 +1217,7 @@ The argument must be
or
.Dq no .
The default is
.Dq prohibit-password .
.Dq no .
Note that if
.Cm ChallengeResponseAuthentication
is

View File

@ -1,30 +1,2 @@
The OpenSSL project depends on volunteer efforts and financial support from
the end user community. That support comes in the form of donations and paid
sponsorships, software support contracts, paid consulting services
and commissioned software development.
Since all these activities support the continued development and improvement
of OpenSSL we consider all these clients and customers as sponsors of the
OpenSSL project.
We would like to identify and thank the following such sponsors for their past
or current significant support of the OpenSSL project:
Major support:
Qualys http://www.qualys.com/
Very significant support:
OpenGear: http://www.opengear.com/
Significant support:
PSW Group: http://www.psw.net/
Acano Ltd. http://acano.com/
Please note that we ask permission to identify sponsors and that some sponsors
we consider eligible for inclusion here have requested to remain anonymous.
Additional sponsorship or financial support is always welcome: for more
information please contact the OpenSSL Software Foundation.
Please https://www.openssl.org/community/thanks.html for the current
acknowledgements.

View File

@ -2,6 +2,54 @@
OpenSSL CHANGES
_______________
Changes between 1.0.2e and 1.0.2f [28 Jan 2016]
*) DH small subgroups
Historically OpenSSL only ever generated DH parameters based on "safe"
primes. More recently (in version 1.0.2) support was provided for
generating X9.42 style parameter files such as those required for RFC 5114
support. The primes used in such files may not be "safe". Where an
application is using DH configured with parameters based on primes that are
not "safe" then an attacker could use this fact to find a peer's private
DH exponent. This attack requires that the attacker complete multiple
handshakes in which the peer uses the same private DH exponent. For example
this could be used to discover a TLS server's private DH exponent if it's
reusing the private DH exponent or it's using a static DH ciphersuite.
OpenSSL provides the option SSL_OP_SINGLE_DH_USE for ephemeral DH (DHE) in
TLS. It is not on by default. If the option is not set then the server
reuses the same private DH exponent for the life of the server process and
would be vulnerable to this attack. It is believed that many popular
applications do set this option and would therefore not be at risk.
The fix for this issue adds an additional check where a "q" parameter is
available (as is the case in X9.42 based parameters). This detects the
only known attack, and is the only possible defense for static DH
ciphersuites. This could have some performance impact.
Additionally the SSL_OP_SINGLE_DH_USE option has been switched on by
default and cannot be disabled. This could have some performance impact.
This issue was reported to OpenSSL by Antonio Sanso (Adobe).
(CVE-2016-0701)
[Matt Caswell]
*) SSLv2 doesn't block disabled ciphers
A malicious client can negotiate SSLv2 ciphers that have been disabled on
the server and complete SSLv2 handshakes even if all SSLv2 ciphers have
been disabled, provided that the SSLv2 protocol was not also disabled via
SSL_OP_NO_SSLv2.
This issue was reported to OpenSSL on 26th December 2015 by Nimrod Aviram
and Sebastian Schinzel.
(CVE-2015-3197)
[Viktor Dukhovni]
*) Reject DH handshakes with parameters shorter than 1024 bits.
[Kurt Roeckx]
Changes between 1.0.2d and 1.0.2e [3 Dec 2015]
*) BN_mod_exp may produce incorrect results on x86_64

View File

@ -124,6 +124,9 @@ my $clang_disabled_warnings = "-Wno-unused-parameter -Wno-missing-field-initiali
# -Wextended-offsetof
my $clang_devteam_warn = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Qunused-arguments";
# Warn that "make depend" should be run?
my $warn_make_depend = 0;
my $strict_warnings = 0;
my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
@ -1513,7 +1516,7 @@ if ($target =~ /\-icc$/) # Intel C compiler
# linker only when --prefix is not /usr.
if ($target =~ /^BSD\-/)
{
$shared_ldflag.=" -Wl,-rpath,\$(LIBRPATH)" if ($prefix !~ m|^/usr[/]*$|);
$shared_ldflag.=" -Wl,-rpath,\$\$(LIBRPATH)" if ($prefix !~ m|^/usr[/]*$|);
}
if ($sys_id ne "")
@ -2028,13 +2031,7 @@ EOF
&dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
}
if ($depflags ne $default_depflags && !$make_depend) {
print <<EOF;
Since you've disabled or enabled at least one algorithm, you need to do
the following before building:
make depend
EOF
$warn_make_depend++;
}
}
@ -2114,12 +2111,18 @@ EOF
print <<\EOF if ($no_shared_warn);
You gave the option 'shared'. Normally, that would give you shared libraries.
Unfortunately, the OpenSSL configuration doesn't include shared library support
for this platform yet, so it will pretend you gave the option 'no-shared'. If
you can inform the developpers (openssl-dev\@openssl.org) how to support shared
libraries on this platform, they will at least look at it and try their best
(but please first make sure you have tried with a current version of OpenSSL).
You gave the option 'shared', which is not supported on this platform, so
we will pretend you gave the option 'no-shared'. If you know how to implement
shared libraries, please let us know (but please first make sure you have
tried with a current version of OpenSSL).
EOF
print <<EOF if ($warn_make_depend);
*** Because of configuration changes, you MUST do the following before
*** building:
make depend
EOF
exit(0);

View File

@ -164,10 +164,10 @@
standard headers). If it is a problem with OpenSSL itself, please
report the problem to <openssl-bugs@openssl.org> (note that your
message will be recorded in the request tracker publicly readable
via http://www.openssl.org/support/rt.html and will be forwarded to a
public mailing list). Include the output of "make report" in your message.
Please check out the request tracker. Maybe the bug was already
reported or has already been fixed.
at https://www.openssl.org/community/index.html#bugs and will be
forwarded to a public mailing list). Include the output of "make
report" in your message. Please check out the request tracker. Maybe
the bug was already reported or has already been fixed.
[If you encounter assembler error messages, try the "no-asm"
configuration option as an immediate fix.]

View File

@ -12,7 +12,7 @@
---------------
/* ====================================================================
* Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved.
* Copyright (c) 1998-2016 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions

View File

@ -4,7 +4,7 @@
## Makefile for OpenSSL
##
VERSION=1.0.2e
VERSION=1.0.2f
MAJOR=1
MINOR=0.2
SHLIB_VERSION_NUMBER=1.0.0
@ -182,8 +182,7 @@ SHARED_LDFLAGS=
GENERAL= Makefile
BASENAME= openssl
NAME= $(BASENAME)-$(VERSION)
TARFILE= $(NAME).tar
WTARFILE= $(NAME)-win.tar
TARFILE= ../$(NAME).tar
EXHEADER= e_os2.h
HEADER= e_os.h
@ -501,38 +500,35 @@ TABLE: Configure
# would occur. Therefore the list of files is temporarily stored into a file
# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
# tar does not support the --files-from option.
TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list \
--owner openssl:0 --group openssl:0 \
--transform 's|^|openssl-$(VERSION)/|' \
TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from $(TARFILE).list \
--owner 0 --group 0 \
--transform 's|^|$(NAME)/|' \
-cvf -
../$(TARFILE).list:
$(TARFILE).list:
find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \
\! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \
\! -name '*test' \! -name '.#*' \! -name '*~' \
| sort > ../$(TARFILE).list
\( \! -name '*test' -o -name bctest -o -name pod2mantest \) \
\! -name '.#*' \! -name '*~' \! -type l \
| sort > $(TARFILE).list
tar: ../$(TARFILE).list
tar: $(TARFILE).list
find . -type d -print | xargs chmod 755
find . -type f -print | xargs chmod a+r
find . -type f -perm -0100 -print | xargs chmod a+x
$(TAR_COMMAND) | gzip --best >../$(TARFILE).gz
rm -f ../$(TARFILE).list
ls -l ../$(TARFILE).gz
$(TAR_COMMAND) | gzip --best > $(TARFILE).gz
rm -f $(TARFILE).list
ls -l $(TARFILE).gz
tar-snap: ../$(TARFILE).list
$(TAR_COMMAND) > ../$(TARFILE)
rm -f ../$(TARFILE).list
ls -l ../$(TARFILE)
tar-snap: $(TARFILE).list
$(TAR_COMMAND) > $(TARFILE)
rm -f $(TARFILE).list
ls -l $(TARFILE)
dist:
$(PERL) Configure dist
@$(MAKE) dist_pem_h
@$(MAKE) SDIRS='$(SDIRS)' clean
@$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' tar
dist_pem_h:
(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
@$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
install: all install_docs install_sw

View File

@ -180,8 +180,7 @@ SHARED_LDFLAGS=
GENERAL= Makefile
BASENAME= openssl
NAME= $(BASENAME)-$(VERSION)
TARFILE= $(NAME).tar
WTARFILE= $(NAME)-win.tar
TARFILE= ../$(NAME).tar
EXHEADER= e_os2.h
HEADER= e_os.h
@ -499,38 +498,35 @@ TABLE: Configure
# would occur. Therefore the list of files is temporarily stored into a file
# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
# tar does not support the --files-from option.
TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list \
--owner openssl:0 --group openssl:0 \
--transform 's|^|openssl-$(VERSION)/|' \
TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from $(TARFILE).list \
--owner 0 --group 0 \
--transform 's|^|$(NAME)/|' \
-cvf -
../$(TARFILE).list:
$(TARFILE).list:
find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \
\! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \
\! -name '*test' \! -name '.#*' \! -name '*~' \
| sort > ../$(TARFILE).list
\( \! -name '*test' -o -name bctest -o -name pod2mantest \) \
\! -name '.#*' \! -name '*~' \! -type l \
| sort > $(TARFILE).list
tar: ../$(TARFILE).list
tar: $(TARFILE).list
find . -type d -print | xargs chmod 755
find . -type f -print | xargs chmod a+r
find . -type f -perm -0100 -print | xargs chmod a+x
$(TAR_COMMAND) | gzip --best >../$(TARFILE).gz
rm -f ../$(TARFILE).list
ls -l ../$(TARFILE).gz
$(TAR_COMMAND) | gzip --best > $(TARFILE).gz
rm -f $(TARFILE).list
ls -l $(TARFILE).gz
tar-snap: ../$(TARFILE).list
$(TAR_COMMAND) > ../$(TARFILE)
rm -f ../$(TARFILE).list
ls -l ../$(TARFILE)
tar-snap: $(TARFILE).list
$(TAR_COMMAND) > $(TARFILE)
rm -f $(TARFILE).list
ls -l $(TARFILE)
dist:
$(PERL) Configure dist
@$(MAKE) dist_pem_h
@$(MAKE) SDIRS='$(SDIRS)' clean
@$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' tar
dist_pem_h:
(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
@$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
install: all install_docs install_sw

View File

@ -5,6 +5,11 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
Major changes between OpenSSL 1.0.2e and OpenSSL 1.0.2f [28 Jan 2016]
o DH small subgroups (CVE-2016-0701)
o SSLv2 doesn't block disabled ciphers (CVE-2015-3197)
Major changes between OpenSSL 1.0.2d and OpenSSL 1.0.2e [3 Dec 2015]
o BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193)

View File

@ -1,5 +1,5 @@
OpenSSL 1.0.2e 3 Dec 2015
OpenSSL 1.0.2f 28 Jan 2016
Copyright (c) 1998-2015 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
@ -90,11 +90,12 @@
In order to avoid spam, this is a moderated mailing list, and it might
take a day for the ticket to show up. (We also scan posts to make sure
that security disclosures aren't publically posted by mistake.) Mail to
this address is recorded in the public RT (request tracker) database (see
https://www.openssl.org/support/rt.html for details) and also forwarded
the public openssl-dev mailing list. Confidential mail may be sent to
openssl-security@openssl.org (PGP key available from the key servers).
that security disclosures aren't publically posted by mistake.) Mail
to this address is recorded in the public RT (request tracker) database
(see https://www.openssl.org/community/index.html#bugs for details) and
also forwarded the public openssl-dev mailing list. Confidential mail
may be sent to openssl-security@openssl.org (PGP key available from the
key servers).
Please do NOT use this for general assistance or support queries.
Just because something doesn't work the way you expect does not mean it

View File

@ -1,4 +1,4 @@
/* apps/engine.c -*- mode: C; c-file-style: "eay" -*- */
/* apps/engine.c */
/*
* Written by Richard Levitte <richard@levitte.org> for the OpenSSL project
* 2000.

View File

@ -1041,7 +1041,7 @@ static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req,
bs = OCSP_BASICRESP_new();
thisupd = X509_gmtime_adj(NULL, 0);
if (ndays != -1)
nextupd = X509_gmtime_adj(NULL, nmin * 60 + ndays * 3600 * 24);
nextupd = X509_time_adj_ex(NULL, ndays, nmin * 60, NULL);
/* Examine each certificate id in the request */
for (i = 0; i < id_count; i++) {

View File

@ -79,7 +79,8 @@ const EVP_CIPHER *enc;
# define CLCERTS 0x8
# define CACERTS 0x10
int get_cert_chain(X509 *cert, X509_STORE *store, STACK_OF(X509) **chain);
static int get_cert_chain(X509 *cert, X509_STORE *store,
STACK_OF(X509) **chain);
int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen,
int options, char *pempass);
int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags,
@ -594,7 +595,7 @@ int MAIN(int argc, char **argv)
vret = get_cert_chain(ucert, store, &chain2);
X509_STORE_free(store);
if (!vret) {
if (vret == X509_V_OK) {
/* Exclude verified certificate */
for (i = 1; i < sk_X509_num(chain2); i++)
sk_X509_push(certs, sk_X509_value(chain2, i));
@ -602,7 +603,7 @@ int MAIN(int argc, char **argv)
X509_free(sk_X509_value(chain2, 0));
sk_X509_free(chain2);
} else {
if (vret >= 0)
if (vret != X509_V_ERR_UNSPECIFIED)
BIO_printf(bio_err, "Error %s getting chain.\n",
X509_verify_cert_error_string(vret));
else
@ -906,36 +907,25 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass,
/* Given a single certificate return a verified chain or NULL if error */
/* Hope this is OK .... */
int get_cert_chain(X509 *cert, X509_STORE *store, STACK_OF(X509) **chain)
static int get_cert_chain(X509 *cert, X509_STORE *store,
STACK_OF(X509) **chain)
{
X509_STORE_CTX store_ctx;
STACK_OF(X509) *chn;
STACK_OF(X509) *chn = NULL;
int i = 0;
/*
* FIXME: Should really check the return status of X509_STORE_CTX_init
* for an error, but how that fits into the return value of this function
* is less obvious.
*/
X509_STORE_CTX_init(&store_ctx, store, cert, NULL);
if (X509_verify_cert(&store_ctx) <= 0) {
i = X509_STORE_CTX_get_error(&store_ctx);
if (i == 0)
/*
* avoid returning 0 if X509_verify_cert() did not set an
* appropriate error value in the context
*/
i = -1;
chn = NULL;
goto err;
} else
if (!X509_STORE_CTX_init(&store_ctx, store, cert, NULL)) {
*chain = NULL;
return X509_V_ERR_UNSPECIFIED;
}
if (X509_verify_cert(&store_ctx) > 0)
chn = X509_STORE_CTX_get1_chain(&store_ctx);
err:
else if ((i = X509_STORE_CTX_get_error(&store_ctx)) == 0)
i = X509_V_ERR_UNSPECIFIED;
X509_STORE_CTX_cleanup(&store_ctx);
*chain = chn;
return i;
}

View File

@ -74,10 +74,11 @@ static void usage(void);
static EVP_PKEY_CTX *init_ctx(int *pkeysize,
char *keyfile, int keyform, int key_type,
char *passargin, int pkey_op, ENGINE *e);
char *passargin, int pkey_op, ENGINE *e,
int impl);
static int setup_peer(BIO *err, EVP_PKEY_CTX *ctx, int peerform,
const char *file);
const char *file, ENGINE* e);
static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op,
unsigned char *out, size_t *poutlen,
@ -97,6 +98,7 @@ int MAIN(int argc, char **argv)
EVP_PKEY_CTX *ctx = NULL;
char *passargin = NULL;
int keysize = -1;
int engine_impl = 0;
unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL;
size_t buf_outlen;
@ -137,7 +139,7 @@ int MAIN(int argc, char **argv)
else {
ctx = init_ctx(&keysize,
*(++argv), keyform, key_type,
passargin, pkey_op, e);
passargin, pkey_op, e, engine_impl);
if (!ctx) {
BIO_puts(bio_err, "Error initializing context\n");
ERR_print_errors(bio_err);
@ -147,7 +149,7 @@ int MAIN(int argc, char **argv)
} else if (!strcmp(*argv, "-peerkey")) {
if (--argc < 1)
badarg = 1;
else if (!setup_peer(bio_err, ctx, peerform, *(++argv)))
else if (!setup_peer(bio_err, ctx, peerform, *(++argv), e))
badarg = 1;
} else if (!strcmp(*argv, "-passin")) {
if (--argc < 1)
@ -171,6 +173,8 @@ int MAIN(int argc, char **argv)
badarg = 1;
else
e = setup_engine(bio_err, *(++argv), 0);
} else if (!strcmp(*argv, "-engine_impl")) {
engine_impl = 1;
}
#endif
else if (!strcmp(*argv, "-pubin"))
@ -368,7 +372,8 @@ static void usage()
BIO_printf(bio_err, "-hexdump hex dump output\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err,
"-engine e use engine e, possibly a hardware device.\n");
"-engine e use engine e, maybe a hardware device, for loading keys.\n");
BIO_printf(bio_err, "-engine_impl also use engine given by -engine for crypto operations\n");
#endif
BIO_printf(bio_err, "-passin arg pass phrase source\n");
@ -376,10 +381,12 @@ static void usage()
static EVP_PKEY_CTX *init_ctx(int *pkeysize,
char *keyfile, int keyform, int key_type,
char *passargin, int pkey_op, ENGINE *e)
char *passargin, int pkey_op, ENGINE *e,
int engine_impl)
{
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *ctx = NULL;
ENGINE *impl = NULL;
char *passin = NULL;
int rv = -1;
X509 *x;
@ -419,7 +426,12 @@ static EVP_PKEY_CTX *init_ctx(int *pkeysize,
if (!pkey)
goto end;
ctx = EVP_PKEY_CTX_new(pkey, e);
#ifndef OPENSSL_NO_ENGINE
if (engine_impl)
impl = e;
#endif
ctx = EVP_PKEY_CTX_new(pkey, impl);
EVP_PKEY_free(pkey);
@ -467,16 +479,20 @@ static EVP_PKEY_CTX *init_ctx(int *pkeysize,
}
static int setup_peer(BIO *err, EVP_PKEY_CTX *ctx, int peerform,
const char *file)
const char *file, ENGINE* e)
{
EVP_PKEY *peer = NULL;
ENGINE* engine = NULL;
int ret;
if (!ctx) {
BIO_puts(err, "-peerkey command before -inkey\n");
return 0;
}
peer = load_pubkey(bio_err, file, peerform, 0, NULL, NULL, "Peer Key");
if (peerform == FORMAT_ENGINE)
engine = e;
peer = load_pubkey(bio_err, file, peerform, 0, NULL, engine, "Peer Key");
if (!peer) {
BIO_printf(bio_err, "Error reading peer key %s\n", file);

View File

@ -308,7 +308,7 @@ static void sc_usage(void)
" -connect host:port - who to connect to (default is %s:%s)\n",
SSL_HOST_NAME, PORT_STR);
BIO_printf(bio_err,
" -verify_host host - check peer certificate matches \"host\"\n");
" -verify_hostname host - check peer certificate matches \"host\"\n");
BIO_printf(bio_err,
" -verify_email email - check peer certificate matches \"email\"\n");
BIO_printf(bio_err,

View File

@ -498,7 +498,7 @@ static void sv_usage(void)
BIO_printf(bio_err,
" -accept arg - port to accept on (default is %d)\n", PORT);
BIO_printf(bio_err,
" -verify_host host - check peer certificate matches \"host\"\n");
" -verify_hostname host - check peer certificate matches \"host\"\n");
BIO_printf(bio_err,
" -verify_email email - check peer certificate matches \"email\"\n");
BIO_printf(bio_err,

View File

@ -1,4 +1,4 @@
/* apps/speed.c -*- mode:C; c-file-style: "eay" -*- */
/* apps/speed.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*

View File

@ -1226,12 +1226,7 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext,
if (X509_gmtime_adj(X509_get_notBefore(x), 0) == NULL)
goto err;
/* Lets just make it 12:00am GMT, Jan 1 1970 */
/* memcpy(x->cert_info->validity->notBefore,"700101120000Z",13); */
/* 28 days to be certified */
if (X509_gmtime_adj(X509_get_notAfter(x), (long)60 * 60 * 24 * days) ==
NULL)
if (X509_time_adj_ex(X509_get_notAfter(x), days, 0, NULL) == NULL)
goto err;
if (!X509_set_pubkey(x, pkey))

View File

@ -1,4 +1,4 @@
/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
/* crypto/aes/aes.h */
/* ====================================================================
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
*

View File

@ -1,4 +1,4 @@
/* crypto/aes/aes_cbc.c -*- mode:C; c-file-style: "eay" -*- */
/* crypto/aes/aes_cbc.c */
/* ====================================================================
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
*

View File

@ -1,4 +1,4 @@
/* crypto/aes/aes_cfb.c -*- mode:C; c-file-style: "eay" -*- */
/* crypto/aes/aes_cfb.c */
/* ====================================================================
* Copyright (c) 2002-2006 The OpenSSL Project. All rights reserved.
*

View File

@ -1,4 +1,4 @@
/* crypto/aes/aes_core.c -*- mode:C; c-file-style: "eay" -*- */
/* crypto/aes/aes_core.c */
/**
* rijndael-alg-fst.c
*

View File

@ -1,4 +1,4 @@
/* crypto/aes/aes_ctr.c -*- mode:C; c-file-style: "eay" -*- */
/* crypto/aes/aes_ctr.c */
/* ====================================================================
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
*

View File

@ -1,4 +1,4 @@
/* crypto/aes/aes_ecb.c -*- mode:C; c-file-style: "eay" -*- */
/* crypto/aes/aes_ecb.c */
/* ====================================================================
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
*

View File

@ -1,4 +1,4 @@
/* crypto/aes/aes_ige.c -*- mode:C; c-file-style: "eay" -*- */
/* crypto/aes/aes_ige.c */
/* ====================================================================
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
*

View File

@ -1,4 +1,4 @@
/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
/* crypto/aes/aes.h */
/* ====================================================================
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
*

View File

@ -1,4 +1,4 @@
/* crypto/aes/aes_misc.c -*- mode:C; c-file-style: "eay" -*- */
/* crypto/aes/aes_misc.c */
/* ====================================================================
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
*

View File

@ -1,4 +1,4 @@
/* crypto/aes/aes_ofb.c -*- mode:C; c-file-style: "eay" -*- */
/* crypto/aes/aes_ofb.c */
/* ====================================================================
* Copyright (c) 2002-2006 The OpenSSL Project. All rights reserved.
*

View File

@ -1,4 +1,4 @@
/* crypto/aes/aes_core.c -*- mode:C; c-file-style: "eay" -*- */
/* crypto/aes/aes_core.c */
/**
* rijndael-alg-fst.c
*

View File

@ -63,7 +63,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
$avx = ($1>=10) + ($1>=11);
}
if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/) {
if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) {
$avx = ($2>=3.0) + ($2>3.0);
}

View File

@ -94,7 +94,7 @@ $avx=1 if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
$avx=1 if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
`ml64 2>&1` =~ /Version ([0-9]+)\./ &&
$1>=10);
$avx=1 if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/ && $2>=3.0);
$avx=1 if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/ && $2>=3.0);
$shaext=1; ### set to zero if compiling for 1.0.1

View File

@ -59,7 +59,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
$avx = ($1>=10) + ($1>=12);
}
if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/) {
if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) {
$avx = ($2>=3.0) + ($2>3.0);
}

View File

@ -479,11 +479,11 @@ struct bio_dgram_sctp_prinfo {
# define BIO_get_conn_hostname(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0)
# define BIO_get_conn_port(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)
# define BIO_get_conn_ip(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2)
# define BIO_get_conn_int_port(b) BIO_int_ctrl(b,BIO_C_GET_CONNECT,3,0)
# define BIO_get_conn_int_port(b) BIO_ctrl(b,BIO_C_GET_CONNECT,3,0,NULL)
# define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
/* BIO_s_accept_socket() */
/* BIO_s_accept() */
# define BIO_set_accept_port(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name)
# define BIO_get_accept_port(b) BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0)
/* #define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */
@ -496,6 +496,7 @@ struct bio_dgram_sctp_prinfo {
# define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL)
# define BIO_get_bind_mode(b,mode) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL)
/* BIO_s_accept() and BIO_s_connect() */
# define BIO_do_connect(b) BIO_do_handshake(b)
# define BIO_do_accept(b) BIO_do_handshake(b)
# define BIO_do_handshake(b) BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL)
@ -515,12 +516,15 @@ struct bio_dgram_sctp_prinfo {
# define BIO_get_url(b,url) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,2,(char *)(url))
# define BIO_get_no_connect_return(b) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,5,NULL)
/* BIO_s_datagram(), BIO_s_fd(), BIO_s_socket(), BIO_s_accept() and BIO_s_connect() */
# define BIO_set_fd(b,fd,c) BIO_int_ctrl(b,BIO_C_SET_FD,c,fd)
# define BIO_get_fd(b,c) BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c)
/* BIO_s_file() */
# define BIO_set_fp(b,fp,c) BIO_ctrl(b,BIO_C_SET_FILE_PTR,c,(char *)fp)
# define BIO_get_fp(b,fpp) BIO_ctrl(b,BIO_C_GET_FILE_PTR,0,(char *)fpp)
/* BIO_s_fd() and BIO_s_file() */
# define BIO_seek(b,ofs) (int)BIO_ctrl(b,BIO_C_FILE_SEEK,ofs,NULL)
# define BIO_tell(b) (int)BIO_ctrl(b,BIO_C_FILE_TELL,0,NULL)

View File

@ -1,4 +1,4 @@
/* crypto/bio/bss_bio.c -*- Mode: C; c-file-style: "eay" -*- */
/* crypto/bio/bss_bio.c */
/* ====================================================================
* Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
*

View File

@ -419,7 +419,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
{
BIO *dbio;
int *ip;
const char **pptr;
const char **pptr = NULL;
long ret = 1;
BIO_CONNECT *data;
@ -442,19 +442,28 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
case BIO_C_GET_CONNECT:
if (ptr != NULL) {
pptr = (const char **)ptr;
}
if (b->init) {
if (pptr != NULL) {
ret = 1;
if (num == 0) {
*pptr = data->param_hostname;
} else if (num == 1) {
*pptr = data->param_port;
} else if (num == 2) {
*pptr = (char *)&(data->ip[0]);
} else if (num == 3) {
*((int *)ptr) = data->port;
} else {
ret = 0;
}
if ((!b->init) || (ptr == NULL))
}
if (num == 3) {
ret = data->port;
}
} else {
if (pptr != NULL)
*pptr = "not initialized";
ret = 1;
ret = 0;
}
break;
case BIO_C_SET_CONNECT:

View File

@ -519,10 +519,8 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
switch (cmd) {
case BIO_CTRL_RESET:
num = 0;
case BIO_C_FILE_SEEK:
ret = 0;
break;
case BIO_C_FILE_TELL:
case BIO_CTRL_INFO:
ret = 0;
break;

View File

@ -113,7 +113,7 @@ if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
$addx = ($1>=12);
}
if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9])\.([0-9]+)/) {
if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9])\.([0-9]+)/) {
my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10
$addx = ($ver>=3.03);
}

View File

@ -68,7 +68,7 @@ if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
$addx = ($1>=12);
}
if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9])\.([0-9]+)/) {
if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9])\.([0-9]+)/) {
my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10
$addx = ($ver>=3.03);
}

View File

@ -53,7 +53,7 @@ if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
$addx = ($1>=12);
}
if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9])\.([0-9]+)/) {
if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9])\.([0-9]+)/) {
my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10
$addx = ($ver>=3.03);
}

View File

@ -282,9 +282,14 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
}
bits = BN_num_bits(p);
if (bits == 0) {
/* x**0 mod 1 is still zero. */
if (BN_is_one(m)) {
ret = 1;
BN_zero(r);
} else {
ret = BN_one(r);
}
return ret;
}
@ -418,7 +423,13 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
}
bits = BN_num_bits(p);
if (bits == 0) {
/* x**0 mod 1 is still zero. */
if (BN_is_one(m)) {
ret = 1;
BN_zero(rr);
} else {
ret = BN_one(rr);
}
return ret;
}
@ -639,7 +650,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top,
* precomputation memory layout to limit data-dependency to a minimum to
* protect secret exponents (cf. the hyper-threading timing attacks pointed
* out by Colin Percival,
* http://www.daemong-consideredperthreading-considered-harmful/)
* http://www.daemonology.net/hyperthreading-considered-harmful/)
*/
int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx,
@ -671,7 +682,13 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
bits = BN_num_bits(p);
if (bits == 0) {
/* x**0 mod 1 is still zero. */
if (BN_is_one(m)) {
ret = 1;
BN_zero(rr);
} else {
ret = BN_one(rr);
}
return ret;
}
@ -1182,8 +1199,9 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
if (BN_is_one(m)) {
ret = 1;
BN_zero(rr);
} else
} else {
ret = BN_one(rr);
}
return ret;
}
if (a == 0) {
@ -1297,9 +1315,14 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
}
bits = BN_num_bits(p);
if (bits == 0) {
/* x**0 mod 1 is still zero. */
if (BN_is_one(m)) {
ret = 1;
BN_zero(r);
} else {
ret = BN_one(r);
}
return ret;
}

View File

@ -72,6 +72,25 @@
static const char rnd_seed[] =
"string to make the random number generator think it has entropy";
/*
* Test that r == 0 in test_exp_mod_zero(). Returns one on success,
* returns zero and prints debug output otherwise.
*/
static int a_is_zero_mod_one(const char *method, const BIGNUM *r,
const BIGNUM *a) {
if (!BN_is_zero(r)) {
fprintf(stderr, "%s failed:\n", method);
fprintf(stderr, "a ** 0 mod 1 = r (should be 0)\n");
fprintf(stderr, "a = ");
BN_print_fp(stderr, a);
fprintf(stderr, "\nr = ");
BN_print_fp(stderr, r);
fprintf(stderr, "\n");
return 0;
}
return 1;
}
/*
* test_exp_mod_zero tests that x**0 mod 1 == 0. It returns zero on success.
*/
@ -79,8 +98,9 @@ static int test_exp_mod_zero()
{
BIGNUM a, p, m;
BIGNUM r;
BN_ULONG one_word = 1;
BN_CTX *ctx = BN_CTX_new();
int ret = 1;
int ret = 1, failed = 0;
BN_init(&m);
BN_one(&m);
@ -92,21 +112,65 @@ static int test_exp_mod_zero()
BN_zero(&p);
BN_init(&r);
BN_mod_exp(&r, &a, &p, &m, ctx);
BN_CTX_free(ctx);
if (BN_is_zero(&r))
ret = 0;
else {
printf("1**0 mod 1 = ");
BN_print_fp(stdout, &r);
printf(", should be 0\n");
if (!BN_rand(&a, 1024, 0, 0))
goto err;
if (!BN_mod_exp(&r, &a, &p, &m, ctx))
goto err;
if (!a_is_zero_mod_one("BN_mod_exp", &r, &a))
failed = 1;
if (!BN_mod_exp_recp(&r, &a, &p, &m, ctx))
goto err;
if (!a_is_zero_mod_one("BN_mod_exp_recp", &r, &a))
failed = 1;
if (!BN_mod_exp_simple(&r, &a, &p, &m, ctx))
goto err;
if (!a_is_zero_mod_one("BN_mod_exp_simple", &r, &a))
failed = 1;
if (!BN_mod_exp_mont(&r, &a, &p, &m, ctx, NULL))
goto err;
if (!a_is_zero_mod_one("BN_mod_exp_mont", &r, &a))
failed = 1;
if (!BN_mod_exp_mont_consttime(&r, &a, &p, &m, ctx, NULL)) {
goto err;
}
if (!a_is_zero_mod_one("BN_mod_exp_mont_consttime", &r, &a))
failed = 1;
/*
* A different codepath exists for single word multiplication
* in non-constant-time only.
*/
if (!BN_mod_exp_mont_word(&r, one_word, &p, &m, ctx, NULL))
goto err;
if (!BN_is_zero(&r)) {
fprintf(stderr, "BN_mod_exp_mont_word failed:\n");
fprintf(stderr, "1 ** 0 mod 1 = r (should be 0)\n");
fprintf(stderr, "r = ");
BN_print_fp(stderr, &r);
fprintf(stderr, "\n");
return 0;
}
ret = failed;
err:
BN_free(&r);
BN_free(&a);
BN_free(&p);
BN_free(&m);
BN_CTX_free(ctx);
return ret;
}

View File

@ -1,4 +1,4 @@
/* crypto/camellia/camellia.c -*- mode:C; c-file-style: "eay" -*- */
/* crypto/camellia/camellia.c */
/* ====================================================================
* Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) .
* ALL RIGHTS RESERVED.
@ -67,7 +67,7 @@
/*
* Algorithm Specification
* http://info.isl.llia/specicrypt/eng/camellia/specifications.html
* http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
*/
/*

View File

@ -1,4 +1,4 @@
/* crypto/camellia/camellia.h -*- mode:C; c-file-style: "eay" -*- */
/* crypto/camellia/camellia.h */
/* ====================================================================
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
*

View File

@ -1,4 +1,4 @@
/* crypto/camellia/camellia_cbc.c -*- mode:C; c-file-style: "eay" -*- */
/* crypto/camellia/camellia_cbc.c */
/* ====================================================================
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
*

View File

@ -1,4 +1,4 @@
/* crypto/camellia/camellia_cfb.c -*- mode:C; c-file-style: "eay" -*- */
/* crypto/camellia/camellia_cfb.c */
/* ====================================================================
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
*

View File

@ -1,4 +1,4 @@
/* crypto/camellia/camellia_ctr.c -*- mode:C; c-file-style: "eay" -*- */
/* crypto/camellia/camellia_ctr.c */
/* ====================================================================
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
*

View File

@ -1,4 +1,4 @@
/* crypto/camellia/camellia_ecb.c -*- mode:C; c-file-style: "eay" -*- */
/* crypto/camellia/camellia_ecb.c */
/* ====================================================================
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
*

View File

@ -1,4 +1,4 @@
/* crypto/camellia/camellia_locl.h -*- mode:C; c-file-style: "eay" -*- */
/* crypto/camellia/camellia_locl.h */
/* ====================================================================
* Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) .
* ALL RIGHTS RESERVED.

View File

@ -1,4 +1,4 @@
/* crypto/camellia/camellia_misc.c -*- mode:C; c-file-style: "eay" -*- */
/* crypto/camellia/camellia_misc.c */
/* ====================================================================
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
*

View File

@ -1,4 +1,4 @@
/* crypto/camellia/camellia_ofb.c -*- mode:C; c-file-style: "eay" -*- */
/* crypto/camellia/camellia_ofb.c */
/* ====================================================================
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
*

View File

@ -1,4 +1,4 @@
/* crypto/camellia/cmll_utl.c -*- mode:C; c-file-style: "eay" -*- */
/* crypto/camellia/cmll_utl.c */
/* ====================================================================
* Copyright (c) 2011 The OpenSSL Project. All rights reserved.
*

View File

@ -1,4 +1,4 @@
/* crypto/des/des_old.c -*- mode:C; c-file-style: "eay" -*- */
/* crypto/des/des_old.c */
/*-
* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING

View File

@ -1,4 +1,4 @@
/* crypto/des/des_old.h -*- mode:C; c-file-style: "eay" -*- */
/* crypto/des/des_old.h */
/*-
* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING

View File

@ -1,4 +1,4 @@
/* crypto/des/des_old.c -*- mode:C; c-file-style: "eay" -*- */
/* crypto/des/des_old.c */
/*
* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING The

View File

@ -174,6 +174,7 @@ struct dh_st {
/* DH_check_pub_key error codes */
# define DH_CHECK_PUBKEY_TOO_SMALL 0x01
# define DH_CHECK_PUBKEY_TOO_LARGE 0x02
# define DH_CHECK_PUBKEY_INVALID 0x03
/*
* primes p where (p-1)/2 is prime too are called "safe"; we define this for

View File

@ -151,23 +151,38 @@ int DH_check(const DH *dh, int *ret)
int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
{
int ok = 0;
BIGNUM *q = NULL;
BIGNUM *tmp = NULL;
BN_CTX *ctx = NULL;
*ret = 0;
q = BN_new();
if (q == NULL)
ctx = BN_CTX_new();
if (ctx == NULL)
goto err;
BN_set_word(q, 1);
if (BN_cmp(pub_key, q) <= 0)
BN_CTX_start(ctx);
tmp = BN_CTX_get(ctx);
if (tmp == NULL)
goto err;
BN_set_word(tmp, 1);
if (BN_cmp(pub_key, tmp) <= 0)
*ret |= DH_CHECK_PUBKEY_TOO_SMALL;
BN_copy(q, dh->p);
BN_sub_word(q, 1);
if (BN_cmp(pub_key, q) >= 0)
BN_copy(tmp, dh->p);
BN_sub_word(tmp, 1);
if (BN_cmp(pub_key, tmp) >= 0)
*ret |= DH_CHECK_PUBKEY_TOO_LARGE;
if (dh->q != NULL) {
/* Check pub_key^q == 1 mod p */
if (!BN_mod_exp(tmp, pub_key, dh->q, dh->p, ctx))
goto err;
if (!BN_is_one(tmp))
*ret |= DH_CHECK_PUBKEY_INVALID;
}
ok = 1;
err:
if (q != NULL)
BN_free(q);
if (ctx != NULL) {
BN_CTX_end(ctx);
BN_CTX_free(ctx);
}
return (ok);
}

View File

@ -471,6 +471,31 @@ static const unsigned char dhtest_2048_256_Z[] = {
0xC2, 0x6C, 0x5D, 0x7C
};
static const unsigned char dhtest_rfc5114_2048_224_bad_y[] = {
0x45, 0x32, 0x5F, 0x51, 0x07, 0xE5, 0xDF, 0x1C, 0xD6, 0x02, 0x82, 0xB3,
0x32, 0x8F, 0xA4, 0x0F, 0x87, 0xB8, 0x41, 0xFE, 0xB9, 0x35, 0xDE, 0xAD,
0xC6, 0x26, 0x85, 0xB4, 0xFF, 0x94, 0x8C, 0x12, 0x4C, 0xBF, 0x5B, 0x20,
0xC4, 0x46, 0xA3, 0x26, 0xEB, 0xA4, 0x25, 0xB7, 0x68, 0x8E, 0xCC, 0x67,
0xBA, 0xEA, 0x58, 0xD0, 0xF2, 0xE9, 0xD2, 0x24, 0x72, 0x60, 0xDA, 0x88,
0x18, 0x9C, 0xE0, 0x31, 0x6A, 0xAD, 0x50, 0x6D, 0x94, 0x35, 0x8B, 0x83,
0x4A, 0x6E, 0xFA, 0x48, 0x73, 0x0F, 0x83, 0x87, 0xFF, 0x6B, 0x66, 0x1F,
0xA8, 0x82, 0xC6, 0x01, 0xE5, 0x80, 0xB5, 0xB0, 0x52, 0xD0, 0xE9, 0xD8,
0x72, 0xF9, 0x7D, 0x5B, 0x8B, 0xA5, 0x4C, 0xA5, 0x25, 0x95, 0x74, 0xE2,
0x7A, 0x61, 0x4E, 0xA7, 0x8F, 0x12, 0xE2, 0xD2, 0x9D, 0x8C, 0x02, 0x70,
0x34, 0x44, 0x32, 0xC7, 0xB2, 0xF3, 0xB9, 0xFE, 0x17, 0x2B, 0xD6, 0x1F,
0x8B, 0x7E, 0x4A, 0xFA, 0xA3, 0xB5, 0x3E, 0x7A, 0x81, 0x9A, 0x33, 0x66,
0x62, 0xA4, 0x50, 0x18, 0x3E, 0xA2, 0x5F, 0x00, 0x07, 0xD8, 0x9B, 0x22,
0xE4, 0xEC, 0x84, 0xD5, 0xEB, 0x5A, 0xF3, 0x2A, 0x31, 0x23, 0xD8, 0x44,
0x22, 0x2A, 0x8B, 0x37, 0x44, 0xCC, 0xC6, 0x87, 0x4B, 0xBE, 0x50, 0x9D,
0x4A, 0xC4, 0x8E, 0x45, 0xCF, 0x72, 0x4D, 0xC0, 0x89, 0xB3, 0x72, 0xED,
0x33, 0x2C, 0xBC, 0x7F, 0x16, 0x39, 0x3B, 0xEB, 0xD2, 0xDD, 0xA8, 0x01,
0x73, 0x84, 0x62, 0xB9, 0x29, 0xD2, 0xC9, 0x51, 0x32, 0x9E, 0x7A, 0x6A,
0xCF, 0xC1, 0x0A, 0xDB, 0x0E, 0xE0, 0x62, 0x77, 0x6F, 0x59, 0x62, 0x72,
0x5A, 0x69, 0xA6, 0x5B, 0x70, 0xCA, 0x65, 0xC4, 0x95, 0x6F, 0x9A, 0xC2,
0xDF, 0x72, 0x6D, 0xB1, 0x1E, 0x54, 0x7B, 0x51, 0xB4, 0xEF, 0x7F, 0x89,
0x93, 0x74, 0x89, 0x59
};
typedef struct {
DH *(*get_param) (void);
const unsigned char *xA;
@ -503,10 +528,15 @@ static const rfc5114_td rfctd[] = {
static int run_rfc5114_tests(void)
{
int i;
DH *dhA = NULL;
DH *dhB = NULL;
unsigned char *Z1 = NULL;
unsigned char *Z2 = NULL;
const rfc5114_td *td = NULL;
BIGNUM *bady = NULL;
for (i = 0; i < (int)(sizeof(rfctd) / sizeof(rfc5114_td)); i++) {
DH *dhA, *dhB;
unsigned char *Z1 = NULL, *Z2 = NULL;
const rfc5114_td *td = rfctd + i;
td = rfctd + i;
/* Set up DH structures setting key components */
dhA = td->get_param();
dhB = td->get_param();
@ -549,14 +579,63 @@ static int run_rfc5114_tests(void)
DH_free(dhB);
OPENSSL_free(Z1);
OPENSSL_free(Z2);
dhA = NULL;
dhB = NULL;
Z1 = NULL;
Z2 = NULL;
}
/* Now i == OSSL_NELEM(rfctd) */
/* RFC5114 uses unsafe primes, so now test an invalid y value */
dhA = DH_get_2048_224();
if (dhA == NULL)
goto bad_err;
Z1 = OPENSSL_malloc(DH_size(dhA));
if (Z1 == NULL)
goto bad_err;
bady = BN_bin2bn(dhtest_rfc5114_2048_224_bad_y,
sizeof(dhtest_rfc5114_2048_224_bad_y), NULL);
if (bady == NULL)
goto bad_err;
if (!DH_generate_key(dhA))
goto bad_err;
if (DH_compute_key(Z1, bady, dhA) != -1) {
/*
* DH_compute_key should fail with -1. If we get here we unexpectedly
* allowed an invalid y value
*/
goto err;
}
/* We'll have a stale error on the queue from the above test so clear it */
ERR_clear_error();
printf("RFC5114 parameter test %d OK\n", i + 1);
BN_free(bady);
DH_free(dhA);
OPENSSL_free(Z1);
return 1;
bad_err:
BN_free(bady);
DH_free(dhA);
DH_free(dhB);
OPENSSL_free(Z1);
OPENSSL_free(Z2);
fprintf(stderr, "Initalisation error RFC5114 set %d\n", i + 1);
ERR_print_errors_fp(stderr);
return 0;
err:
BN_free(bady);
DH_free(dhA);
DH_free(dhB);
OPENSSL_free(Z1);
OPENSSL_free(Z2);
fprintf(stderr, "Test failed RFC5114 set %d\n", i + 1);
return 0;
}

View File

@ -187,9 +187,6 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
if (!BN_mod_mul(s, s, kinv, dsa->q, ctx))
goto err;
ret = DSA_SIG_new();
if (ret == NULL)
goto err;
/*
* Redo if r or s is zero as required by FIPS 186-3: this is very
* unlikely.
@ -201,11 +198,14 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
}
goto redo;
}
ret = DSA_SIG_new();
if (ret == NULL)
goto err;
ret->r = r;
ret->s = s;
err:
if (!ret) {
if (ret == NULL) {
DSAerr(DSA_F_DSA_DO_SIGN, reason);
BN_free(r);
BN_free(s);

View File

@ -1,4 +1,4 @@
/* dso.h -*- mode:C; c-file-style: "eay" -*- */
/* dso.h */
/*
* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
* 2000.

View File

@ -1,4 +1,4 @@
/* dso_dl.c -*- mode:C; c-file-style: "eay" -*- */
/* dso_dl.c */
/*
* Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
* 2000.

View File

@ -1,4 +1,4 @@
/* dso_dlfcn.c -*- mode:C; c-file-style: "eay" -*- */
/* dso_dlfcn.c */
/*
* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
* 2000.

View File

@ -1,4 +1,4 @@
/* dso_lib.c -*- mode:C; c-file-style: "eay" -*- */
/* dso_lib.c */
/*
* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
* 2000.

View File

@ -81,7 +81,7 @@ if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
$addx = ($1>=12);
}
if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9])\.([0-9]+)/) {
if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9])\.([0-9]+)/) {
my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10
$avx = ($ver>=3.0) + ($ver>=3.01);
$addx = ($ver>=3.03);

View File

@ -746,6 +746,7 @@ int ec_GF2m_simple_make_affine(const EC_GROUP *group, EC_POINT *point,
goto err;
if (!BN_one(&point->Z))
goto err;
point->Z_is_one = 1;
ret = 1;

View File

@ -387,6 +387,8 @@ int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x,
tx = BN_CTX_get(ctx);
ty = BN_CTX_get(ctx);
if (ty == NULL)
goto err;
#ifndef OPENSSL_NO_EC2M
tmp_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(key->group));

View File

@ -17,7 +17,7 @@ __attribute((aligned(4096)))
#elif defined(_MSC_VER)
__declspec(align(4096))
#elif defined(__SUNPRO_C)
# pragma align 4096(ecp_nistz256_precomputed)
# pragma align 64(ecp_nistz256_precomputed)
#endif
static const BN_ULONG ecp_nistz256_precomputed[37][64 *
sizeof(P256_POINT_AFFINE) /

View File

@ -1591,7 +1591,7 @@ struct nistp_test_params {
int degree;
/*
* Qx, Qy and D are taken from
* http://csrcdocut.gov/groups/ST/toolkit/documents/Examples/ECDSA_Prime.pdf
* http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/ECDSA_Prime.pdf
* Otherwise, values are standard curve parameters from FIPS 180-3
*/
const char *p, *a, *b, *Qx, *Qy, *Gx, *Gy, *order, *d;

View File

@ -1,4 +1,4 @@
/* crypto/engine/eng_all.c -*- mode: C; c-file-style: "eay" -*- */
/* crypto/engine/eng_all.c */
/*
* Written by Richard Levitte <richard@levitte.org> for the OpenSSL project
* 2000.

View File

@ -1,4 +1,4 @@
/* crypto/evp/e_camellia.c -*- mode:C; c-file-style: "eay" -*- */
/* crypto/evp/e_camellia.c */
/* ====================================================================
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
*

View File

@ -1,4 +1,4 @@
/* crypto/evp/e_old.c -*- mode:C; c-file-style: "eay" -*- */
/* crypto/evp/e_old.c */
/*
* Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
* 2004.

View File

@ -1,4 +1,4 @@
/* crypto/evp/e_seed.c -*- mode:C; c-file-style: "eay" -*- */
/* crypto/evp/e_seed.c */
/* ====================================================================
* Copyright (c) 2007 The OpenSSL Project. All rights reserved.
*

View File

@ -1,4 +1,4 @@
/* crypto/mem_clr.c -*- mode:C; c-file-style: "eay" -*- */
/* crypto/mem_clr.c */
/*
* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
* 2002.

View File

@ -56,7 +56,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
$avx = ($1>=10) + ($1>=11);
}
if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/) {
if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) {
$avx = ($2>=3.0) + ($2>3.0);
}

View File

@ -105,7 +105,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
$avx = ($1>=10) + ($1>=11);
}
if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/) {
if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) {
$avx = ($2>=3.0) + ($2>3.0);
}

Some files were not shown because too many files have changed in this diff Show More