[Pkg-openssl-changes] r816 - in openssl/branches/1.1.0/debian: . patches
Sebastian Andrzej Siewior
bigeasy at moszumanska.debian.org
Tue Aug 2 20:06:00 UTC 2016
Author: bigeasy
Date: 2016-08-02 20:05:58 +0000 (Tue, 02 Aug 2016)
New Revision: 816
Modified:
openssl/branches/1.1.0/debian/changelog
openssl/branches/1.1.0/debian/patches/openssl_snapshot.patch
openssl/branches/1.1.0/debian/rules
Log:
update snapshot, drop -j1, problem gone
Modified: openssl/branches/1.1.0/debian/changelog
===================================================================
--- openssl/branches/1.1.0/debian/changelog 2016-07-29 22:02:21 UTC (rev 815)
+++ openssl/branches/1.1.0/debian/changelog 2016-08-02 20:05:58 UTC (rev 816)
@@ -1,8 +1,7 @@
openssl (1.1.0~pre5-5) UNRELEASED; urgency=medium
- * Update snapshot to commit 976ef6adcc157233fb641ca99e2424630ef1814f
+ * Update snapshot to commit f37c159aed4bca0b7d3ea4657c450826850c8e75
- drop engines-path.patch. Upstream uses a 1.1 suffixes now.
- * use -j1 during install
-- Sebastian Andrzej Siewior <sebastian at breakpoint.cc> Fri, 29 Jul 2016 21:35:42 +0200
Modified: openssl/branches/1.1.0/debian/patches/openssl_snapshot.patch
===================================================================
--- openssl/branches/1.1.0/debian/patches/openssl_snapshot.patch 2016-07-29 22:02:21 UTC (rev 815)
+++ openssl/branches/1.1.0/debian/patches/openssl_snapshot.patch 2016-08-02 20:05:58 UTC (rev 816)
@@ -1,12 +1,12 @@
---
.gitattributes | 2
.gitignore | 117
- .travis.yml | 41
+ .travis.yml | 44
AUTHORS | 21
CHANGES | 179
CONTRIBUTING | 101
- Configurations/00-base-templates.conf | 17
- Configurations/10-main.conf | 190
+ Configurations/00-base-templates.conf | 19
+ Configurations/10-main.conf | 195
Configurations/50-djgpp.conf | 15
Configurations/50-haiku.conf | 29
Configurations/50-masm.conf | 17
@@ -19,10 +19,10 @@
Configurations/README | 30
Configurations/README.design | 204
Configurations/common.tmpl | 66
- Configurations/descrip.mms.tmpl | 344
- Configurations/unix-Makefile.tmpl | 314
- Configurations/windows-makefile.tmpl | 361
- Configure | 510 -
+ Configurations/descrip.mms.tmpl | 347
+ Configurations/unix-Makefile.tmpl | 339
+ Configurations/windows-makefile.tmpl | 364
+ Configure | 518 -
INSTALL | 277
INSTALL.DJGPP | 48
INSTALL.WCE | 93
@@ -46,7 +46,7 @@
apps/Makefile.in | 159
apps/app_rand.c | 117
apps/apps.c | 190
- apps/apps.h | 141
+ apps/apps.h | 146
apps/asn1pars.c | 75
apps/build.info | 9
apps/ca.c | 303
@@ -72,23 +72,23 @@
apps/nseq.c | 59
apps/ocsp.c | 103
apps/openssl-vms.cnf | 6
- apps/openssl.c | 131
+ apps/openssl.c | 136
apps/openssl.cnf | 6
apps/opt.c | 68
- apps/passwd.c | 158
- apps/pkcs12.c | 140
+ apps/passwd.c | 162
+ apps/pkcs12.c | 150
apps/pkcs7.c | 120
apps/pkcs8.c | 92
apps/pkey.c | 80
apps/pkeyparam.c | 60
apps/pkeyutl.c | 61
apps/prime.c | 80
- apps/progs.h | 25
+ apps/progs.h | 27
apps/progs.pl | 32
apps/rand.c | 73
apps/rehash.c | 109
apps/req.c | 90
- apps/rsa.c | 110
+ apps/rsa.c | 118
apps/rsautl.c | 61
apps/s_apps.h | 114
apps/s_cb.c | 117
@@ -98,7 +98,7 @@
apps/s_time.c | 91
apps/sess_id.c | 60
apps/smime.c | 81
- apps/speed.c | 138
+ apps/speed.c | 533 -
apps/spkac.c | 60
apps/srp.c | 105
apps/testdsa.h | 52
@@ -109,6 +109,7 @@
apps/verify.c | 61
apps/version.c | 113
apps/vms_decc_init.c | 53
+ apps/win32_init.c | 304
apps/winrand.c | 145
apps/x509.c | 89
appveyor.yml | 16
@@ -266,7 +267,7 @@
crypto/bio/bf_lbuf.c | 60
crypto/bio/bf_nbio.c | 60
crypto/bio/bf_null.c | 60
- crypto/bio/bio_cb.c | 60
+ crypto/bio/bio_cb.c | 62
crypto/bio/bio_err.c | 93
crypto/bio/bio_lcl.h | 9
crypto/bio/bio_lib.c | 114
@@ -345,7 +346,7 @@
crypto/bn/bn_intern.c | 57
crypto/bn/bn_kron.c | 57
crypto/bn/bn_lcl.h | 143
- crypto/bn/bn_lib.c | 84
+ crypto/bn/bn_lib.c | 88
crypto/bn/bn_mod.c | 115
crypto/bn/bn_mont.c | 113
crypto/bn/bn_mpi.c | 85
@@ -449,7 +450,7 @@
crypto/ct/ct_oct.c | 63
crypto/ct/ct_policy.c | 58
crypto/ct/ct_prn.c | 59
- crypto/ct/ct_sct.c | 59
+ crypto/ct/ct_sct.c | 61
crypto/ct/ct_sct_ctx.c | 59
crypto/ct/ct_vfy.c | 59
crypto/ct/ct_x509v3.c | 61
@@ -509,13 +510,13 @@
crypto/dh/generate | 65
crypto/dllmain.c | 9
crypto/dsa/Makefile.in | 47
- crypto/dsa/dsa_ameth.c | 67
+ crypto/dsa/dsa_ameth.c | 69
crypto/dsa/dsa_asn1.c | 102
crypto/dsa/dsa_depr.c | 58
crypto/dsa/dsa_err.c | 81
crypto/dsa/dsa_gen.c | 62
crypto/dsa/dsa_key.c | 81
- crypto/dsa/dsa_lib.c | 147
+ crypto/dsa/dsa_lib.c | 152
crypto/dsa/dsa_locl.h | 70
crypto/dsa/dsa_meth.c | 48
crypto/dsa/dsa_ossl.c | 188
@@ -553,7 +554,7 @@
crypto/ec/ec_curve.c | 59
crypto/ec/ec_cvt.c | 59
crypto/ec/ec_err.c | 98
- crypto/ec/ec_key.c | 115
+ crypto/ec/ec_key.c | 119
crypto/ec/ec_kmeth.c | 84
crypto/ec/ec_lcl.h | 63
crypto/ec/ec_lib.c | 80
@@ -578,10 +579,10 @@
crypto/ec/ecp_oct.c | 71
crypto/ec/ecp_smpl.c | 61
crypto/engine/Makefile.in | 53
- crypto/engine/eng_all.c | 59
+ crypto/engine/eng_all.c | 61
crypto/engine/eng_cnf.c | 71
crypto/engine/eng_cryptodev.c | 99
- crypto/engine/eng_ctrl.c | 70
+ crypto/engine/eng_ctrl.c | 84
crypto/engine/eng_dyn.c | 78
crypto/engine/eng_err.c | 83
crypto/engine/eng_fat.c | 58
@@ -610,7 +611,7 @@
crypto/err/openssl.ec | 37
crypto/evp/Makefile.in | 68
crypto/evp/bio_b64.c | 74
- crypto/evp/bio_enc.c | 62
+ crypto/evp/bio_enc.c | 98
crypto/evp/bio_md.c | 60
crypto/evp/bio_ok.c | 66
crypto/evp/c_allc.c | 64
@@ -623,7 +624,7 @@
crypto/evp/e_bf.c | 60
crypto/evp/e_camellia.c | 57
crypto/evp/e_cast.c | 60
- crypto/evp/e_chacha20_poly1305.c | 79
+ crypto/evp/e_chacha20_poly1305.c | 87
crypto/evp/e_des.c | 60
crypto/evp/e_des3.c | 62
crypto/evp/e_idea.c | 68
@@ -637,8 +638,8 @@
crypto/evp/e_xcbc_d.c | 60
crypto/evp/encode.c | 90
crypto/evp/evp_cnf.c | 59
- crypto/evp/evp_enc.c | 121
- crypto/evp/evp_err.c | 114
+ crypto/evp/evp_enc.c | 131
+ crypto/evp/evp_err.c | 117
crypto/evp/evp_key.c | 60
crypto/evp/evp_lib.c | 60
crypto/evp/evp_locl.h | 59
@@ -668,7 +669,7 @@
crypto/evp/pmeth_gn.c | 59
crypto/evp/pmeth_lib.c | 59
crypto/evp/scrypt.c | 59
- crypto/ex_data.c | 123
+ crypto/ex_data.c | 127
crypto/fips_err.h | 226
crypto/fips_ers.c | 7
crypto/hmac/Makefile.in | 43
@@ -734,7 +735,7 @@
crypto/mdc2/mdc2_one.c | 60
crypto/mdc2/mdc2dgst.c | 60
crypto/mem.c | 67
- crypto/mem_clr.c | 59
+ crypto/mem_clr.c | 61
crypto/mem_dbg.c | 150
crypto/mem_sec.c | 80
crypto/modes/Makefile.in | 76
@@ -772,15 +773,17 @@
crypto/objects/README | 44
crypto/objects/o_names.c | 34
crypto/objects/obj_dat.c | 110
- crypto/objects/obj_dat.h |10854 +++++++++++-------------
+ crypto/objects/obj_dat.h |10869 +++++++++++-------------
crypto/objects/obj_dat.pl | 486 -
crypto/objects/obj_err.c | 69
crypto/objects/obj_lcl.h | 9
crypto/objects/obj_lib.c | 119
+ crypto/objects/obj_mac.num | 3
crypto/objects/obj_xref.c | 59
crypto/objects/obj_xref.h | 13
crypto/objects/objects.README | 44
crypto/objects/objects.pl | 73
+ crypto/objects/objects.txt | 3
crypto/objects/objxref.pl | 22
crypto/ocsp/Makefile.in | 46
crypto/ocsp/ocsp_asn.c | 60
@@ -808,7 +811,7 @@
crypto/pem/pem_x509.c | 59
crypto/pem/pem_xaux.c | 59
crypto/pem/pkcs7.lis | 22
- crypto/pem/pvkfmt.c | 109
+ crypto/pem/pvkfmt.c | 115
crypto/perlasm/README | 124
crypto/perlasm/arm-xlate.pl | 12
crypto/perlasm/cbc.pl | 9
@@ -864,7 +867,7 @@
crypto/poly1305/poly1305.c | 62
crypto/poly1305/poly1305_ieee754.c | 10
crypto/ppc_arch.h | 13
- crypto/ppccap.c | 16
+ crypto/ppccap.c | 20
crypto/ppccpuid.pl | 35
crypto/rand/Makefile.in | 45
crypto/rand/md_rand.c | 155
@@ -1014,7 +1017,7 @@
crypto/ui/ui_err.c | 69
crypto/ui/ui_lib.c | 82
crypto/ui/ui_locl.h | 59
- crypto/ui/ui_openssl.c | 118
+ crypto/ui/ui_openssl.c | 210
crypto/ui/ui_util.c | 57
crypto/uid.c | 57
crypto/vms_rms.h | 8
@@ -1031,7 +1034,7 @@
crypto/x509/t_req.c | 64
crypto/x509/t_x509.c | 60
crypto/x509/x509_att.c | 76
- crypto/x509/x509_cmp.c | 73
+ crypto/x509/x509_cmp.c | 77
crypto/x509/x509_d2.c | 60
crypto/x509/x509_def.c | 60
crypto/x509/x509_err.c | 73
@@ -1040,14 +1043,14 @@
crypto/x509/x509_lu.c | 438
crypto/x509/x509_obj.c | 87
crypto/x509/x509_r2x.c | 60
- crypto/x509/x509_req.c | 60
- crypto/x509/x509_set.c | 70
+ crypto/x509/x509_req.c | 64
+ crypto/x509/x509_set.c | 76
crypto/x509/x509_trs.c | 82
crypto/x509/x509_txt.c | 68
crypto/x509/x509_v3.c | 64
- crypto/x509/x509_vfy.c | 360
+ crypto/x509/x509_vfy.c | 364
crypto/x509/x509_vpm.c | 71
- crypto/x509/x509cset.c | 71
+ crypto/x509/x509cset.c | 79
crypto/x509/x509name.c | 68
crypto/x509/x509rset.c | 60
crypto/x509/x509spki.c | 59
@@ -1152,6 +1155,7 @@
doc/apps/gendsa.pod | 9
doc/apps/genpkey.pod | 28
doc/apps/genrsa.pod | 10
+ doc/apps/list.pod | 81
doc/apps/nseq.pod | 11
doc/apps/ocsp.pod | 62
doc/apps/openssl.pod | 35
@@ -1172,7 +1176,7 @@
doc/apps/s_time.pod | 10
doc/apps/sess_id.pod | 14
doc/apps/smime.pod | 46
- doc/apps/speed.pod | 9
+ doc/apps/speed.pod | 37
doc/apps/spkac.pod | 9
doc/apps/ts.pod | 27
doc/apps/tsget.pod | 41
@@ -1237,7 +1241,7 @@
doc/crypto/BN_rand.pod | 9
doc/crypto/BN_set_bit.pod | 9
doc/crypto/BN_swap.pod | 9
- doc/crypto/BN_zero.pod | 9
+ doc/crypto/BN_zero.pod | 11
doc/crypto/BUF_MEM_new.pod | 77
doc/crypto/CMS_add0_cert.pod | 13
doc/crypto/CMS_add1_recipient_cert.pod | 11
@@ -1258,7 +1262,7 @@
doc/crypto/CONF_modules_free.pod | 13
doc/crypto/CONF_modules_load_file.pod | 15
doc/crypto/CRYPTO_THREAD_run_once.pod | 163
- doc/crypto/CRYPTO_get_ex_new_index.pod | 24
+ doc/crypto/CRYPTO_get_ex_new_index.pod | 26
doc/crypto/DEFINE_STACK_OF.pod | 233
doc/crypto/DES_random_key.pod | 310
doc/crypto/DH_generate_key.pod | 9
@@ -1279,7 +1283,7 @@
doc/crypto/DSA_new.pod | 9
doc/crypto/DSA_set_method.pod | 12
doc/crypto/DSA_sign.pod | 19
- doc/crypto/DSA_size.pod | 9
+ doc/crypto/DSA_size.pod | 25
doc/crypto/ECDSA_SIG_new.pod | 207
doc/crypto/ECPKParameters_print.pod | 44
doc/crypto/EC_GFp_simple_method.pod | 11
@@ -1339,7 +1343,7 @@
doc/crypto/OCSP_REQUEST_new.pod | 13
doc/crypto/OCSP_cert_to_id.pod | 13
doc/crypto/OCSP_request_add1_nonce.pod | 13
- doc/crypto/OCSP_resp_find_status.pod | 136
+ doc/crypto/OCSP_resp_find_status.pod | 138
doc/crypto/OCSP_response_find_status.pod | 109
doc/crypto/OCSP_response_status.pod | 15
doc/crypto/OCSP_sendreq_new.pod | 9
@@ -1412,10 +1416,10 @@
doc/crypto/X509_SIG_get0.pod | 32
doc/crypto/X509_STORE_CTX_get_error.pod | 59
doc/crypto/X509_STORE_CTX_new.pod | 48
- doc/crypto/X509_STORE_CTX_set_verify_cb.pod | 186
+ doc/crypto/X509_STORE_CTX_set_verify_cb.pod | 197
doc/crypto/X509_STORE_get0_param.pod | 57
doc/crypto/X509_STORE_new.pod | 26
- doc/crypto/X509_STORE_set_verify_cb_func.pod | 214
+ doc/crypto/X509_STORE_set_verify_cb_func.pod | 242
doc/crypto/X509_VERIFY_PARAM_set_flags.pod | 37
doc/crypto/X509_check_ca.pod | 11
doc/crypto/X509_check_host.pod | 15
@@ -1424,10 +1428,11 @@
doc/crypto/X509_get0_signature.pod | 11
doc/crypto/X509_get0_uids.pod | 9
doc/crypto/X509_get_extension_flags.pod | 51
+ doc/crypto/X509_get_notBefore.pod | 92
doc/crypto/X509_get_pubkey.pod | 19
doc/crypto/X509_get_serialNumber.pod | 11
- doc/crypto/X509_get_subject_name.pod | 15
- doc/crypto/X509_get_version.pod | 13
+ doc/crypto/X509_get_subject_name.pod | 23
+ doc/crypto/X509_get_version.pod | 19
doc/crypto/X509_new.pod | 14
doc/crypto/X509_sign.pod | 13
doc/crypto/X509_verify_cert.pod | 22
@@ -1562,7 +1567,7 @@
doc/ssl/SSL_free.pod | 9
doc/ssl/SSL_get0_peer_scts.pod | 9
doc/ssl/SSL_get_SSL_CTX.pod | 9
- doc/ssl/SSL_get_all_async_fds.pod | 19
+ doc/ssl/SSL_get_all_async_fds.pod | 27
doc/ssl/SSL_get_ciphers.pod | 13
doc/ssl/SSL_get_client_CA_list.pod | 11
doc/ssl/SSL_get_client_random.pod | 11
@@ -1587,7 +1592,7 @@
doc/ssl/SSL_rstate_string.pod | 9
doc/ssl/SSL_session_reused.pod | 9
doc/ssl/SSL_set1_host.pod | 16
- doc/ssl/SSL_set_bio.pod | 11
+ doc/ssl/SSL_set_bio.pod | 89
doc/ssl/SSL_set_connect_state.pod | 9
doc/ssl/SSL_set_fd.pod | 9
doc/ssl/SSL_set_session.pod | 15
@@ -1627,7 +1632,7 @@
engines/vendor_defns/hwcryptohook.h | 11
external/perl/transfer/Text/Template.pm | 7
fuzz/README.md | 66
- fuzz/asn1.c | 208
+ fuzz/asn1.c | 222
fuzz/asn1parse.c | 33
fuzz/bignum.c | 94
fuzz/bndiv.c | 107
@@ -1674,20 +1679,20 @@
include/openssl/comp.h | 66
include/openssl/conf.h | 71
include/openssl/conf_api.h | 60
- include/openssl/crypto.h | 199
+ include/openssl/crypto.h | 203
include/openssl/ct.h | 95
include/openssl/des.h | 72
include/openssl/dh.h | 89
- include/openssl/dsa.h | 117
+ include/openssl/dsa.h | 118
include/openssl/dtls1.h | 59
include/openssl/e_os2.h | 73
include/openssl/ebcdic.h | 10
- include/openssl/ec.h | 133
+ include/openssl/ec.h | 137
include/openssl/ecdh.h | 9
include/openssl/ecdsa.h | 9
include/openssl/engine.h | 98
include/openssl/err.h | 145
- include/openssl/evp.h | 127
+ include/openssl/evp.h | 130
include/openssl/hmac.h | 64
include/openssl/idea.h | 62
include/openssl/kdf.h | 61
@@ -1697,7 +1702,7 @@
include/openssl/md5.h | 60
include/openssl/mdc2.h | 61
include/openssl/modes.h | 10
- include/openssl/obj_mac.h | 65
+ include/openssl/obj_mac.h | 77
include/openssl/objects.h | 69
include/openssl/ocsp.h | 228
include/openssl/opensslconf.h.in | 7
@@ -1718,7 +1723,7 @@
include/openssl/sha.h | 60
include/openssl/srp.h | 94
include/openssl/srtp.h | 114
- include/openssl/ssl.h | 304
+ include/openssl/ssl.h | 308
include/openssl/ssl2.h | 60
include/openssl/ssl3.h | 114
include/openssl/stack.h | 141
@@ -1728,7 +1733,7 @@
include/openssl/txt_db.h | 62
include/openssl/ui.h | 98
include/openssl/whrlpool.h | 9
- include/openssl/x509.h | 150
+ include/openssl/x509.h | 172
include/openssl/x509_vfy.h | 225
include/openssl/x509v3.h | 152
ms/applink.c | 9
@@ -1743,7 +1748,7 @@
openssl.spec | 210
os-dep/haiku.h | 2
ssl/Makefile.in | 81
- ssl/bio_ssl.c | 69
+ ssl/bio_ssl.c | 87
ssl/d1_lib.c | 115
ssl/d1_msg.c | 117
ssl/d1_srtp.c | 131
@@ -1752,11 +1757,11 @@
ssl/pqueue.c | 59
ssl/record/dtls1_bitmap.c | 115
ssl/record/rec_layer_d1.c | 126
- ssl/record/rec_layer_s3.c | 161
+ ssl/record/rec_layer_s3.c | 187
ssl/record/record.h | 122
- ssl/record/record_locl.h | 121
- ssl/record/ssl3_buffer.c | 115
- ssl/record/ssl3_record.c | 167
+ ssl/record/record_locl.h | 123
+ ssl/record/ssl3_buffer.c | 146
+ ssl/record/ssl3_record.c | 183
ssl/s3_cbc.c | 65
ssl/s3_enc.c | 183
ssl/s3_lib.c | 223
@@ -1767,7 +1772,7 @@
ssl/ssl_conf.c | 60
ssl/ssl_err.c | 329
ssl/ssl_init.c | 78
- ssl/ssl_lib.c | 507 -
+ ssl/ssl_lib.c | 562 -
ssl/ssl_locl.h | 179
ssl/ssl_mcnf.c | 63
ssl/ssl_rsa.c | 96
@@ -1777,7 +1782,7 @@
ssl/ssl_utst.c | 55
ssl/statem/statem.c | 118
ssl/statem/statem.h | 59
- ssl/statem/statem_clnt.c | 1523 +--
+ ssl/statem/statem_clnt.c | 1525 +--
ssl/statem/statem_dtls.c | 143
ssl/statem/statem_lib.c | 171
ssl/statem/statem_locl.h | 57
@@ -1861,7 +1866,7 @@
test/destest.c | 81
test/dhtest.c | 86
test/dsatest.c | 69
- test/dtlsv1listentest.c | 58
+ test/dtlsv1listentest.c | 64
test/dummytest.c | 57
test/ecdhtest.c | 62
test/ecdhtest_cavs.h | 13
@@ -1876,7 +1881,7 @@
test/generate_buildtest.pl | 27
test/generate_ssl_tests.pl | 44
test/gmdifftest.c | 57
- test/handshake_helper.c | 518 +
+ test/handshake_helper.c | 527 +
test/handshake_helper.h | 28
test/heartbeat_test.c | 11
test/hmactest.c | 79
@@ -1963,7 +1968,7 @@
test/recipes/80-test_dane.t | 9
test/recipes/80-test_dtlsv1listen.t | 9
test/recipes/80-test_ocsp.t | 9
- test/recipes/80-test_ssl_new.t | 60
+ test/recipes/80-test_ssl_new.t | 63
test/recipes/80-test_ssl_old.t | 406
test/recipes/80-test_ssl_test_ctx.t | 9
test/recipes/80-test_tsa.t | 9
@@ -1993,6 +1998,7 @@
test/sha1test.c | 120
test/sha256t.c | 81
test/sha512t.c | 99
+ test/smcont.txt | 2
test/smime-certs/mksmime-certs.sh | 7
test/srptest.c | 9
test/ssl-tests/01-simple.conf | 4
@@ -2019,13 +2025,13 @@
test/ssl-tests/11-dtls_resumption.conf.in | 19
test/ssl-tests/protocol_version.pm | 247
test/ssl-tests/ssltests_base.pm | 6
- test/ssl_test.c | 191
+ test/ssl_test.c | 195
test/ssl_test.tmpl | 40
- test/ssl_test_ctx.c | 262
- test/ssl_test_ctx.h | 95
- test/ssl_test_ctx_test.c | 115
+ test/ssl_test_ctx.c | 264
+ test/ssl_test_ctx.h | 97
+ test/ssl_test_ctx_test.c | 119
test/ssl_test_ctx_test.conf | 31
- test/sslapitest.c | 361
+ test/sslapitest.c | 601 +
test/ssltest_old.c | 608 -
test/ssltestlib.c | 158
test/ssltestlib.h | 21
@@ -2074,8 +2080,8 @@
util/incore | 10
util/indent.pro | 4
util/install.sh | 108
- util/libcrypto.num | 854 -
- util/libssl.num | 8
+ util/libcrypto.num | 855 -
+ util/libssl.num | 12
util/mkbuildinf.pl | 9
util/mkdef.pl | 22
util/mkdir-p.pl | 18
@@ -2089,7 +2095,7 @@
util/su-filter.pl | 10
util/toutf8.sh | 17
util/with_fallback.pm | 7
- 2090 files changed, 59344 insertions(+), 93505 deletions(-)
+ 2096 files changed, 60791 insertions(+), 93940 deletions(-)
--- /dev/null
+++ b/.gitattributes
@@ -2272,7 +2278,7 @@
- CONFIG_OPTS="no-pic --strict-warnings" BUILDONLY="yes"
- CONFIG_OPTS="no-engine no-shared --strict-warnings" BUILDONLY="yes"
-@@ -35,16 +33,16 @@ cache: ccache
+@@ -35,16 +33,19 @@ cache: ccache
include:
- os: linux
compiler: clang-3.6
@@ -2281,11 +2287,14 @@
- os: linux
compiler: clang-3.6
- env: CONFIG_OPTS="no-shared no-asm -fno-sanitize-recover -fsanitize=address -fsanitize=undefined enable-rc5 enable-md2 -fno-sanitize=alignment"
-+ env: CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method -fno-sanitize=alignment"
++ env: CONFIG_OPTS="no-shared enable-msan"
- os: linux
- compiler: gcc-5
- env: CONFIG_OPTS="no-shared -fsanitize=address"
+ compiler: clang-3.6
++ env: CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method -fno-sanitize=alignment"
++ - os: linux
++ compiler: clang-3.6
+ env: CONFIG_OPTS="no-shared no-asm enable-asan enable-rc5 enable-md2"
- os: linux
compiler: gcc-5
@@ -2294,7 +2303,7 @@
- os: linux
compiler: i686-w64-mingw32-gcc
env: CONFIG_OPTS="no-pic"
-@@ -60,34 +58,25 @@ cache: ccache
+@@ -60,34 +61,25 @@ cache: ccache
before_script:
- sh .travis-create-release.sh $TRAVIS_OS_NAME
- tar -xvzf _srcdist.tar.gz
@@ -2336,7 +2345,7 @@
- make
- if [ -z "$BUILDONLY" ]; then
if [ -n "$CROSS_COMPILE" ]; then
-@@ -97,6 +86,10 @@ cache: ccache
+@@ -97,6 +89,10 @@ cache: ccache
else
make build_tests;
fi
@@ -2715,10 +2724,12 @@
+ our style.
--- a/Configurations/00-base-templates.conf
+++ b/Configurations/00-base-templates.conf
-@@ -91,6 +91,10 @@
+@@ -91,6 +91,12 @@
ar => "lib",
arflags => "/nologo",
aroutflag => "/out:",
++ rc => "rc",
++ rcoutflag => "/fo",
+ mt => "mt",
+ mtflags => "-nologo",
+ mtinflag => "-manifest ",
@@ -2726,7 +2737,7 @@
build_file => "makefile",
build_scheme => [ "unified", "windows" ],
-@@ -185,7 +189,7 @@
+@@ -185,7 +191,7 @@
bn_asm_src => "asm/sparcv8plus.S sparcv9-mont.S sparcv9a-mont.S vis3-mont.S sparct4-mont.S sparcv9-gf2m.S",
ec_asm_src => "ecp_nistz256.c ecp_nistz256-sparcv9.S",
des_asm_src => "des_enc-sparc.S fcrypt_b.c dest4-sparcv9.S",
@@ -2735,7 +2746,7 @@
md5_asm_src => "md5-sparcv9.S",
sha1_asm_src => "sha1-sparcv9.S sha256-sparcv9.S sha512-sparcv9.S",
cmll_asm_src => "camellia.c cmll_misc.c cmll_cbc.c cmllt4-sparcv9.S",
-@@ -203,9 +207,9 @@
+@@ -203,9 +209,9 @@
alpha_asm => {
template => 1,
cpuid_asm_src => "alphacpuid.s",
@@ -2748,7 +2759,7 @@
perlasm_scheme => "void"
},
mips32_asm => {
-@@ -217,7 +221,8 @@
+@@ -217,7 +223,8 @@
mips64_asm => {
inherit_from => [ "mips32_asm" ],
template => 1,
@@ -2758,7 +2769,7 @@
},
s390x_asm => {
template => 1,
-@@ -244,7 +249,7 @@
+@@ -244,7 +251,7 @@
},
aarch64_asm => {
template => 1,
@@ -2966,10 +2977,12 @@
},
"android64-aarch64" => {
inherit_from => [ "android64", asm("aarch64_asm") ],
-@@ -1260,8 +1248,8 @@ sub vms_info {
+@@ -1258,16 +1246,15 @@ sub vms_info {
+ return [ @defs ];
+ }),
coutflag => "/Fo",
- rc => "rc",
- rcoutflag => "/fo",
+- rc => "rc",
+- rcoutflag => "/fo",
- lib_cflags => add("/Zi /Fdlib"),
- dso_cflags => "/Zi",
+ lib_cflags => add("/Zi /Fdossl_static"),
@@ -2977,7 +2990,14 @@
bin_cflags => "/Zi /Fdapp",
lflags => add("/debug"),
shared_ldflag => "/dll",
-@@ -1280,7 +1268,7 @@ sub vms_info {
+ shared_target => "win-shared", # meaningless except it gives Configure a hint
+ thread_scheme => "winthreads",
+ dso_scheme => "win32",
++ apps_aux_src => add("win32_init.c"),
+ },
+ "VC-noCE-common" => {
+ inherit_from => [ "VC-common" ],
+@@ -1280,7 +1267,7 @@ sub vms_info {
release =>
sub {
($disabled{shared} ? "" : "/MD")
@@ -2986,7 +3006,7 @@
})),
lib_cflags => add(sub { $disabled{shared} ? "/MT /Zl" : () }),
# Following might/should appears controversial, i.e. defining
-@@ -1344,11 +1332,9 @@ sub vms_info {
+@@ -1344,11 +1331,9 @@ sub vms_info {
# configure with 'perl Configure VC-WIN32 -DUNICODE -D_UNICODE'
inherit_from => [ "VC-noCE-common", asm("x86_asm"),
sub { $disabled{shared} ? () : "uplink_common" } ],
@@ -3001,7 +3021,7 @@
ex_libs => add(sub {
my @ex_libs = ();
# WIN32 UNICODE build gets linked with unicows.lib for
-@@ -1359,7 +1345,7 @@ sub vms_info {
+@@ -1359,7 +1344,7 @@ sub vms_info {
}),
sys_id => "WIN32",
bn_ops => "BN_LLONG EXPORT_VAR_AS_FN",
@@ -3010,7 +3030,23 @@
build_scheme => add("VC-W32", { separator => undef }),
},
"VC-CE" => {
-@@ -1529,17 +1515,6 @@ sub vms_info {
+@@ -1430,6 +1415,7 @@ sub vms_info {
+ shared_rcflag => "--target=pe-i386",
+ shared_extension => ".dll",
+ multilib => "",
++ apps_aux_src => add("win32_init.c"),
+ },
+ "mingw64" => {
+ # As for OPENSSL_USE_APPLINK. Applink makes it possible to use
+@@ -1458,6 +1444,7 @@ sub vms_info {
+ shared_rcflag => "--target=pe-x86-64",
+ shared_extension => ".dll",
+ multilib => "64",
++ apps_aux_src => add("win32_init.c"),
+ },
+
+ #### UEFI
+@@ -1529,17 +1516,6 @@ sub vms_info {
inherit_from => [ "Cygwin-x86" ]
},
@@ -3028,7 +3064,7 @@
##### MacOS X (a.k.a. Darwin) setup
"darwin-common" => {
inherit_from => [ "BASE_unix" ],
-@@ -1643,6 +1618,7 @@ sub vms_info {
+@@ -1643,6 +1619,7 @@ sub vms_info {
dso_scheme => "dlfcn",
shared_target => "linux-shared",
shared_cflag => "-fPIC",
@@ -3036,7 +3072,7 @@
},
##### VxWorks for various targets
-@@ -1741,48 +1717,20 @@ sub vms_info {
+@@ -1741,48 +1718,20 @@ sub vms_info {
shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
ranlib => "$ENV{'RANLIB'}",
},
@@ -3088,7 +3124,7 @@
shared_target => "vms-shared",
dso_scheme => "vms",
thread_scheme => "pthreads",
-@@ -1790,18 +1738,6 @@ sub vms_info {
+@@ -1790,18 +1739,6 @@ sub vms_info {
apps_aux_src => "vms_decc_init.c",
},
@@ -3107,7 +3143,7 @@
"vms-alpha" => {
inherit_from => [ "vms-generic" ],
cflags => add(sub { my @warnings =
-@@ -1814,6 +1750,7 @@ sub vms_info {
+@@ -1814,6 +1751,7 @@ sub vms_info {
? "LIBZ=\"\"\"".vms_info(0)->{def_zlib}."\"\"\"" : ();
}),
ex_libs => add(sub { return vms_info(0)->{zlib} || (); }),
@@ -3115,7 +3151,7 @@
#as => "???",
#debug_aflags => "/NOOPTIMIZE/DEBUG",
#release_aflags => "/OPTIMIZE/NODEBUG",
-@@ -1834,6 +1771,7 @@ sub vms_info {
+@@ -1834,6 +1772,7 @@ sub vms_info {
? "LIBZ=\"\"\"".vms_info(32)->{def_zlib}."\"\"\"" : ();
}),
ex_libs => add(sub { return vms_info(32)->{zlib} || (); }),
@@ -3123,7 +3159,7 @@
},
"vms-alpha-p64" => {
inherit_from => [ "vms-generic" ],
-@@ -1850,6 +1788,7 @@ sub vms_info {
+@@ -1850,6 +1789,7 @@ sub vms_info {
? "LIBZ=\"\"\"".vms_info(64)->{def_zlib}."\"\"\"" : ();
}),
ex_libs => add(sub { return vms_info(64)->{zlib} || (); }),
@@ -3131,7 +3167,7 @@
},
"vms-ia64" => {
inherit_from => [ "vms-generic" ],
-@@ -1863,6 +1802,7 @@ sub vms_info {
+@@ -1863,6 +1803,7 @@ sub vms_info {
? "LIBZ=\"\"\"".vms_info(0)->{def_zlib}."\"\"\"" : ();
}),
ex_libs => add(sub { return vms_info(0)->{zlib} || (); }),
@@ -3139,7 +3175,7 @@
#as => "I4S",
#debug_aflags => "/NOOPTIMIZE/DEBUG",
#release_aflags => "/OPTIMIZE/NODEBUG",
-@@ -1883,6 +1823,7 @@ sub vms_info {
+@@ -1883,6 +1824,7 @@ sub vms_info {
? "LIBZ=\"\"\"".vms_info(32)->{def_zlib}."\"\"\"" : ();
}),
ex_libs => add(sub { return vms_info(32)->{zlib} || (); }),
@@ -3147,7 +3183,7 @@
},
"vms-ia64-p64" => {
inherit_from => [ "vms-generic" ],
-@@ -1899,6 +1840,7 @@ sub vms_info {
+@@ -1899,6 +1841,7 @@ sub vms_info {
? "LIBZ=\"\"\"".vms_info(64)->{def_zlib}."\"\"\"" : ();
}),
ex_libs => add(sub { return vms_info(64)->{zlib} || (); }),
@@ -4249,7 +4285,7 @@
depend : descrip.mms
descrip.mms : FORCE
-@@ -306,82 +353,113 @@ descrip.mms : FORCE
+@@ -306,82 +353,116 @@ descrip.mms : FORCE
# Install helper targets #############################################
@@ -4257,17 +4293,17 @@
+install_sw : all install_shared _install_dev_ns -
+ install_engines _install_runtime_ns -
+ install_startup install_ivp
-+
+
+-uninstall_sw : uninstall_dev uninstall_engines uninstall_runtime uninstall_config
+uninstall_sw : uninstall_shared _uninstall_dev_ns -
+ uninstall_engines _uninstall_runtime_ns -
+ uninstall_startup uninstall_ivp
+
+-install_docs : install_man_docs install_html_docs
++install_docs : install_html_docs
+
-+install_docs : install_html_docs
-
--uninstall_sw : uninstall_dev uninstall_engines uninstall_runtime uninstall_config
+uninstall_docs : uninstall_html_docs
-
--install_docs : install_man_docs install_html_docs
++
+install_ssldirs : check_INSTALLTOP
+ - CREATE/DIR/PROT=(S:RWED,O:RWE,G:RE,W:RE) OSSL_DATAROOT:[000000]
+ IF F$SEARCH("OSSL_DATAROOT:[000000]CERTS.DIR;1") .EQS. "" THEN -
@@ -4278,8 +4314,11 @@
+ CREATE/DIR/PROT=(S:RWED,O:RWE,G,W) OSSL_DATAROOT:[MISC]
+ COPY/PROT=W:RE $(MISC_SCRIPTS) OSSL_DATAROOT:[MISC]
+ @ ! Install configuration file
-+ COPY/PROT=W:RE {- sourcefile("apps", "openssl-vms.cnf") -} -
-+ ossl_dataroot:[000000]openssl.cnf
++ COPY/PROT=W:R {- sourcefile("apps", "openssl-vms.cnf") -} -
++ ossl_dataroot:[000000]openssl.cnf-dist
++ IF F$SEARCH("OSSL_DATAROOT:[000000]openssl.cnf") .EQS. "" THEN -
++ COPY/PROT=W:R {- sourcefile("apps", "openssl-vms.cnf") -} -
++ ossl_dataroot:[000000]openssl.cnf
-uninstall_docs : uninstall_man_docs uninstall_html_docs
+install_shared : check_INSTALLTOP
@@ -4404,7 +4443,7 @@
vmsconfig.pm : configdata.pm
OPEN/WRITE/SHARE=READ CONFIG []vmsconfig.pm
WRITE CONFIG "package vmsconfig;"
-@@ -390,15 +468,14 @@ vmsconfig.pm : configdata.pm
+@@ -390,15 +471,14 @@ vmsconfig.pm : configdata.pm
WRITE CONFIG "our @ISA = qw(Exporter);"
WRITE CONFIG "our @EXPORT = qw(%config %target %withargs %unified_info %disabled);"
WRITE CONFIG "our %config = ("
@@ -4425,7 +4464,7 @@
WRITE CONFIG ");"
WRITE CONFIG "our %target = ();"
WRITE CONFIG "our %disabled = ();"
-@@ -407,6 +484,10 @@ vmsconfig.pm : configdata.pm
+@@ -407,6 +487,10 @@ vmsconfig.pm : configdata.pm
WRITE CONFIG "1;"
CLOSE CONFIG
@@ -4436,7 +4475,7 @@
check_INSTALLTOP :
@ IF "$(INSTALLTOP)" .EQS. "" THEN -
WRITE SYS$ERROR "INSTALLTOP should not be empty"
-@@ -418,9 +499,7 @@ vmsconfig.pm : configdata.pm
+@@ -418,9 +502,7 @@ vmsconfig.pm : configdata.pm
# Developer targets ##################################################
debug_logicals :
@@ -4447,7 +4486,7 @@
# Building targets ###################################################
-@@ -441,13 +520,25 @@ configdata.pm : {- join(" ", sourcefile(
+@@ -441,13 +523,25 @@ configdata.pm : {- join(" ", sourcefile(
sub generatesrc {
my %args = @_;
my $generator = join(" ", @{$args{generator}});
@@ -4476,7 +4515,7 @@
} else {
die "No method to generate assembler source present.\n";
}
-@@ -471,6 +562,9 @@ EOF
+@@ -471,6 +565,9 @@ EOF
my $srcs =
join(", ",
map { abs2rel(rel2abs($_), rel2abs($forward)) } @{$args{srcs}});
@@ -4486,7 +4525,7 @@
my $incs_on = "\@ !";
my $incs_off = "\@ !";
my $incs = "";
-@@ -494,20 +588,20 @@ EOF
+@@ -494,20 +591,20 @@ EOF
my $before = $unified_info{before}->{$obj.".OBJ"} || "\@ !";
my $after = $unified_info{after}->{$obj.".OBJ"} || "\@ !";
my $depbuild = $disabled{makedepend} ? ""
@@ -4512,7 +4551,7 @@
- PURGE $obj.OBJ
EOF
}
-@@ -517,7 +611,7 @@ EOF
+@@ -517,7 +614,7 @@ EOF
my $shlib = $args{shlib};
my $libd = dirname($lib);
my $libn = basename($lib);
@@ -4521,7 +4560,7 @@
my @deps = map {
$disabled{shared} ? $_.".OLB"
: $unified_info{sharednames}->{$_}.".EXE"; } @{$args{deps}};
-@@ -545,22 +639,18 @@ EOF
+@@ -545,22 +642,18 @@ EOF
|| "\@ !";
return <<"EOF";
$shlib.EXE : $lib.OLB $deps $ordinalsfile
@@ -4551,7 +4590,7 @@
EOF
}
sub obj2dso {
-@@ -609,7 +699,7 @@ EOF
+@@ -609,7 +702,7 @@ EOF
@{$args{objs}}));
return <<"EOF";
$lib.OLB : $objs
@@ -4560,7 +4599,7 @@
$fill_lib
- PURGE $lib.OLB
EOF
-@@ -656,7 +746,7 @@ EOF
+@@ -656,7 +749,7 @@ EOF
rel2abs($config{builddir}));
return <<"EOF";
$script : $sources
@@ -4669,8 +4708,19 @@
RM= rm -f
RMDIR= rmdir
TAR= {- $target{tar} || "tar" -}
-@@ -205,24 +224,26 @@ PROCESSOR= {- $config{processor} -}
+@@ -203,26 +222,37 @@ PERLASM_SCHEME= {- $target{perlasm_schem
+ # the 80386.
+ PROCESSOR= {- $config{processor} -}
++# We want error [and other] messages in English. Trouble is that make(1)
++# doesn't pass macros down as environment variables unless there already
++# was corresponding variable originally set. In other words we can only
++# reassign environment variables, but not set new ones, not in portable
++# manner that is. That's why we reassign several, just to be sure...
++LC_ALL=C
++LC_MESSAGES=C
++LANG=C
++
# The main targets ###################################################
-all: configdata.pm build_libs_nodep build_engines_nodep build_apps_nodep \
@@ -4706,7 +4756,7 @@
EXE_EXT={- $exeext -} \
OPENSSL_ENGINES=../$(BLDDIR)/engines \
$(PERL) ../$(SRCDIR)/test/run_tests.pl $(TESTS) )
-@@ -231,7 +252,16 @@ test tests: build_tests_nodep build_apps
+@@ -231,7 +261,16 @@ test tests: build_tests_nodep build_apps
@ : {- output_on() if !$disabled{tests}; "" -}
list-tests:
@@ -4724,7 +4774,7 @@
libclean:
@set -e; for s in $(SHLIB_INFO); do \
-@@ -245,21 +275,22 @@ test tests: build_tests_nodep build_apps
+@@ -245,21 +284,22 @@ test tests: build_tests_nodep build_apps
fi; \
done
$(RM) $(LIBS)
@@ -4760,10 +4810,11 @@
# This exists solely for those who still type 'make depend'
#
-@@ -296,11 +327,29 @@ uninstall_docs: uninstall_man_docs unins
+@@ -296,11 +336,35 @@ uninstall_docs: uninstall_man_docs unins
install_ssldirs:
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(OPENSSLDIR)/certs
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(OPENSSLDIR)/private
++ @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(OPENSSLDIR)/misc
+ @set -e; for x in dummy $(MISC_SCRIPTS); do \
+ if [ "$$x" = "dummy" ]; then continue; fi; \
+ fn=`basename $$x`; \
@@ -4773,10 +4824,15 @@
+ mv -f $(DESTDIR)$(OPENSSLDIR)/misc/$$fn.new \
+ $(DESTDIR)$(OPENSSLDIR)/misc/$$fn; \
+ done
-+ @echo "install $(SRCDIR)/apps/openssl.cnf -> $(DESTDIR)$(OPENSSLDIR)/openssl.cnf"
++ @echo "install $(SRCDIR)/apps/openssl.cnf -> $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.dist"
+ @cp $(SRCDIR)/apps/openssl.cnf $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new
+ @chmod 644 $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new
-+ @mv -f $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new $(DESTDIR)$(OPENSSLDIR)/openssl.cnf
++ @mv -f $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.dist
++ @if ! [ -f "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf" ]; then \
++ echo "install $(SRCDIR)/apps/openssl.cnf -> $(DESTDIR)$(OPENSSLDIR)/openssl.cnf"; \
++ cp $(SRCDIR)/apps/openssl.cnf $(DESTDIR)$(OPENSSLDIR)/openssl.cnf; \
++ chmod 644 $(DESTDIR)$(OPENSSLDIR)/openssl.cnf; \
++ fi
install_dev:
@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
@@ -4790,7 +4846,7 @@
@set -e; for i in $(SRCDIR)/include/openssl/*.h \
$(BLDDIR)/include/openssl/*.h; do \
fn=`basename $$i`; \
-@@ -309,7 +358,7 @@ uninstall_docs: uninstall_man_docs unins
+@@ -309,7 +373,7 @@ uninstall_docs: uninstall_man_docs unins
chmod 644 $(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn; \
done
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)
@@ -4799,7 +4855,7 @@
fn=`basename $$l`; \
echo "install $$l -> $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn"; \
cp $$l $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn.new; \
-@@ -319,7 +368,7 @@ uninstall_docs: uninstall_man_docs unins
+@@ -319,7 +383,7 @@ uninstall_docs: uninstall_man_docs unins
$(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn; \
done
@ : {- output_off() if $disabled{shared}; "" -}
@@ -4808,7 +4864,7 @@
s1=`echo "$$s" | cut -f1 -d";"`; \
s2=`echo "$$s" | cut -f2 -d";"`; \
fn1=`basename $$s1`; \
-@@ -327,7 +376,7 @@ uninstall_docs: uninstall_man_docs unins
+@@ -327,7 +391,7 @@ uninstall_docs: uninstall_man_docs unins
: {- output_off() if windowsdll(); "" -}; \
echo "install $$s1 -> $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn1"; \
cp $$s1 $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn1.new; \
@@ -4817,7 +4873,7 @@
mv -f $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn1.new \
$(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn1; \
if [ "$$fn1" != "$$fn2" ]; then \
-@@ -337,7 +386,7 @@ uninstall_docs: uninstall_man_docs unins
+@@ -337,7 +401,7 @@ uninstall_docs: uninstall_man_docs unins
: {- output_on() if windowsdll(); "" -}{- output_off() unless windowsdll(); "" -}; \
echo "install $$s2 -> $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn2"; \
cp $$s2 $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn2.new; \
@@ -4826,7 +4882,7 @@
mv -f $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn2.new \
$(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn2; \
: {- output_on() unless windowsdll(); "" -}; \
-@@ -356,6 +405,10 @@ uninstall_docs: uninstall_man_docs unins
+@@ -356,6 +420,10 @@ uninstall_docs: uninstall_man_docs unins
uninstall_dev:
@echo "*** Uninstalling development files"
@@ -4837,7 +4893,7 @@
@set -e; for i in $(SRCDIR)/include/openssl/*.h \
$(BLDDIR)/include/openssl/*.h; do \
fn=`basename $$i`; \
-@@ -364,13 +417,13 @@ uninstall_docs: uninstall_man_docs unins
+@@ -364,13 +432,13 @@ uninstall_docs: uninstall_man_docs unins
done
-$(RMDIR) $(DESTDIR)$(INSTALLTOP)/include/openssl
-$(RMDIR) $(DESTDIR)$(INSTALLTOP)/include
@@ -4853,7 +4909,7 @@
s1=`echo "$$s" | cut -f1 -d";"`; \
s2=`echo "$$s" | cut -f2 -d";"`; \
fn1=`basename $$s1`; \
-@@ -396,51 +449,57 @@ uninstall_docs: uninstall_man_docs unins
+@@ -396,51 +464,56 @@ uninstall_docs: uninstall_man_docs unins
install_engines:
@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
@@ -4899,10 +4955,10 @@
install_runtime:
@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/bin
+- @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(OPENSSLDIR)/misc
+ @ : {- output_off() if windowsdll(); "" -}
+ @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)
+ @ : {- output_on() if windowsdll(); "" -}
- @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(OPENSSLDIR)/misc
@echo "*** Installing runtime files"
- : {- output_off() unless windowsdll(); "" -};
- @set -e; for s in dummy $(SHLIBS); do \
@@ -4929,7 +4985,7 @@
if [ "$$x" = "dummy" ]; then continue; fi; \
fn=`basename $$x`; \
echo "install $$x -> $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \
-@@ -458,23 +517,10 @@ uninstall_docs: uninstall_man_docs unins
+@@ -458,23 +531,10 @@ uninstall_docs: uninstall_man_docs unins
mv -f $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new \
$(DESTDIR)$(INSTALLTOP)/bin/$$fn; \
done
@@ -4954,10 +5010,17 @@
do \
if [ "$$x" = "dummy" ]; then continue; fi; \
fn=`basename $$x`; \
-@@ -495,14 +541,14 @@ uninstall_docs: uninstall_man_docs unins
- echo "$(RM) $(DESTDIR)$(OPENSSLDIR)/misc/$$fn"; \
- $(RM) $(DESTDIR)$(OPENSSLDIR)/misc/$$fn; \
+@@ -488,24 +548,15 @@ uninstall_docs: uninstall_man_docs unins
+ echo "$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \
+ $(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \
done
+- @set -e; for x in dummy $(MISC_SCRIPTS); \
+- do \
+- if [ "$$x" = "dummy" ]; then continue; fi; \
+- fn=`basename $$x`; \
+- echo "$(RM) $(DESTDIR)$(OPENSSLDIR)/misc/$$fn"; \
+- $(RM) $(DESTDIR)$(OPENSSLDIR)/misc/$$fn; \
+- done
- : {- output_off() unless windowsdll(); "" -};
- @set -e; for s in dummy $(SHLIBS); do \
+ @ : {- output_off() unless windowsdll(); "" -}
@@ -4968,11 +5031,14 @@
$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \
done
- : {- output_on() unless windowsdll(); "" -};
+- $(RM) $(DESTDIR)$(OPENSSLDIR)/openssl.cnf
+ @ : {- output_on() unless windowsdll(); "" -}
- $(RM) $(DESTDIR)$(OPENSSLDIR)/openssl.cnf
-$(RMDIR) $(DESTDIR)$(INSTALLTOP)/bin
- -$(RMDIR) $(DESTDIR)$(OPENSSLDIR)/misc
-@@ -526,6 +572,7 @@ PROCESS_PODS=\
+- -$(RMDIR) $(DESTDIR)$(OPENSSLDIR)/misc
+
+ # A method to extract all names from a .pod file
+ # The first sed extracts everything between "=head1 NAME" and the next =head1
+@@ -526,6 +577,7 @@ PROCESS_PODS=\
SEC=`sed -ne 's/^=for *comment *openssl_manual_section: *\([0-9]\) *$$/\1/p' $$p`; \
[ -z "$$SEC" ] && SEC=$$defsec; \
fn=`basename $$p .pod`; \
@@ -4980,7 +5046,7 @@
NAME=`echo $$fn | tr [a-z] [A-Z]`; \
suf=`eval "echo $$OUTSUFFIX"`; \
top=`eval "echo $$OUTTOP"`; \
-@@ -605,8 +652,8 @@ UNINSTALL_DOCS=\
+@@ -605,8 +657,8 @@ UNINSTALL_DOCS=\
OUTSUFFIX='.$(HTMLSUFFIX)'; \
OUTTOP="$(DESTDIR)$(HTMLDIR)"; \
GENERATE="pod2html --podroot=$(SRCDIR)/doc --htmldir=.. \
@@ -4991,7 +5057,7 @@
$(PROCESS_PODS)
uninstall_html_docs:
-@@ -621,16 +668,13 @@ UNINSTALL_DOCS=\
+@@ -621,16 +673,13 @@ UNINSTALL_DOCS=\
update: generate errors ordinals
@@ -5010,7 +5076,7 @@
lint:
lint -DLINT $(INCLUDES) $(SRCS)
-@@ -652,18 +696,26 @@ generate: generate_apps generate_crypto_
+@@ -652,18 +701,26 @@ generate: generate_apps generate_crypto_
( cd $(SRCDIR); $(PERL) crypto/bn/bn_prime.pl > crypto/bn/bn_prime.h )
generate_crypto_objects:
@@ -5040,7 +5106,7 @@
errors:
( cd $(SRCDIR); $(PERL) util/ck_errf.pl -strict */*.c */*/*.c )
( cd $(SRCDIR); $(PERL) util/mkerr.pl -recurse -write )
-@@ -690,7 +742,7 @@ tags TAGS: FORCE
+@@ -690,7 +747,7 @@ tags TAGS: FORCE
# Release targets (note: only available on Unix) #####################
@@ -5049,7 +5115,7 @@
PREPARE_CMD=:
tar:
TMPDIR=/var/tmp/openssl-copy.$$$$; \
-@@ -698,6 +750,7 @@ TAR_COMMAND=$(TAR) $(TARFLAGS) --owner 0
+@@ -698,6 +755,7 @@ TAR_COMMAND=$(TAR) $(TARFLAGS) --owner 0
mkdir -p $$TMPDIR/$$DISTDIR; \
(cd $(SRCDIR); \
git ls-tree -r --name-only --full-tree HEAD \
@@ -5057,7 +5123,7 @@
| while read F; do \
mkdir -p $$TMPDIR/$$DISTDIR/`dirname $$F`; \
cp $$F $$TMPDIR/$$DISTDIR/$$F; \
-@@ -733,7 +786,7 @@ link-utils: $(BLDDIR)/util/opensslwrap.s
+@@ -733,7 +791,7 @@ link-utils: $(BLDDIR)/util/opensslwrap.s
# Building targets ###################################################
@@ -5066,7 +5132,7 @@
libcrypto.pc:
@ ( echo 'prefix=$(INSTALLTOP)'; \
echo 'exec_prefix=$${prefix}'; \
-@@ -772,11 +825,7 @@ libcrypto.pc libssl.pc openssl.pc: confi
+@@ -772,11 +830,7 @@ libcrypto.pc libssl.pc openssl.pc: confi
echo 'Version: '$(VERSION); \
echo 'Requires: libssl libcrypto' ) > openssl.pc
@@ -5079,7 +5145,7 @@
@echo "Detected changed: $?"
@echo "Reconfiguring..."
$(SRCDIR)/Configure reconf
-@@ -807,19 +856,31 @@ configdata.pm: $(SRCDIR)/Configurations/
+@@ -807,19 +861,31 @@ configdata.pm: $(SRCDIR)/Configurations/
sub generatesrc {
my %args = @_;
my $generator = join(" ", @{$args{generator}});
@@ -5095,16 +5161,16 @@
+ "util", "dofile.pl")),
+ rel2abs($config{builddir}));
+ return <<"EOF";
- $args{src}: $args{generator}->[0] $deps
-- \$(PERL) $generator > \$@
++$args{src}: $args{generator}->[0] $deps
+ \$(PERL) "-I\$(BLDDIR)" -Mconfigdata "$dofile" \\
+ "-o$target{build_file}" $generator > \$@
- EOF
++EOF
+ } else {
+ return <<"EOF";
-+$args{src}: $args{generator}->[0] $deps
+ $args{src}: $args{generator}->[0] $deps
+- \$(PERL) $generator > \$@
+ \$(PERL)$generator_incs $generator > \$@
-+EOF
+ EOF
+ }
} else {
if ($args{generator}->[0] =~ /\.pl$/) {
@@ -5116,7 +5182,7 @@
} elsif ($args{generator}->[0] =~ /\.S$/) {
$generator = undef;
} else {
-@@ -835,7 +896,9 @@ EOF
+@@ -835,7 +901,9 @@ EOF
$target: $args{generator}->[0] $deps
( trap "rm -f \$@.*" INT 0; \\
$generator \$@.S; \\
@@ -5127,7 +5193,7 @@
EOF
}
# Otherwise....
-@@ -846,7 +909,8 @@ EOF
+@@ -846,7 +914,8 @@ EOF
}
return <<"EOF";
$args{src}: $args{generator}->[0] $deps
@@ -5137,7 +5203,7 @@
EOF
}
}
-@@ -879,7 +943,7 @@ EOF
+@@ -879,7 +948,7 @@ EOF
if (!$disabled{makedepend} && $makedepprog =~ /\/makedepend/) {
$recipe .= <<"EOF";
$obj$depext: $deps
@@ -5146,7 +5212,7 @@
>\$\@.tmp 2>/dev/null
-\$(PERL) -i -pe 's/^.*\\|//; s/ \\/(\\\\.|[^ ])*//; \$\$_ = undef if (/: *\$\$/ || /^(#.*| *)\$\$/); \$\$_.="\\n" unless !defined(\$\$_) or /\\R\$\$/g;' \$\@.tmp
\@if cmp \$\@.tmp \$\@ > /dev/null 2> /dev/null; then \\
-@@ -893,13 +957,13 @@ EOF
+@@ -893,13 +962,13 @@ EOF
if ($disabled{makedepend} || $makedepprog =~ /\/makedepend/) {
$recipe .= <<"EOF";
$obj$objext: $deps
@@ -5162,7 +5228,7 @@
\@touch $obj$depext.tmp
\@if cmp $obj$depext.tmp $obj$depext > /dev/null 2> /dev/null; then \\
rm -f $obj$depext.tmp; \\
-@@ -939,15 +1003,15 @@ EOF
+@@ -939,15 +1008,15 @@ EOF
$target: $lib$libext $deps $ordinalsfile
\$(MAKE) -f \$(SRCDIR)/Makefile.shared -e \\
PLATFORM=\$(PLATFORM) \\
@@ -5181,7 +5247,7 @@
link_shlib.$shlib_target
EOF
. (windowsdll() ? <<"EOF" : "");
-@@ -975,7 +1039,7 @@ EOF
+@@ -975,7 +1044,7 @@ EOF
$target: $objs $deps
\$(MAKE) -f \$(SRCDIR)/Makefile.shared -e \\
PLATFORM=\$(PLATFORM) \\
@@ -5190,7 +5256,7 @@
LIBDEPS='\$(PLIB_LDFLAGS) '"$shlibdeps"' \$(EX_LIBS)' \\
LIBNAME=$libname LDFLAGS='\$(LDFLAGS)' \\
CC='\$(CC)' CFLAGS='\$(CFLAGS) \$(DSO_CFLAGS)' \\
-@@ -1012,7 +1076,7 @@ EOF
+@@ -1012,7 +1081,7 @@ EOF
$bin$exeext: $objs $deps
\$(RM) $bin$exeext
\$(MAKE) -f \$(SRCDIR)/Makefile.shared -e \\
@@ -5199,7 +5265,7 @@
APPNAME=$bin$exeext OBJECTS="$objs" \\
LIBDEPS='\$(PLIB_LDFLAGS) '"$linklibs"' \$(EX_LIBS)' \\
CC='\$(CC)' CFLAGS='\$(CFLAGS) \$(BIN_CFLAGS)' \\
-@@ -1034,5 +1098,37 @@ EOF
+@@ -1034,5 +1103,37 @@ EOF
chmod a+x $script
EOF
}
@@ -5500,7 +5566,7 @@
depend:
-@@ -180,53 +248,81 @@ install_sw: all install_dev install_engi
+@@ -180,53 +248,84 @@ install_sw: all install_dev install_engi
uninstall_sw: uninstall_runtime uninstall_engines uninstall_dev
@@ -5517,7 +5583,10 @@
+ @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(OPENSSLDIR)\private"
+ @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(OPENSSLDIR)\misc"
+ @"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\apps\openssl.cnf" \
-+ "$(OPENSSLDIR)"
++ "$(OPENSSLDIR)\openssl.cnf.dist"
++ @IF NOT EXIST "$(OPENSSLDIR)\openssl.cnf" \
++ "$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\apps\openssl.cnf" \
++ "$(OPENSSLDIR)\openssl.cnf"
+ @"$(PERL)" "$(SRCDIR)\util\copy.pl" $(MISC_SCRIPTS) \
+ "$(OPENSSLDIR)\misc"
@@ -5601,7 +5670,7 @@
@echo "**************************************************"
@echo "*** ***"
@echo "*** Please run the same make command again ***"
-@@ -250,18 +346,31 @@ configdata.pm: {- $config{build_file_tem
+@@ -250,18 +349,31 @@ configdata.pm: {- $config{build_file_tem
sub generatesrc {
my %args = @_;
(my $target = $args{src}) =~ s/\.[sS]$/.asm/;
@@ -5640,7 +5709,7 @@
} elsif ($args{generator}->[0] =~ /\.S$/) {
$generator = undef;
} else {
-@@ -273,25 +382,23 @@ EOF
+@@ -273,25 +385,23 @@ EOF
# end up generating foo.s in two steps.
if ($args{src} =~ /\.S$/) {
return <<"EOF";
@@ -5671,7 +5740,7 @@
EOF
}
}
-@@ -301,12 +408,12 @@ EOF
+@@ -301,12 +411,12 @@ EOF
my $obj = $args{obj};
my @srcs = map { (my $x = $_) =~ s/\.s$/.asm/; $x
} ( @{$args{srcs}} );
@@ -5688,7 +5757,7 @@
}
}
my $ecflags = { lib => '$(LIB_CFLAGS)',
-@@ -322,20 +429,20 @@ EOF
+@@ -322,20 +432,20 @@ EOF
return <<"EOF" if (!$disabled{makedepend});
$obj$depext: $deps
\$(CC) \$(CFLAGS) $ecflags$inc /Zs /showIncludes $srcs 2>&1 | \\
@@ -5712,7 +5781,7 @@
EOF
}
-@@ -362,18 +469,21 @@ EOF
+@@ -362,18 +472,21 @@ EOF
rel2abs($config{builddir}));
my $target = shlib_import($lib);
return <<"EOF"
@@ -5740,7 +5809,7 @@
COPY $shlib$shlibext apps
COPY $shlib$shlibext test
EOF
-@@ -390,6 +500,7 @@ EOF
+@@ -390,6 +503,7 @@ EOF
compute_lib_depends(@{$args{deps}}));
return <<"EOF";
$dso$dsoext: $deps
@@ -5748,7 +5817,7 @@
\$(LD) \$(LDFLAGS) \$(DSO_LDFLAGS) \$(LDOUTFLAG)$dso$dsoext /def:<< @<<
LIBRARY $dso_n
EXPORTS
-@@ -398,6 +509,8 @@ EXPORTS
+@@ -398,6 +512,8 @@ EXPORTS
<<
$objs$linklibs \$(EX_LIBS)
<<
@@ -5757,7 +5826,7 @@
EOF
}
sub obj2lib {
-@@ -413,7 +526,7 @@ EOF
+@@ -413,7 +529,7 @@ EOF
return <<"EOF";
$lib$libext: $deps
\$(AR) \$(ARFLAGS) \$(AROUTFLAG)$lib$libext @<<
@@ -5766,7 +5835,7 @@
<<
EOF
}
-@@ -428,23 +541,57 @@ EOF
+@@ -428,23 +544,57 @@ EOF
compute_lib_depends(@{$args{deps}}));
return <<"EOF";
$bin$exeext: $deps
@@ -5960,7 +6029,15 @@
"gost",
"heartbeats",
"hw(-.+)?",
-@@ -298,10 +324,8 @@ my @disablables = (
+@@ -285,6 +311,7 @@ my @disablables = (
+ "md2",
+ "md4",
+ "mdc2",
++ "msan",
+ "multiblock",
+ "nextprotoneg",
+ "ocb",
+@@ -298,10 +325,8 @@ my @disablables = (
"rc5",
"rdrand",
"rfc3779",
@@ -5971,7 +6048,7 @@
"sctp",
"seed",
"shared",
-@@ -316,6 +340,7 @@ my @disablables = (
+@@ -316,6 +341,7 @@ my @disablables = (
"threads",
"tls",
"ts",
@@ -5979,7 +6056,7 @@
"ui",
"unit-test",
"whirlpool",
-@@ -329,26 +354,33 @@ foreach my $proto ((@tls, @dtls))
+@@ -329,26 +355,34 @@ foreach my $proto ((@tls, @dtls))
push(@disablables, "$proto-method");
}
@@ -6000,6 +6077,7 @@
+ "fuzz-libfuzzer" => "default",
+ "fuzz-afl" => "default",
"md2" => "default",
++ "msan" => "default",
"rc5" => "default",
"sctp" => "default",
"ssl-trace" => "default",
@@ -6015,7 +6093,7 @@
"heartbeats" => "default",
);
-@@ -364,7 +396,7 @@ my @disable_cascades = (
+@@ -364,7 +398,7 @@ my @disable_cascades = (
"ec" => [ "ecdsa", "ecdh" ],
"dgram" => [ "dtls", "sctp" ],
@@ -6024,7 +6102,16 @@
"dtls" => [ @dtls ],
# SSL 3.0, (D)TLS 1.0 and TLS 1.1 require MD5 and SHA
-@@ -431,17 +463,6 @@ while ((my $first, my $second) = (shift
+@@ -407,6 +441,8 @@ my @disable_cascades = (
+ "apps" => [ "tests" ],
+ "comp" => [ "zlib" ],
+ sub { !$disabled{"unit-test"} } => [ "heartbeats" ],
++
++ sub { !$disabled{"msan"} } => [ "asm" ],
+ );
+
+ # Avoid protocol support holes. Also disable all versions below N, if version
+@@ -431,17 +467,6 @@ while ((my $first, my $second) = (shift
# To remove something from %disabled, use "enable-foo".
# For symmetry, "disable-foo" is a synonym for "no-foo".
@@ -6042,7 +6129,7 @@
my $no_sse2=0;
&usage if ($#ARGV < 0);
-@@ -458,8 +479,6 @@ my $target="";
+@@ -458,8 +483,6 @@ my $target="";
$config{options}="";
$config{build_type} = "release";
@@ -6051,7 +6138,7 @@
my @argvcopy=@ARGV;
if (grep /^reconf(igure)?$/, @argvcopy) {
-@@ -533,21 +552,17 @@ foreach (@argvcopy)
+@@ -533,21 +556,17 @@ foreach (@argvcopy)
s /^zlib-dynamic$/enable-zlib-dynamic/;
if (/^(no|disable|enable)-(.+)$/)
@@ -6084,7 +6171,7 @@
foreach my $proto ((@tls, @dtls))
{
if ($1 eq "$proto-method")
-@@ -586,6 +601,14 @@ foreach (@argvcopy)
+@@ -586,6 +605,14 @@ foreach (@argvcopy)
{
$disabled{"dynamic-engine"} = "option";
}
@@ -6099,7 +6186,7 @@
else
{
$disabled{$1} = "option";
-@@ -644,11 +667,7 @@ foreach (@argvcopy)
+@@ -644,11 +671,7 @@ foreach (@argvcopy)
}
elsif (/^[-+]/)
{
@@ -6112,7 +6199,7 @@
{
$config{prefix}=$1;
die "Directory given with --prefix MUST be absolute\n"
-@@ -674,6 +693,14 @@ foreach (@argvcopy)
+@@ -674,6 +697,14 @@ foreach (@argvcopy)
{
$withargs{zlib_include}=$1;
}
@@ -6127,7 +6214,7 @@
elsif (/^--with-fipslibdir=(.*)$/)
{
$config{fipslibdir}="$1/";
-@@ -712,7 +739,7 @@ foreach (@argvcopy)
+@@ -712,7 +743,7 @@ foreach (@argvcopy)
unless ($_ eq $target || /^no-/ || /^disable-/)
{
# "no-..." follows later after implied disactivations
@@ -6136,7 +6223,7 @@
# we really only write OPTIONS to the Makefile out of
# nostalgia.)
-@@ -886,11 +913,19 @@ my %target = resolve_config($target);
+@@ -886,11 +917,19 @@ my %target = resolve_config($target);
if $config{cross_compile_prefix} eq "";
# Allow overriding the names of some tools. USE WITH CARE
@@ -6157,7 +6244,7 @@
# For cflags, lflags, plib_lflags, ex_libs and defines, add the debug_
# or release_ attributes.
-@@ -904,22 +939,6 @@ my %target = resolve_config($target);
+@@ -904,22 +943,6 @@ my %target = resolve_config($target);
$target{build_scheme} = [ $target{build_scheme} ]
if ref($target{build_scheme}) ne "ARRAY";
@@ -6180,7 +6267,7 @@
my ($builder, $builder_platform, @builder_opts) =
@{$target{build_scheme}};
-@@ -983,7 +1002,7 @@ unless ($disabled{threads}) {
+@@ -983,7 +1006,7 @@ unless ($disabled{threads}) {
$disabled{threads} = "unavailable";
}
} else {
@@ -6189,7 +6276,7 @@
# if there's a chance that's possible
if ($target{thread_scheme} eq "(unknown)") {
# If the user asked for "threads" and we don't have internal
-@@ -1030,6 +1049,24 @@ if ($disabled{"dynamic-engine"}) {
+@@ -1030,6 +1053,28 @@ if ($disabled{"dynamic-engine"}) {
$config{dynamic_engines} = 1;
}
@@ -6207,14 +6294,18 @@
+ $config{cflags} .= "-fsanitize=undefined -fno-sanitize-recover=all ";
+}
+
++unless ($disabled{msan}) {
++ $config{cflags} .= "-fsanitize=memory ";
++}
++
+unless ($disabled{"fuzz-libfuzzer"} && $disabled{"fuzz-afl"}
-+ && $disabled{asan} && $disabled{ubsan}) {
++ && $disabled{asan} && $disabled{ubsan} && $disabled{msan}) {
+ $config{cflags} .= "-fno-omit-frame-pointer -g ";
+}
#
# Platform fix-ups
#
-@@ -1239,12 +1276,27 @@ my $buildinfo_debug = defined($ENV{CONFI
+@@ -1239,12 +1284,27 @@ my $buildinfo_debug = defined($ENV{CONFI
if ($builder eq "unified") {
# Store the name of the template file we will build the build file from
# in %config. This may be useful for the build file itself.
@@ -6248,7 +6339,7 @@
$config{build_file_template} = $build_file_template;
use lib catdir(dirname(__FILE__),"util");
-@@ -1308,9 +1360,13 @@ if ($builder eq "unified") {
+@@ -1308,9 +1368,13 @@ if ($builder eq "unified") {
my $f = $_->[1];
# The basic things we're trying to build
my @programs = ();
@@ -6262,7 +6353,7 @@
my @extra = ();
my @overrides = ();
my @intermediates = ();
-@@ -1334,6 +1390,7 @@ if ($builder eq "unified") {
+@@ -1334,6 +1398,7 @@ if ($builder eq "unified") {
$template->fill_in(HASH => { config => \%config,
target => \%target,
disabled => \%disabled,
@@ -6270,7 +6361,7 @@
builddir => abs2rel($buildd, $blddir),
sourcedir => abs2rel($sourced, $blddir),
buildtop => abs2rel($blddir, $blddir),
-@@ -1373,48 +1430,72 @@ if ($builder eq "unified") {
+@@ -1373,48 +1438,72 @@ if ($builder eq "unified") {
qr/^\s*ENDIF\s*$/
=> sub { die "ENDIF out of scope" if ! @skip;
pop @skip; },
@@ -6365,7 +6456,7 @@
if !@skip || $skip[$#skip] > 0 },
qr/^\s*BEGINRAW\[((?:\\.|[^\\\]])+)\]\s*$/
=> sub {
-@@ -1470,6 +1551,14 @@ if ($builder eq "unified") {
+@@ -1470,6 +1559,14 @@ if ($builder eq "unified") {
$unified_info{programs}->{$program} = 1;
}
@@ -6380,7 +6471,7 @@
foreach (@libraries) {
my $library = cleanfile($buildd, $_, $blddir);
if ($unified_info{rename}->{$library}) {
-@@ -1478,6 +1567,14 @@ if ($builder eq "unified") {
+@@ -1478,6 +1575,14 @@ if ($builder eq "unified") {
$unified_info{libraries}->{$library} = 1;
}
@@ -6395,7 +6486,7 @@
die <<"EOF" if scalar @engines and !$config{dynamic_engines};
ENGINES can only be used if configured with 'dynamic-engine'.
This is usually a fault in a build.info file.
-@@ -1490,6 +1587,14 @@ EOF
+@@ -1490,6 +1595,14 @@ EOF
$unified_info{engines}->{$library} = 1;
}
@@ -6410,7 +6501,7 @@
foreach (@scripts) {
my $script = cleanfile($buildd, $_, $blddir);
if ($unified_info{rename}->{$script}) {
-@@ -1498,6 +1603,14 @@ EOF
+@@ -1498,6 +1611,14 @@ EOF
$unified_info{scripts}->{$script} = 1;
}
@@ -6425,7 +6516,7 @@
foreach (@extra) {
my $extra = cleanfile($buildd, $_, $blddir);
$unified_info{extra}->{$extra} = 1;
-@@ -1628,9 +1741,15 @@ EOF
+@@ -1628,9 +1749,15 @@ EOF
foreach (keys %depends) {
my $dest = $_;
@@ -6444,7 +6535,7 @@
}
foreach (@{$depends{$dest}}) {
my $d = cleanfile($sourced, $_, $blddir);
-@@ -1643,7 +1762,7 @@ EOF
+@@ -1643,7 +1770,7 @@ EOF
if (! -f $d
|| (grep { $d eq $_ }
map { cleanfile($srcdir, $_, $blddir) }
@@ -6453,7 +6544,7 @@
$d = cleanfile($buildd, $_, $blddir);
}
# Take note if the file to depend on is being renamed
-@@ -1651,26 +1770,35 @@ EOF
+@@ -1651,26 +1778,35 @@ EOF
$d = $unified_info{rename}->{$d};
}
$unified_info{depends}->{$ddest}->{$d} = 1;
@@ -6500,7 +6591,7 @@
}
}
}
-@@ -1681,12 +1809,28 @@ EOF
+@@ -1681,12 +1817,28 @@ EOF
$unified_info{$_} = [ sort keys %{$unified_info{$_}} ];
}
# Two level structures
@@ -6530,7 +6621,7 @@
}
# For the schemes that need it, we provide the old *_obj configs
-@@ -1823,7 +1967,7 @@ print OUT "1;\n";
+@@ -1823,7 +1975,7 @@ print OUT "1;\n";
close(OUT);
@@ -6539,7 +6630,7 @@
print "CFLAG =$target{cflags} $config{cflags}\n";
print "SHARED_CFLAG =$target{shared_cflag}\n";
print "DEFINES =",join(" ", @{$target{defines}}, @{$config{defines}}),"\n";
-@@ -1851,7 +1995,9 @@ print "CHACHA_ENC =$target{chacha_obj
+@@ -1851,7 +2003,9 @@ print "CHACHA_ENC =$target{chacha_obj
print "POLY1305_OBJ =$target{poly1305_obj}\n";
print "BLAKE2_OBJ =$target{blake2_obj}\n";
print "PROCESSOR =$config{processor}\n";
@@ -6550,7 +6641,7 @@
print "ARFLAGS =$target{arflags}\n";
print "PERL =$config{perl}\n";
print "\n";
-@@ -1861,59 +2007,12 @@ print "THIRTY_TWO_BIT mode\n" if $config
+@@ -1861,59 +2015,12 @@ print "THIRTY_TWO_BIT mode\n" if $config
print "BN_LLONG mode\n" if $config{bn_ll};
print "RC4 uses $config{rc4_int}\n" if $config{rc4_int} ne $def_int;
@@ -6610,7 +6701,7 @@
);
$builders{$builder}->($builder_platform, @builder_opts);
-@@ -1939,6 +2038,14 @@ or position independent code, please let
+@@ -1939,6 +2046,14 @@ or position independent code, please let
you have tried with a current version of OpenSSL).
EOF
@@ -6625,7 +6716,7 @@
exit(0);
######################################################################
-@@ -2104,8 +2211,8 @@ sub read_config {
+@@ -2104,8 +2219,8 @@ sub read_config {
}
@@ -6636,7 +6727,7 @@
# recursively
sub resolve_config {
my $target = shift;
-@@ -2158,7 +2265,7 @@ sub resolve_config {
+@@ -2158,7 +2273,7 @@ sub resolve_config {
# - If a value is a coderef, it will be executed with the list of
# inherited values as arguments.
# - If the corresponding key doesn't have a value at all or is the
@@ -6645,7 +6736,7 @@
# default combiner (below), and the result becomes this target's
# value.
# - Otherwise, this target's value is assumed to be a string that
-@@ -2266,13 +2373,34 @@ sub run_dofile
+@@ -2266,13 +2381,34 @@ sub run_dofile
foreach (@templates) {
die "Can't open $_, $!" unless -f $_;
}
@@ -6681,7 +6772,7 @@
# Configuration printer ##############################################
sub print_table_entry
-@@ -2400,22 +2528,6 @@ sub absolutedir {
+@@ -2400,22 +2536,6 @@ sub absolutedir {
return realpath($dir);
}
@@ -6704,7 +6795,7 @@
sub quotify {
my %processors = (
perl => sub { my $x = shift;
-@@ -2519,3 +2631,41 @@ sub collect_information {
+@@ -2519,3 +2639,41 @@ sub collect_information {
}
}
}
@@ -6909,11 +7000,11 @@
Don't compile in filename and line number information (e.g.
for errors and memory allocation).
-+ enable-fuzz
-+ Build with support for fuzzing. This is a developer option
-+ only. It may not work on all platforms and should never be
-+ used in production environments. See the file fuzz/README.md
-+ for further details.
++ enable-fuzz-libfuzzer, enable-fuzz-afl
++ Build with support for fuzzing using either libfuzzer or AFL.
++ These are developer options only. They may not work on all
++ platforms and should never be used in production environments.
++ See the file fuzz/README.md for further details.
+
no-gost
Don't build support for GOST based ciphersuites. Note that
@@ -9887,7 +9978,19 @@
# define OPT_FMT_ANY ( \
OPT_FMT_PEMDER | OPT_FMT_PKCS12 | OPT_FMT_SMIME | \
OPT_FMT_ENGINE | OPT_FMT_MSBLOB | OPT_FMT_NETSCAPE | \
-@@ -474,7 +386,8 @@ int dump_cert_text(BIO *out, X509 *x);
+@@ -455,6 +367,11 @@ typedef struct args_st {
+ * can be re-used.
+ */
+ char **copy_argv(int *argc, char *argv[]);
++/*
++ * Win32-specific argv initialization that splits OS-supplied UNICODE
++ * command line string to array of UTF8-encoded strings.
++ */
++void win32_utf8argv(int *argc, char **argv[]);
+
+
+ # define PW_MIN_LENGTH 4
+@@ -474,7 +391,8 @@ int dump_cert_text(BIO *out, X509 *x);
void print_name(BIO *out, const char *title, X509_NAME *nm,
unsigned long lflags);
# endif
@@ -12908,7 +13011,19 @@
#include <openssl/lhash.h>
#include <openssl/conf.h>
#include <openssl/x509.h>
-@@ -305,7 +203,7 @@ int main(int argc, char *argv[])
+@@ -233,6 +131,11 @@ int main(int argc, char *argv[])
+
+ #if defined(OPENSSL_SYS_VMS) && defined(__DECC)
+ copied_argv = argv = copy_argv(&argc, argv);
++#elif defined(_WIN32)
++ /*
++ * Replace argv[] with UTF-8 encoded strings.
++ */
++ win32_utf8argv(&argc, &argv);
+ #endif
+
+ p = getenv("OPENSSL_DEBUG_MEMORY");
+@@ -305,7 +208,7 @@ int main(int argc, char *argv[])
extern void add_history(const char *cp);
char *text;
@@ -12917,7 +13032,7 @@
if (text == NULL)
goto end;
i = strlen(text);
-@@ -491,10 +389,8 @@ int help_main(int argc, char **argv)
+@@ -491,10 +394,8 @@ int help_main(int argc, char **argv)
return 0;
}
}
@@ -12929,7 +13044,7 @@
BIO_printf(bio_err, "Usage: %s\n", prog);
return 1;
}
-@@ -628,7 +524,7 @@ static int function_cmp(const FUNCTION *
+@@ -628,7 +529,7 @@ static int function_cmp(const FUNCTION *
static unsigned long function_hash(const FUNCTION * a)
{
@@ -12938,7 +13053,7 @@
}
static int SortFnByName(const void *_f1, const void *_f2)
-@@ -743,9 +639,6 @@ static void list_disabled(void)
+@@ -743,9 +644,6 @@ static void list_disabled(void)
#ifdef OPENSSL_NO_SCRYPT
BIO_puts(bio_out, "SCRYPT\n");
#endif
@@ -12948,7 +13063,7 @@
#ifdef OPENSSL_NO_SCTP
BIO_puts(bio_out, "SCTP\n");
#endif
-@@ -761,15 +654,9 @@ static void list_disabled(void)
+@@ -761,15 +659,9 @@ static void list_disabled(void)
#ifdef OPENSSL_NO_SRTP
BIO_puts(bio_out, "SRTP\n");
#endif
@@ -13313,6 +13428,19 @@
}
# endif
+@@ -506,10 +496,10 @@ static int do_passwd(int passed_salt, ch
+ BIO_printf(out, "%s\t%s\n", hash, passwd);
+ else
+ BIO_printf(out, "%s\n", hash);
+- return 0;
++ return 1;
+
+ end:
+- return 1;
++ return 0;
+ }
+ #else
+
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -1,59 +1,10 @@
@@ -13380,7 +13508,24 @@
*/
#include <openssl/opensslconf.h>
-@@ -674,6 +625,7 @@ int dump_certs_pkeys_bag(BIO *out, PKCS1
+@@ -571,9 +522,13 @@ int pkcs12_main(int argc, char **argv)
+
+ if ((options & INFO) && PKCS12_mac_present(p12)) {
+ ASN1_INTEGER *tmaciter;
+-
+- PKCS12_get0_mac(NULL, NULL, NULL, &tmaciter, p12);
+- BIO_printf(bio_err, "MAC Iteration %ld\n",
++ X509_ALGOR *macalgid;
++ ASN1_OBJECT *macobj;
++ PKCS12_get0_mac(NULL, &macalgid, NULL, &tmaciter, p12);
++ X509_ALGOR_get0(&macobj, NULL, NULL, macalgid);
++ BIO_puts(bio_err, "MAC:");
++ i2a_ASN1_OBJECT(bio_err, macobj);
++ BIO_printf(bio_err, " Iteration %ld\n",
+ tmaciter != NULL ? ASN1_INTEGER_get(tmaciter) : 1L);
+ }
+ if (macver) {
+@@ -674,6 +629,7 @@ int dump_certs_pkeys_bag(BIO *out, PKCS1
PKCS8_PRIV_KEY_INFO *p8;
X509 *x509;
STACK_OF(X509_ATTRIBUTE) *attrs;
@@ -13388,7 +13533,7 @@
attrs = PKCS12_SAFEBAG_get0_attrs(bag);
-@@ -688,7 +640,7 @@ int dump_certs_pkeys_bag(BIO *out, PKCS1
+@@ -688,7 +644,7 @@ int dump_certs_pkeys_bag(BIO *out, PKCS1
if ((pkey = EVP_PKCS82PKEY(p8)) == NULL)
return 0;
print_attribs(out, PKCS8_pkey_get0_attrs(p8), "Key Attributes");
@@ -13397,7 +13542,7 @@
EVP_PKEY_free(pkey);
break;
-@@ -713,7 +665,7 @@ int dump_certs_pkeys_bag(BIO *out, PKCS1
+@@ -713,7 +669,7 @@ int dump_certs_pkeys_bag(BIO *out, PKCS1
}
print_attribs(out, PKCS8_pkey_get0_attrs(p8), "Key Attributes");
PKCS8_PRIV_KEY_INFO_free(p8);
@@ -13406,7 +13551,7 @@
EVP_PKEY_free(pkey);
break;
-@@ -733,7 +685,7 @@ int dump_certs_pkeys_bag(BIO *out, PKCS1
+@@ -733,7 +689,7 @@ int dump_certs_pkeys_bag(BIO *out, PKCS1
if ((x509 = PKCS12_SAFEBAG_get1_cert(bag)) == NULL)
return 0;
dump_cert_text(out, x509);
@@ -13415,7 +13560,7 @@
X509_free(x509);
break;
-@@ -750,7 +702,7 @@ int dump_certs_pkeys_bag(BIO *out, PKCS1
+@@ -750,7 +706,7 @@ int dump_certs_pkeys_bag(BIO *out, PKCS1
BIO_printf(bio_err, "\n");
return 1;
}
@@ -13424,7 +13569,7 @@
}
/* Given a single certificate return a verified chain or NULL if error */
-@@ -786,16 +738,70 @@ static int get_cert_chain(X509 *cert, X5
+@@ -786,16 +742,70 @@ static int get_cert_chain(X509 *cert, X5
static int alg_print(X509_ALGOR *alg)
{
@@ -14201,6 +14346,15 @@
*/
typedef enum FUNC_TYPE {
+@@ -17,7 +18,7 @@ typedef enum FUNC_TYPE {
+ typedef struct function_st {
+ FUNC_TYPE type;
+ const char *name;
+- int (*func)(int argc,char *argv[]);
++ int (*func)(int argc, char *argv[]);
+ const OPTIONS *help;
+ } FUNCTION;
+
@@ -213,27 +214,15 @@ static FUNCTION functions[] = {
#ifndef OPENSSL_NO_MD4
{ FT_md, "md4", dgst_main},
@@ -14856,6 +15010,39 @@
*/
#include <openssl/opensslconf.h>
+@@ -146,7 +50,7 @@ OPTIONS rsa_options[] = {
+ {"modulus", OPT_MODULUS, '-', "Print the RSA key modulus"},
+ {"check", OPT_CHECK, '-', "Verify key consistency"},
+ {"", OPT_CIPHER, '-', "Any supported cipher"},
+-# ifdef OPENSSL_NO_RC4
++# if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4)
+ {"pvk-strong", OPT_PVK_STRONG, '-'},
+ {"pvk-weak", OPT_PVK_WEAK, '-'},
+ {"pvk-none", OPT_PVK_NONE, '-'},
+@@ -170,7 +74,7 @@ int rsa_main(int argc, char **argv)
+ int noout = 0, modulus = 0, pubin = 0, pubout = 0, ret = 1;
+ # if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4)
+ int pvk_encr = 2;
+-#endif
++# endif
+ OPTION_CHOICE o;
+
+ prog = opt_init(argc, argv, rsa_options);
+@@ -230,12 +134,12 @@ int rsa_main(int argc, char **argv)
+ case OPT_PVK_NONE:
+ pvk_encr = 0;
+ break;
+-#else
++# else
+ case OPT_PVK_STRONG:
+ case OPT_PVK_WEAK:
+ case OPT_PVK_NONE:
+ break;
+-#endif
++# endif
+ case OPT_NOOUT:
+ noout = 1;
+ break;
@@ -310,7 +214,7 @@ int rsa_main(int argc, char **argv)
}
@@ -17211,51 +17398,151 @@
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
-@@ -648,9 +601,11 @@ static int EVP_Digest_MD2_loop(void *arg
+@@ -191,6 +144,9 @@ static volatile int run = 0;
+ static int mr = 0;
+ static int usertime = 1;
+
++typedef void *(*kdf_fn) (
++ const void *in, size_t inlen, void *out, size_t *xoutlen);
++
+ typedef struct loopargs_st {
+ ASYNC_JOB *inprogress_job;
+ ASYNC_WAIT_CTX *wait_ctx;
+@@ -198,7 +154,7 @@ typedef struct loopargs_st {
+ unsigned char *buf2;
+ unsigned char *buf_malloc;
+ unsigned char *buf2_malloc;
+- unsigned int *siglen;
++ unsigned int siglen;
+ #ifndef OPENSSL_NO_RSA
+ RSA *rsa_key[RSA_NUM];
+ #endif
+@@ -211,6 +167,8 @@ typedef struct loopargs_st {
+ EC_KEY *ecdh_b[EC_NUM];
+ unsigned char *secret_a;
+ unsigned char *secret_b;
++ int outlen;
++ kdf_fn kdf;
+ #endif
+ EVP_CIPHER_CTX *ctx;
+ HMAC_CTX *hctx;
+@@ -291,7 +249,8 @@ static const char *names[ALGOR_NUM] = {
+ };
+
+ static double results[ALGOR_NUM][SIZE_NUM];
+-static int lengths[SIZE_NUM] = {
++
++static const int lengths[SIZE_NUM] = {
+ 16, 64, 256, 1024, 8 * 1024, 16 * 1024
+ };
+
+@@ -386,18 +345,6 @@ static double Time_F(int s)
+ }
+ #endif
+
+-#ifndef OPENSSL_NO_EC
+-static const int KDF1_SHA1_len = 20;
+-static void *KDF1_SHA1(const void *in, size_t inlen, void *out,
+- size_t *outlen)
+-{
+- if (*outlen < SHA_DIGEST_LENGTH)
+- return NULL;
+- *outlen = SHA_DIGEST_LENGTH;
+- return SHA1(in, inlen, out);
+-}
+-#endif /* OPENSSL_NO_EC */
+-
+ static void multiblock_speed(const EVP_CIPHER *evp_cipher);
+
+ static int found(const char *name, const OPT_PAIR * pairs, int *result)
+@@ -424,7 +371,8 @@ OPTIONS speed_options[] = {
+ {"decrypt", OPT_DECRYPT, '-',
+ "Time decryption instead of encryption (only EVP)"},
+ {"mr", OPT_MR, '-', "Produce machine readable output"},
+- {"mb", OPT_MB, '-'},
++ {"mb", OPT_MB, '-',
++ "Enable (tls1.1) multi-block mode on evp_cipher requested with -evp"},
+ {"misalign", OPT_MISALIGN, 'n', "Amount to mis-align buffers"},
+ {"elapsed", OPT_ELAPSED, '-',
+ "Measure time in real time instead of CPU user time"},
+@@ -633,13 +581,14 @@ static OPT_PAIR ecdh_choices[] = {
+ # define COND(d) (count < (d))
+ # define COUNT(d) (d)
+ #else
+-# define COND(c) (run && count<0x7fffffff)
++# define COND(unused_cond) (run && count<0x7fffffff)
+ # define COUNT(d) (count)
+ #endif /* SIGALRM */
+
+ static int testnum;
+-static char *engine_id = NULL;
+
++/* Nb of iterations to do per algorithm and key-size */
++static long c[ALGOR_NUM][SIZE_NUM];
+
+ #ifndef OPENSSL_NO_MD2
+ static int EVP_Digest_MD2_loop(void *args)
+@@ -648,9 +597,12 @@ static int EVP_Digest_MD2_loop(void *arg
unsigned char *buf = tempargs->buf;
unsigned char md2[MD2_DIGEST_LENGTH];
int count;
- for (count = 0; COND(c[D_MD2][testnum]); count++)
- EVP_Digest(buf, (unsigned long)lengths[testnum], &(md2[0]), NULL,
- EVP_md2(), NULL);
++
+ for (count = 0; COND(c[D_MD2][testnum]); count++) {
-+ if (!EVP_Digest(buf, (unsigned long)lengths[testnum], &(md2[0]), NULL,
-+ EVP_md2(), NULL))
++ if (!EVP_Digest(buf, (size_t)lengths[testnum], md2, NULL, EVP_md2(),
++ NULL))
+ return -1;
+ }
return count;
}
#endif
-@@ -662,9 +617,11 @@ static int EVP_Digest_MDC2_loop(void *ar
+@@ -662,9 +614,12 @@ static int EVP_Digest_MDC2_loop(void *ar
unsigned char *buf = tempargs->buf;
unsigned char mdc2[MDC2_DIGEST_LENGTH];
int count;
- for (count = 0; COND(c[D_MDC2][testnum]); count++)
- EVP_Digest(buf, (unsigned long)lengths[testnum], &(mdc2[0]), NULL,
- EVP_mdc2(), NULL);
++
+ for (count = 0; COND(c[D_MDC2][testnum]); count++) {
-+ if (!EVP_Digest(buf, (unsigned long)lengths[testnum], &(mdc2[0]), NULL,
-+ EVP_mdc2(), NULL))
++ if (!EVP_Digest(buf, (size_t)lengths[testnum], mdc2, NULL, EVP_mdc2(),
++ NULL))
+ return -1;
+ }
return count;
}
#endif
-@@ -676,9 +633,11 @@ static int EVP_Digest_MD4_loop(void *arg
+@@ -676,9 +631,12 @@ static int EVP_Digest_MD4_loop(void *arg
unsigned char *buf = tempargs->buf;
unsigned char md4[MD4_DIGEST_LENGTH];
int count;
- for (count = 0; COND(c[D_MD4][testnum]); count++)
- EVP_Digest(&(buf[0]), (unsigned long)lengths[testnum], &(md4[0]),
- NULL, EVP_md4(), NULL);
++
+ for (count = 0; COND(c[D_MD4][testnum]); count++) {
-+ if (!EVP_Digest(&(buf[0]), (unsigned long)lengths[testnum], &(md4[0]),
-+ NULL, EVP_md4(), NULL))
++ if (!EVP_Digest(buf, (size_t)lengths[testnum], md4, NULL, EVP_md4(),
++ NULL))
+ return -1;
+ }
return count;
}
#endif
+@@ -702,10 +660,11 @@ static int HMAC_loop(void *args)
+ HMAC_CTX *hctx = tempargs->hctx;
+ unsigned char hmac[MD5_DIGEST_LENGTH];
+ int count;
++
+ for (count = 0; COND(c[D_HMAC][testnum]); count++) {
+ HMAC_Init_ex(hctx, NULL, 0, NULL, NULL);
+ HMAC_Update(hctx, buf, lengths[testnum]);
+- HMAC_Final(hctx, &(hmac[0]), NULL);
++ HMAC_Final(hctx, hmac, NULL);
+ }
+ return count;
+ }
@@ -764,9 +723,11 @@ static int EVP_Digest_RMD160_loop(void *
unsigned char *buf = tempargs->buf;
unsigned char rmd160[RIPEMD160_DIGEST_LENGTH];
@@ -17264,37 +17551,491 @@
- EVP_Digest(buf, (unsigned long)lengths[testnum], &(rmd160[0]), NULL,
- EVP_ripemd160(), NULL);
+ for (count = 0; COND(c[D_RMD160][testnum]); count++) {
-+ if (!EVP_Digest(buf, (unsigned long)lengths[testnum], &(rmd160[0]),
++ if (!EVP_Digest(buf, (size_t)lengths[testnum], &(rmd160[0]),
+ NULL, EVP_ripemd160(), NULL))
+ return -1;
+ }
return count;
}
#endif
-@@ -935,9 +896,10 @@ static int EVP_Digest_loop(void *args)
+@@ -779,7 +740,7 @@ static int RC4_loop(void *args)
+ unsigned char *buf = tempargs->buf;
+ int count;
+ for (count = 0; COND(c[D_RC4][testnum]); count++)
+- RC4(&rc4_ks, (unsigned int)lengths[testnum], buf, buf);
++ RC4(&rc4_ks, (size_t)lengths[testnum], buf, buf);
+ return count;
+ }
+ #endif
+@@ -824,7 +785,7 @@ static int AES_cbc_128_encrypt_loop(void
+ int count;
+ for (count = 0; COND(c[D_CBC_128_AES][testnum]); count++)
+ AES_cbc_encrypt(buf, buf,
+- (unsigned long)lengths[testnum], &aes_ks1,
++ (size_t)lengths[testnum], &aes_ks1,
+ iv, AES_ENCRYPT);
+ return count;
+ }
+@@ -836,7 +797,7 @@ static int AES_cbc_192_encrypt_loop(void
+ int count;
+ for (count = 0; COND(c[D_CBC_192_AES][testnum]); count++)
+ AES_cbc_encrypt(buf, buf,
+- (unsigned long)lengths[testnum], &aes_ks2,
++ (size_t)lengths[testnum], &aes_ks2,
+ iv, AES_ENCRYPT);
+ return count;
+ }
+@@ -848,7 +809,7 @@ static int AES_cbc_256_encrypt_loop(void
+ int count;
+ for (count = 0; COND(c[D_CBC_256_AES][testnum]); count++)
+ AES_cbc_encrypt(buf, buf,
+- (unsigned long)lengths[testnum], &aes_ks3,
++ (size_t)lengths[testnum], &aes_ks3,
+ iv, AES_ENCRYPT);
+ return count;
+ }
+@@ -861,7 +822,7 @@ static int AES_ige_128_encrypt_loop(void
+ int count;
+ for (count = 0; COND(c[D_IGE_128_AES][testnum]); count++)
+ AES_ige_encrypt(buf, buf2,
+- (unsigned long)lengths[testnum], &aes_ks1,
++ (size_t)lengths[testnum], &aes_ks1,
+ iv, AES_ENCRYPT);
+ return count;
+ }
+@@ -874,7 +835,7 @@ static int AES_ige_192_encrypt_loop(void
+ int count;
+ for (count = 0; COND(c[D_IGE_192_AES][testnum]); count++)
+ AES_ige_encrypt(buf, buf2,
+- (unsigned long)lengths[testnum], &aes_ks2,
++ (size_t)lengths[testnum], &aes_ks2,
+ iv, AES_ENCRYPT);
+ return count;
+ }
+@@ -887,7 +848,7 @@ static int AES_ige_256_encrypt_loop(void
+ int count;
+ for (count = 0; COND(c[D_IGE_256_AES][testnum]); count++)
+ AES_ige_encrypt(buf, buf2,
+- (unsigned long)lengths[testnum], &aes_ks3,
++ (size_t)lengths[testnum], &aes_ks3,
+ iv, AES_ENCRYPT);
+ return count;
+ }
+@@ -903,6 +864,7 @@ static int CRYPTO_gcm128_aad_loop(void *
+ return count;
+ }
+
++static long save_count = 0;
+ static int decrypt = 0;
+ static int EVP_Update_loop(void *args)
+ {
+@@ -910,15 +872,14 @@ static int EVP_Update_loop(void *args)
+ unsigned char *buf = tempargs->buf;
+ EVP_CIPHER_CTX *ctx = tempargs->ctx;
+ int outl, count;
++#ifndef SIGALRM
++ int nb_iter = save_count * 4 * lengths[0] / lengths[testnum];
++#endif
+ if (decrypt)
+- for (count = 0;
+- COND(save_count * 4 * lengths[0] / lengths[testnum]);
+- count++)
++ for (count = 0; COND(nb_iter); count++)
+ EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
+ else
+- for (count = 0;
+- COND(save_count * 4 * lengths[0] / lengths[testnum]);
+- count++)
++ for (count = 0; COND(nb_iter); count++)
+ EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
+ if (decrypt)
+ EVP_DecryptFinal_ex(ctx, buf, &outl);
+@@ -934,22 +895,26 @@ static int EVP_Digest_loop(void *args)
+ unsigned char *buf = tempargs->buf;
unsigned char md[EVP_MAX_MD_SIZE];
int count;
- for (count = 0;
+- for (count = 0;
- COND(save_count * 4 * lengths[0] / lengths[testnum]); count++)
- EVP_Digest(buf, lengths[testnum], &(md[0]), NULL, evp_md, NULL);
--
-+ COND(save_count * 4 * lengths[0] / lengths[testnum]); count++) {
-+ if (!EVP_Digest(buf, lengths[testnum], &(md[0]), NULL, evp_md, NULL))
++#ifndef SIGALRM
++ int nb_iter = save_count * 4 * lengths[0] / lengths[testnum];
++#endif
+
++ for (count = 0; COND(nb_iter); count++) {
++ if (!EVP_Digest(buf, lengths[testnum], md, NULL, evp_md, NULL))
+ return -1;
+ }
return count;
}
-@@ -1239,6 +1201,7 @@ static int run_benchmark(int async_jobs,
+ #ifndef OPENSSL_NO_RSA
+-static long rsa_c[RSA_NUM][2];
++static long rsa_c[RSA_NUM][2]; /* # RSA iteration test */
+
+ static int RSA_sign_loop(void *args)
+ {
+ loopargs_t *tempargs = (loopargs_t *)args;
+ unsigned char *buf = tempargs->buf;
+ unsigned char *buf2 = tempargs->buf2;
+- unsigned int *rsa_num = tempargs->siglen;
++ unsigned int *rsa_num = &tempargs->siglen;
+ RSA **rsa_key = tempargs->rsa_key;
+ int ret, count;
+ for (count = 0; COND(rsa_c[testnum][0]); count++) {
+@@ -969,7 +934,7 @@ static int RSA_verify_loop(void *args)
+ loopargs_t *tempargs = (loopargs_t *)args;
+ unsigned char *buf = tempargs->buf;
+ unsigned char *buf2 = tempargs->buf2;
+- unsigned int rsa_num = *(tempargs->siglen);
++ unsigned int rsa_num = tempargs->siglen;
+ RSA **rsa_key = tempargs->rsa_key;
+ int ret, count;
+ for (count = 0; COND(rsa_c[testnum][1]); count++) {
+@@ -993,7 +958,7 @@ static int DSA_sign_loop(void *args)
+ unsigned char *buf = tempargs->buf;
+ unsigned char *buf2 = tempargs->buf2;
+ DSA **dsa_key = tempargs->dsa_key;
+- unsigned int *siglen = tempargs->siglen;
++ unsigned int *siglen = &tempargs->siglen;
+ int ret, count;
+ for (count = 0; COND(dsa_c[testnum][0]); count++) {
+ ret = DSA_sign(0, buf, 20, buf2, siglen, dsa_key[testnum]);
+@@ -1013,7 +978,7 @@ static int DSA_verify_loop(void *args)
+ unsigned char *buf = tempargs->buf;
+ unsigned char *buf2 = tempargs->buf2;
+ DSA **dsa_key = tempargs->dsa_key;
+- unsigned int siglen = *(tempargs->siglen);
++ unsigned int siglen = tempargs->siglen;
+ int ret, count;
+ for (count = 0; COND(dsa_c[testnum][1]); count++) {
+ ret = DSA_verify(0, buf, 20, buf2, siglen, dsa_key[testnum]);
+@@ -1036,7 +1001,7 @@ static int ECDSA_sign_loop(void *args)
+ unsigned char *buf = tempargs->buf;
+ EC_KEY **ecdsa = tempargs->ecdsa;
+ unsigned char *ecdsasig = tempargs->buf2;
+- unsigned int *ecdsasiglen = tempargs->siglen;
++ unsigned int *ecdsasiglen = &tempargs->siglen;
+ int ret, count;
+ for (count = 0; COND(ecdsa_c[testnum][0]); count++) {
+ ret = ECDSA_sign(0, buf, 20,
+@@ -1057,7 +1022,7 @@ static int ECDSA_verify_loop(void *args)
+ unsigned char *buf = tempargs->buf;
+ EC_KEY **ecdsa = tempargs->ecdsa;
+ unsigned char *ecdsasig = tempargs->buf2;
+- unsigned int ecdsasiglen = *(tempargs->siglen);
++ unsigned int ecdsasiglen = tempargs->siglen;
+ int ret, count;
+ for (count = 0; COND(ecdsa_c[testnum][1]); count++) {
+ ret = ECDSA_verify(0, buf, 20, ecdsasig, ecdsasiglen,
+@@ -1072,9 +1037,8 @@ static int ECDSA_verify_loop(void *args)
+ return count;
+ }
+
+-static int outlen;
+-static void *(*kdf) (const void *in, size_t inlen, void *out,
+- size_t *xoutlen);
++/* ******************************************************************** */
++static long ecdh_c[EC_NUM][1];
+
+ static int ECDH_compute_key_loop(void *args)
+ {
+@@ -1082,7 +1046,9 @@ static int ECDH_compute_key_loop(void *a
+ EC_KEY **ecdh_a = tempargs->ecdh_a;
+ EC_KEY **ecdh_b = tempargs->ecdh_b;
+ unsigned char *secret_a = tempargs->secret_a;
+- int count;
++ int count, outlen = tempargs->outlen;
++ kdf_fn kdf = tempargs->kdf;
++
+ for (count = 0; COND(ecdh_c[testnum][0]); count++) {
+ ECDH_compute_key(secret_a, outlen,
+ EC_KEY_get0_public_key(ecdh_b[testnum]),
+@@ -1090,16 +1056,26 @@ static int ECDH_compute_key_loop(void *a
+ }
+ return count;
+ }
+-#endif
+
++static const int KDF1_SHA1_len = 20;
++static void *KDF1_SHA1(const void *in, size_t inlen, void *out,
++ size_t *outlen)
++{
++ if (*outlen < SHA_DIGEST_LENGTH)
++ return NULL;
++ *outlen = SHA_DIGEST_LENGTH;
++ return SHA1(in, inlen, out);
++}
++#endif /* ndef OPENSSL_NO_EC */
+
+-static int run_benchmark(int async_jobs, int (*loop_function)(void *), loopargs_t *loopargs)
++
++static int run_benchmark(int async_jobs,
++ int (*loop_function)(void *), loopargs_t *loopargs)
+ {
+ int job_op_count = 0;
+ int total_op_count = 0;
+ int num_inprogress = 0;
+- int error = 0;
+- int i = 0;
++ int error = 0, i = 0, ret = 0;
+ OSSL_ASYNC_FD job_fd = 0;
+ size_t num_job_fds = 0;
+
+@@ -1109,27 +1085,27 @@ static int run_benchmark(int async_jobs,
+ return loop_function((void *)loopargs);
+ }
+
+-
+ for (i = 0; i < async_jobs && !error; i++) {
+- switch (ASYNC_start_job(&(loopargs[i].inprogress_job), loopargs[i].wait_ctx,
+- &job_op_count, loop_function,
+- (void *)(loopargs + i), sizeof(loopargs_t))) {
+- case ASYNC_PAUSE:
+- ++num_inprogress;
+- break;
+- case ASYNC_FINISH:
+- if (job_op_count == -1) {
+- error = 1;
+- } else {
+- total_op_count += job_op_count;
+- }
+- break;
+- case ASYNC_NO_JOBS:
+- case ASYNC_ERR:
+- BIO_printf(bio_err, "Failure in the job\n");
+- ERR_print_errors(bio_err);
++ ret = ASYNC_start_job(&loopargs[i].inprogress_job, loopargs[i].wait_ctx,
++ &job_op_count, loop_function,
++ (void *)(loopargs + i), sizeof(loopargs_t));
++ switch (ret) {
++ case ASYNC_PAUSE:
++ ++num_inprogress;
++ break;
++ case ASYNC_FINISH:
++ if (job_op_count == -1) {
+ error = 1;
+- break;
++ } else {
++ total_op_count += job_op_count;
++ }
++ break;
++ case ASYNC_NO_JOBS:
++ case ASYNC_ERR:
++ BIO_printf(bio_err, "Failure in the job\n");
++ ERR_print_errors(bio_err);
++ error = 1;
++ break;
+ }
+ }
+
+@@ -1202,33 +1178,35 @@ static int run_benchmark(int async_jobs,
+ if (num_job_fds == 1 && !FD_ISSET(job_fd, &waitfdset))
+ continue;
+ #elif defined(OPENSSL_SYS_WINDOWS)
+- if (num_job_fds == 1 &&
+- !PeekNamedPipe(job_fd, NULL, 0, NULL, &avail, NULL) && avail > 0)
++ if (num_job_fds == 1
++ && !PeekNamedPipe(job_fd, NULL, 0, NULL, &avail, NULL)
++ && avail > 0)
+ continue;
+ #endif
+
+- switch (ASYNC_start_job(&(loopargs[i].inprogress_job), loopargs[i].wait_ctx,
+- &job_op_count, loop_function, (void *)(loopargs + i),
+- sizeof(loopargs_t))) {
+- case ASYNC_PAUSE:
+- break;
+- case ASYNC_FINISH:
+- if (job_op_count == -1) {
+- error = 1;
+- } else {
+- total_op_count += job_op_count;
+- }
+- --num_inprogress;
+- loopargs[i].inprogress_job = NULL;
+- break;
+- case ASYNC_NO_JOBS:
+- case ASYNC_ERR:
+- --num_inprogress;
+- loopargs[i].inprogress_job = NULL;
+- BIO_printf(bio_err, "Failure in the job\n");
+- ERR_print_errors(bio_err);
++ ret = ASYNC_start_job(&loopargs[i].inprogress_job,
++ loopargs[i].wait_ctx, &job_op_count, loop_function,
++ (void *)(loopargs + i), sizeof(loopargs_t));
++ switch (ret) {
++ case ASYNC_PAUSE:
++ break;
++ case ASYNC_FINISH:
++ if (job_op_count == -1) {
+ error = 1;
+- break;
++ } else {
++ total_op_count += job_op_count;
++ }
++ --num_inprogress;
++ loopargs[i].inprogress_job = NULL;
++ break;
++ case ASYNC_NO_JOBS:
++ case ASYNC_ERR:
++ --num_inprogress;
++ loopargs[i].inprogress_job = NULL;
++ BIO_printf(bio_err, "Failure in the job\n");
++ ERR_print_errors(bio_err);
++ error = 1;
++ break;
+ }
+ }
+ }
+@@ -1239,26 +1217,29 @@ static int run_benchmark(int async_jobs,
int speed_main(int argc, char **argv)
{
loopargs_t *loopargs = NULL;
+ int async_init = 0;
int loopargs_len = 0;
char *prog;
++#ifndef OPENSSL_NO_ENGINE
++ const char *engine_id = NULL;
++#endif
const EVP_CIPHER *evp_cipher = NULL;
-@@ -1565,7 +1528,8 @@ int speed_main(int argc, char **argv)
+ double d = 0.0;
+ OPTION_CHOICE o;
+- int multiblock = 0, doit[ALGOR_NUM], pr_header = 0;
+-#ifndef OPENSSL_NO_DSA
+- int dsa_doit[DSA_NUM];
+-#endif
+- int rsa_doit[RSA_NUM];
++ int multiblock = 0, pr_header = 0;
++ int doit[ALGOR_NUM] = { 0 };
+ int ret = 1, i, k, misalign = 0;
+- long c[ALGOR_NUM][SIZE_NUM], count = 0, save_count = 0;
++ long count = 0;
+ #ifndef NO_FORK
+ int multi = 0;
+ #endif
+ int async_jobs = 0;
+- /* What follows are the buffers and key material. */
+-#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA)
++#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) \
++ || !defined(OPENSSL_NO_EC)
+ long rsa_count = 1;
+ #endif
++
++ /* What follows are the buffers and key material. */
+ #ifndef OPENSSL_NO_RC5
+ RC5_32_KEY rc5_ks;
+ #endif
+@@ -1318,21 +1299,23 @@ int speed_main(int argc, char **argv)
+ };
+ #endif
+ #ifndef OPENSSL_NO_RSA
+- static unsigned int rsa_bits[RSA_NUM] = {
++ static const unsigned int rsa_bits[RSA_NUM] = {
+ 512, 1024, 2048, 3072, 4096, 7680, 15360
+ };
+- static unsigned char *rsa_data[RSA_NUM] = {
++ static const unsigned char *rsa_data[RSA_NUM] = {
+ test512, test1024, test2048, test3072, test4096, test7680, test15360
+ };
+- static int rsa_data_length[RSA_NUM] = {
++ static const int rsa_data_length[RSA_NUM] = {
+ sizeof(test512), sizeof(test1024),
+ sizeof(test2048), sizeof(test3072),
+ sizeof(test4096), sizeof(test7680),
+ sizeof(test15360)
+ };
++ int rsa_doit[RSA_NUM] = { 0 };
+ #endif
+ #ifndef OPENSSL_NO_DSA
+- static unsigned int dsa_bits[DSA_NUM] = { 512, 1024, 2048 };
++ static const unsigned int dsa_bits[DSA_NUM] = { 512, 1024, 2048 };
++ int dsa_doit[DSA_NUM] = { 0 };
+ #endif
+ #ifndef OPENSSL_NO_EC
+ /*
+@@ -1340,7 +1323,7 @@ int speed_main(int argc, char **argv)
+ * add tests over more curves, simply add the curve NID and curve name to
+ * the following arrays and increase the EC_NUM value accordingly.
+ */
+- static unsigned int test_curves[EC_NUM] = {
++ static const unsigned int test_curves[EC_NUM] = {
+ /* Prime Curves */
+ NID_secp160r1, NID_X9_62_prime192v1, NID_secp224r1,
+ NID_X9_62_prime256v1, NID_secp384r1, NID_secp521r1,
+@@ -1364,7 +1347,7 @@ int speed_main(int argc, char **argv)
+ /* Other */
+ "X25519"
+ };
+- static int test_curves_bits[EC_NUM] = {
++ static const int test_curves_bits[EC_NUM] = {
+ 160, 192, 224,
+ 256, 384, 521,
+ 163, 233, 283,
+@@ -1372,40 +1355,10 @@ int speed_main(int argc, char **argv)
+ 233, 283, 409,
+ 571, 253 /* X25519 */
+ };
+-#endif
+-#ifndef OPENSSL_NO_EC
+- int ecdsa_doit[EC_NUM];
+- int secret_size_a, secret_size_b;
+- int ecdh_checks = 1;
+- int secret_idx = 0;
+- long ecdh_c[EC_NUM][2];
+- int ecdh_doit[EC_NUM];
+-#endif
+-
+- memset(results, 0, sizeof(results));
+-
+- memset(c, 0, sizeof(c));
+-#ifndef OPENSSL_NO_DES
+- memset(DES_iv, 0, sizeof(DES_iv));
+-#endif
+- memset(iv, 0, sizeof(iv));
+-
+- for (i = 0; i < ALGOR_NUM; i++)
+- doit[i] = 0;
+- for (i = 0; i < RSA_NUM; i++)
+- rsa_doit[i] = 0;
+-#ifndef OPENSSL_NO_DSA
+- for (i = 0; i < DSA_NUM; i++)
+- dsa_doit[i] = 0;
+-#endif
+-#ifndef OPENSSL_NO_EC
+- for (i = 0; i < EC_NUM; i++)
+- ecdsa_doit[i] = 0;
+- for (i = 0; i < EC_NUM; i++)
+- ecdh_doit[i] = 0;
+-#endif
+- misalign = 0;
++ int ecdsa_doit[EC_NUM] = { 0 };
++ int ecdh_doit[EC_NUM] = { 0 };
++#endif /* ndef OPENSSL_NO_EC */
+
+ prog = opt_init(argc, argv, speed_options);
+ while ((o = opt_next()) != OPT_EOF) {
+@@ -1428,7 +1381,7 @@ int speed_main(int argc, char **argv)
+ evp_md = EVP_get_digestbyname(opt_arg());
+ if (evp_cipher == NULL && evp_md == NULL) {
+ BIO_printf(bio_err,
+- "%s: %s an unknown cipher or digest\n",
++ "%s: %s is an unknown cipher or digest\n",
+ prog, opt_arg());
+ goto end;
+ }
+@@ -1443,7 +1396,9 @@ int speed_main(int argc, char **argv)
+ * initialised by each child process, not by the parent.
+ * So store the name here and run setup_engine() later on.
+ */
++#ifndef OPENSSL_NO_ENGINE
+ engine_id = opt_arg();
++#endif
+ break;
+ case OPT_MULTI:
+ #ifndef NO_FORK
+@@ -1565,7 +1520,8 @@ int speed_main(int argc, char **argv)
+
/* Initialize the job pool if async mode is enabled */
if (async_jobs > 0) {
- if (!ASYNC_init_thread(async_jobs, async_jobs)) {
@@ -17303,7 +18044,368 @@
BIO_printf(bio_err, "Error creating the ASYNC job pool\n");
goto end;
}
-@@ -2650,20 +2614,20 @@ int speed_main(int argc, char **argv)
+@@ -1589,7 +1545,6 @@ int speed_main(int argc, char **argv)
+ /* Align the start of buffers on a 64 byte boundary */
+ loopargs[i].buf = loopargs[i].buf_malloc + misalign;
+ loopargs[i].buf2 = loopargs[i].buf2_malloc + misalign;
+- loopargs[i].siglen = app_malloc(sizeof(unsigned int), "signature length");
+ #ifndef OPENSSL_NO_EC
+ loopargs[i].secret_a = app_malloc(MAX_ECDH_SIZE, "ECDH secret a");
+ loopargs[i].secret_b = app_malloc(MAX_ECDH_SIZE, "ECDH secret b");
+@@ -1687,9 +1642,6 @@ int speed_main(int argc, char **argv)
+ #ifndef OPENSSL_NO_CAST
+ CAST_set_key(&cast_ks, 16, key16);
+ #endif
+-#ifndef OPENSSL_NO_RSA
+- memset(rsa_c, 0, sizeof(rsa_c));
+-#endif
+ #ifndef SIGALRM
+ # ifndef OPENSSL_NO_DES
+ BIO_printf(bio_err, "First we calculate the approximate speed ...\n");
+@@ -1780,11 +1732,11 @@ int speed_main(int argc, char **argv)
+ for (i = 1; i < RSA_NUM; i++) {
+ rsa_c[i][0] = rsa_c[i - 1][0] / 8;
+ rsa_c[i][1] = rsa_c[i - 1][1] / 4;
+- if ((rsa_doit[i] <= 1) && (rsa_c[i][0] == 0))
++ if (rsa_doit[i] <= 1 && rsa_c[i][0] == 0)
+ rsa_doit[i] = 0;
+ else {
+ if (rsa_c[i][0] == 0) {
+- rsa_c[i][0] = 1;
++ rsa_c[i][0] = 1; /* Set minimum iteration Nb to 1. */
+ rsa_c[i][1] = 20;
+ }
+ }
+@@ -1797,11 +1749,11 @@ int speed_main(int argc, char **argv)
+ for (i = 1; i < DSA_NUM; i++) {
+ dsa_c[i][0] = dsa_c[i - 1][0] / 4;
+ dsa_c[i][1] = dsa_c[i - 1][1] / 4;
+- if ((dsa_doit[i] <= 1) && (dsa_c[i][0] == 0))
++ if (dsa_doit[i] <= 1 && dsa_c[i][0] == 0)
+ dsa_doit[i] = 0;
+ else {
+- if (dsa_c[i] == 0) {
+- dsa_c[i][0] = 1;
++ if (dsa_c[i][0] == 0) {
++ dsa_c[i][0] = 1; /* Set minimum iteration Nb to 1. */
+ dsa_c[i][1] = 1;
+ }
+ }
+@@ -1814,10 +1766,10 @@ int speed_main(int argc, char **argv)
+ for (i = R_EC_P192; i <= R_EC_P521; i++) {
+ ecdsa_c[i][0] = ecdsa_c[i - 1][0] / 2;
+ ecdsa_c[i][1] = ecdsa_c[i - 1][1] / 2;
+- if ((ecdsa_doit[i] <= 1) && (ecdsa_c[i][0] == 0))
++ if (ecdsa_doit[i] <= 1 && ecdsa_c[i][0] == 0)
+ ecdsa_doit[i] = 0;
+ else {
+- if (ecdsa_c[i] == 0) {
++ if (ecdsa_c[i][0] == 0) {
+ ecdsa_c[i][0] = 1;
+ ecdsa_c[i][1] = 1;
+ }
+@@ -1828,10 +1780,10 @@ int speed_main(int argc, char **argv)
+ for (i = R_EC_K233; i <= R_EC_K571; i++) {
+ ecdsa_c[i][0] = ecdsa_c[i - 1][0] / 2;
+ ecdsa_c[i][1] = ecdsa_c[i - 1][1] / 2;
+- if ((ecdsa_doit[i] <= 1) && (ecdsa_c[i][0] == 0))
++ if (ecdsa_doit[i] <= 1 && ecdsa_c[i][0] == 0)
+ ecdsa_doit[i] = 0;
+ else {
+- if (ecdsa_c[i] == 0) {
++ if (ecdsa_c[i][0] == 0) {
+ ecdsa_c[i][0] = 1;
+ ecdsa_c[i][1] = 1;
+ }
+@@ -1842,10 +1794,10 @@ int speed_main(int argc, char **argv)
+ for (i = R_EC_B233; i <= R_EC_B571; i++) {
+ ecdsa_c[i][0] = ecdsa_c[i - 1][0] / 2;
+ ecdsa_c[i][1] = ecdsa_c[i - 1][1] / 2;
+- if ((ecdsa_doit[i] <= 1) && (ecdsa_c[i][0] == 0))
++ if (ecdsa_doit[i] <= 1 && ecdsa_c[i][0] == 0)
+ ecdsa_doit[i] = 0;
+ else {
+- if (ecdsa_c[i] == 0) {
++ if (ecdsa_c[i][0] == 0) {
+ ecdsa_c[i][0] = 1;
+ ecdsa_c[i][1] = 1;
+ }
+@@ -1853,44 +1805,35 @@ int speed_main(int argc, char **argv)
+ }
+
+ ecdh_c[R_EC_P160][0] = count / 1000;
+- ecdh_c[R_EC_P160][1] = count / 1000;
+ for (i = R_EC_P192; i <= R_EC_P521; i++) {
+ ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
+- ecdh_c[i][1] = ecdh_c[i - 1][1] / 2;
+- if ((ecdh_doit[i] <= 1) && (ecdh_c[i][0] == 0))
++ if (ecdh_doit[i] <= 1 && ecdh_c[i][0] == 0)
+ ecdh_doit[i] = 0;
+ else {
+- if (ecdh_c[i] == 0) {
++ if (ecdh_c[i][0] == 0) {
+ ecdh_c[i][0] = 1;
+- ecdh_c[i][1] = 1;
+ }
+ }
+ }
+ ecdh_c[R_EC_K163][0] = count / 1000;
+- ecdh_c[R_EC_K163][1] = count / 1000;
+ for (i = R_EC_K233; i <= R_EC_K571; i++) {
+ ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
+- ecdh_c[i][1] = ecdh_c[i - 1][1] / 2;
+- if ((ecdh_doit[i] <= 1) && (ecdh_c[i][0] == 0))
++ if (ecdh_doit[i] <= 1 && ecdh_c[i][0] == 0)
+ ecdh_doit[i] = 0;
+ else {
+- if (ecdh_c[i] == 0) {
++ if (ecdh_c[i][0] == 0) {
+ ecdh_c[i][0] = 1;
+- ecdh_c[i][1] = 1;
+ }
+ }
+ }
+ ecdh_c[R_EC_B163][0] = count / 1000;
+- ecdh_c[R_EC_B163][1] = count / 1000;
+ for (i = R_EC_B233; i <= R_EC_B571; i++) {
+ ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
+- ecdh_c[i][1] = ecdh_c[i - 1][1] / 2;
+- if ((ecdh_doit[i] <= 1) && (ecdh_c[i][0] == 0))
++ if (ecdh_doit[i] <= 1 && ecdh_c[i][0] == 0)
+ ecdh_doit[i] = 0;
+ else {
+- if (ecdh_c[i] == 0) {
++ if (ecdh_c[i][0] == 0) {
+ ecdh_c[i][0] = 1;
+- ecdh_c[i][1] = 1;
+ }
+ }
+ }
+@@ -1955,6 +1898,9 @@ int speed_main(int argc, char **argv)
+
+ #ifndef OPENSSL_NO_MD5
+ if (doit[D_HMAC]) {
++ char hmac_key[] = "This is a key...";
++ int len = strlen(hmac_key);
++
+ for (i = 0; i < loopargs_len; i++) {
+ loopargs[i].hctx = HMAC_CTX_new();
+ if (loopargs[i].hctx == NULL) {
+@@ -1962,8 +1908,7 @@ int speed_main(int argc, char **argv)
+ exit(1);
+ }
+
+- HMAC_Init_ex(loopargs[i].hctx, (unsigned char *)"This is a key...",
+- 16, EVP_md5(), NULL);
++ HMAC_Init_ex(loopargs[i].hctx, hmac_key, len, EVP_md5(), NULL);
+ }
+ for (testnum = 0; testnum < SIZE_NUM; testnum++) {
+ print_message(names[D_HMAC], c[D_HMAC][testnum], lengths[testnum]);
+@@ -2151,7 +2096,7 @@ int speed_main(int argc, char **argv)
+ Time_F(START);
+ for (count = 0, run = 1; COND(c[D_CBC_128_CML][testnum]); count++)
+ Camellia_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
+- (unsigned long)lengths[testnum], &camellia_ks1,
++ (size_t)lengths[testnum], &camellia_ks1,
+ iv, CAMELLIA_ENCRYPT);
+ d = Time_F(STOP);
+ print_result(D_CBC_128_CML, testnum, count, d);
+@@ -2168,7 +2113,7 @@ int speed_main(int argc, char **argv)
+ Time_F(START);
+ for (count = 0, run = 1; COND(c[D_CBC_192_CML][testnum]); count++)
+ Camellia_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
+- (unsigned long)lengths[testnum], &camellia_ks2,
++ (size_t)lengths[testnum], &camellia_ks2,
+ iv, CAMELLIA_ENCRYPT);
+ d = Time_F(STOP);
+ print_result(D_CBC_192_CML, testnum, count, d);
+@@ -2185,7 +2130,7 @@ int speed_main(int argc, char **argv)
+ Time_F(START);
+ for (count = 0, run = 1; COND(c[D_CBC_256_CML][testnum]); count++)
+ Camellia_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
+- (unsigned long)lengths[testnum], &camellia_ks3,
++ (size_t)lengths[testnum], &camellia_ks3,
+ iv, CAMELLIA_ENCRYPT);
+ d = Time_F(STOP);
+ print_result(D_CBC_256_CML, testnum, count, d);
+@@ -2203,7 +2148,7 @@ int speed_main(int argc, char **argv)
+ Time_F(START);
+ for (count = 0, run = 1; COND(c[D_CBC_IDEA][testnum]); count++)
+ IDEA_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
+- (unsigned long)lengths[testnum], &idea_ks,
++ (size_t)lengths[testnum], &idea_ks,
+ iv, IDEA_ENCRYPT);
+ d = Time_F(STOP);
+ print_result(D_CBC_IDEA, testnum, count, d);
+@@ -2221,7 +2166,7 @@ int speed_main(int argc, char **argv)
+ Time_F(START);
+ for (count = 0, run = 1; COND(c[D_CBC_SEED][testnum]); count++)
+ SEED_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
+- (unsigned long)lengths[testnum], &seed_ks, iv, 1);
++ (size_t)lengths[testnum], &seed_ks, iv, 1);
+ d = Time_F(STOP);
+ print_result(D_CBC_SEED, testnum, count, d);
+ }
+@@ -2238,7 +2183,7 @@ int speed_main(int argc, char **argv)
+ Time_F(START);
+ for (count = 0, run = 1; COND(c[D_CBC_RC2][testnum]); count++)
+ RC2_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
+- (unsigned long)lengths[testnum], &rc2_ks,
++ (size_t)lengths[testnum], &rc2_ks,
+ iv, RC2_ENCRYPT);
+ d = Time_F(STOP);
+ print_result(D_CBC_RC2, testnum, count, d);
+@@ -2256,7 +2201,7 @@ int speed_main(int argc, char **argv)
+ Time_F(START);
+ for (count = 0, run = 1; COND(c[D_CBC_RC5][testnum]); count++)
+ RC5_32_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
+- (unsigned long)lengths[testnum], &rc5_ks,
++ (size_t)lengths[testnum], &rc5_ks,
+ iv, RC5_ENCRYPT);
+ d = Time_F(STOP);
+ print_result(D_CBC_RC5, testnum, count, d);
+@@ -2274,7 +2219,7 @@ int speed_main(int argc, char **argv)
+ Time_F(START);
+ for (count = 0, run = 1; COND(c[D_CBC_BF][testnum]); count++)
+ BF_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
+- (unsigned long)lengths[testnum], &bf_ks,
++ (size_t)lengths[testnum], &bf_ks,
+ iv, BF_ENCRYPT);
+ d = Time_F(STOP);
+ print_result(D_CBC_BF, testnum, count, d);
+@@ -2292,7 +2237,7 @@ int speed_main(int argc, char **argv)
+ Time_F(START);
+ for (count = 0, run = 1; COND(c[D_CBC_CAST][testnum]); count++)
+ CAST_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
+- (unsigned long)lengths[testnum], &cast_ks,
++ (size_t)lengths[testnum], &cast_ks,
+ iv, CAST_ENCRYPT);
+ d = Time_F(STOP);
+ print_result(D_CBC_CAST, testnum, count, d);
+@@ -2366,7 +2311,7 @@ int speed_main(int argc, char **argv)
+ continue;
+ for (i = 0; i < loopargs_len; i++) {
+ st = RSA_sign(NID_md5_sha1, loopargs[i].buf, 36, loopargs[i].buf2,
+- loopargs[i].siglen, loopargs[i].rsa_key[testnum]);
++ &loopargs[i].siglen, loopargs[i].rsa_key[testnum]);
+ if (st == 0)
+ break;
+ }
+@@ -2392,7 +2337,7 @@ int speed_main(int argc, char **argv)
+
+ for (i = 0; i < loopargs_len; i++) {
+ st = RSA_verify(NID_md5_sha1, loopargs[i].buf, 36, loopargs[i].buf2,
+- *(loopargs[i].siglen), loopargs[i].rsa_key[testnum]);
++ loopargs[i].siglen, loopargs[i].rsa_key[testnum]);
+ if (st <= 0)
+ break;
+ }
+@@ -2438,7 +2383,7 @@ int speed_main(int argc, char **argv)
+ /* DSA_sign_setup(dsa_key[testnum],NULL); */
+ for (i = 0; i < loopargs_len; i++) {
+ st = DSA_sign(0, loopargs[i].buf, 20, loopargs[i].buf2,
+- loopargs[i].siglen, loopargs[i].dsa_key[testnum]);
++ &loopargs[i].siglen, loopargs[i].dsa_key[testnum]);
+ if (st == 0)
+ break;
+ }
+@@ -2463,7 +2408,7 @@ int speed_main(int argc, char **argv)
+
+ for (i = 0; i < loopargs_len; i++) {
+ st = DSA_verify(0, loopargs[i].buf, 20, loopargs[i].buf2,
+- *(loopargs[i].siglen), loopargs[i].dsa_key[testnum]);
++ loopargs[i].siglen, loopargs[i].dsa_key[testnum]);
+ if (st <= 0)
+ break;
+ }
+@@ -2519,7 +2464,7 @@ int speed_main(int argc, char **argv)
+ /* Perform ECDSA signature test */
+ EC_KEY_generate_key(loopargs[i].ecdsa[testnum]);
+ st = ECDSA_sign(0, loopargs[i].buf, 20, loopargs[i].buf2,
+- loopargs[i].siglen, loopargs[i].ecdsa[testnum]);
++ &loopargs[i].siglen, loopargs[i].ecdsa[testnum]);
+ if (st == 0)
+ break;
+ }
+@@ -2547,7 +2492,7 @@ int speed_main(int argc, char **argv)
+ /* Perform ECDSA verification test */
+ for (i = 0; i < loopargs_len; i++) {
+ st = ECDSA_verify(0, loopargs[i].buf, 20, loopargs[i].buf2,
+- *(loopargs[i].siglen), loopargs[i].ecdsa[testnum]);
++ loopargs[i].siglen, loopargs[i].ecdsa[testnum]);
+ if (st != 1)
+ break;
+ }
+@@ -2577,13 +2522,13 @@ int speed_main(int argc, char **argv)
+ }
+ }
+ }
+-#endif
+
+-#ifndef OPENSSL_NO_EC
+ if (RAND_status() != 1) {
+ RAND_seed(rnd_seed, sizeof rnd_seed);
+ }
+ for (testnum = 0; testnum < EC_NUM; testnum++) {
++ int ecdh_checks = 1;
++
+ if (!ecdh_doit[testnum])
+ continue;
+ for (i = 0; i < loopargs_len; i++) {
+@@ -2609,37 +2554,37 @@ int speed_main(int argc, char **argv)
+ ecdh_checks = 0;
+ rsa_count = 1;
+ } else {
++ int secret_size_a, secret_size_b;
+ /*
+ * If field size is not more than 24 octets, then use SHA-1
+ * hash of result; otherwise, use result (see section 4.8 of
+ * draft-ietf-tls-ecc-03.txt).
+ */
+- int field_size;
+- field_size =
+- EC_GROUP_get_degree(EC_KEY_get0_group(loopargs[i].ecdh_a[testnum]));
+- if (field_size <= 24 * 8) {
+- outlen = KDF1_SHA1_len;
+- kdf = KDF1_SHA1;
++ int field_size = EC_GROUP_get_degree(
++ EC_KEY_get0_group(loopargs[i].ecdh_a[testnum]));
++
++ if (field_size <= 24 * 8) { /* 192 bits */
++ loopargs[i].outlen = KDF1_SHA1_len;
++ loopargs[i].kdf = KDF1_SHA1;
+ } else {
+- outlen = (field_size + 7) / 8;
+- kdf = NULL;
++ loopargs[i].outlen = (field_size + 7) / 8;
++ loopargs[i].kdf = NULL;
+ }
+ secret_size_a =
+- ECDH_compute_key(loopargs[i].secret_a, outlen,
++ ECDH_compute_key(loopargs[i].secret_a, loopargs[i].outlen,
+ EC_KEY_get0_public_key(loopargs[i].ecdh_b[testnum]),
+- loopargs[i].ecdh_a[testnum], kdf);
++ loopargs[i].ecdh_a[testnum], loopargs[i].kdf);
+ secret_size_b =
+- ECDH_compute_key(loopargs[i].secret_b, outlen,
++ ECDH_compute_key(loopargs[i].secret_b, loopargs[i].outlen,
+ EC_KEY_get0_public_key(loopargs[i].ecdh_a[testnum]),
+- loopargs[i].ecdh_b[testnum], kdf);
++ loopargs[i].ecdh_b[testnum], loopargs[i].kdf);
+ if (secret_size_a != secret_size_b)
+ ecdh_checks = 0;
+ else
+ ecdh_checks = 1;
+
+- for (secret_idx = 0; (secret_idx < secret_size_a)
+- && (ecdh_checks == 1); secret_idx++) {
+- if (loopargs[i].secret_a[secret_idx] != loopargs[i].secret_b[secret_idx])
++ for (k = 0; k < secret_size_a && ecdh_checks == 1; k++) {
++ if (loopargs[i].secret_a[k] != loopargs[i].secret_b[k])
+ ecdh_checks = 0;
+ }
+
+@@ -2650,20 +2595,20 @@ int speed_main(int argc, char **argv)
break;
}
}
@@ -17338,7 +18440,49 @@
}
}
-@@ -2846,7 +2810,9 @@ int speed_main(int argc, char **argv)
+@@ -2786,9 +2731,7 @@ int speed_main(int argc, char **argv)
+ ecdsa_results[k][0], ecdsa_results[k][1],
+ 1.0 / ecdsa_results[k][0], 1.0 / ecdsa_results[k][1]);
+ }
+-#endif
+
+-#ifndef OPENSSL_NO_EC
+ testnum = 1;
+ for (k = 0; k < EC_NUM; k++) {
+ if (!ecdh_doit[k])
+@@ -2817,23 +2760,16 @@ int speed_main(int argc, char **argv)
+ for (i = 0; i < loopargs_len; i++) {
+ OPENSSL_free(loopargs[i].buf_malloc);
+ OPENSSL_free(loopargs[i].buf2_malloc);
+- OPENSSL_free(loopargs[i].siglen);
+- }
++
+ #ifndef OPENSSL_NO_RSA
+- for (i = 0; i < loopargs_len; i++) {
+ for (k = 0; k < RSA_NUM; k++)
+ RSA_free(loopargs[i].rsa_key[k]);
+- }
+ #endif
+ #ifndef OPENSSL_NO_DSA
+- for (i = 0; i < loopargs_len; i++) {
+ for (k = 0; k < DSA_NUM; k++)
+ DSA_free(loopargs[i].dsa_key[k]);
+- }
+ #endif
+-
+ #ifndef OPENSSL_NO_EC
+- for (i = 0; i < loopargs_len; i++) {
+ for (k = 0; k < EC_NUM; k++) {
+ EC_KEY_free(loopargs[i].ecdsa[k]);
+ EC_KEY_free(loopargs[i].ecdh_a[k]);
+@@ -2841,12 +2777,15 @@ int speed_main(int argc, char **argv)
+ }
+ OPENSSL_free(loopargs[i].secret_a);
+ OPENSSL_free(loopargs[i].secret_b);
+- }
+ #endif
++ }
++
if (async_jobs > 0) {
for (i = 0; i < loopargs_len; i++)
ASYNC_WAIT_CTX_free(loopargs[i].wait_ctx);
@@ -17348,7 +18492,7 @@
ASYNC_cleanup_thread();
}
OPENSSL_free(loopargs);
-@@ -2888,6 +2854,10 @@ static void pkey_print_message(const cha
+@@ -2888,6 +2827,10 @@ static void pkey_print_message(const cha
static void print_result(int alg, int run_no, int count, double time_used)
{
@@ -18283,6 +19427,313 @@
*/
#if defined( __VMS) && !defined( OPENSSL_NO_DECC_INIT) && \
+--- /dev/null
++++ b/apps/win32_init.c
+@@ -0,0 +1,304 @@
++/*
++ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
++ *
++ * Licensed under the OpenSSL license (the "License"). You may not use
++ * this file except in compliance with the License. You can obtain a copy
++ * in the file LICENSE in the source distribution or at
++ * https://www.openssl.org/source/license.html
++ */
++
++#include <windows.h>
++#include <stdlib.h>
++#include <string.h>
++#include <malloc.h>
++
++#if defined(CP_UTF8)
++
++static UINT saved_cp;
++static int newargc;
++static char **newargv;
++
++static void cleanup(void)
++{
++ int i;
++
++ SetConsoleOutputCP(saved_cp);
++
++ for (i = 0; i < newargc; i++)
++ free(newargv[i]);
++
++ free(newargv);
++}
++
++/*
++ * Incrementally [re]allocate newargv and keep it NULL-terminated.
++ */
++static int validate_argv(int argc)
++{
++ static int size = 0;
++
++ if (argc >= size) {
++ char **ptr;
++
++ while (argc >= size)
++ size += 64;
++
++ ptr = realloc(newargv, size * sizeof(newargv[0]));
++ if (ptr == NULL)
++ return 0;
++
++ (newargv = ptr)[argc] = NULL;
++ } else {
++ newargv[argc] = NULL;
++ }
++
++ return 1;
++}
++
++static int process_glob(WCHAR *wstr, int wlen)
++{
++ int i, slash, udlen;
++ WCHAR saved_char;
++ WIN32_FIND_DATAW data;
++ HANDLE h;
++
++ /*
++ * Note that we support wildcard characters only in filename part
++ * of the path, and not in directories. Windows users are used to
++ * this, that's why recursive glob processing is not implemented.
++ */
++ /*
++ * Start by looking for last slash or backslash, ...
++ */
++ for (slash = 0, i = 0; i < wlen; i++)
++ if (wstr[i] == L'/' || wstr[i] == L'\\')
++ slash = i + 1;
++ /*
++ * ... then look for asterisk or question mark in the file name.
++ */
++ for (i = slash; i < wlen; i++)
++ if (wstr[i] == L'*' || wstr[i] == L'?')
++ break;
++
++ if (i == wlen)
++ return 0; /* definitely not a glob */
++
++ saved_char = wstr[wlen];
++ wstr[wlen] = L'\0';
++ h = FindFirstFileW(wstr, &data);
++ wstr[wlen] = saved_char;
++ if (h == INVALID_HANDLE_VALUE)
++ return 0; /* not a valid glob, just pass... */
++
++ if (slash)
++ udlen = WideCharToMultiByte(CP_UTF8, 0, wstr, slash,
++ NULL, 0, NULL, NULL);
++ else
++ udlen = 0;
++
++ do {
++ int uflen;
++ char *arg;
++
++ /*
++ * skip over . and ..
++ */
++ if (data.cFileName[0] == L'.') {
++ if ((data.cFileName[1] == L'\0') ||
++ (data.cFileName[1] == L'.' && data.cFileName[2] == L'\0'))
++ continue;
++ }
++
++ if (!validate_argv(newargc + 1))
++ break;
++
++ /*
++ * -1 below means "scan for trailing '\0' *and* count it",
++ * so that |uflen| covers even trailing '\0'.
++ */
++ uflen = WideCharToMultiByte(CP_UTF8, 0, data.cFileName, -1,
++ NULL, 0, NULL, NULL);
++
++ arg = malloc(udlen + uflen);
++ if (arg == NULL)
++ break;
++
++ if (udlen)
++ WideCharToMultiByte(CP_UTF8, 0, wstr, slash,
++ arg, udlen, NULL, NULL);
++
++ WideCharToMultiByte(CP_UTF8, 0, data.cFileName, -1,
++ arg + udlen, uflen, NULL, NULL);
++
++ newargv[newargc++] = arg;
++ } while (FindNextFileW(h, &data));
++
++ CloseHandle(h);
++
++ return 1;
++}
++
++void win32_utf8argv(int *argc, char **argv[])
++{
++ const WCHAR *wcmdline;
++ WCHAR *warg, *wend, *p;
++ int wlen, ulen, valid = 1;
++ char *arg;
++
++ newargc = 0;
++ newargv = NULL;
++ if (!validate_argv(newargc))
++ return;
++
++ wcmdline = GetCommandLineW();
++ if (wcmdline == NULL) return;
++
++ /*
++ * make a copy of the command line, since we might have to modify it...
++ */
++ wlen = wcslen(wcmdline);
++ p = _alloca((wlen + 1) * sizeof(WCHAR));
++ wcscpy(p, wcmdline);
++
++ while (*p != L'\0') {
++ int in_quote = 0;
++
++ if (*p == L' ' || *p == L'\t') {
++ p++; /* skip over white spaces */
++ continue;
++ }
++
++ /*
++ * Note: because we may need to fiddle with the number of backslashes,
++ * the argument string is copied into itself. This is safe because
++ * the number of characters will never expand.
++ */
++ warg = wend = p;
++ while (*p != L'\0'
++ && (in_quote || (*p != L' ' && *p != L'\t'))) {
++ switch (*p) {
++ case L'\\':
++ /*
++ * Microsoft documentation on how backslashes are treated
++ * is:
++ *
++ * + Backslashes are interpreted literally, unless they
++ * immediately precede a double quotation mark.
++ * + If an even number of backslashes is followed by a double
++ * quotation mark, one backslash is placed in the argv array
++ * for every pair of backslashes, and the double quotation
++ * mark is interpreted as a string delimiter.
++ * + If an odd number of backslashes is followed by a double
++ * quotation mark, one backslash is placed in the argv array
++ * for every pair of backslashes, and the double quotation
++ * mark is "escaped" by the remaining backslash, causing a
++ * literal double quotation mark (") to be placed in argv.
++ *
++ * Ref: https://msdn.microsoft.com/en-us/library/17w5ykft.aspx
++ *
++ * Though referred page doesn't mention it, multiple qouble
++ * quotes are also special. Pair of double quotes in quoted
++ * string is counted as single double quote.
++ */
++ {
++ const WCHAR *q = p;
++ int i;
++
++ while (*p == L'\\')
++ p++;
++
++ if (*p == L'"') {
++ int i;
++
++ for (i = (p - q) / 2; i > 0; i--)
++ *wend++ = L'\\';
++
++ /*
++ * if odd amount of backslashes before the quote,
++ * said quote is part of the argument, not a delimiter
++ */
++ if ((p - q) % 2 == 1)
++ *wend++ = *p++;
++ } else {
++ for (i = p - q; i > 0; i--)
++ *wend++ = L'\\';
++ }
++ }
++ break;
++ case L'"':
++ /*
++ * Without the preceding backslash (or when preceded with an
++ * even number of backslashes), the double quote is a simple
++ * string delimiter and just slightly change the parsing state
++ */
++ if (in_quote && p[1] == L'"')
++ *wend++ = *p++;
++ else
++ in_quote = !in_quote;
++ p++;
++ break;
++ default:
++ /*
++ * Any other non-delimiter character is just taken verbatim
++ */
++ *wend++ = *p++;
++ }
++ }
++
++ wlen = wend - warg;
++
++ if (wlen == 0 || !process_glob(warg, wlen)) {
++ if (!validate_argv(newargc + 1)) {
++ valid = 0;
++ break;
++ }
++
++ ulen = 0;
++ if (wlen > 0) {
++ ulen = WideCharToMultiByte(CP_UTF8, 0, warg, wlen,
++ NULL, 0, NULL, NULL);
++ if (ulen <= 0)
++ continue;
++ }
++
++ arg = malloc(ulen + 1);
++ if (arg == NULL) {
++ valid = 0;
++ break;
++ }
++
++ if (wlen > 0)
++ WideCharToMultiByte(CP_UTF8, 0, warg, wlen,
++ arg, ulen, NULL, NULL);
++ arg[ulen] = '\0';
++
++ newargv[newargc++] = arg;
++ }
++ }
++
++ if (valid) {
++ saved_cp = GetConsoleOutputCP();
++ SetConsoleOutputCP(CP_UTF8);
++
++ *argc = newargc;
++ *argv = newargv;
++
++ atexit(cleanup);
++ } else if (newargv != NULL) {
++ int i;
++
++ for (i = 0; i < newargc; i++)
++ free(newargv[i]);
++
++ free(newargv);
++
++ newargc = 0;
++ newargv = NULL;
++ }
++
++ return;
++}
++#else
++void win32_utf8argv(int &argc, char **argv[])
++{ return; }
++#endif
--- a/apps/winrand.c
+++ /dev/null
@@ -1,145 +0,0 @@
@@ -32946,6 +34397,15 @@
*/
#include <stdio.h>
+@@ -75,7 +27,7 @@ long BIO_debug_callback(BIO *bio, int cm
+ if (BIO_CB_RETURN & cmd)
+ r = ret;
+
+- len = BIO_snprintf(buf,sizeof buf,"BIO[%p]: ",(void *)bio);
++ len = BIO_snprintf(buf, sizeof buf, "BIO[%p]: ", (void *)bio);
+
+ /* Ignore errors and continue printing the other information. */
+ if (len < 0)
--- a/crypto/bio/bio_err.c
+++ b/crypto/bio/bio_err.c
@@ -1,62 +1,11 @@
@@ -43697,6 +45157,24 @@
*/
#include <assert.h>
+@@ -218,7 +170,7 @@ int BN_num_bits(const BIGNUM *a)
+
+ static void bn_free_d(BIGNUM *a)
+ {
+- if (BN_get_flags(a,BN_FLG_SECURE))
++ if (BN_get_flags(a, BN_FLG_SECURE))
+ OPENSSL_secure_free(a->d);
+ else
+ OPENSSL_free(a->d);
+@@ -307,7 +259,7 @@ static BN_ULONG *bn_expand_internal(cons
+ BNerr(BN_F_BN_EXPAND_INTERNAL, BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);
+ return (NULL);
+ }
+- if (BN_get_flags(b,BN_FLG_SECURE))
++ if (BN_get_flags(b, BN_FLG_SECURE))
+ a = A = OPENSSL_secure_zalloc(words * sizeof(*a));
+ else
+ a = A = OPENSSL_zalloc(words * sizeof(*a));
@@ -493,7 +445,7 @@ void BN_clear(BIGNUM *a)
{
bn_check_top(a);
@@ -51311,6 +52789,15 @@
*/
#ifdef OPENSSL_NO_CT
+@@ -166,7 +117,7 @@ void SCT_set_timestamp(SCT *sct, uint64_
+
+ int SCT_set_signature_nid(SCT *sct, int nid)
+ {
+- switch (nid) {
++ switch (nid) {
+ case NID_sha256WithRSAEncryption:
+ sct->hash_alg = TLSEXT_hash_sha256;
+ sct->sig_alg = TLSEXT_signature_rsa;
--- a/crypto/ct/ct_sct_ctx.c
+++ b/crypto/ct/ct_sct_ctx.c
@@ -1,59 +1,10 @@
@@ -55893,6 +57380,15 @@
*/
#include <stdio.h>
+@@ -303,7 +254,7 @@ static int int_dsa_size(const EVP_PKEY *
+
+ static int dsa_bits(const EVP_PKEY *pkey)
+ {
+- return BN_num_bits(pkey->pkey.dsa->p);
++ return DSA_bits(pkey->pkey.dsa);
+ }
+
+ static int dsa_security_bits(const EVP_PKEY *pkey)
@@ -315,7 +266,7 @@ static int dsa_missing_parameters(const
{
DSA *dsa;
@@ -56651,6 +58147,15 @@
return 1;
}
+@@ -368,3 +339,8 @@ ENGINE *DSA_get0_engine(DSA *d)
+ {
+ return d->engine;
+ }
++
++int DSA_bits(const DSA *dsa)
++{
++ return BN_num_bits(dsa->p);
++}
--- a/crypto/dsa/dsa_locl.h
+++ b/crypto/dsa/dsa_locl.h
@@ -1,55 +1,10 @@
@@ -60023,6 +61528,15 @@
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
* Portions originally developed by SUN MICROSYSTEMS, INC., and
+@@ -121,7 +74,7 @@ void EC_KEY_free(EC_KEY *r)
+ OPENSSL_clear_free((void *)r, sizeof(EC_KEY));
+ }
+
+-EC_KEY *EC_KEY_copy(EC_KEY *dest, EC_KEY *src)
++EC_KEY *EC_KEY_copy(EC_KEY *dest, const EC_KEY *src)
+ {
+ if (dest == NULL || src == NULL) {
+ ECerr(EC_F_EC_KEY_COPY, ERR_R_PASSED_NULL_PARAMETER);
@@ -148,28 +101,29 @@ EC_KEY *EC_KEY_copy(EC_KEY *dest, EC_KEY
return NULL;
if (!EC_GROUP_copy(dest->group, src->group))
@@ -60073,6 +61587,15 @@
}
+@@ -197,7 +151,7 @@ EC_KEY *EC_KEY_copy(EC_KEY *dest, EC_KEY
+ return dest;
+ }
+
+-EC_KEY *EC_KEY_dup(EC_KEY *ec_key)
++EC_KEY *EC_KEY_dup(const EC_KEY *ec_key)
+ {
+ EC_KEY *ret = EC_KEY_new_method(ec_key->engine);
+
@@ -398,8 +352,9 @@ int EC_KEY_set_public_key_affine_coordin
}
ctx = BN_CTX_new();
@@ -60108,7 +61631,7 @@
}
-size_t EC_KEY_priv2oct(const EC_KEY *eckey, unsigned char *buf, size_t len)
-+size_t EC_KEY_priv2oct(const EC_KEY *eckey,
++size_t EC_KEY_priv2oct(const EC_KEY *eckey,
+ unsigned char *buf, size_t len)
{
if (eckey->group == NULL || eckey->group->meth == NULL)
@@ -61748,6 +63271,15 @@
*/
#include "internal/cryptlib.h"
+@@ -67,7 +18,7 @@ void ENGINE_load_builtin_engines(void)
+ OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL);
+ }
+
+-#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
++#if (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)) && !defined(OPENSSL_NO_DEPRECATED)
+ void ENGINE_setup_bsd_cryptodev(void)
+ {
+ static int bsd_cryptodev_default_loaded = 0;
--- a/crypto/engine/eng_cnf.c
+++ b/crypto/engine/eng_cnf.c
@@ -1,59 +1,10 @@
@@ -62142,27 +63674,48 @@
*/
#include "eng_int.h"
-@@ -286,15 +241,15 @@ int ENGINE_ctrl_cmd_string(ENGINE *e, co
+@@ -248,14 +203,13 @@ int ENGINE_ctrl_cmd(ENGINE *e, const cha
+ {
+ int num;
+
+- if ((e == NULL) || (cmd_name == NULL)) {
++ if (e == NULL || cmd_name == NULL) {
+ ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+- if ((e->ctrl == NULL) || ((num = ENGINE_ctrl(e,
+- ENGINE_CTRL_GET_CMD_FROM_NAME,
+- 0, (void *)cmd_name,
+- NULL)) <= 0)) {
++ if (e->ctrl == NULL
++ || (num = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FROM_NAME,
++ 0, (void *)cmd_name, NULL)) <= 0) {
+ /*
+ * If the command didn't *have* to be supported, we fake success.
+ * This allows certain settings to be specified for multiple ENGINEs
+@@ -286,15 +240,14 @@ int ENGINE_ctrl_cmd_string(ENGINE *e, co
int num, flags;
long l;
char *ptr;
+- if ((e == NULL) || (cmd_name == NULL)) {
+- ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+- ERR_R_PASSED_NULL_PARAMETER);
+
- if ((e == NULL) || (cmd_name == NULL)) {
- ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
- ERR_R_PASSED_NULL_PARAMETER);
++ if (e == NULL || cmd_name == NULL) {
++ ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
- if ((e->ctrl == NULL) || ((num = ENGINE_ctrl(e,
- ENGINE_CTRL_GET_CMD_FROM_NAME,
- 0, (void *)cmd_name,
- NULL)) <= 0)) {
-+ if (e->ctrl == NULL
++ if (e->ctrl == NULL
+ || (num = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FROM_NAME,
+ 0, (void *)cmd_name, NULL)) <= 0) {
/*
* If the command didn't *have* to be supported, we fake success.
* This allows certain settings to be specified for multiple ENGINEs
-@@ -315,8 +270,9 @@ int ENGINE_ctrl_cmd_string(ENGINE *e, co
+@@ -315,8 +268,9 @@ int ENGINE_ctrl_cmd_string(ENGINE *e, co
ENGINE_R_CMD_NOT_EXECUTABLE);
return 0;
}
@@ -64768,17 +66321,82 @@
*/
#include <stdio.h>
-@@ -211,6 +163,7 @@ static int enc_read(BIO *b, char *out, i
- (unsigned char *)&(ctx->buf[BUF_OFFSET]),
- i)) {
+@@ -88,7 +40,7 @@ typedef struct enc_struct {
+ * buf is larger than ENC_BLOCK_SIZE because EVP_DecryptUpdate can return
+ * up to a block more data than is presented to it
+ */
+- char buf[ENC_BLOCK_SIZE + BUF_OFFSET + 2];
++ unsigned char buf[ENC_BLOCK_SIZE + BUF_OFFSET + 2];
+ } BIO_ENC_CTX;
+
+ static const BIO_METHOD methods_enc = {
+@@ -184,33 +136,52 @@ static int enc_read(BIO *b, char *out, i
+ */
+
+ while (outl > 0) {
++ int buf_len;
++
+ if (ctx->cont <= 0)
+ break;
+
++ buf_len = outl + EVP_MAX_BLOCK_LENGTH - 1;
++ buf_len -= buf_len % EVP_MAX_BLOCK_LENGTH;
++ if (buf_len > ENC_BLOCK_SIZE) {
++ buf_len = ENC_BLOCK_SIZE;
++ }
++
+ /*
+ * read in at IV offset, read the EVP_Cipher documentation about why
+ */
+- i = BIO_read(next, &(ctx->buf[BUF_OFFSET]), ENC_BLOCK_SIZE);
++ i = BIO_read(next, &(ctx->buf[BUF_OFFSET]), buf_len);
+
+ if (i <= 0) {
+ /* Should be continue next time we are called? */
+ if (!BIO_should_retry(next)) {
+ ctx->cont = i;
+ i = EVP_CipherFinal_ex(ctx->cipher,
+- (unsigned char *)ctx->buf,
+- &(ctx->buf_len));
++ ctx->buf, &(ctx->buf_len));
+ ctx->ok = i;
+ ctx->buf_off = 0;
+ } else {
+ ret = (ret == 0) ? i : ret;
+ break;
+ }
++ } else if (outl >= EVP_MAX_BLOCK_LENGTH) {
++ if (!EVP_CipherUpdate(ctx->cipher,
++ (unsigned char *)out, &buf_len,
++ &(ctx->buf[BUF_OFFSET]), i)) {
++ BIO_clear_retry_flags(b);
++ return 0;
++ }
++ ret += buf_len;
++ outl -= buf_len;
++ out += buf_len;
++
++ continue;
+ } else {
+ if (!EVP_CipherUpdate(ctx->cipher,
+- (unsigned char *)ctx->buf, &ctx->buf_len,
+- (unsigned char *)&(ctx->buf[BUF_OFFSET]),
+- i)) {
++ ctx->buf, &ctx->buf_len,
++ &(ctx->buf[BUF_OFFSET]), i)) {
BIO_clear_retry_flags(b);
+ ctx->ok = 0;
return 0;
}
ctx->cont = 1;
-@@ -278,6 +231,7 @@ static int enc_write(BIO *b, const char
- (unsigned char *)ctx->buf, &ctx->buf_len,
- (unsigned char *)in, n)) {
+@@ -275,9 +246,10 @@ static int enc_write(BIO *b, const char
+ while (inl > 0) {
+ n = (inl > ENC_BLOCK_SIZE) ? ENC_BLOCK_SIZE : inl;
+ if (!EVP_CipherUpdate(ctx->cipher,
+- (unsigned char *)ctx->buf, &ctx->buf_len,
+- (unsigned char *)in, n)) {
++ ctx->buf, &ctx->buf_len,
++ (const unsigned char *)in, n)) {
BIO_clear_retry_flags(b);
+ ctx->ok = 0;
return 0;
@@ -65975,6 +67593,21 @@
return 1;
}
+@@ -382,9 +345,11 @@ static int chacha20_poly1305_ctrl(EVP_CI
+
+ case EVP_CTRL_COPY:
+ if (actx) {
+- if ((((EVP_CIPHER_CTX *)ptr)->cipher_data =
+- OPENSSL_memdup(actx,sizeof(*actx) + Poly1305_ctx_size()))
+- == NULL) {
++ EVP_CIPHER_CTX *dst = (EVP_CIPHER_CTX *)ptr;
++
++ dst->cipher_data =
++ OPENSSL_memdup(actx, sizeof(*actx) + Poly1305_ctx_size());
++ if (dst->cipher_data == NULL) {
+ EVPerr(EVP_F_CHACHA20_POLY1305_CTRL, EVP_R_COPY_ERROR);
+ return 0;
+ }
--- a/crypto/evp/e_des.c
+++ b/crypto/evp/e_des.c
@@ -1,58 +1,10 @@
@@ -67074,7 +68707,7 @@
goto skip_to_init;
#endif
if (cipher) {
-@@ -300,12 +253,53 @@ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *c
+@@ -300,12 +253,55 @@ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *c
return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0);
}
@@ -67110,10 +68743,10 @@
+ * operations are used instead of boolean to minimize number
+ * of conditional branches.]
+ */
-+ int condition = (len > 0) & (diff != 0) & ((diff < (PTRDIFF_T)len) |
-+ (diff > (0 - (PTRDIFF_T)len)));
-+ assert(!condition);
-+ return condition;
++ int overlapped = (len > 0) & (diff != 0) & ((diff < (PTRDIFF_T)len) |
++ (diff > (0 - (PTRDIFF_T)len)));
++ assert(!overlapped);
++ return overlapped;
+}
+
int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
@@ -67122,22 +68755,26 @@
int i, j, bl;
if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
-+ if (is_partially_overlapping(out, in, inl))
++ if (is_partially_overlapping(out, in, inl)) {
++ EVPerr(EVP_F_EVP_ENCRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
+ return 0;
++ }
+
i = ctx->cipher->do_cipher(ctx, out, in, inl);
if (i < 0)
return 0;
-@@ -318,6 +312,8 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ct
+@@ -318,6 +314,10 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ct
*outl = 0;
return inl == 0;
}
-+ if (is_partially_overlapping(out, in, inl))
++ if (is_partially_overlapping(out, in, inl)) {
++ EVPerr(EVP_F_EVP_ENCRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
+ return 0;
++ }
if (ctx->buf_len == 0 && (inl & (ctx->block_mask)) == 0) {
if (ctx->cipher->do_cipher(ctx, out, in, inl)) {
-@@ -332,7 +328,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ct
+@@ -332,7 +332,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ct
bl = ctx->cipher->block_size;
OPENSSL_assert(bl <= (int)sizeof(ctx->buf));
if (i != 0) {
@@ -67146,7 +68783,7 @@
memcpy(&(ctx->buf[i]), in, inl);
ctx->buf_len += inl;
*outl = 0;
-@@ -340,10 +336,12 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ct
+@@ -340,10 +340,14 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ct
} else {
j = bl - i;
memcpy(&(ctx->buf[i]), in, j);
@@ -67154,31 +68791,37 @@
- return 0;
inl -= j;
in += j;
-+ if (is_partially_overlapping(out, in, bl))
++ if (is_partially_overlapping(out, in, bl)) {
++ EVPerr(EVP_F_EVP_ENCRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
+ return 0;
++ }
+ if (!ctx->cipher->do_cipher(ctx, out, ctx->buf, bl))
+ return 0;
out += bl;
*outl = bl;
}
-@@ -419,6 +417,9 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ct
+@@ -419,6 +423,11 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ct
unsigned int b;
if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
-+ if (is_partially_overlapping(out, in, inl))
++ if (is_partially_overlapping(out, in, inl)) {
++ EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
+ return 0;
++ }
+
fix_len = ctx->cipher->do_cipher(ctx, out, in, inl);
if (fix_len < 0) {
*outl = 0;
-@@ -440,6 +441,10 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ct
+@@ -440,6 +449,12 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ct
OPENSSL_assert(b <= sizeof ctx->final);
if (ctx->final_used) {
+ /* see comment about PTRDIFF_T comparison above */
+ if (((PTRDIFF_T)out == (PTRDIFF_T)in)
-+ || is_partially_overlapping(out, in, b))
++ || is_partially_overlapping(out, in, b)) {
++ EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
+ return 0;
++ }
memcpy(out, ctx->final, b);
out += b;
fix_len = 1;
@@ -67253,7 +68896,7 @@
*/
#include <stdio.h>
-@@ -70,22 +20,13 @@
+@@ -70,30 +20,23 @@
static ERR_STRING_DATA EVP_str_functs[] = {
{ERR_FUNC(EVP_F_AESNI_INIT_KEY), "aesni_init_key"},
@@ -67276,7 +68919,17 @@
{ERR_FUNC(EVP_F_EVP_CIPHERINIT_EX), "EVP_CipherInit_ex"},
{ERR_FUNC(EVP_F_EVP_CIPHER_CTX_COPY), "EVP_CIPHER_CTX_copy"},
{ERR_FUNC(EVP_F_EVP_CIPHER_CTX_CTRL), "EVP_CIPHER_CTX_ctrl"},
-@@ -118,8 +59,8 @@ static ERR_STRING_DATA EVP_str_functs[]
+ {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH),
+ "EVP_CIPHER_CTX_set_key_length"},
+ {ERR_FUNC(EVP_F_EVP_DECRYPTFINAL_EX), "EVP_DecryptFinal_ex"},
++ {ERR_FUNC(EVP_F_EVP_DECRYPTUPDATE), "EVP_DecryptUpdate"},
+ {ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"},
+ {ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX), "EVP_EncryptFinal_ex"},
++ {ERR_FUNC(EVP_F_EVP_ENCRYPTUPDATE), "EVP_EncryptUpdate"},
+ {ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX), "EVP_MD_CTX_copy_ex"},
+ {ERR_FUNC(EVP_F_EVP_MD_SIZE), "EVP_MD_size"},
+ {ERR_FUNC(EVP_F_EVP_OPENINIT), "EVP_OpenInit"},
+@@ -118,8 +61,8 @@ static ERR_STRING_DATA EVP_str_functs[]
{ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT_OLD), "EVP_PKEY_encrypt_old"},
{ERR_FUNC(EVP_F_EVP_PKEY_GET0_DH), "EVP_PKEY_get0_DH"},
{ERR_FUNC(EVP_F_EVP_PKEY_GET0_DSA), "EVP_PKEY_get0_DSA"},
@@ -67286,7 +68939,7 @@
{ERR_FUNC(EVP_F_EVP_PKEY_GET0_RSA), "EVP_PKEY_get0_RSA"},
{ERR_FUNC(EVP_F_EVP_PKEY_KEYGEN), "EVP_PKEY_keygen"},
{ERR_FUNC(EVP_F_EVP_PKEY_KEYGEN_INIT), "EVP_PKEY_keygen_init"},
-@@ -133,23 +74,13 @@ static ERR_STRING_DATA EVP_str_functs[]
+@@ -133,23 +76,13 @@ static ERR_STRING_DATA EVP_str_functs[]
{ERR_FUNC(EVP_F_EVP_PKEY_VERIFY_RECOVER), "EVP_PKEY_verify_recover"},
{ERR_FUNC(EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT),
"EVP_PKEY_verify_recover_init"},
@@ -67310,7 +68963,7 @@
{ERR_FUNC(EVP_F_PKEY_SET_TYPE), "pkey_set_type"},
{ERR_FUNC(EVP_F_RC2_MAGIC_TO_METH), "rc2_magic_to_meth"},
{ERR_FUNC(EVP_F_RC5_CTRL), "rc5_ctrl"},
-@@ -157,16 +88,11 @@ static ERR_STRING_DATA EVP_str_functs[]
+@@ -157,16 +90,11 @@ static ERR_STRING_DATA EVP_str_functs[]
};
static ERR_STRING_DATA EVP_str_reasons[] = {
@@ -67329,7 +68982,7 @@
{ERR_REASON(EVP_R_CIPHER_PARAMETER_ERROR), "cipher parameter error"},
{ERR_REASON(EVP_R_COMMAND_NOT_SUPPORTED), "command not supported"},
{ERR_REASON(EVP_R_COPY_ERROR), "copy error"},
-@@ -178,25 +104,22 @@ static ERR_STRING_DATA EVP_str_reasons[]
+@@ -178,25 +106,22 @@ static ERR_STRING_DATA EVP_str_reasons[]
{ERR_REASON(EVP_R_DECODE_ERROR), "decode error"},
{ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES), "different key types"},
{ERR_REASON(EVP_R_DIFFERENT_PARAMETERS), "different parameters"},
@@ -67358,7 +69011,7 @@
{ERR_REASON(EVP_R_KEYGEN_FAILURE), "keygen failure"},
{ERR_REASON(EVP_R_MEMORY_LIMIT_EXCEEDED), "memory limit exceeded"},
{ERR_REASON(EVP_R_MESSAGE_DIGEST_IS_NULL), "message digest is null"},
-@@ -205,21 +128,14 @@ static ERR_STRING_DATA EVP_str_reasons[]
+@@ -205,21 +130,15 @@ static ERR_STRING_DATA EVP_str_reasons[]
{ERR_REASON(EVP_R_NO_CIPHER_SET), "no cipher set"},
{ERR_REASON(EVP_R_NO_DEFAULT_DIGEST), "no default digest"},
{ERR_REASON(EVP_R_NO_DIGEST_SET), "no digest set"},
@@ -67373,6 +69026,7 @@
"operation not supported for this keytype"},
{ERR_REASON(EVP_R_OPERATON_NOT_INITIALIZED), "operaton not initialized"},
- {ERR_REASON(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE), "pkcs8 unknown broken type"},
++ {ERR_REASON(EVP_R_PARTIALLY_OVERLAPPING), "partially overlapping buffers"},
{ERR_REASON(EVP_R_PRIVATE_KEY_DECODE_ERROR), "private key decode error"},
{ERR_REASON(EVP_R_PRIVATE_KEY_ENCODE_ERROR), "private key encode error"},
{ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA), "public key not rsa"},
@@ -67380,7 +69034,7 @@
{ERR_REASON(EVP_R_UNKNOWN_CIPHER), "unknown cipher"},
{ERR_REASON(EVP_R_UNKNOWN_DIGEST), "unknown digest"},
{ERR_REASON(EVP_R_UNKNOWN_OPTION), "unknown option"},
-@@ -238,13 +154,12 @@ static ERR_STRING_DATA EVP_str_reasons[]
+@@ -238,13 +157,12 @@ static ERR_STRING_DATA EVP_str_reasons[]
{ERR_REASON(EVP_R_UNSUPPORTED_SALT_TYPE), "unsupported salt type"},
{ERR_REASON(EVP_R_WRAP_MODE_NOT_ALLOWED), "wrap mode not allowed"},
{ERR_REASON(EVP_R_WRONG_FINAL_BLOCK_LENGTH), "wrong final block length"},
@@ -67395,7 +69049,7 @@
{
#ifndef OPENSSL_NO_ERR
-@@ -253,4 +168,5 @@ void ERR_load_EVP_strings(void)
+@@ -253,4 +171,5 @@ void ERR_load_EVP_strings(void)
ERR_load_strings(0, EVP_str_reasons);
}
#endif
@@ -69521,6 +71175,24 @@
if (ex_data_lock == NULL) {
/*
+@@ -216,7 +119,7 @@ static void dummy_free(void *parent, voi
+ {
+ }
+
+-static int dummy_dup(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from,
++static int dummy_dup(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
+ void *from_d, int idx,
+ long argl, void *argp)
+ {
+@@ -347,7 +250,7 @@ int CRYPTO_new_ex_data(int class_index,
+ * for each index in the class used by this variable
+ */
+ int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
+- CRYPTO_EX_DATA *from)
++ const CRYPTO_EX_DATA *from)
+ {
+ int mx, j, i;
+ char *ptr;
--- a/crypto/fips_err.h
+++ /dev/null
@@ -1,226 +0,0 @@
@@ -74519,6 +76191,15 @@
*/
#include <string.h>
+@@ -64,7 +15,7 @@
+ * the pointer and can't assume that it points to any function in
+ * particular (such as memset, which it then might further "optimize")
+ */
+-typedef void *(*memset_t)(void *,int,size_t);
++typedef void *(*memset_t)(void *, int, size_t);
+
+ static volatile memset_t memset_func = memset;
+
--- a/crypto/mem_dbg.c
+++ b/crypto/mem_dbg.c
@@ -1,118 +1,17 @@
@@ -77443,7 +79124,7 @@
size_t OBJ_length(const ASN1_OBJECT *obj)
--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
-@@ -1,5792 +1,5086 @@
+@@ -1,5792 +1,5101 @@
-/* THIS FILE IS GENERATED FROM objects.h by obj_dat.pl via the
- * following command:
- * perl obj_dat.pl obj_mac.h obj_dat.h
@@ -78468,7 +80149,7 @@
-0x2B,0x06,0x01,0x04,0x01,0x8D,0x3A,0x0C,0x02,0x01,0x10,/* [6721] OBJ_blake2b512 */
-0x2B,0x06,0x01,0x04,0x01,0x8D,0x3A,0x0C,0x02,0x02,0x08,/* [6732] OBJ_blake2s256 */
+/* Serialized OID's */
-+static const unsigned char so[6744] = {
++static const unsigned char so[6777] = {
+ 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 0] OBJ_rsadsi */
+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 6] OBJ_pkcs */
+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */
@@ -79416,6 +81097,9 @@
+ 0x2B,0x06,0x01,0x04,0x01,0xDA,0x47,0x0F,0x02, /* [ 6712] OBJ_X448 */
+ 0x2B,0x06,0x01,0x04,0x01,0x8D,0x3A,0x0C,0x02,0x01,0x10, /* [ 6721] OBJ_blake2b512 */
+ 0x2B,0x06,0x01,0x04,0x01,0x8D,0x3A,0x0C,0x02,0x02,0x08, /* [ 6732] OBJ_blake2s256 */
++ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x13, /* [ 6743] OBJ_id_smime_ct_contentCollection */
++ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x17, /* [ 6754] OBJ_id_smime_ct_authEnvelopedData */
++ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x1C, /* [ 6765] OBJ_id_ct_xml */
};
-static const ASN1_OBJECT nid_objs[NUM_NID]={
@@ -81131,7 +82815,7 @@
-{NULL,NULL,NID_undef,0,NULL,0},
-{"BLAKE2b512","blake2b512",NID_blake2b512,11,&(lvalues[6721]),0},
-{"BLAKE2s256","blake2s256",NID_blake2s256,11,&(lvalues[6732]),0},
-+#define NUM_NID 1058
++#define NUM_NID 1061
+static const ASN1_OBJECT nid_objs[NUM_NID] = {
+ {"UNDEF", "undefined", NID_undef},
+ {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]},
@@ -82191,6 +83875,9 @@
+ { NULL, NULL, NID_undef },
+ {"BLAKE2b512", "blake2b512", NID_blake2b512, 11, &so[6721]},
+ {"BLAKE2s256", "blake2s256", NID_blake2s256, 11, &so[6732]},
++ {"id-smime-ct-contentCollection", "id-smime-ct-contentCollection", NID_id_smime_ct_contentCollection, 11, &so[6743]},
++ {"id-smime-ct-authEnvelopedData", "id-smime-ct-authEnvelopedData", NID_id_smime_ct_authEnvelopedData, 11, &so[6754]},
++ {"id-ct-xml", "id-ct-xml", NID_id_ct_xml, 11, &so[6765]},
};
-static const unsigned int sn_objs[NUM_SN]={
@@ -83243,7 +84930,7 @@
-503, /* "x500UniqueIdentifier" */
-158, /* "x509Certificate" */
-160, /* "x509Crl" */
-+#define NUM_SN 1049
++#define NUM_SN 1052
+static const unsigned int sn_objs[NUM_SN] = {
+ 364, /* "AD_DVCS" */
+ 419, /* "AES-128-CBC" */
@@ -83762,6 +85449,7 @@
+ 327, /* "id-cmc-statusInfo" */
+ 331, /* "id-cmc-transactionId" */
+ 787, /* "id-ct-asciiTextWithCRLF" */
++ 1060, /* "id-ct-xml" */
+ 408, /* "id-ecPublicKey" */
+ 508, /* "id-hex-multipart-message" */
+ 507, /* "id-hex-partial-message" */
@@ -83879,7 +85567,9 @@
+ 208, /* "id-smime-ct-TDTInfo" */
+ 207, /* "id-smime-ct-TSTInfo" */
+ 205, /* "id-smime-ct-authData" */
++ 1059, /* "id-smime-ct-authEnvelopedData" */
+ 786, /* "id-smime-ct-compressedData" */
++ 1058, /* "id-smime-ct-contentCollection" */
+ 209, /* "id-smime-ct-contentInfo" */
+ 206, /* "id-smime-ct-publishCert" */
+ 204, /* "id-smime-ct-receipt" */
@@ -85346,7 +87036,7 @@
-158, /* "x509Certificate" */
-160, /* "x509Crl" */
-125, /* "zlib compression" */
-+#define NUM_LN 1049
++#define NUM_LN 1052
+static const unsigned int ln_objs[NUM_LN] = {
+ 363, /* "AD Time Stamping" */
+ 405, /* "ANSI X9.62" */
@@ -85868,6 +87558,7 @@
+ 327, /* "id-cmc-statusInfo" */
+ 331, /* "id-cmc-transactionId" */
+ 787, /* "id-ct-asciiTextWithCRLF" */
++ 1060, /* "id-ct-xml" */
+ 408, /* "id-ecPublicKey" */
+ 508, /* "id-hex-multipart-message" */
+ 507, /* "id-hex-partial-message" */
@@ -85978,7 +87669,9 @@
+ 208, /* "id-smime-ct-TDTInfo" */
+ 207, /* "id-smime-ct-TSTInfo" */
+ 205, /* "id-smime-ct-authData" */
++ 1059, /* "id-smime-ct-authEnvelopedData" */
+ 786, /* "id-smime-ct-compressedData" */
++ 1058, /* "id-smime-ct-contentCollection" */
+ 209, /* "id-smime-ct-contentInfo" */
+ 206, /* "id-smime-ct-publishCert" */
+ 204, /* "id-smime-ct-receipt" */
@@ -87353,7 +89046,7 @@
-957, /* OBJ_jurisdictionCountryName 1 3 6 1 4 1 311 60 2 1 3 */
-1056, /* OBJ_blake2b512 1 3 6 1 4 1 1722 12 2 1 16 */
-1057, /* OBJ_blake2s256 1 3 6 1 4 1 1722 12 2 2 8 */
-+#define NUM_OBJ 953
++#define NUM_OBJ 956
+static const unsigned int obj_objs[NUM_OBJ] = {
+ 0, /* OBJ_undef 0 */
+ 181, /* OBJ_iso 1 */
@@ -88248,7 +89941,10 @@
+ 210, /* OBJ_id_smime_ct_DVCSRequestData 1 2 840 113549 1 9 16 1 7 */
+ 211, /* OBJ_id_smime_ct_DVCSResponseData 1 2 840 113549 1 9 16 1 8 */
+ 786, /* OBJ_id_smime_ct_compressedData 1 2 840 113549 1 9 16 1 9 */
++ 1058, /* OBJ_id_smime_ct_contentCollection 1 2 840 113549 1 9 16 1 19 */
++ 1059, /* OBJ_id_smime_ct_authEnvelopedData 1 2 840 113549 1 9 16 1 23 */
+ 787, /* OBJ_id_ct_asciiTextWithCRLF 1 2 840 113549 1 9 16 1 27 */
++ 1060, /* OBJ_id_ct_xml 1 2 840 113549 1 9 16 1 28 */
+ 212, /* OBJ_id_smime_aa_receiptRequest 1 2 840 113549 1 9 16 2 1 */
+ 213, /* OBJ_id_smime_aa_securityLabel 1 2 840 113549 1 9 16 2 2 */
+ 214, /* OBJ_id_smime_aa_mlExpandHistory 1 2 840 113549 1 9 16 2 3 */
@@ -89079,6 +90775,15 @@
}
int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b)
+--- a/crypto/objects/obj_mac.num
++++ b/crypto/objects/obj_mac.num
+@@ -1055,3 +1055,6 @@ fips_none 1054
+ fips_140_2 1055
+ blake2b512 1056
+ blake2s256 1057
++id_smime_ct_contentCollection 1058
++id_smime_ct_authEnvelopedData 1059
++id_ct_xml 1060
--- a/crypto/objects/obj_xref.c
+++ b/crypto/objects/obj_xref.c
@@ -1,59 +1,10 @@
@@ -89299,6 +91004,19 @@
*/
#define SN_undef "UNDEF"
+--- a/crypto/objects/objects.txt
++++ b/crypto/objects/objects.txt
+@@ -257,7 +257,10 @@ id-smime-ct 6 : id-smime-ct-contentInfo
+ id-smime-ct 7 : id-smime-ct-DVCSRequestData
+ id-smime-ct 8 : id-smime-ct-DVCSResponseData
+ id-smime-ct 9 : id-smime-ct-compressedData
++id-smime-ct 19 : id-smime-ct-contentCollection
++id-smime-ct 23 : id-smime-ct-authEnvelopedData
+ id-smime-ct 27 : id-ct-asciiTextWithCRLF
++id-smime-ct 28 : id-ct-xml
+
+ # S/MIME Attributes
+ id-smime-aa 1 : id-smime-aa-receiptRequest
--- a/crypto/objects/objxref.pl
+++ b/crypto/objects/objxref.pl
@@ -1,4 +1,11 @@
@@ -91773,15 +93491,18 @@
DSA_get0_pqg(dsa, &p, &q, &g);
DSA_get0_key(dsa, &pub_key, &priv_key);
-@@ -535,7 +495,7 @@ static int check_bitlen_dsa(DSA *dsa, in
+@@ -535,9 +495,9 @@ static int check_bitlen_dsa(DSA *dsa, in
static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *pmagic)
{
int nbyte, hnbyte, bitlen;
- BIGNUM *e;
+ const BIGNUM *e;
- RSA_get0_key(rsa, &e, NULL, NULL);
+- RSA_get0_key(rsa, &e, NULL, NULL);
++ RSA_get0_key(rsa, NULL, &e, NULL);
if (BN_num_bits(e) > 32)
+ goto badkey;
+ bitlen = RSA_bits(rsa);
@@ -547,7 +507,7 @@ static int check_bitlen_rsa(RSA *rsa, in
*pmagic = MS_RSA1MAGIC;
return bitlen;
@@ -91791,7 +93512,7 @@
*pmagic = MS_RSA2MAGIC;
-@@ -575,7 +535,7 @@ static int check_bitlen_rsa(RSA *rsa, in
+@@ -575,11 +535,11 @@ static int check_bitlen_rsa(RSA *rsa, in
static void write_rsa(unsigned char **out, RSA *rsa, int ispub)
{
int nbyte, hnbyte;
@@ -91800,6 +93521,11 @@
nbyte = RSA_size(rsa);
hnbyte = (RSA_bits(rsa) + 15) >> 4;
+- RSA_get0_key(rsa, &e, &n, &d);
++ RSA_get0_key(rsa, &n, &e, &d);
+ write_lebn(out, e, 4);
+ write_lebn(out, n, -1);
+ if (ispub)
@@ -597,7 +557,8 @@ static void write_rsa(unsigned char **ou
static void write_dsa(unsigned char **out, DSA *dsa, int ispub)
{
@@ -91816,7 +93542,7 @@
int outlen = 24, pklen;
- unsigned char *p, *salt = NULL;
- EVP_CIPHER_CTX *cctx = EVP_CIPHER_CTX_new();
-+ unsigned char *p = NULL, *salt = NULL;
++ unsigned char *p = NULL, *start = NULL, *salt = NULL;
+ EVP_CIPHER_CTX *cctx = NULL;
if (enclevel)
outlen += PVK_SALTLEN;
@@ -91831,8 +93557,9 @@
+ if (*out != NULL) {
p = *out;
- else {
+- p = OPENSSL_malloc(outlen);
+ } else {
- p = OPENSSL_malloc(outlen);
++ start = p = OPENSSL_malloc(outlen);
if (p == NULL) {
PEMerr(PEM_F_I2B_PVK, ERR_R_MALLOC_FAILURE);
return -1;
@@ -91866,14 +93593,14 @@
EVP_CIPHER_CTX_free(cctx);
+
+ if (*out == NULL)
-+ *out = p;
++ *out = start;
+
return outlen;
error:
EVP_CIPHER_CTX_free(cctx);
+ if (*out == NULL)
-+ OPENSSL_free(p);
++ OPENSSL_free(start);
return -1;
}
@@ -96574,7 +98301,19 @@
void poly1305_init_int(void *ctx, const unsigned char key[16]);
void poly1305_blocks(void *ctx, const unsigned char *inp, size_t len,
unsigned int padbit);
-@@ -117,6 +129,7 @@ int poly1305_init(void *ctx, const unsig
+@@ -107,16 +119,17 @@ void poly1305_emit_fpu(void *ctx, unsign
+ int poly1305_init(void *ctx, const unsigned char key[16], void *func[2])
+ {
+ if (sizeof(size_t) == 4 && (OPENSSL_ppccap_P & PPC_FPU)) {
+- poly1305_init_fpu(ctx,key);
++ poly1305_init_fpu(ctx, key);
+ func[0] = poly1305_blocks_fpu;
+ func[1] = poly1305_emit_fpu;
+ } else {
+- poly1305_init_int(ctx,key);
++ poly1305_init_int(ctx, key);
+ func[0] = poly1305_blocks;
+ func[1] = poly1305_emit;
}
return 1;
}
@@ -107386,7 +109125,8 @@
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
-- *
++ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- */
-
-/*-
@@ -107441,8 +109181,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -107454,6 +109193,190 @@
*/
#include <openssl/e_os2.h>
+@@ -176,8 +68,8 @@
+ #endif
+
+ /*
+- * There are 5 types of terminal interface supported, TERMIO, TERMIOS, VMS,
+- * MSDOS and SGTTY.
++ * There are 6 types of terminal interface supported, TERMIO, TERMIOS, VMS,
++ * MSDOS, WIN32 Console and SGTTY.
+ *
+ * If someone defines one of the macros TERMIO, TERMIOS or SGTTY, it will
+ * remain respected. Otherwise, we default to TERMIOS except for a few
+@@ -195,11 +87,9 @@
+ # undef SGTTY
+ /*
+ * We know that VMS, MSDOS, VXWORKS, use entirely other mechanisms.
+- * MAC_OS_GUSI_SOURCE should probably go away, but that needs to be confirmed.
+ */
+ # elif !defined(OPENSSL_SYS_VMS) \
+ && !defined(OPENSSL_SYS_MSDOS) \
+- && !defined(MAC_OS_GUSI_SOURCE) \
+ && !defined(OPENSSL_SYS_VXWORKS)
+ # define TERMIOS
+ # undef TERMIO
+@@ -252,15 +142,6 @@ struct IOSB {
+ };
+ #endif
+
+-#if defined(MAC_OS_GUSI_SOURCE)
+-/*
+- * This one needs work. As a matter of fact the code is unoperational
+- * and this is only a trick to get it compiled.
+- * <appro at fy.chalmers.se>
+- */
+-# define TTY_STRUCT int
+-#endif
+-
+ #ifndef NX509_SIG
+ # define NX509_SIG 32
+ #endif
+@@ -280,6 +161,8 @@ static long tty_orig[3], tty_new[3]; /*
+ * structures? */
+ static long status;
+ static unsigned short channel = 0;
++#elif defined(_WIN32) && !defined(_WIN32_WCE)
++static DWORD tty_orig, tty_new;
+ #else
+ # if !defined(OPENSSL_SYS_MSDOS) || defined(__DJGPP__)
+ static TTY_STRUCT tty_orig, tty_new;
+@@ -295,7 +178,7 @@ static void recsig(int);
+ static void pushsig(void);
+ static void popsig(void);
+ #endif
+-#if defined(OPENSSL_SYS_MSDOS)
++#if defined(OPENSSL_SYS_MSDOS) && !defined(_WIN32)
+ static int noecho_fgets(char *buf, int size, FILE *tty);
+ #endif
+ static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl);
+@@ -403,7 +286,8 @@ static int read_string_inner(UI *ui, UI_
+ char result[BUFSIZ];
+ int maxsize = BUFSIZ - 1;
+ #if !defined(OPENSSL_SYS_WINCE)
+- char *p;
++ char *p = NULL;
++ int echo_eol = !echo;
+
+ intr_signal = 0;
+ ok = 0;
+@@ -417,15 +301,48 @@ static int read_string_inner(UI *ui, UI_
+ ps = 2;
+
+ result[0] = '\0';
+-# ifdef OPENSSL_SYS_MSDOS
++# if defined(_WIN32)
++ if (is_a_tty) {
++ DWORD numread;
++# if defined(CP_UTF8)
++ WCHAR wresult[BUFSIZ];
++
++ if (ReadConsoleW(GetStdHandle(STD_INPUT_HANDLE),
++ wresult, maxsize, &numread, NULL)) {
++ if (numread >= 2 &&
++ wresult[numread-2] == L'\r' && wresult[numread-1] == L'\n') {
++ wresult[numread-2] = L'\n';
++ numread--;
++ echo_eol = 0;
++ }
++ wresult[numread] = '\0';
++ if (WideCharToMultiByte(CP_UTF8, 0, wresult, -1,
++ result, sizeof(result), NULL, 0) > 0)
++ p = result;
++
++ OPENSSL_cleanse(wresult, sizeof(wresult));
++ }
++# else
++ if (ReadConsoleA(GetStdHandle(STD_INPUT_HANDLE),
++ result, maxsize, &numread, NULL)) {
++ if (numread >= 2 &&
++ result[numread-2] == '\r' && result[numread-1] == '\n') {
++ result[numread-2] = '\n';
++ numread--;
++ echo_eol = 0;
++ }
++ result[numread] = '\0';
++ p = result;
++ }
++# endif
++ } else
++# elif defined(OPENSSL_SYS_MSDOS)
+ if (!echo) {
+ noecho_fgets(result, maxsize, tty_in);
+ p = result; /* FIXME: noecho_fgets doesn't return errors */
+ } else
+- p = fgets(result, maxsize, tty_in);
+-# else
+- p = fgets(result, maxsize, tty_in);
+ # endif
++ p = fgets(result, maxsize, tty_in);
+ if (!p)
+ goto error;
+ if (feof(tty_in))
+@@ -443,7 +360,7 @@ static int read_string_inner(UI *ui, UI_
+ error:
+ if (intr_signal == SIGINT)
+ ok = -1;
+- if (!echo)
++ if (echo_eol)
+ fprintf(tty_out, "\n");
+ if (ps >= 2 && !echo && !echo_console(ui))
+ ok = 0;
+@@ -467,6 +384,17 @@ static int open_console(UI *ui)
+ #if defined(OPENSSL_SYS_VXWORKS)
+ tty_in = stdin;
+ tty_out = stderr;
++#elif defined(_WIN32) && !defined(_WIN32_WCE)
++ if ((tty_out = fopen("conout$", "w")) == NULL)
++ tty_out = stderr;
++
++ if (GetConsoleMode(GetStdHandle(STD_INPUT_HANDLE), &tty_orig)) {
++ tty_in = stdin;
++ } else {
++ is_a_tty = 0;
++ if ((tty_in = fopen("conin$", "r")) == NULL)
++ tty_in = stdin;
++ }
+ #else
+ # ifdef OPENSSL_SYS_MSDOS
+ # define DEV_TTY "con"
+@@ -532,6 +460,13 @@ static int noecho_console(UI *ui)
+ if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
+ return 0;
+ #endif
++#if defined(_WIN32) && !defined(_WIN32_WCE)
++ if (is_a_tty) {
++ tty_new = tty_orig;
++ tty_new &= ~ENABLE_ECHO_INPUT;
++ SetConsoleMode(GetStdHandle(STD_INPUT_HANDLE), tty_new);
++ }
++#endif
+ return 1;
+ }
+
+@@ -556,6 +491,13 @@ static int echo_console(UI *ui)
+ if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
+ return 0;
+ #endif
++#if defined(_WIN32) && !defined(_WIN32_WCE)
++ if (is_a_tty) {
++ tty_new = tty_orig;
++ tty_new |= ENABLE_ECHO_INPUT;
++ SetConsoleMode(GetStdHandle(STD_INPUT_HANDLE), tty_new);
++ }
++#endif
+ return 1;
+ }
+
+@@ -657,7 +599,7 @@ static void recsig(int i)
+ #endif
+
+ /* Internal functions specific for Windows */
+-#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WINCE)
++#if defined(OPENSSL_SYS_MSDOS) && !defined(_WIN32)
+ static int noecho_fgets(char *buf, int size, FILE *tty)
+ {
+ int i;
--- a/crypto/ui/ui_util.c
+++ b/crypto/ui/ui_util.c
@@ -1,55 +1,10 @@
@@ -108377,6 +110300,24 @@
*/
#include <stdio.h>
+@@ -128,7 +80,7 @@ int X509_CRL_match(const X509_CRL *a, co
+ return memcmp(a->sha1_hash, b->sha1_hash, 20);
+ }
+
+-X509_NAME *X509_get_issuer_name(X509 *a)
++X509_NAME *X509_get_issuer_name(const X509 *a)
+ {
+ return (a->cert_info.issuer);
+ }
+@@ -145,7 +97,7 @@ unsigned long X509_issuer_name_hash_old(
+ }
+ #endif
+
+-X509_NAME *X509_get_subject_name(X509 *a)
++X509_NAME *X509_get_subject_name(const X509 *a)
+ {
+ return (a->cert_info.subject);
+ }
@@ -187,9 +139,10 @@ int X509_cmp(const X509 *a, const X509 *
return rv;
/* Check for match against stored encoding too */
@@ -109853,9 +111794,7 @@
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -109903,7 +111842,9 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -109915,6 +111856,21 @@
*/
#include <stdio.h>
+@@ -315,12 +267,12 @@ int X509_REQ_add1_attr_by_txt(X509_REQ *
+ return 0;
+ }
+
+-long X509_REQ_get_version(X509_REQ *req)
++long X509_REQ_get_version(const X509_REQ *req)
+ {
+ return ASN1_INTEGER_get(req->req_info.version);
+ }
+
+-X509_NAME *X509_REQ_get_subject_name(X509_REQ *req)
++X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req)
+ {
+ return req->req_info.subject;
+ }
--- a/crypto/x509/x509_set.c
+++ b/crypto/x509/x509_set.c
@@ -1,58 +1,10 @@
@@ -109982,7 +111938,7 @@
*/
#include <stdio.h>
-@@ -146,10 +98,16 @@ int X509_set_pubkey(X509 *x, EVP_PKEY *p
+@@ -146,23 +98,29 @@ int X509_set_pubkey(X509 *x, EVP_PKEY *p
return (X509_PUBKEY_set(&(x->cert_info.key), pkey));
}
@@ -110000,7 +111956,23 @@
+ return ((i > 1) ? 1 : 0);
}
- long X509_get_version(X509 *x)
+-long X509_get_version(X509 *x)
++long X509_get_version(const X509 *x)
+ {
+ return ASN1_INTEGER_get(x->cert_info.version);
+ }
+
+-ASN1_TIME * X509_get_notBefore(X509 *x)
++ASN1_TIME * X509_get_notBefore(const X509 *x)
+ {
+ return x->cert_info.validity.notBefore;
+ }
+
+-ASN1_TIME *X509_get_notAfter(X509 *x)
++ASN1_TIME *X509_get_notAfter(const X509 *x)
+ {
+ return x->cert_info.validity.notAfter;
+ }
--- a/crypto/x509/x509_trs.c
+++ b/crypto/x509/x509_trs.c
@@ -1,59 +1,10 @@
@@ -110570,7 +112542,7 @@
}
}
}
-@@ -918,13 +971,21 @@ static int get_crl_sk(X509_STORE_CTX *ct
+@@ -918,13 +971,25 @@ static int get_crl_sk(X509_STORE_CTX *ct
crl = sk_X509_CRL_value(crls, i);
reasons = *preasons;
crl_score = get_crl_score(ctx, &crl_issuer, &reasons, crl, x);
@@ -110588,7 +112560,11 @@
+ if (ASN1_TIME_diff(&day, &sec, X509_CRL_get_lastUpdate(best_crl),
+ X509_CRL_get_lastUpdate(crl)) == 0)
+ continue;
-+ if (day < 0 || sec <= 0)
++ /*
++ * ASN1_TIME_diff never returns inconsistent signs for |day|
++ * and |sec|.
++ */
++ if (day <= 0 && sec <= 0)
+ continue;
}
+ best_crl = crl;
@@ -110598,7 +112574,7 @@
}
if (best_crl) {
-@@ -1505,6 +1566,7 @@ static int check_policy(X509_STORE_CTX *
+@@ -1505,6 +1570,7 @@ static int check_policy(X509_STORE_CTX *
*/
if (ctx->bare_ta_signed && !sk_X509_push(ctx->chain, NULL)) {
X509err(X509_F_CHECK_POLICY, ERR_R_MALLOC_FAILURE);
@@ -110606,7 +112582,7 @@
return 0;
}
ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain,
-@@ -1514,6 +1576,7 @@ static int check_policy(X509_STORE_CTX *
+@@ -1514,6 +1580,7 @@ static int check_policy(X509_STORE_CTX *
if (ret == X509_PCY_TREE_INTERNAL) {
X509err(X509_F_CHECK_POLICY, ERR_R_MALLOC_FAILURE);
@@ -110614,7 +112590,7 @@
return 0;
}
/* Invalid or inconsistent extensions */
-@@ -1544,7 +1607,12 @@ static int check_policy(X509_STORE_CTX *
+@@ -1544,7 +1611,12 @@ static int check_policy(X509_STORE_CTX *
if (ctx->param->flags & X509_V_FLAG_NOTIFY_POLICY) {
ctx->current_cert = NULL;
@@ -110628,7 +112604,7 @@
if (!ctx->verify_cb(2, ctx))
return 0;
}
-@@ -1989,11 +2057,21 @@ int X509_STORE_CTX_get_error_depth(X509_
+@@ -1989,11 +2061,21 @@ int X509_STORE_CTX_get_error_depth(X509_
return ctx->error_depth;
}
@@ -110650,7 +112626,7 @@
STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx)
{
return ctx->chain;
-@@ -2138,7 +2216,6 @@ int X509_STORE_CTX_init(X509_STORE_CTX *
+@@ -2138,7 +2220,6 @@ int X509_STORE_CTX_init(X509_STORE_CTX *
int ret = 1;
ctx->ctx = store;
@@ -110658,7 +112634,7 @@
ctx->cert = x509;
ctx->untrusted = chain;
ctx->crls = NULL;
-@@ -2161,11 +2238,10 @@ int X509_STORE_CTX_init(X509_STORE_CTX *
+@@ -2161,11 +2242,10 @@ int X509_STORE_CTX_init(X509_STORE_CTX *
/* Zero ex_data to make sure we're cleanup-safe */
memset(&ctx->ex_data, 0, sizeof(ctx->ex_data));
@@ -110673,7 +112649,7 @@
ctx->cleanup = 0;
if (store && store->check_issued)
-@@ -2208,17 +2284,20 @@ int X509_STORE_CTX_init(X509_STORE_CTX *
+@@ -2208,17 +2288,20 @@ int X509_STORE_CTX_init(X509_STORE_CTX *
else
ctx->cert_crl = cert_crl;
@@ -110698,7 +112674,7 @@
ctx->param = X509_VERIFY_PARAM_new();
if (ctx->param == NULL) {
-@@ -2322,6 +2401,27 @@ void X509_STORE_CTX_set_time(X509_STORE_
+@@ -2322,6 +2405,27 @@ void X509_STORE_CTX_set_time(X509_STORE_
X509_VERIFY_PARAM_set_time(ctx->param, t);
}
@@ -110726,7 +112702,7 @@
void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
X509_STORE_CTX_verify_cb verify_cb)
{
-@@ -2333,36 +2433,59 @@ X509_STORE_CTX_verify_cb X509_STORE_CTX_
+@@ -2333,36 +2437,59 @@ X509_STORE_CTX_verify_cb X509_STORE_CTX_
return ctx->verify_cb;
}
@@ -110800,7 +112776,7 @@
}
X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx)
-@@ -2467,7 +2590,7 @@ static int dane_match(X509_STORE_CTX *ct
+@@ -2467,7 +2594,7 @@ static int dane_match(X509_STORE_CTX *ct
/*
* If we've previously matched a PKIX-?? record, no need to test any
@@ -110809,7 +112785,7 @@
* Had the match been a DANE-?? record, we'd be done already.
*/
if (dane->mdpth >= 0)
-@@ -2549,9 +2672,9 @@ static int dane_match(X509_STORE_CTX *ct
+@@ -2549,9 +2676,9 @@ static int dane_match(X509_STORE_CTX *ct
cmplen = i2dlen;
if (md != NULL) {
@@ -110822,7 +112798,7 @@
break;
}
}
-@@ -2696,6 +2819,10 @@ static int dane_verify(X509_STORE_CTX *c
+@@ -2696,6 +2823,10 @@ static int dane_verify(X509_STORE_CTX *c
/* Callback invoked as needed */
if (!check_leaf_suiteb(ctx, cert))
return 0;
@@ -110833,7 +112809,7 @@
/* Bypass internal_verify(), issue depth 0 success callback */
ctx->error_depth = 0;
ctx->current_cert = cert;
-@@ -2781,15 +2908,31 @@ static int build_chain(X509_STORE_CTX *c
+@@ -2781,15 +2912,31 @@ static int build_chain(X509_STORE_CTX *c
*/
if (ctx->untrusted && (sktmp = sk_X509_dup(ctx->untrusted)) == NULL) {
X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE);
@@ -110866,7 +112842,7 @@
return 0;
}
}
-@@ -2853,6 +2996,7 @@ static int build_chain(X509_STORE_CTX *c
+@@ -2853,6 +3000,7 @@ static int build_chain(X509_STORE_CTX *c
if (ok < 0) {
trust = X509_TRUST_REJECTED;
@@ -110874,7 +112850,7 @@
search = 0;
continue;
}
-@@ -2899,6 +3043,7 @@ static int build_chain(X509_STORE_CTX *c
+@@ -2899,6 +3047,7 @@ static int build_chain(X509_STORE_CTX *c
X509_free(xtmp);
X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE);
trust = X509_TRUST_REJECTED;
@@ -110882,7 +112858,7 @@
search = 0;
continue;
}
-@@ -2995,6 +3140,7 @@ static int build_chain(X509_STORE_CTX *c
+@@ -2995,6 +3144,7 @@ static int build_chain(X509_STORE_CTX *c
if (!sk_X509_push(ctx->chain, xtmp)) {
X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE);
trust = X509_TRUST_REJECTED;
@@ -111058,7 +113034,7 @@
*/
#include <stdio.h>
-@@ -132,10 +83,16 @@ int X509_CRL_sort(X509_CRL *c)
+@@ -132,28 +83,34 @@ int X509_CRL_sort(X509_CRL *c)
return 1;
}
@@ -111076,7 +113052,29 @@
+ return ((i > 1) ? 1 : 0);
}
- long X509_CRL_get_version(X509_CRL *crl)
+-long X509_CRL_get_version(X509_CRL *crl)
++long X509_CRL_get_version(const X509_CRL *crl)
+ {
+ return ASN1_INTEGER_get(crl->crl.version);
+ }
+
+-ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl)
++ASN1_TIME *X509_CRL_get_lastUpdate(const X509_CRL *crl)
+ {
+ return crl->crl.lastUpdate;
+ }
+
+-ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl)
++ASN1_TIME *X509_CRL_get_nextUpdate(const X509_CRL *crl)
+ {
+ return crl->crl.nextUpdate;
+ }
+
+-X509_NAME *X509_CRL_get_issuer(X509_CRL *crl)
++X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl)
+ {
+ return crl->crl.issuer;
+ }
@@ -221,7 +178,7 @@ int X509_REVOKED_set_serialNumber(X509_R
return 1;
}
@@ -118138,6 +120136,90 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
+--- /dev/null
++++ b/doc/apps/list.pod
+@@ -0,0 +1,81 @@
++=pod
++
++=head1 NAME
++
++list - list algorithms and features
++
++=head1 SYNOPSIS
++
++B<openssl list>
++[B<-help>]
++[B<-commands>]
++[B<-digest-commands>]
++[B<-digest-algorithms>]
++[B<-cipher-commands>]
++[B<-cipher-algorithms>]
++[B<-public-key-algorithms>]
++[B<-disabled>]
++
++=head1 DESCRIPTION
++
++This command is used to generate list of algorithms or disabled
++features.
++
++=head1 OPTIONS
++
++=over 4
++
++=item B<-help>
++
++Display out a usage message.
++
++=item B<-commands>
++
++Display a list of standard commands.
++
++=item B<-digest-commands>
++
++Display a list of message digest commands, which are typically used
++as input to the L<dgst(1)> or L<speed(1)> commands.
++
++=item B<-digest-algorithms>
++
++Display a list of message digest algorithms.
++If a line is of the form
++ foo => bar
++then B<foo> is an alias for the official algorithm name, B<bar>.
++
++=item B<-cipher-commands>
++
++Display a list of cipher commands, which are typically used as input
++to the L<dgst(1)> or L<speed(1)> commands.
++
++=item B<-cipher-algorithms>
++
++Display a list of cipher algorithms.
++If a line is of the form
++ foo => bar
++then B<foo> is an alias for the official algorithm name, B<bar>.
++
++=item B<-public-key-algorithms>
++
++Display a list of public key algorithms, with each algorithm as
++a block of multiple lines, all but the first are indented.
++
++=item B<-disabled>
++
++Display a list of disabled features, those that were compiled out
++of the installation.
++
++=back
++
++=head1 COPYRIGHT
++
++Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
++
++Licensed under the OpenSSL license (the "License"). You may not use
++this file except in compliance with the License. You can obtain a copy
++in the file LICENSE in the source distribution or at
++L<https://www.openssl.org/source/license.html>.
++
++=cut
--- a/doc/apps/nseq.pod
+++ b/doc/apps/nseq.pod
@@ -2,7 +2,7 @@
@@ -119518,8 +121600,47 @@
=cut
--- a/doc/apps/speed.pod
+++ b/doc/apps/speed.pod
-@@ -77,4 +77,13 @@ the above are tested.
+@@ -12,35 +12,13 @@ B<openssl speed>
+ [B<-elapsed>]
+ [B<-evp algo>]
+ [B<-decrypt>]
+-[B<md2>]
+-[B<mdc2>]
+-[B<md5>]
+-[B<hmac>]
+-[B<sha1>]
+-[B<rmd160>]
+-[B<idea-cbc>]
+-[B<rc2-cbc>]
+-[B<rc5-cbc>]
+-[B<bf-cbc>]
+-[B<des-cbc>]
+-[B<des-ede3>]
+-[B<rc4>]
+-[B<rsa512>]
+-[B<rsa1024>]
+-[B<rsa2048>]
+-[B<rsa4096>]
+-[B<dsa512>]
+-[B<dsa1024>]
+-[B<dsa2048>]
+-[B<idea>]
+-[B<rc2>]
+-[B<des>]
+-[B<rsa>]
+-[B<blowfish>]
++[B<algorithm...>]
+ =head1 DESCRIPTION
+
+ This command is used to test the performance of cryptographic algorithms.
++To see the list of supported algorithms, use the I<list --digest-commands>
++or I<list --cipher-commands> command.
+
+ =head1 OPTIONS
+
+@@ -77,4 +55,13 @@ the above are tested.
+
=back
+=head1 COPYRIGHT
@@ -122539,7 +124660,7 @@
This is a file descriptor BIO version of "Hello World":
BIO *out;
-+
++
out = BIO_new_fd(fileno(stdout), BIO_NOCLOSE);
BIO_printf(out, "Hello World\n");
BIO_free(out);
@@ -123504,6 +125625,15 @@
=cut
--- a/doc/crypto/BN_zero.pod
+++ b/doc/crypto/BN_zero.pod
+@@ -42,7 +42,7 @@ be represented as an unsigned long.
+ BN_one(), BN_set_word() and the deprecated version of BN_zero()
+ return 1 on success, 0 otherwise.
+ BN_value_one() returns the constant.
+-The preferred version of BN_zer() never fails and returns no value.
++The preferred version of BN_zero() never fails and returns no value.
+
+ =head1 BUGS
+
@@ -55,4 +55,13 @@ unsigned long but this value is also ret
L<bn(3)>, L<BN_bn2bin(3)>
@@ -124353,7 +126483,7 @@
- functions supporting application-specific data
=head1 SYNOPSIS
-@@ -12,9 +13,9 @@ CRYPTO_get_ex_data, CRYPTO_free_ex_data
+@@ -12,17 +13,19 @@ CRYPTO_get_ex_data, CRYPTO_free_ex_data
int CRYPTO_get_ex_new_index(int class_index,
long argl, void *argp,
@@ -124366,8 +126496,10 @@
typedef int CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
int idx, long argl, void *argp);
-@@ -23,6 +24,8 @@ CRYPTO_get_ex_data, CRYPTO_free_ex_data
- typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from,
+ typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+ int idx, long argl, void *argp);
+- typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from,
++ typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
void *from_d, int idx, long argl, void *argp);
+ int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)
@@ -125595,8 +127727,43 @@
=cut
--- a/doc/crypto/DSA_size.pod
+++ b/doc/crypto/DSA_size.pod
-@@ -26,4 +26,13 @@ The size in bytes.
+@@ -2,28 +2,43 @@
+ =head1 NAME
+
+-DSA_size - get DSA signature size
++DSA_size, DSA_bits - get DSA signature size or key bits
+
+ =head1 SYNOPSIS
+
+ #include <openssl/dsa.h>
+
+ int DSA_size(const DSA *dsa);
++ int DSA_bits(const DSA *dsa);
+
+ =head1 DESCRIPTION
+
+-This function returns the size of an ASN.1 encoded DSA signature in
+-bytes. It can be used to determine how much memory must be allocated
+-for a DSA signature.
++DSA_size() returns the maximum size of an ASN.1 encoded DSA signature
++for key B<dsa> in bytes. It can be used to determine how much memory must
++be allocated for a DSA signature.
+
+ B<dsa-E<gt>q> must not be B<NULL>.
+
++DSA_bits() returns the number of bits in key B<dsa>: this is the number
++of bits in the B<p> parameter.
++
+ =head1 RETURN VALUE
+
+-The size in bytes.
++DSA_size() returns the size in bytes.
++
++DSA_bits() returns the number of bits in the key.
+
+ =head1 SEE ALSO
+
L<dsa(3)>, L<DSA_sign(3)>
+=head1 COPYRIGHT
@@ -129706,9 +131873,9 @@
+behaviour in previous versions of OpenSSL - failure to switch to HMAC_Init_ex()
+in programs that expect it will cause them to stop working>.
+
-+B<NB: if HMAC_Init_ex() is called with B<key> NULL and B<evp_md> is not the
++B<NOTE:> If HMAC_Init_ex() is called with B<key> NULL and B<evp_md> is not the
+same as the previous digest used by B<ctx> then an error is returned
-+because reuse of an existing key with a different digest is not supported.>
++because reuse of an existing key with a different digest is not supported.
+
+HMAC_Update() can be called repeatedly with chunks of the message to
+be authenticated (B<len> bytes at B<data>).
@@ -130158,11 +132325,13 @@
=cut
--- /dev/null
+++ b/doc/crypto/OCSP_resp_find_status.pod
-@@ -0,0 +1,136 @@
+@@ -0,0 +1,138 @@
+=pod
+
+=head1 NAME
+
++OCSP_resp_get0_certs,
++OCSP_resp_get0_id,
+OCSP_resp_get0_produced_at,
+OCSP_resp_find_status, OCSP_resp_count, OCSP_resp_get0, OCSP_resp_find,
+OCSP_single_get0_status, OCSP_check_validity
@@ -134818,7 +136987,25 @@
=cut
--- a/doc/crypto/X509_STORE_CTX_set_verify_cb.pod
+++ b/doc/crypto/X509_STORE_CTX_set_verify_cb.pod
-@@ -14,7 +14,19 @@ X509_STORE_CTX_set_verify_cb - get and s
+@@ -2,6 +2,17 @@
+
+ =head1 NAME
+
++X509_STORE_CTX_get_cleanup,
++X509_STORE_CTX_get_lookup_crls,
++X509_STORE_CTX_get_lookup_certs,
++X509_STORE_CTX_get_check_policy,
++X509_STORE_CTX_get_cert_crl,
++X509_STORE_CTX_get_check_crl,
++X509_STORE_CTX_get_get_crl,
++X509_STORE_CTX_get_check_revocation,
++X509_STORE_CTX_get_check_issued,
++X509_STORE_CTX_get_get_issuer,
++X509_STORE_CTX_get_verify,
+ X509_STORE_CTX_get_verify_cb,
+ X509_STORE_CTX_set_verify_cb - get and set verification callback
+
+@@ -14,7 +25,19 @@ X509_STORE_CTX_set_verify_cb - get and s
X509_STORE_CTX_verify_cb X509_STORE_CTX_get_verify_cb(X509_STORE_CTX *ctx);
void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
@@ -134839,7 +137026,7 @@
=head1 DESCRIPTION
-@@ -29,7 +41,7 @@ However a verification callback is B<not
+@@ -29,7 +52,7 @@ However a verification callback is B<not
is often sufficient.
The B<ok> parameter to the callback indicates the value the callback should
@@ -134848,7 +137035,7 @@
is indicated. If it is 1 then no error occurred. If the flag
B<X509_V_FLAG_NOTIFY_POLICY> is set then B<ok> is set to 2 to indicate the
policy checking is complete.
-@@ -43,6 +55,16 @@ be passed to the callback via the B<ex_d
+@@ -43,6 +66,16 @@ be passed to the callback via the B<ex_d
X509_STORE_CTX_get_verify_cb() returns the value of the current callback
for the specific B<ctx>.
@@ -134865,7 +137052,7 @@
=head1 WARNING
In general a verification callback should B<NOT> unconditionally return 1 in
-@@ -68,92 +90,92 @@ X509_STORE_CTX_set_verify_cb() does not
+@@ -68,92 +101,92 @@ X509_STORE_CTX_set_verify_cb() does not
Default callback operation:
int verify_callback(int ok, X509_STORE_CTX *ctx)
@@ -135029,7 +137216,7 @@
=head1 SEE ALSO
-@@ -161,4 +183,22 @@ L<X509_STORE_CTX_get_error(3)>
+@@ -161,4 +194,22 @@ L<X509_STORE_CTX_get_error(3)>
L<X509_STORE_set_verify_cb_func(3)>
L<X509_STORE_CTX_get_ex_new_index(3)>
@@ -135174,8 +137361,41 @@
=cut
--- a/doc/crypto/X509_STORE_set_verify_cb_func.pod
+++ b/doc/crypto/X509_STORE_set_verify_cb_func.pod
-@@ -8,44 +8,228 @@ X509_STORE_set_verify_cb_func, X509_STOR
+@@ -2,50 +2,260 @@
+ =head1 NAME
+
+-X509_STORE_set_verify_cb_func, X509_STORE_set_verify_cb - set verification callback
++X509_STORE_set_lookup_crls_cb,
++X509_STORE_set_verify_func,
++X509_STORE_get_cleanup,
++X509_STORE_set_cleanup,
++X509_STORE_get_lookup_crls,
++X509_STORE_set_lookup_crls,
++X509_STORE_get_lookup_certs,
++X509_STORE_set_lookup_certs,
++X509_STORE_get_check_policy,
++X509_STORE_set_check_policy,
++X509_STORE_get_cert_crl,
++X509_STORE_set_cert_crl,
++X509_STORE_get_check_crl,
++X509_STORE_set_check_crl,
++X509_STORE_get_get_crl,
++X509_STORE_set_get_crl,
++X509_STORE_get_check_revocation,
++X509_STORE_set_check_revocation,
++X509_STORE_get_check_issued,
++X509_STORE_set_check_issued,
++X509_STORE_get_get_issuer,
++X509_STORE_set_get_issuer,
++X509_STORE_CTX_get_verify,
++X509_STORE_set_verify,
++X509_STORE_get_verify_cb,
++X509_STORE_set_verify_cb_func, X509_STORE_set_verify_cb
++- set verification callback
+
+ =head1 SYNOPSIS
+
#include <openssl/x509_vfy.h>
- void X509_STORE_set_verify_cb(X509_STORE *st,
@@ -135299,7 +137519,7 @@
+I<If no function to get the issuer is provided, the internal default
+function will be used instead.>
+
-+X509_STORE_set_get_crl() sets the function to get the crl for a given
++X509_STORE_set_get_crl() sets the function to get the crl for a given
+certificate B<x>.
+When found, the crl must be assigned to B<*crl>.
+This function must return 0 on failure and 1 on success.
@@ -135982,7 +138202,7 @@
uint32_t X509_get_extended_key_usage(X509 *x);
const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x);
+ void X509_set_proxy_flag(X509 *x);
-+ void X509_set_proxy_path_length(int l);
++ void X509_set_proxy_pathlen(int l);
+ long X509_get_proxy_pathlen(X509 *x);
=head1 DESCRIPTION
@@ -136050,6 +138270,101 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
+--- /dev/null
++++ b/doc/crypto/X509_get_notBefore.pod
+@@ -0,0 +1,92 @@
++=pod
++
++=head1 NAME
++
++X509_get_notBefore, X509_get_notAfter, X509_set_notBefore,
++X509_set_notAfter, X509_CRL_get_lastUpdate, X509_CRL_get_nextUpdate,
++X509_CRL_set_lastUpdate, X509_CRL_set_nextUpdate - get or set certificate
++or CRL dates
++
++=head1 SYNOPSIS
++
++ #include <openssl/x509.h>
++
++ ASN1_TIME *X509_get_notBefore(const X509 *x);
++ ASN1_TIME *X509_get_notAfter(const X509 *x);
++
++ int X509_set_notBefore(X509 *x, const ASN1_TIME *tm);
++ int X509_set_notAfter(X509 *x, const ASN1_TIME *tm);
++
++ ASN1_TIME *X509_CRL_get_lastUpdate(const X509_CRL *crl);
++ ASN1_TIME *X509_CRL_get_nextUpdate(const X509_CRL *crl);
++
++ int X509_CRL_set_lastUpdate(X509_CRL *x, const ASN1_TIME *tm);
++ int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm);
++
++=head1 DESCRIPTION
++
++X509_get_notBefore() and X509_get_notAfter() return the B<notBefore>
++and B<notAfter> fields of certificate B<x> respectively. The value
++returned is an internal pointer which must not be freed up after
++the call.
++
++X509_set_notBefore() and X509_set_notAfter() set the B<notBefore>
++and B<notAfter> fields of B<x> to B<tm>. Ownership of the passed
++parameter B<tm> is not transferred by these functions so it must
++be freed up after the call.
++
++X509_CRL_get_lastUpdate() and X509_CRL_get_nextUpdate() return the
++B<lastUpdate> and B<nextUpdate> fields of B<crl>. The value
++returned is an internal pointer which must not be freed up after
++the call. If the B<nextUpdate> field is absent from B<crl> then
++B<NULL> is returned.
++
++X509_CRL_set_lastUpdate() and X509_CRL_set_nextUpdate() set the B<lastUpdate>
++and B<nextUpdate> fields of B<crl> to B<tm>. Ownership of the passed parameter
++B<tm> is not transferred by these functions so it must be freed up after the
++call.
++
++=head1 RETURN VALUES
++
++X509_get_notBefore(), X509_get_notAfter() and X509_CRL_get_lastUpdate()
++return a pointer to an B<ASN1_TIME> structure.
++
++X509_CRL_get_lastUpdate() return a pointer to an B<ASN1_TIME> structure
++or NULL if the B<lastUpdate> field is absent.
++
++X509_set_notBefore(), X509_set_notAfter(), X509_CRL_set_lastUpdate() and
++X509_CRL_set_nextUpdate() return 1 for success or 0 for failure.
++
++=head1 SEE ALSO
++
++L<d2i_X509(3)>,
++L<ERR_get_error(3)>,
++L<X509_CRL_get0_by_serial(3)>,
++L<X509_get0_signature(3)>,
++L<X509_get_ext_d2i(3)>,
++L<X509_get_extension_flags(3)>,
++L<X509_get_pubkey(3)>,
++L<X509_get_subject_name(3)>,
++L<X509_NAME_add_entry_by_txt(3)>,
++L<X509_NAME_ENTRY_get_object(3)>,
++L<X509_NAME_get_index_by_NID(3)>,
++L<X509_NAME_print_ex(3)>,
++L<X509_new(3)>,
++L<X509_sign(3)>,
++L<X509V3_get_d2i(3)>,
++L<X509_verify_cert(3)>
++
++=head1 HISTORY
++
++These functions are available in all versions of OpenSSL.
++
++=head1 COPYRIGHT
++
++Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
++
++Licensed under the OpenSSL license (the "License"). You may not use
++this file except in compliance with the License. You can obtain a copy
++in the file LICENSE in the source distribution or at
++L<https://www.openssl.org/source/license.html>.
++
++=cut
--- a/doc/crypto/X509_get_pubkey.pod
+++ b/doc/crypto/X509_get_pubkey.pod
@@ -3,16 +3,16 @@
@@ -136124,7 +138439,7 @@
=cut
--- a/doc/crypto/X509_get_subject_name.pod
+++ b/doc/crypto/X509_get_subject_name.pod
-@@ -5,7 +5,7 @@
+@@ -5,22 +5,22 @@
X509_get_subject_name, X509_set_subject_name, X509_get_issuer_name,
X509_set_issuer_name, X509_REQ_get_subject_name, X509_REQ_set_subject_name,
X509_CRL_get_issuer, X509_CRL_set_issuer_name - get and set issuer or
@@ -136133,6 +138448,25 @@
=head1 SYNOPSIS
+ #include <openssl/x509.h>
+
+- X509_NAME *X509_get_subject_name(X509 *x);
++ X509_NAME *X509_get_subject_name(const X509 *x);
+ int X509_set_subject_name(X509 *x, X509_NAME *name);
+
+- X509_NAME *X509_get_issuer_name(X509 *x);
++ X509_NAME *X509_get_issuer_name(const X509 *x);
+ int X509_set_issuer_name(X509 *x, X509_NAME *name);
+
+- X509_NAME *X509_REQ_get_subject_name(X509_REQ *req);
++ X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req);
+ int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name);
+
+- X509_NAME *X509_CRL_get_issuer(X509_CRL *crl);
++ X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl);
+ int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name);
+
+ =head1 DESCRIPTION
@@ -34,11 +34,11 @@ up when it is no longer needed.
X509_get_issuer_name() and X509_set_issuer_name() are identical to
@@ -136163,7 +138497,7 @@
=cut
--- a/doc/crypto/X509_get_version.pod
+++ b/doc/crypto/X509_get_version.pod
-@@ -4,7 +4,7 @@
+@@ -4,26 +4,26 @@
X509_get_version, X509_set_version, X509_REQ_get_version, X509_REQ_set_version,
X509_CRL_get_version, X509_CRL_set_version - get or set certificate,
@@ -136172,8 +138506,22 @@
=head1 SYNOPSIS
-@@ -23,7 +23,7 @@ certificate request or CRL version.
+ #include <openssl/x509.h>
+- long X509_get_version(X509 *x);
++ long X509_get_version(const X509 *x);
+ int X509_set_version(X509 *x, long version);
+
+- long X509_REQ_get_version(X509_REQ *req);
++ long X509_REQ_get_version(const X509_REQ *req);
+ int X509_REQ_set_version(X509_REQ *x, long version);
+
+- long X509_CRL_get_version(X509_CRL *crl);
++ long X509_CRL_get_version(const X509_CRL *crl);
+ int X509_CRL_set_version(X509_CRL *x, long version);
+
+ =head1 DESCRIPTION
+
X509_get_version() returns the numerical value of the version field of
certificate B<x>. Note: this is defined by standards (X.509 et al) to be one
-less than the certificate version. So a verson 3 certificate will return 2 and
@@ -145641,15 +147989,26 @@
=cut
--- a/doc/ssl/SSL_get_all_async_fds.pod
+++ b/doc/ssl/SSL_get_all_async_fds.pod
-@@ -7,6 +7,7 @@ asynchronous operations
+@@ -2,11 +2,16 @@
+ =head1 NAME
+
+-SSL_waiting_for_async, SSL_get_all_async_fds, SSL_get_changed_async_fds - manage
+-asynchronous operations
++SSL_waiting_for_async,
++SSL_get_all_async_fds,
++SSL_get_changed_async_fds
++- manage asynchronous operations
++
++=for comment multiple includes
+
=head1 SYNOPSIS
+ #include <openssl/async.h>
#include <openssl/ssl.h>
int SSL_waiting_for_async(SSL *s);
-@@ -53,6 +54,15 @@ for an async operation to complete and 0
+@@ -53,6 +58,15 @@ for an async operation to complete and 0
SSL_get_all_async_fds() and SSL_get_changed_async_fds() return 1 on success or
0 on error.
@@ -145665,7 +148024,7 @@
=head1 SEE ALSO
L<SSL_get_error(3)>, L<SSL_CTX_set_mode(3)>
-@@ -62,4 +72,13 @@ L<SSL_get_error(3)>, L<SSL_CTX_set_mode(
+@@ -62,4 +76,13 @@ L<SSL_get_error(3)>, L<SSL_CTX_set_mode(
SSL_waiting_for_async(), SSL_get_all_async_fds() and SSL_get_changed_async_fds()
were first added to OpenSSL 1.1.0.
@@ -145763,7 +148122,7 @@
=head1 NAME
-SSL_get_current_cipher, SSL_get_cipher, SSL_get_cipher_name,
-+SSL_get_current_cipher, SSL_get_cipher_name, *SSL_get_cipher,
++SSL_get_current_cipher, SSL_get_cipher_name, SSL_get_cipher,
SSL_get_cipher_bits, SSL_get_cipher_version - get SSL_CIPHER of a connection
=head1 SYNOPSIS
@@ -146359,19 +148718,110 @@
=cut
--- a/doc/ssl/SSL_set_bio.pod
+++ b/doc/ssl/SSL_set_bio.pod
-@@ -9,6 +9,8 @@ SSL_set_bio, SSL_set_rbio, SSL_set_wbio
+@@ -2,29 +2,85 @@
+
+ =head1 NAME
+
+-SSL_set_bio, SSL_set_rbio, SSL_set_wbio - connect the SSL object with a BIO
++SSL_set_bio, SSL_set0_rbio, SSL_set0_wbio - connect the SSL object with a BIO
+
+ =head1 SYNOPSIS
+
#include <openssl/ssl.h>
void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio);
-+ void SSL_set_rbio(SSL *s, BIO *rbio);
-+ void SSL_set_wbio(SSL *s, BIO *wbio);
++ void SSL_set0_rbio(SSL *s, BIO *rbio);
++ void SSL_set0_wbio(SSL *s, BIO *wbio);
=head1 DESCRIPTION
-@@ -40,4 +42,13 @@ L<SSL_shutdown(3)>, L<ssl(3)>, L<bio(3)>
+-SSL_set_bio() connects the BIOs B<rbio> and B<wbio> for the read and write
+-operations of the TLS/SSL (encrypted) side of B<ssl>.
++SSL_set0_rbio() connects the BIO B<rbio> for the read operations of the B<ssl>
++object. The SSL engine inherits the behaviour of B<rbio>. If the BIO is
++non-blocking then the B<ssl> object will also have non-blocking behaviour. This
++function transfers ownership of B<rbio> to B<ssl>. It will be automatically
++freed using L<BIO_free_all(3)> when the B<ssl> is freed. On calling this
++function, any existing B<rbio> that was previously set will also be freed via a
++call to L<BIO_free_all(3)> (this includes the case where the B<rbio> is set to
++the same value as previously).
- SSL_set_rbio() and SSL_set_wbio() were added in OpenSSL 1.1.0.
+-The SSL engine inherits the behaviour of B<rbio> and B<wbio>, respectively.
+-If a BIO is non-blocking, the B<ssl> will also have non-blocking behaviour.
++SSL_set0_wbio() works in the same as SSL_set0_rbio() except that it connects
++the BIO B<wbio> for the write operations of the B<ssl> object. Note that if the
++rbio and wbio are the same then SSL_set0_rbio() and SSL_set0_wbio() each take
++ownership of one reference. Therefore it may be necessary to increment the
++number of references available using L<BIO_up_ref(3)> before calling the set0
++functions.
+-If there was already a BIO connected to B<ssl>, BIO_free() will be called
+-(for both the reading and writing side, if different).
++SSL_set_bio() does a similar job as SSL_set0_rbio() and SSL_set0_wbio() except
++that it connects both the B<rbio> and the B<wbio> at the same time. This
++function transfers the ownership of B<rbio> and B<wbio> to B<ssl> except that
++the rules for this are much more complex. For this reason this function is
++considered a legacy function and SSL_set0_rbio() and SSL_set0_wbio() should be
++used in preference. The ownership rules are as follows:
+
+-SSL_set_rbio() does the same job as SSL_set_bio() except that it enables you
+-to only connect the read bio, without touching the write bio. Similarly
+-SSL_set_wbio() enables you to connect the write bio without touching the read
+-bio.
++=over 4
++
++=item
++
++If neither the rbio or wbio have changed from their previous values then nothing
++is done.
++
++=item
++
++If the rbio and wbio parameters are different and both are different to their
++previously set values then one reference is consumed for the rbio and one
++reference is consumed for the wbio.
++
++=item
++
++If the rbio and wbio parameters are the same and the rbio is not the same as the
++previously set value then one reference is consumed.
++
++=item
++
++If the rbio and wbio parameters are the same and the rbio is the same as the
++previously set value, then no additional references are consumed.
++
++=item
++
++If the rbio and wbio parameters are different and the rbio is the same as the
++previously set value then one reference is consumbed for the wbio and no
++references are consumed for the rbio.
++
++=item
++
++If the rbio and wbio parameters are different and the wbio is the same as the
++previously set value and the old rbio and wbio values were the same as each
++other then one reference is consumed for the rbio and no references are consumed
++for the wbio.
++
++=item
++
++If the rbio and wbio parameters are different and the wbio is the same as the
++previously set value and the old rbio and wbio values were different to each
++other then one reference is consumed for the rbio and one reference is consumed
++for the wbio.
++
++=back
+
+ =head1 RETURN VALUES
+
+@@ -38,6 +94,15 @@ L<SSL_shutdown(3)>, L<ssl(3)>, L<bio(3)>
+
+ =head1 HISTORY
+
+-SSL_set_rbio() and SSL_set_wbio() were added in OpenSSL 1.1.0.
++SSL_set0_rbio() and SSL_set0_wbio() were added in OpenSSL 1.1.0.
++
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
@@ -146380,7 +148830,7 @@
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
-+
+
=cut
--- a/doc/ssl/SSL_set_connect_state.pod
+++ b/doc/ssl/SSL_set_connect_state.pod
@@ -149092,7 +151542,7 @@
+ $ CC=clang ./config enable-fuzz-libfuzzer \
+ --with-fuzzer-include=../../svn-work/Fuzzer \
+ --with-fuzzer-lib=../../svn-work/Fuzzer/libFuzzer \
-+ enable-asan enable-ubsan no-shared
++ -DPEDANTIC enable-asan enable-ubsan no-shared
+ $ sudo apt-get install make
+ $ LDCMD=clang++ make -j
+ $ fuzz/helper.py $FUZZER
@@ -149120,7 +151570,7 @@
+Where $FUZZER is one of the executables in `fuzz/`.
--- /dev/null
+++ b/fuzz/asn1.c
-@@ -0,0 +1,208 @@
+@@ -0,0 +1,222 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
@@ -149142,9 +151592,11 @@
+#include <string.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
++#include <openssl/dh.h>
+#include <openssl/ec.h>
+#include <openssl/ocsp.h>
+#include <openssl/pkcs12.h>
++#include <openssl/rsa.h>
+#include <openssl/ts.h>
+#include <openssl/x509v3.h>
+#include <openssl/cms.h>
@@ -149152,9 +151604,11 @@
+
+static ASN1_ITEM_EXP *item_type[] = {
+ ASN1_ITEM_ref(ACCESS_DESCRIPTION),
++#ifndef OPENSSL_NO_RFC3779
+ ASN1_ITEM_ref(ASIdentifierChoice),
+ ASN1_ITEM_ref(ASIdentifiers),
+ ASN1_ITEM_ref(ASIdOrRange),
++#endif
+ ASN1_ITEM_ref(ASN1_ANY),
+ ASN1_ITEM_ref(ASN1_BIT_STRING),
+ ASN1_ITEM_ref(ASN1_BMPSTRING),
@@ -149181,17 +151635,23 @@
+ ASN1_ITEM_ref(ASN1_UTCTIME),
+ ASN1_ITEM_ref(ASN1_UTF8STRING),
+ ASN1_ITEM_ref(ASN1_VISIBLESTRING),
++#ifndef OPENSSL_NO_RFC3779
+ ASN1_ITEM_ref(ASRange),
++#endif
+ ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
+ ASN1_ITEM_ref(AUTHORITY_KEYID),
+ ASN1_ITEM_ref(BASIC_CONSTRAINTS),
+ ASN1_ITEM_ref(BIGNUM),
+ ASN1_ITEM_ref(CBIGNUM),
+ ASN1_ITEM_ref(CERTIFICATEPOLICIES),
++#ifndef OPENSSL_NO_CMS
+ ASN1_ITEM_ref(CMS_ContentInfo),
+ ASN1_ITEM_ref(CMS_ReceiptRequest),
+ ASN1_ITEM_ref(CRL_DIST_POINTS),
++#endif
++#ifndef OPENSSL_NO_DH
+ ASN1_ITEM_ref(DHparams),
++#endif
+ ASN1_ITEM_ref(DIRECTORYSTRING),
+ ASN1_ITEM_ref(DISPLAYTEXT),
+ ASN1_ITEM_ref(DIST_POINT),
@@ -149205,10 +151665,12 @@
+ ASN1_ITEM_ref(GENERAL_NAME),
+ ASN1_ITEM_ref(GENERAL_NAMES),
+ ASN1_ITEM_ref(GENERAL_SUBTREE),
++#ifndef OPENSSL_NO_RFC3779
+ ASN1_ITEM_ref(IPAddressChoice),
+ ASN1_ITEM_ref(IPAddressFamily),
+ ASN1_ITEM_ref(IPAddressOrRange),
+ ASN1_ITEM_ref(IPAddressRange),
++#endif
+ ASN1_ITEM_ref(ISSUING_DIST_POINT),
+ ASN1_ITEM_ref(LONG),
+ ASN1_ITEM_ref(NAME_CONSTRAINTS),
@@ -149216,6 +151678,7 @@
+ ASN1_ITEM_ref(NETSCAPE_SPKAC),
+ ASN1_ITEM_ref(NETSCAPE_SPKI),
+ ASN1_ITEM_ref(NOTICEREF),
++#ifndef OPENSSL_NO_OCSP
+ ASN1_ITEM_ref(OCSP_BASICRESP),
+ ASN1_ITEM_ref(OCSP_CERTID),
+ ASN1_ITEM_ref(OCSP_CERTSTATUS),
@@ -149231,6 +151694,7 @@
+ ASN1_ITEM_ref(OCSP_SERVICELOC),
+ ASN1_ITEM_ref(OCSP_SIGNATURE),
+ ASN1_ITEM_ref(OCSP_SINGLERESP),
++#endif
+ ASN1_ITEM_ref(OTHERNAME),
+ ASN1_ITEM_ref(PBE2PARAM),
+ ASN1_ITEM_ref(PBEPARAM),
@@ -153344,6 +155808,24 @@
struct crypto_ex_data_st {
STACK_OF(void) *sk;
};
+@@ -276,7 +173,7 @@ typedef void CRYPTO_EX_new (void *parent
+ int idx, long argl, void *argp);
+ typedef void CRYPTO_EX_free (void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+ int idx, long argl, void *argp);
+-typedef int CRYPTO_EX_dup (CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from,
++typedef int CRYPTO_EX_dup (CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
+ void *srcp, int idx, long argl, void *argp);
+ __owur int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp,
+ CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
+@@ -290,7 +187,7 @@ int CRYPTO_free_ex_index(int class_index
+ */
+ int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad);
+ int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
+- CRYPTO_EX_DATA *from);
++ const CRYPTO_EX_DATA *from);
+
+ void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad);
+
@@ -318,12 +215,22 @@ void *CRYPTO_get_ex_data(const CRYPTO_EX
* On the other hand, the locking callbacks are no longer used. Consequently,
* the callback management functions can be safely replaced with no-op macros.
@@ -154033,7 +156515,15 @@
DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
int DSA_do_verify(const unsigned char *dgst, int dgst_len,
-@@ -216,9 +169,11 @@ DH *DSA_dup_DH(const DSA *r);
+@@ -148,6 +101,7 @@ void DSA_free(DSA *r);
+ /* "up" the DSA object's reference count */
+ int DSA_up_ref(DSA *r);
+ int DSA_size(const DSA *);
++int DSA_bits(const DSA *d);
+ int DSA_security_bits(const DSA *d);
+ /* next 4 return -1 on error */
+ int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
+@@ -216,9 +170,11 @@ DH *DSA_dup_DH(const DSA *r);
# define EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS (EVP_PKEY_ALG_CTRL + 2)
# define EVP_PKEY_CTRL_DSA_PARAMGEN_MD (EVP_PKEY_ALG_CTRL + 3)
@@ -154047,7 +156537,7 @@
int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key);
void DSA_clear_flags(DSA *d, int flags);
int DSA_test_flags(const DSA *d, int flags);
-@@ -247,16 +202,17 @@ int (*DSA_meth_get_verify(const DSA_METH
+@@ -247,16 +203,17 @@ int (*DSA_meth_get_verify(const DSA_METH
int DSA_meth_set_verify(DSA_METHOD *dsam,
int (*verify) (const unsigned char *, int, DSA_SIG *, DSA *));
int (*DSA_meth_get_mod_exp(const DSA_METHOD *dsam))
@@ -154072,7 +156562,7 @@
const BIGNUM *, BN_CTX *, BN_MONT_CTX *));
int (*DSA_meth_get_init(const DSA_METHOD *dsam))(DSA *);
int DSA_meth_set_init(DSA_METHOD *dsam, int (*init)(DSA *));
-@@ -276,20 +232,21 @@ int DSA_meth_set_keygen(DSA_METHOD *dsam
+@@ -276,20 +233,21 @@ int DSA_meth_set_keygen(DSA_METHOD *dsam
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
@@ -154098,7 +156588,7 @@
# define DSA_F_DSA_NEW_METHOD 103
# define DSA_F_DSA_PARAM_DECODE 119
# define DSA_F_DSA_PRINT_FP 105
-@@ -299,34 +256,26 @@ void ERR_load_DSA_strings(void);
+@@ -299,34 +257,26 @@ void ERR_load_DSA_strings(void);
# define DSA_F_DSA_PUB_ENCODE 118
# define DSA_F_DSA_SIGN 106
# define DSA_F_DSA_SIGN_SETUP 107
@@ -154491,6 +156981,22 @@
* \param p array of size num of EC_POINT objects
* \param m array of size num of BIGNUM objects
* \param ctx BN_CTX object (optional)
+@@ -823,13 +771,13 @@ void EC_KEY_free(EC_KEY *key);
+ * \param src src EC_KEY object
+ * \return dst or NULL if an error occurred.
+ */
+-EC_KEY *EC_KEY_copy(EC_KEY *dst, EC_KEY *src);
++EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src);
+
+ /** Creates a new EC_KEY object and copies the content from src to it.
+ * \param src the source EC_KEY object
+ * \return newly created EC_KEY object or NULL if an error occurred.
+ */
+-EC_KEY *EC_KEY_dup(EC_KEY *src);
++EC_KEY *EC_KEY_dup(const EC_KEY *src);
+
+ /** Increases the internal reference count of a EC_KEY object.
+ * \param key EC_KEY object
@@ -918,7 +866,7 @@ int EC_KEY_check_key(const EC_KEY *key);
*/
int EC_KEY_can_sign(const EC_KEY *eckey);
@@ -155228,7 +157734,7 @@
void EVP_PKEY_free(EVP_PKEY *pkey);
EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp,
-@@ -1486,28 +1440,20 @@ void EVP_add_alg_module(void);
+@@ -1486,35 +1440,29 @@ void EVP_add_alg_module(void);
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
@@ -155259,7 +157765,16 @@
# define EVP_F_EVP_CIPHERINIT_EX 123
# define EVP_F_EVP_CIPHER_CTX_COPY 163
# define EVP_F_EVP_CIPHER_CTX_CTRL 124
-@@ -1539,8 +1485,8 @@ void ERR_load_EVP_strings(void);
+ # define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122
+ # define EVP_F_EVP_DECRYPTFINAL_EX 101
++# define EVP_F_EVP_DECRYPTUPDATE 166
+ # define EVP_F_EVP_DIGESTINIT_EX 128
+ # define EVP_F_EVP_ENCRYPTFINAL_EX 127
++# define EVP_F_EVP_ENCRYPTUPDATE 167
+ # define EVP_F_EVP_MD_CTX_COPY_EX 110
+ # define EVP_F_EVP_MD_SIZE 162
+ # define EVP_F_EVP_OPENINIT 102
+@@ -1539,8 +1487,8 @@ void ERR_load_EVP_strings(void);
# define EVP_F_EVP_PKEY_ENCRYPT_OLD 152
# define EVP_F_EVP_PKEY_GET0_DH 119
# define EVP_F_EVP_PKEY_GET0_DSA 120
@@ -155269,7 +157784,7 @@
# define EVP_F_EVP_PKEY_GET0_RSA 121
# define EVP_F_EVP_PKEY_KEYGEN 146
# define EVP_F_EVP_PKEY_KEYGEN_INIT 147
-@@ -1553,35 +1499,20 @@ void ERR_load_EVP_strings(void);
+@@ -1553,35 +1501,20 @@ void ERR_load_EVP_strings(void);
# define EVP_F_EVP_PKEY_VERIFY_INIT 143
# define EVP_F_EVP_PKEY_VERIFY_RECOVER 144
# define EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT 145
@@ -155305,7 +157820,7 @@
# define EVP_R_BUFFER_TOO_SMALL 155
# define EVP_R_CAMELLIA_KEY_SETUP_FAILED 157
# define EVP_R_CIPHER_PARAMETER_ERROR 122
-@@ -1593,15 +1524,12 @@ void ERR_load_EVP_strings(void);
+@@ -1593,15 +1526,12 @@ void ERR_load_EVP_strings(void);
# define EVP_R_DECODE_ERROR 114
# define EVP_R_DIFFERENT_KEY_TYPES 101
# define EVP_R_DIFFERENT_PARAMETERS 153
@@ -155322,7 +157837,7 @@
# define EVP_R_EXPECTING_A_EC_KEY 142
# define EVP_R_FIPS_MODE_NOT_SUPPORTED 167
# define EVP_R_ILLEGAL_SCRYPT_PARAMETERS 171
-@@ -1611,7 +1539,6 @@ void ERR_load_EVP_strings(void);
+@@ -1611,7 +1541,6 @@ void ERR_load_EVP_strings(void);
# define EVP_R_INVALID_FIPS_MODE 168
# define EVP_R_INVALID_KEY_LENGTH 130
# define EVP_R_INVALID_OPERATION 148
@@ -155330,7 +157845,7 @@
# define EVP_R_KEYGEN_FAILURE 120
# define EVP_R_MEMORY_LIMIT_EXCEEDED 172
# define EVP_R_MESSAGE_DIGEST_IS_NULL 159
-@@ -1620,18 +1547,13 @@ void ERR_load_EVP_strings(void);
+@@ -1620,18 +1549,14 @@ void ERR_load_EVP_strings(void);
# define EVP_R_NO_CIPHER_SET 131
# define EVP_R_NO_DEFAULT_DIGEST 158
# define EVP_R_NO_DIGEST_SET 139
@@ -155342,6 +157857,7 @@
# define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150
# define EVP_R_OPERATON_NOT_INITIALIZED 151
-# define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE 117
++# define EVP_R_PARTIALLY_OVERLAPPING 162
# define EVP_R_PRIVATE_KEY_DECODE_ERROR 145
# define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146
# define EVP_R_PUBLIC_KEY_NOT_RSA 106
@@ -155349,7 +157865,7 @@
# define EVP_R_UNKNOWN_CIPHER 160
# define EVP_R_UNKNOWN_DIGEST 161
# define EVP_R_UNKNOWN_OPTION 169
-@@ -1647,9 +1569,8 @@ void ERR_load_EVP_strings(void);
+@@ -1647,9 +1572,8 @@ void ERR_load_EVP_strings(void);
# define EVP_R_UNSUPPORTED_SALT_TYPE 126
# define EVP_R_WRAP_MODE_NOT_ALLOWED 170
# define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109
@@ -156209,7 +158725,9 @@
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
-- *
++ * WARNING: do not edit!
++ * Generated by crypto/objects/objects.pl
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -156239,9 +158757,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+ * WARNING: do not edit!
-+ * Generated by crypto/objects/objects.pl
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -156254,6 +158770,29 @@
*/
#define SN_undef "UNDEF"
+@@ -851,10 +800,22 @@
+ #define NID_id_smime_ct_compressedData 786
+ #define OBJ_id_smime_ct_compressedData OBJ_id_smime_ct,9L
+
++#define SN_id_smime_ct_contentCollection "id-smime-ct-contentCollection"
++#define NID_id_smime_ct_contentCollection 1058
++#define OBJ_id_smime_ct_contentCollection OBJ_id_smime_ct,19L
++
++#define SN_id_smime_ct_authEnvelopedData "id-smime-ct-authEnvelopedData"
++#define NID_id_smime_ct_authEnvelopedData 1059
++#define OBJ_id_smime_ct_authEnvelopedData OBJ_id_smime_ct,23L
++
+ #define SN_id_ct_asciiTextWithCRLF "id-ct-asciiTextWithCRLF"
+ #define NID_id_ct_asciiTextWithCRLF 787
+ #define OBJ_id_ct_asciiTextWithCRLF OBJ_id_smime_ct,27L
+
++#define SN_id_ct_xml "id-ct-xml"
++#define NID_id_ct_xml 1060
++#define OBJ_id_ct_xml OBJ_id_smime_ct,28L
++
+ #define SN_id_smime_aa_receiptRequest "id-smime-aa-receiptRequest"
+ #define NID_id_smime_aa_receiptRequest 212
+ #define OBJ_id_smime_aa_receiptRequest OBJ_id_smime_aa,1L
--- a/include/openssl/objects.h
+++ b/include/openssl/objects.h
@@ -1,58 +1,10 @@
@@ -158818,6 +161357,17 @@
void SSL_CTX_free(SSL_CTX *);
__owur long SSL_CTX_set_timeout(SSL_CTX *ctx, long t);
__owur long SSL_CTX_get_timeout(const SSL_CTX *ctx);
+@@ -1409,8 +1326,8 @@ void SSL_CTX_flush_sessions(SSL_CTX *ctx
+ __owur int SSL_set_rfd(SSL *s, int fd);
+ __owur int SSL_set_wfd(SSL *s, int fd);
+ # endif
+-void SSL_set_rbio(SSL *s, BIO *rbio);
+-void SSL_set_wbio(SSL *s, BIO *wbio);
++void SSL_set0_rbio(SSL *s, BIO *rbio);
++void SSL_set0_wbio(SSL *s, BIO *wbio);
+ void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio);
+ __owur BIO *SSL_get_rbio(const SSL *s);
+ __owur BIO *SSL_get_wbio(const SSL *s);
@@ -1473,6 +1390,7 @@ int SSL_add_dir_cert_subjects_to_stack(S
__owur long SSL_SESSION_set_time(SSL_SESSION *s, long t);
__owur long SSL_SESSION_get_timeout(const SSL_SESSION *s);
@@ -160412,8 +162962,26 @@
int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp);
EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length);
# ifndef OPENSSL_NO_RSA
-@@ -674,7 +622,7 @@ int X509_set_notBefore(X509 *x, const AS
- ASN1_TIME *X509_get_notAfter(X509 *x);
+@@ -661,20 +609,20 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *
+ X509_ALGOR *algor2, ASN1_BIT_STRING *signature,
+ void *asn, EVP_MD_CTX *ctx);
+
+-long X509_get_version(X509 *x);
++long X509_get_version(const X509 *x);
+ int X509_set_version(X509 *x, long version);
+ int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial);
+ ASN1_INTEGER *X509_get_serialNumber(X509 *x);
+ int X509_set_issuer_name(X509 *x, X509_NAME *name);
+-X509_NAME *X509_get_issuer_name(X509 *a);
++X509_NAME *X509_get_issuer_name(const X509 *a);
+ int X509_set_subject_name(X509 *x, X509_NAME *name);
+-X509_NAME *X509_get_subject_name(X509 *a);
+-ASN1_TIME * X509_get_notBefore(X509 *x);
++X509_NAME *X509_get_subject_name(const X509 *a);
++ASN1_TIME * X509_get_notBefore(const X509 *x);
+ int X509_set_notBefore(X509 *x, const ASN1_TIME *tm);
+-ASN1_TIME *X509_get_notAfter(X509 *x);
++ASN1_TIME *X509_get_notAfter(const X509 *x);
int X509_set_notAfter(X509 *x, const ASN1_TIME *tm);
int X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
-void X509_up_ref(X509 *x);
@@ -160421,7 +162989,7 @@
int X509_get_signature_type(const X509 *x);
/*
* This one is only used so that a binary form can output, as in
-@@ -685,7 +633,7 @@ STACK_OF(X509_EXTENSION) *X509_get0_exte
+@@ -685,14 +633,14 @@ STACK_OF(X509_EXTENSION) *X509_get0_exte
void X509_get0_uids(ASN1_BIT_STRING **piuid, ASN1_BIT_STRING **psuid, X509 *x);
X509_ALGOR *X509_get0_tbs_sigalg(X509 *x);
@@ -160430,15 +162998,33 @@
EVP_PKEY *X509_get_pubkey(X509 *x);
ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x);
int X509_certificate_type(X509 *x, EVP_PKEY *pubkey /* optional */ );
-@@ -731,7 +679,7 @@ int X509_CRL_set_issuer_name(X509_CRL *x
+
+-long X509_REQ_get_version(X509_REQ *req);
++long X509_REQ_get_version(const X509_REQ *req);
+ int X509_REQ_set_version(X509_REQ *x, long version);
+-X509_NAME *X509_REQ_get_subject_name(X509_REQ *req);
++X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req);
+ int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name);
+ void X509_REQ_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg,
+ X509_REQ *req);
+@@ -731,12 +679,12 @@ int X509_CRL_set_issuer_name(X509_CRL *x
int X509_CRL_set_lastUpdate(X509_CRL *x, const ASN1_TIME *tm);
int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm);
int X509_CRL_sort(X509_CRL *crl);
-void X509_CRL_up_ref(X509_CRL *crl);
+int X509_CRL_up_ref(X509_CRL *crl);
- long X509_CRL_get_version(X509_CRL *crl);
- ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl);
+-long X509_CRL_get_version(X509_CRL *crl);
+-ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl);
+-ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl);
+-X509_NAME *X509_CRL_get_issuer(X509_CRL *crl);
++long X509_CRL_get_version(const X509_CRL *crl);
++ASN1_TIME *X509_CRL_get_lastUpdate(const X509_CRL *crl);
++ASN1_TIME *X509_CRL_get_nextUpdate(const X509_CRL *crl);
++X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl);
+ STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(X509_CRL *crl);
+ STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl);
+ void X509_CRL_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg,
@@ -748,14 +696,14 @@ ASN1_INTEGER *X509_REVOKED_get0_serialNu
int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial);
ASN1_TIME *X509_REVOKED_get0_revocationDate(X509_REVOKED *x);
@@ -161804,7 +164390,38 @@
*/
#include <stdio.h>
-@@ -424,10 +376,11 @@ static long ssl_ctrl(BIO *b, int cmd, lo
+@@ -375,23 +327,19 @@ static long ssl_ctrl(BIO *b, int cmd, lo
+ break;
+ case BIO_CTRL_PUSH:
+ if ((next != NULL) && (next != ssl->rbio)) {
++ /*
++ * We are going to pass ownership of next to the SSL object...but
++ * we don't own a reference to pass yet - so up ref
++ */
++ BIO_up_ref(next);
+ SSL_set_bio(ssl, next, next);
+- BIO_up_ref(b);
+ }
+ break;
+ case BIO_CTRL_POP:
+ /* Only detach if we are the BIO explicitly being popped */
+ if (b == ptr) {
+- /*
+- * Shouldn't happen in practice because the rbio and wbio are the
+- * same when pushed.
+- */
+- if (ssl->rbio != ssl->wbio)
+- BIO_free_all(ssl->wbio);
+- if (next != NULL)
+- BIO_free(next);
+- ssl->wbio = NULL;
+- ssl->rbio = NULL;
++ /* This will clear the reference we obtained during push */
++ SSL_set_bio(ssl, NULL, NULL);
+ }
+ break;
+ case BIO_C_DO_STATE_MACHINE:
+@@ -424,10 +372,11 @@ static long ssl_ctrl(BIO *b, int cmd, lo
dbs = BIO_get_data(dbio);
SSL_free(dbs->ssl);
dbs->ssl = SSL_dup(ssl);
@@ -163062,7 +165679,67 @@
* compromise is considered worthy.
*/
if (type == SSL3_RT_APPLICATION_DATA &&
-@@ -631,7 +530,7 @@ int ssl3_write_bytes(SSL *s, int type, c
+@@ -524,23 +423,21 @@ int ssl3_write_bytes(SSL *s, int type, c
+ else
+ packlen *= 4;
+
+- wb->buf = OPENSSL_malloc(packlen);
+- if (wb->buf == NULL) {
++ if (!ssl3_setup_write_buffer(s, 1, packlen)) {
+ SSLerr(SSL_F_SSL3_WRITE_BYTES, ERR_R_MALLOC_FAILURE);
+ return -1;
+ }
+- wb->len = packlen;
+ } else if (tot == len) { /* done? */
+- OPENSSL_free(wb->buf); /* free jumbo buffer */
+- wb->buf = NULL;
++ /* free jumbo buffer */
++ ssl3_release_write_buffer(s);
+ return tot;
+ }
+
+ n = (len - tot);
+ for (;;) {
+ if (n < 4 * max_send_fragment) {
+- OPENSSL_free(wb->buf); /* free jumbo buffer */
+- wb->buf = NULL;
++ /* free jumbo buffer */
++ ssl3_release_write_buffer(s);
+ break;
+ }
+
+@@ -572,8 +469,8 @@ int ssl3_write_bytes(SSL *s, int type, c
+ sizeof(mb_param), &mb_param);
+
+ if (packlen <= 0 || packlen > (int)wb->len) { /* never happens */
+- OPENSSL_free(wb->buf); /* free jumbo buffer */
+- wb->buf = NULL;
++ /* free jumbo buffer */
++ ssl3_release_write_buffer(s);
+ break;
+ }
+
+@@ -603,15 +500,15 @@ int ssl3_write_bytes(SSL *s, int type, c
+ i = ssl3_write_pending(s, type, &buf[tot], nw);
+ if (i <= 0) {
+ if (i < 0 && (!s->wbio || !BIO_should_retry(s->wbio))) {
+- OPENSSL_free(wb->buf);
+- wb->buf = NULL;
++ /* free jumbo buffer */
++ ssl3_release_write_buffer(s);
+ }
+ s->rlayer.wnum = tot;
+ return i;
+ }
+ if (i == (int)n) {
+- OPENSSL_free(wb->buf); /* free jumbo buffer */
+- wb->buf = NULL;
++ /* free jumbo buffer */
++ ssl3_release_write_buffer(s);
+ return tot + i;
+ }
+ n -= i;
+@@ -631,7 +528,7 @@ int ssl3_write_bytes(SSL *s, int type, c
split_send_fragment = s->split_send_fragment;
/*
* If max_pipelines is 0 then this means "undefined" and we default to
@@ -163071,7 +165748,16 @@
* processing then we also only use 1 pipeline, or if we're not using
* explicit IVs
*/
-@@ -810,10 +709,10 @@ int do_ssl3_write(SSL *s, int type, cons
+@@ -751,7 +648,7 @@ int do_ssl3_write(SSL *s, int type, cons
+ }
+
+ if (s->rlayer.numwpipes < numpipes)
+- if (!ssl3_setup_write_buffer(s, numpipes))
++ if (!ssl3_setup_write_buffer(s, numpipes, 0))
+ return -1;
+
+ if (totlen == 0 && !create_empty_fragment)
+@@ -810,10 +707,10 @@ int do_ssl3_write(SSL *s, int type, cons
/*
* extra fragment would be couple of cipher blocks, which would be
* multiple of SSL3_ALIGN_PAYLOAD, so if we want to align the real
@@ -163084,7 +165770,7 @@
#endif
outbuf[0] = SSL3_BUFFER_get_buf(wb) + align;
SSL3_BUFFER_set_offset(wb, align);
-@@ -826,7 +725,7 @@ int do_ssl3_write(SSL *s, int type, cons
+@@ -826,7 +723,7 @@ int do_ssl3_write(SSL *s, int type, cons
wb = &s->rlayer.wbuf[j];
#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
align = (size_t)SSL3_BUFFER_get_buf(wb) + SSL3_RT_HEADER_LENGTH;
@@ -163093,7 +165779,7 @@
#endif
outbuf[j] = SSL3_BUFFER_get_buf(wb) + align;
SSL3_BUFFER_set_offset(wb, align);
-@@ -862,7 +761,7 @@ int do_ssl3_write(SSL *s, int type, cons
+@@ -862,7 +759,7 @@ int do_ssl3_write(SSL *s, int type, cons
*(outbuf[j]++) = (s->version >> 8);
/*
@@ -163102,7 +165788,7 @@
* and record version number > TLS 1.0
*/
if (SSL_get_state(s) == TLS_ST_CW_CLNT_HELLO
-@@ -1158,9 +1057,9 @@ int ssl3_read_bytes(SSL *s, int type, in
+@@ -1158,9 +1055,9 @@ int ssl3_read_bytes(SSL *s, int type, in
goto f_err;
}
}
@@ -163114,7 +165800,7 @@
curr_rec++);
if (curr_rec == num_recs) {
RECORD_LAYER_set_numrpipes(&s->rlayer, 0);
-@@ -1233,11 +1132,12 @@ int ssl3_read_bytes(SSL *s, int type, in
+@@ -1233,11 +1130,12 @@ int ssl3_read_bytes(SSL *s, int type, in
memcpy(buf, &(rr->data[rr->off]), n);
buf += n;
if (!peek) {
@@ -163128,7 +165814,7 @@
}
}
if (SSL3_RECORD_get_length(rr) == 0
-@@ -1248,6 +1148,10 @@ int ssl3_read_bytes(SSL *s, int type, in
+@@ -1248,6 +1146,10 @@ int ssl3_read_bytes(SSL *s, int type, in
read_bytes += n;
} while (type == SSL3_RT_APPLICATION_DATA && curr_rec < num_recs
&& read_bytes < (unsigned int)len);
@@ -163139,7 +165825,7 @@
if (!peek && curr_rec == num_recs
&& (s->mode & SSL_MODE_RELEASE_BUFFERS)
&& SSL3_BUFFER_get_left(rbuf) == 0)
-@@ -1282,7 +1186,7 @@ int ssl3_read_bytes(SSL *s, int type, in
+@@ -1282,7 +1184,7 @@ int ssl3_read_bytes(SSL *s, int type, in
goto f_err;
}
@@ -163148,7 +165834,7 @@
&& (s->server || rr->type != SSL3_RT_ALERT)) {
/*
* If we've got this far and still haven't decided on what version
-@@ -1328,8 +1232,10 @@ int ssl3_read_bytes(SSL *s, int type, in
+@@ -1328,8 +1230,10 @@ int ssl3_read_bytes(SSL *s, int type, in
SSL3_RECORD_add_length(rr, -1);
}
@@ -163160,7 +165846,7 @@
}
}
-@@ -1412,6 +1318,7 @@ int ssl3_read_bytes(SSL *s, int type, in
+@@ -1412,6 +1316,7 @@ int ssl3_read_bytes(SSL *s, int type, in
(s->session != NULL) && (s->session->cipher != NULL) &&
!(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) {
SSL3_RECORD_set_length(rr, 0);
@@ -163168,7 +165854,7 @@
ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);
goto start;
}
-@@ -1438,6 +1345,7 @@ int ssl3_read_bytes(SSL *s, int type, in
+@@ -1438,6 +1343,7 @@ int ssl3_read_bytes(SSL *s, int type, in
if (alert_level == SSL3_AL_WARNING) {
s->s3->warn_alert = alert_descr;
@@ -163176,7 +165862,7 @@
if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
s->shutdown |= SSL_RECEIVED_SHUTDOWN;
return (0);
-@@ -1445,7 +1353,7 @@ int ssl3_read_bytes(SSL *s, int type, in
+@@ -1445,7 +1351,7 @@ int ssl3_read_bytes(SSL *s, int type, in
/*
* This is a warning but we receive it if we requested
* renegotiation and the peer denied it. Terminate with a fatal
@@ -163185,7 +165871,7 @@
* presumably had a good reason and expects it to succeed. In
* future we might have a renegotiation where we don't care if
* the peer refused it where we carry on.
-@@ -1468,7 +1376,8 @@ int ssl3_read_bytes(SSL *s, int type, in
+@@ -1468,7 +1374,8 @@ int ssl3_read_bytes(SSL *s, int type, in
BIO_snprintf(tmp, sizeof tmp, "%d", alert_descr);
ERR_add_error_data(2, "SSL alert number ", tmp);
s->shutdown |= SSL_RECEIVED_SHUTDOWN;
@@ -163195,7 +165881,7 @@
return (0);
} else {
al = SSL_AD_ILLEGAL_PARAMETER;
-@@ -1483,6 +1392,7 @@ int ssl3_read_bytes(SSL *s, int type, in
+@@ -1483,6 +1390,7 @@ int ssl3_read_bytes(SSL *s, int type, in
* shutdown */
s->rwstate = SSL_NOTHING;
SSL3_RECORD_set_length(rr, 0);
@@ -163203,7 +165889,7 @@
return (0);
}
-@@ -1539,6 +1449,7 @@ int ssl3_read_bytes(SSL *s, int type, in
+@@ -1539,6 +1447,7 @@ int ssl3_read_bytes(SSL *s, int type, in
*/
if (s->version >= TLS1_VERSION && s->version <= TLS1_1_VERSION) {
SSL3_RECORD_set_length(rr, 0);
@@ -163494,6 +166180,15 @@
#define DTLS_RECORD_LAYER_get_r_epoch(rl) ((rl)->d->r_epoch)
__owur int ssl3_read_n(SSL *s, int n, int max, int extend, int clearold);
+@@ -167,7 +69,7 @@ void SSL3_BUFFER_clear(SSL3_BUFFER *b);
+ void SSL3_BUFFER_set_data(SSL3_BUFFER *b, const unsigned char *d, int n);
+ void SSL3_BUFFER_release(SSL3_BUFFER *b);
+ __owur int ssl3_setup_read_buffer(SSL *s);
+-__owur int ssl3_setup_write_buffer(SSL *s, unsigned int numwpipes);
++__owur int ssl3_setup_write_buffer(SSL *s, unsigned int numwpipes, size_t len);
+ int ssl3_release_read_buffer(SSL *s);
+ int ssl3_release_write_buffer(SSL *s);
+
@@ -178,6 +80,7 @@ int ssl3_release_write_buffer(SSL *s);
#define SSL3_RECORD_get_length(r) ((r)->length)
#define SSL3_RECORD_set_length(r, l) ((r)->length = (l))
@@ -163640,6 +166335,64 @@
b = RECORD_LAYER_get_rbuf(&s->rlayer);
if (SSL_IS_DTLS(s))
+@@ -175,33 +74,34 @@ int ssl3_setup_read_buffer(SSL *s)
+ return 0;
+ }
+
+-int ssl3_setup_write_buffer(SSL *s, unsigned int numwpipes)
++int ssl3_setup_write_buffer(SSL *s, unsigned int numwpipes, size_t len)
+ {
+ unsigned char *p;
+- size_t len, align = 0, headerlen;
++ size_t align = 0, headerlen;
+ SSL3_BUFFER *wb;
+ unsigned int currpipe;
+
+ s->rlayer.numwpipes = numwpipes;
+
+-
+- if (SSL_IS_DTLS(s))
+- headerlen = DTLS1_RT_HEADER_LENGTH + 1;
+- else
+- headerlen = SSL3_RT_HEADER_LENGTH;
++ if (len == 0) {
++ if (SSL_IS_DTLS(s))
++ headerlen = DTLS1_RT_HEADER_LENGTH + 1;
++ else
++ headerlen = SSL3_RT_HEADER_LENGTH;
+
+ #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
+- align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1);
++ align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1);
+ #endif
+
+- len = s->max_send_fragment
+- + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
++ len = s->max_send_fragment
++ + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
+ #ifndef OPENSSL_NO_COMP
+- if (ssl_allow_compression(s))
+- len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
++ if (ssl_allow_compression(s))
++ len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
+ #endif
+- if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
+- len += headerlen + align + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD;
++ if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
++ len += headerlen + align + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD;
++ }
+
+ wb = RECORD_LAYER_get_wbuf(&s->rlayer);
+ for (currpipe = 0; currpipe < numwpipes; currpipe++) {
+@@ -226,7 +126,7 @@ int ssl3_setup_buffers(SSL *s)
+ {
+ if (!ssl3_setup_read_buffer(s))
+ return 0;
+- if (!ssl3_setup_write_buffer(s, 1))
++ if (!ssl3_setup_write_buffer(s, 1, 0))
+ return 0;
+ return 1;
+ }
--- a/ssl/record/ssl3_record.c
+++ b/ssl/record/ssl3_record.c
@@ -1,111 +1,10 @@
@@ -163776,9 +166529,27 @@
do {
/* check if we have the header */
if ((RECORD_LAYER_get_rstate(&s->rlayer) != SSL_ST_READ_BODY) ||
-@@ -270,13 +167,21 @@ int ssl3_get_record(SSL *s)
- if (s->first_packet && s->server && !s->read_hash
- && !s->enc_read_ctx
+@@ -263,20 +160,34 @@ int ssl3_get_record(SSL *s)
+
+ /*
+ * Check whether this is a regular record or an SSLv2 style record.
+- * The latter is only used in an initial ClientHello for old
+- * clients. We check s->read_hash and s->enc_read_ctx to ensure this
+- * does not apply during renegotiation
++ * The latter can only be used in the first record of an initial
++ * ClientHello for old clients. Initial ClientHello means
++ * s->first_packet is set and s->server is true. The first record
++ * means we've not received any data so far (s->init_num == 0) and
++ * have had no empty records. We check s->read_hash and
++ * s->enc_read_ctx to ensure this does not apply during
++ * renegotiation.
+ */
+- if (s->first_packet && s->server && !s->read_hash
+- && !s->enc_read_ctx
++ if (s->first_packet && s->server
++ && s->init_num == 0
++ && RECORD_LAYER_get_empty_record_count(&s->rlayer) == 0
++ && s->read_hash == NULL && s->enc_read_ctx == NULL
&& (p[0] & 0x80) && (p[2] == SSL2_MT_CLIENT_HELLO)) {
- /* SSLv2 style record */
+ /*
@@ -163800,7 +166571,7 @@
- SSL2_RT_HEADER_LENGTH) {
al = SSL_AD_RECORD_OVERFLOW;
SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_PACKET_LENGTH_TOO_LONG);
-@@ -386,7 +291,7 @@ int ssl3_get_record(SSL *s)
+@@ -386,7 +297,7 @@ int ssl3_get_record(SSL *s)
* or s->packet_length == SSL2_RT_HEADER_LENGTH + rr->length
* and we have that many bytes in s->packet
*/
@@ -163809,7 +166580,7 @@
rr[num_recs].input =
&(RECORD_LAYER_get_packet(&s->rlayer)[SSL2_RT_HEADER_LENGTH]);
} else {
-@@ -416,11 +321,16 @@ int ssl3_get_record(SSL *s)
+@@ -416,11 +327,16 @@ int ssl3_get_record(SSL *s)
/* decrypt in place in 'rr->input' */
rr[num_recs].data = rr[num_recs].input;
rr[num_recs].orig_len = rr[num_recs].length;
@@ -163827,7 +166598,7 @@
&& SSL_USE_EXPLICIT_IV(s)
&& s->enc_read_ctx != NULL
&& (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_read_ctx))
-@@ -578,21 +488,17 @@ int ssl3_get_record(SSL *s)
+@@ -578,21 +494,17 @@ int ssl3_get_record(SSL *s)
/* just read a 0 length packet */
if (rr[j].length == 0) {
@@ -163854,7 +166625,7 @@
RECORD_LAYER_set_numrpipes(&s->rlayer, num_recs);
return 1;
-@@ -797,8 +703,8 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs,
+@@ -797,8 +709,8 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs,
bs = EVP_CIPHER_block_size(EVP_CIPHER_CTX_cipher(ds));
if (n_recs > 1) {
@@ -163865,7 +166636,7 @@
/*
* We shouldn't have been called with pipeline data if the
* cipher doesn't support pipelining
-@@ -871,7 +777,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs,
+@@ -871,7 +783,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs,
unsigned char *data[SSL_MAX_PIPELINES];
/* Set the output buffers */
@@ -163874,7 +166645,7 @@
data[ctr] = recs[ctr].data;
}
if (EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS,
-@@ -879,7 +785,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs,
+@@ -879,7 +791,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs,
SSLerr(SSL_F_TLS1_ENC, SSL_R_PIPELINE_FAILURE);
}
/* Set the input buffers */
@@ -163883,7 +166654,7 @@
data[ctr] = recs[ctr].input;
}
if (EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_SET_PIPELINE_INPUT_BUFS,
-@@ -1109,9 +1015,12 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec,
+@@ -1109,9 +1021,12 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec,
return -1;
}
if (!send && !SSL_USE_ETM(ssl) && FIPS_mode())
@@ -166538,7 +169309,7 @@
int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki)
{
SSL_DANE *dane = &s->dane;
-@@ -1019,17 +977,11 @@ void SSL_free(SSL *s)
+@@ -1019,17 +977,10 @@ void SSL_free(SSL *s)
dane_final(&s->dane);
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
@@ -166550,16 +169321,31 @@
- BIO_free(s->bbio);
- s->bbio = NULL;
- }
-- BIO_free_all(s->rbio);
+ ssl_free_wbio_buffer(s);
+
- if (s->wbio != s->rbio)
- BIO_free_all(s->wbio);
-+ BIO_free_all(s->rbio);
++ BIO_free_all(s->wbio);
+ BIO_free_all(s->rbio);
+- if (s->wbio != s->rbio)
+- BIO_free_all(s->wbio);
BUF_MEM_free(s->init_buf);
-@@ -1103,15 +1055,16 @@ void SSL_set_wbio(SSL *s, BIO *wbio)
+@@ -1091,48 +1042,88 @@ void SSL_free(SSL *s)
+ OPENSSL_free(s);
+ }
+
+-void SSL_set_rbio(SSL *s, BIO *rbio)
++void SSL_set0_rbio(SSL *s, BIO *rbio)
+ {
+- if (s->rbio != rbio)
+- BIO_free_all(s->rbio);
++ BIO_free_all(s->rbio);
+ s->rbio = rbio;
+ }
+
+-void SSL_set_wbio(SSL *s, BIO *wbio)
++void SSL_set0_wbio(SSL *s, BIO *wbio)
+ {
/*
* If the output buffering BIO is still in place, remove it
*/
@@ -166569,11 +169355,12 @@
- BIO_set_next(s->bbio, NULL);
- }
- }
+- if (s->wbio != wbio && s->rbio != s->wbio)
+- BIO_free_all(s->wbio);
+ if (s->bbio != NULL)
+ s->wbio = BIO_pop(s->wbio);
+
- if (s->wbio != wbio && s->rbio != s->wbio)
- BIO_free_all(s->wbio);
++ BIO_free_all(s->wbio);
s->wbio = wbio;
+
+ /* Re-attach |bbio| to the new |wbio|. */
@@ -166582,7 +169369,46 @@
}
void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio)
-@@ -1122,17 +1075,24 @@ void SSL_set_bio(SSL *s, BIO *rbio, BIO
+ {
+- SSL_set_wbio(s, wbio);
+- SSL_set_rbio(s, rbio);
++ /*
++ * For historical reasons, this function has many different cases in
++ * ownership handling.
++ */
++
++ /* If nothing has changed, do nothing */
++ if (rbio == SSL_get_rbio(s) && wbio == SSL_get_wbio(s))
++ return;
++
++ /*
++ * If the two arguments are equal then one fewer reference is granted by the
++ * caller than we want to take
++ */
++ if (rbio != NULL && rbio == wbio)
++ BIO_up_ref(rbio);
++
++ /*
++ * If only the wbio is changed only adopt one reference.
++ */
++ if (rbio == SSL_get_rbio(s)) {
++ SSL_set0_wbio(s, wbio);
++ return;
++ }
++ /*
++ * There is an asymmetry here for historical reasons. If only the rbio is
++ * changed AND the rbio and wbio were originally different, then we only
++ * adopt one reference.
++ */
++ if (wbio == SSL_get_wbio(s) && SSL_get_rbio(s) != SSL_get_wbio(s)) {
++ SSL_set0_rbio(s, rbio);
++ return;
++ }
++
++ /* Otherwise, adopt both references. */
++ SSL_set0_rbio(s, rbio);
++ SSL_set0_wbio(s, wbio);
+ }
BIO *SSL_get_rbio(const SSL *s)
{
@@ -166610,7 +169436,7 @@
}
int SSL_get_rfd(const SSL *s)
-@@ -1180,46 +1140,43 @@ int SSL_set_fd(SSL *s, int fd)
+@@ -1180,46 +1171,45 @@ int SSL_set_fd(SSL *s, int fd)
int SSL_set_wfd(SSL *s, int fd)
{
@@ -166637,9 +169463,10 @@
- ret = 1;
- err:
- return (ret);
-+ SSL_set_wbio(s, bio);
++ SSL_set0_wbio(s, bio);
+ } else {
-+ SSL_set_wbio(s, rbio);
++ BIO_up_ref(rbio);
++ SSL_set0_wbio(s, rbio);
+ }
+ return 1;
}
@@ -166669,16 +169496,17 @@
- ret = 1;
- err:
- return (ret);
-+ SSL_set_rbio(s, bio);
++ SSL_set0_rbio(s, bio);
+ } else {
-+ SSL_set_rbio(s, wbio);
++ BIO_up_ref(wbio);
++ SSL_set0_rbio(s, wbio);
+ }
+
+ return 1;
}
#endif
-@@ -1435,7 +1392,7 @@ int SSL_check_private_key(const SSL *ssl
+@@ -1435,7 +1425,7 @@ int SSL_check_private_key(const SSL *ssl
int SSL_waiting_for_async(SSL *s)
{
@@ -166687,7 +169515,7 @@
return 1;
return 0;
-@@ -1494,7 +1451,7 @@ static int ssl_start_async_job(SSL *s, s
+@@ -1494,7 +1484,7 @@ static int ssl_start_async_job(SSL *s, s
if (s->waitctx == NULL)
return -1;
}
@@ -166696,7 +169524,7 @@
sizeof(struct ssl_async_args))) {
case ASYNC_ERR:
s->rwstate = SSL_NOTHING;
-@@ -1503,6 +1460,9 @@ static int ssl_start_async_job(SSL *s, s
+@@ -1503,6 +1493,9 @@ static int ssl_start_async_job(SSL *s, s
case ASYNC_PAUSE:
s->rwstate = SSL_ASYNC_PAUSED;
return -1;
@@ -166706,7 +169534,7 @@
case ASYNC_FINISH:
s->job = NULL;
return ret;
-@@ -1548,7 +1508,7 @@ int SSL_read(SSL *s, void *buf, int num)
+@@ -1548,7 +1541,7 @@ int SSL_read(SSL *s, void *buf, int num)
return (0);
}
@@ -166715,7 +169543,7 @@
struct ssl_async_args args;
args.s = s;
-@@ -1573,7 +1533,7 @@ int SSL_peek(SSL *s, void *buf, int num)
+@@ -1573,7 +1566,7 @@ int SSL_peek(SSL *s, void *buf, int num)
if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
return (0);
}
@@ -166724,7 +169552,7 @@
struct ssl_async_args args;
args.s = s;
-@@ -1601,7 +1561,7 @@ int SSL_write(SSL *s, const void *buf, i
+@@ -1601,7 +1594,7 @@ int SSL_write(SSL *s, const void *buf, i
return (-1);
}
@@ -166733,7 +169561,7 @@
struct ssl_async_args args;
args.s = s;
-@@ -1631,7 +1591,7 @@ int SSL_shutdown(SSL *s)
+@@ -1631,7 +1624,7 @@ int SSL_shutdown(SSL *s)
}
if (!SSL_in_init(s)) {
@@ -166742,7 +169570,7 @@
struct ssl_async_args args;
args.s = s;
-@@ -1743,8 +1703,8 @@ long SSL_ctrl(SSL *s, int cmd, long larg
+@@ -1743,8 +1736,8 @@ long SSL_ctrl(SSL *s, int cmd, long larg
}
case SSL_CTRL_GET_EXTMS_SUPPORT:
if (!s->session || SSL_in_init(s) || ossl_statem_get_in_handshake(s))
@@ -166753,7 +169581,7 @@
return 1;
else
return 0;
-@@ -1862,7 +1822,7 @@ long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd,
+@@ -1862,7 +1855,7 @@ long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd,
return 0;
ctx->max_send_fragment = larg;
if (ctx->max_send_fragment < ctx->split_send_fragment)
@@ -166762,7 +169590,7 @@
return 1;
case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT:
if ((unsigned int)larg > ctx->max_send_fragment || larg == 0)
-@@ -2117,7 +2077,7 @@ int SSL_get_servername_type(const SSL *s
+@@ -2117,7 +2110,7 @@ int SSL_get_servername_type(const SSL *s
* is indicated to the callback. In this case, the client application has to
* abort the connection or have a default application level protocol. 2) If
* the server supports NPN, but advertises an empty list then the client
@@ -166771,7 +169599,7 @@
* fallback case was enacted. 3) Otherwise, the client finds the first
* protocol in the server's list that it supports and selects this protocol.
* This is because it's assumed that the server has better information about
-@@ -2429,7 +2389,8 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
+@@ -2429,7 +2422,8 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
if ((ret->client_CA = sk_X509_NAME_new_null()) == NULL)
goto err;
@@ -166781,7 +169609,7 @@
/* No compression for DTLS */
if (!(meth->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS))
-@@ -2438,10 +2399,10 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
+@@ -2438,10 +2432,10 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
ret->split_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
@@ -166796,7 +169624,7 @@
ret->options |= SSL_OP_NO_TICKET;
#ifndef OPENSSL_NO_SRP
-@@ -2479,6 +2440,8 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
+@@ -2479,6 +2473,8 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
*/
ret->options |= SSL_OP_NO_COMPRESSION;
@@ -166805,7 +169633,7 @@
return ret;
err:
SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);
-@@ -2487,10 +2450,16 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
+@@ -2487,10 +2483,16 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
return NULL;
}
@@ -166824,7 +169652,7 @@
}
void SSL_CTX_free(SSL_CTX *a)
-@@ -2925,56 +2894,65 @@ int SSL_get_error(const SSL *s, int i)
+@@ -2925,56 +2927,65 @@ int SSL_get_error(const SSL *s, int i)
return (SSL_ERROR_SSL);
}
@@ -166935,7 +169763,7 @@
}
if (i == 0) {
-@@ -3008,7 +2986,7 @@ int SSL_do_handshake(SSL *s)
+@@ -3008,7 +3019,7 @@ int SSL_do_handshake(SSL *s)
s->method->ssl_renegotiate_check(s);
if (SSL_in_init(s) || SSL_in_before(s)) {
@@ -166944,7 +169772,7 @@
struct ssl_async_args args;
args.s = s;
-@@ -3135,7 +3113,8 @@ SSL *SSL_dup(SSL *s)
+@@ -3135,7 +3146,8 @@ SSL *SSL_dup(SSL *s)
goto err;
}
@@ -166954,7 +169782,19 @@
ret->version = s->version;
ret->options = s->options;
ret->mode = s->mode;
-@@ -3286,34 +3265,25 @@ const COMP_METHOD *SSL_get_current_expan
+@@ -3162,8 +3174,10 @@ SSL *SSL_dup(SSL *s)
+ if (s->wbio != s->rbio) {
+ if (!BIO_dup_state(s->wbio, (char *)&ret->wbio))
+ goto err;
+- } else
++ } else {
++ BIO_up_ref(ret->rbio);
+ ret->wbio = ret->rbio;
++ }
+ }
+
+ ret->server = s->server;
+@@ -3286,34 +3300,25 @@ const COMP_METHOD *SSL_get_current_expan
#endif
}
@@ -167003,7 +169843,7 @@
}
void ssl_free_wbio_buffer(SSL *s)
-@@ -3322,11 +3292,8 @@ void ssl_free_wbio_buffer(SSL *s)
+@@ -3322,11 +3327,8 @@ void ssl_free_wbio_buffer(SSL *s)
if (s->bbio == NULL)
return;
@@ -167017,7 +169857,7 @@
BIO_free(s->bbio);
s->bbio = NULL;
}
-@@ -3358,17 +3325,22 @@ void SSL_set_shutdown(SSL *s, int mode)
+@@ -3358,17 +3360,22 @@ void SSL_set_shutdown(SSL *s, int mode)
int SSL_get_shutdown(const SSL *s)
{
@@ -167043,7 +169883,7 @@
}
SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx)
-@@ -3709,7 +3681,7 @@ void SSL_set_not_resumable_session_callb
+@@ -3709,7 +3716,7 @@ void SSL_set_not_resumable_session_callb
/*
* Allocates new EVP_MD_CTX and sets pointer to it into given pointer
@@ -167052,7 +169892,7 @@
* If EVP_MD pointer is passed, initializes ctx with this md Returns newly
* allocated ctx;
*/
-@@ -3921,7 +3893,7 @@ static int ct_move_scts(STACK_OF(SCT) **
+@@ -3921,7 +3928,7 @@ static int ct_move_scts(STACK_OF(SCT) **
err:
if (sct != NULL)
sk_SCT_push(src, sct); /* Put the SCT back */
@@ -167061,7 +169901,7 @@
}
/*
-@@ -4179,7 +4151,7 @@ int ssl_validate_ct(SSL *s)
+@@ -4179,7 +4186,7 @@ int ssl_validate_ct(SSL *s)
* value is negative.
*
* XXX: One might well argue that the return value of this function is an
@@ -167070,7 +169910,7 @@
* status of each of the provided SCTs. So long as it correctly separates
* the wheat from the chaff it should return success. Failure in this case
* ought to correspond to an inability to carry out its duties.
-@@ -4195,6 +4167,23 @@ int ssl_validate_ct(SSL *s)
+@@ -4195,6 +4202,23 @@ int ssl_validate_ct(SSL *s)
end:
CT_POLICY_EVAL_CTX_free(ctx);
@@ -168673,7 +171513,7 @@
*/
x = sk_X509_value(sk, 0);
sk = NULL;
-@@ -1409,276 +1302,319 @@ MSG_PROCESS_RETURN tls_process_server_ce
+@@ -1409,276 +1302,321 @@ MSG_PROCESS_RETURN tls_process_server_ce
return ret;
}
@@ -169180,8 +172020,10 @@
+
+ save_param_start = *pkt;
+
++#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
+ EVP_PKEY_free(s->s3->peer_tmp);
+ s->s3->peer_tmp = NULL;
++#endif
+
+ if (alg_k & SSL_PSK) {
+ if (!tls_process_ske_psk_preamble(s, pkt, &al))
@@ -169217,7 +172059,7 @@
/*
* |pkt| now points to the beginning of the signature, so the difference
* equals the length of the parameters.
-@@ -1688,21 +1624,24 @@ MSG_PROCESS_RETURN tls_process_key_excha
+@@ -1688,21 +1626,24 @@ MSG_PROCESS_RETURN tls_process_key_excha
PACKET_remaining(pkt))) {
al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
@@ -169247,7 +172089,7 @@
}
#ifdef SSL_DEBUG
fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
-@@ -1715,23 +1654,34 @@ MSG_PROCESS_RETURN tls_process_key_excha
+@@ -1715,23 +1656,34 @@ MSG_PROCESS_RETURN tls_process_key_excha
if (!PACKET_get_length_prefixed_2(pkt, &signature)
|| PACKET_remaining(pkt) != 0) {
@@ -169288,7 +172130,7 @@
if (EVP_VerifyInit_ex(md_ctx, md, NULL) <= 0
|| EVP_VerifyUpdate(md_ctx, &(s->s3->client_random[0]),
SSL3_RANDOM_SIZE) <= 0
-@@ -1739,44 +1689,46 @@ MSG_PROCESS_RETURN tls_process_key_excha
+@@ -1739,44 +1691,46 @@ MSG_PROCESS_RETURN tls_process_key_excha
SSL3_RANDOM_SIZE) <= 0
|| EVP_VerifyUpdate(md_ctx, PACKET_data(¶ms),
PACKET_remaining(¶ms)) <= 0) {
@@ -169350,7 +172192,7 @@
ossl_statem_set_error(s);
return MSG_PROCESS_ERROR;
}
-@@ -1893,7 +1845,7 @@ MSG_PROCESS_RETURN tls_process_certifica
+@@ -1893,7 +1847,7 @@ MSG_PROCESS_RETURN tls_process_certifica
s->s3->tmp.ca_names = ca_sk;
ca_sk = NULL;
@@ -169359,7 +172201,7 @@
goto done;
err:
ossl_statem_set_error(s);
-@@ -1935,16 +1887,9 @@ MSG_PROCESS_RETURN tls_process_new_sessi
+@@ -1935,16 +1889,9 @@ MSG_PROCESS_RETURN tls_process_new_sessi
*/
if (i & SSL_SESS_CACHE_CLIENT) {
/*
@@ -169378,7 +172220,7 @@
}
if ((new_sess = ssl_session_dup(s->session, 0)) == 0) {
-@@ -1984,9 +1929,12 @@ MSG_PROCESS_RETURN tls_process_new_sessi
+@@ -1984,9 +1931,12 @@ MSG_PROCESS_RETURN tls_process_new_sessi
* elsewhere in OpenSSL. The session ID is set to the SHA256 (or SHA1 is
* SHA256 is disabled) hash of the ticket.
*/
@@ -169394,7 +172236,7 @@
return MSG_PROCESS_CONTINUE_READING;
f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
-@@ -2105,426 +2053,483 @@ MSG_PROCESS_RETURN tls_process_server_do
+@@ -2105,426 +2055,483 @@ MSG_PROCESS_RETURN tls_process_server_do
return MSG_PROCESS_FINISHED_READING;
}
@@ -169504,10 +172346,10 @@
unsigned char *pms = NULL;
size_t pmslen = 0;
- alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
--
+
- p = ssl_handshake_start(s);
-
-
+-
-#ifndef OPENSSL_NO_PSK
- if (alg_k & SSL_PSK) {
- int psk_err = 1;
@@ -169923,7 +172765,8 @@
+ SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER);
+ return 0;
+ }
-+
+
+- /* Otherwise, generate ephemeral key pair */
+ pkey_ctx = EVP_PKEY_CTX_new(X509_get0_pubkey(peer_cert), NULL);
+ if (pkey_ctx == NULL) {
+ *al = SSL_AD_INTERNAL_ERROR;
@@ -169936,16 +172779,6 @@
+ * certificate key for key exchange
+ */
-- /* Otherwise, generate ephemeral key pair */
-+ /* Otherwise, generate ephemeral key pair */
-+ pmslen = 32;
-+ pms = OPENSSL_malloc(pmslen);
-+ if (pms == NULL) {
-+ *al = SSL_AD_INTERNAL_ERROR;
-+ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, ERR_R_MALLOC_FAILURE);
-+ return 0;
-+ }
-
- if (pkey_ctx == NULL
- || EVP_PKEY_encrypt_init(pkey_ctx) <= 0
- /* Generate session key */
@@ -170018,6 +172851,17 @@
- (pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0) {
- /* Set flag "skip certificate verify" */
- s->s3->flags |= TLS1_FLAGS_SKIP_CERT_VERIFY;
+- }
+- EVP_PKEY_CTX_free(pkey_ctx);
++ /* Otherwise, generate ephemeral key pair */
++ pmslen = 32;
++ pms = OPENSSL_malloc(pmslen);
++ if (pms == NULL) {
++ *al = SSL_AD_INTERNAL_ERROR;
++ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, ERR_R_MALLOC_FAILURE);
++ return 0;
++ }
+
+ if (EVP_PKEY_encrypt_init(pkey_ctx) <= 0
+ /* Generate session key */
+ || RAND_bytes(pms, pmslen) <= 0) {
@@ -170036,10 +172880,8 @@
+ * * would be used
+ */
+ ERR_clear_error();
- }
-- EVP_PKEY_CTX_free(pkey_ctx);
--
- }
++ }
++ }
+ /*
+ * Compute shared IV and store it in algorithm-specific context
+ * data
@@ -170074,7 +172916,7 @@
+ *al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, SSL_R_LIBRARY_BUG);
+ goto err;
-+ }
+ }
+ if (msglen >= 0x80) {
+ *((*p)++) = 0x81;
+ *((*p)++) = msglen & 0xff;
@@ -170138,13 +172980,13 @@
+ } else {
+ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_SRP, ERR_R_INTERNAL_ERROR);
+ return 0;
-+ }
+ }
+ OPENSSL_free(s->session->srp_username);
+ s->session->srp_username = OPENSSL_strdup(s->srp_ctx.login);
+ if (s->session->srp_username == NULL) {
+ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_SRP, ERR_R_MALLOC_FAILURE);
+ return 0;
- }
++ }
+
+ return 1;
+#else
@@ -170233,7 +173075,7 @@
#ifndef OPENSSL_NO_PSK
OPENSSL_clear_free(s->s3->tmp.psk, s->s3->tmp.psklen);
s->s3->tmp.psk = NULL;
-@@ -2538,6 +2543,9 @@ int tls_client_key_exchange_post_work(SS
+@@ -2538,6 +2545,9 @@ int tls_client_key_exchange_post_work(SS
unsigned char *pms = NULL;
size_t pmslen = 0;
@@ -170243,7 +173085,7 @@
#ifndef OPENSSL_NO_SRP
/* Check for SRP */
if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) {
-@@ -2549,8 +2557,6 @@ int tls_client_key_exchange_post_work(SS
+@@ -2549,8 +2559,6 @@ int tls_client_key_exchange_post_work(SS
return 1;
}
#endif
@@ -170252,7 +173094,7 @@
if (pms == NULL && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
-@@ -2560,8 +2566,13 @@ int tls_client_key_exchange_post_work(SS
+@@ -2560,8 +2568,13 @@ int tls_client_key_exchange_post_work(SS
if (!ssl_generate_master_secret(s, pms, pmslen, 1)) {
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
SSLerr(SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK, ERR_R_INTERNAL_ERROR);
@@ -179105,6 +181947,33 @@
*/
#include <string.h>
+@@ -400,7 +352,7 @@ int main(void)
+ outbio = BIO_new(BIO_s_mem());
+ if (outbio == NULL)
+ goto err;
+- SSL_set_wbio(ssl, outbio);
++ SSL_set0_wbio(ssl, outbio);
+
+ success = 1;
+ for (i = 0; i < (long)OSSL_NELEM(testpackets) && success; i++) {
+@@ -413,7 +365,7 @@ int main(void)
+ /* Set Non-blocking IO behaviour */
+ BIO_set_mem_eof_return(inbio, -1);
+
+- SSL_set_rbio(ssl, inbio);
++ SSL_set0_rbio(ssl, inbio);
+
+ /* Process the incoming packet */
+ ret = DTLSv1_listen(ssl, peer);
+@@ -452,7 +404,7 @@ int main(void)
+ (void)BIO_reset(outbio);
+ inbio = NULL;
+ /* Frees up inbio */
+- SSL_set_rbio(ssl, NULL);
++ SSL_set0_rbio(ssl, NULL);
+ }
+
+ err:
--- a/test/dummytest.c
+++ /dev/null
@@ -1,57 +0,0 @@
@@ -180625,7 +183494,7 @@
{
if (where & SSL_CB_ALERT) {
HANDSHAKE_EX_DATA *ex_data =
-@@ -40,22 +75,344 @@ static void info_callback(const SSL *s,
+@@ -40,22 +75,347 @@ static void info_callback(const SSL *s,
}
}
@@ -180718,6 +183587,7 @@
+ return 0;
+}
+
++#ifndef OPENSSL_NO_NEXTPROTONEG
+/* Parse the comma-separated list into TLS format. */
+static void parse_protos(const char *protos, unsigned char **out, size_t *outlen)
+{
@@ -180814,8 +183684,8 @@
+ return ret == OPENSSL_NPN_NEGOTIATED ? SSL_TLSEXT_ERR_OK
+ : SSL_TLSEXT_ERR_NOACK;
+}
++#endif
+
-+
+/*
+ * Configure callbacks and other properties that can't be set directly
+ * in the server/client CONF.
@@ -180869,6 +183739,7 @@
+ if (test_ctx->session_ticket_expected == SSL_TEST_SESSION_TICKET_BROKEN) {
+ SSL_CTX_set_tlsext_ticket_key_cb(server_ctx, broken_session_ticket_cb);
+ }
++#ifndef OPENSSL_NO_NEXTPROTONEG
+ if (test_ctx->server_npn_protocols != NULL) {
+ parse_protos(test_ctx->server_npn_protocols,
+ &server_ctx_data->npn_protocols,
@@ -180914,6 +183785,7 @@
+ alpn_protos_len) == 0);
+ OPENSSL_free(alpn_protos);
+ }
++#endif
+ /*
+ * Use fixed session ticket keys so that we can decrypt a ticket created with
+ * one CTX in another CTX. Don't address server2 for the moment.
@@ -180973,11 +183845,12 @@
} else {
int error = SSL_get_error(ssl, ret);
/* Memory bios should never block with SSL_ERROR_WANT_WRITE. */
-@@ -139,24 +496,63 @@ static handshake_status_t handshake_stat
+@@ -139,24 +499,67 @@ static handshake_status_t handshake_stat
return INTERNAL_ERROR;
}
-HANDSHAKE_RESULT do_handshake(SSL_CTX *server_ctx, SSL_CTX *client_ctx)
++#ifndef OPENSSL_NO_NEXTPROTONEG
+/* Convert unsigned char buf's that shouldn't contain any NUL-bytes to char. */
+static char *dup_str(const unsigned char *in, size_t len)
+{
@@ -180992,6 +183865,7 @@
+ OPENSSL_assert(ret != NULL);
+ return ret;
+}
++#endif
+
+static HANDSHAKE_RESULT *do_handshake_internal(
+ SSL_CTX *server_ctx, SSL_CTX *server2_ctx, SSL_CTX *client_ctx,
@@ -181011,9 +183885,11 @@
+ unsigned char* tick = NULL;
+ size_t tick_len = 0;
+ SSL_SESSION* sess = NULL;
++#ifndef OPENSSL_NO_NEXTPROTONEG
+ const unsigned char *proto = NULL;
+ /* API dictates unsigned int rather than size_t. */
+ unsigned int proto_len = 0;
++#endif
+
+ memset(&server_ctx_data, 0, sizeof(server_ctx_data));
+ memset(&server2_ctx_data, 0, sizeof(server2_ctx_data));
@@ -181042,7 +183918,7 @@
client_to_server = BIO_new(BIO_s_mem());
server_to_client = BIO_new(BIO_s_mem());
-@@ -184,8 +580,8 @@ HANDSHAKE_RESULT do_handshake(SSL_CTX *s
+@@ -184,8 +587,8 @@ HANDSHAKE_RESULT do_handshake(SSL_CTX *s
OPENSSL_assert(SSL_set_ex_data(client, ex_data_idx,
&client_ex_data) == 1);
@@ -181053,7 +183929,7 @@
/*
* Half-duplex handshake loop.
-@@ -197,27 +593,34 @@ HANDSHAKE_RESULT do_handshake(SSL_CTX *s
+@@ -197,27 +600,34 @@ HANDSHAKE_RESULT do_handshake(SSL_CTX *s
*/
for(;;) {
if (client_turn) {
@@ -181095,7 +183971,7 @@
goto err;
case HANDSHAKE_RETRY:
/* Continue. */
-@@ -226,14 +629,73 @@ HANDSHAKE_RESULT do_handshake(SSL_CTX *s
+@@ -226,14 +636,75 @@ HANDSHAKE_RESULT do_handshake(SSL_CTX *s
}
}
err:
@@ -181120,6 +183996,7 @@
+ ret->session_ticket = SSL_TEST_SESSION_TICKET_YES;
+ ret->session_ticket_do_not_call = server_ex_data.session_ticket_do_not_call;
+
++#ifndef OPENSSL_NO_NEXTPROTONEG
+ SSL_get0_next_proto_negotiated(client, &proto, &proto_len);
+ ret->client_npn_negotiated = dup_str(proto, proto_len);
+
@@ -181131,6 +184008,7 @@
+
+ SSL_get0_alpn_selected(server, &proto, &proto_len);
+ ret->server_alpn_negotiated = dup_str(proto, proto_len);
++#endif
+
+ ret->client_resumed = SSL_session_reused(client);
+ ret->server_resumed = SSL_session_reused(server);
@@ -185084,24 +187962,26 @@
use OpenSSL::Test qw/:DEFAULT srctop_dir srctop_file/;
use OpenSSL::Test::Utils qw/disabled alldisabled available_protocols/;
-@@ -13,31 +21,54 @@ setup("test_ssl_new");
+@@ -13,31 +21,55 @@ setup("test_ssl_new");
$ENV{TEST_CERTS_DIR} = srctop_dir("test", "certs");
-my @conf_srcs = glob(srctop_file("test", "ssl-tests", "*.conf"));
-my @conf_files = map {basename($_)} @conf_srcs;
--
++my @conf_srcs = glob(srctop_file("test", "ssl-tests", "*.conf.in"));
++map { s/;.*// } @conf_srcs if $^O eq "VMS";
++my @conf_files = map { basename($_) } @conf_srcs;
++map { s/\.in// } @conf_files;
+
-# 02-protocol-version.conf test results depend on the configuration of enabled
-# protocols. We only verify generated sources in the default configuration.
-my $is_default = (disabled("ssl3") && !disabled("tls1") &&
- !disabled("tls1_1") && !disabled("tls1_2"));
--
++# We hard-code the number of tests to double-check that the globbing above
++# finds all files as expected.
++plan tests => 11; # = scalar @conf_srcs
+
-my %conf_dependent_tests = ("02-protocol-version.conf" => 1);
-+my @conf_srcs = glob(srctop_file("test", "ssl-tests", "*.conf.in"));
-+map { s/;.*// } @conf_srcs if $^O eq "VMS";
-+my @conf_files = map { basename($_) } @conf_srcs;
-+map { s/\.in// } @conf_files;
-+
+# Some test results depend on the configuration of enabled protocols. We only
+# verify generated sources in the default configuration.
+my $is_default_tls = (disabled("ssl3") && !disabled("tls1") &&
@@ -185125,6 +188005,7 @@
+my %skip = (
+ "07-dtls-protocol-version.conf" => $no_dtls,
+ "08-npn.conf" => $no_tls || $no_npn,
++ "09-alpn.conf" => $no_tls || $no_npn,
+ "10-resumption.conf" => disabled("tls1_1") || disabled("tls1_2"),
+ "11-dtls_resumption.conf" => disabled("dtls1") || disabled("dtls1_2"),
+);
@@ -185134,15 +188015,14 @@
test_conf($conf,
- $conf_dependent_tests{$conf} || $^O eq "VMS" ? 0 : 1);
+ $conf_dependent_tests{$conf} || $^O eq "VMS" ? 0 : 1,
-+ $skip{$conf} || $no_tls);
++ defined($skip{$conf}) ? $skip{$conf} : $no_tls);
}
}
- # We hard-code the number of tests to double-check that the globbing above
- # finds all files as expected.
+-# We hard-code the number of tests to double-check that the globbing above
+-# finds all files as expected.
-plan tests => 2; # = scalar @conf_files
-+plan tests => 11; # = scalar @conf_srcs
-
+-
sub test_conf {
plan tests => 3;
@@ -185151,7 +188031,7 @@
my $conf_file = srctop_file("test", "ssl-tests", $conf);
my $tmp_file = "${conf}.$$.tmp";
-@@ -63,8 +94,7 @@ sub test_conf {
+@@ -63,8 +95,7 @@ sub test_conf {
}
# Test 3. Run the test.
@@ -187022,6 +189902,13 @@
+ fprintf(stderr, "\nFatal EVP error!\n");
+ return 1;
}
+--- a/test/smcont.txt
++++ b/test/smcont.txt
+@@ -1 +1 @@
+-Some test content for OpenSSL CMS
+\ No newline at end of file
++Somewhat longer test content for OpenSSL CMS utility to handle, and a bit longer...
+\ No newline at end of file
--- a/test/smime-certs/mksmime-certs.sh
+++ b/test/smime-certs/mksmime-certs.sh
@@ -1,4 +1,11 @@
@@ -200012,7 +202899,7 @@
/* return 0; */
}
-@@ -85,92 +85,211 @@ static int check_alerts(HANDSHAKE_RESULT
+@@ -85,92 +85,215 @@ static int check_alerts(HANDSHAKE_RESULT
* (s->s3->send_alert[0] << 8) | s->s3->send_alert[1]
* where the low byte is the alert code and the high byte is other stuff.
*/
@@ -200091,6 +202978,7 @@
+ return 1;
+}
+
++#ifndef OPENSSL_NO_NEXTPROTONEG
+static int check_npn(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
+{
+ int ret = 1;
@@ -200114,6 +203002,7 @@
+ result->client_alpn_negotiated);
+ return ret;
+}
++#endif
+
+static int check_resumption(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
+{
@@ -200147,8 +203036,10 @@
+ ret &= check_servername(result, test_ctx);
+ ret &= check_session_ticket(result, test_ctx);
+ ret &= (result->session_ticket_do_not_call == 0);
++#ifndef OPENSSL_NO_NEXTPROTONEG
+ ret &= check_npn(result, test_ctx);
+ ret &= check_alpn(result, test_ctx);
++#endif
+ ret &= check_resumption(result, test_ctx);
+ }
return ret;
@@ -200606,7 +203497,7 @@
/*
* Since these methods are used to create tests, we use OPENSSL_assert liberally
* for malloc failures and other internal errors.
-@@ -153,12 +393,20 @@ SSL_TEST_CTX *SSL_TEST_CTX_new()
+@@ -153,12 +393,22 @@ SSL_TEST_CTX *SSL_TEST_CTX_new()
SSL_TEST_CTX *ret;
ret = OPENSSL_zalloc(sizeof(*ret));
OPENSSL_assert(ret != NULL);
@@ -200617,6 +203508,7 @@
void SSL_TEST_CTX_free(SSL_TEST_CTX *ctx)
{
+
++#ifndef OPENSSL_NO_NEXTPROTONEG
+ OPENSSL_free(ctx->client_npn_protocols);
+ OPENSSL_free(ctx->server_npn_protocols);
+ OPENSSL_free(ctx->server2_npn_protocols);
@@ -200625,6 +203517,7 @@
+ OPENSSL_free(ctx->server2_alpn_protocols);
+ OPENSSL_free(ctx->expected_npn_protocol);
+ OPENSSL_free(ctx->expected_alpn_protocol);
++#endif
OPENSSL_free(ctx);
}
@@ -200700,7 +203593,7 @@
typedef struct ssl_test_ctx {
/* Test expectations. */
/* Defaults to SUCCESS. */
-@@ -34,11 +73,53 @@ typedef struct ssl_test_ctx {
+@@ -34,11 +73,55 @@ typedef struct ssl_test_ctx {
/* Negotiated protocol version. 0 if no expectation. */
/* See ssl.h for protocol versions. */
int protocol;
@@ -200723,6 +203616,7 @@
+ ssl_session_ticket_t session_ticket_expected;
+ /* Whether the server/client CTX should use DTLS or TLS. */
+ ssl_test_method_t method;
++
+ /*
+ * NPN and ALPN protocols supported by the client, server, and second
+ * (SNI) server. A comma-separated list.
@@ -200735,6 +203629,7 @@
+ char *server_alpn_protocols;
+ char *server2_alpn_protocols;
+ char *expected_alpn_protocol;
++
+ /* Whether to test a resumed/renegotiated handshake. */
+ ssl_handshake_mode_t handshake_mode;
+ /* Whether the second handshake is resumed or a full handshake (boolean). */
@@ -200780,7 +203675,7 @@
#include "e_os.h"
#include "ssl_test_ctx.h"
-@@ -37,29 +37,100 @@ static int SSL_TEST_CTX_equal(SSL_TEST_C
+@@ -37,29 +37,102 @@ static int SSL_TEST_CTX_equal(SSL_TEST_C
{
if (ctx->expected_result != ctx2->expected_result) {
fprintf(stderr, "ExpectedResult mismatch: %s vs %s.\n",
@@ -200844,6 +203739,7 @@
+ ssl_session_ticket_name(ctx2->session_ticket_expected));
+ return 0;
+ }
++#ifndef OPENSSL_NO_NEXTPROTONEG
+ if (!strings_equal("ClientNPNProtocols", ctx->client_npn_protocols,
+ ctx2->client_npn_protocols))
+ return 0;
@@ -200875,6 +203771,7 @@
+ if (!strings_equal("ExpectedALPNProtocol", ctx->expected_alpn_protocol,
+ ctx2->expected_alpn_protocol))
+ return 0;
++#endif
+ if (ctx->handshake_mode != ctx2->handshake_mode) {
+ fprintf(stderr, "HandshakeMode mismatch: %s vs %s.\n",
+ ssl_handshake_mode_name(ctx->handshake_mode),
@@ -200889,7 +203786,7 @@
return 1;
}
-@@ -136,6 +207,19 @@ static int test_good_configuration()
+@@ -136,6 +209,21 @@ static int test_good_configuration()
fixture.expected_ctx->client_alert = SSL_AD_UNKNOWN_CA;
fixture.expected_ctx->server_alert = 0; /* No alert. */
fixture.expected_ctx->protocol = TLS1_1_VERSION;
@@ -200900,16 +203797,18 @@
+ SSL_TEST_SERVERNAME_IGNORE_MISMATCH;
+ fixture.expected_ctx->session_ticket_expected = SSL_TEST_SESSION_TICKET_YES;
+ fixture.expected_ctx->method = SSL_TEST_METHOD_DTLS;
++#ifndef OPENSSL_NO_NEXTPROTONEG
+ fixture.expected_ctx->client_npn_protocols = OPENSSL_strdup("foo,bar");
+ fixture.expected_ctx->server2_alpn_protocols = OPENSSL_strdup("baz");
+ OPENSSL_assert(fixture.expected_ctx->client_npn_protocols != NULL);
+ OPENSSL_assert(fixture.expected_ctx->server2_alpn_protocols != NULL);
++#endif
+ fixture.expected_ctx->handshake_mode = SSL_TEST_HANDSHAKE_RESUME;
+ fixture.expected_ctx->resumption_expected = 1;
EXECUTE_SSL_TEST_CTX_TEST();
}
-@@ -144,6 +228,13 @@ static const char *bad_configurations[]
+@@ -144,6 +232,13 @@ static const char *bad_configurations[]
"ssltest_unknown_expected_result",
"ssltest_unknown_alert",
"ssltest_unknown_protocol",
@@ -200969,7 +203868,7 @@
+ResumptionExpected = Foo
--- /dev/null
+++ b/test/sslapitest.c
-@@ -0,0 +1,361 @@
+@@ -0,0 +1,601 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
@@ -201273,7 +204172,8 @@
+ return testresult;
+}
+
-+static int test_session_with_only_int_cache(void) {
++static int test_session_with_only_int_cache(void)
++{
+ SETUP_TEST_FIXTURE(SSL_SESSION_TEST_FIXTURE, ssl_session_set_up);
+
+ fixture.use_ext_cache = 0;
@@ -201281,7 +204181,8 @@
+ EXECUTE_TEST(execute_test_session, ssl_session_tear_down);
+}
+
-+static int test_session_with_only_ext_cache(void) {
++static int test_session_with_only_ext_cache(void)
++{
+ SETUP_TEST_FIXTURE(SSL_SESSION_TEST_FIXTURE, ssl_session_set_up);
+
+ fixture.use_int_cache = 0;
@@ -201289,12 +204190,245 @@
+ EXECUTE_TEST(execute_test_session, ssl_session_tear_down);
+}
+
-+static int test_session_with_both_cache(void) {
++static int test_session_with_both_cache(void)
++{
+ SETUP_TEST_FIXTURE(SSL_SESSION_TEST_FIXTURE, ssl_session_set_up);
+
+ EXECUTE_TEST(execute_test_session, ssl_session_tear_down);
+}
+
++#define USE_NULL 0
++#define USE_BIO_1 1
++#define USE_BIO_2 2
++
++#define TOTAL_SSL_SET_BIO_TESTS (3 * 3 * 3 * 3)
++
++static void setupbio(BIO **res, BIO *bio1, BIO *bio2, int type)
++{
++ switch (type) {
++ case USE_NULL:
++ *res = NULL;
++ break;
++ case USE_BIO_1:
++ *res = bio1;
++ break;
++ case USE_BIO_2:
++ *res = bio2;
++ break;
++ }
++}
++
++static int test_ssl_set_bio(int idx)
++{
++ SSL_CTX *ctx = SSL_CTX_new(TLS_method());
++ BIO *bio1 = NULL;
++ BIO *bio2 = NULL;
++ BIO *irbio = NULL, *iwbio = NULL, *nrbio = NULL, *nwbio = NULL;
++ SSL *ssl = NULL;
++ int initrbio, initwbio, newrbio, newwbio;
++ int testresult = 0;
++
++ if (ctx == NULL) {
++ printf("Failed to allocate SSL_CTX\n");
++ goto end;
++ }
++
++ ssl = SSL_new(ctx);
++ if (ssl == NULL) {
++ printf("Failed to allocate SSL object\n");
++ goto end;
++ }
++
++ initrbio = idx % 3;
++ idx /= 3;
++ initwbio = idx % 3;
++ idx /= 3;
++ newrbio = idx % 3;
++ idx /= 3;
++ newwbio = idx;
++ OPENSSL_assert(newwbio <= 2);
++
++ if (initrbio == USE_BIO_1 || initwbio == USE_BIO_1 || newrbio == USE_BIO_1
++ || newwbio == USE_BIO_1) {
++ bio1 = BIO_new(BIO_s_mem());
++ if (bio1 == NULL) {
++ printf("Failed to allocate bio1\n");
++ goto end;
++ }
++ }
++
++ if (initrbio == USE_BIO_2 || initwbio == USE_BIO_2 || newrbio == USE_BIO_2
++ || newwbio == USE_BIO_2) {
++ bio2 = BIO_new(BIO_s_mem());
++ if (bio2 == NULL) {
++ printf("Failed to allocate bio2\n");
++ goto end;
++ }
++ }
++
++ setupbio(&irbio, bio1, bio2, initrbio);
++ setupbio(&iwbio, bio1, bio2, initwbio);
++
++ /*
++ * We want to maintain our own refs to these BIO, so do an up ref for each
++ * BIO that will have ownersip transferred in the SSL_set_bio() call
++ */
++ if (irbio != NULL)
++ BIO_up_ref(irbio);
++ if (iwbio != NULL && iwbio != irbio)
++ BIO_up_ref(iwbio);
++
++ SSL_set_bio(ssl, irbio, iwbio);
++
++ setupbio(&nrbio, bio1, bio2, newrbio);
++ setupbio(&nwbio, bio1, bio2, newwbio);
++
++ /*
++ * We will (maybe) transfer ownership again so do more up refs.
++ * SSL_set_bio() has some really complicated ownership rules where BIOs have
++ * already been set!
++ */
++ if (nrbio != NULL && nrbio != irbio && (nwbio != iwbio || nrbio != nwbio))
++ BIO_up_ref(nrbio);
++ if (nwbio != NULL && nwbio != nrbio && (nwbio != iwbio || (nwbio == iwbio && irbio == iwbio)))
++ BIO_up_ref(nwbio);
++
++ SSL_set_bio(ssl, nrbio, nwbio);
++
++ testresult = 1;
++
++ end:
++ SSL_free(ssl);
++ BIO_free(bio1);
++ BIO_free(bio2);
++ /*
++ * This test is checking that the ref counting for SSL_set_bio is correct.
++ * If we get here and we did too many frees then we will fail in the above
++ * functions. If we haven't done enough then this will only be detected in
++ * a crypto-mdebug build
++ */
++ SSL_CTX_free(ctx);
++
++ return testresult;
++}
++
++typedef struct ssl_bio_test_fixture {
++ const char *test_case_name;
++ int pop_ssl;
++ enum { NO_BIO_CHANGE, CHANGE_RBIO, CHANGE_WBIO } change_bio;
++} SSL_BIO_TEST_FIXTURE;
++
++static SSL_BIO_TEST_FIXTURE ssl_bio_set_up(const char *const test_case_name)
++{
++ SSL_BIO_TEST_FIXTURE fixture;
++
++ fixture.test_case_name = test_case_name;
++ fixture.pop_ssl = 0;
++
++ return fixture;
++}
++
++static void ssl_bio_tear_down(SSL_BIO_TEST_FIXTURE fixture)
++{
++}
++
++static int execute_test_ssl_bio(SSL_BIO_TEST_FIXTURE fix)
++{
++ BIO *sslbio = NULL, *membio1 = NULL, *membio2 = NULL;
++ SSL_CTX *ctx = SSL_CTX_new(TLS_method());
++ SSL *ssl = NULL;
++ int testresult = 0;
++
++ if (ctx == NULL) {
++ printf("Failed to allocate SSL_CTX\n");
++ return 0;
++ }
++
++ ssl = SSL_new(ctx);
++ if (ssl == NULL) {
++ printf("Failed to allocate SSL object\n");
++ goto end;
++ }
++
++ sslbio = BIO_new(BIO_f_ssl());
++ membio1 = BIO_new(BIO_s_mem());
++
++ if (sslbio == NULL || membio1 == NULL) {
++ printf("Malloc failure creating BIOs\n");
++ goto end;
++ }
++
++ BIO_set_ssl(sslbio, ssl, BIO_CLOSE);
++
++ /*
++ * If anything goes wrong here then we could leak memory, so this will
++ * be caught in a crypto-mdebug build
++ */
++ BIO_push(sslbio, membio1);
++
++ /* Verify chaning the rbio/wbio directly does not cause leaks */
++ if (fix.change_bio != NO_BIO_CHANGE) {
++ membio2 = BIO_new(BIO_s_mem());
++ if (membio2 == NULL) {
++ printf("Malloc failure creating membio2\n");
++ goto end;
++ }
++ if (fix.change_bio == CHANGE_RBIO)
++ SSL_set0_rbio(ssl, membio2);
++ else
++ SSL_set0_wbio(ssl, membio2);
++ }
++ ssl = NULL;
++
++ if (fix.pop_ssl)
++ BIO_pop(sslbio);
++ else
++ BIO_pop(membio1);
++
++ testresult = 1;
++ end:
++ BIO_free(membio1);
++ BIO_free(sslbio);
++ SSL_free(ssl);
++ SSL_CTX_free(ctx);
++
++ return testresult;
++}
++
++static int test_ssl_bio_pop_next_bio(void)
++{
++ SETUP_TEST_FIXTURE(SSL_BIO_TEST_FIXTURE, ssl_bio_set_up);
++
++ EXECUTE_TEST(execute_test_ssl_bio, ssl_bio_tear_down);
++}
++
++static int test_ssl_bio_pop_ssl_bio(void)
++{
++ SETUP_TEST_FIXTURE(SSL_BIO_TEST_FIXTURE, ssl_bio_set_up);
++
++ fixture.pop_ssl = 1;
++
++ EXECUTE_TEST(execute_test_ssl_bio, ssl_bio_tear_down);
++}
++
++static int test_ssl_bio_change_rbio(void)
++{
++ SETUP_TEST_FIXTURE(SSL_BIO_TEST_FIXTURE, ssl_bio_set_up);
++
++ fixture.change_bio = CHANGE_RBIO;
++
++ EXECUTE_TEST(execute_test_ssl_bio, ssl_bio_tear_down);
++}
++
++static int test_ssl_bio_change_wbio(void)
++{
++ SETUP_TEST_FIXTURE(SSL_BIO_TEST_FIXTURE, ssl_bio_set_up);
++
++ fixture.change_bio = CHANGE_WBIO;
++
++ EXECUTE_TEST(execute_test_ssl_bio, ssl_bio_tear_down);
++}
++
+int main(int argc, char *argv[])
+{
+ BIO *err = NULL;
@@ -201317,6 +204451,11 @@
+ ADD_TEST(test_session_with_only_int_cache);
+ ADD_TEST(test_session_with_only_ext_cache);
+ ADD_TEST(test_session_with_both_cache);
++ ADD_ALL_TESTS(test_ssl_set_bio, TOTAL_SSL_SET_BIO_TESTS);
++ ADD_TEST(test_ssl_bio_pop_next_bio);
++ ADD_TEST(test_ssl_bio_pop_ssl_bio);
++ ADD_TEST(test_ssl_bio_change_rbio);
++ ADD_TEST(test_ssl_bio_change_wbio);
+
+ testresult = run_tests(argv[0]);
+
@@ -207568,7 +210707,7 @@
PKCS8_pkey_get0_attrs 3907 1_1_0 EXIST::FUNCTION:
PKCS8_pkey_add1_attr_by_NID 3908 1_1_0 EXIST::FUNCTION:
ASYNC_is_capable 3909 1_1_0 EXIST::FUNCTION:
-@@ -4194,16 +4123,69 @@ DH_meth_set_generate_key
+@@ -4194,16 +4123,70 @@ DH_meth_set_generate_key
DH_meth_free 4068 1_1_0 EXIST::FUNCTION:DH
DH_meth_get_generate_key 4069 1_1_0 EXIST::FUNCTION:DH
DH_set_flags 4070 1_1_0 EXIST::FUNCTION:DH
@@ -207645,6 +210784,7 @@
+X509_STORE_lock 4134 1_1_0 EXIST::FUNCTION:
+X509_set_proxy_pathlen 4135 1_1_0 EXIST::FUNCTION:
+X509_get_proxy_pathlen 4136 1_1_0 EXIST::FUNCTION:
++DSA_bits 4137 1_1_0 EXIST::FUNCTION:DSA
--- a/util/libssl.num
+++ b/util/libssl.num
@@ -7,7 +7,6 @@ SSL_CTX_set_srp_client_pwd_callback
@@ -207655,6 +210795,24 @@
SSL_SESSION_get0_ticket 11 1_1_0 EXIST::FUNCTION:
SSL_get1_supported_ciphers 12 1_1_0 EXIST::FUNCTION:
SSL_state_string_long 13 1_1_0 EXIST::FUNCTION:
+@@ -157,7 +156,7 @@ SSL_CTX_set_tmp_dh_callback
+ SSL_CTX_get_default_passwd_cb 157 1_1_0 EXIST::FUNCTION:
+ TLSv1_server_method 158 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,TLS1_METHOD
+ DTLS_server_method 159 1_1_0 EXIST::FUNCTION:
+-SSL_set_rbio 160 1_1_0 EXIST::FUNCTION:
++SSL_set0_rbio 160 1_1_0 EXIST::FUNCTION:
+ SSL_CTX_set_options 161 1_1_0 EXIST::FUNCTION:
+ SSL_set_msg_callback 162 1_1_0 EXIST::FUNCTION:
+ SSL_CONF_CTX_free 163 1_1_0 EXIST::FUNCTION:
+@@ -237,7 +236,7 @@ DTLSv1_server_method
+ SSL_set_fd 237 1_1_0 EXIST::FUNCTION:SOCK
+ SSL_use_certificate 238 1_1_0 EXIST::FUNCTION:
+ DTLSv1_method 239 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,DTLS1_METHOD
+-SSL_set_wbio 240 1_1_0 EXIST::FUNCTION:
++SSL_set0_wbio 240 1_1_0 EXIST::FUNCTION:
+ SSL_read 241 1_1_0 EXIST::FUNCTION:
+ SSL_CTX_get_options 242 1_1_0 EXIST::FUNCTION:
+ SSL_CTX_set_ssl_version 243 1_1_0 EXIST::FUNCTION:
@@ -394,3 +393,10 @@ SSL_enable_ct
SSL_CTX_enable_ct 394 1_1_0 EXIST::FUNCTION:CT
SSL_CTX_get_ciphers 395 1_1_0 EXIST::FUNCTION:
Modified: openssl/branches/1.1.0/debian/rules
===================================================================
--- openssl/branches/1.1.0/debian/rules 2016-07-29 22:02:21 UTC (rev 815)
+++ openssl/branches/1.1.0/debian/rules 2016-08-02 20:05:58 UTC (rev 816)
@@ -118,7 +118,7 @@
dh_testroot
dh_clean
dh_installdirs
- $(MAKE) -f Makefile install DESTDIR=`pwd`/debian/tmp -j1
+ $(MAKE) -f Makefile install DESTDIR=`pwd`/debian/tmp
binary-indep: build install
dh_testdir
More information about the Pkg-openssl-changes
mailing list