tacit/minix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

crypto/external/bsd/openssl - Update to OpenSSL 1.0.2k.

Browse Source 
Syncs with NetBSD-8
This commit is contained in:
Sevan Janiyan 2018-11-11 15:29:04 +00:00
parent 2529152f60
commit 58304d326a
1529 changed files with 236043 additions and 42158 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
crypto/external/Makefile vendored
View File

@ -1,10 +1,8 @@
# $NetBSD: Makefile,v 1.3 2013/02/12 20:55:37 christos Exp $
# $NetBSD: Makefile,v 1.4 2017/05/21 15:28:37 riastradh Exp $
.include <bsd.own.mk>
.if (${MKCRYPTO} != "no")
#MINIX: Not yet imported: cpl
SUBDIR+= bsd
.endif
.include <bsd.subdir.mk>

14
crypto/external/bsd/openssl/bin/Makefile vendored
View File

@ -1,4 +1,4 @@
# $NetBSD: Makefile,v 1.6 2012/07/13 19:32:51 christos Exp $
# $NetBSD: Makefile,v 1.7 2017/05/21 14:20:44 riastradh Exp $
WARNS?= 2 # XXX -Wcast-qual
@ -10,7 +10,7 @@ BINDIR=/usr/bin
USE_FORT?= yes # cryptographic software
# RCSid:
# $Id: Makefile,v 1.6 2012/07/13 19:32:51 christos Exp $
# $Id: Makefile,v 1.7 2017/05/21 14:20:44 riastradh Exp $
#
# @(#) Copyright (c) 1995 Simon J. Gerraty
#
@ -40,16 +40,6 @@ SRCS+= verify.c asn1pars.c req.c dgst.c dh.c dhparam.c enc.c passwd.c gendh.c er
CPPFLAGS+= -DMONOLITH -DUSE_SSL -I${OPENSSLSRC}
# with normal OpenSSL, OPENSSL_NO_RC5 changes ABI due to change in
# struct/union. we nuked it in our header files and it is now safe.
.if ${MKCRYPTO_RC5} == "no"
CPPFLAGS+= -DOPENSSL_NO_RC5
.else
LDADD+= -lcrypto_rc5
DPADD+= ${LIBCRYPTO_RC5}
.endif
# this must be _after_ the libcrypto_rc5/libcrypto_idea entries.
LDADD+= -lssl -lcrypto -lcrypt
DPADD+= ${LIBSSL} ${LIBCRYPTO} ${LIBCRYPT}

32
crypto/external/bsd/openssl/dist/ACKNOWLEDGMENTS vendored
View File

@ -1,30 +1,2 @@
The OpenSSL project depends on volunteer efforts and financial support from
the end user community. That support comes in the form of donations and paid
sponsorships, software support contracts, paid consulting services
and commissioned software development.
Since all these activities support the continued development and improvement
of OpenSSL we consider all these clients and customers as sponsors of the
OpenSSL project.
We would like to identify and thank the following such sponsors for their past
or current significant support of the OpenSSL project:
Major support:
Qualys http://www.qualys.com/
Very significant support:
OpenGear: http://www.opengear.com/
Significant support:
PSW Group: http://www.psw.net/
Acano Ltd. http://acano.com/
Please note that we ask permission to identify sponsors and that some sponsors
we consider eligible for inclusion here have requested to remain anonymous.
Additional sponsorship or financial support is always welcome: for more
information please contact the OpenSSL Software Foundation.
Please https://www.openssl.org/community/thanks.html for the current
acknowledgements.

1189
crypto/external/bsd/openssl/dist/CHANGES vendored
View File

File diff suppressed because it is too large Load Diff

54
crypto/external/bsd/openssl/dist/CONTRIBUTING vendored Normal file
View File

@ -0,0 +1,54 @@
HOW TO CONTRIBUTE PATCHES TO OpenSSL
------------------------------------
(Please visit https://www.openssl.org/community/getting-started.html for
other ideas about how to contribute.)
Development is coordinated on the openssl-dev mailing list (see the
above link or https://mta.openssl.org for information on subscribing).
If you are unsure as to whether a feature will be useful for the general
OpenSSL community you might want to discuss it on the openssl-dev mailing
list first. Someone may be already working on the same thing or there
may be a good reason as to why that feature isn't implemented.
To submit a patch, make a pull request on GitHub. If you think the patch
could use feedback from the community, please start a thread on openssl-dev
to discuss it.
Having addressed the following items before the PR will help make the
acceptance and review process faster:
1. Anything other than trivial contributions will require a contributor
licensing agreement, giving us permission to use your code. See
https://www.openssl.org/policies/cla.html for details.
2. All source files should start with the following text (with
appropriate comment characters at the start of each line and the
year(s) updated):
Copyright 20xx-20yy The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
https://www.openssl.org/source/license.html
3. Patches should be as current as possible; expect to have to rebase
often. We do not accept merge commits; You will be asked to remove
them before a patch is considered acceptable.
4. Patches should follow our coding style (see
https://www.openssl.org/policies/codingstyle.html) and compile without
warnings. Where gcc or clang is availble you should use the
--strict-warnings Configure option. OpenSSL compiles on many varied
platforms: try to ensure you only use portable features.
Clean builds via Travis and AppVeyor are expected, and done whenever
a PR is created or updated.
5. When at all possible, patches should include tests. These can
either be added to an existing test, or completely new. Please see
test/README for information on the test framework.
6. New features or changed functionality must include
documentation. Please look at the "pod" files in doc/apps, doc/crypto
and doc/ssl for examples of our style.

321
crypto/external/bsd/openssl/dist/Configure vendored
View File

@ -7,6 +7,7 @@ eval 'exec perl -S $0 ${1+"$@"}'
require 5.000;
use strict;
use File::Compare;
# see INSTALL for instructions.
@ -57,8 +58,13 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimenta
# zlib-dynamic Like "zlib", but the zlib library is expected to be a shared
# library and will be loaded in run-time by the OpenSSL library.
# sctp include SCTP support
# 386 generate 80386 code
# no-sse2 disables IA-32 SSE2 code, above option implies no-sse2
# enable-weak-ssl-ciphers
# Enable EXPORT and LOW SSLv3 ciphers that are disabled by
# default. Note, weak SSLv2 ciphers are unconditionally
# disabled.
# 386 generate 80386 code in assembly modules
# no-sse2 disables IA-32 SSE2 code in assembly modules, the above
# mentioned '386' option implies this one
# no-<cipher> build without specified algorithm (rsa, idea, rc5, ...)
# -<xxx> +<xxx> compiler options are passed through
#
@ -105,6 +111,28 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimenta
my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED";
# TODO(openssl-team): fix problems and investigate if (at least) the following
# warnings can also be enabled:
# -Wconditional-uninitialized, -Wswitch-enum, -Wunused-macros,
# -Wmissing-field-initializers, -Wmissing-variable-declarations,
# -Wincompatible-pointer-types-discards-qualifiers, -Wcast-align,
# -Wunreachable-code -Wunused-parameter -Wlanguage-extension-token
# -Wextended-offsetof
my $clang_disabled_warnings = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof";
# These are used in addition to $gcc_devteam_warn when the compiler is clang.
# TODO(openssl-team): fix problems and investigate if (at least) the
# following warnings can also be enabled: -Wconditional-uninitialized,
# -Wswitch-enum, -Wunused-macros, -Wmissing-field-initializers,
# -Wmissing-variable-declarations,
# -Wincompatible-pointer-types-discards-qualifiers, -Wcast-align,
# -Wunreachable-code -Wunused-parameter -Wlanguage-extension-token
# -Wextended-offsetof
my $clang_devteam_warn = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Qunused-arguments";
# Warn that "make depend" should be run?
my $warn_make_depend = 0;
my $strict_warnings = 0;
my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
@ -124,24 +152,25 @@ my $tlib="-lnsl -lsocket";
my $bits1="THIRTY_TWO_BIT ";
my $bits2="SIXTY_FOUR_BIT ";
my $x86_asm="x86cpuid.o:bn-586.o co-586.o x86-mont.o x86-gf2m.o:des-586.o crypt586.o:aes-586.o vpaes-x86.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o:cmll-x86.o:ghash-x86.o:";
my $x86_asm="x86cpuid.o:bn-586.o co-586.o x86-mont.o x86-gf2m.o::des-586.o crypt586.o:aes-586.o vpaes-x86.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o:cmll-x86.o:ghash-x86.o:";
my $x86_elf_asm="$x86_asm:elf";
my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o modexp512-x86_64.o::aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o rc4-md5-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:ghash-x86_64.o:";
my $ia64_asm="ia64cpuid.o:bn-ia64.o ia64-mont.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o:::::ghash-ia64.o::void";
my $sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o:des_enc-sparc.o fcrypt_b.o:aes_core.o aes_cbc.o aes-sparcv9.o:::sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o:::::::ghash-sparcv9.o::void";
my $sparcv8_asm=":sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::::::void";
my $alpha_asm="alphacpuid.o:bn_asm.o alpha-mont.o:::::sha1-alpha.o:::::::ghash-alpha.o::void";
my $mips32_asm=":bn-mips.o::aes_cbc.o aes-mips.o:::sha1-mips.o sha256-mips.o::::::::";
my $mips64_asm=":bn-mips.o mips-mont.o::aes_cbc.o aes-mips.o:::sha1-mips.o sha256-mips.o sha512-mips.o::::::::";
my $s390x_asm="s390xcap.o s390xcpuid.o:bn-s390x.o s390x-mont.o s390x-gf2m.o::aes-s390x.o aes-ctr.o aes-xts.o:::sha1-s390x.o sha256-s390x.o sha512-s390x.o::rc4-s390x.o:::::ghash-s390x.o:";
my $armv4_asm="armcap.o armv4cpuid.o:bn_asm.o armv4-mont.o armv4-gf2m.o::aes_cbc.o aes-armv4.o:::sha1-armv4-large.o sha256-armv4.o sha512-armv4.o:::::::ghash-armv4.o::void";
my $parisc11_asm="pariscid.o:bn_asm.o parisc-mont.o::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o::32";
my $parisc20_asm="pariscid.o:pa-risc2W.o parisc-mont.o::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o::64";
my $ppc32_asm="ppccpuid.o ppccap.o:bn-ppc.o ppc-mont.o ppc64-mont.o::aes_core.o aes_cbc.o aes-ppc.o:::sha1-ppc.o sha256-ppc.o::::::::";
my $ppc64_asm="ppccpuid.o ppccap.o:bn-ppc.o ppc-mont.o ppc64-mont.o::aes_core.o aes_cbc.o aes-ppc.o:::sha1-ppc.o sha256-ppc.o sha512-ppc.o::::::::";
my $no_asm=":::::::::::::::void";
my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o:ecp_nistz256.o ecp_nistz256-x86_64.o::aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o::rc4-x86_64.o rc4-md5-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:ghash-x86_64.o aesni-gcm-x86_64.o:";
my $ia64_asm="ia64cpuid.o:bn-ia64.o ia64-mont.o:::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o:::::ghash-ia64.o::void";
my $sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o::des_enc-sparc.o fcrypt_b.o dest4-sparcv9.o:aes_core.o aes_cbc.o aes-sparcv9.o aest4-sparcv9.o::md5-sparcv9.o:sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o::::::camellia.o cmll_misc.o cmll_cbc.o cmllt4-sparcv9.o:ghash-sparcv9.o::void";
my $sparcv8_asm=":sparcv8.o::des_enc-sparc.o fcrypt_b.o:::::::::::::void";
my $alpha_asm="alphacpuid.o:bn_asm.o alpha-mont.o::::::sha1-alpha.o:::::::ghash-alpha.o::void";
my $mips64_asm=":bn-mips.o mips-mont.o:::aes_cbc.o aes-mips.o:::sha1-mips.o sha256-mips.o sha512-mips.o::::::::";
my $mips32_asm=$mips64_asm; $mips32_asm =~ s/\s*sha512\-mips\.o//;
my $s390x_asm="s390xcap.o s390xcpuid.o:bn-s390x.o s390x-mont.o s390x-gf2m.o:::aes-s390x.o aes-ctr.o aes-xts.o:::sha1-s390x.o sha256-s390x.o sha512-s390x.o::rc4-s390x.o:::::ghash-s390x.o:";
my $armv4_asm="armcap.o armv4cpuid.o:bn_asm.o armv4-mont.o armv4-gf2m.o:::aes_cbc.o aes-armv4.o bsaes-armv7.o aesv8-armx.o:::sha1-armv4-large.o sha256-armv4.o sha512-armv4.o:::::::ghash-armv4.o ghashv8-armx.o::void";
my $aarch64_asm="armcap.o arm64cpuid.o mem_clr.o::::aes_core.o aes_cbc.o aesv8-armx.o:::sha1-armv8.o sha256-armv8.o sha512-armv8.o:::::::ghashv8-armx.o:";
my $parisc11_asm="pariscid.o:bn_asm.o parisc-mont.o:::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o::32";
my $parisc20_asm="pariscid.o:pa-risc2W.o parisc-mont.o:::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o::64";
my $ppc64_asm="ppccpuid.o ppccap.o:bn-ppc.o ppc-mont.o ppc64-mont.o:::aes_core.o aes_cbc.o aes-ppc.o vpaes-ppc.o aesp8-ppc.o:::sha1-ppc.o sha256-ppc.o sha512-ppc.o sha256p8-ppc.o sha512p8-ppc.o:::::::ghashp8-ppc.o:";
my $ppc32_asm=$ppc64_asm;
my $no_asm="::::::::::::::::void";
# As for $BSDthreads. Idea is to maintain "collective" set of flags,
# which would cover all BSD flavors. -pthread applies to them all,
@ -152,7 +181,7 @@ my $no_asm=":::::::::::::::void";
# seems to be sufficient?
my $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT";
#config-string $cc : $cflags : $unistd : $thread_cflag : $sys_id : $lflags : $bn_ops : $cpuid_obj : $bn_obj : $des_obj : $aes_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $wp_obj : $cmll_obj : $modes_obj : $engines_obj : $dso_scheme : $shared_target : $shared_cflag : $shared_ldflag : $shared_extension : $ranlib : $arflags : $multilib
#config-string $cc : $cflags : $unistd : $thread_cflag : $sys_id : $lflags : $bn_ops : $cpuid_obj : $bn_obj : $ec_obj : $des_obj : $aes_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $wp_obj : $cmll_obj : $modes_obj : $engines_obj : $dso_scheme : $shared_target : $shared_cflag : $shared_ldflag : $shared_extension : $ranlib : $arflags : $multilib
my %table=(
# File 'TABLE' (created by 'make TABLE') contains the data from this list,
@ -174,14 +203,14 @@ my %table=(
"debug-ben-debug-64", "gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-ben-macos", "cc:$gcc_devteam_warn -arch i386 -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -DL_ENDIAN -g3 -pipe::(unknown)::-Wl,-search_paths_first::::",
"debug-ben-macos-gcc46", "gcc-mp-4.6:$gcc_devteam_warn -Wconversion -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -DL_ENDIAN -g3 -pipe::(unknown)::::::",
"debug-ben-darwin64","cc:$gcc_devteam_warn -Wno-language-extension-token -Wno-extended-offsetof -arch x86_64 -O3 -DL_ENDIAN -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$x86_64_asm;$asm=~s/rc4\-[^:]+//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
"debug-ben-darwin64","cc:$gcc_devteam_warn -g -Wno-language-extension-token -Wno-extended-offsetof -arch x86_64 -O3 -DL_ENDIAN -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$x86_64_asm;$asm=~s/rc4\-[^:]+//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
"debug-ben-debug-64-clang", "clang:$gcc_devteam_warn -Wno-error=overlength-strings -Wno-error=extended-offsetof -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-ben-no-opt", "gcc: -Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG -Werror -DL_ENDIAN -DTERMIOS -Wall -g3::(unknown)::::::",
"debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::",
"debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
"debug-bodo", "gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
"debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations:::CYGWIN32:::${no_asm}:win32:cygwin-shared:::.dll",
"debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-steve32", "gcc:$gcc_devteam_warn -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -g -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-steve32", "gcc:$gcc_devteam_warn -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-steve-opt", "gcc:$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@ -193,9 +222,9 @@ my %table=(
"debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-linux-ia32-aes", "gcc:-DAES_EXPERIMENTAL -DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:x86cpuid.o:bn-586.o co-586.o x86-mont.o:des-586.o crypt586.o:aes_x86core.o aes_cbc.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o::ghash-x86.o::elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-linux-ia32-aes", "gcc:-DAES_EXPERIMENTAL -DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:x86cpuid.o:bn-586.o co-586.o x86-mont.o::des-586.o crypt586.o:aes_x86core.o aes_cbc.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o::ghash-x86.o::elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-linux-generic32","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-linux-generic64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-linux-generic64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-linux-x86_64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
"dist", "cc:-O::(unknown)::::::",
@ -225,7 +254,7 @@ my %table=(
"solaris64-x86_64-gcc","gcc:-m64 -O3 -Wall -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-fPIC:-m64 -shared -static-libgcc:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64",
#### Solaris x86 with Sun C setups
"solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"solaris-x86-cc","cc:-fast -xarch=generic -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"solaris64-x86_64-cc","cc:-fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-KPIC:-xarch=amd64 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64",
#### SPARC Solaris with GNU C setups
@ -300,7 +329,7 @@ my %table=(
"hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"hpux-parisc1_1-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${parisc11_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa1.1",
"hpux-parisc2-gcc","gcc:-march=2.0 -O3 -DB_ENDIAN -D_REENTRANT::::-Wl,+s -ldld:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL DES_RISC1:".eval{my $asm=$parisc20_asm;$asm=~s/2W\./2\./;$asm=~s/:64/:32/;$asm}.":dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_32",
"hpux64-parisc2-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::pa-risc2W.o::::::::::::::void:dlfcn:hpux-shared:-fpic:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_64",
"hpux64-parisc2-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::pa-risc2W.o:::::::::::::::void:dlfcn:hpux-shared:-fpic:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_64",
# More attempts at unified 10.X and 11.X targets for HP C compiler.
#
@ -347,20 +376,58 @@ my %table=(
# throw in -D[BL]_ENDIAN, whichever appropriate...
"linux-generic32","gcc:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-ppc", "gcc:-DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# It's believed that majority of ARM toolchains predefine appropriate -march.
# If you compiler does not, do complement config command line with one!
"linux-armv4", "gcc:-O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#######################################################################
# Note that -march is not among compiler options in below linux-armv4
# target line. Not specifying one is intentional to give you choice to:
#
# a) rely on your compiler default by not specifying one;
# b) specify your target platform explicitly for optimal performance,
# e.g. -march=armv6 or -march=armv7-a;
# c) build "universal" binary that targets *range* of platforms by
# specifying minimum and maximum supported architecture;
#
# As for c) option. It actually makes no sense to specify maximum to be
# less than ARMv7, because it's the least requirement for run-time
# switch between platform-specific code paths. And without run-time
# switch performance would be equivalent to one for minimum. Secondly,
# there are some natural limitations that you'd have to accept and
# respect. Most notably you can *not* build "universal" binary for
# big-endian platform. This is because ARMv7 processor always picks
# instructions in little-endian order. Another similar limitation is
# that -mthumb can't "cross" -march=armv6t2 boundary, because that's
# where it became Thumb-2. Well, this limitation is a bit artificial,
# because it's not really impossible, but it's deemed too tricky to
# support. And of course you have to be sure that your binutils are
# actually up to the task of handling maximum target platform. With all
# this in mind here is an example of how to configure "universal" build:
#
# ./Configure linux-armv4 -march=armv6 -D__ARM_MAX_ARCH__=8
#
"linux-armv4", "gcc: -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-aarch64","gcc: -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# Configure script adds minimally required -march for assembly support,
# if no -march was specified at command line. mips32 and mips64 below
# refer to contemporary MIPS Architecture specifications, MIPS32 and
# MIPS64, rather than to kernel bitness.
"linux-mips32", "gcc:-mabi=32 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-mips64", "gcc:-mabi=n32 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:n32:dlfcn:linux-shared:-fPIC:-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32",
"linux64-mips64", "gcc:-mabi=64 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:64:dlfcn:linux-shared:-fPIC:-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
#### IA-32 targets...
"linux-ia32-icc", "icc:-DL_ENDIAN -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-ia32-icc", "icc:-DL_ENDIAN -O2::-D_REENTRANT::-ldl -no_cpprt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-elf", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-aout", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out",
####
"linux-generic64","gcc:-O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-ppc64", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
"linux-ia64", "gcc:-DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-ia64-ecc","ecc:-DL_ENDIAN -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-ia64-icc","icc:-DL_ENDIAN -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-ppc64le","gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:$ppc64_asm:linux64le:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::",
"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-ia64-icc","icc:-DL_ENDIAN -O2 -Wall::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-x86_64", "gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
"linux-x86_64-clang", "clang: -m64 -DL_ENDIAN -O3 -Wall -Wextra $clang_disabled_warnings -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
"debug-linux-x86_64-clang", "clang: -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall -Wextra $clang_disabled_warnings -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
"linux-x86_64-icc", "icc:-DL_ENDIAN -O2::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
"linux-x32", "gcc:-mx32 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32",
"linux64-s390x", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
#### So called "highgprs" target for z/Architecture CPUs
# "Highgprs" is kernel feature first implemented in Linux 2.6.32, see
@ -407,6 +474,7 @@ my %table=(
"android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"android-armv7","gcc:-march=armv7-a -mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"android-mips","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#### *BSD [do see comment about ${BSDthreads} above!]
"BSD-generic32","gcc:-O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@ -421,7 +489,7 @@ my %table=(
# triggered by RIPEMD160 code.
"BSD-sparc64", "gcc:-DB_ENDIAN -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:${sparcv9_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"BSD-ia64", "gcc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"BSD-x86_64", "gcc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"BSD-x86_64", "cc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"bsdi-elf-gcc", "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@ -454,11 +522,11 @@ my %table=(
# UnixWare 2.0x fails destest with -O.
"unixware-2.0","cc:-DFILIO_H -DNO_STRINGS_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
"unixware-2.1","cc:-O -DFILIO_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
"unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -march=pentium -Wall::-D_REENTRANT::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}-1:dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -march=pentium -Wall::-D_REENTRANT::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}-1:dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# SCO 5 - Ben Laurie <ben@algroup.co.uk> says the -O breaks the SCO cc.
"sco5-cc", "cc:-belf::(unknown)::-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"sco5-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown)::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"sco5-cc", "cc:-belf::(unknown)::-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}-1:dlfcn:svr3-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"sco5-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown)::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}-1:dlfcn:svr3-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#### IBM's AIX.
"aix3-cc", "cc:-O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::BN_LLONG RC4_CHAR:::",
@ -518,9 +586,9 @@ my %table=(
# Visual C targets
#
# Win64 targets, WIN64I denotes IA-64 and WIN64A - AMD64
"VC-WIN64I","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o ia64-mont.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ghash-ia64.o::ias:win32",
"VC-WIN64I","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o ia64-mont.o:::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ghash-ia64.o::ias:win32",
"VC-WIN64A","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:".eval{my $asm=$x86_64_asm;$asm=~s/x86_64-gcc\.o/bn_asm.o/;$asm}.":auto:win32",
"debug-VC-WIN64I","cl:-W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ghash-ia64.o::ias:win32",
"debug-VC-WIN64I","cl:-W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o:::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ghash-ia64.o::ias:win32",
"debug-VC-WIN64A","cl:-W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:".eval{my $asm=$x86_64_asm;$asm=~s/x86_64-gcc\.o/bn_asm.o/;$asm}.":auto:win32",
# x86 Win32 target defaults to ANSI API, if you want UNICODE, complement
# 'perl Configure VC-WIN32' with '-DUNICODE -D_UNICODE'
@ -547,9 +615,8 @@ my %table=(
"UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32",
# Cygwin
"Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32",
"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:coff:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a",
"debug-Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror:::CYGWIN32:::${no_asm}:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a",
"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:coff:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a",
"Cygwin-x86_64", "gcc:-DTERMIOS -DL_ENDIAN -O3 -Wall:::CYGWIN::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:mingw64:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a",
# NetWare from David Ward (dsward@novell.com)
# requires either MetroWerks NLM development tools, or gcc / nlmconv
@ -581,7 +648,8 @@ my %table=(
"darwin64-ppc-cc","cc:-arch ppc64 -O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc64_asm}:osx64:dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
"darwin-i386-cc","cc:-arch i386 -O3 -fomit-frame-pointer -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR:".eval{my $asm=$x86_asm;$asm=~s/cast\-586\.o//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
"debug-darwin-i386-cc","cc:-arch i386 -g3 -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR:${x86_asm}:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
"darwin64-x86_64-cc","cc:-arch x86_64 -O3 -DL_ENDIAN -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$x86_64_asm;$asm=~s/rc4\-[^:]+//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
"darwin64-x86_64-cc","cc:-arch x86_64 -O3 -DL_ENDIAN -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$x86_64_asm;$asm=~s/rc4\-[^:]+//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
"debug-darwin64-x86_64-cc","cc:-arch x86_64 -ggdb -g2 -O0 -DL_ENDIAN -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$x86_64_asm;$asm=~s/rc4\-[^:]+//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
"debug-darwin-ppc-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DB_ENDIAN -g -Wall -O::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc32_asm}:osx32:dlfcn:darwin-shared:-fPIC:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
# iPhoneOS/iOS
"iphoneos-cross","llvm-gcc:-O3 -isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fomit-frame-pointer -fno-common::-D_REENTRANT:iOS:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
@ -634,6 +702,7 @@ my $idx_lflags = $idx++;
my $idx_bn_ops = $idx++;
my $idx_cpuid_obj = $idx++;
my $idx_bn_obj = $idx++;
my $idx_ec_obj = $idx++;
my $idx_des_obj = $idx++;
my $idx_aes_obj = $idx++;
my $idx_bf_obj = $idx++;
@ -714,13 +783,17 @@ my %disabled = ( # "what" => "comment" [or special keyword "experimental
"ec_nistp_64_gcc_128" => "default",
"gmp" => "default",
"jpake" => "experimental",
"libunbound" => "experimental",
"md2" => "default",
"rc5" => "default",
"rfc3779" => "default",
"sctp" => "default",
"sctp" => "default",
"shared" => "default",
"ssl-trace" => "default",
"ssl2" => "default",
"store" => "experimental",
"unit-test" => "default",
"weak-ssl-ciphers" => "default",
"zlib" => "default",
"zlib-dynamic" => "default"
);
@ -728,7 +801,7 @@ my @experimental = ();
# This is what $depflags will look like with the above defaults
# (we need this to see if we should advise the user to run "make depend"):
my $default_depflags = " -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST";
my $default_depflags = " -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_LIBUNBOUND -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS";
# Explicit "no-..." options will be collected in %disabled along with the defaults.
# To remove something from %disabled, use "enable-foo" (unless it's experimental).
@ -873,16 +946,7 @@ PROCESS_ARGS:
}
elsif (/^[-+]/)
{
if (/^-[lL](.*)$/ or /^-Wl,/)
{
$libs.=$_." ";
}
elsif (/^-[^-]/ or /^\+/)
{
$_ =~ s/%([0-9a-f]{1,2})/chr(hex($1))/gei;
$flags.=$_." ";
}
elsif (/^--prefix=(.*)$/)
if (/^--prefix=(.*)$/)
{
$prefix=$1;
}
@ -926,10 +990,14 @@ PROCESS_ARGS:
{
$cross_compile_prefix=$1;
}
else
elsif (/^-[lL](.*)$/ or /^-Wl,/)
{
print STDERR $usage;
exit(1);
$libs.=$_." ";
}
else # common if (/^[-+]/), just pass down...
{
$_ =~ s/%([0-9a-f]{1,2})/chr(hex($1))/gei;
$flags.=$_." ";
}
}
elsif ($_ =~ /^([^:]+):(.+)$/)
@ -1016,11 +1084,6 @@ if (defined($disabled{"md5"}) || defined($disabled{"sha"})
$disabled{"tls1"} = "forced";
}
if (defined($disabled{"tls1"}))
{
$disabled{"tlsext"} = "forced";
}
if (defined($disabled{"ec"}) || defined($disabled{"dsa"})
|| defined($disabled{"dh"}))
{
@ -1156,6 +1219,7 @@ my $cc = $fields[$idx_cc];
if($ENV{CC}) {
$cc = $ENV{CC};
}
my $cflags = $fields[$idx_cflags];
my $unistd = $fields[$idx_unistd];
my $thread_cflag = $fields[$idx_thread_cflag];
@ -1164,6 +1228,7 @@ my $lflags = $fields[$idx_lflags];
my $bn_ops = $fields[$idx_bn_ops];
my $cpuid_obj = $fields[$idx_cpuid_obj];
my $bn_obj = $fields[$idx_bn_obj];
my $ec_obj = $fields[$idx_ec_obj];
my $des_obj = $fields[$idx_des_obj];
my $aes_obj = $fields[$idx_aes_obj];
my $bf_obj = $fields[$idx_bf_obj];
@ -1186,6 +1251,7 @@ my $shared_extension = $fields[$idx_shared_extension];
my $ranlib = $ENV{'RANLIB'} || $fields[$idx_ranlib];
my $ar = $ENV{'AR'} || "ar";
my $arflags = $fields[$idx_arflags];
my $windres = $ENV{'RC'} || $ENV{'WINDRES'} || "windres";
my $multilib = $fields[$idx_multilib];
# if $prefix/lib$multilib is not an existing directory, then
@ -1209,6 +1275,12 @@ if ($target =~ /^mingw/ && `$cc --target-help 2>&1` !~ m/\-mno\-cygwin/m)
$shared_ldflag =~ s/\-mno\-cygwin\s*//;
}
if ($target =~ /linux.*\-mips/ && !$no_asm && $flags !~ /\-m(ips|arch=)/) {
# minimally required architecture flags for assembly modules
$cflags="-mips2 $cflags" if ($target =~ /mips32/);
$cflags="-mips3 $cflags" if ($target =~ /mips64/);
}
my $no_shared_warn=0;
my $no_user_cflags=0;
@ -1335,7 +1407,7 @@ $lflags="$libs$lflags" if ($libs ne "");
if ($no_asm)
{
$cpuid_obj=$bn_obj=
$cpuid_obj=$bn_obj=$ec_obj=
$des_obj=$aes_obj=$bf_obj=$cast_obj=$rc4_obj=$rc5_obj=$cmll_obj=
$modes_obj=$sha1_obj=$md5_obj=$rmd160_obj=$wp_obj=$engines_obj="";
}
@ -1416,6 +1488,7 @@ if ($target =~ /\-icc$/) # Intel C compiler
}
if ($iccver>=8)
{
$cflags=~s/\-KPIC/-fPIC/;
# Eliminate unnecessary dependency from libirc.a. This is
# essential for shared library support, as otherwise
# apps/openssl can end up in endless loop upon startup...
@ -1423,12 +1496,17 @@ if ($target =~ /\-icc$/) # Intel C compiler
}
if ($iccver>=9)
{
$cflags.=" -i-static";
$cflags=~s/\-no_cpprt/-no-cpprt/;
$lflags.=" -i-static";
$lflags=~s/\-no_cpprt/-no-cpprt/;
}
if ($iccver>=10)
{
$cflags=~s/\-i\-static/-static-intel/;
$lflags=~s/\-i\-static/-static-intel/;
}
if ($iccver>=11)
{
$cflags.=" -no-intel-extensions"; # disable Cilk
$lflags=~s/\-no\-cpprt/-no-cxxlib/;
}
}
@ -1442,7 +1520,7 @@ if ($target =~ /\-icc$/) # Intel C compiler
# linker only when --prefix is not /usr.
if ($target =~ /^BSD\-/)
{
$shared_ldflag.=" -Wl,-rpath,\$(LIBRPATH)" if ($prefix !~ m|^/usr[/]*$|);
$shared_ldflag.=" -Wl,-rpath,\$\$(LIBRPATH)" if ($prefix !~ m|^/usr[/]*$|);
}
if ($sys_id ne "")
@ -1482,8 +1560,15 @@ $cpuid_obj="mem_clr.o" unless ($cpuid_obj =~ /\.o$/);
$des_obj=$des_enc unless ($des_obj =~ /\.o$/);
$bf_obj=$bf_enc unless ($bf_obj =~ /\.o$/);
$cast_obj=$cast_enc unless ($cast_obj =~ /\.o$/);
$rc4_obj=$rc4_enc unless ($rc4_obj =~ /\.o$/);
$rc5_obj=$rc5_enc unless ($rc5_obj =~ /\.o$/);
if ($rc4_obj =~ /\.o$/)
{
$cflags.=" -DRC4_ASM";
}
else
{
$rc4_obj=$rc4_enc;
}
if ($sha1_obj =~ /\.o$/)
{
# $sha1_obj=$sha1_enc;
@ -1509,7 +1594,7 @@ if ($rmd160_obj =~ /\.o$/)
}
if ($aes_obj =~ /\.o$/)
{
$cflags.=" -DAES_ASM";
$cflags.=" -DAES_ASM" if ($aes_obj =~ m/\baes\-/);;
# aes-ctr.o is not a real file, only indication that assembler
# module implements AES_ctr32_encrypt...
$cflags.=" -DAES_CTR_ASM" if ($aes_obj =~ s/\s*aes\-ctr\.o//);
@ -1531,10 +1616,14 @@ else {
$wp_obj="wp_block.o";
}
$cmll_obj=$cmll_enc unless ($cmll_obj =~ /.o$/);
if ($modes_obj =~ /ghash/)
if ($modes_obj =~ /ghash\-/)
{
$cflags.=" -DGHASH_ASM";
}
if ($ec_obj =~ /ecp_nistz256/)
{
$cflags.=" -DECP_NISTZ256_ASM";
}
# "Stringify" the C flags string. This permits it to be made part of a string
# and works as well on command lines.
@ -1572,13 +1661,23 @@ if ($shlib_version_number =~ /(^[0-9]*)\.([0-9\.]*)/)
$shlib_minor=$2;
}
my $ecc = $cc;
$ecc = "clang" if `$cc --version 2>&1` =~ /clang/;
if ($strict_warnings)
{
my $wopt;
die "ERROR --strict-warnings requires gcc" unless ($cc =~ /gcc$/);
die "ERROR --strict-warnings requires gcc or clang" unless ($ecc =~ /gcc$/ or $ecc =~ /clang$/);
foreach $wopt (split /\s+/, $gcc_devteam_warn)
{
$cflags .= " $wopt" unless ($cflags =~ /$wopt/)
$cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/)
}
if ($ecc eq "clang")
{
foreach $wopt (split /\s+/, $clang_devteam_warn)
{
$cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/)
}
}
}
@ -1623,13 +1722,16 @@ while (<IN>)
s/^AR=\s*/AR= \$\(CROSS_COMPILE\)/;
s/^NM=\s*/NM= \$\(CROSS_COMPILE\)/;
s/^RANLIB=\s*/RANLIB= \$\(CROSS_COMPILE\)/;
s/^RC=\s*/RC= \$\(CROSS_COMPILE\)/;
s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $cc eq "gcc";
}
else {
s/^CC=.*$/CC= $cc/;
s/^AR=\s*ar/AR= $ar/;
s/^RANLIB=.*/RANLIB= $ranlib/;
s/^RC=.*/RC= $windres/;
s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc";
s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $ecc eq "gcc" || $ecc eq "clang";
}
s/^CFLAG=.*$/CFLAG= $cflags/;
s/^DEPFLAG=.*$/DEPFLAG=$depflags/;
@ -1638,6 +1740,7 @@ while (<IN>)
s/^EXE_EXT=.*$/EXE_EXT= $exe_ext/;
s/^CPUID_OBJ=.*$/CPUID_OBJ= $cpuid_obj/;
s/^BN_ASM=.*$/BN_ASM= $bn_obj/;
s/^EC_ASM=.*$/EC_ASM= $ec_obj/;
s/^DES_ENC=.*$/DES_ENC= $des_obj/;
s/^AES_ENC=.*$/AES_ENC= $aes_obj/;
s/^BF_ENC=.*$/BF_ENC= $bf_obj/;
@ -1691,14 +1794,23 @@ while (<IN>)
}
close(IN);
close(OUT);
rename($Makefile,"$Makefile.bak") || die "unable to rename $Makefile\n" if -e $Makefile;
rename("$Makefile.new",$Makefile) || die "unable to rename $Makefile.new\n";
if ((compare($Makefile, "$Makefile.new"))
or file_newer('Configure', $Makefile)
or file_newer('config', $Makefile)
or file_newer('Makefile.org', $Makefile))
{
rename($Makefile,"$Makefile.bak") || die "unable to rename $Makefile\n" if -e $Makefile;
rename("$Makefile.new",$Makefile) || die "unable to rename $Makefile.new\n";
}
else
{ unlink("$Makefile.new"); }
print "CC =$cc\n";
print "CFLAG =$cflags\n";
print "EX_LIBS =$lflags\n";
print "CPUID_OBJ =$cpuid_obj\n";
print "BN_ASM =$bn_obj\n";
print "EC_ASM =$ec_obj\n";
print "DES_ENC =$des_obj\n";
print "AES_ENC =$aes_obj\n";
print "BF_ENC =$bf_obj\n";
@ -1883,9 +1995,13 @@ print OUT "#ifdef __cplusplus\n";
print OUT "}\n";
print OUT "#endif\n";
close(OUT);
rename("crypto/opensslconf.h","crypto/opensslconf.h.bak") || die "unable to rename crypto/opensslconf.h\n" if -e "crypto/opensslconf.h";
rename("crypto/opensslconf.h.new","crypto/opensslconf.h") || die "unable to rename crypto/opensslconf.h.new\n";
if (compare("crypto/opensslconf.h.new","crypto/opensslconf.h"))
{
rename("crypto/opensslconf.h","crypto/opensslconf.h.bak") || die "unable to rename crypto/opensslconf.h\n" if -e "crypto/opensslconf.h";
rename("crypto/opensslconf.h.new","crypto/opensslconf.h") || die "unable to rename crypto/opensslconf.h.new\n";
}
else
{ unlink("crypto/opensslconf.h.new"); }
# Fix the date
@ -1940,14 +2056,8 @@ EOF
&dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
}
if ($depflags ne $default_depflags && !$make_depend) {
print <<EOF;
Since you've disabled or enabled at least one algorithm, you need to do
the following before building:
make depend
EOF
}
$warn_make_depend++;
}
}
# create the ms/version32.rc file if needed
@ -1997,7 +2107,7 @@ BEGIN
VALUE "ProductVersion", "$version\\0"
// Optional:
//VALUE "Comments", "\\0"
VALUE "LegalCopyright", "Copyright © 1998-2005 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.\\0"
VALUE "LegalCopyright", "Copyright © 1998-2005 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.\\0"
//VALUE "LegalTrademarks", "\\0"
//VALUE "PrivateBuild", "\\0"
//VALUE "SpecialBuild", "\\0"
@ -2026,12 +2136,18 @@ EOF
print <<\EOF if ($no_shared_warn);
You gave the option 'shared'. Normally, that would give you shared libraries.
Unfortunately, the OpenSSL configuration doesn't include shared library support
for this platform yet, so it will pretend you gave the option 'no-shared'. If
you can inform the developpers (openssl-dev\@openssl.org) how to support shared
libraries on this platform, they will at least look at it and try their best
(but please first make sure you have tried with a current version of OpenSSL).
You gave the option 'shared', which is not supported on this platform, so
we will pretend you gave the option 'no-shared'. If you know how to implement
shared libraries, please let us know (but please first make sure you have
tried with a current version of OpenSSL).
EOF
print <<EOF if ($warn_make_depend);
*** Because of configuration changes, you MUST do the following before
*** building:
make depend
EOF
exit(0);
@ -2106,12 +2222,12 @@ sub print_table_entry
{
my $target = shift;
(my $cc,my $cflags,my $unistd,my $thread_cflag,my $sys_id,my $lflags,
my $bn_ops,my $cpuid_obj,my $bn_obj,my $des_obj,my $aes_obj, my $bf_obj,
my $md5_obj,my $sha1_obj,my $cast_obj,my $rc4_obj,my $rmd160_obj,
my $rc5_obj,my $wp_obj,my $cmll_obj,my $modes_obj, my $engines_obj,
my $perlasm_scheme,my $dso_scheme,my $shared_target,my $shared_cflag,
my $shared_ldflag,my $shared_extension,my $ranlib,my $arflags,my $multilib)=
my ($cc, $cflags, $unistd, $thread_cflag, $sys_id, $lflags,
$bn_ops, $cpuid_obj, $bn_obj, $ec_obj, $des_obj, $aes_obj, $bf_obj,
$md5_obj, $sha1_obj, $cast_obj, $rc4_obj, $rmd160_obj,
$rc5_obj, $wp_obj, $cmll_obj, $modes_obj, $engines_obj,
$perlasm_scheme, $dso_scheme, $shared_target, $shared_cflag,
$shared_ldflag, $shared_extension, $ranlib, $arflags, $multilib)=
split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
print <<EOF
@ -2126,6 +2242,7 @@ sub print_table_entry
\$bn_ops = $bn_ops
\$cpuid_obj = $cpuid_obj
\$bn_obj = $bn_obj
\$ec_obj = $ec_obj
\$des_obj = $des_obj
\$aes_obj = $aes_obj
\$bf_obj = $bf_obj
@ -2186,3 +2303,9 @@ sub test_sanity
print STDERR "No sanity errors detected!\n" if $errorcnt == 0;
return $errorcnt;
}
sub file_newer
{
my ($file1, $file2) = @_;
return (stat($file1))[9] > (stat($file2))[9]
}

1041
crypto/external/bsd/openssl/dist/FAQ vendored
View File

File diff suppressed because it is too large Load Diff

8
crypto/external/bsd/openssl/dist/GitConfigure vendored Executable file
View File

@ -0,0 +1,8 @@
#!/bin/sh
BRANCH=`git rev-parse --abbrev-ref HEAD`
./Configure $@ no-symlinks
make files
util/mk1mf.pl OUT=out.$BRANCH TMP=tmp.$BRANCH INC=inc.$BRANCH copy > makefile.$BRANCH
make -f makefile.$BRANCH init

5
crypto/external/bsd/openssl/dist/GitMake vendored Executable file
View File

@ -0,0 +1,5 @@
#!/bin/sh
BRANCH=`git rev-parse --abbrev-ref HEAD`
make -f makefile.$BRANCH $@

65
crypto/external/bsd/openssl/dist/INSTALL vendored
View File

@ -74,24 +74,26 @@
no-asm Do not use assembler code.
386 Use the 80386 instruction set only (the default x86 code is
more efficient, but requires at least a 486). Note: Use
compiler flags for any other CPU specific configuration,
e.g. "-m32" to build x86 code on an x64 system.
386 In 32-bit x86 builds, when generating assembly modules,
use the 80386 instruction set only (the default x86 code
is more efficient, but requires at least a 486). Note:
This doesn't affect code generated by compiler, you're
likely to complement configuration command line with
suitable compiler-specific option.
no-sse2 Exclude SSE2 code pathes. Normally SSE2 extention is
detected at run-time, but the decision whether or not the
machine code will be executed is taken solely on CPU
capability vector. This means that if you happen to run OS
kernel which does not support SSE2 extension on Intel P4
processor, then your application might be exposed to
"illegal instruction" exception. There might be a way
to enable support in kernel, e.g. FreeBSD kernel can be
compiled with CPU_ENABLE_SSE, and there is a way to
disengage SSE2 code pathes upon application start-up,
but if you aim for wider "audience" running such kernel,
consider no-sse2. Both 386 and no-asm options above imply
no-sse2.
no-sse2 Exclude SSE2 code paths from 32-bit x86 assembly modules.
Normally SSE2 extension is detected at run-time, but the
decision whether or not the machine code will be executed
is taken solely on CPU capability vector. This means that
if you happen to run OS kernel which does not support SSE2
extension on Intel P4 processor, then your application
might be exposed to "illegal instruction" exception.
There might be a way to enable support in kernel, e.g.
FreeBSD kernel can be compiled with CPU_ENABLE_SSE, and
there is a way to disengage SSE2 code paths upon application
start-up, but if you aim for wider "audience" running
such kernel, consider no-sse2. Both the 386 and
no-asm options imply no-sse2.
no-<cipher> Build without the specified cipher (bf, cast, des, dh, dsa,
hmac, md2, md5, mdc2, rc2, rc4, rc5, rsa, sha).
@ -101,7 +103,12 @@
-Dxxx, -lxxx, -Lxxx, -fxxx, -mXXX, -Kxxx These system specific options will
be passed through to the compiler to allow you to
define preprocessor symbols, specify additional libraries,
library directories or other compiler options.
library directories or other compiler options. It might be
worth noting that some compilers generate code specifically
for processor the compiler currently executes on. This is
not necessarily what you might have in mind, since it might
be unsuitable for execution on other, typically older,
processor. Consult your compiler documentation.
-DHAVE_CRYPTODEV Enable the BSD cryptodev engine even if we are not using
BSD. Useful if you are running ocf-linux or something
@ -159,18 +166,18 @@
OpenSSL binary ("openssl"). The libraries will be built in the top-level
directory, and the binary will be in the "apps" directory.
If "make" fails, look at the output. There may be reasons for
the failure that aren't problems in OpenSSL itself (like missing
standard headers). If it is a problem with OpenSSL itself, please
report the problem to <openssl-bugs@openssl.org> (note that your
message will be recorded in the request tracker publicly readable
via http://www.openssl.org/support/rt.html and will be forwarded to a
public mailing list). Include the output of "make report" in your message.
Please check out the request tracker. Maybe the bug was already
reported or has already been fixed.
If the build fails, look at the output. There may be reasons
for the failure that aren't problems in OpenSSL itself (like
missing standard headers). If you are having problems you can
get help by sending an email to the openssl-users email list (see
https://www.openssl.org/community/mailinglists.html for details). If
it is a bug with OpenSSL itself, please open an issue on GitHub, at
https://github.com/openssl/openssl/issues. Please review the existing
ones first; maybe the bug was already reported or has already been
fixed.
[If you encounter assembler error messages, try the "no-asm"
configuration option as an immediate fix.]
(If you encounter assembler error messages, try the "no-asm"
configuration option as an immediate fix.)
Compiling parts of OpenSSL with gcc and others with the system
compiler will result in unresolved symbols on some systems.

22
crypto/external/bsd/openssl/dist/INSTALL.W32 vendored
View File

@ -300,17 +300,17 @@
If you link with static OpenSSL libraries [those built with ms/nt.mak],
then you're expected to additionally link your application with
WS2_32.LIB, ADVAPI32.LIB, GDI32.LIB and USER32.LIB. Those developing
non-interactive service applications might feel concerned about linking
with the latter two, as they are justly associated with interactive
desktop, which is not available to service processes. The toolkit is
designed to detect in which context it's currently executed, GUI,
console app or service, and act accordingly, namely whether or not to
actually make GUI calls. Additionally those who wish to
/DELAYLOAD:GDI32.DLL and /DELAYLOAD:USER32.DLL and actually keep them
off service process should consider implementing and exporting from
.exe image in question own _OPENSSL_isservice not relying on USER32.DLL.
E.g., on Windows Vista and later you could:
WS2_32.LIB, GDI32.LIB, ADVAPI32.LIB, CRYPT32.LIB and USER32.LIB. Those
developing non-interactive service applications might feel concerned about
linking with GDI32.LIB and USER32.LIB, as they are justly associated with
interactive desktop, which is not available to service processes. The toolkit
is designed to detect in which context it's currently executed, GUI, console
app or service, and act accordingly, namely whether or not to actually make
GUI calls. Additionally those who wish to /DELAYLOAD:GDI32.DLL and
/DELAYLOAD:USER32.DLL and actually keep them off service process should
consider implementing and exporting from .exe image in question own
_OPENSSL_isservice not relying on USER32.DLL. E.g., on Windows Vista and
later you could:
__declspec(dllexport) __cdecl BOOL _OPENSSL_isservice(void)
{ DWORD sess;

2
crypto/external/bsd/openssl/dist/LICENSE vendored
View File

@ -12,7 +12,7 @@
---------------
/* ====================================================================
* Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved.
* Copyright (c) 1998-2016 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions

101
crypto/external/bsd/openssl/dist/Makefile vendored
View File

@ -4,16 +4,16 @@
## Makefile for OpenSSL
##
VERSION=1.0.1p
VERSION=1.0.2k
MAJOR=1
MINOR=0.1
MINOR=0.2
SHLIB_VERSION_NUMBER=1.0.0
SHLIB_VERSION_HISTORY=
SHLIB_MAJOR=1
SHLIB_MINOR=0.0
SHLIB_EXT=
PLATFORM=dist
OPTIONS= no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-md2 no-rc5 no-rfc3779 no-sctp no-shared no-store no-unit-test no-zlib no-zlib-dynamic static-engine
OPTIONS= no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-libunbound no-md2 no-rc5 no-rfc3779 no-sctp no-shared no-ssl-trace no-ssl2 no-store no-unit-test no-weak-ssl-ciphers no-zlib no-zlib-dynamic static-engine
CONFIGURE_ARGS=dist
SHLIB_TARGET=
@ -61,17 +61,18 @@ OPENSSLDIR=/usr/local/ssl
CC= cc
CFLAG= -O
DEPFLAG= -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST
DEPFLAG= -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_LIBUNBOUND -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS
PEX_LIBS=
EX_LIBS=
EXE_EXT=
ARFLAGS=
AR= ar $(ARFLAGS) r
RANLIB= /usr/bin/ranlib
RC= windres
NM= nm
PERL= /usr/pkg/bin/perl
TAR= tar
TARFLAGS= --no-recursion --record-size=10240
TARFLAGS= --no-recursion
MAKEDEPPROG=makedepend
LIBDIR=lib
@ -90,6 +91,7 @@ PROCESSOR=
# CPUID module collects small commonly used assembler snippets
CPUID_OBJ= mem_clr.o
BN_ASM= bn_asm.o
EC_ASM=
DES_ENC= des_enc.o fcrypt_b.o
AES_ENC= aes_core.o aes_cbc.o
BF_ENC= bf_enc.o
@ -181,8 +183,7 @@ SHARED_LDFLAGS=
GENERAL= Makefile
BASENAME= openssl
NAME= $(BASENAME)-$(VERSION)
TARFILE= $(NAME).tar
WTARFILE= $(NAME)-win.tar
TARFILE= ../$(NAME).tar
EXHEADER= e_os2.h
HEADER= e_os.h
@ -202,12 +203,16 @@ CLEARENV= TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS} \
$${ASFLAGS+ASFLAGS} $${AFLAGS+AFLAGS} \
$${LDCMD+LDCMD} $${LDFLAGS+LDFLAGS} $${SCRIPTS+SCRIPTS} \
$${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS} \
$${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS}
$${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS} \
$${APPS+APPS}
BUILDENV= PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)' \
# LC_ALL=C ensures that error [and other] messages are delivered in
# same language for uniform treatment.
BUILDENV= LC_ALL=C PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)'\
CC='$(CC)' CFLAG='$(CFLAG)' \
AS='$(CC)' ASFLAG='$(CFLAG) -c' \
AR='$(AR)' NM='$(NM)' RANLIB='$(RANLIB)' \
RC='$(RC)' \
CROSS_COMPILE='$(CROSS_COMPILE)' \
PERL='$(PERL)' ENGDIRS='$(ENGDIRS)' \
SDIRS='$(SDIRS)' LIBRPATH='$(INSTALLTOP)/$(LIBDIR)' \
@ -223,8 +228,8 @@ BUILDENV= PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)' \
EXE_EXT='$(EXE_EXT)' SHARED_LIBS='$(SHARED_LIBS)' \
SHLIB_EXT='$(SHLIB_EXT)' SHLIB_TARGET='$(SHLIB_TARGET)' \
PEX_LIBS='$(PEX_LIBS)' EX_LIBS='$(EX_LIBS)' \
CPUID_OBJ='$(CPUID_OBJ)' \
BN_ASM='$(BN_ASM)' DES_ENC='$(DES_ENC)' \
CPUID_OBJ='$(CPUID_OBJ)' BN_ASM='$(BN_ASM)' \
EC_ASM='$(EC_ASM)' DES_ENC='$(DES_ENC)' \
AES_ENC='$(AES_ENC)' CMLL_ENC='$(CMLL_ENC)' \
BF_ENC='$(BF_ENC)' CAST_ENC='$(CAST_ENC)' \
RC4_ENC='$(RC4_ENC)' RC5_ENC='$(RC5_ENC)' \
@ -332,7 +337,7 @@ clean-shared:
done; \
fi; \
( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
if [ "$(PLATFORM)" = "Cygwin" ]; then \
if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
fi; \
done
@ -366,6 +371,7 @@ libcrypto.pc: Makefile
echo 'exec_prefix=$${prefix}'; \
echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
echo 'includedir=$${prefix}/include'; \
echo 'enginesdir=$${libdir}/engines'; \
echo ''; \
echo 'Name: OpenSSL-libcrypto'; \
echo 'Description: OpenSSL cryptography library'; \
@ -381,11 +387,11 @@ libssl.pc: Makefile
echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
echo 'includedir=$${prefix}/include'; \
echo ''; \
echo 'Name: OpenSSL'; \
echo 'Name: OpenSSL-libssl'; \
echo 'Description: Secure Sockets Layer and cryptography libraries'; \
echo 'Version: '$(VERSION); \
echo 'Requires: '; \
echo 'Libs: -L$${libdir} -lssl -lcrypto'; \
echo 'Requires.private: libcrypto'; \
echo 'Libs: -L$${libdir} -lssl'; \
echo 'Libs.private: $(EX_LIBS)'; \
echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc
@ -398,10 +404,7 @@ openssl.pc: Makefile
echo 'Name: OpenSSL'; \
echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
echo 'Version: '$(VERSION); \
echo 'Requires: '; \
echo 'Libs: -L$${libdir} -lssl -lcrypto'; \
echo 'Libs.private: $(EX_LIBS)'; \
echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
echo 'Requires: libssl libcrypto' ) > openssl.pc
Makefile: Makefile.org Configure config
@echo "Makefile is older than Makefile.org, Configure or config."
@ -501,35 +504,35 @@ TABLE: Configure
# would occur. Therefore the list of files is temporarily stored into a file
# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
# tar does not support the --files-from option.
tar:
TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from $(TARFILE).list \
--owner 0 --group 0 \
--transform 's|^|$(NAME)/|' \
-cvf -
$(TARFILE).list:
find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \
\! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \
\( \! -name '*test' -o -name bctest -o -name pod2mantest \) \
\! -name '.#*' \! -name '*~' \! -type l \
| sort > $(TARFILE).list
tar: $(TARFILE).list
find . -type d -print | xargs chmod 755
find . -type f -print | xargs chmod a+r
find . -type f -perm -0100 -print | xargs chmod a+x
find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \
$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \
tardy --user_number=0 --user_name=openssl \
--group_number=0 --group_name=openssl \
--prefix=openssl-$(VERSION) - |\
gzip --best >../$(TARFILE).gz; \
rm -f ../$(TARFILE).list; \
ls -l ../$(TARFILE).gz
$(TAR_COMMAND) | gzip --best > $(TARFILE).gz
rm -f $(TARFILE).list
ls -l $(TARFILE).gz
tar-snap:
@$(TAR) $(TARFLAGS) -cvf - \
`find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \! -name '*test' \! -name '.#*' \! -name '*~' | sort` |\
tardy --user_number=0 --user_name=openssl \
--group_number=0 --group_name=openssl \
--prefix=openssl-$(VERSION) - > ../$(TARFILE);\
ls -l ../$(TARFILE)
tar-snap: $(TARFILE).list
$(TAR_COMMAND) > $(TARFILE)
rm -f $(TARFILE).list
ls -l $(TARFILE)
dist:
$(PERL) Configure dist
@$(MAKE) dist_pem_h
@$(MAKE) SDIRS='$(SDIRS)' clean
@$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' tar
dist_pem_h:
(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
@$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
install: all install_docs install_sw
@ -564,11 +567,7 @@ install_sw:
do \
if [ -f "$$i" -o -f "$$i.a" ]; then \
( echo installing $$i; \
if [ "$(PLATFORM)" != "Cygwin" ]; then \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
else \
if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
@ -576,6 +575,10 @@ install_sw:
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
else \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
fi ); \
if expr $(PLATFORM) : 'mingw' > /dev/null; then \
( case $$i in \
@ -608,6 +611,10 @@ install_sw:
install_html_docs:
here="`pwd`"; \
filecase=; \
case "$(PLATFORM)" in DJGPP|Cygwin*|mingw*|darwin*-*-cc) \
filecase=-i; \
esac; \
for subdir in apps crypto ssl; do \
mkdir -p $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir; \
for i in doc/$$subdir/*.pod; do \
@ -636,9 +643,9 @@ install_docs:
@pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
here="`pwd`"; \
filecase=; \
if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" -o "$(PLATFORM)" = "mingw" ]; then \
case "$(PLATFORM)" in DJGPP|Cygwin*|mingw*|darwin*-*-cc) \
filecase=-i; \
fi; \
esac; \
set -e; for i in doc/apps/*.pod; do \
fn=`basename $$i .pod`; \
sec=`$(PERL) util/extract-section.pl 1 < $$i`; \

93
crypto/external/bsd/openssl/dist/Makefile.org vendored
View File

@ -66,10 +66,11 @@ EXE_EXT=
ARFLAGS=
AR=ar $(ARFLAGS) r
RANLIB= ranlib
RC= windres
NM= nm
PERL= perl
TAR= tar
TARFLAGS= --no-recursion --record-size=10240
TARFLAGS= --no-recursion
MAKEDEPPROG=makedepend
LIBDIR=lib
@ -88,6 +89,7 @@ PROCESSOR=
# CPUID module collects small commonly used assembler snippets
CPUID_OBJ=
BN_ASM= bn_asm.o
EC_ASM=
DES_ENC= des_enc.o fcrypt_b.o
AES_ENC= aes_core.o aes_cbc.o
BF_ENC= bf_enc.o
@ -179,8 +181,7 @@ SHARED_LDFLAGS=
GENERAL= Makefile
BASENAME= openssl
NAME= $(BASENAME)-$(VERSION)
TARFILE= $(NAME).tar
WTARFILE= $(NAME)-win.tar
TARFILE= ../$(NAME).tar
EXHEADER= e_os2.h
HEADER= e_os.h
@ -200,12 +201,16 @@ CLEARENV= TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS} \
$${ASFLAGS+ASFLAGS} $${AFLAGS+AFLAGS} \
$${LDCMD+LDCMD} $${LDFLAGS+LDFLAGS} $${SCRIPTS+SCRIPTS} \
$${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS} \
$${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS}
$${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS} \
$${APPS+APPS}
BUILDENV= PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)' \
# LC_ALL=C ensures that error [and other] messages are delivered in
# same language for uniform treatment.
BUILDENV= LC_ALL=C PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)'\
CC='$(CC)' CFLAG='$(CFLAG)' \
AS='$(CC)' ASFLAG='$(CFLAG) -c' \
AR='$(AR)' NM='$(NM)' RANLIB='$(RANLIB)' \
RC='$(RC)' \
CROSS_COMPILE='$(CROSS_COMPILE)' \
PERL='$(PERL)' ENGDIRS='$(ENGDIRS)' \
SDIRS='$(SDIRS)' LIBRPATH='$(INSTALLTOP)/$(LIBDIR)' \
@ -221,8 +226,8 @@ BUILDENV= PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)' \
EXE_EXT='$(EXE_EXT)' SHARED_LIBS='$(SHARED_LIBS)' \
SHLIB_EXT='$(SHLIB_EXT)' SHLIB_TARGET='$(SHLIB_TARGET)' \
PEX_LIBS='$(PEX_LIBS)' EX_LIBS='$(EX_LIBS)' \
CPUID_OBJ='$(CPUID_OBJ)' \
BN_ASM='$(BN_ASM)' DES_ENC='$(DES_ENC)' \
CPUID_OBJ='$(CPUID_OBJ)' BN_ASM='$(BN_ASM)' \
EC_ASM='$(EC_ASM)' DES_ENC='$(DES_ENC)' \
AES_ENC='$(AES_ENC)' CMLL_ENC='$(CMLL_ENC)' \
BF_ENC='$(BF_ENC)' CAST_ENC='$(CAST_ENC)' \
RC4_ENC='$(RC4_ENC)' RC5_ENC='$(RC5_ENC)' \
@ -330,7 +335,7 @@ clean-shared:
done; \
fi; \
( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
if [ "$(PLATFORM)" = "Cygwin" ]; then \
if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
fi; \
done
@ -364,6 +369,7 @@ libcrypto.pc: Makefile
echo 'exec_prefix=$${prefix}'; \
echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
echo 'includedir=$${prefix}/include'; \
echo 'enginesdir=$${libdir}/engines'; \
echo ''; \
echo 'Name: OpenSSL-libcrypto'; \
echo 'Description: OpenSSL cryptography library'; \
@ -379,11 +385,11 @@ libssl.pc: Makefile
echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
echo 'includedir=$${prefix}/include'; \
echo ''; \
echo 'Name: OpenSSL'; \
echo 'Name: OpenSSL-libssl'; \
echo 'Description: Secure Sockets Layer and cryptography libraries'; \
echo 'Version: '$(VERSION); \
echo 'Requires: '; \
echo 'Libs: -L$${libdir} -lssl -lcrypto'; \
echo 'Requires.private: libcrypto'; \
echo 'Libs: -L$${libdir} -lssl'; \
echo 'Libs.private: $(EX_LIBS)'; \
echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc
@ -396,10 +402,7 @@ openssl.pc: Makefile
echo 'Name: OpenSSL'; \
echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
echo 'Version: '$(VERSION); \
echo 'Requires: '; \
echo 'Libs: -L$${libdir} -lssl -lcrypto'; \
echo 'Libs.private: $(EX_LIBS)'; \
echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
echo 'Requires: libssl libcrypto' ) > openssl.pc
Makefile: Makefile.org Configure config
@echo "Makefile is older than Makefile.org, Configure or config."
@ -499,35 +502,35 @@ TABLE: Configure
# would occur. Therefore the list of files is temporarily stored into a file
# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
# tar does not support the --files-from option.
tar:
TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from $(TARFILE).list \
--owner 0 --group 0 \
--transform 's|^|$(NAME)/|' \
-cvf -
$(TARFILE).list:
find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \
\! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \
\( \! -name '*test' -o -name bctest -o -name pod2mantest \) \
\! -name '.#*' \! -name '*~' \! -type l \
| sort > $(TARFILE).list
tar: $(TARFILE).list
find . -type d -print | xargs chmod 755
find . -type f -print | xargs chmod a+r
find . -type f -perm -0100 -print | xargs chmod a+x
find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \
$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \
tardy --user_number=0 --user_name=openssl \
--group_number=0 --group_name=openssl \
--prefix=openssl-$(VERSION) - |\
gzip --best >../$(TARFILE).gz; \
rm -f ../$(TARFILE).list; \
ls -l ../$(TARFILE).gz
$(TAR_COMMAND) | gzip --best > $(TARFILE).gz
rm -f $(TARFILE).list
ls -l $(TARFILE).gz
tar-snap:
@$(TAR) $(TARFLAGS) -cvf - \
`find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \! -name '*test' \! -name '.#*' \! -name '*~' | sort` |\
tardy --user_number=0 --user_name=openssl \
--group_number=0 --group_name=openssl \
--prefix=openssl-$(VERSION) - > ../$(TARFILE);\
ls -l ../$(TARFILE)
tar-snap: $(TARFILE).list
$(TAR_COMMAND) > $(TARFILE)
rm -f $(TARFILE).list
ls -l $(TARFILE)
dist:
$(PERL) Configure dist
@$(MAKE) dist_pem_h
@$(MAKE) SDIRS='$(SDIRS)' clean
@$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' tar
dist_pem_h:
(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
@$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
install: all install_docs install_sw
@ -562,11 +565,7 @@ install_sw:
do \
if [ -f "$$i" -o -f "$$i.a" ]; then \
( echo installing $$i; \
if [ "$(PLATFORM)" != "Cygwin" ]; then \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
else \
if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
@ -574,6 +573,10 @@ install_sw:
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
else \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
fi ); \
if expr $(PLATFORM) : 'mingw' > /dev/null; then \
( case $$i in \
@ -606,6 +609,10 @@ install_sw:
install_html_docs:
here="`pwd`"; \
filecase=; \
case "$(PLATFORM)" in DJGPP|Cygwin*|mingw*|darwin*-*-cc) \
filecase=-i; \
esac; \
for subdir in apps crypto ssl; do \
mkdir -p $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir; \
for i in doc/$$subdir/*.pod; do \
@ -634,9 +641,9 @@ install_docs:
@pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
here="`pwd`"; \
filecase=; \
if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" -o "$(PLATFORM)" = "mingw" ]; then \
case "$(PLATFORM)" in DJGPP|Cygwin*|mingw*|darwin*-*-cc) \
filecase=-i; \
fi; \
esac; \
set -e; for i in doc/apps/*.pod; do \
fn=`basename $$i .pod`; \
sec=`$(PERL) util/extract-section.pl 1 < $$i`; \

8
crypto/external/bsd/openssl/dist/Makefile.shared vendored
View File

@ -272,7 +272,7 @@ link_o.cygwin:
SHLIB_SOVER=${LIBVERSION:+"-$(LIBVERSION)"}; \
ALLSYMSFLAGS='-Wl,--whole-archive'; \
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base $$deffile -Wl,-s,-Bsymbolic"; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base $$deffile -Wl,-Bsymbolic"; \
$(LINK_SO_O)
#for mingw target if def-file is in use dll-name should match library-name
link_a.cygwin:
@ -289,15 +289,15 @@ link_a.cygwin:
SHLIB_SOVER=32; \
extras="$(LIBNAME).def"; \
$(PERL) util/mkdef.pl 32 $$SHLIB > $$extras; \
base=; [ $(LIBNAME) = "crypto" ] && base=-Wl,--image-base,0x63000000; \
base=; [ $(LIBNAME) = "crypto" -a -n "$(FIPSCANLIB)" ] && base=-Wl,--image-base,0x63000000; \
fi; \
dll_name=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; \
$(PERL) util/mkrc.pl $$dll_name | \
$(CROSS_COMPILE)windres -o rc.o; \
$(RC) -o rc.o; \
extras="$$extras rc.o"; \
ALLSYMSFLAGS='-Wl,--whole-archive'; \
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base -Wl,-s,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a $$extras"; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base -Wl,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a $$extras"; \
[ -f apps/$$dll_name ] && rm apps/$$dll_name; \
[ -f test/$$dll_name ] && rm test/$$dll_name; \
$(LINK_SO_A) || exit 1; \

90
crypto/external/bsd/openssl/dist/NEWS vendored
View File

@ -5,15 +5,80 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
Major changes between OpenSSL 1.0.1o and OpenSSL 1.0.1p [9 Jul 2015]
Major changes between OpenSSL 1.0.2j and OpenSSL 1.0.2k [26 Jan 2017]
o Truncated packet could crash via OOB read (CVE-2017-3731)
o BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)
o Montgomery multiplication may produce incorrect results (CVE-2016-7055)
Major changes between OpenSSL 1.0.2i and OpenSSL 1.0.2j [26 Sep 2016]
o Missing CRL sanity check (CVE-2016-7052)
Major changes between OpenSSL 1.0.2h and OpenSSL 1.0.2i [22 Sep 2016]
o OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
o SWEET32 Mitigation (CVE-2016-2183)
o OOB write in MDC2_Update() (CVE-2016-6303)
o Malformed SHA512 ticket DoS (CVE-2016-6302)
o OOB write in BN_bn2dec() (CVE-2016-2182)
o OOB read in TS_OBJ_print_bio() (CVE-2016-2180)
o Pointer arithmetic undefined behaviour (CVE-2016-2177)
o Constant time flag not preserved in DSA signing (CVE-2016-2178)
o DTLS buffered message DoS (CVE-2016-2179)
o DTLS replay protection DoS (CVE-2016-2181)
o Certificate message OOB reads (CVE-2016-6306)
Major changes between OpenSSL 1.0.2g and OpenSSL 1.0.2h [3 May 2016]
o Prevent padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
o Fix EVP_EncodeUpdate overflow (CVE-2016-2105)
o Fix EVP_EncryptUpdate overflow (CVE-2016-2106)
o Prevent ASN.1 BIO excessive memory allocation (CVE-2016-2109)
o EBCDIC overread (CVE-2016-2176)
o Modify behavior of ALPN to invoke callback after SNI/servername
callback, such that updates to the SSL_CTX affect ALPN.
o Remove LOW from the DEFAULT cipher list. This removes singles DES from
the default.
o Only remove the SSLv2 methods with the no-ssl2-method option.
Major changes between OpenSSL 1.0.2f and OpenSSL 1.0.2g [1 Mar 2016]
o Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.
o Disable SSLv2 default build, default negotiation and weak ciphers
(CVE-2016-0800)
o Fix a double-free in DSA code (CVE-2016-0705)
o Disable SRP fake user seed to address a server memory leak
(CVE-2016-0798)
o Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
(CVE-2016-0797)
o Fix memory issues in BIO_*printf functions (CVE-2016-0799)
o Fix side channel attack on modular exponentiation (CVE-2016-0702)
Major changes between OpenSSL 1.0.2e and OpenSSL 1.0.2f [28 Jan 2016]
o DH small subgroups (CVE-2016-0701)
o SSLv2 doesn't block disabled ciphers (CVE-2015-3197)
Major changes between OpenSSL 1.0.2d and OpenSSL 1.0.2e [3 Dec 2015]
o BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193)
o Certificate verify crash with missing PSS parameter (CVE-2015-3194)
o X509_ATTRIBUTE memory leak (CVE-2015-3195)
o Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs
o In DSA_generate_parameters_ex, if the provided seed is too short,
return an error
Major changes between OpenSSL 1.0.2c and OpenSSL 1.0.2d [9 Jul 2015]
o Alternate chains certificate forgery (CVE-2015-1793)
o Race condition handling PSK identify hint (CVE-2015-3196)
Major changes between OpenSSL 1.0.1n and OpenSSL 1.0.1o [12 Jun 2015]
Major changes between OpenSSL 1.0.2b and OpenSSL 1.0.2c [12 Jun 2015]
o Fix HMAC ABI incompatibility
Major changes between OpenSSL 1.0.1m and OpenSSL 1.0.1n [11 Jun 2015]
Major changes between OpenSSL 1.0.2a and OpenSSL 1.0.2b [11 Jun 2015]
o Malformed ECParameters causes infinite loop (CVE-2015-1788)
o Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)
@ -21,16 +86,33 @@
o CMS verify infinite loop with unknown hash function (CVE-2015-1792)
o Race condition handling NewSessionTicket (CVE-2015-1791)
Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.1m [19 Mar 2015]
Major changes between OpenSSL 1.0.2 and OpenSSL 1.0.2a [19 Mar 2015]
o OpenSSL 1.0.2 ClientHello sigalgs DoS fix (CVE-2015-0291)
o Multiblock corrupted pointer fix (CVE-2015-0290)
o Segmentation fault in DTLSv1_listen fix (CVE-2015-0207)
o Segmentation fault in ASN1_TYPE_cmp fix (CVE-2015-0286)
o Segmentation fault for invalid PSS parameters fix (CVE-2015-0208)
o ASN.1 structure reuse memory corruption fix (CVE-2015-0287)
o PKCS7 NULL pointer dereferences fix (CVE-2015-0289)
o DoS via reachable assert in SSLv2 servers fix (CVE-2015-0293)
o Empty CKE with client auth and DHE fix (CVE-2015-1787)
o Handshake with unseeded PRNG fix (CVE-2015-0285)
o Use After Free following d2i_ECPrivatekey error fix (CVE-2015-0209)
o X509_to_X509_REQ NULL pointer deref fix (CVE-2015-0288)
o Removed the export ciphers from the DEFAULT ciphers
Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.2 [22 Jan 2015]:
o Suite B support for TLS 1.2 and DTLS 1.2
o Support for DTLS 1.2
o TLS automatic EC curve selection.
o API to set TLS supported signature algorithms and curves
o SSL_CONF configuration API.
o TLS Brainpool support.
o ALPN support.
o CMS support for RSA-PSS, RSA-OAEP, ECDH and X9.42 DH.
Major changes between OpenSSL 1.0.1k and OpenSSL 1.0.1l [15 Jan 2015]
o Build fixes for the Windows and OpenVMS platforms

201
crypto/external/bsd/openssl/dist/README vendored
View File

@ -1,7 +1,7 @@
OpenSSL 1.0.1p 9 Jul 2015
OpenSSL 1.0.2k 26 Jan 2017
Copyright (c) 1998-2011 The OpenSSL Project
Copyright (c) 1998-2015 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
All rights reserved.
@ -10,17 +10,17 @@
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, fully featured, and Open Source toolkit implementing the
Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
protocols as well as a full-strength general purpose cryptography library.
The project is managed by a worldwide community of volunteers that use the
Internet to communicate, plan, and develop the OpenSSL toolkit and its
related documentation.
Secure Sockets Layer (SSLv3) and Transport Layer Security (TLS) protocols as
well as a full-strength general purpose cryptograpic library. The project is
managed by a worldwide community of volunteers that use the Internet to
communicate, plan, and develop the OpenSSL toolkit and its related
documentation.
OpenSSL is based on the excellent SSLeay library developed from Eric A. Young
OpenSSL is descended from the SSLeay library developed by Eric A. Young
and Tim J. Hudson. The OpenSSL toolkit is licensed under a dual-license (the
OpenSSL license plus the SSLeay license) situation, which basically means
that you are free to get and use it for commercial and non-commercial
purposes as long as you fulfill the conditions of both licenses.
OpenSSL license plus the SSLeay license), which means that you are free to
get and use it for commercial and non-commercial purposes as long as you
fulfill the conditions of both licenses.
OVERVIEW
--------
@ -28,128 +28,51 @@
The OpenSSL toolkit includes:
libssl.a:
Implementation of SSLv2, SSLv3, TLSv1 and the required code to support
both SSLv2, SSLv3 and TLSv1 in the one server and client.
Provides the client and server-side implementations for SSLv3 and TLS.
libcrypto.a:
General encryption and X.509 v1/v3 stuff needed by SSL/TLS but not
actually logically part of it. It includes routines for the following:
Ciphers
libdes - EAY's libdes DES encryption package which was floating
around the net for a few years, and was then relicensed by
him as part of SSLeay. It includes 15 'modes/variations'
of DES (1, 2 and 3 key versions of ecb, cbc, cfb and ofb;
pcbc and a more general form of cfb and ofb) including desx
in cbc mode, a fast crypt(3), and routines to read
passwords from the keyboard.
RC4 encryption,
RC2 encryption - 4 different modes, ecb, cbc, cfb and ofb.
Blowfish encryption - 4 different modes, ecb, cbc, cfb and ofb.
IDEA encryption - 4 different modes, ecb, cbc, cfb and ofb.
Digests
MD5 and MD2 message digest algorithms, fast implementations,
SHA (SHA-0) and SHA-1 message digest algorithms,
MDC2 message digest. A DES based hash that is popular on smart cards.
Public Key
RSA encryption/decryption/generation.
There is no limit on the number of bits.
DSA encryption/decryption/generation.
There is no limit on the number of bits.
Diffie-Hellman key-exchange/key generation.
There is no limit on the number of bits.
X.509v3 certificates
X509 encoding/decoding into/from binary ASN1 and a PEM
based ASCII-binary encoding which supports encryption with a
private key. Program to generate RSA and DSA certificate
requests and to generate RSA and DSA certificates.
Systems
The normal digital envelope routines and base64 encoding. Higher
level access to ciphers and digests by name. New ciphers can be
loaded at run time. The BIO io system which is a simple non-blocking
IO abstraction. Current methods supported are file descriptors,
sockets, socket accept, socket connect, memory buffer, buffering, SSL
client/server, file pointer, encryption, digest, non-blocking testing
and null.
Data structures
A dynamically growing hashing system
A simple stack.
A Configuration loader that uses a format similar to MS .ini files.
Provides general cryptographic and X.509 support needed by SSL/TLS but
not logically part of it.
openssl:
A command line tool that can be used for:
Creation of RSA, DH and DSA key parameters
Creation of key parameters
Creation of X.509 certificates, CSRs and CRLs
Calculation of Message Digests
Encryption and Decryption with Ciphers
SSL/TLS Client and Server Tests
Calculation of message digests
Encryption and decryption
SSL/TLS client and server tests
Handling of S/MIME signed or encrypted mail
PATENTS
-------
Various companies hold various patents for various algorithms in various
locations around the world. _YOU_ are responsible for ensuring that your use
of any algorithms is legal by checking if there are any patents in your
country. The file contains some of the patents that we know about or are
rumored to exist. This is not a definitive list.
RSA Security holds software patents on the RC5 algorithm. If you
intend to use this cipher, you must contact RSA Security for
licensing conditions. Their web page is http://www.rsasecurity.com/.
RC4 is a trademark of RSA Security, so use of this label should perhaps
only be used with RSA Security's permission.
The IDEA algorithm is patented by Ascom in Austria, France, Germany, Italy,
Japan, the Netherlands, Spain, Sweden, Switzerland, UK and the USA. They
should be contacted if that algorithm is to be used; their web page is
http://www.ascom.ch/.
NTT and Mitsubishi have patents and pending patents on the Camellia
algorithm, but allow use at no charge without requiring an explicit
licensing agreement: http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html
And more...
INSTALLATION
------------
To install this package under a Unix derivative, read the INSTALL file. For
a Win32 platform, read the INSTALL.W32 file. For OpenVMS systems, read
INSTALL.VMS.
Read the documentation in the doc/ directory. It is quite rough, but it
lists the functions; you will probably have to look at the code to work out
how to use them. Look at the example programs.
PROBLEMS
--------
For some platforms, there are some known problems that may affect the user
or application author. We try to collect those in doc/PROBLEMS, with current
thoughts on how they should be solved in a future of OpenSSL.
See the appropriate file:
INSTALL Linux, Unix, etc.
INSTALL.DJGPP DOS platform with DJGPP
INSTALL.NW Netware
INSTALL.OS2 OS/2
INSTALL.VMS VMS
INSTALL.W32 Windows (32bit)
INSTALL.W64 Windows (64bit)
INSTALL.WCE Windows CE
SUPPORT
-------
See the OpenSSL website www.openssl.org for details of how to obtain
See the OpenSSL website www.openssl.org for details on how to obtain
commercial technical support.
If you have any problems with OpenSSL then please take the following steps
first:
- Download the current snapshot from ftp://ftp.openssl.org/snapshot/
- Download the latest version from the repository
to see if the problem has already been addressed
- Remove ASM versions of libraries
- Configure with no-asm
- Remove compiler optimisation flags
If you wish to report a bug then please include the following information in
any bug report:
If you wish to report a bug then please include the following information
and create an issue on GitHub:
- On Unix systems:
Self-test report generated by 'make report'
@ -161,58 +84,18 @@
- Problem Description (steps that will reproduce the problem, if known)
- Stack Traceback (if the application dumps core)
Report the bug to the OpenSSL project via the Request Tracker
(http://www.openssl.org/support/rt.html) by mail to:
openssl-bugs@openssl.org
Note that the request tracker should NOT be used for general assistance
or support queries. Just because something doesn't work the way you expect
does not mean it is necessarily a bug in OpenSSL.
Note that mail to openssl-bugs@openssl.org is recorded in the publicly
readable request tracker database and is forwarded to a public
mailing list. Confidential mail may be sent to openssl-security@openssl.org
(PGP key available from the key servers).
Just because something doesn't work the way you expect does not mean it
is necessarily a bug in OpenSSL.
HOW TO CONTRIBUTE TO OpenSSL
----------------------------
Development is coordinated on the openssl-dev mailing list (see
http://www.openssl.org for information on subscribing). If you
would like to submit a patch, send it to openssl-bugs@openssl.org with
the string "[PATCH]" in the subject. Please be sure to include a
textual explanation of what your patch does.
See CONTRIBUTING
If you are unsure as to whether a feature will be useful for the general
OpenSSL community please discuss it on the openssl-dev mailing list first.
Someone may be already working on the same thing or there may be a good
reason as to why that feature isn't implemented.
Patches should be as up to date as possible, preferably relative to the
current Git or the last snapshot. They should follow the coding style of
OpenSSL and compile without warnings. Some of the core team developer targets
can be used for testing purposes, (debug-steve64, debug-geoff etc). OpenSSL
compiles on many varied platforms: try to ensure you only use portable
features.
Note: For legal reasons, contributions from the US can be accepted only
if a TSU notification and a copy of the patch are sent to crypt@bis.doc.gov
(formerly BXA) with a copy to the ENC Encryption Request Coordinator;
please take some time to look at
http://www.bis.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html [sic]
and
http://w3.access.gpo.gov/bis/ear/pdf/740.pdf (EAR Section 740.13(e))
for the details. If "your encryption source code is too large to serve as
an email attachment", they are glad to receive it by fax instead; hope you
have a cheap long-distance plan.
Our preferred format for changes is "diff -u" output. You might
generate it like this:
# cd openssl-work
# [your changes]
# ./Configure dist; make clean
# cd ..
# diff -ur openssl-orig openssl-work > mydiffs.patch
LEGALITIES
----------
A number of nations restrict the use or export of cryptography. If you
are potentially subject to such restrictions you should seek competent
professional legal advice before attempting to develop or distribute
cryptographic code.

3
crypto/external/bsd/openssl/dist/apps/CA.pl vendored
View File

@ -64,7 +64,7 @@ $RET = 0;
foreach (@ARGV) {
if ( /^(-\?|-h|-help)$/ ) {
print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-signcert|-verify\n";
exit 0;
} elsif (/^-newcert$/) {
# create a certificate
@ -186,4 +186,3 @@ while (<IN>) {
}
}
}

3
crypto/external/bsd/openssl/dist/apps/CA.pl.in vendored
View File

@ -64,7 +64,7 @@ $RET = 0;
foreach (@ARGV) {
if ( /^(-\?|-h|-help)$/ ) {
print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-signcert|-verify\n";
exit 0;
} elsif (/^-newcert$/) {
# create a certificate
@ -186,4 +186,3 @@ while (<IN>) {
}
}
}

2
crypto/external/bsd/openssl/dist/apps/Makefile vendored
View File

@ -135,7 +135,7 @@ update: openssl-vms.cnf local_depend
depend: local_depend
@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
local_depend:
@[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \
@[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new

3
crypto/external/bsd/openssl/dist/apps/app_rand.c vendored
View File

@ -124,10 +124,7 @@ int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn)
char buffer[200];
#ifdef OPENSSL_SYS_WINDOWS
BIO_printf(bio_e, "Loading 'screen' into random state -");
BIO_flush(bio_e);
RAND_screen();
BIO_printf(bio_e, " done\n");
#endif
if (file == NULL)

334
crypto/external/bsd/openssl/dist/apps/apps.c vendored
View File

@ -119,9 +119,6 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#if !defined(OPENSSL_SYSNAME_WIN32) && !defined(NETWARE_CLIB)
# include <strings.h>
#endif
#include <sys/types.h>
#include <ctype.h>
#include <errno.h>
@ -218,7 +215,8 @@ int args_from_file(char *file, int *argc, char **argv[])
if (arg != NULL)
OPENSSL_free(arg);
arg = (char **)OPENSSL_malloc(sizeof(char *) * (i * 2));
if (arg == NULL)
return 0;
*argv = arg;
num = 0;
p = buf;
@ -285,6 +283,8 @@ int str2fmt(char *s)
return (FORMAT_PKCS12);
else if ((*s == 'E') || (*s == 'e'))
return (FORMAT_ENGINE);
else if ((*s == 'H') || (*s == 'h'))
return FORMAT_HTTP;
else if ((*s == 'P') || (*s == 'p')) {
if (s[1] == 'V' || s[1] == 'v')
return FORMAT_PVK;
@ -787,12 +787,72 @@ static int load_pkcs12(BIO *err, BIO *in, const char *desc,
return ret;
}
int load_cert_crl_http(const char *url, BIO *err,
X509 **pcert, X509_CRL **pcrl)
{
char *host = NULL, *port = NULL, *path = NULL;
BIO *bio = NULL;
OCSP_REQ_CTX *rctx = NULL;
int use_ssl, rv = 0;
if (!OCSP_parse_url(url, &host, &port, &path, &use_ssl))
goto err;
if (use_ssl) {
if (err)
BIO_puts(err, "https not supported\n");
goto err;
}
bio = BIO_new_connect(host);
if (!bio || !BIO_set_conn_port(bio, port))
goto err;
rctx = OCSP_REQ_CTX_new(bio, 1024);
if (!rctx)
goto err;
if (!OCSP_REQ_CTX_http(rctx, "GET", path))
goto err;
if (!OCSP_REQ_CTX_add1_header(rctx, "Host", host))
goto err;
if (pcert) {
do {
rv = X509_http_nbio(rctx, pcert);
}
while (rv == -1);
} else {
do {
rv = X509_CRL_http_nbio(rctx, pcrl);
} while (rv == -1);
}
err:
if (host)
OPENSSL_free(host);
if (path)
OPENSSL_free(path);
if (port)
OPENSSL_free(port);
if (bio)
BIO_free_all(bio);
if (rctx)
OCSP_REQ_CTX_free(rctx);
if (rv != 1) {
if (bio && err)
BIO_printf(bio_err, "Error loading %s from %s\n",
pcert ? "certificate" : "CRL", url);
ERR_print_errors(bio_err);
}
return rv;
}
X509 *load_cert(BIO *err, const char *file, int format,
const char *pass, ENGINE *e, const char *cert_descrip)
{
X509 *x = NULL;
BIO *cert;
if (format == FORMAT_HTTP) {
load_cert_crl_http(file, err, &x, NULL);
return x;
}
if ((cert = BIO_new(BIO_s_file())) == NULL) {
ERR_print_errors(err);
goto end;
@ -850,6 +910,49 @@ X509 *load_cert(BIO *err, const char *file, int format,
return (x);
}
X509_CRL *load_crl(const char *infile, int format)
{
X509_CRL *x = NULL;
BIO *in = NULL;
if (format == FORMAT_HTTP) {
load_cert_crl_http(infile, bio_err, NULL, &x);
return x;
}
in = BIO_new(BIO_s_file());
if (in == NULL) {
ERR_print_errors(bio_err);
goto end;
}
if (infile == NULL)
BIO_set_fp(in, stdin, BIO_NOCLOSE);
else {
if (BIO_read_filename(in, infile) <= 0) {
perror(infile);
goto end;
}
}
if (format == FORMAT_ASN1)
x = d2i_X509_CRL_bio(in, NULL);
else if (format == FORMAT_PEM)
x = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL);
else {
BIO_printf(bio_err, "bad input format specified for input crl\n");
goto end;
}
if (x == NULL) {
BIO_printf(bio_err, "unable to load CRL\n");
ERR_print_errors(bio_err);
goto end;
}
end:
BIO_free(in);
return (x);
}
EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
const char *pass, ENGINE *e, const char *key_descrip)
{
@ -869,7 +972,10 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
if (!e)
BIO_printf(err, "no engine specified\n");
else {
pkey = ENGINE_load_private_key(e, file, ui_method, &cb_data);
if (ENGINE_init(e)) {
pkey = ENGINE_load_private_key(e, file, ui_method, &cb_data);
ENGINE_finish(e);
}
if (!pkey) {
BIO_printf(err, "cannot load %s from engine\n", key_descrip);
ERR_print_errors(err);
@ -1247,7 +1353,11 @@ int set_name_ex(unsigned long *flags, const char *arg)
{"ca_default", XN_FLAG_MULTILINE, 0xffffffffL},
{NULL, 0, 0}
};
return set_multi_opts(flags, arg, ex_tbl);
if (set_multi_opts(flags, arg, ex_tbl) == 0)
return 0;
if ((*flags & XN_FLAG_SEP_MASK) == 0)
*flags |= XN_FLAG_SEP_CPLUS_SPC;
return 1;
}
int set_ext_copy(int *copy_type, const char *arg)
@ -1425,11 +1535,13 @@ static ENGINE *try_load_engine(BIO *err, const char *engine, int debug)
}
return e;
}
#endif
ENGINE *setup_engine(BIO *err, const char *engine, int debug)
{
ENGINE *e = NULL;
#ifndef OPENSSL_NO_ENGINE
if (engine) {
if (strcmp(engine, "auto") == 0) {
BIO_printf(err, "enabling auto ENGINE support\n");
@ -1454,13 +1566,19 @@ ENGINE *setup_engine(BIO *err, const char *engine, int debug)
}
BIO_printf(err, "engine \"%s\" set.\n", ENGINE_get_id(e));
/* Free our "structural" reference. */
ENGINE_free(e);
}
#endif
return e;
}
void release_engine(ENGINE *e)
{
#ifndef OPENSSL_NO_ENGINE
if (e != NULL)
/* Free our "structural" reference. */
ENGINE_free(e);
#endif
}
int load_config(BIO *err, CONF *cnf)
{
@ -2159,6 +2277,9 @@ int args_verify(char ***pargs, int *pargc,
char **oldargs = *pargs;
char *arg = **pargs, *argn = (*pargs)[1];
time_t at_time = 0;
char *hostname = NULL;
char *email = NULL;
char *ipasc = NULL;
if (!strcmp(arg, "-policy")) {
if (!argn)
*badarg = 1;
@ -2212,6 +2333,21 @@ int args_verify(char ***pargs, int *pargc,
at_time = (time_t)timestamp;
}
(*pargs)++;
} else if (strcmp(arg, "-verify_hostname") == 0) {
if (!argn)
*badarg = 1;
hostname = argn;
(*pargs)++;
} else if (strcmp(arg, "-verify_email") == 0) {
if (!argn)
*badarg = 1;
email = argn;
(*pargs)++;
} else if (strcmp(arg, "-verify_ip") == 0) {
if (!argn)
*badarg = 1;
ipasc = argn;
(*pargs)++;
} else if (!strcmp(arg, "-ignore_critical"))
flags |= X509_V_FLAG_IGNORE_CRITICAL;
else if (!strcmp(arg, "-issuer_checks"))
@ -2238,8 +2374,20 @@ int args_verify(char ***pargs, int *pargc,
flags |= X509_V_FLAG_NOTIFY_POLICY;
else if (!strcmp(arg, "-check_ss_sig"))
flags |= X509_V_FLAG_CHECK_SS_SIGNATURE;
else if (!strcmp(arg, "-trusted_first"))
flags |= X509_V_FLAG_TRUSTED_FIRST;
else if (!strcmp(arg, "-suiteB_128_only"))
flags |= X509_V_FLAG_SUITEB_128_LOS_ONLY;
else if (!strcmp(arg, "-suiteB_128"))
flags |= X509_V_FLAG_SUITEB_128_LOS;
else if (!strcmp(arg, "-suiteB_192"))
flags |= X509_V_FLAG_SUITEB_192_LOS;
else if (!strcmp(arg, "-partial_chain"))
flags |= X509_V_FLAG_PARTIAL_CHAIN;
else if (!strcmp(arg, "-no_alt_chains"))
flags |= X509_V_FLAG_NO_ALT_CHAINS;
else if (!strcmp(arg, "-allow_proxy_certs"))
flags |= X509_V_FLAG_ALLOW_PROXY_CERTS;
else
return 0;
@ -2269,6 +2417,15 @@ int args_verify(char ***pargs, int *pargc,
if (at_time)
X509_VERIFY_PARAM_set_time(*pm, at_time);
if (hostname && !X509_VERIFY_PARAM_set1_host(*pm, hostname, 0))
*badarg = 1;
if (email && !X509_VERIFY_PARAM_set1_email(*pm, email, 0))
*badarg = 1;
if (ipasc && !X509_VERIFY_PARAM_set1_ip_asc(*pm, ipasc))
*badarg = 1;
end:
(*pargs)++;
@ -2299,7 +2456,11 @@ int bio_to_mem(unsigned char **out, int maxlen, BIO *in)
else
len = 1024;
len = BIO_read(in, tbuf, len);
if (len <= 0)
if (len < 0) {
BIO_free(mem);
return -1;
}
if (len == 0)
break;
if (BIO_write(mem, tbuf, len) != len) {
BIO_free(mem);
@ -2316,7 +2477,7 @@ int bio_to_mem(unsigned char **out, int maxlen, BIO *in)
return ret;
}
int pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value)
int pkey_ctrl_string(EVP_PKEY_CTX *ctx, const char *value)
{
int rv;
char *stmp, *vtmp = NULL;
@ -2552,6 +2713,9 @@ void jpake_client_auth(BIO *out, BIO *conn, const char *secret)
BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n");
if (psk_key)
OPENSSL_free(psk_key);
psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx));
BIO_pop(bconn);
@ -2581,6 +2745,9 @@ void jpake_server_auth(BIO *out, BIO *conn, const char *secret)
BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n");
if (psk_key)
OPENSSL_free(psk_key);
psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx));
BIO_pop(bconn);
@ -2591,7 +2758,7 @@ void jpake_server_auth(BIO *out, BIO *conn, const char *secret)
#endif
#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
#ifndef OPENSSL_NO_TLSEXT
/*-
* next_protos_parse parses a comma separated list of strings into a string
* in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
@ -2630,8 +2797,106 @@ unsigned char *next_protos_parse(unsigned short *outlen, const char *in)
*outlen = len + 1;
return out;
}
#endif /* !OPENSSL_NO_TLSEXT &&
* !OPENSSL_NO_NEXTPROTONEG */
#endif /* ndef OPENSSL_NO_TLSEXT */
void print_cert_checks(BIO *bio, X509 *x,
const char *checkhost,
const char *checkemail, const char *checkip)
{
if (x == NULL)
return;
if (checkhost) {
BIO_printf(bio, "Hostname %s does%s match certificate\n",
checkhost, X509_check_host(x, checkhost, 0, 0, NULL) == 1
? "" : " NOT");
}
if (checkemail) {
BIO_printf(bio, "Email %s does%s match certificate\n",
checkemail, X509_check_email(x, checkemail, 0,
0) ? "" : " NOT");
}
if (checkip) {
BIO_printf(bio, "IP %s does%s match certificate\n",
checkip, X509_check_ip_asc(x, checkip, 0) ? "" : " NOT");
}
}
/* Get first http URL from a DIST_POINT structure */
static const char *get_dp_url(DIST_POINT *dp)
{
GENERAL_NAMES *gens;
GENERAL_NAME *gen;
int i, gtype;
ASN1_STRING *uri;
if (!dp->distpoint || dp->distpoint->type != 0)
return NULL;
gens = dp->distpoint->name.fullname;
for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
gen = sk_GENERAL_NAME_value(gens, i);
uri = GENERAL_NAME_get0_value(gen, &gtype);
if (gtype == GEN_URI && ASN1_STRING_length(uri) > 6) {
char *uptr = (char *)ASN1_STRING_data(uri);
if (!strncmp(uptr, "http://", 7))
return uptr;
}
}
return NULL;
}
/*
* Look through a CRLDP structure and attempt to find an http URL to
* downloads a CRL from.
*/
static X509_CRL *load_crl_crldp(STACK_OF(DIST_POINT) *crldp)
{
int i;
const char *urlptr = NULL;
for (i = 0; i < sk_DIST_POINT_num(crldp); i++) {
DIST_POINT *dp = sk_DIST_POINT_value(crldp, i);
urlptr = get_dp_url(dp);
if (urlptr)
return load_crl(urlptr, FORMAT_HTTP);
}
return NULL;
}
/*
* Example of downloading CRLs from CRLDP: not usable for real world as it
* always downloads, doesn't support non-blocking I/O and doesn't cache
* anything.
*/
static STACK_OF(X509_CRL) *crls_http_cb(X509_STORE_CTX *ctx, X509_NAME *nm)
{
X509 *x;
STACK_OF(X509_CRL) *crls = NULL;
X509_CRL *crl;
STACK_OF(DIST_POINT) *crldp;
x = X509_STORE_CTX_get_current_cert(ctx);
crldp = X509_get_ext_d2i(x, NID_crl_distribution_points, NULL, NULL);
crl = load_crl_crldp(crldp);
sk_DIST_POINT_pop_free(crldp, DIST_POINT_free);
if (!crl)
return NULL;
crls = sk_X509_CRL_new_null();
sk_X509_CRL_push(crls, crl);
/* Try to download delta CRL */
crldp = X509_get_ext_d2i(x, NID_freshest_crl, NULL, NULL);
crl = load_crl_crldp(crldp);
sk_DIST_POINT_pop_free(crldp, DIST_POINT_free);
if (crl)
sk_X509_CRL_push(crls, crl);
return crls;
}
void store_setup_crl_download(X509_STORE *st)
{
X509_STORE_set_lookup_crls_cb(st, crls_http_cb);
}
/*
* Platform-specific sections
@ -2944,6 +3209,36 @@ int app_isdir(const char *name)
#endif
/* raw_read|write section */
#if defined(__VMS)
# include "vms_term_sock.h"
static int stdin_sock = -1;
static void close_stdin_sock(void)
{
TerminalSocket (TERM_SOCK_DELETE, &stdin_sock);
}
int fileno_stdin(void)
{
if (stdin_sock == -1) {
TerminalSocket(TERM_SOCK_CREATE, &stdin_sock);
atexit(close_stdin_sock);
}
return stdin_sock;
}
#else
int fileno_stdin(void)
{
return fileno(stdin);
}
#endif
int fileno_stdout(void)
{
return fileno(stdout);
}
#if defined(_WIN32) && defined(STD_INPUT_HANDLE)
int raw_read_stdin(void *buf, int siz)
{
@ -2953,10 +3248,17 @@ int raw_read_stdin(void *buf, int siz)
else
return (-1);
}
#elif defined(__VMS)
#include <sys/socket.h>
int raw_read_stdin(void *buf, int siz)
{
return recv(fileno_stdin(), buf, siz, 0);
}
#else
int raw_read_stdin(void *buf, int siz)
{
return read(fileno(stdin), buf, siz);
return read(fileno_stdin(), buf, siz);
}
#endif
@ -2972,6 +3274,6 @@ int raw_write_stdout(const void *buf, int siz)
#else
int raw_write_stdout(const void *buf, int siz)
{
return write(fileno(stdout), buf, siz);
return write(fileno_stdout(), buf, siz);
}
#endif

30
crypto/external/bsd/openssl/dist/apps/apps.h vendored
View File

@ -205,7 +205,7 @@ extern BIO *bio_err;
# endif
# endif
# ifdef OPENSSL_SYSNAME_WIN32
# if defined(OPENSSL_SYSNAME_WIN32) || defined(OPENSSL_SYSNAME_WINCE)
# define openssl_fdset(a,b) FD_SET((unsigned int)a, b)
# else
# define openssl_fdset(a,b) FD_SET(a, b)
@ -245,6 +245,9 @@ int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2);
int add_oid_section(BIO *err, CONF *conf);
X509 *load_cert(BIO *err, const char *file, int format,
const char *pass, ENGINE *e, const char *cert_descrip);
X509_CRL *load_crl(const char *infile, int format);
int load_cert_crl_http(const char *url, BIO *err,
X509 **pcert, X509_CRL **pcrl);
EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
const char *pass, ENGINE *e, const char *key_descrip);
EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
@ -256,14 +259,15 @@ STACK_OF(X509_CRL) *load_crls(BIO *err, const char *file, int format,
const char *pass, ENGINE *e,
const char *cert_descrip);
X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath);
# ifndef OPENSSL_NO_ENGINE
ENGINE *setup_engine(BIO *err, const char *engine, int debug);
# endif
void release_engine(ENGINE *e);
# ifndef OPENSSL_NO_OCSP
OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,
char *host, char *path, char *port,
int use_ssl, STACK_OF(CONF_VALUE) *headers,
const char *host, const char *path,
const char *port, int use_ssl,
const STACK_OF(CONF_VALUE) *headers,
int req_timeout);
# endif
@ -317,7 +321,7 @@ int args_verify(char ***pargs, int *pargc,
int *badarg, BIO *err, X509_VERIFY_PARAM **pm);
void policies_print(BIO *out, X509_STORE_CTX *ctx);
int bio_to_mem(unsigned char **out, int maxlen, BIO *in);
int pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value);
int pkey_ctrl_string(EVP_PKEY_CTX *ctx, const char *value);
int init_gen_str(BIO *err, EVP_PKEY_CTX **pctx,
const char *algname, ENGINE *e, int do_param);
int do_X509_sign(BIO *err, X509 *x, EVP_PKEY *pkey, const EVP_MD *md,
@ -334,10 +338,15 @@ void jpake_client_auth(BIO *out, BIO *conn, const char *secret);
void jpake_server_auth(BIO *out, BIO *conn, const char *secret);
# endif
# if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
# ifndef OPENSSL_NO_TLSEXT
unsigned char *next_protos_parse(unsigned short *outlen, const char *in);
# endif /* !OPENSSL_NO_TLSEXT &&
* !OPENSSL_NO_NEXTPROTONEG */
# endif /* ndef OPENSSL_NO_TLSEXT */
void print_cert_checks(BIO *bio, X509 *x,
const char *checkhost,
const char *checkemail, const char *checkip);
void store_setup_crl_download(X509_STORE *st);
# define FORMAT_UNDEF 0
# define FORMAT_ASN1 1
@ -353,6 +362,7 @@ unsigned char *next_protos_parse(unsigned short *outlen, const char *in);
# define FORMAT_ASN1RSA 10 /* DER RSAPubicKey format */
# define FORMAT_MSBLOB 11 /* MS Key blob format */
# define FORMAT_PVK 12 /* MS PVK file format */
# define FORMAT_HTTP 13 /* Download using HTTP */
# define EXT_COPY_NONE 0
# define EXT_COPY_ADD 1
@ -365,6 +375,8 @@ unsigned char *next_protos_parse(unsigned short *outlen, const char *in);
# define SERIAL_RAND_BITS 64
int app_isdir(const char *);
int fileno_stdin(void);
int fileno_stdout(void);
int raw_read_stdin(void *, int);
int raw_write_stdout(const void *, int);

4
crypto/external/bsd/openssl/dist/apps/asn1pars.c vendored
View File

@ -313,9 +313,9 @@ int MAIN(int argc, char **argv)
}
typ = ASN1_TYPE_get(at);
if ((typ == V_ASN1_OBJECT)
|| (typ == V_ASN1_BOOLEAN)
|| (typ == V_ASN1_NULL)) {
BIO_printf(bio_err, "Can't parse %s type\n",
typ == V_ASN1_NULL ? "NULL" : "OBJECT");
BIO_printf(bio_err, "Can't parse %s type\n", ASN1_tag2str(typ));
ERR_print_errors(bio_err);
goto end;
}

65
crypto/external/bsd/openssl/dist/apps/ca.c vendored
View File

@ -99,25 +99,19 @@
#undef PROG
#define PROG ca_main
#define BASE_SECTION "ca"
#define CONFIG_FILE "openssl.cnf"
#define BASE_SECTION "ca"
#define CONFIG_FILE "openssl.cnf"
#define ENV_DEFAULT_CA "default_ca"
#define STRING_MASK "string_mask"
#define STRING_MASK "string_mask"
#define UTF8_IN "utf8"
#define ENV_DIR "dir"
#define ENV_CERTS "certs"
#define ENV_CRL_DIR "crl_dir"
#define ENV_CA_DB "CA_DB"
#define ENV_NEW_CERTS_DIR "new_certs_dir"
#define ENV_CERTIFICATE "certificate"
#define ENV_SERIAL "serial"
#define ENV_CRLNUMBER "crlnumber"
#define ENV_CRL "crl"
#define ENV_PRIVATE_KEY "private_key"
#define ENV_RANDFILE "RANDFILE"
#define ENV_DEFAULT_DAYS "default_days"
#define ENV_DEFAULT_STARTDATE "default_startdate"
#define ENV_DEFAULT_ENDDATE "default_enddate"
@ -325,9 +319,7 @@ int MAIN(int argc, char **argv)
#define BSIZE 256
MS_STATIC char buf[3][BSIZE];
char *randfile = NULL;
#ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
#endif
char *tofree = NULL;
DB_ATTR db_attr;
@ -479,6 +471,11 @@ int MAIN(int argc, char **argv)
goto bad;
infile = *(++argv);
dorevoke = 1;
} else if (strcmp(*argv, "-valid") == 0) {
if (--argc < 1)
goto bad;
infile = *(++argv);
dorevoke = 2;
} else if (strcmp(*argv, "-extensions") == 0) {
if (--argc < 1)
goto bad;
@ -596,9 +593,7 @@ int MAIN(int argc, char **argv)
if (!load_config(bio_err, conf))
goto err;
#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
#endif
/* Lets get the config section we are using */
if (section == NULL) {
@ -1441,6 +1436,8 @@ int MAIN(int argc, char **argv)
revcert = load_cert(bio_err, infile, FORMAT_PEM, NULL, e, infile);
if (revcert == NULL)
goto err;
if (dorevoke == 2)
rev_type = -1;
j = do_revoke(revcert, db, rev_type, rev_arg);
if (j <= 0)
goto err;
@ -1484,6 +1481,7 @@ int MAIN(int argc, char **argv)
X509_CRL_free(crl);
NCONF_free(conf);
NCONF_free(extconf);
release_engine(e);
OBJ_cleanup();
apps_shutdown();
OPENSSL_EXIT(ret);
@ -1968,8 +1966,12 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
if (enddate == NULL)
X509_time_adj_ex(X509_get_notAfter(ret), days, 0, NULL);
else
else {
int tdays;
ASN1_TIME_set_string(X509_get_notAfter(ret), enddate);
ASN1_TIME_diff(&tdays, NULL, NULL, X509_get_notAfter(ret));
days = tdays;
}
if (!X509_set_subject_name(ret, subject))
goto err;
@ -2098,25 +2100,23 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
goto err;
/* We now just add it to the database */
row[DB_type] = (char *)OPENSSL_malloc(2);
tm = X509_get_notAfter(ret);
row[DB_exp_date] = (char *)OPENSSL_malloc(tm->length + 1);
memcpy(row[DB_exp_date], tm->data, tm->length);
row[DB_exp_date][tm->length] = '\0';
row[DB_rev_date] = NULL;
/* row[DB_serial] done already */
row[DB_file] = (char *)OPENSSL_malloc(8);
row[DB_type] = OPENSSL_malloc(2);
row[DB_exp_date] = OPENSSL_malloc(tm->length + 1);
row[DB_rev_date] = OPENSSL_malloc(1);
row[DB_file] = OPENSSL_malloc(8);
row[DB_name] = X509_NAME_oneline(X509_get_subject_name(ret), NULL, 0);
if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
(row[DB_rev_date] == NULL) ||
(row[DB_file] == NULL) || (row[DB_name] == NULL)) {
BIO_printf(bio_err, "Memory allocation failure\n");
goto err;
}
BUF_strlcpy(row[DB_file], "unknown", 8);
memcpy(row[DB_exp_date], tm->data, tm->length);
row[DB_exp_date][tm->length] = '\0';
row[DB_rev_date][0] = '\0';
strcpy(row[DB_file], "unknown");
row[DB_type][0] = 'V';
row[DB_type][1] = '\0';
@ -2224,7 +2224,6 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey,
sk = CONF_get_section(parms, "default");
if (sk_CONF_VALUE_num(sk) == 0) {
BIO_printf(bio_err, "no name/value pairs found in %s\n", infile);
CONF_free(parms);
goto err;
}
@ -2302,6 +2301,7 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey,
j = NETSCAPE_SPKI_verify(spki, pktmp);
if (j <= 0) {
EVP_PKEY_free(pktmp);
BIO_printf(bio_err,
"signature verification failed on SPKAC public key\n");
goto err;
@ -2409,13 +2409,20 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
}
/* Revoke Certificate */
ok = do_revoke(x509, db, type, value);
if (type == -1)
ok = 1;
else
ok = do_revoke(x509, db, type, value);
goto err;
} else if (index_name_cmp_noconst(row, rrow)) {
BIO_printf(bio_err, "ERROR:name does not match %s\n", row[DB_name]);
goto err;
} else if (type == -1) {
BIO_printf(bio_err, "ERROR:Already present, serial number %s\n",
row[DB_serial]);
goto err;
} else if (rrow[DB_type][0] == 'R') {
BIO_printf(bio_err, "ERROR:Already revoked, serial number %s\n",
row[DB_serial]);
@ -2520,6 +2527,8 @@ static int do_updatedb(CA_DB *db)
char **rrow, *a_tm_s;
a_tm = ASN1_UTCTIME_new();
if (a_tm == NULL)
return -1;
/* get actual time and make a string */
a_tm = X509_gmtime_adj(a_tm, 0);

16
crypto/external/bsd/openssl/dist/apps/ciphers.c vendored
View File

@ -85,6 +85,9 @@ int MAIN(int argc, char **argv)
{
int ret = 1, i;
int verbose = 0, Verbose = 0;
#ifndef OPENSSL_NO_SSL_TRACE
int stdname = 0;
#endif
const char **pp;
const char *p;
int badops = 0;
@ -119,6 +122,10 @@ int MAIN(int argc, char **argv)
verbose = 1;
else if (strcmp(*argv, "-V") == 0)
verbose = Verbose = 1;
#ifndef OPENSSL_NO_SSL_TRACE
else if (strcmp(*argv, "-stdname") == 0)
stdname = verbose = 1;
#endif
#ifndef OPENSSL_NO_SSL2
else if (strcmp(*argv, "-ssl2") == 0)
meth = SSLv2_client_method();
@ -202,7 +209,14 @@ int MAIN(int argc, char **argv)
id1, id2, id3);
}
}
#ifndef OPENSSL_NO_SSL_TRACE
if (stdname) {
const char *nm = SSL_CIPHER_standard_name(c);
if (nm == NULL)
nm = "UNKNOWN";
BIO_printf(STDout, "%s - ", nm);
}
#endif
BIO_puts(STDout, SSL_CIPHER_description(c, buf, sizeof buf));
}
}

151
crypto/external/bsd/openssl/dist/apps/cms.c vendored
View File

@ -75,6 +75,8 @@ static void receipt_request_print(BIO *out, CMS_ContentInfo *cms);
static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING)
*rr_to, int rr_allorfirst, STACK_OF(OPENSSL_STRING)
*rr_from);
static int cms_set_pkey_param(EVP_PKEY_CTX *pctx,
STACK_OF(OPENSSL_STRING) *param);
# define SMIME_OP 0x10
# define SMIME_IP 0x20
@ -98,6 +100,14 @@ static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING)
int verify_err = 0;
typedef struct cms_key_param_st cms_key_param;
struct cms_key_param_st {
int idx;
STACK_OF(OPENSSL_STRING) *param;
cms_key_param *next;
};
int MAIN(int, char **);
int MAIN(int argc, char **argv)
@ -112,7 +122,7 @@ int MAIN(int argc, char **argv)
STACK_OF(OPENSSL_STRING) *sksigners = NULL, *skkeys = NULL;
char *certfile = NULL, *keyfile = NULL, *contfile = NULL;
char *certsoutfile = NULL;
const EVP_CIPHER *cipher = NULL;
const EVP_CIPHER *cipher = NULL, *wrap_cipher = NULL;
CMS_ContentInfo *cms = NULL, *rcms = NULL;
X509_STORE *store = NULL;
X509 *cert = NULL, *recip = NULL, *signer = NULL;
@ -133,13 +143,13 @@ int MAIN(int argc, char **argv)
const EVP_MD *sign_md = NULL;
int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
int rctformat = FORMAT_SMIME, keyform = FORMAT_PEM;
# ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
# endif
unsigned char *secret_key = NULL, *secret_keyid = NULL;
unsigned char *pwri_pass = NULL, *pwri_tmp = NULL;
size_t secret_keylen = 0, secret_keyidlen = 0;
cms_key_param *key_first = NULL, *key_param = NULL;
ASN1_OBJECT *econtent_type = NULL;
X509_VERIFY_PARAM *vpm = NULL;
@ -201,6 +211,8 @@ int MAIN(int argc, char **argv)
cipher = EVP_des_ede3_cbc();
else if (!strcmp(*args, "-des"))
cipher = EVP_des_cbc();
else if (!strcmp(*args, "-des3-wrap"))
wrap_cipher = EVP_des_ede3_wrap();
# endif
# ifndef OPENSSL_NO_SEED
else if (!strcmp(*args, "-seed"))
@ -221,6 +233,12 @@ int MAIN(int argc, char **argv)
cipher = EVP_aes_192_cbc();
else if (!strcmp(*args, "-aes256"))
cipher = EVP_aes_256_cbc();
else if (!strcmp(*args, "-aes128-wrap"))
wrap_cipher = EVP_aes_128_wrap();
else if (!strcmp(*args, "-aes192-wrap"))
wrap_cipher = EVP_aes_192_wrap();
else if (!strcmp(*args, "-aes256-wrap"))
wrap_cipher = EVP_aes_256_wrap();
# endif
# ifndef OPENSSL_NO_CAMELLIA
else if (!strcmp(*args, "-camellia128"))
@ -378,7 +396,17 @@ int MAIN(int argc, char **argv)
} else if (!strcmp(*args, "-recip")) {
if (!args[1])
goto argerr;
recipfile = *++args;
if (operation == SMIME_ENCRYPT) {
if (!encerts)
encerts = sk_X509_new_null();
cert = load_cert(bio_err, *++args, FORMAT_PEM,
NULL, e, "recipient certificate file");
if (!cert)
goto end;
sk_X509_push(encerts, cert);
cert = NULL;
} else
recipfile = *++args;
} else if (!strcmp(*args, "-certsout")) {
if (!args[1])
goto argerr;
@ -413,6 +441,40 @@ int MAIN(int argc, char **argv)
if (!args[1])
goto argerr;
keyform = str2fmt(*++args);
} else if (!strcmp(*args, "-keyopt")) {
int keyidx = -1;
if (!args[1])
goto argerr;
if (operation == SMIME_ENCRYPT) {
if (encerts)
keyidx += sk_X509_num(encerts);
} else {
if (keyfile || signerfile)
keyidx++;
if (skkeys)
keyidx += sk_OPENSSL_STRING_num(skkeys);
}
if (keyidx < 0) {
BIO_printf(bio_err, "No key specified\n");
goto argerr;
}
if (key_param == NULL || key_param->idx != keyidx) {
cms_key_param *nparam;
nparam = OPENSSL_malloc(sizeof(cms_key_param));
if (!nparam) {
BIO_printf(bio_err, "Out of memory\n");
goto argerr;
}
nparam->idx = keyidx;
nparam->param = sk_OPENSSL_STRING_new_null();
nparam->next = NULL;
if (key_first == NULL)
key_first = nparam;
else
key_param->next = nparam;
key_param = nparam;
}
sk_OPENSSL_STRING_push(key_param->param, *++args);
} else if (!strcmp(*args, "-rctform")) {
if (!args[1])
goto argerr;
@ -502,7 +564,7 @@ int MAIN(int argc, char **argv)
badarg = 1;
}
} else if (operation == SMIME_ENCRYPT) {
if (!*args && !secret_key && !pwri_pass) {
if (!*args && !secret_key && !pwri_pass && !encerts) {
BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
badarg = 1;
}
@ -567,6 +629,7 @@ int MAIN(int argc, char **argv)
"-inkey file input private key (if not signer or recipient)\n");
BIO_printf(bio_err,
"-keyform arg input private key format (PEM or ENGINE)\n");
BIO_printf(bio_err, "-keyopt nm:v set public key parameters\n");
BIO_printf(bio_err, "-out file output file\n");
BIO_printf(bio_err,
"-outform arg output format SMIME (default), PEM or DER\n");
@ -600,9 +663,7 @@ int MAIN(int argc, char **argv)
"cert.pem recipient certificate(s) for encryption\n");
goto end;
}
# ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
# endif
if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
@ -652,7 +713,7 @@ int MAIN(int argc, char **argv)
goto end;
}
if (*args)
if (*args && !encerts)
encerts = sk_X509_new_null();
while (*args) {
if (!(cert = load_cert(bio_err, *args, FORMAT_PEM,
@ -804,10 +865,39 @@ int MAIN(int argc, char **argv)
} else if (operation == SMIME_COMPRESS) {
cms = CMS_compress(in, -1, flags);
} else if (operation == SMIME_ENCRYPT) {
int i;
flags |= CMS_PARTIAL;
cms = CMS_encrypt(encerts, in, cipher, flags);
cms = CMS_encrypt(NULL, in, cipher, flags);
if (!cms)
goto end;
for (i = 0; i < sk_X509_num(encerts); i++) {
CMS_RecipientInfo *ri;
cms_key_param *kparam;
int tflags = flags;
X509 *x = sk_X509_value(encerts, i);
for (kparam = key_first; kparam; kparam = kparam->next) {
if (kparam->idx == i) {
tflags |= CMS_KEY_PARAM;
break;
}
}
ri = CMS_add1_recipient_cert(cms, x, tflags);
if (!ri)
goto end;
if (kparam) {
EVP_PKEY_CTX *pctx;
pctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
if (!cms_set_pkey_param(pctx, kparam->param))
goto end;
}
if (CMS_RecipientInfo_type(ri) == CMS_RECIPINFO_AGREE
&& wrap_cipher) {
EVP_CIPHER_CTX *wctx;
wctx = CMS_RecipientInfo_kari_get0_ctx(ri);
EVP_EncryptInit_ex(wctx, wrap_cipher, NULL, NULL, NULL);
}
}
if (secret_key) {
if (!CMS_add0_recipient_key(cms, NID_undef,
secret_key, secret_keylen,
@ -880,8 +970,11 @@ int MAIN(int argc, char **argv)
flags |= CMS_REUSE_DIGEST;
for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) {
CMS_SignerInfo *si;
cms_key_param *kparam;
int tflags = flags;
signerfile = sk_OPENSSL_STRING_value(sksigners, i);
keyfile = sk_OPENSSL_STRING_value(skkeys, i);
signer = load_cert(bio_err, signerfile, FORMAT_PEM, NULL,
e, "signer certificate");
if (!signer)
@ -890,9 +983,21 @@ int MAIN(int argc, char **argv)
"signing key file");
if (!key)
goto end;
si = CMS_add1_signer(cms, signer, key, sign_md, flags);
for (kparam = key_first; kparam; kparam = kparam->next) {
if (kparam->idx == i) {
tflags |= CMS_KEY_PARAM;
break;
}
}
si = CMS_add1_signer(cms, signer, key, sign_md, tflags);
if (!si)
goto end;
if (kparam) {
EVP_PKEY_CTX *pctx;
pctx = CMS_SignerInfo_get0_pkey_ctx(si);
if (!cms_set_pkey_param(pctx, kparam->param))
goto end;
}
if (rr && !CMS_add1_ReceiptRequest(si, rr))
goto end;
X509_free(signer);
@ -1047,6 +1152,13 @@ int MAIN(int argc, char **argv)
sk_OPENSSL_STRING_free(rr_to);
if (rr_from)
sk_OPENSSL_STRING_free(rr_from);
for (key_param = key_first; key_param;) {
cms_key_param *tparam;
sk_OPENSSL_STRING_free(key_param->param);
tparam = key_param->next;
OPENSSL_free(key_param);
key_param = tparam;
}
X509_STORE_free(store);
X509_free(cert);
X509_free(recip);
@ -1054,6 +1166,7 @@ int MAIN(int argc, char **argv)
EVP_PKEY_free(key);
CMS_ContentInfo_free(cms);
CMS_ContentInfo_free(rcms);
release_engine(e);
BIO_free(rctin);
BIO_free(in);
BIO_free(indata);
@ -1220,4 +1333,22 @@ static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING)
return NULL;
}
static int cms_set_pkey_param(EVP_PKEY_CTX *pctx,
STACK_OF(OPENSSL_STRING) *param)
{
char *keyopt;
int i;
if (sk_OPENSSL_STRING_num(param) <= 0)
return 1;
for (i = 0; i < sk_OPENSSL_STRING_num(param); i++) {
keyopt = sk_OPENSSL_STRING_value(param, i);
if (pkey_ctrl_string(pctx, keyopt) <= 0) {
BIO_printf(bio_err, "parameter error \"%s\"\n", keyopt);
ERR_print_errors(bio_err);
return 0;
}
}
return 1;
}
#endif

92
crypto/external/bsd/openssl/dist/apps/crl.c vendored
View File

@ -96,7 +96,6 @@ static const char *crl_usage[] = {
NULL
};
static X509_CRL *load_crl(char *file, int format);
static BIO *bio_out = NULL;
int MAIN(int, char **);
@ -106,10 +105,10 @@ int MAIN(int argc, char **argv)
unsigned long nmflag = 0;
X509_CRL *x = NULL;
char *CAfile = NULL, *CApath = NULL;
int ret = 1, i, num, badops = 0;
int ret = 1, i, num, badops = 0, badsig = 0;
BIO *out = NULL;
int informat, outformat;
char *infile = NULL, *outfile = NULL;
int informat, outformat, keyformat;
char *infile = NULL, *outfile = NULL, *crldiff = NULL, *keyfile = NULL;
int hash = 0, issuer = 0, lastupdate = 0, nextupdate = 0, noout =
0, text = 0;
#ifndef OPENSSL_NO_MD5
@ -147,6 +146,7 @@ int MAIN(int argc, char **argv)
informat = FORMAT_PEM;
outformat = FORMAT_PEM;
keyformat = FORMAT_PEM;
argc--;
argv++;
@ -173,6 +173,18 @@ int MAIN(int argc, char **argv)
if (--argc < 1)
goto bad;
infile = *(++argv);
} else if (strcmp(*argv, "-gendelta") == 0) {
if (--argc < 1)
goto bad;
crldiff = *(++argv);
} else if (strcmp(*argv, "-key") == 0) {
if (--argc < 1)
goto bad;
keyfile = *(++argv);
} else if (strcmp(*argv, "-keyform") == 0) {
if (--argc < 1)
goto bad;
keyformat = str2fmt(*(++argv));
} else if (strcmp(*argv, "-out") == 0) {
if (--argc < 1)
goto bad;
@ -214,6 +226,8 @@ int MAIN(int argc, char **argv)
fingerprint = ++num;
else if (strcmp(*argv, "-crlnumber") == 0)
crlnumber = ++num;
else if (strcmp(*argv, "-badsig") == 0)
badsig = 1;
else if ((md_alg = EVP_get_digestbyname(*argv + 1))) {
/* ok */
digest = md_alg;
@ -281,6 +295,33 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "verify OK\n");
}
if (crldiff) {
X509_CRL *newcrl, *delta;
if (!keyfile) {
BIO_puts(bio_err, "Missing CRL signing key\n");
goto end;
}
newcrl = load_crl(crldiff, informat);
if (!newcrl)
goto end;
pkey = load_key(bio_err, keyfile, keyformat, 0, NULL, NULL,
"CRL signing key");
if (!pkey) {
X509_CRL_free(newcrl);
goto end;
}
delta = X509_CRL_diff(x, newcrl, pkey, digest, 0);
X509_CRL_free(newcrl);
EVP_PKEY_free(pkey);
if (delta) {
X509_CRL_free(x);
x = delta;
} else {
BIO_puts(bio_err, "Error creating delta CRL\n");
goto end;
}
}
if (num) {
for (i = 1; i <= num; i++) {
if (issuer == i) {
@ -369,6 +410,9 @@ int MAIN(int argc, char **argv)
goto end;
}
if (badsig)
x->signature->data[x->signature->length - 1] ^= 0x1;
if (outformat == FORMAT_ASN1)
i = (int)i2d_X509_CRL_bio(out, x);
else if (outformat == FORMAT_PEM)
@ -383,6 +427,8 @@ int MAIN(int argc, char **argv)
}
ret = 0;
end:
if (ret != 0)
ERR_print_errors(bio_err);
BIO_free_all(out);
BIO_free_all(bio_out);
bio_out = NULL;
@ -394,41 +440,3 @@ int MAIN(int argc, char **argv)
apps_shutdown();
OPENSSL_EXIT(ret);
}
static X509_CRL *load_crl(char *infile, int format)
{
X509_CRL *x = NULL;
BIO *in = NULL;
in = BIO_new(BIO_s_file());
if (in == NULL) {
ERR_print_errors(bio_err);
goto end;
}
if (infile == NULL)
BIO_set_fp(in, stdin, BIO_NOCLOSE);
else {
if (BIO_read_filename(in, infile) <= 0) {
perror(infile);
goto end;
}
}
if (format == FORMAT_ASN1)
x = d2i_X509_CRL_bio(in, NULL);
else if (format == FORMAT_PEM)
x = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL);
else {
BIO_printf(bio_err, "bad input format specified for input crl\n");
goto end;
}
if (x == NULL) {
BIO_printf(bio_err, "unable to load CRL\n");
ERR_print_errors(bio_err);
goto end;
}
end:
BIO_free(in);
return (x);
}

44
crypto/external/bsd/openssl/dist/apps/dgst.c vendored
View File

@ -103,7 +103,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
ENGINE *e = NULL, *impl = NULL;
unsigned char *buf = NULL;
int i, err = 1;
const EVP_MD *md = NULL, *m;
@ -124,6 +124,7 @@ int MAIN(int argc, char **argv)
char *passargin = NULL, *passin = NULL;
#ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
int engine_impl = 0;
#endif
char *hmac_key = NULL;
char *mac_name = NULL;
@ -199,7 +200,8 @@ int MAIN(int argc, char **argv)
break;
engine = *(++argv);
e = setup_engine(bio_err, engine, 0);
}
} else if (strcmp(*argv, "-engine_impl") == 0)
engine_impl = 1;
#endif
else if (strcmp(*argv, "-hex") == 0)
out_bin = 0;
@ -241,6 +243,11 @@ int MAIN(int argc, char **argv)
argv++;
}
if (keyfile != NULL && argc > 1) {
BIO_printf(bio_err, "Can only sign or verify one file\n");
goto end;
}
if (do_verify && !sigfile) {
BIO_printf(bio_err,
"No signature to verify: use the -signature option\n");
@ -284,6 +291,10 @@ int MAIN(int argc, char **argv)
EVP_MD_do_all_sorted(list_md_fn, bio_err);
goto end;
}
#ifndef OPENSSL_NO_ENGINE
if (engine_impl)
impl = e;
#endif
in = BIO_new(BIO_s_file());
bmd = BIO_new(BIO_f_md());
@ -357,7 +368,7 @@ int MAIN(int argc, char **argv)
if (mac_name) {
EVP_PKEY_CTX *mac_ctx = NULL;
int r = 0;
if (!init_gen_str(bio_err, &mac_ctx, mac_name, e, 0))
if (!init_gen_str(bio_err, &mac_ctx, mac_name, impl, 0))
goto mac_end;
if (macopts) {
char *macopt;
@ -391,7 +402,7 @@ int MAIN(int argc, char **argv)
}
if (hmac_key) {
sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, e,
sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, impl,
(unsigned char *)hmac_key, -1);
if (!sigkey)
goto end;
@ -407,9 +418,9 @@ int MAIN(int argc, char **argv)
goto end;
}
if (do_verify)
r = EVP_DigestVerifyInit(mctx, &pctx, md, NULL, sigkey);
r = EVP_DigestVerifyInit(mctx, &pctx, md, impl, sigkey);
else
r = EVP_DigestSignInit(mctx, &pctx, md, NULL, sigkey);
r = EVP_DigestSignInit(mctx, &pctx, md, impl, sigkey);
if (!r) {
BIO_printf(bio_err, "Error setting context\n");
ERR_print_errors(bio_err);
@ -429,9 +440,15 @@ int MAIN(int argc, char **argv)
}
/* we use md as a filter, reading from 'in' */
else {
EVP_MD_CTX *mctx = NULL;
if (!BIO_get_md_ctx(bmd, &mctx)) {
BIO_printf(bio_err, "Error getting context\n");
ERR_print_errors(bio_err);
goto end;
}
if (md == NULL)
md = EVP_md5();
if (!BIO_set_md(bmd, md)) {
if (!EVP_DigestInit_ex(mctx, md, impl)) {
BIO_printf(bio_err, "Error setting digest %s\n", pname);
ERR_print_errors(bio_err);
goto end;
@ -483,7 +500,8 @@ int MAIN(int argc, char **argv)
EVP_PKEY_asn1_get0_info(NULL, NULL,
NULL, NULL, &sig_name, ameth);
}
md_name = EVP_MD_name(md);
if (md)
md_name = EVP_MD_name(md);
}
err = 0;
for (i = 0; i < argc; i++) {
@ -519,6 +537,7 @@ int MAIN(int argc, char **argv)
OPENSSL_free(sigbuf);
if (bmd != NULL)
BIO_free(bmd);
release_engine(e);
apps_shutdown();
OPENSSL_EXIT(err);
}
@ -581,9 +600,12 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
BIO_printf(out, "%02x", buf[i]);
BIO_printf(out, " *%s\n", file);
} else {
if (sig_name)
BIO_printf(out, "%s-%s(%s)= ", sig_name, md_name, file);
else if (md_name)
if (sig_name) {
BIO_puts(out, sig_name);
if (md_name)
BIO_printf(out, "-%s", md_name);
BIO_printf(out, "(%s)= ", file);
} else if (md_name)
BIO_printf(out, "%s(%s)= ", md_name, file);
else
BIO_printf(out, "(%s)= ", file);

6
crypto/external/bsd/openssl/dist/apps/dh.c vendored
View File

@ -94,9 +94,7 @@ int MAIN(int argc, char **argv)
BIO *in = NULL, *out = NULL;
int informat, outformat, check = 0, noout = 0, C = 0, ret = 1;
char *infile, *outfile, *prog;
# ifndef OPENSSL_NO_ENGINE
char *engine;
# endif
apps_startup();
@ -107,9 +105,7 @@ int MAIN(int argc, char **argv)
if (!load_config(bio_err, NULL))
goto end;
# ifndef OPENSSL_NO_ENGINE
engine = NULL;
# endif
infile = NULL;
outfile = NULL;
informat = FORMAT_PEM;
@ -183,9 +179,7 @@ int MAIN(int argc, char **argv)
ERR_load_crypto_strings();
# ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
# endif
in = BIO_new(BIO_s_file());
out = BIO_new(BIO_s_file());

17
crypto/external/bsd/openssl/dist/apps/dhparam.c vendored
View File

@ -159,9 +159,8 @@ int MAIN(int argc, char **argv)
int informat, outformat, check = 0, noout = 0, C = 0, ret = 1;
char *infile, *outfile, *prog;
char *inrand = NULL;
# ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
# endif
ENGINE *e = NULL;
int num = 0, g = 0;
apps_startup();
@ -270,9 +269,7 @@ int MAIN(int argc, char **argv)
ERR_load_crypto_strings();
# ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
# endif
e = setup_engine(bio_err, engine, 0);
if (g && !num)
num = DEFBITS;
@ -489,9 +486,12 @@ int MAIN(int argc, char **argv)
if (!noout) {
if (outformat == FORMAT_ASN1)
i = i2d_DHparams_bio(out, dh);
else if (outformat == FORMAT_PEM)
i = PEM_write_bio_DHparams(out, dh);
else {
else if (outformat == FORMAT_PEM) {
if (dh->q)
i = PEM_write_bio_DHxparams(out, dh);
else
i = PEM_write_bio_DHparams(out, dh);
} else {
BIO_printf(bio_err, "bad output format specified for outfile\n");
goto end;
}
@ -509,6 +509,7 @@ int MAIN(int argc, char **argv)
BIO_free_all(out);
if (dh != NULL)
DH_free(dh);
release_engine(e);
apps_shutdown();
OPENSSL_EXIT(ret);
}

7
crypto/external/bsd/openssl/dist/apps/dsa.c vendored
View File

@ -106,9 +106,7 @@ int MAIN(int argc, char **argv)
int informat, outformat, text = 0, noout = 0;
int pubin = 0, pubout = 0;
char *infile, *outfile, *prog;
# ifndef OPENSSL_NO_ENGINE
char *engine;
# endif
char *passargin = NULL, *passargout = NULL;
char *passin = NULL, *passout = NULL;
int modulus = 0;
@ -124,9 +122,7 @@ int MAIN(int argc, char **argv)
if (!load_config(bio_err, NULL))
goto end;
# ifndef OPENSSL_NO_ENGINE
engine = NULL;
# endif
infile = NULL;
outfile = NULL;
informat = FORMAT_PEM;
@ -239,9 +235,7 @@ int MAIN(int argc, char **argv)
ERR_load_crypto_strings();
# ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
# endif
if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
@ -358,6 +352,7 @@ int MAIN(int argc, char **argv)
BIO_free_all(out);
if (dsa != NULL)
DSA_free(dsa);
release_engine(e);
if (passin)
OPENSSL_free(passin);
if (passout)

8
crypto/external/bsd/openssl/dist/apps/dsaparam.c vendored
View File

@ -121,9 +121,8 @@ int MAIN(int argc, char **argv)
char *infile, *outfile, *prog, *inrand = NULL;
int numbits = -1, num, genkey = 0;
int need_rand = 0;
# ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
# endif
ENGINE *e = NULL;
# ifdef GENCB_TEST
int timebomb = 0;
# endif
@ -263,9 +262,7 @@ int MAIN(int argc, char **argv)
}
}
# ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
# endif
e = setup_engine(bio_err, engine, 0);
if (need_rand) {
app_RAND_load_file(NULL, bio_err, (inrand != NULL));
@ -433,6 +430,7 @@ int MAIN(int argc, char **argv)
BIO_free_all(out);
if (dsa != NULL)
DSA_free(dsa);
release_engine(e);
apps_shutdown();
OPENSSL_EXIT(ret);
}

6
crypto/external/bsd/openssl/dist/apps/ec.c vendored
View File

@ -95,6 +95,7 @@ int MAIN(int argc, char **argv)
int informat, outformat, text = 0, noout = 0;
int pubin = 0, pubout = 0, param_out = 0;
char *infile, *outfile, *prog, *engine;
ENGINE *e = NULL;
char *passargin = NULL, *passargout = NULL;
char *passin = NULL, *passout = NULL;
point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;
@ -235,9 +236,7 @@ int MAIN(int argc, char **argv)
ERR_load_crypto_strings();
# ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
# endif
e = setup_engine(bio_err, engine, 0);
if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
@ -349,6 +348,7 @@ int MAIN(int argc, char **argv)
BIO_free_all(out);
if (eckey)
EC_KEY_free(eckey);
release_engine(e);
if (passin)
OPENSSL_free(passin);
if (passout)

20
crypto/external/bsd/openssl/dist/apps/ecparam.c vendored
View File

@ -131,6 +131,7 @@ int MAIN(int argc, char **argv)
BIO *in = NULL, *out = NULL;
int informat, outformat, noout = 0, C = 0, ret = 1;
char *engine = NULL;
ENGINE *e = NULL;
BIGNUM *ec_p = NULL, *ec_a = NULL, *ec_b = NULL,
*ec_gen = NULL, *ec_order = NULL, *ec_cofactor = NULL;
@ -311,9 +312,7 @@ int MAIN(int argc, char **argv)
}
}
# ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
# endif
e = setup_engine(bio_err, engine, 0);
if (list_curves) {
EC_builtin_curve *curves = NULL;
@ -370,6 +369,9 @@ int MAIN(int argc, char **argv)
} else
nid = OBJ_sn2nid(curve_name);
if (nid == 0)
nid = EC_curve_nist2nid(curve_name);
if (nid == 0) {
BIO_printf(bio_err, "unknown curve name (%s)\n", curve_name);
goto end;
@ -413,14 +415,13 @@ int MAIN(int argc, char **argv)
}
if (check) {
if (group == NULL)
BIO_printf(bio_err, "no elliptic curve parameters\n");
BIO_printf(bio_err, "checking elliptic curve parameters: ");
if (!EC_GROUP_check(group, NULL)) {
BIO_printf(bio_err, "failed\n");
ERR_print_errors(bio_err);
} else
BIO_printf(bio_err, "ok\n");
goto end;
}
BIO_printf(bio_err, "ok\n");
}
@ -618,12 +619,13 @@ int MAIN(int argc, char **argv)
BN_free(ec_cofactor);
if (buffer)
OPENSSL_free(buffer);
if (group != NULL)
EC_GROUP_free(group);
release_engine(e);
if (in != NULL)
BIO_free(in);
if (out != NULL)
BIO_free_all(out);
if (group != NULL)
EC_GROUP_free(group);
apps_shutdown();
OPENSSL_EXIT(ret);
}

10
crypto/external/bsd/openssl/dist/apps/enc.c vendored
View File

@ -126,9 +126,8 @@ int MAIN(int argc, char **argv)
NULL, *wbio = NULL;
#define PROG_NAME_SIZE 39
char pname[PROG_NAME_SIZE + 1];
#ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
#endif
ENGINE *e = NULL;
const EVP_MD *dgst = NULL;
int non_fips_allow = 0;
@ -322,9 +321,7 @@ int MAIN(int argc, char **argv)
argv++;
}
#ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
#endif
e = setup_engine(bio_err, engine, 0);
if (cipher && EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {
BIO_printf(bio_err,
@ -509,7 +506,7 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "invalid hex salt value\n");
goto end;
}
} else if (RAND_pseudo_bytes(salt, sizeof salt) < 0)
} else if (RAND_bytes(salt, sizeof salt) <= 0)
goto end;
/*
* If -P option then don't bother writing
@ -674,6 +671,7 @@ int MAIN(int argc, char **argv)
if (bzl != NULL)
BIO_free(bzl);
#endif
release_engine(e);
if (pass)
OPENSSL_free(pass);
apps_shutdown();

7
crypto/external/bsd/openssl/dist/apps/engine.c vendored
View File

@ -1,4 +1,4 @@
/* apps/engine.c -*- mode: C; c-file-style: "eay" -*- */
/* apps/engine.c */
/*
* Written by Richard Levitte <richard@levitte.org> for the OpenSSL project
* 2000.
@ -99,8 +99,6 @@ static void identity(char *ptr)
static int append_buf(char **buf, const char *s, int *size, int step)
{
int l = strlen(s);
if (*buf == NULL) {
*size = step;
*buf = OPENSSL_malloc(*size);
@ -109,9 +107,6 @@ static int append_buf(char **buf, const char *s, int *size, int step)
**buf = '\0';
}
if (**buf != '\0')
l += 2; /* ", " */
if (strlen(*buf) + strlen(s) >= (unsigned int)*size) {
*size += step;
*buf = OPENSSL_realloc(*buf, *size);

4
crypto/external/bsd/openssl/dist/apps/gendh.c vendored
View File

@ -96,9 +96,7 @@ int MAIN(int argc, char **argv)
int g = 2;
char *outfile = NULL;
char *inrand = NULL;
# ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
# endif
BIO *out = NULL;
apps_startup();
@ -162,9 +160,7 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, " the random number generator\n");
goto end;
}
# ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
# endif
out = BIO_new(BIO_s_file());
if (out == NULL) {

8
crypto/external/bsd/openssl/dist/apps/gendsa.c vendored
View File

@ -85,9 +85,8 @@ int MAIN(int argc, char **argv)
char *passargout = NULL, *passout = NULL;
BIO *out = NULL, *in = NULL;
const EVP_CIPHER *enc = NULL;
# ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
# endif
ENGINE *e = NULL;
apps_startup();
@ -206,9 +205,7 @@ int MAIN(int argc, char **argv)
" - a DSA parameter file as generated by the dsaparam command\n");
goto end;
}
# ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
# endif
e = setup_engine(bio_err, engine, 0);
if (!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
BIO_printf(bio_err, "Error getting password\n");
@ -273,6 +270,7 @@ int MAIN(int argc, char **argv)
BIO_free_all(out);
if (dsa != NULL)
DSA_free(dsa);
release_engine(e);
if (passout)
OPENSSL_free(passout);
apps_shutdown();

2
crypto/external/bsd/openssl/dist/apps/genpkey.c vendored
View File

@ -275,9 +275,9 @@ int MAIN(int argc, char **argv)
if (out)
BIO_free_all(out);
BIO_free(in);
release_engine(e);
if (pass)
OPENSSL_free(pass);
return ret;
}

9
crypto/external/bsd/openssl/dist/apps/genrsa.c vendored
View File

@ -80,7 +80,7 @@
# include <openssl/pem.h>
# include <openssl/rand.h>
# define DEFBITS 1024
# define DEFBITS 2048
# undef PROG
# define PROG genrsa_main
@ -91,9 +91,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
BN_GENCB cb;
# ifndef OPENSSL_NO_ENGINE
ENGINE *e = NULL;
# endif
int ret = 1;
int i, num = DEFBITS;
long l;
@ -101,9 +99,7 @@ int MAIN(int argc, char **argv)
unsigned long f4 = RSA_F4;
char *outfile = NULL;
char *passargout = NULL, *passout = NULL;
# ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
# endif
char *inrand = NULL;
BIO *out = NULL;
BIGNUM *bn = BN_new();
@ -240,9 +236,7 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "Error getting password\n");
goto err;
}
# ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
# endif
if (outfile == NULL) {
BIO_set_fp(out, stdout, BIO_NOCLOSE);
@ -314,6 +308,7 @@ int MAIN(int argc, char **argv)
RSA_free(rsa);
if (out)
BIO_free_all(out);
release_engine(e);
if (passout)
OPENSSL_free(passout);
if (ret != 0)

4
crypto/external/bsd/openssl/dist/apps/makeapps.com vendored
View File

@ -186,7 +186,7 @@ $ LIB_OPENSSL = "VERIFY,ASN1PARS,REQ,DGST,DH,DHPARAM,ENC,PASSWD,GENDH,ERRSTR,"+-
"CIPHERS,NSEQ,PKCS12,PKCS8,PKEY,PKEYPARAM,PKEYUTL,"+ -
"SPKAC,SMIME,CMS,RAND,ENGINE,OCSP,PRIME,TS,SRP"
$!
$ LIB_OPENSSL = LIB_OPENSSL+ ",VMS_DECC_INIT"
$ LIB_OPENSSL = LIB_OPENSSL+ ",VMS_DECC_INIT,VMS_TERM_SOCK"
$!
$ TCPIP_PROGRAMS = ",,"
$ IF COMPILER .EQS. "VAXC" THEN -
@ -776,7 +776,7 @@ $ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
$ CCDISABLEWARNINGS = "" !!! "MAYLOSEDATA3" !!! "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
$ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. ""
$ THEN
$ IF CCDISABLEWARNINGS .NES. "" THEN CCDISABLEWARNINGS = CCDISABLEWARNINGS + ","
$ IF CCDISABLEWARNINGS .NES. THEN CCDISABLEWARNINGS = CCDISABLEWARNINGS + ","
$ CCDISABLEWARNINGS = CCDISABLEWARNINGS + USER_CCDISABLEWARNINGS
$ ENDIF
$!

102
crypto/external/bsd/openssl/dist/apps/ocsp.c vendored
View File

@ -110,16 +110,17 @@ static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req,
CA_DB *db, X509 *ca, X509 *rcert,
EVP_PKEY *rkey, STACK_OF(X509) *rother,
unsigned long flags, int nmin, int ndays);
EVP_PKEY *rkey, const EVP_MD *md,
STACK_OF(X509) *rother, unsigned long flags,
int nmin, int ndays, int badsig);
static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser);
static BIO *init_responder(char *port);
static BIO *init_responder(const char *port);
static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio,
char *port);
const char *port);
static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp);
static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
STACK_OF(CONF_VALUE) *headers,
static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, const char *path,
const STACK_OF(CONF_VALUE) *headers,
OCSP_REQUEST *req, int req_timeout);
# undef PROG
@ -154,12 +155,14 @@ int MAIN(int argc, char **argv)
long nsec = MAX_VALIDITY_PERIOD, maxage = -1;
char *CAfile = NULL, *CApath = NULL;
X509_STORE *store = NULL;
X509_VERIFY_PARAM *vpm = NULL;
STACK_OF(X509) *sign_other = NULL, *verify_other = NULL, *rother = NULL;
char *sign_certfile = NULL, *verify_certfile = NULL, *rcertfile = NULL;
unsigned long sign_flags = 0, verify_flags = 0, rflags = 0;
int ret = 1;
int accept_count = -1;
int badarg = 0;
int badsig = 0;
int i;
int ignore_err = 0;
STACK_OF(OPENSSL_STRING) *reqnames = NULL;
@ -170,7 +173,7 @@ int MAIN(int argc, char **argv)
char *rca_filename = NULL;
CA_DB *rdb = NULL;
int nmin = 0, ndays = -1;
const EVP_MD *cert_id_md = NULL;
const EVP_MD *cert_id_md = NULL, *rsign_md = NULL;
if (bio_err == NULL)
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
@ -206,6 +209,7 @@ int MAIN(int argc, char **argv)
OPENSSL_free(tport);
if (tpath)
OPENSSL_free(tpath);
thost = tport = tpath = NULL;
if (args[1]) {
args++;
if (!OCSP_parse_url(*args, &host, &port, &path, &use_ssl)) {
@ -264,6 +268,8 @@ int MAIN(int argc, char **argv)
verify_flags |= OCSP_TRUSTOTHER;
else if (!strcmp(*args, "-no_intern"))
verify_flags |= OCSP_NOINTERN;
else if (!strcmp(*args, "-badsig"))
badsig = 1;
else if (!strcmp(*args, "-text")) {
req_text = 1;
resp_text = 1;
@ -320,6 +326,10 @@ int MAIN(int argc, char **argv)
CApath = *args;
} else
badarg = 1;
} else if (args_verify(&args, NULL, &badarg, bio_err, &vpm)) {
if (badarg)
goto end;
continue;
} else if (!strcmp(*args, "-validity_period")) {
if (args[1]) {
args++;
@ -465,6 +475,14 @@ int MAIN(int argc, char **argv)
rcertfile = *args;
} else
badarg = 1;
} else if (!strcmp(*args, "-rmd")) {
if (args[1]) {
args++;
rsign_md = EVP_get_digestbyname(*args);
if (!rsign_md)
badarg = 1;
} else
badarg = 1;
} else if ((cert_id_md = EVP_get_digestbyname((*args) + 1)) == NULL) {
badarg = 1;
}
@ -584,7 +602,10 @@ int MAIN(int argc, char **argv)
add_nonce = 0;
if (!req && reqin) {
derbio = BIO_new_file(reqin, "rb");
if (!strcmp(reqin, "-"))
derbio = BIO_new_fp(stdin, BIO_NOCLOSE);
else
derbio = BIO_new_file(reqin, "rb");
if (!derbio) {
BIO_printf(bio_err, "Error Opening OCSP request file\n");
goto end;
@ -681,7 +702,10 @@ int MAIN(int argc, char **argv)
OCSP_REQUEST_print(out, req, 0);
if (reqout) {
derbio = BIO_new_file(reqout, "wb");
if (!strcmp(reqout, "-"))
derbio = BIO_new_fp(stdout, BIO_NOCLOSE);
else
derbio = BIO_new_file(reqout, "wb");
if (!derbio) {
BIO_printf(bio_err, "Error opening file %s\n", reqout);
goto end;
@ -706,7 +730,7 @@ int MAIN(int argc, char **argv)
if (rdb) {
i = make_ocsp_response(&resp, req, rdb, rca_cert, rsigner, rkey,
rother, rflags, nmin, ndays);
rsign_md, rother, rflags, nmin, ndays, badsig);
if (cbio)
send_ocsp_response(cbio, resp);
} else if (host) {
@ -721,7 +745,10 @@ int MAIN(int argc, char **argv)
goto end;
# endif
} else if (respin) {
derbio = BIO_new_file(respin, "rb");
if (!strcmp(respin, "-"))
derbio = BIO_new_fp(stdin, BIO_NOCLOSE);
else
derbio = BIO_new_file(respin, "rb");
if (!derbio) {
BIO_printf(bio_err, "Error Opening OCSP response file\n");
goto end;
@ -741,7 +768,10 @@ int MAIN(int argc, char **argv)
done_resp:
if (respout) {
derbio = BIO_new_file(respout, "wb");
if (!strcmp(respout, "-"))
derbio = BIO_new_fp(stdout, BIO_NOCLOSE);
else
derbio = BIO_new_file(respout, "wb");
if (!derbio) {
BIO_printf(bio_err, "Error opening file %s\n", respout);
goto end;
@ -778,6 +808,10 @@ int MAIN(int argc, char **argv)
resp = NULL;
goto redo_accept;
}
ret = 0;
goto end;
} else if (ridx_filename) {
ret = 0;
goto end;
}
@ -785,6 +819,8 @@ int MAIN(int argc, char **argv)
store = setup_verify(bio_err, CAfile, CApath);
if (!store)
goto end;
if (vpm)
X509_STORE_set1_param(store, vpm);
if (verify_certfile) {
verify_other = load_certs(bio_err, verify_certfile, FORMAT_PEM,
NULL, e, "validator certificate");
@ -799,37 +835,38 @@ int MAIN(int argc, char **argv)
goto end;
}
ret = 0;
if (!noverify) {
if (req && ((i = OCSP_check_nonce(req, bs)) <= 0)) {
if (i == -1)
BIO_printf(bio_err, "WARNING: no nonce in response\n");
else {
BIO_printf(bio_err, "Nonce Verify error\n");
ret = 1;
goto end;
}
}
i = OCSP_basic_verify(bs, verify_other, store, verify_flags);
if (i < 0)
i = OCSP_basic_verify(bs, NULL, store, 0);
if (i <= 0) {
BIO_printf(bio_err, "Response Verify Failure\n");
ERR_print_errors(bio_err);
ret = 1;
} else
BIO_printf(bio_err, "Response verify OK\n");
}
if (!print_ocsp_summary(out, bs, req, reqnames, ids, nsec, maxage))
goto end;
ret = 0;
ret = 1;
end:
ERR_print_errors(bio_err);
X509_free(signer);
X509_STORE_free(store);
if (vpm)
X509_VERIFY_PARAM_free(vpm);
EVP_PKEY_free(key);
EVP_PKEY_free(rkey);
X509_free(issuer);
@ -984,8 +1021,9 @@ static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req,
CA_DB *db, X509 *ca, X509 *rcert,
EVP_PKEY *rkey, STACK_OF(X509) *rother,
unsigned long flags, int nmin, int ndays)
EVP_PKEY *rkey, const EVP_MD *rmd,
STACK_OF(X509) *rother, unsigned long flags,
int nmin, int ndays, int badsig)
{
ASN1_TIME *thisupd = NULL, *nextupd = NULL;
OCSP_CERTID *cid, *ca_id = NULL;
@ -1003,7 +1041,7 @@ static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req,
bs = OCSP_BASICRESP_new();
thisupd = X509_gmtime_adj(NULL, 0);
if (ndays != -1)
nextupd = X509_gmtime_adj(NULL, nmin * 60 + ndays * 3600 * 24);
nextupd = X509_time_adj_ex(NULL, ndays, nmin * 60, NULL);
/* Examine each certificate id in the request */
for (i = 0; i < id_count; i++) {
@ -1069,7 +1107,10 @@ static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req,
OCSP_copy_nonce(bs, req);
OCSP_basic_sign(bs, rcert, rkey, NULL, rother, flags);
OCSP_basic_sign(bs, rcert, rkey, rmd, rother, flags);
if (badsig)
bs->signature->data[bs->signature->length - 1] ^= 0x1;
*resp = OCSP_response_create(OCSP_RESPONSE_STATUS_SUCCESSFUL, bs);
@ -1105,7 +1146,7 @@ static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser)
/* Quick and dirty OCSP server: read in and parse input request */
static BIO *init_responder(char *port)
static BIO *init_responder(const char *port)
{
BIO *acbio = NULL, *bufbio = NULL;
bufbio = BIO_new(BIO_f_buffer());
@ -1137,7 +1178,7 @@ static BIO *init_responder(char *port)
}
static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio,
char *port)
const char *port)
{
int have_post = 0, len;
OCSP_REQUEST *req = NULL;
@ -1198,8 +1239,8 @@ static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp)
return 1;
}
static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
STACK_OF(CONF_VALUE) *headers,
static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, const char *path,
const STACK_OF(CONF_VALUE) *headers,
OCSP_REQUEST *req, int req_timeout)
{
int fd;
@ -1220,8 +1261,8 @@ static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
return NULL;
}
if (BIO_get_fd(cbio, &fd) <= 0) {
BIO_puts(err, "Can't get connection fd\n");
if (BIO_get_fd(cbio, &fd) < 0) {
BIO_puts(bio_err, "Can't get connection fd\n");
goto err;
}
@ -1286,8 +1327,9 @@ static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
}
OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,
char *host, char *path, char *port,
int use_ssl, STACK_OF(CONF_VALUE) *headers,
const char *host, const char *path,
const char *port, int use_ssl,
const STACK_OF(CONF_VALUE) *headers,
int req_timeout)
{
BIO *cbio = NULL;

2
crypto/external/bsd/openssl/dist/apps/openssl-vms.cnf vendored
View File

@ -103,7 +103,7 @@ emailAddress = optional
####################################################################
[ req ]
default_bits = 1024
default_bits = 2048
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes

2
crypto/external/bsd/openssl/dist/apps/openssl.cnf vendored
View File

@ -103,7 +103,7 @@ emailAddress = optional
####################################################################
[ req ]
default_bits = 1024
default_bits = 2048
default_keyfile = privkey.pem
default_md = sha2
distinguished_name = req_distinguished_name

4
crypto/external/bsd/openssl/dist/apps/passwd.c vendored
View File

@ -416,7 +416,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
if (*salt_malloc_p == NULL)
goto err;
}
if (RAND_pseudo_bytes((unsigned char *)*salt_p, 2) < 0)
if (RAND_bytes((unsigned char *)*salt_p, 2) <= 0)
goto err;
(*salt_p)[0] = cov_2char[(*salt_p)[0] & 0x3f]; /* 6 bits */
(*salt_p)[1] = cov_2char[(*salt_p)[1] & 0x3f]; /* 6 bits */
@ -437,7 +437,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
if (*salt_malloc_p == NULL)
goto err;
}
if (RAND_pseudo_bytes((unsigned char *)*salt_p, 8) < 0)
if (RAND_bytes((unsigned char *)*salt_p, 8) <= 0)
goto err;
for (i = 0; i < 8; i++)

146
crypto/external/bsd/openssl/dist/apps/pkcs12.c vendored
View File

@ -79,7 +79,8 @@ const EVP_CIPHER *enc;
# define CLCERTS 0x8
# define CACERTS 0x10
int get_cert_chain(X509 *cert, X509_STORE *store, STACK_OF(X509) **chain);
static int get_cert_chain(X509 *cert, X509_STORE *store,
STACK_OF(X509) **chain);
int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen,
int options, char *pempass);
int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags,
@ -128,19 +129,10 @@ int MAIN(int argc, char **argv)
char *inrand = NULL;
char *macalg = NULL;
char *CApath = NULL, *CAfile = NULL;
# ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
# endif
apps_startup();
# ifdef OPENSSL_FIPS
if (FIPS_mode())
cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
else
# endif
cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
enc = EVP_des_ede3_cbc();
if (bio_err == NULL)
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
@ -148,6 +140,13 @@ int MAIN(int argc, char **argv)
if (!load_config(bio_err, NULL))
goto end;
# ifdef OPENSSL_FIPS
if (FIPS_mode())
cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
else
# endif
cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
args = argv + 1;
while (*args) {
@ -405,9 +404,7 @@ int MAIN(int argc, char **argv)
"-LMK Add local machine keyset attribute to private key\n");
goto end;
}
# ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
# endif
if (passarg) {
if (export_cert)
@ -594,7 +591,7 @@ int MAIN(int argc, char **argv)
vret = get_cert_chain(ucert, store, &chain2);
X509_STORE_free(store);
if (!vret) {
if (vret == X509_V_OK) {
/* Exclude verified certificate */
for (i = 1; i < sk_X509_num(chain2); i++)
sk_X509_push(certs, sk_X509_value(chain2, i));
@ -602,7 +599,7 @@ int MAIN(int argc, char **argv)
X509_free(sk_X509_value(chain2, 0));
sk_X509_free(chain2);
} else {
if (vret >= 0)
if (vret != X509_V_ERR_UNSPECIFIED)
BIO_printf(bio_err, "Error %s getting chain.\n",
X509_verify_cert_error_string(vret));
else
@ -755,6 +752,7 @@ int MAIN(int argc, char **argv)
# ifdef CRYPTO_MDEBUG
CRYPTO_remove_all_info();
# endif
release_engine(e);
BIO_free(in);
BIO_free_all(out);
if (canames)
@ -831,6 +829,7 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass,
EVP_PKEY *pkey;
PKCS8_PRIV_KEY_INFO *p8;
X509 *x509;
int ret = 0;
switch (M_PKCS12_bag_type(bag)) {
case NID_keyBag:
@ -843,7 +842,7 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass,
if (!(pkey = EVP_PKCS82PKEY(p8)))
return 0;
print_attribs(out, p8->attributes, "Key Attributes");
PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, pempass);
ret = PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, pempass);
EVP_PKEY_free(pkey);
break;
@ -863,7 +862,7 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass,
}
print_attribs(out, p8->attributes, "Key Attributes");
PKCS8_PRIV_KEY_INFO_free(p8);
PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, pempass);
ret = PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, pempass);
EVP_PKEY_free(pkey);
break;
@ -883,7 +882,7 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass,
if (!(x509 = PKCS12_certbag2x509(bag)))
return 0;
dump_cert_text(out, x509);
PEM_write_bio_X509(out, x509);
ret = PEM_write_bio_X509(out, x509);
X509_free(x509);
break;
@ -901,56 +900,99 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass,
return 1;
break;
}
return 1;
return ret;
}
/* Given a single certificate return a verified chain or NULL if error */
/* Hope this is OK .... */
int get_cert_chain(X509 *cert, X509_STORE *store, STACK_OF(X509) **chain)
static int get_cert_chain(X509 *cert, X509_STORE *store,
STACK_OF(X509) **chain)
{
X509_STORE_CTX store_ctx;
STACK_OF(X509) *chn;
STACK_OF(X509) *chn = NULL;
int i = 0;
/*
* FIXME: Should really check the return status of X509_STORE_CTX_init
* for an error, but how that fits into the return value of this function
* is less obvious.
*/
X509_STORE_CTX_init(&store_ctx, store, cert, NULL);
if (X509_verify_cert(&store_ctx) <= 0) {
i = X509_STORE_CTX_get_error(&store_ctx);
if (i == 0)
/*
* avoid returning 0 if X509_verify_cert() did not set an
* appropriate error value in the context
*/
i = -1;
chn = NULL;
goto err;
} else
if (!X509_STORE_CTX_init(&store_ctx, store, cert, NULL)) {
*chain = NULL;
return X509_V_ERR_UNSPECIFIED;
}
if (X509_verify_cert(&store_ctx) > 0)
chn = X509_STORE_CTX_get1_chain(&store_ctx);
err:
else if ((i = X509_STORE_CTX_get_error(&store_ctx)) == 0)
i = X509_V_ERR_UNSPECIFIED;
X509_STORE_CTX_cleanup(&store_ctx);
*chain = chn;
return i;
}
int alg_print(BIO *x, X509_ALGOR *alg)
{
PBEPARAM *pbe;
const unsigned char *p;
p = alg->parameter->value.sequence->data;
pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length);
if (!pbe)
return 1;
BIO_printf(bio_err, "%s, Iteration %ld\n",
OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)),
ASN1_INTEGER_get(pbe->iter));
PBEPARAM_free(pbe);
int pbenid, aparamtype;
ASN1_OBJECT *aoid;
void *aparam;
PBEPARAM *pbe = NULL;
X509_ALGOR_get0(&aoid, &aparamtype, &aparam, alg);
pbenid = OBJ_obj2nid(aoid);
BIO_printf(x, "%s", OBJ_nid2ln(pbenid));
/*
* If PBE algorithm is PBES2 decode algorithm parameters
* for additional details.
*/
if (pbenid == NID_pbes2) {
PBE2PARAM *pbe2 = NULL;
int encnid;
if (aparamtype == V_ASN1_SEQUENCE)
pbe2 = ASN1_item_unpack(aparam, ASN1_ITEM_rptr(PBE2PARAM));
if (pbe2 == NULL) {
BIO_puts(x, "<unsupported parameters>");
goto done;
}
X509_ALGOR_get0(&aoid, &aparamtype, &aparam, pbe2->keyfunc);
pbenid = OBJ_obj2nid(aoid);
X509_ALGOR_get0(&aoid, NULL, NULL, pbe2->encryption);
encnid = OBJ_obj2nid(aoid);
BIO_printf(x, ", %s, %s", OBJ_nid2ln(pbenid),
OBJ_nid2sn(encnid));
/* If KDF is PBKDF2 decode parameters */
if (pbenid == NID_id_pbkdf2) {
PBKDF2PARAM *kdf = NULL;
int prfnid;
if (aparamtype == V_ASN1_SEQUENCE)
kdf = ASN1_item_unpack(aparam, ASN1_ITEM_rptr(PBKDF2PARAM));
if (kdf == NULL) {
BIO_puts(x, "<unsupported parameters>");
goto done;
}
if (kdf->prf == NULL) {
prfnid = NID_hmacWithSHA1;
} else {
X509_ALGOR_get0(&aoid, NULL, NULL, kdf->prf);
prfnid = OBJ_obj2nid(aoid);
}
BIO_printf(x, ", Iteration %ld, PRF %s",
ASN1_INTEGER_get(kdf->iter), OBJ_nid2sn(prfnid));
PBKDF2PARAM_free(kdf);
}
PBE2PARAM_free(pbe2);
} else {
if (aparamtype == V_ASN1_SEQUENCE)
pbe = ASN1_item_unpack(aparam, ASN1_ITEM_rptr(PBEPARAM));
if (pbe == NULL) {
BIO_puts(x, "<unsupported parameters>");
goto done;
}
BIO_printf(x, ", Iteration %ld", ASN1_INTEGER_get(pbe->iter));
PBEPARAM_free(pbe);
}
done:
BIO_puts(x, "\n");
return 1;
}
@ -1065,4 +1107,6 @@ static int set_pbe(BIO *err, int *ppbe, const char *str)
return 1;
}
#else
static void *dummy = &dummy;
#endif

20
crypto/external/bsd/openssl/dist/apps/pkcs7.c vendored
View File

@ -90,9 +90,8 @@ int MAIN(int argc, char **argv)
char *infile, *outfile, *prog;
int print_certs = 0, text = 0, noout = 0, p7_print = 0;
int ret = 1;
#ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
#endif
ENGINE *e = NULL;
apps_startup();
@ -175,9 +174,7 @@ int MAIN(int argc, char **argv)
ERR_load_crypto_strings();
#ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
#endif
e = setup_engine(bio_err, engine, 0);
in = BIO_new(BIO_s_file());
out = BIO_new(BIO_s_file());
@ -235,12 +232,16 @@ int MAIN(int argc, char **argv)
i = OBJ_obj2nid(p7->type);
switch (i) {
case NID_pkcs7_signed:
certs = p7->d.sign->cert;
crls = p7->d.sign->crl;
if (p7->d.sign != NULL) {
certs = p7->d.sign->cert;
crls = p7->d.sign->crl;
}
break;
case NID_pkcs7_signedAndEnveloped:
certs = p7->d.signed_and_enveloped->cert;
crls = p7->d.signed_and_enveloped->crl;
if (p7->d.signed_and_enveloped != NULL) {
certs = p7->d.signed_and_enveloped->cert;
crls = p7->d.signed_and_enveloped->crl;
}
break;
default:
break;
@ -299,6 +300,7 @@ int MAIN(int argc, char **argv)
end:
if (p7 != NULL)
PKCS7_free(p7);
release_engine(e);
if (in != NULL)
BIO_free(in);
if (out != NULL)

15
crypto/external/bsd/openssl/dist/apps/pkcs8.c vendored
View File

@ -87,9 +87,7 @@ int MAIN(int argc, char **argv)
char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL;
int badarg = 0;
int ret = 1;
#ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
#endif
if (bio_err == NULL)
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
@ -124,6 +122,16 @@ int MAIN(int argc, char **argv)
}
} else
badarg = 1;
} else if (!strcmp(*args, "-v2prf")) {
if (args[1]) {
args++;
pbe_nid = OBJ_txt2nid(*args);
if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, pbe_nid, NULL, NULL, 0)) {
BIO_printf(bio_err, "Unknown PRF algorithm %s\n", *args);
badarg = 1;
}
} else
badarg = 1;
} else if (!strcmp(*args, "-inform")) {
if (args[1]) {
args++;
@ -213,9 +221,7 @@ int MAIN(int argc, char **argv)
#endif
goto end;
}
#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
#endif
if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
@ -381,6 +387,7 @@ int MAIN(int argc, char **argv)
X509_SIG_free(p8);
PKCS8_PRIV_KEY_INFO_free(p8inf);
EVP_PKEY_free(pkey);
release_engine(e);
BIO_free_all(out);
BIO_free(in);
if (passin)

5
crypto/external/bsd/openssl/dist/apps/pkey.c vendored
View File

@ -79,9 +79,7 @@ int MAIN(int argc, char **argv)
EVP_PKEY *pkey = NULL;
char *passin = NULL, *passout = NULL;
int badarg = 0;
#ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
#endif
int ret = 1;
if (bio_err == NULL)
@ -178,9 +176,7 @@ int MAIN(int argc, char **argv)
#endif
return 1;
}
#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
#endif
if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
@ -240,6 +236,7 @@ int MAIN(int argc, char **argv)
end:
EVP_PKEY_free(pkey);
release_engine(e);
BIO_free_all(out);
BIO_free(in);
if (passin)

8
crypto/external/bsd/openssl/dist/apps/pkeyparam.c vendored
View File

@ -74,9 +74,8 @@ int MAIN(int argc, char **argv)
int text = 0, noout = 0;
EVP_PKEY *pkey = NULL;
int badarg = 0;
#ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
#endif
ENGINE *e = NULL;
int ret = 1;
if (bio_err == NULL)
@ -134,9 +133,7 @@ int MAIN(int argc, char **argv)
#endif
return 1;
}
#ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
#endif
e = setup_engine(bio_err, engine, 0);
if (infile) {
if (!(in = BIO_new_file(infile, "r"))) {
@ -178,6 +175,7 @@ int MAIN(int argc, char **argv)
end:
EVP_PKEY_free(pkey);
release_engine(e);
BIO_free_all(out);
BIO_free(in);

121
crypto/external/bsd/openssl/dist/apps/pkeyutl.c vendored
View File

@ -73,11 +73,12 @@ static void usage(void);
#define PROG pkeyutl_main
static EVP_PKEY_CTX *init_ctx(int *pkeysize,
char *keyfile, int keyform, int key_type,
char *passargin, int pkey_op, ENGINE *e);
const char *keyfile, int keyform, int key_type,
char *passargin, int pkey_op, ENGINE *e,
int impl);
static int setup_peer(BIO *err, EVP_PKEY_CTX *ctx, int peerform,
const char *file);
const char *file, ENGINE* e);
static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op,
unsigned char *out, size_t *poutlen,
@ -97,10 +98,13 @@ int MAIN(int argc, char **argv)
EVP_PKEY_CTX *ctx = NULL;
char *passargin = NULL;
int keysize = -1;
int engine_impl = 0;
unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL;
size_t buf_outlen;
size_t buf_outlen = 0;
int buf_inlen = 0, siglen = -1;
const char *inkey = NULL;
const char *peerkey = NULL;
STACK_OF(OPENSSL_STRING) *pkeyopts = NULL;
int ret = 1, rv = -1;
@ -134,21 +138,13 @@ int MAIN(int argc, char **argv)
} else if (!strcmp(*argv, "-inkey")) {
if (--argc < 1)
badarg = 1;
else {
ctx = init_ctx(&keysize,
*(++argv), keyform, key_type,
passargin, pkey_op, e);
if (!ctx) {
BIO_puts(bio_err, "Error initializing context\n");
ERR_print_errors(bio_err);
badarg = 1;
}
}
else
inkey = *++argv;
} else if (!strcmp(*argv, "-peerkey")) {
if (--argc < 1)
badarg = 1;
else if (!setup_peer(bio_err, ctx, peerform, *(++argv)))
badarg = 1;
else
peerkey = *++argv;
} else if (!strcmp(*argv, "-passin")) {
if (--argc < 1)
badarg = 1;
@ -171,6 +167,8 @@ int MAIN(int argc, char **argv)
badarg = 1;
else
e = setup_engine(bio_err, *(++argv), 0);
} else if (!strcmp(*argv, "-engine_impl")) {
engine_impl = 1;
}
#endif
else if (!strcmp(*argv, "-pubin"))
@ -187,23 +185,21 @@ int MAIN(int argc, char **argv)
pkey_op = EVP_PKEY_OP_VERIFY;
else if (!strcmp(*argv, "-verifyrecover"))
pkey_op = EVP_PKEY_OP_VERIFYRECOVER;
else if (!strcmp(*argv, "-rev"))
rev = 1;
else if (!strcmp(*argv, "-encrypt"))
pkey_op = EVP_PKEY_OP_ENCRYPT;
else if (!strcmp(*argv, "-decrypt"))
pkey_op = EVP_PKEY_OP_DECRYPT;
else if (!strcmp(*argv, "-derive"))
pkey_op = EVP_PKEY_OP_DERIVE;
else if (!strcmp(*argv, "-rev"))
rev = 1;
else if (strcmp(*argv, "-pkeyopt") == 0) {
if (--argc < 1)
badarg = 1;
else if (!ctx) {
BIO_puts(bio_err, "-pkeyopt command before -inkey\n");
badarg = 1;
} else if (pkey_ctrl_string(ctx, *(++argv)) <= 0) {
BIO_puts(bio_err, "parameter setting error\n");
ERR_print_errors(bio_err);
else if ((pkeyopts == NULL &&
(pkeyopts = sk_OPENSSL_STRING_new_null()) == NULL) ||
sk_OPENSSL_STRING_push(pkeyopts, *++argv) == 0) {
BIO_puts(bio_err, "out of memory\n");
goto end;
}
} else
@ -216,10 +212,37 @@ int MAIN(int argc, char **argv)
argv++;
}
if (!ctx) {
if (inkey == NULL ||
(peerkey != NULL && pkey_op != EVP_PKEY_OP_DERIVE)) {
usage();
goto end;
}
ctx = init_ctx(&keysize, inkey, keyform, key_type,
passargin, pkey_op, e, engine_impl);
if (!ctx) {
BIO_puts(bio_err, "Error initializing context\n");
ERR_print_errors(bio_err);
goto end;
}
if (peerkey != NULL && !setup_peer(bio_err, ctx, peerform, peerkey, e)) {
BIO_puts(bio_err, "Error setting up peer key\n");
ERR_print_errors(bio_err);
goto end;
}
if (pkeyopts != NULL) {
int num = sk_OPENSSL_STRING_num(pkeyopts);
int i;
for (i = 0; i < num; ++i) {
const char *opt = sk_OPENSSL_STRING_value(pkeyopts, i);
if (pkey_ctrl_string(ctx, opt) <= 0) {
BIO_puts(bio_err, "parameter setting error\n");
ERR_print_errors(bio_err);
goto end;
}
}
}
if (sigfile && (pkey_op != EVP_PKEY_OP_VERIFY)) {
BIO_puts(bio_err, "Signature file specified for non verify\n");
@ -269,7 +292,7 @@ int MAIN(int argc, char **argv)
}
siglen = bio_to_mem(&sig, keysize * 10, sigbio);
BIO_free(sigbio);
if (siglen <= 0) {
if (siglen < 0) {
BIO_printf(bio_err, "Error reading signature data\n");
goto end;
}
@ -278,7 +301,7 @@ int MAIN(int argc, char **argv)
if (in) {
/* Read the input data */
buf_inlen = bio_to_mem(&buf_in, keysize * 10, in);
if (buf_inlen <= 0) {
if (buf_inlen < 0) {
BIO_printf(bio_err, "Error reading input Data\n");
exit(1);
}
@ -306,7 +329,7 @@ int MAIN(int argc, char **argv)
} else {
rv = do_keyop(ctx, pkey_op, NULL, (size_t *)&buf_outlen,
buf_in, (size_t)buf_inlen);
if (rv > 0) {
if (rv > 0 && buf_outlen != 0) {
buf_out = OPENSSL_malloc(buf_outlen);
if (!buf_out)
rv = -1;
@ -334,14 +357,17 @@ int MAIN(int argc, char **argv)
end:
if (ctx)
EVP_PKEY_CTX_free(ctx);
release_engine(e);
BIO_free(in);
BIO_free_all(out);
if (buf_in)
if (buf_in != NULL)
OPENSSL_free(buf_in);
if (buf_out)
if (buf_out != NULL)
OPENSSL_free(buf_out);
if (sig)
if (sig != NULL)
OPENSSL_free(sig);
if (pkeyopts != NULL)
sk_OPENSSL_STRING_free(pkeyopts);
return ret;
}
@ -368,18 +394,21 @@ static void usage()
BIO_printf(bio_err, "-hexdump hex dump output\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err,
"-engine e use engine e, possibly a hardware device.\n");
"-engine e use engine e, maybe a hardware device, for loading keys.\n");
BIO_printf(bio_err, "-engine_impl also use engine given by -engine for crypto operations\n");
#endif
BIO_printf(bio_err, "-passin arg pass phrase source\n");
}
static EVP_PKEY_CTX *init_ctx(int *pkeysize,
char *keyfile, int keyform, int key_type,
char *passargin, int pkey_op, ENGINE *e)
const char *keyfile, int keyform, int key_type,
char *passargin, int pkey_op, ENGINE *e,
int engine_impl)
{
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *ctx = NULL;
ENGINE *impl = NULL;
char *passin = NULL;
int rv = -1;
X509 *x;
@ -418,9 +447,14 @@ static EVP_PKEY_CTX *init_ctx(int *pkeysize,
if (!pkey)
goto end;
ctx = EVP_PKEY_CTX_new(pkey, e);
#ifndef OPENSSL_NO_ENGINE
if (engine_impl)
impl = e;
#endif
ctx = EVP_PKEY_CTX_new(pkey, impl);
EVP_PKEY_free(pkey);
if (!ctx)
@ -467,16 +501,15 @@ static EVP_PKEY_CTX *init_ctx(int *pkeysize,
}
static int setup_peer(BIO *err, EVP_PKEY_CTX *ctx, int peerform,
const char *file)
const char *file, ENGINE* e)
{
EVP_PKEY *peer = NULL;
ENGINE* engine = NULL;
int ret;
if (!ctx) {
BIO_puts(err, "-peerkey command before -inkey\n");
return 0;
}
peer = load_pubkey(bio_err, file, peerform, 0, NULL, NULL, "Peer Key");
if (peerform == FORMAT_ENGINE)
engine = e;
peer = load_pubkey(bio_err, file, peerform, 0, NULL, engine, "Peer Key");
if (!peer) {
BIO_printf(bio_err, "Error reading peer key %s\n", file);

12
crypto/external/bsd/openssl/dist/apps/prime.c vendored
View File

@ -128,16 +128,24 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_out, "%s\n", s);
OPENSSL_free(s);
} else {
int r;
if (hex)
BN_hex2bn(&bn, argv[0]);
r = BN_hex2bn(&bn, argv[0]);
else
BN_dec2bn(&bn, argv[0]);
r = BN_dec2bn(&bn, argv[0]);
if(!r) {
BIO_printf(bio_err, "Failed to process value (%s)\n", argv[0]);
goto end;
}
BN_print(bio_out, bn);
BIO_printf(bio_out, " is %sprime\n",
BN_is_prime_ex(bn, checks, NULL, NULL) ? "" : "not ");
}
end:
BN_free(bn);
BIO_free_all(bio_out);

8
crypto/external/bsd/openssl/dist/apps/rand.c vendored
View File

@ -86,9 +86,8 @@ int MAIN(int argc, char **argv)
int hex = 0;
BIO *out = NULL;
int num = -1;
#ifndef OPENSSL_NO_ENGINE
ENGINE *e = NULL;
char *engine = NULL;
#endif
apps_startup();
@ -162,9 +161,7 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "-hex - hex encode output\n");
goto err;
}
#ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
#endif
e = setup_engine(bio_err, engine, 0);
app_RAND_load_file(NULL, bio_err, (inrand != NULL));
if (inrand != NULL)
@ -222,6 +219,7 @@ int MAIN(int argc, char **argv)
err:
ERR_print_errors(bio_err);
release_engine(e);
if (out)
BIO_free_all(out);
apps_shutdown();

23
crypto/external/bsd/openssl/dist/apps/req.c vendored
View File

@ -101,8 +101,8 @@
#define STRING_MASK "string_mask"
#define UTF8_IN "utf8"
#define DEFAULT_KEY_LENGTH 512
#define MIN_KEY_LENGTH 384
#define DEFAULT_KEY_LENGTH 2048
#define MIN_KEY_LENGTH 512
#undef PROG
#define PROG req_main
@ -179,9 +179,7 @@ int MAIN(int argc, char **argv)
int nodes = 0, kludge = 0, newhdr = 0, subject = 0, pubkey = 0;
char *infile, *outfile, *prog, *keyfile = NULL, *template =
NULL, *keyout = NULL;
#ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
#endif
char *extensions = NULL;
char *req_exts = NULL;
const EVP_CIPHER *cipher = NULL;
@ -332,9 +330,10 @@ int MAIN(int argc, char **argv)
subject = 1;
else if (strcmp(*argv, "-text") == 0)
text = 1;
else if (strcmp(*argv, "-x509") == 0)
else if (strcmp(*argv, "-x509") == 0) {
newreq = 1;
x509 = 1;
else if (strcmp(*argv, "-asn1-kludge") == 0)
} else if (strcmp(*argv, "-asn1-kludge") == 0)
kludge = 1;
else if (strcmp(*argv, "-no-asn1-kludge") == 0)
kludge = 0;
@ -594,9 +593,7 @@ int MAIN(int argc, char **argv)
if ((in == NULL) || (out == NULL))
goto end;
#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
#endif
if (keyfile != NULL) {
pkey = load_key(bio_err, keyfile, keyform, 0, passin, e,
@ -756,7 +753,7 @@ int MAIN(int argc, char **argv)
}
}
if (newreq || x509) {
if (newreq) {
if (pkey == NULL) {
BIO_printf(bio_err, "you need to specify a private key\n");
goto end;
@ -1039,6 +1036,7 @@ int MAIN(int argc, char **argv)
X509_REQ_free(req);
X509_free(x509ss);
ASN1_INTEGER_free(serial);
release_engine(e);
if (passargin && passin)
OPENSSL_free(passin);
if (passargout && passout)
@ -1331,12 +1329,11 @@ static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk,
break;
}
#ifndef CHARSET_EBCDIC
if (*p == '+')
if (*type == '+') {
#else
if (*p == os_toascii['+'])
if (*type == os_toascii['+']) {
#endif
{
p++;
type++;
mval = -1;
} else
mval = 0;

5
crypto/external/bsd/openssl/dist/apps/rsa.c vendored
View File

@ -111,9 +111,7 @@ int MAIN(int argc, char **argv)
char *infile, *outfile, *prog;
char *passargin = NULL, *passargout = NULL;
char *passin = NULL, *passout = NULL;
# ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
# endif
int modulus = 0;
int pvk_encr = 2;
@ -254,9 +252,7 @@ int MAIN(int argc, char **argv)
ERR_load_crypto_strings();
# ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
# endif
if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
@ -419,6 +415,7 @@ int MAIN(int argc, char **argv)
} else
ret = 0;
end:
release_engine(e);
if (out != NULL)
BIO_free_all(out);
if (rsa != NULL)

11
crypto/external/bsd/openssl/dist/apps/rsautl.c vendored
View File

@ -88,9 +88,7 @@ int MAIN(int argc, char **argv)
ENGINE *e = NULL;
BIO *in = NULL, *out = NULL;
char *infile = NULL, *outfile = NULL;
# ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
# endif
char *keyfile = NULL;
char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY;
int keyform = FORMAT_PEM;
@ -195,9 +193,7 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "A private key is needed for this operation\n");
goto end;
}
# ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
# endif
if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
@ -250,7 +246,7 @@ int MAIN(int argc, char **argv)
if (outfile) {
if (!(out = BIO_new_file(outfile, "wb"))) {
BIO_printf(bio_err, "Error Reading Output File\n");
BIO_printf(bio_err, "Error Writing Output File\n");
ERR_print_errors(bio_err);
goto end;
}
@ -276,7 +272,7 @@ int MAIN(int argc, char **argv)
/* Read the input data */
rsa_inlen = BIO_read(in, rsa_in, keysize * 2);
if (rsa_inlen <= 0) {
if (rsa_inlen < 0) {
BIO_printf(bio_err, "Error reading input Data\n");
exit(1);
}
@ -311,7 +307,7 @@ int MAIN(int argc, char **argv)
}
if (rsa_outlen <= 0) {
if (rsa_outlen < 0) {
BIO_printf(bio_err, "RSA operation error\n");
ERR_print_errors(bio_err);
goto end;
@ -327,6 +323,7 @@ int MAIN(int argc, char **argv)
BIO_write(out, rsa_out, rsa_outlen);
end:
RSA_free(rsa);
release_engine(e);
BIO_free(in);
BIO_free_all(out);
if (rsa_in)

34
crypto/external/bsd/openssl/dist/apps/s_apps.h vendored
View File

@ -152,15 +152,21 @@ typedef fd_mask fd_set;
#define PROTOCOL "tcp"
int do_server(int port, int type, int *ret,
int (*cb) (char *hostname, int s, unsigned char *context),
unsigned char *context);
int (*cb) (char *hostname, int s, int stype,
unsigned char *context), unsigned char *context,
int naccept);
#ifdef HEADER_X509_H
int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
#endif
#ifdef HEADER_SSL_H
int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);
int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,
STACK_OF(X509) *chain, int build_chain);
int ssl_print_sigalgs(BIO *out, SSL *s);
int ssl_print_point_formats(BIO *out, SSL *s);
int ssl_print_curves(BIO *out, SSL *s, int noshared);
#endif
int ssl_print_tmp_key(BIO *out, SSL *s);
int init_client(int *sock, char *server, int port, int type);
int should_retry(int i);
int extract_port(char *str, short *port_ptr);
@ -182,3 +188,25 @@ int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie,
unsigned int *cookie_len);
int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie,
unsigned int cookie_len);
typedef struct ssl_excert_st SSL_EXCERT;
void ssl_ctx_set_excert(SSL_CTX *ctx, SSL_EXCERT *exc);
void ssl_excert_free(SSL_EXCERT *exc);
int args_excert(char ***pargs, int *pargc,
int *badarg, BIO *err, SSL_EXCERT **pexc);
int load_excert(SSL_EXCERT **pexc, BIO *err);
void print_ssl_summary(BIO *bio, SSL *s);
#ifdef HEADER_SSL_H
int args_ssl(char ***pargs, int *pargc, SSL_CONF_CTX *cctx,
int *badarg, BIO *err, STACK_OF(OPENSSL_STRING) **pstr,
int *no_prot_opt);
int args_ssl_call(SSL_CTX *ctx, BIO *err, SSL_CONF_CTX *cctx,
STACK_OF(OPENSSL_STRING) *str, int no_ecdhe, int no_jpake);
int ssl_ctx_add_crls(SSL_CTX *ctx, STACK_OF(X509_CRL) *crls,
int crl_download);
int ssl_load_stores(SSL_CTX *ctx, const char *vfyCApath,
const char *vfyCAfile, const char *chCApath,
const char *chCAfile, STACK_OF(X509_CRL) *crls,
int crl_download);
#endif

808
crypto/external/bsd/openssl/dist/apps/s_cb.c vendored
View File

@ -111,7 +111,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h> /* for memcpy() */
#include <string.h> /* for memcpy() and strcmp() */
#define USE_SOCKETS
#define NON_MAIN
#include "apps.h"
@ -126,6 +126,7 @@
#define COOKIE_SECRET_LENGTH 16
int verify_depth = 0;
int verify_quiet = 0;
int verify_error = X509_V_OK;
int verify_return_error = 0;
unsigned char cookie_secret[COOKIE_SECRET_LENGTH];
@ -140,13 +141,16 @@ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
err = X509_STORE_CTX_get_error(ctx);
depth = X509_STORE_CTX_get_error_depth(ctx);
BIO_printf(bio_err, "depth=%d ", depth);
if (err_cert) {
X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert),
0, XN_FLAG_ONELINE);
BIO_puts(bio_err, "\n");
} else
BIO_puts(bio_err, "<no cert>\n");
if (!verify_quiet || !ok) {
BIO_printf(bio_err, "depth=%d ", depth);
if (err_cert) {
X509_NAME_print_ex(bio_err,
X509_get_subject_name(err_cert),
0, XN_FLAG_ONELINE);
BIO_puts(bio_err, "\n");
} else
BIO_puts(bio_err, "<no cert>\n");
}
if (!ok) {
BIO_printf(bio_err, "verify error:num=%d:%s\n", err,
X509_verify_cert_error_string(err));
@ -179,13 +183,14 @@ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
BIO_printf(bio_err, "\n");
break;
case X509_V_ERR_NO_EXPLICIT_POLICY:
policies_print(bio_err, ctx);
if (!verify_quiet)
policies_print(bio_err, ctx);
break;
}
if (err == X509_V_OK && ok == 2)
if (err == X509_V_OK && ok == 2 && !verify_quiet)
policies_print(bio_err, ctx);
BIO_printf(bio_err, "verify return:%d\n", ok);
if (ok && !verify_quiet)
BIO_printf(bio_err, "verify return:%d\n", ok);
return (ok);
}
@ -246,8 +251,10 @@ int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file)
return (1);
}
int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key)
int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,
STACK_OF(X509) *chain, int build_chain)
{
int chflags = chain ? SSL_BUILD_CHAIN_FLAG_CHECK : 0;
if (cert == NULL)
return 1;
if (SSL_CTX_use_certificate(ctx, cert) <= 0) {
@ -255,6 +262,7 @@ int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key)
ERR_print_errors(bio_err);
return 0;
}
if (SSL_CTX_use_PrivateKey(ctx, key) <= 0) {
BIO_printf(bio_err, "error setting private key\n");
ERR_print_errors(bio_err);
@ -269,6 +277,263 @@ int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key)
"Private key does not match the certificate public key\n");
return 0;
}
if (chain && !SSL_CTX_set1_chain(ctx, chain)) {
BIO_printf(bio_err, "error setting certificate chain\n");
ERR_print_errors(bio_err);
return 0;
}
if (build_chain && !SSL_CTX_build_cert_chain(ctx, chflags)) {
BIO_printf(bio_err, "error building certificate chain\n");
ERR_print_errors(bio_err);
return 0;
}
return 1;
}
static void ssl_print_client_cert_types(BIO *bio, SSL *s)
{
const unsigned char *p;
int i;
int cert_type_num = SSL_get0_certificate_types(s, &p);
if (!cert_type_num)
return;
BIO_puts(bio, "Client Certificate Types: ");
for (i = 0; i < cert_type_num; i++) {
unsigned char cert_type = p[i];
char *cname;
switch (cert_type) {
case TLS_CT_RSA_SIGN:
cname = "RSA sign";
break;
case TLS_CT_DSS_SIGN:
cname = "DSA sign";
break;
case TLS_CT_RSA_FIXED_DH:
cname = "RSA fixed DH";
break;
case TLS_CT_DSS_FIXED_DH:
cname = "DSS fixed DH";
break;
case TLS_CT_ECDSA_SIGN:
cname = "ECDSA sign";
break;
case TLS_CT_RSA_FIXED_ECDH:
cname = "RSA fixed ECDH";
break;
case TLS_CT_ECDSA_FIXED_ECDH:
cname = "ECDSA fixed ECDH";
break;
case TLS_CT_GOST94_SIGN:
cname = "GOST94 Sign";
break;
case TLS_CT_GOST01_SIGN:
cname = "GOST01 Sign";
break;
default:
cname = NULL;
}
if (i)
BIO_puts(bio, ", ");
if (cname)
BIO_puts(bio, cname);
else
BIO_printf(bio, "UNKNOWN (%d),", cert_type);
}
BIO_puts(bio, "\n");
}
static int do_print_sigalgs(BIO *out, SSL *s, int shared)
{
int i, nsig, client;
client = SSL_is_server(s) ? 0 : 1;
if (shared)
nsig = SSL_get_shared_sigalgs(s, -1, NULL, NULL, NULL, NULL, NULL);
else
nsig = SSL_get_sigalgs(s, -1, NULL, NULL, NULL, NULL, NULL);
if (nsig == 0)
return 1;
if (shared)
BIO_puts(out, "Shared ");
if (client)
BIO_puts(out, "Requested ");
BIO_puts(out, "Signature Algorithms: ");
for (i = 0; i < nsig; i++) {
int hash_nid, sign_nid;
unsigned char rhash, rsign;
const char *sstr = NULL;
if (shared)
SSL_get_shared_sigalgs(s, i, &sign_nid, &hash_nid, NULL,
&rsign, &rhash);
else
SSL_get_sigalgs(s, i, &sign_nid, &hash_nid, NULL, &rsign, &rhash);
if (i)
BIO_puts(out, ":");
if (sign_nid == EVP_PKEY_RSA)
sstr = "RSA";
else if (sign_nid == EVP_PKEY_DSA)
sstr = "DSA";
else if (sign_nid == EVP_PKEY_EC)
sstr = "ECDSA";
if (sstr)
BIO_printf(out, "%s+", sstr);
else
BIO_printf(out, "0x%02X+", (int)rsign);
if (hash_nid != NID_undef)
BIO_printf(out, "%s", OBJ_nid2sn(hash_nid));
else
BIO_printf(out, "0x%02X", (int)rhash);
}
BIO_puts(out, "\n");
return 1;
}
int ssl_print_sigalgs(BIO *out, SSL *s)
{
int mdnid;
if (!SSL_is_server(s))
ssl_print_client_cert_types(out, s);
do_print_sigalgs(out, s, 0);
do_print_sigalgs(out, s, 1);
if (SSL_get_peer_signature_nid(s, &mdnid))
BIO_printf(out, "Peer signing digest: %s\n", OBJ_nid2sn(mdnid));
return 1;
}
#ifndef OPENSSL_NO_EC
int ssl_print_point_formats(BIO *out, SSL *s)
{
int i, nformats;
const char *pformats;
nformats = SSL_get0_ec_point_formats(s, &pformats);
if (nformats <= 0)
return 1;
BIO_puts(out, "Supported Elliptic Curve Point Formats: ");
for (i = 0; i < nformats; i++, pformats++) {
if (i)
BIO_puts(out, ":");
switch (*pformats) {
case TLSEXT_ECPOINTFORMAT_uncompressed:
BIO_puts(out, "uncompressed");
break;
case TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime:
BIO_puts(out, "ansiX962_compressed_prime");
break;
case TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2:
BIO_puts(out, "ansiX962_compressed_char2");
break;
default:
BIO_printf(out, "unknown(%d)", (int)*pformats);
break;
}
}
if (nformats <= 0)
BIO_puts(out, "NONE");
BIO_puts(out, "\n");
return 1;
}
int ssl_print_curves(BIO *out, SSL *s, int noshared)
{
int i, ncurves, *curves, nid;
const char *cname;
ncurves = SSL_get1_curves(s, NULL);
if (ncurves <= 0)
return 1;
curves = OPENSSL_malloc(ncurves * sizeof(int));
if (!curves) {
BIO_puts(out, "Malloc error getting supported curves\n");
return 0;
}
SSL_get1_curves(s, curves);
BIO_puts(out, "Supported Elliptic Curves: ");
for (i = 0; i < ncurves; i++) {
if (i)
BIO_puts(out, ":");
nid = curves[i];
/* If unrecognised print out hex version */
if (nid & TLSEXT_nid_unknown)
BIO_printf(out, "0x%04X", nid & 0xFFFF);
else {
/* Use NIST name for curve if it exists */
cname = EC_curve_nid2nist(nid);
if (!cname)
cname = OBJ_nid2sn(nid);
BIO_printf(out, "%s", cname);
}
}
if (ncurves == 0)
BIO_puts(out, "NONE");
OPENSSL_free(curves);
if (noshared) {
BIO_puts(out, "\n");
return 1;
}
BIO_puts(out, "\nShared Elliptic curves: ");
ncurves = SSL_get_shared_curve(s, -1);
for (i = 0; i < ncurves; i++) {
if (i)
BIO_puts(out, ":");
nid = SSL_get_shared_curve(s, i);
cname = EC_curve_nid2nist(nid);
if (!cname)
cname = OBJ_nid2sn(nid);
BIO_printf(out, "%s", cname);
}
if (ncurves == 0)
BIO_puts(out, "NONE");
BIO_puts(out, "\n");
return 1;
}
#endif
int ssl_print_tmp_key(BIO *out, SSL *s)
{
EVP_PKEY *key;
if (!SSL_get_server_tmp_key(s, &key))
return 1;
BIO_puts(out, "Server Temp Key: ");
switch (EVP_PKEY_id(key)) {
case EVP_PKEY_RSA:
BIO_printf(out, "RSA, %d bits\n", EVP_PKEY_bits(key));
break;
case EVP_PKEY_DH:
BIO_printf(out, "DH, %d bits\n", EVP_PKEY_bits(key));
break;
#ifndef OPENSSL_NO_ECDH
case EVP_PKEY_EC:
{
EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
int nid;
const char *cname;
nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
EC_KEY_free(ec);
cname = EC_curve_nid2nist(nid);
if (!cname)
cname = OBJ_nid2sn(nid);
BIO_printf(out, "ECDH, %s, %d bits\n", cname, EVP_PKEY_bits(key));
}
#endif
}
EVP_PKEY_free(key);
return 1;
}
@ -283,12 +548,12 @@ long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
if (cmd == (BIO_CB_READ | BIO_CB_RETURN)) {
BIO_printf(out, "read from %p [%p] (%lu bytes => %ld (0x%lX))\n",
(void *)bio, argp, (unsigned long)argi, ret, ret);
(void *)bio, (void *)argp, (unsigned long)argi, ret, ret);
BIO_dump(out, argp, (int)ret);
return (ret);
} else if (cmd == (BIO_CB_WRITE | BIO_CB_RETURN)) {
BIO_printf(out, "write to %p [%p] (%lu bytes => %ld (0x%lX))\n",
(void *)bio, argp, (unsigned long)argi, ret, ret);
(void *)bio, (void *)argp, (unsigned long)argi, ret, ret);
BIO_dump(out, argp, (int)ret);
}
return (ret);
@ -716,6 +981,11 @@ void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type,
extname = "next protocol";
break;
#endif
#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
case TLSEXT_TYPE_application_layer_protocol_negotiation:
extname = "application layer protocol negotiation";
break;
#endif
case TLSEXT_TYPE_padding:
extname = "TLS padding";
@ -884,3 +1154,511 @@ int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie,
return 0;
}
/*
* Example of extended certificate handling. Where the standard support of
* one certificate per algorithm is not sufficient an application can decide
* which certificate(s) to use at runtime based on whatever criteria it deems
* appropriate.
*/
/* Linked list of certificates, keys and chains */
struct ssl_excert_st {
int certform;
const char *certfile;
int keyform;
const char *keyfile;
const char *chainfile;
X509 *cert;
EVP_PKEY *key;
STACK_OF(X509) *chain;
int build_chain;
struct ssl_excert_st *next, *prev;
};
struct chain_flags {
int flag;
const char *name;
};
struct chain_flags chain_flags_list[] = {
{CERT_PKEY_VALID, "Overall Validity"},
{CERT_PKEY_SIGN, "Sign with EE key"},
{CERT_PKEY_EE_SIGNATURE, "EE signature"},
{CERT_PKEY_CA_SIGNATURE, "CA signature"},
{CERT_PKEY_EE_PARAM, "EE key parameters"},
{CERT_PKEY_CA_PARAM, "CA key parameters"},
{CERT_PKEY_EXPLICIT_SIGN, "Explicity sign with EE key"},
{CERT_PKEY_ISSUER_NAME, "Issuer Name"},
{CERT_PKEY_CERT_TYPE, "Certificate Type"},
{0, NULL}
};
static void print_chain_flags(BIO *out, SSL *s, int flags)
{
struct chain_flags *ctmp = chain_flags_list;
while (ctmp->name) {
BIO_printf(out, "\t%s: %s\n", ctmp->name,
flags & ctmp->flag ? "OK" : "NOT OK");
ctmp++;
}
BIO_printf(out, "\tSuite B: ");
if (SSL_set_cert_flags(s, 0) & SSL_CERT_FLAG_SUITEB_128_LOS)
BIO_puts(out, flags & CERT_PKEY_SUITEB ? "OK\n" : "NOT OK\n");
else
BIO_printf(out, "not tested\n");
}
/*
* Very basic selection callback: just use any certificate chain reported as
* valid. More sophisticated could prioritise according to local policy.
*/
static int set_cert_cb(SSL *ssl, void *arg)
{
int i, rv;
SSL_EXCERT *exc = arg;
#ifdef CERT_CB_TEST_RETRY
static int retry_cnt;
if (retry_cnt < 5) {
retry_cnt++;
fprintf(stderr, "Certificate callback retry test: count %d\n",
retry_cnt);
return -1;
}
#endif
SSL_certs_clear(ssl);
if (!exc)
return 1;
/*
* Go to end of list and traverse backwards since we prepend newer
* entries this retains the original order.
*/
while (exc->next)
exc = exc->next;
i = 0;
while (exc) {
i++;
rv = SSL_check_chain(ssl, exc->cert, exc->key, exc->chain);
BIO_printf(bio_err, "Checking cert chain %d:\nSubject: ", i);
X509_NAME_print_ex(bio_err, X509_get_subject_name(exc->cert), 0,
XN_FLAG_ONELINE);
BIO_puts(bio_err, "\n");
print_chain_flags(bio_err, ssl, rv);
if (rv & CERT_PKEY_VALID) {
SSL_use_certificate(ssl, exc->cert);
SSL_use_PrivateKey(ssl, exc->key);
/*
* NB: we wouldn't normally do this as it is not efficient
* building chains on each connection better to cache the chain
* in advance.
*/
if (exc->build_chain) {
if (!SSL_build_cert_chain(ssl, 0))
return 0;
} else if (exc->chain)
SSL_set1_chain(ssl, exc->chain);
}
exc = exc->prev;
}
return 1;
}
void ssl_ctx_set_excert(SSL_CTX *ctx, SSL_EXCERT *exc)
{
SSL_CTX_set_cert_cb(ctx, set_cert_cb, exc);
}
static int ssl_excert_prepend(SSL_EXCERT **pexc)
{
SSL_EXCERT *exc;
exc = OPENSSL_malloc(sizeof(SSL_EXCERT));
if (!exc)
return 0;
exc->certfile = NULL;
exc->keyfile = NULL;
exc->chainfile = NULL;
exc->cert = NULL;
exc->key = NULL;
exc->chain = NULL;
exc->prev = NULL;
exc->build_chain = 0;
exc->next = *pexc;
*pexc = exc;
if (exc->next) {
exc->certform = exc->next->certform;
exc->keyform = exc->next->keyform;
exc->next->prev = exc;
} else {
exc->certform = FORMAT_PEM;
exc->keyform = FORMAT_PEM;
}
return 1;
}
void ssl_excert_free(SSL_EXCERT *exc)
{
SSL_EXCERT *curr;
while (exc) {
if (exc->cert)
X509_free(exc->cert);
if (exc->key)
EVP_PKEY_free(exc->key);
if (exc->chain)
sk_X509_pop_free(exc->chain, X509_free);
curr = exc;
exc = exc->next;
OPENSSL_free(curr);
}
}
int load_excert(SSL_EXCERT **pexc, BIO *err)
{
SSL_EXCERT *exc = *pexc;
if (!exc)
return 1;
/* If nothing in list, free and set to NULL */
if (!exc->certfile && !exc->next) {
ssl_excert_free(exc);
*pexc = NULL;
return 1;
}
for (; exc; exc = exc->next) {
if (!exc->certfile) {
BIO_printf(err, "Missing filename\n");
return 0;
}
exc->cert = load_cert(err, exc->certfile, exc->certform,
NULL, NULL, "Server Certificate");
if (!exc->cert)
return 0;
if (exc->keyfile) {
exc->key = load_key(err, exc->keyfile, exc->keyform,
0, NULL, NULL, "Server Key");
} else {
exc->key = load_key(err, exc->certfile, exc->certform,
0, NULL, NULL, "Server Key");
}
if (!exc->key)
return 0;
if (exc->chainfile) {
exc->chain = load_certs(err,
exc->chainfile, FORMAT_PEM,
NULL, NULL, "Server Chain");
if (!exc->chain)
return 0;
}
}
return 1;
}
int args_excert(char ***pargs, int *pargc,
int *badarg, BIO *err, SSL_EXCERT **pexc)
{
char *arg = **pargs, *argn = (*pargs)[1];
SSL_EXCERT *exc = *pexc;
int narg = 2;
if (!exc) {
if (ssl_excert_prepend(&exc))
*pexc = exc;
else {
BIO_printf(err, "Error initialising xcert\n");
*badarg = 1;
goto err;
}
}
if (strcmp(arg, "-xcert") == 0) {
if (!argn) {
*badarg = 1;
return 1;
}
if (exc->certfile && !ssl_excert_prepend(&exc)) {
BIO_printf(err, "Error adding xcert\n");
*badarg = 1;
goto err;
}
exc->certfile = argn;
} else if (strcmp(arg, "-xkey") == 0) {
if (!argn) {
*badarg = 1;
return 1;
}
if (exc->keyfile) {
BIO_printf(err, "Key already specified\n");
*badarg = 1;
return 1;
}
exc->keyfile = argn;
} else if (strcmp(arg, "-xchain") == 0) {
if (!argn) {
*badarg = 1;
return 1;
}
if (exc->chainfile) {
BIO_printf(err, "Chain already specified\n");
*badarg = 1;
return 1;
}
exc->chainfile = argn;
} else if (strcmp(arg, "-xchain_build") == 0) {
narg = 1;
exc->build_chain = 1;
} else if (strcmp(arg, "-xcertform") == 0) {
if (!argn) {
*badarg = 1;
goto err;
}
exc->certform = str2fmt(argn);
} else if (strcmp(arg, "-xkeyform") == 0) {
if (!argn) {
*badarg = 1;
goto err;
}
exc->keyform = str2fmt(argn);
} else
return 0;
(*pargs) += narg;
if (pargc)
*pargc -= narg;
*pexc = exc;
return 1;
err:
ERR_print_errors(err);
ssl_excert_free(exc);
*pexc = NULL;
return 1;
}
static void print_raw_cipherlist(BIO *bio, SSL *s)
{
const unsigned char *rlist;
static const unsigned char scsv_id[] = { 0, 0, 0xFF };
size_t i, rlistlen, num;
if (!SSL_is_server(s))
return;
num = SSL_get0_raw_cipherlist(s, NULL);
rlistlen = SSL_get0_raw_cipherlist(s, &rlist);
BIO_puts(bio, "Client cipher list: ");
for (i = 0; i < rlistlen; i += num, rlist += num) {
const SSL_CIPHER *c = SSL_CIPHER_find(s, rlist);
if (i)
BIO_puts(bio, ":");
if (c)
BIO_puts(bio, SSL_CIPHER_get_name(c));
else if (!memcmp(rlist, scsv_id - num + 3, num))
BIO_puts(bio, "SCSV");
else {
size_t j;
BIO_puts(bio, "0x");
for (j = 0; j < num; j++)
BIO_printf(bio, "%02X", rlist[j]);
}
}
BIO_puts(bio, "\n");
}
void print_ssl_summary(BIO *bio, SSL *s)
{
const SSL_CIPHER *c;
X509 *peer;
/*
* const char *pnam = SSL_is_server(s) ? "client" : "server";
*/
BIO_printf(bio, "Protocol version: %s\n", SSL_get_version(s));
print_raw_cipherlist(bio, s);
c = SSL_get_current_cipher(s);
BIO_printf(bio, "Ciphersuite: %s\n", SSL_CIPHER_get_name(c));
do_print_sigalgs(bio, s, 0);
peer = SSL_get_peer_certificate(s);
if (peer) {
int nid;
BIO_puts(bio, "Peer certificate: ");
X509_NAME_print_ex(bio, X509_get_subject_name(peer),
0, XN_FLAG_ONELINE);
BIO_puts(bio, "\n");
if (SSL_get_peer_signature_nid(s, &nid))
BIO_printf(bio, "Hash used: %s\n", OBJ_nid2sn(nid));
} else
BIO_puts(bio, "No peer certificate\n");
if (peer)
X509_free(peer);
#ifndef OPENSSL_NO_EC
ssl_print_point_formats(bio, s);
if (SSL_is_server(s))
ssl_print_curves(bio, s, 1);
else
ssl_print_tmp_key(bio, s);
#else
if (!SSL_is_server(s))
ssl_print_tmp_key(bio, s);
#endif
}
int args_ssl(char ***pargs, int *pargc, SSL_CONF_CTX *cctx,
int *badarg, BIO *err, STACK_OF(OPENSSL_STRING) **pstr,
int *no_prot_opt)
{
char *arg = **pargs, *argn = (*pargs)[1];
int rv;
if (strcmp(arg, "-no_ssl2") == 0 || strcmp(arg, "-no_ssl3") == 0
|| strcmp(arg, "-no_tls1") == 0 || strcmp(arg, "-no_tls1_1") == 0
|| strcmp(arg, "-no_tls1_2") == 0) {
*no_prot_opt = 1;
}
/* Attempt to run SSL configuration command */
rv = SSL_CONF_cmd_argv(cctx, pargc, pargs);
/* If parameter not recognised just return */
if (rv == 0)
return 0;
/* see if missing argument error */
if (rv == -3) {
BIO_printf(err, "%s needs an argument\n", arg);
*badarg = 1;
goto end;
}
/* Check for some other error */
if (rv < 0) {
BIO_printf(err, "Error with command: \"%s %s\"\n",
arg, argn ? argn : "");
*badarg = 1;
goto end;
}
/* Store command and argument */
/* If only one argument processed store value as NULL */
if (rv == 1)
argn = NULL;
if (!*pstr)
*pstr = sk_OPENSSL_STRING_new_null();
if (!*pstr || !sk_OPENSSL_STRING_push(*pstr, arg) ||
!sk_OPENSSL_STRING_push(*pstr, argn)) {
BIO_puts(err, "Memory allocation failure\n");
goto end;
}
end:
if (*badarg)
ERR_print_errors(err);
return 1;
}
int args_ssl_call(SSL_CTX *ctx, BIO *err, SSL_CONF_CTX *cctx,
STACK_OF(OPENSSL_STRING) *str, int no_ecdhe, int no_jpake)
{
int i;
SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
for (i = 0; i < sk_OPENSSL_STRING_num(str); i += 2) {
const char *param = sk_OPENSSL_STRING_value(str, i);
const char *value = sk_OPENSSL_STRING_value(str, i + 1);
/*
* If no_ecdhe or named curve already specified don't need a default.
*/
if (!no_ecdhe && !strcmp(param, "-named_curve"))
no_ecdhe = 1;
#ifndef OPENSSL_NO_JPAKE
if (!no_jpake && !strcmp(param, "-cipher")) {
BIO_puts(err, "JPAKE sets cipher to PSK\n");
return 0;
}
#endif
if (SSL_CONF_cmd(cctx, param, value) <= 0) {
BIO_printf(err, "Error with command: \"%s %s\"\n",
param, value ? value : "");
ERR_print_errors(err);
return 0;
}
}
/*
* This is a special case to keep existing s_server functionality: if we
* don't have any curve specified *and* we haven't disabled ECDHE then
* use P-256.
*/
if (!no_ecdhe) {
if (SSL_CONF_cmd(cctx, "-named_curve", "P-256") <= 0) {
BIO_puts(err, "Error setting EC curve\n");
ERR_print_errors(err);
return 0;
}
}
#ifndef OPENSSL_NO_JPAKE
if (!no_jpake) {
if (SSL_CONF_cmd(cctx, "-cipher", "PSK") <= 0) {
BIO_puts(err, "Error setting cipher to PSK\n");
ERR_print_errors(err);
return 0;
}
}
#endif
if (!SSL_CONF_CTX_finish(cctx)) {
BIO_puts(err, "Error finishing context\n");
ERR_print_errors(err);
return 0;
}
return 1;
}
static int add_crls_store(X509_STORE *st, STACK_OF(X509_CRL) *crls)
{
X509_CRL *crl;
int i;
for (i = 0; i < sk_X509_CRL_num(crls); i++) {
crl = sk_X509_CRL_value(crls, i);
X509_STORE_add_crl(st, crl);
}
return 1;
}
int ssl_ctx_add_crls(SSL_CTX *ctx, STACK_OF(X509_CRL) *crls, int crl_download)
{
X509_STORE *st;
st = SSL_CTX_get_cert_store(ctx);
add_crls_store(st, crls);
if (crl_download)
store_setup_crl_download(st);
return 1;
}
int ssl_load_stores(SSL_CTX *ctx,
const char *vfyCApath, const char *vfyCAfile,
const char *chCApath, const char *chCAfile,
STACK_OF(X509_CRL) *crls, int crl_download)
{
X509_STORE *vfy = NULL, *ch = NULL;
int rv = 0;
if (vfyCApath || vfyCAfile) {
vfy = X509_STORE_new();
if (!X509_STORE_load_locations(vfy, vfyCAfile, vfyCApath))
goto err;
add_crls_store(vfy, crls);
SSL_CTX_set1_verify_cert_store(ctx, vfy);
if (crl_download)
store_setup_crl_download(vfy);
}
if (chCApath || chCAfile) {
ch = X509_STORE_new();
if (!X509_STORE_load_locations(ch, chCAfile, chCApath))
goto err;
SSL_CTX_set1_chain_cert_store(ctx, ch);
}
rv = 1;
err:
if (vfy)
X509_STORE_free(vfy);
if (ch)
X509_STORE_free(ch);
return rv;
}

454
crypto/external/bsd/openssl/dist/apps/s_client.c vendored
View File

@ -202,6 +202,7 @@ typedef unsigned int u_int;
extern int verify_depth;
extern int verify_error;
extern int verify_return_error;
extern int verify_quiet;
#ifdef FIONBIO
static int c_nbio = 0;
@ -224,8 +225,10 @@ static void print_stuff(BIO *berr, SSL *con, int full);
static int ocsp_resp_cb(SSL *s, void *arg);
#endif
static BIO *bio_c_out = NULL;
static BIO *bio_c_msg = NULL;
static int c_quiet = 0;
static int c_ign_eof = 0;
static int c_brief = 0;
#ifndef OPENSSL_NO_PSK
/* Default PSK identity and key */
@ -239,9 +242,9 @@ static unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity,
unsigned char *psk,
unsigned int max_psk_len)
{
unsigned int psk_len = 0;
int ret;
BIGNUM *bn = NULL;
long key_len;
unsigned char *key;
if (c_debug)
BIO_printf(bio_c_out, "psk_client_cb\n");
@ -262,32 +265,29 @@ static unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity,
if (c_debug)
BIO_printf(bio_c_out, "created identity '%s' len=%d\n", identity,
ret);
ret = BN_hex2bn(&bn, psk_key);
if (!ret) {
BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n",
/* convert the PSK key to binary */
key = string_to_hex(psk_key, &key_len);
if (key == NULL) {
BIO_printf(bio_err, "Could not convert PSK key '%s' to buffer\n",
psk_key);
if (bn)
BN_free(bn);
return 0;
}
if ((unsigned int)BN_num_bytes(bn) > max_psk_len) {
if ((unsigned long)key_len > (unsigned long)max_psk_len) {
BIO_printf(bio_err,
"psk buffer of callback is too small (%d) for key (%d)\n",
max_psk_len, BN_num_bytes(bn));
BN_free(bn);
"psk buffer of callback is too small (%d) for key (%ld)\n",
max_psk_len, key_len);
OPENSSL_free(key);
return 0;
}
psk_len = BN_bn2bin(bn, psk);
BN_free(bn);
if (psk_len == 0)
goto out_err;
memcpy(psk, key, key_len);
OPENSSL_free(key);
if (c_debug)
BIO_printf(bio_c_out, "created PSK len=%d\n", psk_len);
BIO_printf(bio_c_out, "created PSK len=%ld\n", key_len);
return psk_len;
return key_len;
out_err:
if (c_debug)
BIO_printf(bio_err, "Error in PSK client callback\n");
@ -304,6 +304,12 @@ static void sc_usage(void)
BIO_printf(bio_err,
" -connect host:port - who to connect to (default is %s:%s)\n",
SSL_HOST_NAME, PORT_STR);
BIO_printf(bio_err,
" -verify_hostname host - check peer certificate matches \"host\"\n");
BIO_printf(bio_err,
" -verify_email email - check peer certificate matches \"email\"\n");
BIO_printf(bio_err,
" -verify_ip ipaddr - check peer certificate matches \"ipaddr\"\n");
BIO_printf(bio_err,
" -verify arg - turn on peer certificate verification\n");
@ -381,8 +387,6 @@ static void sc_usage(void)
" -no_tls1_2/-no_tls1_1/-no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
BIO_printf(bio_err,
" -bugs - Switch on all SSL implementation bug workarounds\n");
BIO_printf(bio_err,
" -serverpref - Use server's cipher preferences (only SSLv2)\n");
BIO_printf(bio_err,
" -cipher - preferred cipher to use, use the 'openssl ciphers'\n");
BIO_printf(bio_err,
@ -413,11 +417,23 @@ static void sc_usage(void)
" -status - request certificate status from server\n");
BIO_printf(bio_err,
" -no_ticket - disable use of RFC4507bis session tickets\n");
# ifndef OPENSSL_NO_NEXTPROTONEG
BIO_printf(bio_err,
" -serverinfo types - send empty ClientHello extensions (comma-separated numbers)\n");
BIO_printf(bio_err,
" -curves arg - Elliptic curves to advertise (colon-separated list)\n");
BIO_printf(bio_err,
" -sigalgs arg - Signature algorithms to support (colon-separated list)\n");
BIO_printf(bio_err,
" -client_sigalgs arg - Signature algorithms to support for client\n");
BIO_printf(bio_err,
" certificate authentication (colon-separated list)\n");
#endif
#ifndef OPENSSL_NO_NEXTPROTONEG
BIO_printf(bio_err,
" -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n");
# endif
#endif
BIO_printf(bio_err,
" -alpn arg - enable ALPN extension, considering named protocols supported (comma-separated list)\n");
BIO_printf(bio_err,
" -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
#ifndef OPENSSL_NO_SRTP
@ -605,6 +621,27 @@ static int next_proto_cb(SSL *s, unsigned char **out, unsigned char *outlen,
return SSL_TLSEXT_ERR_OK;
}
# endif /* ndef OPENSSL_NO_NEXTPROTONEG */
static int serverinfo_cli_parse_cb(SSL *s, unsigned int ext_type,
const unsigned char *in, size_t inlen,
int *al, void *arg)
{
char pem_name[100];
unsigned char ext_buf[4 + 65536];
/* Reconstruct the type/len fields prior to extension data */
ext_buf[0] = ext_type >> 8;
ext_buf[1] = ext_type & 0xFF;
ext_buf[2] = inlen >> 8;
ext_buf[3] = inlen & 0xFF;
memcpy(ext_buf + 4, in, inlen);
BIO_snprintf(pem_name, sizeof(pem_name), "SERVERINFO FOR EXTENSION %d",
ext_type);
PEM_write_bio(bio_c_out, pem_name, "", ext_buf, 4 + inlen);
return 1;
}
#endif
enum {
@ -620,7 +657,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
unsigned int off = 0, clr = 0;
int build_chain = 0;
SSL *con = NULL;
#ifndef OPENSSL_NO_KRB5
KSSL_CTX *kctx;
@ -634,13 +671,16 @@ int MAIN(int argc, char **argv)
short port = PORT;
int full_log = 1;
char *host = SSL_HOST_NAME;
char *cert_file = NULL, *key_file = NULL;
char *cert_file = NULL, *key_file = NULL, *chain_file = NULL;
int cert_format = FORMAT_PEM, key_format = FORMAT_PEM;
char *passarg = NULL, *pass = NULL;
X509 *cert = NULL;
EVP_PKEY *key = NULL;
char *CApath = NULL, *CAfile = NULL, *cipher = NULL;
int reconnect = 0, badop = 0, verify = SSL_VERIFY_NONE, bugs = 0;
STACK_OF(X509) *chain = NULL;
char *CApath = NULL, *CAfile = NULL;
char *chCApath = NULL, *chCAfile = NULL;
char *vfyCApath = NULL, *vfyCAfile = NULL;
int reconnect = 0, badop = 0, verify = SSL_VERIFY_NONE;
int crlf = 0;
int write_tty, read_tty, write_ssl, read_ssl, tty_on, ssl_pending;
SSL_CTX *ctx = NULL;
@ -655,12 +695,12 @@ int MAIN(int argc, char **argv)
char *inrand = NULL;
int mbuf_len = 0;
struct timeval timeout, *timeoutp;
#ifndef OPENSSL_NO_ENGINE
char *engine_id = NULL;
ENGINE *e = NULL;
#ifndef OPENSSL_NO_ENGINE
char *ssl_client_engine_id = NULL;
ENGINE *ssl_client_engine = NULL;
#endif
ENGINE *e = NULL;
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5)
struct timeval tv;
# if defined(OPENSSL_SYS_BEOS_R5)
@ -673,6 +713,10 @@ int MAIN(int argc, char **argv)
# ifndef OPENSSL_NO_NEXTPROTONEG
const char *next_proto_neg_in = NULL;
# endif
const char *alpn_in = NULL;
# define MAX_SI_TYPES 100
unsigned short serverinfo_types[MAX_SI_TYPES];
int serverinfo_types_count = 0;
#endif
char *sess_in = NULL;
char *sess_out = NULL;
@ -682,13 +726,26 @@ int MAIN(int argc, char **argv)
int enable_timeouts = 0;
long socket_mtu = 0;
#ifndef OPENSSL_NO_JPAKE
char *jpake_secret = NULL;
static char *jpake_secret = NULL;
# define no_jpake !jpake_secret
#else
# define no_jpake 1
#endif
#ifndef OPENSSL_NO_SRP
char *srppass = NULL;
int srp_lateuser = 0;
SRP_ARG srp_arg = { NULL, NULL, 0, 0, 0, 1024 };
#endif
SSL_EXCERT *exc = NULL;
SSL_CONF_CTX *cctx = NULL;
STACK_OF(OPENSSL_STRING) *ssl_args = NULL;
char *crl_file = NULL;
int crl_format = FORMAT_PEM;
int crl_download = 0;
STACK_OF(X509_CRL) *crls = NULL;
int prot_opt = 0, no_prot_opt = 0;
meth = SSLv23_client_method();
@ -706,6 +763,12 @@ int MAIN(int argc, char **argv)
if (!load_config(bio_err, NULL))
goto end;
cctx = SSL_CONF_CTX_new();
if (!cctx)
goto end;
SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CLIENT);
SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CMDLINE);
if (((cbuf = OPENSSL_malloc(BUFSIZZ)) == NULL) ||
((sbuf = OPENSSL_malloc(BUFSIZZ)) == NULL) ||
((mbuf = OPENSSL_malloc(BUFSIZZ)) == NULL)) {
@ -742,12 +805,19 @@ int MAIN(int argc, char **argv)
if (--argc < 1)
goto bad;
verify_depth = atoi(*(++argv));
BIO_printf(bio_err, "verify depth is %d\n", verify_depth);
if (!c_quiet)
BIO_printf(bio_err, "verify depth is %d\n", verify_depth);
} else if (strcmp(*argv, "-cert") == 0) {
if (--argc < 1)
goto bad;
cert_file = *(++argv);
} else if (strcmp(*argv, "-sess_out") == 0) {
} else if (strcmp(*argv, "-CRL") == 0) {
if (--argc < 1)
goto bad;
crl_file = *(++argv);
} else if (strcmp(*argv, "-crl_download") == 0)
crl_download = 1;
else if (strcmp(*argv, "-sess_out") == 0) {
if (--argc < 1)
goto bad;
sess_out = *(++argv);
@ -759,13 +829,32 @@ int MAIN(int argc, char **argv)
if (--argc < 1)
goto bad;
cert_format = str2fmt(*(++argv));
} else if (strcmp(*argv, "-CRLform") == 0) {
if (--argc < 1)
goto bad;
crl_format = str2fmt(*(++argv));
} else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm)) {
if (badarg)
goto bad;
continue;
} else if (strcmp(*argv, "-verify_return_error") == 0)
verify_return_error = 1;
else if (strcmp(*argv, "-prexit") == 0)
else if (strcmp(*argv, "-verify_quiet") == 0)
verify_quiet = 1;
else if (strcmp(*argv, "-brief") == 0) {
c_brief = 1;
verify_quiet = 1;
c_quiet = 1;
} else if (args_excert(&argv, &argc, &badarg, bio_err, &exc)) {
if (badarg)
goto bad;
continue;
} else if (args_ssl(&argv, &argc, cctx, &badarg, bio_err, &ssl_args,
&no_prot_opt)) {
if (badarg)
goto bad;
continue;
} else if (strcmp(*argv, "-prexit") == 0)
prexit = 1;
else if (strcmp(*argv, "-crlf") == 0)
crlf = 1;
@ -792,6 +881,15 @@ int MAIN(int argc, char **argv)
#endif
else if (strcmp(*argv, "-msg") == 0)
c_msg = 1;
else if (strcmp(*argv, "-msgfile") == 0) {
if (--argc < 1)
goto bad;
bio_c_msg = BIO_new_file(*(++argv), "w");
}
#ifndef OPENSSL_NO_SSL_TRACE
else if (strcmp(*argv, "-trace") == 0)
c_msg = 2;
#endif
else if (strcmp(*argv, "-showcerts") == 0)
c_showcerts = 1;
else if (strcmp(*argv, "-nbio_test") == 0)
@ -844,27 +942,42 @@ int MAIN(int argc, char **argv)
}
#endif
#ifndef OPENSSL_NO_SSL2
else if (strcmp(*argv, "-ssl2") == 0)
else if (strcmp(*argv, "-ssl2") == 0) {
meth = SSLv2_client_method();
prot_opt++;
}
#endif
#ifndef OPENSSL_NO_SSL3_METHOD
else if (strcmp(*argv, "-ssl3") == 0)
else if (strcmp(*argv, "-ssl3") == 0) {
meth = SSLv3_client_method();
prot_opt++;
}
#endif
#ifndef OPENSSL_NO_TLS1
else if (strcmp(*argv, "-tls1_2") == 0)
else if (strcmp(*argv, "-tls1_2") == 0) {
meth = TLSv1_2_client_method();
else if (strcmp(*argv, "-tls1_1") == 0)
prot_opt++;
} else if (strcmp(*argv, "-tls1_1") == 0) {
meth = TLSv1_1_client_method();
else if (strcmp(*argv, "-tls1") == 0)
prot_opt++;
} else if (strcmp(*argv, "-tls1") == 0) {
meth = TLSv1_client_method();
prot_opt++;
}
#endif
#ifndef OPENSSL_NO_DTLS1
else if (strcmp(*argv, "-dtls1") == 0) {
else if (strcmp(*argv, "-dtls") == 0) {
meth = DTLS_client_method();
socket_type = SOCK_DGRAM;
prot_opt++;
} else if (strcmp(*argv, "-dtls1") == 0) {
meth = DTLSv1_client_method();
socket_type = SOCK_DGRAM;
} else if (strcmp(*argv, "-fallback_scsv") == 0) {
fallback_scsv = 1;
prot_opt++;
} else if (strcmp(*argv, "-dtls1_2") == 0) {
meth = DTLSv1_2_client_method();
socket_type = SOCK_DGRAM;
prot_opt++;
} else if (strcmp(*argv, "-timeout") == 0)
enable_timeouts = 1;
else if (strcmp(*argv, "-mtu") == 0) {
@ -873,9 +986,9 @@ int MAIN(int argc, char **argv)
socket_mtu = atol(*(++argv));
}
#endif
else if (strcmp(*argv, "-bugs") == 0)
bugs = 1;
else if (strcmp(*argv, "-keyform") == 0) {
else if (strcmp(*argv, "-fallback_scsv") == 0) {
fallback_scsv = 1;
} else if (strcmp(*argv, "-keyform") == 0) {
if (--argc < 1)
goto bad;
key_format = str2fmt(*(++argv));
@ -883,6 +996,10 @@ int MAIN(int argc, char **argv)
if (--argc < 1)
goto bad;
passarg = *(++argv);
} else if (strcmp(*argv, "-cert_chain") == 0) {
if (--argc < 1)
goto bad;
chain_file = *(++argv);
} else if (strcmp(*argv, "-key") == 0) {
if (--argc < 1)
goto bad;
@ -893,27 +1010,30 @@ int MAIN(int argc, char **argv)
if (--argc < 1)
goto bad;
CApath = *(++argv);
} else if (strcmp(*argv, "-CAfile") == 0) {
} else if (strcmp(*argv, "-chainCApath") == 0) {
if (--argc < 1)
goto bad;
chCApath = *(++argv);
} else if (strcmp(*argv, "-verifyCApath") == 0) {
if (--argc < 1)
goto bad;
vfyCApath = *(++argv);
} else if (strcmp(*argv, "-build_chain") == 0)
build_chain = 1;
else if (strcmp(*argv, "-CAfile") == 0) {
if (--argc < 1)
goto bad;
CAfile = *(++argv);
} else if (strcmp(*argv, "-no_tls1_2") == 0)
off |= SSL_OP_NO_TLSv1_2;
else if (strcmp(*argv, "-no_tls1_1") == 0)
off |= SSL_OP_NO_TLSv1_1;
else if (strcmp(*argv, "-no_tls1") == 0)
off |= SSL_OP_NO_TLSv1;
else if (strcmp(*argv, "-no_ssl3") == 0)
off |= SSL_OP_NO_SSLv3;
else if (strcmp(*argv, "-no_ssl2") == 0)
off |= SSL_OP_NO_SSLv2;
else if (strcmp(*argv, "-no_comp") == 0) {
off |= SSL_OP_NO_COMPRESSION;
} else if (strcmp(*argv, "-chainCAfile") == 0) {
if (--argc < 1)
goto bad;
chCAfile = *(++argv);
} else if (strcmp(*argv, "-verifyCAfile") == 0) {
if (--argc < 1)
goto bad;
vfyCAfile = *(++argv);
}
#ifndef OPENSSL_NO_TLSEXT
else if (strcmp(*argv, "-no_ticket") == 0) {
off |= SSL_OP_NO_TICKET;
}
# ifndef OPENSSL_NO_NEXTPROTONEG
else if (strcmp(*argv, "-nextprotoneg") == 0) {
if (--argc < 1)
@ -921,20 +1041,32 @@ int MAIN(int argc, char **argv)
next_proto_neg_in = *(++argv);
}
# endif
#endif
else if (strcmp(*argv, "-serverpref") == 0)
off |= SSL_OP_CIPHER_SERVER_PREFERENCE;
else if (strcmp(*argv, "-legacy_renegotiation") == 0)
off |= SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
else if (strcmp(*argv, "-legacy_server_connect") == 0) {
off |= SSL_OP_LEGACY_SERVER_CONNECT;
} else if (strcmp(*argv, "-no_legacy_server_connect") == 0) {
clr |= SSL_OP_LEGACY_SERVER_CONNECT;
} else if (strcmp(*argv, "-cipher") == 0) {
else if (strcmp(*argv, "-alpn") == 0) {
if (--argc < 1)
goto bad;
cipher = *(++argv);
alpn_in = *(++argv);
} else if (strcmp(*argv, "-serverinfo") == 0) {
char *c;
int start = 0;
int len;
if (--argc < 1)
goto bad;
c = *(++argv);
serverinfo_types_count = 0;
len = strlen(c);
for (i = 0; i <= len; ++i) {
if (i == len || c[i] == ',') {
serverinfo_types[serverinfo_types_count]
= atoi(c + start);
serverinfo_types_count++;
start = i + 1;
}
if (serverinfo_types_count == MAX_SI_TYPES)
break;
}
}
#endif
#ifdef FIONBIO
else if (strcmp(*argv, "-nbio") == 0) {
c_nbio = 1;
@ -1025,14 +1157,20 @@ int MAIN(int argc, char **argv)
goto end;
}
psk_identity = "JPAKE";
if (cipher) {
BIO_printf(bio_err, "JPAKE sets cipher to PSK\n");
goto end;
}
cipher = "PSK";
}
#endif
if (prot_opt > 1) {
BIO_printf(bio_err, "Cannot supply multiple protocol flags\n");
goto end;
}
if (prot_opt == 1 && no_prot_opt) {
BIO_printf(bio_err, "Cannot supply both a protocol flag and "
"\"-no_<prot>\"\n");
goto end;
}
OpenSSL_add_ssl_algorithms();
SSL_load_error_strings();
@ -1049,8 +1187,8 @@ int MAIN(int argc, char **argv)
next_proto.data = NULL;
#endif
#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine_id, 1);
#ifndef OPENSSL_NO_ENGINE
if (ssl_client_engine_id) {
ssl_client_engine = ENGINE_by_id(ssl_client_engine_id);
if (!ssl_client_engine) {
@ -1088,6 +1226,33 @@ int MAIN(int argc, char **argv)
}
}
if (chain_file) {
chain = load_certs(bio_err, chain_file, FORMAT_PEM,
NULL, e, "client certificate chain");
if (!chain)
goto end;
}
if (crl_file) {
X509_CRL *crl;
crl = load_crl(crl_file, crl_format);
if (!crl) {
BIO_puts(bio_err, "Error loading CRL\n");
ERR_print_errors(bio_err);
goto end;
}
crls = sk_X509_CRL_new_null();
if (!crls || !sk_X509_CRL_push(crls, crl)) {
BIO_puts(bio_err, "Error adding CRL\n");
ERR_print_errors(bio_err);
X509_CRL_free(crl);
goto end;
}
}
if (!load_excert(&exc, bio_err))
goto end;
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
&& !RAND_status()) {
BIO_printf(bio_err,
@ -1098,8 +1263,10 @@ int MAIN(int argc, char **argv)
app_RAND_load_files(inrand));
if (bio_c_out == NULL) {
if (c_quiet && !c_debug && !c_msg) {
if (c_quiet && !c_debug) {
bio_c_out = BIO_new(BIO_s_null());
if (c_msg && !bio_c_msg)
bio_c_msg = BIO_new_fp(stdout, BIO_NOCLOSE);
} else {
if (bio_c_out == NULL)
bio_c_out = BIO_new_fp(stdout, BIO_NOCLOSE);
@ -1121,6 +1288,17 @@ int MAIN(int argc, char **argv)
if (vpm)
SSL_CTX_set1_param(ctx, vpm);
if (!args_ssl_call(ctx, bio_err, cctx, ssl_args, 1, no_jpake)) {
ERR_print_errors(bio_err);
goto end;
}
if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile,
crls, crl_download)) {
BIO_printf(bio_err, "Error loading store locations\n");
ERR_print_errors(bio_err);
goto end;
}
#ifndef OPENSSL_NO_ENGINE
if (ssl_client_engine) {
if (!SSL_CTX_set_client_cert_engine(ctx, ssl_client_engine)) {
@ -1150,35 +1328,43 @@ int MAIN(int argc, char **argv)
if (srtp_profiles != NULL)
SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles);
#endif
if (bugs)
SSL_CTX_set_options(ctx, SSL_OP_ALL | off);
else
SSL_CTX_set_options(ctx, off);
if (exc)
ssl_ctx_set_excert(ctx, exc);
if (clr)
SSL_CTX_clear_options(ctx, clr);
#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
#if !defined(OPENSSL_NO_TLSEXT)
# if !defined(OPENSSL_NO_NEXTPROTONEG)
if (next_proto.data)
SSL_CTX_set_next_proto_select_cb(ctx, next_proto_cb, &next_proto);
# endif
if (alpn_in) {
unsigned short alpn_len;
unsigned char *alpn = next_protos_parse(&alpn_len, alpn_in);
if (alpn == NULL) {
BIO_printf(bio_err, "Error parsing -alpn argument\n");
goto end;
}
SSL_CTX_set_alpn_protos(ctx, alpn, alpn_len);
OPENSSL_free(alpn);
}
#endif
#ifndef OPENSSL_NO_TLSEXT
for (i = 0; i < serverinfo_types_count; i++) {
SSL_CTX_add_client_custom_ext(ctx,
serverinfo_types[i],
NULL, NULL, NULL,
serverinfo_cli_parse_cb, NULL);
}
#endif
if (state)
SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback);
if (cipher != NULL)
if (!SSL_CTX_set_cipher_list(ctx, cipher)) {
BIO_printf(bio_err, "error setting cipher list\n");
ERR_print_errors(bio_err);
goto end;
}
#if 0
else
SSL_CTX_set_cipher_list(ctx, getenv("SSL_CIPHER"));
else
SSL_CTX_set_cipher_list(ctx, getenv("SSL_CIPHER"));
#endif
SSL_CTX_set_verify(ctx, verify, verify_callback);
if (!set_cert_key_stuff(ctx, cert, key))
goto end;
if ((CAfile || CApath)
&& !SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) {
@ -1187,6 +1373,11 @@ int MAIN(int argc, char **argv)
if (!SSL_CTX_set_default_verify_paths(ctx)) {
ERR_print_errors(bio_err);
}
ssl_ctx_add_crls(ctx, crls, crl_download);
if (!set_cert_key_stuff(ctx, cert, key, chain, build_chain))
goto end;
#ifndef OPENSSL_NO_TLSEXT
if (servername != NULL) {
tlsextcbp.biodebug = bio_err;
@ -1278,7 +1469,7 @@ int MAIN(int argc, char **argv)
if (c_Pause & 0x01)
SSL_set_debug(con, 1);
if (SSL_version(con) == DTLS1_VERSION) {
if (socket_type == SOCK_DGRAM) {
sbio = BIO_new_dgram(s, BIO_NOCLOSE);
if (getsockname(s, &peer, (void *)&peerlen) < 0) {
@ -1332,8 +1523,13 @@ int MAIN(int argc, char **argv)
BIO_set_callback_arg(sbio, (char *)bio_c_out);
}
if (c_msg) {
SSL_set_msg_callback(con, msg_cb);
SSL_set_msg_callback_arg(con, bio_c_out);
#ifndef OPENSSL_NO_SSL_TRACE
if (c_msg == 2)
SSL_set_msg_callback(con, SSL_trace);
else
#endif
SSL_set_msg_callback(con, msg_cb);
SSL_set_msg_callback_arg(con, bio_c_msg ? bio_c_msg : bio_c_out);
}
#ifndef OPENSSL_NO_TLSEXT
if (c_tlsextdebug) {
@ -1366,7 +1562,10 @@ int MAIN(int argc, char **argv)
SSL_set_connect_state(con);
/* ok, lets connect */
width = SSL_get_fd(con) + 1;
if (fileno_stdin() > SSL_get_fd(con))
width = fileno_stdin() + 1;
else
width = SSL_get_fd(con) + 1;
read_tty = 1;
write_tty = 0;
@ -1483,12 +1682,12 @@ int MAIN(int argc, char **argv)
for (;;) {
FD_ZERO(&readfds);
FD_ZERO(&writefds);
fdin = fileno(stdin);
fdin = fileno_stdin();
if (fdin < 0) {
BIO_printf(bio_err,"bad fileno for stdin\n");
goto shut;
}
fdout = fileno(stdout);
fdout = fileno_stdout();
if (fdout < 0) {
BIO_printf(bio_err,"bad fileno for stdout\n");
goto shut;
@ -1526,6 +1725,11 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "Error writing session file %s\n",
sess_out);
}
if (c_brief) {
BIO_puts(bio_err, "CONNECTION ESTABLISHED\n");
print_ssl_summary(bio_err, con);
}
print_stuff(bio_c_out, con, full_log);
if (full_log > 0)
full_log--;
@ -1555,8 +1759,10 @@ int MAIN(int argc, char **argv)
if (tty_on) {
if (read_tty)
openssl_fdset(fdin, &readfds);
#if !defined(OPENSSL_SYS_VMS)
if (write_tty)
openssl_fdset(fdout, &writefds);
#endif
}
if (read_ssl)
openssl_fdset(SSL_get_fd(con), &readfds);
@ -1717,7 +1923,7 @@ int MAIN(int argc, char **argv)
goto shut;
}
}
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5)
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5) || defined(OPENSSL_SYS_VMS)
/* Assume Windows/DOS/BeOS can always write */
else if (!ssl_pending && write_tty)
#else
@ -1791,7 +1997,10 @@ int MAIN(int argc, char **argv)
break;
case SSL_ERROR_SYSCALL:
ret = get_last_socket_error();
BIO_printf(bio_err, "read:errno=%d\n", ret);
if (c_brief)
BIO_puts(bio_err, "CONNECTION CLOSED BY SERVER\n");
else
BIO_printf(bio_err, "read:errno=%d\n", ret);
goto shut;
case SSL_ERROR_ZERO_RETURN:
BIO_printf(bio_c_out, "closed\n");
@ -1891,12 +2100,28 @@ int MAIN(int argc, char **argv)
SSL_CTX_free(ctx);
if (cert)
X509_free(cert);
if (crls)
sk_X509_CRL_pop_free(crls, X509_CRL_free);
if (key)
EVP_PKEY_free(key);
if (chain)
sk_X509_pop_free(chain, X509_free);
if (pass)
OPENSSL_free(pass);
#ifndef OPENSSL_NO_SRP
OPENSSL_free(srp_arg.srppassin);
#endif
if (vpm)
X509_VERIFY_PARAM_free(vpm);
ssl_excert_free(exc);
if (ssl_args)
sk_OPENSSL_STRING_free(ssl_args);
if (cctx)
SSL_CONF_CTX_free(cctx);
#ifndef OPENSSL_NO_JPAKE
if (jpake_secret && psk_key)
OPENSSL_free(psk_key);
#endif
if (cbuf != NULL) {
OPENSSL_cleanse(cbuf, BUFSIZZ);
OPENSSL_free(cbuf);
@ -1909,10 +2134,15 @@ int MAIN(int argc, char **argv)
OPENSSL_cleanse(mbuf, BUFSIZZ);
OPENSSL_free(mbuf);
}
release_engine(e);
if (bio_c_out != NULL) {
BIO_free(bio_c_out);
bio_c_out = NULL;
}
if (bio_c_msg != NULL) {
BIO_free(bio_c_msg);
bio_c_msg = NULL;
}
apps_shutdown();
OPENSSL_EXIT(ret);
}
@ -2006,6 +2236,9 @@ static void print_stuff(BIO *bio, SSL *s, int full)
BIO_write(bio, "\n", 1);
}
ssl_print_sigalgs(bio, s);
ssl_print_tmp_key(bio, s);
BIO_printf(bio,
"---\nSSL handshake has read %ld bytes and written %ld bytes\n",
BIO_number_read(SSL_get_rbio(s)),
@ -2045,7 +2278,8 @@ static void print_stuff(BIO *bio, SSL *s, int full)
}
#endif
#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
#if !defined(OPENSSL_NO_TLSEXT)
# if !defined(OPENSSL_NO_NEXTPROTONEG)
if (next_proto.status != -1) {
const unsigned char *proto;
unsigned int proto_len;
@ -2054,6 +2288,18 @@ static void print_stuff(BIO *bio, SSL *s, int full)
BIO_write(bio, proto, proto_len);
BIO_write(bio, "\n", 1);
}
# endif
{
const unsigned char *proto;
unsigned int proto_len;
SSL_get0_alpn_selected(s, &proto, &proto_len);
if (proto_len > 0) {
BIO_printf(bio, "ALPN protocol: ");
BIO_write(bio, proto, proto_len);
BIO_write(bio, "\n", 1);
} else
BIO_printf(bio, "No ALPN negotiated\n");
}
#endif
#ifndef OPENSSL_NO_SRTP

945
crypto/external/bsd/openssl/dist/apps/s_server.c vendored
View File

File diff suppressed because it is too large Load Diff

11
crypto/external/bsd/openssl/dist/apps/s_socket.c vendored
View File

@ -290,8 +290,9 @@ static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
}
int do_server(int port, int type, int *ret,
int (*cb) (char *hostname, int s, unsigned char *context),
unsigned char *context)
int (*cb) (char *hostname, int s, int stype,
unsigned char *context), unsigned char *context,
int naccept)
{
int sock;
char *name = NULL;
@ -313,12 +314,14 @@ int do_server(int port, int type, int *ret,
}
} else
sock = accept_socket;
i = (*cb) (name, sock, context);
i = (*cb) (name, sock, type, context);
if (name != NULL)
OPENSSL_free(name);
if (type == SOCK_STREAM)
SHUTDOWN2(sock);
if (i < 0) {
if (naccept != -1)
naccept--;
if (i < 0 || naccept == 0) {
SHUTDOWN2(accept_socket);
return (i);
}

11
crypto/external/bsd/openssl/dist/apps/smime.c vendored
View File

@ -114,9 +114,7 @@ int MAIN(int argc, char **argv)
const EVP_MD *sign_md = NULL;
int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
int keyform = FORMAT_PEM;
#ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
#endif
X509_VERIFY_PARAM *vpm = NULL;
@ -461,9 +459,7 @@ int MAIN(int argc, char **argv)
"cert.pem recipient certificate(s) for encryption\n");
goto end;
}
#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
#endif
if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
@ -634,6 +630,12 @@ int MAIN(int argc, char **argv)
p7 = PKCS7_sign(NULL, NULL, other, in, flags);
if (!p7)
goto end;
if (flags & PKCS7_NOCERTS) {
for (i = 0; i < sk_X509_num(other); i++) {
X509 *x = sk_X509_value(other, i);
PKCS7_add_certificate(p7, x);
}
}
} else
flags |= PKCS7_REUSE_DIGEST;
for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) {
@ -730,6 +732,7 @@ int MAIN(int argc, char **argv)
X509_free(signer);
EVP_PKEY_free(key);
PKCS7_free(p7);
release_engine(e);
BIO_free(in);
BIO_free(indata);
BIO_free_all(out);

149
crypto/external/bsd/openssl/dist/apps/speed.c vendored
View File

@ -1,4 +1,4 @@
/* apps/speed.c -*- mode:C; c-file-style: "eay" -*- */
/* apps/speed.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -366,10 +366,13 @@ static void *KDF1_SHA1(const void *in, size_t inlen, void *out,
}
# endif /* OPENSSL_NO_ECDH */
static void multiblock_speed(const EVP_CIPHER *evp_cipher);
int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
unsigned char *buf = NULL, *buf2 = NULL;
int mret = 1;
long count = 0, save_count = 0;
@ -646,6 +649,7 @@ int MAIN(int argc, char **argv)
# ifndef NO_FORK
int multi = 0;
# endif
int multiblock = 0;
# ifndef TIMES
usertime = -1;
@ -666,6 +670,10 @@ int MAIN(int argc, char **argv)
ecdh_b[i] = NULL;
}
# endif
# ifndef OPENSSL_NO_RSA
for (i = 0; i < RSA_NUM; i++)
rsa_key[i] = NULL;
# endif
if (bio_err == NULL)
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
@ -674,12 +682,6 @@ int MAIN(int argc, char **argv)
if (!load_config(bio_err, NULL))
goto end;
# ifndef OPENSSL_NO_RSA
memset(rsa_key, 0, sizeof(rsa_key));
for (i = 0; i < RSA_NUM; i++)
rsa_key[i] = NULL;
# endif
if ((buf = (unsigned char *)OPENSSL_malloc((int)BUFSIZE)) == NULL) {
BIO_printf(bio_err, "out of memory\n");
goto end;
@ -746,7 +748,7 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "no engine given\n");
goto end;
}
setup_engine(bio_err, *argv, 0);
e = setup_engine(bio_err, *argv, 0);
/*
* j will be increased again further down. We just don't want
* speed to confuse an engine with an algorithm, especially when
@ -776,6 +778,9 @@ int MAIN(int argc, char **argv)
mr = 1;
j--; /* Otherwise, -mr gets confused with an
* algorithm. */
} else if (argc > 0 && !strcmp(*argv, "-mb")) {
multiblock = 1;
j--;
} else
# ifndef OPENSSL_NO_MD2
if (strcmp(*argv, "md2") == 0)
@ -1941,6 +1946,20 @@ int MAIN(int argc, char **argv)
# endif
if (doit[D_EVP]) {
# ifdef EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
if (multiblock && evp_cipher) {
if (!
(EVP_CIPHER_flags(evp_cipher) &
EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) {
fprintf(stderr, "%s is not multi-block capable\n",
OBJ_nid2ln(evp_cipher->nid));
goto end;
}
multiblock_speed(evp_cipher);
mret = 0;
goto end;
}
# endif
for (j = 0; j < SIZE_NUM; j++) {
if (evp_cipher) {
EVP_CIPHER_CTX ctx;
@ -2506,6 +2525,7 @@ int MAIN(int argc, char **argv)
}
# endif
release_engine(e);
apps_shutdown();
OPENSSL_EXIT(mret);
}
@ -2594,6 +2614,10 @@ static int do_multi(int multi)
static char sep[] = ":";
fds = malloc(multi * sizeof *fds);
if (fds == NULL) {
fprintf(stderr, "Out of memory in speed (do_multi)\n");
exit(1);
}
for (n = 0; n < multi; ++n) {
if (pipe(fd) == -1) {
fprintf(stderr, "pipe failure\n");
@ -2742,4 +2766,113 @@ static int do_multi(int multi)
return 1;
}
# endif
static void multiblock_speed(const EVP_CIPHER *evp_cipher)
{
static int mblengths[] =
{ 8 * 1024, 2 * 8 * 1024, 4 * 8 * 1024, 8 * 8 * 1024, 8 * 16 * 1024 };
int j, count, num = sizeof(lengths) / sizeof(lengths[0]);
const char *alg_name;
unsigned char *inp, *out, no_key[32], no_iv[16];
EVP_CIPHER_CTX ctx;
double d = 0.0;
inp = OPENSSL_malloc(mblengths[num - 1]);
out = OPENSSL_malloc(mblengths[num - 1] + 1024);
if (!inp || !out) {
BIO_printf(bio_err,"Out of memory\n");
goto end;
}
EVP_CIPHER_CTX_init(&ctx);
EVP_EncryptInit_ex(&ctx, evp_cipher, NULL, no_key, no_iv);
EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_AEAD_SET_MAC_KEY, sizeof(no_key),
no_key);
alg_name = OBJ_nid2ln(evp_cipher->nid);
for (j = 0; j < num; j++) {
print_message(alg_name, 0, mblengths[j]);
Time_F(START);
for (count = 0, run = 1; run && count < 0x7fffffff; count++) {
unsigned char aad[EVP_AEAD_TLS1_AAD_LEN];
EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param;
size_t len = mblengths[j];
int packlen;
memset(aad, 0, 8); /* avoid uninitialized values */
aad[8] = 23; /* SSL3_RT_APPLICATION_DATA */
aad[9] = 3; /* version */
aad[10] = 2;
aad[11] = 0; /* length */
aad[12] = 0;
mb_param.out = NULL;
mb_param.inp = aad;
mb_param.len = len;
mb_param.interleave = 8;
packlen = EVP_CIPHER_CTX_ctrl(&ctx,
EVP_CTRL_TLS1_1_MULTIBLOCK_AAD,
sizeof(mb_param), &mb_param);
if (packlen > 0) {
mb_param.out = out;
mb_param.inp = inp;
mb_param.len = len;
EVP_CIPHER_CTX_ctrl(&ctx,
EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT,
sizeof(mb_param), &mb_param);
} else {
int pad;
RAND_bytes(out, 16);
len += 16;
aad[11] = len >> 8;
aad[12] = len;
pad = EVP_CIPHER_CTX_ctrl(&ctx,
EVP_CTRL_AEAD_TLS1_AAD,
EVP_AEAD_TLS1_AAD_LEN, aad);
EVP_Cipher(&ctx, out, inp, len + pad);
}
}
d = Time_F(STOP);
BIO_printf(bio_err,
mr ? "+R:%d:%s:%f\n"
: "%d %s's in %.2fs\n", count, "evp", d);
results[D_EVP][j] = ((double)count) / d * mblengths[j];
}
if (mr) {
fprintf(stdout, "+H");
for (j = 0; j < num; j++)
fprintf(stdout, ":%d", mblengths[j]);
fprintf(stdout, "\n");
fprintf(stdout, "+F:%d:%s", D_EVP, alg_name);
for (j = 0; j < num; j++)
fprintf(stdout, ":%.2f", results[D_EVP][j]);
fprintf(stdout, "\n");
} else {
fprintf(stdout,
"The 'numbers' are in 1000s of bytes per second processed.\n");
fprintf(stdout, "type ");
for (j = 0; j < num; j++)
fprintf(stdout, "%7d bytes", mblengths[j]);
fprintf(stdout, "\n");
fprintf(stdout, "%-24s", alg_name);
for (j = 0; j < num; j++) {
if (results[D_EVP][j] > 10000)
fprintf(stdout, " %11.2fk", results[D_EVP][j] / 1e3);
else
fprintf(stdout, " %11.2f ", results[D_EVP][j]);
}
fprintf(stdout, "\n");
}
end:
if (inp)
OPENSSL_free(inp);
if (out)
OPENSSL_free(out);
}
#endif

5
crypto/external/bsd/openssl/dist/apps/spkac.c vendored
View File

@ -94,9 +94,7 @@ int MAIN(int argc, char **argv)
CONF *conf = NULL;
NETSCAPE_SPKI *spki = NULL;
EVP_PKEY *pkey = NULL;
#ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
#endif
apps_startup();
@ -185,9 +183,7 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
#endif
if (keyfile) {
pkey = load_key(bio_err,
@ -305,6 +301,7 @@ int MAIN(int argc, char **argv)
BIO_free(in);
BIO_free_all(out);
EVP_PKEY_free(pkey);
release_engine(e);
if (passin)
OPENSSL_free(passin);
apps_shutdown();

10
crypto/external/bsd/openssl/dist/apps/srp.c vendored
View File

@ -293,9 +293,8 @@ int MAIN(int argc, char **argv)
int i;
long errorline = -1;
char *randfile = NULL;
# ifndef OPENSSL_NO_ENGINE
ENGINE *e = NULL;
char *engine = NULL;
# endif
char *tofree = NULL;
DB_ATTR db_attr;
@ -411,9 +410,7 @@ int MAIN(int argc, char **argv)
ERR_load_crypto_strings();
# ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
# endif
e = setup_engine(bio_err, engine, 0);
if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
@ -760,9 +757,12 @@ int MAIN(int argc, char **argv)
if (db)
free_index(db);
release_engine(e);
OBJ_cleanup();
apps_shutdown();
OPENSSL_EXIT(ret);
}
#else
static void *dummy = &dummy;
#endif

33
crypto/external/bsd/openssl/dist/apps/verify.c vendored
View File

@ -88,9 +88,8 @@ int MAIN(int argc, char **argv)
X509_STORE *cert_ctx = NULL;
X509_LOOKUP *lookup = NULL;
X509_VERIFY_PARAM *vpm = NULL;
#ifndef OPENSSL_NO_ENGINE
int crl_download = 0;
char *engine = NULL;
#endif
cert_ctx = X509_STORE_new();
if (cert_ctx == NULL)
@ -114,42 +113,43 @@ int MAIN(int argc, char **argv)
if (argc >= 1) {
if (strcmp(*argv, "-CApath") == 0) {
if (argc-- < 1)
goto end;
goto usage;
CApath = *(++argv);
} else if (strcmp(*argv, "-CAfile") == 0) {
if (argc-- < 1)
goto end;
goto usage;
CAfile = *(++argv);
} else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm)) {
if (badarg)
goto end;
goto usage;
continue;
} else if (strcmp(*argv, "-untrusted") == 0) {
if (argc-- < 1)
goto end;
goto usage;
untfile = *(++argv);
} else if (strcmp(*argv, "-trusted") == 0) {
if (argc-- < 1)
goto end;
goto usage;
trustfile = *(++argv);
} else if (strcmp(*argv, "-CRLfile") == 0) {
if (argc-- < 1)
goto end;
goto usage;
crlfile = *(++argv);
}
} else if (strcmp(*argv, "-crl_download") == 0)
crl_download = 1;
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv, "-engine") == 0) {
if (--argc < 1)
goto end;
goto usage;
engine = *(++argv);
}
#endif
else if (strcmp(*argv, "-help") == 0)
goto end;
goto usage;
else if (strcmp(*argv, "-verbose") == 0)
v_verbose = 1;
else if (argv[0][0] == '-')
goto end;
goto usage;
else
break;
argc--;
@ -158,9 +158,7 @@ int MAIN(int argc, char **argv)
break;
}
#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
#endif
if (vpm)
X509_STORE_set1_param(cert_ctx, vpm);
@ -214,6 +212,9 @@ int MAIN(int argc, char **argv)
}
ret = 0;
if (crl_download)
store_setup_crl_download(cert_ctx);
if (argc < 1) {
if (1 != check(cert_ctx, NULL, untrusted, trusted, crls, e))
ret = -1;
@ -223,7 +224,7 @@ int MAIN(int argc, char **argv)
ret = -1;
}
end:
usage:
if (ret == 1) {
BIO_printf(bio_err,
"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]");
@ -242,6 +243,7 @@ int MAIN(int argc, char **argv)
X509_PURPOSE_get0_name(ptmp));
}
}
end:
if (vpm)
X509_VERIFY_PARAM_free(vpm);
if (cert_ctx != NULL)
@ -249,6 +251,7 @@ int MAIN(int argc, char **argv)
sk_X509_pop_free(untrusted, X509_free);
sk_X509_pop_free(trusted, X509_free);
sk_X509_CRL_pop_free(crls, X509_CRL_free);
release_engine(e);
apps_shutdown();
OPENSSL_EXIT(ret < 0 ? 2 : ret);
}

590
crypto/external/bsd/openssl/dist/apps/vms_term_sock.c vendored Executable file
View File

@ -0,0 +1,590 @@
/*
* Copyright 2016 VMS Software, Inc. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#ifdef __VMS
# define OPENSSL_SYS_VMS
# pragma message disable DOLLARID
# include <openssl/opensslconf.h>
# if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS)
/*
* On VMS, you need to define this to get the declaration of fileno(). The
* value 2 is to make sure no function defined in POSIX-2 is left undefined.
*/
# define _POSIX_C_SOURCE 2
# endif
# include <stdio.h>
# undef _POSIX_C_SOURCE
# include <sys/types.h>
# include <sys/socket.h>
# include <netinet/in.h>
# include <inet.h>
# include <unistd.h>
# include <string.h>
# include <errno.h>
# include <starlet.h>
# include <iodef.h>
# ifdef __alpha
# include <iosbdef.h>
# else
typedef struct _iosb { /* Copied from IOSBDEF.H for Alpha */
# pragma __nomember_alignment
__union {
__struct {
unsigned short int iosb$w_status; /* Final I/O status */
__union {
__struct { /* 16-bit byte count variant */
unsigned short int iosb$w_bcnt; /* 16-bit byte count */
__union {
unsigned int iosb$l_dev_depend; /* 32-bit device dependent info */
unsigned int iosb$l_pid; /* 32-bit pid */
} iosb$r_l;
} iosb$r_bcnt_16;
__struct { /* 32-bit byte count variant */
unsigned int iosb$l_bcnt; /* 32-bit byte count (unaligned) */
unsigned short int iosb$w_dev_depend_high; /* 16-bit device dependent info */
} iosb$r_bcnt_32;
} iosb$r_devdepend;
} iosb$r_io_64;
__struct {
__union {
unsigned int iosb$l_getxxi_status; /* Final GETxxI status */
unsigned int iosb$l_reg_status; /* Final $Registry status */
} iosb$r_l_status;
unsigned int iosb$l_reserved; /* Reserved field */
} iosb$r_get_64;
} iosb$r_io_get;
} IOSB;
# if !defined(__VAXC)
# define iosb$w_status iosb$r_io_get.iosb$r_io_64.iosb$w_status
# define iosb$w_bcnt iosb$r_io_get.iosb$r_io_64.iosb$r_devdepend.iosb$r_bcnt_16.iosb$w_bcnt
# define iosb$r_l iosb$r_io_get.iosb$r_io_64.iosb$r_devdepend.iosb$r_bcnt_16.iosb$r_l
# define iosb$l_dev_depend iosb$r_l.iosb$l_dev_depend
# define iosb$l_pid iosb$r_l.iosb$l_pid
# define iosb$l_bcnt iosb$r_io_get.iosb$r_io_64.iosb$r_devdepend.iosb$r_bcnt_32.iosb$l_bcnt
# define iosb$w_dev_depend_high iosb$r_io_get.iosb$r_io_64.iosb$r_devdepend.iosb$r_bcnt_32.iosb$w_dev_depend_high
# define iosb$l_getxxi_status iosb$r_io_get.iosb$r_get_64.iosb$r_l_status.iosb$l_getxxi_status
# define iosb$l_reg_status iosb$r_io_get.iosb$r_get_64.iosb$r_l_status.iosb$l_reg_status
# endif /* #if !defined(__VAXC) */
# endif /* End of IOSBDEF */
# include <efndef.h>
# include <stdlib.h>
# include <ssdef.h>
# include <time.h>
# include <stdarg.h>
# include <descrip.h>
# include "vms_term_sock.h"
# ifdef __alpha
static struct _iosb TerminalDeviceIosb;
# else
IOSB TerminalDeviceIosb;
# endif
static char TerminalDeviceBuff[255 + 2];
static int TerminalSocketPair[2] = {0, 0};
static unsigned short TerminalDeviceChan = 0;
static int CreateSocketPair (int, int, int, int *);
static void SocketPairTimeoutAst (int);
static int TerminalDeviceAst (int);
static void LogMessage (char *, ...);
/*
** Socket Pair Timeout Value (must be 0-59 seconds)
*/
# define SOCKET_PAIR_TIMEOUT_VALUE 20
/*
** Socket Pair Timeout Block which is passed to timeout AST
*/
typedef struct _SocketPairTimeoutBlock {
unsigned short SockChan1;
unsigned short SockChan2;
} SPTB;
# ifdef TERM_SOCK_TEST
/*----------------------------------------------------------------------------*/
/* */
/*----------------------------------------------------------------------------*/
int main (int argc, char *argv[], char *envp[])
{
char TermBuff[80];
int TermSock,
status,
len;
LogMessage ("Enter 'q' or 'Q' to quit ...");
while (strcasecmp (TermBuff, "Q")) {
/*
** Create the terminal socket
*/
status = TerminalSocket (TERM_SOCK_CREATE, &TermSock);
if (status != TERM_SOCK_SUCCESS)
exit (1);
/*
** Process the terminal input
*/
LogMessage ("Waiting on terminal I/O ...\n");
len = recv (TermSock, TermBuff, sizeof (TermBuff), 0) ;
TermBuff[len] = '\0';
LogMessage ("Received terminal I/O [%s]", TermBuff);
/*
** Delete the terminal socket
*/
status = TerminalSocket (TERM_SOCK_DELETE, &TermSock);
if (status != TERM_SOCK_SUCCESS)
exit (1);
}
return 1;
}
# endif
/*----------------------------------------------------------------------------*/
/* */
/*----------------------------------------------------------------------------*/
int TerminalSocket (int FunctionCode, int *ReturnSocket)
{
int status;
$DESCRIPTOR (TerminalDeviceDesc, "SYS$COMMAND");
/*
** Process the requested function code
*/
switch (FunctionCode) {
case TERM_SOCK_CREATE:
/*
** Create a socket pair
*/
status = CreateSocketPair (AF_INET, SOCK_STREAM, 0, TerminalSocketPair);
if (status == -1) {
LogMessage ("TerminalSocket: CreateSocketPair () - %08X", status);
if (TerminalSocketPair[0])
close (TerminalSocketPair[0]);
if (TerminalSocketPair[1])
close (TerminalSocketPair[1]);
return (TERM_SOCK_FAILURE);
}
/*
** Assign a channel to the terminal device
*/
status = sys$assign (&TerminalDeviceDesc,
&TerminalDeviceChan,
0, 0, 0);
if (! (status & 1)) {
LogMessage ("TerminalSocket: SYS$ASSIGN () - %08X", status);
close (TerminalSocketPair[0]);
close (TerminalSocketPair[1]);
return (TERM_SOCK_FAILURE);
}
/*
** Queue an async IO to the terminal device
*/
status = sys$qio (EFN$C_ENF,
TerminalDeviceChan,
IO$_READVBLK,
&TerminalDeviceIosb,
TerminalDeviceAst,
0,
TerminalDeviceBuff,
sizeof (TerminalDeviceBuff) - 2,
0, 0, 0, 0);
if (! (status & 1)) {
LogMessage ("TerminalSocket: SYS$QIO () - %08X", status);
close (TerminalSocketPair[0]);
close (TerminalSocketPair[1]);
return (TERM_SOCK_FAILURE);
}
/*
** Return the input side of the socket pair
*/
*ReturnSocket = TerminalSocketPair[1];
break;
case TERM_SOCK_DELETE:
/*
** Cancel any pending IO on the terminal channel
*/
status = sys$cancel (TerminalDeviceChan);
if (! (status & 1)) {
LogMessage ("TerminalSocket: SYS$CANCEL () - %08X", status);
close (TerminalSocketPair[0]);
close (TerminalSocketPair[1]);
return (TERM_SOCK_FAILURE);
}
/*
** Deassign the terminal channel
*/
status = sys$dassgn (TerminalDeviceChan);
if (! (status & 1)) {
LogMessage ("TerminalSocket: SYS$DASSGN () - %08X", status);
close (TerminalSocketPair[0]);
close (TerminalSocketPair[1]);
return (TERM_SOCK_FAILURE);
}
/*
** Close the terminal socket pair
*/
close (TerminalSocketPair[0]);
close (TerminalSocketPair[1]);
/*
** Return the initialized socket
*/
*ReturnSocket = 0;
break;
default:
/*
** Invalid function code
*/
LogMessage ("TerminalSocket: Invalid Function Code - %d", FunctionCode);
return (TERM_SOCK_FAILURE);
break;
}
/*
** Return success
*/
return (TERM_SOCK_SUCCESS);
}
/*----------------------------------------------------------------------------*/
/* */
/*----------------------------------------------------------------------------*/
static int CreateSocketPair (int SocketFamily,
int SocketType,
int SocketProtocol,
int *SocketPair)
{
struct dsc$descriptor AscTimeDesc = {0, DSC$K_DTYPE_T, DSC$K_CLASS_S, NULL};
static const char* LocalHostAddr = {"127.0.0.1"};
unsigned short TcpAcceptChan = 0,
TcpDeviceChan = 0;
unsigned long BinTimeBuff[2];
struct sockaddr_in sin;
char AscTimeBuff[32];
short LocalHostPort;
int status;
unsigned int slen;
# ifdef __alpha
struct _iosb iosb;
# else
IOSB iosb;
# endif
int SockDesc1 = 0,
SockDesc2 = 0;
SPTB sptb;
$DESCRIPTOR (TcpDeviceDesc, "TCPIP$DEVICE");
/*
** Create a socket
*/
SockDesc1 = socket (SocketFamily, SocketType, 0);
if (SockDesc1 < 0) {
LogMessage ("CreateSocketPair: socket () - %d", errno);
return (-1);
}
/*
** Initialize the socket information
*/
slen = sizeof (sin);
memset ((char *) &sin, 0, slen);
sin.sin_family = SocketFamily;
sin.sin_addr.s_addr = inet_addr (LocalHostAddr);
sin.sin_port = 0;
/*
** Bind the socket to the local IP
*/
status = bind (SockDesc1, (struct sockaddr *) &sin, slen);
if (status < 0) {
LogMessage ("CreateSocketPair: bind () - %d", errno);
close (SockDesc1);
return (-1);
}
/*
** Get the socket name so we can save the port number
*/
status = getsockname (SockDesc1, (struct sockaddr *) &sin, &slen);
if (status < 0) {
LogMessage ("CreateSocketPair: getsockname () - %d", errno);
close (SockDesc1);
return (-1);
} else
LocalHostPort = sin.sin_port;
/*
** Setup a listen for the socket
*/
listen (SockDesc1, 5);
/*
** Get the binary (64-bit) time of the specified timeout value
*/
sprintf (AscTimeBuff, "0 0:0:%02d.00", SOCKET_PAIR_TIMEOUT_VALUE);
AscTimeDesc.dsc$w_length = strlen (AscTimeBuff);
AscTimeDesc.dsc$a_pointer = AscTimeBuff;
status = sys$bintim (&AscTimeDesc, BinTimeBuff);
if (! (status & 1)) {
LogMessage ("CreateSocketPair: SYS$BINTIM () - %08X", status);
close (SockDesc1);
return (-1);
}
/*
** Assign another channel to the TCP/IP device for the accept.
** This is the channel that ends up being connected to.
*/
status = sys$assign (&TcpDeviceDesc, &TcpDeviceChan, 0, 0, 0);
if (! (status & 1)) {
LogMessage ("CreateSocketPair: SYS$ASSIGN () - %08X", status);
close (SockDesc1);
return (-1);
}
/*
** Get the channel of the first socket for the accept
*/
TcpAcceptChan = decc$get_sdc (SockDesc1);
/*
** Perform the accept using $QIO so we can do this asynchronously
*/
status = sys$qio (EFN$C_ENF,
TcpAcceptChan,
IO$_ACCESS | IO$M_ACCEPT,
&iosb,
0, 0, 0, 0, 0,
&TcpDeviceChan,
0, 0);
if (! (status & 1)) {
LogMessage ("CreateSocketPair: SYS$QIO () - %08X", status);
close (SockDesc1);
sys$dassgn (TcpDeviceChan);
return (-1);
}
/*
** Create the second socket to do the connect
*/
SockDesc2 = socket (SocketFamily, SocketType, 0);
if (SockDesc2 < 0) {
LogMessage ("CreateSocketPair: socket () - %d", errno);
sys$cancel (TcpAcceptChan);
close (SockDesc1);
sys$dassgn (TcpDeviceChan);
return (-1) ;
}
/*
** Setup the Socket Pair Timeout Block
*/
sptb.SockChan1 = TcpAcceptChan;
sptb.SockChan2 = decc$get_sdc (SockDesc2);
/*
** Before we block on the connect, set a timer that can cancel I/O on our
** two sockets if it never connects.
*/
status = sys$setimr (EFN$C_ENF,
BinTimeBuff,
SocketPairTimeoutAst,
&sptb,
0);
if (! (status & 1)) {
LogMessage ("CreateSocketPair: SYS$SETIMR () - %08X", status);
sys$cancel (TcpAcceptChan);
close (SockDesc1);
close (SockDesc2);
sys$dassgn (TcpDeviceChan);
return (-1);
}
/*
** Now issue the connect
*/
memset ((char *) &sin, 0, sizeof (sin)) ;
sin.sin_family = SocketFamily;
sin.sin_addr.s_addr = inet_addr (LocalHostAddr) ;
sin.sin_port = LocalHostPort ;
status = connect (SockDesc2, (struct sockaddr *) &sin, sizeof (sin));
if (status < 0 ) {
LogMessage ("CreateSocketPair: connect () - %d", errno);
sys$cantim (&sptb, 0);
sys$cancel (TcpAcceptChan);
close (SockDesc1);
close (SockDesc2);
sys$dassgn (TcpDeviceChan);
return (-1);
}
/*
** Wait for the asynch $QIO to finish. Note that if the I/O was aborted
** (SS$_ABORT), then we probably canceled it from the AST routine - so log
** a timeout.
*/
status = sys$synch (EFN$C_ENF, &iosb);
if (! (iosb.iosb$w_status & 1)) {
if (iosb.iosb$w_status == SS$_ABORT)
LogMessage ("CreateSocketPair: SYS$QIO(iosb) timeout");
else {
LogMessage ("CreateSocketPair: SYS$QIO(iosb) - %d",
iosb.iosb$w_status);
sys$cantim (&sptb, 0);
}
close (SockDesc1);
close (SockDesc2);
sys$dassgn (TcpDeviceChan);
return (-1);
}
/*
** Here we're successfully connected, so cancel the timer, convert the
** I/O channel to a socket fd, close the listener socket and return the
** connected pair.
*/
sys$cantim (&sptb, 0);
close (SockDesc1) ;
SocketPair[0] = SockDesc2 ;
SocketPair[1] = socket_fd (TcpDeviceChan);
return (0) ;
}
/*----------------------------------------------------------------------------*/
/* */
/*----------------------------------------------------------------------------*/
static void SocketPairTimeoutAst (int astparm)
{
SPTB *sptb = (SPTB *) astparm;
sys$cancel (sptb->SockChan2); /* Cancel the connect() */
sys$cancel (sptb->SockChan1); /* Cancel the accept() */
return;
}
/*----------------------------------------------------------------------------*/
/* */
/*----------------------------------------------------------------------------*/
static int TerminalDeviceAst (int astparm)
{
int status;
/*
** Terminate the terminal buffer
*/
TerminalDeviceBuff[TerminalDeviceIosb.iosb$w_bcnt] = '\0';
strcat (TerminalDeviceBuff, "\n");
/*
** Send the data read from the terminal device throught the socket pair
*/
send (TerminalSocketPair[0], TerminalDeviceBuff,
TerminalDeviceIosb.iosb$w_bcnt + 1, 0);
/*
** Queue another async IO to the terminal device
*/
status = sys$qio (EFN$C_ENF,
TerminalDeviceChan,
IO$_READVBLK,
&TerminalDeviceIosb,
TerminalDeviceAst,
0,
TerminalDeviceBuff,
sizeof (TerminalDeviceBuff) - 1,
0, 0, 0, 0);
/*
** Return status
*/
return status;
}
/*----------------------------------------------------------------------------*/
/* */
/*----------------------------------------------------------------------------*/
static void LogMessage (char *msg, ...)
{
char *Month[] = {"Jan", "Feb", "Mar", "Apr", "May", "Jun",
"Jul", "Aug", "Sep", "Oct", "Nov", "Dec"};
static unsigned int pid = 0;
va_list args;
time_t CurTime;
struct tm *LocTime;
char MsgBuff[256];
/*
** Get the process pid
*/
if (pid == 0)
pid = getpid ();
/*
** Convert the current time into local time
*/
CurTime = time (NULL);
LocTime = localtime (&CurTime);
/*
** Format the message buffer
*/
sprintf (MsgBuff, "%02d-%s-%04d %02d:%02d:%02d [%08X] %s\n",
LocTime->tm_mday, Month[LocTime->tm_mon],
(LocTime->tm_year + 1900), LocTime->tm_hour, LocTime->tm_min,
LocTime->tm_sec, pid, msg);
/*
** Get any variable arguments and add them to the print of the message
** buffer
*/
va_start (args, msg);
vfprintf (stderr, MsgBuff, args);
va_end (args);
/*
** Flush standard error output
*/
fsync (fileno (stderr));
return;
}
#endif

30
crypto/external/bsd/openssl/dist/apps/vms_term_sock.h vendored Executable file
View File

@ -0,0 +1,30 @@
/*
* Copyright 2016 VMS Software, Inc. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#ifndef TERM_SOCK_H
# define TERM_SOCK_H
/*
** Terminal Socket Function Codes
*/
# define TERM_SOCK_CREATE 1
# define TERM_SOCK_DELETE 2
/*
** Terminal Socket Status Codes
*/
# define TERM_SOCK_FAILURE 0
# define TERM_SOCK_SUCCESS 1
/*
** Terminal Socket Prototype
*/
int TerminalSocket (int FunctionCode, int *ReturnSocket);
#endif

92
crypto/external/bsd/openssl/dist/apps/x509.c vendored
View File

@ -150,6 +150,9 @@ static const char *x509_usage[] = {
" -engine e - use engine e, possibly a hardware device.\n",
#endif
" -certopt arg - various certificate text options\n",
" -checkhost host - check certificate matches \"host\"\n",
" -checkemail email - check certificate matches \"email\"\n",
" -checkip ipaddr - check certificate matches \"ipaddr\"\n",
NULL
};
@ -163,6 +166,9 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
char *section, ASN1_INTEGER *sno);
static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt);
static int reqfile = 0;
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
static int force_version = 2;
#endif
int MAIN(int, char **);
@ -174,15 +180,16 @@ int MAIN(int argc, char **argv)
X509 *x = NULL, *xca = NULL;
ASN1_OBJECT *objtmp;
STACK_OF(OPENSSL_STRING) *sigopts = NULL;
EVP_PKEY *Upkey = NULL, *CApkey = NULL;
EVP_PKEY *Upkey = NULL, *CApkey = NULL, *fkey = NULL;
ASN1_INTEGER *sno = NULL;
int i, num, badops = 0;
int i, num, badops = 0, badsig = 0;
BIO *out = NULL;
BIO *STDout = NULL;
STACK_OF(ASN1_OBJECT) *trust = NULL, *reject = NULL;
int informat, outformat, keyformat, CAformat, CAkeyformat;
char *infile = NULL, *outfile = NULL, *keyfile = NULL, *CAfile = NULL;
char *CAkeyfile = NULL, *CAserial = NULL;
char *fkeyfile = NULL;
char *alias = NULL;
int text = 0, serial = 0, subject = 0, issuer = 0, startdate =
0, enddate = 0;
@ -208,9 +215,10 @@ int MAIN(int argc, char **argv)
int need_rand = 0;
int checkend = 0, checkoffset = 0;
unsigned long nmflag = 0, certflag = 0;
#ifndef OPENSSL_NO_ENGINE
char *checkhost = NULL;
char *checkemail = NULL;
char *checkip = NULL;
char *engine = NULL;
#endif
reqfile = 0;
@ -274,7 +282,15 @@ int MAIN(int argc, char **argv)
sigopts = sk_OPENSSL_STRING_new_null();
if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, *(++argv)))
goto bad;
} else if (strcmp(*argv, "-days") == 0) {
}
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
else if (strcmp(*argv, "-force_version") == 0) {
if (--argc < 1)
goto bad;
force_version = atoi(*(++argv)) - 1;
}
#endif
else if (strcmp(*argv, "-days") == 0) {
if (--argc < 1)
goto bad;
days = atoi(*(++argv));
@ -327,6 +343,10 @@ int MAIN(int argc, char **argv)
goto bad;
if (!(sno = s2i_ASN1_INTEGER(NULL, *(++argv))))
goto bad;
} else if (strcmp(*argv, "-force_pubkey") == 0) {
if (--argc < 1)
goto bad;
fkeyfile = *(++argv);
} else if (strcmp(*argv, "-addtrust") == 0) {
if (--argc < 1)
goto bad;
@ -424,6 +444,18 @@ int MAIN(int argc, char **argv)
goto bad;
checkoffset = atoi(*(++argv));
checkend = 1;
} else if (strcmp(*argv, "-checkhost") == 0) {
if (--argc < 1)
goto bad;
checkhost = *(++argv);
} else if (strcmp(*argv, "-checkemail") == 0) {
if (--argc < 1)
goto bad;
checkemail = *(++argv);
} else if (strcmp(*argv, "-checkip") == 0) {
if (--argc < 1)
goto bad;
checkip = *(++argv);
} else if (strcmp(*argv, "-noout") == 0)
noout = ++num;
else if (strcmp(*argv, "-trustout") == 0)
@ -447,6 +479,8 @@ int MAIN(int argc, char **argv)
#endif
else if (strcmp(*argv, "-ocspid") == 0)
ocspid = ++num;
else if (strcmp(*argv, "-badsig") == 0)
badsig = 1;
else if ((md_alg = EVP_get_digestbyname(*argv + 1))) {
/* ok */
digest = md_alg;
@ -465,9 +499,7 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "%s", *pp);
goto end;
}
#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
#endif
if (need_rand)
app_RAND_load_file(NULL, bio_err, 0);
@ -484,6 +516,13 @@ int MAIN(int argc, char **argv)
goto end;
}
if (fkeyfile) {
fkey = load_pubkey(bio_err, fkeyfile, keyformat, 0,
NULL, e, "Forced key");
if (fkey == NULL)
goto end;
}
if ((CAkeyfile == NULL) && (CA_flag) && (CAformat == FORMAT_PEM)) {
CAkeyfile = CAfile;
} else if ((CA_flag) && (CAkeyfile == NULL)) {
@ -605,10 +644,13 @@ int MAIN(int argc, char **argv)
X509_gmtime_adj(X509_get_notBefore(x), 0);
X509_time_adj_ex(X509_get_notAfter(x), days, 0, NULL);
pkey = X509_REQ_get_pubkey(req);
X509_set_pubkey(x, pkey);
EVP_PKEY_free(pkey);
if (fkey)
X509_set_pubkey(x, fkey);
else {
pkey = X509_REQ_get_pubkey(req);
X509_set_pubkey(x, pkey);
EVP_PKEY_free(pkey);
}
} else
x = load_cert(bio_err, infile, informat, NULL, e, "Certificate");
@ -937,11 +979,16 @@ int MAIN(int argc, char **argv)
goto end;
}
print_cert_checks(STDout, x, checkhost, checkemail, checkip);
if (noout) {
ret = 0;
goto end;
}
if (badsig)
x->signature->data[x->signature->length - 1] ^= 0x1;
if (outformat == FORMAT_ASN1)
i = i2d_X509_bio(out, x);
else if (outformat == FORMAT_PEM) {
@ -982,12 +1029,14 @@ int MAIN(int argc, char **argv)
X509_free(xca);
EVP_PKEY_free(Upkey);
EVP_PKEY_free(CApkey);
EVP_PKEY_free(fkey);
if (sigopts)
sk_OPENSSL_STRING_free(sigopts);
X509_REQ_free(rq);
ASN1_INTEGER_free(sno);
sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free);
sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free);
release_engine(e);
if (passin)
OPENSSL_free(passin);
apps_shutdown();
@ -1053,6 +1102,10 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
EVP_PKEY *upkey;
upkey = X509_get_pubkey(xca);
if (upkey == NULL) {
BIO_printf(bio_err, "Error obtaining CA X509 public key\n");
goto end;
}
EVP_PKEY_copy_parameters(upkey, pkey);
EVP_PKEY_free(upkey);
@ -1101,7 +1154,11 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
if (conf) {
X509V3_CTX ctx2;
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
X509_set_version(x, force_version);
#else
X509_set_version(x, 2); /* version 3 certificate */
#endif
X509V3_set_ctx(&ctx2, xca, x, NULL, NULL, 0);
X509V3_set_nconf(&ctx2, conf);
if (!X509V3_EXT_add_nconf(conf, &ctx2, section, x))
@ -1161,6 +1218,8 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext,
EVP_PKEY *pktmp;
pktmp = X509_get_pubkey(x);
if (pktmp == NULL)
goto err;
EVP_PKEY_copy_parameters(pktmp, pkey);
EVP_PKEY_save_parameters(pktmp, 1);
EVP_PKEY_free(pktmp);
@ -1170,12 +1229,7 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext,
if (X509_gmtime_adj(X509_get_notBefore(x), 0) == NULL)
goto err;
/* Lets just make it 12:00am GMT, Jan 1 1970 */
/* memcpy(x->cert_info->validity->notBefore,"700101120000Z",13); */
/* 28 days to be certified */
if (X509_gmtime_adj(X509_get_notAfter(x), (long)60 * 60 * 24 * days) ==
NULL)
if (X509_time_adj_ex(X509_get_notAfter(x), days, 0, NULL) == NULL)
goto err;
if (!X509_set_pubkey(x, pkey))
@ -1186,7 +1240,11 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext,
}
if (conf) {
X509V3_CTX ctx;
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
X509_set_version(x, force_version);
#else
X509_set_version(x, 2); /* version 3 certificate */
#endif
X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0);
X509V3_set_nconf(&ctx, conf);
if (!X509V3_EXT_add_nconf(conf, &ctx, section, x))

60
crypto/external/bsd/openssl/dist/appveyor.yml vendored Normal file
View File

@ -0,0 +1,60 @@
platform:
- x86
- x64
environment:
matrix:
- VSVER: 9
- VSVER: 10
- VSVER: 11
- VSVER: 12
- VSVER: 14
configuration:
- plain
- shared
matrix:
allow_failures:
- platform: x64
VSVER: 9
- platform: x64
VSVER: 10
- platform: x64
VSVER: 11
before_build:
- ps: >-
If ($env:Platform -Match "x86") {
$env:VCVARS_PLATFORM="x86"
$env:TARGET="VC-WIN32"
$env:DO="do_ms"
} Else {
$env:VCVARS_PLATFORM="amd64"
$env:TARGET="VC-WIN64A"
$env:DO="do_win64a"
}
- ps: >-
If ($env:Configuration -Like "*shared*") {
$env:MAK="ntdll.mak"
} Else {
$env:MAK="nt.mak"
}
- ps: $env:VSCOMNTOOLS=(Get-Content ("env:VS" + "$env:VSVER" + "0COMNTOOLS"))
- call "%VSCOMNTOOLS%\..\..\VC\vcvarsall.bat" %VCVARS_PLATFORM%
- perl Configure %TARGET% no-asm
- call ms\%DO%
build_script:
- nmake /f ms\%MAK%
test_script:
- nmake /f ms\%MAK% test
notifications:
- provider: Email
to:
- openssl-commits@openssl.org
on_build_success: false
on_build_failure: true
on_build_status_changed: true

28
crypto/external/bsd/openssl/dist/config vendored
View File

@ -587,15 +587,33 @@ case "$GUESSOS" in
fi
;;
ppc64-*-linux2)
if [ -z "$KERNEL_BITS" ]; then
echo "WARNING! If you wish to build 64-bit library, then you have to"
echo " invoke './Configure linux-ppc64' *manually*."
if [ "$TEST" = "false" -a -t 1 ]; then
echo " You have about 5 seconds to press Ctrl-C to abort."
(trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
fi
fi
if [ "$KERNEL_BITS" = "64" ]; then
OUT="linux-ppc64"
else
OUT="linux-ppc"
(echo "__LP64__" | gcc -E -x c - 2>/dev/null | grep "^__LP64__" 2>&1 > /dev/null) || options="$options -m32"
fi
;;
ppc64le-*-linux2) OUT="linux-ppc64le" ;;
ppc-*-linux2) OUT="linux-ppc" ;;
mips64*-*-linux2)
echo "WARNING! If you wish to build 64-bit library, then you have to"
echo " invoke './Configure linux-ppc64' *manually*."
echo " invoke './Configure linux64-mips64' *manually*."
if [ "$TEST" = "false" -a -t 1 ]; then
echo " You have about 5 seconds to press Ctrl-C to abort."
(trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
fi
OUT="linux-ppc"
OUT="linux-mips64"
;;
ppc-*-linux2) OUT="linux-ppc" ;;
mips*-*-linux2) OUT="linux-mips32" ;;
ppc60x-*-vxworks*) OUT="vxworks-ppc60x" ;;
ppcgen-*-vxworks*) OUT="vxworks-ppcgen" ;;
pentium-*-vxworks*) OUT="vxworks-pentium" ;;
@ -644,6 +662,7 @@ case "$GUESSOS" in
armv[1-3]*-*-linux2) OUT="linux-generic32" ;;
armv[7-9]*-*-linux2) OUT="linux-armv4"; options="$options -march=armv7-a" ;;
arm*-*-linux2) OUT="linux-armv4" ;;
aarch64-*-linux2) OUT="linux-aarch64" ;;
sh*b-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN" ;;
sh*-*-linux2) OUT="linux-generic32"; options="$options -DL_ENDIAN" ;;
m68k*-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN" ;;
@ -833,7 +852,8 @@ case "$GUESSOS" in
# *-dgux) OUT="dgux" ;;
mips-sony-newsos4) OUT="newsos4-gcc" ;;
*-*-cygwin_pre1.3) OUT="Cygwin-pre1.3" ;;
*-*-cygwin) OUT="Cygwin" ;;
i[3456]86-*-cygwin) OUT="Cygwin" ;;
*-*-cygwin) OUT="Cygwin-${MACHINE}" ;;
t3e-cray-unicosmk) OUT="cray-t3e" ;;
j90-cray-unicos) OUT="cray-j90" ;;
nsr-tandem-nsk) OUT="tandem-c89" ;;

3
crypto/external/bsd/openssl/dist/crypto/LPdir_nyi.c vendored
View File

@ -1,6 +1,3 @@
/*
* $LP: LPlib/source/LPdir_win.c,v 1.1 2004/06/14 10:07:56 _cvs_levitte Exp $
*/
/*
* Copyright (c) 2004, Richard Levitte <richard@levitte.org>
* All rights reserved.

4
crypto/external/bsd/openssl/dist/crypto/LPdir_unix.c vendored
View File

@ -1,7 +1,3 @@
/*
* $LP: LPlib/source/LPdir_unix.c,v 1.11 2004/09/23 22:07:22 _cvs_levitte Exp
* $
*/
/*
* Copyright (c) 2004, Richard Levitte <richard@levitte.org>
* All rights reserved.

4
crypto/external/bsd/openssl/dist/crypto/LPdir_win32.c vendored
View File

@ -1,7 +1,3 @@
/*
* $LP: LPlib/source/LPdir_win32.c,v 1.3 2004/08/26 13:36:05 _cvs_levitte Exp
* $
*/
/*
* Copyright (c) 2004, Richard Levitte <richard@levitte.org>
* All rights reserved.

4
crypto/external/bsd/openssl/dist/crypto/LPdir_wince.c vendored
View File

@ -1,7 +1,3 @@
/*
* $LP: LPlib/source/LPdir_wince.c,v 1.3 2004/08/26 13:36:05 _cvs_levitte Exp
* $
*/
/*
* Copyright (c) 2004, Richard Levitte <richard@levitte.org>
* All rights reserved.

8
crypto/external/bsd/openssl/dist/crypto/Makefile vendored
View File

@ -74,9 +74,9 @@ ia64cpuid.s: ia64cpuid.S; $(CC) $(CFLAGS) -E ia64cpuid.S > $@
ppccpuid.s: ppccpuid.pl; $(PERL) ppccpuid.pl $(PERLASM_SCHEME) $@
pariscid.s: pariscid.pl; $(PERL) pariscid.pl $(PERLASM_SCHEME) $@
alphacpuid.s: alphacpuid.pl
(preproc=/tmp/$$$$.$@; trap "rm $$preproc" INT; \
(preproc=$$$$.$@.S; trap "rm $$preproc" INT; \
$(PERL) alphacpuid.pl > $$preproc && \
$(CC) -E $$preproc > $@ && rm $$preproc)
$(CC) -E -P $$preproc > $@ && rm $$preproc)
testapps:
[ -z "$(THIS)" ] || ( if echo $(SDIRS) | fgrep ' des '; \
@ -88,7 +88,7 @@ subdirs:
@target=all; $(RECURSIVE_MAKE)
files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
$(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO
@target=files; $(RECURSIVE_MAKE)
links:
@ -102,7 +102,7 @@ lib: $(LIB)
@touch lib
$(LIB): $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
[ -z "$(FIPSLIBDIR)" ] || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
$(RANLIB) $(LIB) || echo Never mind.
shared: buildinf.h lib subdirs

20
crypto/external/bsd/openssl/dist/crypto/aes/Makefile vendored
View File

@ -65,12 +65,22 @@ aesni-x86_64.s: asm/aesni-x86_64.pl
$(PERL) asm/aesni-x86_64.pl $(PERLASM_SCHEME) > $@
aesni-sha1-x86_64.s: asm/aesni-sha1-x86_64.pl
$(PERL) asm/aesni-sha1-x86_64.pl $(PERLASM_SCHEME) > $@
aesni-sha256-x86_64.s: asm/aesni-sha256-x86_64.pl
$(PERL) asm/aesni-sha256-x86_64.pl $(PERLASM_SCHEME) > $@
aesni-mb-x86_64.s: asm/aesni-mb-x86_64.pl
$(PERL) asm/aesni-mb-x86_64.pl $(PERLASM_SCHEME) > $@
aes-sparcv9.s: asm/aes-sparcv9.pl
$(PERL) asm/aes-sparcv9.pl $(CFLAGS) > $@
aest4-sparcv9.s: asm/aest4-sparcv9.pl ../perlasm/sparcv9_modes.pl
$(PERL) asm/aest4-sparcv9.pl $(CFLAGS) > $@
aes-ppc.s: asm/aes-ppc.pl
$(PERL) asm/aes-ppc.pl $(PERLASM_SCHEME) $@
vpaes-ppc.s: asm/vpaes-ppc.pl
$(PERL) asm/vpaes-ppc.pl $(PERLASM_SCHEME) $@
aesp8-ppc.s: asm/aesp8-ppc.pl
$(PERL) asm/aesp8-ppc.pl $(PERLASM_SCHEME) $@
aes-parisc.s: asm/aes-parisc.pl
$(PERL) asm/aes-parisc.pl $(PERLASM_SCHEME) $@
@ -78,12 +88,18 @@ aes-parisc.s: asm/aes-parisc.pl
aes-mips.S: asm/aes-mips.pl
$(PERL) asm/aes-mips.pl $(PERLASM_SCHEME) $@
aesv8-armx.S: asm/aesv8-armx.pl
$(PERL) asm/aesv8-armx.pl $(PERLASM_SCHEME) $@
aesv8-armx.o: aesv8-armx.S
# GNU make "catch all"
aes-%.S: asm/aes-%.pl; $(PERL) $< $(PERLASM_SCHEME) > $@
aes-armv4.o: aes-armv4.S
bsaes-%.S: asm/bsaes-%.pl; $(PERL) $< $(PERLASM_SCHEME) $@
bsaes-armv7.o: bsaes-armv7.S
files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
$(PERL) $(TOP)/util/files.pl "AES_ENC=$(AES_ENC)" Makefile >> $(TOP)/MINFO
links:
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
@ -149,7 +165,7 @@ aes_wrap.o: ../../e_os.h ../../include/openssl/aes.h
aes_wrap.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
aes_wrap.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
aes_wrap.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
aes_wrap.o: ../../include/openssl/opensslconf.h
aes_wrap.o: ../../include/openssl/modes.h ../../include/openssl/opensslconf.h
aes_wrap.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
aes_wrap.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
aes_wrap.o: ../../include/openssl/symhacks.h ../cryptlib.h aes_wrap.c

2
crypto/external/bsd/openssl/dist/crypto/aes/aes.h vendored
View File

@ -1,4 +1,4 @@
/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
/* crypto/aes/aes.h */
/* ====================================================================
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
*

2
crypto/external/bsd/openssl/dist/crypto/aes/aes_cbc.c vendored
View File

@ -1,4 +1,4 @@
/* crypto/aes/aes_cbc.c -*- mode:C; c-file-style: "eay" -*- */
/* crypto/aes/aes_cbc.c */
/* ====================================================================
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
*

2
crypto/external/bsd/openssl/dist/crypto/aes/aes_cfb.c vendored
View File

@ -1,4 +1,4 @@
/* crypto/aes/aes_cfb.c -*- mode:C; c-file-style: "eay" -*- */
/* crypto/aes/aes_cfb.c */
/* ====================================================================
* Copyright (c) 2002-2006 The OpenSSL Project. All rights reserved.
*

2
crypto/external/bsd/openssl/dist/crypto/aes/aes_core.c vendored
View File

@ -1,4 +1,4 @@
/* crypto/aes/aes_core.c -*- mode:C; c-file-style: "eay" -*- */
/* crypto/aes/aes_core.c */
/**
* rijndael-alg-fst.c
*

2
crypto/external/bsd/openssl/dist/crypto/aes/aes_ctr.c vendored
View File

@ -1,4 +1,4 @@
/* crypto/aes/aes_ctr.c -*- mode:C; c-file-style: "eay" -*- */
/* crypto/aes/aes_ctr.c */
/* ====================================================================
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
*

2
crypto/external/bsd/openssl/dist/crypto/aes/aes_ecb.c vendored
View File

@ -1,4 +1,4 @@
/* crypto/aes/aes_ecb.c -*- mode:C; c-file-style: "eay" -*- */
/* crypto/aes/aes_ecb.c */
/* ====================================================================
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
*

2
crypto/external/bsd/openssl/dist/crypto/aes/aes_ige.c vendored
View File

@ -1,4 +1,4 @@
/* crypto/aes/aes_ige.c -*- mode:C; c-file-style: "eay" -*- */
/* crypto/aes/aes_ige.c */
/* ====================================================================
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
*

2
crypto/external/bsd/openssl/dist/crypto/aes/aes_locl.h vendored
View File

@ -1,4 +1,4 @@
/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
/* crypto/aes/aes.h */
/* ====================================================================
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
*

2
crypto/external/bsd/openssl/dist/crypto/aes/aes_misc.c vendored
View File

@ -1,4 +1,4 @@
/* crypto/aes/aes_misc.c -*- mode:C; c-file-style: "eay" -*- */
/* crypto/aes/aes_misc.c */
/* ====================================================================
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
*

2
crypto/external/bsd/openssl/dist/crypto/aes/aes_ofb.c vendored
View File

@ -1,4 +1,4 @@
/* crypto/aes/aes_ofb.c -*- mode:C; c-file-style: "eay" -*- */
/* crypto/aes/aes_ofb.c */
/* ====================================================================
* Copyright (c) 2002-2006 The OpenSSL Project. All rights reserved.
*

186
crypto/external/bsd/openssl/dist/crypto/aes/aes_wrap.c vendored
View File

@ -54,197 +54,19 @@
#include "cryptlib.h"
#include <openssl/aes.h>
#include <openssl/bio.h>
static const unsigned char default_iv[] = {
0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6,
};
#include <openssl/modes.h>
int AES_wrap_key(AES_KEY *key, const unsigned char *iv,
unsigned char *out,
const unsigned char *in, unsigned int inlen)
{
unsigned char *A, B[16], *R;
unsigned int i, j, t;
if ((inlen & 0x7) || (inlen < 8))
return -1;
A = B;
t = 1;
memcpy(out + 8, in, inlen);
if (!iv)
iv = default_iv;
memcpy(A, iv, 8);
for (j = 0; j < 6; j++) {
R = out + 8;
for (i = 0; i < inlen; i += 8, t++, R += 8) {
memcpy(B + 8, R, 8);
AES_encrypt(B, B, key);
A[7] ^= (unsigned char)(t & 0xff);
if (t > 0xff) {
A[6] ^= (unsigned char)((t >> 8) & 0xff);
A[5] ^= (unsigned char)((t >> 16) & 0xff);
A[4] ^= (unsigned char)((t >> 24) & 0xff);
}
memcpy(R, B + 8, 8);
}
}
memcpy(out, A, 8);
return inlen + 8;
return CRYPTO_128_wrap(key, iv, out, in, inlen, (block128_f) AES_encrypt);
}
int AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
unsigned char *out,
const unsigned char *in, unsigned int inlen)
{
unsigned char *A, B[16], *R;
unsigned int i, j, t;
inlen -= 8;
if (inlen & 0x7)
return -1;
if (inlen < 8)
return -1;
A = B;
t = 6 * (inlen >> 3);
memcpy(A, in, 8);
memcpy(out, in + 8, inlen);
for (j = 0; j < 6; j++) {
R = out + inlen - 8;
for (i = 0; i < inlen; i += 8, t--, R -= 8) {
A[7] ^= (unsigned char)(t & 0xff);
if (t > 0xff) {
A[6] ^= (unsigned char)((t >> 8) & 0xff);
A[5] ^= (unsigned char)((t >> 16) & 0xff);
A[4] ^= (unsigned char)((t >> 24) & 0xff);
}
memcpy(B + 8, R, 8);
AES_decrypt(B, B, key);
memcpy(R, B + 8, 8);
}
}
if (!iv)
iv = default_iv;
if (memcmp(A, iv, 8)) {
OPENSSL_cleanse(out, inlen);
return 0;
}
return inlen;
return CRYPTO_128_unwrap(key, iv, out, in, inlen,
(block128_f) AES_decrypt);
}
#ifdef AES_WRAP_TEST
int AES_wrap_unwrap_test(const unsigned char *kek, int keybits,
const unsigned char *iv,
const unsigned char *eout,
const unsigned char *key, int keylen)
{
unsigned char *otmp = NULL, *ptmp = NULL;
int r, ret = 0;
AES_KEY wctx;
otmp = OPENSSL_malloc(keylen + 8);
ptmp = OPENSSL_malloc(keylen);
if (!otmp || !ptmp)
return 0;
if (AES_set_encrypt_key(kek, keybits, &wctx))
goto err;
r = AES_wrap_key(&wctx, iv, otmp, key, keylen);
if (r <= 0)
goto err;
if (eout && memcmp(eout, otmp, keylen))
goto err;
if (AES_set_decrypt_key(kek, keybits, &wctx))
goto err;
r = AES_unwrap_key(&wctx, iv, ptmp, otmp, r);
if (memcmp(key, ptmp, keylen))
goto err;
ret = 1;
err:
if (otmp)
OPENSSL_free(otmp);
if (ptmp)
OPENSSL_free(ptmp);
return ret;
}
int main(int argc, char **argv)
{
static const unsigned char kek[] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
};
static const unsigned char key[] = {
0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
};
static const unsigned char e1[] = {
0x1f, 0xa6, 0x8b, 0x0a, 0x81, 0x12, 0xb4, 0x47,
0xae, 0xf3, 0x4b, 0xd8, 0xfb, 0x5a, 0x7b, 0x82,
0x9d, 0x3e, 0x86, 0x23, 0x71, 0xd2, 0xcf, 0xe5
};
static const unsigned char e2[] = {
0x96, 0x77, 0x8b, 0x25, 0xae, 0x6c, 0xa4, 0x35,
0xf9, 0x2b, 0x5b, 0x97, 0xc0, 0x50, 0xae, 0xd2,
0x46, 0x8a, 0xb8, 0xa1, 0x7a, 0xd8, 0x4e, 0x5d
};
static const unsigned char e3[] = {
0x64, 0xe8, 0xc3, 0xf9, 0xce, 0x0f, 0x5b, 0xa2,
0x63, 0xe9, 0x77, 0x79, 0x05, 0x81, 0x8a, 0x2a,
0x93, 0xc8, 0x19, 0x1e, 0x7d, 0x6e, 0x8a, 0xe7
};
static const unsigned char e4[] = {
0x03, 0x1d, 0x33, 0x26, 0x4e, 0x15, 0xd3, 0x32,
0x68, 0xf2, 0x4e, 0xc2, 0x60, 0x74, 0x3e, 0xdc,
0xe1, 0xc6, 0xc7, 0xdd, 0xee, 0x72, 0x5a, 0x93,
0x6b, 0xa8, 0x14, 0x91, 0x5c, 0x67, 0x62, 0xd2
};
static const unsigned char e5[] = {
0xa8, 0xf9, 0xbc, 0x16, 0x12, 0xc6, 0x8b, 0x3f,
0xf6, 0xe6, 0xf4, 0xfb, 0xe3, 0x0e, 0x71, 0xe4,
0x76, 0x9c, 0x8b, 0x80, 0xa3, 0x2c, 0xb8, 0x95,
0x8c, 0xd5, 0xd1, 0x7d, 0x6b, 0x25, 0x4d, 0xa1
};
static const unsigned char e6[] = {
0x28, 0xc9, 0xf4, 0x04, 0xc4, 0xb8, 0x10, 0xf4,
0xcb, 0xcc, 0xb3, 0x5c, 0xfb, 0x87, 0xf8, 0x26,
0x3f, 0x57, 0x86, 0xe2, 0xd8, 0x0e, 0xd3, 0x26,
0xcb, 0xc7, 0xf0, 0xe7, 0x1a, 0x99, 0xf4, 0x3b,
0xfb, 0x98, 0x8b, 0x9b, 0x7a, 0x02, 0xdd, 0x21
};
AES_KEY wctx, xctx;
int ret;
ret = AES_wrap_unwrap_test(kek, 128, NULL, e1, key, 16);
fprintf(stderr, "Key test result %d\n", ret);
ret = AES_wrap_unwrap_test(kek, 192, NULL, e2, key, 16);
fprintf(stderr, "Key test result %d\n", ret);
ret = AES_wrap_unwrap_test(kek, 256, NULL, e3, key, 16);
fprintf(stderr, "Key test result %d\n", ret);
ret = AES_wrap_unwrap_test(kek, 192, NULL, e4, key, 24);
fprintf(stderr, "Key test result %d\n", ret);
ret = AES_wrap_unwrap_test(kek, 256, NULL, e5, key, 24);
fprintf(stderr, "Key test result %d\n", ret);
ret = AES_wrap_unwrap_test(kek, 256, NULL, e6, key, 32);
fprintf(stderr, "Key test result %d\n", ret);
}
#endif

8
crypto/external/bsd/openssl/dist/crypto/aes/aes_x86core.c vendored
View File

@ -1,4 +1,4 @@
/* crypto/aes/aes_core.c -*- mode:C; c-file-style: "eay" -*- */
/* crypto/aes/aes_core.c */
/**
* rijndael-alg-fst.c
*
@ -89,8 +89,10 @@ typedef unsigned long long u64;
#endif
#undef ROTATE
#if defined(_MSC_VER) || defined(__ICC)
# define ROTATE(a,n) _lrotl(a,n)
#if defined(_MSC_VER)
# define ROTATE(a,n) _lrotl(a,n)
#elif defined(__ICC)
# define ROTATE(a,n) _rotl(a,n)
#elif defined(__GNUC__) && __GNUC__>=2
# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
# define ROTATE(a,n) ({ register unsigned int ret; \

313
crypto/external/bsd/openssl/dist/crypto/aes/asm/aes-586.pl vendored
View File

@ -39,13 +39,13 @@
# but exhibits up to 10% improvement on other cores.
#
# Second version is "monolithic" replacement for aes_core.c, which in
# addition to AES_[de|en]crypt implements private_AES_set_[de|en]cryption_key.
# addition to AES_[de|en]crypt implements AES_set_[de|en]cryption_key.
# This made it possible to implement little-endian variant of the
# algorithm without modifying the base C code. Motivating factor for
# the undertaken effort was that it appeared that in tight IA-32
# register window little-endian flavor could achieve slightly higher
# Instruction Level Parallelism, and it indeed resulted in up to 15%
# better performance on most recent ľ-archs...
# better performance on most recent µ-archs...
#
# Third version adds AES_cbc_encrypt implementation, which resulted in
# up to 40% performance imrovement of CBC benchmark results. 40% was
@ -103,11 +103,12 @@
# byte for 128-bit key.
#
# ECB encrypt ECB decrypt CBC large chunk
# P4 56[60] 84[100] 23
# AMD K8 48[44] 70[79] 18
# PIII 41[50] 61[91] 24
# Core 2 32[38] 45[70] 18.5
# Pentium 120 160 77
# P4 52[54] 83[95] 23
# AMD K8 46[41] 66[70] 18
# PIII 41[50] 60[77] 24
# Core 2 31[36] 45[64] 18.5
# Atom 76[100] 96[138] 60
# Pentium 115 150 77
#
# Version 4.1 switches to compact S-box even in key schedule setup.
#
@ -223,7 +224,7 @@ sub _data_word() { my $i; while(defined($i=shift)) { &data_word($i,$i); } }
$speed_limit=512; # chunks smaller than $speed_limit are
# processed with compact routine in CBC mode
$small_footprint=1; # $small_footprint=1 code is ~5% slower [on
# recent ľ-archs], but ~5 times smaller!
# recent µ-archs], but ~5 times smaller!
# I favor compact code to minimize cache
# contention and in hope to "collect" 5% back
# in real-life applications...
@ -242,7 +243,7 @@ $vertical_spin=0; # shift "verticaly" defaults to 0, because of
sub encvert()
{ my ($te,@s) = @_;
my $v0 = $acc, $v1 = $key;
my ($v0,$v1) = ($acc,$key);
&mov ($v0,$s[3]); # copy s3
&mov (&DWP(4,"esp"),$s[2]); # save s2
@ -299,7 +300,7 @@ sub encvert()
# Another experimental routine, which features "horizontal spin," but
# eliminates one reference to stack. Strangely enough runs slower...
sub enchoriz()
{ my $v0 = $key, $v1 = $acc;
{ my ($v0,$v1) = ($key,$acc);
&movz ($v0,&LB($s0)); # 3, 2, 1, 0*
&rotr ($s2,8); # 8,11,10, 9
@ -427,7 +428,7 @@ sub sse_encbody()
######################################################################
sub enccompact()
{ my $Fn = mov;
{ my $Fn = \&mov;
while ($#_>5) { pop(@_); $Fn=sub{}; }
my ($i,$te,@s)=@_;
my $tmp = $key;
@ -476,24 +477,25 @@ sub enctransform()
my $tmp = $tbl;
my $r2 = $key ;
&mov ($acc,$s[$i]);
&and ($acc,0x80808080);
&mov ($tmp,$acc);
&shr ($tmp,7);
&and ($tmp,$s[$i]);
&lea ($r2,&DWP(0,$s[$i],$s[$i]));
&sub ($acc,$tmp);
&mov ($acc,$tmp);
&shr ($tmp,7);
&and ($r2,0xfefefefe);
&and ($acc,0x1b1b1b1b);
&sub ($acc,$tmp);
&mov ($tmp,$s[$i]);
&and ($acc,0x1b1b1b1b);
&rotr ($tmp,16);
&xor ($acc,$r2); # r2
&mov ($r2,$s[$i]);
&xor ($s[$i],$acc); # r0 ^ r2
&rotr ($r2,16+8);
&xor ($acc,$tmp);
&rotl ($s[$i],24);
&xor ($s[$i],$acc) # ROTATE(r2^r0,24) ^ r2
&rotr ($tmp,16);
&xor ($s[$i],$tmp);
&rotr ($tmp,8);
&xor ($s[$i],$tmp);
&xor ($acc,$r2);
&mov ($tmp,0x80808080) if ($i!=1);
&xor ($s[$i],$acc); # ROTATE(r2^r0,24) ^ r2
}
&function_begin_B("_x86_AES_encrypt_compact");
@ -526,6 +528,7 @@ sub enctransform()
&enccompact(1,$tbl,$s1,$s2,$s3,$s0,1);
&enccompact(2,$tbl,$s2,$s3,$s0,$s1,1);
&enccompact(3,$tbl,$s3,$s0,$s1,$s2,1);
&mov ($tbl,0x80808080);
&enctransform(2);
&enctransform(3);
&enctransform(0);
@ -562,7 +565,7 @@ sub enctransform()
# Performance is not actually extraordinary in comparison to pure
# x86 code. In particular encrypt performance is virtually the same.
# Decrypt performance on the other hand is 15-20% better on newer
# ľ-archs [but we're thankful for *any* improvement here], and ~50%
# µ-archs [but we're thankful for *any* improvement here], and ~50%
# better on PIII:-) And additionally on the pros side this code
# eliminates redundant references to stack and thus relieves/
# minimizes the pressure on the memory bus.
@ -607,82 +610,84 @@ sub sse_enccompact()
&pshufw ("mm5","mm4",0x0d); # 15,14,11,10
&movd ("eax","mm1"); # 5, 4, 1, 0
&movd ("ebx","mm5"); # 15,14,11,10
&mov ($__key,$key);
&movz ($acc,&LB("eax")); # 0
&movz ("ecx",&BP(-128,$tbl,$acc,1)); # 0
&pshufw ("mm2","mm0",0x0d); # 7, 6, 3, 2
&movz ("edx",&HB("eax")); # 1
&pshufw ("mm2","mm0",0x0d); # 7, 6, 3, 2
&movz ("ecx",&BP(-128,$tbl,$acc,1)); # 0
&movz ($key,&LB("ebx")); # 10
&movz ("edx",&BP(-128,$tbl,"edx",1)); # 1
&shl ("edx",8); # 1
&shr ("eax",16); # 5, 4
&shl ("edx",8); # 1
&movz ($acc,&LB("ebx")); # 10
&movz ($acc,&BP(-128,$tbl,$acc,1)); # 10
&movz ($acc,&BP(-128,$tbl,$key,1)); # 10
&movz ($key,&HB("ebx")); # 11
&shl ($acc,16); # 10
&or ("ecx",$acc); # 10
&pshufw ("mm6","mm4",0x08); # 13,12, 9, 8
&movz ($acc,&HB("ebx")); # 11
&movz ($acc,&BP(-128,$tbl,$acc,1)); # 11
&or ("ecx",$acc); # 10
&movz ($acc,&BP(-128,$tbl,$key,1)); # 11
&movz ($key,&HB("eax")); # 5
&shl ($acc,24); # 11
&or ("edx",$acc); # 11
&shr ("ebx",16); # 15,14
&or ("edx",$acc); # 11
&movz ($acc,&HB("eax")); # 5
&movz ($acc,&BP(-128,$tbl,$acc,1)); # 5
&movz ($acc,&BP(-128,$tbl,$key,1)); # 5
&movz ($key,&HB("ebx")); # 15
&shl ($acc,8); # 5
&or ("ecx",$acc); # 5
&movz ($acc,&HB("ebx")); # 15
&movz ($acc,&BP(-128,$tbl,$acc,1)); # 15
&movz ($acc,&BP(-128,$tbl,$key,1)); # 15
&movz ($key,&LB("eax")); # 4
&shl ($acc,24); # 15
&or ("ecx",$acc); # 15
&movd ("mm0","ecx"); # t[0] collected
&movz ($acc,&LB("eax")); # 4
&movz ("ecx",&BP(-128,$tbl,$acc,1)); # 4
&movz ($acc,&BP(-128,$tbl,$key,1)); # 4
&movz ($key,&LB("ebx")); # 14
&movd ("eax","mm2"); # 7, 6, 3, 2
&movz ($acc,&LB("ebx")); # 14
&movz ($acc,&BP(-128,$tbl,$acc,1)); # 14
&shl ($acc,16); # 14
&movd ("mm0","ecx"); # t[0] collected
&movz ("ecx",&BP(-128,$tbl,$key,1)); # 14
&movz ($key,&HB("eax")); # 3
&shl ("ecx",16); # 14
&movd ("ebx","mm6"); # 13,12, 9, 8
&or ("ecx",$acc); # 14
&movd ("ebx","mm6"); # 13,12, 9, 8
&movz ($acc,&HB("eax")); # 3
&movz ($acc,&BP(-128,$tbl,$acc,1)); # 3
&movz ($acc,&BP(-128,$tbl,$key,1)); # 3
&movz ($key,&HB("ebx")); # 9
&shl ($acc,24); # 3
&or ("ecx",$acc); # 3
&movz ($acc,&HB("ebx")); # 9
&movz ($acc,&BP(-128,$tbl,$acc,1)); # 9
&movz ($acc,&BP(-128,$tbl,$key,1)); # 9
&movz ($key,&LB("ebx")); # 8
&shl ($acc,8); # 9
&or ("ecx",$acc); # 9
&movd ("mm1","ecx"); # t[1] collected
&movz ($acc,&LB("ebx")); # 8
&movz ("ecx",&BP(-128,$tbl,$acc,1)); # 8
&shr ("ebx",16); # 13,12
&movz ($acc,&LB("eax")); # 2
&movz ($acc,&BP(-128,$tbl,$acc,1)); # 2
&shl ($acc,16); # 2
&or ("ecx",$acc); # 2
&or ("ecx",$acc); # 9
&movz ($acc,&BP(-128,$tbl,$key,1)); # 8
&movz ($key,&LB("eax")); # 2
&shr ("eax",16); # 7, 6
&movd ("mm1","ecx"); # t[1] collected
&movz ("ecx",&BP(-128,$tbl,$key,1)); # 2
&movz ($key,&HB("eax")); # 7
&shl ("ecx",16); # 2
&and ("eax",0xff); # 6
&or ("ecx",$acc); # 2
&punpckldq ("mm0","mm1"); # t[0,1] collected
&movz ($acc,&HB("eax")); # 7
&movz ($acc,&BP(-128,$tbl,$acc,1)); # 7
&movz ($acc,&BP(-128,$tbl,$key,1)); # 7
&movz ($key,&HB("ebx")); # 13
&shl ($acc,24); # 7
&or ("ecx",$acc); # 7
&and ("eax",0xff); # 6
&movz ("eax",&BP(-128,$tbl,"eax",1)); # 6
&shl ("eax",16); # 6
&or ("edx","eax"); # 6
&movz ($acc,&HB("ebx")); # 13
&movz ($acc,&BP(-128,$tbl,$acc,1)); # 13
&shl ($acc,8); # 13
&or ("ecx",$acc); # 13
&movd ("mm4","ecx"); # t[2] collected
&and ("ebx",0xff); # 12
&movz ("eax",&BP(-128,$tbl,"eax",1)); # 6
&or ("ecx",$acc); # 7
&shl ("eax",16); # 6
&movz ($acc,&BP(-128,$tbl,$key,1)); # 13
&or ("edx","eax"); # 6
&shl ($acc,8); # 13
&movz ("ebx",&BP(-128,$tbl,"ebx",1)); # 12
&or ("ecx",$acc); # 13
&or ("edx","ebx"); # 12
&mov ($key,$__key);
&movd ("mm4","ecx"); # t[2] collected
&movd ("mm5","edx"); # t[3] collected
&punpckldq ("mm4","mm5"); # t[2,3] collected
@ -1222,7 +1227,7 @@ sub enclast()
######################################################################
sub deccompact()
{ my $Fn = mov;
{ my $Fn = \&mov;
while ($#_>5) { pop(@_); $Fn=sub{}; }
my ($i,$td,@s)=@_;
my $tmp = $key;
@ -1270,30 +1275,30 @@ sub dectransform()
my $tp4 = @s[($i+3)%4]; $tp4 = @s[3] if ($i==1);
my $tp8 = $tbl;
&mov ($acc,$s[$i]);
&and ($acc,0x80808080);
&mov ($tmp,$acc);
&mov ($tmp,0x80808080);
&and ($tmp,$s[$i]);
&mov ($acc,$tmp);
&shr ($tmp,7);
&lea ($tp2,&DWP(0,$s[$i],$s[$i]));
&sub ($acc,$tmp);
&and ($tp2,0xfefefefe);
&and ($acc,0x1b1b1b1b);
&xor ($acc,$tp2);
&mov ($tp2,$acc);
&xor ($tp2,$acc);
&mov ($tmp,0x80808080);
&and ($acc,0x80808080);
&mov ($tmp,$acc);
&and ($tmp,$tp2);
&mov ($acc,$tmp);
&shr ($tmp,7);
&lea ($tp4,&DWP(0,$tp2,$tp2));
&sub ($acc,$tmp);
&and ($tp4,0xfefefefe);
&and ($acc,0x1b1b1b1b);
&xor ($tp2,$s[$i]); # tp2^tp1
&xor ($acc,$tp4);
&mov ($tp4,$acc);
&xor ($tp4,$acc);
&mov ($tmp,0x80808080);
&and ($acc,0x80808080);
&mov ($tmp,$acc);
&and ($tmp,$tp4);
&mov ($acc,$tmp);
&shr ($tmp,7);
&lea ($tp8,&DWP(0,$tp4,$tp4));
&sub ($acc,$tmp);
@ -1305,13 +1310,13 @@ sub dectransform()
&xor ($s[$i],$tp2);
&xor ($tp2,$tp8);
&rotl ($tp2,24);
&xor ($s[$i],$tp4);
&xor ($tp4,$tp8);
&rotl ($tp4,16);
&rotl ($tp2,24);
&xor ($s[$i],$tp8); # ^= tp8^(tp4^tp1)^(tp2^tp1)
&rotl ($tp8,8);
&rotl ($tp4,16);
&xor ($s[$i],$tp2); # ^= ROTATE(tp8^tp2^tp1,24)
&rotl ($tp8,8);
&xor ($s[$i],$tp4); # ^= ROTATE(tp8^tp4^tp1,16)
&mov ($s[0],$__s0) if($i==2); #prefetch $s0
&mov ($s[1],$__s1) if($i==3); #prefetch $s1
@ -1389,85 +1394,87 @@ sub dectransform()
sub sse_deccompact()
{
&pshufw ("mm1","mm0",0x0c); # 7, 6, 1, 0
&movd ("eax","mm1"); # 7, 6, 1, 0
&pshufw ("mm5","mm4",0x09); # 13,12,11,10
&movz ($acc,&LB("eax")); # 0
&movz ("ecx",&BP(-128,$tbl,$acc,1)); # 0
&movd ("eax","mm1"); # 7, 6, 1, 0
&movd ("ebx","mm5"); # 13,12,11,10
&mov ($__key,$key);
&movz ($acc,&LB("eax")); # 0
&movz ("edx",&HB("eax")); # 1
&pshufw ("mm2","mm0",0x06); # 3, 2, 5, 4
&movz ("ecx",&BP(-128,$tbl,$acc,1)); # 0
&movz ($key,&LB("ebx")); # 10
&movz ("edx",&BP(-128,$tbl,"edx",1)); # 1
&shr ("eax",16); # 7, 6
&shl ("edx",8); # 1
&pshufw ("mm2","mm0",0x06); # 3, 2, 5, 4
&movz ($acc,&LB("ebx")); # 10
&movz ($acc,&BP(-128,$tbl,$acc,1)); # 10
&movz ($acc,&BP(-128,$tbl,$key,1)); # 10
&movz ($key,&HB("ebx")); # 11
&shl ($acc,16); # 10
&or ("ecx",$acc); # 10
&shr ("eax",16); # 7, 6
&movz ($acc,&HB("ebx")); # 11
&movz ($acc,&BP(-128,$tbl,$acc,1)); # 11
&shl ($acc,24); # 11
&or ("edx",$acc); # 11
&shr ("ebx",16); # 13,12
&pshufw ("mm6","mm4",0x03); # 9, 8,15,14
&movz ($acc,&HB("eax")); # 7
&movz ($acc,&BP(-128,$tbl,$acc,1)); # 7
&or ("ecx",$acc); # 10
&movz ($acc,&BP(-128,$tbl,$key,1)); # 11
&movz ($key,&HB("eax")); # 7
&shl ($acc,24); # 11
&shr ("ebx",16); # 13,12
&or ("edx",$acc); # 11
&movz ($acc,&BP(-128,$tbl,$key,1)); # 7
&movz ($key,&HB("ebx")); # 13
&shl ($acc,24); # 7
&or ("ecx",$acc); # 7
&movz ($acc,&HB("ebx")); # 13
&movz ($acc,&BP(-128,$tbl,$acc,1)); # 13
&movz ($acc,&BP(-128,$tbl,$key,1)); # 13
&movz ($key,&LB("eax")); # 6
&shl ($acc,8); # 13
&or ("ecx",$acc); # 13
&movd ("mm0","ecx"); # t[0] collected
&movz ($acc,&LB("eax")); # 6
&movd ("eax","mm2"); # 3, 2, 5, 4
&movz ("ecx",&BP(-128,$tbl,$acc,1)); # 6
&shl ("ecx",16); # 6
&movz ($acc,&LB("ebx")); # 12
&or ("ecx",$acc); # 13
&movz ($acc,&BP(-128,$tbl,$key,1)); # 6
&movz ($key,&LB("ebx")); # 12
&shl ($acc,16); # 6
&movd ("ebx","mm6"); # 9, 8,15,14
&movz ($acc,&BP(-128,$tbl,$acc,1)); # 12
&movd ("mm0","ecx"); # t[0] collected
&movz ("ecx",&BP(-128,$tbl,$key,1)); # 12
&movz ($key,&LB("eax")); # 4
&or ("ecx",$acc); # 12
&movz ($acc,&LB("eax")); # 4
&movz ($acc,&BP(-128,$tbl,$acc,1)); # 4
&movz ($acc,&BP(-128,$tbl,$key,1)); # 4
&movz ($key,&LB("ebx")); # 14
&or ("edx",$acc); # 4
&movz ($acc,&LB("ebx")); # 14
&movz ($acc,&BP(-128,$tbl,$acc,1)); # 14
&movz ($acc,&BP(-128,$tbl,$key,1)); # 14
&movz ($key,&HB("eax")); # 5
&shl ($acc,16); # 14
&or ("edx",$acc); # 14
&movd ("mm1","edx"); # t[1] collected
&movz ($acc,&HB("eax")); # 5
&movz ("edx",&BP(-128,$tbl,$acc,1)); # 5
&shl ("edx",8); # 5
&movz ($acc,&HB("ebx")); # 15
&shr ("eax",16); # 3, 2
&movz ($acc,&BP(-128,$tbl,$acc,1)); # 15
&shl ($acc,24); # 15
&or ("edx",$acc); # 15
&or ("edx",$acc); # 14
&movz ($acc,&BP(-128,$tbl,$key,1)); # 5
&movz ($key,&HB("ebx")); # 15
&shr ("ebx",16); # 9, 8
&shl ($acc,8); # 5
&movd ("mm1","edx"); # t[1] collected
&movz ("edx",&BP(-128,$tbl,$key,1)); # 15
&movz ($key,&HB("ebx")); # 9
&shl ("edx",24); # 15
&and ("ebx",0xff); # 8
&or ("edx",$acc); # 15
&punpckldq ("mm0","mm1"); # t[0,1] collected
&movz ($acc,&HB("ebx")); # 9
&movz ($acc,&BP(-128,$tbl,$acc,1)); # 9
&movz ($acc,&BP(-128,$tbl,$key,1)); # 9
&movz ($key,&LB("eax")); # 2
&shl ($acc,8); # 9
&or ("ecx",$acc); # 9
&and ("ebx",0xff); # 8
&movz ("ebx",&BP(-128,$tbl,"ebx",1)); # 8
&or ("edx","ebx"); # 8
&movz ($acc,&LB("eax")); # 2
&movz ($acc,&BP(-128,$tbl,$acc,1)); # 2
&shl ($acc,16); # 2
&or ("edx",$acc); # 2
&movd ("mm4","edx"); # t[2] collected
&movz ("eax",&HB("eax")); # 3
&movz ("ebx",&BP(-128,$tbl,"ebx",1)); # 8
&or ("ecx",$acc); # 9
&movz ($acc,&BP(-128,$tbl,$key,1)); # 2
&or ("edx","ebx"); # 8
&shl ($acc,16); # 2
&movz ("eax",&BP(-128,$tbl,"eax",1)); # 3
&or ("edx",$acc); # 2
&shl ("eax",24); # 3
&or ("ecx","eax"); # 3
&mov ($key,$__key);
&movd ("mm4","edx"); # t[2] collected
&movd ("mm5","ecx"); # t[3] collected
&punpckldq ("mm4","mm5"); # t[2,3] collected
@ -2181,8 +2188,8 @@ my $mark=&DWP(76+240,"esp"); # copy of aes_key->rounds
&mov ("ecx",240/4);
&xor ("eax","eax");
&align (4);
&data_word(0xABF3F689); # rep stosd
&set_label("skip_ezero")
&data_word(0xABF3F689); # rep stosd
&set_label("skip_ezero");
&mov ("esp",$_esp);
&popf ();
&set_label("drop_out");
@ -2301,8 +2308,8 @@ my $mark=&DWP(76+240,"esp"); # copy of aes_key->rounds
&mov ("ecx",240/4);
&xor ("eax","eax");
&align (4);
&data_word(0xABF3F689); # rep stosd
&set_label("skip_dzero")
&data_word(0xABF3F689); # rep stosd
&set_label("skip_dzero");
&mov ("esp",$_esp);
&popf ();
&function_end_A();
@ -2865,32 +2872,32 @@ sub deckey()
{ my ($i,$key,$tp1,$tp2,$tp4,$tp8) = @_;
my $tmp = $tbl;
&mov ($acc,$tp1);
&and ($acc,0x80808080);
&mov ($tmp,$acc);
&shr ($tmp,7);
&mov ($tmp,0x80808080);
&and ($tmp,$tp1);
&lea ($tp2,&DWP(0,$tp1,$tp1));
&mov ($acc,$tmp);
&shr ($tmp,7);
&sub ($acc,$tmp);
&and ($tp2,0xfefefefe);
&and ($acc,0x1b1b1b1b);
&xor ($acc,$tp2);
&mov ($tp2,$acc);
&xor ($tp2,$acc);
&mov ($tmp,0x80808080);
&and ($acc,0x80808080);
&mov ($tmp,$acc);
&shr ($tmp,7);
&and ($tmp,$tp2);
&lea ($tp4,&DWP(0,$tp2,$tp2));
&mov ($acc,$tmp);
&shr ($tmp,7);
&sub ($acc,$tmp);
&and ($tp4,0xfefefefe);
&and ($acc,0x1b1b1b1b);
&xor ($tp2,$tp1); # tp2^tp1
&xor ($acc,$tp4);
&mov ($tp4,$acc);
&xor ($tp4,$acc);
&mov ($tmp,0x80808080);
&and ($acc,0x80808080);
&mov ($tmp,$acc);
&shr ($tmp,7);
&and ($tmp,$tp4);
&lea ($tp8,&DWP(0,$tp4,$tp4));
&mov ($acc,$tmp);
&shr ($tmp,7);
&xor ($tp4,$tp1); # tp4^tp1
&sub ($acc,$tmp);
&and ($tp8,0xfefefefe);

139
crypto/external/bsd/openssl/dist/crypto/aes/asm/aes-armv4.pl vendored
View File

@ -1,7 +1,7 @@
#!/usr/bin/env perl
# ====================================================================
# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
# project. The module is, however, dual licensed under OpenSSL and
# CRYPTOGAMS licenses depending on where you obtain it. For further
# details see http://www.openssl.org/~appro/cryptogams/.
@ -51,9 +51,23 @@ $key="r11";
$rounds="r12";
$code=<<___;
#include "arm_arch.h"
#ifndef __KERNEL__
# include "arm_arch.h"
#else
# define __ARM_ARCH__ __LINUX_ARM_ARCH__
#endif
.text
#if __ARM_ARCH__<7
.code 32
#else
.syntax unified
# ifdef __thumb2__
.thumb
# else
.code 32
# endif
#endif
.type AES_Te,%object
.align 5
@ -167,7 +181,11 @@ AES_Te:
.type AES_encrypt,%function
.align 5
AES_encrypt:
#if __ARM_ARCH__<7
sub r3,pc,#8 @ AES_encrypt
#else
adr r3,AES_encrypt
#endif
stmdb sp!,{r1,r4-r12,lr}
mov $rounds,r0 @ inp
mov $key,r2
@ -409,11 +427,21 @@ _armv4_AES_encrypt:
.align 5
private_AES_set_encrypt_key:
_armv4_AES_set_encrypt_key:
#if __ARM_ARCH__<7
sub r3,pc,#8 @ AES_set_encrypt_key
#else
adr r3,private_AES_set_encrypt_key
#endif
teq r0,#0
#if __ARM_ARCH__>=7
itt eq @ Thumb2 thing, sanity check in ARM
#endif
moveq r0,#-1
beq .Labrt
teq r2,#0
#if __ARM_ARCH__>=7
itt eq @ Thumb2 thing, sanity check in ARM
#endif
moveq r0,#-1
beq .Labrt
@ -422,6 +450,9 @@ _armv4_AES_set_encrypt_key:
teq r1,#192
beq .Lok
teq r1,#256
#if __ARM_ARCH__>=7
itt ne @ Thumb2 thing, sanity check in ARM
#endif
movne r0,#-1
bne .Labrt
@ -576,6 +607,9 @@ _armv4_AES_set_encrypt_key:
str $s2,[$key,#-16]
subs $rounds,$rounds,#1
str $s3,[$key,#-12]
#if __ARM_ARCH__>=7
itt eq @ Thumb2 thing, sanity check in ARM
#endif
subeq r2,$key,#216
beq .Ldone
@ -645,6 +679,9 @@ _armv4_AES_set_encrypt_key:
str $s2,[$key,#-24]
subs $rounds,$rounds,#1
str $s3,[$key,#-20]
#if __ARM_ARCH__>=7
itt eq @ Thumb2 thing, sanity check in ARM
#endif
subeq r2,$key,#256
beq .Ldone
@ -674,11 +711,17 @@ _armv4_AES_set_encrypt_key:
str $i3,[$key,#-4]
b .L256_loop
.align 2
.Ldone: mov r0,#0
ldmia sp!,{r4-r12,lr}
.Labrt: tst lr,#1
.Labrt:
#if __ARM_ARCH__>=5
ret @ bx lr
#else
tst lr,#1
moveq pc,lr @ be binary compatible with V4, yet
bx lr @ interoperable with Thumb ISA:-)
#endif
.size private_AES_set_encrypt_key,.-private_AES_set_encrypt_key
.global private_AES_set_decrypt_key
@ -688,34 +731,57 @@ private_AES_set_decrypt_key:
str lr,[sp,#-4]! @ push lr
bl _armv4_AES_set_encrypt_key
teq r0,#0
ldrne lr,[sp],#4 @ pop lr
ldr lr,[sp],#4 @ pop lr
bne .Labrt
stmdb sp!,{r4-r12}
mov r0,r2 @ AES_set_encrypt_key preserves r2,
mov r1,r2 @ which is AES_KEY *key
b _armv4_AES_set_enc2dec_key
.size private_AES_set_decrypt_key,.-private_AES_set_decrypt_key
ldr $rounds,[r2,#240] @ AES_set_encrypt_key preserves r2,
mov $key,r2 @ which is AES_KEY *key
mov $i1,r2
add $i2,r2,$rounds,lsl#4
@ void AES_set_enc2dec_key(const AES_KEY *inp,AES_KEY *out)
.global AES_set_enc2dec_key
.type AES_set_enc2dec_key,%function
.align 5
AES_set_enc2dec_key:
_armv4_AES_set_enc2dec_key:
stmdb sp!,{r4-r12,lr}
.Linv: ldr $s0,[$i1]
ldr $rounds,[r0,#240]
mov $i1,r0 @ input
add $i2,r0,$rounds,lsl#4
mov $key,r1 @ ouput
add $tbl,r1,$rounds,lsl#4
str $rounds,[r1,#240]
.Linv: ldr $s0,[$i1],#16
ldr $s1,[$i1,#-12]
ldr $s2,[$i1,#-8]
ldr $s3,[$i1,#-4]
ldr $t1,[$i2],#-16
ldr $t2,[$i2,#16+4]
ldr $t3,[$i2,#16+8]
ldr $i3,[$i2,#16+12]
str $s0,[$tbl],#-16
str $s1,[$tbl,#16+4]
str $s2,[$tbl,#16+8]
str $s3,[$tbl,#16+12]
str $t1,[$key],#16
str $t2,[$key,#-12]
str $t3,[$key,#-8]
str $i3,[$key,#-4]
teq $i1,$i2
bne .Linv
ldr $s0,[$i1]
ldr $s1,[$i1,#4]
ldr $s2,[$i1,#8]
ldr $s3,[$i1,#12]
ldr $t1,[$i2]
ldr $t2,[$i2,#4]
ldr $t3,[$i2,#8]
ldr $i3,[$i2,#12]
str $s0,[$i2],#-16
str $s1,[$i2,#16+4]
str $s2,[$i2,#16+8]
str $s3,[$i2,#16+12]
str $t1,[$i1],#16
str $t2,[$i1,#-12]
str $t3,[$i1,#-8]
str $i3,[$i1,#-4]
teq $i1,$i2
bne .Linv
str $s0,[$key]
str $s1,[$key,#4]
str $s2,[$key,#8]
str $s3,[$key,#12]
sub $key,$key,$rounds,lsl#3
___
$mask80=$i1;
$mask1b=$i2;
@ -773,7 +839,7 @@ $code.=<<___;
moveq pc,lr @ be binary compatible with V4, yet
bx lr @ interoperable with Thumb ISA:-)
#endif
.size private_AES_set_decrypt_key,.-private_AES_set_decrypt_key
.size AES_set_enc2dec_key,.-AES_set_enc2dec_key
.type AES_Td,%object
.align 5
@ -883,7 +949,11 @@ AES_Td:
.type AES_decrypt,%function
.align 5
AES_decrypt:
#if __ARM_ARCH__<7
sub r3,pc,#8 @ AES_decrypt
#else
adr r3,AES_decrypt
#endif
stmdb sp!,{r1,r4-r12,lr}
mov $rounds,r0 @ inp
mov $key,r2
@ -1080,8 +1150,9 @@ _armv4_AES_decrypt:
ldrb $t3,[$tbl,$i3] @ Td4[s0>>0]
and $i3,lr,$s1,lsr#8
add $s1,$tbl,$s1,lsr#24
ldrb $i1,[$tbl,$i1] @ Td4[s1>>0]
ldrb $s1,[$tbl,$s1,lsr#24] @ Td4[s1>>24]
ldrb $s1,[$s1] @ Td4[s1>>24]
ldrb $i2,[$tbl,$i2] @ Td4[s1>>16]
eor $s0,$i1,$s0,lsl#24
ldrb $i3,[$tbl,$i3] @ Td4[s1>>8]
@ -1094,7 +1165,8 @@ _armv4_AES_decrypt:
ldrb $i2,[$tbl,$i2] @ Td4[s2>>0]
and $i3,lr,$s2,lsr#16
ldrb $s2,[$tbl,$s2,lsr#24] @ Td4[s2>>24]
add $s2,$tbl,$s2,lsr#24
ldrb $s2,[$s2] @ Td4[s2>>24]
eor $s0,$s0,$i1,lsl#8
ldrb $i3,[$tbl,$i3] @ Td4[s2>>16]
eor $s1,$i2,$s1,lsl#16
@ -1106,8 +1178,9 @@ _armv4_AES_decrypt:
ldrb $i2,[$tbl,$i2] @ Td4[s3>>8]
and $i3,lr,$s3 @ i2
add $s3,$tbl,$s3,lsr#24
ldrb $i3,[$tbl,$i3] @ Td4[s3>>0]
ldrb $s3,[$tbl,$s3,lsr#24] @ Td4[s3>>24]
ldrb $s3,[$s3] @ Td4[s3>>24]
eor $s0,$s0,$i1,lsl#16
ldr $i1,[$key,#0]
eor $s1,$s1,$i2,lsl#8
@ -1130,5 +1203,15 @@ _armv4_AES_decrypt:
___
$code =~ s/\bbx\s+lr\b/.word\t0xe12fff1e/gm; # make it possible to compile with -march=armv4
$code =~ s/\bret\b/bx\tlr/gm;
open SELF,$0;
while(<SELF>) {
next if (/^#!/);
last if (!s/^#/@/ and !/^$/);
print;
}
close SELF;
print $code;
close STDOUT; # enforce flush

1045
crypto/external/bsd/openssl/dist/crypto/aes/asm/aes-mips.pl vendored
View File

File diff suppressed because it is too large Load Diff

117
crypto/external/bsd/openssl/dist/crypto/aes/asm/aes-ppc.pl vendored
View File

@ -45,6 +45,8 @@ if ($flavour =~ /64/) {
$PUSH ="stw";
} else { die "nonsense $flavour"; }
$LITTLE_ENDIAN = ($flavour=~/le$/) ? $SIZE_T : 0;
$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
@ -68,7 +70,7 @@ $key="r5";
$Tbl0="r3";
$Tbl1="r6";
$Tbl2="r7";
$Tbl3="r2";
$Tbl3=$out; # stay away from "r2"; $out is offloaded to stack
$s0="r8";
$s1="r9";
@ -76,7 +78,7 @@ $s2="r10";
$s3="r11";
$t0="r12";
$t1="r13";
$t1="r0"; # stay away from "r13";
$t2="r14";
$t3="r15";
@ -100,9 +102,6 @@ $acc13="r29";
$acc14="r30";
$acc15="r31";
# stay away from TLS pointer
if ($SIZE_T==8) { die if ($t1 ne "r13"); $t1="r0"; }
else { die if ($Tbl3 ne "r2"); $Tbl3=$t0; $t0="r0"; }
$mask80=$Tbl2;
$mask1b=$Tbl3;
@ -337,8 +336,7 @@ $code.=<<___;
$STU $sp,-$FRAME($sp)
mflr r0
$PUSH $toc,`$FRAME-$SIZE_T*20`($sp)
$PUSH r13,`$FRAME-$SIZE_T*19`($sp)
$PUSH $out,`$FRAME-$SIZE_T*19`($sp)
$PUSH r14,`$FRAME-$SIZE_T*18`($sp)
$PUSH r15,`$FRAME-$SIZE_T*17`($sp)
$PUSH r16,`$FRAME-$SIZE_T*16`($sp)
@ -365,16 +363,61 @@ $code.=<<___;
bne Lenc_unaligned
Lenc_unaligned_ok:
___
$code.=<<___ if (!$LITTLE_ENDIAN);
lwz $s0,0($inp)
lwz $s1,4($inp)
lwz $s2,8($inp)
lwz $s3,12($inp)
___
$code.=<<___ if ($LITTLE_ENDIAN);
lwz $t0,0($inp)
lwz $t1,4($inp)
lwz $t2,8($inp)
lwz $t3,12($inp)
rotlwi $s0,$t0,8
rotlwi $s1,$t1,8
rotlwi $s2,$t2,8
rotlwi $s3,$t3,8
rlwimi $s0,$t0,24,0,7
rlwimi $s1,$t1,24,0,7
rlwimi $s2,$t2,24,0,7
rlwimi $s3,$t3,24,0,7
rlwimi $s0,$t0,24,16,23
rlwimi $s1,$t1,24,16,23
rlwimi $s2,$t2,24,16,23
rlwimi $s3,$t3,24,16,23
___
$code.=<<___;
bl LAES_Te
bl Lppc_AES_encrypt_compact
$POP $out,`$FRAME-$SIZE_T*19`($sp)
___
$code.=<<___ if ($LITTLE_ENDIAN);
rotlwi $t0,$s0,8
rotlwi $t1,$s1,8
rotlwi $t2,$s2,8
rotlwi $t3,$s3,8
rlwimi $t0,$s0,24,0,7
rlwimi $t1,$s1,24,0,7
rlwimi $t2,$s2,24,0,7
rlwimi $t3,$s3,24,0,7
rlwimi $t0,$s0,24,16,23
rlwimi $t1,$s1,24,16,23
rlwimi $t2,$s2,24,16,23
rlwimi $t3,$s3,24,16,23
stw $t0,0($out)
stw $t1,4($out)
stw $t2,8($out)
stw $t3,12($out)
___
$code.=<<___ if (!$LITTLE_ENDIAN);
stw $s0,0($out)
stw $s1,4($out)
stw $s2,8($out)
stw $s3,12($out)
___
$code.=<<___;
b Lenc_done
Lenc_unaligned:
@ -417,6 +460,7 @@ Lenc_xpage:
bl LAES_Te
bl Lppc_AES_encrypt_compact
$POP $out,`$FRAME-$SIZE_T*19`($sp)
extrwi $acc00,$s0,8,0
extrwi $acc01,$s0,8,8
@ -449,8 +493,6 @@ Lenc_xpage:
Lenc_done:
$POP r0,`$FRAME+$LRSAVE`($sp)
$POP $toc,`$FRAME-$SIZE_T*20`($sp)
$POP r13,`$FRAME-$SIZE_T*19`($sp)
$POP r14,`$FRAME-$SIZE_T*18`($sp)
$POP r15,`$FRAME-$SIZE_T*17`($sp)
$POP r16,`$FRAME-$SIZE_T*16`($sp)
@ -548,7 +590,7 @@ Lenc_loop:
xor $s2,$t2,$acc14
xor $s3,$t3,$acc15
addi $key,$key,16
bdnz- Lenc_loop
bdnz Lenc_loop
addi $Tbl2,$Tbl0,2048
nop
@ -764,6 +806,7 @@ Lenc_compact_done:
blr
.long 0
.byte 0,12,0x14,0,0,0,0,0
.size .AES_encrypt,.-.AES_encrypt
.globl .AES_decrypt
.align 7
@ -771,8 +814,7 @@ Lenc_compact_done:
$STU $sp,-$FRAME($sp)
mflr r0
$PUSH $toc,`$FRAME-$SIZE_T*20`($sp)
$PUSH r13,`$FRAME-$SIZE_T*19`($sp)
$PUSH $out,`$FRAME-$SIZE_T*19`($sp)
$PUSH r14,`$FRAME-$SIZE_T*18`($sp)
$PUSH r15,`$FRAME-$SIZE_T*17`($sp)
$PUSH r16,`$FRAME-$SIZE_T*16`($sp)
@ -799,16 +841,61 @@ Lenc_compact_done:
bne Ldec_unaligned
Ldec_unaligned_ok:
___
$code.=<<___ if (!$LITTLE_ENDIAN);
lwz $s0,0($inp)
lwz $s1,4($inp)
lwz $s2,8($inp)
lwz $s3,12($inp)
___
$code.=<<___ if ($LITTLE_ENDIAN);
lwz $t0,0($inp)
lwz $t1,4($inp)
lwz $t2,8($inp)
lwz $t3,12($inp)
rotlwi $s0,$t0,8
rotlwi $s1,$t1,8
rotlwi $s2,$t2,8
rotlwi $s3,$t3,8
rlwimi $s0,$t0,24,0,7
rlwimi $s1,$t1,24,0,7
rlwimi $s2,$t2,24,0,7
rlwimi $s3,$t3,24,0,7
rlwimi $s0,$t0,24,16,23
rlwimi $s1,$t1,24,16,23
rlwimi $s2,$t2,24,16,23
rlwimi $s3,$t3,24,16,23
___
$code.=<<___;
bl LAES_Td
bl Lppc_AES_decrypt_compact
$POP $out,`$FRAME-$SIZE_T*19`($sp)
___
$code.=<<___ if ($LITTLE_ENDIAN);
rotlwi $t0,$s0,8
rotlwi $t1,$s1,8
rotlwi $t2,$s2,8
rotlwi $t3,$s3,8
rlwimi $t0,$s0,24,0,7
rlwimi $t1,$s1,24,0,7
rlwimi $t2,$s2,24,0,7
rlwimi $t3,$s3,24,0,7
rlwimi $t0,$s0,24,16,23
rlwimi $t1,$s1,24,16,23
rlwimi $t2,$s2,24,16,23
rlwimi $t3,$s3,24,16,23
stw $t0,0($out)
stw $t1,4($out)
stw $t2,8($out)
stw $t3,12($out)
___
$code.=<<___ if (!$LITTLE_ENDIAN);
stw $s0,0($out)
stw $s1,4($out)
stw $s2,8($out)
stw $s3,12($out)
___
$code.=<<___;
b Ldec_done
Ldec_unaligned:
@ -851,6 +938,7 @@ Ldec_xpage:
bl LAES_Td
bl Lppc_AES_decrypt_compact
$POP $out,`$FRAME-$SIZE_T*19`($sp)
extrwi $acc00,$s0,8,0
extrwi $acc01,$s0,8,8
@ -883,8 +971,6 @@ Ldec_xpage:
Ldec_done:
$POP r0,`$FRAME+$LRSAVE`($sp)
$POP $toc,`$FRAME-$SIZE_T*20`($sp)
$POP r13,`$FRAME-$SIZE_T*19`($sp)
$POP r14,`$FRAME-$SIZE_T*18`($sp)
$POP r15,`$FRAME-$SIZE_T*17`($sp)
$POP r16,`$FRAME-$SIZE_T*16`($sp)
@ -982,7 +1068,7 @@ Ldec_loop:
xor $s2,$t2,$acc14
xor $s3,$t3,$acc15
addi $key,$key,16
bdnz- Ldec_loop
bdnz Ldec_loop
addi $Tbl2,$Tbl0,2048
nop
@ -1355,6 +1441,7 @@ Ldec_compact_done:
blr
.long 0
.byte 0,12,0x14,0,0,0,0,0
.size .AES_decrypt,.-.AES_decrypt
.asciz "AES for PPC, CRYPTOGAMS by <appro\@openssl.org>"
.align 7

37
crypto/external/bsd/openssl/dist/crypto/aes/asm/aes-s390x.pl vendored
View File

@ -818,13 +818,9 @@ $code.=<<___ if (!$softonly);
tmhl %r0,0x4000 # check for message-security assist
jz .Lekey_internal
lghi %r0,0 # query capability vector
la %r1,16($sp)
.long 0xb92f0042 # kmc %r4,%r2
llihh %r1,0x8000
srlg %r1,%r1,0(%r5)
ng %r1,16($sp)
llihh %r0,0x8000
srlg %r0,%r0,0(%r5)
ng %r0,48(%r1) # check kmc capability vector
jz .Lekey_internal
lmg %r0,%r1,0($inp) # just copy 128 bits...
@ -1444,13 +1440,10 @@ $code.=<<___ if (0); ######### kmctr code was measured to be ~12% slower
llgfr $s0,%r0
lgr $s1,%r1
lghi %r0,0
la %r1,16($sp)
.long 0xb92d2042 # kmctr %r4,%r2,%r2
larl %r1,OPENSSL_s390xcap_P
llihh %r0,0x8000 # check if kmctr supports the function code
srlg %r0,%r0,0($s0)
ng %r0,16($sp)
ng %r0,64(%r1) # check kmctr capability vector
lgr %r0,$s0
lgr %r1,$s1
jz .Lctr32_km_loop
@ -1575,8 +1568,8 @@ ___
}
########################################################################
# void AES_xts_encrypt(const char *inp,char *out,size_t len,
# const AES_KEY *key1, const AES_KEY *key2,
# void AES_xts_encrypt(const unsigned char *inp, unsigned char *out,
# size_t len, const AES_KEY *key1, const AES_KEY *key2,
# const unsigned char iv[16]);
#
{
@ -1597,12 +1590,10 @@ $code.=<<___ if(1);
llgfr $s0,%r0 # put aside the function code
lghi $s1,0x7f
nr $s1,%r0
lghi %r0,0 # query capability vector
la %r1,$tweak-16($sp)
.long 0xb92e0042 # km %r4,%r2
llihh %r1,0x8000
srlg %r1,%r1,32($s1) # check for 32+function code
ng %r1,$tweak-16($sp)
larl %r1,OPENSSL_s390xcap_P
llihh %r0,0x8000
srlg %r0,%r0,32($s1) # check for 32+function code
ng %r0,32(%r1) # check km capability vector
lgr %r0,$s0 # restore the function code
la %r1,0($key1) # restore $key1
jz .Lxts_km_vanilla
@ -1946,8 +1937,8 @@ $code.=<<___;
br $ra
.size AES_xts_encrypt,.-AES_xts_encrypt
___
# void AES_xts_decrypt(const char *inp,char *out,size_t len,
# const AES_KEY *key1, const AES_KEY *key2,
# void AES_xts_decrypt(const unsigned char *inp, unsigned char *out,
# size_t len, const AES_KEY *key1, const AES_KEY *key2,
# const unsigned char iv[16]);
#
$code.=<<___;
@ -2229,7 +2220,7 @@ ___
}
$code.=<<___;
.string "AES for s390x, CRYPTOGAMS by <appro\@openssl.org>"
.comm OPENSSL_s390xcap_P,16,8
.comm OPENSSL_s390xcap_P,80,8
___
$code =~ s/\`([^\`]*)\`/eval $1/gem;

266
crypto/external/bsd/openssl/dist/crypto/aes/asm/aes-x86_64.pl vendored
View File

@ -19,9 +19,10 @@
# Performance in number of cycles per processed byte for 128-bit key:
#
# ECB encrypt ECB decrypt CBC large chunk
# AMD64 33 41 13.0
# EM64T 38 59 18.6(*)
# Core 2 30 43 14.5(*)
# AMD64 33 43 13.0
# EM64T 38 56 18.6(*)
# Core 2 30 42 14.5(*)
# Atom 65 86 32.1(*)
#
# (*) with hyper-threading off
@ -366,68 +367,66 @@ $code.=<<___;
movzb `&lo("$s0")`,$t0
movzb `&lo("$s1")`,$t1
movzb `&lo("$s2")`,$t2
movzb ($sbox,$t0,1),$t0
movzb ($sbox,$t1,1),$t1
movzb ($sbox,$t2,1),$t2
movzb `&lo("$s3")`,$t3
movzb `&hi("$s1")`,$acc0
movzb `&hi("$s2")`,$acc1
movzb ($sbox,$t3,1),$t3
movzb ($sbox,$acc0,1),$t4 #$t0
movzb ($sbox,$acc1,1),$t5 #$t1
movzb `&hi("$s3")`,$acc2
movzb `&hi("$s0")`,$acc0
shr \$16,$s2
movzb `&hi("$s3")`,$acc2
movzb ($sbox,$t0,1),$t0
movzb ($sbox,$t1,1),$t1
movzb ($sbox,$t2,1),$t2
movzb ($sbox,$t3,1),$t3
movzb ($sbox,$acc0,1),$t4 #$t0
movzb `&hi("$s0")`,$acc0
movzb ($sbox,$acc1,1),$t5 #$t1
movzb `&lo("$s2")`,$acc1
movzb ($sbox,$acc2,1),$acc2 #$t2
movzb ($sbox,$acc0,1),$acc0 #$t3
shr \$16,$s3
movzb `&lo("$s2")`,$acc1
shl \$8,$t4
shr \$16,$s3
shl \$8,$t5
movzb ($sbox,$acc1,1),$acc1 #$t0
xor $t4,$t0
xor $t5,$t1
movzb `&lo("$s3")`,$t4
shr \$16,$s0
movzb `&lo("$s3")`,$t4
shr \$16,$s1
movzb `&lo("$s0")`,$t5
xor $t5,$t1
shl \$8,$acc2
shl \$8,$acc0
movzb ($sbox,$t4,1),$t4 #$t1
movzb ($sbox,$t5,1),$t5 #$t2
movzb `&lo("$s0")`,$t5
movzb ($sbox,$acc1,1),$acc1 #$t0
xor $acc2,$t2
xor $acc0,$t3
shl \$8,$acc0
movzb `&lo("$s1")`,$acc2
movzb `&hi("$s3")`,$acc0
shl \$16,$acc1
movzb ($sbox,$acc2,1),$acc2 #$t3
movzb ($sbox,$acc0,1),$acc0 #$t0
xor $acc0,$t3
movzb ($sbox,$t4,1),$t4 #$t1
movzb `&hi("$s3")`,$acc0
movzb ($sbox,$t5,1),$t5 #$t2
xor $acc1,$t0
movzb `&hi("$s0")`,$acc1
shr \$8,$s2
movzb `&hi("$s0")`,$acc1
shl \$16,$t4
shr \$8,$s1
shl \$16,$t5
xor $t4,$t1
movzb ($sbox,$acc2,1),$acc2 #$t3
movzb ($sbox,$acc0,1),$acc0 #$t0
movzb ($sbox,$acc1,1),$acc1 #$t1
movzb ($sbox,$s2,1),$s3 #$t3
movzb ($sbox,$s1,1),$s2 #$t2
shl \$16,$t4
shl \$16,$t5
shl \$16,$acc2
xor $t4,$t1
xor $t5,$t2
xor $acc2,$t3
shl \$16,$acc2
xor $t5,$t2
shl \$24,$acc0
xor $acc2,$t3
shl \$24,$acc1
shl \$24,$s3
xor $acc0,$t0
shl \$24,$s2
shl \$24,$s3
xor $acc1,$t1
shl \$24,$s2
mov $t0,$s0
mov $t1,$s1
xor $t2,$s2
@ -466,12 +465,12 @@ sub enctransform()
{ my ($t3,$r20,$r21)=($acc2,"%r8d","%r9d");
$code.=<<___;
mov $s0,$acc0
mov $s1,$acc1
and \$0x80808080,$acc0
and \$0x80808080,$acc1
mov $acc0,$t0
mov $acc1,$t1
mov \$0x80808080,$t0
mov \$0x80808080,$t1
and $s0,$t0
and $s1,$t1
mov $t0,$acc0
mov $t1,$acc1
shr \$7,$t0
lea ($s0,$s0),$r20
shr \$7,$t1
@ -489,25 +488,25 @@ $code.=<<___;
xor $r20,$s0
xor $r21,$s1
mov $s2,$acc0
mov $s3,$acc1
mov \$0x80808080,$t2
rol \$24,$s0
mov \$0x80808080,$t3
rol \$24,$s1
and \$0x80808080,$acc0
and \$0x80808080,$acc1
and $s2,$t2
and $s3,$t3
xor $r20,$s0
xor $r21,$s1
mov $acc0,$t2
mov $acc1,$t3
mov $t2,$acc0
ror \$16,$t0
mov $t3,$acc1
ror \$16,$t1
shr \$7,$t2
lea ($s2,$s2),$r20
shr \$7,$t2
xor $t0,$s0
xor $t1,$s1
shr \$7,$t3
lea ($s3,$s3),$r21
xor $t1,$s1
ror \$8,$t0
lea ($s3,$s3),$r21
ror \$8,$t1
sub $t2,$acc0
sub $t3,$acc1
@ -523,23 +522,23 @@ $code.=<<___;
xor $acc0,$r20
xor $acc1,$r21
ror \$16,$t2
xor $r20,$s2
ror \$16,$t3
xor $r21,$s3
rol \$24,$s2
mov 0($sbox),$acc0 # prefetch Te4
rol \$24,$s3
xor $r20,$s2
xor $r21,$s3
mov 0($sbox),$acc0 # prefetch Te4
ror \$16,$t2
ror \$16,$t3
mov 64($sbox),$acc1
xor $t2,$s2
xor $t3,$s3
xor $r21,$s3
mov 128($sbox),$r20
ror \$8,$t2
ror \$8,$t3
mov 192($sbox),$r21
xor $t2,$s2
ror \$8,$t2
xor $t3,$s3
ror \$8,$t3
xor $t2,$s2
mov 192($sbox),$r21
xor $t3,$s3
___
}
@ -936,70 +935,69 @@ $code.=<<___;
movzb `&lo("$s0")`,$t0
movzb `&lo("$s1")`,$t1
movzb `&lo("$s2")`,$t2
movzb ($sbox,$t0,1),$t0
movzb ($sbox,$t1,1),$t1
movzb ($sbox,$t2,1),$t2
movzb `&lo("$s3")`,$t3
movzb `&hi("$s3")`,$acc0
movzb `&hi("$s0")`,$acc1
movzb ($sbox,$t3,1),$t3
movzb ($sbox,$acc0,1),$t4 #$t0
movzb ($sbox,$acc1,1),$t5 #$t1
shr \$16,$s3
movzb `&hi("$s1")`,$acc2
movzb ($sbox,$t0,1),$t0
movzb ($sbox,$t1,1),$t1
movzb ($sbox,$t2,1),$t2
movzb ($sbox,$t3,1),$t3
movzb ($sbox,$acc0,1),$t4 #$t0
movzb `&hi("$s2")`,$acc0
shr \$16,$s2
movzb ($sbox,$acc1,1),$t5 #$t1
movzb ($sbox,$acc2,1),$acc2 #$t2
movzb ($sbox,$acc0,1),$acc0 #$t3
shr \$16,$s3
movzb `&lo("$s2")`,$acc1
shl \$8,$t4
shr \$16,$s2
shl \$8,$t5
movzb ($sbox,$acc1,1),$acc1 #$t0
xor $t4,$t0
xor $t5,$t1
movzb `&lo("$s3")`,$t4
shl \$8,$t4
movzb `&lo("$s2")`,$acc1
shr \$16,$s0
xor $t4,$t0
shr \$16,$s1
movzb `&lo("$s0")`,$t5
movzb `&lo("$s3")`,$t4
shl \$8,$acc2
xor $t5,$t1
shl \$8,$acc0
movzb ($sbox,$t4,1),$t4 #$t1
movzb ($sbox,$t5,1),$t5 #$t2
movzb `&lo("$s0")`,$t5
movzb ($sbox,$acc1,1),$acc1 #$t0
xor $acc2,$t2
xor $acc0,$t3
movzb `&lo("$s1")`,$acc2
movzb `&hi("$s1")`,$acc0
shl \$16,$acc1
movzb ($sbox,$acc2,1),$acc2 #$t3
movzb ($sbox,$acc0,1),$acc0 #$t0
xor $acc1,$t0
shl \$16,$acc1
xor $acc0,$t3
movzb ($sbox,$t4,1),$t4 #$t1
movzb `&hi("$s1")`,$acc0
movzb ($sbox,$acc2,1),$acc2 #$t3
xor $acc1,$t0
movzb ($sbox,$t5,1),$t5 #$t2
movzb `&hi("$s2")`,$acc1
shl \$16,$acc2
shl \$16,$t4
shl \$16,$t5
movzb ($sbox,$acc1,1),$s1 #$t1
xor $acc2,$t3
movzb `&hi("$s3")`,$acc2
xor $t4,$t1
shr \$8,$s0
xor $t5,$t2
movzb `&hi("$s3")`,$acc1
shr \$8,$s0
shl \$16,$acc2
movzb ($sbox,$acc1,1),$s2 #$t2
movzb ($sbox,$acc0,1),$acc0 #$t0
movzb ($sbox,$acc1,1),$s1 #$t1
movzb ($sbox,$acc2,1),$s2 #$t2
movzb ($sbox,$s0,1),$s3 #$t3
xor $acc2,$t3
mov $t0,$s0
shl \$24,$acc0
shl \$24,$s1
shl \$24,$s2
xor $acc0,$t0
xor $acc0,$s0
shl \$24,$s3
xor $t1,$s1
mov $t0,$s0
xor $t2,$s2
xor $t3,$s3
___
@ -1014,12 +1012,12 @@ sub dectransform()
my $prefetch = shift;
$code.=<<___;
mov $tp10,$acc0
mov $tp18,$acc8
and $mask80,$acc0
and $mask80,$acc8
mov $acc0,$tp40
mov $acc8,$tp48
mov $mask80,$tp40
mov $mask80,$tp48
and $tp10,$tp40
and $tp18,$tp48
mov $tp40,$acc0
mov $tp48,$acc8
shr \$7,$tp40
lea ($tp10,$tp10),$tp20
shr \$7,$tp48
@ -1030,15 +1028,15 @@ $code.=<<___;
and $maskfe,$tp28
and $mask1b,$acc0
and $mask1b,$acc8
xor $tp20,$acc0
xor $tp28,$acc8
mov $acc0,$tp20
mov $acc8,$tp28
xor $acc0,$tp20
xor $acc8,$tp28
mov $mask80,$tp80
mov $mask80,$tp88
and $mask80,$acc0
and $mask80,$acc8
mov $acc0,$tp80
mov $acc8,$tp88
and $tp20,$tp80
and $tp28,$tp88
mov $tp80,$acc0
mov $tp88,$acc8
shr \$7,$tp80
lea ($tp20,$tp20),$tp40
shr \$7,$tp88
@ -1049,15 +1047,15 @@ $code.=<<___;
and $maskfe,$tp48
and $mask1b,$acc0
and $mask1b,$acc8
xor $tp40,$acc0
xor $tp48,$acc8
mov $acc0,$tp40
mov $acc8,$tp48
xor $acc0,$tp40
xor $acc8,$tp48
mov $mask80,$tp80
mov $mask80,$tp88
and $mask80,$acc0
and $mask80,$acc8
mov $acc0,$tp80
mov $acc8,$tp88
and $tp40,$tp80
and $tp48,$tp88
mov $tp80,$acc0
mov $tp88,$acc8
shr \$7,$tp80
xor $tp10,$tp20 # tp2^=tp1
shr \$7,$tp88
@ -1082,51 +1080,51 @@ $code.=<<___;
mov $tp10,$acc0
mov $tp18,$acc8
xor $tp80,$tp40 # tp4^tp1^=tp8
xor $tp88,$tp48 # tp4^tp1^=tp8
shr \$32,$acc0
xor $tp88,$tp48 # tp4^tp1^=tp8
shr \$32,$acc8
xor $tp20,$tp80 # tp8^=tp8^tp2^tp1=tp2^tp1
xor $tp28,$tp88 # tp8^=tp8^tp2^tp1=tp2^tp1
rol \$8,`&LO("$tp10")` # ROTATE(tp1^tp8,8)
xor $tp28,$tp88 # tp8^=tp8^tp2^tp1=tp2^tp1
rol \$8,`&LO("$tp18")` # ROTATE(tp1^tp8,8)
xor $tp40,$tp80 # tp2^tp1^=tp8^tp4^tp1=tp8^tp4^tp2
rol \$8,`&LO("$acc0")` # ROTATE(tp1^tp8,8)
xor $tp48,$tp88 # tp2^tp1^=tp8^tp4^tp1=tp8^tp4^tp2
rol \$8,`&LO("$acc0")` # ROTATE(tp1^tp8,8)
rol \$8,`&LO("$acc8")` # ROTATE(tp1^tp8,8)
xor `&LO("$tp80")`,`&LO("$tp10")`
xor `&LO("$tp88")`,`&LO("$tp18")`
shr \$32,$tp80
xor `&LO("$tp88")`,`&LO("$tp18")`
shr \$32,$tp88
xor `&LO("$tp80")`,`&LO("$acc0")`
xor `&LO("$tp88")`,`&LO("$acc8")`
mov $tp20,$tp80
mov $tp28,$tp88
shr \$32,$tp80
shr \$32,$tp88
rol \$24,`&LO("$tp20")` # ROTATE(tp2^tp1^tp8,24)
mov $tp28,$tp88
rol \$24,`&LO("$tp28")` # ROTATE(tp2^tp1^tp8,24)
rol \$24,`&LO("$tp80")` # ROTATE(tp2^tp1^tp8,24)
rol \$24,`&LO("$tp88")` # ROTATE(tp2^tp1^tp8,24)
shr \$32,$tp80
xor `&LO("$tp20")`,`&LO("$tp10")`
shr \$32,$tp88
xor `&LO("$tp28")`,`&LO("$tp18")`
rol \$24,`&LO("$tp80")` # ROTATE(tp2^tp1^tp8,24)
mov $tp40,$tp20
rol \$24,`&LO("$tp88")` # ROTATE(tp2^tp1^tp8,24)
mov $tp48,$tp28
shr \$32,$tp20
xor `&LO("$tp80")`,`&LO("$acc0")`
shr \$32,$tp28
xor `&LO("$tp88")`,`&LO("$acc8")`
`"mov 0($sbox),$mask80" if ($prefetch)`
shr \$32,$tp20
shr \$32,$tp28
`"mov 64($sbox),$maskfe" if ($prefetch)`
rol \$16,`&LO("$tp40")` # ROTATE(tp4^tp1^tp8,16)
`"mov 64($sbox),$maskfe" if ($prefetch)`
rol \$16,`&LO("$tp48")` # ROTATE(tp4^tp1^tp8,16)
`"mov 128($sbox),$mask1b" if ($prefetch)`
rol \$16,`&LO("$tp20")` # ROTATE(tp4^tp1^tp8,16)
rol \$16,`&LO("$tp28")` # ROTATE(tp4^tp1^tp8,16)
`"mov 192($sbox),$tp80" if ($prefetch)`
xor `&LO("$tp40")`,`&LO("$tp10")`
rol \$16,`&LO("$tp28")` # ROTATE(tp4^tp1^tp8,16)
xor `&LO("$tp48")`,`&LO("$tp18")`
`"mov 256($sbox),$tp88" if ($prefetch)`
xor `&LO("$tp20")`,`&LO("$acc0")`
@ -1302,10 +1300,6 @@ private_AES_set_encrypt_key:
call _x86_64_AES_set_encrypt_key
mov 8(%rsp),%r15
mov 16(%rsp),%r14
mov 24(%rsp),%r13
mov 32(%rsp),%r12
mov 40(%rsp),%rbp
mov 48(%rsp),%rbx
add \$56,%rsp
@ -1679,12 +1673,12 @@ AES_cbc_encrypt:
lea .LAES_Td(%rip),$sbox
.Lcbc_picked_te:
mov OPENSSL_ia32cap_P(%rip),%r10
mov OPENSSL_ia32cap_P(%rip),%r10d
cmp \$$speed_limit,%rdx
jb .Lcbc_slow_prologue
test \$15,%rdx
jnz .Lcbc_slow_prologue
bt \$28,(%r10)
bt \$28,%r10d
jc .Lcbc_slow_prologue
# allocate aligned stack frame...

1395
crypto/external/bsd/openssl/dist/crypto/aes/asm/aesni-mb-x86_64.pl vendored Normal file
View File

File diff suppressed because it is too large Load Diff

1155
crypto/external/bsd/openssl/dist/crypto/aes/asm/aesni-sha1-x86_64.pl vendored
View File

File diff suppressed because it is too large Load Diff

1705
crypto/external/bsd/openssl/dist/crypto/aes/asm/aesni-sha256-x86_64.pl vendored Normal file
View File

File diff suppressed because it is too large Load Diff

646
crypto/external/bsd/openssl/dist/crypto/aes/asm/aesni-x86.pl vendored
View File

File diff suppressed because it is too large Load Diff

Some files were not shown because too many files have changed in this diff Show More