[Midnightbsd-cvs] src [6872] U trunk/crypto/openssl/util: merge 0.9.8zb
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Sun Oct 12 16:48:05 EDT 2014
Revision: 6872
http://svnweb.midnightbsd.org/src/?rev=6872
Author: laffer1
Date: 2014-10-12 16:48:00 -0400 (Sun, 12 Oct 2014)
Log Message:
-----------
merge 0.9.8zb
Modified Paths:
--------------
trunk/crypto/openssl/ACKNOWLEDGMENTS
trunk/crypto/openssl/CHANGES
trunk/crypto/openssl/Configure
trunk/crypto/openssl/FAQ
trunk/crypto/openssl/Makefile
trunk/crypto/openssl/Makefile.org
trunk/crypto/openssl/NEWS
trunk/crypto/openssl/README
trunk/crypto/openssl/apps/app_rand.c
trunk/crypto/openssl/apps/apps.c
trunk/crypto/openssl/apps/asn1pars.c
trunk/crypto/openssl/apps/ca.c
trunk/crypto/openssl/apps/ciphers.c
trunk/crypto/openssl/apps/cms.c
trunk/crypto/openssl/apps/crl.c
trunk/crypto/openssl/apps/crl2p7.c
trunk/crypto/openssl/apps/dgst.c
trunk/crypto/openssl/apps/dh.c
trunk/crypto/openssl/apps/dhparam.c
trunk/crypto/openssl/apps/dsa.c
trunk/crypto/openssl/apps/dsaparam.c
trunk/crypto/openssl/apps/ec.c
trunk/crypto/openssl/apps/ecparam.c
trunk/crypto/openssl/apps/enc.c
trunk/crypto/openssl/apps/engine.c
trunk/crypto/openssl/apps/errstr.c
trunk/crypto/openssl/apps/gendh.c
trunk/crypto/openssl/apps/gendsa.c
trunk/crypto/openssl/apps/genrsa.c
trunk/crypto/openssl/apps/nseq.c
trunk/crypto/openssl/apps/ocsp.c
trunk/crypto/openssl/apps/openssl.c
trunk/crypto/openssl/apps/openssl.cnf
trunk/crypto/openssl/apps/passwd.c
trunk/crypto/openssl/apps/pkcs12.c
trunk/crypto/openssl/apps/pkcs7.c
trunk/crypto/openssl/apps/pkcs8.c
trunk/crypto/openssl/apps/prime.c
trunk/crypto/openssl/apps/rand.c
trunk/crypto/openssl/apps/req.c
trunk/crypto/openssl/apps/rsa.c
trunk/crypto/openssl/apps/rsautl.c
trunk/crypto/openssl/apps/s_cb.c
trunk/crypto/openssl/apps/s_client.c
trunk/crypto/openssl/apps/s_server.c
trunk/crypto/openssl/apps/s_socket.c
trunk/crypto/openssl/apps/s_time.c
trunk/crypto/openssl/apps/sess_id.c
trunk/crypto/openssl/apps/smime.c
trunk/crypto/openssl/apps/speed.c
trunk/crypto/openssl/apps/spkac.c
trunk/crypto/openssl/apps/verify.c
trunk/crypto/openssl/apps/version.c
trunk/crypto/openssl/apps/winrand.c
trunk/crypto/openssl/apps/x509.c
trunk/crypto/openssl/crypto/LPdir_nyi.c
trunk/crypto/openssl/crypto/LPdir_unix.c
trunk/crypto/openssl/crypto/LPdir_vms.c
trunk/crypto/openssl/crypto/LPdir_win.c
trunk/crypto/openssl/crypto/LPdir_win32.c
trunk/crypto/openssl/crypto/LPdir_wince.c
trunk/crypto/openssl/crypto/asn1/a_bitstr.c
trunk/crypto/openssl/crypto/asn1/a_bool.c
trunk/crypto/openssl/crypto/asn1/a_bytes.c
trunk/crypto/openssl/crypto/asn1/a_d2i_fp.c
trunk/crypto/openssl/crypto/asn1/a_digest.c
trunk/crypto/openssl/crypto/asn1/a_dup.c
trunk/crypto/openssl/crypto/asn1/a_enum.c
trunk/crypto/openssl/crypto/asn1/a_gentm.c
trunk/crypto/openssl/crypto/asn1/a_hdr.c
trunk/crypto/openssl/crypto/asn1/a_i2d_fp.c
trunk/crypto/openssl/crypto/asn1/a_int.c
trunk/crypto/openssl/crypto/asn1/a_mbstr.c
trunk/crypto/openssl/crypto/asn1/a_meth.c
trunk/crypto/openssl/crypto/asn1/a_object.c
trunk/crypto/openssl/crypto/asn1/a_octet.c
trunk/crypto/openssl/crypto/asn1/a_print.c
trunk/crypto/openssl/crypto/asn1/a_set.c
trunk/crypto/openssl/crypto/asn1/a_sign.c
trunk/crypto/openssl/crypto/asn1/a_strex.c
trunk/crypto/openssl/crypto/asn1/a_strnid.c
trunk/crypto/openssl/crypto/asn1/a_time.c
trunk/crypto/openssl/crypto/asn1/a_type.c
trunk/crypto/openssl/crypto/asn1/a_utctm.c
trunk/crypto/openssl/crypto/asn1/a_utf8.c
trunk/crypto/openssl/crypto/asn1/a_verify.c
trunk/crypto/openssl/crypto/asn1/asn1.h
trunk/crypto/openssl/crypto/asn1/asn1_err.c
trunk/crypto/openssl/crypto/asn1/asn1_gen.c
trunk/crypto/openssl/crypto/asn1/asn1_lib.c
trunk/crypto/openssl/crypto/asn1/asn1_mac.h
trunk/crypto/openssl/crypto/asn1/asn1_par.c
trunk/crypto/openssl/crypto/asn1/asn1t.h
trunk/crypto/openssl/crypto/asn1/asn_mime.c
trunk/crypto/openssl/crypto/asn1/asn_moid.c
trunk/crypto/openssl/crypto/asn1/asn_pack.c
trunk/crypto/openssl/crypto/asn1/charmap.h
trunk/crypto/openssl/crypto/asn1/d2i_pr.c
trunk/crypto/openssl/crypto/asn1/d2i_pu.c
trunk/crypto/openssl/crypto/asn1/evp_asn1.c
trunk/crypto/openssl/crypto/asn1/f_enum.c
trunk/crypto/openssl/crypto/asn1/f_int.c
trunk/crypto/openssl/crypto/asn1/f_string.c
trunk/crypto/openssl/crypto/asn1/i2d_pr.c
trunk/crypto/openssl/crypto/asn1/i2d_pu.c
trunk/crypto/openssl/crypto/asn1/n_pkey.c
trunk/crypto/openssl/crypto/asn1/nsseq.c
trunk/crypto/openssl/crypto/asn1/p5_pbe.c
trunk/crypto/openssl/crypto/asn1/p5_pbev2.c
trunk/crypto/openssl/crypto/asn1/p8_key.c
trunk/crypto/openssl/crypto/asn1/p8_pkey.c
trunk/crypto/openssl/crypto/asn1/t_bitst.c
trunk/crypto/openssl/crypto/asn1/t_crl.c
trunk/crypto/openssl/crypto/asn1/t_pkey.c
trunk/crypto/openssl/crypto/asn1/t_req.c
trunk/crypto/openssl/crypto/asn1/t_spki.c
trunk/crypto/openssl/crypto/asn1/t_x509.c
trunk/crypto/openssl/crypto/asn1/t_x509a.c
trunk/crypto/openssl/crypto/asn1/tasn_dec.c
trunk/crypto/openssl/crypto/asn1/tasn_enc.c
trunk/crypto/openssl/crypto/asn1/tasn_fre.c
trunk/crypto/openssl/crypto/asn1/tasn_new.c
trunk/crypto/openssl/crypto/asn1/tasn_prn.c
trunk/crypto/openssl/crypto/asn1/tasn_typ.c
trunk/crypto/openssl/crypto/asn1/tasn_utl.c
trunk/crypto/openssl/crypto/asn1/x_algor.c
trunk/crypto/openssl/crypto/asn1/x_attrib.c
trunk/crypto/openssl/crypto/asn1/x_bignum.c
trunk/crypto/openssl/crypto/asn1/x_crl.c
trunk/crypto/openssl/crypto/asn1/x_exten.c
trunk/crypto/openssl/crypto/asn1/x_info.c
trunk/crypto/openssl/crypto/asn1/x_long.c
trunk/crypto/openssl/crypto/asn1/x_name.c
trunk/crypto/openssl/crypto/asn1/x_pkey.c
trunk/crypto/openssl/crypto/asn1/x_pubkey.c
trunk/crypto/openssl/crypto/asn1/x_req.c
trunk/crypto/openssl/crypto/asn1/x_sig.c
trunk/crypto/openssl/crypto/asn1/x_spki.c
trunk/crypto/openssl/crypto/asn1/x_val.c
trunk/crypto/openssl/crypto/asn1/x_x509.c
trunk/crypto/openssl/crypto/asn1/x_x509a.c
trunk/crypto/openssl/crypto/bio/bio_lib.c
trunk/crypto/openssl/crypto/bn/bn_gf2m.c
trunk/crypto/openssl/crypto/bn/bn_lib.c
trunk/crypto/openssl/crypto/bn/bn_mont.c
trunk/crypto/openssl/crypto/bn/bn_sqr.c
trunk/crypto/openssl/crypto/cms/cms_cd.c
trunk/crypto/openssl/crypto/cms/cms_env.c
trunk/crypto/openssl/crypto/cms/cms_lib.c
trunk/crypto/openssl/crypto/cms/cms_sd.c
trunk/crypto/openssl/crypto/cms/cms_smime.c
trunk/crypto/openssl/crypto/conf/conf_api.c
trunk/crypto/openssl/crypto/conf/conf_def.c
trunk/crypto/openssl/crypto/cpt_err.c
trunk/crypto/openssl/crypto/cryptlib.c
trunk/crypto/openssl/crypto/cryptlib.h
trunk/crypto/openssl/crypto/crypto-lib.com
trunk/crypto/openssl/crypto/crypto.h
trunk/crypto/openssl/crypto/cversion.c
trunk/crypto/openssl/crypto/des/des-lib.com
trunk/crypto/openssl/crypto/dh/dh.h
trunk/crypto/openssl/crypto/dh/dh_asn1.c
trunk/crypto/openssl/crypto/dh/dh_check.c
trunk/crypto/openssl/crypto/dh/dh_depr.c
trunk/crypto/openssl/crypto/dh/dh_err.c
trunk/crypto/openssl/crypto/dh/dh_gen.c
trunk/crypto/openssl/crypto/dh/dh_key.c
trunk/crypto/openssl/crypto/dh/dh_lib.c
trunk/crypto/openssl/crypto/dh/dhtest.c
trunk/crypto/openssl/crypto/dh/p1024.c
trunk/crypto/openssl/crypto/dh/p192.c
trunk/crypto/openssl/crypto/dh/p512.c
trunk/crypto/openssl/crypto/dsa/dsa.h
trunk/crypto/openssl/crypto/dsa/dsa_asn1.c
trunk/crypto/openssl/crypto/dsa/dsa_depr.c
trunk/crypto/openssl/crypto/dsa/dsa_err.c
trunk/crypto/openssl/crypto/dsa/dsa_gen.c
trunk/crypto/openssl/crypto/dsa/dsa_key.c
trunk/crypto/openssl/crypto/dsa/dsa_lib.c
trunk/crypto/openssl/crypto/dsa/dsa_ossl.c
trunk/crypto/openssl/crypto/dsa/dsa_sign.c
trunk/crypto/openssl/crypto/dsa/dsa_utl.c
trunk/crypto/openssl/crypto/dsa/dsa_vrf.c
trunk/crypto/openssl/crypto/dsa/dsagen.c
trunk/crypto/openssl/crypto/dsa/dsatest.c
trunk/crypto/openssl/crypto/dso/dso_win32.c
trunk/crypto/openssl/crypto/dyn_lck.c
trunk/crypto/openssl/crypto/ebcdic.c
trunk/crypto/openssl/crypto/ebcdic.h
trunk/crypto/openssl/crypto/ec/ec.h
trunk/crypto/openssl/crypto/ec/ec_key.c
trunk/crypto/openssl/crypto/ec/ec_lib.c
trunk/crypto/openssl/crypto/ec/ecp_smpl.c
trunk/crypto/openssl/crypto/ecdh/ech_lib.c
trunk/crypto/openssl/crypto/ecdsa/ecs_lib.c
trunk/crypto/openssl/crypto/engine/eng_all.c
trunk/crypto/openssl/crypto/engine/engine.h
trunk/crypto/openssl/crypto/err/err_all.c
trunk/crypto/openssl/crypto/err/openssl.ec
trunk/crypto/openssl/crypto/evp/bio_b64.c
trunk/crypto/openssl/crypto/evp/encode.c
trunk/crypto/openssl/crypto/ex_data.c
trunk/crypto/openssl/crypto/fips_err.c
trunk/crypto/openssl/crypto/fips_err.h
trunk/crypto/openssl/crypto/idea/ideatest.c
trunk/crypto/openssl/crypto/install.com
trunk/crypto/openssl/crypto/md32_common.h
trunk/crypto/openssl/crypto/mem.c
trunk/crypto/openssl/crypto/mem_clr.c
trunk/crypto/openssl/crypto/mem_dbg.c
trunk/crypto/openssl/crypto/o_dir.c
trunk/crypto/openssl/crypto/o_dir.h
trunk/crypto/openssl/crypto/o_dir_test.c
trunk/crypto/openssl/crypto/o_init.c
trunk/crypto/openssl/crypto/o_str.c
trunk/crypto/openssl/crypto/o_str.h
trunk/crypto/openssl/crypto/o_time.c
trunk/crypto/openssl/crypto/o_time.h
trunk/crypto/openssl/crypto/ocsp/ocsp.h
trunk/crypto/openssl/crypto/ocsp/ocsp_asn.c
trunk/crypto/openssl/crypto/ocsp/ocsp_cl.c
trunk/crypto/openssl/crypto/ocsp/ocsp_err.c
trunk/crypto/openssl/crypto/ocsp/ocsp_ext.c
trunk/crypto/openssl/crypto/ocsp/ocsp_ht.c
trunk/crypto/openssl/crypto/ocsp/ocsp_lib.c
trunk/crypto/openssl/crypto/ocsp/ocsp_prn.c
trunk/crypto/openssl/crypto/ocsp/ocsp_srv.c
trunk/crypto/openssl/crypto/ocsp/ocsp_vfy.c
trunk/crypto/openssl/crypto/opensslconf.h
trunk/crypto/openssl/crypto/opensslv.h
trunk/crypto/openssl/crypto/ossl_typ.h
trunk/crypto/openssl/crypto/pem/pem.h
trunk/crypto/openssl/crypto/pem/pem2.h
trunk/crypto/openssl/crypto/pem/pem_all.c
trunk/crypto/openssl/crypto/pem/pem_err.c
trunk/crypto/openssl/crypto/pem/pem_info.c
trunk/crypto/openssl/crypto/pem/pem_lib.c
trunk/crypto/openssl/crypto/pem/pem_oth.c
trunk/crypto/openssl/crypto/pem/pem_pk8.c
trunk/crypto/openssl/crypto/pem/pem_pkey.c
trunk/crypto/openssl/crypto/pem/pem_seal.c
trunk/crypto/openssl/crypto/pem/pem_sign.c
trunk/crypto/openssl/crypto/pem/pem_x509.c
trunk/crypto/openssl/crypto/pem/pem_xaux.c
trunk/crypto/openssl/crypto/pkcs12/p12_crt.c
trunk/crypto/openssl/crypto/pkcs12/p12_kiss.c
trunk/crypto/openssl/crypto/pkcs7/Makefile
trunk/crypto/openssl/crypto/rc5/rc5_locl.h
trunk/crypto/openssl/crypto/rsa/rsa.h
trunk/crypto/openssl/crypto/rsa/rsa_asn1.c
trunk/crypto/openssl/crypto/rsa/rsa_chk.c
trunk/crypto/openssl/crypto/rsa/rsa_depr.c
trunk/crypto/openssl/crypto/rsa/rsa_eay.c
trunk/crypto/openssl/crypto/rsa/rsa_eng.c
trunk/crypto/openssl/crypto/rsa/rsa_err.c
trunk/crypto/openssl/crypto/rsa/rsa_gen.c
trunk/crypto/openssl/crypto/rsa/rsa_lib.c
trunk/crypto/openssl/crypto/rsa/rsa_none.c
trunk/crypto/openssl/crypto/rsa/rsa_null.c
trunk/crypto/openssl/crypto/rsa/rsa_oaep.c
trunk/crypto/openssl/crypto/rsa/rsa_pk1.c
trunk/crypto/openssl/crypto/rsa/rsa_pss.c
trunk/crypto/openssl/crypto/rsa/rsa_saos.c
trunk/crypto/openssl/crypto/rsa/rsa_sign.c
trunk/crypto/openssl/crypto/rsa/rsa_ssl.c
trunk/crypto/openssl/crypto/rsa/rsa_test.c
trunk/crypto/openssl/crypto/rsa/rsa_x931.c
trunk/crypto/openssl/crypto/rsa/rsa_x931g.c
trunk/crypto/openssl/crypto/symhacks.h
trunk/crypto/openssl/crypto/threads/pthreads-vms.com
trunk/crypto/openssl/crypto/tmdiff.c
trunk/crypto/openssl/crypto/tmdiff.h
trunk/crypto/openssl/crypto/ui/ui_lib.c
trunk/crypto/openssl/crypto/uid.c
trunk/crypto/openssl/crypto/x86cpuid.pl
trunk/crypto/openssl/demos/easy_tls/Makefile
trunk/crypto/openssl/demos/easy_tls/cacerts.pem
trunk/crypto/openssl/demos/easy_tls/cert.pem
trunk/crypto/openssl/demos/easy_tls/easy-tls.c
trunk/crypto/openssl/demos/easy_tls/easy-tls.h
trunk/crypto/openssl/demos/easy_tls/test.c
trunk/crypto/openssl/demos/easy_tls/test.h
trunk/crypto/openssl/demos/engines/rsaref/build.com
trunk/crypto/openssl/demos/x509/mkreq.c
trunk/crypto/openssl/doc/apps/asn1parse.pod
trunk/crypto/openssl/doc/apps/ca.pod
trunk/crypto/openssl/doc/apps/crl.pod
trunk/crypto/openssl/doc/apps/dgst.pod
trunk/crypto/openssl/doc/apps/dhparam.pod
trunk/crypto/openssl/doc/apps/dsa.pod
trunk/crypto/openssl/doc/apps/ecparam.pod
trunk/crypto/openssl/doc/apps/gendsa.pod
trunk/crypto/openssl/doc/apps/genrsa.pod
trunk/crypto/openssl/doc/apps/rsa.pod
trunk/crypto/openssl/doc/apps/s_client.pod
trunk/crypto/openssl/doc/apps/s_server.pod
trunk/crypto/openssl/doc/apps/smime.pod
trunk/crypto/openssl/doc/apps/verify.pod
trunk/crypto/openssl/doc/apps/x509.pod
trunk/crypto/openssl/doc/apps/x509v3_config.pod
trunk/crypto/openssl/doc/crypto/ASN1_generate_nconf.pod
trunk/crypto/openssl/doc/crypto/BIO_f_base64.pod
trunk/crypto/openssl/doc/crypto/BIO_push.pod
trunk/crypto/openssl/doc/crypto/CONF_modules_free.pod
trunk/crypto/openssl/doc/crypto/CONF_modules_load_file.pod
trunk/crypto/openssl/doc/crypto/ERR_get_error.pod
trunk/crypto/openssl/doc/crypto/OPENSSL_config.pod
trunk/crypto/openssl/doc/crypto/RSA_set_method.pod
trunk/crypto/openssl/doc/crypto/RSA_sign.pod
trunk/crypto/openssl/doc/crypto/X509_NAME_ENTRY_get_object.pod
trunk/crypto/openssl/doc/crypto/des.pod
trunk/crypto/openssl/doc/crypto/ecdsa.pod
trunk/crypto/openssl/doc/crypto/engine.pod
trunk/crypto/openssl/doc/crypto/err.pod
trunk/crypto/openssl/doc/crypto/pem.pod
trunk/crypto/openssl/doc/crypto/ui.pod
trunk/crypto/openssl/doc/fingerprints.txt
trunk/crypto/openssl/doc/ssl/SSL_CIPHER_get_name.pod
trunk/crypto/openssl/doc/ssl/SSL_COMP_add_compression_method.pod
trunk/crypto/openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod
trunk/crypto/openssl/doc/ssl/SSL_CTX_add_session.pod
trunk/crypto/openssl/doc/ssl/SSL_CTX_load_verify_locations.pod
trunk/crypto/openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod
trunk/crypto/openssl/doc/ssl/SSL_CTX_set_client_cert_cb.pod
trunk/crypto/openssl/doc/ssl/SSL_CTX_set_msg_callback.pod
trunk/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod
trunk/crypto/openssl/doc/ssl/SSL_CTX_set_session_id_context.pod
trunk/crypto/openssl/doc/ssl/SSL_CTX_set_ssl_version.pod
trunk/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod
trunk/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod
trunk/crypto/openssl/doc/ssl/SSL_accept.pod
trunk/crypto/openssl/doc/ssl/SSL_clear.pod
trunk/crypto/openssl/doc/ssl/SSL_connect.pod
trunk/crypto/openssl/doc/ssl/SSL_do_handshake.pod
trunk/crypto/openssl/doc/ssl/SSL_get_version.pod
trunk/crypto/openssl/doc/ssl/SSL_read.pod
trunk/crypto/openssl/doc/ssl/SSL_session_reused.pod
trunk/crypto/openssl/doc/ssl/SSL_set_fd.pod
trunk/crypto/openssl/doc/ssl/SSL_set_session.pod
trunk/crypto/openssl/doc/ssl/SSL_shutdown.pod
trunk/crypto/openssl/doc/ssl/SSL_write.pod
trunk/crypto/openssl/doc/ssl/d2i_SSL_SESSION.pod
trunk/crypto/openssl/engines/vendor_defns/hwcryptohook.h
trunk/crypto/openssl/openssl.spec
trunk/crypto/openssl/ssl/bio_ssl.c
trunk/crypto/openssl/ssl/d1_both.c
trunk/crypto/openssl/ssl/d1_clnt.c
trunk/crypto/openssl/ssl/d1_enc.c
trunk/crypto/openssl/ssl/d1_lib.c
trunk/crypto/openssl/ssl/d1_meth.c
trunk/crypto/openssl/ssl/d1_pkt.c
trunk/crypto/openssl/ssl/d1_srvr.c
trunk/crypto/openssl/ssl/kssl.c
trunk/crypto/openssl/ssl/s23_clnt.c
trunk/crypto/openssl/ssl/s23_lib.c
trunk/crypto/openssl/ssl/s23_meth.c
trunk/crypto/openssl/ssl/s23_pkt.c
trunk/crypto/openssl/ssl/s23_srvr.c
trunk/crypto/openssl/ssl/s2_clnt.c
trunk/crypto/openssl/ssl/s2_enc.c
trunk/crypto/openssl/ssl/s2_lib.c
trunk/crypto/openssl/ssl/s2_meth.c
trunk/crypto/openssl/ssl/s2_pkt.c
trunk/crypto/openssl/ssl/s2_srvr.c
trunk/crypto/openssl/ssl/s3_both.c
trunk/crypto/openssl/ssl/s3_cbc.c
trunk/crypto/openssl/ssl/s3_clnt.c
trunk/crypto/openssl/ssl/s3_enc.c
trunk/crypto/openssl/ssl/s3_lib.c
trunk/crypto/openssl/ssl/s3_meth.c
trunk/crypto/openssl/ssl/s3_pkt.c
trunk/crypto/openssl/ssl/s3_srvr.c
trunk/crypto/openssl/ssl/ssl-lib.com
trunk/crypto/openssl/ssl/ssl.h
trunk/crypto/openssl/ssl/ssl3.h
trunk/crypto/openssl/ssl/ssl_algs.c
trunk/crypto/openssl/ssl/ssl_asn1.c
trunk/crypto/openssl/ssl/ssl_cert.c
trunk/crypto/openssl/ssl/ssl_ciph.c
trunk/crypto/openssl/ssl/ssl_err.c
trunk/crypto/openssl/ssl/ssl_err2.c
trunk/crypto/openssl/ssl/ssl_lib.c
trunk/crypto/openssl/ssl/ssl_rsa.c
trunk/crypto/openssl/ssl/ssl_sess.c
trunk/crypto/openssl/ssl/ssl_stat.c
trunk/crypto/openssl/ssl/ssl_task.c
trunk/crypto/openssl/ssl/ssl_txt.c
trunk/crypto/openssl/ssl/ssltest.c
trunk/crypto/openssl/ssl/t1_clnt.c
trunk/crypto/openssl/ssl/t1_enc.c
trunk/crypto/openssl/ssl/t1_lib.c
trunk/crypto/openssl/ssl/t1_meth.c
trunk/crypto/openssl/ssl/t1_reneg.c
trunk/crypto/openssl/ssl/t1_srvr.c
trunk/crypto/openssl/ssl/tls1.h
trunk/crypto/openssl/test/Makefile
trunk/crypto/openssl/test/cms-test.pl
trunk/crypto/openssl/test/testssl
trunk/crypto/openssl/util/cygwin.sh
trunk/crypto/openssl/util/libeay.num
trunk/crypto/openssl/util/mkerr.pl
trunk/crypto/openssl/util/pl/VC-32.pl
Added Paths:
-----------
trunk/crypto/openssl/apps/md4.c
trunk/crypto/openssl/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod
trunk/crypto/openssl/test/bftest.c
trunk/crypto/openssl/test/bntest.c
trunk/crypto/openssl/test/casttest.c
trunk/crypto/openssl/test/destest.c
trunk/crypto/openssl/test/dhtest.c
trunk/crypto/openssl/test/dsatest.c
trunk/crypto/openssl/test/ecdhtest.c
trunk/crypto/openssl/test/ecdsatest.c
trunk/crypto/openssl/test/ectest.c
trunk/crypto/openssl/test/enginetest.c
trunk/crypto/openssl/test/evp_test.c
trunk/crypto/openssl/test/exptest.c
trunk/crypto/openssl/test/fips_aesavs.c
trunk/crypto/openssl/test/fips_desmovs.c
trunk/crypto/openssl/test/fips_dsatest.c
trunk/crypto/openssl/test/fips_dssvs.c
trunk/crypto/openssl/test/fips_hmactest.c
trunk/crypto/openssl/test/fips_randtest.c
trunk/crypto/openssl/test/fips_rngvs.c
trunk/crypto/openssl/test/fips_rsagtest.c
trunk/crypto/openssl/test/fips_rsastest.c
trunk/crypto/openssl/test/fips_rsavtest.c
trunk/crypto/openssl/test/fips_shatest.c
trunk/crypto/openssl/test/fips_test_suite.c
trunk/crypto/openssl/test/hmactest.c
trunk/crypto/openssl/test/ideatest.c
trunk/crypto/openssl/test/jpaketest.c
trunk/crypto/openssl/test/maketests.com
trunk/crypto/openssl/test/md2test.c
trunk/crypto/openssl/test/md4test.c
trunk/crypto/openssl/test/md5test.c
trunk/crypto/openssl/test/mdc2test.c
trunk/crypto/openssl/test/randtest.c
trunk/crypto/openssl/test/rc2test.c
trunk/crypto/openssl/test/rc4test.c
trunk/crypto/openssl/test/rc5test.c
trunk/crypto/openssl/test/rmdtest.c
trunk/crypto/openssl/test/rsa_test.c
trunk/crypto/openssl/test/sha1test.c
trunk/crypto/openssl/test/sha256t.c
trunk/crypto/openssl/test/sha512t.c
trunk/crypto/openssl/test/shatest.c
trunk/crypto/openssl/test/ssltest.c
trunk/crypto/openssl/test/tcrl.com
trunk/crypto/openssl/test/testca.com
trunk/crypto/openssl/test/testenc.com
trunk/crypto/openssl/test/testfipsssl
trunk/crypto/openssl/test/testgen.com
trunk/crypto/openssl/test/tests.com
trunk/crypto/openssl/test/testss.com
trunk/crypto/openssl/test/testssl.com
trunk/crypto/openssl/test/tpkcs7.com
trunk/crypto/openssl/test/tpkcs7d.com
trunk/crypto/openssl/test/treq.com
trunk/crypto/openssl/test/trsa.com
trunk/crypto/openssl/test/tsid.com
trunk/crypto/openssl/test/tverify.com
trunk/crypto/openssl/test/tx509.com
Property Changed:
----------------
trunk/crypto/openssl/Configure
trunk/crypto/openssl/apps/CA.pl
trunk/crypto/openssl/config
trunk/crypto/openssl/crypto/aes/asm/aes-586.pl
trunk/crypto/openssl/crypto/aes/asm/aes-x86_64.pl
trunk/crypto/openssl/crypto/bn/asm/x86_64-mont.pl
trunk/crypto/openssl/crypto/bn/bn_const.c
trunk/crypto/openssl/crypto/md5/asm/md5-x86_64.pl
trunk/crypto/openssl/crypto/ocsp/ocsp_cl.c
trunk/crypto/openssl/crypto/ocsp/ocsp_ext.c
trunk/crypto/openssl/crypto/ocsp/ocsp_lib.c
trunk/crypto/openssl/crypto/ocsp/ocsp_srv.c
trunk/crypto/openssl/crypto/perlasm/x86_64-xlate.pl
trunk/crypto/openssl/crypto/rand/rand_lcl.h
trunk/crypto/openssl/crypto/rc4/asm/rc4-x86_64.pl
trunk/crypto/openssl/crypto/sha/asm/sha1-x86_64.pl
trunk/crypto/openssl/crypto/sha/asm/sha512-ia64.pl
trunk/crypto/openssl/crypto/sha/asm/sha512-x86_64.pl
trunk/crypto/openssl/crypto/threads/ptest.bat
trunk/crypto/openssl/crypto/threads/pthread2.sh
trunk/crypto/openssl/crypto/threads/win32.bat
trunk/crypto/openssl/demos/ssltest-ecc/ECC-RSAcertgen.sh
trunk/crypto/openssl/demos/ssltest-ecc/ECCcertgen.sh
trunk/crypto/openssl/demos/ssltest-ecc/RSAcertgen.sh
trunk/crypto/openssl/demos/ssltest-ecc/ssltest.sh
trunk/crypto/openssl/demos/tunala/autogunk.sh
trunk/crypto/openssl/demos/tunala/autoungunk.sh
trunk/crypto/openssl/demos/tunala/test.sh
trunk/crypto/openssl/fips/fipsalgtest.pl
trunk/crypto/openssl/fips/fipsld
trunk/crypto/openssl/fips/fipstests.sh
trunk/crypto/openssl/fips/mkfipsscr.pl
trunk/crypto/openssl/fips/openssl_fips_fingerprint
trunk/crypto/openssl/test/bctest
trunk/crypto/openssl/tools/c89.sh
trunk/crypto/openssl/util/FreeBSD.sh
trunk/crypto/openssl/util/add_cr.pl
trunk/crypto/openssl/util/bat.sh
trunk/crypto/openssl/util/ck_errf.pl
trunk/crypto/openssl/util/clean-depend.pl
trunk/crypto/openssl/util/cygwin.sh
trunk/crypto/openssl/util/deleof.pl
trunk/crypto/openssl/util/do_ms.sh
trunk/crypto/openssl/util/domd
trunk/crypto/openssl/util/err-ins.pl
trunk/crypto/openssl/util/files.pl
trunk/crypto/openssl/util/fixNT.sh
trunk/crypto/openssl/util/install.sh
trunk/crypto/openssl/util/libeay.num
trunk/crypto/openssl/util/mk1mf.pl
trunk/crypto/openssl/util/mkcerts.sh
trunk/crypto/openssl/util/mkdef.pl
trunk/crypto/openssl/util/mkdir-p.pl
trunk/crypto/openssl/util/mkfiles.pl
trunk/crypto/openssl/util/mklink.pl
trunk/crypto/openssl/util/mkstack.pl
trunk/crypto/openssl/util/opensslwrap.sh
trunk/crypto/openssl/util/perlpath.pl
trunk/crypto/openssl/util/pod2man.pl
trunk/crypto/openssl/util/pod2mantest
trunk/crypto/openssl/util/point.sh
trunk/crypto/openssl/util/shlib_wrap.sh
trunk/crypto/openssl/util/sp-diff.pl
trunk/crypto/openssl/util/speed.sh
trunk/crypto/openssl/util/src-dep.pl
trunk/crypto/openssl/util/ssleay.num
trunk/crypto/openssl/util/tab_num.pl
trunk/crypto/openssl/util/x86asm.sh
Modified: trunk/crypto/openssl/ACKNOWLEDGMENTS
===================================================================
--- trunk/crypto/openssl/ACKNOWLEDGMENTS 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/ACKNOWLEDGMENTS 2014-10-12 20:48:00 UTC (rev 6872)
@@ -10,13 +10,18 @@
We would like to identify and thank the following such sponsors for their past
or current significant support of the OpenSSL project:
+Major support:
+
+ Qualys http://www.qualys.com/
+
Very significant support:
- OpenGear: www.opengear.com
+ OpenGear: http://www.opengear.com/
Significant support:
- PSW Group: www.psw.net
+ PSW Group: http://www.psw.net/
+ Acano Ltd. http://acano.com/
Please note that we ask permission to identify sponsors and that some sponsors
we consider eligible for inclusion here have requested to remain anonymous.
Modified: trunk/crypto/openssl/CHANGES
===================================================================
--- trunk/crypto/openssl/CHANGES 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/CHANGES 2014-10-12 20:48:00 UTC (rev 6872)
@@ -2,6 +2,111 @@
OpenSSL CHANGES
_______________
+ Changes between 0.9.8za and 0.9.8zb [6 Aug 2014]
+
+ *) OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject
+ to a denial of service attack. A malicious server can crash the client
+ with a null pointer dereference (read) by specifying an anonymous (EC)DH
+ ciphersuite and sending carefully crafted handshake messages.
+
+ Thanks to Felix Gr\xF6bert (Google) for discovering and researching this
+ issue.
+ (CVE-2014-3510)
+ [Emilia K\xE4sper]
+
+ *) By sending carefully crafted DTLS packets an attacker could cause openssl
+ to leak memory. This can be exploited through a Denial of Service attack.
+ Thanks to Adam Langley for discovering and researching this issue.
+ (CVE-2014-3507)
+ [Adam Langley]
+
+ *) An attacker can force openssl to consume large amounts of memory whilst
+ processing DTLS handshake messages. This can be exploited through a
+ Denial of Service attack.
+ Thanks to Adam Langley for discovering and researching this issue.
+ (CVE-2014-3506)
+ [Adam Langley]
+
+ *) An attacker can force an error condition which causes openssl to crash
+ whilst processing DTLS packets due to memory being freed twice. This
+ can be exploited through a Denial of Service attack.
+ Thanks to Adam Langley and Wan-Teh Chang for discovering and researching
+ this issue.
+ (CVE-2014-3505)
+ [Adam Langley]
+
+ *) A flaw in OBJ_obj2txt may cause pretty printing functions such as
+ X509_name_oneline, X509_name_print_ex et al. to leak some information
+ from the stack. Applications may be affected if they echo pretty printing
+ output to the attacker.
+
+ Thanks to Ivan Fratric (Google) for discovering this issue.
+ (CVE-2014-3508)
+ [Emilia K\xE4sper, and Steve Henson]
+
+ *) Fix ec_GFp_simple_points_make_affine (thus, EC_POINTs_mul etc.)
+ for corner cases. (Certain input points at infinity could lead to
+ bogus results, with non-infinity inputs mapped to infinity too.)
+ [Bodo Moeller]
+
+ Changes between 0.9.8y and 0.9.8za [5 Jun 2014]
+
+ *) Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted
+ handshake can force the use of weak keying material in OpenSSL
+ SSL/TLS clients and servers.
+
+ Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and
+ researching this issue. (CVE-2014-0224)
+ [KIKUCHI Masashi, Steve Henson]
+
+ *) Fix DTLS recursion flaw. By sending an invalid DTLS handshake to an
+ OpenSSL DTLS client the code can be made to recurse eventually crashing
+ in a DoS attack.
+
+ Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue.
+ (CVE-2014-0221)
+ [Imre Rad, Steve Henson]
+
+ *) Fix DTLS invalid fragment vulnerability. A buffer overrun attack can
+ be triggered by sending invalid DTLS fragments to an OpenSSL DTLS
+ client or server. This is potentially exploitable to run arbitrary
+ code on a vulnerable client or server.
+
+ Thanks to J\xFCri Aedla for reporting this issue. (CVE-2014-0195)
+ [J\xFCri Aedla, Steve Henson]
+
+ *) Fix bug in TLS code where clients enable anonymous ECDH ciphersuites
+ are subject to a denial of service attack.
+
+ Thanks to Felix Gr\xF6bert and Ivan Fratric at Google for discovering
+ this issue. (CVE-2014-3470)
+ [Felix Gr\xF6bert, Ivan Fratric, Steve Henson]
+
+ *) Fix for the attack described in the paper "Recovering OpenSSL
+ ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
+ by Yuval Yarom and Naomi Benger. Details can be obtained from:
+ http://eprint.iacr.org/2014/140
+
+ Thanks to Yuval Yarom and Naomi Benger for discovering this
+ flaw and to Yuval Yarom for supplying a fix (CVE-2014-0076)
+ [Yuval Yarom and Naomi Benger]
+
+ Thanks to mancha for backporting the fix to the 0.9.8 branch.
+
+ *) Fix handling of warning-level alerts in SSL23 client mode so they
+ don't cause client-side termination (eg. on SNI unrecognized_name
+ warnings). Add client and server support for six additional alerts
+ per RFC 6066 and RFC 4279.
+ [mancha]
+
+ *) Add option SSL_OP_SAFARI_ECDHE_ECDSA_BUG (part of SSL_OP_ALL) which
+ avoids preferring ECDHE-ECDSA ciphers when the client appears to be
+ Safari on OS X. Safari on OS X 10.8..10.8.3 advertises support for
+ several ECDHE-ECDSA ciphers, but fails to negotiate them. The bug
+ is fixed in OS X 10.8.4, but Apple have ruled out both hot fixing
+ 10.8..10.8.3 and forcing users to upgrade to 10.8.4 or newer.
+ [Rob Stradling, Adam Langley]
+
Changes between 0.9.8x and 0.9.8y [5 Feb 2013]
*) Make the decoding of SSLv3, TLS and DTLS CBC records constant time.
Modified: trunk/crypto/openssl/Configure
===================================================================
--- trunk/crypto/openssl/Configure 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/Configure 2014-10-12 20:48:00 UTC (rev 6872)
@@ -166,7 +166,7 @@
"debug-ben-debug-noopt", "gcc:$gcc_devteam_warn -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -ggdb3 -pipe::(unknown)::::::",
"debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::",
"debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
-"debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -march=i486 -pedantic -Wshadow -Wall -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+"debug-bodo", "gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
"debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations:::CYGWIN32:::${no_asm}:win32:cygwin-shared:::.dll",
"debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-steve32", "gcc:$gcc_devteam_warn -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -g -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
Property changes on: trunk/crypto/openssl/Configure
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Modified: trunk/crypto/openssl/FAQ
===================================================================
--- trunk/crypto/openssl/FAQ 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/FAQ 2014-10-12 20:48:00 UTC (rev 6872)
@@ -87,7 +87,7 @@
In addition to the current stable release, you can also access daily
snapshots of the OpenSSL development version at <URL:
-ftp://ftp.openssl.org/snapshot/>, or get it by anonymous CVS access.
+ftp://ftp.openssl.org/snapshot/>, or get it by anonymous Git access.
* Where is the documentation?
@@ -113,11 +113,6 @@
documentation is included in each OpenSSL distribution under the docs
directory.
-For information on parts of libcrypto that are not yet documented, you
-might want to read Ariel Glenn's documentation on SSLeay 0.9, OpenSSL's
-predecessor, at <URL: http://www.columbia.edu/~ariel/ssleay/>. Much
-of this still applies to OpenSSL.
-
There is some documentation about certificate extensions and PKCS#12
in doc/openssl.txt
@@ -768,6 +763,9 @@
acknowledging receipt then resend or mail it directly to one of the
more active team members (e.g. Steve).
+Note that bugs only present in the openssl utility are not in general
+considered to be security issues.
+
[PROG] ========================================================================
* Is OpenSSL thread-safe?
Modified: trunk/crypto/openssl/Makefile
===================================================================
--- trunk/crypto/openssl/Makefile 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/Makefile 2014-10-12 20:48:00 UTC (rev 6872)
@@ -4,7 +4,7 @@
## Makefile for OpenSSL
##
-VERSION=0.9.8y
+VERSION=0.9.8zb
MAJOR=0
MINOR=9.8
SHLIB_VERSION_NUMBER=0.9.8
@@ -71,7 +71,7 @@
RANLIB= /usr/bin/ranlib
PERL= /usr/bin/perl
TAR= tar
-TARFLAGS= --no-recursion
+TARFLAGS= --no-recursion --record-size=10240
MAKEDEPPROG=makedepend
LIBDIR=lib
Modified: trunk/crypto/openssl/Makefile.org
===================================================================
--- trunk/crypto/openssl/Makefile.org 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/Makefile.org 2014-10-12 20:48:00 UTC (rev 6872)
@@ -69,7 +69,7 @@
RANLIB= ranlib
PERL= perl
TAR= tar
-TARFLAGS= --no-recursion
+TARFLAGS= --no-recursion --record-size=10240
MAKEDEPPROG=makedepend
LIBDIR=lib
Modified: trunk/crypto/openssl/NEWS
===================================================================
--- trunk/crypto/openssl/NEWS 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/NEWS 2014-10-12 20:48:00 UTC (rev 6872)
@@ -5,34 +5,60 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
- Major changes between OpenSSL 0.9.8x and OpenSSL 0.9.8y:
+ Major changes between OpenSSL 0.9.8za and OpenSSL 0.9.8zb [6 Aug 2014]:
+ o Fix for CVE-2014-3510
+ o Fix for CVE-2014-3507
+ o Fix for CVE-2014-3506
+ o Fix for CVE-2014-3505
+ o Fix for CVE-2014-3508
+
+ Known issues in OpenSSL 0.9.8za:
+
+ o Compilation failure of s3_pkt.c on some platforms due to missing
+ <limits.h> include. Fixed in 0.9.8zb-dev.
+ o FIPS capable link failure with missing symbol BN_consttime_swap.
+ Fixed in 0.9.8zb-dev. Workaround is to compile with no-ec: the EC
+ algorithms are not FIPS approved in OpenSSL 0.9.8 anyway.
+
+ Major changes between OpenSSL 0.9.8y and OpenSSL 0.9.8za [5 Jun 2014]:
+
+ o Fix for CVE-2014-0224
+ o Fix for CVE-2014-0221
+ o Fix for CVE-2014-0195
+ o Fix for CVE-2014-3470
+ o Fix for CVE-2014-0076
+ o Fix for CVE-2010-5298
+ o Fix to TLS alert handling.
+
+ Major changes between OpenSSL 0.9.8x and OpenSSL 0.9.8y [5 Feb 2013]:
+
o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
o Fix OCSP bad key DoS attack CVE-2013-0166
- Major changes between OpenSSL 0.9.8w and OpenSSL 0.9.8x:
+ Major changes between OpenSSL 0.9.8w and OpenSSL 0.9.8x [10 May 2012]:
o Fix DTLS record length checking bug CVE-2012-2333
- Major changes between OpenSSL 0.9.8v and OpenSSL 0.9.8w:
+ Major changes between OpenSSL 0.9.8v and OpenSSL 0.9.8w [23 Apr 2012]:
o Fix for CVE-2012-2131 (corrected fix for 0.9.8 and CVE-2012-2110)
- Major changes between OpenSSL 0.9.8u and OpenSSL 0.9.8v:
+ Major changes between OpenSSL 0.9.8u and OpenSSL 0.9.8v [19 Apr 2012]:
o Fix for ASN1 overflow bug CVE-2012-2110
- Major changes between OpenSSL 0.9.8t and OpenSSL 0.9.8u:
+ Major changes between OpenSSL 0.9.8t and OpenSSL 0.9.8u [12 Mar 2012]:
o Fix for CMS/PKCS#7 MMA CVE-2012-0884
o Corrected fix for CVE-2011-4619
o Various DTLS fixes.
- Major changes between OpenSSL 0.9.8s and OpenSSL 0.9.8t:
+ Major changes between OpenSSL 0.9.8s and OpenSSL 0.9.8t [18 Jan 2012]:
o Fix for DTLS DoS issue CVE-2012-0050
- Major changes between OpenSSL 0.9.8r and OpenSSL 0.9.8s:
+ Major changes between OpenSSL 0.9.8r and OpenSSL 0.9.8s [4 Jan 2012]:
o Fix for DTLS plaintext recovery attack CVE-2011-4108
o Fix policy check double free error CVE-2011-4109
@@ -40,20 +66,20 @@
o Only allow one SGC handshake restart for SSL/TLS CVE-2011-4619
o Check for malformed RFC3779 data CVE-2011-4577
- Major changes between OpenSSL 0.9.8q and OpenSSL 0.9.8r:
+ Major changes between OpenSSL 0.9.8q and OpenSSL 0.9.8r [8 Feb 2011]:
o Fix for security issue CVE-2011-0014
- Major changes between OpenSSL 0.9.8p and OpenSSL 0.9.8q:
+ Major changes between OpenSSL 0.9.8p and OpenSSL 0.9.8q [2 Dec 2010]:
o Fix for security issue CVE-2010-4180
o Fix for CVE-2010-4252
- Major changes between OpenSSL 0.9.8o and OpenSSL 0.9.8p:
+ Major changes between OpenSSL 0.9.8o and OpenSSL 0.9.8p [16 Nov 2010]:
o Fix for security issue CVE-2010-3864.
- Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o:
+ Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o [1 Jun 2010]:
o Fix for security issue CVE-2010-0742.
o Various DTLS fixes.
@@ -61,12 +87,12 @@
o Fix for no-rc4 compilation.
o Chil ENGINE unload workaround.
- Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n:
+ Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n [24 Mar 2010]:
o CFB cipher definition fixes.
o Fix security issues CVE-2010-0740 and CVE-2010-0433.
- Major changes between OpenSSL 0.9.8l and OpenSSL 0.9.8m:
+ Major changes between OpenSSL 0.9.8l and OpenSSL 0.9.8m [25 Feb 2010]:
o Cipher definition fixes.
o Workaround for slow RAND_poll() on some WIN32 versions.
@@ -78,21 +104,21 @@
o Ticket and SNI coexistence fixes.
o Many fixes to DTLS handling.
- Major changes between OpenSSL 0.9.8k and OpenSSL 0.9.8l:
+ Major changes between OpenSSL 0.9.8k and OpenSSL 0.9.8l [5 Nov 2009]:
o Temporary work around for CVE-2009-3555: disable renegotiation.
- Major changes between OpenSSL 0.9.8j and OpenSSL 0.9.8k:
+ Major changes between OpenSSL 0.9.8j and OpenSSL 0.9.8k [25 Mar 2009]:
o Fix various build issues.
o Fix security issues (CVE-2009-0590, CVE-2009-0591, CVE-2009-0789)
- Major changes between OpenSSL 0.9.8i and OpenSSL 0.9.8j:
+ Major changes between OpenSSL 0.9.8i and OpenSSL 0.9.8j [7 Jan 2009]:
o Fix security issue (CVE-2008-5077)
o Merge FIPS 140-2 branch code.
- Major changes between OpenSSL 0.9.8g and OpenSSL 0.9.8h:
+ Major changes between OpenSSL 0.9.8g and OpenSSL 0.9.8h [28 May 2008]:
o CryptoAPI ENGINE support.
o Various precautionary measures.
@@ -99,12 +125,12 @@
o Fix for bugs affecting certificate request creation.
o Support for local machine keyset attribute in PKCS#12 files.
- Major changes between OpenSSL 0.9.8f and OpenSSL 0.9.8g:
+ Major changes between OpenSSL 0.9.8f and OpenSSL 0.9.8g [19 Oct 2007]:
o Backport of CMS functionality to 0.9.8.
o Fixes for bugs introduced with 0.9.8f.
- Major changes between OpenSSL 0.9.8e and OpenSSL 0.9.8f:
+ Major changes between OpenSSL 0.9.8e and OpenSSL 0.9.8f [11 Oct 2007]:
o Add gcc 4.2 support.
o Add support for AES and SSE2 assembly lanugauge optimization
@@ -115,23 +141,23 @@
o RFC4507bis support.
o TLS Extensions support.
- Major changes between OpenSSL 0.9.8d and OpenSSL 0.9.8e:
+ Major changes between OpenSSL 0.9.8d and OpenSSL 0.9.8e [23 Feb 2007]:
o Various ciphersuite selection fixes.
o RFC3779 support.
- Major changes between OpenSSL 0.9.8c and OpenSSL 0.9.8d:
+ Major changes between OpenSSL 0.9.8c and OpenSSL 0.9.8d [28 Sep 2006]:
o Introduce limits to prevent malicious key DoS (CVE-2006-2940)
o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343)
o Changes to ciphersuite selection algorithm
- Major changes between OpenSSL 0.9.8b and OpenSSL 0.9.8c:
+ Major changes between OpenSSL 0.9.8b and OpenSSL 0.9.8c [5 Sep 2006]:
o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339
o New cipher Camellia
- Major changes between OpenSSL 0.9.8a and OpenSSL 0.9.8b:
+ Major changes between OpenSSL 0.9.8a and OpenSSL 0.9.8b [4 May 2006]:
o Cipher string fixes.
o Fixes for VC++ 2005.
@@ -141,12 +167,12 @@
o Built in dynamic engine compilation support on Win32.
o Fixes auto dynamic engine loading in Win32.
- Major changes between OpenSSL 0.9.8 and OpenSSL 0.9.8a:
+ Major changes between OpenSSL 0.9.8 and OpenSSL 0.9.8a [11 Oct 2005]:
o Fix potential SSL 2.0 rollback, CVE-2005-2969
o Extended Windows CE support
- Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.8:
+ Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.8 [5 Jul 2005]:
o Major work on the BIGNUM library for higher efficiency and to
make operations more streamlined and less contradictory. This
@@ -220,36 +246,36 @@
o Added initial support for Win64.
o Added alternate pkg-config files.
- Major changes between OpenSSL 0.9.7l and OpenSSL 0.9.7m:
+ Major changes between OpenSSL 0.9.7l and OpenSSL 0.9.7m [23 Feb 2007]:
o FIPS 1.1.1 module linking.
o Various ciphersuite selection fixes.
- Major changes between OpenSSL 0.9.7k and OpenSSL 0.9.7l:
+ Major changes between OpenSSL 0.9.7k and OpenSSL 0.9.7l [28 Sep 2006]:
o Introduce limits to prevent malicious key DoS (CVE-2006-2940)
o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343)
- Major changes between OpenSSL 0.9.7j and OpenSSL 0.9.7k:
+ Major changes between OpenSSL 0.9.7j and OpenSSL 0.9.7k [5 Sep 2006]:
o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339
- Major changes between OpenSSL 0.9.7i and OpenSSL 0.9.7j:
+ Major changes between OpenSSL 0.9.7i and OpenSSL 0.9.7j [4 May 2006]:
o Visual C++ 2005 fixes.
o Update Windows build system for FIPS.
- Major changes between OpenSSL 0.9.7h and OpenSSL 0.9.7i:
+ Major changes between OpenSSL 0.9.7h and OpenSSL 0.9.7i [14 Oct 2005]:
o Give EVP_MAX_MD_SIZE it's old value, except for a FIPS build.
- Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h:
+ Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h [11 Oct 2005]:
o Fix SSL 2.0 Rollback, CVE-2005-2969
o Allow use of fixed-length exponent on DSA signing
o Default fixed-window RSA, DSA, DH private-key operations
- Major changes between OpenSSL 0.9.7f and OpenSSL 0.9.7g:
+ Major changes between OpenSSL 0.9.7f and OpenSSL 0.9.7g [11 Apr 2005]:
o More compilation issues fixed.
o Adaptation to more modern Kerberos API.
@@ -258,7 +284,7 @@
o More constification.
o Added processing of proxy certificates (RFC 3820).
- Major changes between OpenSSL 0.9.7e and OpenSSL 0.9.7f:
+ Major changes between OpenSSL 0.9.7e and OpenSSL 0.9.7f [22 Mar 2005]:
o Several compilation issues fixed.
o Many memory allocation failure checks added.
@@ -266,12 +292,12 @@
o Mandatory basic checks on certificates.
o Performance improvements.
- Major changes between OpenSSL 0.9.7d and OpenSSL 0.9.7e:
+ Major changes between OpenSSL 0.9.7d and OpenSSL 0.9.7e [25 Oct 2004]:
o Fix race condition in CRL checking code.
o Fixes to PKCS#7 (S/MIME) code.
- Major changes between OpenSSL 0.9.7c and OpenSSL 0.9.7d:
+ Major changes between OpenSSL 0.9.7c and OpenSSL 0.9.7d [17 Mar 2004]:
o Security: Fix Kerberos ciphersuite SSL/TLS handshaking bug
o Security: Fix null-pointer assignment in do_change_cipher_spec()
@@ -279,7 +305,7 @@
o Multiple X509 verification fixes
o Speed up HMAC and other operations
- Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c:
+ Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c [30 Sep 2003]:
o Security: fix various ASN1 parsing bugs.
o New -ignore_err option to OCSP utility.
@@ -286,7 +312,7 @@
o Various interop and bug fixes in S/MIME code.
o SSL/TLS protocol fix for unrequested client certificates.
- Major changes between OpenSSL 0.9.7a and OpenSSL 0.9.7b:
+ Major changes between OpenSSL 0.9.7a and OpenSSL 0.9.7b [10 Apr 2003]:
o Security: counter the Klima-Pokorny-Rosa extension of
Bleichbacher's attack
@@ -297,7 +323,7 @@
o ASN.1: treat domainComponent correctly.
o Documentation: fixes and additions.
- Major changes between OpenSSL 0.9.7 and OpenSSL 0.9.7a:
+ Major changes between OpenSSL 0.9.7 and OpenSSL 0.9.7a [19 Feb 2003]:
o Security: Important security related bugfixes.
o Enhanced compatibility with MIT Kerberos.
@@ -308,7 +334,7 @@
o SSL/TLS: now handles manual certificate chain building.
o SSL/TLS: certain session ID malfunctions corrected.
- Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7:
+ Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7 [30 Dec 2002]:
o New library section OCSP.
o Complete rewrite of ASN1 code.
@@ -354,12 +380,12 @@
o SSL/TLS: add callback to retrieve SSL/TLS messages.
o SSL/TLS: support AES cipher suites (RFC3268).
- Major changes between OpenSSL 0.9.6j and OpenSSL 0.9.6k:
+ Major changes between OpenSSL 0.9.6j and OpenSSL 0.9.6k [30 Sep 2003]:
o Security: fix various ASN1 parsing bugs.
o SSL/TLS protocol fix for unrequested client certificates.
- Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j:
+ Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j [10 Apr 2003]:
o Security: counter the Klima-Pokorny-Rosa extension of
Bleichbacher's attack
@@ -366,11 +392,11 @@
o Security: make RSA blinding default.
o Build: shared library support fixes.
- Major changes between OpenSSL 0.9.6h and OpenSSL 0.9.6i:
+ Major changes between OpenSSL 0.9.6h and OpenSSL 0.9.6i [19 Feb 2003]:
o Important security related bugfixes.
- Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h:
+ Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h [5 Dec 2002]:
o New configuration targets for Tandem OSS and A/UX.
o New OIDs for Microsoft attributes.
@@ -384,25 +410,25 @@
o Fixes for smaller building problems.
o Updates of manuals, FAQ and other instructive documents.
- Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g:
+ Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g [9 Aug 2002]:
o Important building fixes on Unix.
- Major changes between OpenSSL 0.9.6e and OpenSSL 0.9.6f:
+ Major changes between OpenSSL 0.9.6e and OpenSSL 0.9.6f [8 Aug 2002]:
o Various important bugfixes.
- Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e:
+ Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e [30 Jul 2002]:
o Important security related bugfixes.
o Various SSL/TLS library bugfixes.
- Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d:
+ Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d [9 May 2002]:
o Various SSL/TLS library bugfixes.
o Fix DH parameter generation for 'non-standard' generators.
- Major changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c:
+ Major changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c [21 Dec 2001]:
o Various SSL/TLS library bugfixes.
o BIGNUM library fixes.
@@ -415,7 +441,7 @@
Broadcom and Cryptographic Appliance's keyserver
[in 0.9.6c-engine release].
- Major changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b:
+ Major changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b [9 Jul 2001]:
o Security fix: PRNG improvements.
o Security fix: RSA OAEP check.
@@ -432,7 +458,7 @@
o Increase default size for BIO buffering filter.
o Compatibility fixes in some scripts.
- Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a:
+ Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a [5 Apr 2001]:
o Security fix: change behavior of OpenSSL to avoid using
environment variables when running as root.
@@ -457,7 +483,7 @@
o New function BN_rand_range().
o Add "-rand" option to openssl s_client and s_server.
- Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6:
+ Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6 [10 Oct 2000]:
o Some documentation for BIO and SSL libraries.
o Enhanced chain verification using key identifiers.
@@ -472,7 +498,7 @@
[1] The support for external crypto devices is currently a separate
distribution. See the file README.ENGINE.
- Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a:
+ Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a [1 Apr 2000]:
o Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8
o Shared library support for HPUX and Solaris-gcc
@@ -481,7 +507,7 @@
o New 'rand' application
o New way to check for existence of algorithms from scripts
- Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5:
+ Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5 [25 May 2000]:
o S/MIME support in new 'smime' command
o Documentation for the OpenSSL command line application
@@ -517,7 +543,7 @@
o Enhanced support for Alpha Linux
o Experimental MacOS support
- Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4:
+ Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4 [9 Aug 1999]:
o Transparent support for PKCS#8 format private keys: these are used
by several software packages and are more secure than the standard
@@ -528,7 +554,7 @@
o New pipe-like BIO that allows using the SSL library when actual I/O
must be handled by the application (BIO pair)
- Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3:
+ Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3 [24 May 1999]:
o Lots of enhancements and cleanups to the Configuration mechanism
o RSA OEAP related fixes
o Added `openssl ca -revoke' option for revoking a certificate
@@ -542,7 +568,7 @@
o Sparc assembler bignum implementation, optimized hash functions
o Option to disable selected ciphers
- Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b:
+ Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b [22 Mar 1999]:
o Fixed a security hole related to session resumption
o Fixed RSA encryption routines for the p < q case
o "ALL" in cipher lists now means "everything except NULL ciphers"
@@ -564,7 +590,7 @@
o Lots of memory leak fixes.
o Lots of bug fixes.
- Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c:
+ Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c [23 Dec 1998]:
o Integration of the popular NO_RSA/NO_DSA patches
o Initial support for compression inside the SSL record layer
o Added BIO proxy and filtering functionality
Modified: trunk/crypto/openssl/README
===================================================================
--- trunk/crypto/openssl/README 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/README 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,5 +1,5 @@
- OpenSSL 0.9.8y 5 Feb 2013
+ OpenSSL 0.9.8zb 6 Aug 2014
Copyright (c) 1998-2011 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
@@ -190,7 +190,7 @@
reason as to why that feature isn't implemented.
Patches should be as up to date as possible, preferably relative to the
- current CVS or the last snapshot. They should follow the coding style of
+ current Git or the last snapshot. They should follow the coding style of
OpenSSL and compile without warnings. Some of the core team developer targets
can be used for testing purposes, (debug-steve64, debug-geoff etc). OpenSSL
compiles on many varied platforms: try to ensure you only use portable
Index: trunk/crypto/openssl/apps/CA.pl
===================================================================
--- trunk/crypto/openssl/apps/CA.pl 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/apps/CA.pl 2014-10-12 20:48:00 UTC (rev 6872)
Property changes on: trunk/crypto/openssl/apps/CA.pl
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Modified: trunk/crypto/openssl/apps/app_rand.c
===================================================================
--- trunk/crypto/openssl/apps/app_rand.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/apps/app_rand.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* apps/app_rand.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/apps/apps.c
===================================================================
--- trunk/crypto/openssl/apps/apps.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/apps/apps.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* apps/apps.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
@@ -363,6 +362,8 @@
{
arg->count=20;
arg->data=(char **)OPENSSL_malloc(sizeof(char *)*arg->count);
+ if (arg->data == NULL)
+ return 0;
}
for (i=0; i<arg->count; i++)
arg->data[i]=NULL;
@@ -559,12 +560,12 @@
if (ok >= 0)
ok = UI_add_input_string(ui,prompt,ui_flags,buf,
- PW_MIN_LENGTH,BUFSIZ-1);
+ PW_MIN_LENGTH,bufsiz-1);
if (ok >= 0 && verify)
{
buff = (char *)OPENSSL_malloc(bufsiz);
ok = UI_add_verify_string(ui,prompt,ui_flags,buff,
- PW_MIN_LENGTH,BUFSIZ-1, buf);
+ PW_MIN_LENGTH,bufsiz-1, buf);
}
if (ok >= 0)
do
@@ -1430,6 +1431,8 @@
len=strlen(t)+strlen(OPENSSL_CONF)+2;
p=OPENSSL_malloc(len);
+ if (p == NULL)
+ return NULL;
BUF_strlcpy(p,t,len);
#ifndef OPENSSL_SYS_VMS
BUF_strlcat(p,"/",len);
Modified: trunk/crypto/openssl/apps/asn1pars.c
===================================================================
--- trunk/crypto/openssl/apps/asn1pars.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/apps/asn1pars.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* apps/asn1pars.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/apps/ca.c
===================================================================
--- trunk/crypto/openssl/apps/ca.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/apps/ca.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* apps/ca.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
@@ -1583,6 +1582,7 @@
{
ok=0;
BIO_printf(bio_err,"Signature verification problems....\n");
+ ERR_print_errors(bio_err);
goto err;
}
if (i == 0)
@@ -1589,6 +1589,7 @@
{
ok=0;
BIO_printf(bio_err,"Signature did not match the certificate request\n");
+ ERR_print_errors(bio_err);
goto err;
}
else
@@ -2752,6 +2753,9 @@
revtm = X509_gmtime_adj(NULL, 0);
+ if (!revtm)
+ return NULL;
+
i = revtm->length + 1;
if (reason) i += strlen(reason) + 1;
Modified: trunk/crypto/openssl/apps/ciphers.c
===================================================================
--- trunk/crypto/openssl/apps/ciphers.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/apps/ciphers.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* apps/ciphers.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/apps/cms.c
===================================================================
--- trunk/crypto/openssl/apps/cms.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/apps/cms.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* apps/cms.c */
/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
* project.
Modified: trunk/crypto/openssl/apps/crl.c
===================================================================
--- trunk/crypto/openssl/apps/crl.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/apps/crl.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* apps/crl.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/apps/crl2p7.c
===================================================================
--- trunk/crypto/openssl/apps/crl2p7.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/apps/crl2p7.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* apps/crl2p7.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
@@ -143,7 +142,13 @@
{
if (--argc < 1) goto bad;
if(!certflst) certflst = sk_new_null();
- sk_push(certflst,*(++argv));
+ if (!certflst)
+ goto end;
+ if (!sk_push(certflst,*(++argv)))
+ {
+ sk_free(certflst);
+ goto end;
+ }
}
else
{
Modified: trunk/crypto/openssl/apps/dgst.c
===================================================================
--- trunk/crypto/openssl/apps/dgst.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/apps/dgst.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* apps/dgst.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/apps/dh.c
===================================================================
--- trunk/crypto/openssl/apps/dh.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/apps/dh.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* apps/dh.c */
/* obsoleted by dhparam.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
Modified: trunk/crypto/openssl/apps/dhparam.c
===================================================================
--- trunk/crypto/openssl/apps/dhparam.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/apps/dhparam.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* apps/dhparam.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/apps/dsa.c
===================================================================
--- trunk/crypto/openssl/apps/dsa.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/apps/dsa.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* apps/dsa.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/apps/dsaparam.c
===================================================================
--- trunk/crypto/openssl/apps/dsaparam.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/apps/dsaparam.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* apps/dsaparam.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/apps/ec.c
===================================================================
--- trunk/crypto/openssl/apps/ec.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/apps/ec.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* apps/ec.c */
/*
* Written by Nils Larsch for the OpenSSL project.
Modified: trunk/crypto/openssl/apps/ecparam.c
===================================================================
--- trunk/crypto/openssl/apps/ecparam.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/apps/ecparam.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* apps/ecparam.c */
/*
* Written by Nils Larsch for the OpenSSL project.
Modified: trunk/crypto/openssl/apps/enc.c
===================================================================
--- trunk/crypto/openssl/apps/enc.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/apps/enc.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* apps/enc.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/apps/engine.c
===================================================================
--- trunk/crypto/openssl/apps/engine.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/apps/engine.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* apps/engine.c -*- mode: C; c-file-style: "eay" -*- */
/* Written by Richard Levitte <richard at levitte.org> for the OpenSSL
* project 2000.
Modified: trunk/crypto/openssl/apps/errstr.c
===================================================================
--- trunk/crypto/openssl/apps/errstr.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/apps/errstr.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* apps/errstr.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/apps/gendh.c
===================================================================
--- trunk/crypto/openssl/apps/gendh.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/apps/gendh.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* apps/gendh.c */
/* obsoleted by dhparam.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
Modified: trunk/crypto/openssl/apps/gendsa.c
===================================================================
--- trunk/crypto/openssl/apps/gendsa.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/apps/gendsa.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* apps/gendsa.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/apps/genrsa.c
===================================================================
--- trunk/crypto/openssl/apps/genrsa.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/apps/genrsa.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* apps/genrsa.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Added: trunk/crypto/openssl/apps/md4.c
===================================================================
--- trunk/crypto/openssl/apps/md4.c (rev 0)
+++ trunk/crypto/openssl/apps/md4.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -0,0 +1 @@
+link ../crypto/md4/md4.c
\ No newline at end of file
Property changes on: trunk/crypto/openssl/apps/md4.c
___________________________________________________________________
Added: svn:special
## -0,0 +1 ##
+*
\ No newline at end of property
Modified: trunk/crypto/openssl/apps/nseq.c
===================================================================
--- trunk/crypto/openssl/apps/nseq.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/apps/nseq.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* nseq.c */
/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
* project 1999.
Modified: trunk/crypto/openssl/apps/ocsp.c
===================================================================
--- trunk/crypto/openssl/apps/ocsp.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/apps/ocsp.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* ocsp.c */
/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
* project 2000.
@@ -99,6 +98,7 @@
ENGINE *e = NULL;
char **args;
char *host = NULL, *port = NULL, *path = "/";
+ char *thost = NULL, *tport = NULL, *tpath = NULL;
char *reqin = NULL, *respin = NULL;
char *reqout = NULL, *respout = NULL;
char *signfile = NULL, *keyfile = NULL;
@@ -174,6 +174,12 @@
}
else if (!strcmp(*args, "-url"))
{
+ if (thost)
+ OPENSSL_free(thost);
+ if (tport)
+ OPENSSL_free(tport);
+ if (tpath)
+ OPENSSL_free(tpath);
if (args[1])
{
args++;
@@ -182,6 +188,9 @@
BIO_printf(bio_err, "Error parsing URL\n");
badarg = 1;
}
+ thost = host;
+ tport = port;
+ tpath = path;
}
else badarg = 1;
}
@@ -872,12 +881,12 @@
sk_X509_pop_free(sign_other, X509_free);
sk_X509_pop_free(verify_other, X509_free);
- if (use_ssl != -1)
- {
- OPENSSL_free(host);
- OPENSSL_free(port);
- OPENSSL_free(path);
- }
+ if (thost)
+ OPENSSL_free(thost);
+ if (tport)
+ OPENSSL_free(tport);
+ if (tpath)
+ OPENSSL_free(tpath);
OPENSSL_EXIT(ret);
}
@@ -1335,7 +1344,7 @@
}
resp = query_responder(err, cbio, path, req, req_timeout);
if (!resp)
- BIO_printf(bio_err, "Error querying OCSP responsder\n");
+ BIO_printf(bio_err, "Error querying OCSP responder\n");
end:
if (ctx)
SSL_CTX_free(ctx);
Modified: trunk/crypto/openssl/apps/openssl.c
===================================================================
--- trunk/crypto/openssl/apps/openssl.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/apps/openssl.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* apps/openssl.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/apps/openssl.cnf
===================================================================
--- trunk/crypto/openssl/apps/openssl.cnf 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/apps/openssl.cnf 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-# $MidnightBSD$
#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
Modified: trunk/crypto/openssl/apps/passwd.c
===================================================================
--- trunk/crypto/openssl/apps/passwd.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/apps/passwd.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* apps/passwd.c */
#if defined OPENSSL_NO_MD5 || defined CHARSET_EBCDIC
Modified: trunk/crypto/openssl/apps/pkcs12.c
===================================================================
--- trunk/crypto/openssl/apps/pkcs12.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/apps/pkcs12.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* pkcs12.c */
/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
* project.
Modified: trunk/crypto/openssl/apps/pkcs7.c
===================================================================
--- trunk/crypto/openssl/apps/pkcs7.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/apps/pkcs7.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* apps/pkcs7.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/apps/pkcs8.c
===================================================================
--- trunk/crypto/openssl/apps/pkcs8.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/apps/pkcs8.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* pkcs8.c */
/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
* project 1999-2004.
Modified: trunk/crypto/openssl/apps/prime.c
===================================================================
--- trunk/crypto/openssl/apps/prime.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/apps/prime.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* ====================================================================
* Copyright (c) 2004 The OpenSSL Project. All rights reserved.
*
Modified: trunk/crypto/openssl/apps/rand.c
===================================================================
--- trunk/crypto/openssl/apps/rand.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/apps/rand.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* apps/rand.c */
/* ====================================================================
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
Modified: trunk/crypto/openssl/apps/req.c
===================================================================
--- trunk/crypto/openssl/apps/req.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/apps/req.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* apps/req.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
@@ -1575,7 +1574,13 @@
#ifdef CHARSET_EBCDIC
ebcdic2ascii(buf, buf, i);
#endif
- if(!req_check_len(i, n_min, n_max)) goto start;
+ if(!req_check_len(i, n_min, n_max))
+ {
+ if (batch || value)
+ return 0;
+ goto start;
+ }
+
if (!X509_NAME_add_entry_by_NID(n,nid, chtype,
(unsigned char *) buf, -1,-1,mval)) goto err;
ret=1;
@@ -1634,7 +1639,12 @@
#ifdef CHARSET_EBCDIC
ebcdic2ascii(buf, buf, i);
#endif
- if(!req_check_len(i, n_min, n_max)) goto start;
+ if(!req_check_len(i, n_min, n_max))
+ {
+ if (batch || value)
+ return 0;
+ goto start;
+ }
if(!X509_REQ_add1_attr_by_NID(req, nid, chtype,
(unsigned char *)buf, -1)) {
Modified: trunk/crypto/openssl/apps/rsa.c
===================================================================
--- trunk/crypto/openssl/apps/rsa.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/apps/rsa.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* apps/rsa.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/apps/rsautl.c
===================================================================
--- trunk/crypto/openssl/apps/rsautl.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/apps/rsautl.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* rsautl.c */
/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
* project 2000.
Modified: trunk/crypto/openssl/apps/s_cb.c
===================================================================
--- trunk/crypto/openssl/apps/s_cb.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/apps/s_cb.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* apps/s_cb.c - callback functions used by s_client, s_server, and s_time */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
@@ -519,6 +518,24 @@
case 100:
str_details2 = " no_renegotiation";
break;
+ case 110:
+ str_details2 = " unsupported_extension";
+ break;
+ case 111:
+ str_details2 = " certificate_unobtainable";
+ break;
+ case 112:
+ str_details2 = " unrecognized_name";
+ break;
+ case 113:
+ str_details2 = " bad_certificate_status_response";
+ break;
+ case 114:
+ str_details2 = " bad_certificate_hash_value";
+ break;
+ case 115:
+ str_details2 = " unknown_psk_identity";
+ break;
}
}
}
Modified: trunk/crypto/openssl/apps/s_client.c
===================================================================
--- trunk/crypto/openssl/apps/s_client.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/apps/s_client.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* apps/s_client.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/apps/s_server.c
===================================================================
--- trunk/crypto/openssl/apps/s_server.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/apps/s_server.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* apps/s_server.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
@@ -584,7 +583,7 @@
if (servername)
{
- if (strcmp(servername,p->servername))
+ if (strcasecmp(servername,p->servername))
return p->extension_error;
if (ctx2)
{
@@ -1096,6 +1095,14 @@
sv_usage();
goto end;
}
+#ifndef OPENSSL_NO_DTLS1
+ if (www && socket_type == SOCK_DGRAM)
+ {
+ BIO_printf(bio_err,
+ "Can't use -HTTP, -www or -WWW with DTLS\n");
+ goto end;
+ }
+#endif
SSL_load_error_strings();
OpenSSL_add_ssl_algorithms();
@@ -1923,8 +1930,10 @@
#ifdef CHARSET_EBCDIC
ascii2ebcdic(buf,buf,i);
#endif
- write(fileno(stdout),buf,
- (unsigned int)i);
+ if (write(fileno(stdout),buf,
+ (unsigned int)i) != i)
+ goto err;
+
if (SSL_pending(con)) goto again;
break;
case SSL_ERROR_WANT_WRITE:
Modified: trunk/crypto/openssl/apps/s_socket.c
===================================================================
--- trunk/crypto/openssl/apps/s_socket.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/apps/s_socket.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* apps/s_socket.c - socket-related functions used by s_client and s_server */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/apps/s_time.c
===================================================================
--- trunk/crypto/openssl/apps/s_time.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/apps/s_time.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* apps/s_time.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/apps/sess_id.c
===================================================================
--- trunk/crypto/openssl/apps/sess_id.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/apps/sess_id.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* apps/sess_id.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/apps/smime.c
===================================================================
--- trunk/crypto/openssl/apps/smime.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/apps/smime.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* smime.c */
/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
* project.
@@ -522,8 +521,8 @@
{
if (!cipher)
{
-#ifndef OPENSSL_NO_RC2
- cipher = EVP_rc2_40_cbc();
+#ifndef OPENSSL_NO_DES
+ cipher = EVP_des_ede3_cbc();
#else
BIO_printf(bio_err, "No cipher selected\n");
goto end;
Modified: trunk/crypto/openssl/apps/speed.c
===================================================================
--- trunk/crypto/openssl/apps/speed.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/apps/speed.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* apps/speed.c -*- mode:C; c-file-style: "eay" -*- */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
@@ -2768,7 +2767,11 @@
fds=malloc(multi*sizeof *fds);
for(n=0 ; n < multi ; ++n)
{
- pipe(fd);
+ if (pipe(fd) == -1)
+ {
+ fprintf(stderr, "pipe failure\n");
+ exit(1);
+ }
fflush(stdout);
fflush(stderr);
if(fork())
@@ -2780,7 +2783,11 @@
{
close(fd[0]);
close(1);
- dup(fd[1]);
+ if (dup(fd[1]) == -1)
+ {
+ fprintf(stderr, "dup failed\n");
+ exit(1);
+ }
close(fd[1]);
mr=1;
usertime=0;
Modified: trunk/crypto/openssl/apps/spkac.c
===================================================================
--- trunk/crypto/openssl/apps/spkac.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/apps/spkac.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* apps/spkac.c */
/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
Modified: trunk/crypto/openssl/apps/verify.c
===================================================================
--- trunk/crypto/openssl/apps/verify.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/apps/verify.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* apps/verify.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/apps/version.c
===================================================================
--- trunk/crypto/openssl/apps/version.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/apps/version.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* apps/version.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/apps/winrand.c
===================================================================
--- trunk/crypto/openssl/apps/winrand.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/apps/winrand.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* apps/winrand.c */
/* ====================================================================
* Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
Modified: trunk/crypto/openssl/apps/x509.c
===================================================================
--- trunk/crypto/openssl/apps/x509.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/apps/x509.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* apps/x509.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Index: trunk/crypto/openssl/config
===================================================================
--- trunk/crypto/openssl/config 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/config 2014-10-12 20:48:00 UTC (rev 6872)
Property changes on: trunk/crypto/openssl/config
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Modified: trunk/crypto/openssl/crypto/LPdir_nyi.c
===================================================================
--- trunk/crypto/openssl/crypto/LPdir_nyi.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/LPdir_nyi.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* $LP: LPlib/source/LPdir_win.c,v 1.1 2004/06/14 10:07:56 _cvs_levitte Exp $ */
/*
* Copyright (c) 2004, Richard Levitte <richard at levitte.org>
Modified: trunk/crypto/openssl/crypto/LPdir_unix.c
===================================================================
--- trunk/crypto/openssl/crypto/LPdir_unix.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/LPdir_unix.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* $LP: LPlib/source/LPdir_unix.c,v 1.11 2004/09/23 22:07:22 _cvs_levitte Exp $ */
/*
* Copyright (c) 2004, Richard Levitte <richard at levitte.org>
Modified: trunk/crypto/openssl/crypto/LPdir_vms.c
===================================================================
--- trunk/crypto/openssl/crypto/LPdir_vms.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/LPdir_vms.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* $LP: LPlib/source/LPdir_vms.c,v 1.20 2004/08/26 13:36:05 _cvs_levitte Exp $ */
/*
* Copyright (c) 2004, Richard Levitte <richard at levitte.org>
Modified: trunk/crypto/openssl/crypto/LPdir_win.c
===================================================================
--- trunk/crypto/openssl/crypto/LPdir_win.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/LPdir_win.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* $LP: LPlib/source/LPdir_win.c,v 1.10 2004/08/26 13:36:05 _cvs_levitte Exp $ */
/*
* Copyright (c) 2004, Richard Levitte <richard at levitte.org>
Modified: trunk/crypto/openssl/crypto/LPdir_win32.c
===================================================================
--- trunk/crypto/openssl/crypto/LPdir_win32.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/LPdir_win32.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* $LP: LPlib/source/LPdir_win32.c,v 1.3 2004/08/26 13:36:05 _cvs_levitte Exp $ */
/*
* Copyright (c) 2004, Richard Levitte <richard at levitte.org>
Modified: trunk/crypto/openssl/crypto/LPdir_wince.c
===================================================================
--- trunk/crypto/openssl/crypto/LPdir_wince.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/LPdir_wince.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* $LP: LPlib/source/LPdir_wince.c,v 1.3 2004/08/26 13:36:05 _cvs_levitte Exp $ */
/*
* Copyright (c) 2004, Richard Levitte <richard at levitte.org>
Index: trunk/crypto/openssl/crypto/aes/asm/aes-586.pl
===================================================================
--- trunk/crypto/openssl/crypto/aes/asm/aes-586.pl 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/aes/asm/aes-586.pl 2014-10-12 20:48:00 UTC (rev 6872)
Property changes on: trunk/crypto/openssl/crypto/aes/asm/aes-586.pl
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: trunk/crypto/openssl/crypto/aes/asm/aes-x86_64.pl
===================================================================
--- trunk/crypto/openssl/crypto/aes/asm/aes-x86_64.pl 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/aes/asm/aes-x86_64.pl 2014-10-12 20:48:00 UTC (rev 6872)
Property changes on: trunk/crypto/openssl/crypto/aes/asm/aes-x86_64.pl
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Modified: trunk/crypto/openssl/crypto/asn1/a_bitstr.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/a_bitstr.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/a_bitstr.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/asn1/a_bitstr.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/asn1/a_bool.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/a_bool.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/a_bool.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/asn1/a_bool.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/asn1/a_bytes.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/a_bytes.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/a_bytes.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/asn1/a_bytes.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/asn1/a_d2i_fp.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/a_d2i_fp.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/a_d2i_fp.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/asn1/a_d2i_fp.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/asn1/a_digest.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/a_digest.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/a_digest.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/asn1/a_digest.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/asn1/a_dup.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/a_dup.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/a_dup.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/asn1/a_dup.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/asn1/a_enum.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/a_enum.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/a_enum.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/asn1/a_enum.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/asn1/a_gentm.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/a_gentm.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/a_gentm.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/asn1/a_gentm.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/asn1/a_hdr.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/a_hdr.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/a_hdr.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/asn1/a_hdr.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/asn1/a_i2d_fp.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/a_i2d_fp.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/a_i2d_fp.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/asn1/a_i2d_fp.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/asn1/a_int.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/a_int.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/a_int.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/asn1/a_int.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
@@ -117,7 +116,7 @@
int pad=0,ret,i,neg;
unsigned char *p,*n,pb=0;
- if ((a == NULL) || (a->data == NULL)) return(0);
+ if (a == NULL) return(0);
neg=a->type & V_ASN1_NEG;
if (a->length == 0)
ret=1;
Modified: trunk/crypto/openssl/crypto/asn1/a_mbstr.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/a_mbstr.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/a_mbstr.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* a_mbstr.c */
/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
* project 1999.
Modified: trunk/crypto/openssl/crypto/asn1/a_meth.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/a_meth.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/a_meth.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/asn1/a_meth.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/asn1/a_object.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/a_object.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/a_object.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/asn1/a_object.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/asn1/a_octet.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/a_octet.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/a_octet.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/asn1/a_octet.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/asn1/a_print.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/a_print.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/a_print.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/asn1/a_print.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/asn1/a_set.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/a_set.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/a_set.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/asn1/a_set.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/asn1/a_sign.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/a_sign.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/a_sign.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/asn1/a_sign.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/asn1/a_strex.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/a_strex.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/a_strex.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* a_strex.c */
/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
* project 2000.
Modified: trunk/crypto/openssl/crypto/asn1/a_strnid.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/a_strnid.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/a_strnid.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* a_strnid.c */
/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
* project 1999.
@@ -76,7 +75,7 @@
* certain software (e.g. Netscape) has problems with them.
*/
-static unsigned long global_mask = 0xFFFFFFFFL;
+static unsigned long global_mask = B_ASN1_UTF8STRING;
void ASN1_STRING_set_default_mask(unsigned long mask)
{
Modified: trunk/crypto/openssl/crypto/asn1/a_time.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/a_time.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/a_time.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/asn1/a_time.c */
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
Modified: trunk/crypto/openssl/crypto/asn1/a_type.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/a_type.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/a_type.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/asn1/a_type.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/asn1/a_utctm.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/a_utctm.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/a_utctm.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/asn1/a_utctm.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/asn1/a_utf8.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/a_utf8.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/a_utf8.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/asn1/a_utf8.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/asn1/a_verify.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/a_verify.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/a_verify.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/asn1/a_verify.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/asn1/asn1.h
===================================================================
--- trunk/crypto/openssl/crypto/asn1/asn1.h 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/asn1.h 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/asn1/asn1.h */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/asn1/asn1_err.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/asn1_err.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/asn1_err.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/asn1/asn1_err.c */
/* ====================================================================
* Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved.
Modified: trunk/crypto/openssl/crypto/asn1/asn1_gen.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/asn1_gen.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/asn1_gen.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* asn1_gen.c */
/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
* project 2002.
Modified: trunk/crypto/openssl/crypto/asn1/asn1_lib.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/asn1_lib.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/asn1_lib.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/asn1/asn1_lib.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
@@ -132,6 +131,9 @@
*pclass=xclass;
if (!asn1_get_length(&p,&inf,plength,(int)max)) goto err;
+ if (inf && !(ret & V_ASN1_CONSTRUCTED))
+ goto err;
+
#if 0
fprintf(stderr,"p=%d + *plength=%ld > omax=%ld + *pp=%d (%d > %d)\n",
(int)p,*plength,omax,(int)*pp,(int)(p+ *plength),
Modified: trunk/crypto/openssl/crypto/asn1/asn1_mac.h
===================================================================
--- trunk/crypto/openssl/crypto/asn1/asn1_mac.h 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/asn1_mac.h 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/asn1/asn1_mac.h */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/asn1/asn1_par.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/asn1_par.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/asn1_par.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/asn1/asn1_par.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/asn1/asn1t.h
===================================================================
--- trunk/crypto/openssl/crypto/asn1/asn1t.h 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/asn1t.h 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* asn1t.h */
/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
* project 2000.
Modified: trunk/crypto/openssl/crypto/asn1/asn_mime.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/asn_mime.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/asn_mime.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* asn_mime.c */
/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
* project.
@@ -596,6 +595,8 @@
int len, state, save_state = 0;
headers = sk_MIME_HEADER_new(mime_hdr_cmp);
+ if (!headers)
+ return NULL;
while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
/* If whitespace at line start then continuation line */
if(mhdr && isspace((unsigned char)linebuf[0])) state = MIME_NAME;
Modified: trunk/crypto/openssl/crypto/asn1/asn_moid.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/asn_moid.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/asn_moid.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* asn_moid.c */
/* Written by Stephen Henson (steve at openssl.org) for the OpenSSL
* project 2001.
Modified: trunk/crypto/openssl/crypto/asn1/asn_pack.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/asn_pack.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/asn_pack.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* asn_pack.c */
/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
* project 1999.
@@ -135,15 +134,23 @@
if (!(octmp->length = i2d(obj, NULL))) {
ASN1err(ASN1_F_ASN1_PACK_STRING,ASN1_R_ENCODE_ERROR);
- return NULL;
+ goto err;
}
if (!(p = OPENSSL_malloc (octmp->length))) {
ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE);
- return NULL;
+ goto err;
}
octmp->data = p;
i2d (obj, &p);
return octmp;
+ err:
+ if (!oct || !*oct)
+ {
+ ASN1_STRING_free(octmp);
+ if (oct)
+ *oct = NULL;
+ }
+ return NULL;
}
#endif
Modified: trunk/crypto/openssl/crypto/asn1/charmap.h
===================================================================
--- trunk/crypto/openssl/crypto/asn1/charmap.h 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/charmap.h 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* Auto generated with chartype.pl script.
* Mask of various character properties
*/
Modified: trunk/crypto/openssl/crypto/asn1/d2i_pr.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/d2i_pr.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/d2i_pr.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/asn1/d2i_pr.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/asn1/d2i_pu.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/d2i_pu.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/d2i_pu.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/asn1/d2i_pu.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/asn1/evp_asn1.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/evp_asn1.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/evp_asn1.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/asn1/evp_asn1.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
@@ -67,7 +66,11 @@
ASN1_STRING *os;
if ((os=M_ASN1_OCTET_STRING_new()) == NULL) return(0);
- if (!M_ASN1_OCTET_STRING_set(os,data,len)) return(0);
+ if (!M_ASN1_OCTET_STRING_set(os,data,len))
+ {
+ M_ASN1_OCTET_STRING_free(os);
+ return 0;
+ }
ASN1_TYPE_set(a,V_ASN1_OCTET_STRING,os);
return(1);
}
Modified: trunk/crypto/openssl/crypto/asn1/f_enum.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/f_enum.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/f_enum.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/asn1/f_enum.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/asn1/f_int.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/f_int.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/f_int.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/asn1/f_int.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/asn1/f_string.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/f_string.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/f_string.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/asn1/f_string.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/asn1/i2d_pr.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/i2d_pr.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/i2d_pr.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/asn1/i2d_pr.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/asn1/i2d_pu.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/i2d_pu.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/i2d_pu.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/asn1/i2d_pu.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/asn1/n_pkey.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/n_pkey.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/n_pkey.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/asn1/n_pkey.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/asn1/nsseq.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/nsseq.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/nsseq.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* nsseq.c */
/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
* project 1999.
Modified: trunk/crypto/openssl/crypto/asn1/p5_pbe.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/p5_pbe.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/p5_pbe.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* p5_pbe.c */
/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
* project 1999.
Modified: trunk/crypto/openssl/crypto/asn1/p5_pbev2.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/p5_pbev2.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/p5_pbev2.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* p5_pbev2.c */
/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
* project 1999-2004.
Modified: trunk/crypto/openssl/crypto/asn1/p8_key.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/p8_key.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/p8_key.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/asn1/p8_key.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/asn1/p8_pkey.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/p8_pkey.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/p8_pkey.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* p8_pkey.c */
/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
* project 1999.
Modified: trunk/crypto/openssl/crypto/asn1/t_bitst.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/t_bitst.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/t_bitst.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* t_bitst.c */
/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
* project 1999.
Modified: trunk/crypto/openssl/crypto/asn1/t_crl.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/t_crl.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/t_crl.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* t_crl.c */
/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
* project 1999.
Modified: trunk/crypto/openssl/crypto/asn1/t_pkey.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/t_pkey.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/t_pkey.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/asn1/t_pkey.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
@@ -209,11 +208,6 @@
if (x->p)
buf_len = (size_t)BN_num_bytes(x->p);
- else
- {
- DSAerr(DSA_F_DSA_PRINT,DSA_R_MISSING_PARAMETERS);
- goto err;
- }
if (x->q)
if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
buf_len = i;
Modified: trunk/crypto/openssl/crypto/asn1/t_req.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/t_req.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/t_req.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/asn1/t_req.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/asn1/t_spki.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/t_spki.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/t_spki.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* t_spki.c */
/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
* project 1999.
Modified: trunk/crypto/openssl/crypto/asn1/t_x509.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/t_x509.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/t_x509.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/asn1/t_x509.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
@@ -466,6 +465,8 @@
l=80-2-obase;
b=X509_NAME_oneline(name,NULL,0);
+ if (!b)
+ return 0;
if (!*b)
{
OPENSSL_free(b);
Modified: trunk/crypto/openssl/crypto/asn1/t_x509a.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/t_x509a.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/t_x509a.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* t_x509a.c */
/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
* project 1999.
Modified: trunk/crypto/openssl/crypto/asn1/tasn_dec.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/tasn_dec.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/tasn_dec.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* tasn_dec.c */
/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
* project 2000.
Modified: trunk/crypto/openssl/crypto/asn1/tasn_enc.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/tasn_enc.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/tasn_enc.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* tasn_enc.c */
/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
* project 2000.
@@ -454,9 +453,14 @@
{
derlst = OPENSSL_malloc(sk_ASN1_VALUE_num(sk)
* sizeof(*derlst));
+ if (!derlst)
+ return 0;
tmpdat = OPENSSL_malloc(skcontlen);
- if (!derlst || !tmpdat)
+ if (!tmpdat)
+ {
+ OPENSSL_free(derlst);
return 0;
+ }
}
}
/* If not sorting just output each item */
Modified: trunk/crypto/openssl/crypto/asn1/tasn_fre.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/tasn_fre.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/tasn_fre.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* tasn_fre.c */
/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
* project 2000.
Modified: trunk/crypto/openssl/crypto/asn1/tasn_new.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/tasn_new.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/tasn_new.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* tasn_new.c */
/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
* project 2000.
Modified: trunk/crypto/openssl/crypto/asn1/tasn_prn.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/tasn_prn.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/tasn_prn.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* tasn_prn.c */
/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
* project 2000.
Modified: trunk/crypto/openssl/crypto/asn1/tasn_typ.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/tasn_typ.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/tasn_typ.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* tasn_typ.c */
/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
* project 2000.
Modified: trunk/crypto/openssl/crypto/asn1/tasn_utl.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/tasn_utl.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/tasn_utl.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* tasn_utl.c */
/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
* project 2000.
Modified: trunk/crypto/openssl/crypto/asn1/x_algor.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/x_algor.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/x_algor.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* x_algor.c */
/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
* project 2000.
Modified: trunk/crypto/openssl/crypto/asn1/x_attrib.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/x_attrib.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/x_attrib.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/asn1/x_attrib.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/asn1/x_bignum.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/x_bignum.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/x_bignum.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* x_bignum.c */
/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
* project 2000.
Modified: trunk/crypto/openssl/crypto/asn1/x_crl.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/x_crl.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/x_crl.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/asn1/x_crl.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/asn1/x_exten.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/x_exten.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/x_exten.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* x_exten.c */
/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
* project 2000.
Modified: trunk/crypto/openssl/crypto/asn1/x_info.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/x_info.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/x_info.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/asn1/x_info.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/asn1/x_long.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/x_long.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/x_long.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* x_long.c */
/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
* project 2000.
Modified: trunk/crypto/openssl/crypto/asn1/x_name.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/x_name.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/x_name.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/asn1/x_name.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/asn1/x_pkey.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/x_pkey.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/x_pkey.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/asn1/x_pkey.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/asn1/x_pubkey.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/x_pubkey.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/x_pubkey.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/asn1/x_pubkey.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/asn1/x_req.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/x_req.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/x_req.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/asn1/x_req.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/asn1/x_sig.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/x_sig.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/x_sig.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/asn1/x_sig.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/asn1/x_spki.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/x_spki.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/x_spki.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/asn1/x_spki.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/asn1/x_val.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/x_val.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/x_val.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/asn1/x_val.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/asn1/x_x509.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/x_x509.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/x_x509.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/asn1/x_x509.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/asn1/x_x509a.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/x_x509a.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/asn1/x_x509a.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* a_x509a.c */
/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
* project 1999.
Modified: trunk/crypto/openssl/crypto/bio/bio_lib.c
===================================================================
--- trunk/crypto/openssl/crypto/bio/bio_lib.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/bio/bio_lib.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -132,8 +132,8 @@
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data);
- if ((a->method == NULL) || (a->method->destroy == NULL)) return(1);
- a->method->destroy(a);
+ if ((a->method != NULL) && (a->method->destroy != NULL))
+ a->method->destroy(a);
OPENSSL_free(a);
return(1);
}
Index: trunk/crypto/openssl/crypto/bn/asm/x86_64-mont.pl
===================================================================
--- trunk/crypto/openssl/crypto/bn/asm/x86_64-mont.pl 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/bn/asm/x86_64-mont.pl 2014-10-12 20:48:00 UTC (rev 6872)
Property changes on: trunk/crypto/openssl/crypto/bn/asm/x86_64-mont.pl
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: trunk/crypto/openssl/crypto/bn/bn_const.c
===================================================================
--- trunk/crypto/openssl/crypto/bn/bn_const.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/bn/bn_const.c 2014-10-12 20:48:00 UTC (rev 6872)
Property changes on: trunk/crypto/openssl/crypto/bn/bn_const.c
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Modified: trunk/crypto/openssl/crypto/bn/bn_gf2m.c
===================================================================
--- trunk/crypto/openssl/crypto/bn/bn_gf2m.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/bn/bn_gf2m.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1095,3 +1095,54 @@
return 1;
}
+/*
+ * Constant-time conditional swap of a and b.
+ * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set.
+ * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b,
+ * and that no more than nwords are used by either a or b.
+ * a and b cannot be the same number
+ */
+void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)
+ {
+ BN_ULONG t;
+ int i;
+
+ bn_wcheck_size(a, nwords);
+ bn_wcheck_size(b, nwords);
+
+ assert(a != b);
+ assert((condition & (condition - 1)) == 0);
+ assert(sizeof(BN_ULONG) >= sizeof(int));
+
+ condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1;
+
+ t = (a->top^b->top) & condition;
+ a->top ^= t;
+ b->top ^= t;
+
+#define BN_CONSTTIME_SWAP(ind) \
+ do { \
+ t = (a->d[ind] ^ b->d[ind]) & condition; \
+ a->d[ind] ^= t; \
+ b->d[ind] ^= t; \
+ } while (0)
+
+
+ switch (nwords) {
+ default:
+ for (i = 10; i < nwords; i++)
+ BN_CONSTTIME_SWAP(i);
+ /* Fallthrough */
+ case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */
+ case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */
+ case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */
+ case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */
+ case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */
+ case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */
+ case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */
+ case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */
+ case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */
+ case 1: BN_CONSTTIME_SWAP(0);
+ }
+#undef BN_CONSTTIME_SWAP
+}
Modified: trunk/crypto/openssl/crypto/bn/bn_lib.c
===================================================================
--- trunk/crypto/openssl/crypto/bn/bn_lib.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/bn/bn_lib.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -320,6 +320,15 @@
BNerr(BN_F_BN_EXPAND_INTERNAL,ERR_R_MALLOC_FAILURE);
return(NULL);
}
+#ifdef PURIFY
+ /* Valgrind complains in BN_consttime_swap because we process the whole
+ * array even if it's not initialised yet. This doesn't matter in that
+ * function - what's important is constant time operation (we're not
+ * actually going to use the data)
+ */
+ memset(a, 0, sizeof(BN_ULONG)*words);
+#endif
+
#if 1
B=b->d;
/* Check if the previous number needs to be copied */
@@ -824,55 +833,3 @@
}
return bn_cmp_words(a,b,cl);
}
-
-/*
- * Constant-time conditional swap of a and b.
- * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set.
- * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b,
- * and that no more than nwords are used by either a or b.
- * a and b cannot be the same number
- */
-void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)
- {
- BN_ULONG t;
- int i;
-
- bn_wcheck_size(a, nwords);
- bn_wcheck_size(b, nwords);
-
- assert(a != b);
- assert((condition & (condition - 1)) == 0);
- assert(sizeof(BN_ULONG) >= sizeof(int));
-
- condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1;
-
- t = (a->top^b->top) & condition;
- a->top ^= t;
- b->top ^= t;
-
-#define BN_CONSTTIME_SWAP(ind) \
- do { \
- t = (a->d[ind] ^ b->d[ind]) & condition; \
- a->d[ind] ^= t; \
- b->d[ind] ^= t; \
- } while (0)
-
-
- switch (nwords) {
- default:
- for (i = 10; i < nwords; i++)
- BN_CONSTTIME_SWAP(i);
- /* Fallthrough */
- case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */
- case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */
- case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */
- case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */
- case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */
- case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */
- case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */
- case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */
- case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */
- case 1: BN_CONSTTIME_SWAP(0);
- }
-#undef BN_CONSTTIME_SWAP
-}
Modified: trunk/crypto/openssl/crypto/bn/bn_mont.c
===================================================================
--- trunk/crypto/openssl/crypto/bn/bn_mont.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/bn/bn_mont.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -701,32 +701,38 @@
BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,
const BIGNUM *mod, BN_CTX *ctx)
{
- int got_write_lock = 0;
BN_MONT_CTX *ret;
CRYPTO_r_lock(lock);
- if (!*pmont)
+ ret = *pmont;
+ CRYPTO_r_unlock(lock);
+ if (ret)
+ return ret;
+
+ /* We don't want to serialise globally while doing our lazy-init math in
+ * BN_MONT_CTX_set. That punishes threads that are doing independent
+ * things. Instead, punish the case where more than one thread tries to
+ * lazy-init the same 'pmont', by having each do the lazy-init math work
+ * independently and only use the one from the thread that wins the race
+ * (the losers throw away the work they've done). */
+ ret = BN_MONT_CTX_new();
+ if (!ret)
+ return NULL;
+ if (!BN_MONT_CTX_set(ret, mod, ctx))
{
- CRYPTO_r_unlock(lock);
- CRYPTO_w_lock(lock);
- got_write_lock = 1;
+ BN_MONT_CTX_free(ret);
+ return NULL;
+ }
- if (!*pmont)
- {
- ret = BN_MONT_CTX_new();
- if (ret && !BN_MONT_CTX_set(ret, mod, ctx))
- BN_MONT_CTX_free(ret);
- else
- *pmont = ret;
- }
+ /* The locked compare-and-set, after the local work is done. */
+ CRYPTO_w_lock(lock);
+ if (*pmont)
+ {
+ BN_MONT_CTX_free(ret);
+ ret = *pmont;
}
-
- ret = *pmont;
-
- if (got_write_lock)
- CRYPTO_w_unlock(lock);
else
- CRYPTO_r_unlock(lock);
-
+ *pmont = ret;
+ CRYPTO_w_unlock(lock);
return ret;
}
Modified: trunk/crypto/openssl/crypto/bn/bn_sqr.c
===================================================================
--- trunk/crypto/openssl/crypto/bn/bn_sqr.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/bn/bn_sqr.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -77,6 +77,7 @@
if (al <= 0)
{
r->top=0;
+ r->neg = 0;
return 1;
}
Modified: trunk/crypto/openssl/crypto/cms/cms_cd.c
===================================================================
--- trunk/crypto/openssl/crypto/cms/cms_cd.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/cms/cms_cd.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -58,7 +58,9 @@
#include <openssl/err.h>
#include <openssl/cms.h>
#include <openssl/bio.h>
+#ifndef OPENSSL_NO_COMP
#include <openssl/comp.h>
+#endif
#include "cms_lcl.h"
DECLARE_ASN1_ITEM(CMS_CompressedData)
Modified: trunk/crypto/openssl/crypto/cms/cms_env.c
===================================================================
--- trunk/crypto/openssl/crypto/cms/cms_env.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/cms/cms_env.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -185,6 +185,8 @@
if (flags & CMS_USE_KEYID)
{
ktri->version = 2;
+ if (env->version < 2)
+ env->version = 2;
type = CMS_RECIPINFO_KEYIDENTIFIER;
}
else
Modified: trunk/crypto/openssl/crypto/cms/cms_lib.c
===================================================================
--- trunk/crypto/openssl/crypto/cms/cms_lib.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/cms/cms_lib.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -477,8 +477,6 @@
pcerts = cms_get0_certificate_choices(cms);
if (!pcerts)
return 0;
- if (!pcerts)
- return 0;
for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++)
{
cch = sk_CMS_CertificateChoices_value(*pcerts, i);
Modified: trunk/crypto/openssl/crypto/cms/cms_sd.c
===================================================================
--- trunk/crypto/openssl/crypto/cms/cms_sd.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/cms/cms_sd.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -157,8 +157,8 @@
if (sd->version < 3)
sd->version = 3;
}
- else
- sd->version = 1;
+ else if (si->version < 1)
+ si->version = 1;
}
if (sd->version < 1)
Modified: trunk/crypto/openssl/crypto/cms/cms_smime.c
===================================================================
--- trunk/crypto/openssl/crypto/cms/cms_smime.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/cms/cms_smime.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -622,7 +622,7 @@
STACK_OF(CMS_RecipientInfo) *ris;
CMS_RecipientInfo *ri;
int i, r;
- int debug = 0;
+ int debug = 0, ri_match = 0;
ris = CMS_get0_RecipientInfos(cms);
if (ris)
debug = cms->d.envelopedData->encryptedContentInfo->debug;
@@ -631,6 +631,7 @@
ri = sk_CMS_RecipientInfo_value(ris, i);
if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_TRANS)
continue;
+ ri_match = 1;
/* If we have a cert try matching RecipientInfo
* otherwise try them all.
*/
@@ -666,7 +667,7 @@
}
}
/* If no cert and not debugging always return success */
- if (!cert && !debug)
+ if (ri_match && !cert && !debug)
{
ERR_clear_error();
return 1;
Modified: trunk/crypto/openssl/crypto/conf/conf_api.c
===================================================================
--- trunk/crypto/openssl/crypto/conf/conf_api.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/conf/conf_api.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -294,7 +294,7 @@
v->value=(char *)sk;
vv=(CONF_VALUE *)lh_insert(conf->data,v);
- assert(vv == NULL);
+ OPENSSL_assert(vv == NULL);
ok=1;
err:
if (!ok)
Modified: trunk/crypto/openssl/crypto/conf/conf_def.c
===================================================================
--- trunk/crypto/openssl/crypto/conf/conf_def.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/conf/conf_def.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -324,7 +324,7 @@
p=eat_ws(conf, end);
if (*p != ']')
{
- if (*p != '\0')
+ if (*p != '\0' && ss != p)
{
ss=p;
goto again;
Modified: trunk/crypto/openssl/crypto/cpt_err.c
===================================================================
--- trunk/crypto/openssl/crypto/cpt_err.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/cpt_err.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/cpt_err.c */
/* ====================================================================
* Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
Modified: trunk/crypto/openssl/crypto/cryptlib.c
===================================================================
--- trunk/crypto/openssl/crypto/cryptlib.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/cryptlib.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/cryptlib.c */
/* ====================================================================
* Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
Modified: trunk/crypto/openssl/crypto/cryptlib.h
===================================================================
--- trunk/crypto/openssl/crypto/cryptlib.h 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/cryptlib.h 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/cryptlib.h */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/crypto-lib.com
===================================================================
--- trunk/crypto/openssl/crypto/crypto-lib.com 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/crypto-lib.com 2014-10-12 20:48:00 UTC (rev 6872)
@@ -6,10 +6,11 @@
$! byer at mail.all-net.net
$!
$! Changes by Richard Levitte <richard at levitte.org>
+$! Zoltan Arpadffy <arpadffy at polarhome.com>
$!
$! This command files compiles and creates the "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB"
-$! library for OpenSSL. The "xxx" denotes the machine architecture of AXP
-$! or VAX.
+$! library for OpenSSL. The "xxx" denotes the machine architecture, ALPHA,
+$! IA64 or VAX.
$!
$! It was re-written so it would try to determine what "C" compiler to use
$! or you can specify which "C" compiler to use.
@@ -17,9 +18,9 @@
$! Specify the following as P1 to build just that part or ALL to just
$! build everything.
$!
-$! LIBRARY To just compile the [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library.
-$! APPS To just compile the [.xxx.EXE.CRYPTO]*.EXE
-$! ALL To do both LIBRARY and APPS
+$! LIBRARY To just compile the [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library.
+$! APPS To just compile the [.xxx.EXE.CRYPTO]*.EXE
+$! ALL To do both LIBRARY and APPS
$!
$! Specify DEBUG or NODEBUG as P2 to compile with or without debugger
$! information.
@@ -26,19 +27,19 @@
$!
$! Specify which compiler at P3 to try to compile under.
$!
-$! VAXC For VAX C.
-$! DECC For DEC C.
-$! GNUC For GNU C.
+$! VAXC For VAX C.
+$! DECC For DEC C.
+$! GNUC For GNU C.
$!
-$! If you don't speficy a compiler, it will try to determine which
+$! If you don't specify a compiler, it will try to determine which
$! "C" compiler to use.
$!
$! P4, if defined, sets a TCP/IP library to use, through one of the following
$! keywords:
$!
-$! UCX for UCX
-$! TCPIP for TCPIP (post UCX)
-$! SOCKETSHR for SOCKETSHR+NETLIB
+$! UCX For UCX
+$! TCPIP For TCPIP (post UCX)
+$! SOCKETSHR For SOCKETSHR+NETLIB
$!
$! P5, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up)
$!
@@ -54,20 +55,21 @@
$!
$! Check Which Architecture We Are Using.
$!
-$ IF (F$GETSYI("CPU").GE.128)
+$ IF (F$GETSYI("CPU").LT.128)
$ THEN
$!
-$! The Architecture Is AXP
+$! The Architecture Is VAX
$!
-$ ARCH := AXP
+$ ARCH := VAX
$!
$! Else...
$!
$ ELSE
$!
-$! The Architecture Is VAX.
+$! The Architecture Is Alpha, IA64 or whatever comes in the future.
$!
-$ ARCH := VAX
+$ ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE")
+$ IF (ARCH .EQS. "") THEN ARCH = "UNK"
$!
$! End The Architecture Check.
$!
@@ -74,17 +76,27 @@
$ ENDIF
$!
$! Define The Different Encryption Types.
+$! NOTE: Some might think this list ugly. However, it's made this way to
+$! reflect the SDIRS variable in [-]Makefile.org as closely as possible,
+$! thereby making it fairly easy to verify that the lists are the same.
$!
$ ENCRYPT_TYPES = "Basic,"+ -
"OBJECTS,"+ -
"MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,"+ -
- "DES,RC2,RC4,RC5,IDEA,BF,CAST,CAMELLIA,"+ -
+ "DES,RC2,RC4,RC5,IDEA,BF,CAST,CAMELLIA,SEED,"+ -
"BN,EC,RSA,DSA,ECDSA,DH,ECDH,DSO,ENGINE,AES,"+ -
"BUFFER,BIO,STACK,LHASH,RAND,ERR,"+ -
"EVP,EVP_2,ASN1,ASN1_2,PEM,X509,X509V3,"+ -
"CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,UI,KRB5,"+ -
- "STORE,PQUEUE"
+ "STORE,CMS,PQUEUE,JPAKE"
+$! Define The OBJ Directory.
$!
+$ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.CRYPTO]
+$!
+$! Define The EXE Directory.
+$!
+$ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.CRYPTO]
+$!
$! Check To Make Sure We Have Valid Command Line Parameters.
$!
$ GOSUB CHECK_OPTIONS
@@ -97,10 +109,7 @@
$!
$ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine."
$!
-$! Define The OBJ Directory.
$!
-$ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.CRYPTO]
-$!
$! Check To See If The Architecture Specific OBJ Directory Exists.
$!
$ IF (F$PARSE(OBJ_DIR).EQS."")
@@ -114,10 +123,6 @@
$!
$ ENDIF
$!
-$! Define The EXE Directory.
-$!
-$ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.CRYPTO]
-$!
$! Check To See If The Architecture Specific Directory Exists.
$!
$ IF (F$PARSE(EXE_DIR).EQS."")
@@ -161,7 +166,7 @@
$ APPS_DES = "DES/DES,CBC3_ENC"
$ APPS_PKCS7 = "ENC/ENC;DEC/DEC;SIGN/SIGN;VERIFY/VERIFY,EXAMPLE"
$
-$ LIB_ = "cryptlib,mem,mem_clr,mem_dbg,cversion,ex_data,tmdiff,cpt_err,ebcdic,uid,o_time,o_str,o_dir"
+$ LIB_ = "cryptlib,dyn_lck,mem,mem_clr,mem_dbg,cversion,ex_data,tmdiff,cpt_err,ebcdic,uid,o_time,o_str,o_dir,o_init,fips_err"
$ LIB_MD2 = "md2_dgst,md2_one"
$ LIB_MD4 = "md4_dgst,md4_one"
$ LIB_MD5 = "md5_dgst,md5_one"
@@ -169,7 +174,7 @@
$ LIB_MDC2 = "mdc2dgst,mdc2_one"
$ LIB_HMAC = "hmac"
$ LIB_RIPEMD = "rmd_dgst,rmd_one"
-$ LIB_DES = "set_key,ecb_enc,cbc_enc,"+ -
+$ LIB_DES = "des_lib,set_key,ecb_enc,cbc_enc,"+ -
"ecb3_enc,cfb64enc,cfb64ede,cfb_enc,ofb64ede,"+ -
"enc_read,enc_writ,ofb64enc,"+ -
"ofb_enc,str2key,pcbc_enc,qud_cksm,rand_key,"+ -
@@ -184,21 +189,23 @@
$ LIB_CAST = "c_skey,c_ecb,c_enc,c_cfb64,c_ofb64"
$ LIB_CAMELLIA = "camellia,cmll_misc,cmll_ecb,cmll_cbc,cmll_ofb,"+ -
"cmll_cfb,cmll_ctr"
+$ LIB_SEED = "seed,seed_cbc,seed_ecb,seed_cfb,seed_ofb"
$ LIB_BN_ASM = "[.asm]vms.mar,vms-helper"
-$ IF F$TRNLNM("OPENSSL_NO_ASM").OR.ARCH.EQS."AXP" THEN LIB_BN_ASM = "bn_asm"
+$ IF F$TRNLNM("OPENSSL_NO_ASM") .OR. ARCH .NES. "VAX" THEN -
+ LIB_BN_ASM = "bn_asm"
$ LIB_BN = "bn_add,bn_div,bn_exp,bn_lib,bn_ctx,bn_mul,bn_mod,"+ -
"bn_print,bn_rand,bn_shift,bn_word,bn_blind,"+ -
"bn_kron,bn_sqrt,bn_gcd,bn_prime,bn_err,bn_sqr,"+LIB_BN_ASM+","+ -
"bn_recp,bn_mont,bn_mpi,bn_exp2,bn_gf2m,bn_nist,"+ -
- "bn_depr,bn_const"
+ "bn_depr,bn_x931p,bn_const,bn_opt"
$ LIB_EC = "ec_lib,ecp_smpl,ecp_mont,ecp_nist,ec_cvt,ec_mult,"+ -
"ec_err,ec_curve,ec_check,ec_print,ec_asn1,ec_key,"+ -
"ec2_smpl,ec2_mult"
$ LIB_RSA = "rsa_eay,rsa_gen,rsa_lib,rsa_sign,rsa_saos,rsa_err,"+ -
"rsa_pk1,rsa_ssl,rsa_none,rsa_oaep,rsa_chk,rsa_null,"+ -
- "rsa_pss,rsa_x931,rsa_asn1,rsa_depr"
+ "rsa_pss,rsa_x931,rsa_x931g,rsa_asn1,rsa_depr,rsa_eng"
$ LIB_DSA = "dsa_gen,dsa_key,dsa_lib,dsa_asn1,dsa_vrf,dsa_sign,"+ -
- "dsa_err,dsa_ossl,dsa_depr"
+ "dsa_err,dsa_ossl,dsa_depr,dsa_utl"
$ LIB_ECDSA = "ecs_lib,ecs_asn1,ecs_ossl,ecs_sign,ecs_vrf,ecs_err"
$ LIB_DH = "dh_asn1,dh_gen,dh_key,dh_lib,dh_check,dh_err,dh_depr"
$ LIB_ECDH = "ech_lib,ech_ossl,ech_key,ech_err"
@@ -210,8 +217,8 @@
"tb_cipher,tb_digest,"+ -
"eng_openssl,eng_dyn,eng_cnf,eng_cryptodev,eng_padlock"
$ LIB_AES = "aes_core,aes_misc,aes_ecb,aes_cbc,aes_cfb,aes_ofb,"+ -
- "aes_ctr,aes_ige"
-$ LIB_BUFFER = "buffer,buf_err"
+ "aes_ctr,aes_ige,aes_wrap"
+$ LIB_BUFFER = "buffer,buf_str,buf_err"
$ LIB_BIO = "bio_lib,bio_cb,bio_err,"+ -
"bss_mem,bss_null,bss_fd,"+ -
"bss_file,bss_sock,bss_conn,"+ -
@@ -223,12 +230,12 @@
$ LIB_LHASH = "lhash,lh_stats"
$ LIB_RAND = "md_rand,randfile,rand_lib,rand_err,rand_egd,"+ -
"rand_vms"
-$ LIB_ERR = "err,err_all,err_prn"
+$ LIB_ERR = "err,err_def,err_all,err_prn,err_str,err_bio"
$ LIB_OBJECTS = "o_names,obj_dat,obj_lib,obj_err"
-$ LIB_EVP = "encode,digest,evp_enc,evp_key,evp_acnf,"+ -
+$ LIB_EVP = "encode,digest,dig_eng,evp_enc,evp_key,evp_acnf,evp_cnf,"+ -
"e_des,e_bf,e_idea,e_des3,e_camellia,"+ -
- "e_rc4,e_aes,names,"+ -
- "e_xcbc_d,e_rc2,e_cast,e_rc5"
+ "e_rc4,e_aes,names,e_seed,"+ -
+ "e_xcbc_d,e_rc2,e_cast,e_rc5,enc_min"
$ LIB_EVP_2 = "m_null,m_md2,m_md4,m_md5,m_sha,m_sha1," + -
"m_dss,m_dss1,m_mdc2,m_ripemd,m_ecdsa,"+ -
"p_open,p_seal,p_sign,p_verify,p_lib,p_enc,p_dec,"+ -
@@ -235,6 +242,7 @@
"bio_md,bio_b64,bio_enc,evp_err,e_null,"+ -
"c_all,c_allc,c_alld,evp_lib,bio_ok,"+-
"evp_pkey,evp_pbe,p5_crpt,p5_crpt2"
+$ LIB_EVP_3 = "e_old"
$ LIB_ASN1 = "a_object,a_bitstr,a_utctm,a_gentm,a_time,a_int,a_octet,"+ -
"a_print,a_type,a_set,a_dup,a_d2i_fp,a_i2d_fp,"+ -
"a_enum,a_utf8,a_sign,a_digest,a_verify,a_mbstr,a_strex,"+ -
@@ -244,7 +252,7 @@
$ LIB_ASN1_2 = "t_req,t_x509,t_x509a,t_crl,t_pkey,t_spki,t_bitst,"+ -
"tasn_new,tasn_fre,tasn_enc,tasn_dec,tasn_utl,tasn_typ,"+ -
"f_int,f_string,n_pkey,"+ -
- "f_enum,a_hdr,x_pkey,a_bool,x_exten,"+ -
+ "f_enum,a_hdr,x_pkey,a_bool,x_exten,asn_mime,"+ -
"asn1_gen,asn1_par,asn1_lib,asn1_err,a_meth,a_bytes,a_strnid,"+ -
"evp_asn1,asn_pack,p5_pbe,p5_pbev2,p8_pkey,asn_moid"
$ LIB_PEM = "pem_sign,pem_seal,pem_info,pem_lib,pem_all,pem_err,"+ -
@@ -276,7 +284,10 @@
$ LIB_UI = "ui_err,ui_lib,ui_openssl,ui_util"+LIB_UI_COMPAT
$ LIB_KRB5 = "krb5_asn"
$ LIB_STORE = "str_err,str_lib,str_meth,str_mem"
+$ LIB_CMS = "cms_lib,cms_asn1,cms_att,cms_io,cms_smime,cms_err,"+ -
+ "cms_sd,cms_dd,cms_cd,cms_env,cms_enc,cms_ess"
$ LIB_PQUEUE = "pqueue"
+$ LIB_JPAKE = "jpake,jpake_err"
$!
$! Setup exceptional compilations
$!
@@ -286,7 +297,7 @@
$ COMPILEWITH_CC4 = ",a_utctm,bss_log,o_time,o_dir"
$ ! Disable disjoint optimization
$ COMPILEWITH_CC5 = ",md2_dgst,md4_dgst,md5_dgst,mdc2dgst," + -
- "sha_dgst,sha1dgst,rmd_dgst,bf_enc,"
+ "seed,sha_dgst,sha1dgst,rmd_dgst,bf_enc,"
$ ! Disable the MIXLINKAGE warning
$ COMPILEWITH_CC6 = ",enc_read,set_key,"
$!
@@ -329,11 +340,11 @@
$!
$ LIB_MODULE = "LIB_" + MODULE_NAME
$ APPS_MODULE = "APPS_" + MODULE_NAME
-$ IF (MODULE_NAME.EQS."ASN1_2")
+$ IF (F$EXTRACT(0,5,MODULE_NAME).EQS."ASN1_")
$ THEN
$ MODULE_NAME = "ASN1"
$ ENDIF
-$ IF (MODULE_NAME.EQS."EVP_2")
+$ IF (F$EXTRACT(0,4,MODULE_NAME).EQS."EVP_")
$ THEN
$ MODULE_NAME = "EVP"
$ ENDIF
@@ -689,7 +700,7 @@
$ IF (F$SEARCH(OPT_FILE).EQS."")
$ THEN
$!
-$! Figure Out If We Need An AXP Or A VAX Linker Option File.
+$! Figure Out If We Need A non-VAX Or A VAX Linker Option File.
$!
$ IF ARCH .EQS. "VAX"
$ THEN
@@ -709,12 +720,12 @@
$!
$ ELSE
$!
-$! Create The AXP Linker Option File.
+$! Create The non-VAX Linker Option File.
$!
$ CREATE 'OPT_FILE'
$DECK
!
-! Default System Options File For AXP To Link Agianst
+! Default System Options File For non-VAX To Link Agianst
! The Sharable C Runtime Library.
!
SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE
@@ -721,7 +732,7 @@
SYS$SHARE:CMA$OPEN_RTL/SHARE
$EOD
$!
-$! End The VAX/AXP DEC C Option File Check.
+$! End The DEC C Option File Check.
$!
$ ENDIF
$!
@@ -782,8 +793,9 @@
$ WRITE SYS$OUTPUT ""
$ WRITE SYS$OUTPUT " Where 'xxx' Stands For:"
$ WRITE SYS$OUTPUT ""
-$ WRITE SYS$OUTPUT " AXP : Alpha Architecture."
-$ WRITE SYS$OUTPUT " VAX : VAX Architecture."
+$ WRITE SYS$OUTPUT " ALPHA : Alpha Architecture."
+$ WRITE SYS$OUTPUT " IA64 : IA64 Architecture."
+$ WRITE SYS$OUTPUT " VAX : VAX Architecture."
$ WRITE SYS$OUTPUT ""
$!
$! Time To EXIT.
@@ -908,7 +920,7 @@
$!
$! Check To See If We Have VAXC Or DECC.
$!
-$ IF (ARCH.EQS."AXP").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."")
+$ IF (ARCH.NES."VAX").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."")
$ THEN
$!
$! Looks Like DECC, Set To Use DECC.
@@ -1014,12 +1026,12 @@
THEN CC = "CC/DECC"
$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
"/NOLIST/PREFIX=ALL" + -
- "/INCLUDE=(SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP])" + -
+ "/INCLUDE=(SYS$DISK:[],SYS$DISK:[._''ARCH'],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP])" + -
CCEXTRAFLAGS
$!
$! Define The Linker Options File Name.
$!
-$ OPT_FILE = "SYS$DISK:[]VAX_DECC_OPTIONS.OPT"
+$ OPT_FILE = "''EXE_DIR'VAX_DECC_OPTIONS.OPT"
$!
$! End DECC Check.
$!
@@ -1041,14 +1053,14 @@
$! Compile Using VAXC.
$!
$ CC = "CC"
-$ IF ARCH.EQS."AXP"
+$ IF ARCH.NES."VAX"
$ THEN
-$ WRITE SYS$OUTPUT "There is no VAX C on Alpha!"
+$ WRITE SYS$OUTPUT "There is no VAX C on ''ARCH'!"
$ EXIT
$ ENDIF
$ IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
- "/INCLUDE=(SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS])" + -
+ "/INCLUDE=(SYS$DISK:[],SYS$DISK:[._''ARCH'],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS])" + -
CCEXTRAFLAGS
$ CCDEFS = """VAXC""," + CCDEFS
$!
@@ -1058,7 +1070,7 @@
$!
$! Define The Linker Options File Name.
$!
-$ OPT_FILE = "SYS$DISK:[]VAX_VAXC_OPTIONS.OPT"
+$ OPT_FILE = "''EXE_DIR'VAX_VAXC_OPTIONS.OPT"
$!
$! End VAXC Check
$!
@@ -1080,12 +1092,12 @@
$! Use GNU C...
$!
$ CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
- "/INCLUDE=(SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS])" + -
+ "/INCLUDE=(SYS$DISK:[],SYS$DISK:[._''ARCH'],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS])" + -
CCEXTRAFLAGS
$!
$! Define The Linker Options File Name.
$!
-$ OPT_FILE = "SYS$DISK:[]VAX_GNUC_OPTIONS.OPT"
+$ OPT_FILE = "''EXE_DIR'VAX_GNUC_OPTIONS.OPT"
$!
$! End The GNU C Check.
$!
@@ -1155,7 +1167,7 @@
$! Build a MACRO command for the architecture at hand
$!
$ IF ARCH .EQS. "VAX" THEN MACRO = "MACRO/''DEBUGGER'"
-$ IF ARCH .EQS. "AXP" THEN MACRO = "MACRO/MIGRATION/''DEBUGGER'/''MACRO_OPTIMIZE'"
+$ IF ARCH .NES. "VAX" THEN MACRO = "MACRO/MIGRATION/''DEBUGGER'/''MACRO_OPTIMIZE'"
$!
$! Show user the result
$!
Modified: trunk/crypto/openssl/crypto/crypto.h
===================================================================
--- trunk/crypto/openssl/crypto/crypto.h 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/crypto.h 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/crypto.h */
/* ====================================================================
* Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
Modified: trunk/crypto/openssl/crypto/cversion.c
===================================================================
--- trunk/crypto/openssl/crypto/cversion.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/cversion.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/cversion.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/des/des-lib.com
===================================================================
--- trunk/crypto/openssl/crypto/des/des-lib.com 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/des/des-lib.com 2014-10-12 20:48:00 UTC (rev 6872)
@@ -9,7 +9,7 @@
$!
$! This command files compiles and creates the
$! "[.xxx.EXE.CRYPTO.DES]LIBDES.OLB" library. The "xxx" denotes the machine
-$! architecture of AXP or VAX.
+$! architecture of ALPHA, IA64 or VAX.
$!
$! It was re-written to try to determine which "C" compiler to try to use
$! or the user can specify a compiler in P3.
@@ -45,25 +45,34 @@
$!
$! Check Which Architecture We Are Using.
$!
-$ IF (F$GETSYI("CPU").GE.128)
+$ IF (F$GETSYI("CPU").LT.128)
$ THEN
$!
-$! The Architecture Is AXP.
+$! The Architecture Is VAX
$!
-$ ARCH := AXP
+$ ARCH := VAX
$!
$! Else...
$!
$ ELSE
$!
-$! The Architecture Is VAX.
+$! The Architecture Is Alpha, IA64 or whatever comes in the future.
$!
-$ ARCH := VAX
+$ ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE")
+$ IF (ARCH .EQS. "") THEN ARCH = "UNK"
$!
$! End The Architecture Check.
$!
$ ENDIF
$!
+$! Define The OBJ Directory Name.
+$!
+$ OBJ_DIR := SYS$DISK:[--.'ARCH'.OBJ.CRYPTO.DES]
+$!
+$! Define The EXE Directory Name.
+$!
+$ EXE_DIR :== SYS$DISK:[--.'ARCH'.EXE.CRYPTO.DES]
+$!
$! Check To Make Sure We Have Valid Command Line Parameters.
$!
$ GOSUB CHECK_OPTIONS
@@ -72,10 +81,6 @@
$!
$ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine."
$!
-$! Define The OBJ Directory Name.
-$!
-$ OBJ_DIR := SYS$DISK:[--.'ARCH'.OBJ.CRYPTO.DES]
-$!
$! Check To See If The Architecture Specific OBJ Directory Exists.
$!
$ IF (F$PARSE(OBJ_DIR).EQS."")
@@ -89,10 +94,6 @@
$!
$ ENDIF
$!
-$! Define The EXE Directory Name.
-$!
-$ EXE_DIR :== SYS$DISK:[--.'ARCH'.EXE.CRYPTO.DES]
-$!
$! Check To See If The Architecture Specific Directory Exists.
$!
$ IF (F$PARSE(EXE_DIR).EQS."")
@@ -564,7 +565,7 @@
$ IF (F$SEARCH(OPT_FILE).EQS."")
$ THEN
$!
-$! Figure Out If We Need An AXP Or A VAX Linker Option File.
+$! Figure Out If We Need An non-VAX Or A VAX Linker Option File.
$!
$ IF (F$GETSYI("CPU").LT.128)
$ THEN
@@ -584,12 +585,12 @@
$!
$ ELSE
$!
-$! Create The AXP Linker Option File.
+$! Create The non-VAX Linker Option File.
$!
$ CREATE 'OPT_FILE'
$DECK
!
-! Default System Options File For AXP To Link Agianst
+! Default System Options File For non-VAX To Link Agianst
! The Sharable C Runtime Library.
!
SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE
@@ -596,7 +597,7 @@
SYS$SHARE:CMA$OPEN_RTL/SHARE
$EOD
$!
-$! End The VAX/AXP DEC C Option File Check.
+$! End The DEC C Option File Check.
$!
$ ENDIF
$!
@@ -687,8 +688,9 @@
$ WRITE SYS$OUTPUT ""
$ WRITE SYS$OUTPUT " Where 'xxx' Stands For: "
$ WRITE SYS$OUTPUT ""
-$ WRITE SYS$OUTPUT " AXP : Alpha Architecture."
-$ WRITE SYS$OUTPUT " VAX : VAX Architecture."
+$ WRITE SYS$OUTPUT " ALPHA : Alpha Architecture."
+$ WRITE SYS$OUTPUT " IA64 : IA64 Architecture."
+$ WRITE SYS$OUTPUT " VAX : VAX Architecture."
$ WRITE SYS$OUTPUT ""
$!
$! Time To EXIT.
@@ -817,7 +819,7 @@
$!
$! Check To See If We Have VAXC Or DECC.
$!
-$ IF (ARCH.EQS."AXP").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."")
+$ IF (ARCH.NES."VAX").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."")
$ THEN
$!
$! Looks Like DECC, Set To Use DECC.
@@ -882,7 +884,7 @@
$!
$! Define The Linker Options File Name.
$!
-$ OPT_FILE = "SYS$DISK:[]VAX_DECC_OPTIONS.OPT"
+$ OPT_FILE = "''EXE_DIR'VAX_DECC_OPTIONS.OPT"
$!
$! End DECC Check.
$!
@@ -904,9 +906,9 @@
$! Compile Using VAXC.
$!
$ CC = "CC"
-$ IF ARCH.EQS."AXP"
+$ IF ARCH.NES."VAX"
$ THEN
-$ WRITE SYS$OUTPUT "There is no VAX C on Alpha!"
+$ WRITE SYS$OUTPUT "There is no VAX C on ''ARCH'!"
$ EXIT
$ ENDIF
$ IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
@@ -919,7 +921,7 @@
$!
$! Define The Linker Options File Name.
$!
-$ OPT_FILE = "SYS$DISK:[]VAX_VAXC_OPTIONS.OPT"
+$ OPT_FILE = "''EXE_DIR'VAX_VAXC_OPTIONS.OPT"
$!
$! End VAXC Check
$!
@@ -944,7 +946,7 @@
$!
$! Define The Linker Options File Name.
$!
-$ OPT_FILE = "SYS$DISK:[]VAX_GNUC_OPTIONS.OPT"
+$ OPT_FILE = "''EXE_DIR'VAX_GNUC_OPTIONS.OPT"
$!
$! End The GNU C Check.
$!
Modified: trunk/crypto/openssl/crypto/dh/dh.h
===================================================================
--- trunk/crypto/openssl/crypto/dh/dh.h 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/dh/dh.h 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/dh/dh.h */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/dh/dh_asn1.c
===================================================================
--- trunk/crypto/openssl/crypto/dh/dh_asn1.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/dh/dh_asn1.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* dh_asn1.c */
/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
* project 2000.
Modified: trunk/crypto/openssl/crypto/dh/dh_check.c
===================================================================
--- trunk/crypto/openssl/crypto/dh/dh_check.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/dh/dh_check.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/dh/dh_check.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/dh/dh_depr.c
===================================================================
--- trunk/crypto/openssl/crypto/dh/dh_depr.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/dh/dh_depr.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/dh/dh_depr.c */
/* ====================================================================
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
Modified: trunk/crypto/openssl/crypto/dh/dh_err.c
===================================================================
--- trunk/crypto/openssl/crypto/dh/dh_err.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/dh/dh_err.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/dh/dh_err.c */
/* ====================================================================
* Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
Modified: trunk/crypto/openssl/crypto/dh/dh_gen.c
===================================================================
--- trunk/crypto/openssl/crypto/dh/dh_gen.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/dh/dh_gen.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/dh/dh_gen.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/dh/dh_key.c
===================================================================
--- trunk/crypto/openssl/crypto/dh/dh_key.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/dh/dh_key.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/dh/dh_key.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/dh/dh_lib.c
===================================================================
--- trunk/crypto/openssl/crypto/dh/dh_lib.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/dh/dh_lib.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/dh/dh_lib.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/dh/dhtest.c
===================================================================
--- trunk/crypto/openssl/crypto/dh/dhtest.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/dh/dhtest.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/dh/dhtest.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/dh/p1024.c
===================================================================
--- trunk/crypto/openssl/crypto/dh/p1024.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/dh/p1024.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/dh/p1024.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/dh/p192.c
===================================================================
--- trunk/crypto/openssl/crypto/dh/p192.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/dh/p192.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/dh/p192.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/dh/p512.c
===================================================================
--- trunk/crypto/openssl/crypto/dh/p512.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/dh/p512.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/dh/p512.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/dsa/dsa.h
===================================================================
--- trunk/crypto/openssl/crypto/dsa/dsa.h 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/dsa/dsa.h 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/dsa/dsa.h */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/dsa/dsa_asn1.c
===================================================================
--- trunk/crypto/openssl/crypto/dsa/dsa_asn1.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/dsa/dsa_asn1.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* dsa_asn1.c */
/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
* project 2000.
Modified: trunk/crypto/openssl/crypto/dsa/dsa_depr.c
===================================================================
--- trunk/crypto/openssl/crypto/dsa/dsa_depr.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/dsa/dsa_depr.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/dsa/dsa_depr.c */
/* ====================================================================
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
Modified: trunk/crypto/openssl/crypto/dsa/dsa_err.c
===================================================================
--- trunk/crypto/openssl/crypto/dsa/dsa_err.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/dsa/dsa_err.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/dsa/dsa_err.c */
/* ====================================================================
* Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
Modified: trunk/crypto/openssl/crypto/dsa/dsa_gen.c
===================================================================
--- trunk/crypto/openssl/crypto/dsa/dsa_gen.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/dsa/dsa_gen.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/dsa/dsa_gen.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/dsa/dsa_key.c
===================================================================
--- trunk/crypto/openssl/crypto/dsa/dsa_key.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/dsa/dsa_key.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/dsa/dsa_key.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/dsa/dsa_lib.c
===================================================================
--- trunk/crypto/openssl/crypto/dsa/dsa_lib.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/dsa/dsa_lib.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/dsa/dsa_lib.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/dsa/dsa_ossl.c
===================================================================
--- trunk/crypto/openssl/crypto/dsa/dsa_ossl.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/dsa/dsa_ossl.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/dsa/dsa_ossl.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/dsa/dsa_sign.c
===================================================================
--- trunk/crypto/openssl/crypto/dsa/dsa_sign.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/dsa/dsa_sign.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/dsa/dsa_sign.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/dsa/dsa_utl.c
===================================================================
--- trunk/crypto/openssl/crypto/dsa/dsa_utl.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/dsa/dsa_utl.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/dsa/dsa_lib.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/dsa/dsa_vrf.c
===================================================================
--- trunk/crypto/openssl/crypto/dsa/dsa_vrf.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/dsa/dsa_vrf.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/dsa/dsa_vrf.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/dsa/dsagen.c
===================================================================
--- trunk/crypto/openssl/crypto/dsa/dsagen.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/dsa/dsagen.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/dsa/dsagen.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/dsa/dsatest.c
===================================================================
--- trunk/crypto/openssl/crypto/dsa/dsatest.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/dsa/dsatest.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/dsa/dsatest.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/dso/dso_win32.c
===================================================================
--- trunk/crypto/openssl/crypto/dso/dso_win32.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/dso/dso_win32.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -327,8 +327,8 @@
memset(result, 0, sizeof(struct file_st));
position = IN_DEVICE;
- if(filename[0] == '\\' && filename[1] == '\\'
- || filename[0] == '/' && filename[1] == '/')
+ if((filename[0] == '\\' && filename[1] == '\\')
+ || (filename[0] == '/' && filename[1] == '/'))
{
position = IN_NODE;
filename += 2;
@@ -347,6 +347,7 @@
DSOerr(DSO_F_WIN32_SPLITTER,
DSO_R_INCORRECT_FILE_SYNTAX);
/*goto err;*/
+ OPENSSL_free(result);
return(NULL);
}
result->device = start;
@@ -613,6 +614,8 @@
merged = win32_joiner(dso, filespec1_split);
}
+ OPENSSL_free(filespec1_split);
+ OPENSSL_free(filespec2_split);
return(merged);
}
Modified: trunk/crypto/openssl/crypto/dyn_lck.c
===================================================================
--- trunk/crypto/openssl/crypto/dyn_lck.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/dyn_lck.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/cryptlib.c */
/* ====================================================================
* Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
Modified: trunk/crypto/openssl/crypto/ebcdic.c
===================================================================
--- trunk/crypto/openssl/crypto/ebcdic.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/ebcdic.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/ebcdic.c */
#ifndef CHARSET_EBCDIC
Modified: trunk/crypto/openssl/crypto/ebcdic.h
===================================================================
--- trunk/crypto/openssl/crypto/ebcdic.h 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/ebcdic.h 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/ebcdic.h */
#ifndef HEADER_EBCDIC_H
Modified: trunk/crypto/openssl/crypto/ec/ec.h
===================================================================
--- trunk/crypto/openssl/crypto/ec/ec.h 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/ec/ec.h 2014-10-12 20:48:00 UTC (rev 6872)
@@ -321,7 +321,15 @@
/* functions to set/get method specific data */
void *EC_KEY_get_key_method_data(EC_KEY *,
void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
-void EC_KEY_insert_key_method_data(EC_KEY *, void *data,
+/** Sets the key method data of an EC_KEY object, if none has yet been set.
+ * \param key EC_KEY object
+ * \param data opaque data to install.
+ * \param dup_func a function that duplicates |data|.
+ * \param free_func a function that frees |data|.
+ * \param clear_free_func a function that wipes and frees |data|.
+ * \return the previously set data pointer, or NULL if |data| was inserted.
+ */
+void *EC_KEY_insert_key_method_data(EC_KEY *key, void *data,
void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
/* wrapper functions for the underlying EC_GROUP object */
void EC_KEY_set_asn1_flag(EC_KEY *, int);
Modified: trunk/crypto/openssl/crypto/ec/ec_key.c
===================================================================
--- trunk/crypto/openssl/crypto/ec/ec_key.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/ec/ec_key.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -435,18 +435,27 @@
void *EC_KEY_get_key_method_data(EC_KEY *key,
void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *))
{
- return EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func);
+ void *ret;
+
+ CRYPTO_r_lock(CRYPTO_LOCK_EC);
+ ret = EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func);
+ CRYPTO_r_unlock(CRYPTO_LOCK_EC);
+
+ return ret;
}
-void EC_KEY_insert_key_method_data(EC_KEY *key, void *data,
+void *EC_KEY_insert_key_method_data(EC_KEY *key, void *data,
void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *))
{
EC_EXTRA_DATA *ex_data;
+
CRYPTO_w_lock(CRYPTO_LOCK_EC);
ex_data = EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func);
if (ex_data == NULL)
EC_EX_DATA_set_data(&key->method_data, data, dup_func, free_func, clear_free_func);
CRYPTO_w_unlock(CRYPTO_LOCK_EC);
+
+ return ex_data;
}
void EC_KEY_set_asn1_flag(EC_KEY *key, int flag)
Modified: trunk/crypto/openssl/crypto/ec/ec_lib.c
===================================================================
--- trunk/crypto/openssl/crypto/ec/ec_lib.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/ec/ec_lib.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -480,10 +480,10 @@
if (EC_METHOD_get_field_type(EC_GROUP_method_of(a)) !=
EC_METHOD_get_field_type(EC_GROUP_method_of(b)))
return 1;
- /* compare the curve name (if present) */
+ /* compare the curve name (if present in both) */
if (EC_GROUP_get_curve_name(a) && EC_GROUP_get_curve_name(b) &&
- EC_GROUP_get_curve_name(a) == EC_GROUP_get_curve_name(b))
- return 0;
+ EC_GROUP_get_curve_name(a) != EC_GROUP_get_curve_name(b))
+ return 1;
if (!ctx)
ctx_new = ctx = BN_CTX_new();
@@ -1010,7 +1010,7 @@
int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx)
{
- if (group->meth->dbl == 0)
+ if (group->meth->invert == 0)
{
ECerr(EC_F_EC_POINT_INVERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
@@ -1061,12 +1061,12 @@
if (group->meth->point_cmp == 0)
{
ECerr(EC_F_EC_POINT_CMP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return 0;
+ return -1;
}
if ((group->meth != a->meth) || (a->meth != b->meth))
{
ECerr(EC_F_EC_POINT_CMP, EC_R_INCOMPATIBLE_OBJECTS);
- return 0;
+ return -1;
}
return group->meth->point_cmp(group, a, b, ctx);
}
Modified: trunk/crypto/openssl/crypto/ec/ecp_smpl.c
===================================================================
--- trunk/crypto/openssl/crypto/ec/ecp_smpl.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/ec/ecp_smpl.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1540,9 +1540,8 @@
int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx)
{
BN_CTX *new_ctx = NULL;
- BIGNUM *tmp0, *tmp1;
- size_t pow2 = 0;
- BIGNUM **heap = NULL;
+ BIGNUM *tmp, *tmp_Z;
+ BIGNUM **prod_Z = NULL;
size_t i;
int ret = 0;
@@ -1557,124 +1556,104 @@
}
BN_CTX_start(ctx);
- tmp0 = BN_CTX_get(ctx);
- tmp1 = BN_CTX_get(ctx);
- if (tmp0 == NULL || tmp1 == NULL) goto err;
+ tmp = BN_CTX_get(ctx);
+ tmp_Z = BN_CTX_get(ctx);
+ if (tmp == NULL || tmp_Z == NULL) goto err;
- /* Before converting the individual points, compute inverses of all Z values.
- * Modular inversion is rather slow, but luckily we can do with a single
- * explicit inversion, plus about 3 multiplications per input value.
- */
+ prod_Z = OPENSSL_malloc(num * sizeof prod_Z[0]);
+ if (prod_Z == NULL) goto err;
+ for (i = 0; i < num; i++)
+ {
+ prod_Z[i] = BN_new();
+ if (prod_Z[i] == NULL) goto err;
+ }
- pow2 = 1;
- while (num > pow2)
- pow2 <<= 1;
- /* Now pow2 is the smallest power of 2 satifsying pow2 >= num.
- * We need twice that. */
- pow2 <<= 1;
+ /* Set each prod_Z[i] to the product of points[0]->Z .. points[i]->Z,
+ * skipping any zero-valued inputs (pretend that they're 1). */
- heap = OPENSSL_malloc(pow2 * sizeof heap[0]);
- if (heap == NULL) goto err;
-
- /* The array is used as a binary tree, exactly as in heapsort:
- *
- * heap[1]
- * heap[2] heap[3]
- * heap[4] heap[5] heap[6] heap[7]
- * heap[8]heap[9] heap[10]heap[11] heap[12]heap[13] heap[14] heap[15]
- *
- * We put the Z's in the last line;
- * then we set each other node to the product of its two child-nodes (where
- * empty or 0 entries are treated as ones);
- * then we invert heap[1];
- * then we invert each other node by replacing it by the product of its
- * parent (after inversion) and its sibling (before inversion).
- */
- heap[0] = NULL;
- for (i = pow2/2 - 1; i > 0; i--)
- heap[i] = NULL;
- for (i = 0; i < num; i++)
- heap[pow2/2 + i] = &points[i]->Z;
- for (i = pow2/2 + num; i < pow2; i++)
- heap[i] = NULL;
-
- /* set each node to the product of its children */
- for (i = pow2/2 - 1; i > 0; i--)
+ if (!BN_is_zero(&points[0]->Z))
{
- heap[i] = BN_new();
- if (heap[i] == NULL) goto err;
-
- if (heap[2*i] != NULL)
+ if (!BN_copy(prod_Z[0], &points[0]->Z)) goto err;
+ }
+ else
+ {
+ if (group->meth->field_set_to_one != 0)
{
- if ((heap[2*i + 1] == NULL) || BN_is_zero(heap[2*i + 1]))
- {
- if (!BN_copy(heap[i], heap[2*i])) goto err;
- }
- else
- {
- if (BN_is_zero(heap[2*i]))
- {
- if (!BN_copy(heap[i], heap[2*i + 1])) goto err;
- }
- else
- {
- if (!group->meth->field_mul(group, heap[i],
- heap[2*i], heap[2*i + 1], ctx)) goto err;
- }
- }
+ if (!group->meth->field_set_to_one(group, prod_Z[0], ctx)) goto err;
}
+ else
+ {
+ if (!BN_one(prod_Z[0])) goto err;
+ }
}
- /* invert heap[1] */
- if (!BN_is_zero(heap[1]))
+ for (i = 1; i < num; i++)
{
- if (!BN_mod_inverse(heap[1], heap[1], &group->field, ctx))
+ if (!BN_is_zero(&points[i]->Z))
{
- ECerr(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, ERR_R_BN_LIB);
- goto err;
+ if (!group->meth->field_mul(group, prod_Z[i], prod_Z[i - 1], &points[i]->Z, ctx)) goto err;
}
+ else
+ {
+ if (!BN_copy(prod_Z[i], prod_Z[i - 1])) goto err;
+ }
}
+
+ /* Now use a single explicit inversion to replace every
+ * non-zero points[i]->Z by its inverse. */
+
+ if (!BN_mod_inverse(tmp, prod_Z[num - 1], &group->field, ctx))
+ {
+ ECerr(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, ERR_R_BN_LIB);
+ goto err;
+ }
if (group->meth->field_encode != 0)
{
- /* in the Montgomery case, we just turned R*H (representing H)
+ /* In the Montgomery case, we just turned R*H (representing H)
* into 1/(R*H), but we need R*(1/H) (representing 1/H);
- * i.e. we have need to multiply by the Montgomery factor twice */
- if (!group->meth->field_encode(group, heap[1], heap[1], ctx)) goto err;
- if (!group->meth->field_encode(group, heap[1], heap[1], ctx)) goto err;
+ * i.e. we need to multiply by the Montgomery factor twice. */
+ if (!group->meth->field_encode(group, tmp, tmp, ctx)) goto err;
+ if (!group->meth->field_encode(group, tmp, tmp, ctx)) goto err;
}
- /* set other heap[i]'s to their inverses */
- for (i = 2; i < pow2/2 + num; i += 2)
+ for (i = num - 1; i > 0; --i)
{
- /* i is even */
- if ((heap[i + 1] != NULL) && !BN_is_zero(heap[i + 1]))
+ /* Loop invariant: tmp is the product of the inverses of
+ * points[0]->Z .. points[i]->Z (zero-valued inputs skipped). */
+ if (!BN_is_zero(&points[i]->Z))
{
- if (!group->meth->field_mul(group, tmp0, heap[i/2], heap[i + 1], ctx)) goto err;
- if (!group->meth->field_mul(group, tmp1, heap[i/2], heap[i], ctx)) goto err;
- if (!BN_copy(heap[i], tmp0)) goto err;
- if (!BN_copy(heap[i + 1], tmp1)) goto err;
+ /* Set tmp_Z to the inverse of points[i]->Z (as product
+ * of Z inverses 0 .. i, Z values 0 .. i - 1). */
+ if (!group->meth->field_mul(group, tmp_Z, prod_Z[i - 1], tmp, ctx)) goto err;
+ /* Update tmp to satisfy the loop invariant for i - 1. */
+ if (!group->meth->field_mul(group, tmp, tmp, &points[i]->Z, ctx)) goto err;
+ /* Replace points[i]->Z by its inverse. */
+ if (!BN_copy(&points[i]->Z, tmp_Z)) goto err;
}
- else
- {
- if (!BN_copy(heap[i], heap[i/2])) goto err;
- }
}
- /* we have replaced all non-zero Z's by their inverses, now fix up all the points */
+ if (!BN_is_zero(&points[0]->Z))
+ {
+ /* Replace points[0]->Z by its inverse. */
+ if (!BN_copy(&points[0]->Z, tmp)) goto err;
+ }
+
+ /* Finally, fix up the X and Y coordinates for all points. */
+
for (i = 0; i < num; i++)
{
EC_POINT *p = points[i];
-
+
if (!BN_is_zero(&p->Z))
{
/* turn (X, Y, 1/Z) into (X/Z^2, Y/Z^3, 1) */
- if (!group->meth->field_sqr(group, tmp1, &p->Z, ctx)) goto err;
- if (!group->meth->field_mul(group, &p->X, &p->X, tmp1, ctx)) goto err;
+ if (!group->meth->field_sqr(group, tmp, &p->Z, ctx)) goto err;
+ if (!group->meth->field_mul(group, &p->X, &p->X, tmp, ctx)) goto err;
- if (!group->meth->field_mul(group, tmp1, tmp1, &p->Z, ctx)) goto err;
- if (!group->meth->field_mul(group, &p->Y, &p->Y, tmp1, ctx)) goto err;
-
+ if (!group->meth->field_mul(group, tmp, tmp, &p->Z, ctx)) goto err;
+ if (!group->meth->field_mul(group, &p->Y, &p->Y, tmp, ctx)) goto err;
+
if (group->meth->field_set_to_one != 0)
{
if (!group->meth->field_set_to_one(group, &p->Z, ctx)) goto err;
@@ -1688,20 +1667,19 @@
}
ret = 1;
-
+
err:
BN_CTX_end(ctx);
if (new_ctx != NULL)
BN_CTX_free(new_ctx);
- if (heap != NULL)
+ if (prod_Z != NULL)
{
- /* heap[pow2/2] .. heap[pow2-1] have not been allocated locally! */
- for (i = pow2/2 - 1; i > 0; i--)
+ for (i = 0; i < num; i++)
{
- if (heap[i] != NULL)
- BN_clear_free(heap[i]);
+ if (prod_Z[i] != NULL)
+ BN_clear_free(prod_Z[i]);
}
- OPENSSL_free(heap);
+ OPENSSL_free(prod_Z);
}
return ret;
}
Modified: trunk/crypto/openssl/crypto/ecdh/ech_lib.c
===================================================================
--- trunk/crypto/openssl/crypto/ecdh/ech_lib.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/ecdh/ech_lib.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -205,8 +205,15 @@
ecdh_data = (ECDH_DATA *)ecdh_data_new();
if (ecdh_data == NULL)
return NULL;
- EC_KEY_insert_key_method_data(key, (void *)ecdh_data,
- ecdh_data_dup, ecdh_data_free, ecdh_data_free);
+ data = EC_KEY_insert_key_method_data(key, (void *)ecdh_data,
+ ecdh_data_dup, ecdh_data_free, ecdh_data_free);
+ if (data != NULL)
+ {
+ /* Another thread raced us to install the key_method
+ * data and won. */
+ ecdh_data_free(ecdh_data);
+ ecdh_data = (ECDH_DATA *)data;
+ }
}
else
ecdh_data = (ECDH_DATA *)data;
Modified: trunk/crypto/openssl/crypto/ecdsa/ecs_lib.c
===================================================================
--- trunk/crypto/openssl/crypto/ecdsa/ecs_lib.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/ecdsa/ecs_lib.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -188,8 +188,15 @@
ecdsa_data = (ECDSA_DATA *)ecdsa_data_new();
if (ecdsa_data == NULL)
return NULL;
- EC_KEY_insert_key_method_data(key, (void *)ecdsa_data,
- ecdsa_data_dup, ecdsa_data_free, ecdsa_data_free);
+ data = EC_KEY_insert_key_method_data(key, (void *)ecdsa_data,
+ ecdsa_data_dup, ecdsa_data_free, ecdsa_data_free);
+ if (data != NULL)
+ {
+ /* Another thread raced us to install the key_method
+ * data and won. */
+ ecdsa_data_free(ecdsa_data);
+ ecdsa_data = (ECDSA_DATA *)data;
+ }
}
else
ecdsa_data = (ECDSA_DATA *)data;
Modified: trunk/crypto/openssl/crypto/engine/eng_all.c
===================================================================
--- trunk/crypto/openssl/crypto/engine/eng_all.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/engine/eng_all.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -102,15 +102,15 @@
#if !defined(OPENSSL_NO_GMP) && !defined(OPENSSL_NO_HW_GMP)
ENGINE_load_gmp();
#endif
+#if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
+ ENGINE_load_capi();
#endif
+#endif
#ifndef OPENSSL_NO_HW
#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
ENGINE_load_cryptodev();
#endif
-#if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
- ENGINE_load_capi();
#endif
-#endif
}
#if defined(__OpenBSD__) || defined(__FreeBSD__)
Modified: trunk/crypto/openssl/crypto/engine/engine.h
===================================================================
--- trunk/crypto/openssl/crypto/engine/engine.h 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/engine/engine.h 2014-10-12 20:48:00 UTC (rev 6872)
@@ -335,15 +335,15 @@
void ENGINE_load_nuron(void);
void ENGINE_load_sureware(void);
void ENGINE_load_ubsec(void);
-#endif
-void ENGINE_load_cryptodev(void);
-void ENGINE_load_padlock(void);
-void ENGINE_load_builtin_engines(void);
#ifdef OPENSSL_SYS_WIN32
#ifndef OPENSSL_NO_CAPIENG
void ENGINE_load_capi(void);
#endif
#endif
+#endif
+void ENGINE_load_cryptodev(void);
+void ENGINE_load_padlock(void);
+void ENGINE_load_builtin_engines(void);
/* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation
* "registry" handling. */
Modified: trunk/crypto/openssl/crypto/err/err_all.c
===================================================================
--- trunk/crypto/openssl/crypto/err/err_all.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/err/err_all.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -104,7 +104,9 @@
#ifndef OPENSSL_NO_JPAKE
#include <openssl/jpake.h>
#endif
+#ifndef OPENSSL_NO_COMP
#include <openssl/comp.h>
+#endif
void ERR_load_crypto_strings(void)
{
Modified: trunk/crypto/openssl/crypto/err/openssl.ec
===================================================================
--- trunk/crypto/openssl/crypto/err/openssl.ec 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/err/openssl.ec 2014-10-12 20:48:00 UTC (rev 6872)
@@ -71,6 +71,11 @@
R SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080
R SSL_R_TLSV1_ALERT_USER_CANCELLED 1090
R SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100
+R SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110
+R SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111
+R SSL_R_TLSV1_UNRECOGNIZED_NAME 1112
+R SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113
+R SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114
R RSAREF_R_CONTENT_ENCODING 0x0400
R RSAREF_R_DATA 0x0401
Modified: trunk/crypto/openssl/crypto/evp/bio_b64.c
===================================================================
--- trunk/crypto/openssl/crypto/evp/bio_b64.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/evp/bio_b64.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -226,6 +226,7 @@
else if (ctx->start)
{
q=p=(unsigned char *)ctx->tmp;
+ num = 0;
for (j=0; j<i; j++)
{
if (*(q++) != '\n') continue;
@@ -264,7 +265,7 @@
}
/* we fell off the end without starting */
- if (j == i)
+ if ((j == i) && (num == 0))
{
/* Is this is one long chunk?, if so, keep on
* reading until a new line. */
Modified: trunk/crypto/openssl/crypto/evp/encode.c
===================================================================
--- trunk/crypto/openssl/crypto/evp/encode.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/evp/encode.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -324,6 +324,7 @@
v=EVP_DecodeBlock(out,d,n);
n=0;
if (v < 0) { rv=0; goto end; }
+ if (eof > v) { rv=-1; goto end; }
ret+=(v-eof);
}
else
Modified: trunk/crypto/openssl/crypto/ex_data.c
===================================================================
--- trunk/crypto/openssl/crypto/ex_data.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/ex_data.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/ex_data.c */
/*
Modified: trunk/crypto/openssl/crypto/fips_err.c
===================================================================
--- trunk/crypto/openssl/crypto/fips_err.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/fips_err.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
#include <openssl/opensslconf.h>
#ifdef OPENSSL_FIPS
Modified: trunk/crypto/openssl/crypto/fips_err.h
===================================================================
--- trunk/crypto/openssl/crypto/fips_err.h 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/fips_err.h 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/fips_err.h */
/* ====================================================================
* Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
Modified: trunk/crypto/openssl/crypto/idea/ideatest.c
===================================================================
--- trunk/crypto/openssl/crypto/idea/ideatest.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/idea/ideatest.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -199,10 +199,10 @@
}
memcpy(cfb_tmp,cfb_iv,8);
n=0;
- idea_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,&eks,
+ idea_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)13,&eks,
cfb_tmp,&n,IDEA_DECRYPT);
- idea_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]),
- (long)CFB_TEST_SIZE-17,&dks,
+ idea_cfb64_encrypt(&(cfb_buf1[13]),&(cfb_buf2[13]),
+ (long)CFB_TEST_SIZE-13,&eks,
cfb_tmp,&n,IDEA_DECRYPT);
if (memcmp(plain,cfb_buf2,CFB_TEST_SIZE) != 0)
{
Modified: trunk/crypto/openssl/crypto/install.com
===================================================================
--- trunk/crypto/openssl/crypto/install.com 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/install.com 2014-10-12 20:48:00 UTC (rev 6872)
@@ -3,15 +3,26 @@
$! Author: Richard Levitte <richard at levitte.org>
$! Time of creation: 22-MAY-1998 10:13
$!
+$! Changes by Zoltan Arpadffy <zoli at polarhome.com>
+$!
$! P1 root of the directory tree
$!
$ IF P1 .EQS. ""
$ THEN
$ WRITE SYS$OUTPUT "First argument missing."
-$ WRITE SYS$OUTPUT "Should be the directory where you want things installed."
+$ WRITE SYS$OUTPUT -
+ "It should be the directory where you want things installed."
$ EXIT
$ ENDIF
$
+$ IF (F$GETSYI("CPU").LT.128)
+$ THEN
+$ ARCH := VAX
+$ ELSE
+$ ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE")
+$ IF (ARCH .EQS. "") THEN ARCH = "UNK"
+$ ENDIF
+$
$ ROOT = F$PARSE(P1,"[]A.;0",,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0"
$ ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY")
$ ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") -
@@ -19,16 +30,13 @@
$ ROOT = ROOT_DEV + "[" + ROOT_DIR
$
$ DEFINE/NOLOG WRK_SSLROOT 'ROOT'.] /TRANS=CONC
-$ DEFINE/NOLOG WRK_SSLVLIB WRK_SSLROOT:[VAX_LIB]
-$ DEFINE/NOLOG WRK_SSLALIB WRK_SSLROOT:[ALPHA_LIB]
+$ DEFINE/NOLOG WRK_SSLLIB WRK_SSLROOT:['ARCH'_LIB]
$ DEFINE/NOLOG WRK_SSLINCLUDE WRK_SSLROOT:[INCLUDE]
$
$ IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN -
CREATE/DIR/LOG WRK_SSLROOT:[000000]
-$ IF F$PARSE("WRK_SSLVLIB:") .EQS. "" THEN -
- CREATE/DIR/LOG WRK_SSLVLIB:
-$ IF F$PARSE("WRK_SSLALIB:") .EQS. "" THEN -
- CREATE/DIR/LOG WRK_SSLALIB:
+$ IF F$PARSE("WRK_SSLLIB:") .EQS. "" THEN -
+ CREATE/DIR/LOG WRK_SSLLIB:
$ IF F$PARSE("WRK_SSLINCLUDE:") .EQS. "" THEN -
CREATE/DIR/LOG WRK_SSLINCLUDE:
$
@@ -35,12 +43,12 @@
$ SDIRS := ,-
OBJECTS,-
MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,-
- DES,RC2,RC4,RC5,IDEA,BF,CAST,CAMELLIA,-
- BN,EC,RSA,DSA,ECDSA,DH,ECDH,DSO,ENGINE,AES,-
+ DES,AES,RC2,RC4,RC5,IDEA,BF,CAST,CAMELLIA,SEED,-
+ BN,EC,RSA,DSA,ECDSA,DH,ECDH,DSO,ENGINE,-
BUFFER,BIO,STACK,LHASH,RAND,ERR,-
EVP,ASN1,PEM,X509,X509V3,CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,-
UI,KRB5,-
- STORE,PQUEUE
+ STORE,PQUEUE,JPAKE
$ EXHEADER_ := crypto.h,tmdiff.h,opensslv.h,opensslconf.h,ebcdic.h,-
symhacks.h,ossl_typ.h
$ EXHEADER_OBJECTS := objects.h,obj_mac.h
@@ -52,6 +60,7 @@
$ EXHEADER_HMAC := hmac.h
$ EXHEADER_RIPEMD := ripemd.h
$ EXHEADER_DES := des.h,des_old.h
+$ EXHEADER_AES := aes.h
$ EXHEADER_RC2 := rc2.h
$ EXHEADER_RC4 := rc4.h
$ EXHEADER_RC5 := rc5.h
@@ -59,6 +68,7 @@
$ EXHEADER_BF := blowfish.h
$ EXHEADER_CAST := cast.h
$ EXHEADER_CAMELLIA := camellia.h
+$ EXHEADER_SEED := seed.h
$ EXHEADER_BN := bn.h
$ EXHEADER_EC := ec.h
$ EXHEADER_RSA := rsa.h
@@ -68,7 +78,6 @@
$ EXHEADER_ECDH := ecdh.h
$ EXHEADER_DSO := dso.h
$ EXHEADER_ENGINE := engine.h
-$ EXHEADER_AES := aes.h
$ EXHEADER_BUFFER := buffer.h
$ EXHEADER_BIO := bio.h
$ EXHEADER_STACK := stack.h,safestack.h
@@ -91,10 +100,10 @@
$! EXHEADER_STORE := store.h,str_compat.h
$ EXHEADER_STORE := store.h
$ EXHEADER_PQUEUE := pqueue.h,pq_compat.h
+$ EXHEADER_JPAKE := jpake.h
$ LIBS := LIBCRYPTO
$
-$ VEXE_DIR := [-.VAX.EXE.CRYPTO]
-$ AEXE_DIR := [-.AXP.EXE.CRYPTO]
+$ EXE_DIR := [-.'ARCH'.EXE.CRYPTO]
$
$ I = 0
$ LOOP_SDIRS:
@@ -118,28 +127,17 @@
$ I = I + 1
$ IF E .EQS. "," THEN GOTO LOOP_LIB_END
$ SET NOON
-$ IF F$SEARCH(VEXE_DIR+E+".OLB") .NES. ""
+$ IF F$SEARCH(EXE_DIR+E+".OLB") .NES. ""
$ THEN
-$ COPY 'VEXE_DIR''E'.OLB WRK_SSLVLIB:'E'.OLB/log
-$ SET FILE/PROT=W:RE WRK_SSLVLIB:'E'.OLB
+$ COPY 'EXE_DIR''E'.OLB WRK_SSLLIB:'E'.OLB/log
+$ SET FILE/PROT=W:RE WRK_SSLLIB:'E'.OLB
$ ENDIF
$ ! Preparing for the time when we have shareable images
-$ IF F$SEARCH(VEXE_DIR+E+".EXE") .NES. ""
+$ IF F$SEARCH(EXE_DIR+E+".EXE") .NES. ""
$ THEN
-$ COPY 'VEXE_DIR''E'.EXE WRK_SSLVLIB:'E'.EXE/log
-$ SET FILE/PROT=W:RE WRK_SSLVLIB:'E'.EXE
+$ COPY 'EXE_DIR''E'.EXE WRK_SSLLIB:'E'.EXE/log
+$ SET FILE/PROT=W:RE WRK_SSLLIB:'E'.EXE
$ ENDIF
-$ IF F$SEARCH(AEXE_DIR+E+".OLB") .NES. ""
-$ THEN
-$ COPY 'AEXE_DIR''E'.OLB WRK_SSLALIB:'E'.OLB/log
-$ SET FILE/PROT=W:RE WRK_SSLALIB:'E'.OLB
-$ ENDIF
-$ ! Preparing for the time when we have shareable images
-$ IF F$SEARCH(AEXE_DIR+E+".EXE") .NES. ""
-$ THEN
-$ COPY 'AEXE_DIR''E'.EXE WRK_SSLALIB:'E'.EXE/log
-$ SET FILE/PROT=W:RE WRK_SSLALIB:'E'.EXE
-$ ENDIF
$ SET ON
$ GOTO LOOP_LIB
$ LOOP_LIB_END:
Modified: trunk/crypto/openssl/crypto/md32_common.h
===================================================================
--- trunk/crypto/openssl/crypto/md32_common.h 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/md32_common.h 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/md32_common.h */
/* ====================================================================
* Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
@@ -166,7 +165,7 @@
asm ( \
"roll %1,%0" \
: "=r"(ret) \
- : "I"(n), "0"((unsigned int)(a)) \
+ : "I"(n), "0"(a) \
: "cc"); \
ret; \
})
@@ -384,7 +383,6 @@
}
#ifndef MD32_REG_T
-#if defined(__alpha) || defined(__sparcv9) || defined(__mips)
#define MD32_REG_T long
/*
* This comment was originaly written for MD5, which is why it
@@ -402,15 +400,9 @@
* Well, to be honest it should say that this *prevents*
* performance degradation.
* <appro at fy.chalmers.se>
- */
-#else
-/*
- * Above is not absolute and there are LP64 compilers that
- * generate better code if MD32_REG_T is defined int. The above
- * pre-processor condition reflects the circumstances under which
- * the conclusion was made and is subject to further extension.
+ * Apparently there're LP64 compilers that generate better
+ * code if A-D are declared int. Most notably GCC-x86_64
+ * generates better code.
* <appro at fy.chalmers.se>
*/
-#define MD32_REG_T int
#endif
-#endif
Index: trunk/crypto/openssl/crypto/md5/asm/md5-x86_64.pl
===================================================================
--- trunk/crypto/openssl/crypto/md5/asm/md5-x86_64.pl 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/md5/asm/md5-x86_64.pl 2014-10-12 20:48:00 UTC (rev 6872)
Property changes on: trunk/crypto/openssl/crypto/md5/asm/md5-x86_64.pl
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Modified: trunk/crypto/openssl/crypto/mem.c
===================================================================
--- trunk/crypto/openssl/crypto/mem.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/mem.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/mem.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/mem_clr.c
===================================================================
--- trunk/crypto/openssl/crypto/mem_clr.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/mem_clr.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/mem_clr.c -*- mode:C; c-file-style: "eay" -*- */
/* Written by Geoff Thorpe (geoff at geoffthorpe.net) for the OpenSSL
* project 2002.
Modified: trunk/crypto/openssl/crypto/mem_dbg.c
===================================================================
--- trunk/crypto/openssl/crypto/mem_dbg.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/mem_dbg.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/mem_dbg.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/o_dir.c
===================================================================
--- trunk/crypto/openssl/crypto/o_dir.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/o_dir.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/o_dir.c -*- mode:C; c-file-style: "eay" -*- */
/* Written by Richard Levitte (richard at levitte.org) for the OpenSSL
* project 2004.
Modified: trunk/crypto/openssl/crypto/o_dir.h
===================================================================
--- trunk/crypto/openssl/crypto/o_dir.h 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/o_dir.h 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/o_dir.h -*- mode:C; c-file-style: "eay" -*- */
/* Copied from Richard Levitte's (richard at levitte.org) LP library. All
* symbol names have been changed, with permission from the author.
Modified: trunk/crypto/openssl/crypto/o_dir_test.c
===================================================================
--- trunk/crypto/openssl/crypto/o_dir_test.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/o_dir_test.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/o_dir.h -*- mode:C; c-file-style: "eay" -*- */
/* Copied from Richard Levitte's (richard at levitte.org) LP library. All
* symbol names have been changed, with permission from the author.
Modified: trunk/crypto/openssl/crypto/o_init.c
===================================================================
--- trunk/crypto/openssl/crypto/o_init.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/o_init.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* o_init.c */
/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
* project.
Modified: trunk/crypto/openssl/crypto/o_str.c
===================================================================
--- trunk/crypto/openssl/crypto/o_str.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/o_str.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/o_str.c -*- mode:C; c-file-style: "eay" -*- */
/* Written by Richard Levitte (richard at levitte.org) for the OpenSSL
* project 2003.
Modified: trunk/crypto/openssl/crypto/o_str.h
===================================================================
--- trunk/crypto/openssl/crypto/o_str.h 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/o_str.h 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/o_str.h -*- mode:C; c-file-style: "eay" -*- */
/* Written by Richard Levitte (richard at levitte.org) for the OpenSSL
* project 2003.
Modified: trunk/crypto/openssl/crypto/o_time.c
===================================================================
--- trunk/crypto/openssl/crypto/o_time.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/o_time.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/o_time.c -*- mode:C; c-file-style: "eay" -*- */
/* Written by Richard Levitte (richard at levitte.org) for the OpenSSL
* project 2001.
Modified: trunk/crypto/openssl/crypto/o_time.h
===================================================================
--- trunk/crypto/openssl/crypto/o_time.h 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/o_time.h 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/o_time.h -*- mode:C; c-file-style: "eay" -*- */
/* Written by Richard Levitte (richard at levitte.org) for the OpenSSL
* project 2001.
Modified: trunk/crypto/openssl/crypto/ocsp/ocsp.h
===================================================================
--- trunk/crypto/openssl/crypto/ocsp/ocsp.h 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/ocsp/ocsp.h 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* ocsp.h */
/* Written by Tom Titchener <Tom_Titchener at groove.net> for the OpenSSL
* project. */
Modified: trunk/crypto/openssl/crypto/ocsp/ocsp_asn.c
===================================================================
--- trunk/crypto/openssl/crypto/ocsp/ocsp_asn.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/ocsp/ocsp_asn.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* ocsp_asn.c */
/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
* project 2000.
Modified: trunk/crypto/openssl/crypto/ocsp/ocsp_cl.c
===================================================================
--- trunk/crypto/openssl/crypto/ocsp/ocsp_cl.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/ocsp/ocsp_cl.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* ocsp_cl.c */
/* Written by Tom Titchener <Tom_Titchener at groove.net> for the OpenSSL
* project. */
Property changes on: trunk/crypto/openssl/crypto/ocsp/ocsp_cl.c
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Modified: trunk/crypto/openssl/crypto/ocsp/ocsp_err.c
===================================================================
--- trunk/crypto/openssl/crypto/ocsp/ocsp_err.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/ocsp/ocsp_err.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/ocsp/ocsp_err.c */
/* ====================================================================
* Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
Modified: trunk/crypto/openssl/crypto/ocsp/ocsp_ext.c
===================================================================
--- trunk/crypto/openssl/crypto/ocsp/ocsp_ext.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/ocsp/ocsp_ext.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* ocsp_ext.c */
/* Written by Tom Titchener <Tom_Titchener at groove.net> for the OpenSSL
* project. */
Property changes on: trunk/crypto/openssl/crypto/ocsp/ocsp_ext.c
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Modified: trunk/crypto/openssl/crypto/ocsp/ocsp_ht.c
===================================================================
--- trunk/crypto/openssl/crypto/ocsp/ocsp_ht.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/ocsp/ocsp_ht.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* ocsp_ht.c */
/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
* project 2006.
@@ -465,6 +464,9 @@
ctx = OCSP_sendreq_new(b, path, req, -1);
+ if (!ctx)
+ return NULL;
+
do
{
rv = OCSP_sendreq_nbio(&resp, ctx);
Modified: trunk/crypto/openssl/crypto/ocsp/ocsp_lib.c
===================================================================
--- trunk/crypto/openssl/crypto/ocsp/ocsp_lib.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/ocsp/ocsp_lib.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* ocsp_lib.c */
/* Written by Tom Titchener <Tom_Titchener at groove.net> for the OpenSSL
* project. */
@@ -221,8 +220,19 @@
if (!*ppath) goto mem_err;
+ p = host;
+ if(host[0] == '[')
+ {
+ /* ipv6 literal */
+ host++;
+ p = strchr(host, ']');
+ if(!p) goto parse_err;
+ *p = '\0';
+ p++;
+ }
+
/* Look for optional ':' for port number */
- if ((p = strchr(host, ':')))
+ if ((p = strchr(p, ':')))
{
*p = 0;
port = p + 1;
Property changes on: trunk/crypto/openssl/crypto/ocsp/ocsp_lib.c
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Modified: trunk/crypto/openssl/crypto/ocsp/ocsp_prn.c
===================================================================
--- trunk/crypto/openssl/crypto/ocsp/ocsp_prn.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/ocsp/ocsp_prn.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* ocsp_prn.c */
/* Written by Tom Titchener <Tom_Titchener at groove.net> for the OpenSSL
* project. */
Modified: trunk/crypto/openssl/crypto/ocsp/ocsp_srv.c
===================================================================
--- trunk/crypto/openssl/crypto/ocsp/ocsp_srv.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/ocsp/ocsp_srv.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* ocsp_srv.c */
/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
* project 2001.
Property changes on: trunk/crypto/openssl/crypto/ocsp/ocsp_srv.c
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Modified: trunk/crypto/openssl/crypto/ocsp/ocsp_vfy.c
===================================================================
--- trunk/crypto/openssl/crypto/ocsp/ocsp_vfy.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/ocsp/ocsp_vfy.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* ocsp_vfy.c */
/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
* project 2000.
Modified: trunk/crypto/openssl/crypto/opensslconf.h
===================================================================
--- trunk/crypto/openssl/crypto/opensslconf.h 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/opensslconf.h 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* opensslconf.h */
/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
Modified: trunk/crypto/openssl/crypto/opensslv.h
===================================================================
--- trunk/crypto/openssl/crypto/opensslv.h 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/opensslv.h 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
#ifndef HEADER_OPENSSLV_H
#define HEADER_OPENSSLV_H
@@ -26,11 +25,11 @@
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-#define OPENSSL_VERSION_NUMBER 0x0090819fL
+#define OPENSSL_VERSION_NUMBER 0x009081bfL
#ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8y-fips 5 Feb 2013"
+#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8zb-fips 6 Aug 2014"
#else
-#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8y 5 Feb 2013"
+#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8zb 6 Aug 2014"
#endif
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
Modified: trunk/crypto/openssl/crypto/ossl_typ.h
===================================================================
--- trunk/crypto/openssl/crypto/ossl_typ.h 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/ossl_typ.h 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* ====================================================================
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
*
Modified: trunk/crypto/openssl/crypto/pem/pem.h
===================================================================
--- trunk/crypto/openssl/crypto/pem/pem.h 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/pem/pem.h 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/pem/pem.h */
/* Copyright (C) 1995-1997 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/pem/pem2.h
===================================================================
--- trunk/crypto/openssl/crypto/pem/pem2.h 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/pem/pem2.h 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
Modified: trunk/crypto/openssl/crypto/pem/pem_all.c
===================================================================
--- trunk/crypto/openssl/crypto/pem/pem_all.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/pem/pem_all.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/pem/pem_all.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/pem/pem_err.c
===================================================================
--- trunk/crypto/openssl/crypto/pem/pem_err.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/pem/pem_err.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/pem/pem_err.c */
/* ====================================================================
* Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
Modified: trunk/crypto/openssl/crypto/pem/pem_info.c
===================================================================
--- trunk/crypto/openssl/crypto/pem/pem_info.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/pem/pem_info.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/pem/pem_info.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/pem/pem_lib.c
===================================================================
--- trunk/crypto/openssl/crypto/pem/pem_lib.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/pem/pem_lib.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/pem/pem_lib.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/pem/pem_oth.c
===================================================================
--- trunk/crypto/openssl/crypto/pem/pem_oth.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/pem/pem_oth.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/pem/pem_oth.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/pem/pem_pk8.c
===================================================================
--- trunk/crypto/openssl/crypto/pem/pem_pk8.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/pem/pem_pk8.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/pem/pem_pkey.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/pem/pem_pkey.c
===================================================================
--- trunk/crypto/openssl/crypto/pem/pem_pkey.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/pem/pem_pkey.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/pem/pem_pkey.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/pem/pem_seal.c
===================================================================
--- trunk/crypto/openssl/crypto/pem/pem_seal.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/pem/pem_seal.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/pem/pem_seal.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/pem/pem_sign.c
===================================================================
--- trunk/crypto/openssl/crypto/pem/pem_sign.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/pem/pem_sign.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/pem/pem_sign.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/pem/pem_x509.c
===================================================================
--- trunk/crypto/openssl/crypto/pem/pem_x509.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/pem/pem_x509.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* pem_x509.c */
/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
* project 2001.
Modified: trunk/crypto/openssl/crypto/pem/pem_xaux.c
===================================================================
--- trunk/crypto/openssl/crypto/pem/pem_xaux.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/pem/pem_xaux.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* pem_xaux.c */
/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
* project 2001.
Index: trunk/crypto/openssl/crypto/perlasm/x86_64-xlate.pl
===================================================================
--- trunk/crypto/openssl/crypto/perlasm/x86_64-xlate.pl 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/perlasm/x86_64-xlate.pl 2014-10-12 20:48:00 UTC (rev 6872)
Property changes on: trunk/crypto/openssl/crypto/perlasm/x86_64-xlate.pl
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Modified: trunk/crypto/openssl/crypto/pkcs12/p12_crt.c
===================================================================
--- trunk/crypto/openssl/crypto/pkcs12/p12_crt.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/pkcs12/p12_crt.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -100,7 +100,11 @@
nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
else
#endif
+#ifdef OPENSSL_NO_RC2
+ nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+#else
nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
+#endif
}
if (!nid_key)
nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
@@ -290,7 +294,11 @@
free_safes = 0;
if (nid_safe == 0)
+#ifdef OPENSSL_NO_RC2
+ nid_safe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+#else
nid_safe = NID_pbe_WithSHA1And40BitRC2_CBC;
+#endif
if (nid_safe == -1)
p7 = PKCS12_pack_p7data(bags);
Modified: trunk/crypto/openssl/crypto/pkcs12/p12_kiss.c
===================================================================
--- trunk/crypto/openssl/crypto/pkcs12/p12_kiss.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/pkcs12/p12_kiss.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -261,7 +261,7 @@
int len, r;
unsigned char *data;
len = ASN1_STRING_to_UTF8(&data, fname);
- if(len > 0) {
+ if(len >= 0) {
r = X509_alias_set1(x509, data, len);
OPENSSL_free(data);
if (!r)
Modified: trunk/crypto/openssl/crypto/pkcs7/Makefile
===================================================================
--- trunk/crypto/openssl/crypto/pkcs7/Makefile 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/pkcs7/Makefile 2014-10-12 20:48:00 UTC (rev 6872)
@@ -39,20 +39,6 @@
all: lib
-testapps: enc dec sign verify
-
-enc: enc.o lib
- $(CC) $(CFLAGS) -o enc enc.o $(PEX_LIBS) $(LIB) $(EX_LIBS)
-
-dec: dec.o lib
- $(CC) $(CFLAGS) -o dec dec.o $(PEX_LIBS) $(LIB) $(EX_LIBS)
-
-sign: sign.o lib
- $(CC) $(CFLAGS) -o sign sign.o $(PEX_LIBS) $(LIB) $(EX_LIBS)
-
-verify: verify.o example.o lib
- $(CC) $(CFLAGS) -o verify verify.o $(PEX_LIBS) example.o $(LIB) $(EX_LIBS)
-
lib: $(LIBOBJ)
$(ARX) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB) || echo Never mind.
Index: trunk/crypto/openssl/crypto/rand/rand_lcl.h
===================================================================
--- trunk/crypto/openssl/crypto/rand/rand_lcl.h 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/rand/rand_lcl.h 2014-10-12 20:48:00 UTC (rev 6872)
Property changes on: trunk/crypto/openssl/crypto/rand/rand_lcl.h
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: trunk/crypto/openssl/crypto/rc4/asm/rc4-x86_64.pl
===================================================================
--- trunk/crypto/openssl/crypto/rc4/asm/rc4-x86_64.pl 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/rc4/asm/rc4-x86_64.pl 2014-10-12 20:48:00 UTC (rev 6872)
Property changes on: trunk/crypto/openssl/crypto/rc4/asm/rc4-x86_64.pl
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Modified: trunk/crypto/openssl/crypto/rc5/rc5_locl.h
===================================================================
--- trunk/crypto/openssl/crypto/rc5/rc5_locl.h 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/rc5/rc5_locl.h 2014-10-12 20:48:00 UTC (rev 6872)
@@ -154,7 +154,7 @@
# define ROTATE_l32(a,n) ({ register unsigned int ret; \
asm ("roll %%cl,%0" \
: "=r"(ret) \
- : "c"(n),"0"((unsigned int)(a)) \
+ : "c"(n),"0"(a) \
: "cc"); \
ret; \
})
@@ -161,7 +161,7 @@
# define ROTATE_r32(a,n) ({ register unsigned int ret; \
asm ("rorl %%cl,%0" \
: "=r"(ret) \
- : "c"(n),"0"((unsigned int)(a)) \
+ : "c"(n),"0"(a) \
: "cc"); \
ret; \
})
Modified: trunk/crypto/openssl/crypto/rsa/rsa.h
===================================================================
--- trunk/crypto/openssl/crypto/rsa/rsa.h 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/rsa/rsa.h 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/rsa/rsa.h */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/rsa/rsa_asn1.c
===================================================================
--- trunk/crypto/openssl/crypto/rsa/rsa_asn1.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/rsa/rsa_asn1.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* rsa_asn1.c */
/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
* project 2000.
Modified: trunk/crypto/openssl/crypto/rsa/rsa_chk.c
===================================================================
--- trunk/crypto/openssl/crypto/rsa/rsa_chk.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/rsa/rsa_chk.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/rsa/rsa_chk.c -*- Mode: C; c-file-style: "eay" -*- */
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
Modified: trunk/crypto/openssl/crypto/rsa/rsa_depr.c
===================================================================
--- trunk/crypto/openssl/crypto/rsa/rsa_depr.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/rsa/rsa_depr.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/rsa/rsa_depr.c */
/* ====================================================================
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
Modified: trunk/crypto/openssl/crypto/rsa/rsa_eay.c
===================================================================
--- trunk/crypto/openssl/crypto/rsa/rsa_eay.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/rsa/rsa_eay.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/rsa/rsa_eay.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
@@ -458,7 +457,7 @@
if (padding == RSA_X931_PADDING)
{
BN_sub(f, rsa->n, ret);
- if (BN_cmp(ret, f))
+ if (BN_cmp(ret, f) > 0)
res = f;
else
res = ret;
Modified: trunk/crypto/openssl/crypto/rsa/rsa_eng.c
===================================================================
--- trunk/crypto/openssl/crypto/rsa/rsa_eng.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/rsa/rsa_eng.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/rsa/rsa_lib.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/rsa/rsa_err.c
===================================================================
--- trunk/crypto/openssl/crypto/rsa/rsa_err.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/rsa/rsa_err.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/rsa/rsa_err.c */
/* ====================================================================
* Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
Modified: trunk/crypto/openssl/crypto/rsa/rsa_gen.c
===================================================================
--- trunk/crypto/openssl/crypto/rsa/rsa_gen.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/rsa/rsa_gen.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/rsa/rsa_gen.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/rsa/rsa_lib.c
===================================================================
--- trunk/crypto/openssl/crypto/rsa/rsa_lib.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/rsa/rsa_lib.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/rsa/rsa_lib.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/rsa/rsa_none.c
===================================================================
--- trunk/crypto/openssl/crypto/rsa/rsa_none.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/rsa/rsa_none.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/rsa/rsa_none.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/rsa/rsa_null.c
===================================================================
--- trunk/crypto/openssl/crypto/rsa/rsa_null.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/rsa/rsa_null.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* rsa_null.c */
/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
* project 1999.
Modified: trunk/crypto/openssl/crypto/rsa/rsa_oaep.c
===================================================================
--- trunk/crypto/openssl/crypto/rsa/rsa_oaep.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/rsa/rsa_oaep.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/rsa/rsa_oaep.c */
/* Written by Ulf Moeller. This software is distributed on an "AS IS"
basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. */
Modified: trunk/crypto/openssl/crypto/rsa/rsa_pk1.c
===================================================================
--- trunk/crypto/openssl/crypto/rsa/rsa_pk1.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/rsa/rsa_pk1.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/rsa/rsa_pk1.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/rsa/rsa_pss.c
===================================================================
--- trunk/crypto/openssl/crypto/rsa/rsa_pss.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/rsa/rsa_pss.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* rsa_pss.c */
/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
* project 2005.
Modified: trunk/crypto/openssl/crypto/rsa/rsa_saos.c
===================================================================
--- trunk/crypto/openssl/crypto/rsa/rsa_saos.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/rsa/rsa_saos.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/rsa/rsa_saos.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/rsa/rsa_sign.c
===================================================================
--- trunk/crypto/openssl/crypto/rsa/rsa_sign.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/rsa/rsa_sign.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/rsa/rsa_sign.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/rsa/rsa_ssl.c
===================================================================
--- trunk/crypto/openssl/crypto/rsa/rsa_ssl.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/rsa/rsa_ssl.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/rsa/rsa_ssl.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/rsa/rsa_test.c
===================================================================
--- trunk/crypto/openssl/crypto/rsa/rsa_test.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/rsa/rsa_test.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* test vectors from p1ovect1.txt */
#include <stdio.h>
Modified: trunk/crypto/openssl/crypto/rsa/rsa_x931.c
===================================================================
--- trunk/crypto/openssl/crypto/rsa/rsa_x931.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/rsa/rsa_x931.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* rsa_x931.c */
/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
* project 2005.
Modified: trunk/crypto/openssl/crypto/rsa/rsa_x931g.c
===================================================================
--- trunk/crypto/openssl/crypto/rsa/rsa_x931g.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/rsa/rsa_x931g.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/rsa/rsa_gen.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Index: trunk/crypto/openssl/crypto/sha/asm/sha1-x86_64.pl
===================================================================
--- trunk/crypto/openssl/crypto/sha/asm/sha1-x86_64.pl 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/sha/asm/sha1-x86_64.pl 2014-10-12 20:48:00 UTC (rev 6872)
Property changes on: trunk/crypto/openssl/crypto/sha/asm/sha1-x86_64.pl
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: trunk/crypto/openssl/crypto/sha/asm/sha512-ia64.pl
===================================================================
--- trunk/crypto/openssl/crypto/sha/asm/sha512-ia64.pl 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/sha/asm/sha512-ia64.pl 2014-10-12 20:48:00 UTC (rev 6872)
Property changes on: trunk/crypto/openssl/crypto/sha/asm/sha512-ia64.pl
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: trunk/crypto/openssl/crypto/sha/asm/sha512-x86_64.pl
===================================================================
--- trunk/crypto/openssl/crypto/sha/asm/sha512-x86_64.pl 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/sha/asm/sha512-x86_64.pl 2014-10-12 20:48:00 UTC (rev 6872)
Property changes on: trunk/crypto/openssl/crypto/sha/asm/sha512-x86_64.pl
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Modified: trunk/crypto/openssl/crypto/symhacks.h
===================================================================
--- trunk/crypto/openssl/crypto/symhacks.h 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/symhacks.h 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
Index: trunk/crypto/openssl/crypto/threads/ptest.bat
===================================================================
--- trunk/crypto/openssl/crypto/threads/ptest.bat 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/threads/ptest.bat 2014-10-12 20:48:00 UTC (rev 6872)
Property changes on: trunk/crypto/openssl/crypto/threads/ptest.bat
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: trunk/crypto/openssl/crypto/threads/pthread2.sh
===================================================================
--- trunk/crypto/openssl/crypto/threads/pthread2.sh 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/threads/pthread2.sh 2014-10-12 20:48:00 UTC (rev 6872)
Property changes on: trunk/crypto/openssl/crypto/threads/pthread2.sh
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Modified: trunk/crypto/openssl/crypto/threads/pthreads-vms.com
===================================================================
--- trunk/crypto/openssl/crypto/threads/pthreads-vms.com 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/threads/pthreads-vms.com 2014-10-12 20:48:00 UTC (rev 6872)
@@ -2,8 +2,13 @@
$!
$! WARNING: only tested with DEC C so far.
$
-$ arch := vax
-$ if f$getsyi("CPU") .ge. 128 then arch := axp
+$ if (f$getsyi("cpu").lt.128)
+$ then
+$ arch := VAX
+$ else
+$ arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$ if (arch .eqs. "") then arch = "UNK"
+$ endif
$ define/user openssl [--.include.openssl]
$ cc/def=PTHREADS mttest.c
$ link mttest,[--.'arch'.exe.ssl]libssl/lib,[--.'arch'.exe.crypto]libcrypto/lib
Index: trunk/crypto/openssl/crypto/threads/win32.bat
===================================================================
--- trunk/crypto/openssl/crypto/threads/win32.bat 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/threads/win32.bat 2014-10-12 20:48:00 UTC (rev 6872)
Property changes on: trunk/crypto/openssl/crypto/threads/win32.bat
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Modified: trunk/crypto/openssl/crypto/tmdiff.c
===================================================================
--- trunk/crypto/openssl/crypto/tmdiff.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/tmdiff.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/tmdiff.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/tmdiff.h
===================================================================
--- trunk/crypto/openssl/crypto/tmdiff.h 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/tmdiff.h 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/tmdiff.h */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/crypto/ui/ui_lib.c
===================================================================
--- trunk/crypto/openssl/crypto/ui/ui_lib.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/ui/ui_lib.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -897,9 +897,9 @@
break;
}
}
+ }
default:
break;
}
- }
return 0;
}
Modified: trunk/crypto/openssl/crypto/uid.c
===================================================================
--- trunk/crypto/openssl/crypto/uid.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/uid.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* crypto/uid.c */
/* ====================================================================
* Copyright (c) 2001 The OpenSSL Project. All rights reserved.
Modified: trunk/crypto/openssl/crypto/x86cpuid.pl
===================================================================
--- trunk/crypto/openssl/crypto/x86cpuid.pl 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/crypto/x86cpuid.pl 2014-10-12 20:48:00 UTC (rev 6872)
@@ -33,6 +33,7 @@
&data_byte(0x0f,0x95,0xc0); #&setne (&LB("eax"));
&or ("ebp","eax");
&mov ("eax",1);
+ &xor ("ecx","ecx");
&cpuid ();
&cmp ("ebp",0);
&jne (&label("notP4"));
Modified: trunk/crypto/openssl/demos/easy_tls/Makefile
===================================================================
--- trunk/crypto/openssl/demos/easy_tls/Makefile 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/demos/easy_tls/Makefile 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,5 +1,5 @@
# Makefile for easy-tls example application (rudimentary client and server)
-# $Id: Makefile,v 1.1.1.2 2006-02-25 02:34:33 laffer1 Exp $
+# $Id: Makefile,v 1.2 2001/09/18 09:15:40 bodo Exp $
SOLARIS_CFLAGS=-Wall -pedantic -g -O2
SOLARIS_LIBS=-lxnet
Modified: trunk/crypto/openssl/demos/easy_tls/cacerts.pem
===================================================================
--- trunk/crypto/openssl/demos/easy_tls/cacerts.pem 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/demos/easy_tls/cacerts.pem 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,4 @@
-$Id: cacerts.pem,v 1.1.1.2 2006-02-25 02:34:33 laffer1 Exp $
+$Id: cacerts.pem,v 1.1 2001/09/17 19:06:57 bodo Exp $
issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
Modified: trunk/crypto/openssl/demos/easy_tls/cert.pem
===================================================================
--- trunk/crypto/openssl/demos/easy_tls/cert.pem 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/demos/easy_tls/cert.pem 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,4 @@
-$Id: cert.pem,v 1.1.1.2 2006-02-25 02:34:33 laffer1 Exp $
+$Id: cert.pem,v 1.1 2001/09/17 19:06:57 bodo Exp $
Example certificate and key.
Modified: trunk/crypto/openssl/demos/easy_tls/easy-tls.c
===================================================================
--- trunk/crypto/openssl/demos/easy_tls/easy-tls.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/demos/easy_tls/easy-tls.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,7 +1,7 @@
/* -*- Mode: C; c-file-style: "bsd" -*- */
/*
* easy-tls.c -- generic TLS proxy.
- * $Id: easy-tls.c,v 1.1.1.3 2008-11-03 18:20:57 laffer1 Exp $
+ * $Id: easy-tls.c,v 1.4 2002/03/05 09:07:16 bodo Exp $
*/
/*
(c) Copyright 1999 Bodo Moeller. All rights reserved.
@@ -73,7 +73,7 @@
*/
static char const rcsid[] =
-"$Id: easy-tls.c,v 1.1.1.3 2008-11-03 18:20:57 laffer1 Exp $";
+"$Id: easy-tls.c,v 1.4 2002/03/05 09:07:16 bodo Exp $";
#include <assert.h>
#include <errno.h>
Modified: trunk/crypto/openssl/demos/easy_tls/easy-tls.h
===================================================================
--- trunk/crypto/openssl/demos/easy_tls/easy-tls.h 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/demos/easy_tls/easy-tls.h 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,7 +1,7 @@
/* -*- Mode: C; c-file-style: "bsd" -*- */
/*
* easy-tls.h -- generic TLS proxy.
- * $Id: easy-tls.h,v 1.1.1.2 2006-02-25 02:34:34 laffer1 Exp $
+ * $Id: easy-tls.h,v 1.1 2001/09/17 19:06:59 bodo Exp $
*/
/*
* (c) Copyright 1999 Bodo Moeller. All rights reserved.
Modified: trunk/crypto/openssl/demos/easy_tls/test.c
===================================================================
--- trunk/crypto/openssl/demos/easy_tls/test.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/demos/easy_tls/test.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,5 +1,5 @@
/* test.c */
-/* $Id: test.c,v 1.1.1.2 2006-02-25 02:34:34 laffer1 Exp $ */
+/* $Id: test.c,v 1.1 2001/09/17 19:06:59 bodo Exp $ */
#define L_PORT 9999
#define C_PORT 443
Modified: trunk/crypto/openssl/demos/easy_tls/test.h
===================================================================
--- trunk/crypto/openssl/demos/easy_tls/test.h 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/demos/easy_tls/test.h 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,5 +1,5 @@
/* test.h */
-/* $Id: test.h,v 1.1.1.2 2006-02-25 02:34:34 laffer1 Exp $ */
+/* $Id: test.h,v 1.1 2001/09/17 19:07:00 bodo Exp $ */
void test_process_init(int fd, int client_p, void *apparg);
Modified: trunk/crypto/openssl/demos/engines/rsaref/build.com
===================================================================
--- trunk/crypto/openssl/demos/engines/rsaref/build.com 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/demos/engines/rsaref/build.com 2014-10-12 20:48:00 UTC (rev 6872)
@@ -7,6 +7,14 @@
$ exit
$ endif
$
+$ if (f$getsyi("cpu").lt.128)
+$ then
+$ arch := vax
+$ else
+$ arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$ if (arch .eqs. "") then arch = "UNK"
+$ endif
+$
$ _save_default = f$environment("default")
$ set default [.install]
$ files := desc,digit,md2c,md5c,nn,prime,-
@@ -29,14 +37,8 @@
$ define/user openssl [---.include.openssl]
$ cc/define=ENGINE_DYNAMIC_SUPPORT rsaref.c
$
-$ if f$getsyi("CPU") .ge. 128
+$ if arch .eqs. "VAX"
$ then
-$ link/share=librsaref.exe sys$input:/option
-[]rsaref.obj
-[.install]rsaref.olb/lib
-[---.axp.exe.crypto]libcrypto.olb/lib
-symbol_vector=(bind_engine=procedure,v_check=procedure)
-$ else
$ macro/object=rsaref_vec.obj sys$input:
;
; Transfer vector for VAX shareable image
@@ -80,6 +82,24 @@
[]rsaref.obj
[.install]rsaref.olb/lib
[---.vax.exe.crypto]libcrypto.olb/lib
+$ else
+$ if arch_name .eqs. "ALPHA"
+$ then
+$ link/share=librsaref.exe sys$input:/option
+[]rsaref.obj
+[.install]rsaref.olb/lib
+[---.alpha.exe.crypto]libcrypto.olb/lib
+symbol_vector=(bind_engine=procedure,v_check=procedure)
+$ else
+$ if arch_name .eqs. "IA64"
+$ then
+$ link /shareable=librsaref.exe sys$input: /options
+[]rsaref.obj
+[.install]rsaref.olb/lib
+[---.ia64.exe.crypto]libcrypto.olb/lib
+symbol_vector=(bind_engine=procedure,v_check=procedure)
+$ endif
+$ endif
$ endif
$
$ set default '_save_default'
Index: trunk/crypto/openssl/demos/ssltest-ecc/ECC-RSAcertgen.sh
===================================================================
--- trunk/crypto/openssl/demos/ssltest-ecc/ECC-RSAcertgen.sh 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/demos/ssltest-ecc/ECC-RSAcertgen.sh 2014-10-12 20:48:00 UTC (rev 6872)
Property changes on: trunk/crypto/openssl/demos/ssltest-ecc/ECC-RSAcertgen.sh
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: trunk/crypto/openssl/demos/ssltest-ecc/ECCcertgen.sh
===================================================================
--- trunk/crypto/openssl/demos/ssltest-ecc/ECCcertgen.sh 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/demos/ssltest-ecc/ECCcertgen.sh 2014-10-12 20:48:00 UTC (rev 6872)
Property changes on: trunk/crypto/openssl/demos/ssltest-ecc/ECCcertgen.sh
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: trunk/crypto/openssl/demos/ssltest-ecc/RSAcertgen.sh
===================================================================
--- trunk/crypto/openssl/demos/ssltest-ecc/RSAcertgen.sh 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/demos/ssltest-ecc/RSAcertgen.sh 2014-10-12 20:48:00 UTC (rev 6872)
Property changes on: trunk/crypto/openssl/demos/ssltest-ecc/RSAcertgen.sh
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: trunk/crypto/openssl/demos/ssltest-ecc/ssltest.sh
===================================================================
--- trunk/crypto/openssl/demos/ssltest-ecc/ssltest.sh 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/demos/ssltest-ecc/ssltest.sh 2014-10-12 20:48:00 UTC (rev 6872)
Property changes on: trunk/crypto/openssl/demos/ssltest-ecc/ssltest.sh
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: trunk/crypto/openssl/demos/tunala/autogunk.sh
===================================================================
--- trunk/crypto/openssl/demos/tunala/autogunk.sh 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/demos/tunala/autogunk.sh 2014-10-12 20:48:00 UTC (rev 6872)
Property changes on: trunk/crypto/openssl/demos/tunala/autogunk.sh
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: trunk/crypto/openssl/demos/tunala/autoungunk.sh
===================================================================
--- trunk/crypto/openssl/demos/tunala/autoungunk.sh 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/demos/tunala/autoungunk.sh 2014-10-12 20:48:00 UTC (rev 6872)
Property changes on: trunk/crypto/openssl/demos/tunala/autoungunk.sh
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: trunk/crypto/openssl/demos/tunala/test.sh
===================================================================
--- trunk/crypto/openssl/demos/tunala/test.sh 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/demos/tunala/test.sh 2014-10-12 20:48:00 UTC (rev 6872)
Property changes on: trunk/crypto/openssl/demos/tunala/test.sh
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Modified: trunk/crypto/openssl/demos/x509/mkreq.c
===================================================================
--- trunk/crypto/openssl/demos/x509/mkreq.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/demos/x509/mkreq.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -7,6 +7,7 @@
#include <openssl/pem.h>
#include <openssl/conf.h>
+#include <openssl/x509.h>
#include <openssl/x509v3.h>
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
@@ -13,7 +14,7 @@
#endif
int mkreq(X509_REQ **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days);
-int add_ext(STACK_OF(X509_REQUEST) *sk, int nid, char *value);
+int add_ext(STACK_OF(X509_EXTENSION) *sk, int nid, char *value);
int main(int argc, char **argv)
{
@@ -148,7 +149,7 @@
* because we wont reference any other sections.
*/
-int add_ext(STACK_OF(X509_REQUEST) *sk, int nid, char *value)
+int add_ext(STACK_OF(X509_EXTENSION) *sk, int nid, char *value)
{
X509_EXTENSION *ex;
ex = X509V3_EXT_conf_nid(NULL, NULL, nid, value);
Modified: trunk/crypto/openssl/doc/apps/asn1parse.pod
===================================================================
--- trunk/crypto/openssl/doc/apps/asn1parse.pod 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/doc/apps/asn1parse.pod 2014-10-12 20:48:00 UTC (rev 6872)
@@ -15,6 +15,8 @@
[B<-length number>]
[B<-i>]
[B<-oid filename>]
+[B<-dump>]
+[B<-dlimit num>]
[B<-strparse offset>]
[B<-genstr string>]
[B<-genconf file>]
@@ -64,6 +66,14 @@
a file containing additional OBJECT IDENTIFIERs (OIDs). The format of this
file is described in the NOTES section below.
+=item B<-dump>
+
+dump unknown data in hex format.
+
+=item B<-dlimit num>
+
+like B<-dump>, but only the first B<num> bytes are output.
+
=item B<-strparse offset>
parse the contents octets of the ASN.1 object starting at B<offset>. This
Modified: trunk/crypto/openssl/doc/apps/ca.pod
===================================================================
--- trunk/crypto/openssl/doc/apps/ca.pod 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/doc/apps/ca.pod 2014-10-12 20:48:00 UTC (rev 6872)
@@ -13,6 +13,8 @@
[B<-name section>]
[B<-gencrl>]
[B<-revoke file>]
+[B<-status serial>]
+[B<-updatedb>]
[B<-crl_reason reason>]
[B<-crl_hold instruction>]
[B<-crl_compromise time>]
@@ -26,6 +28,7 @@
[B<-md arg>]
[B<-policy arg>]
[B<-keyfile arg>]
+[B<-keyform PEM|DER>]
[B<-key arg>]
[B<-passin arg>]
[B<-cert file>]
@@ -83,18 +86,18 @@
a file containing a single Netscape signed public key and challenge
and additional field values to be signed by the CA. See the B<SPKAC FORMAT>
-section for information on the required format.
+section for information on the required input and output format.
=item B<-infiles>
if present this should be the last option, all subsequent arguments
-are assumed to be the names of files containing certificate requests.
+are assumed to the the names of files containing certificate requests.
=item B<-out filename>
the output file to output certificates to. The default is standard
output. The certificate details will also be printed out to this
-file.
+file in PEM format (except that B<-spkac> outputs DER format).
=item B<-outdir directory>
@@ -110,6 +113,11 @@
the private key to sign requests with.
+=item B<-keyform PEM|DER>
+
+the format of the data in the private key file.
+The default is PEM.
+
=item B<-key password>
the password used to encrypt the private key. Since on some
@@ -265,6 +273,15 @@
a filename containing a certificate to revoke.
+=item B<-status serial>
+
+displays the revocation status of the certificate with the specified
+serial number and exits.
+
+=item B<-updatedb>
+
+Updates the database index to purge expired certificates.
+
=item B<-crl_reason reason>
revocation reason, where B<reason> is one of: B<unspecified>, B<keyCompromise>,
@@ -495,6 +512,10 @@
If you need to include the same component twice then it can be
preceded by a number and a '.'.
+When processing SPKAC format, the output is DER if the B<-out>
+flag is used, but PEM format if sending to stdout or the B<-outdir>
+flag is used.
+
=head1 EXAMPLES
Note: these examples assume that the B<ca> directory structure is
Modified: trunk/crypto/openssl/doc/apps/crl.pod
===================================================================
--- trunk/crypto/openssl/doc/apps/crl.pod 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/doc/apps/crl.pod 2014-10-12 20:48:00 UTC (rev 6872)
@@ -12,6 +12,7 @@
[B<-text>]
[B<-in filename>]
[B<-out filename>]
+[B<-nameopt option>]
[B<-noout>]
[B<-hash>]
[B<-issuer>]
@@ -53,6 +54,11 @@
print out the CRL in text form.
+=item B<-nameopt option>
+
+option which determines how the subject or issuer names are displayed. See
+the description of B<-nameopt> in L<x509(1)|x509(1)>.
+
=item B<-noout>
don't output the encoded version of the CRL.
Modified: trunk/crypto/openssl/doc/apps/dgst.pod
===================================================================
--- trunk/crypto/openssl/doc/apps/dgst.pod 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/doc/apps/dgst.pod 2014-10-12 20:48:00 UTC (rev 6872)
@@ -68,7 +68,7 @@
=item B<-verify filename>
-verify the signature using the public key in "filename".
+verify the signature using the the public key in "filename".
The output is either "Verification OK" or "Verification Failure".
=item B<-prverify filename>
Modified: trunk/crypto/openssl/doc/apps/dhparam.pod
===================================================================
--- trunk/crypto/openssl/doc/apps/dhparam.pod 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/doc/apps/dhparam.pod 2014-10-12 20:48:00 UTC (rev 6872)
@@ -12,6 +12,7 @@
[B<-in> I<filename>]
[B<-out> I<filename>]
[B<-dsaparam>]
+[B<-check>]
[B<-noout>]
[B<-text>]
[B<-C>]
@@ -64,6 +65,10 @@
parameters, a fresh DH key should be created for each use to
avoid small-subgroup attacks that may be possible otherwise.
+=item B<-check>
+
+check if the parameters are valid primes and generator.
+
=item B<-2>, B<-5>
The generator to use, either 2 or 5. 2 is the default. If present then the
Modified: trunk/crypto/openssl/doc/apps/dsa.pod
===================================================================
--- trunk/crypto/openssl/doc/apps/dsa.pod 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/doc/apps/dsa.pod 2014-10-12 20:48:00 UTC (rev 6872)
@@ -13,6 +13,12 @@
[B<-passin arg>]
[B<-out filename>]
[B<-passout arg>]
+[B<-aes128>]
+[B<-aes192>]
+[B<-aes256>]
+[B<-camellia128>]
+[B<-camellia192>]
+[B<-camellia256>]
[B<-des>]
[B<-des3>]
[B<-idea>]
@@ -74,10 +80,10 @@
the output file password source. For more information about the format of B<arg>
see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
-=item B<-des|-des3|-idea>
+=item B<-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea>
-These options encrypt the private key with the DES, triple DES, or the
-IDEA ciphers respectively before outputting it. A pass phrase is prompted for.
+These options encrypt the private key with the specified
+cipher before outputting it. A pass phrase is prompted for.
If none of these options is specified the key is written in plain text. This
means that using the B<dsa> utility to read in an encrypted key with no
encryption option can be used to remove the pass phrase from a key, or by
Modified: trunk/crypto/openssl/doc/apps/ecparam.pod
===================================================================
--- trunk/crypto/openssl/doc/apps/ecparam.pod 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/doc/apps/ecparam.pod 2014-10-12 20:48:00 UTC (rev 6872)
@@ -16,7 +16,7 @@
[B<-C>]
[B<-check>]
[B<-name arg>]
-[B<-list_curve>]
+[B<-list_curves>]
[B<-conv_form arg>]
[B<-param_enc arg>]
[B<-no_seed>]
Modified: trunk/crypto/openssl/doc/apps/gendsa.pod
===================================================================
--- trunk/crypto/openssl/doc/apps/gendsa.pod 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/doc/apps/gendsa.pod 2014-10-12 20:48:00 UTC (rev 6872)
@@ -8,6 +8,12 @@
B<openssl> B<gendsa>
[B<-out filename>]
+[B<-aes128>]
+[B<-aes192>]
+[B<-aes256>]
+[B<-camellia128>]
+[B<-camellia192>]
+[B<-camellia256>]
[B<-des>]
[B<-des3>]
[B<-idea>]
@@ -24,10 +30,10 @@
=over 4
-=item B<-des|-des3|-idea>
+=item B<-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea>
-These options encrypt the private key with the DES, triple DES, or the
-IDEA ciphers respectively before outputting it. A pass phrase is prompted for.
+These options encrypt the private key with specified
+cipher before outputting it. A pass phrase is prompted for.
If none of these options is specified no encryption is used.
=item B<-rand file(s)>
Modified: trunk/crypto/openssl/doc/apps/genrsa.pod
===================================================================
--- trunk/crypto/openssl/doc/apps/genrsa.pod 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/doc/apps/genrsa.pod 2014-10-12 20:48:00 UTC (rev 6872)
@@ -9,6 +9,18 @@
B<openssl> B<genrsa>
[B<-out filename>]
[B<-passout arg>]
+[B<-aes128>]
+[B<-aes128>]
+[B<-aes192>]
+[B<-aes256>]
+[B<-camellia128>]
+[B<-camellia192>]
+[B<-camellia256>]
+[B<-aes192>]
+[B<-aes256>]
+[B<-camellia128>]
+[B<-camellia192>]
+[B<-camellia256>]
[B<-des>]
[B<-des3>]
[B<-idea>]
@@ -36,10 +48,10 @@
the output file password source. For more information about the format of B<arg>
see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
-=item B<-des|-des3|-idea>
+=item B<-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea>
-These options encrypt the private key with the DES, triple DES, or the
-IDEA ciphers respectively before outputting it. If none of these options is
+These options encrypt the private key with specified
+cipher before outputting it. If none of these options is
specified no encryption is used. If encryption is used a pass phrase is prompted
for if it is not supplied via the B<-passout> argument.
Modified: trunk/crypto/openssl/doc/apps/rsa.pod
===================================================================
--- trunk/crypto/openssl/doc/apps/rsa.pod 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/doc/apps/rsa.pod 2014-10-12 20:48:00 UTC (rev 6872)
@@ -15,6 +15,12 @@
[B<-out filename>]
[B<-passout arg>]
[B<-sgckey>]
+[B<-aes128>]
+[B<-aes192>]
+[B<-aes256>]
+[B<-camellia128>]
+[B<-camellia192>]
+[B<-camellia256>]
[B<-des>]
[B<-des3>]
[B<-idea>]
@@ -80,10 +86,10 @@
use the modified NET algorithm used with some versions of Microsoft IIS and SGC
keys.
-=item B<-des|-des3|-idea>
+=item B<-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea>
-These options encrypt the private key with the DES, triple DES, or the
-IDEA ciphers respectively before outputting it. A pass phrase is prompted for.
+These options encrypt the private key with the specified
+cipher before outputting it. A pass phrase is prompted for.
If none of these options is specified the key is written in plain text. This
means that using the B<rsa> utility to read in an encrypted key with no
encryption option can be used to remove the pass phrase from a key, or by
Modified: trunk/crypto/openssl/doc/apps/s_client.pod
===================================================================
--- trunk/crypto/openssl/doc/apps/s_client.pod 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/doc/apps/s_client.pod 2014-10-12 20:48:00 UTC (rev 6872)
@@ -17,6 +17,22 @@
[B<-pass arg>]
[B<-CApath directory>]
[B<-CAfile filename>]
+[B<-attime timestamp>]
+[B<-check_ss_sig>]
+[B<-crl_check>]
+[B<-crl_check_all>]
+[B<-explicit_policy>]
+[B<-ignore_critical>]
+[B<-inhibit_any>]
+[B<-inhibit_map>]
+[B<-issuer_checks>]
+[B<-policy arg>]
+[B<-policy_check>]
+[B<-policy_print>]
+[B<-purpose purpose>]
+[B<-use_deltas>]
+[B<-verify_depth num>]
+[B<-x509_strict>]
[B<-reconnect>]
[B<-pause>]
[B<-showcerts>]
@@ -37,6 +53,7 @@
[B<-bugs>]
[B<-cipher cipherlist>]
[B<-starttls protocol>]
+[B<-xmpphost hostname>]
[B<-engine id>]
[B<-tlsextdebug>]
[B<-no_ticket>]
@@ -52,6 +69,11 @@
=head1 OPTIONS
+In addition to the options below the B<s_client> utility also supports the
+common and client only options documented in the
+in the L<SSL_CONF_cmd(3)|SSL_CONF_cmd(3)/SUPPORTED COMMAND LINE COMMANDS>
+manual page.
+
=over 4
=item B<-connect host:port>
@@ -101,6 +123,15 @@
A file containing trusted certificates to use during server authentication
and to use when attempting to build the client certificate chain.
+=item B<-attime>, B<-check_ss_sig>, B<-crl_check>, B<-crl_check_all>,
+B<explicit_policy>, B<-ignore_critical>, B<-inhibit_any>,
+B<-inhibit_map>, B<-issuer_checks>, B<-policy>,
+B<-policy_check>, B<-policy_print>, B<-purpose>,
+B<-use_deltas>, B<-verify_depth>, B<-x509_strict>
+
+Set various certificate chain valiadition options. See the
+L<B<verify>|verify(1)> manual page for details.
+
=item B<-reconnect>
reconnects to the same server 5 times using the same session ID, this can
@@ -188,18 +219,22 @@
send the protocol-specific message(s) to switch to TLS for communication.
B<protocol> is a keyword for the intended protocol. Currently, the only
-supported keywords are "smtp", "pop3", "imap", and "ftp".
+supported keywords are "smtp", "pop3", "imap", "ftp" and "xmpp".
+=item B<-xmpphost hostname>
+
+This option, when used with "-starttls xmpp", specifies the host for the
+"to" attribute of the stream element.
+If this option is not specified, then the host specified with "-connect"
+will be used.
+
=item B<-tlsextdebug>
-print out a hex dump of any TLS extensions received from the server. Note: this
-option is only available if extension support is explicitly enabled at compile
-time
+print out a hex dump of any TLS extensions received from the server.
=item B<-no_ticket>
-disable RFC4507bis session ticket support. Note: this option is only available
-if extension support is explicitly enabled at compile time
+disable RFC4507bis session ticket support.
=item B<-sess_out filename>
@@ -212,7 +247,7 @@
=item B<-engine id>
-specifying an engine (by it's unique B<id> string) will cause B<s_client>
+specifying an engine (by its unique B<id> string) will cause B<s_client>
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then be set as the default
for all available algorithms.
@@ -274,8 +309,11 @@
these will only be supported if its use is disabled, for example by using the
B<-no_sslv2> option.
-TLS extensions are only supported in OpenSSL 0.9.8 if they are explictly
-enabled at compile time using for example the B<enable-tlsext> switch.
+The B<s_client> utility is a test tool and is designed to continue the
+handshake after any certificate verification errors. As a result it will
+accept any certificate chain (trusted or not) sent by the peer. None test
+applications should B<not> do this as it makes them vulnerable to a MITM
+attack.
=head1 BUGS
@@ -284,9 +322,6 @@
hard to read and not a model of how things should be done. A typical
SSL client program would be much simpler.
-The B<-verify> option should really exit if the server verification
-fails.
-
The B<-prexit> option is a bit of a hack. We should really report
information whenever a session is renegotiated.
Modified: trunk/crypto/openssl/doc/apps/s_server.pod
===================================================================
--- trunk/crypto/openssl/doc/apps/s_server.pod 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/doc/apps/s_server.pod 2014-10-12 20:48:00 UTC (rev 6872)
@@ -35,6 +35,7 @@
[B<-CAfile filename>]
[B<-nocert>]
[B<-cipher cipherlist>]
+[B<-serverpref>]
[B<-quiet>]
[B<-no_tmp_rsa>]
[B<-ssl2>]
@@ -144,6 +145,9 @@
client does not have to send one, with the B<-Verify> option the client
must supply a certificate or an error occurs.
+If the ciphersuite cannot request a client certificate (for example an
+anonymous ciphersuite or PSK) this option has no effect.
+
=item B<-crl_check>, B<-crl_check_all>
Check the peer certificate has not been revoked by its CA.
@@ -215,6 +219,10 @@
the preference order, the order of the server cipherlist irrelevant. See
the B<ciphers> command for more information.
+=item B<-serverpref>
+
+use the server's cipher preferences, rather than the client's preferences.
+
=item B<-tlsextdebug>
print out a hex dump of any TLS extensions received from the server.
Modified: trunk/crypto/openssl/doc/apps/smime.pod
===================================================================
--- trunk/crypto/openssl/doc/apps/smime.pod 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/doc/apps/smime.pod 2014-10-12 20:48:00 UTC (rev 6872)
@@ -135,8 +135,8 @@
=item B<-des -des3 -rc2-40 -rc2-64 -rc2-128 -aes128 -aes192 -aes256 -camellia128 -camellia192 -camellia256>
the encryption algorithm to use. DES (56 bits), triple DES (168 bits),
-40, 64 or 128 bit RC2, 128, 192 or 256 bit AES, or 128, 192 or 256 bit Camellia respectively. If not
-specified 40 bit RC2 is used. Only used with B<-encrypt>.
+40, 64 or 128 bit RC2, 128, 192 or 256 bit AES, or 128, 192 or 256 bit Camellia respectively.
+If not specified triple DES is used. Only used with B<-encrypt>.
=item B<-nointern>
@@ -265,28 +265,28 @@
=over 4
-=item 0
+=item Z<>0
the operation was completely successfully.
-=item 1
+=item Z<>1
an error occurred parsing the command options.
-=item 2
+=item Z<>2
one of the input files could not be read.
-=item 3
+=item Z<>3
an error occurred creating the PKCS#7 file or when reading the MIME
message.
-=item 4
+=item Z<>4
an error occurred decrypting or verifying the message.
-=item 5
+=item Z<>5
the message was verified correctly but an error occurred writing out
the signers certificates.
Modified: trunk/crypto/openssl/doc/apps/verify.pod
===================================================================
--- trunk/crypto/openssl/doc/apps/verify.pod 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/doc/apps/verify.pod 2014-10-12 20:48:00 UTC (rev 6872)
@@ -7,13 +7,27 @@
=head1 SYNOPSIS
B<openssl> B<verify>
+[B<-CAfile file>]
[B<-CApath directory>]
-[B<-CAfile file>]
+[B<-attime timestamp>]
+[B<-check_ss_sig>]
+[B<-crl_check>]
+[B<-crl_check_all>]
+[B<-explicit_policy>]
+[B<-help>]
+[B<-ignore_critical>]
+[B<-inhibit_any>]
+[B<-inhibit_map>]
+[B<-issuer_checks>]
+[B<-policy arg>]
+[B<-policy_check>]
+[B<-policy_print>]
[B<-purpose purpose>]
[B<-untrusted file>]
-[B<-help>]
-[B<-issuer_checks>]
+[B<-use_deltas>]
[B<-verbose>]
+[B<-verify_depth num>]
+[B<-x509_strict>]
[B<->]
[certificates]
@@ -26,6 +40,11 @@
=over 4
+=item B<-CAfile file>
+
+A file of trusted certificates. The file should contain multiple certificates
+in PEM format concatenated together.
+
=item B<-CApath directory>
A directory of trusted certificates. The certificates should have names
@@ -34,56 +53,113 @@
of the B<x509> utility). Under Unix the B<c_rehash> script will automatically
create symbolic links to a directory of certificates.
-=item B<-CAfile file>
+=item B<-attime timestamp>
-A file of trusted certificates. The file should contain multiple certificates
-in PEM format concatenated together.
+Perform validation checks using time specified by B<timestamp> and not
+current system time. B<timestamp> is the number of seconds since
+01.01.1970 (UNIX time).
-=item B<-untrusted file>
+=item B<-check_ss_sig>
-A file of untrusted certificates. The file should contain multiple certificates
+Verify the signature on the self-signed root CA. This is disabled by default
+because it doesn't add any security.
-=item B<-purpose purpose>
+=item B<-crl_check>
-the intended use for the certificate. Without this option no chain verification
-will be done. Currently accepted uses are B<sslclient>, B<sslserver>,
-B<nssslserver>, B<smimesign>, B<smimeencrypt>. See the B<VERIFY OPERATION>
-section for more information.
+Checks end entity certificate validity by attempting to look up a valid CRL.
+If a valid CRL cannot be found an error occurs.
+=item B<-crl_check_all>
+
+Checks the validity of B<all> certificates in the chain by attempting
+to look up valid CRLs.
+
+=item B<-explicit_policy>
+
+Set policy variable require-explicit-policy (see RFC5280).
+
=item B<-help>
-prints out a usage message.
+Print out a usage message.
-=item B<-verbose>
+=item B<-ignore_critical>
-print extra information about the operations being performed.
+Normally if an unhandled critical extension is present which is not
+supported by OpenSSL the certificate is rejected (as required by RFC5280).
+If this option is set critical extensions are ignored.
+=item B<-inhibit_any>
+
+Set policy variable inhibit-any-policy (see RFC5280).
+
+=item B<-inhibit_map>
+
+Set policy variable inhibit-policy-mapping (see RFC5280).
+
=item B<-issuer_checks>
-print out diagnostics relating to searches for the issuer certificate
-of the current certificate. This shows why each candidate issuer
-certificate was rejected. However the presence of rejection messages
-does not itself imply that anything is wrong: during the normal
-verify process several rejections may take place.
+Print out diagnostics relating to searches for the issuer certificate of the
+current certificate. This shows why each candidate issuer certificate was
+rejected. The presence of rejection messages does not itself imply that
+anything is wrong; during the normal verification process, several
+rejections may take place.
-=item B<-check_ss_sig>
+=item B<-policy arg>
-Verify the signature on the self-signed root CA. This is disabled by default
-because it doesn't add any security.
+Enable policy processing and add B<arg> to the user-initial-policy-set (see
+RFC5280). The policy B<arg> can be an object name an OID in numeric form.
+This argument can appear more than once.
+=item B<-policy_check>
+
+Enables certificate policy processing.
+
+=item B<-policy_print>
+
+Print out diagnostics related to policy processing.
+
+=item B<-purpose purpose>
+
+The intended use for the certificate. If this option is not specified,
+B<verify> will not consider certificate purpose during chain verification.
+Currently accepted uses are B<sslclient>, B<sslserver>, B<nssslserver>,
+B<smimesign>, B<smimeencrypt>. See the B<VERIFY OPERATION> section for more
+information.
+
+=item B<-untrusted file>
+
+A file of untrusted certificates. The file should contain multiple certificates
+in PEM format concatenated together.
+
+=item B<-use_deltas>
+
+Enable support for delta CRLs.
+
+=item B<-verbose>
+
+Print extra information about the operations being performed.
+
+=item B<-verify_depth num>
+
+Limit the maximum depth of the certificate chain to B<num> certificates.
+
+=item B<-x509_strict>
+
+For strict X.509 compliance, disable non-compliant workarounds for broken
+certificates.
+
=item B<->
-marks the last option. All arguments following this are assumed to be
+Indicates the last option. All arguments following this are assumed to be
certificate files. This is useful if the first certificate filename begins
with a B<->.
=item B<certificates>
-one or more certificates to verify. If no certificate filenames are included
-then an attempt is made to read a certificate from standard input. They should
-all be in PEM format.
+One or more certificates to verify. If no certificates are given, B<verify>
+will attempt to read a certificate from standard input. Certificates must be
+in PEM format.
-
=back
=head1 VERIFY OPERATION
@@ -176,7 +252,7 @@
=item B<3 X509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate CRL>
-the CRL of a certificate could not be found. Unused.
+the CRL of a certificate could not be found.
=item B<4 X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature>
@@ -199,7 +275,7 @@
=item B<8 X509_V_ERR_CRL_SIGNATURE_FAILURE: CRL signature failure>
-the signature of the certificate is invalid. Unused.
+the signature of the certificate is invalid.
=item B<9 X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid>
@@ -211,11 +287,11 @@
=item B<11 X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid>
-the CRL is not yet valid. Unused.
+the CRL is not yet valid.
=item B<12 X509_V_ERR_CRL_HAS_EXPIRED: CRL has expired>
-the CRL has expired. Unused.
+the CRL has expired.
=item B<13 X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field>
@@ -227,11 +303,11 @@
=item B<15 X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in CRL's lastUpdate field>
-the CRL lastUpdate field contains an invalid time. Unused.
+the CRL lastUpdate field contains an invalid time.
=item B<16 X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in CRL's nextUpdate field>
-the CRL nextUpdate field contains an invalid time. Unused.
+the CRL nextUpdate field contains an invalid time.
=item B<17 X509_V_ERR_OUT_OF_MEM: out of memory>
@@ -263,7 +339,7 @@
=item B<23 X509_V_ERR_CERT_REVOKED: certificate revoked>
-the certificate has been revoked. Unused.
+the certificate has been revoked.
=item B<24 X509_V_ERR_INVALID_CA: invalid CA certificate>
@@ -317,10 +393,10 @@
=head1 BUGS
-Although the issuer checks are a considerably improvement over the old technique they still
+Although the issuer checks are a considerable improvement over the old technique they still
suffer from limitations in the underlying X509_LOOKUP API. One consequence of this is that
trusted certificates with matching subject name must either appear in a file (as specified by the
-B<-CAfile> option) or a directory (as specified by B<-CApath>. If they occur in both then only
+B<-CAfile> option) or a directory (as specified by B<-CApath>). If they occur in both then only
the certificates in the file will be recognised.
Previous versions of OpenSSL assume certificates with matching subject name are identical and
Modified: trunk/crypto/openssl/doc/apps/x509.pod
===================================================================
--- trunk/crypto/openssl/doc/apps/x509.pod 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/doc/apps/x509.pod 2014-10-12 20:48:00 UTC (rev 6872)
@@ -19,6 +19,7 @@
[B<-hash>]
[B<-subject_hash>]
[B<-issuer_hash>]
+[B<-ocspid>]
[B<-subject>]
[B<-issuer>]
[B<-nameopt option>]
@@ -27,6 +28,7 @@
[B<-enddate>]
[B<-purpose>]
[B<-dates>]
+[B<-checkend num>]
[B<-modulus>]
[B<-fingerprint>]
[B<-alias>]
@@ -40,6 +42,7 @@
[B<-days arg>]
[B<-set_serial n>]
[B<-signkey filename>]
+[B<-passin arg>]
[B<-x509toreq>]
[B<-req>]
[B<-CA filename>]
@@ -47,6 +50,7 @@
[B<-CAcreateserial>]
[B<-CAserial filename>]
[B<-text>]
+[B<-certopt option>]
[B<-C>]
[B<-md2|-md5|-sha1|-mdc2>]
[B<-clrext>]
@@ -153,6 +157,10 @@
outputs the "hash" of the certificate issuer name.
+=item B<-ocspid>
+
+outputs the OCSP hash values for the subject name and public key.
+
=item B<-hash>
synonym for "-subject_hash" for backward compatibility reasons.
@@ -188,6 +196,11 @@
prints out the start and expiry dates of a certificate.
+=item B<-checkend arg>
+
+checks if the certificate expires within the next B<arg> seconds and exits
+non-zero if yes it will expire or zero if not.
+
=item B<-fingerprint>
prints out the digest of the DER encoded version of the whole certificate
@@ -293,6 +306,11 @@
is created using the supplied private key using the subject name in
the request.
+=item B<-passin arg>
+
+the key password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
+
=item B<-clrext>
delete any extensions from a certificate. This option is used when a
@@ -446,7 +464,7 @@
Also if this option is off any UTF8Strings will be converted to their
character form first.
-=item B<no_type>
+=item B<ignore_type>
this option does not attempt to interpret multibyte characters in any
way. That is their content octets are merely dumped as though one octet
Modified: trunk/crypto/openssl/doc/apps/x509v3_config.pod
===================================================================
--- trunk/crypto/openssl/doc/apps/x509v3_config.pod 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/doc/apps/x509v3_config.pod 2014-10-12 20:48:00 UTC (rev 6872)
@@ -52,7 +52,7 @@
policies extension for an example.
If an extension type is unsupported then the I<arbitrary> extension syntax
-must be used, see the L<ARBITRART EXTENSIONS|/"ARBITRARY EXTENSIONS"> section for more details.
+must be used, see the L<ARBITRARY EXTENSIONS|/"ARBITRARY EXTENSIONS"> section for more details.
=head1 STANDARD EXTENSIONS
@@ -174,11 +174,11 @@
The value of B<dirName> should point to a section containing the distinguished
name to use as a set of name value pairs. Multi values AVAs can be formed by
-preceeding the name with a B<+> character.
+preceding the name with a B<+> character.
otherName can include arbitrary data associated with an OID: the value
should be the OID followed by a semicolon and the content in standard
-ASN1_generate_nconf() format.
+L<ASN1_generate_nconf(3)|ASN1_generate_nconf(3)> format.
Examples:
@@ -226,21 +226,82 @@
=head2 CRL distribution points.
-This is a multi-valued extension that supports all the literal options of
-subject alternative name. Of the few software packages that currently interpret
-this extension most only interpret the URI option.
+This is a multi-valued extension whose options can be either in name:value pair
+using the same form as subject alternative name or a single value representing
+a section name containing all the distribution point fields.
-Currently each option will set a new DistributionPoint with the fullName
-field set to the given value.
+For a name:value pair a new DistributionPoint with the fullName field set to
+the given value both the cRLissuer and reasons fields are omitted in this case.
-Other fields like cRLissuer and reasons cannot currently be set or displayed:
-at this time no examples were available that used these fields.
+In the single option case the section indicated contains values for each
+field. In this section:
-Examples:
+If the name is "fullname" the value field should contain the full name
+of the distribution point in the same format as subject alternative name.
+If the name is "relativename" then the value field should contain a section
+name whose contents represent a DN fragment to be placed in this field.
+
+The name "CRLIssuer" if present should contain a value for this field in
+subject alternative name format.
+
+If the name is "reasons" the value field should consist of a comma
+separated field containing the reasons. Valid reasons are: "keyCompromise",
+"CACompromise", "affiliationChanged", "superseded", "cessationOfOperation",
+"certificateHold", "privilegeWithdrawn" and "AACompromise".
+
+
+Simple examples:
+
crlDistributionPoints=URI:http://myhost.com/myca.crl
crlDistributionPoints=URI:http://my.com/my.crl,URI:http://oth.com/my.crl
+Full distribution point example:
+
+ crlDistributionPoints=crldp1_section
+
+ [crldp1_section]
+
+ fullname=URI:http://myhost.com/myca.crl
+ CRLissuer=dirName:issuer_sect
+ reasons=keyCompromise, CACompromise
+
+ [issuer_sect]
+ C=UK
+ O=Organisation
+ CN=Some Name
+
+=head2 Issuing Distribution Point
+
+This extension should only appear in CRLs. It is a multi valued extension
+whose syntax is similar to the "section" pointed to by the CRL distribution
+points extension with a few differences.
+
+The names "reasons" and "CRLissuer" are not recognized.
+
+The name "onlysomereasons" is accepted which sets this field. The value is
+in the same format as the CRL distribution point "reasons" field.
+
+The names "onlyuser", "onlyCA", "onlyAA" and "indirectCRL" are also accepted
+the values should be a boolean value (TRUE or FALSE) to indicate the value of
+the corresponding field.
+
+Example:
+
+ issuingDistributionPoint=critical, @idp_section
+
+ [idp_section]
+
+ fullname=URI:http://myhost.com/myca.crl
+ indirectCRL=TRUE
+ onlysomereasons=keyCompromise, CACompromise
+
+ [issuer_sect]
+ C=UK
+ O=Organisation
+ CN=Some Name
+
+
=head2 Certificate Policies.
This is a I<raw> extension. All the fields of this extension can be set by
@@ -330,6 +391,16 @@
nameConstraints=excluded;email:.com
+
+=head2 OCSP No Check
+
+The OCSP No Check extension is a string extension but its value is ignored.
+
+Example:
+
+ noCheck = ignored
+
+
=head1 DEPRECATED EXTENSIONS
The following extensions are non standard, Netscape specific and largely
@@ -370,7 +441,8 @@
There are two ways to encode arbitrary extensions.
The first way is to use the word ASN1 followed by the extension content
-using the same syntax as ASN1_generate_nconf(). For example:
+using the same syntax as L<ASN1_generate_nconf(3)|ASN1_generate_nconf(3)>.
+For example:
1.2.3.4=critical,ASN1:UTF8String:Some random data
@@ -450,7 +522,8 @@
=head1 SEE ALSO
-L<req(1)|req(1)>, L<ca(1)|ca(1)>, L<x509(1)|x509(1)>
+L<req(1)|req(1)>, L<ca(1)|ca(1)>, L<x509(1)|x509(1)>,
+L<ASN1_generate_nconf(3)|ASN1_generate_nconf(3)>
=cut
Modified: trunk/crypto/openssl/doc/crypto/ASN1_generate_nconf.pod
===================================================================
--- trunk/crypto/openssl/doc/crypto/ASN1_generate_nconf.pod 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/doc/crypto/ASN1_generate_nconf.pod 2014-10-12 20:48:00 UTC (rev 6872)
@@ -61,7 +61,7 @@
=item B<INTEGER>, B<INT>
Encodes an ASN1 B<INTEGER> type. The B<value> string represents
-the value of the integer, it can be preceeded by a minus sign and
+the value of the integer, it can be preceded by a minus sign and
is normally interpreted as a decimal value unless the prefix B<0x>
is included.
@@ -103,7 +103,8 @@
=item B<UNIVERSALSTRING>, B<UNIV>, B<IA5>, B<IA5STRING>, B<UTF8>,
B<UTF8String>, B<BMP>, B<BMPSTRING>, B<VISIBLESTRING>,
B<VISIBLE>, B<PRINTABLESTRING>, B<PRINTABLE>, B<T61>,
-B<T61STRING>, B<TELETEXSTRING>, B<GeneralString>
+B<T61STRING>, B<TELETEXSTRING>, B<GeneralString>, B<NUMERICSTRING>,
+B<NUMERIC>
These encode the corresponding string types. B<value> represents the
contents of this structure. The format can be B<ASCII> or B<UTF8>.
Modified: trunk/crypto/openssl/doc/crypto/BIO_f_base64.pod
===================================================================
--- trunk/crypto/openssl/doc/crypto/BIO_f_base64.pod 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/doc/crypto/BIO_f_base64.pod 2014-10-12 20:48:00 UTC (rev 6872)
@@ -46,11 +46,11 @@
b64 = BIO_new(BIO_f_base64());
bio = BIO_new_fp(stdout, BIO_NOCLOSE);
- bio = BIO_push(b64, bio);
- BIO_write(bio, message, strlen(message));
- BIO_flush(bio);
+ BIO_push(b64, bio);
+ BIO_write(b64, message, strlen(message));
+ BIO_flush(b64);
- BIO_free_all(bio);
+ BIO_free_all(b64);
Read Base64 encoded data from standard input and write the decoded
data to standard output:
@@ -62,11 +62,12 @@
b64 = BIO_new(BIO_f_base64());
bio = BIO_new_fp(stdin, BIO_NOCLOSE);
bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);
- bio = BIO_push(b64, bio);
- while((inlen = BIO_read(bio, inbuf, 512)) > 0)
+ BIO_push(b64, bio);
+ while((inlen = BIO_read(b64, inbuf, 512)) > 0)
BIO_write(bio_out, inbuf, inlen);
- BIO_free_all(bio);
+ BIO_flush(bio_out);
+ BIO_free_all(b64);
=head1 BUGS
Modified: trunk/crypto/openssl/doc/crypto/BIO_push.pod
===================================================================
--- trunk/crypto/openssl/doc/crypto/BIO_push.pod 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/doc/crypto/BIO_push.pod 2014-10-12 20:48:00 UTC (rev 6872)
@@ -40,7 +40,7 @@
BIO_push(b64, f);
-is made then the new chain will be B<b64-chain>. After making the calls
+is made then the new chain will be B<b64-f>. After making the calls
BIO_push(md2, b64);
BIO_push(md1, md2);
Modified: trunk/crypto/openssl/doc/crypto/CONF_modules_free.pod
===================================================================
--- trunk/crypto/openssl/doc/crypto/CONF_modules_free.pod 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/doc/crypto/CONF_modules_free.pod 2014-10-12 20:48:00 UTC (rev 6872)
@@ -37,7 +37,7 @@
=head1 SEE ALSO
L<conf(5)|conf(5)>, L<OPENSSL_config(3)|OPENSSL_config(3)>,
-L<CONF_modules_load_file(3), CONF_modules_load_file(3)>
+L<CONF_modules_load_file(3)|CONF_modules_load_file(3)>
=head1 HISTORY
Modified: trunk/crypto/openssl/doc/crypto/CONF_modules_load_file.pod
===================================================================
--- trunk/crypto/openssl/doc/crypto/CONF_modules_load_file.pod 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/doc/crypto/CONF_modules_load_file.pod 2014-10-12 20:48:00 UTC (rev 6872)
@@ -51,7 +51,7 @@
=head1 SEE ALSO
L<conf(5)|conf(5)>, L<OPENSSL_config(3)|OPENSSL_config(3)>,
-L<CONF_free(3), CONF_free(3)>, L<err(3),err(3)>
+L<CONF_free(3)|CONF_free(3)>, L<err(3)|err(3)>
=head1 HISTORY
Modified: trunk/crypto/openssl/doc/crypto/ERR_get_error.pod
===================================================================
--- trunk/crypto/openssl/doc/crypto/ERR_get_error.pod 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/doc/crypto/ERR_get_error.pod 2014-10-12 20:48:00 UTC (rev 6872)
@@ -49,12 +49,15 @@
the error occurred in *B<file> and *B<line>, unless these are B<NULL>.
ERR_get_error_line_data(), ERR_peek_error_line_data() and
-ERR_get_last_error_line_data() store additional data and flags
+ERR_peek_last_error_line_data() store additional data and flags
associated with the error code in *B<data>
and *B<flags>, unless these are B<NULL>. *B<data> contains a string
-if *B<flags>&B<ERR_TXT_STRING>. If it has been allocated by OPENSSL_malloc(),
-*B<flags>&B<ERR_TXT_MALLOCED> is true.
+if *B<flags>&B<ERR_TXT_STRING> is true.
+An application B<MUST NOT> free the *B<data> pointer (or any other pointers
+returned by these functions) with OPENSSL_free() as freeing is handled
+automatically by the error library.
+
=head1 RETURN VALUES
The error code, or 0 if there is no error in the queue.
Modified: trunk/crypto/openssl/doc/crypto/OPENSSL_config.pod
===================================================================
--- trunk/crypto/openssl/doc/crypto/OPENSSL_config.pod 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/doc/crypto/OPENSSL_config.pod 2014-10-12 20:48:00 UTC (rev 6872)
@@ -73,7 +73,7 @@
=head1 SEE ALSO
L<conf(5)|conf(5)>, L<CONF_load_modules_file(3)|CONF_load_modules_file(3)>,
-L<CONF_modules_free(3),CONF_modules_free(3)>
+L<CONF_modules_free(3)|CONF_modules_free(3)>
=head1 HISTORY
Modified: trunk/crypto/openssl/doc/crypto/RSA_set_method.pod
===================================================================
--- trunk/crypto/openssl/doc/crypto/RSA_set_method.pod 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/doc/crypto/RSA_set_method.pod 2014-10-12 20:48:00 UTC (rev 6872)
@@ -125,14 +125,18 @@
/* sign. For backward compatibility, this is used only
* if (flags & RSA_FLAG_SIGN_VER)
*/
- int (*rsa_sign)(int type, unsigned char *m, unsigned int m_len,
- unsigned char *sigret, unsigned int *siglen, RSA *rsa);
-
+ int (*rsa_sign)(int type,
+ const unsigned char *m, unsigned int m_length,
+ unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
/* verify. For backward compatibility, this is used only
* if (flags & RSA_FLAG_SIGN_VER)
*/
- int (*rsa_verify)(int type, unsigned char *m, unsigned int m_len,
- unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
+ int (*rsa_verify)(int dtype,
+ const unsigned char *m, unsigned int m_length,
+ const unsigned char *sigbuf, unsigned int siglen,
+ const RSA *rsa);
+ /* keygen. If NULL builtin RSA key generation will be used */
+ int (*rsa_keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
} RSA_METHOD;
Modified: trunk/crypto/openssl/doc/crypto/RSA_sign.pod
===================================================================
--- trunk/crypto/openssl/doc/crypto/RSA_sign.pod 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/doc/crypto/RSA_sign.pod 2014-10-12 20:48:00 UTC (rev 6872)
@@ -20,6 +20,10 @@
private key B<rsa> as specified in PKCS #1 v2.0. It stores the
signature in B<sigret> and the signature size in B<siglen>. B<sigret>
must point to RSA_size(B<rsa>) bytes of memory.
+Note that PKCS #1 adds meta-data, placing limits on the size of the
+key that can be used.
+See L<RSA_private_encrypt(3)|RSA_private_encrypt(3)> for lower-level
+operations.
B<type> denotes the message digest algorithm that was used to generate
B<m>. It usually is one of B<NID_sha1>, B<NID_ripemd160> and B<NID_md5>;
Modified: trunk/crypto/openssl/doc/crypto/X509_NAME_ENTRY_get_object.pod
===================================================================
--- trunk/crypto/openssl/doc/crypto/X509_NAME_ENTRY_get_object.pod 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/doc/crypto/X509_NAME_ENTRY_get_object.pod 2014-10-12 20:48:00 UTC (rev 6872)
@@ -65,7 +65,7 @@
=head1 SEE ALSO
L<ERR_get_error(3)|ERR_get_error(3)>, L<d2i_X509_NAME(3)|d2i_X509_NAME(3)>,
-L<OBJ_nid2obj(3),OBJ_nid2obj(3)>
+L<OBJ_nid2obj(3)|OBJ_nid2obj(3)>
=head1 HISTORY
Modified: trunk/crypto/openssl/doc/crypto/des.pod
===================================================================
--- trunk/crypto/openssl/doc/crypto/des.pod 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/doc/crypto/des.pod 2014-10-12 20:48:00 UTC (rev 6872)
@@ -135,9 +135,8 @@
DES_set_odd_parity() sets the parity of the passed I<key> to odd.
-DES_is_weak_key() returns 1 is the passed key is a weak key, 0 if it
-is ok. The probability that a randomly generated key is weak is
-1/2^52, so it is not really worth checking for them.
+DES_is_weak_key() returns 1 if the passed key is a weak key, 0 if it
+is ok.
The following routines mostly operate on an input and output stream of
I<DES_cblock>s.
@@ -181,7 +180,7 @@
DES_ede3_cbc_encrypt() implements outer triple CBC DES encryption with
three keys. This means that each DES operation inside the CBC mode is
-really an C<C=E(ks3,D(ks2,E(ks1,M)))>. This mode is used by SSL.
+an C<C=E(ks3,D(ks2,E(ks1,M)))>. This mode is used by SSL.
The DES_ede2_cbc_encrypt() macro implements two-key Triple-DES by
reusing I<ks1> for the final encryption. C<C=E(ks1,D(ks2,E(ks1,M)))>.
Modified: trunk/crypto/openssl/doc/crypto/ecdsa.pod
===================================================================
--- trunk/crypto/openssl/doc/crypto/ecdsa.pod 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/doc/crypto/ecdsa.pod 2014-10-12 20:48:00 UTC (rev 6872)
@@ -95,7 +95,7 @@
ECDSA_verify() verifies that the signature in B<sig> of size
B<siglen> is a valid ECDSA signature of the hash value
-value B<dgst> of size B<dgstlen> using the public key B<eckey>.
+B<dgst> of size B<dgstlen> using the public key B<eckey>.
The parameter B<type> is ignored.
ECDSA_do_sign() is wrapper function for ECDSA_do_sign_ex with B<kinv>
@@ -114,7 +114,7 @@
ECDSA_size() returns the maximum length signature or 0 on error.
-ECDSA_sign_setup() and ECDSA_sign() return 1 if successful or -1
+ECDSA_sign_setup() and ECDSA_sign() return 1 if successful or 0
on error.
ECDSA_verify() and ECDSA_do_verify() return 1 for a valid
@@ -131,16 +131,12 @@
int ret;
ECDSA_SIG *sig;
- EC_KEY *eckey = EC_KEY_new();
+ EC_KEY *eckey;
+ eckey = EC_KEY_new_by_curve_name(NID_secp192k1);
if (eckey == NULL)
{
/* error */
}
- key->group = EC_GROUP_new_by_nid(NID_secp192k1);
- if (key->group == NULL)
- {
- /* error */
- }
if (!EC_KEY_generate_key(eckey))
{
/* error */
Modified: trunk/crypto/openssl/doc/crypto/engine.pod
===================================================================
--- trunk/crypto/openssl/doc/crypto/engine.pod 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/doc/crypto/engine.pod 2014-10-12 20:48:00 UTC (rev 6872)
@@ -517,7 +517,7 @@
this symbol is considered a "generic" command is handled directly by the
OpenSSL core routines.
-It is using these "core" control commands that one can discover the control
+It is using these "core" control commands that one can discover the the control
commands implemented by a given ENGINE, specifically the commands;
#define ENGINE_HAS_CTRL_FUNCTION 10
Modified: trunk/crypto/openssl/doc/crypto/err.pod
===================================================================
--- trunk/crypto/openssl/doc/crypto/err.pod 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/doc/crypto/err.pod 2014-10-12 20:48:00 UTC (rev 6872)
@@ -171,7 +171,6 @@
=head1 SEE ALSO
-L<CRYPTO_set_id_callback(3)|CRYPTO_set_id_callback(3)>,
L<CRYPTO_set_locking_callback(3)|CRYPTO_set_locking_callback(3)>,
L<ERR_get_error(3)|ERR_get_error(3)>,
L<ERR_GET_LIB(3)|ERR_GET_LIB(3)>,
Modified: trunk/crypto/openssl/doc/crypto/pem.pod
===================================================================
--- trunk/crypto/openssl/doc/crypto/pem.pod 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/doc/crypto/pem.pod 2014-10-12 20:48:00 UTC (rev 6872)
@@ -450,9 +450,9 @@
After this is the base64 encoded encrypted data.
-The encryption key is determined using EVP_bytestokey(), using B<salt> and an
+The encryption key is determined using EVP_BytesToKey(), using B<salt> and an
iteration count of 1. The IV used is the value of B<salt> and *not* the IV
-returned by EVP_bytestokey().
+returned by EVP_BytesToKey().
=head1 BUGS
@@ -474,3 +474,7 @@
if an error occurred.
The write routines return 1 for success or 0 for failure.
+
+=head1 SEE ALSO
+
+L<EVP_get_cipherbyname(3)|EVP_get_cipherbyname>, L<EVP_BytesToKey(3)|EVP_BytesToKey(3)>
Modified: trunk/crypto/openssl/doc/crypto/ui.pod
===================================================================
--- trunk/crypto/openssl/doc/crypto/ui.pod 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/doc/crypto/ui.pod 2014-10-12 20:48:00 UTC (rev 6872)
@@ -119,7 +119,7 @@
UI_add_input_boolean() adds a prompt to the UI that's supposed to be answered
in a boolean way, with a single character for yes and a different character
for no. A set of characters that can be used to cancel the prompt is given
-as well. The prompt itself is really divided in two, one part being the
+as well. The prompt itself is divided in two, one part being the
descriptive text (given through the I<prompt> argument) and one describing
the possible answers (given through the I<action_desc> argument).
Modified: trunk/crypto/openssl/doc/fingerprints.txt
===================================================================
--- trunk/crypto/openssl/doc/fingerprints.txt 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/doc/fingerprints.txt 2014-10-12 20:48:00 UTC (rev 6872)
@@ -4,12 +4,11 @@
signatures in separate files in the same location you find the
distributions themselves. The normal file name is the same as the
distribution file, with '.asc' added. For example, the signature for
-the distribution of OpenSSL 0.9.7f, openssl-0.9.7f.tar.gz, is found in
-the file openssl-0.9.7f.tar.gz.asc.
+the distribution of OpenSSL 1.0.1h, openssl-1.0.1h.tar.gz, is found in
+the file openssl-1.0.1h.tar.gz.asc.
The following is the list of fingerprints for the keys that are
-currently in use (have been used since summer 2004) to sign OpenSSL
-distributions:
+currently in use to sign OpenSSL distributions:
pub 1024D/F709453B 2003-10-20
Key fingerprint = C4CA B749 C34F 7F4C C04F DAC9 A7AF 9E78 F709 453B
@@ -21,6 +20,13 @@
Key fingerprint = D0 5D 8C 61 6E 27 E6 60 41 EC B1 B8 D5 7E E5 97
uid Dr S N Henson <shenson at drh-consultancy.demon.co.uk>
+pub 4096R/FA40E9E2 2005-03-19
+ Key fingerprint = 6260 5AA4 334A F9F0 DDE5 D349 D357 7507 FA40 E9E2
+uid Dr Stephen Henson <shenson at opensslfoundation.com>
+uid Dr Stephen Henson <shenson at drh-consultancy.co.uk>
+uid Dr Stephen N Henson <steve at openssl.org>
+sub 4096R/8811F530 2005-03-19
+
pub 1024R/49A563D9 1997-02-24
Key fingerprint = 7B 79 19 FA 71 6B 87 25 0E 77 21 E5 52 D9 83 BF
uid Mark Cox <mjc at redhat.com>
@@ -27,10 +33,6 @@
uid Mark Cox <mark at awe.com>
uid Mark Cox <mjc at apache.org>
-pub 1024R/26BB437D 1997-04-28
- Key fingerprint = 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5
-uid Ralf S. Engelschall <rse at engelschall.com>
-
pub 1024R/9C58A66D 1997-04-03
Key fingerprint = 13 D0 B8 9D 37 30 C3 ED AC 9C 24 7D 45 8C 17 67
uid jaenicke at openssl.org
@@ -55,3 +57,7 @@
uid Bodo Moeller <Bodo_Moeller at public.uni-hamburg.de>
uid Bodo Moeller <3moeller at rzdspc5.informatik.uni-hamburg.de>
+pub 2048R/0E604491 2013-04-30
+ Key fingerprint = 8657 ABB2 60F0 56B1 E519 0839 D9C4 D26D 0E60 4491
+uid Matt Caswell <frodo at baggins.org>
+
Modified: trunk/crypto/openssl/doc/ssl/SSL_CIPHER_get_name.pod
===================================================================
--- trunk/crypto/openssl/doc/ssl/SSL_CIPHER_get_name.pod 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/doc/ssl/SSL_CIPHER_get_name.pod 2014-10-12 20:48:00 UTC (rev 6872)
@@ -23,8 +23,12 @@
B<alg_bits> is not NULL, it contains the number of bits processed by the
chosen algorithm. If B<cipher> is NULL, 0 is returned.
-SSL_CIPHER_get_version() returns the protocol version for B<cipher>, currently
-"SSLv2", "SSLv3", or "TLSv1". If B<cipher> is NULL, "(NONE)" is returned.
+SSL_CIPHER_get_version() returns string which indicates the SSL/TLS protocol
+version that first defined the cipher.
+This is currently B<SSLv2> or B<TLSv1/SSLv3>.
+In some cases it should possibly return "TLSv1.2" but does not;
+use SSL_CIPHER_description() instead.
+If B<cipher> is NULL, "(NONE)" is returned.
SSL_CIPHER_description() returns a textual description of the cipher used
into the buffer B<buf> of length B<len> provided. B<len> must be at least
@@ -52,7 +56,8 @@
=item <protocol version>
-Protocol version: B<SSLv2>, B<SSLv3>. The TLSv1 ciphers are flagged with SSLv3.
+Protocol version: B<SSLv2>, B<SSLv3>, B<TLSv1.2>. The TLSv1.0 ciphers are
+flagged with SSLv3. No new ciphers were added by TLSv1.1.
=item Kx=<key exchange>
@@ -91,6 +96,10 @@
RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
EXP-RC4-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
+A comp[lete list can be retrieved by invoking the following command:
+
+ openssl ciphers -v ALL
+
=head1 BUGS
If SSL_CIPHER_description() is called with B<cipher> being NULL, the
Modified: trunk/crypto/openssl/doc/ssl/SSL_COMP_add_compression_method.pod
===================================================================
--- trunk/crypto/openssl/doc/ssl/SSL_COMP_add_compression_method.pod 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/doc/ssl/SSL_COMP_add_compression_method.pod 2014-10-12 20:48:00 UTC (rev 6872)
@@ -53,11 +53,11 @@
=over 4
-=item 0
+=item Z<>0
The operation succeeded.
-=item 1
+=item Z<>1
The operation failed. Check the error queue to find out the reason.
Modified: trunk/crypto/openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod
===================================================================
--- trunk/crypto/openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod 2014-10-12 20:48:00 UTC (rev 6872)
@@ -24,6 +24,16 @@
certificates in the trusted CA storage, see
L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>.
+The B<x509> certificate provided to SSL_CTX_add_extra_chain_cert() will be freed by the library when the B<SSL_CTX> is destroyed. An application B<should not> free the B<x509> object.
+
+=head1 RESTRICTIONS
+
+Only one set of extra chain certificates can be specified per SSL_CTX
+structure. Different chains for different certificates (for example if both
+RSA and DSA certificates are specified by the same server) or different SSL
+structures with the same parent SSL_CTX cannot be specified using this
+function.
+
=head1 RETURN VALUES
SSL_CTX_add_extra_chain_cert() returns 1 on success. Check out the
Modified: trunk/crypto/openssl/doc/ssl/SSL_CTX_add_session.pod
===================================================================
--- trunk/crypto/openssl/doc/ssl/SSL_CTX_add_session.pod 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/doc/ssl/SSL_CTX_add_session.pod 2014-10-12 20:48:00 UTC (rev 6872)
@@ -41,7 +41,7 @@
flag then the internal cache will not be populated automatically by new
sessions negotiated by the SSL/TLS implementation, even though the internal
cache will be searched automatically for session-resume requests (the
-latter can be surpressed by SSL_SESS_CACHE_NO_INTERNAL_LOOKUP). So the
+latter can be suppressed by SSL_SESS_CACHE_NO_INTERNAL_LOOKUP). So the
application can use SSL_CTX_add_session() directly to have full control
over the sessions that can be resumed if desired.
@@ -52,13 +52,13 @@
=over 4
-=item 0
+=item Z<>0
The operation failed. In case of the add operation, it was tried to add
the same (identical) session twice. In case of the remove operation, the
session was not found in the cache.
-=item 1
+=item Z<>1
The operation succeeded.
Modified: trunk/crypto/openssl/doc/ssl/SSL_CTX_load_verify_locations.pod
===================================================================
--- trunk/crypto/openssl/doc/ssl/SSL_CTX_load_verify_locations.pod 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/doc/ssl/SSL_CTX_load_verify_locations.pod 2014-10-12 20:48:00 UTC (rev 6872)
@@ -100,13 +100,13 @@
=over 4
-=item 0
+=item Z<>0
The operation failed because B<CAfile> and B<CApath> are NULL or the
processing at one of the locations specified failed. Check the error
stack to find out the reason.
-=item 1
+=item Z<>1
The operation succeeded.
Modified: trunk/crypto/openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod
===================================================================
--- trunk/crypto/openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod 2014-10-12 20:48:00 UTC (rev 6872)
@@ -35,7 +35,7 @@
=head1 NOTES
When a TLS/SSL server requests a client certificate (see
-B<SSL_CTX_set_verify_options()>), it sends a list of CAs, for which
+B<SSL_CTX_set_verify(3)>), it sends a list of CAs, for which
it will accept certificates, to the client.
This list must explicitly be set using SSL_CTX_set_client_CA_list() for
@@ -66,16 +66,16 @@
=over 4
-=item 1
+=item Z<>0
-The operation succeeded.
-
-=item 0
-
A failure while manipulating the STACK_OF(X509_NAME) object occurred or
the X509_NAME could not be extracted from B<cacert>. Check the error stack
to find out the reason.
+=item Z<>1
+
+The operation succeeded.
+
=back
=head1 EXAMPLES
Modified: trunk/crypto/openssl/doc/ssl/SSL_CTX_set_client_cert_cb.pod
===================================================================
--- trunk/crypto/openssl/doc/ssl/SSL_CTX_set_client_cert_cb.pod 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/doc/ssl/SSL_CTX_set_client_cert_cb.pod 2014-10-12 20:48:00 UTC (rev 6872)
@@ -29,7 +29,7 @@
certificate will be installed into B<ssl>, see the NOTES and BUGS sections.
If no certificate should be set, "0" has to be returned and no certificate
will be sent. A negative return value will suspend the handshake and the
-handshake function will return immediatly. L<SSL_get_error(3)|SSL_get_error(3)>
+handshake function will return immediately. L<SSL_get_error(3)|SSL_get_error(3)>
will return SSL_ERROR_WANT_X509_LOOKUP to indicate, that the handshake was
suspended. The next call to the handshake function will again lead to the call
of client_cert_cb(). It is the job of the client_cert_cb() to store information
Modified: trunk/crypto/openssl/doc/ssl/SSL_CTX_set_msg_callback.pod
===================================================================
--- trunk/crypto/openssl/doc/ssl/SSL_CTX_set_msg_callback.pod 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/doc/ssl/SSL_CTX_set_msg_callback.pod 2014-10-12 20:48:00 UTC (rev 6872)
@@ -11,8 +11,8 @@
void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
void SSL_CTX_set_msg_callback_arg(SSL_CTX *ctx, void *arg);
- void SSL_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
- void SSL_set_msg_callback_arg(SSL_CTX *ctx, void *arg);
+ void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
+ void SSL_set_msg_callback_arg(SSL *ssl, void *arg);
=head1 DESCRIPTION
Modified: trunk/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod
===================================================================
--- trunk/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod 2014-10-12 20:48:00 UTC (rev 6872)
@@ -88,9 +88,10 @@
...
-=item SSL_OP_MSIE_SSLV2_RSA_PADDING
+=item SSL_OP_SAFARI_ECDHE_ECDSA_BUG
-As of OpenSSL 0.9.7h and 0.9.8a, this option has no effect.
+Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X.
+OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.
=item SSL_OP_SSLEAY_080_CLIENT_DH_BUG
@@ -250,7 +251,7 @@
=head2 Unpatched client and patched OpenSSL server
-The initial connection suceeds but client renegotiation is denied by the
+The initial connection succeeds but client renegotiation is denied by the
server with a B<no_renegotiation> warning alert if TLS v1.0 is used or a fatal
B<handshake_failure> alert in SSL v3.0.
Modified: trunk/crypto/openssl/doc/ssl/SSL_CTX_set_session_id_context.pod
===================================================================
--- trunk/crypto/openssl/doc/ssl/SSL_CTX_set_session_id_context.pod 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/doc/ssl/SSL_CTX_set_session_id_context.pod 2014-10-12 20:48:00 UTC (rev 6872)
@@ -64,13 +64,13 @@
=over 4
-=item 0
+=item Z<>0
The length B<sid_ctx_len> of the session id context B<sid_ctx> exceeded
the maximum allowed length of B<SSL_MAX_SSL_SESSION_ID_LENGTH>. The error
is logged to the error stack.
-=item 1
+=item Z<>1
The operation succeeded.
Modified: trunk/crypto/openssl/doc/ssl/SSL_CTX_set_ssl_version.pod
===================================================================
--- trunk/crypto/openssl/doc/ssl/SSL_CTX_set_ssl_version.pod 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/doc/ssl/SSL_CTX_set_ssl_version.pod 2014-10-12 20:48:00 UTC (rev 6872)
@@ -42,11 +42,11 @@
=over 4
-=item 0
+=item Z<>0
The new choice failed, check the error stack to find out the reason.
-=item 1
+=item Z<>1
The operation succeeded.
Added: trunk/crypto/openssl/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod
===================================================================
--- trunk/crypto/openssl/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod (rev 0)
+++ trunk/crypto/openssl/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod 2014-10-12 20:48:00 UTC (rev 6872)
@@ -0,0 +1,195 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_tlsext_ticket_key_cb - set a callback for session ticket processing
+
+=head1 SYNOPSIS
+
+ #include <openssl/tls1.h>
+
+ long SSL_CTX_set_tlsext_ticket_key_cb(SSL_CTX sslctx,
+ int (*cb)(SSL *s, unsigned char key_name[16],
+ unsigned char iv[EVP_MAX_IV_LENGTH],
+ EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc));
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_tlsext_ticket_key_cb() sets a callback fuction I<cb> for handling
+session tickets for the ssl context I<sslctx>. Session tickets, defined in
+RFC5077 provide an enhanced session resumption capability where the server
+implementation is not required to maintain per session state. It only applies
+to TLS and there is no SSLv3 implementation.
+
+The callback is available when the OpenSSL library was built without
+I<OPENSSL_NO_TLSEXT> being defined.
+
+The callback function I<cb> will be called for every client instigated TLS
+session when session ticket extension is presented in the TLS hello
+message. It is the responsibility of this function to create or retrieve the
+cryptographic parameters and to maintain their state.
+
+The OpenSSL library uses your callback function to help implement a common TLS
+ticket construction state according to RFC5077 Section 4 such that per session
+state is unnecessary and a small set of cryptographic variables needs to be
+maintained by the callback function implementation.
+
+In order to reuse a session, a TLS client must send the a session ticket
+extension to the server. The client can only send exactly one session ticket.
+The server, through the callback function, either agrees to reuse the session
+ticket information or it starts a full TLS handshake to create a new session
+ticket.
+
+Before the callback function is started I<ctx> and I<hctx> have been
+initialised with EVP_CIPHER_CTX_init and HMAC_CTX_init respectively.
+
+For new sessions tickets, when the client doesn't present a session ticket, or
+an attempted retreival of the ticket failed, or a renew option was indicated,
+the callback function will be called with I<enc> equal to 1. The OpenSSL
+library expects that the function will set an arbitary I<name>, initialize
+I<iv>, and set the cipher context I<ctx> and the hash context I<hctx>.
+
+The I<name> is 16 characters long and is used as a key identifier.
+
+The I<iv> length is the length of the IV of the corresponding cipher. The
+maximum IV length is L<EVP_MAX_IV_LENGTH> bytes defined in B<evp.h>.
+
+The initialization vector I<iv> should be a random value. The cipher context
+I<ctx> should use the initialisation vector I<iv>. The cipher context can be
+set using L<EVP_EncryptInit_ex>. The hmac context can be set using L<HMAC_Init_ex>.
+
+When the client presents a session ticket, the callback function with be called
+with I<enc> set to 0 indicating that the I<cb> function should retreive a set
+of parameters. In this case I<name> and I<iv> have already been parsed out of
+the session ticket. The OpenSSL library expects that the I<name> will be used
+to retrieve a cryptographic parameters and that the cryptographic context
+I<ctx> will be set with the retreived parameters and the initialization vector
+I<iv>. using a function like L<EVP_DecryptInit_ex>. The I<hctx> needs to be set
+using L<HMAC_Init_ex>.
+
+If the I<name> is still valid but a renewal of the ticket is required the
+callback function should return 2. The library will call the callback again
+with an arguement of enc equal to 1 to set the new ticket.
+
+The return value of the I<cb> function is used by OpenSSL to determine what
+further processing will occur. The following return values have meaning:
+
+=over 4
+
+=item Z<>2
+
+This indicates that the I<ctx> and I<hctx> have been set and the session can
+continue on those parameters. Additionally it indicates that the session
+ticket is in a renewal period and should be replaced. The OpenSSL library will
+call I<cb> again with an enc argument of 1 to set the new ticket (see RFC5077
+3.3 paragraph 2).
+
+=item Z<>1
+
+This indicates that the I<ctx> and I<hctx> have been set and the session can
+continue on those parameters.
+
+=item Z<>0
+
+This indicates that it was not possible to set/retrieve a session ticket and
+the SSL/TLS session will continue by by negiotationing a set of cryptographic
+parameters or using the alternate SSL/TLS resumption mechanism, session ids.
+
+If called with enc equal to 0 the library will call the I<cb> again to get
+a new set of parameters.
+
+=item less than 0
+
+This indicates an error.
+
+=back
+
+=head1 NOTES
+
+Session resumption shortcuts the TLS so that the client certificate
+negiotation don't occur. It makes up for this by storing client certificate
+an all other negotiated state information encrypted within the ticket. In a
+resumed session the applications will have all this state information available
+exactly as if a full negiotation had occured.
+
+If an attacker can obtain the key used to encrypt a session ticket, they can
+obtain the master secret for any ticket using that key and decrypt any traffic
+using that session: even if the ciphersuite supports forward secrecy. As
+a result applications may wish to use multiple keys and avoid using long term
+keys stored in files.
+
+Applications can use longer keys to maintain a consistent level of security.
+For example if a ciphersuite uses 256 bit ciphers but only a 128 bit ticket key
+the overall security is only 128 bits because breaking the ticket key will
+enable an attacker to obtain the session keys.
+
+=head1 EXAMPLES
+
+Reference Implemention:
+ SSL_CTX_set_tlsext_ticket_key_cb(SSL,ssl_tlsext_ticket_key_cb);
+ ....
+
+ static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16], unsigned char *iv, EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc)
+ {
+ if (enc) { /* create new session */
+ if (RAND_bytes(iv, EVP_MAX_IV_LENGTH) ) {
+ return -1; /* insufficient random */
+ }
+
+ key = currentkey(); /* something that you need to implement */
+ if ( !key ) {
+ /* current key doesn't exist or isn't valid */
+ key = createkey(); /* something that you need to implement.
+ * createkey needs to initialise, a name,
+ * an aes_key, a hmac_key and optionally
+ * an expire time. */
+ if ( !key ) { /* key couldn't be created */
+ return 0;
+ }
+ }
+ memcpy(key_name, key->name, 16);
+
+ EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key->aes_key, iv);
+ HMAC_Init_ex(&hctx, key->hmac_key, 16, EVP_sha256(), NULL);
+
+ return 1;
+
+ } else { /* retrieve session */
+ key = findkey(name);
+
+ if (!key || key->expire < now() ) {
+ return 0;
+ }
+
+ HMAC_Init_ex(&hctx, key->hmac_key, 16, EVP_sha256(), NULL);
+ EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key->aes_key, iv );
+
+ if (key->expire < ( now() - RENEW_TIME ) ) {
+ /* return 2 - this session will get a new ticket even though the current is still valid */
+ return 2;
+ }
+ return 1;
+
+ }
+ }
+
+
+
+=head1 RETURN VALUES
+
+returns 0 to indicate the callback function was set.
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>, L<SSL_set_session(3)|SSL_set_session(3)>,
+L<SSL_session_reused(3)|SSL_session_reused(3)>,
+L<SSL_CTX_add_session(3)|SSL_CTX_add_session(3)>,
+L<SSL_CTX_sess_number(3)|SSL_CTX_sess_number(3)>,
+L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>,
+L<SSL_CTX_set_session_id_context(3)|SSL_CTX_set_session_id_context(3)>,
+
+=head1 HISTORY
+
+This function was introduced in OpenSSL 0.9.8h
+
+=cut
Modified: trunk/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod
===================================================================
--- trunk/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod 2014-10-12 20:48:00 UTC (rev 6872)
@@ -12,12 +12,10 @@
DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength));
long SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh);
- void SSL_set_tmp_dh_callback(SSL_CTX *ctx,
+ void SSL_set_tmp_dh_callback(SSL *ctx,
DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength));
long SSL_set_tmp_dh(SSL *ssl, DH *dh)
- DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength));
-
=head1 DESCRIPTION
SSL_CTX_set_tmp_dh_callback() sets the callback function for B<ctx> to be
@@ -81,7 +79,7 @@
is mandatory.
Application authors may compile in DH parameters. Files dh512.pem,
-dh1024.pem, dh2048.pem, and dh4096 in the 'apps' directory of current
+dh1024.pem, dh2048.pem, and dh4096.pem in the 'apps' directory of current
version of the OpenSSL distribution contain the 'SKIP' DH parameters,
which use safe primes and were generated verifiably pseudo-randomly.
These files can be converted into C code using the B<-C> option of the
Modified: trunk/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod
===================================================================
--- trunk/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod 2014-10-12 20:48:00 UTC (rev 6872)
@@ -109,8 +109,8 @@
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY will be issued.
The depth count is "level 0:peer certificate", "level 1: CA certificate",
"level 2: higher level CA certificate", and so on. Setting the maximum
-depth to 2 allows the levels 0, 1, and 2. The default depth limit is 9,
-allowing for the peer certificate and additional 9 CA certificates.
+depth to 2 allows the levels 0, 1, and 2. The default depth limit is 100,
+allowing for the peer certificate and additional 100 CA certificates.
The B<verify_callback> function is used to control the behaviour when the
SSL_VERIFY_PEER flag is set. It must be supplied by the application and
Modified: trunk/crypto/openssl/doc/ssl/SSL_accept.pod
===================================================================
--- trunk/crypto/openssl/doc/ssl/SSL_accept.pod 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/doc/ssl/SSL_accept.pod 2014-10-12 20:48:00 UTC (rev 6872)
@@ -44,17 +44,17 @@
=over 4
-=item 1
+=item Z<>0
-The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
-established.
-
-=item 0
-
The TLS/SSL handshake was not successful but was shut down controlled and
by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
return value B<ret> to find out the reason.
+=item Z<>1
+
+The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
+established.
+
=item E<lt>0
The TLS/SSL handshake was not successful because a fatal error occurred either
Modified: trunk/crypto/openssl/doc/ssl/SSL_clear.pod
===================================================================
--- trunk/crypto/openssl/doc/ssl/SSL_clear.pod 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/doc/ssl/SSL_clear.pod 2014-10-12 20:48:00 UTC (rev 6872)
@@ -56,12 +56,12 @@
=over 4
-=item 0
+=item Z<>0
The SSL_clear() operation could not be performed. Check the error stack to
find out the reason.
-=item 1
+=item Z<>1
The SSL_clear() operation was successful.
Modified: trunk/crypto/openssl/doc/ssl/SSL_connect.pod
===================================================================
--- trunk/crypto/openssl/doc/ssl/SSL_connect.pod 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/doc/ssl/SSL_connect.pod 2014-10-12 20:48:00 UTC (rev 6872)
@@ -41,17 +41,17 @@
=over 4
-=item 1
+=item Z<>0
-The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
-established.
-
-=item 0
-
The TLS/SSL handshake was not successful but was shut down controlled and
by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
return value B<ret> to find out the reason.
+=item Z<>1
+
+The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
+established.
+
=item E<lt>0
The TLS/SSL handshake was not successful, because a fatal error occurred either
Modified: trunk/crypto/openssl/doc/ssl/SSL_do_handshake.pod
===================================================================
--- trunk/crypto/openssl/doc/ssl/SSL_do_handshake.pod 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/doc/ssl/SSL_do_handshake.pod 2014-10-12 20:48:00 UTC (rev 6872)
@@ -45,17 +45,17 @@
=over 4
-=item 1
+=item Z<>0
-The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
-established.
-
-=item 0
-
The TLS/SSL handshake was not successful but was shut down controlled and
by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
return value B<ret> to find out the reason.
+=item Z<>1
+
+The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
+established.
+
=item E<lt>0
The TLS/SSL handshake was not successful because a fatal error occurred either
Modified: trunk/crypto/openssl/doc/ssl/SSL_get_version.pod
===================================================================
--- trunk/crypto/openssl/doc/ssl/SSL_get_version.pod 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/doc/ssl/SSL_get_version.pod 2014-10-12 20:48:00 UTC (rev 6872)
@@ -12,12 +12,12 @@
=head1 DESCRIPTION
-SSL_get_cipher_version() returns the name of the protocol used for the
+SSL_get_version() returns the name of the protocol used for the
connection B<ssl>.
=head1 RETURN VALUES
-The following strings can occur:
+The following strings can be returned:
=over 4
@@ -31,8 +31,16 @@
=item TLSv1
-The connection uses the TLSv1 protocol.
+The connection uses the TLSv1.0 protocol.
+=item TLSv1.1
+
+The connection uses the TLSv1.1 protocol.
+
+=item TLSv1.2
+
+The connection uses the TLSv1.2 protocol.
+
=item unknown
This indicates that no version has been set (no connection established).
Modified: trunk/crypto/openssl/doc/ssl/SSL_read.pod
===================================================================
--- trunk/crypto/openssl/doc/ssl/SSL_read.pod 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/doc/ssl/SSL_read.pod 2014-10-12 20:48:00 UTC (rev 6872)
@@ -86,7 +86,7 @@
The read operation was successful; the return value is the number of
bytes actually read from the TLS/SSL connection.
-=item 0
+=item Z<>0
The read operation was not successful. The reason may either be a clean
shutdown due to a "close notify" alert sent by the peer (in which case
Modified: trunk/crypto/openssl/doc/ssl/SSL_session_reused.pod
===================================================================
--- trunk/crypto/openssl/doc/ssl/SSL_session_reused.pod 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/doc/ssl/SSL_session_reused.pod 2014-10-12 20:48:00 UTC (rev 6872)
@@ -27,11 +27,11 @@
=over 4
-=item 0
+=item Z<>0
A new session was negotiated.
-=item 1
+=item Z<>1
A session was reused.
Modified: trunk/crypto/openssl/doc/ssl/SSL_set_fd.pod
===================================================================
--- trunk/crypto/openssl/doc/ssl/SSL_set_fd.pod 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/doc/ssl/SSL_set_fd.pod 2014-10-12 20:48:00 UTC (rev 6872)
@@ -35,11 +35,11 @@
=over 4
-=item 0
+=item Z<>0
The operation failed. Check the error stack to find out why.
-=item 1
+=item Z<>1
The operation succeeded.
Modified: trunk/crypto/openssl/doc/ssl/SSL_set_session.pod
===================================================================
--- trunk/crypto/openssl/doc/ssl/SSL_set_session.pod 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/doc/ssl/SSL_set_session.pod 2014-10-12 20:48:00 UTC (rev 6872)
@@ -37,11 +37,11 @@
=over 4
-=item 0
+=item Z<>0
The operation failed; check the error stack to find out the reason.
-=item 1
+=item Z<>1
The operation succeeded.
Modified: trunk/crypto/openssl/doc/ssl/SSL_shutdown.pod
===================================================================
--- trunk/crypto/openssl/doc/ssl/SSL_shutdown.pod 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/doc/ssl/SSL_shutdown.pod 2014-10-12 20:48:00 UTC (rev 6872)
@@ -92,20 +92,20 @@
=over 4
-=item 1
+=item Z<>0
-The shutdown was successfully completed. The "close notify" alert was sent
-and the peer's "close notify" alert was received.
-
-=item 0
-
The shutdown is not yet finished. Call SSL_shutdown() for a second time,
if a bidirectional shutdown shall be performed.
The output of L<SSL_get_error(3)|SSL_get_error(3)> may be misleading, as an
erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred.
-=item -1
+=item Z<>1
+The shutdown was successfully completed. The "close notify" alert was sent
+and the peer's "close notify" alert was received.
+
+=item Z<>-1
+
The shutdown was not successful because a fatal error occurred either
at the protocol level or a connection failure occurred. It can also occur if
action is need to continue the operation for non-blocking BIOs.
Modified: trunk/crypto/openssl/doc/ssl/SSL_write.pod
===================================================================
--- trunk/crypto/openssl/doc/ssl/SSL_write.pod 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/doc/ssl/SSL_write.pod 2014-10-12 20:48:00 UTC (rev 6872)
@@ -79,7 +79,7 @@
The write operation was successful, the return value is the number of
bytes actually written to the TLS/SSL connection.
-=item 0
+=item Z<>0
The write operation was not successful. Probably the underlying connection
was closed. Call SSL_get_error() with the return value B<ret> to find out,
Modified: trunk/crypto/openssl/doc/ssl/d2i_SSL_SESSION.pod
===================================================================
--- trunk/crypto/openssl/doc/ssl/d2i_SSL_SESSION.pod 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/doc/ssl/d2i_SSL_SESSION.pod 2014-10-12 20:48:00 UTC (rev 6872)
@@ -48,6 +48,16 @@
amount of space should be obtained by first calling i2d_SSL_SESSION() with
B<pp=NULL>, and obtain the size needed, then allocate the memory and
call i2d_SSL_SESSION() again.
+Note that this will advance the value contained in B<*pp> so it is necessary
+to save a copy of the original allocation.
+For example:
+ int i,j;
+ char *p, *temp;
+ i = i2d_SSL_SESSION(sess, NULL);
+ p = temp = malloc(i);
+ j = i2d_SSL_SESSION(sess, &temp);
+ assert(i == j);
+ assert(p+i == temp);
=head1 RETURN VALUES
Modified: trunk/crypto/openssl/engines/vendor_defns/hwcryptohook.h
===================================================================
--- trunk/crypto/openssl/engines/vendor_defns/hwcryptohook.h 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/engines/vendor_defns/hwcryptohook.h 2014-10-12 20:48:00 UTC (rev 6872)
@@ -65,7 +65,7 @@
* please contact nCipher.
*
*
- * $Id: hwcryptohook.h,v 1.1.1.1 2008-11-03 18:21:03 laffer1 Exp $
+ * $Id: hwcryptohook.h,v 1.1 2002/10/11 17:10:59 levitte Exp $
*/
#ifndef HWCRYPTOHOOK_H
Index: trunk/crypto/openssl/fips/fipsalgtest.pl
===================================================================
--- trunk/crypto/openssl/fips/fipsalgtest.pl 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/fips/fipsalgtest.pl 2014-10-12 20:48:00 UTC (rev 6872)
Property changes on: trunk/crypto/openssl/fips/fipsalgtest.pl
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: trunk/crypto/openssl/fips/fipsld
===================================================================
--- trunk/crypto/openssl/fips/fipsld 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/fips/fipsld 2014-10-12 20:48:00 UTC (rev 6872)
Property changes on: trunk/crypto/openssl/fips/fipsld
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: trunk/crypto/openssl/fips/fipstests.sh
===================================================================
--- trunk/crypto/openssl/fips/fipstests.sh 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/fips/fipstests.sh 2014-10-12 20:48:00 UTC (rev 6872)
Property changes on: trunk/crypto/openssl/fips/fipstests.sh
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: trunk/crypto/openssl/fips/mkfipsscr.pl
===================================================================
--- trunk/crypto/openssl/fips/mkfipsscr.pl 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/fips/mkfipsscr.pl 2014-10-12 20:48:00 UTC (rev 6872)
Property changes on: trunk/crypto/openssl/fips/mkfipsscr.pl
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: trunk/crypto/openssl/fips/openssl_fips_fingerprint
===================================================================
--- trunk/crypto/openssl/fips/openssl_fips_fingerprint 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/fips/openssl_fips_fingerprint 2014-10-12 20:48:00 UTC (rev 6872)
Property changes on: trunk/crypto/openssl/fips/openssl_fips_fingerprint
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Modified: trunk/crypto/openssl/openssl.spec
===================================================================
--- trunk/crypto/openssl/openssl.spec 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/openssl.spec 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,8 +1,5 @@
%define _unpackaged_files_terminate_build 0
-%define libmaj 0
-%define libmin 9
-%define librel 8
-%define librev y
+
Release: 1
%define openssldir /var/ssl
@@ -9,10 +6,9 @@
Summary: Secure Sockets Layer and cryptography libraries and tools
Name: openssl
-#Version: %{libmaj}.%{libmin}.%{librel}
-Version: %{libmaj}.%{libmin}.%{librel}%{librev}
+Version: 0.9.8zb
Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
-Copyright: Freely distributable
+License: OpenSSL
Group: System Environment/Libraries
Provides: SSL
URL: http://www.openssl.org/
Modified: trunk/crypto/openssl/ssl/bio_ssl.c
===================================================================
--- trunk/crypto/openssl/ssl/bio_ssl.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/ssl/bio_ssl.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* ssl/bio_ssl.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/ssl/d1_both.c
===================================================================
--- trunk/crypto/openssl/ssl/d1_both.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/ssl/d1_both.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* ssl/d1_both.c */
/*
* DTLS implementation written by Nagendra Modadugu
@@ -314,9 +313,10 @@
s->init_off -= DTLS1_HM_HEADER_LENGTH;
s->init_num += DTLS1_HM_HEADER_LENGTH;
- /* write atleast DTLS1_HM_HEADER_LENGTH bytes */
- if ( len <= DTLS1_HM_HEADER_LENGTH)
- len += DTLS1_HM_HEADER_LENGTH;
+ if ( s->init_num > curr_mtu)
+ len = curr_mtu;
+ else
+ len = s->init_num;
}
dtls1_fix_message_header(s, frag_off,
@@ -683,8 +683,8 @@
if (item == NULL)
{
+ i = -1;
goto err;
- i = -1;
}
item = pqueue_insert(s->d1->buffered_messages, item);
@@ -1195,6 +1195,8 @@
OPENSSL_assert(s->init_off == 0);
frag = dtls1_hm_fragment_new(s->init_num, 0);
+ if (!frag)
+ return 0;
memcpy(frag->fragment, s->init_buf->data, s->init_num);
Modified: trunk/crypto/openssl/ssl/d1_clnt.c
===================================================================
--- trunk/crypto/openssl/ssl/d1_clnt.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/ssl/d1_clnt.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* ssl/d1_clnt.c */
/*
* DTLS implementation written by Nagendra Modadugu
Modified: trunk/crypto/openssl/ssl/d1_enc.c
===================================================================
--- trunk/crypto/openssl/ssl/d1_enc.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/ssl/d1_enc.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* ssl/d1_enc.c */
/*
* DTLS implementation written by Nagendra Modadugu
Modified: trunk/crypto/openssl/ssl/d1_lib.c
===================================================================
--- trunk/crypto/openssl/ssl/d1_lib.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/ssl/d1_lib.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* ssl/d1_lib.c */
/*
* DTLS implementation written by Nagendra Modadugu
@@ -192,9 +191,12 @@
while ( (item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL)
{
- frag = (hm_fragment *)item->data;
- OPENSSL_free(frag->fragment);
- OPENSSL_free(frag);
+ rdata = (DTLS1_RECORD_DATA *) item->data;
+ if (rdata->rbuf.buf)
+ {
+ OPENSSL_free(rdata->rbuf.buf);
+ }
+ OPENSSL_free(item->data);
pitem_free(item);
}
}
@@ -218,6 +220,7 @@
pq_64bit_free(&(s->d1->next_bitmap.max_seq_num));
OPENSSL_free(s->d1);
+ s->d1 = NULL;
}
void dtls1_clear(SSL *s)
Modified: trunk/crypto/openssl/ssl/d1_meth.c
===================================================================
--- trunk/crypto/openssl/ssl/d1_meth.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/ssl/d1_meth.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* ssl/d1_meth.h */
/*
* DTLS implementation written by Nagendra Modadugu
Modified: trunk/crypto/openssl/ssl/d1_pkt.c
===================================================================
--- trunk/crypto/openssl/ssl/d1_pkt.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/ssl/d1_pkt.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* ssl/d1_pkt.c */
/*
* DTLS implementation written by Nagendra Modadugu
@@ -363,7 +362,6 @@
/* decrypt in place in 'rr->input' */
rr->data=rr->input;
- orig_len=rr->length;
enc_err = s->method->ssl3_enc->enc(s,0);
/* enc_err is:
@@ -395,6 +393,9 @@
mac_size=EVP_MD_size(s->read_hash);
OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
+ /* kludge: *_cbc_remove_padding passes padding length in rr->type */
+ orig_len = rr->length+((unsigned int)rr->type>>8);
+
/* orig_len is the length of the record before any padding was
* removed. This is public information, as is the MAC in use,
* therefore we can safely process the record in a different
@@ -773,6 +774,12 @@
}
}
+ if (s->d1->listen && rr->type != SSL3_RT_HANDSHAKE)
+ {
+ rr->length = 0;
+ goto start;
+ }
+
/* we now have a packet which can be read and processed */
if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
@@ -939,6 +946,7 @@
!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
!s->s3->renegotiate)
{
+ s->d1->handshake_read_seq++;
ssl3_renegotiate(s);
if (ssl3_renegotiate_check(s))
{
Modified: trunk/crypto/openssl/ssl/d1_srvr.c
===================================================================
--- trunk/crypto/openssl/ssl/d1_srvr.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/ssl/d1_srvr.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* ssl/d1_srvr.c */
/*
* DTLS implementation written by Nagendra Modadugu
@@ -247,10 +246,11 @@
case SSL3_ST_SW_HELLO_REQ_B:
s->shutdown=0;
+ dtls1_clear_record_buffer(s);
dtls1_start_timer(s);
ret=dtls1_send_hello_request(s);
if (ret <= 0) goto end;
- s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C;
+ s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A;
s->state=SSL3_ST_SW_FLUSH;
s->init_num=0;
@@ -480,10 +480,11 @@
s->state = SSL3_ST_SR_CLNT_HELLO_C;
}
else {
- /* could be sent for a DH cert, even if we
- * have not asked for it :-) */
- ret=ssl3_get_client_certificate(s);
- if (ret <= 0) goto end;
+ if (s->s3->tmp.cert_request)
+ {
+ ret=ssl3_get_client_certificate(s);
+ if (ret <= 0) goto end;
+ }
s->init_num=0;
s->state=SSL3_ST_SR_KEY_EXCH_A;
}
Modified: trunk/crypto/openssl/ssl/kssl.c
===================================================================
--- trunk/crypto/openssl/ssl/kssl.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/ssl/kssl.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* ssl/kssl.c -*- mode: C; c-file-style: "eay" -*- */
/* Written by Vern Staats <staatsvr at asc.hpc.mil> for the OpenSSL project 2000.
*/
Modified: trunk/crypto/openssl/ssl/s23_clnt.c
===================================================================
--- trunk/crypto/openssl/ssl/s23_clnt.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/ssl/s23_clnt.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* ssl/s23_clnt.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
@@ -510,7 +509,7 @@
/* use special padding (SSL 3.0 draft/RFC 2246, App. E.2) */
s->s2->ssl2_rollback=1;
- /* setup the 5 bytes we have read so we get them from
+ /* setup the 7 bytes we have read so we get them from
* the sslv2 buffer */
s->rstate=SSL_ST_READ_HEADER;
s->packet_length=n;
@@ -526,28 +525,14 @@
s->handshake_func=s->method->ssl_connect;
#endif
}
- else if ((p[0] == SSL3_RT_HANDSHAKE) &&
- (p[1] == SSL3_VERSION_MAJOR) &&
- ((p[2] == SSL3_VERSION_MINOR) ||
- (p[2] == TLS1_VERSION_MINOR)) &&
- (p[5] == SSL3_MT_SERVER_HELLO))
+ else if (p[1] == SSL3_VERSION_MAJOR &&
+ ((p[2] == SSL3_VERSION_MINOR) ||
+ (p[2] == TLS1_VERSION_MINOR)) &&
+ ((p[0] == SSL3_RT_HANDSHAKE && p[5] == SSL3_MT_SERVER_HELLO) ||
+ (p[0] == SSL3_RT_ALERT && p[3] == 0 && p[4] == 2)))
{
- /* we have sslv3 or tls1 */
+ /* we have sslv3 or tls1 (server hello or alert) */
- if (!ssl_init_wbio_buffer(s,1)) goto err;
-
- /* we are in this state */
- s->state=SSL3_ST_CR_SRVR_HELLO_A;
-
- /* put the 5 bytes we have read into the input buffer
- * for SSLv3 */
- s->rstate=SSL_ST_READ_HEADER;
- s->packet_length=n;
- s->packet= &(s->s3->rbuf.buf[0]);
- memcpy(s->packet,buf,n);
- s->s3->rbuf.left=n;
- s->s3->rbuf.offset=0;
-
if ((p[2] == SSL3_VERSION_MINOR) &&
!(s->options & SSL_OP_NO_SSLv3))
{
@@ -573,35 +558,52 @@
SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
goto err;
}
+
+ if (p[0] == SSL3_RT_ALERT && p[5] != SSL3_AL_WARNING)
+ {
+ /* fatal alert */
+
+ void (*cb)(const SSL *ssl,int type,int val)=NULL;
+ int j;
+
+ if (s->info_callback != NULL)
+ cb=s->info_callback;
+ else if (s->ctx->info_callback != NULL)
+ cb=s->ctx->info_callback;
+
+ i=p[5];
+ if (cb != NULL)
+ {
+ j=(i<<8)|p[6];
+ cb(s,SSL_CB_READ_ALERT,j);
+ }
- s->handshake_func=s->method->ssl_connect;
- }
- else if ((p[0] == SSL3_RT_ALERT) &&
- (p[1] == SSL3_VERSION_MAJOR) &&
- ((p[2] == SSL3_VERSION_MINOR) ||
- (p[2] == TLS1_VERSION_MINOR)) &&
- (p[3] == 0) &&
- (p[4] == 2))
- {
- void (*cb)(const SSL *ssl,int type,int val)=NULL;
- int j;
+ if (s->msg_callback)
+ s->msg_callback(0, s->version, SSL3_RT_ALERT, p+5, 2, s, s->msg_callback_arg);
- /* An alert */
- if (s->info_callback != NULL)
- cb=s->info_callback;
- else if (s->ctx->info_callback != NULL)
- cb=s->ctx->info_callback;
-
- i=p[5];
- if (cb != NULL)
- {
- j=(i<<8)|p[6];
- cb(s,SSL_CB_READ_ALERT,j);
+ s->rwstate=SSL_NOTHING;
+ SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_AD_REASON_OFFSET+p[6]);
+ goto err;
}
- s->rwstate=SSL_NOTHING;
- SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_AD_REASON_OFFSET+p[6]);
- goto err;
+ if (!ssl_init_wbio_buffer(s,1)) goto err;
+
+ /* we are in this state */
+ s->state=SSL3_ST_CR_SRVR_HELLO_A;
+
+ /* put the 7 bytes we have read into the input buffer
+ * for SSLv3 */
+ s->rstate=SSL_ST_READ_HEADER;
+ s->packet_length=n;
+ if (s->s3->rbuf.buf == NULL)
+ if (!ssl3_setup_buffers(s))
+ goto err;
+ s->packet= &(s->s3->rbuf.buf[0]);
+ memcpy(s->packet,buf,n);
+ s->s3->rbuf.left=n;
+ s->s3->rbuf.offset=0;
+
+ s->handshake_func=s->method->ssl_connect;
}
else
{
Modified: trunk/crypto/openssl/ssl/s23_lib.c
===================================================================
--- trunk/crypto/openssl/ssl/s23_lib.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/ssl/s23_lib.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* ssl/s23_lib.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
@@ -113,6 +112,9 @@
long l;
/* We can write SSLv2 and SSLv3 ciphers */
+ /* but no ECC ciphers */
+ if (c->algorithms & (SSL_ECDH|SSL_aECDSA))
+ return 0;
if (p != NULL)
{
l=c->id;
Modified: trunk/crypto/openssl/ssl/s23_meth.c
===================================================================
--- trunk/crypto/openssl/ssl/s23_meth.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/ssl/s23_meth.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* ssl/s23_meth.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/ssl/s23_pkt.c
===================================================================
--- trunk/crypto/openssl/ssl/s23_pkt.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/ssl/s23_pkt.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* ssl/s23_pkt.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/ssl/s23_srvr.c
===================================================================
--- trunk/crypto/openssl/ssl/s23_srvr.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/ssl/s23_srvr.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* ssl/s23_srvr.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/ssl/s2_clnt.c
===================================================================
--- trunk/crypto/openssl/ssl/s2_clnt.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/ssl/s2_clnt.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* ssl/s2_clnt.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/ssl/s2_enc.c
===================================================================
--- trunk/crypto/openssl/ssl/s2_enc.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/ssl/s2_enc.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* ssl/s2_enc.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/ssl/s2_lib.c
===================================================================
--- trunk/crypto/openssl/ssl/s2_lib.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/ssl/s2_lib.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* ssl/s2_lib.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/ssl/s2_meth.c
===================================================================
--- trunk/crypto/openssl/ssl/s2_meth.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/ssl/s2_meth.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* ssl/s2_meth.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/ssl/s2_pkt.c
===================================================================
--- trunk/crypto/openssl/ssl/s2_pkt.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/ssl/s2_pkt.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* ssl/s2_pkt.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/ssl/s2_srvr.c
===================================================================
--- trunk/crypto/openssl/ssl/s2_srvr.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/ssl/s2_srvr.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* ssl/s2_srvr.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/ssl/s3_both.c
===================================================================
--- trunk/crypto/openssl/ssl/s3_both.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/ssl/s3_both.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* ssl/s3_both.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/ssl/s3_cbc.c
===================================================================
--- trunk/crypto/openssl/ssl/s3_cbc.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/ssl/s3_cbc.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* ssl/s3_cbc.c */
/* ====================================================================
* Copyright (c) 2012 The OpenSSL Project. All rights reserved.
@@ -77,6 +76,13 @@
#define DUPLICATE_MSB_TO_ALL(x) ( (unsigned)( (int)(x) >> (sizeof(int)*8-1) ) )
#define DUPLICATE_MSB_TO_ALL_8(x) ((unsigned char)(DUPLICATE_MSB_TO_ALL(x)))
+/* constant_time_lt returns 0xff if a<b and 0x00 otherwise. */
+static unsigned constant_time_lt(unsigned a, unsigned b)
+ {
+ a -= b;
+ return DUPLICATE_MSB_TO_ALL(a);
+ }
+
/* constant_time_ge returns 0xff if a>=b and 0x00 otherwise. */
static unsigned constant_time_ge(unsigned a, unsigned b)
{
@@ -85,7 +91,7 @@
}
/* constant_time_eq_8 returns 0xff if a==b and 0x00 otherwise. */
-static unsigned char constant_time_eq_8(unsigned char a, unsigned char b)
+static unsigned char constant_time_eq_8(unsigned a, unsigned b)
{
unsigned c = a ^ b;
c--;
@@ -140,14 +146,21 @@
unsigned mac_size)
{
unsigned padding_length, good, to_check, i;
- const char has_explicit_iv = s->version == DTLS1_VERSION;
- const unsigned overhead = 1 /* padding length byte */ +
- mac_size +
- (has_explicit_iv ? block_size : 0);
-
- /* These lengths are all public so we can test them in non-constant
- * time. */
- if (overhead > rec->length)
+ const unsigned overhead = 1 /* padding length byte */ + mac_size;
+ /* Check if version requires explicit IV */
+ if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER)
+ {
+ /* These lengths are all public so we can test them in
+ * non-constant time.
+ */
+ if (overhead + block_size > rec->length)
+ return 0;
+ /* We can now safely skip explicit IV */
+ rec->data += block_size;
+ rec->input += block_size;
+ rec->length -= block_size;
+ }
+ else if (overhead > rec->length)
return 0;
padding_length = rec->data[rec->length-1];
@@ -209,28 +222,9 @@
rec->length -= padding_length;
rec->type |= padding_length<<8; /* kludge: pass padding length */
- /* We can always safely skip the explicit IV. We check at the beginning
- * of this function that the record has at least enough space for the
- * IV, MAC and padding length byte. (These can be checked in
- * non-constant time because it's all public information.) So, if the
- * padding was invalid, then we didn't change |rec->length| and this is
- * safe. If the padding was valid then we know that we have at least
- * overhead+padding_length bytes of space and so this is still safe
- * because overhead accounts for the explicit IV. */
- if (has_explicit_iv)
- {
- rec->data += block_size;
- rec->input += block_size;
- rec->length -= block_size;
- }
-
return (int)((good & 1) | (~good & -1));
}
-#if defined(_M_AMD64) || defined(__x86_64__)
-#define CBC_MAC_ROTATE_IN_PLACE
-#endif
-
/* ssl3_cbc_copy_mac copies |md_size| bytes from the end of |rec| to |out| in
* constant time (independent of the concrete value of rec->length, which may
* vary within a 256-byte window).
@@ -244,15 +238,18 @@
*
* If CBC_MAC_ROTATE_IN_PLACE is defined then the rotation is performed with
* variable accesses in a 64-byte-aligned buffer. Assuming that this fits into
- * a single cache-line, then the variable memory accesses don't actually affect
- * the timing. This has been tested to be true on Intel amd64 chips.
+ * a single or pair of cache-lines, then the variable memory accesses don't
+ * actually affect the timing. CPUs with smaller cache-lines [if any] are
+ * not multi-core and are not considered vulnerable to cache-timing attacks.
*/
+#define CBC_MAC_ROTATE_IN_PLACE
+
void ssl3_cbc_copy_mac(unsigned char* out,
const SSL3_RECORD *rec,
unsigned md_size,unsigned orig_len)
{
#if defined(CBC_MAC_ROTATE_IN_PLACE)
- unsigned char rotated_mac_buf[EVP_MAX_MD_SIZE*2];
+ unsigned char rotated_mac_buf[64+EVP_MAX_MD_SIZE];
unsigned char *rotated_mac;
#else
unsigned char rotated_mac[EVP_MAX_MD_SIZE];
@@ -272,7 +269,7 @@
OPENSSL_assert(md_size <= EVP_MAX_MD_SIZE);
#if defined(CBC_MAC_ROTATE_IN_PLACE)
- rotated_mac = (unsigned char*) (((intptr_t)(rotated_mac_buf + 64)) & ~63);
+ rotated_mac = rotated_mac_buf + ((0-(size_t)rotated_mac_buf)&63);
#endif
/* This information is public so it's safe to branch based on it. */
@@ -290,16 +287,13 @@
rotate_offset = (div_spoiler + mac_start - scan_start) % md_size;
memset(rotated_mac, 0, md_size);
- for (i = scan_start; i < orig_len;)
+ for (i = scan_start, j = 0; i < orig_len; i++)
{
- for (j = 0; j < md_size && i < orig_len; i++, j++)
- {
- unsigned char mac_started = constant_time_ge(i, mac_start);
- unsigned char mac_ended = constant_time_ge(i, mac_end);
- unsigned char b = 0;
- b = rec->data[i];
- rotated_mac[j] |= b & mac_started & ~mac_ended;
- }
+ unsigned char mac_started = constant_time_ge(i, mac_start);
+ unsigned char mac_ended = constant_time_ge(i, mac_end);
+ unsigned char b = rec->data[i];
+ rotated_mac[j++] |= b & mac_started & ~mac_ended;
+ j &= constant_time_lt(j,md_size);
}
/* Now rotate the MAC */
@@ -307,20 +301,33 @@
j = 0;
for (i = 0; i < md_size; i++)
{
- unsigned char offset = (div_spoiler + rotate_offset + i) % md_size;
- out[j++] = rotated_mac[offset];
+ /* in case cache-line is 32 bytes, touch second line */
+ ((volatile unsigned char *)rotated_mac)[rotate_offset^32];
+ out[j++] = rotated_mac[rotate_offset++];
+ rotate_offset &= constant_time_lt(rotate_offset,md_size);
}
#else
memset(out, 0, md_size);
+ rotate_offset = md_size - rotate_offset;
+ rotate_offset &= constant_time_lt(rotate_offset,md_size);
for (i = 0; i < md_size; i++)
{
- unsigned char offset = (div_spoiler + md_size - rotate_offset + i) % md_size;
for (j = 0; j < md_size; j++)
- out[j] |= rotated_mac[i] & constant_time_eq_8(j, offset);
+ out[j] |= rotated_mac[i] & constant_time_eq_8(j, rotate_offset);
+ rotate_offset++;
+ rotate_offset &= constant_time_lt(rotate_offset,md_size);
}
#endif
}
+/* u32toLE serialises an unsigned, 32-bit number (n) as four bytes at (p) in
+ * little-endian order. The value of p is advanced by four. */
+#define u32toLE(n, p) \
+ (*((p)++)=(unsigned char)(n), \
+ *((p)++)=(unsigned char)(n>>8), \
+ *((p)++)=(unsigned char)(n>>16), \
+ *((p)++)=(unsigned char)(n>>24))
+
/* These functions serialize the state of a hash and thus perform the standard
* "final" operation without adding the padding and length that such a function
* typically does. */
@@ -327,10 +334,10 @@
static void tls1_md5_final_raw(void* ctx, unsigned char *md_out)
{
MD5_CTX *md5 = ctx;
- l2n(md5->A, md_out);
- l2n(md5->B, md_out);
- l2n(md5->C, md_out);
- l2n(md5->D, md_out);
+ u32toLE(md5->A, md_out);
+ u32toLE(md5->B, md_out);
+ u32toLE(md5->C, md_out);
+ u32toLE(md5->D, md_out);
}
static void tls1_sha1_final_raw(void* ctx, unsigned char *md_out)
@@ -450,6 +457,7 @@
/* mdLengthSize is the number of bytes in the length field that terminates
* the hash. */
unsigned md_length_size = 8;
+ char length_is_big_endian = 1;
/* This is a, hopefully redundant, check that allows us to forget about
* many possible overflows later in this function. */
@@ -463,6 +471,7 @@
md_transform = (void(*)(void *ctx, const unsigned char *block)) MD5_Transform;
md_size = 16;
sslv3_pad_length = 48;
+ length_is_big_endian = 0;
break;
case NID_sha1:
SHA1_Init((SHA_CTX*)md_state.c);
@@ -603,11 +612,22 @@
md_transform(md_state.c, hmac_pad);
}
- memset(length_bytes,0,md_length_size-4);
- length_bytes[md_length_size-4] = (unsigned char)(bits>>24);
- length_bytes[md_length_size-3] = (unsigned char)(bits>>16);
- length_bytes[md_length_size-2] = (unsigned char)(bits>>8);
- length_bytes[md_length_size-1] = (unsigned char)bits;
+ if (length_is_big_endian)
+ {
+ memset(length_bytes,0,md_length_size-4);
+ length_bytes[md_length_size-4] = (unsigned char)(bits>>24);
+ length_bytes[md_length_size-3] = (unsigned char)(bits>>16);
+ length_bytes[md_length_size-2] = (unsigned char)(bits>>8);
+ length_bytes[md_length_size-1] = (unsigned char)bits;
+ }
+ else
+ {
+ memset(length_bytes,0,md_length_size);
+ length_bytes[md_length_size-5] = (unsigned char)(bits>>24);
+ length_bytes[md_length_size-6] = (unsigned char)(bits>>16);
+ length_bytes[md_length_size-7] = (unsigned char)(bits>>8);
+ length_bytes[md_length_size-8] = (unsigned char)bits;
+ }
if (k > 0)
{
Modified: trunk/crypto/openssl/ssl/s3_clnt.c
===================================================================
--- trunk/crypto/openssl/ssl/s3_clnt.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/ssl/s3_clnt.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* ssl/s3_clnt.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
@@ -443,6 +442,7 @@
s->method->ssl3_enc->client_finished_label,
s->method->ssl3_enc->client_finished_label_len);
if (ret <= 0) goto end;
+ s->s3->flags |= SSL3_FLAGS_CCS_OK;
s->state=SSL3_ST_CW_FLUSH;
/* clear flags */
@@ -896,7 +896,9 @@
return(1);
f_err:
ssl3_send_alert(s,SSL3_AL_FATAL,al);
+#ifndef OPENSSL_NO_TLSEXT
err:
+#endif
return(-1);
}
Modified: trunk/crypto/openssl/ssl/s3_enc.c
===================================================================
--- trunk/crypto/openssl/ssl/s3_enc.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/ssl/s3_enc.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* ssl/s3_enc.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
@@ -759,6 +758,12 @@
case SSL_AD_INTERNAL_ERROR: return(SSL3_AD_HANDSHAKE_FAILURE);
case SSL_AD_USER_CANCELLED: return(SSL3_AD_HANDSHAKE_FAILURE);
case SSL_AD_NO_RENEGOTIATION: return(-1); /* Don't send it :-) */
+ case SSL_AD_UNSUPPORTED_EXTENSION: return(SSL3_AD_HANDSHAKE_FAILURE);
+ case SSL_AD_CERTIFICATE_UNOBTAINABLE: return(SSL3_AD_HANDSHAKE_FAILURE);
+ case SSL_AD_UNRECOGNIZED_NAME: return(SSL3_AD_HANDSHAKE_FAILURE);
+ case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: return(SSL3_AD_HANDSHAKE_FAILURE);
+ case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: return(SSL3_AD_HANDSHAKE_FAILURE);
+ case SSL_AD_UNKNOWN_PSK_IDENTITY:return(TLS1_AD_UNKNOWN_PSK_IDENTITY);
default: return(-1);
}
}
Modified: trunk/crypto/openssl/ssl/s3_lib.c
===================================================================
--- trunk/crypto/openssl/ssl/s3_lib.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/ssl/s3_lib.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* ssl/s3_lib.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
@@ -1735,6 +1734,11 @@
s->s3->tmp.ecdh = NULL;
}
#endif
+#ifndef OPENSSL_NO_TLSEXT
+#ifndef OPENSSL_NO_EC
+ s->s3->is_probably_safari = 0;
+#endif /* !OPENSSL_NO_EC */
+#endif /* !OPENSSL_NO_TLSEXT */
rp = s->s3->rbuf.buf;
wp = s->s3->wbuf.buf;
@@ -2399,6 +2403,13 @@
j=sk_SSL_CIPHER_find(allow,c);
if (j >= 0)
{
+#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_TLSEXT)
+ if ((alg & SSL_kECDHE) && (alg & SSL_aECDSA) && s->s3->is_probably_safari)
+ {
+ if (!ret) ret=sk_SSL_CIPHER_value(allow,j);
+ continue;
+ }
+#endif
ret=sk_SSL_CIPHER_value(allow,j);
break;
}
Modified: trunk/crypto/openssl/ssl/s3_meth.c
===================================================================
--- trunk/crypto/openssl/ssl/s3_meth.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/ssl/s3_meth.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* ssl/s3_meth.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/ssl/s3_pkt.c
===================================================================
--- trunk/crypto/openssl/ssl/s3_pkt.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/ssl/s3_pkt.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* ssl/s3_pkt.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
@@ -111,6 +110,7 @@
*/
#include <stdio.h>
+#include <limits.h>
#include <errno.h>
#define USE_SOCKETS
#include "ssl_locl.h"
@@ -352,7 +352,6 @@
/* decrypt in place in 'rr->input' */
rr->data=rr->input;
- orig_len=rr->length;
enc_err = s->method->ssl3_enc->enc(s,0);
/* enc_err is:
@@ -383,6 +382,9 @@
mac_size=EVP_MD_size(s->read_hash);
OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
+ /* kludge: *_cbc_remove_padding passes padding length in rr->type */
+ orig_len = rr->length+((unsigned int)rr->type>>8);
+
/* orig_len is the length of the record before any padding was
* removed. This is public information, as is the MAC in use,
* therefore we can safely process the record in a different
@@ -528,10 +530,11 @@
int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
{
const unsigned char *buf=buf_;
- unsigned int tot,n,nw;
- int i;
+ unsigned int n,nw;
+ int i,tot;
s->rwstate=SSL_NOTHING;
+ OPENSSL_assert(s->s3->wnum <= INT_MAX);
tot=s->s3->wnum;
s->s3->wnum=0;
@@ -546,6 +549,22 @@
}
}
+ /* ensure that if we end up with a smaller value of data to write
+ * out than the the original len from a write which didn't complete
+ * for non-blocking I/O and also somehow ended up avoiding
+ * the check for this in ssl3_write_pending/SSL_R_BAD_WRITE_RETRY as
+ * it must never be possible to end up with (len-tot) as a large
+ * number that will then promptly send beyond the end of the users
+ * buffer ... so we trap and report the error in a way the user
+ * will notice
+ */
+ if (len < tot)
+ {
+ SSLerr(SSL_F_SSL3_WRITE_BYTES,SSL_R_BAD_LENGTH);
+ return(-1);
+ }
+
+
n=(len-tot);
for (;;)
{
@@ -819,7 +838,7 @@
if (!ssl3_setup_buffers(s))
return(-1);
- if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE) && type) ||
+ if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE)) ||
(peek && (type != SSL3_RT_APPLICATION_DATA)))
{
SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR);
Modified: trunk/crypto/openssl/ssl/s3_srvr.c
===================================================================
--- trunk/crypto/openssl/ssl/s3_srvr.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/ssl/s3_srvr.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* ssl/s3_srvr.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
@@ -1134,6 +1133,7 @@
* s->tmp.new_cipher - the new cipher to use.
*/
+#ifndef OPENSSL_NO_TLSEXT
/* Handles TLS extensions that we couldn't check earlier */
if (s->version >= SSL3_VERSION)
{
@@ -1143,6 +1143,7 @@
goto err;
}
}
+#endif
if (ret < 0) ret=1;
if (0)
@@ -1763,6 +1764,11 @@
s->init_num=n+4;
s->init_off=0;
#ifdef NETSCAPE_HANG_BUG
+ if (!BUF_MEM_grow_clean(buf, s->init_num + 4))
+ {
+ SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,ERR_R_BUF_LIB);
+ goto err;
+ }
p=(unsigned char *)s->init_buf->data + s->init_num;
/* do the header */
@@ -2374,7 +2380,7 @@
SSL3_ST_SR_CERT_VRFY_A,
SSL3_ST_SR_CERT_VRFY_B,
-1,
- 514, /* 514? */
+ SSL3_RT_MAX_PLAIN_LENGTH,
&ok);
if (!ok) return((int)n);
Modified: trunk/crypto/openssl/ssl/ssl-lib.com
===================================================================
--- trunk/crypto/openssl/ssl/ssl-lib.com 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/ssl/ssl-lib.com 2014-10-12 20:48:00 UTC (rev 6872)
@@ -8,11 +8,11 @@
$! Changes by Richard Levitte <richard at levitte.org>
$!
$! This command file compiles and creates the "[.xxx.EXE.SSL]LIBSSL.OLB"
-$! library for OpenSSL. The "xxx" denotes the machine architecture of AXP
-$! or VAX.
+$! library for OpenSSL. The "xxx" denotes the machine architecture of
+$! ALPHA, IA64 or VAX.
$!
$! It is written to detect what type of machine you are compiling on
-$! (i.e. AXP or VAX) and which "C" compiler you have (i.e. VAXC, DECC
+$! (i.e. ALPHA or VAX) and which "C" compiler you have (i.e. VAXC, DECC
$! or GNU C) or you can specify which compiler to use.
$!
$! Specify the following as P1 to build just that part or ALL to just
@@ -48,27 +48,36 @@
$!
$ TCPIP_LIB = ""
$!
-$! Check Which Architecture We Are Using.
+$! Check What Architecture We Are Using.
$!
-$ IF (F$GETSYI("CPU").GE.128)
+$ IF (F$GETSYI("CPU").LT.128)
$ THEN
$!
-$! The Architecture Is AXP.
+$! The Architecture Is VAX.
$!
-$ ARCH := AXP
+$ ARCH := VAX
$!
$! Else...
$!
$ ELSE
$!
-$! The Architecture Is VAX.
+$! The Architecture Is Alpha, IA64 or whatever comes in the future.
$!
-$ ARCH := VAX
+$ ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE")
+$ IF (ARCH .EQS. "") THEN ARCH = "UNK"
$!
$! End The Architecture Check.
$!
$ ENDIF
$!
+$! Define The OBJ Directory.
+$!
+$ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.SSL]
+$!
+$! Define The EXE Directory.
+$!
+$ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.SSL]
+$!
$! Check To Make Sure We Have Valid Command Line Parameters.
$!
$ GOSUB CHECK_OPTIONS
@@ -81,10 +90,6 @@
$!
$ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine."
$!
-$! Define The OBJ Directory.
-$!
-$ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.SSL]
-$!
$! Check To See If The Architecture Specific OBJ Directory Exists.
$!
$ IF (F$PARSE(OBJ_DIR).EQS."")
@@ -98,10 +103,6 @@
$!
$ ENDIF
$!
-$! Define The EXE Directory.
-$!
-$ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.SSL]
-$!
$! Check To See If The Architecture Specific Directory Exists.
$!
$ IF (F$PARSE(EXE_DIR).EQS."")
@@ -179,7 +180,7 @@
"ssl_lib,ssl_err2,ssl_cert,ssl_sess,"+ -
"ssl_ciph,ssl_stat,ssl_rsa,"+ -
"ssl_asn1,ssl_txt,ssl_algs,"+ -
- "bio_ssl,ssl_err,kssl"
+ "bio_ssl,ssl_err,kssl,t1_reneg"
$!
$! Tell The User That We Are Compiling The Library.
$!
@@ -409,7 +410,7 @@
$ IF (F$SEARCH(OPT_FILE).EQS."")
$ THEN
$!
-$! Figure Out If We Need An AXP Or A VAX Linker Option File.
+$! Figure Out If We Need A non-VAX Or A VAX Linker Option File.
$!
$ IF (ARCH.EQS."VAX")
$ THEN
@@ -429,12 +430,12 @@
$!
$ ELSE
$!
-$! Create The AXP Linker Option File.
+$! Create The non-VAX Linker Option File.
$!
$ CREATE 'OPT_FILE'
$DECK
!
-! Default System Options File For AXP To Link Agianst
+! Default System Options File For non-VAX To Link Agianst
! The Sharable C Runtime Library.
!
SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE
@@ -441,7 +442,7 @@
SYS$SHARE:CMA$OPEN_RTL/SHARE
$EOD
$!
-$! End The VAX/AXP DEC C Option File Check.
+$! End The DEC C Option File Check.
$!
$ ENDIF
$!
@@ -547,8 +548,9 @@
$ WRITE SYS$OUTPUT ""
$ WRITE SYS$OUTPUT " Where 'xxx' Stands For:"
$ WRITE SYS$OUTPUT ""
-$ WRITE SYS$OUTPUT " AXP : Alpha Architecture."
-$ WRITE SYS$OUTPUT " VAX : VAX Architecture."
+$ WRITE SYS$OUTPUT " ALPHA : Alpha Architecture."
+$ WRITE SYS$OUTPUT " IA64 : IA64 Architecture."
+$ WRITE SYS$OUTPUT " VAX : VAX Architecture."
$ WRITE SYS$OUTPUT ""
$!
$! Time To EXIT.
@@ -674,7 +676,7 @@
$!
$! Check To See If We Have VAXC Or DECC.
$!
-$ IF (ARCH.EQS."AXP").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."")
+$ IF (ARCH.NES."VAX").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."")
$ THEN
$!
$! Looks Like DECC, Set To Use DECC.
@@ -784,7 +786,7 @@
$!
$! Define The Linker Options File Name.
$!
-$ OPT_FILE = "SYS$DISK:[]VAX_DECC_OPTIONS.OPT"
+$ OPT_FILE = "''EXE_DIR'VAX_DECC_OPTIONS.OPT"
$!
$! End DECC Check.
$!
@@ -806,9 +808,9 @@
$! Compile Using VAXC.
$!
$ CC = "CC"
-$ IF ARCH.EQS."AXP"
+$ IF ARCH.NES."VAX"
$ THEN
-$ WRITE SYS$OUTPUT "There is no VAX C on Alpha!"
+$ WRITE SYS$OUTPUT "There is no VAX C on ''ARCH'!"
$ EXIT
$ ENDIF
$ IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
@@ -822,7 +824,7 @@
$!
$! Define The Linker Options File Name.
$!
-$ OPT_FILE = "SYS$DISK:[]VAX_VAXC_OPTIONS.OPT"
+$ OPT_FILE = "''EXE_DIR'VAX_VAXC_OPTIONS.OPT"
$!
$! End VAXC Check
$!
@@ -849,7 +851,7 @@
$!
$! Define The Linker Options File Name.
$!
-$ OPT_FILE = "SYS$DISK:[]VAX_GNUC_OPTIONS.OPT"
+$ OPT_FILE = "''EXE_DIR'VAX_GNUC_OPTIONS.OPT"
$!
$! End The GNU C Check.
$!
Modified: trunk/crypto/openssl/ssl/ssl.h
===================================================================
--- trunk/crypto/openssl/ssl/ssl.h 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/ssl/ssl.h 2014-10-12 20:48:00 UTC (rev 6872)
@@ -490,11 +490,14 @@
#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L
#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L
#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L
-#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L /* no effect since 0.9.7h and 0.9.8b */
+#define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040L
#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L
#define SSL_OP_TLS_D5_BUG 0x00000100L
#define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L
+/* Hasn't done anything since OpenSSL 0.9.7h, retained for compatibility */
+#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x0
+
/* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added
* in OpenSSL 0.9.6d. Usually (depending on the application protocol)
* the workaround is not needed. Unfortunately some broken SSL/TLS
@@ -1204,6 +1207,8 @@
#define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE
#define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME
#define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE
+#define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE
+#define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */
#define SSL_ERROR_NONE 0
#define SSL_ERROR_SSL 1
@@ -2074,6 +2079,11 @@
#define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022
#define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048
#define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090
+#define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114
+#define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113
+#define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111
+#define SSL_R_TLSV1_UNRECOGNIZED_NAME 1112
+#define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110
#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232
#define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 227
#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
Modified: trunk/crypto/openssl/ssl/ssl3.h
===================================================================
--- trunk/crypto/openssl/ssl/ssl3.h 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/ssl/ssl3.h 2014-10-12 20:48:00 UTC (rev 6872)
@@ -333,6 +333,7 @@
#define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002
#define SSL3_FLAGS_POP_BUFFER 0x0004
#define TLS1_FLAGS_TLS_PADDING_BUG 0x0008
+#define SSL3_FLAGS_CCS_OK 0x0080
/* SSL3_FLAGS_SGC_RESTART_DONE is set when we
* restart a handshake because of MS SGC and so prevents us
@@ -344,7 +345,6 @@
* effected, but we can't prevent that.
*/
#define SSL3_FLAGS_SGC_RESTART_DONE 0x0040
-#define SSL3_FLAGS_CCS_OK 0x0080
typedef struct ssl3_state_st
{
@@ -461,6 +461,15 @@
unsigned char previous_server_finished[EVP_MAX_MD_SIZE];
unsigned char previous_server_finished_len;
int send_connection_binding; /* TODOEKR */
+
+#ifndef OPENSSL_NO_TLSEXT
+#ifndef OPENSSL_NO_EC
+ /* This is set to true if we believe that this is a version of Safari
+ * running on OS X 10.6 or newer. We wish to know this because Safari
+ * on 10.8 .. 10.8.3 has broken ECDHE-ECDSA support. */
+ char is_probably_safari;
+#endif /* !OPENSSL_NO_EC */
+#endif /* !OPENSSL_NO_TLSEXT */
} SSL3_STATE;
Modified: trunk/crypto/openssl/ssl/ssl_algs.c
===================================================================
--- trunk/crypto/openssl/ssl/ssl_algs.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/ssl/ssl_algs.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* ssl/ssl_algs.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/ssl/ssl_asn1.c
===================================================================
--- trunk/crypto/openssl/ssl/ssl_asn1.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/ssl/ssl_asn1.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* ssl/ssl_asn1.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/ssl/ssl_cert.c
===================================================================
--- trunk/crypto/openssl/ssl/ssl_cert.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/ssl/ssl_cert.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/*! \file ssl/ssl_cert.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/ssl/ssl_ciph.c
===================================================================
--- trunk/crypto/openssl/ssl/ssl_ciph.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/ssl/ssl_ciph.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* ssl/ssl_ciph.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
@@ -391,7 +390,7 @@
break;
}
- if ((i < 0) || (i > SSL_ENC_NUM_IDX))
+ if ((i < 0) || (i >= SSL_ENC_NUM_IDX))
*enc=NULL;
else
{
@@ -413,7 +412,7 @@
i= -1;
break;
}
- if ((i < 0) || (i > SSL_MD_NUM_IDX))
+ if ((i < 0) || (i >= SSL_MD_NUM_IDX))
*md=NULL;
else
*md=ssl_digest_methods[i];
Modified: trunk/crypto/openssl/ssl/ssl_err.c
===================================================================
--- trunk/crypto/openssl/ssl/ssl_err.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/ssl/ssl_err.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* ssl/ssl_err.c */
/* ====================================================================
* Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved.
@@ -476,6 +475,11 @@
{ERR_REASON(SSL_R_TLSV1_ALERT_RECORD_OVERFLOW),"tlsv1 alert record overflow"},
{ERR_REASON(SSL_R_TLSV1_ALERT_UNKNOWN_CA),"tlsv1 alert unknown ca"},
{ERR_REASON(SSL_R_TLSV1_ALERT_USER_CANCELLED),"tlsv1 alert user cancelled"},
+{ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE),"tlsv1 bad certificate hash value"},
+{ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE),"tlsv1 bad certificate status response"},
+{ERR_REASON(SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE),"tlsv1 certificate unobtainable"},
+{ERR_REASON(SSL_R_TLSV1_UNRECOGNIZED_NAME),"tlsv1 unrecognized name"},
+{ERR_REASON(SSL_R_TLSV1_UNSUPPORTED_EXTENSION),"tlsv1 unsupported extension"},
{ERR_REASON(SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER),"tls client cert req with anon cipher"},
{ERR_REASON(SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST),"tls invalid ecpointformat list"},
{ERR_REASON(SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST),"tls peer did not respond with certificate list"},
Modified: trunk/crypto/openssl/ssl/ssl_err2.c
===================================================================
--- trunk/crypto/openssl/ssl/ssl_err2.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/ssl/ssl_err2.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* ssl/ssl_err2.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/ssl/ssl_lib.c
===================================================================
--- trunk/crypto/openssl/ssl/ssl_lib.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/ssl/ssl_lib.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/*! \file ssl/ssl_lib.c
* \brief Version independent SSL functions.
*/
@@ -1259,6 +1258,10 @@
p=buf;
sk=s->session->ciphers;
+
+ if (sk_SSL_CIPHER_num(sk) == 0)
+ return NULL;
+
for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
{
int n;
@@ -1568,7 +1571,9 @@
CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data);
ret->extra_certs=NULL;
- ret->comp_methods=SSL_COMP_get_compression_methods();
+ /* No compression for DTLS */
+ if (meth->version != DTLS1_VERSION)
+ ret->comp_methods=SSL_COMP_get_compression_methods();
#ifndef OPENSSL_NO_TLSEXT
ret->tlsext_servername_callback = 0;
@@ -2429,9 +2434,7 @@
/* Fix this function so that it takes an optional type parameter */
X509 *SSL_get_certificate(const SSL *s)
{
- if (s->server)
- return(ssl_get_server_send_cert(s));
- else if (s->cert != NULL)
+ if (s->cert != NULL)
return(s->cert->key->x509);
else
return(NULL);
Modified: trunk/crypto/openssl/ssl/ssl_rsa.c
===================================================================
--- trunk/crypto/openssl/ssl/ssl_rsa.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/ssl/ssl_rsa.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* ssl/ssl_rsa.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/ssl/ssl_sess.c
===================================================================
--- trunk/crypto/openssl/ssl/ssl_sess.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/ssl/ssl_sess.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* ssl/ssl_sess.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/ssl/ssl_stat.c
===================================================================
--- trunk/crypto/openssl/ssl/ssl_stat.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/ssl/ssl_stat.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* ssl/ssl_stat.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
@@ -187,7 +186,6 @@
case SSL3_ST_SR_CERT_VRFY_B: str="SSLv3 read certificate verify B"; break;
#endif
-#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
/* SSLv2/v3 compatibility states */
/* client */
case SSL23_ST_CW_CLNT_HELLO_A: str="SSLv2/v3 write client hello A"; break;
@@ -197,7 +195,6 @@
/* server */
case SSL23_ST_SR_CLNT_HELLO_A: str="SSLv2/v3 read client hello A"; break;
case SSL23_ST_SR_CLNT_HELLO_B: str="SSLv2/v3 read client hello B"; break;
-#endif
/* DTLS */
case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: str="DTLS1 read hello verify request A"; break;
@@ -341,7 +338,6 @@
case SSL3_ST_SR_CERT_VRFY_B: str="3RCV_B"; break;
#endif
-#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
/* SSLv2/v3 compatibility states */
/* client */
case SSL23_ST_CW_CLNT_HELLO_A: str="23WCHA"; break;
@@ -351,7 +347,7 @@
/* server */
case SSL23_ST_SR_CLNT_HELLO_A: str="23RCHA"; break;
case SSL23_ST_SR_CLNT_HELLO_B: str="23RCHB"; break;
-#endif
+
/* DTLS */
case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: str="DRCHVA"; break;
case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: str="DRCHVB"; break;
@@ -415,6 +411,12 @@
case TLS1_AD_INTERNAL_ERROR: str="IE"; break;
case TLS1_AD_USER_CANCELLED: str="US"; break;
case TLS1_AD_NO_RENEGOTIATION: str="NR"; break;
+ case TLS1_AD_UNSUPPORTED_EXTENSION: str="UE"; break;
+ case TLS1_AD_CERTIFICATE_UNOBTAINABLE: str="CO"; break;
+ case TLS1_AD_UNRECOGNIZED_NAME: str="UN"; break;
+ case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE: str="BR"; break;
+ case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE: str="BH"; break;
+ case TLS1_AD_UNKNOWN_PSK_IDENTITY: str="UP"; break;
default: str="UK"; break;
}
return(str);
@@ -498,6 +500,24 @@
case TLS1_AD_NO_RENEGOTIATION:
str="no renegotiation";
break;
+ case TLS1_AD_UNSUPPORTED_EXTENSION:
+ str="unsupported extension";
+ break;
+ case TLS1_AD_CERTIFICATE_UNOBTAINABLE:
+ str="certificate unobtainable";
+ break;
+ case TLS1_AD_UNRECOGNIZED_NAME:
+ str="unrecognized name";
+ break;
+ case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
+ str="bad certificate status response";
+ break;
+ case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE:
+ str="bad certificate hash value";
+ break;
+ case TLS1_AD_UNKNOWN_PSK_IDENTITY:
+ str="unknown PSK identity";
+ break;
default: str="unknown"; break;
}
return(str);
Modified: trunk/crypto/openssl/ssl/ssl_task.c
===================================================================
--- trunk/crypto/openssl/ssl/ssl_task.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/ssl/ssl_task.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* ssl/ssl_task.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/ssl/ssl_txt.c
===================================================================
--- trunk/crypto/openssl/ssl/ssl_txt.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/ssl/ssl_txt.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* ssl/ssl_txt.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/ssl/ssltest.c
===================================================================
--- trunk/crypto/openssl/ssl/ssltest.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/ssl/ssltest.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* ssl/ssltest.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
@@ -736,7 +735,13 @@
meth=SSLv23_method();
#else
#ifdef OPENSSL_NO_SSL2
- meth=SSLv3_method();
+ if (tls1)
+ meth=TLSv1_method();
+ else
+ if (ssl3)
+ meth=SSLv3_method();
+ else
+ meth=SSLv23_method();
#else
meth=SSLv2_method();
#endif
Modified: trunk/crypto/openssl/ssl/t1_clnt.c
===================================================================
--- trunk/crypto/openssl/ssl/t1_clnt.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/ssl/t1_clnt.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* ssl/t1_clnt.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/ssl/t1_enc.c
===================================================================
--- trunk/crypto/openssl/ssl/t1_enc.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/ssl/t1_enc.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* ssl/t1_enc.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
@@ -775,14 +774,10 @@
HMAC_CTX_cleanup(&hmac);
#ifdef TLS_DEBUG
-printf("sec=");
-{unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",mac_sec[z]); printf("\n"); }
printf("seq=");
{int z; for (z=0; z<8; z++) printf("%02X ",seq[z]); printf("\n"); }
-printf("buf=");
-{int z; for (z=0; z<5; z++) printf("%02X ",buf[z]); printf("\n"); }
printf("rec=");
-{unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); }
+{unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",rec->data[z]); printf("\n"); }
#endif
if ( SSL_version(ssl) != DTLS1_VERSION && SSL_version(ssl) != DTLS1_BAD_VER)
@@ -854,6 +849,12 @@
case SSL_AD_INTERNAL_ERROR: return(TLS1_AD_INTERNAL_ERROR);
case SSL_AD_USER_CANCELLED: return(TLS1_AD_USER_CANCELLED);
case SSL_AD_NO_RENEGOTIATION: return(TLS1_AD_NO_RENEGOTIATION);
+ case SSL_AD_UNSUPPORTED_EXTENSION: return(TLS1_AD_UNSUPPORTED_EXTENSION);
+ case SSL_AD_CERTIFICATE_UNOBTAINABLE: return(TLS1_AD_CERTIFICATE_UNOBTAINABLE);
+ case SSL_AD_UNRECOGNIZED_NAME: return(TLS1_AD_UNRECOGNIZED_NAME);
+ case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: return(TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE);
+ case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: return(TLS1_AD_BAD_CERTIFICATE_HASH_VALUE);
+ case SSL_AD_UNKNOWN_PSK_IDENTITY:return(TLS1_AD_UNKNOWN_PSK_IDENTITY);
#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE: return
(DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
Modified: trunk/crypto/openssl/ssl/t1_lib.c
===================================================================
--- trunk/crypto/openssl/ssl/t1_lib.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/ssl/t1_lib.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* ssl/t1_lib.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
@@ -345,6 +344,89 @@
return ret;
}
+#ifndef OPENSSL_NO_EC
+/* ssl_check_for_safari attempts to fingerprint Safari using OS X
+ * SecureTransport using the TLS extension block in |d|, of length |n|.
+ * Safari, since 10.6, sends exactly these extensions, in this order:
+ * SNI,
+ * elliptic_curves
+ * ec_point_formats
+ *
+ * We wish to fingerprint Safari because they broke ECDHE-ECDSA support in 10.8,
+ * but they advertise support. So enabling ECDHE-ECDSA ciphers breaks them.
+ * Sadly we cannot differentiate 10.6, 10.7 and 10.8.4 (which work), from
+ * 10.8..10.8.3 (which don't work).
+ */
+static void ssl_check_for_safari(SSL *s, const unsigned char *data, const unsigned char *d, int n) {
+ unsigned short type, size;
+ static const unsigned char kSafariExtensionsBlock[] = {
+ 0x00, 0x0a, /* elliptic_curves extension */
+ 0x00, 0x08, /* 8 bytes */
+ 0x00, 0x06, /* 6 bytes of curve ids */
+ 0x00, 0x17, /* P-256 */
+ 0x00, 0x18, /* P-384 */
+ 0x00, 0x19, /* P-521 */
+
+ 0x00, 0x0b, /* ec_point_formats */
+ 0x00, 0x02, /* 2 bytes */
+ 0x01, /* 1 point format */
+ 0x00, /* uncompressed */
+ };
+
+ /* The following is only present in TLS 1.2 */
+ static const unsigned char kSafariTLS12ExtensionsBlock[] = {
+ 0x00, 0x0d, /* signature_algorithms */
+ 0x00, 0x0c, /* 12 bytes */
+ 0x00, 0x0a, /* 10 bytes */
+ 0x05, 0x01, /* SHA-384/RSA */
+ 0x04, 0x01, /* SHA-256/RSA */
+ 0x02, 0x01, /* SHA-1/RSA */
+ 0x04, 0x03, /* SHA-256/ECDSA */
+ 0x02, 0x03, /* SHA-1/ECDSA */
+ };
+
+ if (data >= (d+n-2))
+ return;
+ data += 2;
+
+ if (data > (d+n-4))
+ return;
+ n2s(data,type);
+ n2s(data,size);
+
+ if (type != TLSEXT_TYPE_server_name)
+ return;
+
+ if (data+size > d+n)
+ return;
+ data += size;
+
+ if (TLS1_get_client_version(s) >= TLS1_2_VERSION)
+ {
+ const size_t len1 = sizeof(kSafariExtensionsBlock);
+ const size_t len2 = sizeof(kSafariTLS12ExtensionsBlock);
+
+ if (data + len1 + len2 != d+n)
+ return;
+ if (memcmp(data, kSafariExtensionsBlock, len1) != 0)
+ return;
+ if (memcmp(data + len1, kSafariTLS12ExtensionsBlock, len2) != 0)
+ return;
+ }
+ else
+ {
+ const size_t len = sizeof(kSafariExtensionsBlock);
+
+ if (data + len != d+n)
+ return;
+ if (memcmp(data, kSafariExtensionsBlock, len) != 0)
+ return;
+ }
+
+ s->s3->is_probably_safari = 1;
+}
+#endif /* !OPENSSL_NO_EC */
+
int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al)
{
unsigned short type;
@@ -356,6 +438,11 @@
s->servername_done = 0;
s->tlsext_status_type = -1;
+#ifndef OPENSSL_NO_EC
+ if (s->options & SSL_OP_SAFARI_ECDHE_ECDSA_BUG)
+ ssl_check_for_safari(s, data, d, n);
+#endif /* !OPENSSL_NO_EC */
+
if (data >= (d+n-2))
goto ri_check;
@@ -1027,7 +1114,11 @@
}
EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen);
if (EVP_DecryptFinal(&ctx, sdec + slen, &mlen) <= 0)
+ {
+ EVP_CIPHER_CTX_cleanup(&ctx);
+ OPENSSL_free(sdec);
goto tickerr;
+ }
slen += mlen;
EVP_CIPHER_CTX_cleanup(&ctx);
p = sdec;
Modified: trunk/crypto/openssl/ssl/t1_meth.c
===================================================================
--- trunk/crypto/openssl/ssl/t1_meth.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/ssl/t1_meth.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* ssl/t1_meth.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/ssl/t1_reneg.c
===================================================================
--- trunk/crypto/openssl/ssl/t1_reneg.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/ssl/t1_reneg.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* ssl/t1_reneg.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/ssl/t1_srvr.c
===================================================================
--- trunk/crypto/openssl/ssl/t1_srvr.c 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/ssl/t1_srvr.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -1,4 +1,3 @@
-/* $MidnightBSD$ */
/* ssl/t1_srvr.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
Modified: trunk/crypto/openssl/ssl/tls1.h
===================================================================
--- trunk/crypto/openssl/ssl/tls1.h 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/ssl/tls1.h 2014-10-12 20:48:00 UTC (rev 6872)
@@ -80,10 +80,24 @@
#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0
+#define TLS1_2_VERSION 0x0303
+#define TLS1_2_VERSION_MAJOR 0x03
+#define TLS1_2_VERSION_MINOR 0x03
+
+#define TLS1_1_VERSION 0x0302
+#define TLS1_1_VERSION_MAJOR 0x03
+#define TLS1_1_VERSION_MINOR 0x02
+
#define TLS1_VERSION 0x0301
#define TLS1_VERSION_MAJOR 0x03
#define TLS1_VERSION_MINOR 0x01
+#define TLS1_get_version(s) \
+ ((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0)
+
+#define TLS1_get_client_version(s) \
+ ((s->client_version >> 8) == TLS1_VERSION_MAJOR ? s->client_version : 0)
+
#define TLS1_AD_DECRYPTION_FAILED 21
#define TLS1_AD_RECORD_OVERFLOW 22
#define TLS1_AD_UNKNOWN_CA 48 /* fatal */
Modified: trunk/crypto/openssl/test/Makefile
===================================================================
--- trunk/crypto/openssl/test/Makefile 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/test/Makefile 2014-10-12 20:48:00 UTC (rev 6872)
@@ -254,7 +254,7 @@
@../util/shlib_wrap.sh ./$(BNTEST) >tmp.bntest
@echo quit >>tmp.bntest
@echo "running bc"
- @<tmp.bntest sh -c "`sh ./bctest ignore`" | $(PERL) -e '$$i=0; while (<STDIN>) {if (/^test (.*)/) {print STDERR "\nverify $$1";} elsif (!/^0$$/) {die "\nFailed! bc: $$_";} else {print STDERR "."; $$i++;}} print STDERR "\n$$i tests passed\n"'
+ @<tmp.bntest sh -c "`sh ./bctest ignore`" | $(PERL) -e '$$i=0; while (<STDIN>) {if (/^test (.*)/) {print STDERR "\nverify $$1";} elsif (!/^0\r?$$/) {die "\nFailed! bc: $$_";} else {print STDERR "."; $$i++;}} print STDERR "\n$$i tests passed\n"'
@echo 'test a^b%c implementations'
../util/shlib_wrap.sh ./$(EXPTEST)
Index: trunk/crypto/openssl/test/bctest
===================================================================
--- trunk/crypto/openssl/test/bctest 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/test/bctest 2014-10-12 20:48:00 UTC (rev 6872)
Property changes on: trunk/crypto/openssl/test/bctest
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Added: trunk/crypto/openssl/test/bftest.c
===================================================================
--- trunk/crypto/openssl/test/bftest.c (rev 0)
+++ trunk/crypto/openssl/test/bftest.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -0,0 +1 @@
+link ../crypto/bf/bftest.c
\ No newline at end of file
Property changes on: trunk/crypto/openssl/test/bftest.c
___________________________________________________________________
Added: svn:special
## -0,0 +1 ##
+*
\ No newline at end of property
Added: trunk/crypto/openssl/test/bntest.c
===================================================================
--- trunk/crypto/openssl/test/bntest.c (rev 0)
+++ trunk/crypto/openssl/test/bntest.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -0,0 +1 @@
+link ../crypto/bn/bntest.c
\ No newline at end of file
Property changes on: trunk/crypto/openssl/test/bntest.c
___________________________________________________________________
Added: svn:special
## -0,0 +1 ##
+*
\ No newline at end of property
Added: trunk/crypto/openssl/test/casttest.c
===================================================================
--- trunk/crypto/openssl/test/casttest.c (rev 0)
+++ trunk/crypto/openssl/test/casttest.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -0,0 +1 @@
+link ../crypto/cast/casttest.c
\ No newline at end of file
Property changes on: trunk/crypto/openssl/test/casttest.c
___________________________________________________________________
Added: svn:special
## -0,0 +1 ##
+*
\ No newline at end of property
Modified: trunk/crypto/openssl/test/cms-test.pl
===================================================================
--- trunk/crypto/openssl/test/cms-test.pl 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/test/cms-test.pl 2014-10-12 20:48:00 UTC (rev 6872)
@@ -411,8 +411,10 @@
}
sub cmp_files {
+ use FileHandle;
my ( $f1, $f2 ) = @_;
- my ( $fp1, $fp2 );
+ my $fp1 = FileHandle->new();
+ my $fp2 = FileHandle->new();
my ( $rd1, $rd2 );
Added: trunk/crypto/openssl/test/destest.c
===================================================================
--- trunk/crypto/openssl/test/destest.c (rev 0)
+++ trunk/crypto/openssl/test/destest.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -0,0 +1 @@
+link ../crypto/des/destest.c
\ No newline at end of file
Property changes on: trunk/crypto/openssl/test/destest.c
___________________________________________________________________
Added: svn:special
## -0,0 +1 ##
+*
\ No newline at end of property
Added: trunk/crypto/openssl/test/dhtest.c
===================================================================
--- trunk/crypto/openssl/test/dhtest.c (rev 0)
+++ trunk/crypto/openssl/test/dhtest.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -0,0 +1 @@
+link ../crypto/dh/dhtest.c
\ No newline at end of file
Property changes on: trunk/crypto/openssl/test/dhtest.c
___________________________________________________________________
Added: svn:special
## -0,0 +1 ##
+*
\ No newline at end of property
Added: trunk/crypto/openssl/test/dsatest.c
===================================================================
--- trunk/crypto/openssl/test/dsatest.c (rev 0)
+++ trunk/crypto/openssl/test/dsatest.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -0,0 +1 @@
+link ../crypto/dsa/dsatest.c
\ No newline at end of file
Property changes on: trunk/crypto/openssl/test/dsatest.c
___________________________________________________________________
Added: svn:special
## -0,0 +1 ##
+*
\ No newline at end of property
Added: trunk/crypto/openssl/test/ecdhtest.c
===================================================================
--- trunk/crypto/openssl/test/ecdhtest.c (rev 0)
+++ trunk/crypto/openssl/test/ecdhtest.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -0,0 +1 @@
+link ../crypto/ecdh/ecdhtest.c
\ No newline at end of file
Property changes on: trunk/crypto/openssl/test/ecdhtest.c
___________________________________________________________________
Added: svn:special
## -0,0 +1 ##
+*
\ No newline at end of property
Added: trunk/crypto/openssl/test/ecdsatest.c
===================================================================
--- trunk/crypto/openssl/test/ecdsatest.c (rev 0)
+++ trunk/crypto/openssl/test/ecdsatest.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -0,0 +1 @@
+link ../crypto/ecdsa/ecdsatest.c
\ No newline at end of file
Property changes on: trunk/crypto/openssl/test/ecdsatest.c
___________________________________________________________________
Added: svn:special
## -0,0 +1 ##
+*
\ No newline at end of property
Added: trunk/crypto/openssl/test/ectest.c
===================================================================
--- trunk/crypto/openssl/test/ectest.c (rev 0)
+++ trunk/crypto/openssl/test/ectest.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -0,0 +1 @@
+link ../crypto/ec/ectest.c
\ No newline at end of file
Property changes on: trunk/crypto/openssl/test/ectest.c
___________________________________________________________________
Added: svn:special
## -0,0 +1 ##
+*
\ No newline at end of property
Added: trunk/crypto/openssl/test/enginetest.c
===================================================================
--- trunk/crypto/openssl/test/enginetest.c (rev 0)
+++ trunk/crypto/openssl/test/enginetest.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -0,0 +1 @@
+link ../crypto/engine/enginetest.c
\ No newline at end of file
Property changes on: trunk/crypto/openssl/test/enginetest.c
___________________________________________________________________
Added: svn:special
## -0,0 +1 ##
+*
\ No newline at end of property
Added: trunk/crypto/openssl/test/evp_test.c
===================================================================
--- trunk/crypto/openssl/test/evp_test.c (rev 0)
+++ trunk/crypto/openssl/test/evp_test.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -0,0 +1 @@
+link ../crypto/evp/evp_test.c
\ No newline at end of file
Property changes on: trunk/crypto/openssl/test/evp_test.c
___________________________________________________________________
Added: svn:special
## -0,0 +1 ##
+*
\ No newline at end of property
Added: trunk/crypto/openssl/test/exptest.c
===================================================================
--- trunk/crypto/openssl/test/exptest.c (rev 0)
+++ trunk/crypto/openssl/test/exptest.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -0,0 +1 @@
+link ../crypto/bn/exptest.c
\ No newline at end of file
Property changes on: trunk/crypto/openssl/test/exptest.c
___________________________________________________________________
Added: svn:special
## -0,0 +1 ##
+*
\ No newline at end of property
Added: trunk/crypto/openssl/test/fips_aesavs.c
===================================================================
--- trunk/crypto/openssl/test/fips_aesavs.c (rev 0)
+++ trunk/crypto/openssl/test/fips_aesavs.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -0,0 +1 @@
+link ../fips/aes/fips_aesavs.c
\ No newline at end of file
Property changes on: trunk/crypto/openssl/test/fips_aesavs.c
___________________________________________________________________
Added: svn:special
## -0,0 +1 ##
+*
\ No newline at end of property
Added: trunk/crypto/openssl/test/fips_desmovs.c
===================================================================
--- trunk/crypto/openssl/test/fips_desmovs.c (rev 0)
+++ trunk/crypto/openssl/test/fips_desmovs.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -0,0 +1 @@
+link ../fips/des/fips_desmovs.c
\ No newline at end of file
Property changes on: trunk/crypto/openssl/test/fips_desmovs.c
___________________________________________________________________
Added: svn:special
## -0,0 +1 ##
+*
\ No newline at end of property
Added: trunk/crypto/openssl/test/fips_dsatest.c
===================================================================
--- trunk/crypto/openssl/test/fips_dsatest.c (rev 0)
+++ trunk/crypto/openssl/test/fips_dsatest.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -0,0 +1 @@
+link ../fips/dsa/fips_dsatest.c
\ No newline at end of file
Property changes on: trunk/crypto/openssl/test/fips_dsatest.c
___________________________________________________________________
Added: svn:special
## -0,0 +1 ##
+*
\ No newline at end of property
Added: trunk/crypto/openssl/test/fips_dssvs.c
===================================================================
--- trunk/crypto/openssl/test/fips_dssvs.c (rev 0)
+++ trunk/crypto/openssl/test/fips_dssvs.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -0,0 +1 @@
+link ../fips/dsa/fips_dssvs.c
\ No newline at end of file
Property changes on: trunk/crypto/openssl/test/fips_dssvs.c
___________________________________________________________________
Added: svn:special
## -0,0 +1 ##
+*
\ No newline at end of property
Added: trunk/crypto/openssl/test/fips_hmactest.c
===================================================================
--- trunk/crypto/openssl/test/fips_hmactest.c (rev 0)
+++ trunk/crypto/openssl/test/fips_hmactest.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -0,0 +1 @@
+link ../fips/hmac/fips_hmactest.c
\ No newline at end of file
Property changes on: trunk/crypto/openssl/test/fips_hmactest.c
___________________________________________________________________
Added: svn:special
## -0,0 +1 ##
+*
\ No newline at end of property
Added: trunk/crypto/openssl/test/fips_randtest.c
===================================================================
--- trunk/crypto/openssl/test/fips_randtest.c (rev 0)
+++ trunk/crypto/openssl/test/fips_randtest.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -0,0 +1 @@
+link ../fips/rand/fips_randtest.c
\ No newline at end of file
Property changes on: trunk/crypto/openssl/test/fips_randtest.c
___________________________________________________________________
Added: svn:special
## -0,0 +1 ##
+*
\ No newline at end of property
Added: trunk/crypto/openssl/test/fips_rngvs.c
===================================================================
--- trunk/crypto/openssl/test/fips_rngvs.c (rev 0)
+++ trunk/crypto/openssl/test/fips_rngvs.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -0,0 +1 @@
+link ../fips/rand/fips_rngvs.c
\ No newline at end of file
Property changes on: trunk/crypto/openssl/test/fips_rngvs.c
___________________________________________________________________
Added: svn:special
## -0,0 +1 ##
+*
\ No newline at end of property
Added: trunk/crypto/openssl/test/fips_rsagtest.c
===================================================================
--- trunk/crypto/openssl/test/fips_rsagtest.c (rev 0)
+++ trunk/crypto/openssl/test/fips_rsagtest.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -0,0 +1 @@
+link ../fips/rsa/fips_rsagtest.c
\ No newline at end of file
Property changes on: trunk/crypto/openssl/test/fips_rsagtest.c
___________________________________________________________________
Added: svn:special
## -0,0 +1 ##
+*
\ No newline at end of property
Added: trunk/crypto/openssl/test/fips_rsastest.c
===================================================================
--- trunk/crypto/openssl/test/fips_rsastest.c (rev 0)
+++ trunk/crypto/openssl/test/fips_rsastest.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -0,0 +1 @@
+link ../fips/rsa/fips_rsastest.c
\ No newline at end of file
Property changes on: trunk/crypto/openssl/test/fips_rsastest.c
___________________________________________________________________
Added: svn:special
## -0,0 +1 ##
+*
\ No newline at end of property
Added: trunk/crypto/openssl/test/fips_rsavtest.c
===================================================================
--- trunk/crypto/openssl/test/fips_rsavtest.c (rev 0)
+++ trunk/crypto/openssl/test/fips_rsavtest.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -0,0 +1 @@
+link ../fips/rsa/fips_rsavtest.c
\ No newline at end of file
Property changes on: trunk/crypto/openssl/test/fips_rsavtest.c
___________________________________________________________________
Added: svn:special
## -0,0 +1 ##
+*
\ No newline at end of property
Added: trunk/crypto/openssl/test/fips_shatest.c
===================================================================
--- trunk/crypto/openssl/test/fips_shatest.c (rev 0)
+++ trunk/crypto/openssl/test/fips_shatest.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -0,0 +1 @@
+link ../fips/sha/fips_shatest.c
\ No newline at end of file
Property changes on: trunk/crypto/openssl/test/fips_shatest.c
___________________________________________________________________
Added: svn:special
## -0,0 +1 ##
+*
\ No newline at end of property
Added: trunk/crypto/openssl/test/fips_test_suite.c
===================================================================
--- trunk/crypto/openssl/test/fips_test_suite.c (rev 0)
+++ trunk/crypto/openssl/test/fips_test_suite.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -0,0 +1 @@
+link ../fips/fips_test_suite.c
\ No newline at end of file
Property changes on: trunk/crypto/openssl/test/fips_test_suite.c
___________________________________________________________________
Added: svn:special
## -0,0 +1 ##
+*
\ No newline at end of property
Added: trunk/crypto/openssl/test/hmactest.c
===================================================================
--- trunk/crypto/openssl/test/hmactest.c (rev 0)
+++ trunk/crypto/openssl/test/hmactest.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -0,0 +1 @@
+link ../crypto/hmac/hmactest.c
\ No newline at end of file
Property changes on: trunk/crypto/openssl/test/hmactest.c
___________________________________________________________________
Added: svn:special
## -0,0 +1 ##
+*
\ No newline at end of property
Added: trunk/crypto/openssl/test/ideatest.c
===================================================================
--- trunk/crypto/openssl/test/ideatest.c (rev 0)
+++ trunk/crypto/openssl/test/ideatest.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -0,0 +1 @@
+link ../crypto/idea/ideatest.c
\ No newline at end of file
Property changes on: trunk/crypto/openssl/test/ideatest.c
___________________________________________________________________
Added: svn:special
## -0,0 +1 ##
+*
\ No newline at end of property
Added: trunk/crypto/openssl/test/jpaketest.c
===================================================================
--- trunk/crypto/openssl/test/jpaketest.c (rev 0)
+++ trunk/crypto/openssl/test/jpaketest.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -0,0 +1 @@
+link dummytest.c
\ No newline at end of file
Property changes on: trunk/crypto/openssl/test/jpaketest.c
___________________________________________________________________
Added: svn:special
## -0,0 +1 ##
+*
\ No newline at end of property
Added: trunk/crypto/openssl/test/maketests.com
===================================================================
--- trunk/crypto/openssl/test/maketests.com (rev 0)
+++ trunk/crypto/openssl/test/maketests.com 2014-10-12 20:48:00 UTC (rev 6872)
@@ -0,0 +1,925 @@
+$!
+$! MAKETESTS.COM
+$! Written By: Robert Byer
+$! Vice-President
+$! A-Com Computing, Inc.
+$! byer at mail.all-net.net
+$!
+$! Changes by Richard Levitte <richard at levitte.org>
+$!
+$! This command files compiles and creates all the various different
+$! "test" programs for the different types of encryption for OpenSSL.
+$! It was written so it would try to determine what "C" compiler to
+$! use or you can specify which "C" compiler to use.
+$!
+$! The test "executables" will be placed in a directory called
+$! [.xxx.EXE.TEST] where "xxx" denotes ALPHA, IA64, or VAX, depending
+$! on your machine architecture.
+$!
+$! Specify DEBUG or NODEBUG P1 to compile with or without debugger
+$! information.
+$!
+$! Specify which compiler at P2 to try to compile under.
+$!
+$! VAXC For VAX C.
+$! DECC For DEC C.
+$! GNUC For GNU C.
+$!
+$! If you don't speficy a compiler, it will try to determine which
+$! "C" compiler to use.
+$!
+$! P3, if defined, sets a TCP/IP library to use, through one of the following
+$! keywords:
+$!
+$! UCX for UCX
+$! SOCKETSHR for SOCKETSHR+NETLIB
+$!
+$! P4, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up)
+$!
+$!
+$! Define A TCP/IP Library That We Will Need To Link To.
+$! (That is, If Wee Need To Link To One.)
+$!
+$ TCPIP_LIB = ""
+$!
+$! Check Which Architecture We Are Using.
+$!
+$ if (f$getsyi( "HW_MODEL") .lt. 1024)
+$ then
+$ arch = "VAX"
+$ else
+$ arch = ""
+$ arch = arch+ f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$ if (arch .eqs. "") then arch = "UNK"
+$ endif
+$!
+$! Define The OBJ and EXE Directories (EXE before CHECK_OPTIONS).
+$!
+$ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.TEST]
+$ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.TEST]
+$!
+$! Check To Make Sure We Have Valid Command Line Parameters.
+$!
+$ GOSUB CHECK_OPTIONS
+$!
+$! Initialise logical names and such
+$!
+$ GOSUB INITIALISE
+$!
+$! Tell The User What Kind of Machine We Run On.
+$!
+$ WRITE SYS$OUTPUT "Compiling On ''ARCH'."
+$!
+$! Define The CRYPTO-LIB We Are To Use.
+$!
+$ CRYPTO_LIB := SYS$DISK:[-.'ARCH'.EXE.CRYPTO]LIBCRYPTO.OLB
+$!
+$! Define The SSL We Are To Use.
+$!
+$ SSL_LIB := SYS$DISK:[-.'ARCH'.EXE.SSL]LIBSSL.OLB
+$!
+$! Create the OBJ and EXE Directories, if needed.
+$!
+$ IF (F$PARSE(OBJ_DIR).EQS."") THEN -
+ CREATE /DIRECTORY 'OBJ_DIR'
+$ IF (F$PARSE(EXE_DIR).EQS."") THEN -
+ CREATE /DIRECTORY 'EXE_DIR'
+$!
+$! Check To See If We Have The Proper Libraries.
+$!
+$ GOSUB LIB_CHECK
+$!
+$! Check To See If We Have A Linker Option File.
+$!
+$ GOSUB CHECK_OPT_FILE
+$!
+$! Define The TEST Files.
+$! NOTE: Some might think this list ugly. However, it's made this way to
+$! reflect the EXE variable in Makefile as closely as possible,
+$! thereby making it fairly easy to verify that the lists are the same.
+$!
+$ TEST_FILES = "BNTEST,ECTEST,ECDSATEST,ECDHTEST,IDEATEST,"+ -
+ "MD2TEST,MD4TEST,MD5TEST,HMACTEST,"+ -
+ "RC2TEST,RC4TEST,RC5TEST,"+ -
+ "DESTEST,SHATEST,SHA1TEST,SHA256T,SHA512T,"+ -
+ "MDC2TEST,RMDTEST,"+ -
+ "RANDTEST,DHTEST,ENGINETEST,"+ -
+ "BFTEST,CASTTEST,SSLTEST,EXPTEST,DSATEST,RSA_TEST,"+ -
+ "EVP_TEST,JPAKETEST,IGETEST"
+$! Should we add MTTEST,PQ_TEST,LH_TEST,DIVTEST,TABTEST as well?
+$
+$! Additional directory information.
+$ T_D_BNTEST := [-.crypto.bn]
+$ T_D_ECTEST := [-.crypto.ec]
+$ T_D_ECDSATEST := [-.crypto.ecdsa]
+$ T_D_ECDHTEST := [-.crypto.ecdh]
+$ T_D_IDEATEST := [-.crypto.idea]
+$ T_D_MD2TEST := [-.crypto.md2]
+$ T_D_MD4TEST := [-.crypto.md4]
+$ T_D_MD5TEST := [-.crypto.md5]
+$ T_D_HMACTEST := [-.crypto.hmac]
+$ T_D_RC2TEST := [-.crypto.rc2]
+$ T_D_RC4TEST := [-.crypto.rc4]
+$ T_D_RC5TEST := [-.crypto.rc5]
+$ T_D_DESTEST := [-.crypto.des]
+$ T_D_SHATEST := [-.crypto.sha]
+$ T_D_SHA1TEST := [-.crypto.sha]
+$ T_D_SHA256T := [-.crypto.sha]
+$ T_D_SHA512T := [-.crypto.sha]
+$ T_D_MDC2TEST := [-.crypto.mdc2]
+$ T_D_RMDTEST := [-.crypto.ripemd]
+$ T_D_RANDTEST := [-.crypto.rand]
+$ T_D_DHTEST := [-.crypto.dh]
+$ T_D_ENGINETEST := [-.crypto.engine]
+$ T_D_BFTEST := [-.crypto.bf]
+$ T_D_CASTTEST := [-.crypto.cast]
+$ T_D_SSLTEST := [-.ssl]
+$ T_D_EXPTEST := [-.crypto.bn]
+$ T_D_DSATEST := [-.crypto.dsa]
+$ T_D_RSA_TEST := [-.crypto.rsa]
+$ T_D_EVP_TEST := [-.crypto.evp]
+$ T_D_JPAKETEST := [-.crypto.jpake]
+$ T_D_IGETEST := [-.test]
+$!
+$ TCPIP_PROGRAMS = ",,"
+$ IF COMPILER .EQS. "VAXC" THEN -
+ TCPIP_PROGRAMS = ",SSLTEST,"
+$!
+$! Define A File Counter And Set It To "0".
+$!
+$ FILE_COUNTER = 0
+$!
+$! Top Of The File Loop.
+$!
+$ NEXT_FILE:
+$!
+$! O.K, Extract The File Name From The File List.
+$!
+$ FILE_NAME = F$ELEMENT(FILE_COUNTER,",",TEST_FILES)
+$!
+$! Check To See If We Are At The End Of The File List.
+$!
+$ IF (FILE_NAME.EQS.",") THEN GOTO FILE_DONE
+$!
+$! Increment The Counter.
+$!
+$ FILE_COUNTER = FILE_COUNTER + 1
+$!
+$! Create The Source File Name.
+$!
+$ SOURCE_FILE = "SYS$DISK:" + T_D_'FILE_NAME' + FILE_NAME + ".C"
+$!
+$! Create The Object File Name.
+$!
+$ OBJECT_FILE = OBJ_DIR + FILE_NAME + ".OBJ"
+$!
+$! Create The Executable File Name.
+$!
+$ EXE_FILE = EXE_DIR + FILE_NAME + ".EXE"
+$ ON WARNING THEN GOTO NEXT_FILE
+$!
+$! Check To See If The File We Want To Compile Actually Exists.
+$!
+$ IF (F$SEARCH(SOURCE_FILE).EQS."")
+$ THEN
+$!
+$! Tell The User That The File Dosen't Exist.
+$!
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT "The File ",SOURCE_FILE," Dosen't Exist."
+$ WRITE SYS$OUTPUT ""
+$!
+$! Exit The Build.
+$!
+$ GOTO EXIT
+$ ENDIF
+$!
+$! Tell The User What We Are Building.
+$!
+$ WRITE SYS$OUTPUT "Building The ",FILE_NAME," Test Program."
+$!
+$! Compile The File.
+$!
+$ ON ERROR THEN GOTO NEXT_FILE
+$ CC /OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$ ON WARNING THEN GOTO NEXT_FILE
+$!
+$! Check If What We Are About To Compile Works Without A TCP/IP Library.
+$!
+$ IF ((TCPIP_LIB.EQS."").AND.((TCPIP_PROGRAMS-FILE_NAME).NES.TCPIP_PROGRAMS))
+$ THEN
+$!
+$! Inform The User That A TCP/IP Library Is Needed To Compile This Program.
+$!
+$ WRITE SYS$OUTPUT -
+ FILE_NAME," Needs A TCP/IP Library. Can't Link. Skipping..."
+$ GOTO NEXT_FILE
+$!
+$! End The TCP/IP Library Check.
+$!
+$ ENDIF
+$!
+$! Link The Program, Check To See If We Need To Link With RSAREF Or Not.
+$! Check To See If We Are To Link With A Specific TCP/IP Library.
+$!
+$ IF (TCPIP_LIB.NES."")
+$ THEN
+$!
+$! Don't Link With The RSAREF Routines And TCP/IP Library.
+$!
+$ LINK /'DEBUGGER' /'TRACEBACK' /EXECUTABLE = 'EXE_FILE' -
+ 'OBJECT_FILE', -
+ 'SSL_LIB' /LIBRARY, -
+ 'CRYPTO_LIB' /LIBRARY, -
+ 'TCPIP_LIB', -
+ 'OPT_FILE' /OPTIONS
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$! Don't Link With The RSAREF Routines And Link With A TCP/IP Library.
+$!
+$ LINK /'DEBUGGER' /'TRACEBACK' /EXECUTABLE = 'EXE_FILE' -
+ 'OBJECT_FILE', -
+ 'SSL_LIB' /LIBRARY, -
+ 'CRYPTO_LIB' /LIBRARY, -
+ 'OPT_FILE' /OPTIONS
+$!
+$! End The TCP/IP Library Check.
+$!
+$ ENDIF
+$!
+$! Go Back And Do It Again.
+$!
+$ GOTO NEXT_FILE
+$!
+$! All Done With This Library Part.
+$!
+$ FILE_DONE:
+$!
+$! All Done, Time To Exit.
+$!
+$ EXIT:
+$ GOSUB CLEANUP
+$ EXIT
+$!
+$! Check For The Link Option FIle.
+$!
+$ CHECK_OPT_FILE:
+$!
+$! Check To See If We Need To Make A VAX C Option File.
+$!
+$ IF (COMPILER.EQS."VAXC")
+$ THEN
+$!
+$! Check To See If We Already Have A VAX C Linker Option File.
+$!
+$ IF (F$SEARCH(OPT_FILE).EQS."")
+$ THEN
+$!
+$! We Need A VAX C Linker Option File.
+$!
+$ CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File To Link Against
+! The Shareable VAX C Runtime Library.
+!
+SYS$SHARE:VAXCRTL.EXE /SHAREABLE
+$EOD
+$!
+$! End The Option File Check.
+$!
+$ ENDIF
+$!
+$! End The VAXC Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Need A GNU C Option File.
+$!
+$ IF (COMPILER.EQS."GNUC")
+$ THEN
+$!
+$! Check To See If We Already Have A GNU C Linker Option File.
+$!
+$ IF (F$SEARCH(OPT_FILE).EQS."")
+$ THEN
+$!
+$! We Need A GNU C Linker Option File.
+$!
+$ CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File To Link Against
+! The Shareable C Runtime Library.
+!
+GNU_CC:[000000]GCCLIB.OLB /LIBRARY
+SYS$SHARE:VAXCRTL.EXE /SHAREABLE
+$EOD
+$!
+$! End The Option File Check.
+$!
+$ ENDIF
+$!
+$! End The GNU C Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Need A DEC C Option File.
+$!
+$ IF (COMPILER.EQS."DECC")
+$ THEN
+$!
+$! Check To See If We Already Have A DEC C Linker Option File.
+$!
+$ IF (F$SEARCH(OPT_FILE).EQS."")
+$ THEN
+$!
+$! Figure Out If We Need A non-VAX Or A VAX Linker Option File.
+$!
+$ IF (ARCH.EQS."VAX")
+$ THEN
+$!
+$! We Need A DEC C Linker Option File For VAX.
+$!
+$ CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File To Link Against
+! The Shareable DEC C Runtime Library.
+!
+SYS$SHARE:DECC$SHR.EXE /SHAREABLE
+$EOD
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$! Create The non-VAX Linker Option File.
+$!
+$ CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File For non-VAX To Link Against
+! The Shareable C Runtime Library.
+!
+SYS$SHARE:CMA$OPEN_LIB_SHR.EXE /SHAREABLE
+SYS$SHARE:CMA$OPEN_RTL.EXE /SHAREABLE
+$EOD
+$!
+$! End The DEC C Option File Check.
+$!
+$ ENDIF
+$!
+$! End The Option File Search.
+$!
+$ ENDIF
+$!
+$! End The DEC C Check.
+$!
+$ ENDIF
+$!
+$! Tell The User What Linker Option File We Are Using.
+$!
+$ WRITE SYS$OUTPUT "Using Linker Option File ",OPT_FILE,"."
+$!
+$! Time To RETURN.
+$!
+$ RETURN
+$!
+$! Check To See If We Have The Appropiate Libraries.
+$!
+$ LIB_CHECK:
+$!
+$! Look For The Library LIBCRYPTO.OLB.
+$!
+$ IF (F$SEARCH(CRYPTO_LIB).EQS."")
+$ THEN
+$!
+$! Tell The User We Can't Find The LIBCRYPTO.OLB Library.
+$!
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT "Can't Find The Library ",CRYPTO_LIB,"."
+$ WRITE SYS$OUTPUT "We Can't Link Without It."
+$ WRITE SYS$OUTPUT ""
+$!
+$! Since We Can't Link Without It, Exit.
+$!
+$ EXIT
+$!
+$! End The Crypto Library Check.
+$!
+$ ENDIF
+$!
+$! Look For The Library LIBSSL.OLB.
+$!
+$ IF (F$SEARCH(SSL_LIB).EQS."")
+$ THEN
+$!
+$! Tell The User We Can't Find The LIBSSL.OLB Library.
+$!
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT "Can't Find The Library ",SSL_LIB,"."
+$ WRITE SYS$OUTPUT "Some Of The Test Programs Need To Link To It."
+$ WRITE SYS$OUTPUT ""
+$!
+$! Since We Can't Link Without It, Exit.
+$!
+$ EXIT
+$!
+$! End The SSL Library Check.
+$!
+$ ENDIF
+$!
+$! Time To Return.
+$!
+$ RETURN
+$!
+$! Check The User's Options.
+$!
+$ CHECK_OPTIONS:
+$!
+$! Check To See If P1 Is Blank.
+$!
+$ IF (P1.EQS."NODEBUG")
+$ THEN
+$!
+$! P1 Is NODEBUG, So Compile Without Debugger Information.
+$!
+$ DEBUGGER = "NODEBUG"
+$ TRACEBACK = "NOTRACEBACK"
+$ GCC_OPTIMIZE = "OPTIMIZE"
+$ CC_OPTIMIZE = "OPTIMIZE"
+$ WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile."
+$ WRITE SYS$OUTPUT "Compiling With Compiler Optimization."
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$! Check To See If We Are To Compile With Debugger Information.
+$!
+$ IF (P1.EQS."DEBUG")
+$ THEN
+$!
+$! Compile With Debugger Information.
+$!
+$ DEBUGGER = "DEBUG"
+$ TRACEBACK = "TRACEBACK"
+$ GCC_OPTIMIZE = "NOOPTIMIZE"
+$ CC_OPTIMIZE = "NOOPTIMIZE"
+$ WRITE SYS$OUTPUT "Debugger Information Will Be Produced During Compile."
+$ WRITE SYS$OUTPUT "Compiling Without Compiler Optimization."
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$! Tell The User Entered An Invalid Option..
+$!
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT "The Option ",P1," Is Invalid. The Valid Options Are:"
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT " DEBUG : Compile With The Debugger Information."
+$ WRITE SYS$OUTPUT " NODEBUG : Compile Without The Debugger Information."
+$ WRITE SYS$OUTPUT ""
+$!
+$! Time To EXIT.
+$!
+$ EXIT
+$!
+$! End The Valid Arguement Check.
+$!
+$ ENDIF
+$!
+$! End The P2 Check.
+$!
+$ ENDIF
+$!
+$! Check To See If P2 Is Blank.
+$!
+$ IF (P2.EQS."")
+$ THEN
+$!
+$! O.K., The User Didn't Specify A Compiler, Let's Try To
+$! Find Out Which One To Use.
+$!
+$! Check To See If We Have GNU C.
+$!
+$ IF (F$TRNLNM("GNU_CC").NES."")
+$ THEN
+$!
+$! Looks Like GNUC, Set To Use GNUC.
+$!
+$ P2 = "GNUC"
+$!
+$! End The GNU C Compiler Check.
+$!
+$ ELSE
+$!
+$! Check To See If We Have VAXC Or DECC.
+$!
+$ IF (ARCH.NES."VAX").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."")
+$ THEN
+$!
+$! Looks Like DECC, Set To Use DECC.
+$!
+$ P2 = "DECC"
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$! Looks Like VAXC, Set To Use VAXC.
+$!
+$ P2 = "VAXC"
+$!
+$! End The VAXC Compiler Check.
+$!
+$ ENDIF
+$!
+$! End The DECC & VAXC Compiler Check.
+$!
+$ ENDIF
+$!
+$! End The Compiler Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Have A Option For P3.
+$!
+$ IF (P3.EQS."")
+$ THEN
+$!
+$! Find out what socket library we have available
+$!
+$ IF F$PARSE("SOCKETSHR:") .NES. ""
+$ THEN
+$!
+$! We have SOCKETSHR, and it is my opinion that it's the best to use.
+$!
+$ P3 = "SOCKETSHR"
+$!
+$! Tell the user
+$!
+$ WRITE SYS$OUTPUT "Using SOCKETSHR for TCP/IP"
+$!
+$! Else, let's look for something else
+$!
+$ ELSE
+$!
+$! Like UCX (the reason to do this before Multinet is that the UCX
+$! emulation is easier to use...)
+$!
+$ IF F$TRNLNM("UCX$IPC_SHR") .NES. "" -
+ .OR. F$PARSE("SYS$SHARE:UCX$IPC_SHR.EXE") .NES. "" -
+ .OR. F$PARSE("SYS$LIBRARY:UCX$IPC.OLB") .NES. ""
+$ THEN
+$!
+$! Last resort: a UCX or UCX-compatible library
+$!
+$ P3 = "UCX"
+$!
+$! Tell the user
+$!
+$ WRITE SYS$OUTPUT "Using UCX or an emulation thereof for TCP/IP"
+$!
+$! That was all...
+$!
+$ ENDIF
+$ ENDIF
+$ ENDIF
+$!
+$! Set Up Initial CC Definitions, Possibly With User Ones
+$!
+$ CCDEFS = "TCPIP_TYPE_''P3'"
+$ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
+$ CCEXTRAFLAGS = ""
+$ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
+$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
+$ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
+ CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS
+$!
+$! Check To See If The User Entered A Valid Paramter.
+$!
+$ IF (P2.EQS."VAXC").OR.(P2.EQS."DECC").OR.(P2.EQS."GNUC")
+$ THEN
+$!
+$! Check To See If The User Wanted DECC.
+$!
+$ IF (P2.EQS."DECC")
+$ THEN
+$!
+$! Looks Like DECC, Set To Use DECC.
+$!
+$ COMPILER = "DECC"
+$!
+$! Tell The User We Are Using DECC.
+$!
+$ WRITE SYS$OUTPUT "Using DECC 'C' Compiler."
+$!
+$! Use DECC...
+$!
+$ CC = "CC"
+$ IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
+ THEN CC = "CC /DECC"
+$ CC = CC + "/''CC_OPTIMIZE' /''DEBUGGER' /STANDARD=ANSI89" + -
+ "/NOLIST /PREFIX=ALL" + -
+ "/INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + CCEXTRAFLAGS
+$!
+$! Define The Linker Options File Name.
+$!
+$ OPT_FILE = "''EXE_DIR'VAX_DECC_OPTIONS.OPT"
+$!
+$! End DECC Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Are To Use VAXC.
+$!
+$ IF (P2.EQS."VAXC")
+$ THEN
+$!
+$! Looks Like VAXC, Set To Use VAXC.
+$!
+$ COMPILER = "VAXC"
+$!
+$! Tell The User We Are Using VAX C.
+$!
+$ WRITE SYS$OUTPUT "Using VAXC 'C' Compiler."
+$!
+$! Compile Using VAXC.
+$!
+$ CC = "CC"
+$ IF ARCH.NES."VAX"
+$ THEN
+$ WRITE SYS$OUTPUT "There is no VAX C on ''ARCH'!"
+$ EXIT
+$ ENDIF
+$ IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC /VAXC"
+$ CC = CC + "/''CC_OPTIMIZE' /''DEBUGGER' /NOLIST" + -
+ "/INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + CCEXTRAFLAGS
+$ CCDEFS = CCDEFS + ",""VAXC"""
+$!
+$! Define <sys> As SYS$COMMON:[SYSLIB]
+$!
+$ DEFINE /NOLOG SYS SYS$COMMON:[SYSLIB]
+$!
+$! Define The Linker Options File Name.
+$!
+$ OPT_FILE = "''EXE_DIR'VAX_VAXC_OPTIONS.OPT"
+$!
+$! End VAXC Check
+$!
+$ ENDIF
+$!
+$! Check To See If We Are To Use GNU C.
+$!
+$ IF (P2.EQS."GNUC")
+$ THEN
+$!
+$! Looks Like GNUC, Set To Use GNUC.
+$!
+$ COMPILER = "GNUC"
+$!
+$! Tell The User We Are Using GNUC.
+$!
+$ WRITE SYS$OUTPUT "Using GNU 'C' Compiler."
+$!
+$! Use GNU C...
+$!
+$ CC = "GCC /NOCASE_HACK /''GCC_OPTIMIZE' /''DEBUGGER' /NOLIST" + -
+ "/INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + CCEXTRAFLAGS
+$!
+$! Define The Linker Options File Name.
+$!
+$ OPT_FILE = "''EXE_DIR'VAX_GNUC_OPTIONS.OPT"
+$!
+$! End The GNU C Check.
+$!
+$ ENDIF
+$!
+$! Set up default defines
+$!
+$ CCDEFS = """FLAT_INC=1""," + CCDEFS
+$!
+$! Finish up the definition of CC.
+$!
+$ IF COMPILER .EQS. "DECC"
+$ THEN
+$ IF CCDISABLEWARNINGS .EQS. ""
+$ THEN
+$ CC4DISABLEWARNINGS = "DOLLARID"
+$ ELSE
+$ CC4DISABLEWARNINGS = CCDISABLEWARNINGS + ",DOLLARID"
+$ CCDISABLEWARNINGS = "/WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))"
+$ ENDIF
+$ CC4DISABLEWARNINGS = "/WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))"
+$ ELSE
+$ CCDISABLEWARNINGS = ""
+$ CC4DISABLEWARNINGS = ""
+$ ENDIF
+$ CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
+$!
+$! Show user the result
+$!
+$ WRITE /SYMBOL SYS$OUTPUT "Main Compiling Command: ", CC
+$!
+$! Else The User Entered An Invalid Arguement.
+$!
+$ ELSE
+$!
+$! Tell The User We Don't Know What They Want.
+$!
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT "The Option ",P2," Is Invalid. The Valid Options Are:"
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT " VAXC : To Compile With VAX C."
+$ WRITE SYS$OUTPUT " DECC : To Compile With DEC C."
+$ WRITE SYS$OUTPUT " GNUC : To Compile With GNU C."
+$ WRITE SYS$OUTPUT ""
+$!
+$! Time To EXIT.
+$!
+$ EXIT
+$ ENDIF
+$!
+$! Time to check the contents, and to make sure we get the correct library.
+$!
+$ IF P3.EQS."SOCKETSHR" .OR. P3.EQS."MULTINET" .OR. P3.EQS."UCX" -
+ .OR. P3.EQS."TCPIP" .OR. P3.EQS."NONE"
+$ THEN
+$!
+$! Check to see if SOCKETSHR was chosen
+$!
+$ IF P3.EQS."SOCKETSHR"
+$ THEN
+$!
+$! Set the library to use SOCKETSHR
+$!
+$ TCPIP_LIB = "SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT /OPTIONS"
+$!
+$! Done with SOCKETSHR
+$!
+$ ENDIF
+$!
+$! Check to see if MULTINET was chosen
+$!
+$ IF P3.EQS."MULTINET"
+$ THEN
+$!
+$! Set the library to use UCX emulation.
+$!
+$ P3 = "UCX"
+$!
+$! Done with MULTINET
+$!
+$ ENDIF
+$!
+$! Check to see if UCX was chosen
+$!
+$ IF P3.EQS."UCX"
+$ THEN
+$!
+$! Set the library to use UCX.
+$!
+$ TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT /OPTIONS"
+$ IF F$TRNLNM("UCX$IPC_SHR") .NES. ""
+$ THEN
+$ TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT /OPTIONS"
+$ ELSE
+$ IF COMPILER .NES. "DECC" .AND. ARCH .EQS. "VAX" THEN -
+ TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT /OPTIONS"
+$ ENDIF
+$!
+$! Done with UCX
+$!
+$ ENDIF
+$!
+$! Check to see if TCPIP was chosen
+$!
+$ IF P3.EQS."TCPIP"
+$ THEN
+$!
+$! Set the library to use TCPIP (post UCX).
+$!
+$ TCPIP_LIB = "SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT /OPTIONS"
+$!
+$! Done with TCPIP
+$!
+$ ENDIF
+$!
+$! Check to see if NONE was chosen
+$!
+$ IF P3.EQS."NONE"
+$ THEN
+$!
+$! Do not use a TCPIP library.
+$!
+$ TCPIP_LIB = ""
+$!
+$! Done with NONE
+$!
+$ ENDIF
+$!
+$! Print info
+$!
+$ WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB
+$!
+$! Else The User Entered An Invalid Arguement.
+$!
+$ ELSE
+$!
+$! Tell The User We Don't Know What They Want.
+$!
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT "The Option ",P3," Is Invalid. The Valid Options Are:"
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT " SOCKETSHR : To link with SOCKETSHR TCP/IP library."
+$ WRITE SYS$OUTPUT " UCX : To link with UCX TCP/IP library."
+$ WRITE SYS$OUTPUT " TCPIP : To link with TCPIP (post UCX) TCP/IP library."
+$ WRITE SYS$OUTPUT ""
+$!
+$! Time To EXIT.
+$!
+$ EXIT
+$!
+$! Done with TCP/IP libraries
+$!
+$ ENDIF
+$!
+$! Special Threads For OpenVMS v7.1 Or Later
+$!
+$! Written By: Richard Levitte
+$! richard at levitte.org
+$!
+$!
+$! Check To See If We Have A Option For P4.
+$!
+$ IF (P4.EQS."")
+$ THEN
+$!
+$! Get The Version Of VMS We Are Using.
+$!
+$ ISSEVEN :=
+$ TMP = F$ELEMENT(0,"-",F$EXTRACT(1,4,F$GETSYI("VERSION")))
+$ TMP = F$INTEGER(F$ELEMENT(0,".",TMP)+F$ELEMENT(1,".",TMP))
+$!
+$! Check To See If The VMS Version Is v7.1 Or Later.
+$!
+$ IF (TMP.GE.71)
+$ THEN
+$!
+$! We Have OpenVMS v7.1 Or Later, So Use The Special Threads.
+$!
+$ ISSEVEN := ,PTHREAD_USE_D4
+$!
+$! End The VMS Version Check.
+$!
+$ ENDIF
+$!
+$! End The P4 Check.
+$!
+$ ENDIF
+$!
+$! Time To RETURN...
+$!
+$ RETURN
+$!
+$ INITIALISE:
+$!
+$! Save old value of the logical name OPENSSL
+$!
+$ __SAVE_OPENSSL = F$TRNLNM("OPENSSL","LNM$PROCESS_TABLE")
+$!
+$! Save directory information
+$!
+$ __HERE = F$PARSE(F$PARSE("A.;",F$ENVIRONMENT("PROCEDURE"))-"A.;","[]A.;") - "A.;"
+$ __HERE = F$EDIT(__HERE,"UPCASE")
+$ __TOP = __HERE - "TEST]"
+$ __INCLUDE = __TOP + "INCLUDE.OPENSSL]"
+$!
+$! Set up the logical name OPENSSL to point at the include directory
+$!
+$ DEFINE OPENSSL /NOLOG '__INCLUDE'
+$!
+$! Done
+$!
+$ RETURN
+$!
+$ CLEANUP:
+$!
+$! Restore the logical name OPENSSL if it had a value
+$!
+$ IF __SAVE_OPENSSL .EQS. ""
+$ THEN
+$ DEASSIGN OPENSSL
+$ ELSE
+$ DEFINE /NOLOG OPENSSL '__SAVE_OPENSSL'
+$ ENDIF
+$!
+$! Done
+$!
+$ RETURN
Added: trunk/crypto/openssl/test/md2test.c
===================================================================
--- trunk/crypto/openssl/test/md2test.c (rev 0)
+++ trunk/crypto/openssl/test/md2test.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -0,0 +1 @@
+link ../crypto/md2/md2test.c
\ No newline at end of file
Property changes on: trunk/crypto/openssl/test/md2test.c
___________________________________________________________________
Added: svn:special
## -0,0 +1 ##
+*
\ No newline at end of property
Added: trunk/crypto/openssl/test/md4test.c
===================================================================
--- trunk/crypto/openssl/test/md4test.c (rev 0)
+++ trunk/crypto/openssl/test/md4test.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -0,0 +1 @@
+link ../crypto/md4/md4test.c
\ No newline at end of file
Property changes on: trunk/crypto/openssl/test/md4test.c
___________________________________________________________________
Added: svn:special
## -0,0 +1 ##
+*
\ No newline at end of property
Added: trunk/crypto/openssl/test/md5test.c
===================================================================
--- trunk/crypto/openssl/test/md5test.c (rev 0)
+++ trunk/crypto/openssl/test/md5test.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -0,0 +1 @@
+link ../crypto/md5/md5test.c
\ No newline at end of file
Property changes on: trunk/crypto/openssl/test/md5test.c
___________________________________________________________________
Added: svn:special
## -0,0 +1 ##
+*
\ No newline at end of property
Added: trunk/crypto/openssl/test/mdc2test.c
===================================================================
--- trunk/crypto/openssl/test/mdc2test.c (rev 0)
+++ trunk/crypto/openssl/test/mdc2test.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -0,0 +1 @@
+link dummytest.c
\ No newline at end of file
Property changes on: trunk/crypto/openssl/test/mdc2test.c
___________________________________________________________________
Added: svn:special
## -0,0 +1 ##
+*
\ No newline at end of property
Added: trunk/crypto/openssl/test/randtest.c
===================================================================
--- trunk/crypto/openssl/test/randtest.c (rev 0)
+++ trunk/crypto/openssl/test/randtest.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -0,0 +1 @@
+link ../crypto/rand/randtest.c
\ No newline at end of file
Property changes on: trunk/crypto/openssl/test/randtest.c
___________________________________________________________________
Added: svn:special
## -0,0 +1 ##
+*
\ No newline at end of property
Added: trunk/crypto/openssl/test/rc2test.c
===================================================================
--- trunk/crypto/openssl/test/rc2test.c (rev 0)
+++ trunk/crypto/openssl/test/rc2test.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -0,0 +1 @@
+link ../crypto/rc2/rc2test.c
\ No newline at end of file
Property changes on: trunk/crypto/openssl/test/rc2test.c
___________________________________________________________________
Added: svn:special
## -0,0 +1 ##
+*
\ No newline at end of property
Added: trunk/crypto/openssl/test/rc4test.c
===================================================================
--- trunk/crypto/openssl/test/rc4test.c (rev 0)
+++ trunk/crypto/openssl/test/rc4test.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -0,0 +1 @@
+link ../crypto/rc4/rc4test.c
\ No newline at end of file
Property changes on: trunk/crypto/openssl/test/rc4test.c
___________________________________________________________________
Added: svn:special
## -0,0 +1 ##
+*
\ No newline at end of property
Added: trunk/crypto/openssl/test/rc5test.c
===================================================================
--- trunk/crypto/openssl/test/rc5test.c (rev 0)
+++ trunk/crypto/openssl/test/rc5test.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -0,0 +1 @@
+link dummytest.c
\ No newline at end of file
Property changes on: trunk/crypto/openssl/test/rc5test.c
___________________________________________________________________
Added: svn:special
## -0,0 +1 ##
+*
\ No newline at end of property
Added: trunk/crypto/openssl/test/rmdtest.c
===================================================================
--- trunk/crypto/openssl/test/rmdtest.c (rev 0)
+++ trunk/crypto/openssl/test/rmdtest.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -0,0 +1 @@
+link ../crypto/ripemd/rmdtest.c
\ No newline at end of file
Property changes on: trunk/crypto/openssl/test/rmdtest.c
___________________________________________________________________
Added: svn:special
## -0,0 +1 ##
+*
\ No newline at end of property
Added: trunk/crypto/openssl/test/rsa_test.c
===================================================================
--- trunk/crypto/openssl/test/rsa_test.c (rev 0)
+++ trunk/crypto/openssl/test/rsa_test.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -0,0 +1 @@
+link ../crypto/rsa/rsa_test.c
\ No newline at end of file
Property changes on: trunk/crypto/openssl/test/rsa_test.c
___________________________________________________________________
Added: svn:special
## -0,0 +1 ##
+*
\ No newline at end of property
Added: trunk/crypto/openssl/test/sha1test.c
===================================================================
--- trunk/crypto/openssl/test/sha1test.c (rev 0)
+++ trunk/crypto/openssl/test/sha1test.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -0,0 +1 @@
+link ../crypto/sha/sha1test.c
\ No newline at end of file
Property changes on: trunk/crypto/openssl/test/sha1test.c
___________________________________________________________________
Added: svn:special
## -0,0 +1 ##
+*
\ No newline at end of property
Added: trunk/crypto/openssl/test/sha256t.c
===================================================================
--- trunk/crypto/openssl/test/sha256t.c (rev 0)
+++ trunk/crypto/openssl/test/sha256t.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -0,0 +1 @@
+link ../crypto/sha/sha256t.c
\ No newline at end of file
Property changes on: trunk/crypto/openssl/test/sha256t.c
___________________________________________________________________
Added: svn:special
## -0,0 +1 ##
+*
\ No newline at end of property
Added: trunk/crypto/openssl/test/sha512t.c
===================================================================
--- trunk/crypto/openssl/test/sha512t.c (rev 0)
+++ trunk/crypto/openssl/test/sha512t.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -0,0 +1 @@
+link ../crypto/sha/sha512t.c
\ No newline at end of file
Property changes on: trunk/crypto/openssl/test/sha512t.c
___________________________________________________________________
Added: svn:special
## -0,0 +1 ##
+*
\ No newline at end of property
Added: trunk/crypto/openssl/test/shatest.c
===================================================================
--- trunk/crypto/openssl/test/shatest.c (rev 0)
+++ trunk/crypto/openssl/test/shatest.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -0,0 +1 @@
+link ../crypto/sha/shatest.c
\ No newline at end of file
Property changes on: trunk/crypto/openssl/test/shatest.c
___________________________________________________________________
Added: svn:special
## -0,0 +1 ##
+*
\ No newline at end of property
Added: trunk/crypto/openssl/test/ssltest.c
===================================================================
--- trunk/crypto/openssl/test/ssltest.c (rev 0)
+++ trunk/crypto/openssl/test/ssltest.c 2014-10-12 20:48:00 UTC (rev 6872)
@@ -0,0 +1 @@
+link ../ssl/ssltest.c
\ No newline at end of file
Property changes on: trunk/crypto/openssl/test/ssltest.c
___________________________________________________________________
Added: svn:special
## -0,0 +1 ##
+*
\ No newline at end of property
Added: trunk/crypto/openssl/test/tcrl.com
===================================================================
--- trunk/crypto/openssl/test/tcrl.com (rev 0)
+++ trunk/crypto/openssl/test/tcrl.com 2014-10-12 20:48:00 UTC (rev 6872)
@@ -0,0 +1,85 @@
+$! TCRL.COM -- Tests crl keys
+$
+$ __arch := VAX
+$ if f$getsyi("cpu") .ge. 128 then -
+ __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$ if __arch .eqs. "" then __arch := UNK
+$ exe_dir := sys$disk:[-.'__arch'.exe.apps]
+$
+$ cmd := mcr 'exe_dir'openssl crl
+$
+$ t := testcrl.pem
+$ if p1 .nes. "" then t = p1
+$
+$ write sys$output "testing CRL conversions"
+$ if f$search("fff.*") .nes "" then delete fff.*;*
+$ if f$search("ff.*") .nes "" then delete ff.*;*
+$ if f$search("f.*") .nes "" then delete f.*;*
+$ convert/fdl=sys$input: 't' fff.p
+RECORD
+ FORMAT STREAM_LF
+$
+$ write sys$output "p -> d"
+$ 'cmd' -in fff.p -inform p -outform d -out f.d
+$ if $severity .ne. 1 then exit 3
+$! write sys$output "p -> t"
+$! 'cmd' -in fff.p -inform p -outform t -out f.t
+$! if $severity .ne. 1 then exit 3
+$ write sys$output "p -> p"
+$ 'cmd' -in fff.p -inform p -outform p -out f.p
+$ if $severity .ne. 1 then exit 3
+$
+$ write sys$output "d -> d"
+$ 'cmd' -in f.d -inform d -outform d -out ff.d1
+$ if $severity .ne. 1 then exit 3
+$! write sys$output "t -> d"
+$! 'cmd' -in f.t -inform t -outform d -out ff.d2
+$! if $severity .ne. 1 then exit 3
+$ write sys$output "p -> d"
+$ 'cmd' -in f.p -inform p -outform d -out ff.d3
+$ if $severity .ne. 1 then exit 3
+$
+$! write sys$output "d -> t"
+$! 'cmd' -in f.d -inform d -outform t -out ff.t1
+$! if $severity .ne. 1 then exit 3
+$! write sys$output "t -> t"
+$! 'cmd' -in f.t -inform t -outform t -out ff.t2
+$! if $severity .ne. 1 then exit 3
+$! write sys$output "p -> t"
+$! 'cmd' -in f.p -inform p -outform t -out ff.t3
+$! if $severity .ne. 1 then exit 3
+$
+$ write sys$output "d -> p"
+$ 'cmd' -in f.d -inform d -outform p -out ff.p1
+$ if $severity .ne. 1 then exit 3
+$! write sys$output "t -> p"
+$! 'cmd' -in f.t -inform t -outform p -out ff.p2
+$! if $severity .ne. 1 then exit 3
+$ write sys$output "p -> p"
+$ 'cmd' -in f.p -inform p -outform p -out ff.p3
+$ if $severity .ne. 1 then exit 3
+$
+$ backup/compare fff.p f.p
+$ if $severity .ne. 1 then exit 3
+$ backup/compare fff.p ff.p1
+$ if $severity .ne. 1 then exit 3
+$! backup/compare fff.p ff.p2
+$! if $severity .ne. 1 then exit 3
+$ backup/compare fff.p ff.p3
+$ if $severity .ne. 1 then exit 3
+$
+$! backup/compare f.t ff.t1
+$! if $severity .ne. 1 then exit 3
+$! backup/compare f.t ff.t2
+$! if $severity .ne. 1 then exit 3
+$! backup/compare f.t ff.t3
+$! if $severity .ne. 1 then exit 3
+$
+$ backup/compare f.p ff.p1
+$ if $severity .ne. 1 then exit 3
+$! backup/compare f.p ff.p2
+$! if $severity .ne. 1 then exit 3
+$ backup/compare f.p ff.p3
+$ if $severity .ne. 1 then exit 3
+$
+$ delete f.*;*,ff.*;*,fff.*;*
Added: trunk/crypto/openssl/test/testca.com
===================================================================
--- trunk/crypto/openssl/test/testca.com (rev 0)
+++ trunk/crypto/openssl/test/testca.com 2014-10-12 20:48:00 UTC (rev 6872)
@@ -0,0 +1,79 @@
+$! TESTCA.COM
+$
+$ __arch := VAX
+$ if f$getsyi("cpu") .ge. 128 then -
+ __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$ if __arch .eqs. "" then __arch := UNK
+$
+$ openssl := mcr 'exe_dir'openssl
+$
+$ SSLEAY_CONFIG="-config ""CAss.cnf"""
+$
+$ set noon
+$ if f$search("demoCA.dir") .nes. ""
+$ then
+$ call deltree [.demoCA]*.*
+$ set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) demoCA.dir;*
+$ delete demoCA.dir;*
+$ endif
+$ set on
+$ open/read sys$ca_input VMSca-response.1
+$ @[-.apps]CA.com -input sys$ca_input -newca
+$ close sys$ca_input
+$ if $severity .ne. 1 then exit 3
+$
+$
+$ SSLEAY_CONFIG="-config ""Uss.cnf"""
+$ @[-.apps]CA.com -newreq
+$ if $severity .ne. 1 then exit 3
+$
+$
+$ SSLEAY_CONFIG="-config [-.apps]openssl-vms.cnf"
+$ open/read sys$ca_input VMSca-response.2
+$ @[-.apps]CA.com -input sys$ca_input -sign
+$ close sys$ca_input
+$ if $severity .ne. 1 then exit 3
+$
+$
+$ @[-.apps]CA.com -verify newcert.pem
+$ if $severity .ne. 1 then exit 3
+$
+$ set noon
+$ call deltree [.demoCA]*.*
+$ set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) demoCA.dir;*
+$ delete demoCA.dir;*
+$ if f$search("newcert.pem") .nes. "" then delete newcert.pem;*
+$ if f$search("newcert.pem") .nes. "" then delete newreq.pem;*
+$ set on
+$! #usage: CA -newcert|-newreq|-newca|-sign|-verify
+$
+$ exit
+$
+$ deltree: subroutine ! P1 is a name of a directory
+$ on control_y then goto dt_STOP
+$ on warning then goto dt_exit
+$ _dt_def = f$trnlnm("SYS$DISK")+f$directory()
+$ if f$parse(p1) .eqs. "" then exit
+$ set default 'f$parse(p1,,,"DEVICE")''f$parse(p1,,,"DIRECTORY")'
+$ p1 = f$parse(p1,,,"NAME") + f$parse(p1,,,"TYPE")
+$ _fp = f$parse(".DIR",p1)
+$ dt_loop:
+$ _f = f$search(_fp)
+$ if _f .eqs. "" then goto dt_loopend
+$ call deltree [.'f$parse(_f,,,"NAME")']*.*
+$ goto dt_loop
+$ dt_loopend:
+$ _fp = f$parse(p1,".;*")
+$ if f$search(_fp) .eqs. "" then goto dt_exit
+$ set noon
+$ set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) '_fp'
+$ set on
+$ delete/nolog '_fp'
+$ dt_exit:
+$ set default '_dt_def'
+$ exit
+$ dt_STOP:
+$ set default '_dt_def'
+$ stop/id=""
+$ exit
+$ endsubroutine
Added: trunk/crypto/openssl/test/testenc.com
===================================================================
--- trunk/crypto/openssl/test/testenc.com (rev 0)
+++ trunk/crypto/openssl/test/testenc.com 2014-10-12 20:48:00 UTC (rev 6872)
@@ -0,0 +1,63 @@
+$! TESTENC.COM -- Test encoding and decoding
+$
+$ __arch := VAX
+$ if f$getsyi("cpu") .ge. 128 then -
+ __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$ if __arch .eqs. "" then __arch := UNK
+$
+$ testsrc := makefile.
+$ test := p.txt
+$ cmd := mcr 'exe_dir'openssl
+$
+$ if f$search(test) .nes. "" then delete 'test';*
+$ convert/fdl=sys$input: 'testsrc' 'test'
+RECORD
+ FORMAT STREAM_LF
+$
+$ if f$search(test+"-cipher") .nes. "" then delete 'test'-cipher;*
+$ if f$search(test+"-clear") .nes. "" then delete 'test'-clear;*
+$
+$ write sys$output "cat"
+$ 'cmd' enc -in 'test' -out 'test'-cipher
+$ 'cmd' enc -in 'test'-cipher -out 'test'-clear
+$ backup/compare 'test' 'test'-clear
+$ if $severity .ne. 1 then exit 3
+$ delete 'test'-cipher;*,'test'-clear;*
+$
+$ write sys$output "base64"
+$ 'cmd' enc -a -e -in 'test' -out 'test'-cipher
+$ 'cmd' enc -a -d -in 'test'-cipher -out 'test'-clear
+$ backup/compare 'test' 'test'-clear
+$ if $severity .ne. 1 then exit 3
+$ delete 'test'-cipher;*,'test'-clear;*
+$
+$ define/user sys$output 'test'-cipher-commands
+$ 'cmd' list-cipher-commands
+$ open/read f 'test'-cipher-commands
+$ loop_cipher_commands:
+$ read/end=loop_cipher_commands_end f i
+$ write sys$output i
+$
+$ if f$search(test+"-"+i+"-cipher") .nes. "" then -
+ delete 'test'-'i'-cipher;*
+$ if f$search(test+"-"+i+"-clear") .nes. "" then -
+ delete 'test'-'i'-clear;*
+$
+$ 'cmd' 'i' -bufsize 113 -e -k test -in 'test' -out 'test'-'i'-cipher
+$ 'cmd' 'i' -bufsize 157 -d -k test -in 'test'-'i'-cipher -out 'test'-'i'-clear
+$ backup/compare 'test' 'test'-'i'-clear
+$ if $severity .ne. 1 then exit 3
+$ delete 'test'-'i'-cipher;*,'test'-'i'-clear;*
+$
+$ write sys$output i," base64"
+$ 'cmd' 'i' -bufsize 113 -a -e -k test -in 'test' -out 'test'-'i'-cipher
+$ 'cmd' 'i' -bufsize 157 -a -d -k test -in 'test'-'i'-cipher -out 'test'-'i'-clear
+$ backup/compare 'test' 'test'-'i'-clear
+$ if $severity .ne. 1 then exit 3
+$ delete 'test'-'i'-cipher;*,'test'-'i'-clear;*
+$
+$ goto loop_cipher_commands
+$ loop_cipher_commands_end:
+$ close f
+$ delete 'test'-cipher-commands;*
+$ delete 'test';*
Added: trunk/crypto/openssl/test/testfipsssl
===================================================================
--- trunk/crypto/openssl/test/testfipsssl (rev 0)
+++ trunk/crypto/openssl/test/testfipsssl 2014-10-12 20:48:00 UTC (rev 6872)
@@ -0,0 +1,113 @@
+#!/bin/sh
+
+if [ "$1" = "" ]; then
+ key=../apps/server.pem
+else
+ key="$1"
+fi
+if [ "$2" = "" ]; then
+ cert=../apps/server.pem
+else
+ cert="$2"
+fi
+
+ciphers="DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:EXP1024-DHE-DSS-DES-CBC-SHA:EXP1024-DES-CBC-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA"
+
+ssltest="../util/shlib_wrap.sh ./ssltest -F -key $key -cert $cert -c_key $key -c_cert $cert -cipher $ciphers"
+
+if ../util/shlib_wrap.sh ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then
+ dsa_cert=YES
+else
+ dsa_cert=NO
+fi
+
+if [ "$3" = "" ]; then
+ CA="-CApath ../certs"
+else
+ CA="-CAfile $3"
+fi
+
+if [ "$4" = "" ]; then
+ extra=""
+else
+ extra="$4"
+fi
+
+#############################################################################
+
+echo test ssl3 is forbidden in FIPS mode
+$ssltest -ssl3 $extra && exit 1
+
+echo test ssl2 is forbidden in FIPS mode
+$ssltest -ssl2 $extra && exit 1
+
+echo test tls1
+$ssltest -tls1 $extra || exit 1
+
+echo test tls1 with server authentication
+$ssltest -tls1 -server_auth $CA $extra || exit 1
+
+echo test tls1 with client authentication
+$ssltest -tls1 -client_auth $CA $extra || exit 1
+
+echo test tls1 with both client and server authentication
+$ssltest -tls1 -server_auth -client_auth $CA $extra || exit 1
+
+echo test tls1 via BIO pair
+$ssltest -bio_pair -tls1 $extra || exit 1
+
+echo test tls1 with server authentication via BIO pair
+$ssltest -bio_pair -tls1 -server_auth $CA $extra || exit 1
+
+echo test tls1 with client authentication via BIO pair
+$ssltest -bio_pair -tls1 -client_auth $CA $extra || exit 1
+
+echo test tls1 with both client and server authentication via BIO pair
+$ssltest -bio_pair -tls1 -server_auth -client_auth $CA $extra || exit 1
+
+# note that all the below actually choose TLS...
+
+if [ $dsa_cert = NO ]; then
+ echo test sslv2/sslv3 w/o DHE via BIO pair
+ $ssltest -bio_pair -no_dhe $extra || exit 1
+fi
+
+echo test sslv2/sslv3 with 1024bit DHE via BIO pair
+$ssltest -bio_pair -dhe1024dsa -v $extra || exit 1
+
+echo test sslv2/sslv3 with server authentication
+$ssltest -bio_pair -server_auth $CA $extra || exit 1
+
+echo test sslv2/sslv3 with client authentication via BIO pair
+$ssltest -bio_pair -client_auth $CA $extra || exit 1
+
+echo test sslv2/sslv3 with both client and server authentication via BIO pair
+$ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1
+
+echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify
+$ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1
+
+#############################################################################
+
+if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
+ echo skipping anonymous DH tests
+else
+ echo test tls1 with 1024bit anonymous DH, multiple handshakes
+ $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1
+fi
+
+if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
+ echo skipping RSA tests
+else
+ echo test tls1 with 1024bit RSA, no DHE, multiple handshakes
+ ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time $extra || exit 1
+
+ if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
+ echo skipping RSA+DHE tests
+ else
+ echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
+ ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1
+ fi
+fi
+
+exit 0
Added: trunk/crypto/openssl/test/testgen.com
===================================================================
--- trunk/crypto/openssl/test/testgen.com (rev 0)
+++ trunk/crypto/openssl/test/testgen.com 2014-10-12 20:48:00 UTC (rev 6872)
@@ -0,0 +1,54 @@
+$! TETSGEN.COM
+$
+$ __arch := VAX
+$ if f$getsyi("cpu") .ge. 128 then -
+ __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$ if __arch .eqs. "" then __arch := UNK
+$ exe_dir := sys$disk:[-.'__arch'.exe.apps]
+$
+$ T := testcert
+$ KEY = 512
+$ CA := [-.certs]testca.pem
+$
+$ set noon
+$ if f$search(T+".1;*") .nes. "" then delete 'T'.1;*
+$ if f$search(T+".2;*") .nes. "" then delete 'T'.2;*
+$ if f$search(T+".key;*") .nes. "" then delete 'T'.key;*
+$ set on
+$
+$ write sys$output "generating certificate request"
+$
+$ append/new nl: .rnd
+$ open/append random_file .rnd
+$ write random_file "string to make the random number generator think it has entropy"
+$ close random_file
+$
+$ set noon
+$ define/user sys$output nla0:
+$ mcr 'exe_dir'openssl no-rsa
+$ save_severity=$SEVERITY
+$ set on
+$ if save_severity
+$ then
+$ req_new="-newkey dsa:[-.apps]dsa512.pem"
+$ else
+$ req_new="-new"
+$ write sys$output "There should be a 2 sequences of .'s and some +'s."
+$ write sys$output "There should not be more that at most 80 per line"
+$ endif
+$
+$ write sys$output "This could take some time."
+$
+$ mcr 'exe_dir'openssl req -config test.cnf 'req_new' -out testreq.pem
+$ if $severity .ne. 1
+$ then
+$ write sys$output "problems creating request"
+$ exit 3
+$ endif
+$
+$ mcr 'exe_dir'openssl req -config test.cnf -verify -in testreq.pem -noout
+$ if $severity .ne. 1
+$ then
+$ write sys$output "signature on req is wrong"
+$ exit 3
+$ endif
Added: trunk/crypto/openssl/test/tests.com
===================================================================
--- trunk/crypto/openssl/test/tests.com (rev 0)
+++ trunk/crypto/openssl/test/tests.com 2014-10-12 20:48:00 UTC (rev 6872)
@@ -0,0 +1,277 @@
+$! TESTS.COM -- Performs the necessary tests
+$!
+$! P1 tests to be performed. Empty means all.
+$
+$ __proc = f$element(0,";",f$environment("procedure"))
+$ __here = f$parse(f$parse("A.;",__proc) - "A.;","[]A.;") - "A.;"
+$ __save_default = f$environment("default")
+$ __arch := VAX
+$ if f$getsyi("cpu") .ge. 128 then -
+ __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$ if __arch .eqs. "" then __arch := UNK
+$ texe_dir := sys$disk:[-.'__arch'.exe.test]
+$ exe_dir := sys$disk:[-.'__arch'.exe.apps]
+$
+$ sslroot = f$parse("sys$disk:[-.apps];",,,,"syntax_only") - "].;"+ ".]"
+$ define /translation_attributes = concealed sslroot 'sslroot'
+$
+$ set default '__here'
+$
+$ on control_y then goto exit
+$ on error then goto exit
+$
+$ if p1 .nes. ""
+$ then
+$ tests = p1
+$ else
+$! NOTE: This list reflects the list of dependencies following the
+$! "alltests" target in Makefile. This should make it easy to see
+$! if there's a difference that needs to be taken care of.
+$ tests := -
+ test_des,test_idea,test_sha,test_md4,test_md5,test_hmac,-
+ test_md2,test_mdc2,-
+ test_rmd,test_rc2,test_rc4,test_rc5,test_bf,test_cast,test_rd,-
+ test_rand,test_bn,test_ec,test_ecdsa,test_ecdh,-
+ test_enc,test_x509,test_rsa,test_crl,test_sid,-
+ test_gen,test_req,test_pkcs7,test_verify,test_dh,test_dsa,-
+ test_ss,test_ca,test_engine,test_evp,test_ssl,test_ige,test_jpake
+$ endif
+$ tests = f$edit(tests,"COLLAPSE")
+$
+$ BNTEST := bntest
+$ ECTEST := ectest
+$ ECDSATEST := ecdsatest
+$ ECDHTEST := ecdhtest
+$ EXPTEST := exptest
+$ IDEATEST := ideatest
+$ SHATEST := shatest
+$ SHA1TEST := sha1test
+$ MDC2TEST := mdc2test
+$ RMDTEST := rmdtest
+$ MD2TEST := md2test
+$ MD4TEST := md4test
+$ MD5TEST := md5test
+$ HMACTEST := hmactest
+$ RC2TEST := rc2test
+$ RC4TEST := rc4test
+$ RC5TEST := rc5test
+$ BFTEST := bftest
+$ CASTTEST := casttest
+$ DESTEST := destest
+$ RANDTEST := randtest
+$ DHTEST := dhtest
+$ DSATEST := dsatest
+$ METHTEST := methtest
+$ SSLTEST := ssltest
+$ RSATEST := rsa_test
+$ ENGINETEST := enginetest
+$ EVPTEST := evp_test
+$ IGETEST := igetest
+$ JPAKETEST := jpaketest
+$
+$ tests_i = 0
+$ loop_tests:
+$ tests_e = f$element(tests_i,",",tests)
+$ tests_i = tests_i + 1
+$ if tests_e .eqs. "," then goto exit
+$ gosub 'tests_e'
+$ goto loop_tests
+$
+$ test_evp:
+$ mcr 'texe_dir''evptest' evptests.txt
+$ return
+$ test_des:
+$ mcr 'texe_dir''destest'
+$ return
+$ test_idea:
+$ mcr 'texe_dir''ideatest'
+$ return
+$ test_sha:
+$ mcr 'texe_dir''shatest'
+$ mcr 'texe_dir''sha1test'
+$ return
+$ test_mdc2:
+$ mcr 'texe_dir''mdc2test'
+$ return
+$ test_md5:
+$ mcr 'texe_dir''md5test'
+$ return
+$ test_md4:
+$ mcr 'texe_dir''md4test'
+$ return
+$ test_hmac:
+$ mcr 'texe_dir''hmactest'
+$ return
+$ test_md2:
+$ mcr 'texe_dir''md2test'
+$ return
+$ test_rmd:
+$ mcr 'texe_dir''rmdtest'
+$ return
+$ test_bf:
+$ mcr 'texe_dir''bftest'
+$ return
+$ test_cast:
+$ mcr 'texe_dir''casttest'
+$ return
+$ test_rc2:
+$ mcr 'texe_dir''rc2test'
+$ return
+$ test_rc4:
+$ mcr 'texe_dir''rc4test'
+$ return
+$ test_rc5:
+$ mcr 'texe_dir''rc5test'
+$ return
+$ test_rand:
+$ mcr 'texe_dir''randtest'
+$ return
+$ test_enc:
+$ @testenc.com
+$ return
+$ test_x509:
+$ define sys$error nla0:
+$ write sys$output "test normal x509v1 certificate"
+$ @tx509.com
+$ write sys$output "test first x509v3 certificate"
+$ @tx509.com v3-cert1.pem
+$ write sys$output "test second x509v3 certificate"
+$ @tx509.com v3-cert2.pem
+$ deassign sys$error
+$ return
+$ test_rsa:
+$ define sys$error nla0:
+$ @trsa.com
+$ deassign sys$error
+$ mcr 'texe_dir''rsatest'
+$ return
+$ test_crl:
+$ define sys$error nla0:
+$ @tcrl.com
+$ deassign sys$error
+$ return
+$ test_sid:
+$ define sys$error nla0:
+$ @tsid.com
+$ deassign sys$error
+$ return
+$ test_req:
+$ define sys$error nla0:
+$ @treq.com
+$ @treq.com testreq2.pem
+$ deassign sys$error
+$ return
+$ test_pkcs7:
+$ define sys$error nla0:
+$ @tpkcs7.com
+$ @tpkcs7d.com
+$ deassign sys$error
+$ return
+$ test_bn:
+$ write sys$output "starting big number library test, could take a while..."
+$ create bntest-vms.fdl
+FILE
+ ORGANIZATION sequential
+RECORD
+ FORMAT stream_lf
+$ create/fdl=bntest-vms.fdl bntest-vms.sh
+$ open/append foo bntest-vms.sh
+$ type/output=foo: sys$input:
+<< __FOO__ sh -c "`sh ./bctest`" | perl -e '$i=0; while (<STDIN>) {if (/^test (.*)/) {print STDERR "\nverify $1";} elsif (!/^0$/) {die "\nFailed! bc: $_";} else {print STDERR "."; $i++;}} print STDERR "\n$i tests passed\n"'
+$ define/user sys$output bntest-vms.tmp
+$ mcr 'texe_dir''bntest'
+$ copy bntest-vms.tmp foo:
+$ delete bntest-vms.tmp;*
+$ type/output=foo: sys$input:
+__FOO__
+$ close foo
+$ write sys$output "-- copy the [.test]bntest-vms.sh and [.test]bctest files to a Unix system and"
+$ write sys$output "-- run bntest-vms.sh through sh or bash to verify that the bignum operations"
+$ write sys$output "-- went well."
+$ write sys$output ""
+$ write sys$output "test a^b%c implementations"
+$ mcr 'texe_dir''exptest'
+$ return
+$ test_ec:
+$ write sys$output "test elliptic curves"
+$ mcr 'texe_dir''ectest'
+$ return
+$ test_ecdsa:
+$ write sys$output "test ecdsa"
+$ mcr 'texe_dir''ecdsatest'
+$ return
+$ test_ecdh:
+$ write sys$output "test ecdh"
+$ mcr 'texe_dir''ecdhtest'
+$ return
+$ test_verify:
+$ write sys$output "The following command should have some OK's and some failures"
+$ write sys$output "There are definitly a few expired certificates"
+$ @tverify.com
+$ return
+$ test_dh:
+$ write sys$output "Generate a set of DH parameters"
+$ mcr 'texe_dir''dhtest'
+$ return
+$ test_dsa:
+$ write sys$output "Generate a set of DSA parameters"
+$ mcr 'texe_dir''dsatest'
+$ return
+$ test_gen:
+$ write sys$output "Generate and verify a certificate request"
+$ @testgen.com
+$ return
+$ maybe_test_ss:
+$ testss_RDT = f$cvtime(f$file_attributes("testss.com","RDT"))
+$ if f$cvtime(f$file_attributes("keyU.ss","RDT")) .les. testss_RDT then -
+ goto test_ss
+$ if f$cvtime(f$file_attributes("certU.ss","RDT")) .les. testss_RDT then -
+ goto test_ss
+$ if f$cvtime(f$file_attributes("certCA.ss","RDT")) .les. testss_RDT then -
+ goto test_ss
+$ return
+$ test_ss:
+$ write sys$output "Generate and certify a test certificate"
+$ @testss.com
+$ return
+$ test_engine:
+$ write sys$output "Manipulate the ENGINE structures"
+$ mcr 'texe_dir''enginetest'
+$ return
+$ test_ssl:
+$ write sys$output "test SSL protocol"
+$ gosub maybe_test_ss
+$ @testssl.com keyU.ss certU.ss certCA.ss
+$ return
+$ test_ca:
+$ set noon
+$ define/user sys$output nla0:
+$ mcr 'exe_dir'openssl no-rsa
+$ save_severity=$SEVERITY
+$ set on
+$ if save_severity
+$ then
+$ write sys$output "skipping CA.com test -- requires RSA"
+$ else
+$ write sys$output "Generate and certify a test certificate via the 'ca' program"
+$ @testca.com
+$ endif
+$ return
+$ test_rd:
+$ write sys$output "test Rijndael"
+$ !mcr 'texe_dir''rdtest'
+$ return
+$ test_ige:
+$ write sys$output "Test IGE mode"
+$ mcr 'texe_dir''igetest'
+$ return
+$ test_jpake:
+$ write sys$output "Test JPAKE"
+$ mcr 'texe_dir''jpaketest'
+$ return
+$
+$
+$ exit:
+$ set default '__save_default'
+$ deassign sslroot
+$ exit
Added: trunk/crypto/openssl/test/testss.com
===================================================================
--- trunk/crypto/openssl/test/testss.com (rev 0)
+++ trunk/crypto/openssl/test/testss.com 2014-10-12 20:48:00 UTC (rev 6872)
@@ -0,0 +1,120 @@
+$! TESTSS.COM
+$
+$ __arch := VAX
+$ if f$getsyi("cpu") .ge. 128 then -
+ __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$ if __arch .eqs. "" then __arch := UNK
+$ exe_dir := sys$disk:[-.'__arch'.exe.apps]
+$
+$ digest="-md5"
+$ reqcmd := mcr 'exe_dir'openssl req
+$ x509cmd := mcr 'exe_dir'openssl x509 'digest'
+$ verifycmd := mcr 'exe_dir'openssl verify
+$ dummycnf := sys$disk:[-.apps]openssl-vms.cnf
+$
+$ CAkey="""keyCA.ss"""
+$ CAcert="""certCA.ss"""
+$ CAreq="""reqCA.ss"""
+$ CAconf="""CAss.cnf"""
+$ CAreq2="""req2CA.ss""" ! temp
+$
+$ Uconf="""Uss.cnf"""
+$ Ukey="""keyU.ss"""
+$ Ureq="""reqU.ss"""
+$ Ucert="""certU.ss"""
+$
+$ write sys$output ""
+$ write sys$output "make a certificate request using 'req'"
+$
+$ set noon
+$ define/user sys$output nla0:
+$ mcr 'exe_dir'openssl no-rsa
+$ save_severity=$SEVERITY
+$ set on
+$ if save_severity
+$ then
+$ req_new="-newkey dsa:[-.apps]dsa512.pem"
+$ else
+$ req_new="-new"
+$ endif
+$
+$ 'reqcmd' -config 'CAconf' -out 'CAreq' -keyout 'CAkey' 'req_new' ! -out err.ss
+$ if $severity .ne. 1
+$ then
+$ write sys$output "error using 'req' to generate a certificate request"
+$ exit 3
+$ endif
+$ write sys$output ""
+$ write sys$output "convert the certificate request into a self signed certificate using 'x509'"
+$ define /user sys$output err.ss
+$ 'x509cmd' "-CAcreateserial" -in 'CAreq' -days 30 -req -out 'CAcert' -signkey 'CAkey'
+$ if $severity .ne. 1
+$ then
+$ write sys$output "error using 'x509' to self sign a certificate request"
+$ exit 3
+$ endif
+$
+$ write sys$output ""
+$ write sys$output "convert a certificate into a certificate request using 'x509'"
+$ define /user sys$output err.ss
+$ 'x509cmd' -in 'CAcert' -x509toreq -signkey 'CAkey' -out 'CAreq2'
+$ if $severity .ne. 1
+$ then
+$ write sys$output "error using 'x509' convert a certificate to a certificate request"
+$ exit 3
+$ endif
+$
+$ 'reqcmd' -config 'dummycnf' -verify -in 'CAreq' -noout
+$ if $severity .ne. 1
+$ then
+$ write sys$output "first generated request is invalid"
+$ exit 3
+$ endif
+$
+$ 'reqcmd' -config 'dummycnf' -verify -in 'CAreq2' -noout
+$ if $severity .ne. 1
+$ then
+$ write sys$output "second generated request is invalid"
+$ exit 3
+$ endif
+$
+$ 'verifycmd' "-CAfile" 'CAcert' 'CAcert'
+$ if $severity .ne. 1
+$ then
+$ write sys$output "first generated cert is invalid"
+$ exit 3
+$ endif
+$
+$ write sys$output ""
+$ write sys$output "make another certificate request using 'req'"
+$ define /user sys$output err.ss
+$ 'reqcmd' -config 'Uconf' -out 'Ureq' -keyout 'Ukey' 'req_new'
+$ if $severity .ne. 1
+$ then
+$ write sys$output "error using 'req' to generate a certificate request"
+$ exit 3
+$ endif
+$
+$ write sys$output ""
+$ write sys$output "sign certificate request with the just created CA via 'x509'"
+$ define /user sys$output err.ss
+$ 'x509cmd' "-CAcreateserial" -in 'Ureq' -days 30 -req -out 'Ucert' "-CA" 'CAcert' "-CAkey" 'CAkey'
+$ if $severity .ne. 1
+$ then
+$ write sys$output "error using 'x509' to sign a certificate request"
+$ exit 3
+$ endif
+$
+$ 'verifycmd' "-CAfile" 'CAcert' 'Ucert'
+$ write sys$output ""
+$ write sys$output "Certificate details"
+$ 'x509cmd' -subject -issuer -startdate -enddate -noout -in 'Ucert'
+$
+$ write sys$output ""
+$ write sys$output "The generated CA certificate is ",CAcert
+$ write sys$output "The generated CA private key is ",CAkey
+$
+$ write sys$output "The generated user certificate is ",Ucert
+$ write sys$output "The generated user private key is ",Ukey
+$
+$ if f$search("err.ss;*") .nes. "" then delete err.ss;*
Modified: trunk/crypto/openssl/test/testssl
===================================================================
--- trunk/crypto/openssl/test/testssl 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/test/testssl 2014-10-12 20:48:00 UTC (rev 6872)
@@ -119,6 +119,23 @@
echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify
$ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1
+echo "Testing ciphersuites"
+for protocol in SSLv3; do
+ echo "Testing ciphersuites for $protocol"
+ for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "RSA+$protocol" | tr ':' ' '`; do
+ echo "Testing $cipher"
+ prot=""
+ if [ $protocol = "SSLv3" ] ; then
+ prot="-ssl3"
+ fi
+ $ssltest -cipher $cipher $prot
+ if [ $? -ne 0 ] ; then
+ echo "Failed $cipher"
+ exit 1
+ fi
+ done
+done
+
#############################################################################
if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
Added: trunk/crypto/openssl/test/testssl.com
===================================================================
--- trunk/crypto/openssl/test/testssl.com (rev 0)
+++ trunk/crypto/openssl/test/testssl.com 2014-10-12 20:48:00 UTC (rev 6872)
@@ -0,0 +1,206 @@
+$! TESTSSL.COM
+$
+$ __arch := VAX
+$ if f$getsyi("cpu") .ge. 128 then -
+ __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$ if __arch .eqs. "" then __arch := UNK
+$ texe_dir := sys$disk:[-.'__arch'.exe.test]
+$ exe_dir := sys$disk:[-.'__arch'.exe.apps]
+$
+$ if p1 .eqs. ""
+$ then
+$ key="[-.apps]server.pem"
+$ else
+$ key=p1
+$ endif
+$ if p2 .eqs. ""
+$ then
+$ cert="[-.apps]server.pem"
+$ else
+$ cert=p2
+$ endif
+$ ssltest := mcr 'texe_dir'ssltest -key 'key' -cert 'cert' -c_key 'key' -c_cert 'cert'
+$
+$ define/user sys$output testssl-x509-output.
+$ define/user sys$error nla0:
+$ mcr 'exe_dir'openssl x509 -in 'cert' -text -noout
+$ set noon
+$ define/user sys$error nla0:
+$ search/output=nla0: testssl-x509-output. "DSA Public Key"/exact
+$ if $severity .eq. 1
+$ then
+$ dsa_cert := YES
+$ else
+$ dsa_cert := NO
+$ endif
+$ set on
+$ delete testssl-x509-output.;*
+$
+$ if p3 .eqs. ""
+$ then
+$ copy/concatenate [-.certs]*.pem certs.tmp
+$ CA = """-CAfile"" certs.tmp"
+$ else
+$ CA = """-CAfile"" "+p3
+$ endif
+$
+$!###########################################################################
+$
+$ write sys$output "test sslv2"
+$ 'ssltest' -ssl2
+$ if $severity .ne. 1 then goto exit3
+$
+$ write sys$output "test sslv2 with server authentication"
+$ 'ssltest' -ssl2 -server_auth 'CA'
+$ if $severity .ne. 1 then goto exit3
+$
+$ if .not. dsa_cert
+$ then
+$ write sys$output "test sslv2 with client authentication"
+$ 'ssltest' -ssl2 -client_auth 'CA'
+$ if $severity .ne. 1 then goto exit3
+$
+$ write sys$output "test sslv2 with both client and server authentication"
+$ 'ssltest' -ssl2 -server_auth -client_auth 'CA'
+$ if $severity .ne. 1 then goto exit3
+$ endif
+$
+$ write sys$output "test sslv3"
+$ 'ssltest' -ssl3
+$ if $severity .ne. 1 then goto exit3
+$
+$ write sys$output "test sslv3 with server authentication"
+$ 'ssltest' -ssl3 -server_auth 'CA'
+$ if $severity .ne. 1 then goto exit3
+$
+$ write sys$output "test sslv3 with client authentication"
+$ 'ssltest' -ssl3 -client_auth 'CA'
+$ if $severity .ne. 1 then goto exit3
+$
+$ write sys$output "test sslv3 with both client and server authentication"
+$ 'ssltest' -ssl3 -server_auth -client_auth 'CA'
+$ if $severity .ne. 1 then goto exit3
+$
+$ write sys$output "test sslv2/sslv3"
+$ 'ssltest'
+$ if $severity .ne. 1 then goto exit3
+$
+$ write sys$output "test sslv2/sslv3 with server authentication"
+$ 'ssltest' -server_auth 'CA'
+$ if $severity .ne. 1 then goto exit3
+$
+$ write sys$output "test sslv2/sslv3 with client authentication"
+$ 'ssltest' -client_auth 'CA'
+$ if $severity .ne. 1 then goto exit3
+$
+$ write sys$output "test sslv2/sslv3 with both client and server authentication"
+$ 'ssltest' -server_auth -client_auth 'CA'
+$ if $severity .ne. 1 then goto exit3
+$
+$ write sys$output "test sslv2 via BIO pair"
+$ 'ssltest' -bio_pair -ssl2
+$ if $severity .ne. 1 then goto exit3
+$
+$ write sys$output "test sslv2 with server authentication via BIO pair"
+$ 'ssltest' -bio_pair -ssl2 -server_auth 'CA'
+$ if $severity .ne. 1 then goto exit3
+$
+$ if .not. dsa_cert
+$ then
+$ write sys$output "test sslv2 with client authentication via BIO pair"
+$ 'ssltest' -bio_pair -ssl2 -client_auth 'CA'
+$ if $severity .ne. 1 then goto exit3
+$
+$ write sys$output "test sslv2 with both client and server authentication via BIO pair"
+$ 'ssltest' -bio_pair -ssl2 -server_auth -client_auth 'CA'
+$ if $severity .ne. 1 then goto exit3
+$ endif
+$
+$ write sys$output "test sslv3 via BIO pair"
+$ 'ssltest' -bio_pair -ssl3
+$ if $severity .ne. 1 then goto exit3
+$
+$ write sys$output "test sslv3 with server authentication via BIO pair"
+$ 'ssltest' -bio_pair -ssl3 -server_auth 'CA'
+$ if $severity .ne. 1 then goto exit3
+$
+$ write sys$output "test sslv3 with client authentication via BIO pair"
+$ 'ssltest' -bio_pair -ssl3 -client_auth 'CA'
+$ if $severity .ne. 1 then goto exit3
+
+$ write sys$output "test sslv3 with both client and server authentication via BIO pair"
+$ 'ssltest' -bio_pair -ssl3 -server_auth -client_auth 'CA'
+$ if $severity .ne. 1 then goto exit3
+$
+$ write sys$output "test sslv2/sslv3 via BIO pair"
+$ 'ssltest'
+$ if $severity .ne. 1 then goto exit3
+$
+$ if .not. dsa_cert
+$ then
+$ write sys$output "test sslv2/sslv3 w/o DHE via BIO pair"
+$ 'ssltest' -bio_pair -no_dhe
+$ if $severity .ne. 1 then goto exit3
+$ endif
+$
+$ write sys$output "test sslv2/sslv3 with 1024 bit DHE via BIO pair"
+$ 'ssltest' -bio_pair -dhe1024dsa -v
+$ if $severity .ne. 1 then goto exit3
+$
+$ write sys$output "test sslv2/sslv3 with server authentication"
+$ 'ssltest' -bio_pair -server_auth 'CA'
+$ if $severity .ne. 1 then goto exit3
+$
+$ write sys$output "test sslv2/sslv3 with client authentication via BIO pair"
+$ 'ssltest' -bio_pair -client_auth 'CA'
+$ if $severity .ne. 1 then goto exit3
+$
+$ write sys$output "test sslv2/sslv3 with both client and server authentication via BIO pair"
+$ 'ssltest' -bio_pair -server_auth -client_auth 'CA'
+$ if $severity .ne. 1 then goto exit3
+$
+$!###########################################################################
+$
+$ set noon
+$ define/user sys$output nla0:
+$ mcr 'exe_dir'openssl no-rsa
+$ no_rsa=$SEVERITY
+$ define/user sys$output nla0:
+$ mcr 'exe_dir'openssl no-dh
+$ no_dh=$SEVERITY
+$ set on
+$
+$ if no_dh
+$ then
+$ write sys$output "skipping anonymous DH tests"
+$ else
+$ write sys$output "test tls1 with 1024bit anonymous DH, multiple handshakes"
+$ 'ssltest' -v -bio_pair -tls1 -cipher "ADH" -dhe1024dsa -num 10 -f -time
+$ if $severity .ne. 1 then goto exit3
+$ endif
+$
+$ if no_rsa
+$ then
+$ write sys$output "skipping RSA tests"
+$ else
+$ write sys$output "test tls1 with 1024bit RSA, no DHE, multiple handshakes"
+$ mcr 'texe_dir'ssltest -v -bio_pair -tls1 -cert [-.apps]server2.pem -no_dhe -num 10 -f -time
+$ if $severity .ne. 1 then goto exit3
+$
+$ if no_dh
+$ then
+$ write sys$output "skipping RSA+DHE tests"
+$ else
+$ write sys$output "test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes"
+$ mcr 'texe_dir'ssltest -v -bio_pair -tls1 -cert [-.apps]server2.pem -dhe1024dsa -num 10 -f -time
+$ if $severity .ne. 1 then goto exit3
+$ endif
+$ endif
+$
+$ RET = 1
+$ goto exit
+$ exit3:
+$ RET = 3
+$ exit:
+$ if p3 .eqs. "" then delete certs.tmp;*
+$ exit 'RET'
Added: trunk/crypto/openssl/test/tpkcs7.com
===================================================================
--- trunk/crypto/openssl/test/tpkcs7.com (rev 0)
+++ trunk/crypto/openssl/test/tpkcs7.com 2014-10-12 20:48:00 UTC (rev 6872)
@@ -0,0 +1,56 @@
+$! TPKCS7.COM -- Tests pkcs7 keys
+$
+$ __arch := VAX
+$ if f$getsyi("cpu") .ge. 128 then -
+ __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$ if __arch .eqs. "" then __arch := UNK
+$ exe_dir := sys$disk:[-.'__arch'.exe.apps]
+$
+$ cmd := mcr 'exe_dir'openssl pkcs7
+$
+$ t := testp7.pem
+$ if p1 .nes. "" then t = p1
+$
+$ write sys$output "testing PKCS7 conversions"
+$ if f$search("fff.*") .nes "" then delete fff.*;*
+$ if f$search("ff.*") .nes "" then delete ff.*;*
+$ if f$search("f.*") .nes "" then delete f.*;*
+$ convert/fdl=sys$input: 't' fff.p
+RECORD
+ FORMAT STREAM_LF
+$
+$ write sys$output "p -> d"
+$ 'cmd' -in fff.p -inform p -outform d -out f.d
+$ if $severity .ne. 1 then exit 3
+$ write sys$output "p -> p"
+$ 'cmd' -in fff.p -inform p -outform p -out f.p
+$ if $severity .ne. 1 then exit 3
+$
+$ write sys$output "d -> d"
+$ 'cmd' -in f.d -inform d -outform d -out ff.d1
+$ if $severity .ne. 1 then exit 3
+$ write sys$output "p -> d"
+$ 'cmd' -in f.p -inform p -outform d -out ff.d3
+$ if $severity .ne. 1 then exit 3
+$
+$
+$ write sys$output "d -> p"
+$ 'cmd' -in f.d -inform d -outform p -out ff.p1
+$ if $severity .ne. 1 then exit 3
+$ write sys$output "p -> p"
+$ 'cmd' -in f.p -inform p -outform p -out ff.p3
+$ if $severity .ne. 1 then exit 3
+$
+$ backup/compare fff.p f.p
+$ if $severity .ne. 1 then exit 3
+$ backup/compare fff.p ff.p1
+$ if $severity .ne. 1 then exit 3
+$ backup/compare fff.p ff.p3
+$ if $severity .ne. 1 then exit 3
+$
+$ backup/compare f.p ff.p1
+$ if $severity .ne. 1 then exit 3
+$ backup/compare f.p ff.p3
+$ if $severity .ne. 1 then exit 3
+$
+$ delete f.*;*,ff.*;*,fff.*;*
Added: trunk/crypto/openssl/test/tpkcs7d.com
===================================================================
--- trunk/crypto/openssl/test/tpkcs7d.com (rev 0)
+++ trunk/crypto/openssl/test/tpkcs7d.com 2014-10-12 20:48:00 UTC (rev 6872)
@@ -0,0 +1,49 @@
+$! TPKCS7.COM -- Tests pkcs7 keys
+$
+$ __arch := VAX
+$ if f$getsyi("cpu") .ge. 128 then -
+ __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$ if __arch .eqs. "" then __arch := UNK
+$ exe_dir := sys$disk:[-.'__arch'.exe.apps]
+$
+$ cmd := mcr 'exe_dir'openssl pkcs7
+$
+$ t := pkcs7-1.pem
+$ if p1 .nes. "" then t = p1
+$
+$ write sys$output "testing PKCS7 conversions (2)"
+$ if f$search("fff.*") .nes "" then delete fff.*;*
+$ if f$search("ff.*") .nes "" then delete ff.*;*
+$ if f$search("f.*") .nes "" then delete f.*;*
+$ convert/fdl=sys$input: 't' fff.p
+RECORD
+ FORMAT STREAM_LF
+$
+$ write sys$output "p -> d"
+$ 'cmd' -in fff.p -inform p -outform d -out f.d
+$ if $severity .ne. 1 then exit 3
+$ write sys$output "p -> p"
+$ 'cmd' -in fff.p -inform p -outform p -out f.p
+$ if $severity .ne. 1 then exit 3
+$
+$ write sys$output "d -> d"
+$ 'cmd' -in f.d -inform d -outform d -out ff.d1
+$ if $severity .ne. 1 then exit 3
+$ write sys$output "p -> d"
+$ 'cmd' -in f.p -inform p -outform d -out ff.d3
+$ if $severity .ne. 1 then exit 3
+$
+$
+$ write sys$output "d -> p"
+$ 'cmd' -in f.d -inform d -outform p -out ff.p1
+$ if $severity .ne. 1 then exit 3
+$ write sys$output "p -> p"
+$ 'cmd' -in f.p -inform p -outform p -out ff.p3
+$ if $severity .ne. 1 then exit 3
+$
+$ backup/compare f.p ff.p1
+$ if $severity .ne. 1 then exit 3
+$ backup/compare f.p ff.p3
+$ if $severity .ne. 1 then exit 3
+$
+$ delete f.*;*,ff.*;*,fff.*;*
Added: trunk/crypto/openssl/test/treq.com
===================================================================
--- trunk/crypto/openssl/test/treq.com (rev 0)
+++ trunk/crypto/openssl/test/treq.com 2014-10-12 20:48:00 UTC (rev 6872)
@@ -0,0 +1,85 @@
+$! TREQ.COM -- Tests req keys
+$
+$ __arch := VAX
+$ if f$getsyi("cpu") .ge. 128 then -
+ __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$ if __arch .eqs. "" then __arch := UNK
+$ exe_dir := sys$disk:[-.'__arch'.exe.apps]
+$
+$ cmd := mcr 'exe_dir'openssl req -config [-.apps]openssl-vms.cnf
+$
+$ t := testreq.pem
+$ if p1 .nes. "" then t = p1
+$
+$ write sys$output "testing req conversions"
+$ if f$search("fff.*") .nes "" then delete fff.*;*
+$ if f$search("ff.*") .nes "" then delete ff.*;*
+$ if f$search("f.*") .nes "" then delete f.*;*
+$ convert/fdl=sys$input: 't' fff.p
+RECORD
+ FORMAT STREAM_LF
+$
+$ write sys$output "p -> d"
+$ 'cmd' -in fff.p -inform p -outform d -out f.d
+$ if $severity .ne. 1 then exit 3
+$! write sys$output "p -> t"
+$! 'cmd' -in fff.p -inform p -outform t -out f.t
+$! if $severity .ne. 1 then exit 3
+$ write sys$output "p -> p"
+$ 'cmd' -in fff.p -inform p -outform p -out f.p
+$ if $severity .ne. 1 then exit 3
+$
+$ write sys$output "d -> d"
+$ 'cmd' -verify -in f.d -inform d -outform d -out ff.d1
+$ if $severity .ne. 1 then exit 3
+$! write sys$output "t -> d"
+$! 'cmd' -verify -in f.t -inform t -outform d -out ff.d2
+$! if $severity .ne. 1 then exit 3
+$ write sys$output "p -> d"
+$ 'cmd' -verify -in f.p -inform p -outform d -out ff.d3
+$ if $severity .ne. 1 then exit 3
+$
+$! write sys$output "d -> t"
+$! 'cmd' -in f.d -inform d -outform t -out ff.t1
+$! if $severity .ne. 1 then exit 3
+$! write sys$output "t -> t"
+$! 'cmd' -in f.t -inform t -outform t -out ff.t2
+$! if $severity .ne. 1 then exit 3
+$! write sys$output "p -> t"
+$! 'cmd' -in f.p -inform p -outform t -out ff.t3
+$! if $severity .ne. 1 then exit 3
+$
+$ write sys$output "d -> p"
+$ 'cmd' -in f.d -inform d -outform p -out ff.p1
+$ if $severity .ne. 1 then exit 3
+$! write sys$output "t -> p"
+$! 'cmd' -in f.t -inform t -outform p -out ff.p2
+$! if $severity .ne. 1 then exit 3
+$ write sys$output "p -> p"
+$ 'cmd' -in f.p -inform p -outform p -out ff.p3
+$ if $severity .ne. 1 then exit 3
+$
+$ backup/compare fff.p f.p
+$ if $severity .ne. 1 then exit 3
+$ backup/compare fff.p ff.p1
+$ if $severity .ne. 1 then exit 3
+$! backup/compare fff.p ff.p2
+$! if $severity .ne. 1 then exit 3
+$ backup/compare fff.p ff.p3
+$ if $severity .ne. 1 then exit 3
+$
+$! backup/compare f.t ff.t1
+$! if $severity .ne. 1 then exit 3
+$! backup/compare f.t ff.t2
+$! if $severity .ne. 1 then exit 3
+$! backup/compare f.t ff.t3
+$! if $severity .ne. 1 then exit 3
+$
+$ backup/compare f.p ff.p1
+$ if $severity .ne. 1 then exit 3
+$! backup/compare f.p ff.p2
+$! if $severity .ne. 1 then exit 3
+$ backup/compare f.p ff.p3
+$ if $severity .ne. 1 then exit 3
+$
+$ delete f.*;*,ff.*;*,fff.*;*
Added: trunk/crypto/openssl/test/trsa.com
===================================================================
--- trunk/crypto/openssl/test/trsa.com (rev 0)
+++ trunk/crypto/openssl/test/trsa.com 2014-10-12 20:48:00 UTC (rev 6872)
@@ -0,0 +1,96 @@
+$! TRSA.COM -- Tests rsa keys
+$
+$ __arch := VAX
+$ if f$getsyi("cpu") .ge. 128 then -
+ __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$ if __arch .eqs. "" then __arch := UNK
+$ exe_dir := sys$disk:[-.'__arch'.exe.apps]
+$
+$ set noon
+$ define/user sys$output nla0:
+$ mcr 'exe_dir'openssl no-rsa
+$ save_severity=$SEVERITY
+$ set on
+$ if save_severity
+$ then
+$ write sys$output "skipping RSA conversion test"
+$ exit
+$ endif
+$
+$ cmd := mcr 'exe_dir'openssl rsa
+$
+$ t := testrsa.pem
+$ if p1 .nes. "" then t = p1
+$
+$ write sys$output "testing RSA conversions"
+$ if f$search("fff.*") .nes "" then delete fff.*;*
+$ if f$search("ff.*") .nes "" then delete ff.*;*
+$ if f$search("f.*") .nes "" then delete f.*;*
+$ convert/fdl=sys$input: 't' fff.p
+RECORD
+ FORMAT STREAM_LF
+$
+$ write sys$output "p -> d"
+$ 'cmd' -in fff.p -inform p -outform d -out f.d
+$ if $severity .ne. 1 then exit 3
+$! write sys$output "p -> t"
+$! 'cmd' -in fff.p -inform p -outform t -out f.t
+$! if $severity .ne. 1 then exit 3
+$ write sys$output "p -> p"
+$ 'cmd' -in fff.p -inform p -outform p -out f.p
+$ if $severity .ne. 1 then exit 3
+$
+$ write sys$output "d -> d"
+$ 'cmd' -in f.d -inform d -outform d -out ff.d1
+$ if $severity .ne. 1 then exit 3
+$! write sys$output "t -> d"
+$! 'cmd' -in f.t -inform t -outform d -out ff.d2
+$! if $severity .ne. 1 then exit 3
+$ write sys$output "p -> d"
+$ 'cmd' -in f.p -inform p -outform d -out ff.d3
+$ if $severity .ne. 1 then exit 3
+$
+$! write sys$output "d -> t"
+$! 'cmd' -in f.d -inform d -outform t -out ff.t1
+$! if $severity .ne. 1 then exit 3
+$! write sys$output "t -> t"
+$! 'cmd' -in f.t -inform t -outform t -out ff.t2
+$! if $severity .ne. 1 then exit 3
+$! write sys$output "p -> t"
+$! 'cmd' -in f.p -inform p -outform t -out ff.t3
+$! if $severity .ne. 1 then exit 3
+$
+$ write sys$output "d -> p"
+$ 'cmd' -in f.d -inform d -outform p -out ff.p1
+$ if $severity .ne. 1 then exit 3
+$! write sys$output "t -> p"
+$! 'cmd' -in f.t -inform t -outform p -out ff.p2
+$! if $severity .ne. 1 then exit 3
+$ write sys$output "p -> p"
+$ 'cmd' -in f.p -inform p -outform p -out ff.p3
+$ if $severity .ne. 1 then exit 3
+$
+$ backup/compare fff.p f.p
+$ if $severity .ne. 1 then exit 3
+$ backup/compare fff.p ff.p1
+$ if $severity .ne. 1 then exit 3
+$! backup/compare fff.p ff.p2
+$! if $severity .ne. 1 then exit 3
+$ backup/compare fff.p ff.p3
+$ if $severity .ne. 1 then exit 3
+$
+$! backup/compare f.t ff.t1
+$! if $severity .ne. 1 then exit 3
+$! backup/compare f.t ff.t2
+$! if $severity .ne. 1 then exit 3
+$! backup/compare f.t ff.t3
+$! if $severity .ne. 1 then exit 3
+$
+$ backup/compare f.p ff.p1
+$ if $severity .ne. 1 then exit 3
+$! backup/compare f.p ff.p2
+$! if $severity .ne. 1 then exit 3
+$ backup/compare f.p ff.p3
+$ if $severity .ne. 1 then exit 3
+$
+$ delete f.*;*,ff.*;*,fff.*;*
Added: trunk/crypto/openssl/test/tsid.com
===================================================================
--- trunk/crypto/openssl/test/tsid.com (rev 0)
+++ trunk/crypto/openssl/test/tsid.com 2014-10-12 20:48:00 UTC (rev 6872)
@@ -0,0 +1,85 @@
+$! TSID.COM -- Tests sid keys
+$
+$ __arch := VAX
+$ if f$getsyi("cpu") .ge. 128 then -
+ __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$ if __arch .eqs. "" then __arch := UNK
+$ exe_dir := sys$disk:[-.'__arch'.exe.apps]
+$
+$ cmd := mcr 'exe_dir'openssl sess_id
+$
+$ t := testsid.pem
+$ if p1 .nes. "" then t = p1
+$
+$ write sys$output "testing session-id conversions"
+$ if f$search("fff.*") .nes "" then delete fff.*;*
+$ if f$search("ff.*") .nes "" then delete ff.*;*
+$ if f$search("f.*") .nes "" then delete f.*;*
+$ convert/fdl=sys$input: 't' fff.p
+RECORD
+ FORMAT STREAM_LF
+$
+$ write sys$output "p -> d"
+$ 'cmd' -in fff.p -inform p -outform d -out f.d
+$ if $severity .ne. 1 then exit 3
+$! write sys$output "p -> t"
+$! 'cmd' -in fff.p -inform p -outform t -out f.t
+$! if $severity .ne. 1 then exit 3
+$ write sys$output "p -> p"
+$ 'cmd' -in fff.p -inform p -outform p -out f.p
+$ if $severity .ne. 1 then exit 3
+$
+$ write sys$output "d -> d"
+$ 'cmd' -in f.d -inform d -outform d -out ff.d1
+$ if $severity .ne. 1 then exit 3
+$! write sys$output "t -> d"
+$! 'cmd' -in f.t -inform t -outform d -out ff.d2
+$! if $severity .ne. 1 then exit 3
+$ write sys$output "p -> d"
+$ 'cmd' -in f.p -inform p -outform d -out ff.d3
+$ if $severity .ne. 1 then exit 3
+$
+$! write sys$output "d -> t"
+$! 'cmd' -in f.d -inform d -outform t -out ff.t1
+$! if $severity .ne. 1 then exit 3
+$! write sys$output "t -> t"
+$! 'cmd' -in f.t -inform t -outform t -out ff.t2
+$! if $severity .ne. 1 then exit 3
+$! write sys$output "p -> t"
+$! 'cmd' -in f.p -inform p -outform t -out ff.t3
+$! if $severity .ne. 1 then exit 3
+$
+$ write sys$output "d -> p"
+$ 'cmd' -in f.d -inform d -outform p -out ff.p1
+$ if $severity .ne. 1 then exit 3
+$! write sys$output "t -> p"
+$! 'cmd' -in f.t -inform t -outform p -out ff.p2
+$! if $severity .ne. 1 then exit 3
+$ write sys$output "p -> p"
+$ 'cmd' -in f.p -inform p -outform p -out ff.p3
+$ if $severity .ne. 1 then exit 3
+$
+$ backup/compare fff.p f.p
+$ if $severity .ne. 1 then exit 3
+$ backup/compare fff.p ff.p1
+$ if $severity .ne. 1 then exit 3
+$! backup/compare fff.p ff.p2
+$! if $severity .ne. 1 then exit 3
+$ backup/compare fff.p ff.p3
+$ if $severity .ne. 1 then exit 3
+$
+$! backup/compare f.t ff.t1
+$! if $severity .ne. 1 then exit 3
+$! backup/compare f.t ff.t2
+$! if $severity .ne. 1 then exit 3
+$! backup/compare f.t ff.t3
+$! if $severity .ne. 1 then exit 3
+$
+$ backup/compare f.p ff.p1
+$ if $severity .ne. 1 then exit 3
+$! backup/compare f.p ff.p2
+$! if $severity .ne. 1 then exit 3
+$ backup/compare f.p ff.p3
+$ if $severity .ne. 1 then exit 3
+$
+$ delete f.*;*,ff.*;*,fff.*;*
Added: trunk/crypto/openssl/test/tverify.com
===================================================================
--- trunk/crypto/openssl/test/tverify.com (rev 0)
+++ trunk/crypto/openssl/test/tverify.com 2014-10-12 20:48:00 UTC (rev 6872)
@@ -0,0 +1,63 @@
+$! TVERIFY.COM
+$
+$ __arch := VAX
+$ if f$getsyi("cpu") .ge. 128 then -
+ __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$ if __arch .eqs. "" then __arch := UNK
+$!
+$ line_max = 255 ! Could be longer on modern non-VAX.
+$ temp_file_name = "certs_"+ f$getjpi( "", "PID")+ ".tmp"
+$ exe_dir := sys$disk:[-.'__arch'.exe.apps]
+$ cmd = "mcr ''exe_dir'openssl verify ""-CAfile"" ''temp_file_name'"
+$ cmd_len = f$length( cmd)
+$ pems = "[-.certs...]*.pem"
+$!
+$! Concatenate all the certificate files.
+$!
+$ copy /concatenate 'pems' 'temp_file_name'
+$!
+$! Loop through all the certificate files.
+$!
+$ args = ""
+$ old_f :=
+$ loop_file:
+$ f = f$search( pems)
+$ if ((f .nes. "") .and. (f .nes. old_f))
+$ then
+$ old_f = f
+$!
+$! If this file name would over-extend the command line, then
+$! run the command now.
+$!
+$ if (cmd_len+ f$length( args)+ 1+ f$length( f) .gt. line_max)
+$ then
+$ if (args .eqs. "") then goto disaster
+$ 'cmd''args'
+$ args = ""
+$ endif
+$! Add the next file to the argument list.
+$ args = args+ " "+ f
+$ else
+$! No more files in the list
+$ goto loop_file_end
+$ endif
+$ goto loop_file
+$ loop_file_end:
+$!
+$! Run the command for any left-over arguments.
+$!
+$ if (args .nes. "")
+$ then
+$ 'cmd''args'
+$ endif
+$!
+$! Delete the temporary file.
+$!
+$ if (f$search( "''temp_file_name';*") .nes. "") then -
+ delete 'temp_file_name';*
+$!
+$ exit
+$!
+$ disaster:
+$ write sys$output " Command line too long. Doomed."
+$!
Added: trunk/crypto/openssl/test/tx509.com
===================================================================
--- trunk/crypto/openssl/test/tx509.com (rev 0)
+++ trunk/crypto/openssl/test/tx509.com 2014-10-12 20:48:00 UTC (rev 6872)
@@ -0,0 +1,85 @@
+$! TX509.COM -- Tests x509 certificates
+$
+$ __arch := VAX
+$ if f$getsyi("cpu") .ge. 128 then -
+ __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$ if __arch .eqs. "" then __arch := UNK
+$ exe_dir := sys$disk:[-.'__arch'.exe.apps]
+$
+$ cmd := mcr 'exe_dir'openssl x509
+$
+$ t := testx509.pem
+$ if p1 .nes. "" then t = p1
+$
+$ write sys$output "testing X509 conversions"
+$ if f$search("fff.*") .nes "" then delete fff.*;*
+$ if f$search("ff.*") .nes "" then delete ff.*;*
+$ if f$search("f.*") .nes "" then delete f.*;*
+$ convert/fdl=sys$input: 't' fff.p
+RECORD
+ FORMAT STREAM_LF
+$
+$ write sys$output "p -> d"
+$ 'cmd' -in fff.p -inform p -outform d -out f.d
+$ if $severity .ne. 1 then exit 3
+$ write sys$output "p -> n"
+$ 'cmd' -in fff.p -inform p -outform n -out f.n
+$ if $severity .ne. 1 then exit 3
+$ write sys$output "p -> p"
+$ 'cmd' -in fff.p -inform p -outform p -out f.p
+$ if $severity .ne. 1 then exit 3
+$
+$ write sys$output "d -> d"
+$ 'cmd' -in f.d -inform d -outform d -out ff.d1
+$ if $severity .ne. 1 then exit 3
+$ write sys$output "n -> d"
+$ 'cmd' -in f.n -inform n -outform d -out ff.d2
+$ if $severity .ne. 1 then exit 3
+$ write sys$output "p -> d"
+$ 'cmd' -in f.p -inform p -outform d -out ff.d3
+$ if $severity .ne. 1 then exit 3
+$
+$ write sys$output "d -> n"
+$ 'cmd' -in f.d -inform d -outform n -out ff.n1
+$ if $severity .ne. 1 then exit 3
+$ write sys$output "n -> n"
+$ 'cmd' -in f.n -inform n -outform n -out ff.n2
+$ if $severity .ne. 1 then exit 3
+$ write sys$output "p -> n"
+$ 'cmd' -in f.p -inform p -outform n -out ff.n3
+$ if $severity .ne. 1 then exit 3
+$
+$ write sys$output "d -> p"
+$ 'cmd' -in f.d -inform d -outform p -out ff.p1
+$ if $severity .ne. 1 then exit 3
+$ write sys$output "n -> p"
+$ 'cmd' -in f.n -inform n -outform p -out ff.p2
+$ if $severity .ne. 1 then exit 3
+$ write sys$output "p -> p"
+$ 'cmd' -in f.p -inform p -outform p -out ff.p3
+$ if $severity .ne. 1 then exit 3
+$
+$ backup/compare fff.p f.p
+$ if $severity .ne. 1 then exit 3
+$ backup/compare fff.p ff.p1
+$ if $severity .ne. 1 then exit 3
+$ backup/compare fff.p ff.p2
+$ if $severity .ne. 1 then exit 3
+$ backup/compare fff.p ff.p3
+$ if $severity .ne. 1 then exit 3
+$
+$ backup/compare f.n ff.n1
+$ if $severity .ne. 1 then exit 3
+$ backup/compare f.n ff.n2
+$ if $severity .ne. 1 then exit 3
+$ backup/compare f.n ff.n3
+$ if $severity .ne. 1 then exit 3
+$
+$ backup/compare f.p ff.p1
+$ if $severity .ne. 1 then exit 3
+$ backup/compare f.p ff.p2
+$ if $severity .ne. 1 then exit 3
+$ backup/compare f.p ff.p3
+$ if $severity .ne. 1 then exit 3
+$
+$ delete f.*;*,ff.*;*,fff.*;*
Index: trunk/crypto/openssl/tools/c89.sh
===================================================================
--- trunk/crypto/openssl/tools/c89.sh 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/tools/c89.sh 2014-10-12 20:48:00 UTC (rev 6872)
Property changes on: trunk/crypto/openssl/tools/c89.sh
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: trunk/crypto/openssl/util/FreeBSD.sh
===================================================================
--- trunk/crypto/openssl/util/FreeBSD.sh 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/util/FreeBSD.sh 2014-10-12 20:48:00 UTC (rev 6872)
Property changes on: trunk/crypto/openssl/util/FreeBSD.sh
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: trunk/crypto/openssl/util/add_cr.pl
===================================================================
--- trunk/crypto/openssl/util/add_cr.pl 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/util/add_cr.pl 2014-10-12 20:48:00 UTC (rev 6872)
Property changes on: trunk/crypto/openssl/util/add_cr.pl
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: trunk/crypto/openssl/util/bat.sh
===================================================================
--- trunk/crypto/openssl/util/bat.sh 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/util/bat.sh 2014-10-12 20:48:00 UTC (rev 6872)
Property changes on: trunk/crypto/openssl/util/bat.sh
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: trunk/crypto/openssl/util/ck_errf.pl
===================================================================
--- trunk/crypto/openssl/util/ck_errf.pl 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/util/ck_errf.pl 2014-10-12 20:48:00 UTC (rev 6872)
Property changes on: trunk/crypto/openssl/util/ck_errf.pl
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: trunk/crypto/openssl/util/clean-depend.pl
===================================================================
--- trunk/crypto/openssl/util/clean-depend.pl 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/util/clean-depend.pl 2014-10-12 20:48:00 UTC (rev 6872)
Property changes on: trunk/crypto/openssl/util/clean-depend.pl
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Modified: trunk/crypto/openssl/util/cygwin.sh
===================================================================
--- trunk/crypto/openssl/util/cygwin.sh 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/util/cygwin.sh 2014-10-12 20:48:00 UTC (rev 6872)
@@ -7,8 +7,8 @@
# Uncomment when debugging
#set -x
-CONFIG_OPTIONS="--prefix=/usr shared no-idea no-rc5 no-mdc2"
-INSTALL_PREFIX=/tmp/install
+CONFIG_OPTIONS="--prefix=/usr shared zlib no-idea no-rc5"
+INSTALL_PREFIX=/tmp/install/INSTALL
VERSION=
SUBVERSION=$1
@@ -66,7 +66,7 @@
./config ${CONFIG_OPTIONS}
- The IDEA, RC5 and MDC2 algorithms are disabled due to patent and/or
+ The IDEA and RC5 algorithms are disabled due to patent and/or
licensing issues.
EOF
}
@@ -124,8 +124,12 @@
chmod u-w usr/lib/engines/*.so
# Runtime package
-find etc usr/bin usr/lib/engines usr/share/doc usr/ssl/certs \
- usr/ssl/man/man[157] usr/ssl/misc usr/ssl/openssl.cnf usr/ssl/private \
+tar cjf libopenssl${VERSION//[!0-9]/}-${VERSION}-${SUBVERSION}.tar.bz2 \
+ usr/bin/cyg*dll
+# Base package
+find etc usr/bin/openssl.exe usr/bin/c_rehash usr/lib/engines usr/share/doc \
+ usr/ssl/certs usr/ssl/man/man[157] usr/ssl/misc usr/ssl/openssl.cnf \
+ usr/ssl/private \
-empty -o \! -type d |
tar cjfT openssl-${VERSION}-${SUBVERSION}.tar.bz2 -
# Development package
@@ -135,6 +139,7 @@
ls -l openssl-${VERSION}-${SUBVERSION}.tar.bz2
ls -l openssl-devel-${VERSION}-${SUBVERSION}.tar.bz2
+ls -l libopenssl${VERSION//[!0-9]/}-${VERSION}-${SUBVERSION}.tar.bz2
cleanup
Property changes on: trunk/crypto/openssl/util/cygwin.sh
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: trunk/crypto/openssl/util/deleof.pl
===================================================================
--- trunk/crypto/openssl/util/deleof.pl 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/util/deleof.pl 2014-10-12 20:48:00 UTC (rev 6872)
Property changes on: trunk/crypto/openssl/util/deleof.pl
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: trunk/crypto/openssl/util/do_ms.sh
===================================================================
--- trunk/crypto/openssl/util/do_ms.sh 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/util/do_ms.sh 2014-10-12 20:48:00 UTC (rev 6872)
Property changes on: trunk/crypto/openssl/util/do_ms.sh
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: trunk/crypto/openssl/util/domd
===================================================================
--- trunk/crypto/openssl/util/domd 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/util/domd 2014-10-12 20:48:00 UTC (rev 6872)
Property changes on: trunk/crypto/openssl/util/domd
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: trunk/crypto/openssl/util/err-ins.pl
===================================================================
--- trunk/crypto/openssl/util/err-ins.pl 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/util/err-ins.pl 2014-10-12 20:48:00 UTC (rev 6872)
Property changes on: trunk/crypto/openssl/util/err-ins.pl
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: trunk/crypto/openssl/util/files.pl
===================================================================
--- trunk/crypto/openssl/util/files.pl 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/util/files.pl 2014-10-12 20:48:00 UTC (rev 6872)
Property changes on: trunk/crypto/openssl/util/files.pl
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: trunk/crypto/openssl/util/fixNT.sh
===================================================================
--- trunk/crypto/openssl/util/fixNT.sh 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/util/fixNT.sh 2014-10-12 20:48:00 UTC (rev 6872)
Property changes on: trunk/crypto/openssl/util/fixNT.sh
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: trunk/crypto/openssl/util/install.sh
===================================================================
--- trunk/crypto/openssl/util/install.sh 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/util/install.sh 2014-10-12 20:48:00 UTC (rev 6872)
Property changes on: trunk/crypto/openssl/util/install.sh
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Modified: trunk/crypto/openssl/util/libeay.num
===================================================================
--- trunk/crypto/openssl/util/libeay.num 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/util/libeay.num 2014-10-12 20:48:00 UTC (rev 6872)
@@ -3511,6 +3511,7 @@
d2i_ASIdOrRange 3904 EXIST::FUNCTION:RFC3779
i2d_ASIdentifiers 3905 EXIST::FUNCTION:RFC3779
CRYPTO_memcmp 3906 EXIST::FUNCTION:
+BN_consttime_swap 3907 EXIST::FUNCTION:
SEED_decrypt 3908 EXIST::FUNCTION:SEED
SEED_encrypt 3909 EXIST::FUNCTION:SEED
SEED_cbc_encrypt 3910 EXIST::FUNCTION:SEED
@@ -3658,7 +3659,7 @@
ENGINE_get_ssl_client_cert_function 4045 EXIST:!VMS:FUNCTION:ENGINE
ENGINE_get_ssl_client_cert_fn 4045 EXIST:VMS:FUNCTION:ENGINE
ENGINE_load_ssl_client_cert 4046 EXIST::FUNCTION:ENGINE
-ENGINE_load_capi 4047 EXIST:WIN32:FUNCTION:CAPIENG,ENGINE
+ENGINE_load_capi 4047 EXIST:WIN32:FUNCTION:CAPIENG,ENGINE,STATIC_ENGINE
OPENSSL_isservice 4048 EXIST::FUNCTION:
FIPS_dsa_sig_decode 4049 EXIST:OPENSSL_FIPS:FUNCTION:DSA
EVP_CIPHER_CTX_clear_flags 4050 EXIST::FUNCTION:
Property changes on: trunk/crypto/openssl/util/libeay.num
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: trunk/crypto/openssl/util/mk1mf.pl
===================================================================
--- trunk/crypto/openssl/util/mk1mf.pl 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/util/mk1mf.pl 2014-10-12 20:48:00 UTC (rev 6872)
Property changes on: trunk/crypto/openssl/util/mk1mf.pl
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: trunk/crypto/openssl/util/mkcerts.sh
===================================================================
--- trunk/crypto/openssl/util/mkcerts.sh 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/util/mkcerts.sh 2014-10-12 20:48:00 UTC (rev 6872)
Property changes on: trunk/crypto/openssl/util/mkcerts.sh
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: trunk/crypto/openssl/util/mkdef.pl
===================================================================
--- trunk/crypto/openssl/util/mkdef.pl 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/util/mkdef.pl 2014-10-12 20:48:00 UTC (rev 6872)
Property changes on: trunk/crypto/openssl/util/mkdef.pl
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: trunk/crypto/openssl/util/mkdir-p.pl
===================================================================
--- trunk/crypto/openssl/util/mkdir-p.pl 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/util/mkdir-p.pl 2014-10-12 20:48:00 UTC (rev 6872)
Property changes on: trunk/crypto/openssl/util/mkdir-p.pl
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Modified: trunk/crypto/openssl/util/mkerr.pl
===================================================================
--- trunk/crypto/openssl/util/mkerr.pl 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/util/mkerr.pl 2014-10-12 20:48:00 UTC (rev 6872)
@@ -698,7 +698,7 @@
push (@runref, $_) unless exists $urcodes{$_};
}
-if($debug && defined(@funref) ) {
+if($debug && @funref) {
print STDERR "The following function codes were not referenced:\n";
foreach(sort @funref)
{
@@ -706,7 +706,7 @@
}
}
-if($debug && defined(@runref) ) {
+if($debug && @runref) {
print STDERR "The following reason codes were not referenced:\n";
foreach(sort @runref)
{
Index: trunk/crypto/openssl/util/mkfiles.pl
===================================================================
--- trunk/crypto/openssl/util/mkfiles.pl 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/util/mkfiles.pl 2014-10-12 20:48:00 UTC (rev 6872)
Property changes on: trunk/crypto/openssl/util/mkfiles.pl
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: trunk/crypto/openssl/util/mklink.pl
===================================================================
--- trunk/crypto/openssl/util/mklink.pl 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/util/mklink.pl 2014-10-12 20:48:00 UTC (rev 6872)
Property changes on: trunk/crypto/openssl/util/mklink.pl
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: trunk/crypto/openssl/util/mkstack.pl
===================================================================
--- trunk/crypto/openssl/util/mkstack.pl 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/util/mkstack.pl 2014-10-12 20:48:00 UTC (rev 6872)
Property changes on: trunk/crypto/openssl/util/mkstack.pl
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: trunk/crypto/openssl/util/opensslwrap.sh
===================================================================
--- trunk/crypto/openssl/util/opensslwrap.sh 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/util/opensslwrap.sh 2014-10-12 20:48:00 UTC (rev 6872)
Property changes on: trunk/crypto/openssl/util/opensslwrap.sh
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: trunk/crypto/openssl/util/perlpath.pl
===================================================================
--- trunk/crypto/openssl/util/perlpath.pl 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/util/perlpath.pl 2014-10-12 20:48:00 UTC (rev 6872)
Property changes on: trunk/crypto/openssl/util/perlpath.pl
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Modified: trunk/crypto/openssl/util/pl/VC-32.pl
===================================================================
--- trunk/crypto/openssl/util/pl/VC-32.pl 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/util/pl/VC-32.pl 2014-10-12 20:48:00 UTC (rev 6872)
@@ -337,7 +337,7 @@
else
{
my $ex = "";
- if ($target =~ /O_SSL/)
+ if ($target !~ /O_CRYPTO/)
{
$ex .= " \$(L_CRYPTO)";
#$ex .= " \$(L_FIPS)" if $fipsdso;
Index: trunk/crypto/openssl/util/pod2man.pl
===================================================================
--- trunk/crypto/openssl/util/pod2man.pl 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/util/pod2man.pl 2014-10-12 20:48:00 UTC (rev 6872)
Property changes on: trunk/crypto/openssl/util/pod2man.pl
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: trunk/crypto/openssl/util/pod2mantest
===================================================================
--- trunk/crypto/openssl/util/pod2mantest 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/util/pod2mantest 2014-10-12 20:48:00 UTC (rev 6872)
Property changes on: trunk/crypto/openssl/util/pod2mantest
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: trunk/crypto/openssl/util/point.sh
===================================================================
--- trunk/crypto/openssl/util/point.sh 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/util/point.sh 2014-10-12 20:48:00 UTC (rev 6872)
Property changes on: trunk/crypto/openssl/util/point.sh
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: trunk/crypto/openssl/util/shlib_wrap.sh
===================================================================
--- trunk/crypto/openssl/util/shlib_wrap.sh 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/util/shlib_wrap.sh 2014-10-12 20:48:00 UTC (rev 6872)
Property changes on: trunk/crypto/openssl/util/shlib_wrap.sh
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: trunk/crypto/openssl/util/sp-diff.pl
===================================================================
--- trunk/crypto/openssl/util/sp-diff.pl 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/util/sp-diff.pl 2014-10-12 20:48:00 UTC (rev 6872)
Property changes on: trunk/crypto/openssl/util/sp-diff.pl
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: trunk/crypto/openssl/util/speed.sh
===================================================================
--- trunk/crypto/openssl/util/speed.sh 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/util/speed.sh 2014-10-12 20:48:00 UTC (rev 6872)
Property changes on: trunk/crypto/openssl/util/speed.sh
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: trunk/crypto/openssl/util/src-dep.pl
===================================================================
--- trunk/crypto/openssl/util/src-dep.pl 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/util/src-dep.pl 2014-10-12 20:48:00 UTC (rev 6872)
Property changes on: trunk/crypto/openssl/util/src-dep.pl
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: trunk/crypto/openssl/util/ssleay.num
===================================================================
--- trunk/crypto/openssl/util/ssleay.num 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/util/ssleay.num 2014-10-12 20:48:00 UTC (rev 6872)
Property changes on: trunk/crypto/openssl/util/ssleay.num
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: trunk/crypto/openssl/util/tab_num.pl
===================================================================
--- trunk/crypto/openssl/util/tab_num.pl 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/util/tab_num.pl 2014-10-12 20:48:00 UTC (rev 6872)
Property changes on: trunk/crypto/openssl/util/tab_num.pl
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: trunk/crypto/openssl/util/x86asm.sh
===================================================================
--- trunk/crypto/openssl/util/x86asm.sh 2014-10-12 20:42:37 UTC (rev 6871)
+++ trunk/crypto/openssl/util/x86asm.sh 2014-10-12 20:48:00 UTC (rev 6872)
Property changes on: trunk/crypto/openssl/util/x86asm.sh
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
More information about the Midnightbsd-cvs
mailing list