diff options
author | sangwan.kwon <sangwan.kwon@samsung.com> | 2015-12-18 14:13:27 +0900 |
---|---|---|
committer | sangwan.kwon <sangwan.kwon@samsung.com> | 2015-12-18 14:14:57 +0900 |
commit | 6a424b1e0ec46f307697ffe971a3e46b3129f693 (patch) | |
tree | 063e9bd46b09b57192b9af486e0649a139c40712 | |
parent | 7bb2e75e597abc44122a538b5935153bf1ecb9ec (diff) | |
parent | 2b3ef38d58c1bb0abff4bf611177fc76e78325fa (diff) | |
download | openssl-submit/tizen/20151228.015607.tar.gz openssl-submit/tizen/20151228.015607.tar.bz2 openssl-submit/tizen/20151228.015607.zip |
Upgrade Upstream version 1.0.2eHEADsubmit/tizen/20151228.015607tizen
Change-Id: If6afd73ecd5ef4548b9389eca6e53946aac3b9f2
391 files changed, 2697 insertions, 4646 deletions
@@ -2,6 +2,64 @@ OpenSSL CHANGES _______________ + Changes between 1.0.2d and 1.0.2e [3 Dec 2015] + + *) BN_mod_exp may produce incorrect results on x86_64 + + There is a carry propagating bug in the x86_64 Montgomery squaring + procedure. No EC algorithms are affected. Analysis suggests that attacks + against RSA and DSA as a result of this defect would be very difficult to + perform and are not believed likely. Attacks against DH are considered just + feasible (although very difficult) because most of the work necessary to + deduce information about a private key may be performed offline. The amount + of resources required for such an attack would be very significant and + likely only accessible to a limited number of attackers. An attacker would + additionally need online access to an unpatched system using the target + private key in a scenario with persistent DH parameters and a private + key that is shared between multiple clients. For example this can occur by + default in OpenSSL DHE based SSL/TLS ciphersuites. + + This issue was reported to OpenSSL by Hanno Böck. + (CVE-2015-3193) + [Andy Polyakov] + + *) Certificate verify crash with missing PSS parameter + + The signature verification routines will crash with a NULL pointer + dereference if presented with an ASN.1 signature using the RSA PSS + algorithm and absent mask generation function parameter. Since these + routines are used to verify certificate signature algorithms this can be + used to crash any certificate verification operation and exploited in a + DoS attack. Any application which performs certificate verification is + vulnerable including OpenSSL clients and servers which enable client + authentication. + + This issue was reported to OpenSSL by Loïc Jonas Etienne (Qnective AG). + (CVE-2015-3194) + [Stephen Henson] + + *) X509_ATTRIBUTE memory leak + + When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak + memory. This structure is used by the PKCS#7 and CMS routines so any + application which reads PKCS#7 or CMS data from untrusted sources is + affected. SSL/TLS is not affected. + + This issue was reported to OpenSSL by Adam Langley (Google/BoringSSL) using + libFuzzer. + (CVE-2015-3195) + [Stephen Henson] + + *) Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs. + This changes the decoding behaviour for some invalid messages, + though the change is mostly in the more lenient direction, and + legacy behaviour is preserved as much as possible. + [Emilia Käsper] + + *) In DSA_generate_parameters_ex, if the provided seed is too short, + return an error + [Rich Salz and Ismo Puustinen <ismo.puustinen@intel.com>] + Changes between 1.0.2c and 1.0.2d [9 Jul 2015] *) Alternate chains certificate forgery @@ -15,8 +73,18 @@ This issue was reported to OpenSSL by Adam Langley/David Benjamin (Google/BoringSSL). + (CVE-2015-1793) [Matt Caswell] + *) Race condition handling PSK identify hint + + If PSK identity hints are received by a multi-threaded client then + the values are wrongly updated in the parent SSL_CTX structure. This can + result in a race condition potentially leading to a double free of the + identify hint data. + (CVE-2015-3196) + [Stephen Henson] + Changes between 1.0.2b and 1.0.2c [12 Jun 2015] *) Fix HMAC ABI incompatibility. The previous version introduced an ABI @@ -55,9 +123,9 @@ callbacks. This issue was reported to OpenSSL by Robert Swiecki (Google), and - independently by Hanno Böck. + independently by Hanno Böck. (CVE-2015-1789) - [Emilia Käsper] + [Emilia Käsper] *) PKCS7 crash with missing EnvelopedContent @@ -71,7 +139,7 @@ This issue was reported to OpenSSL by Michal Zalewski (Google). (CVE-2015-1790) - [Emilia Käsper] + [Emilia Käsper] *) CMS verify infinite loop with unknown hash function @@ -201,7 +269,7 @@ This issue was reported to OpenSSL by Michal Zalewski (Google). (CVE-2015-0289) - [Emilia Käsper] + [Emilia Käsper] *) DoS via reachable assert in SSLv2 servers fix @@ -209,10 +277,10 @@ servers that both support SSLv2 and enable export cipher suites by sending a specially crafted SSLv2 CLIENT-MASTER-KEY message. - This issue was discovered by Sean Burford (Google) and Emilia Käsper + This issue was discovered by Sean Burford (Google) and Emilia Käsper (OpenSSL development team). (CVE-2015-0293) - [Emilia Käsper] + [Emilia Käsper] *) Empty CKE with client auth and DHE fix @@ -272,6 +340,10 @@ Changes between 1.0.1l and 1.0.2 [22 Jan 2015] + *) Change RSA and DH/DSA key generation apps to generate 2048-bit + keys by default. + [Kurt Roeckx] + *) Facilitate "universal" ARM builds targeting range of ARM ISAs, e.g. ARMv5 through ARMv8, as opposite to "locking" it to single one. So far those who have to target multiple plaforms would compromise @@ -717,12 +789,12 @@ version does not match the session's version. Resuming with a different version, while not strictly forbidden by the RFC, is of questionable sanity and breaks all known clients. - [David Benjamin, Emilia Käsper] + [David Benjamin, Emilia Käsper] *) Tighten handling of the ChangeCipherSpec (CCS) message: reject early CCS messages during renegotiation. (Note that because renegotiation is encrypted, this early CCS was not exploitable.) - [Emilia Käsper] + [Emilia Käsper] *) Tighten client-side session ticket handling during renegotiation: ensure that the client only accepts a session ticket if the server sends @@ -733,7 +805,7 @@ Similarly, ensure that the client requires a session ticket if one was advertised in the ServerHello. Previously, a TLS client would ignore a missing NewSessionTicket message. - [Emilia Käsper] + [Emilia Käsper] Changes between 1.0.1i and 1.0.1j [15 Oct 2014] @@ -813,10 +885,10 @@ with a null pointer dereference (read) by specifying an anonymous (EC)DH ciphersuite and sending carefully crafted handshake messages. - Thanks to Felix Gröbert (Google) for discovering and researching this + Thanks to Felix Gröbert (Google) for discovering and researching this issue. (CVE-2014-3510) - [Emilia Käsper] + [Emilia Käsper] *) By sending carefully crafted DTLS packets an attacker could cause openssl to leak memory. This can be exploited through a Denial of Service attack. @@ -853,7 +925,7 @@ properly negotiated with the client. This can be exploited through a Denial of Service attack. - Thanks to Joonas Kuorilehto and Riku Hietamäki (Codenomicon) for + Thanks to Joonas Kuorilehto and Riku Hietamäki (Codenomicon) for discovering and researching this issue. (CVE-2014-5139) [Steve Henson] @@ -865,7 +937,7 @@ Thanks to Ivan Fratric (Google) for discovering this issue. (CVE-2014-3508) - [Emilia Käsper, and Steve Henson] + [Emilia Käsper, and Steve Henson] *) Fix ec_GFp_simple_points_make_affine (thus, EC_POINTs_mul etc.) for corner cases. (Certain input points at infinity could lead to @@ -895,22 +967,22 @@ client or server. This is potentially exploitable to run arbitrary code on a vulnerable client or server. - Thanks to Jüri Aedla for reporting this issue. (CVE-2014-0195) - [Jüri Aedla, Steve Henson] + Thanks to Jüri Aedla for reporting this issue. (CVE-2014-0195) + [Jüri Aedla, Steve Henson] *) Fix bug in TLS code where clients enable anonymous ECDH ciphersuites are subject to a denial of service attack. - Thanks to Felix Gröbert and Ivan Fratric at Google for discovering + Thanks to Felix Gröbert and Ivan Fratric at Google for discovering this issue. (CVE-2014-3470) - [Felix Gröbert, Ivan Fratric, Steve Henson] + [Felix Gröbert, Ivan Fratric, Steve Henson] *) Harmonize version and its documentation. -f flag is used to display compilation flags. [mancha <mancha1@zoho.com>] *) Fix eckey_priv_encode so it immediately returns an error upon a failure - in i2d_ECPrivateKey. + in i2d_ECPrivateKey. Thanks to Ted Unangst for feedback on this issue. [mancha <mancha1@zoho.com>] *) Fix some double frees. These are not thought to be exploitable. @@ -982,9 +1054,9 @@ Thanks go to Nadhem Alfardan and Kenny Paterson of the Information Security Group at Royal Holloway, University of London (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and - Emilia Käsper for the initial patch. + Emilia Käsper for the initial patch. (CVE-2013-0169) - [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson] + [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson] *) Fix flaw in AESNI handling of TLS 1.2 and 1.1 records for CBC mode ciphersuites which can be exploited in a denial of service attack. @@ -1159,7 +1231,7 @@ EC_GROUP_new_by_curve_name() will automatically use these (while EC_GROUP_new_curve_GFp() currently prefers the more flexible implementations). - [Emilia Käsper, Adam Langley, Bodo Moeller (Google)] + [Emilia Käsper, Adam Langley, Bodo Moeller (Google)] *) Use type ossl_ssize_t instad of ssize_t which isn't available on all platforms. Move ssize_t definition from e_os.h to the public @@ -1435,7 +1507,7 @@ [Adam Langley (Google)] *) Fix spurious failures in ecdsatest.c. - [Emilia Käsper (Google)] + [Emilia Käsper (Google)] *) Fix the BIO_f_buffer() implementation (which was mixing different interpretations of the '..._len' fields). @@ -1449,7 +1521,7 @@ lock to call BN_BLINDING_invert_ex, and avoids one use of BN_BLINDING_update for each BN_BLINDING structure (previously, the last update always remained unused). - [Emilia Käsper (Google)] + [Emilia Käsper (Google)] *) In ssl3_clear, preserve s3->init_extra along with s3->rbuf. [Bob Buckholz (Google)] @@ -2258,7 +2330,7 @@ *) Add RFC 3161 compliant time stamp request creation, response generation and response verification functionality. - [Zoltán Glózik <zglozik@opentsa.org>, The OpenTSA Project] + [Zoltán Glózik <zglozik@opentsa.org>, The OpenTSA Project] *) Add initial support for TLS extensions, specifically for the server_name extension so far. The SSL_SESSION, SSL_CTX, and SSL data structures now @@ -3426,7 +3498,7 @@ *) BN_CTX_get() should return zero-valued bignums, providing the same initialised value as BN_new(). - [Geoff Thorpe, suggested by Ulf Möller] + [Geoff Thorpe, suggested by Ulf Möller] *) Support for inhibitAnyPolicy certificate extension. [Steve Henson] @@ -3445,7 +3517,7 @@ some point, these tighter rules will become openssl's default to improve maintainability, though the assert()s and other overheads will remain only in debugging configurations. See bn.h for more details. - [Geoff Thorpe, Nils Larsch, Ulf Möller] + [Geoff Thorpe, Nils Larsch, Ulf Möller] *) BN_CTX_init() has been deprecated, as BN_CTX is an opaque structure that can only be obtained through BN_CTX_new() (which implicitly @@ -3512,7 +3584,7 @@ [Douglas Stebila (Sun Microsystems Laboratories)] *) Add the possibility to load symbols globally with DSO. - [Götz Babin-Ebell <babin-ebell@trustcenter.de> via Richard Levitte] + [Götz Babin-Ebell <babin-ebell@trustcenter.de> via Richard Levitte] *) Add the functions ERR_set_mark() and ERR_pop_to_mark() for better control of the error stack. @@ -4227,7 +4299,7 @@ [Steve Henson] *) Undo Cygwin change. - [Ulf Möller] + [Ulf Möller] *) Added support for proxy certificates according to RFC 3820. Because they may be a security thread to unaware applications, @@ -4260,11 +4332,11 @@ [Stephen Henson, reported by UK NISCC] *) Use Windows randomness collection on Cygwin. - [Ulf Möller] + [Ulf Möller] *) Fix hang in EGD/PRNGD query when communication socket is closed prematurely by EGD/PRNGD. - [Darren Tucker <dtucker@zip.com.au> via Lutz Jänicke, resolves #1014] + [Darren Tucker <dtucker@zip.com.au> via Lutz Jänicke, resolves #1014] *) Prompt for pass phrases when appropriate for PKCS12 input format. [Steve Henson] @@ -4726,7 +4798,7 @@ pointers passed to them whenever necessary. Otherwise it is possible the caller may have overwritten (or deallocated) the original string data when a later ENGINE operation tries to use the stored values. - [Götz Babin-Ebell <babinebell@trustcenter.de>] + [Götz Babin-Ebell <babinebell@trustcenter.de>] *) Improve diagnostics in file reading and command-line digests. [Ben Laurie aided and abetted by Solar Designer <solar@openwall.com>] @@ -6831,7 +6903,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Bodo Moeller] *) BN_sqr() bug fix. - [Ulf Möller, reported by Jim Ellis <jim.ellis@cavium.com>] + [Ulf Möller, reported by Jim Ellis <jim.ellis@cavium.com>] *) Rabin-Miller test analyses assume uniformly distributed witnesses, so use BN_pseudo_rand_range() instead of using BN_pseudo_rand() @@ -6991,7 +7063,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Bodo Moeller] *) Fix OAEP check. - [Ulf Möller, Bodo Möller] + [Ulf Möller, Bodo Möller] *) The countermeasure against Bleichbacher's attack on PKCS #1 v1.5 RSA encryption was accidentally removed in s3_srvr.c in OpenSSL 0.9.5 @@ -7253,10 +7325,10 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Bodo Moeller] *) Use better test patterns in bntest. - [Ulf Möller] + [Ulf Möller] *) rand_win.c fix for Borland C. - [Ulf Möller] + [Ulf Möller] *) BN_rshift bugfix for n == 0. [Bodo Moeller] @@ -7401,14 +7473,14 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) New BIO_shutdown_wr macro, which invokes the BIO_C_SHUTDOWN_WR BIO_ctrl (for BIO pairs). - [Bodo Möller] + [Bodo Möller] *) Add DSO method for VMS. [Richard Levitte] *) Bug fix: Montgomery multiplication could produce results with the wrong sign. - [Ulf Möller] + [Ulf Möller] *) Add RPM specification openssl.spec and modify it to build three packages. The default package contains applications, application @@ -7426,7 +7498,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Don't set the two most significant bits to one when generating a random number < q in the DSA library. - [Ulf Möller] + [Ulf Möller] *) New SSL API mode 'SSL_MODE_AUTO_RETRY'. This disables the default behaviour that SSL_read may result in SSL_ERROR_WANT_READ (even if @@ -7692,7 +7764,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Randomness polling function for Win9x, as described in: Peter Gutmann, Software Generation of Practically Strong Random Numbers. - [Ulf Möller] + [Ulf Möller] *) Fix so PRNG is seeded in req if using an already existing DSA key. @@ -7912,7 +7984,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Steve Henson] *) Eliminate non-ANSI declarations in crypto.h and stack.h. - [Ulf Möller] + [Ulf Möller] *) Fix for SSL server purpose checking. Server checking was rejecting certificates which had extended key usage present @@ -7944,7 +8016,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Bodo Moeller] *) Bugfix for linux-elf makefile.one. - [Ulf Möller] + [Ulf Möller] *) RSA_get_default_method() will now cause a default RSA_METHOD to be chosen if one doesn't exist already. @@ -8033,7 +8105,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Steve Henson] *) des_quad_cksum() byte order bug fix. - [Ulf Möller, using the problem description in krb4-0.9.7, where + [Ulf Möller, using the problem description in krb4-0.9.7, where the solution is attributed to Derrick J Brashear <shadow@DEMENTIA.ORG>] *) Fix so V_ASN1_APP_CHOOSE works again: however its use is strongly @@ -8134,7 +8206,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Rolf Haberrecker <rolf@suse.de>] *) Assembler module support for Mingw32. - [Ulf Möller] + [Ulf Möller] *) Shared library support for HPUX (in shlib/). [Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE> and Anonymous] @@ -8153,7 +8225,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) BN_mul bugfix: In bn_mul_part_recursion() only the a>a[n] && b>b[n] case was implemented. This caused BN_div_recp() to fail occasionally. - [Ulf Möller] + [Ulf Möller] *) Add an optional second argument to the set_label() in the perl assembly language builder. If this argument exists and is set @@ -8183,14 +8255,14 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Steve Henson] *) Fix potential buffer overrun problem in BIO_printf(). - [Ulf Möller, using public domain code by Patrick Powell; problem + [Ulf Möller, using public domain code by Patrick Powell; problem pointed out by David Sacerdote <das33@cornell.edu>] *) Support EGD <http://www.lothar.com/tech/crypto/>. New functions RAND_egd() and RAND_status(). In the command line application, the EGD socket can be specified like a seed file using RANDFILE or -rand. - [Ulf Möller] + [Ulf Möller] *) Allow the string CERTIFICATE to be tolerated in PKCS#7 structures. Some CAs (e.g. Verisign) distribute certificates in this form. @@ -8223,7 +8295,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k #define OPENSSL_ALGORITHM_DEFINES #include <openssl/opensslconf.h> defines all pertinent NO_<algo> symbols, such as NO_IDEA, NO_RSA, etc. - [Richard Levitte, Ulf and Bodo Möller] + [Richard Levitte, Ulf and Bodo Möller] *) Bugfix: Tolerate fragmentation and interleaving in the SSL 3/TLS record layer. @@ -8274,17 +8346,17 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Bug fix for BN_div_recp() for numerators with an even number of bits. - [Ulf Möller] + [Ulf Möller] *) More tests in bntest.c, and changed test_bn output. - [Ulf Möller] + [Ulf Möller] *) ./config recognizes MacOS X now. [Andy Polyakov] *) Bug fix for BN_div() when the first words of num and divsor are equal (it gave wrong results if (rem=(n1-q*d0)&BN_MASK2) < d0). - [Ulf Möller] + [Ulf Möller] *) Add support for various broken PKCS#8 formats, and command line options to produce them. @@ -8292,11 +8364,11 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) New functions BN_CTX_start(), BN_CTX_get() and BT_CTX_end() to get temporary BIGNUMs from a BN_CTX. - [Ulf Möller] + [Ulf Möller] *) Correct return values in BN_mod_exp_mont() and BN_mod_exp2_mont() for p == 0. - [Ulf Möller] + [Ulf Möller] *) Change the SSLeay_add_all_*() functions to OpenSSL_add_all_*() and include a #define from the old name to the new. The original intent @@ -8320,7 +8392,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Source code cleanups: use const where appropriate, eliminate casts, use void * instead of char * in lhash. - [Ulf Möller] + [Ulf Möller] *) Bugfix: ssl3_send_server_key_exchange was not restartable (the state was not changed to SSL3_ST_SW_KEY_EXCH_B, and because of @@ -8365,13 +8437,13 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Steve Henson] *) New function BN_pseudo_rand(). - [Ulf Möller] + [Ulf Möller] *) Clean up BN_mod_mul_montgomery(): replace the broken (and unreadable) bignum version of BN_from_montgomery() with the working code from SSLeay 0.9.0 (the word based version is faster anyway), and clean up the comments. - [Ulf Möller] + [Ulf Möller] *) Avoid a race condition in s2_clnt.c (function get_server_hello) that made it impossible to use the same SSL_SESSION data structure in @@ -8381,25 +8453,25 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) The return value of RAND_load_file() no longer counts bytes obtained by stat(). RAND_load_file(..., -1) is new and uses the complete file to seed the PRNG (previously an explicit byte count was required). - [Ulf Möller, Bodo Möller] + [Ulf Möller, Bodo Möller] *) Clean up CRYPTO_EX_DATA functions, some of these didn't have prototypes used (char *) instead of (void *) and had casts all over the place. [Steve Henson] *) Make BN_generate_prime() return NULL on error if ret!=NULL. - [Ulf Möller] + [Ulf Möller] *) Retain source code compatibility for BN_prime_checks macro: BN_is_prime(..., BN_prime_checks, ...) now uses BN_prime_checks_for_size to determine the appropriate number of Rabin-Miller iterations. - [Ulf Möller] + [Ulf Möller] *) Diffie-Hellman uses "safe" primes: DH_check() return code renamed to DH_CHECK_P_NOT_SAFE_PRIME. (Check if this is true? OpenPGP calls them "strong".) - [Ulf Möller] + [Ulf Möller] *) Merge the functionality of "dh" and "gendh" programs into a new program "dhparam". The old programs are retained for now but will handle DH keys @@ -8455,7 +8527,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Add missing #ifndefs that caused missing symbols when building libssl as a shared library without RSA. Use #ifndef NO_SSL2 instead of NO_RSA in ssl/s2*.c. - [Kris Kennaway <kris@hub.freebsd.org>, modified by Ulf Möller] + [Kris Kennaway <kris@hub.freebsd.org>, modified by Ulf Möller] *) Precautions against using the PRNG uninitialized: RAND_bytes() now has a return value which indicates the quality of the random data @@ -8464,7 +8536,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k guaranteed to be unique but not unpredictable. RAND_add is like RAND_seed, but takes an extra argument for an entropy estimate (RAND_seed always assumes full entropy). - [Ulf Möller] + [Ulf Möller] *) Do more iterations of Rabin-Miller probable prime test (specifically, 3 for 1024-bit primes, 6 for 512-bit primes, 12 for 256-bit primes @@ -8494,7 +8566,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Steve Henson] *) Honor the no-xxx Configure options when creating .DEF files. - [Ulf Möller] + [Ulf Möller] *) Add PKCS#10 attributes to field table: challengePassword, unstructuredName and unstructuredAddress. These are taken from @@ -9328,7 +9400,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) More DES library cleanups: remove references to srand/rand and delete an unused file. - [Ulf Möller] + [Ulf Möller] *) Add support for the the free Netwide assembler (NASM) under Win32, since not many people have MASM (ml) and it can be hard to obtain. @@ -9417,7 +9489,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k worked. *) Fix problems with no-hmac etc. - [Ulf Möller, pointed out by Brian Wellington <bwelling@tislabs.com>] + [Ulf Möller, pointed out by Brian Wellington <bwelling@tislabs.com>] *) New functions RSA_get_default_method(), RSA_set_method() and RSA_get_method(). These allows replacement of RSA_METHODs without having @@ -9534,7 +9606,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Ben Laurie] *) DES library cleanups. - [Ulf Möller] + [Ulf Möller] *) Add support for PKCS#5 v2.0 PBE algorithms. This will permit PKCS#8 to be used with any cipher unlike PKCS#5 v1.5 which can at most handle 64 bit @@ -9577,7 +9649,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Christian Forster <fo@hawo.stw.uni-erlangen.de>] *) config now generates no-xxx options for missing ciphers. - [Ulf Möller] + [Ulf Möller] *) Support the EBCDIC character set (work in progress). File ebcdic.c not yet included because it has a different license. @@ -9690,7 +9762,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Bodo Moeller] *) Move openssl.cnf out of lib/. - [Ulf Möller] + [Ulf Möller] *) Fix various things to let OpenSSL even pass ``egcc -pipe -O2 -Wall -Wshadow -Wpointer-arith -Wcast-align -Wmissing-prototypes @@ -9747,10 +9819,10 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Ben Laurie] *) Support Borland C++ builder. - [Janez Jere <jj@void.si>, modified by Ulf Möller] + [Janez Jere <jj@void.si>, modified by Ulf Möller] *) Support Mingw32. - [Ulf Möller] + [Ulf Möller] *) SHA-1 cleanups and performance enhancements. [Andy Polyakov <appro@fy.chalmers.se>] @@ -9759,7 +9831,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Andy Polyakov <appro@fy.chalmers.se>] *) Accept any -xxx and +xxx compiler options in Configure. - [Ulf Möller] + [Ulf Möller] *) Update HPUX configuration. [Anonymous] @@ -9792,7 +9864,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Bodo Moeller] *) OAEP decoding bug fix. - [Ulf Möller] + [Ulf Möller] *) Support INSTALL_PREFIX for package builders, as proposed by David Harris. @@ -9815,21 +9887,21 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Niels Poppe <niels@netbox.org>] *) New Configure option no-<cipher> (rsa, idea, rc5, ...). - [Ulf Möller] + [Ulf Möller] *) Add the PKCS#12 API documentation to openssl.txt. Preliminary support for extension adding in x509 utility. [Steve Henson] *) Remove NOPROTO sections and error code comments. - [Ulf Möller] + [Ulf Möller] *) Partial rewrite of the DEF file generator to now parse the ANSI prototypes. [Steve Henson] *) New Configure options --prefix=DIR and --openssldir=DIR. - [Ulf Möller] + [Ulf Möller] *) Complete rewrite of the error code script(s). It is all now handled by one script at the top level which handles error code gathering, @@ -9858,7 +9930,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Steve Henson] *) Move the autogenerated header file parts to crypto/opensslconf.h. - [Ulf Möller] + [Ulf Möller] *) Fix new 56-bit DES export ciphersuites: they were using 7 bytes instead of 8 of keying material. Merlin has also confirmed interop with this fix @@ -9876,13 +9948,13 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Andy Polyakov <appro@fy.chalmers.se>] *) Change functions to ANSI C. - [Ulf Möller] + [Ulf Möller] *) Fix typos in error codes. - [Martin Kraemer <Martin.Kraemer@MchP.Siemens.De>, Ulf Möller] + [Martin Kraemer <Martin.Kraemer@MchP.Siemens.De>, Ulf Möller] *) Remove defunct assembler files from Configure. - [Ulf Möller] + [Ulf Möller] *) SPARC v8 assembler BIGNUM implementation. [Andy Polyakov <appro@fy.chalmers.se>] @@ -9919,7 +9991,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Steve Henson] *) New Configure option "rsaref". - [Ulf Möller] + [Ulf Möller] *) Don't auto-generate pem.h. [Bodo Moeller] @@ -9967,7 +10039,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) New functions DSA_do_sign and DSA_do_verify to provide access to the raw DSA values prior to ASN.1 encoding. - [Ulf Möller] + [Ulf Möller] *) Tweaks to Configure [Niels Poppe <niels@netbox.org>] @@ -9977,11 +10049,11 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Steve Henson] *) New variables $(RANLIB) and $(PERL) in the Makefiles. - [Ulf Möller] + [Ulf Möller] *) New config option to avoid instructions that are illegal on the 80386. The default code is faster, but requires at least a 486. - [Ulf Möller] + [Ulf Möller] *) Got rid of old SSL2_CLIENT_VERSION (inconsistently used) and SSL2_SERVER_VERSION (not used at all) macros, which are now the @@ -10520,7 +10592,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k Hagino <itojun@kame.net>] *) File was opened incorrectly in randfile.c. - [Ulf Möller <ulf@fitug.de>] + [Ulf Möller <ulf@fitug.de>] *) Beginning of support for GeneralizedTime. d2i, i2d, check and print functions. Also ASN1_TIME suite which is a CHOICE of UTCTime or @@ -10530,7 +10602,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Steve Henson] *) Correct Linux 1 recognition in config. - [Ulf Möller <ulf@fitug.de>] + [Ulf Möller <ulf@fitug.de>] *) Remove pointless MD5 hash when using DSA keys in ca. [Anonymous <nobody@replay.com>] @@ -10677,7 +10749,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Fix the RSA header declarations that hid a bug I fixed in 0.9.0b but was already fixed by Eric for 0.9.1 it seems. - [Ben Laurie - pointed out by Ulf Möller <ulf@fitug.de>] + [Ben Laurie - pointed out by Ulf Möller <ulf@fitug.de>] *) Autodetect FreeBSD3. [Ben Laurie] diff --git a/CONTRIBUTING b/CONTRIBUTING new file mode 100644 index 0000000..9d63d8a --- /dev/null +++ b/CONTRIBUTING @@ -0,0 +1,38 @@ +HOW TO CONTRIBUTE TO OpenSSL +---------------------------- + +Development is coordinated on the openssl-dev mailing list (see +http://www.openssl.org for information on subscribing). If you +would like to submit a patch, send it to rt@openssl.org with +the string "[PATCH]" in the subject. Please be sure to include a +textual explanation of what your patch does. + +You can also make GitHub pull requests. If you do this, please also send +mail to rt@openssl.org with a brief description and a link to the PR so +that we can more easily keep track of it. + +If you are unsure as to whether a feature will be useful for the general +OpenSSL community please discuss it on the openssl-dev mailing list first. +Someone may be already working on the same thing or there may be a good +reason as to why that feature isn't implemented. + +Patches should be as up to date as possible, preferably relative to the +current Git or the last snapshot. They should follow our coding style +(see https://www.openssl.org/policies/codingstyle.html) and compile without +warnings using the --strict-warnings flag. OpenSSL compiles on many varied +platforms: try to ensure you only use portable features. + +Our preferred format for patch files is "git format-patch" output. For example +to provide a patch file containing the last commit in your local git repository +use the following command: + +# git format-patch --stdout HEAD^ >mydiffs.patch + +Another method of creating an acceptable patch file without using git is as +follows: + +# cd openssl-work +# [your changes] +# ./Configure dist; make clean +# cd .. +# diff -ur openssl-orig openssl-work > mydiffs.patch @@ -416,6 +416,7 @@ my %table=( "linux-ia64-icc","icc:-DL_ENDIAN -O2 -Wall::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "linux-x86_64", "gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", "linux-x86_64-clang", "clang: -m64 -DL_ENDIAN -O3 -Wall -Wextra $clang_disabled_warnings -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"debug-linux-x86_64-clang", "clang: -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall -Wextra $clang_disabled_warnings -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", "linux-x86_64-icc", "icc:-DL_ENDIAN -O2::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", "linux-x32", "gcc:-mx32 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32", "linux64-s390x", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", @@ -1646,21 +1647,22 @@ if ($shlib_version_number =~ /(^[0-9]*)\.([0-9\.]*)/) $shlib_minor=$2; } +my $ecc = $cc; +$ecc = "clang" if `$cc --version 2>&1` =~ /clang/; + if ($strict_warnings) { - my $ecc = $cc; - $ecc = "clang" if `$cc --version 2>&1` =~ /clang/; my $wopt; die "ERROR --strict-warnings requires gcc or clang" unless ($ecc =~ /gcc$/ or $ecc =~ /clang$/); foreach $wopt (split /\s+/, $gcc_devteam_warn) { - $cflags .= " $wopt" unless ($cflags =~ /$wopt/) + $cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/) } if ($ecc eq "clang") { foreach $wopt (split /\s+/, $clang_devteam_warn) { - $cflags .= " $wopt" unless ($cflags =~ /$wopt/) + $cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/) } } } @@ -1713,6 +1715,7 @@ while (<IN>) s/^AR=\s*ar/AR= $ar/; s/^RANLIB=.*/RANLIB= $ranlib/; s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc"; + s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $ecc eq "gcc" || $ecc eq "clang"; } s/^CFLAG=.*$/CFLAG= $cflags/; s/^DEPFLAG=.*$/DEPFLAG=$depflags/; @@ -1,1053 +1,2 @@ -OpenSSL - Frequently Asked Questions --------------------------------------- - -[MISC] Miscellaneous questions - -* Which is the current version of OpenSSL? -* Where is the documentation? -* How can I contact the OpenSSL developers? -* Where can I get a compiled version of OpenSSL? -* Why aren't tools like 'autoconf' and 'libtool' used? -* What is an 'engine' version? -* How do I check the authenticity of the OpenSSL distribution? -* How does the versioning scheme work? - -[LEGAL] Legal questions - -* Do I need patent licenses to use OpenSSL? -* Can I use OpenSSL with GPL software? - -[USER] Questions on using the OpenSSL applications - -* Why do I get a "PRNG not seeded" error message? -* Why do I get an "unable to write 'random state'" error message? -* How do I create certificates or certificate requests? -* Why can't I create certificate requests? -* Why does <SSL program> fail with a certificate verify error? -* Why can I only use weak ciphers when I connect to a server using OpenSSL? -* How can I create DSA certificates? -* Why can't I make an SSL connection using a DSA certificate? -* How can I remove the passphrase on a private key? -* Why can't I use OpenSSL certificates with SSL client authentication? -* Why does my browser give a warning about a mismatched hostname? -* How do I install a CA certificate into a browser? -* Why is OpenSSL x509 DN output not conformant to RFC2253? -* What is a "128 bit certificate"? Can I create one with OpenSSL? -* Why does OpenSSL set the authority key identifier extension incorrectly? -* How can I set up a bundle of commercial root CA certificates? - -[BUILD] Questions about building and testing OpenSSL - -* Why does the linker complain about undefined symbols? -* Why does the OpenSSL test fail with "bc: command not found"? -* Why does the OpenSSL test fail with "bc: 1 no implemented"? -* Why does the OpenSSL test fail with "bc: stack empty"? -* Why does the OpenSSL compilation fail on Alpha Tru64 Unix? -* Why does the OpenSSL compilation fail with "ar: command not found"? -* Why does the OpenSSL compilation fail on Win32 with VC++? -* What is special about OpenSSL on Redhat? -* Why does the OpenSSL compilation fail on MacOS X? -* Why does the OpenSSL test suite fail on MacOS X? -* Why does the OpenSSL test suite fail in BN_sqr test [on a 64-bit platform]? -* Why does OpenBSD-i386 build fail on des-586.s with "Unimplemented segment type"? -* Why does the OpenSSL test suite fail in sha512t on x86 CPU? -* Why does compiler fail to compile sha512.c? -* Test suite still fails, what to do? -* I think I've found a bug, what should I do? -* I'm SURE I've found a bug, how do I report it? -* I've found a security issue, how do I report it? - -[PROG] Questions about programming with OpenSSL - -* Is OpenSSL thread-safe? -* I've compiled a program under Windows and it crashes: why? -* How do I read or write a DER encoded buffer using the ASN1 functions? -* OpenSSL uses DER but I need BER format: does OpenSSL support BER? -* I've tried using <M_some_evil_pkcs12_macro> and I get errors why? -* I've called <some function> and it fails, why? -* I just get a load of numbers for the error output, what do they mean? -* Why do I get errors about unknown algorithms? -* Why can't the OpenSSH configure script detect OpenSSL? -* Can I use OpenSSL's SSL library with non-blocking I/O? -* Why doesn't my server application receive a client certificate? -* Why does compilation fail due to an undefined symbol NID_uniqueIdentifier? -* I think I've detected a memory leak, is this a bug? -* Why does Valgrind complain about the use of uninitialized data? -* Why doesn't a memory BIO work when a file does? -* Where are the declarations and implementations of d2i_X509() etc? - -=============================================================================== - -[MISC] ======================================================================== - -* Which is the current version of OpenSSL? - -The current version is available from <URL: http://www.openssl.org>. -OpenSSL 1.0.1a was released on Apr 19th, 2012. - -In addition to the current stable release, you can also access daily -snapshots of the OpenSSL development version at <URL: -ftp://ftp.openssl.org/snapshot/>, or get it by anonymous Git access. - - -* Where is the documentation? - -OpenSSL is a library that provides cryptographic functionality to -applications such as secure web servers. Be sure to read the -documentation of the application you want to use. The INSTALL file -explains how to install this library. - -OpenSSL includes a command line utility that can be used to perform a -variety of cryptographic functions. It is described in the openssl(1) -manpage. Documentation for developers is currently being written. Many -manual pages are available; overviews over libcrypto and -libssl are given in the crypto(3) and ssl(3) manpages. - -The OpenSSL manpages are installed in /usr/local/ssl/man/ (or a -different directory if you specified one as described in INSTALL). -In addition, you can read the most current versions at -<URL: http://www.openssl.org/docs/>. Note that the online documents refer -to the very latest development versions of OpenSSL and may include features -not present in released versions. If in doubt refer to the documentation -that came with the version of OpenSSL you are using. The pod format -documentation is included in each OpenSSL distribution under the docs -directory. - -There is some documentation about certificate extensions and PKCS#12 -in doc/openssl.txt - -The original SSLeay documentation is included in OpenSSL as -doc/ssleay.txt. It may be useful when none of the other resources -help, but please note that it reflects the obsolete version SSLeay -0.6.6. - - -* How can I contact the OpenSSL developers? - -The README file describes how to submit bug reports and patches to -OpenSSL. Information on the OpenSSL mailing lists is available from -<URL: http://www.openssl.org>. - - -* Where can I get a compiled version of OpenSSL? - -You can finder pointers to binary distributions in -<URL: http://www.openssl.org/related/binaries.html> . - -Some applications that use OpenSSL are distributed in binary form. -When using such an application, you don't need to install OpenSSL -yourself; the application will include the required parts (e.g. DLLs). - -If you want to build OpenSSL on a Windows system and you don't have -a C compiler, read the "Mingw32" section of INSTALL.W32 for information -on how to obtain and install the free GNU C compiler. - -A number of Linux and *BSD distributions include OpenSSL. - - -* Why aren't tools like 'autoconf' and 'libtool' used? - -autoconf will probably be used in future OpenSSL versions. If it was -less Unix-centric, it might have been used much earlier. - -* What is an 'engine' version? - -With version 0.9.6 OpenSSL was extended to interface to external crypto -hardware. This was realized in a special release '0.9.6-engine'. With -version 0.9.7 the changes were merged into the main development line, -so that the special release is no longer necessary. - -* How do I check the authenticity of the OpenSSL distribution? - -We provide MD5 digests and ASC signatures of each tarball. -Use MD5 to check that a tarball from a mirror site is identical: - - md5sum TARBALL | awk '{print $1;}' | cmp - TARBALL.md5 - -You can check authenticity using pgp or gpg. You need the OpenSSL team -member public key used to sign it (download it from a key server, see a -list of keys at <URL: http://www.openssl.org/about/>). Then -just do: - - pgp TARBALL.asc - -* How does the versioning scheme work? - -After the release of OpenSSL 1.0.0 the versioning scheme changed. Letter -releases (e.g. 1.0.1a) can only contain bug and security fixes and no -new features. Minor releases change the last number (e.g. 1.0.2) and -can contain new features that retain binary compatibility. Changes to -the middle number are considered major releases and neither source nor -binary compatibility is guaranteed. - -Therefore the answer to the common question "when will feature X be -backported to OpenSSL 1.0.0/0.9.8?" is "never" but it could appear -in the next minor release. - -* What happens when the letter release reaches z? - -It was decided after the release of OpenSSL 0.9.8y the next version should -be 0.9.8za then 0.9.8zb and so on. - - -[LEGAL] ======================================================================= - -* Do I need patent licenses to use OpenSSL? - -For information on intellectual property rights, please consult a lawyer. -The OpenSSL team does not offer legal advice. - -You can configure OpenSSL so as not to use IDEA, MDC2 and RC5 by using - ./config no-idea no-mdc2 no-rc5 - - -* Can I use OpenSSL with GPL software? - -On many systems including the major Linux and BSD distributions, yes (the -GPL does not place restrictions on using libraries that are part of the -normal operating system distribution). - -On other systems, the situation is less clear. Some GPL software copyright -holders claim that you infringe on their rights if you use OpenSSL with -their software on operating systems that don't normally include OpenSSL. - -If you develop open source software that uses OpenSSL, you may find it -useful to choose an other license than the GPL, or state explicitly that -"This program is released under the GPL with the additional exemption that -compiling, linking, and/or using OpenSSL is allowed." If you are using -GPL software developed by others, you may want to ask the copyright holder -for permission to use their software with OpenSSL. - - -[USER] ======================================================================== - -* Why do I get a "PRNG not seeded" error message? - -Cryptographic software needs a source of unpredictable data to work -correctly. Many open source operating systems provide a "randomness -device" (/dev/urandom or /dev/random) that serves this purpose. -All OpenSSL versions try to use /dev/urandom by default; starting with -version 0.9.7, OpenSSL also tries /dev/random if /dev/urandom is not -available. - -On other systems, applications have to call the RAND_add() or -RAND_seed() function with appropriate data before generating keys or -performing public key encryption. (These functions initialize the -pseudo-random number generator, PRNG.) Some broken applications do -not do this. As of version 0.9.5, the OpenSSL functions that need -randomness report an error if the random number generator has not been -seeded with at least 128 bits of randomness. If this error occurs and -is not discussed in the documentation of the application you are -using, please contact the author of that application; it is likely -that it never worked correctly. OpenSSL 0.9.5 and later make the -error visible by refusing to perform potentially insecure encryption. - -If you are using Solaris 8, you can add /dev/urandom and /dev/random -devices by installing patch 112438 (Sparc) or 112439 (x86), which are -available via the Patchfinder at <URL: http://sunsolve.sun.com> -(Solaris 9 includes these devices by default). For /dev/random support -for earlier Solaris versions, see Sun's statement at -<URL: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski> -(the SUNWski package is available in patch 105710). - -On systems without /dev/urandom and /dev/random, it is a good idea to -use the Entropy Gathering Demon (EGD); see the RAND_egd() manpage for -details. Starting with version 0.9.7, OpenSSL will automatically look -for an EGD socket at /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool and -/etc/entropy. - -Most components of the openssl command line utility automatically try -to seed the random number generator from a file. The name of the -default seeding file is determined as follows: If environment variable -RANDFILE is set, then it names the seeding file. Otherwise if -environment variable HOME is set, then the seeding file is $HOME/.rnd. -If neither RANDFILE nor HOME is set, versions up to OpenSSL 0.9.6 will -use file .rnd in the current directory while OpenSSL 0.9.6a uses no -default seeding file at all. OpenSSL 0.9.6b and later will behave -similarly to 0.9.6a, but will use a default of "C:\" for HOME on -Windows systems if the environment variable has not been set. - -If the default seeding file does not exist or is too short, the "PRNG -not seeded" error message may occur. - -The openssl command line utility will write back a new state to the -default seeding file (and create this file if necessary) unless -there was no sufficient seeding. - -Pointing $RANDFILE to an Entropy Gathering Daemon socket does not work. -Use the "-rand" option of the OpenSSL command line tools instead. -The $RANDFILE environment variable and $HOME/.rnd are only used by the -OpenSSL command line tools. Applications using the OpenSSL library -provide their own configuration options to specify the entropy source, -please check out the documentation coming the with application. - - -* Why do I get an "unable to write 'random state'" error message? - - -Sometimes the openssl command line utility does not abort with -a "PRNG not seeded" error message, but complains that it is -"unable to write 'random state'". This message refers to the -default seeding file (see previous answer). A possible reason -is that no default filename is known because neither RANDFILE -nor HOME is set. (Versions up to 0.9.6 used file ".rnd" in the -current directory in this case, but this has changed with 0.9.6a.) - - -* How do I create certificates or certificate requests? - -Check out the CA.pl(1) manual page. This provides a simple wrapper round -the 'req', 'verify', 'ca' and 'pkcs12' utilities. For finer control check -out the manual pages for the individual utilities and the certificate -extensions documentation (in ca(1), req(1), x509v3_config(5) ) - - -* Why can't I create certificate requests? - -You typically get the error: - - unable to find 'distinguished_name' in config - problems making Certificate Request - -This is because it can't find the configuration file. Check out the -DIAGNOSTICS section of req(1) for more information. - - -* Why does <SSL program> fail with a certificate verify error? - -This problem is usually indicated by log messages saying something like -"unable to get local issuer certificate" or "self signed certificate". -When a certificate is verified its root CA must be "trusted" by OpenSSL -this typically means that the CA certificate must be placed in a directory -or file and the relevant program configured to read it. The OpenSSL program -'verify' behaves in a similar way and issues similar error messages: check -the verify(1) program manual page for more information. - - -* Why can I only use weak ciphers when I connect to a server using OpenSSL? - -This is almost certainly because you are using an old "export grade" browser -which only supports weak encryption. Upgrade your browser to support 128 bit -ciphers. - - -* How can I create DSA certificates? - -Check the CA.pl(1) manual page for a DSA certificate example. - - -* Why can't I make an SSL connection to a server using a DSA certificate? - -Typically you'll see a message saying there are no shared ciphers when -the same setup works fine with an RSA certificate. There are two possible -causes. The client may not support connections to DSA servers most web -browsers (including Netscape and MSIE) only support connections to servers -supporting RSA cipher suites. The other cause is that a set of DH parameters -has not been supplied to the server. DH parameters can be created with the -dhparam(1) command and loaded using the SSL_CTX_set_tmp_dh() for example: -check the source to s_server in apps/s_server.c for an example. - - -* How can I remove the passphrase on a private key? - -Firstly you should be really *really* sure you want to do this. Leaving -a private key unencrypted is a major security risk. If you decide that -you do have to do this check the EXAMPLES sections of the rsa(1) and -dsa(1) manual pages. - - -* Why can't I use OpenSSL certificates with SSL client authentication? - -What will typically happen is that when a server requests authentication -it will either not include your certificate or tell you that you have -no client certificates (Netscape) or present you with an empty list box -(MSIE). The reason for this is that when a server requests a client -certificate it includes a list of CAs names which it will accept. Browsers -will only let you select certificates from the list on the grounds that -there is little point presenting a certificate which the server will -reject. - -The solution is to add the relevant CA certificate to your servers "trusted -CA list". How you do this depends on the server software in uses. You can -print out the servers list of acceptable CAs using the OpenSSL s_client tool: - -openssl s_client -connect www.some.host:443 -prexit - -If your server only requests certificates on certain URLs then you may need -to manually issue an HTTP GET command to get the list when s_client connects: - -GET /some/page/needing/a/certificate.html - -If your CA does not appear in the list then this confirms the problem. - - -* Why does my browser give a warning about a mismatched hostname? - -Browsers expect the server's hostname to match the value in the commonName -(CN) field of the certificate. If it does not then you get a warning. - - -* How do I install a CA certificate into a browser? - -The usual way is to send the DER encoded certificate to the browser as -MIME type application/x-x509-ca-cert, for example by clicking on an appropriate -link. On MSIE certain extensions such as .der or .cacert may also work, or you -can import the certificate using the certificate import wizard. - -You can convert a certificate to DER form using the command: - -openssl x509 -in ca.pem -outform DER -out ca.der - -Occasionally someone suggests using a command such as: - -openssl pkcs12 -export -out cacert.p12 -in cacert.pem -inkey cakey.pem - -DO NOT DO THIS! This command will give away your CAs private key and -reduces its security to zero: allowing anyone to forge certificates in -whatever name they choose. - -* Why is OpenSSL x509 DN output not conformant to RFC2253? - -The ways to print out the oneline format of the DN (Distinguished Name) have -been extended in version 0.9.7 of OpenSSL. Using the new X509_NAME_print_ex() -interface, the "-nameopt" option could be introduded. See the manual -page of the "openssl x509" commandline tool for details. The old behaviour -has however been left as default for the sake of compatibility. - -* What is a "128 bit certificate"? Can I create one with OpenSSL? - -The term "128 bit certificate" is a highly misleading marketing term. It does -*not* refer to the size of the public key in the certificate! A certificate -containing a 128 bit RSA key would have negligible security. - -There were various other names such as "magic certificates", "SGC -certificates", "step up certificates" etc. - -You can't generally create such a certificate using OpenSSL but there is no -need to any more. Nowadays web browsers using unrestricted strong encryption -are generally available. - -When there were tight restrictions on the export of strong encryption -software from the US only weak encryption algorithms could be freely exported -(initially 40 bit and then 56 bit). It was widely recognised that this was -inadequate. A relaxation of the rules allowed the use of strong encryption but -only to an authorised server. - -Two slighly different techniques were developed to support this, one used by -Netscape was called "step up", the other used by MSIE was called "Server Gated -Cryptography" (SGC). When a browser initially connected to a server it would -check to see if the certificate contained certain extensions and was issued by -an authorised authority. If these test succeeded it would reconnect using -strong encryption. - -Only certain (initially one) certificate authorities could issue the -certificates and they generally cost more than ordinary certificates. - -Although OpenSSL can create certificates containing the appropriate extensions -the certificate would not come from a permitted authority and so would not -be recognized. - -The export laws were later changed to allow almost unrestricted use of strong -encryption so these certificates are now obsolete. - - -* Why does OpenSSL set the authority key identifier (AKID) extension incorrectly? - -It doesn't: this extension is often the cause of confusion. - -Consider a certificate chain A->B->C so that A signs B and B signs C. Suppose -certificate C contains AKID. - -The purpose of this extension is to identify the authority certificate B. This -can be done either by including the subject key identifier of B or its issuer -name and serial number. - -In this latter case because it is identifying certifcate B it must contain the -issuer name and serial number of B. - -It is often wrongly assumed that it should contain the subject name of B. If it -did this would be redundant information because it would duplicate the issuer -name of C. - - -* How can I set up a bundle of commercial root CA certificates? - -The OpenSSL software is shipped without any root CA certificate as the -OpenSSL project does not have any policy on including or excluding -any specific CA and does not intend to set up such a policy. Deciding -about which CAs to support is up to application developers or -administrators. - -Other projects do have other policies so you can for example extract the CA -bundle used by Mozilla and/or modssl as described in this article: - - <URL: http://www.mail-archive.com/modssl-users@modssl.org/msg16980.html> - - -[BUILD] ======================================================================= - -* Why does the linker complain about undefined symbols? - -Maybe the compilation was interrupted, and make doesn't notice that -something is missing. Run "make clean; make". - -If you used ./Configure instead of ./config, make sure that you -selected the right target. File formats may differ slightly between -OS versions (for example sparcv8/sparcv9, or a.out/elf). - -In case you get errors about the following symbols, use the config -option "no-asm", as described in INSTALL: - - BF_cbc_encrypt, BF_decrypt, BF_encrypt, CAST_cbc_encrypt, - CAST_decrypt, CAST_encrypt, RC4, RC5_32_cbc_encrypt, RC5_32_decrypt, - RC5_32_encrypt, bn_add_words, bn_div_words, bn_mul_add_words, - bn_mul_comba4, bn_mul_comba8, bn_mul_words, bn_sqr_comba4, - bn_sqr_comba8, bn_sqr_words, bn_sub_words, des_decrypt3, - des_ede3_cbc_encrypt, des_encrypt, des_encrypt2, des_encrypt3, - des_ncbc_encrypt, md5_block_asm_host_order, sha1_block_asm_data_order - -If none of these helps, you may want to try using the current snapshot. -If the problem persists, please submit a bug report. - - -* Why does the OpenSSL test fail with "bc: command not found"? - -You didn't install "bc", the Unix calculator. If you want to run the -tests, get GNU bc from ftp://ftp.gnu.org or from your OS distributor. - - -* Why does the OpenSSL test fail with "bc: 1 no implemented"? - -On some SCO installations or versions, bc has a bug that gets triggered -when you run the test suite (using "make test"). The message returned is -"bc: 1 not implemented". - -The best way to deal with this is to find another implementation of bc -and compile/install it. GNU bc (see <URL: http://www.gnu.org/software/software.html> -for download instructions) can be safely used, for example. - - -* Why does the OpenSSL test fail with "bc: stack empty"? - -On some DG/ux versions, bc seems to have a too small stack for calculations -that the OpenSSL bntest throws at it. This gets triggered when you run the -test suite (using "make test"). The message returned is "bc: stack empty". - -The best way to deal with this is to find another implementation of bc -and compile/install it. GNU bc (see <URL: http://www.gnu.org/software/software.html> -for download instructions) can be safely used, for example. - - -* Why does the OpenSSL compilation fail on Alpha Tru64 Unix? - -On some Alpha installations running Tru64 Unix and Compaq C, the compilation -of crypto/sha/sha_dgst.c fails with the message 'Fatal: Insufficient virtual -memory to continue compilation.' As far as the tests have shown, this may be -a compiler bug. What happens is that it eats up a lot of resident memory -to build something, probably a table. The problem is clearly in the -optimization code, because if one eliminates optimization completely (-O0), -the compilation goes through (and the compiler consumes about 2MB of resident -memory instead of 240MB or whatever one's limit is currently). - -There are three options to solve this problem: - -1. set your current data segment size soft limit higher. Experience shows -that about 241000 kbytes seems to be enough on an AlphaServer DS10. You do -this with the command 'ulimit -Sd nnnnnn', where 'nnnnnn' is the number of -kbytes to set the limit to. - -2. If you have a hard limit that is lower than what you need and you can't -get it changed, you can compile all of OpenSSL with -O0 as optimization -level. This is however not a very nice thing to do for those who expect to -get the best result from OpenSSL. A bit more complicated solution is the -following: - ------ snip:start ----- - make DIRS=crypto SDIRS=sha "`grep '^CFLAG=' Makefile.ssl | \ - sed -e 's/ -O[0-9] / -O0 /'`" - rm `ls crypto/*.o crypto/sha/*.o | grep -v 'sha_dgst\.o'` - make ------ snip:end ----- - -This will only compile sha_dgst.c with -O0, the rest with the optimization -level chosen by the configuration process. When the above is done, do the -test and installation and you're set. - -3. Reconfigure the toolkit with no-sha0 option to leave out SHA0. It -should not be used and is not used in SSL/TLS nor any other recognized -protocol in either case. - - -* Why does the OpenSSL compilation fail with "ar: command not found"? - -Getting this message is quite usual on Solaris 2, because Sun has hidden -away 'ar' and other development commands in directories that aren't in -$PATH by default. One of those directories is '/usr/ccs/bin'. The -quickest way to fix this is to do the following (it assumes you use sh -or any sh-compatible shell): - ------ snip:start ----- - PATH=${PATH}:/usr/ccs/bin; export PATH ------ snip:end ----- - -and then redo the compilation. What you should really do is make sure -'/usr/ccs/bin' is permanently in your $PATH, for example through your -'.profile' (again, assuming you use a sh-compatible shell). - - -* Why does the OpenSSL compilation fail on Win32 with VC++? - -Sometimes, you may get reports from VC++ command line (cl) that it -can't find standard include files like stdio.h and other weirdnesses. -One possible cause is that the environment isn't correctly set up. -To solve that problem for VC++ versions up to 6, one should run -VCVARS32.BAT which is found in the 'bin' subdirectory of the VC++ -installation directory (somewhere under 'Program Files'). For VC++ -version 7 (and up?), which is also called VS.NET, the file is called -VSVARS32.BAT instead. -This needs to be done prior to running NMAKE, and the changes are only -valid for the current DOS session. - - -* What is special about OpenSSL on Redhat? - -Red Hat Linux (release 7.0 and later) include a preinstalled limited -version of OpenSSL. Red Hat has chosen to disable support for IDEA, RC5 and -MDC2 in this version. The same may apply to other Linux distributions. -Users may therefore wish to install more or all of the features left out. - -To do this you MUST ensure that you do not overwrite the openssl that is in -/usr/bin on your Red Hat machine. Several packages depend on this file, -including sendmail and ssh. /usr/local/bin is a good alternative choice. The -libraries that come with Red Hat 7.0 onwards have different names and so are -not affected. (eg For Red Hat 7.2 they are /lib/libssl.so.0.9.6b and -/lib/libcrypto.so.0.9.6b with symlinks /lib/libssl.so.2 and -/lib/libcrypto.so.2 respectively). - -Please note that we have been advised by Red Hat attempting to recompile the -openssl rpm with all the cryptography enabled will not work. All other -packages depend on the original Red Hat supplied openssl package. It is also -worth noting that due to the way Red Hat supplies its packages, updates to -openssl on each distribution never change the package version, only the -build number. For example, on Red Hat 7.1, the latest openssl package has -version number 0.9.6 and build number 9 even though it contains all the -relevant updates in packages up to and including 0.9.6b. - -A possible way around this is to persuade Red Hat to produce a non-US -version of Red Hat Linux. - - -* Why does the OpenSSL compilation fail on MacOS X? - -If the failure happens when trying to build the "openssl" binary, with -a large number of undefined symbols, it's very probable that you have -OpenSSL 0.9.6b delivered with the operating system (you can find out by -running '/usr/bin/openssl version') and that you were trying to build -OpenSSL 0.9.7 or newer. The problem is that the loader ('ld') in -MacOS X has a misfeature that's quite difficult to go around. -Look in the file PROBLEMS for a more detailed explanation and for possible -solutions. - - -* Why does the OpenSSL test suite fail on MacOS X? - -If the failure happens when running 'make test' and the RC4 test fails, -it's very probable that you have OpenSSL 0.9.6b delivered with the -operating system (you can find out by running '/usr/bin/openssl version') -and that you were trying to build OpenSSL 0.9.6d. The problem is that -the loader ('ld') in MacOS X has a misfeature that's quite difficult to -go around and has linked the programs "openssl" and the test programs -with /usr/lib/libcrypto.dylib and /usr/lib/libssl.dylib instead of the -libraries you just built. -Look in the file PROBLEMS for a more detailed explanation and for possible -solutions. - -* Why does the OpenSSL test suite fail in BN_sqr test [on a 64-bit platform]? - -Failure in BN_sqr test is most likely caused by a failure to configure the -toolkit for current platform or lack of support for the platform in question. -Run './config -t' and './apps/openssl version -p'. Do these platform -identifiers match? If they don't, then you most likely failed to run -./config and you're hereby advised to do so before filing a bug report. -If ./config itself fails to run, then it's most likely problem with your -local environment and you should turn to your system administrator (or -similar). If identifiers match (and/or no alternative identifier is -suggested by ./config script), then the platform is unsupported. There might -or might not be a workaround. Most notably on SPARC64 platforms with GNU -C compiler you should be able to produce a working build by running -'./config -m32'. I understand that -m32 might not be what you want/need, -but the build should be operational. For further details turn to -<openssl-dev@openssl.org>. - -* Why does OpenBSD-i386 build fail on des-586.s with "Unimplemented segment type"? - -As of 0.9.7 assembler routines were overhauled for position independence -of the machine code, which is essential for shared library support. For -some reason OpenBSD is equipped with an out-of-date GNU assembler which -finds the new code offensive. To work around the problem, configure with -no-asm (and sacrifice a great deal of performance) or patch your assembler -according to <URL: http://www.openssl.org/~appro/gas-1.92.3.OpenBSD.patch>. -For your convenience a pre-compiled replacement binary is provided at -<URL: http://www.openssl.org/~appro/gas-1.92.3.static.aout.bin>. -Reportedly elder *BSD a.out platforms also suffer from this problem and -remedy should be same. Provided binary is statically linked and should be -working across wider range of *BSD branches, not just OpenBSD. - -* Why does the OpenSSL test suite fail in sha512t on x86 CPU? - -If the test program in question fails withs SIGILL, Illegal Instruction -exception, then you more than likely to run SSE2-capable CPU, such as -Intel P4, under control of kernel which does not support SSE2 -instruction extentions. See accompanying INSTALL file and -OPENSSL_ia32cap(3) documentation page for further information. - -* Why does compiler fail to compile sha512.c? - -OpenSSL SHA-512 implementation depends on compiler support for 64-bit -integer type. Few elder compilers [ULTRIX cc, SCO compiler to mention a -couple] lack support for this and therefore are incapable of compiling -the module in question. The recommendation is to disable SHA-512 by -adding no-sha512 to ./config [or ./Configure] command line. Another -possible alternative might be to switch to GCC. - -* Test suite still fails, what to do? - -Another common reason for failure to complete some particular test is -simply bad code generated by a buggy component in toolchain or deficiency -in run-time environment. There are few cases documented in PROBLEMS file, -consult it for possible workaround before you beat the drum. Even if you -don't find solution or even mention there, do reserve for possibility of -a compiler bug. Compiler bugs might appear in rather bizarre ways, they -never make sense, and tend to emerge when you least expect them. In order -to identify one, drop optimization level, e.g. by editing CFLAG line in -top-level Makefile, recompile and re-run the test. - -* I think I've found a bug, what should I do? - -If you are a new user then it is quite likely you haven't found a bug and -something is happening you aren't familiar with. Check this FAQ, the associated -documentation and the mailing lists for similar queries. If you are still -unsure whether it is a bug or not submit a query to the openssl-users mailing -list. - - -* I'm SURE I've found a bug, how do I report it? - -Bug reports with no security implications should be sent to the request -tracker. This can be done by mailing the report to <rt@openssl.org> (or its -alias <openssl-bugs@openssl.org>), please note that messages sent to the -request tracker also appear in the public openssl-dev mailing list. - -The report should be in plain text. Any patches should be sent as -plain text attachments because some mailers corrupt patches sent inline. -If your issue affects multiple versions of OpenSSL check any patches apply -cleanly and, if possible include patches to each affected version. - -The report should be given a meaningful subject line briefly summarising the -issue. Just "bug in OpenSSL" or "bug in OpenSSL 0.9.8n" is not very helpful. - -By sending reports to the request tracker the bug can then be given a priority -and assigned to the appropriate maintainer. The history of discussions can be -accessed and if the issue has been addressed or a reason why not. If patches -are only sent to openssl-dev they can be mislaid if a team member has to -wade through months of old messages to review the discussion. - -See also <URL: http://www.openssl.org/support/rt.html> - - -* I've found a security issue, how do I report it? - -If you think your bug has security implications then please send it to -openssl-security@openssl.org if you don't get a prompt reply at least -acknowledging receipt then resend or mail it directly to one of the -more active team members (e.g. Steve). - -Note that bugs only present in the openssl utility are not in general -considered to be security issues. - -[PROG] ======================================================================== - -* Is OpenSSL thread-safe? - -Yes (with limitations: an SSL connection may not concurrently be used -by multiple threads). On Windows and many Unix systems, OpenSSL -automatically uses the multi-threaded versions of the standard -libraries. If your platform is not one of these, consult the INSTALL -file. - -Multi-threaded applications must provide two callback functions to -OpenSSL by calling CRYPTO_set_locking_callback() and -CRYPTO_set_id_callback(), for all versions of OpenSSL up to and -including 0.9.8[abc...]. As of version 1.0.0, CRYPTO_set_id_callback() -and associated APIs are deprecated by CRYPTO_THREADID_set_callback() -and friends. This is described in the threads(3) manpage. - -* I've compiled a program under Windows and it crashes: why? - -This is usually because you've missed the comment in INSTALL.W32. -Your application must link against the same version of the Win32 -C-Runtime against which your openssl libraries were linked. The -default version for OpenSSL is /MD - "Multithreaded DLL". - -If you are using Microsoft Visual C++'s IDE (Visual Studio), in -many cases, your new project most likely defaulted to "Debug -Singlethreaded" - /ML. This is NOT interchangeable with /MD and your -program will crash, typically on the first BIO related read or write -operation. - -For each of the six possible link stage configurations within Win32, -your application must link against the same by which OpenSSL was -built. If you are using MS Visual C++ (Studio) this can be changed -by: - - 1. Select Settings... from the Project Menu. - 2. Select the C/C++ Tab. - 3. Select "Code Generation from the "Category" drop down list box - 4. Select the Appropriate library (see table below) from the "Use - run-time library" drop down list box. Perform this step for both - your debug and release versions of your application (look at the - top left of the settings panel to change between the two) - - Single Threaded /ML - MS VC++ often defaults to - this for the release - version of a new project. - Debug Single Threaded /MLd - MS VC++ often defaults to - this for the debug version - of a new project. - Multithreaded /MT - Debug Multithreaded /MTd - Multithreaded DLL /MD - OpenSSL defaults to this. - Debug Multithreaded DLL /MDd - -Note that debug and release libraries are NOT interchangeable. If you -built OpenSSL with /MD your application must use /MD and cannot use /MDd. - -As per 0.9.8 the above limitation is eliminated for .DLLs. OpenSSL -.DLLs compiled with some specific run-time option [we insist on the -default /MD] can be deployed with application compiled with different -option or even different compiler. But there is a catch! Instead of -re-compiling OpenSSL toolkit, as you would have to with prior versions, -you have to compile small C snippet with compiler and/or options of -your choice. The snippet gets installed as -<install-root>/include/openssl/applink.c and should be either added to -your application project or simply #include-d in one [and only one] -of your application source files. Failure to link this shim module -into your application manifests itself as fatal "no OPENSSL_Applink" -run-time error. An explicit reminder is due that in this situation -[mixing compiler options] it is as important to add CRYPTO_malloc_init -prior first call to OpenSSL. - -* How do I read or write a DER encoded buffer using the ASN1 functions? - -You have two options. You can either use a memory BIO in conjunction -with the i2d_*_bio() or d2i_*_bio() functions or you can use the -i2d_*(), d2i_*() functions directly. Since these are often the -cause of grief here are some code fragments using PKCS7 as an example: - - unsigned char *buf, *p; - int len; - - len = i2d_PKCS7(p7, NULL); - buf = OPENSSL_malloc(len); /* or Malloc, error checking omitted */ - p = buf; - i2d_PKCS7(p7, &p); - -At this point buf contains the len bytes of the DER encoding of -p7. - -The opposite assumes we already have len bytes in buf: - - unsigned char *p; - p = buf; - p7 = d2i_PKCS7(NULL, &p, len); - -At this point p7 contains a valid PKCS7 structure or NULL if an error -occurred. If an error occurred ERR_print_errors(bio) should give more -information. - -The reason for the temporary variable 'p' is that the ASN1 functions -increment the passed pointer so it is ready to read or write the next -structure. This is often a cause of problems: without the temporary -variable the buffer pointer is changed to point just after the data -that has been read or written. This may well be uninitialized data -and attempts to free the buffer will have unpredictable results -because it no longer points to the same address. - -Memory allocation and encoding can also be combined in a single -operation by the ASN1 routines: - - unsigned char *buf = NULL; /* mandatory */ - int len; - len = i2d_PKCS7(p7, &buf); - if (len < 0) - /* Error */ - /* Do some things with 'buf' */ - /* Finished with buf: free it */ - OPENSSL_free(buf); - -In this special case the "buf" parameter is *not* incremented, it points -to the start of the encoding. - - -* OpenSSL uses DER but I need BER format: does OpenSSL support BER? - -The short answer is yes, because DER is a special case of BER and OpenSSL -ASN1 decoders can process BER. - -The longer answer is that ASN1 structures can be encoded in a number of -different ways. One set of ways is the Basic Encoding Rules (BER) with various -permissible encodings. A restriction of BER is the Distinguished Encoding -Rules (DER): these uniquely specify how a given structure is encoded. - -Therefore, because DER is a special case of BER, DER is an acceptable encoding -for BER. - - -* I've tried using <M_some_evil_pkcs12_macro> and I get errors why? - -This usually happens when you try compiling something using the PKCS#12 -macros with a C++ compiler. There is hardly ever any need to use the -PKCS#12 macros in a program, it is much easier to parse and create -PKCS#12 files using the PKCS12_parse() and PKCS12_create() functions -documented in doc/openssl.txt and with examples in demos/pkcs12. The -'pkcs12' application has to use the macros because it prints out -debugging information. - - -* I've called <some function> and it fails, why? - -Before submitting a report or asking in one of the mailing lists, you -should try to determine the cause. In particular, you should call -ERR_print_errors() or ERR_print_errors_fp() after the failed call -and see if the message helps. Note that the problem may occur earlier -than you think -- you should check for errors after every call where -it is possible, otherwise the actual problem may be hidden because -some OpenSSL functions clear the error state. - - -* I just get a load of numbers for the error output, what do they mean? - -The actual format is described in the ERR_print_errors() manual page. -You should call the function ERR_load_crypto_strings() before hand and -the message will be output in text form. If you can't do this (for example -it is a pre-compiled binary) you can use the errstr utility on the error -code itself (the hex digits after the second colon). - - -* Why do I get errors about unknown algorithms? - -The cause is forgetting to load OpenSSL's table of algorithms with -OpenSSL_add_all_algorithms(). See the manual page for more information. This -can cause several problems such as being unable to read in an encrypted -PEM file, unable to decrypt a PKCS#12 file or signature failure when -verifying certificates. - -* Why can't the OpenSSH configure script detect OpenSSL? - -Several reasons for problems with the automatic detection exist. -OpenSSH requires at least version 0.9.5a of the OpenSSL libraries. -Sometimes the distribution has installed an older version in the system -locations that is detected instead of a new one installed. The OpenSSL -library might have been compiled for another CPU or another mode (32/64 bits). -Permissions might be wrong. - -The general answer is to check the config.log file generated when running -the OpenSSH configure script. It should contain the detailed information -on why the OpenSSL library was not detected or considered incompatible. - - -* Can I use OpenSSL's SSL library with non-blocking I/O? - -Yes; make sure to read the SSL_get_error(3) manual page! - -A pitfall to avoid: Don't assume that SSL_read() will just read from -the underlying transport or that SSL_write() will just write to it -- -it is also possible that SSL_write() cannot do any useful work until -there is data to read, or that SSL_read() cannot do anything until it -is possible to send data. One reason for this is that the peer may -request a new TLS/SSL handshake at any time during the protocol, -requiring a bi-directional message exchange; both SSL_read() and -SSL_write() will try to continue any pending handshake. - - -* Why doesn't my server application receive a client certificate? - -Due to the TLS protocol definition, a client will only send a certificate, -if explicitly asked by the server. Use the SSL_VERIFY_PEER flag of the -SSL_CTX_set_verify() function to enable the use of client certificates. - - -* Why does compilation fail due to an undefined symbol NID_uniqueIdentifier? - -For OpenSSL 0.9.7 the OID table was extended and corrected. In earlier -versions, uniqueIdentifier was incorrectly used for X.509 certificates. -The correct name according to RFC2256 (LDAP) is x500UniqueIdentifier. -Change your code to use the new name when compiling against OpenSSL 0.9.7. - - -* I think I've detected a memory leak, is this a bug? - -In most cases the cause of an apparent memory leak is an OpenSSL internal table -that is allocated when an application starts up. Since such tables do not grow -in size over time they are harmless. - -These internal tables can be freed up when an application closes using various -functions. Currently these include following: - -Thread-local cleanup functions: - - ERR_remove_state() - -Application-global cleanup functions that are aware of usage (and therefore -thread-safe): - - ENGINE_cleanup() and CONF_modules_unload() - -"Brutal" (thread-unsafe) Application-global cleanup functions: - - ERR_free_strings(), EVP_cleanup() and CRYPTO_cleanup_all_ex_data(). - - -* Why does Valgrind complain about the use of uninitialized data? - -When OpenSSL's PRNG routines are called to generate random numbers the supplied -buffer contents are mixed into the entropy pool: so it technically does not -matter whether the buffer is initialized at this point or not. Valgrind (and -other test tools) will complain about this. When using Valgrind, make sure the -OpenSSL library has been compiled with the PURIFY macro defined (-DPURIFY) -to get rid of these warnings. - - -* Why doesn't a memory BIO work when a file does? - -This can occur in several cases for example reading an S/MIME email message. -The reason is that a memory BIO can do one of two things when all the data -has been read from it. - -The default behaviour is to indicate that no more data is available and that -the call should be retried, this is to allow the application to fill up the BIO -again if necessary. - -Alternatively it can indicate that no more data is available and that EOF has -been reached. - -If a memory BIO is to behave in the same way as a file this second behaviour -is needed. This must be done by calling: - - BIO_set_mem_eof_return(bio, 0); - -See the manual pages for more details. - - -* Where are the declarations and implementations of d2i_X509() etc? - -These are defined and implemented by macros of the form: - - - DECLARE_ASN1_FUNCTIONS(X509) and IMPLEMENT_ASN1_FUNCTIONS(X509) - -The implementation passes an ASN1 "template" defining the structure into an -ASN1 interpreter using generalised functions such as ASN1_item_d2i(). - - -=============================================================================== +The FAQ is now maintained on the web: + https://www.openssl.org/docs/faq.html @@ -4,7 +4,7 @@ ## Makefile for OpenSSL ## -VERSION=1.0.2d +VERSION=1.0.2e MAJOR=1 MINOR=0.2 SHLIB_VERSION_NUMBER=1.0.0 @@ -205,7 +205,9 @@ CLEARENV= TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS} \ $${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS} \ $${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS} -BUILDENV= PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)' \ +# LC_ALL=C ensures that error [and other] messages are delivered in +# same language for uniform treatment. +BUILDENV= LC_ALL=C PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)'\ CC='$(CC)' CFLAG='$(CFLAG)' \ AS='$(CC)' ASFLAG='$(CFLAG) -c' \ AR='$(AR)' NM='$(NM)' RANLIB='$(RANLIB)' \ @@ -499,25 +501,28 @@ TABLE: Configure # would occur. Therefore the list of files is temporarily stored into a file # and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal # tar does not support the --files-from option. -tar: +TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list \ + --owner openssl:0 --group openssl:0 \ + --transform 's|^|openssl-$(VERSION)/|' \ + -cvf - + +../$(TARFILE).list: + find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \ + \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \ + \! -name '*test' \! -name '.#*' \! -name '*~' \ + | sort > ../$(TARFILE).list + +tar: ../$(TARFILE).list find . -type d -print | xargs chmod 755 find . -type f -print | xargs chmod a+r find . -type f -perm -0100 -print | xargs chmod a+x - find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \ - $(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \ - tardy --user_number=0 --user_name=openssl \ - --group_number=0 --group_name=openssl \ - --prefix=openssl-$(VERSION) - |\ - gzip --best >../$(TARFILE).gz; \ - rm -f ../$(TARFILE).list; \ + $(TAR_COMMAND) | gzip --best >../$(TARFILE).gz + rm -f ../$(TARFILE).list ls -l ../$(TARFILE).gz -tar-snap: - @$(TAR) $(TARFLAGS) -cvf - \ - `find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \! -name '*test' \! -name '.#*' \! -name '*~' | sort` |\ - tardy --user_number=0 --user_name=openssl \ - --group_number=0 --group_name=openssl \ - --prefix=openssl-$(VERSION) - > ../$(TARFILE);\ +tar-snap: ../$(TARFILE).list + $(TAR_COMMAND) > ../$(TARFILE) + rm -f ../$(TARFILE).list ls -l ../$(TARFILE) dist: diff --git a/Makefile.bak b/Makefile.bak index 9a3e50d..27eb08c 100644 --- a/Makefile.bak +++ b/Makefile.bak @@ -4,7 +4,7 @@ ## Makefile for OpenSSL ## -VERSION=1.0.2d-dev +VERSION=1.0.2e-dev MAJOR=1 MINOR=0.2 SHLIB_VERSION_NUMBER=1.0.0 @@ -205,7 +205,9 @@ CLEARENV= TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS} \ $${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS} \ $${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS} -BUILDENV= PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)' \ +# LC_ALL=C ensures that error [and other] messages are delivered in +# same language for uniform treatment. +BUILDENV= LC_ALL=C PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)'\ CC='$(CC)' CFLAG='$(CFLAG)' \ AS='$(CC)' ASFLAG='$(CFLAG) -c' \ AR='$(AR)' NM='$(NM)' RANLIB='$(RANLIB)' \ @@ -499,25 +501,28 @@ TABLE: Configure # would occur. Therefore the list of files is temporarily stored into a file # and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal # tar does not support the --files-from option. -tar: +TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list \ + --owner openssl:0 --group openssl:0 \ + --transform 's|^|openssl-$(VERSION)/|' \ + -cvf - + +../$(TARFILE).list: + find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \ + \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \ + \! -name '*test' \! -name '.#*' \! -name '*~' \ + | sort > ../$(TARFILE).list + +tar: ../$(TARFILE).list find . -type d -print | xargs chmod 755 find . -type f -print | xargs chmod a+r find . -type f -perm -0100 -print | xargs chmod a+x - find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \ - $(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \ - tardy --user_number=0 --user_name=openssl \ - --group_number=0 --group_name=openssl \ - --prefix=openssl-$(VERSION) - |\ - gzip --best >../$(TARFILE).gz; \ - rm -f ../$(TARFILE).list; \ + $(TAR_COMMAND) | gzip --best >../$(TARFILE).gz + rm -f ../$(TARFILE).list ls -l ../$(TARFILE).gz -tar-snap: - @$(TAR) $(TARFLAGS) -cvf - \ - `find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \! -name '*test' \! -name '.#*' \! -name '*~' | sort` |\ - tardy --user_number=0 --user_name=openssl \ - --group_number=0 --group_name=openssl \ - --prefix=openssl-$(VERSION) - > ../$(TARFILE);\ +tar-snap: ../$(TARFILE).list + $(TAR_COMMAND) > ../$(TARFILE) + rm -f ../$(TARFILE).list ls -l ../$(TARFILE) dist: diff --git a/Makefile.org b/Makefile.org index d77e264..0333644 100644 --- a/Makefile.org +++ b/Makefile.org @@ -203,7 +203,9 @@ CLEARENV= TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS} \ $${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS} \ $${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS} -BUILDENV= PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)' \ +# LC_ALL=C ensures that error [and other] messages are delivered in +# same language for uniform treatment. +BUILDENV= LC_ALL=C PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)'\ CC='$(CC)' CFLAG='$(CFLAG)' \ AS='$(CC)' ASFLAG='$(CFLAG) -c' \ AR='$(AR)' NM='$(NM)' RANLIB='$(RANLIB)' \ @@ -497,25 +499,28 @@ TABLE: Configure # would occur. Therefore the list of files is temporarily stored into a file # and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal # tar does not support the --files-from option. -tar: +TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list \ + --owner openssl:0 --group openssl:0 \ + --transform 's|^|openssl-$(VERSION)/|' \ + -cvf - + +../$(TARFILE).list: + find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \ + \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \ + \! -name '*test' \! -name '.#*' \! -name '*~' \ + | sort > ../$(TARFILE).list + +tar: ../$(TARFILE).list find . -type d -print | xargs chmod 755 find . -type f -print | xargs chmod a+r find . -type f -perm -0100 -print | xargs chmod a+x - find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \ - $(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \ - tardy --user_number=0 --user_name=openssl \ - --group_number=0 --group_name=openssl \ - --prefix=openssl-$(VERSION) - |\ - gzip --best >../$(TARFILE).gz; \ - rm -f ../$(TARFILE).list; \ + $(TAR_COMMAND) | gzip --best >../$(TARFILE).gz + rm -f ../$(TARFILE).list ls -l ../$(TARFILE).gz -tar-snap: - @$(TAR) $(TARFLAGS) -cvf - \ - `find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \! -name '*test' \! -name '.#*' \! -name '*~' | sort` |\ - tardy --user_number=0 --user_name=openssl \ - --group_number=0 --group_name=openssl \ - --prefix=openssl-$(VERSION) - > ../$(TARFILE);\ +tar-snap: ../$(TARFILE).list + $(TAR_COMMAND) > ../$(TARFILE) + rm -f ../$(TARFILE).list ls -l ../$(TARFILE) dist: @@ -5,9 +5,19 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 1.0.2d and OpenSSL 1.0.2e [3 Dec 2015] + + o BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193) + o Certificate verify crash with missing PSS parameter (CVE-2015-3194) + o X509_ATTRIBUTE memory leak (CVE-2015-3195) + o Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs + o In DSA_generate_parameters_ex, if the provided seed is too short, + return an error + Major changes between OpenSSL 1.0.2c and OpenSSL 1.0.2d [9 Jul 2015] o Alternate chains certificate forgery (CVE-2015-1793) + o Race condition handling PSK identify hint (CVE-2015-3196) Major changes between OpenSSL 1.0.2b and OpenSSL 1.0.2c [12 Jun 2015] @@ -1,7 +1,7 @@ - OpenSSL 1.0.2d 9 Jul 2015 + OpenSSL 1.0.2e 3 Dec 2015 - Copyright (c) 1998-2011 The OpenSSL Project + Copyright (c) 1998-2015 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson All rights reserved. @@ -10,17 +10,17 @@ The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, fully featured, and Open Source toolkit implementing the - Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) - protocols as well as a full-strength general purpose cryptography library. - The project is managed by a worldwide community of volunteers that use the - Internet to communicate, plan, and develop the OpenSSL toolkit and its - related documentation. + Secure Sockets Layer (SSLv3) and Transport Layer Security (TLS) protocols as + well as a full-strength general purpose cryptograpic library. The project is + managed by a worldwide community of volunteers that use the Internet to + communicate, plan, and develop the OpenSSL toolkit and its related + documentation. - OpenSSL is based on the excellent SSLeay library developed from Eric A. Young + OpenSSL is descended from the SSLeay library developed by Eric A. Young and Tim J. Hudson. The OpenSSL toolkit is licensed under a dual-license (the - OpenSSL license plus the SSLeay license) situation, which basically means - that you are free to get and use it for commercial and non-commercial - purposes as long as you fulfill the conditions of both licenses. + OpenSSL license plus the SSLeay license), which means that you are free to + get and use it for commercial and non-commercial purposes as long as you + fulfill the conditions of both licenses. OVERVIEW -------- @@ -28,90 +28,39 @@ The OpenSSL toolkit includes: libssl.a: - Implementation of SSLv2, SSLv3, TLSv1 and the required code to support - both SSLv2, SSLv3 and TLSv1 in the one server and client. + Provides the client and server-side implementations for SSLv3 and TLS. libcrypto.a: - General encryption and X.509 v1/v3 stuff needed by SSL/TLS but not - actually logically part of it. It includes routines for the following: - - Ciphers - libdes - EAY's libdes DES encryption package which was floating - around the net for a few years, and was then relicensed by - him as part of SSLeay. It includes 15 'modes/variations' - of DES (1, 2 and 3 key versions of ecb, cbc, cfb and ofb; - pcbc and a more general form of cfb and ofb) including desx - in cbc mode, a fast crypt(3), and routines to read - passwords from the keyboard. - RC4 encryption, - RC2 encryption - 4 different modes, ecb, cbc, cfb and ofb. - Blowfish encryption - 4 different modes, ecb, cbc, cfb and ofb. - IDEA encryption - 4 different modes, ecb, cbc, cfb and ofb. - - Digests - MD5 and MD2 message digest algorithms, fast implementations, - SHA (SHA-0) and SHA-1 message digest algorithms, - MDC2 message digest. A DES based hash that is popular on smart cards. - - Public Key - RSA encryption/decryption/generation. - There is no limit on the number of bits. - DSA encryption/decryption/generation. - There is no limit on the number of bits. - Diffie-Hellman key-exchange/key generation. - There is no limit on the number of bits. - - X.509v3 certificates - X509 encoding/decoding into/from binary ASN1 and a PEM - based ASCII-binary encoding which supports encryption with a - private key. Program to generate RSA and DSA certificate - requests and to generate RSA and DSA certificates. - - Systems - The normal digital envelope routines and base64 encoding. Higher - level access to ciphers and digests by name. New ciphers can be - loaded at run time. The BIO io system which is a simple non-blocking - IO abstraction. Current methods supported are file descriptors, - sockets, socket accept, socket connect, memory buffer, buffering, SSL - client/server, file pointer, encryption, digest, non-blocking testing - and null. - - Data structures - A dynamically growing hashing system - A simple stack. - A Configuration loader that uses a format similar to MS .ini files. + Provides general cryptographic and X.509 support needed by SSL/TLS but + not logically part of it. openssl: A command line tool that can be used for: - Creation of RSA, DH and DSA key parameters + Creation of key parameters Creation of X.509 certificates, CSRs and CRLs - Calculation of Message Digests - Encryption and Decryption with Ciphers - SSL/TLS Client and Server Tests + Calculation of message digests + Encryption and decryption + SSL/TLS client and server tests Handling of S/MIME signed or encrypted mail + And more... INSTALLATION ------------ - To install this package under a Unix derivative, read the INSTALL file. For - a Win32 platform, read the INSTALL.W32 file. For OpenVMS systems, read - INSTALL.VMS. - - Read the documentation in the doc/ directory. It is quite rough, but it - lists the functions; you will probably have to look at the code to work out - how to use them. Look at the example programs. - - PROBLEMS - -------- - - For some platforms, there are some known problems that may affect the user - or application author. We try to collect those in doc/PROBLEMS, with current - thoughts on how they should be solved in a future of OpenSSL. + See the appropriate file: + INSTALL Linux, Unix, etc. + INSTALL.DJGPP DOS platform with DJGPP + INSTALL.NW Netware + INSTALL.OS2 OS/2 + INSTALL.VMS VMS + INSTALL.W32 Windows (32bit) + INSTALL.W64 Windows (64bit) + INSTALL.WCE Windows CE SUPPORT ------- - See the OpenSSL website www.openssl.org for details of how to obtain + See the OpenSSL website www.openssl.org for details on how to obtain commercial technical support. If you have any problems with OpenSSL then please take the following steps @@ -137,56 +86,33 @@ Email the report to: - openssl-bugs@openssl.org + rt@openssl.org + + In order to avoid spam, this is a moderated mailing list, and it might + take a day for the ticket to show up. (We also scan posts to make sure + that security disclosures aren't publically posted by mistake.) Mail to + this address is recorded in the public RT (request tracker) database (see + https://www.openssl.org/support/rt.html for details) and also forwarded + the public openssl-dev mailing list. Confidential mail may be sent to + openssl-security@openssl.org (PGP key available from the key servers). - Note that the request tracker should NOT be used for general assistance - or support queries. Just because something doesn't work the way you expect - does not mean it is necessarily a bug in OpenSSL. + Please do NOT use this for general assistance or support queries. + Just because something doesn't work the way you expect does not mean it + is necessarily a bug in OpenSSL. - Note that mail to openssl-bugs@openssl.org is recorded in the public - request tracker database (see https://www.openssl.org/support/rt.html - for details) and also forwarded to a public mailing list. Confidential - mail may be sent to openssl-security@openssl.org (PGP key available from - the key servers). + You can also make GitHub pull requests. If you do this, please also send + mail to rt@openssl.org with a link to the PR so that we can more easily + keep track of it. HOW TO CONTRIBUTE TO OpenSSL ---------------------------- - Development is coordinated on the openssl-dev mailing list (see - http://www.openssl.org for information on subscribing). If you - would like to submit a patch, send it to openssl-bugs@openssl.org with - the string "[PATCH]" in the subject. Please be sure to include a - textual explanation of what your patch does. - - If you are unsure as to whether a feature will be useful for the general - OpenSSL community please discuss it on the openssl-dev mailing list first. - Someone may be already working on the same thing or there may be a good - reason as to why that feature isn't implemented. - - Patches should be as up to date as possible, preferably relative to the - current Git or the last snapshot. They should follow the coding style of - OpenSSL and compile without warnings. Some of the core team developer targets - can be used for testing purposes, (debug-steve64, debug-geoff etc). OpenSSL - compiles on many varied platforms: try to ensure you only use portable - features. - - Note: For legal reasons, contributions from the US can be accepted only - if a TSU notification and a copy of the patch are sent to crypt@bis.doc.gov - (formerly BXA) with a copy to the ENC Encryption Request Coordinator; - please take some time to look at - http://www.bis.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html [sic] - and - http://w3.access.gpo.gov/bis/ear/pdf/740.pdf (EAR Section 740.13(e)) - for the details. If "your encryption source code is too large to serve as - an email attachment", they are glad to receive it by fax instead; hope you - have a cheap long-distance plan. - - Our preferred format for changes is "diff -u" output. You might - generate it like this: - - # cd openssl-work - # [your changes] - # ./Configure dist; make clean - # cd .. - # diff -ur openssl-orig openssl-work > mydiffs.patch + See CONTRIBUTING + + LEGALITIES + ---------- + A number of nations, in particular the U.S., restrict the use or export + of cryptography. If you are potentially subject to such restrictions + you should seek competent professional legal advice before attempting to + develop or distribute cryptographic code. diff --git a/apps/Makefile b/apps/Makefile index cafe554..8c3297e 100644 --- a/apps/Makefile +++ b/apps/Makefile @@ -135,7 +135,7 @@ update: openssl-vms.cnf local_depend depend: local_depend @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi local_depend: - @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \ + @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --git a/apps/app_rand.c b/apps/app_rand.c index 595fc78..7f40bba 100644 --- a/apps/app_rand.c +++ b/apps/app_rand.c @@ -124,10 +124,7 @@ int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn) char buffer[200]; #ifdef OPENSSL_SYS_WINDOWS - BIO_printf(bio_e, "Loading 'screen' into random state -"); - BIO_flush(bio_e); RAND_screen(); - BIO_printf(bio_e, " done\n"); #endif if (file == NULL) diff --git a/apps/apps.c b/apps/apps.c index 7478fc3..2e77805 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -119,9 +119,6 @@ #include <stdio.h> #include <stdlib.h> #include <string.h> -#if !defined(OPENSSL_SYSNAME_WIN32) && !defined(OPENSSL_SYSNAME_WINCE) && !defined(NETWARE_CLIB) -# include <strings.h> -#endif #include <sys/types.h> #include <ctype.h> #include <errno.h> @@ -1352,7 +1349,11 @@ int set_name_ex(unsigned long *flags, const char *arg) {"ca_default", XN_FLAG_MULTILINE, 0xffffffffL}, {NULL, 0, 0} }; - return set_multi_opts(flags, arg, ex_tbl); + if (set_multi_opts(flags, arg, ex_tbl) == 0) + return 0; + if ((*flags & XN_FLAG_SEP_MASK) == 0) + *flags |= XN_FLAG_SEP_CPLUS_SPC; + return 1; } int set_ext_copy(int *copy_type, const char *arg) diff --git a/apps/asn1pars.c b/apps/asn1pars.c index 11b0787..0a6b990 100644 --- a/apps/asn1pars.c +++ b/apps/asn1pars.c @@ -313,9 +313,9 @@ int MAIN(int argc, char **argv) } typ = ASN1_TYPE_get(at); if ((typ == V_ASN1_OBJECT) + || (typ == V_ASN1_BOOLEAN) || (typ == V_ASN1_NULL)) { - BIO_printf(bio_err, "Can't parse %s type\n", - typ == V_ASN1_NULL ? "NULL" : "OBJECT"); + BIO_printf(bio_err, "Can't parse %s type\n", ASN1_tag2str(typ)); ERR_print_errors(bio_err); goto end; } @@ -99,25 +99,19 @@ #undef PROG #define PROG ca_main -#define BASE_SECTION "ca" -#define CONFIG_FILE "openssl.cnf" +#define BASE_SECTION "ca" +#define CONFIG_FILE "openssl.cnf" #define ENV_DEFAULT_CA "default_ca" -#define STRING_MASK "string_mask" +#define STRING_MASK "string_mask" #define UTF8_IN "utf8" -#define ENV_DIR "dir" -#define ENV_CERTS "certs" -#define ENV_CRL_DIR "crl_dir" -#define ENV_CA_DB "CA_DB" #define ENV_NEW_CERTS_DIR "new_certs_dir" #define ENV_CERTIFICATE "certificate" #define ENV_SERIAL "serial" #define ENV_CRLNUMBER "crlnumber" -#define ENV_CRL "crl" #define ENV_PRIVATE_KEY "private_key" -#define ENV_RANDFILE "RANDFILE" #define ENV_DEFAULT_DAYS "default_days" #define ENV_DEFAULT_STARTDATE "default_startdate" #define ENV_DEFAULT_ENDDATE "default_enddate" @@ -2538,6 +2532,8 @@ static int do_updatedb(CA_DB *db) char **rrow, *a_tm_s; a_tm = ASN1_UTCTIME_new(); + if (a_tm == NULL) + return -1; /* get actual time and make a string */ a_tm = X509_gmtime_adj(a_tm, 0); diff --git a/apps/ecparam.c b/apps/ecparam.c index 06ac77b..71b67f4 100644 --- a/apps/ecparam.c +++ b/apps/ecparam.c @@ -416,14 +416,13 @@ int MAIN(int argc, char **argv) } if (check) { - if (group == NULL) - BIO_printf(bio_err, "no elliptic curve parameters\n"); BIO_printf(bio_err, "checking elliptic curve parameters: "); if (!EC_GROUP_check(group, NULL)) { BIO_printf(bio_err, "failed\n"); ERR_print_errors(bio_err); - } else - BIO_printf(bio_err, "ok\n"); + goto end; + } + BIO_printf(bio_err, "ok\n"); } diff --git a/apps/engine.c b/apps/engine.c index 3d70cac..460ec60 100644 --- a/apps/engine.c +++ b/apps/engine.c @@ -99,8 +99,6 @@ static void identity(char *ptr) static int append_buf(char **buf, const char *s, int *size, int step) { - int l = strlen(s); - if (*buf == NULL) { *size = step; *buf = OPENSSL_malloc(*size); @@ -109,9 +107,6 @@ static int append_buf(char **buf, const char *s, int *size, int step) **buf = '\0'; } - if (**buf != '\0') - l += 2; /* ", " */ - if (strlen(*buf) + strlen(s) >= (unsigned int)*size) { *size += step; *buf = OPENSSL_realloc(*buf, *size); @@ -1 +1 @@ -../crypto/md4/md4.c
\ No newline at end of file +openssl-1.0.2e/../crypto/md4/md4.c
\ No newline at end of file diff --git a/apps/ocsp.c b/apps/ocsp.c index 926083d..6ed255d 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -1261,8 +1261,8 @@ static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, const char *path, return NULL; } - if (BIO_get_fd(cbio, &fd) <= 0) { - BIO_puts(err, "Can't get connection fd\n"); + if (BIO_get_fd(cbio, &fd) < 0) { + BIO_puts(bio_err, "Can't get connection fd\n"); goto err; } diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 4ff6449..e41b445 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -134,13 +134,6 @@ int MAIN(int argc, char **argv) apps_startup(); -# ifdef OPENSSL_FIPS - if (FIPS_mode()) - cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; - else -# endif - cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC; - enc = EVP_des_ede3_cbc(); if (bio_err == NULL) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); @@ -148,6 +141,13 @@ int MAIN(int argc, char **argv) if (!load_config(bio_err, NULL)) goto end; +# ifdef OPENSSL_FIPS + if (FIPS_mode()) + cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; + else +# endif + cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC; + args = argv + 1; while (*args) { diff --git a/apps/s_cb.c b/apps/s_cb.c index dd3aa74..5b5e711 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -981,6 +981,11 @@ void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type, extname = "next protocol"; break; #endif +#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation + case TLSEXT_TYPE_application_layer_protocol_negotiation: + extname = "application layer protocol negotiation"; + break; +#endif case TLSEXT_TYPE_padding: extname = "TLS padding"; diff --git a/apps/s_client.c b/apps/s_client.c index e55f2c5..f80711f 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -424,6 +424,14 @@ static void sc_usage(void) " -no_ticket - disable use of RFC4507bis session tickets\n"); BIO_printf(bio_err, " -serverinfo types - send empty ClientHello extensions (comma-separated numbers)\n"); + BIO_printf(bio_err, + " -curves arg - Elliptic curves to advertise (colon-separated list)\n"); + BIO_printf(bio_err, + " -sigalgs arg - Signature algorithms to support (colon-separated list)\n"); + BIO_printf(bio_err, + " -client_sigalgs arg - Signature algorithms to support for client\n"); + BIO_printf(bio_err, + " certificate authentication (colon-separated list)\n"); #endif #ifndef OPENSSL_NO_NEXTPROTONEG BIO_printf(bio_err, @@ -2065,6 +2073,9 @@ int MAIN(int argc, char **argv) sk_X509_pop_free(chain, X509_free); if (pass) OPENSSL_free(pass); +#ifndef OPENSSL_NO_SRP + OPENSSL_free(srp_arg.srppassin); +#endif if (vpm) X509_VERIFY_PARAM_free(vpm); ssl_excert_free(exc); diff --git a/apps/s_server.c b/apps/s_server.c index acef382..f19532b 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -652,6 +652,12 @@ static void sv_usage(void) " -no_ticket - disable use of RFC4507bis session tickets\n"); BIO_printf(bio_err, " -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n"); + BIO_printf(bio_err, + " -sigalgs arg - Signature algorithms to support (colon-separated list)\n"); + BIO_printf(bio_err, + " -client_sigalgs arg - Signature algorithms to support for client \n"); + BIO_printf(bio_err, + " certificate authentication (colon-separated list)\n"); # ifndef OPENSSL_NO_NEXTPROTONEG BIO_printf(bio_err, " -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)\n"); @@ -2881,6 +2887,21 @@ static int www_body(char *hostname, int s, int stype, unsigned char *context) goto err; } else { BIO_printf(bio_s_out, "read R BLOCK\n"); +#ifndef OPENSSL_NO_SRP + if (BIO_should_io_special(io) + && BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) { + BIO_printf(bio_s_out, "LOOKUP renego during read\n"); + srp_callback_parm.user = + SRP_VBASE_get_by_user(srp_callback_parm.vb, + srp_callback_parm.login); + if (srp_callback_parm.user) + BIO_printf(bio_s_out, "LOOKUP done %s\n", + srp_callback_parm.user->info); + else + BIO_printf(bio_s_out, "LOOKUP not successful\n"); + continue; + } +#endif #if defined(OPENSSL_SYS_NETWARE) delay(1000); #elif !defined(OPENSSL_SYS_MSDOS) && !defined(__DJGPP__) @@ -3211,6 +3232,21 @@ static int rev_body(char *hostname, int s, int stype, unsigned char *context) ERR_print_errors(bio_err); goto end; } +#ifndef OPENSSL_NO_SRP + if (BIO_should_io_special(io) + && BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) { + BIO_printf(bio_s_out, "LOOKUP renego during accept\n"); + srp_callback_parm.user = + SRP_VBASE_get_by_user(srp_callback_parm.vb, + srp_callback_parm.login); + if (srp_callback_parm.user) + BIO_printf(bio_s_out, "LOOKUP done %s\n", + srp_callback_parm.user->info); + else + BIO_printf(bio_s_out, "LOOKUP not successful\n"); + continue; + } +#endif } BIO_printf(bio_err, "CONNECTION ESTABLISHED\n"); print_ssl_summary(bio_err, con); @@ -3224,6 +3260,21 @@ static int rev_body(char *hostname, int s, int stype, unsigned char *context) goto err; } else { BIO_printf(bio_s_out, "read R BLOCK\n"); +#ifndef OPENSSL_NO_SRP + if (BIO_should_io_special(io) + && BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) { + BIO_printf(bio_s_out, "LOOKUP renego during read\n"); + srp_callback_parm.user = + SRP_VBASE_get_by_user(srp_callback_parm.vb, + srp_callback_parm.login); + if (srp_callback_parm.user) + BIO_printf(bio_s_out, "LOOKUP done %s\n", + srp_callback_parm.user->info); + else + BIO_printf(bio_s_out, "LOOKUP not successful\n"); + continue; + } +#endif #if defined(OPENSSL_SYS_NETWARE) delay(1000); #elif !defined(OPENSSL_SYS_MSDOS) && !defined(__DJGPP__) diff --git a/appveyor.yml b/appveyor.yml new file mode 100644 index 0000000..8695359 --- /dev/null +++ b/appveyor.yml @@ -0,0 +1,60 @@ +platform: + - x86 + - x64 + +environment: + matrix: + - VSVER: 9 + - VSVER: 10 + - VSVER: 11 + - VSVER: 12 + - VSVER: 14 + +configuration: + - plain + - shared + +matrix: + allow_failures: + - platform: x64 + VSVER: 9 + - platform: x64 + VSVER: 10 + - platform: x64 + VSVER: 11 + +before_build: + - ps: >- + If ($env:Platform -Match "x86") { + $env:VCVARS_PLATFORM="x86" + $env:TARGET="VC-WIN32" + $env:DO="do_ms" + } Else { + $env:VCVARS_PLATFORM="amd64" + $env:TARGET="VC-WIN64A" + $env:DO="do_win64a" + } + - ps: >- + If ($env:Configuration -Like "*shared*") { + $env:MAK="ntdll.mak" + } Else { + $env:MAK="nt.mak" + } + - ps: $env:VSCOMNTOOLS=(Get-Content ("env:VS" + "$env:VSVER" + "0COMNTOOLS")) + - call "%VSCOMNTOOLS%\..\..\VC\vcvarsall.bat" %VCVARS_PLATFORM% + - perl Configure %TARGET% no-asm + - call ms\%DO% + +build_script: + - nmake /f ms\%MAK% + +test_script: + - nmake /f ms\%MAK% test + +notifications: + - provider: Email + to: + - openssl-commits@openssl.org + on_build_success: false + on_build_failure: true + on_build_status_changed: true diff --git a/crypto/aes/asm/aes-586.pl b/crypto/aes/asm/aes-586.pl index 451d0e0..60286ec 100755 --- a/crypto/aes/asm/aes-586.pl +++ b/crypto/aes/asm/aes-586.pl @@ -45,7 +45,7 @@ # the undertaken effort was that it appeared that in tight IA-32 # register window little-endian flavor could achieve slightly higher # Instruction Level Parallelism, and it indeed resulted in up to 15% -# better performance on most recent µ-archs... +# better performance on most recent µ-archs... # # Third version adds AES_cbc_encrypt implementation, which resulted in # up to 40% performance imrovement of CBC benchmark results. 40% was @@ -224,7 +224,7 @@ sub _data_word() { my $i; while(defined($i=shift)) { &data_word($i,$i); } } $speed_limit=512; # chunks smaller than $speed_limit are # processed with compact routine in CBC mode $small_footprint=1; # $small_footprint=1 code is ~5% slower [on - # recent µ-archs], but ~5 times smaller! + # recent µ-archs], but ~5 times smaller! # I favor compact code to minimize cache # contention and in hope to "collect" 5% back # in real-life applications... @@ -565,7 +565,7 @@ sub enctransform() # Performance is not actually extraordinary in comparison to pure # x86 code. In particular encrypt performance is virtually the same. # Decrypt performance on the other hand is 15-20% better on newer -# µ-archs [but we're thankful for *any* improvement here], and ~50% +# µ-archs [but we're thankful for *any* improvement here], and ~50% # better on PIII:-) And additionally on the pros side this code # eliminates redundant references to stack and thus relieves/ # minimizes the pressure on the memory bus. diff --git a/crypto/aes/asm/aesni-mb-x86_64.pl b/crypto/aes/asm/aesni-mb-x86_64.pl index 33b1aed..5a100fa 100644 --- a/crypto/aes/asm/aesni-mb-x86_64.pl +++ b/crypto/aes/asm/aesni-mb-x86_64.pl @@ -63,7 +63,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $avx = ($1>=10) + ($1>=11); } -if (!$avx && `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9]\.[0-9]+)/) { +if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } diff --git a/crypto/aes/asm/aesni-sha1-x86_64.pl b/crypto/aes/asm/aesni-sha1-x86_64.pl index 97992ad..c803cde 100644 --- a/crypto/aes/asm/aesni-sha1-x86_64.pl +++ b/crypto/aes/asm/aesni-sha1-x86_64.pl @@ -94,7 +94,7 @@ $avx=1 if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) && $avx=1 if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && `ml64 2>&1` =~ /Version ([0-9]+)\./ && $1>=10); -$avx=1 if (!$avx && `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9]\.[0-9]+)/ && $2>=3.0); +$avx=1 if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/ && $2>=3.0); $shaext=1; ### set to zero if compiling for 1.0.1 diff --git a/crypto/aes/asm/aesni-sha256-x86_64.pl b/crypto/aes/asm/aesni-sha256-x86_64.pl index 19b0433..bfe2926 100644 --- a/crypto/aes/asm/aesni-sha256-x86_64.pl +++ b/crypto/aes/asm/aesni-sha256-x86_64.pl @@ -59,7 +59,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $avx = ($1>=10) + ($1>=12); } -if (!$avx && `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9]\.[0-9]+)/) { +if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } @@ -139,11 +139,8 @@ $code.=<<___ if ($avx>1); je ${func}_avx2 ___ $code.=<<___; - and \$`1<<30`,%eax # mask "Intel CPU" bit - and \$`1<<28|1<<9`,%r10d # mask AVX+SSSE3 bits - or %eax,%r10d - cmp \$`1<<28|1<<9|1<<30`,%r10d - je ${func}_avx + and \$`1<<28`,%r10d # check for AVX + jnz ${func}_avx ud2 ___ } diff --git a/crypto/aes/asm/aesni-x86.pl b/crypto/aes/asm/aesni-x86.pl index f67df8c..9b2e37a 100644 --- a/crypto/aes/asm/aesni-x86.pl +++ b/crypto/aes/asm/aesni-x86.pl @@ -88,7 +88,7 @@ $inout3="xmm5"; $in1="xmm5"; $inout4="xmm6"; $in0="xmm6"; $inout5="xmm7"; $ivec="xmm7"; -# AESNI extenstion +# AESNI extension sub aeskeygenassist { my($dst,$src,$imm)=@_; if ("$dst:$src" =~ /xmm([0-7]):xmm([0-7])/) diff --git a/crypto/aes/asm/vpaes-ppc.pl b/crypto/aes/asm/vpaes-ppc.pl index 7fda60e..1759ae9 100644 --- a/crypto/aes/asm/vpaes-ppc.pl +++ b/crypto/aes/asm/vpaes-ppc.pl @@ -337,24 +337,27 @@ Lenc_entry: addi $inp, $inp, 15 # 15 is not a typo ?lvsr $outperm, 0, $out ?lvsl $keyperm, 0, $key # prepare for unaligned access - vnor $outmask, v7, v7 # 0xff..ff lvx $inptail, 0, $inp # redundant in aligned case - ?vperm $outmask, v7, $outmask, $outperm - lvx $outhead, 0, $out ?vperm v0, v0, $inptail, $inpperm bl _vpaes_encrypt_core + andi. r8, $out, 15 + li r9, 16 + beq Lenc_out_aligned + vperm v0, v0, v0, $outperm # rotate right/left - vsel v1, $outhead, v0, $outmask - vmr $outhead, v0 - stvx v1, 0, $out - addi $out, $out, 15 # 15 is not a typo - ######## + mtctr r9 +Lenc_out_unaligned: + stvebx v0, 0, $out + addi $out, $out, 1 + bdnz Lenc_out_unaligned + b Lenc_done - lvx v1, 0, $out # redundant in aligned case - vsel v1, $outhead, v1, $outmask - stvx v1, 0, $out +.align 4 +Lenc_out_aligned: + stvx v0, 0, $out +Lenc_done: li r10,`15+6*$SIZE_T` li r11,`31+6*$SIZE_T` @@ -566,24 +569,27 @@ Ldec_entry: addi $inp, $inp, 15 # 15 is not a typo ?lvsr $outperm, 0, $out ?lvsl $keyperm, 0, $key - vnor $outmask, v7, v7 # 0xff..ff lvx $inptail, 0, $inp # redundant in aligned case - ?vperm $outmask, v7, $outmask, $outperm - lvx $outhead, 0, $out ?vperm v0, v0, $inptail, $inpperm bl _vpaes_decrypt_core + andi. r8, $out, 15 + li r9, 16 + beq Ldec_out_aligned + vperm v0, v0, v0, $outperm # rotate right/left - vsel v1, $outhead, v0, $outmask - vmr $outhead, v0 - stvx v1, 0, $out - addi $out, $out, 15 # 15 is not a typo - ######## + mtctr r9 +Ldec_out_unaligned: + stvebx v0, 0, $out + addi $out, $out, 1 + bdnz Ldec_out_unaligned + b Ldec_done - lvx v1, 0, $out # redundant in aligned case - vsel v1, $outhead, v1, $outmask - stvx v1, 0, $out +.align 4 +Ldec_out_aligned: + stvx v0, 0, $out +Ldec_done: li r10,`15+6*$SIZE_T` li r11,`31+6*$SIZE_T` @@ -658,11 +664,11 @@ Ldec_entry: $PUSH r0, `$FRAME+$SIZE_T*2+$LRSAVE`($sp) and r30, r5, r9 # copy length&-16 + andi. r9, $out, 15 # is $out aligned? mr r5, r6 # copy pointer to key mr r31, r7 # copy pointer to iv - blt Lcbc_abort - cmpwi r8, 0 # test direction li r6, -1 + mcrf cr1, cr0 # put aside $out alignment flag mr r7, r12 # copy vrsave mtspr 256, r6 # preserve all AltiVec registers @@ -672,6 +678,7 @@ Ldec_entry: lvx v25, r9, r31 ?vperm v24, v24, v25, $inpperm + cmpwi r8, 0 # test direction neg r8, $inp # prepare for unaligned access vxor v7, v7, v7 ?lvsl $keyperm, 0, $key @@ -681,13 +688,37 @@ Ldec_entry: lvx $inptail, 0, $inp ?vperm $outmask, v7, $outmask, $outperm addi $inp, $inp, 15 # 15 is not a typo - lvx $outhead, 0, $out beq Lcbc_decrypt bl _vpaes_encrypt_preheat li r0, 16 + beq cr1, Lcbc_enc_loop # $out is aligned + + vmr v0, $inptail + lvx $inptail, 0, $inp + addi $inp, $inp, 16 + ?vperm v0, v0, $inptail, $inpperm + vxor v0, v0, v24 # ^= iv + + bl _vpaes_encrypt_core + + andi. r8, $out, 15 + vmr v24, v0 # put aside iv + sub r9, $out, r8 + vperm $outhead, v0, v0, $outperm # rotate right/left + +Lcbc_enc_head: + stvebx $outhead, r8, r9 + cmpwi r8, 15 + addi r8, r8, 1 + bne Lcbc_enc_head + + sub. r30, r30, r0 # len -= 16 + addi $out, $out, 16 + beq Lcbc_unaligned_done + Lcbc_enc_loop: vmr v0, $inptail lvx $inptail, 0, $inp @@ -713,6 +744,32 @@ Lcbc_decrypt: bl _vpaes_decrypt_preheat li r0, 16 + beq cr1, Lcbc_dec_loop # $out is aligned + + vmr v0, $inptail + lvx $inptail, 0, $inp + addi $inp, $inp, 16 + ?vperm v0, v0, $inptail, $inpperm + vmr v25, v0 # put aside input + + bl _vpaes_decrypt_core + + andi. r8, $out, 15 + vxor v0, v0, v24 # ^= iv + vmr v24, v25 + sub r9, $out, r8 + vperm $outhead, v0, v0, $outperm # rotate right/left + +Lcbc_dec_head: + stvebx $outhead, r8, r9 + cmpwi r8, 15 + addi r8, r8, 1 + bne Lcbc_dec_head + + sub. r30, r30, r0 # len -= 16 + addi $out, $out, 16 + beq Lcbc_unaligned_done + Lcbc_dec_loop: vmr v0, $inptail lvx $inptail, 0, $inp @@ -733,23 +790,29 @@ Lcbc_dec_loop: bne Lcbc_dec_loop Lcbc_done: - addi $out, $out, -1 - lvx v1, 0, $out # redundant in aligned case - vsel v1, $outhead, v1, $outmask - stvx v1, 0, $out - + beq cr1, Lcbc_write_iv # $out is aligned + +Lcbc_unaligned_done: + andi. r8, $out, 15 + sub $out, $out, r8 + li r9, 0 +Lcbc_tail: + stvebx $outhead, r9, $out + addi r9, r9, 1 + cmpw r9, r8 + bne Lcbc_tail + +Lcbc_write_iv: neg r8, r31 # write [potentially unaligned] iv + li r10, 4 ?lvsl $outperm, 0, r8 - li r6, 15 - vnor $outmask, v7, v7 # 0xff..ff - ?vperm $outmask, v7, $outmask, $outperm - lvx $outhead, 0, r31 + li r11, 8 + li r12, 12 vperm v24, v24, v24, $outperm # rotate right/left - vsel v0, $outhead, v24, $outmask - lvx v1, r6, r31 - stvx v0, 0, r31 - vsel v1, v24, v1, $outmask - stvx v1, r6, r31 + stvewx v24, 0, r31 # ivp is at least 32-bit aligned + stvewx v24, r10, r31 + stvewx v24, r11, r31 + stvewx v24, r12, r31 mtspr 256, r7 # restore vrsave li r10,`15+6*$SIZE_T` @@ -872,18 +935,21 @@ _vpaes_schedule_core: # encrypting, output zeroth round key after transform li r8, 0x30 # mov \$0x30,%r8d - addi r10, r12, 0x80 # lea .Lk_sr(%rip),%r10 + li r9, 4 + li r10, 8 + li r11, 12 ?lvsr $outperm, 0, $out # prepare for unaligned access vnor $outmask, v9, v9 # 0xff..ff - lvx $outhead, 0, $out ?vperm $outmask, v9, $outmask, $outperm #stvx v0, 0, $out # vmovdqu %xmm0, (%rdx) - vperm v1, v0, v0, $outperm # rotate right/left - vsel v2, $outhead, v1, $outmask - vmr $outhead, v1 - stvx v2, 0, $out + vperm $outhead, v0, v0, $outperm # rotate right/left + stvewx $outhead, 0, $out # some are superfluous + stvewx $outhead, r9, $out + stvewx $outhead, r10, $out + addi r10, r12, 0x80 # lea .Lk_sr(%rip),%r10 + stvewx $outhead, r11, $out b Lschedule_go Lschedule_am_decrypting: @@ -893,20 +959,24 @@ Lschedule_am_decrypting: addi r10, r12, 0x80 # lea .Lk_sr(%rip),%r10 # decrypting, output zeroth round key after shiftrows lvx v1, r8, r10 # vmovdqa (%r8,%r10), %xmm1 + li r9, 4 + li r10, 8 + li r11, 12 vperm v4, v3, v3, v1 # vpshufb %xmm1, %xmm3, %xmm3 neg r0, $out # prepare for unaligned access ?lvsl $outperm, 0, r0 - addi $out, $out, 15 # 15 is not typo vnor $outmask, v9, v9 # 0xff..ff - lvx $outhead, 0, $out ?vperm $outmask, $outmask, v9, $outperm #stvx v4, 0, $out # vmovdqu %xmm3, (%rdx) - vperm v4, v4, v4, $outperm # rotate right/left - vsel v2, $outhead, v4, $outmask - vmr $outhead, v4 - stvx v2, 0, $out + vperm $outhead, v4, v4, $outperm # rotate right/left + stvewx $outhead, 0, $out # some are superfluous + stvewx $outhead, r9, $out + stvewx $outhead, r10, $out + addi r10, r12, 0x80 # lea .Lk_sr(%rip),%r10 + stvewx $outhead, r11, $out + addi $out, $out, 15 # 15 is not typo xori r8, r8, 0x30 # xor \$0x30, %r8 Lschedule_go: @@ -1038,14 +1108,15 @@ Lschedule_mangle_last: #stvx v0, r0, $out # vmovdqu %xmm0, (%rdx) # save last key vperm v0, v0, v0, $outperm # rotate right/left + li r10, 4 vsel v2, $outhead, v0, $outmask - vmr $outhead, v0 + li r11, 8 stvx v2, 0, $out - - addi $out, $out, 15 # 15 is not typo - lvx v1, 0, $out # redundant in aligned case - vsel v1, $outhead, v1, $outmask - stvx v1, 0, $out + li r12, 12 + stvewx v0, 0, $out # some (or all) are redundant + stvewx v0, r10, $out + stvewx v0, r11, $out + stvewx v0, r12, $out b Lschedule_mangle_done .align 4 @@ -1057,15 +1128,18 @@ Lschedule_mangle_last_dec: bl _vpaes_schedule_transform # output transform #stvx v0, r0, $out # vmovdqu %xmm0, (%rdx) # save last key + addi r9, $out, -15 # -15 is not typo vperm v0, v0, v0, $outperm # rotate right/left + li r10, 4 vsel v2, $outhead, v0, $outmask - vmr $outhead, v0 + li r11, 8 stvx v2, 0, $out + li r12, 12 + stvewx v0, 0, r9 # some (or all) are redundant + stvewx v0, r10, r9 + stvewx v0, r11, r9 + stvewx v0, r12, r9 - addi $out, $out, -15 # -15 is not typo - lvx v1, 0, $out # redundant in aligned case - vsel v1, $outhead, v1, $outmask - stvx v1, 0, $out Lschedule_mangle_done: mtlr r7 diff --git a/crypto/asn1/asn1_par.c b/crypto/asn1/asn1_par.c index a5d2da1..0ca985a 100644 --- a/crypto/asn1/asn1_par.c +++ b/crypto/asn1/asn1_par.c @@ -62,6 +62,10 @@ #include <openssl/objects.h> #include <openssl/asn1.h> +#ifndef ASN1_PARSE_MAXDEPTH +#define ASN1_PARSE_MAXDEPTH 128 +#endif + static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed, int indent); static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, @@ -128,6 +132,12 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, #else dump_indent = 6; /* Because we know BIO_dump_indent() */ #endif + + if (depth > ASN1_PARSE_MAXDEPTH) { + BIO_puts(bp, "BAD RECURSION DEPTH\n"); + return 0; + } + p = *pp; tot = p + length; op = p - 1; diff --git a/crypto/asn1/d2i_pr.c b/crypto/asn1/d2i_pr.c index c96da09..d21829a 100644 --- a/crypto/asn1/d2i_pr.c +++ b/crypto/asn1/d2i_pr.c @@ -72,6 +72,7 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, long length) { EVP_PKEY *ret; + const unsigned char *p = *pp; if ((a == NULL) || (*a == NULL)) { if ((ret = EVP_PKEY_new()) == NULL) { @@ -94,21 +95,23 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, } if (!ret->ameth->old_priv_decode || - !ret->ameth->old_priv_decode(ret, pp, length)) { + !ret->ameth->old_priv_decode(ret, &p, length)) { if (ret->ameth->priv_decode) { PKCS8_PRIV_KEY_INFO *p8 = NULL; - p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, pp, length); + p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length); if (!p8) goto err; EVP_PKEY_free(ret); ret = EVP_PKCS82PKEY(p8); PKCS8_PRIV_KEY_INFO_free(p8); - + if (ret == NULL) + goto err; } else { ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB); goto err; } } + *pp = p; if (a != NULL) (*a) = ret; return (ret); @@ -136,6 +139,7 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, * input is surrounded by an ASN1 SEQUENCE. */ inkey = d2i_ASN1_SEQUENCE_ANY(NULL, &p, length); + p = *pp; /* * Since we only need to discern "traditional format" RSA and DSA keys we * can just count the elements. @@ -146,7 +150,7 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, keytype = EVP_PKEY_EC; else if (sk_ASN1_TYPE_num(inkey) == 3) { /* This seems to be PKCS8, not * traditional format */ - PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, pp, length); + PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length); EVP_PKEY *ret; sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free); @@ -157,6 +161,9 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, } ret = EVP_PKCS82PKEY(p8); PKCS8_PRIV_KEY_INFO_free(p8); + if (ret == NULL) + return NULL; + *pp = p; if (a) { *a = ret; } diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c index 7fd336a..9256049 100644 --- a/crypto/asn1/tasn_dec.c +++ b/crypto/asn1/tasn_dec.c @@ -180,6 +180,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, int otag; int ret = 0; ASN1_VALUE **pchptr, *ptmpval; + int combine = aclass & ASN1_TFLG_COMBINE; + aclass &= ~ASN1_TFLG_COMBINE; if (!pval) return 0; if (aux && aux->asn1_cb) @@ -350,9 +352,9 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, } asn1_set_choice_selector(pval, i, it); - *in = p; if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL)) goto auxerr; + *in = p; return 1; case ASN1_ITYPE_NDEF_SEQUENCE: @@ -489,9 +491,9 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, /* Save encoding */ if (!asn1_enc_save(pval, *in, p - *in, it)) goto auxerr; - *in = p; if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL)) goto auxerr; + *in = p; return 1; default: @@ -500,7 +502,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, auxerr: ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR); err: - ASN1_item_ex_free(pval, it); + if (combine == 0) + ASN1_item_ex_free(pval, it); if (errtt) ERR_add_error_data(4, "Field=", errtt->field_name, ", Type=", it->sname); @@ -689,7 +692,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, } else { /* Nothing special */ ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), - -1, 0, opt, ctx); + -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx); if (!ret) { ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR); goto err; diff --git a/crypto/asn1/x_bignum.c b/crypto/asn1/x_bignum.c index a5a403c..eaf0466 100644 --- a/crypto/asn1/x_bignum.c +++ b/crypto/asn1/x_bignum.c @@ -141,8 +141,9 @@ static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it) { BIGNUM *bn; - if (!*pval) - bn_new(pval, it); + + if (*pval == NULL && !bn_new(pval, it)) + return 0; bn = (BIGNUM *)*pval; if (!BN_bin2bn(cont, len, bn)) { bn_free(pval, it); diff --git a/crypto/asn1/x_pubkey.c b/crypto/asn1/x_pubkey.c index 4b68201..6c57a79 100644 --- a/crypto/asn1/x_pubkey.c +++ b/crypto/asn1/x_pubkey.c @@ -188,13 +188,16 @@ EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length) { X509_PUBKEY *xpk; EVP_PKEY *pktmp; - xpk = d2i_X509_PUBKEY(NULL, pp, length); + const unsigned char *q; + q = *pp; + xpk = d2i_X509_PUBKEY(NULL, &q, length); if (!xpk) return NULL; pktmp = X509_PUBKEY_get(xpk); X509_PUBKEY_free(xpk); if (!pktmp) return NULL; + *pp = q; if (a) { EVP_PKEY_free(*a); *a = pktmp; diff --git a/crypto/asn1/x_x509.c b/crypto/asn1/x_x509.c index 5f266a2..e2cac83 100644 --- a/crypto/asn1/x_x509.c +++ b/crypto/asn1/x_x509.c @@ -180,16 +180,15 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length) if (!a || *a == NULL) { freeret = 1; } - ret = d2i_X509(a, pp, length); + ret = d2i_X509(a, &q, length); /* If certificate unreadable then forget it */ if (!ret) return NULL; /* update length */ - length -= *pp - q; - if (!length) - return ret; - if (!d2i_X509_CERT_AUX(&ret->aux, pp, length)) + length -= q - *pp; + if (length > 0 && !d2i_X509_CERT_AUX(&ret->aux, &q, length)) goto err; + *pp = q; return ret; err: if (freeret) { diff --git a/crypto/asn1/x_x509a.c b/crypto/asn1/x_x509a.c index 76bbc13..ad93592 100644 --- a/crypto/asn1/x_x509a.c +++ b/crypto/asn1/x_x509a.c @@ -163,10 +163,13 @@ int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj) if (!(objtmp = OBJ_dup(obj))) return 0; if (!(aux = aux_get(x))) - return 0; + goto err; if (!aux->reject && !(aux->reject = sk_ASN1_OBJECT_new_null())) - return 0; + goto err; return sk_ASN1_OBJECT_push(aux->reject, objtmp); + err: + ASN1_OBJECT_free(objtmp); + return 0; } void X509_trust_clear(X509 *x) diff --git a/crypto/bio/b_dump.c b/crypto/bio/b_dump.c index ed8e521..ccf0e28 100644 --- a/crypto/bio/b_dump.c +++ b/crypto/bio/b_dump.c @@ -104,7 +104,6 @@ int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u), if ((rows * dump_width) < len) rows++; for (i = 0; i < rows; i++) { - buf[0] = '\0'; /* start with empty string */ BUF_strlcpy(buf, str, sizeof buf); BIO_snprintf(tmp, sizeof tmp, "%04x - ", i * dump_width); BUF_strlcat(buf, tmp, sizeof buf); diff --git a/crypto/bio/bss_file.c b/crypto/bio/bss_file.c index d7f15b0..bfba93e 100644 --- a/crypto/bio/bss_file.c +++ b/crypto/bio/bss_file.c @@ -115,9 +115,8 @@ static BIO_METHOD methods_filep = { NULL, }; -BIO *BIO_new_file(const char *filename, const char *mode) +static FILE *file_fopen(const char *filename, const char *mode) { - BIO *ret; FILE *file = NULL; # if defined(_WIN32) && defined(CP_UTF8) @@ -164,6 +163,14 @@ BIO *BIO_new_file(const char *filename, const char *mode) # else file = fopen(filename, mode); # endif + return (file); +} + +BIO *BIO_new_file(const char *filename, const char *mode) +{ + BIO *ret; + FILE *file = file_fopen(filename, mode); + if (file == NULL) { SYSerr(SYS_F_FOPEN, get_last_sys_error()); ERR_add_error_data(5, "fopen('", filename, "','", mode, "')"); @@ -386,7 +393,7 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr) else strcat(p, "t"); # endif - fp = fopen(ptr, p); + fp = file_fopen(ptr, p); if (fp == NULL) { SYSerr(SYS_F_FOPEN, get_last_sys_error()); ERR_add_error_data(5, "fopen('", ptr, "','", p, "')"); diff --git a/crypto/bn/asm/armv4-gf2m.pl b/crypto/bn/asm/armv4-gf2m.pl index 8f529c9..72381a7 100644 --- a/crypto/bn/asm/armv4-gf2m.pl +++ b/crypto/bn/asm/armv4-gf2m.pl @@ -27,7 +27,7 @@ # referred below, which improves ECDH and ECDSA verify benchmarks # by 18-40%. # -# Câmara, D.; Gouvêa, C. P. L.; López, J. & Dahab, R.: Fast Software +# Câmara, D.; Gouvêa, C. P. L.; López, J. & Dahab, R.: Fast Software # Polynomial Multiplication on ARM Processors using the NEON Engine. # # http://conradoplg.cryptoland.net/files/2010/12/mocrysen13.pdf @@ -136,7 +136,7 @@ ___ ################ # void bn_GF2m_mul_2x2(BN_ULONG *r, # BN_ULONG a1,BN_ULONG a0, -# BN_ULONG b1,BN_ULONG b0); # r[3..0]=a1a0·b1b0 +# BN_ULONG b1,BN_ULONG b0); # r[3..0]=a1a0·b1b0 { $code.=<<___; .global bn_GF2m_mul_2x2 @@ -159,7 +159,7 @@ $code.=<<___; mov $mask,#7<<2 sub sp,sp,#32 @ allocate tab[8] - bl mul_1x1_ialu @ a1·b1 + bl mul_1x1_ialu @ a1·b1 str $lo,[$ret,#8] str $hi,[$ret,#12] @@ -169,13 +169,13 @@ $code.=<<___; eor r2,r2,$a eor $b,$b,r3 eor $a,$a,r2 - bl mul_1x1_ialu @ a0·b0 + bl mul_1x1_ialu @ a0·b0 str $lo,[$ret] str $hi,[$ret,#4] eor $a,$a,r2 eor $b,$b,r3 - bl mul_1x1_ialu @ (a1+a0)·(b1+b0) + bl mul_1x1_ialu @ (a1+a0)·(b1+b0) ___ @r=map("r$_",(6..9)); $code.=<<___; diff --git a/crypto/bn/asm/ia64.S b/crypto/bn/asm/ia64.S index 951abc5..a9a42ab 100644 --- a/crypto/bn/asm/ia64.S +++ b/crypto/bn/asm/ia64.S @@ -422,7 +422,7 @@ bn_mul_add_words: // This loop spins in 3*(n+10) ticks on Itanium and in 2*(n+10) on // Itanium 2. Yes, unlike previous versions it scales:-) Previous -// version was peforming *all* additions in IALU and was starving +// version was performing *all* additions in IALU and was starving // for those even on Itanium 2. In this version one addition is // moved to FPU and is folded with multiplication. This is at cost // of propogating the result from previous call to this subroutine @@ -568,7 +568,7 @@ bn_sqr_comba8: // I've estimated this routine to run in ~120 ticks, but in reality // (i.e. according to ar.itc) it takes ~160 ticks. Are those extra // cycles consumed for instructions fetch? Or did I misinterpret some -// clause in Itanium µ-architecture manual? Comments are welcomed and +// clause in Itanium µ-architecture manual? Comments are welcomed and // highly appreciated. // // On Itanium 2 it takes ~190 ticks. This is because of stalls on diff --git a/crypto/bn/asm/ppc64-mont.pl b/crypto/bn/asm/ppc64-mont.pl index 68e3733..9e3c12d 100644 --- a/crypto/bn/asm/ppc64-mont.pl +++ b/crypto/bn/asm/ppc64-mont.pl @@ -94,6 +94,8 @@ if ($flavour =~ /32/) { $POP= "ld"; } else { die "nonsense $flavour"; } +$LITTLE_ENDIAN = ($flavour=~/le$/) ? 4 : 0; + $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; ( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or ( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or @@ -294,12 +296,12 @@ $code.=<<___ if ($SIZE_T==8); extrdi $t0,$a0,32,32 ; lwz $t0,4($ap) extrdi $t1,$a0,32,0 ; lwz $t1,0($ap) - lwz $t2,12($ap) ; load a[1] as 32-bit word pair - lwz $t3,8($ap) - lwz $t4,4($np) ; load n[0] as 32-bit word pair - lwz $t5,0($np) - lwz $t6,12($np) ; load n[1] as 32-bit word pair - lwz $t7,8($np) + lwz $t2,`12^$LITTLE_ENDIAN`($ap) ; load a[1] as 32-bit word pair + lwz $t3,`8^$LITTLE_ENDIAN`($ap) + lwz $t4,`4^$LITTLE_ENDIAN`($np) ; load n[0] as 32-bit word pair + lwz $t5,`0^$LITTLE_ENDIAN`($np) + lwz $t6,`12^$LITTLE_ENDIAN`($np) ; load n[1] as 32-bit word pair + lwz $t7,`8^$LITTLE_ENDIAN`($np) ___ $code.=<<___ if ($SIZE_T==4); lwz $a0,0($ap) ; pull ap[0,1] value @@ -463,14 +465,14 @@ $code.=<<___; L1st: ___ $code.=<<___ if ($SIZE_T==8); - lwz $t0,4($ap) ; load a[j] as 32-bit word pair - lwz $t1,0($ap) - lwz $t2,12($ap) ; load a[j+1] as 32-bit word pair - lwz $t3,8($ap) - lwz $t4,4($np) ; load n[j] as 32-bit word pair - lwz $t5,0($np) - lwz $t6,12($np) ; load n[j+1] as 32-bit word pair - lwz $t7,8($np) + lwz $t0,`4^$LITTLE_ENDIAN`($ap) ; load a[j] as 32-bit word pair + lwz $t1,`0^$LITTLE_ENDIAN`($ap) + lwz $t2,`12^$LITTLE_ENDIAN`($ap) ; load a[j+1] as 32-bit word pair + lwz $t3,`8^$LITTLE_ENDIAN`($ap) + lwz $t4,`4^$LITTLE_ENDIAN`($np) ; load n[j] as 32-bit word pair + lwz $t5,`0^$LITTLE_ENDIAN`($np) + lwz $t6,`12^$LITTLE_ENDIAN`($np) ; load n[j+1] as 32-bit word pair + lwz $t7,`8^$LITTLE_ENDIAN`($np) ___ $code.=<<___ if ($SIZE_T==4); lwz $t0,0($ap) ; load a[j..j+3] as 32-bit word pairs @@ -505,14 +507,14 @@ $code.=<<___; ___ } else { $code.=<<___; - lwz $t1,`$FRAME+0`($sp) - lwz $t0,`$FRAME+4`($sp) - lwz $t3,`$FRAME+8`($sp) - lwz $t2,`$FRAME+12`($sp) - lwz $t5,`$FRAME+16`($sp) - lwz $t4,`$FRAME+20`($sp) - lwz $t7,`$FRAME+24`($sp) - lwz $t6,`$FRAME+28`($sp) + lwz $t1,`$FRAME+0^$LITTLE_ENDIAN`($sp) + lwz $t0,`$FRAME+4^$LITTLE_ENDIAN`($sp) + lwz $t3,`$FRAME+8^$LITTLE_ENDIAN`($sp) + lwz $t2,`$FRAME+12^$LITTLE_ENDIAN`($sp) + lwz $t5,`$FRAME+16^$LITTLE_ENDIAN`($sp) + lwz $t4,`$FRAME+20^$LITTLE_ENDIAN`($sp) + lwz $t7,`$FRAME+24^$LITTLE_ENDIAN`($sp) + lwz $t6,`$FRAME+28^$LITTLE_ENDIAN`($sp) ___ } $code.=<<___; @@ -651,8 +653,8 @@ $code.=<<___; fmadd $T1a,$N1,$na,$T1a fmadd $T1b,$N1,$nb,$T1b - lwz $t3,`$FRAME+32`($sp) ; permuted $t1 - lwz $t2,`$FRAME+36`($sp) ; permuted $t0 + lwz $t3,`$FRAME+32^$LITTLE_ENDIAN`($sp) ; permuted $t1 + lwz $t2,`$FRAME+36^$LITTLE_ENDIAN`($sp) ; permuted $t0 addc $t4,$t4,$carry adde $t5,$t5,$c1 srwi $carry,$t4,16 @@ -673,8 +675,8 @@ $code.=<<___; fmadd $T1a,$N0,$nc,$T1a fmadd $T1b,$N0,$nd,$T1b - lwz $t7,`$FRAME+40`($sp) ; permuted $t3 - lwz $t6,`$FRAME+44`($sp) ; permuted $t2 + lwz $t7,`$FRAME+40^$LITTLE_ENDIAN`($sp) ; permuted $t3 + lwz $t6,`$FRAME+44^$LITTLE_ENDIAN`($sp) ; permuted $t2 addc $t2,$t2,$carry adde $t3,$t3,$c1 srwi $carry,$t2,16 @@ -686,8 +688,8 @@ $code.=<<___; insrwi $carry,$t3,16,0 fmadd $T3a,$N2,$nc,$T3a fmadd $T3b,$N2,$nd,$T3b - lwz $t1,`$FRAME+48`($sp) ; permuted $t5 - lwz $t0,`$FRAME+52`($sp) ; permuted $t4 + lwz $t1,`$FRAME+48^$LITTLE_ENDIAN`($sp) ; permuted $t5 + lwz $t0,`$FRAME+52^$LITTLE_ENDIAN`($sp) ; permuted $t4 addc $t6,$t6,$carry adde $t7,$t7,$c1 srwi $carry,$t6,16 @@ -699,8 +701,8 @@ $code.=<<___; fctid $T0a,$T0a fctid $T0b,$T0b - lwz $t5,`$FRAME+56`($sp) ; permuted $t7 - lwz $t4,`$FRAME+60`($sp) ; permuted $t6 + lwz $t5,`$FRAME+56^$LITTLE_ENDIAN`($sp) ; permuted $t7 + lwz $t4,`$FRAME+60^$LITTLE_ENDIAN`($sp) ; permuted $t6 addc $t0,$t0,$carry adde $t1,$t1,$c1 srwi $carry,$t0,16 @@ -787,14 +789,14 @@ $code.=<<___; ___ } else { $code.=<<___; - lwz $t1,`$FRAME+0`($sp) - lwz $t0,`$FRAME+4`($sp) - lwz $t3,`$FRAME+8`($sp) - lwz $t2,`$FRAME+12`($sp) - lwz $t5,`$FRAME+16`($sp) - lwz $t4,`$FRAME+20`($sp) - lwz $t7,`$FRAME+24`($sp) - lwz $t6,`$FRAME+28`($sp) + lwz $t1,`$FRAME+0^$LITTLE_ENDIAN`($sp) + lwz $t0,`$FRAME+4^$LITTLE_ENDIAN`($sp) + lwz $t3,`$FRAME+8^$LITTLE_ENDIAN`($sp) + lwz $t2,`$FRAME+12^$LITTLE_ENDIAN`($sp) + lwz $t5,`$FRAME+16^$LITTLE_ENDIAN`($sp) + lwz $t4,`$FRAME+20^$LITTLE_ENDIAN`($sp) + lwz $t7,`$FRAME+24^$LITTLE_ENDIAN`($sp) + lwz $t6,`$FRAME+28^$LITTLE_ENDIAN`($sp) stfd $dota,`$FRAME+64`($sp) stfd $dotb,`$FRAME+72`($sp) @@ -823,14 +825,14 @@ $code.=<<___; stw $t0,12($tp) ; tp[j-1] stw $t4,8($tp) - lwz $t3,`$FRAME+32`($sp) ; permuted $t1 - lwz $t2,`$FRAME+36`($sp) ; permuted $t0 - lwz $t7,`$FRAME+40`($sp) ; permuted $t3 - lwz $t6,`$FRAME+44`($sp) ; permuted $t2 - lwz $t1,`$FRAME+48`($sp) ; permuted $t5 - lwz $t0,`$FRAME+52`($sp) ; permuted $t4 - lwz $t5,`$FRAME+56`($sp) ; permuted $t7 - lwz $t4,`$FRAME+60`($sp) ; permuted $t6 + lwz $t3,`$FRAME+32^$LITTLE_ENDIAN`($sp) ; permuted $t1 + lwz $t2,`$FRAME+36^$LITTLE_ENDIAN`($sp) ; permuted $t0 + lwz $t7,`$FRAME+40^$LITTLE_ENDIAN`($sp) ; permuted $t3 + lwz $t6,`$FRAME+44^$LITTLE_ENDIAN`($sp) ; permuted $t2 + lwz $t1,`$FRAME+48^$LITTLE_ENDIAN`($sp) ; permuted $t5 + lwz $t0,`$FRAME+52^$LITTLE_ENDIAN`($sp) ; permuted $t4 + lwz $t5,`$FRAME+56^$LITTLE_ENDIAN`($sp) ; permuted $t7 + lwz $t4,`$FRAME+60^$LITTLE_ENDIAN`($sp) ; permuted $t6 addc $t2,$t2,$carry adde $t3,$t3,$c1 @@ -857,10 +859,10 @@ $code.=<<___; stw $t2,20($tp) ; tp[j] stwu $t0,16($tp) - lwz $t7,`$FRAME+64`($sp) - lwz $t6,`$FRAME+68`($sp) - lwz $t5,`$FRAME+72`($sp) - lwz $t4,`$FRAME+76`($sp) + lwz $t7,`$FRAME+64^$LITTLE_ENDIAN`($sp) + lwz $t6,`$FRAME+68^$LITTLE_ENDIAN`($sp) + lwz $t5,`$FRAME+72^$LITTLE_ENDIAN`($sp) + lwz $t4,`$FRAME+76^$LITTLE_ENDIAN`($sp) addc $t6,$t6,$carry adde $t7,$t7,$c1 @@ -1165,23 +1167,23 @@ ___ $code.=<<___; fmadd $T1a,$N1,$na,$T1a fmadd $T1b,$N1,$nb,$T1b - lwz $t1,`$FRAME+0`($sp) - lwz $t0,`$FRAME+4`($sp) + lwz $t1,`$FRAME+0^$LITTLE_ENDIAN`($sp) + lwz $t0,`$FRAME+4^$LITTLE_ENDIAN`($sp) fmadd $T2a,$N2,$na,$T2a fmadd $T2b,$N2,$nb,$T2b - lwz $t3,`$FRAME+8`($sp) - lwz $t2,`$FRAME+12`($sp) + lwz $t3,`$FRAME+8^$LITTLE_ENDIAN`($sp) + lwz $t2,`$FRAME+12^$LITTLE_ENDIAN`($sp) fmadd $T3a,$N3,$na,$T3a fmadd $T3b,$N3,$nb,$T3b - lwz $t5,`$FRAME+16`($sp) - lwz $t4,`$FRAME+20`($sp) + lwz $t5,`$FRAME+16^$LITTLE_ENDIAN`($sp) + lwz $t4,`$FRAME+20^$LITTLE_ENDIAN`($sp) addc $t0,$t0,$carry adde $t1,$t1,$c1 srwi $carry,$t0,16 fmadd $T0a,$N0,$na,$T0a fmadd $T0b,$N0,$nb,$T0b - lwz $t7,`$FRAME+24`($sp) - lwz $t6,`$FRAME+28`($sp) + lwz $t7,`$FRAME+24^$LITTLE_ENDIAN`($sp) + lwz $t6,`$FRAME+28^$LITTLE_ENDIAN`($sp) srwi $c1,$t1,16 insrwi $carry,$t1,16,0 @@ -1218,8 +1220,8 @@ $code.=<<___; fctid $T1a,$T1a addc $t0,$t0,$t2 adde $t4,$t4,$t3 - lwz $t3,`$FRAME+32`($sp) ; permuted $t1 - lwz $t2,`$FRAME+36`($sp) ; permuted $t0 + lwz $t3,`$FRAME+32^$LITTLE_ENDIAN`($sp) ; permuted $t1 + lwz $t2,`$FRAME+36^$LITTLE_ENDIAN`($sp) ; permuted $t0 fctid $T1b,$T1b addze $carry,$carry addze $c1,$c1 @@ -1229,19 +1231,19 @@ $code.=<<___; addc $t2,$t2,$carry adde $t3,$t3,$c1 srwi $carry,$t2,16 - lwz $t7,`$FRAME+40`($sp) ; permuted $t3 - lwz $t6,`$FRAME+44`($sp) ; permuted $t2 + lwz $t7,`$FRAME+40^$LITTLE_ENDIAN`($sp) ; permuted $t3 + lwz $t6,`$FRAME+44^$LITTLE_ENDIAN`($sp) ; permuted $t2 fctid $T2b,$T2b srwi $c1,$t3,16 insrwi $carry,$t3,16,0 - lwz $t1,`$FRAME+48`($sp) ; permuted $t5 - lwz $t0,`$FRAME+52`($sp) ; permuted $t4 + lwz $t1,`$FRAME+48^$LITTLE_ENDIAN`($sp) ; permuted $t5 + lwz $t0,`$FRAME+52^$LITTLE_ENDIAN`($sp) ; permuted $t4 fctid $T3a,$T3a addc $t6,$t6,$carry adde $t7,$t7,$c1 srwi $carry,$t6,16 - lwz $t5,`$FRAME+56`($sp) ; permuted $t7 - lwz $t4,`$FRAME+60`($sp) ; permuted $t6 + lwz $t5,`$FRAME+56^$LITTLE_ENDIAN`($sp) ; permuted $t7 + lwz $t4,`$FRAME+60^$LITTLE_ENDIAN`($sp) ; permuted $t6 fctid $T3b,$T3b insrwi $t2,$t6,16,0 ; 64..95 bits @@ -1354,14 +1356,14 @@ $code.=<<___; ___ } else { $code.=<<___; - lwz $t1,`$FRAME+0`($sp) - lwz $t0,`$FRAME+4`($sp) - lwz $t3,`$FRAME+8`($sp) - lwz $t2,`$FRAME+12`($sp) - lwz $t5,`$FRAME+16`($sp) - lwz $t4,`$FRAME+20`($sp) - lwz $t7,`$FRAME+24`($sp) - lwz $t6,`$FRAME+28`($sp) + lwz $t1,`$FRAME+0^$LITTLE_ENDIAN`($sp) + lwz $t0,`$FRAME+4^$LITTLE_ENDIAN`($sp) + lwz $t3,`$FRAME+8^$LITTLE_ENDIAN`($sp) + lwz $t2,`$FRAME+12^$LITTLE_ENDIAN`($sp) + lwz $t5,`$FRAME+16^$LITTLE_ENDIAN`($sp) + lwz $t4,`$FRAME+20^$LITTLE_ENDIAN`($sp) + lwz $t7,`$FRAME+24^$LITTLE_ENDIAN`($sp) + lwz $t6,`$FRAME+28^$LITTLE_ENDIAN`($sp) stfd $dota,`$FRAME+64`($sp) stfd $dotb,`$FRAME+72`($sp) @@ -1397,14 +1399,14 @@ $code.=<<___; stw $t0,4($tp) ; tp[j-1] stw $t4,0($tp) - lwz $t3,`$FRAME+32`($sp) ; permuted $t1 - lwz $t2,`$FRAME+36`($sp) ; permuted $t0 - lwz $t7,`$FRAME+40`($sp) ; permuted $t3 - lwz $t6,`$FRAME+44`($sp) ; permuted $t2 - lwz $t1,`$FRAME+48`($sp) ; permuted $t5 - lwz $t0,`$FRAME+52`($sp) ; permuted $t4 - lwz $t5,`$FRAME+56`($sp) ; permuted $t7 - lwz $t4,`$FRAME+60`($sp) ; permuted $t6 + lwz $t3,`$FRAME+32^$LITTLE_ENDIAN`($sp) ; permuted $t1 + lwz $t2,`$FRAME+36^$LITTLE_ENDIAN`($sp) ; permuted $t0 + lwz $t7,`$FRAME+40^$LITTLE_ENDIAN`($sp) ; permuted $t3 + lwz $t6,`$FRAME+44^$LITTLE_ENDIAN`($sp) ; permuted $t2 + lwz $t1,`$FRAME+48^$LITTLE_ENDIAN`($sp) ; permuted $t5 + lwz $t0,`$FRAME+52^$LITTLE_ENDIAN`($sp) ; permuted $t4 + lwz $t5,`$FRAME+56^$LITTLE_ENDIAN`($sp) ; permuted $t7 + lwz $t4,`$FRAME+60^$LITTLE_ENDIAN`($sp) ; permuted $t6 addc $t2,$t2,$carry adde $t3,$t3,$c1 @@ -1433,12 +1435,12 @@ $code.=<<___; addc $t2,$t2,$t6 adde $t0,$t0,$t7 - lwz $t7,`$FRAME+64`($sp) - lwz $t6,`$FRAME+68`($sp) + lwz $t7,`$FRAME+64^$LITTLE_ENDIAN`($sp) + lwz $t6,`$FRAME+68^$LITTLE_ENDIAN`($sp) addze $carry,$carry addze $c1,$c1 - lwz $t5,`$FRAME+72`($sp) - lwz $t4,`$FRAME+76`($sp) + lwz $t5,`$FRAME+72^$LITTLE_ENDIAN`($sp) + lwz $t4,`$FRAME+76^$LITTLE_ENDIAN`($sp) addc $t6,$t6,$carry adde $t7,$t7,$c1 diff --git a/crypto/bn/asm/rsaz-x86_64.pl b/crypto/bn/asm/rsaz-x86_64.pl index 3bd45db..12b571c 100755 --- a/crypto/bn/asm/rsaz-x86_64.pl +++ b/crypto/bn/asm/rsaz-x86_64.pl @@ -113,7 +113,7 @@ if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $addx = ($1>=12); } -if (!$addx && `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9])\.([0-9]+)/) { +if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9])\.([0-9]+)/) { my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10 $addx = ($ver>=3.03); } diff --git a/crypto/bn/asm/s390x-gf2m.pl b/crypto/bn/asm/s390x-gf2m.pl index cd9f13e..9d18d40 100644 --- a/crypto/bn/asm/s390x-gf2m.pl +++ b/crypto/bn/asm/s390x-gf2m.pl @@ -172,19 +172,19 @@ ___ if ($SIZE_T==8) { my @r=map("%r$_",(6..9)); $code.=<<___; - bras $ra,_mul_1x1 # a1·b1 + bras $ra,_mul_1x1 # a1·b1 stmg $lo,$hi,16($rp) lg $a,`$stdframe+128+4*$SIZE_T`($sp) lg $b,`$stdframe+128+6*$SIZE_T`($sp) - bras $ra,_mul_1x1 # a0·b0 + bras $ra,_mul_1x1 # a0·b0 stmg $lo,$hi,0($rp) lg $a,`$stdframe+128+3*$SIZE_T`($sp) lg $b,`$stdframe+128+5*$SIZE_T`($sp) xg $a,`$stdframe+128+4*$SIZE_T`($sp) xg $b,`$stdframe+128+6*$SIZE_T`($sp) - bras $ra,_mul_1x1 # (a0+a1)·(b0+b1) + bras $ra,_mul_1x1 # (a0+a1)·(b0+b1) lmg @r[0],@r[3],0($rp) xgr $lo,$hi diff --git a/crypto/bn/asm/s390x.S b/crypto/bn/asm/s390x.S index 43fcb79..f5eebe4 100755 --- a/crypto/bn/asm/s390x.S +++ b/crypto/bn/asm/s390x.S @@ -18,71 +18,106 @@ .align 4 bn_mul_add_words: lghi zero,0 // zero = 0 - la %r1,0(%r2) // put rp aside - lghi %r2,0 // i=0; + la %r1,0(%r2) // put rp aside [to give way to] + lghi %r2,0 // return value ltgfr %r4,%r4 bler %r14 // if (len<=0) return 0; - stmg %r6,%r10,48(%r15) - lghi %r10,3 - lghi %r8,0 // carry = 0 - nr %r10,%r4 // len%4 + stmg %r6,%r13,48(%r15) + lghi %r2,3 + lghi %r12,0 // carry = 0 + slgr %r1,%r3 // rp-=ap + nr %r2,%r4 // len%4 sra %r4,2 // cnt=len/4 jz .Loop1_madd // carry is incidentally cleared if branch taken algr zero,zero // clear carry -.Loop4_madd: - lg %r7,0(%r2,%r3) // ap[i] + lg %r7,0(%r3) // ap[0] + lg %r9,8(%r3) // ap[1] mlgr %r6,%r5 // *=w - alcgr %r7,%r8 // +=carry - alcgr %r6,zero - alg %r7,0(%r2,%r1) // +=rp[i] - stg %r7,0(%r2,%r1) // rp[i]= + brct %r4,.Loop4_madd + j .Loop4_madd_tail - lg %r9,8(%r2,%r3) +.Loop4_madd: mlgr %r8,%r5 + lg %r11,16(%r3) // ap[i+2] + alcgr %r7,%r12 // +=carry + alcgr %r6,zero + alg %r7,0(%r3,%r1) // +=rp[i] + stg %r7,0(%r3,%r1) // rp[i]= + + mlgr %r10,%r5 + lg %r13,24(%r3) alcgr %r9,%r6 alcgr %r8,zero - alg %r9,8(%r2,%r1) - stg %r9,8(%r2,%r1) + alg %r9,8(%r3,%r1) + stg %r9,8(%r3,%r1) + + mlgr %r12,%r5 + lg %r7,32(%r3) + alcgr %r11,%r8 + alcgr %r10,zero + alg %r11,16(%r3,%r1) + stg %r11,16(%r3,%r1) - lg %r7,16(%r2,%r3) mlgr %r6,%r5 - alcgr %r7,%r8 - alcgr %r6,zero - alg %r7,16(%r2,%r1) - stg %r7,16(%r2,%r1) + lg %r9,40(%r3) + alcgr %r13,%r10 + alcgr %r12,zero + alg %r13,24(%r3,%r1) + stg %r13,24(%r3,%r1) - lg %r9,24(%r2,%r3) + la %r3,32(%r3) // i+=4 + brct %r4,.Loop4_madd + +.Loop4_madd_tail: mlgr %r8,%r5 + lg %r11,16(%r3) + alcgr %r7,%r12 // +=carry + alcgr %r6,zero + alg %r7,0(%r3,%r1) // +=rp[i] + stg %r7,0(%r3,%r1) // rp[i]= + + mlgr %r10,%r5 + lg %r13,24(%r3) alcgr %r9,%r6 alcgr %r8,zero - alg %r9,24(%r2,%r1) - stg %r9,24(%r2,%r1) + alg %r9,8(%r3,%r1) + stg %r9,8(%r3,%r1) - la %r2,32(%r2) // i+=4 - brct %r4,.Loop4_madd + mlgr %r12,%r5 + alcgr %r11,%r8 + alcgr %r10,zero + alg %r11,16(%r3,%r1) + stg %r11,16(%r3,%r1) - la %r10,1(%r10) // see if len%4 is zero ... - brct %r10,.Loop1_madd // without touching condition code:-) + alcgr %r13,%r10 + alcgr %r12,zero + alg %r13,24(%r3,%r1) + stg %r13,24(%r3,%r1) + + la %r3,32(%r3) // i+=4 + + la %r2,1(%r2) // see if len%4 is zero ... + brct %r2,.Loop1_madd // without touching condition code:-) .Lend_madd: - alcgr %r8,zero // collect carry bit - lgr %r2,%r8 - lmg %r6,%r10,48(%r15) + lgr %r2,zero // return value + alcgr %r2,%r12 // collect even carry bit + lmg %r6,%r13,48(%r15) br %r14 .Loop1_madd: - lg %r7,0(%r2,%r3) // ap[i] + lg %r7,0(%r3) // ap[i] mlgr %r6,%r5 // *=w - alcgr %r7,%r8 // +=carry + alcgr %r7,%r12 // +=carry alcgr %r6,zero - alg %r7,0(%r2,%r1) // +=rp[i] - stg %r7,0(%r2,%r1) // rp[i]= + alg %r7,0(%r3,%r1) // +=rp[i] + stg %r7,0(%r3,%r1) // rp[i]= - lgr %r8,%r6 - la %r2,8(%r2) // i++ - brct %r10,.Loop1_madd + lgr %r12,%r6 + la %r3,8(%r3) // i++ + brct %r2,.Loop1_madd j .Lend_madd .size bn_mul_add_words,.-bn_mul_add_words diff --git a/crypto/bn/asm/x86-gf2m.pl b/crypto/bn/asm/x86-gf2m.pl index 808a1e5..b579530 100644 --- a/crypto/bn/asm/x86-gf2m.pl +++ b/crypto/bn/asm/x86-gf2m.pl @@ -14,7 +14,7 @@ # the time being... Except that it has three code paths: pure integer # code suitable for any x86 CPU, MMX code suitable for PIII and later # and PCLMULQDQ suitable for Westmere and later. Improvement varies -# from one benchmark and µ-arch to another. Below are interval values +# from one benchmark and µ-arch to another. Below are interval values # for 163- and 571-bit ECDH benchmarks relative to compiler-generated # code: # @@ -226,22 +226,22 @@ if ($sse2) { &push ("edi"); &mov ($a,&wparam(1)); &mov ($b,&wparam(3)); - &call ("_mul_1x1_mmx"); # a1·b1 + &call ("_mul_1x1_mmx"); # a1·b1 &movq ("mm7",$R); &mov ($a,&wparam(2)); &mov ($b,&wparam(4)); - &call ("_mul_1x1_mmx"); # a0·b0 + &call ("_mul_1x1_mmx"); # a0·b0 &movq ("mm6",$R); &mov ($a,&wparam(1)); &mov ($b,&wparam(3)); &xor ($a,&wparam(2)); &xor ($b,&wparam(4)); - &call ("_mul_1x1_mmx"); # (a0+a1)·(b0+b1) + &call ("_mul_1x1_mmx"); # (a0+a1)·(b0+b1) &pxor ($R,"mm7"); &mov ($a,&wparam(0)); - &pxor ($R,"mm6"); # (a0+a1)·(b0+b1)-a1·b1-a0·b0 + &pxor ($R,"mm6"); # (a0+a1)·(b0+b1)-a1·b1-a0·b0 &movq ($A,$R); &psllq ($R,32); @@ -266,13 +266,13 @@ if ($sse2) { &mov ($a,&wparam(1)); &mov ($b,&wparam(3)); - &call ("_mul_1x1_ialu"); # a1·b1 + &call ("_mul_1x1_ialu"); # a1·b1 &mov (&DWP(8,"esp"),$lo); &mov (&DWP(12,"esp"),$hi); &mov ($a,&wparam(2)); &mov ($b,&wparam(4)); - &call ("_mul_1x1_ialu"); # a0·b0 + &call ("_mul_1x1_ialu"); # a0·b0 &mov (&DWP(0,"esp"),$lo); &mov (&DWP(4,"esp"),$hi); @@ -280,7 +280,7 @@ if ($sse2) { &mov ($b,&wparam(3)); &xor ($a,&wparam(2)); &xor ($b,&wparam(4)); - &call ("_mul_1x1_ialu"); # (a0+a1)·(b0+b1) + &call ("_mul_1x1_ialu"); # (a0+a1)·(b0+b1) &mov ("ebp",&wparam(0)); @r=("ebx","ecx","edi","esi"); diff --git a/crypto/bn/asm/x86_64-gcc.c b/crypto/bn/asm/x86_64-gcc.c index d548886..d77dc43 100644 --- a/crypto/bn/asm/x86_64-gcc.c +++ b/crypto/bn/asm/x86_64-gcc.c @@ -65,7 +65,7 @@ # undef mul_add /*- - * "m"(a), "+m"(r) is the way to favor DirectPath µ-code; + * "m"(a), "+m"(r) is the way to favor DirectPath µ-code; * "g"(0) let the compiler to decide where does it * want to keep the value of zero; */ diff --git a/crypto/bn/asm/x86_64-gf2m.pl b/crypto/bn/asm/x86_64-gf2m.pl index 226c66c..42bbec2 100644 --- a/crypto/bn/asm/x86_64-gf2m.pl +++ b/crypto/bn/asm/x86_64-gf2m.pl @@ -13,7 +13,7 @@ # in bn_gf2m.c. It's kind of low-hanging mechanical port from C for # the time being... Except that it has two code paths: code suitable # for any x86_64 CPU and PCLMULQDQ one suitable for Westmere and -# later. Improvement varies from one benchmark and µ-arch to another. +# later. Improvement varies from one benchmark and µ-arch to another. # Vanilla code path is at most 20% faster than compiler-generated code # [not very impressive], while PCLMULQDQ - whole 85%-160% better on # 163- and 571-bit ECDH benchmarks on Intel CPUs. Keep in mind that @@ -184,13 +184,13 @@ ___ $code.=<<___; movdqa %xmm0,%xmm4 movdqa %xmm1,%xmm5 - pclmulqdq \$0,%xmm1,%xmm0 # a1·b1 + pclmulqdq \$0,%xmm1,%xmm0 # a1·b1 pxor %xmm2,%xmm4 pxor %xmm3,%xmm5 - pclmulqdq \$0,%xmm3,%xmm2 # a0·b0 - pclmulqdq \$0,%xmm5,%xmm4 # (a0+a1)·(b0+b1) + pclmulqdq \$0,%xmm3,%xmm2 # a0·b0 + pclmulqdq \$0,%xmm5,%xmm4 # (a0+a1)·(b0+b1) xorps %xmm0,%xmm4 - xorps %xmm2,%xmm4 # (a0+a1)·(b0+b1)-a0·b0-a1·b1 + xorps %xmm2,%xmm4 # (a0+a1)·(b0+b1)-a0·b0-a1·b1 movdqa %xmm4,%xmm5 pslldq \$8,%xmm4 psrldq \$8,%xmm5 @@ -225,13 +225,13 @@ $code.=<<___; mov \$0xf,$mask mov $a1,$a mov $b1,$b - call _mul_1x1 # a1·b1 + call _mul_1x1 # a1·b1 mov $lo,16(%rsp) mov $hi,24(%rsp) mov 48(%rsp),$a mov 64(%rsp),$b - call _mul_1x1 # a0·b0 + call _mul_1x1 # a0·b0 mov $lo,0(%rsp) mov $hi,8(%rsp) @@ -239,7 +239,7 @@ $code.=<<___; mov 56(%rsp),$b xor 48(%rsp),$a xor 64(%rsp),$b - call _mul_1x1 # (a0+a1)·(b0+b1) + call _mul_1x1 # (a0+a1)·(b0+b1) ___ @r=("%rbx","%rcx","%rdi","%rsi"); $code.=<<___; diff --git a/crypto/bn/asm/x86_64-mont.pl b/crypto/bn/asm/x86_64-mont.pl index 2989b58..725833d 100755 --- a/crypto/bn/asm/x86_64-mont.pl +++ b/crypto/bn/asm/x86_64-mont.pl @@ -68,6 +68,11 @@ if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $addx = ($1>=12); } +if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9])\.([0-9]+)/) { + my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10 + $addx = ($ver>=3.03); +} + # int bn_mul_mont( $rp="%rdi"; # BN_ULONG *rp, $ap="%rsi"; # const BN_ULONG *ap, diff --git a/crypto/bn/asm/x86_64-mont5.pl b/crypto/bn/asm/x86_64-mont5.pl index 820de3d..64e668f 100755 --- a/crypto/bn/asm/x86_64-mont5.pl +++ b/crypto/bn/asm/x86_64-mont5.pl @@ -53,6 +53,11 @@ if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $addx = ($1>=12); } +if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9])\.([0-9]+)/) { + my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10 + $addx = ($ver>=3.03); +} + # int bn_mul_mont_gather5( $rp="%rdi"; # BN_ULONG *rp, $ap="%rsi"; # const BN_ULONG *ap, @@ -1779,6 +1784,15 @@ sqr8x_reduction: .align 32 .L8x_tail_done: add (%rdx),%r8 # can this overflow? + adc \$0,%r9 + adc \$0,%r10 + adc \$0,%r11 + adc \$0,%r12 + adc \$0,%r13 + adc \$0,%r14 + adc \$0,%r15 # can't overflow, because we + # started with "overhung" part + # of multiplication xor %rax,%rax neg $carry @@ -3125,6 +3139,15 @@ sqrx8x_reduction: .align 32 .Lsqrx8x_tail_done: add 24+8(%rsp),%r8 # can this overflow? + adc \$0,%r9 + adc \$0,%r10 + adc \$0,%r11 + adc \$0,%r12 + adc \$0,%r13 + adc \$0,%r14 + adc \$0,%r15 # can't overflow, because we + # started with "overhung" part + # of multiplication mov $carry,%rax # xor %rax,%rax sub 16+8(%rsp),$carry # mov 16(%rsp),%cf @@ -3168,13 +3191,11 @@ my ($rptr,$nptr)=("%rdx","%rbp"); my @ri=map("%r$_",(10..13)); my @ni=map("%r$_",(14..15)); $code.=<<___; - xor %rbx,%rbx + xor %ebx,%ebx sub %r15,%rsi # compare top-most words adc %rbx,%rbx mov %rcx,%r10 # -$num - .byte 0x67 or %rbx,%rax - .byte 0x67 mov %rcx,%r9 # -$num xor \$1,%rax sar \$3+2,%rcx # cf=0 diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c index 24afdd6..50cf323 100644 --- a/crypto/bn/bn_exp.c +++ b/crypto/bn/bn_exp.c @@ -662,12 +662,13 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, bn_check_top(p); bn_check_top(m); - top = m->top; - - if (!(m->d[0] & 1)) { + if (!BN_is_odd(m)) { BNerr(BN_F_BN_MOD_EXP_MONT_CONSTTIME, BN_R_CALLED_WITH_EVEN_MODULUS); return (0); } + + top = m->top; + bits = BN_num_bits(p); if (bits == 0) { ret = BN_one(rr); diff --git a/crypto/bn/bn_gcd.c b/crypto/bn/bn_gcd.c index 97c55ab..ce59fe7 100644 --- a/crypto/bn/bn_gcd.c +++ b/crypto/bn/bn_gcd.c @@ -583,6 +583,7 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, * BN_div_no_branch will be called eventually. */ pB = &local_B; + local_B.flags = 0; BN_with_flags(pB, B, BN_FLG_CONSTTIME); if (!BN_nnmod(B, pB, A, ctx)) goto err; @@ -610,6 +611,7 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, * BN_div_no_branch will be called eventually. */ pA = &local_A; + local_A.flags = 0; BN_with_flags(pA, A, BN_FLG_CONSTTIME); /* (D, M) := (A/B, A%B) ... */ diff --git a/crypto/bn/bn_gf2m.c b/crypto/bn/bn_gf2m.c index cfa1c7c..2c61da1 100644 --- a/crypto/bn/bn_gf2m.c +++ b/crypto/bn/bn_gf2m.c @@ -575,7 +575,7 @@ int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[], bn_check_top(a); BN_CTX_start(ctx); if ((s = BN_CTX_get(ctx)) == NULL) - return 0; + goto err; if (!bn_wexpand(s, 2 * a->top)) goto err; @@ -699,18 +699,21 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) int top = p->top; BN_ULONG *udp, *bdp, *vdp, *cdp; - bn_wexpand(u, top); + if (!bn_wexpand(u, top)) + goto err; udp = u->d; for (i = u->top; i < top; i++) udp[i] = 0; u->top = top; - bn_wexpand(b, top); + if (!bn_wexpand(b, top)) + goto err; bdp = b->d; bdp[0] = 1; for (i = 1; i < top; i++) bdp[i] = 0; b->top = top; - bn_wexpand(c, top); + if (!bn_wexpand(c, top)) + goto err; cdp = c->d; for (i = 0; i < top; i++) cdp[i] = 0; diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c index aadd5db..be95bd5 100644 --- a/crypto/bn/bn_mont.c +++ b/crypto/bn/bn_mont.c @@ -361,9 +361,9 @@ void BN_MONT_CTX_free(BN_MONT_CTX *mont) if (mont == NULL) return; - BN_free(&(mont->RR)); - BN_free(&(mont->N)); - BN_free(&(mont->Ni)); + BN_clear_free(&(mont->RR)); + BN_clear_free(&(mont->N)); + BN_clear_free(&(mont->Ni)); if (mont->flags & BN_FLG_MALLOCED) OPENSSL_free(mont); } @@ -373,6 +373,9 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) int ret = 0; BIGNUM *Ri, *R; + if (BN_is_zero(mod)) + return 0; + BN_CTX_start(ctx); if ((Ri = BN_CTX_get(ctx)) == NULL) goto err; diff --git a/crypto/bn/bn_recp.c b/crypto/bn/bn_recp.c index 6826f93..7497ac6 100644 --- a/crypto/bn/bn_recp.c +++ b/crypto/bn/bn_recp.c @@ -152,8 +152,10 @@ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, if (BN_ucmp(m, &(recp->N)) < 0) { BN_zero(d); - if (!BN_copy(r, m)) + if (!BN_copy(r, m)) { + BN_CTX_end(ctx); return 0; + } BN_CTX_end(ctx); return (1); } diff --git a/crypto/bn/bn_x931p.c b/crypto/bn/bn_x931p.c index 6d76b12..efa48bd 100644 --- a/crypto/bn/bn_x931p.c +++ b/crypto/bn/bn_x931p.c @@ -213,14 +213,14 @@ int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx) * exceeded. */ if (!BN_rand(Xp, nbits, 1, 0)) - return 0; + goto err; BN_CTX_start(ctx); t = BN_CTX_get(ctx); for (i = 0; i < 1000; i++) { if (!BN_rand(Xq, nbits, 1, 0)) - return 0; + goto err; /* Check that |Xp - Xq| > 2^(nbits - 100) */ BN_sub(t, Xp, Xq); if (BN_num_bits(t) > (nbits - 100)) @@ -234,6 +234,9 @@ int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx) return 0; + err: + BN_CTX_end(ctx); + return 0; } /* diff --git a/crypto/bn/bntest.c b/crypto/bn/bntest.c index 470d5da..1e35988 100644 --- a/crypto/bn/bntest.c +++ b/crypto/bn/bntest.c @@ -441,6 +441,14 @@ int test_div(BIO *bp, BN_CTX *ctx) BN_init(&d); BN_init(&e); + BN_one(&a); + BN_zero(&b); + + if (BN_div(&d, &c, &a, &b, ctx)) { + fprintf(stderr, "Division by zero succeeded!\n"); + return 0; + } + for (i = 0; i < num0 + num1; i++) { if (i < num1) { BN_bntest_rand(&a, 400, 0, 0); @@ -516,9 +524,9 @@ int test_div_word(BIO *bp) do { BN_bntest_rand(&a, 512, -1, 0); BN_bntest_rand(&b, BN_BITS2, -1, 0); - s = b.d[0]; - } while (!s); + } while (BN_is_zero(&b)); + s = b.d[0]; BN_copy(&b, &a); r = BN_div_word(&b, s); @@ -781,6 +789,18 @@ int test_mont(BIO *bp, BN_CTX *ctx) if (mont == NULL) return 0; + BN_zero(&n); + if (BN_MONT_CTX_set(mont, &n, ctx)) { + fprintf(stderr, "BN_MONT_CTX_set succeeded for zero modulus!\n"); + return 0; + } + + BN_set_word(&n, 16); + if (BN_MONT_CTX_set(mont, &n, ctx)) { + fprintf(stderr, "BN_MONT_CTX_set succeeded for even modulus!\n"); + return 0; + } + BN_bntest_rand(&a, 100, 0, 0); BN_bntest_rand(&b, 100, 0, 0); for (i = 0; i < num2; i++) { @@ -887,6 +907,14 @@ int test_mod_mul(BIO *bp, BN_CTX *ctx) d = BN_new(); e = BN_new(); + BN_one(a); + BN_one(b); + BN_zero(c); + if (BN_mod_mul(e, a, b, c, ctx)) { + fprintf(stderr, "BN_mod_mul with zero modulus succeeded!\n"); + return 0; + } + for (j = 0; j < 3; j++) { BN_bntest_rand(c, 1024, 0, 0); for (i = 0; i < num0; i++) { @@ -952,6 +980,14 @@ int test_mod_exp(BIO *bp, BN_CTX *ctx) d = BN_new(); e = BN_new(); + BN_one(a); + BN_one(b); + BN_zero(c); + if (BN_mod_exp(d, a, b, c, ctx)) { + fprintf(stderr, "BN_mod_exp with zero modulus succeeded!\n"); + return 0; + } + BN_bntest_rand(c, 30, 0, 1); /* must be odd for montgomery */ for (i = 0; i < num2; i++) { BN_bntest_rand(a, 20 + i * 5, 0, 0); @@ -980,6 +1016,24 @@ int test_mod_exp(BIO *bp, BN_CTX *ctx) return 0; } } + + /* Regression test for carry propagation bug in sqr8x_reduction */ + BN_hex2bn(&a, "050505050505"); + BN_hex2bn(&b, "02"); + BN_hex2bn(&c, + "4141414141414141414141274141414141414141414141414141414141414141" + "4141414141414141414141414141414141414141414141414141414141414141" + "4141414141414141414141800000000000000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000001"); + BN_mod_exp(d, a, b, c, ctx); + BN_mul(e, a, a, ctx); + if (BN_cmp(d, e)) { + fprintf(stderr, "BN_mod_exp and BN_mul produce different results!\n"); + return 0; + } + BN_free(a); BN_free(b); BN_free(c); @@ -999,6 +1053,22 @@ int test_mod_exp_mont_consttime(BIO *bp, BN_CTX *ctx) d = BN_new(); e = BN_new(); + BN_one(a); + BN_one(b); + BN_zero(c); + if (BN_mod_exp_mont_consttime(d, a, b, c, ctx, NULL)) { + fprintf(stderr, "BN_mod_exp_mont_consttime with zero modulus " + "succeeded\n"); + return 0; + } + + BN_set_word(c, 16); + if (BN_mod_exp_mont_consttime(d, a, b, c, ctx, NULL)) { + fprintf(stderr, "BN_mod_exp_mont_consttime with even modulus " + "succeeded\n"); + return 0; + } + BN_bntest_rand(c, 30, 0, 1); /* must be odd for montgomery */ for (i = 0; i < num2; i++) { BN_bntest_rand(a, 20 + i * 5, 0, 0); diff --git a/crypto/bn/rsaz_exp.h b/crypto/bn/rsaz_exp.h index 33361de..229e181 100644 --- a/crypto/bn/rsaz_exp.h +++ b/crypto/bn/rsaz_exp.h @@ -1,32 +1,44 @@ -/****************************************************************************** -* Copyright(c) 2012, Intel Corp. -* Developers and authors: -* Shay Gueron (1, 2), and Vlad Krasnov (1) -* (1) Intel Corporation, Israel Development Center, Haifa, Israel -* (2) University of Haifa, Israel +/***************************************************************************** +* * +* Copyright (c) 2012, Intel Corporation * +* * +* All rights reserved. * +* * +* Redistribution and use in source and binary forms, with or without * +* modification, are permitted provided that the following conditions are * +* met: * +* * +* * Redistributions of source code must retain the above copyright * +* notice, this list of conditions and the following disclaimer. * +* * +* * Redistributions in binary form must reproduce the above copyright * +* notice, this list of conditions and the following disclaimer in the * +* documentation and/or other materials provided with the * +* distribution. * +* * +* * Neither the name of the Intel Corporation nor the names of its * +* contributors may be used to endorse or promote products derived from * +* this software without specific prior written permission. * +* * +* * +* THIS SOFTWARE IS PROVIDED BY INTEL CORPORATION ""AS IS"" AND ANY * +* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * +* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * +* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL INTEL CORPORATION OR * +* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * +* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * +* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * +* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * +* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * +* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * +* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +* * ****************************************************************************** -* LICENSE: -* This submission to OpenSSL is to be made available under the OpenSSL -* license, and only to the OpenSSL project, in order to allow integration -* into the publicly distributed code. -* The use of this code, or portions of this code, or concepts embedded in -* this code, or modification of this code and/or algorithm(s) in it, or the -* use of this code for any other purpose than stated above, requires special -* licensing. -****************************************************************************** -* DISCLAIMER: -* THIS SOFTWARE IS PROVIDED BY THE CONTRIBUTORS AND THE COPYRIGHT OWNERS -* ``AS IS''. ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED -* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS OR THE COPYRIGHT -* OWNERS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, -* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -* POSSIBILITY OF SUCH DAMAGE. -******************************************************************************/ +* Developers and authors: * +* Shay Gueron (1, 2), and Vlad Krasnov (1) * +* (1) Intel Corporation, Israel Development Center, Haifa, Israel * +* (2) University of Haifa, Israel * +*****************************************************************************/ #ifndef RSAZ_EXP_H # define RSAZ_EXP_H diff --git a/crypto/buffer/buf_str.c b/crypto/buffer/buf_str.c index ebc5ab4..fa0d608 100644 --- a/crypto/buffer/buf_str.c +++ b/crypto/buffer/buf_str.c @@ -58,6 +58,7 @@ #include <stdio.h> #include "cryptlib.h" +#include <limits.h> #include <openssl/buffer.h> size_t BUF_strnlen(const char *str, size_t maxlen) @@ -72,7 +73,7 @@ size_t BUF_strnlen(const char *str, size_t maxlen) char *BUF_strdup(const char *str) { if (str == NULL) - return (NULL); + return NULL; return BUF_strndup(str, strlen(str)); } @@ -81,16 +82,22 @@ char *BUF_strndup(const char *str, size_t siz) char *ret; if (str == NULL) - return (NULL); + return NULL; siz = BUF_strnlen(str, siz); + if (siz >= INT_MAX) + return NULL; + ret = OPENSSL_malloc(siz + 1); if (ret == NULL) { BUFerr(BUF_F_BUF_STRNDUP, ERR_R_MALLOC_FAILURE); - return (NULL); + return NULL; } - BUF_strlcpy(ret, str, siz + 1); + + memcpy(ret, str, siz); + ret[siz] = '\0'; + return (ret); } @@ -98,13 +105,13 @@ void *BUF_memdup(const void *data, size_t siz) { void *ret; - if (data == NULL) - return (NULL); + if (data == NULL || siz >= INT_MAX) + return NULL; ret = OPENSSL_malloc(siz); if (ret == NULL) { BUFerr(BUF_F_BUF_MEMDUP, ERR_R_MALLOC_FAILURE); - return (NULL); + return NULL; } return memcpy(ret, data, siz); } diff --git a/crypto/buffer/buffer.h b/crypto/buffer/buffer.h index c343dd7..efd240a 100644 --- a/crypto/buffer/buffer.h +++ b/crypto/buffer/buffer.h @@ -86,7 +86,13 @@ int BUF_MEM_grow(BUF_MEM *str, size_t len); int BUF_MEM_grow_clean(BUF_MEM *str, size_t len); size_t BUF_strnlen(const char *str, size_t maxlen); char *BUF_strdup(const char *str); + +/* + * Like strndup, but in addition, explicitly guarantees to never read past the + * first |siz| bytes of |str|. + */ char *BUF_strndup(const char *str, size_t siz); + void *BUF_memdup(const void *data, size_t siz); void BUF_reverse(unsigned char *out, const unsigned char *in, size_t siz); diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c index 85ae928..b14b4b6 100644 --- a/crypto/cms/cms_enc.c +++ b/crypto/cms/cms_enc.c @@ -195,7 +195,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec) ok = 1; err: - if (ec->key && !keep_key) { + if (ec->key && (!keep_key || !ok)) { OPENSSL_cleanse(ec->key, ec->keylen); OPENSSL_free(ec->key); ec->key = NULL; diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c index a8322dc..b91c016 100644 --- a/crypto/cms/cms_pwri.c +++ b/crypto/cms/cms_pwri.c @@ -121,6 +121,9 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, /* Setup algorithm identifier for cipher */ encalg = X509_ALGOR_new(); + if (encalg == NULL) { + goto merr; + } EVP_CIPHER_CTX_init(&ctx); if (EVP_EncryptInit_ex(&ctx, kekciph, NULL, NULL, NULL) <= 0) { diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c index 721ffd5..a41aca8 100644 --- a/crypto/cms/cms_sd.c +++ b/crypto/cms/cms_sd.c @@ -857,6 +857,8 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain) } else { const EVP_MD *md = EVP_MD_CTX_md(&mctx); pkctx = EVP_PKEY_CTX_new(si->pkey, NULL); + if (pkctx == NULL) + goto err; if (EVP_PKEY_verify_init(pkctx) <= 0) goto err; if (EVP_PKEY_CTX_set_signature_md(pkctx, md) <= 0) diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c index 5522a37..07e3472 100644 --- a/crypto/cms/cms_smime.c +++ b/crypto/cms/cms_smime.c @@ -754,7 +754,7 @@ int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags) BIO *cmsbio; int ret = 0; if (!(cmsbio = CMS_dataInit(cms, dcont))) { - CMSerr(CMS_F_CMS_FINAL, ERR_R_MALLOC_FAILURE); + CMSerr(CMS_F_CMS_FINAL, CMS_R_CMS_LIB); return 0; } diff --git a/crypto/comp/c_zlib.c b/crypto/comp/c_zlib.c index 6731af8..9c32614 100644 --- a/crypto/comp/c_zlib.c +++ b/crypto/comp/c_zlib.c @@ -404,8 +404,9 @@ COMP_METHOD *COMP_zlib(void) void COMP_zlib_cleanup(void) { #ifdef ZLIB_SHARED - if (zlib_dso) + if (zlib_dso != NULL) DSO_free(zlib_dso); + zlib_dso = NULL; #endif } diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c index faca9ae..68c77ce 100644 --- a/crypto/conf/conf_def.c +++ b/crypto/conf/conf_def.c @@ -225,12 +225,11 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) goto err; } - section = (char *)OPENSSL_malloc(10); + section = BUF_strdup("default"); if (section == NULL) { CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); goto err; } - BUF_strlcpy(section, "default", 10); if (_CONF_new_data(conf) == 0) { CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c index 544fe97..c042cf2 100644 --- a/crypto/conf/conf_sap.c +++ b/crypto/conf/conf_sap.c @@ -90,6 +90,7 @@ void OPENSSL_config(const char *config_name) CONF_modules_load_file(NULL, config_name, CONF_MFLAGS_DEFAULT_SECTION | CONF_MFLAGS_IGNORE_MISSING_FILE); + openssl_configured = 1; } void OPENSSL_no_config() diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c index ca0e3cc..c9f674b 100644 --- a/crypto/cryptlib.c +++ b/crypto/cryptlib.c @@ -953,13 +953,29 @@ void OPENSSL_showfatal(const char *fmta, ...) # if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333 /* this -------------v--- guards NT-specific calls */ if (check_winnt() && OPENSSL_isservice() > 0) { - HANDLE h = RegisterEventSource(0, _T("OPENSSL")); - const TCHAR *pmsg = buf; - ReportEvent(h, EVENTLOG_ERROR_TYPE, 0, 0, 0, 1, 0, &pmsg, 0); - DeregisterEventSource(h); + HANDLE hEventLog = RegisterEventSource(NULL, _T("OpenSSL")); + + if (hEventLog != NULL) { + const TCHAR *pmsg = buf; + + if (!ReportEvent(hEventLog, EVENTLOG_ERROR_TYPE, 0, 0, NULL, + 1, 0, &pmsg, NULL)) { +#if defined(DEBUG) + /* + * We are in a situation where we tried to report a critical + * error and this failed for some reason. As a last resort, + * in debug builds, send output to the debugger or any other + * tool like DebugView which can monitor the output. + */ + OutputDebugString(pmsg); +#endif + } + + (void)DeregisterEventSource(hEventLog); + } } else # endif - MessageBox(NULL, buf, _T("OpenSSL: FATAL"), MB_OK | MB_ICONSTOP); + MessageBox(NULL, buf, _T("OpenSSL: FATAL"), MB_OK | MB_ICONERROR); } #else void OPENSSL_showfatal(const char *fmta, ...) diff --git a/crypto/des/t/test b/crypto/des/t/test deleted file mode 100644 index 97acd05..0000000 --- a/crypto/des/t/test +++ /dev/null @@ -1,27 +0,0 @@ -#!./perl - -BEGIN { push(@INC, qw(../../../lib ../../lib ../lib lib)); } - -use DES; - -$key='00000000'; -$ks=DES::set_key($key); -@a=split(//,$ks); -foreach (@a) { printf "%02x-",ord($_); } -print "\n"; - - -$key=DES::random_key(); -print "($_)\n"; -@a=split(//,$key); -foreach (@a) { printf "%02x-",ord($_); } -print "\n"; -$str="this is and again into the breach"; -($k1,$k2)=DES::string_to_2keys($str); -@a=split(//,$k1); -foreach (@a) { printf "%02x-",ord($_); } -print "\n"; -@a=split(//,$k2); -foreach (@a) { printf "%02x-",ord($_); } -print "\n"; - diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h index 0502f1a..b177673 100644 --- a/crypto/dh/dh.h +++ b/crypto/dh/dh.h @@ -142,7 +142,7 @@ struct dh_st { BIGNUM *p; BIGNUM *g; long length; /* optional */ - BIGNUM *pub_key; /* g^x */ + BIGNUM *pub_key; /* g^x % p */ BIGNUM *priv_key; /* x */ int flags; BN_MONT_CTX *method_mont_p; diff --git a/crypto/dh/dhtest.c b/crypto/dh/dhtest.c index c9dd76b..6fe8ff4 100644 --- a/crypto/dh/dhtest.c +++ b/crypto/dh/dhtest.c @@ -533,9 +533,9 @@ static int run_rfc5114_tests(void) * Work out shared secrets using both sides and compare with expected * values. */ - if (!DH_compute_key(Z1, dhB->pub_key, dhA)) + if (DH_compute_key(Z1, dhB->pub_key, dhA) == -1) goto bad_err; - if (!DH_compute_key(Z2, dhA->pub_key, dhB)) + if (DH_compute_key(Z2, dhA->pub_key, dhB) == -1) goto bad_err; if (memcmp(Z1, td->Z, td->Z_len)) diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c index 2a5cd71..c40e177 100644 --- a/crypto/dsa/dsa_ameth.c +++ b/crypto/dsa/dsa_ameth.c @@ -318,6 +318,7 @@ static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) dplen = i2d_ASN1_INTEGER(prkey, &dp); ASN1_STRING_clear_free(prkey); + prkey = NULL; if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dsa), 0, V_ASN1_SEQUENCE, params, dp, dplen)) diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c index 5a328aa..15f3bb4 100644 --- a/crypto/dsa/dsa_gen.c +++ b/crypto/dsa/dsa_gen.c @@ -114,16 +114,8 @@ int DSA_generate_parameters_ex(DSA *ret, int bits, } # endif else { - const EVP_MD *evpmd; - size_t qbits = bits >= 2048 ? 256 : 160; - - if (bits >= 2048) { - qbits = 256; - evpmd = EVP_sha256(); - } else { - qbits = 160; - evpmd = EVP_sha1(); - } + const EVP_MD *evpmd = bits >= 2048 ? EVP_sha256() : EVP_sha1(); + size_t qbits = EVP_MD_size(evpmd) * 8; return dsa_builtin_paramgen(ret, bits, qbits, evpmd, seed_in, seed_len, NULL, counter_ret, @@ -176,13 +168,14 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, if (seed_in != NULL) memcpy(seed, seed_in, seed_len); - if ((ctx = BN_CTX_new()) == NULL) + if ((mont = BN_MONT_CTX_new()) == NULL) goto err; - if ((mont = BN_MONT_CTX_new()) == NULL) + if ((ctx = BN_CTX_new()) == NULL) goto err; BN_CTX_start(ctx); + r0 = BN_CTX_get(ctx); g = BN_CTX_get(ctx); W = BN_CTX_get(ctx); @@ -203,7 +196,7 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, if (!BN_GENCB_call(cb, 0, m++)) goto err; - if (!seed_len) { + if (!seed_len || !seed_in) { if (RAND_pseudo_bytes(seed, qsize) < 0) goto err; seed_is_random = 1; diff --git a/crypto/ec/Makefile b/crypto/ec/Makefile index 359ef4e..8949145 100644 --- a/crypto/ec/Makefile +++ b/crypto/ec/Makefile @@ -89,7 +89,7 @@ dclean: mv -f Makefile.new $(MAKEFILE) clean: - rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + rm -f *.s *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff # DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/crypto/ec/asm/ecp_nistz256-x86_64.pl b/crypto/ec/asm/ecp_nistz256-x86_64.pl index 84379fc..648c969 100755 --- a/crypto/ec/asm/ecp_nistz256-x86_64.pl +++ b/crypto/ec/asm/ecp_nistz256-x86_64.pl @@ -81,7 +81,7 @@ if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $addx = ($1>=12); } -if (!$addx && `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9])\.([0-9]+)/) { +if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9])\.([0-9]+)/) { my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10 $avx = ($ver>=3.0) + ($ver>=3.01); $addx = ($ver>=3.03); diff --git a/crypto/ec/ec.h b/crypto/ec/ec.h index 6d3178f..81e6faf 100644 --- a/crypto/ec/ec.h +++ b/crypto/ec/ec.h @@ -106,7 +106,7 @@ typedef enum { /** the point is encoded as z||x, where the octet z specifies * which solution of the quadratic equation y is */ POINT_CONVERSION_COMPRESSED = 2, - /** the point is encoded as z||x||y, where z is the octet 0x02 */ + /** the point is encoded as z||x||y, where z is the octet 0x04 */ POINT_CONVERSION_UNCOMPRESSED = 4, /** the point is encoded as z||x||y, where the octet z specifies * which solution of the quadratic equation y is */ diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index 4ad8494..33abf61 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -970,8 +970,9 @@ EC_GROUP *d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len) { EC_GROUP *group = NULL; ECPKPARAMETERS *params = NULL; + const unsigned char *p = *in; - if ((params = d2i_ECPKPARAMETERS(NULL, in, len)) == NULL) { + if ((params = d2i_ECPKPARAMETERS(NULL, &p, len)) == NULL) { ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_D2I_ECPKPARAMETERS_FAILURE); ECPKPARAMETERS_free(params); return NULL; @@ -989,6 +990,7 @@ EC_GROUP *d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len) *a = group; ECPKPARAMETERS_free(params); + *in = p; return (group); } @@ -1016,8 +1018,9 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) int ok = 0; EC_KEY *ret = NULL; EC_PRIVATEKEY *priv_key = NULL; + const unsigned char *p = *in; - if ((priv_key = d2i_EC_PRIVATEKEY(NULL, in, len)) == NULL) { + if ((priv_key = d2i_EC_PRIVATEKEY(NULL, &p, len)) == NULL) { ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); return NULL; } @@ -1096,6 +1099,7 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) if (a) *a = ret; + *in = p; ok = 1; err: if (!ok) { diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c index 55ce3fe..c784b6f 100644 --- a/crypto/ec/ec_key.c +++ b/crypto/ec/ec_key.c @@ -366,7 +366,10 @@ int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, BN_CTX *ctx = NULL; BIGNUM *tx, *ty; EC_POINT *point = NULL; - int ok = 0, tmp_nid, is_char_two = 0; + int ok = 0; +#ifndef OPENSSL_NO_EC2M + int tmp_nid, is_char_two = 0; +#endif if (!key || !key->group || !x || !y) { ECerr(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES, @@ -382,14 +385,15 @@ int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, if (!point) goto err; + tx = BN_CTX_get(ctx); + ty = BN_CTX_get(ctx); + +#ifndef OPENSSL_NO_EC2M tmp_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(key->group)); if (tmp_nid == NID_X9_62_characteristic_two_field) is_char_two = 1; - tx = BN_CTX_get(ctx); - ty = BN_CTX_get(ctx); -#ifndef OPENSSL_NO_EC2M if (is_char_two) { if (!EC_POINT_set_affine_coordinates_GF2m(key->group, point, x, y, ctx)) diff --git a/crypto/ecdsa/ecdsa.h b/crypto/ecdsa/ecdsa.h index c4016ac..a6f0930 100644 --- a/crypto/ecdsa/ecdsa.h +++ b/crypto/ecdsa/ecdsa.h @@ -233,7 +233,7 @@ void *ECDSA_get_ex_data(EC_KEY *d, int idx); * \return pointer to a ECDSA_METHOD structure or NULL if an error occurred */ -ECDSA_METHOD *ECDSA_METHOD_new(ECDSA_METHOD *ecdsa_method); +ECDSA_METHOD *ECDSA_METHOD_new(const ECDSA_METHOD *ecdsa_method); /** frees a ECDSA_METHOD structure * \param ecdsa_method pointer to the ECDSA_METHOD structure diff --git a/crypto/ecdsa/ecs_lib.c b/crypto/ecdsa/ecs_lib.c index 1c02310..8dc1dda 100644 --- a/crypto/ecdsa/ecs_lib.c +++ b/crypto/ecdsa/ecs_lib.c @@ -276,7 +276,7 @@ void *ECDSA_get_ex_data(EC_KEY *d, int idx) return (CRYPTO_get_ex_data(&ecdsa->ex_data, idx)); } -ECDSA_METHOD *ECDSA_METHOD_new(ECDSA_METHOD *ecdsa_meth) +ECDSA_METHOD *ECDSA_METHOD_new(const ECDSA_METHOD *ecdsa_meth) { ECDSA_METHOD *ret; diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c index 926d95c..8fb9c33 100644 --- a/crypto/engine/eng_cryptodev.c +++ b/crypto/engine/eng_cryptodev.c @@ -1292,15 +1292,18 @@ static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r, BN_num_bytes(dsa->q), s) == 0) { dsaret = DSA_SIG_new(); + if (dsaret == NULL) + goto err; dsaret->r = r; dsaret->s = s; + r = s = NULL; } else { const DSA_METHOD *meth = DSA_OpenSSL(); - BN_free(r); - BN_free(s); dsaret = (meth->dsa_do_sign) (dgst, dlen, dsa); } err: + BN_free(r); + BN_free(s); kop.crk_param[0].crp_p = NULL; zapparams(&kop); return (dsaret); diff --git a/crypto/engine/eng_list.c b/crypto/engine/eng_list.c index 3384e31..83c95d5 100644 --- a/crypto/engine/eng_list.c +++ b/crypto/engine/eng_list.c @@ -260,6 +260,7 @@ int ENGINE_add(ENGINE *e) } if ((e->id == NULL) || (e->name == NULL)) { ENGINEerr(ENGINE_F_ENGINE_ADD, ENGINE_R_ID_OR_NAME_MISSING); + return 0; } CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); if (!engine_list_add(e)) { diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c index b1c586e..3780021 100644 --- a/crypto/evp/e_aes_cbc_hmac_sha256.c +++ b/crypto/evp/e_aes_cbc_hmac_sha256.c @@ -498,7 +498,18 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, iv = AES_BLOCK_SIZE; # if defined(STITCHED_CALL) + /* + * Assembly stitch handles AVX-capable processors, but its + * performance is not optimal on AMD Jaguar, ~40% worse, for + * unknown reasons. Incidentally processor in question supports + * AVX, but not AMD-specific XOP extension, which can be used + * to identify it and avoid stitch invocation. So that after we + * establish that current CPU supports AVX, we even see if it's + * either even XOP-capable Bulldozer-based or GenuineIntel one. + */ if (OPENSSL_ia32cap_P[1] & (1 << (60 - 32)) && /* AVX? */ + ((OPENSSL_ia32cap_P[1] & (1 << (43 - 32))) /* XOP? */ + | (OPENSSL_ia32cap_P[0] & (1<<30))) && /* "Intel CPU"? */ plen > (sha_off + iv) && (blocks = (plen - (sha_off + iv)) / SHA256_CBLOCK)) { SHA256_Update(&key->md, in + iv, sha_off); @@ -816,8 +827,6 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, if (arg != EVP_AEAD_TLS1_AAD_LEN) return -1; - len = p[arg - 2] << 8 | p[arg - 1]; - if (ctx->encrypt) { key->payload_length = len; if ((key->aux.tls_ver = diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c index 96f272e..bf6c1d2 100644 --- a/crypto/evp/e_des3.c +++ b/crypto/evp/e_des3.c @@ -289,7 +289,7 @@ static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, # endif # ifdef EVP_CHECK_DES_KEY if (DES_set_key_checked(&deskey[0], &dat->ks1) - ! !DES_set_key_checked(&deskey[1], &dat->ks2)) + || DES_set_key_checked(&deskey[1], &dat->ks2)) return 0; # else DES_set_key_unchecked(&deskey[0], &dat->ks1); diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c index c361d1f..c6abc4a 100644 --- a/crypto/evp/encode.c +++ b/crypto/evp/encode.c @@ -60,9 +60,9 @@ #include "cryptlib.h" #include <openssl/evp.h> +static unsigned char conv_ascii2bin(unsigned char a); #ifndef CHARSET_EBCDIC # define conv_bin2ascii(a) (data_bin2ascii[(a)&0x3f]) -# define conv_ascii2bin(a) (data_ascii2bin[(a)&0x7f]) #else /* * We assume that PEM encoded files are EBCDIC files (i.e., printable text @@ -71,7 +71,6 @@ * as the underlying textstring data_bin2ascii[] is already EBCDIC) */ # define conv_bin2ascii(a) (data_bin2ascii[(a)&0x3f]) -# define conv_ascii2bin(a) (data_ascii2bin[os_toascii[a]&0x7f]) #endif /*- @@ -103,6 +102,7 @@ abcdefghijklmnopqrstuvwxyz0123456789+/"; #define B64_WS 0xE0 #define B64_ERROR 0xFF #define B64_NOT_BASE64(a) (((a)|0x13) == 0xF3) +#define B64_BASE64(a) !B64_NOT_BASE64(a) static const unsigned char data_ascii2bin[128] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, @@ -123,6 +123,23 @@ static const unsigned char data_ascii2bin[128] = { 0x31, 0x32, 0x33, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, }; +#ifndef CHARSET_EBCDIC +static unsigned char conv_ascii2bin(unsigned char a) +{ + if (a & 0x80) + return B64_ERROR; + return data_ascii2bin[a]; +} +#else +static unsigned char conv_ascii2bin(unsigned char a) +{ + a = os_toascii[a]; + if (a & 0x80) + return B64_ERROR; + return data_ascii2bin[a]; +} +#endif + void EVP_EncodeInit(EVP_ENCODE_CTX *ctx) { ctx->length = 48; @@ -218,8 +235,9 @@ int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int dlen) void EVP_DecodeInit(EVP_ENCODE_CTX *ctx) { - ctx->length = 30; + /* Only ctx->num is used during decoding. */ ctx->num = 0; + ctx->length = 0; ctx->line_num = 0; ctx->expect_nl = 0; } @@ -228,139 +246,123 @@ void EVP_DecodeInit(EVP_ENCODE_CTX *ctx) * -1 for error * 0 for last line * 1 for full line + * + * Note: even though EVP_DecodeUpdate attempts to detect and report end of + * content, the context doesn't currently remember it and will accept more data + * in the next call. Therefore, the caller is responsible for checking and + * rejecting a 0 return value in the middle of content. + * + * Note: even though EVP_DecodeUpdate has historically tried to detect end of + * content based on line length, this has never worked properly. Therefore, + * we now return 0 when one of the following is true: + * - Padding or B64_EOF was detected and the last block is complete. + * - Input has zero-length. + * -1 is returned if: + * - Invalid characters are detected. + * - There is extra trailing padding, or data after padding. + * - B64_EOF is detected after an incomplete base64 block. */ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl) { - int seof = -1, eof = 0, rv = -1, ret = 0, i, v, tmp, n, ln, exp_nl; + int seof = 0, eof = 0, rv = -1, ret = 0, i, v, tmp, n, decoded_len; unsigned char *d; n = ctx->num; d = ctx->enc_data; - ln = ctx->line_num; - exp_nl = ctx->expect_nl; - /* last line of input. */ - if ((inl == 0) || ((n == 0) && (conv_ascii2bin(in[0]) == B64_EOF))) { + if (n > 0 && d[n - 1] == '=') { + eof++; + if (n > 1 && d[n - 2] == '=') + eof++; + } + + /* Legacy behaviour: an empty input chunk signals end of input. */ + if (inl == 0) { rv = 0; goto end; } - /* We parse the input data */ for (i = 0; i < inl; i++) { - /* If the current line is > 80 characters, scream a lot */ - if (ln >= 80) { - rv = -1; - goto end; - } - - /* Get char and put it into the buffer */ tmp = *(in++); v = conv_ascii2bin(tmp); - /* only save the good data :-) */ - if (!B64_NOT_BASE64(v)) { - OPENSSL_assert(n < (int)sizeof(ctx->enc_data)); - d[n++] = tmp; - ln++; - } else if (v == B64_ERROR) { + if (v == B64_ERROR) { rv = -1; goto end; } - /* - * have we seen a '=' which is 'definitly' the last input line. seof - * will point to the character that holds it. and eof will hold how - * many characters to chop off. - */ if (tmp == '=') { - if (seof == -1) - seof = n; eof++; + } else if (eof > 0 && B64_BASE64(v)) { + /* More data after padding. */ + rv = -1; + goto end; } - if (v == B64_CR) { - ln = 0; - if (exp_nl) - continue; + if (eof > 2) { + rv = -1; + goto end; } - /* eoln */ - if (v == B64_EOLN) { - ln = 0; - if (exp_nl) { - exp_nl = 0; - continue; - } - } - exp_nl = 0; - - /* - * If we are at the end of input and it looks like a line, process - * it. - */ - if (((i + 1) == inl) && (((n & 3) == 0) || eof)) { - v = B64_EOF; - /* - * In case things were given us in really small records (so two - * '=' were given in separate updates), eof may contain the - * incorrect number of ending bytes to skip, so let's redo the - * count - */ - eof = 0; - if (d[n - 1] == '=') - eof++; - if (d[n - 2] == '=') - eof++; - /* There will never be more than two '=' */ + if (v == B64_EOF) { + seof = 1; + goto tail; } - if ((v == B64_EOF && (n & 3) == 0) || (n >= 64)) { - /* - * This is needed to work correctly on 64 byte input lines. We - * process the line and then need to accept the '\n' - */ - if ((v != B64_EOF) && (n >= 64)) - exp_nl = 1; - if (n > 0) { - v = EVP_DecodeBlock(out, d, n); - n = 0; - if (v < 0) { - rv = 0; - goto end; - } - if (eof > v) { - rv = -1; - goto end; - } - ret += (v - eof); - } else { - eof = 1; - v = 0; + /* Only save valid base64 characters. */ + if (B64_BASE64(v)) { + if (n >= 64) { + /* + * We increment n once per loop, and empty the buffer as soon as + * we reach 64 characters, so this can only happen if someone's + * manually messed with the ctx. Refuse to write any more data. + */ + rv = -1; + goto end; } + OPENSSL_assert(n < (int)sizeof(ctx->enc_data)); + d[n++] = tmp; + } - /* - * This is the case where we have had a short but valid input - * line - */ - if ((v < ctx->length) && eof) { - rv = 0; + if (n == 64) { + decoded_len = EVP_DecodeBlock(out, d, n); + n = 0; + if (decoded_len < 0 || eof > decoded_len) { + rv = -1; goto end; - } else - ctx->length = v; + } + ret += decoded_len - eof; + out += decoded_len - eof; + } + } - if (seof >= 0) { - rv = 0; + /* + * Legacy behaviour: if the current line is a full base64-block (i.e., has + * 0 mod 4 base64 characters), it is processed immediately. We keep this + * behaviour as applications may not be calling EVP_DecodeFinal properly. + */ +tail: + if (n > 0) { + if ((n & 3) == 0) { + decoded_len = EVP_DecodeBlock(out, d, n); + n = 0; + if (decoded_len < 0 || eof > decoded_len) { + rv = -1; goto end; } - out += v; + ret += (decoded_len - eof); + } else if (seof) { + /* EOF in the middle of a base64 block. */ + rv = -1; + goto end; } } - rv = 1; - end: + + rv = seof || (n == 0 && eof) ? 0 : 1; +end: + /* Legacy behaviour. This should probably rather be zeroed on error. */ *outl = ret; ctx->num = n; - ctx->line_num = ln; - ctx->expect_nl = exp_nl; return (rv); } diff --git a/crypto/evp/evp_key.c b/crypto/evp/evp_key.c index 71fa627..5be9e33 100644 --- a/crypto/evp/evp_key.c +++ b/crypto/evp/evp_key.c @@ -104,6 +104,8 @@ int EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt, if ((prompt == NULL) && (prompt_string[0] != '\0')) prompt = prompt_string; ui = UI_new(); + if (ui == NULL) + return -1; UI_add_input_string(ui, prompt, 0, buf, min, (len >= BUFSIZ) ? BUFSIZ - 1 : len); if (verify) @@ -137,7 +139,7 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, EVP_MD_CTX_init(&c); for (;;) { if (!EVP_DigestInit_ex(&c, md, NULL)) - return 0; + goto err; if (addmd++) if (!EVP_DigestUpdate(&c, &(md_buf[0]), mds)) goto err; @@ -188,6 +190,6 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, rv = type->key_len; err: EVP_MD_CTX_cleanup(&c); - OPENSSL_cleanse(&(md_buf[0]), EVP_MAX_MD_SIZE); + OPENSSL_cleanse(md_buf, sizeof(md_buf)); return rv; } diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index a53a27c..7e0bab9 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -72,11 +72,22 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) if (c->cipher->set_asn1_parameters != NULL) ret = c->cipher->set_asn1_parameters(c, type); else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) { - if (EVP_CIPHER_CTX_mode(c) == EVP_CIPH_WRAP_MODE) { - ASN1_TYPE_set(type, V_ASN1_NULL, NULL); + switch (EVP_CIPHER_CTX_mode(c)) { + case EVP_CIPH_WRAP_MODE: + if (EVP_CIPHER_CTX_nid(c) == NID_id_smime_alg_CMS3DESwrap) + ASN1_TYPE_set(type, V_ASN1_NULL, NULL); ret = 1; - } else + break; + + case EVP_CIPH_GCM_MODE: + case EVP_CIPH_CCM_MODE: + case EVP_CIPH_XTS_MODE: + ret = -1; + break; + + default: ret = EVP_CIPHER_set_asn1_iv(c, type); + } } else ret = -1; return (ret); @@ -89,9 +100,22 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type) if (c->cipher->get_asn1_parameters != NULL) ret = c->cipher->get_asn1_parameters(c, type); else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) { - if (EVP_CIPHER_CTX_mode(c) == EVP_CIPH_WRAP_MODE) - return 1; - ret = EVP_CIPHER_get_asn1_iv(c, type); + switch (EVP_CIPHER_CTX_mode(c)) { + + case EVP_CIPH_WRAP_MODE: + ret = 1; + break; + + case EVP_CIPH_GCM_MODE: + case EVP_CIPH_CCM_MODE: + case EVP_CIPH_XTS_MODE: + ret = -1; + break; + + default: + ret = EVP_CIPHER_get_asn1_iv(c, type); + break; + } } else ret = -1; return (ret); diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c index e3fa95d..7934c95 100644 --- a/crypto/evp/evp_pbe.c +++ b/crypto/evp/evp_pbe.c @@ -228,12 +228,16 @@ int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, int md_nid, EVP_PBE_KEYGEN *keygen) { EVP_PBE_CTL *pbe_tmp; - if (!pbe_algs) + + if (pbe_algs == NULL) { pbe_algs = sk_EVP_PBE_CTL_new(pbe_cmp); - if (!(pbe_tmp = (EVP_PBE_CTL *)OPENSSL_malloc(sizeof(EVP_PBE_CTL)))) { - EVPerr(EVP_F_EVP_PBE_ALG_ADD_TYPE, ERR_R_MALLOC_FAILURE); - return 0; + if (pbe_algs == NULL) + goto err; } + + if ((pbe_tmp = OPENSSL_malloc(sizeof(*pbe_tmp))) == NULL) + goto err; + pbe_tmp->pbe_type = pbe_type; pbe_tmp->pbe_nid = pbe_nid; pbe_tmp->cipher_nid = cipher_nid; @@ -242,6 +246,10 @@ int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, sk_EVP_PBE_CTL_push(pbe_algs, pbe_tmp); return 1; + + err: + EVPerr(EVP_F_EVP_PBE_ALG_ADD_TYPE, ERR_R_MALLOC_FAILURE); + return 0; } int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 1171d30..c017124 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -253,7 +253,7 @@ int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len) int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key) { - if (!EVP_PKEY_set_type(pkey, type)) + if (pkey == NULL || !EVP_PKEY_set_type(pkey, type)) return 0; pkey->pkey.ptr = key; return (key != NULL); diff --git a/crypto/evp/pmeth_gn.c b/crypto/evp/pmeth_gn.c index 59f8134..6435f1b 100644 --- a/crypto/evp/pmeth_gn.c +++ b/crypto/evp/pmeth_gn.c @@ -96,12 +96,17 @@ int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey) return -1; } - if (!ppkey) + if (ppkey == NULL) return -1; - if (!*ppkey) + if (*ppkey == NULL) *ppkey = EVP_PKEY_new(); + if (*ppkey == NULL) { + EVPerr(EVP_F_EVP_PKEY_PARAMGEN, ERR_R_MALLOC_FAILURE); + return -1; + } + ret = ctx->pmeth->paramgen(ctx, *ppkey); if (ret <= 0) { EVP_PKEY_free(*ppkey); diff --git a/crypto/hmac/hm_ameth.c b/crypto/hmac/hm_ameth.c index 29b2b5d..944c6c8 100644 --- a/crypto/hmac/hm_ameth.c +++ b/crypto/hmac/hm_ameth.c @@ -108,9 +108,14 @@ static int old_hmac_decode(EVP_PKEY *pkey, ASN1_OCTET_STRING *os; os = ASN1_OCTET_STRING_new(); if (!os || !ASN1_OCTET_STRING_set(os, *pder, derlen)) - return 0; - EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, os); + goto err; + if (!EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, os)) + goto err; return 1; + + err: + ASN1_OCTET_STRING_free(os); + return 0; } static int old_hmac_encode(const EVP_PKEY *pkey, unsigned char **pder) diff --git a/crypto/jpake/jpake.c b/crypto/jpake/jpake.c index 8c38727..ebc0975 100644 --- a/crypto/jpake/jpake.c +++ b/crypto/jpake/jpake.c @@ -219,6 +219,9 @@ static int verify_zkp(const JPAKE_STEP_PART *p, const BIGNUM *zkpg, BIGNUM *t3 = BN_new(); int ret = 0; + if (h == NULL || t1 == NULL || t2 == NULL || t3 == NULL) + goto end; + zkp_hash(h, zkpg, p, ctx->p.peer_name); /* t1 = g^b */ @@ -234,6 +237,7 @@ static int verify_zkp(const JPAKE_STEP_PART *p, const BIGNUM *zkpg, else JPAKEerr(JPAKE_F_VERIFY_ZKP, JPAKE_R_ZKP_VERIFY_FAILED); +end: /* cleanup */ BN_free(t3); BN_free(t2); diff --git a/crypto/mem_clr.c b/crypto/mem_clr.c index 3df1f39..1a06636 100644 --- a/crypto/mem_clr.c +++ b/crypto/mem_clr.c @@ -66,6 +66,10 @@ void OPENSSL_cleanse(void *ptr, size_t len) { unsigned char *p = ptr; size_t loop = len, ctr = cleanse_ctr; + + if (ptr == NULL) + return; + while (loop--) { *(p++) = (unsigned char)ctr; ctr += (17 + ((size_t)p & 0xF)); diff --git a/crypto/modes/asm/aesni-gcm-x86_64.pl b/crypto/modes/asm/aesni-gcm-x86_64.pl index 7e4e04e..4be2557 100644 --- a/crypto/modes/asm/aesni-gcm-x86_64.pl +++ b/crypto/modes/asm/aesni-gcm-x86_64.pl @@ -56,7 +56,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $avx = ($1>=10) + ($1>=11); } -if (!$avx && `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9]\.[0-9]+)/) { +if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } diff --git a/crypto/modes/asm/ghash-armv4.pl b/crypto/modes/asm/ghash-armv4.pl index 77fbf34..8ccc963 100644 --- a/crypto/modes/asm/ghash-armv4.pl +++ b/crypto/modes/asm/ghash-armv4.pl @@ -45,7 +45,7 @@ # processes one byte in 8.45 cycles, A9 - in 10.2, Snapdragon S4 - # in 9.33. # -# Câmara, D.; Gouvêa, C. P. L.; López, J. & Dahab, R.: Fast Software +# Câmara, D.; Gouvêa, C. P. L.; López, J. & Dahab, R.: Fast Software # Polynomial Multiplication on ARM Processors using the NEON Engine. # # http://conradoplg.cryptoland.net/files/2010/12/mocrysen13.pdf @@ -126,6 +126,11 @@ $code=<<___; .text .code 32 +#ifdef __clang__ +#define ldrplb ldrbpl +#define ldrneb ldrbne +#endif + .type rem_4bit,%object .align 5 rem_4bit: @@ -432,12 +437,12 @@ gcm_ghash_neon: veor $IN,$Xl @ inp^=Xi .Lgmult_neon: ___ - &clmul64x64 ($Xl,$Hlo,"$IN#lo"); # H.lo·Xi.lo + &clmul64x64 ($Xl,$Hlo,"$IN#lo"); # H.lo·Xi.lo $code.=<<___; veor $IN#lo,$IN#lo,$IN#hi @ Karatsuba pre-processing ___ - &clmul64x64 ($Xm,$Hhl,"$IN#lo"); # (H.lo+H.hi)·(Xi.lo+Xi.hi) - &clmul64x64 ($Xh,$Hhi,"$IN#hi"); # H.hi·Xi.hi + &clmul64x64 ($Xm,$Hhl,"$IN#lo"); # (H.lo+H.hi)·(Xi.lo+Xi.hi) + &clmul64x64 ($Xh,$Hhi,"$IN#hi"); # H.hi·Xi.hi $code.=<<___; veor $Xm,$Xm,$Xl @ Karatsuba post-processing veor $Xm,$Xm,$Xh diff --git a/crypto/modes/asm/ghash-sparcv9.pl b/crypto/modes/asm/ghash-sparcv9.pl index 0365e0f..5bc2870 100644 --- a/crypto/modes/asm/ghash-sparcv9.pl +++ b/crypto/modes/asm/ghash-sparcv9.pl @@ -379,7 +379,7 @@ gcm_init_vis3: or $V,%lo(0xA0406080),$V or %l0,%lo(0x20C0E000),%l0 sllx $V,32,$V - or %l0,$V,$V ! (0xE0·i)&0xff=0xA040608020C0E000 + or %l0,$V,$V ! (0xE0·i)&0xff=0xA040608020C0E000 stx $V,[%i0+16] ret @@ -399,7 +399,7 @@ gcm_gmult_vis3: mov 0xE1,%l7 sllx %l7,57,$xE1 ! 57 is not a typo - ldx [$Htable+16],$V ! (0xE0·i)&0xff=0xA040608020C0E000 + ldx [$Htable+16],$V ! (0xE0·i)&0xff=0xA040608020C0E000 xor $Hhi,$Hlo,$Hhl ! Karatsuba pre-processing xmulx $Xlo,$Hlo,$C0 @@ -411,9 +411,9 @@ gcm_gmult_vis3: xmulx $Xhi,$Hhi,$Xhi sll $C0,3,$sqr - srlx $V,$sqr,$sqr ! ·0xE0 [implicit &(7<<3)] + srlx $V,$sqr,$sqr ! ·0xE0 [implicit &(7<<3)] xor $C0,$sqr,$sqr - sllx $sqr,57,$sqr ! ($C0·0xE1)<<1<<56 [implicit &0x7f] + sllx $sqr,57,$sqr ! ($C0·0xE1)<<1<<56 [implicit &0x7f] xor $C0,$C1,$C1 ! Karatsuba post-processing xor $Xlo,$C2,$C2 @@ -423,7 +423,7 @@ gcm_gmult_vis3: xor $Xhi,$C2,$C2 xor $Xhi,$C1,$C1 - xmulxhi $C0,$xE1,$Xlo ! ·0xE1<<1<<56 + xmulxhi $C0,$xE1,$Xlo ! ·0xE1<<1<<56 xor $C0,$C2,$C2 xmulx $C1,$xE1,$C0 xor $C1,$C3,$C3 @@ -453,7 +453,7 @@ gcm_ghash_vis3: mov 0xE1,%l7 sllx %l7,57,$xE1 ! 57 is not a typo - ldx [$Htable+16],$V ! (0xE0·i)&0xff=0xA040608020C0E000 + ldx [$Htable+16],$V ! (0xE0·i)&0xff=0xA040608020C0E000 and $inp,7,$shl andn $inp,7,$inp @@ -490,9 +490,9 @@ gcm_ghash_vis3: xmulx $Xhi,$Hhi,$Xhi sll $C0,3,$sqr - srlx $V,$sqr,$sqr ! ·0xE0 [implicit &(7<<3)] + srlx $V,$sqr,$sqr ! ·0xE0 [implicit &(7<<3)] xor $C0,$sqr,$sqr - sllx $sqr,57,$sqr ! ($C0·0xE1)<<1<<56 [implicit &0x7f] + sllx $sqr,57,$sqr ! ($C0·0xE1)<<1<<56 [implicit &0x7f] xor $C0,$C1,$C1 ! Karatsuba post-processing xor $Xlo,$C2,$C2 @@ -502,7 +502,7 @@ gcm_ghash_vis3: xor $Xhi,$C2,$C2 xor $Xhi,$C1,$C1 - xmulxhi $C0,$xE1,$Xlo ! ·0xE1<<1<<56 + xmulxhi $C0,$xE1,$Xlo ! ·0xE1<<1<<56 xor $C0,$C2,$C2 xmulx $C1,$xE1,$C0 xor $C1,$C3,$C3 diff --git a/crypto/modes/asm/ghash-x86.pl b/crypto/modes/asm/ghash-x86.pl index 23a5527..0269169 100644 --- a/crypto/modes/asm/ghash-x86.pl +++ b/crypto/modes/asm/ghash-x86.pl @@ -358,7 +358,7 @@ $S=12; # shift factor for rem_4bit # effective address calculation and finally merge of value to Z.hi. # Reference to rem_4bit is scheduled so late that I had to >>4 # rem_4bit elements. This resulted in 20-45% procent improvement -# on contemporary µ-archs. +# on contemporary µ-archs. { my $cnt; my $rem_4bit = "eax"; diff --git a/crypto/modes/asm/ghash-x86_64.pl b/crypto/modes/asm/ghash-x86_64.pl index 6e656ca..0bcb6d4 100644 --- a/crypto/modes/asm/ghash-x86_64.pl +++ b/crypto/modes/asm/ghash-x86_64.pl @@ -105,7 +105,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $avx = ($1>=10) + ($1>=11); } -if (!$avx && `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9]\.[0-9]+)/) { +if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } @@ -576,15 +576,15 @@ $code.=<<___ if (0 || (&reduction_alg9($Xhi,$Xi)&&0)); # experimental alternative. special thing about is that there # no dependency between the two multiplications... mov \$`0xE1<<1`,%eax - mov \$0xA040608020C0E000,%r10 # ((7..0)·0xE0)&0xff + mov \$0xA040608020C0E000,%r10 # ((7..0)·0xE0)&0xff mov \$0x07,%r11d movq %rax,$T1 movq %r10,$T2 movq %r11,$T3 # borrow $T3 pand $Xi,$T3 - pshufb $T3,$T2 # ($Xi&7)·0xE0 + pshufb $T3,$T2 # ($Xi&7)·0xE0 movq %rax,$T3 - pclmulqdq \$0x00,$Xi,$T1 # ·(0xE1<<1) + pclmulqdq \$0x00,$Xi,$T1 # ·(0xE1<<1) pxor $Xi,$T2 pslldq \$15,$T2 paddd $T2,$T2 # <<(64+56+1) @@ -657,7 +657,7 @@ $code.=<<___; je .Lskip4x sub \$0x30,$len - mov \$0xA040608020C0E000,%rax # ((7..0)·0xE0)&0xff + mov \$0xA040608020C0E000,%rax # ((7..0)·0xE0)&0xff movdqu 0x30($Htbl),$Hkey3 movdqu 0x40($Htbl),$Hkey4 diff --git a/crypto/modes/asm/ghashp8-ppc.pl b/crypto/modes/asm/ghashp8-ppc.pl index e76a58c..71457cf 100755 --- a/crypto/modes/asm/ghashp8-ppc.pl +++ b/crypto/modes/asm/ghashp8-ppc.pl @@ -118,9 +118,9 @@ $code=<<___; le?vperm $IN,$IN,$IN,$lemask vxor $zero,$zero,$zero - vpmsumd $Xl,$IN,$Hl # H.lo·Xi.lo - vpmsumd $Xm,$IN,$H # H.hi·Xi.lo+H.lo·Xi.hi - vpmsumd $Xh,$IN,$Hh # H.hi·Xi.hi + vpmsumd $Xl,$IN,$Hl # H.lo·Xi.lo + vpmsumd $Xm,$IN,$H # H.hi·Xi.lo+H.lo·Xi.hi + vpmsumd $Xh,$IN,$Hh # H.hi·Xi.hi vpmsumd $t2,$Xl,$xC2 # 1st phase @@ -178,11 +178,11 @@ $code=<<___; .align 5 Loop: subic $len,$len,16 - vpmsumd $Xl,$IN,$Hl # H.lo·Xi.lo + vpmsumd $Xl,$IN,$Hl # H.lo·Xi.lo subfe. r0,r0,r0 # borrow?-1:0 - vpmsumd $Xm,$IN,$H # H.hi·Xi.lo+H.lo·Xi.hi + vpmsumd $Xm,$IN,$H # H.hi·Xi.lo+H.lo·Xi.hi and r0,r0,$len - vpmsumd $Xh,$IN,$Hh # H.hi·Xi.hi + vpmsumd $Xh,$IN,$Hh # H.hi·Xi.hi add $inp,$inp,r0 vpmsumd $t2,$Xl,$xC2 # 1st phase diff --git a/crypto/modes/asm/ghashv8-armx.pl b/crypto/modes/asm/ghashv8-armx.pl index 0b9cd73..0886d21 100644 --- a/crypto/modes/asm/ghashv8-armx.pl +++ b/crypto/modes/asm/ghashv8-armx.pl @@ -135,10 +135,10 @@ gcm_gmult_v8: #endif vext.8 $IN,$t1,$t1,#8 - vpmull.p64 $Xl,$H,$IN @ H.lo·Xi.lo + vpmull.p64 $Xl,$H,$IN @ H.lo·Xi.lo veor $t1,$t1,$IN @ Karatsuba pre-processing - vpmull2.p64 $Xh,$H,$IN @ H.hi·Xi.hi - vpmull.p64 $Xm,$Hhl,$t1 @ (H.lo+H.hi)·(Xi.lo+Xi.hi) + vpmull2.p64 $Xh,$H,$IN @ H.hi·Xi.hi + vpmull.p64 $Xm,$Hhl,$t1 @ (H.lo+H.hi)·(Xi.lo+Xi.hi) vext.8 $t1,$Xl,$Xh,#8 @ Karatsuba post-processing veor $t2,$Xl,$Xh @@ -226,7 +226,7 @@ $code.=<<___; #endif vext.8 $In,$t1,$t1,#8 veor $IN,$IN,$Xl @ I[i]^=Xi - vpmull.p64 $Xln,$H,$In @ H·Ii+1 + vpmull.p64 $Xln,$H,$In @ H·Ii+1 veor $t1,$t1,$In @ Karatsuba pre-processing vpmull2.p64 $Xhn,$H,$In b .Loop_mod2x_v8 @@ -235,14 +235,14 @@ $code.=<<___; .Loop_mod2x_v8: vext.8 $t2,$IN,$IN,#8 subs $len,$len,#32 @ is there more data? - vpmull.p64 $Xl,$H2,$IN @ H^2.lo·Xi.lo + vpmull.p64 $Xl,$H2,$IN @ H^2.lo·Xi.lo cclr $inc,lo @ is it time to zero $inc? vpmull.p64 $Xmn,$Hhl,$t1 veor $t2,$t2,$IN @ Karatsuba pre-processing - vpmull2.p64 $Xh,$H2,$IN @ H^2.hi·Xi.hi + vpmull2.p64 $Xh,$H2,$IN @ H^2.hi·Xi.hi veor $Xl,$Xl,$Xln @ accumulate - vpmull2.p64 $Xm,$Hhl,$t2 @ (H^2.lo+H^2.hi)·(Xi.lo+Xi.hi) + vpmull2.p64 $Xm,$Hhl,$t2 @ (H^2.lo+H^2.hi)·(Xi.lo+Xi.hi) vld1.64 {$t0},[$inp],$inc @ load [rotated] I[i+2] veor $Xh,$Xh,$Xhn @@ -267,7 +267,7 @@ $code.=<<___; vext.8 $In,$t1,$t1,#8 vext.8 $IN,$t0,$t0,#8 veor $Xl,$Xm,$t2 - vpmull.p64 $Xln,$H,$In @ H·Ii+1 + vpmull.p64 $Xln,$H,$In @ H·Ii+1 veor $IN,$IN,$Xh @ accumulate $IN early vext.8 $t2,$Xl,$Xl,#8 @ 2nd phase of reduction @@ -291,10 +291,10 @@ $code.=<<___; veor $IN,$IN,$Xl @ inp^=Xi veor $t1,$t0,$t2 @ $t1 is rotated inp^Xi - vpmull.p64 $Xl,$H,$IN @ H.lo·Xi.lo + vpmull.p64 $Xl,$H,$IN @ H.lo·Xi.lo veor $t1,$t1,$IN @ Karatsuba pre-processing - vpmull2.p64 $Xh,$H,$IN @ H.hi·Xi.hi - vpmull.p64 $Xm,$Hhl,$t1 @ (H.lo+H.hi)·(Xi.lo+Xi.hi) + vpmull2.p64 $Xh,$H,$IN @ H.hi·Xi.hi + vpmull.p64 $Xm,$Hhl,$t1 @ (H.lo+H.hi)·(Xi.lo+Xi.hi) vext.8 $t1,$Xl,$Xh,#8 @ Karatsuba post-processing veor $t2,$Xl,$Xh diff --git a/crypto/modes/wrap128.c b/crypto/modes/wrap128.c index 4dcaf03..3849783 100644 --- a/crypto/modes/wrap128.c +++ b/crypto/modes/wrap128.c @@ -76,7 +76,7 @@ size_t CRYPTO_128_wrap(void *key, const unsigned char *iv, return 0; A = B; t = 1; - memcpy(out + 8, in, inlen); + memmove(out + 8, in, inlen); if (!iv) iv = default_iv; @@ -113,7 +113,7 @@ size_t CRYPTO_128_unwrap(void *key, const unsigned char *iv, A = B; t = 6 * (inlen >> 3); memcpy(A, in, 8); - memcpy(out, in + 8, inlen); + memmove(out, in + 8, inlen); for (j = 0; j < 6; j++) { R = out + inlen - 8; for (i = 0; i < inlen; i += 8, t--, R -= 8) { diff --git a/crypto/ocsp/ocsp_lib.c b/crypto/ocsp/ocsp_lib.c index 442a5b6..cabf539 100644 --- a/crypto/ocsp/ocsp_lib.c +++ b/crypto/ocsp/ocsp_lib.c @@ -246,12 +246,6 @@ int OCSP_parse_url(const char *url, char **phost, char **pport, char **ppath, if ((p = strchr(p, ':'))) { *p = 0; port = p + 1; - } else { - /* Not found: set default port */ - if (*pssl) - port = "443"; - else - port = "80"; } *pport = BUF_strdup(port); diff --git a/crypto/ocsp/ocsp_prn.c b/crypto/ocsp/ocsp_prn.c index 1834256..47d5f83 100644 --- a/crypto/ocsp/ocsp_prn.c +++ b/crypto/ocsp/ocsp_prn.c @@ -212,8 +212,7 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE *o, unsigned long flags) return 1; } - i = ASN1_STRING_length(rb->response); - if (!(br = OCSP_response_get1_basic(o))) + if ((br = OCSP_response_get1_basic(o)) == NULL) goto err; rd = br->tbsResponseData; l = ASN1_INTEGER_get(rd->version); diff --git a/crypto/opensslconf.h b/crypto/opensslconf.h index 15487c9..b4d522e 100644 --- a/crypto/opensslconf.h +++ b/crypto/opensslconf.h @@ -216,7 +216,7 @@ extern "C" { optimization options. Older Sparc's work better with only UNROLL, but there's no way to tell at compile time what it is you're running on */ -#if defined( sun ) /* Newer Sparc's */ +#if defined( __sun ) || defined ( sun ) /* Newer Sparc's */ # define DES_PTR # define DES_RISC1 # define DES_UNROLL diff --git a/crypto/opensslconf.h.in b/crypto/opensslconf.h.in index 814309b..7a1c85d 100644 --- a/crypto/opensslconf.h.in +++ b/crypto/opensslconf.h.in @@ -120,7 +120,7 @@ optimization options. Older Sparc's work better with only UNROLL, but there's no way to tell at compile time what it is you're running on */ -#if defined( sun ) /* Newer Sparc's */ +#if defined( __sun ) || defined ( sun ) /* Newer Sparc's */ # define DES_PTR # define DES_RISC1 # define DES_UNROLL diff --git a/crypto/opensslv.h b/crypto/opensslv.h index c06b13a..abcef15 100644 --- a/crypto/opensslv.h +++ b/crypto/opensslv.h @@ -30,11 +30,11 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x1000204fL +# define OPENSSL_VERSION_NUMBER 0x1000205fL # ifdef OPENSSL_FIPS -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2d-fips 9 Jul 2015" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2e-fips 3 Dec 2015" # else -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2d 9 Jul 2015" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2e 3 Dec 2015" # endif # define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/crypto/pem/pem_info.c b/crypto/pem/pem_info.c index 68747d1..4d736a1 100644 --- a/crypto/pem/pem_info.c +++ b/crypto/pem/pem_info.c @@ -172,6 +172,8 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, xi->enc_len = 0; xi->x_pkey = X509_PKEY_new(); + if (xi->x_pkey == NULL) + goto err; ptype = EVP_PKEY_RSA; pp = &xi->x_pkey->dec_pkey; if ((int)strlen(header) > 10) /* assume encrypted */ @@ -193,6 +195,8 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, xi->enc_len = 0; xi->x_pkey = X509_PKEY_new(); + if (xi->x_pkey == NULL) + goto err; ptype = EVP_PKEY_DSA; pp = &xi->x_pkey->dec_pkey; if ((int)strlen(header) > 10) /* assume encrypted */ @@ -214,6 +218,8 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, xi->enc_len = 0; xi->x_pkey = X509_PKEY_new(); + if (xi->x_pkey == NULL) + goto err; ptype = EVP_PKEY_EC; pp = &xi->x_pkey->dec_pkey; if ((int)strlen(header) > 10) /* assume encrypted */ diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c index ee4b6a8..82d4527 100644 --- a/crypto/pem/pvkfmt.c +++ b/crypto/pem/pvkfmt.c @@ -624,13 +624,11 @@ static int do_PVK_header(const unsigned char **in, unsigned int length, PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_PVK_TOO_SHORT); return 0; } - length -= 20; } else { if (length < 24) { PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_PVK_TOO_SHORT); return 0; } - length -= 24; pvk_magic = read_ledword(&p); if (pvk_magic != MS_PVKMAGIC) { PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_BAD_MAGIC_NUMBER); @@ -692,23 +690,23 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in, inlen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u); if (inlen <= 0) { PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_PASSWORD_READ); - return NULL; + goto err; } enctmp = OPENSSL_malloc(keylen + 8); if (!enctmp) { PEMerr(PEM_F_DO_PVK_BODY, ERR_R_MALLOC_FAILURE); - return NULL; + goto err; } if (!derive_pvk_key(keybuf, p, saltlen, (unsigned char *)psbuf, inlen)) - return NULL; + goto err; p += saltlen; /* Copy BLOBHEADER across, decrypt rest */ memcpy(enctmp, p, 8); p += 8; if (keylen < 8) { PEMerr(PEM_F_DO_PVK_BODY, PEM_R_PVK_TOO_SHORT); - return NULL; + goto err; } inlen = keylen - 8; q = enctmp + 8; diff --git a/crypto/perlasm/ppc-xlate.pl b/crypto/perlasm/ppc-xlate.pl index f89e814..0f46cf0 100755 --- a/crypto/perlasm/ppc-xlate.pl +++ b/crypto/perlasm/ppc-xlate.pl @@ -151,6 +151,26 @@ my $vmr = sub { " vor $vx,$vy,$vy"; }; +# Some ABIs specify vrsave, special-purpose register #256, as reserved +# for system use. +my $no_vrsave = ($flavour =~ /aix|linux64le/); +my $mtspr = sub { + my ($f,$idx,$ra) = @_; + if ($idx == 256 && $no_vrsave) { + " or $ra,$ra,$ra"; + } else { + " mtspr $idx,$ra"; + } +}; +my $mfspr = sub { + my ($f,$rd,$idx) = @_; + if ($idx == 256 && $no_vrsave) { + " li $rd,-1"; + } else { + " mfspr $rd,$idx"; + } +}; + # PowerISA 2.06 stuff sub vsxmem_op { my ($f, $vrt, $ra, $rb, $op) = @_; diff --git a/crypto/pkcs12/p12_add.c b/crypto/pkcs12/p12_add.c index 982805d..d9f03a3 100644 --- a/crypto/pkcs12/p12_add.c +++ b/crypto/pkcs12/p12_add.c @@ -75,15 +75,19 @@ PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, bag->type = OBJ_nid2obj(nid1); if (!ASN1_item_pack(obj, it, &bag->value.octet)) { PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); - return NULL; + goto err; } if (!(safebag = PKCS12_SAFEBAG_new())) { PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); - return NULL; + goto err; } safebag->value.bag = bag; safebag->type = OBJ_nid2obj(nid2); return safebag; + + err: + PKCS12_BAGS_free(bag); + return NULL; } /* Turn PKCS8 object into a keybag */ @@ -127,6 +131,7 @@ PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass, PKCS8_encrypt(pbe_nid, pbe_ciph, pass, passlen, salt, saltlen, iter, p8))) { PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE); + PKCS12_SAFEBAG_free(bag); return NULL; } @@ -144,14 +149,18 @@ PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk) p7->type = OBJ_nid2obj(NID_pkcs7_data); if (!(p7->d.data = M_ASN1_OCTET_STRING_new())) { PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE); - return NULL; + goto err; } if (!ASN1_item_pack(sk, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), &p7->d.data)) { PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, PKCS12_R_CANT_PACK_STRUCTURE); - return NULL; + goto err; } return p7; + + err: + PKCS7_free(p7); + return NULL; } /* Unpack SAFEBAGS from PKCS#7 data ContentInfo */ @@ -181,7 +190,7 @@ PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, if (!PKCS7_set_type(p7, NID_pkcs7_encrypted)) { PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE); - return NULL; + goto err; } pbe_ciph = EVP_get_cipherbynid(pbe_nid); @@ -193,7 +202,7 @@ PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, if (!pbe) { PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE); - return NULL; + goto err; } X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm); p7->d.encrypted->enc_data->algorithm = pbe; @@ -202,10 +211,14 @@ PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), pass, passlen, bags, 1))) { PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, PKCS12_R_ENCRYPT_ERROR); - return NULL; + goto err; } return p7; + + err: + PKCS7_free(p7); + return NULL; } STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, diff --git a/crypto/pkcs12/p12_crpt.c b/crypto/pkcs12/p12_crpt.c index 3a166e6..9c2dcab 100644 --- a/crypto/pkcs12/p12_crpt.c +++ b/crypto/pkcs12/p12_crpt.c @@ -77,6 +77,9 @@ int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, const unsigned char *pbuf; unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; + if (cipher == NULL) + return 0; + /* Extract useful info from parameter */ if (param == NULL || param->type != V_ASN1_SEQUENCE || param->value.sequence == NULL) { diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c index 5ab4bf2..a927782 100644 --- a/crypto/pkcs12/p12_mutl.c +++ b/crypto/pkcs12/p12_mutl.c @@ -173,11 +173,11 @@ int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen, } if (!saltlen) saltlen = PKCS12_SALT_LEN; - p12->mac->salt->length = saltlen; - if (!(p12->mac->salt->data = OPENSSL_malloc(saltlen))) { + if ((p12->mac->salt->data = OPENSSL_malloc(saltlen)) == NULL) { PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); return 0; } + p12->mac->salt->length = saltlen; if (!salt) { if (RAND_pseudo_bytes(p12->mac->salt->data, saltlen) < 0) return 0; diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index c8d7db0..946aaa6 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -656,6 +656,8 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) bio = BIO_new_mem_buf(data_body->data, data_body->length); else { bio = BIO_new(BIO_s_mem()); + if (bio == NULL) + goto err; BIO_set_mem_eof_return(bio, 0); } if (bio == NULL) @@ -1156,7 +1158,6 @@ PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx) rsk = p7->d.signed_and_enveloped->recipientinfo; if (rsk == NULL) return NULL; - ri = sk_PKCS7_RECIP_INFO_value(rsk, 0); if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx) return (NULL); ri = sk_PKCS7_RECIP_INFO_value(rsk, idx); diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c index dbd4100..c4d3724 100644 --- a/crypto/pkcs7/pk7_smime.c +++ b/crypto/pkcs7/pk7_smime.c @@ -256,8 +256,8 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, X509_STORE_CTX cert_ctx; char buf[4096]; int i, j = 0, k, ret = 0; - BIO *p7bio; - BIO *tmpin, *tmpout; + BIO *p7bio = NULL; + BIO *tmpin = NULL, *tmpout = NULL; if (!p7) { PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_INVALID_NULL_POINTER); @@ -274,18 +274,12 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_NO_CONTENT); return 0; } -#if 0 - /* - * NB: this test commented out because some versions of Netscape - * illegally include zero length content when signing data. - */ /* Check for data and content: two sets of data */ if (!PKCS7_get_detached(p7) && indata) { PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_CONTENT_AND_DATA_PRESENT); return 0; } -#endif sinfos = PKCS7_get_signer_info(p7); @@ -295,7 +289,6 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, } signers = PKCS7_get0_signers(p7, certs, flags); - if (!signers) return 0; @@ -308,14 +301,12 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, if (!X509_STORE_CTX_init(&cert_ctx, store, signer, p7->d.sign->cert)) { PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_X509_LIB); - sk_X509_free(signers); - return 0; + goto err; } X509_STORE_CTX_set_default(&cert_ctx, "smime_sign"); } else if (!X509_STORE_CTX_init(&cert_ctx, store, signer, NULL)) { PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_X509_LIB); - sk_X509_free(signers); - return 0; + goto err; } if (!(flags & PKCS7_NOCRL)) X509_STORE_CTX_set0_crls(&cert_ctx, p7->d.sign->crl); @@ -328,8 +319,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, PKCS7_R_CERTIFICATE_VERIFY_ERROR); ERR_add_error_data(2, "Verify error:", X509_verify_cert_error_string(j)); - sk_X509_free(signers); - return 0; + goto err; } /* Check for revocation status here */ } @@ -348,7 +338,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, tmpin = BIO_new_mem_buf(ptr, len); if (tmpin == NULL) { PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE); - return 0; + goto err; } } else tmpin = indata; @@ -398,15 +388,12 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, ret = 1; err: - if (tmpin == indata) { if (indata) BIO_pop(p7bio); } BIO_free_all(p7bio); - sk_X509_free(signers); - return ret; } diff --git a/crypto/ppccap.c b/crypto/ppccap.c index 2b7f704..74af473 100644 --- a/crypto/ppccap.c +++ b/crypto/ppccap.c @@ -7,7 +7,7 @@ #if defined(__linux) || defined(_AIX) # include <sys/utsname.h> #endif -#include <crypto.h> +#include <openssl/crypto.h> #include <openssl/bn.h> #include "ppc_arch.h" diff --git a/crypto/rc4/asm/rc4-x86_64.pl b/crypto/rc4/asm/rc4-x86_64.pl index 75750db..20722d3 100755 --- a/crypto/rc4/asm/rc4-x86_64.pl +++ b/crypto/rc4/asm/rc4-x86_64.pl @@ -56,7 +56,7 @@ # achieves respectful 432MBps on 2.8GHz processor now. For reference. # If executed on Xeon, current RC4_CHAR code-path is 2.7x faster than # RC4_INT code-path. While if executed on Opteron, it's only 25% -# slower than the RC4_INT one [meaning that if CPU µ-arch detection +# slower than the RC4_INT one [meaning that if CPU µ-arch detection # is not implemented, then this final RC4_CHAR code-path should be # preferred, as it provides better *all-round* performance]. diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index ca3922e..4e06218 100644 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -268,7 +268,7 @@ static X509_ALGOR *rsa_mgf1_decode(X509_ALGOR *alg) { const unsigned char *p; int plen; - if (alg == NULL) + if (alg == NULL || alg->parameter == NULL) return NULL; if (OBJ_obj2nid(alg->algorithm) != NID_mgf1) return NULL; diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c index 2465fbd..7f7dca3 100644 --- a/crypto/rsa/rsa_gen.c +++ b/crypto/rsa/rsa_gen.c @@ -69,6 +69,8 @@ #include <openssl/rsa.h> #ifdef OPENSSL_FIPS # include <openssl/fips.h> +extern int FIPS_rsa_x931_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, + BN_GENCB *cb); #endif static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, @@ -94,7 +96,7 @@ int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) return rsa->meth->rsa_keygen(rsa, bits, e_value, cb); #ifdef OPENSSL_FIPS if (FIPS_mode()) - return FIPS_rsa_generate_key_ex(rsa, bits, e_value, cb); + return FIPS_rsa_x931_generate_key_ex(rsa, bits, e_value, cb); #endif return rsa_builtin_keygen(rsa, bits, e_value, cb); } diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c index 19461c6..82ca832 100644 --- a/crypto/rsa/rsa_sign.c +++ b/crypto/rsa/rsa_sign.c @@ -218,14 +218,13 @@ int int_rsa_verify(int dtype, const unsigned char *m, memcpy(rm, s + 2, 16); *prm_len = 16; ret = 1; - } else if (memcmp(m, s + 2, 16)) + } else if (memcmp(m, s + 2, 16)) { RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE); - else + } else { ret = 1; - } - - /* Special case: SSL signature */ - if (dtype == NID_md5_sha1) { + } + } else if (dtype == NID_md5_sha1) { + /* Special case: SSL signature */ if ((i != SSL_SIG_LENGTH) || memcmp(s, m, SSL_SIG_LENGTH)) RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE); else diff --git a/crypto/rsa/rsa_test.c b/crypto/rsa/rsa_test.c index e971295..85c7440 100644 --- a/crypto/rsa/rsa_test.c +++ b/crypto/rsa/rsa_test.c @@ -297,22 +297,30 @@ int main(int argc, char *argv[]) } else printf("OAEP encryption/decryption ok\n"); - /* Try decrypting corrupted ciphertexts */ + /* Try decrypting corrupted ciphertexts. */ for (n = 0; n < clen; ++n) { - int b; - unsigned char saved = ctext[n]; - for (b = 0; b < 256; ++b) { - if (b == saved) - continue; - ctext[n] = b; - num = RSA_private_decrypt(num, ctext, ptext, key, + ctext[n] ^= 1; + num = RSA_private_decrypt(clen, ctext, ptext, key, RSA_PKCS1_OAEP_PADDING); - if (num > 0) { - printf("Corrupt data decrypted!\n"); - err = 1; - } + if (num > 0) { + printf("Corrupt data decrypted!\n"); + err = 1; + break; } + ctext[n] ^= 1; } + + /* Test truncated ciphertexts, as well as negative length. */ + for (n = -1; n < clen; ++n) { + num = RSA_private_decrypt(n, ctext, ptext, key, + RSA_PKCS1_OAEP_PADDING); + if (num > 0) { + printf("Truncated data decrypted!\n"); + err = 1; + break; + } + } + next: RSA_free(key); } diff --git a/crypto/sha/asm/sha1-586.pl b/crypto/sha/asm/sha1-586.pl index 4895eb3..e0b5d83 100644 --- a/crypto/sha/asm/sha1-586.pl +++ b/crypto/sha/asm/sha1-586.pl @@ -66,9 +66,9 @@ # switch to AVX alone improves performance by as little as 4% in # comparison to SSSE3 code path. But below result doesn't look like # 4% improvement... Trouble is that Sandy Bridge decodes 'ro[rl]' as -# pair of µ-ops, and it's the additional µ-ops, two per round, that +# pair of µ-ops, and it's the additional µ-ops, two per round, that # make it run slower than Core2 and Westmere. But 'sh[rl]d' is decoded -# as single µ-op by Sandy Bridge and it's replacing 'ro[rl]' with +# as single µ-op by Sandy Bridge and it's replacing 'ro[rl]' with # equivalent 'sh[rl]d' that is responsible for the impressive 5.1 # cycles per processed byte. But 'sh[rl]d' is not something that used # to be fast, nor does it appear to be fast in upcoming Bulldozer diff --git a/crypto/sha/asm/sha1-mb-x86_64.pl b/crypto/sha/asm/sha1-mb-x86_64.pl index a8ee075..f856bb8 100644 --- a/crypto/sha/asm/sha1-mb-x86_64.pl +++ b/crypto/sha/asm/sha1-mb-x86_64.pl @@ -58,7 +58,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $avx = ($1>=10) + ($1>=11); } -if (!$avx && `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9]\.[0-9]+)/) { +if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } diff --git a/crypto/sha/asm/sha1-x86_64.pl b/crypto/sha/asm/sha1-x86_64.pl index 9bb6b49..9a6acc3 100755 --- a/crypto/sha/asm/sha1-x86_64.pl +++ b/crypto/sha/asm/sha1-x86_64.pl @@ -107,7 +107,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $avx = ($1>=10) + ($1>=11); } -if (!$avx && `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([2-9]\.[0-9]+)/) { +if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([2-9]\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } diff --git a/crypto/sha/asm/sha256-586.pl b/crypto/sha/asm/sha256-586.pl index 6462e45..e907714 100644 --- a/crypto/sha/asm/sha256-586.pl +++ b/crypto/sha/asm/sha256-586.pl @@ -10,7 +10,7 @@ # SHA256 block transform for x86. September 2007. # # Performance improvement over compiler generated code varies from -# 10% to 40% [see below]. Not very impressive on some µ-archs, but +# 10% to 40% [see below]. Not very impressive on some µ-archs, but # it's 5 times smaller and optimizies amount of writes. # # May 2012. diff --git a/crypto/sha/asm/sha256-mb-x86_64.pl b/crypto/sha/asm/sha256-mb-x86_64.pl index adf2ddc..3d37ae3 100644 --- a/crypto/sha/asm/sha256-mb-x86_64.pl +++ b/crypto/sha/asm/sha256-mb-x86_64.pl @@ -59,7 +59,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $avx = ($1>=10) + ($1>=11); } -if (!$avx && `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9]\.[0-9]+)/) { +if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } diff --git a/crypto/sha/asm/sha512-586.pl b/crypto/sha/asm/sha512-586.pl index e96ec00..2f6a202 100644 --- a/crypto/sha/asm/sha512-586.pl +++ b/crypto/sha/asm/sha512-586.pl @@ -37,7 +37,7 @@ # # IALU code-path is optimized for elder Pentiums. On vanilla Pentium # performance improvement over compiler generated code reaches ~60%, -# while on PIII - ~35%. On newer µ-archs improvement varies from 15% +# while on PIII - ~35%. On newer µ-archs improvement varies from 15% # to 50%, but it's less important as they are expected to execute SSE2 # code-path, which is commonly ~2-3x faster [than compiler generated # code]. SSE2 code-path is as fast as original sha512-sse2.pl, even diff --git a/crypto/sha/asm/sha512-parisc.pl b/crypto/sha/asm/sha512-parisc.pl index fc0e15b..6cad72e 100755 --- a/crypto/sha/asm/sha512-parisc.pl +++ b/crypto/sha/asm/sha512-parisc.pl @@ -19,7 +19,7 @@ # SHA512 performance is >2.9x better than gcc 3.2 generated code on # PA-7100LC, PA-RISC 1.1 processor. Then implementation detects if the # code is executed on PA-RISC 2.0 processor and switches to 64-bit -# code path delivering adequate peformance even in "blended" 32-bit +# code path delivering adequate performance even in "blended" 32-bit # build. Though 64-bit code is not any faster than code generated by # vendor compiler on PA-8600... # diff --git a/crypto/sha/asm/sha512-x86_64.pl b/crypto/sha/asm/sha512-x86_64.pl index b7b44b4..5866566 100755 --- a/crypto/sha/asm/sha512-x86_64.pl +++ b/crypto/sha/asm/sha512-x86_64.pl @@ -124,7 +124,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $avx = ($1>=10) + ($1>=11); } -if (!$avx && `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9]\.[0-9]+)/) { +if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } diff --git a/crypto/sparccpuid.S b/crypto/sparccpuid.S index eea2006..7b12ec2 100644 --- a/crypto/sparccpuid.S +++ b/crypto/sparccpuid.S @@ -123,7 +123,7 @@ OPENSSL_wipe_cpu: fmovs %f1,%f3 fmovs %f0,%f2 - add %fp,BIAS,%i0 ! return pointer to caller´s top of stack + add %fp,BIAS,%i0 ! return pointer to caller´s top of stack ret restore diff --git a/crypto/sparcv9cap.c b/crypto/sparcv9cap.c index 8bf2846..a36e461 100644 --- a/crypto/sparcv9cap.c +++ b/crypto/sparcv9cap.c @@ -237,6 +237,17 @@ static void common_handler(int sig) siglongjmp(common_jmp, sig); } +#if defined(__sun) && defined(__SVR4) +# if defined(__GNUC__) && __GNUC__>=2 +extern unsigned int getisax(unsigned int vec[], unsigned int sz) __attribute__ ((weak)); +# elif defined(__SUNPRO_C) +#pragma weak getisax +extern unsigned int getisax(unsigned int vec[], unsigned int sz); +# else +static unsigned int (*getisax) (unsigned int vec[], unsigned int sz) = NULL; +# endif +#endif + void OPENSSL_cpuid_setup(void) { char *e; @@ -255,6 +266,42 @@ void OPENSSL_cpuid_setup(void) return; } +#if defined(__sun) && defined(__SVR4) + if (getisax != NULL) { + unsigned int vec[1]; + + if (getisax (vec,1)) { + if (vec[0]&0x0020) OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS1; + if (vec[0]&0x0040) OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS2; + if (vec[0]&0x0080) OPENSSL_sparcv9cap_P[0] |= SPARCV9_BLK; + if (vec[0]&0x0100) OPENSSL_sparcv9cap_P[0] |= SPARCV9_FMADD; + if (vec[0]&0x0400) OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS3; + + /* reconstruct %cfr copy */ + OPENSSL_sparcv9cap_P[1] = (vec[0]>>17)&0x3ff; + OPENSSL_sparcv9cap_P[1] |= (OPENSSL_sparcv9cap_P[1]&CFR_MONTMUL)<<1; + if (vec[0]&0x20000000) OPENSSL_sparcv9cap_P[1] |= CFR_CRC32C; + + /* Some heuristics */ + /* all known VIS2-capable CPUs have unprivileged tick counter */ + if (OPENSSL_sparcv9cap_P[0]&SPARCV9_VIS2) + OPENSSL_sparcv9cap_P[0] &= ~SPARCV9_TICK_PRIVILEGED; + + OPENSSL_sparcv9cap_P[0] |= SPARCV9_PREFER_FPU; + + /* detect UltraSPARC-Tx, see sparccpud.S for details... */ + if ((OPENSSL_sparcv9cap_P[0]&SPARCV9_VIS1) && + _sparcv9_vis1_instrument() >= 12) + OPENSSL_sparcv9cap_P[0] &= ~(SPARCV9_VIS1 | SPARCV9_PREFER_FPU); + } + + if (sizeof(size_t) == 8) + OPENSSL_sparcv9cap_P[0] |= SPARCV9_64BIT_STACK; + + return; + } +#endif + /* Initial value, fits UltraSPARC-I&II... */ OPENSSL_sparcv9cap_P[0] = SPARCV9_PREFER_FPU | SPARCV9_TICK_PRIVILEGED; diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c index 50f75d7..a3f1a8a 100644 --- a/crypto/srp/srp_vfy.c +++ b/crypto/srp/srp_vfy.c @@ -521,12 +521,12 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt, char **verifier, const char *N, const char *g) { int len; - char *result = NULL; - char *vf; + char *result = NULL, *vf = NULL; BIGNUM *N_bn = NULL, *g_bn = NULL, *s = NULL, *v = NULL; unsigned char tmp[MAX_LEN]; unsigned char tmp2[MAX_LEN]; char *defgNid = NULL; + int vfsize = 0; if ((user == NULL) || (pass == NULL) || (salt == NULL) || (verifier == NULL)) @@ -564,22 +564,23 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt, goto err; BN_bn2bin(v, tmp); - if (((vf = OPENSSL_malloc(BN_num_bytes(v) * 2)) == NULL)) + vfsize = BN_num_bytes(v) * 2; + if (((vf = OPENSSL_malloc(vfsize)) == NULL)) goto err; t_tob64(vf, tmp, BN_num_bytes(v)); - *verifier = vf; if (*salt == NULL) { char *tmp_salt; if ((tmp_salt = OPENSSL_malloc(SRP_RANDOM_SALT_LEN * 2)) == NULL) { - OPENSSL_free(vf); goto err; } t_tob64(tmp_salt, tmp2, SRP_RANDOM_SALT_LEN); *salt = tmp_salt; } + *verifier = vf; + vf = NULL; result = defgNid; err: @@ -587,11 +588,21 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt, BN_free(N_bn); BN_free(g_bn); } + OPENSSL_cleanse(vf, vfsize); + OPENSSL_free(vf); + BN_clear_free(s); + BN_clear_free(v); return result; } /* - * create a verifier (*salt,*verifier,g and N are BIGNUMs) + * create a verifier (*salt,*verifier,g and N are BIGNUMs). If *salt != NULL + * then the provided salt will be used. On successful exit *verifier will point + * to a newly allocated BIGNUM containing the verifier and (if a salt was not + * provided) *salt will be populated with a newly allocated BIGNUM containing a + * random salt. + * The caller is responsible for freeing the allocated *salt and *verifier + * BIGNUMS. */ int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, BIGNUM **verifier, BIGNUM *N, BIGNUM *g) @@ -600,6 +611,7 @@ int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, BIGNUM *x = NULL; BN_CTX *bn_ctx = BN_CTX_new(); unsigned char tmp2[MAX_LEN]; + BIGNUM *salttmp = NULL; if ((user == NULL) || (pass == NULL) || @@ -614,10 +626,12 @@ int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, if (RAND_pseudo_bytes(tmp2, SRP_RANDOM_SALT_LEN) < 0) goto err; - *salt = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL); + salttmp = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL); + } else { + salttmp = *salt; } - x = SRP_Calc_x(*salt, user, pass); + x = SRP_Calc_x(salttmp, user, pass); *verifier = BN_new(); if (*verifier == NULL) @@ -631,9 +645,11 @@ int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, srp_bn_print(*verifier); result = 1; + *salt = salttmp; err: - + if (*salt != salttmp) + BN_clear_free(salttmp); BN_clear_free(x); BN_CTX_free(bn_ctx); return result; diff --git a/crypto/ts/ts_rsp_verify.c b/crypto/ts/ts_rsp_verify.c index 3ce765d..da89911 100644 --- a/crypto/ts/ts_rsp_verify.c +++ b/crypto/ts/ts_rsp_verify.c @@ -522,7 +522,7 @@ static int TS_check_status_info(TS_RESP *response) if (ASN1_BIT_STRING_get_bit(info->failure_info, TS_failure_info[i].code)) { if (!first) - strcpy(failure_text, ","); + strcat(failure_text, ","); else first = 0; strcat(failure_text, TS_failure_info[i].text); diff --git a/crypto/whrlpool/asm/wp-mmx.pl b/crypto/whrlpool/asm/wp-mmx.pl index c584e5b..7725951 100644 --- a/crypto/whrlpool/asm/wp-mmx.pl +++ b/crypto/whrlpool/asm/wp-mmx.pl @@ -16,7 +16,7 @@ # table]. I stick to value of 2 for two reasons: 1. smaller table # minimizes cache trashing and thus mitigates the hazard of side- # channel leakage similar to AES cache-timing one; 2. performance -# gap among different µ-archs is smaller. +# gap among different µ-archs is smaller. # # Performance table lists rounded amounts of CPU cycles spent by # whirlpool_block_mmx routine on single 64 byte input block, i.e. diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c index b0d6539..50120a4 100644 --- a/crypto/x509/x509_lu.c +++ b/crypto/x509/x509_lu.c @@ -536,8 +536,6 @@ STACK_OF(X509_CRL) *X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm) X509_OBJECT *obj, xobj; sk = sk_X509_CRL_new_null(); CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); - /* Check cache first */ - idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_CRL, nm, &cnt); /* * Always do lookup to possibly add new CRLs to cache diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index a2f1dbe..ab94948 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -249,7 +249,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx) if (ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) { ok = ctx->get_issuer(&xtmp, ctx, x); if (ok < 0) - return ok; + goto end; /* * If successful for now free up cert so it will be picked up * again later. @@ -347,14 +347,15 @@ int X509_verify_cert(X509_STORE_CTX *ctx) ok = ctx->get_issuer(&xtmp, ctx, x); if (ok < 0) - return ok; + goto end; if (ok == 0) break; x = xtmp; if (!sk_X509_push(ctx->chain, x)) { X509_free(xtmp); X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); - return 0; + ok = 0; + goto end; } num++; } @@ -752,6 +753,10 @@ static int check_hosts(X509 *x, X509_VERIFY_PARAM_ID *id) int n = sk_OPENSSL_STRING_num(id->hosts); char *name; + if (id->peername != NULL) { + OPENSSL_free(id->peername); + id->peername = NULL; + } for (i = 0; i < n; ++i) { name = sk_OPENSSL_STRING_value(id->hosts, i); if (X509_check_host(x, name, 0, id->hostflags, &id->peername) > 0) diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c index 1ea0c69..592a8a5 100644 --- a/crypto/x509/x509_vpm.c +++ b/crypto/x509/x509_vpm.c @@ -155,6 +155,7 @@ static void x509_verify_param_zero(X509_VERIFY_PARAM *param) } if (paramid->peername) OPENSSL_free(paramid->peername); + paramid->peername = NULL; if (paramid->email) { OPENSSL_free(paramid->email); paramid->email = NULL; @@ -165,7 +166,6 @@ static void x509_verify_param_zero(X509_VERIFY_PARAM *param) paramid->ip = NULL; paramid->iplen = 0; } - } X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void) @@ -176,13 +176,20 @@ X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void) param = OPENSSL_malloc(sizeof *param); if (!param) return NULL; - paramid = OPENSSL_malloc(sizeof *paramid); + memset(param, 0, sizeof(*param)); + + paramid = OPENSSL_malloc(sizeof(*paramid)); if (!paramid) { OPENSSL_free(param); return NULL; } - memset(param, 0, sizeof *param); - memset(paramid, 0, sizeof *paramid); + memset(paramid, 0, sizeof(*paramid)); + /* Exotic platforms may have non-zero bit representation of NULL */ + paramid->hosts = NULL; + paramid->peername = NULL; + paramid->email = NULL; + paramid->ip = NULL; + param->id = paramid; x509_verify_param_zero(param); return param; diff --git a/crypto/x509v3/v3_cpols.c b/crypto/x509v3/v3_cpols.c index 0febc1b..d97f622 100644 --- a/crypto/x509v3/v3_cpols.c +++ b/crypto/x509v3/v3_cpols.c @@ -186,6 +186,10 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, goto err; } pol = POLICYINFO_new(); + if (pol == NULL) { + X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE); + goto err; + } pol->policyid = pobj; } if (!sk_POLICYINFO_push(pols, pol)) { diff --git a/crypto/x509v3/v3_ncons.c b/crypto/x509v3/v3_ncons.c index b97ed27..2855269 100644 --- a/crypto/x509v3/v3_ncons.c +++ b/crypto/x509v3/v3_ncons.c @@ -132,6 +132,8 @@ static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, } tval.value = val->value; sub = GENERAL_SUBTREE_new(); + if (sub == NULL) + goto memerr; if (!v2i_GENERAL_NAME_ex(sub->base, method, ctx, &tval, 1)) goto err; if (!*ptree) diff --git a/crypto/x509v3/v3_pci.c b/crypto/x509v3/v3_pci.c index fe0d806..48ac095 100644 --- a/crypto/x509v3/v3_pci.c +++ b/crypto/x509v3/v3_pci.c @@ -3,7 +3,7 @@ * Contributed to the OpenSSL Project 2004 by Richard Levitte * (richard@levitte.org) */ -/* Copyright (c) 2004 Kungliga Tekniska Högskolan +/* Copyright (c) 2004 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * diff --git a/crypto/x509v3/v3_pcia.c b/crypto/x509v3/v3_pcia.c index 350b398..43fd362 100644 --- a/crypto/x509v3/v3_pcia.c +++ b/crypto/x509v3/v3_pcia.c @@ -3,7 +3,7 @@ * Contributed to the OpenSSL Project 2004 by Richard Levitte * (richard@levitte.org) */ -/* Copyright (c) 2004 Kungliga Tekniska Högskolan +/* Copyright (c) 2004 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c index 36b0d87..845be67 100644 --- a/crypto/x509v3/v3_purp.c +++ b/crypto/x509v3/v3_purp.c @@ -380,6 +380,14 @@ static void setup_crldp(X509 *x) setup_dp(x, sk_DIST_POINT_value(x->crldp, i)); } +#define V1_ROOT (EXFLAG_V1|EXFLAG_SS) +#define ku_reject(x, usage) \ + (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage))) +#define xku_reject(x, usage) \ + (((x)->ex_flags & EXFLAG_XKUSAGE) && !((x)->ex_xkusage & (usage))) +#define ns_reject(x, usage) \ + (((x)->ex_flags & EXFLAG_NSCERT) && !((x)->ex_nscert & (usage))) + static void x509v3_cache_extensions(X509 *x) { BASIC_CONSTRAINTS *bs; @@ -499,7 +507,8 @@ static void x509v3_cache_extensions(X509 *x) if (!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x))) { x->ex_flags |= EXFLAG_SI; /* If SKID matches AKID also indicate self signed */ - if (X509_check_akid(x, x->akid) == X509_V_OK) + if (X509_check_akid(x, x->akid) == X509_V_OK && + !ku_reject(x, KU_KEY_CERT_SIGN)) x->ex_flags |= EXFLAG_SS; } x->altname = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL); @@ -538,14 +547,6 @@ static void x509v3_cache_extensions(X509 *x) * 4 basicConstraints absent but keyUsage present and keyCertSign asserted. */ -#define V1_ROOT (EXFLAG_V1|EXFLAG_SS) -#define ku_reject(x, usage) \ - (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage))) -#define xku_reject(x, usage) \ - (((x)->ex_flags & EXFLAG_XKUSAGE) && !((x)->ex_xkusage & (usage))) -#define ns_reject(x, usage) \ - (((x)->ex_flags & EXFLAG_NSCERT) && !((x)->ex_nscert & (usage))) - static int check_ca(const X509 *x) { /* keyUsage if present should allow cert signing */ diff --git a/crypto/x509v3/v3_scts.c b/crypto/x509v3/v3_scts.c index 6e0b8d6..0b7c681 100644 --- a/crypto/x509v3/v3_scts.c +++ b/crypto/x509v3/v3_scts.c @@ -190,8 +190,9 @@ static STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a, SCT *sct; unsigned char *p, *p2; unsigned short listlen, sctlen = 0, fieldlen; + const unsigned char *q = *pp; - if (d2i_ASN1_OCTET_STRING(&oct, pp, length) == NULL) + if (d2i_ASN1_OCTET_STRING(&oct, &q, length) == NULL) return NULL; if (oct->length < 2) goto done; @@ -279,6 +280,7 @@ static STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a, done: ASN1_OCTET_STRING_free(oct); + *pp = q; return sk; err: diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c index bdd7b95..4d1ecc5 100644 --- a/crypto/x509v3/v3_utl.c +++ b/crypto/x509v3/v3_utl.c @@ -926,7 +926,7 @@ static int do_x509_check(X509 *x, const char *chk, size_t chklen, GENERAL_NAMES *gens = NULL; X509_NAME *name = NULL; int i; - int cnid; + int cnid = NID_undef; int alt_type; int san_present = 0; int rv = 0; @@ -949,7 +949,6 @@ static int do_x509_check(X509 *x, const char *chk, size_t chklen, else equal = equal_wildcard; } else { - cnid = 0; alt_type = V_ASN1_OCTET_STRING; equal = equal_case; } @@ -980,11 +979,16 @@ static int do_x509_check(X509 *x, const char *chk, size_t chklen, GENERAL_NAMES_free(gens); if (rv != 0) return rv; - if (!cnid + if (cnid == NID_undef || (san_present && !(flags & X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT))) return 0; } + + /* We're done if CN-ID is not pertinent */ + if (cnid == NID_undef) + return 0; + i = -1; name = X509_get_subject_name(x); while ((i = X509_NAME_get_index_by_NID(name, cnid, i)) >= 0) { diff --git a/demos/easy_tls/README b/demos/easy_tls/README index 816a580..ee89dfb 100644 --- a/demos/easy_tls/README +++ b/demos/easy_tls/README @@ -62,4 +62,4 @@ As noted above, easy_tls.c will be changed to become a library one day, which means that future revisions will not be fully compatible to the current version. -Bodo Möller <bodo@openssl.org> +Bodo Möller <bodo@openssl.org> diff --git a/demos/engines/zencod/hw_zencod.c b/demos/engines/zencod/hw_zencod.c index 0c0f524..daf0aef 100644 --- a/demos/engines/zencod/hw_zencod.c +++ b/demos/engines/zencod/hw_zencod.c @@ -610,7 +610,7 @@ static int zencod_init(ENGINE *e) ptr_zencod_rc4_cipher = ptr_rc4_1; /* - * We should peform a test to see if there is actually any unit runnig on + * We should perform a test to see if there is actually any unit runnig on * the system ... Even if the cryptozen library is loaded the module coul * not be loaded on the system ... For now we may just open and close the * device !! diff --git a/doc/HOWTO/keys.txt b/doc/HOWTO/keys.txt index 7ae2a3a..ba0314f 100644 --- a/doc/HOWTO/keys.txt +++ b/doc/HOWTO/keys.txt @@ -40,9 +40,8 @@ consider insecure or to be insecure pretty soon. 3. To generate a DSA key -A DSA key can be used for signing only. This is important to keep -in mind to know what kind of purposes a certificate request with a -DSA key can really be used for. +A DSA key can be used for signing only. It is important to +know what a certificate request with a DSA key can really be used for. Generating a key for the DSA algorithm is a two-step process. First, you have to generate parameters from which to generate the key: @@ -1,12 +1,21 @@ - apps/openssl.pod .... Documentation of OpenSSL `openssl' command - crypto/crypto.pod ... Documentation of OpenSSL crypto.h+libcrypto.a - ssl/ssl.pod ......... Documentation of OpenSSL ssl.h+libssl.a - openssl.txt ......... Assembled documentation files for OpenSSL [not final] - ssleay.txt .......... Assembled documentation of ancestor SSLeay [obsolete] - standards.txt ....... Assembled pointers to standards, RFCs or internet drafts - that are related to OpenSSL. +README This file - An archive of HTML documents for the SSLeay library is available from - http://www.columbia.edu/~ariel/ssleay/ +fingerprints.txt + PGP fingerprints of authoried release signers +standards.txt + Pointers to standards, RFC's and IETF Drafts that are + related to OpenSSL. Incomplete. + +HOWTO/ + A few how-to documents; not necessarily up-to-date +apps/ + The openssl command-line tools; start with openssl.pod +ssl/ + The SSL library; start with ssl.pod +crypto/ + The cryptographic library; start with crypto.pod + +Formatted versions of the manpages (apps,ssl,crypto) can be found at + https://www.openssl.org/docs/manpages.html diff --git a/doc/apps/dgst.pod b/doc/apps/dgst.pod index 9e15798..b27bb94 100644 --- a/doc/apps/dgst.pod +++ b/doc/apps/dgst.pod @@ -13,7 +13,6 @@ B<openssl> B<dgst> [B<-hex>] [B<-binary>] [B<-r>] -[B<-hmac arg>] [B<-non-fips-allow>] [B<-out filename>] [B<-sign filename>] @@ -64,10 +63,6 @@ output the digest or signature in binary form. output the digest in the "coreutils" format used by programs like B<sha1sum>. -=item B<-hmac arg> - -set the HMAC key to "arg". - =item B<-non-fips-allow> Allow use of non FIPS digest when in FIPS mode. This has no effect when not in diff --git a/doc/apps/genrsa.pod b/doc/apps/genrsa.pod index cb03d09..3dc9870 100644 --- a/doc/apps/genrsa.pod +++ b/doc/apps/genrsa.pod @@ -10,12 +10,6 @@ B<openssl> B<genrsa> [B<-out filename>] [B<-passout arg>] [B<-aes128>] -[B<-aes128>] -[B<-aes192>] -[B<-aes256>] -[B<-camellia128>] -[B<-camellia192>] -[B<-camellia256>] [B<-aes192>] [B<-aes256>] [B<-camellia128>] diff --git a/doc/apps/pkcs12.pod b/doc/apps/pkcs12.pod index 8e0d917..7449848 100644 --- a/doc/apps/pkcs12.pod +++ b/doc/apps/pkcs12.pod @@ -216,7 +216,7 @@ key is encrypted using triple DES and the certificate using 40 bit RC2. these options allow the algorithm used to encrypt the private key and certificates to be selected. Any PKCS#5 v1.5 or PKCS#12 PBE algorithm name -can be used (see B<NOTES> section for more information). If a a cipher name +can be used (see B<NOTES> section for more information). If a cipher name (as output by the B<list-cipher-algorithms> command is specified then it is used with PKCS#5 v2.0. For interoperability reasons it is advisable to only use PKCS#12 algorithms. diff --git a/doc/apps/req.pod b/doc/apps/req.pod index df68cb0..54a4d39 100644 --- a/doc/apps/req.pod +++ b/doc/apps/req.pod @@ -30,7 +30,6 @@ B<openssl> B<req> [B<-keygen_engine id>] [B<-[digest]>] [B<-config filename>] -[B<-subj arg>] [B<-multivalue-rdn>] [B<-x509>] [B<-days n>] @@ -490,7 +489,7 @@ be input by calling it "1.organizationName". The actual permitted field names are any object identifier short or long names. These are compiled into OpenSSL and include the usual values such as commonName, countryName, localityName, organizationName, -organizationUnitName, stateOrProvinceName. Additionally emailAddress +organizationalUnitName, stateOrProvinceName. Additionally emailAddress is include as well as name, surname, givenName initials and dnQualifier. Additional object identifiers can be defined with the B<oid_file> or @@ -506,16 +505,16 @@ Examine and verify certificate request: Create a private key and then generate a certificate request from it: - openssl genrsa -out key.pem 1024 + openssl genrsa -out key.pem 2048 openssl req -new -key key.pem -out req.pem The same but just using req: - openssl req -newkey rsa:1024 -keyout key.pem -out req.pem + openssl req -newkey rsa:2048 -keyout key.pem -out req.pem Generate a self signed root certificate: - openssl req -x509 -newkey rsa:1024 -keyout key.pem -out req.pem + openssl req -x509 -newkey rsa:2048 -keyout key.pem -out req.pem Example of a file pointed to by the B<oid_file> option: @@ -531,7 +530,7 @@ expansion: Sample configuration file prompting for field values: [ req ] - default_bits = 1024 + default_bits = 2048 default_keyfile = privkey.pem distinguished_name = req_distinguished_name attributes = req_attributes @@ -572,7 +571,7 @@ Sample configuration containing all field values: RANDFILE = $ENV::HOME/.rnd [ req ] - default_bits = 1024 + default_bits = 2048 default_keyfile = keyfile.pem distinguished_name = req_distinguished_name attributes = req_attributes diff --git a/doc/apps/x509.pod b/doc/apps/x509.pod index a1326ed..26f71c8 100644 --- a/doc/apps/x509.pod +++ b/doc/apps/x509.pod @@ -539,7 +539,8 @@ very rare and their use is discouraged). The options ending in "space" additionally place a space after the separator to make it more readable. The B<sep_multiline> uses a linefeed character for the RDN separator and a spaced B<+> for the AVA separator. It also -indents the fields by four characters. +indents the fields by four characters. If no field separator is specified +then B<sep_comma_plus_space> is used by default. =item B<dn_rev> diff --git a/doc/crypto/BIO_read.pod b/doc/crypto/BIO_read.pod index b345281..2c177f0 100644 --- a/doc/crypto/BIO_read.pod +++ b/doc/crypto/BIO_read.pod @@ -9,9 +9,9 @@ BIO_read, BIO_write, BIO_gets, BIO_puts - BIO I/O functions #include <openssl/bio.h> int BIO_read(BIO *b, void *buf, int len); - int BIO_gets(BIO *b,char *buf, int size); + int BIO_gets(BIO *b, char *buf, int size); int BIO_write(BIO *b, const void *buf, int len); - int BIO_puts(BIO *b,const char *buf); + int BIO_puts(BIO *b, const char *buf); =head1 DESCRIPTION @@ -26,7 +26,7 @@ return the digest and other BIOs may not support BIO_gets() at all. BIO_write() attempts to write B<len> bytes from B<buf> to BIO B<b>. -BIO_puts() attempts to write a null terminated string B<buf> to BIO B<b> +BIO_puts() attempts to write a null terminated string B<buf> to BIO B<b>. =head1 RETURN VALUES diff --git a/doc/crypto/BN_rand.pod b/doc/crypto/BN_rand.pod index bd6bc86..e8cbf65 100644 --- a/doc/crypto/BN_rand.pod +++ b/doc/crypto/BN_rand.pod @@ -19,7 +19,7 @@ BN_rand, BN_pseudo_rand, BN_rand_range, BN_pseudo_rand_range - generate pseudo-r =head1 DESCRIPTION BN_rand() generates a cryptographically strong pseudo-random number of -B<bits> bits in length and stores it in B<rnd>. If B<top> is -1, the +B<bits> in length and stores it in B<rnd>. If B<top> is -1, the most significant bit of the random number can be zero. If B<top> is 0, it is set to 1, and if B<top> is 1, the two most significant bits of the number will be set to 1, so that the product of two such random @@ -33,7 +33,7 @@ non-cryptographic purposes and for certain purposes in cryptographic protocols, but usually not for key generation etc. BN_rand_range() generates a cryptographically strong pseudo-random -number B<rnd> in the range 0 <lt>= B<rnd> E<lt> B<range>. +number B<rnd> in the range 0 E<lt>= B<rnd> E<lt> B<range>. BN_pseudo_rand_range() does the same, but is based on BN_pseudo_rand(), and hence numbers generated by it are not necessarily unpredictable. diff --git a/doc/crypto/DSA_generate_parameters.pod b/doc/crypto/DSA_generate_parameters.pod index 16a67f2..b1a4d20 100644 --- a/doc/crypto/DSA_generate_parameters.pod +++ b/doc/crypto/DSA_generate_parameters.pod @@ -29,7 +29,7 @@ maximum of 1024 bits. If B<seed> is B<NULL> or B<seed_len> E<lt> 20, the primes will be generated at random. Otherwise, the seed is used to generate them. If the given seed does not yield a prime q, a new random -seed is chosen and placed at B<seed>. +seed is chosen. DSA_generate_parameters_ex() places the iteration count in *B<counter_ret> and a counter used for finding a generator in diff --git a/doc/crypto/EC_GROUP_copy.pod b/doc/crypto/EC_GROUP_copy.pod index 954af46..49dc01c 100644 --- a/doc/crypto/EC_GROUP_copy.pod +++ b/doc/crypto/EC_GROUP_copy.pod @@ -158,7 +158,7 @@ EC_GROUP_get0_seed returns a pointer to the seed that was used to generate the p specified. EC_GROUP_get_seed_len returns the length of the seed or 0 if the seed is not specified. EC_GROUP_set_seed returns the length of the seed that has been set. If the supplied seed is NULL, or the supplied seed length is -0, the the return value will be 1. On error 0 is returned. +0, the return value will be 1. On error 0 is returned. EC_GROUP_cmp returns 0 if the curves are equal, 1 if they are not equal, or -1 on error. diff --git a/doc/crypto/EC_KEY_new.pod b/doc/crypto/EC_KEY_new.pod index e859689..0fa2de1 100644 --- a/doc/crypto/EC_KEY_new.pod +++ b/doc/crypto/EC_KEY_new.pod @@ -70,8 +70,8 @@ The functions EC_KEY_get0_group, EC_KEY_set_group, EC_KEY_get0_private_key, EC_K The functions EC_KEY_get_conv_form and EC_KEY_set_conv_form get and set the point_conversion_form for the B<key>. For a description of point_conversion_forms please refer to L<EC_POINT_new(3)|EC_POINT_new(3)>. -EC_KEY_insert_key_method_data and EC_KEY_get_key_method_data enable the caller to associate arbitary additional data specific to the -elliptic curve scheme being used with the EC_KEY object. This data is treated as a "black box" by the ec library. The data to be stored by EC_KEY_insert_key_method_data is provided in the B<data> parameter, which must have have associated functions for duplicating, freeing and "clear_freeing" the data item. If a subsequent EC_KEY_get_key_method_data call is issued, the functions for duplicating, freeing and "clear_freeing" the data item must be provided again, and they must be the same as they were when the data item was inserted. +EC_KEY_insert_key_method_data and EC_KEY_get_key_method_data enable the caller to associate arbitrary additional data specific to the +elliptic curve scheme being used with the EC_KEY object. This data is treated as a "black box" by the ec library. The data to be stored by EC_KEY_insert_key_method_data is provided in the B<data> parameter, which must have associated functions for duplicating, freeing and "clear_freeing" the data item. If a subsequent EC_KEY_get_key_method_data call is issued, the functions for duplicating, freeing and "clear_freeing" the data item must be provided again, and they must be the same as they were when the data item was inserted. EC_KEY_set_flags sets the flags in the B<flags> parameter on the EC_KEY object. Any flags that are already set are left set. The currently defined standard flags are EC_FLAG_NON_FIPS_ALLOW and EC_FLAG_FIPS_CHECKED. In addition there is the flag EC_FLAG_COFACTOR_ECDH which is specific to ECDH and is defined in ecdh.h. EC_KEY_get_flags returns the current flags that are set for this EC_KEY. EC_KEY_clear_flags clears the flags indicated by the B<flags> parameter. All other flags are left in their existing state. diff --git a/doc/crypto/EVP_DigestVerifyInit.pod b/doc/crypto/EVP_DigestVerifyInit.pod index e0217e4..0ead2d2 100644 --- a/doc/crypto/EVP_DigestVerifyInit.pod +++ b/doc/crypto/EVP_DigestVerifyInit.pod @@ -37,10 +37,11 @@ EVP_DigestVerifyInit() and EVP_DigestVerifyUpdate() return 1 for success and 0 or a negative value for failure. In particular a return value of -2 indicates the operation is not supported by the public key algorithm. -Unlike other functions the return value 0 from EVP_DigestVerifyFinal() only -indicates that the signature did not verify successfully (that is tbs did -not match the original data or the signature was of invalid form) it is not an -indication of a more serious error. +EVP_DigestVerifyFinal() returns 1 for success; any other value indicates +failure. A return value of zero indicates that the signature did not verify +successfully (that is, tbs did not match the original data or the signature had +an invalid form), while other values indicate a more serious error (and +sometimes also indicate an invalid signature form). The error codes can be obtained from L<ERR_get_error(3)|ERR_get_error(3)>. diff --git a/doc/crypto/EVP_EncryptInit.pod b/doc/crypto/EVP_EncryptInit.pod index fb6036f..c69e6a6 100644 --- a/doc/crypto/EVP_EncryptInit.pod +++ b/doc/crypto/EVP_EncryptInit.pod @@ -111,7 +111,7 @@ EVP_CIPHER_CTX_init() initializes cipher contex B<ctx>. EVP_EncryptInit_ex() sets up cipher context B<ctx> for encryption with cipher B<type> from ENGINE B<impl>. B<ctx> must be initialized before calling this function. B<type> is normally supplied -by a function such as EVP_des_cbc(). If B<impl> is NULL then the +by a function such as EVP_aes_256_cbc(). If B<impl> is NULL then the default implementation is used. B<key> is the symmetric key to use and B<iv> is the IV to use (if necessary), the actual number of bytes used for the key and IV depends on the cipher. It is possible to set diff --git a/doc/crypto/EVP_SealInit.pod b/doc/crypto/EVP_SealInit.pod index 7d793e1..19112a5 100644 --- a/doc/crypto/EVP_SealInit.pod +++ b/doc/crypto/EVP_SealInit.pod @@ -25,7 +25,7 @@ encrypted using this key. EVP_SealInit() initializes a cipher context B<ctx> for encryption with cipher B<type> using a random secret key and IV. B<type> is normally -supplied by a function such as EVP_des_cbc(). The secret key is encrypted +supplied by a function such as EVP_aes_256_cbc(). The secret key is encrypted using one or more public keys, this allows the same encrypted data to be decrypted using any of the corresponding private keys. B<ek> is an array of buffers where the public key encrypted secret key will be written, each buffer diff --git a/doc/crypto/EVP_SignInit.pod b/doc/crypto/EVP_SignInit.pod index 14ecc77..c63d6b3 100644 --- a/doc/crypto/EVP_SignInit.pod +++ b/doc/crypto/EVP_SignInit.pod @@ -2,7 +2,8 @@ =head1 NAME -EVP_SignInit, EVP_SignUpdate, EVP_SignFinal - EVP signing functions +EVP_SignInit, EVP_SignInit_ex, EVP_SignUpdate, EVP_SignFinal - EVP signing +functions =head1 SYNOPSIS diff --git a/doc/crypto/X509_check_host.pod b/doc/crypto/X509_check_host.pod index 0def17a..521b9f5 100644 --- a/doc/crypto/X509_check_host.pod +++ b/doc/crypto/X509_check_host.pod @@ -135,6 +135,6 @@ L<X509_VERIFY_PARAM_set1_ipasc(3)|X509_VERIFY_PARAM_set1_ipasc(3)> =head1 HISTORY -These functions were added in OpenSSL 1.1.0. +These functions were added in OpenSSL 1.0.2. =cut diff --git a/doc/crypto/buffer.pod b/doc/crypto/buffer.pod index 781f5b1..52c5c84 100644 --- a/doc/crypto/buffer.pod +++ b/doc/crypto/buffer.pod @@ -2,8 +2,11 @@ =head1 NAME -BUF_MEM_new, BUF_MEM_free, BUF_MEM_grow, BUF_strdup - simple -character arrays structure +BUF_MEM_new, BUF_MEM_new_ex, BUF_MEM_free, BUF_MEM_grow - simple +character array structure + +BUF_strdup, BUF_strndup, BUF_memdup, BUF_strlcpy, BUF_strlcat - +standard C library equivalents =head1 SYNOPSIS @@ -15,25 +18,22 @@ character arrays structure int BUF_MEM_grow(BUF_MEM *str, int len); - char * BUF_strdup(const char *str); + char *BUF_strdup(const char *str); -=head1 DESCRIPTION + char *BUF_strndup(const char *str, size_t siz); -The buffer library handles simple character arrays. Buffers are used for -various purposes in the library, most notably memory BIOs. + void *BUF_memdup(const void *data, size_t siz); + + size_t BUF_strlcpy(char *dst, const char *src, size_t size); -The library uses the BUF_MEM structure defined in buffer.h: + size_t BUF_strlcat(char *dst, const char *src, size_t size); - typedef struct buf_mem_st - { - int length; /* current number of bytes */ - char *data; - int max; /* size of buffer */ - } BUF_MEM; + size_t BUF_strnlen(const char *str, size_t maxlen); -B<length> is the current size of the buffer in bytes, B<max> is the amount of -memory allocated to the buffer. There are three functions which handle these -and one "miscellaneous" function. +=head1 DESCRIPTION + +The buffer library handles simple character arrays. Buffers are used for +various purposes in the library, most notably memory BIOs. BUF_MEM_new() allocates a new buffer of zero size. @@ -44,14 +44,17 @@ BUF_MEM_grow() changes the size of an already existing buffer to B<len>. Any data already in the buffer is preserved if it increases in size. -BUF_strdup() copies a null terminated string into a block of allocated -memory and returns a pointer to the allocated block. -Unlike the standard C library strdup() this function uses OPENSSL_malloc() and so -should be used in preference to the standard library strdup() because it can -be used for memory leak checking or replacing the malloc() function. +BUF_strdup(), BUF_strndup(), BUF_memdup(), BUF_strlcpy(), +BUF_strlcat() and BUF_strnlen are equivalents of the standard C +library functions. The dup() functions use OPENSSL_malloc() underneath +and so should be used in preference to the standard library for memory +leak checking or replacing the malloc() function. + +Memory allocated from these functions should be freed up using the +OPENSSL_free() function. -The memory allocated from BUF_strdup() should be freed up using the OPENSSL_free() -function. +BUF_strndup makes the explicit guarantee that it will never read past +the first B<siz> bytes of B<str>. =head1 RETURN VALUES diff --git a/doc/crypto/d2i_X509_NAME.pod b/doc/crypto/d2i_X509_NAME.pod index 343ffe1..b025de7 100644 --- a/doc/crypto/d2i_X509_NAME.pod +++ b/doc/crypto/d2i_X509_NAME.pod @@ -14,7 +14,7 @@ d2i_X509_NAME, i2d_X509_NAME - X509_NAME encoding functions =head1 DESCRIPTION These functions decode and encode an B<X509_NAME> structure which is the -the same as the B<Name> type defined in RFC2459 (and elsewhere) and used +same as the B<Name> type defined in RFC2459 (and elsewhere) and used for example in certificate subject and issuer names. Othewise the functions behave in a similar way to d2i_X509() and i2d_X509() diff --git a/doc/crypto/engine.pod b/doc/crypto/engine.pod index f5ab1c3..48741ee 100644 --- a/doc/crypto/engine.pod +++ b/doc/crypto/engine.pod @@ -192,7 +192,7 @@ to use the pointer value at all, as this kind of reference is a guarantee that the structure can not be deallocated until the reference is released. However, a structural reference provides no guarantee that the ENGINE is -initiliased and able to use any of its cryptographic +initialised and able to use any of its cryptographic implementations. Indeed it's quite possible that most ENGINEs will not initialise at all in typical environments, as ENGINEs are typically used to support specialised hardware. To use an ENGINE's functionality, you need a @@ -201,8 +201,8 @@ specialised form of structural reference, because each functional reference implicitly contains a structural reference as well - however to avoid difficult-to-find programming bugs, it is recommended to treat the two kinds of reference independently. If you have a functional reference to an -ENGINE, you have a guarantee that the ENGINE has been initialised ready to -perform cryptographic operations and will remain uninitialised +ENGINE, you have a guarantee that the ENGINE has been initialised and +is ready to perform cryptographic operations, and will remain initialised until after you have released your reference. I<Structural references> @@ -370,7 +370,7 @@ I<Using a specific ENGINE implementation> Here we'll assume an application has been configured by its user or admin to want to use the "ACME" ENGINE if it is available in the version of OpenSSL the application was compiled with. If it is available, it should be -used by default for all RSA, DSA, and symmetric cipher operation, otherwise +used by default for all RSA, DSA, and symmetric cipher operations, otherwise OpenSSL should use its builtin software as per usual. The following code illustrates how to approach this; @@ -401,7 +401,7 @@ I<Automatically using builtin ENGINE implementations> Here we'll assume we want to load and register all ENGINE implementations bundled with OpenSSL, such that for any cryptographic algorithm required by -OpenSSL - if there is an ENGINE that implements it and can be initialise, +OpenSSL - if there is an ENGINE that implements it and can be initialised, it should be used. The following code illustrates how this can work; /* Load all bundled ENGINEs into memory and make them visible */ diff --git a/doc/dir-locals.example.el b/doc/dir-locals.example.el new file mode 100644 index 0000000..79d0b01 --- /dev/null +++ b/doc/dir-locals.example.el @@ -0,0 +1,15 @@ +;;; This is an example of what a .dir-locals.el suitable for OpenSSL +;;; development could look like. +;;; +;;; Apart from setting the CC mode style to "OpenSSL-II", it also +;;; makes sure that tabs are never used for indentation in any file, +;;; and that the fill column is 78. +;;; +;;; For more information see (info "(emacs) Directory Variables") + +((nil + (indent-tabs-mode . nil) + (fill-column . 78) + ) + (c-mode + (c-file-style . "OpenSSL-II"))) diff --git a/doc/openssl-c-indent.el b/doc/openssl-c-indent.el new file mode 100644 index 0000000..144a915 --- /dev/null +++ b/doc/openssl-c-indent.el @@ -0,0 +1,62 @@ +;;; This Emacs Lisp file defines a C indentation style for OpenSSL. +;;; +;;; This definition is for the "CC mode" package, which is the default +;;; mode for editing C source files in Emacs 20, not for the older +;;; c-mode.el (which was the default in less recent releaes of Emacs 19). +;;; +;;; Recommended use is to add this line in your .emacs: +;;; +;;; (load (expand-file-name "~/PATH/TO/openssl-c-indent.el")) +;;; +;;; To activate this indentation style, visit a C file, type +;;; M-x c-set-style <RET> (or C-c . for short), and enter "eay". +;;; To toggle the auto-newline feature of CC mode, type C-c C-a. +;;; +;;; If you're a OpenSSL developer, you might find it more comfortable +;;; to have this style be permanent in your OpenSSL development +;;; directory. To have that, please perform this: +;;; +;;; M-x add-dir-local-variable <RET> c-mode <RET> c-file-style <RET> +;;; "OpenSSL-II" <RET> +;;; +;;; A new buffer with .dir-locals.el will appear. Save it (C-x C-s). +;;; +;;; Alternatively, have a look at dir-locals.example.el + +;;; For suggesting improvements, please send e-mail to levitte@openssl.org. + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; Note, it could be easy to inherit from the "gnu" style... however, +;; one never knows if that style will change somewhere in the future, +;; so I've chosen to copy the "gnu" style values explicitely instead +;; and mark them with a comment. // RLevitte 2015-08-31 +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +(c-add-style "OpenSSL-II" + '((c-basic-offset . 4) + (indent-tabs-mode . nil) + (fill-column . 78) + (comment-column . 33) + (c-comment-only-line-offset 0 . 0) ; From "gnu" style + (c-hanging-braces-alist ; From "gnu" style + (substatement-open before after) ; From "gnu" style + (arglist-cont-nonempty)) ; From "gnu" style + (c-offsets-alist + (statement-block-intro . +) ; From "gnu" style + (knr-argdecl-intro . 0) + (knr-argdecl . 0) + (substatement-open . +) ; From "gnu" style + (substatement-label . 0) ; From "gnu" style + (label . 1) + (statement-case-open . +) ; From "gnu" style + (statement-cont . +) ; From "gnu" style + (arglist-intro . c-lineup-arglist-intro-after-paren) ; From "gnu" style + (arglist-close . c-lineup-arglist) ; From "gnu" style + (inline-open . 0) ; From "gnu" style + (brace-list-open . +) ; From "gnu" style + (topmost-intro-cont first c-lineup-topmost-intro-cont + c-lineup-gnu-DEFUN-intro-cont) ; From "gnu" style + ) + (c-special-indent-hook . c-gnu-impose-minimum) ; From "gnu" style + (c-block-comment-prefix . "* ") + )) diff --git a/doc/openssl_button.gif b/doc/openssl_button.gif Binary files differdeleted file mode 100644 index 3d3c90c..0000000 --- a/doc/openssl_button.gif +++ /dev/null diff --git a/doc/openssl_button.html b/doc/openssl_button.html deleted file mode 100644 index 44c91bd..0000000 --- a/doc/openssl_button.html +++ /dev/null @@ -1,7 +0,0 @@ - -<!-- the `Includes OpenSSL Cryptogaphy Software' button --> -<!-- freely usable by any application linked against OpenSSL --> -<a href="http://www.openssl.org/"> -<img src="openssl_button.gif" - width=102 height=47 border=0></a> - diff --git a/doc/ssl/SSL_CTX_add_extra_chain_cert.pod b/doc/ssl/SSL_CTX_add_extra_chain_cert.pod index 8e832a5..04300fb 100644 --- a/doc/ssl/SSL_CTX_add_extra_chain_cert.pod +++ b/doc/ssl/SSL_CTX_add_extra_chain_cert.pod @@ -2,29 +2,39 @@ =head1 NAME -SSL_CTX_add_extra_chain_cert - add certificate to chain +SSL_CTX_add_extra_chain_cert, SSL_CTX_clear_extra_chain_certs - add or clear +extra chain certificates =head1 SYNOPSIS #include <openssl/ssl.h> - long SSL_CTX_add_extra_chain_cert(SSL_CTX ctx, X509 *x509) + long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509); + long SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx); =head1 DESCRIPTION -SSL_CTX_add_extra_chain_cert() adds the certificate B<x509> to the certificate -chain presented together with the certificate. Several certificates -can be added one after the other. +SSL_CTX_add_extra_chain_cert() adds the certificate B<x509> to the extra chain +certificates associated with B<ctx>. Several certificates can be added one +after another. + +SSL_CTX_clear_extra_chain_certs() clears all extra chain certificates +associated with B<ctx>. + +These functions are implemented as macros. =head1 NOTES -When constructing the certificate chain, the chain will be formed from -these certificates explicitly specified. If no chain is specified, -the library will try to complete the chain from the available CA -certificates in the trusted CA storage, see +When sending a certificate chain, extra chain certificates are sent in order +following the end entity certificate. + +If no chain is specified, the library will try to complete the chain from the +available CA certificates in the trusted CA storage, see L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>. -The B<x509> certificate provided to SSL_CTX_add_extra_chain_cert() will be freed by the library when the B<SSL_CTX> is destroyed. An application B<should not> free the B<x509> object. +The B<x509> certificate provided to SSL_CTX_add_extra_chain_cert() will be +freed by the library when the B<SSL_CTX> is destroyed. An application +B<should not> free the B<x509> object. =head1 RESTRICTIONS @@ -37,8 +47,9 @@ be used instead. =head1 RETURN VALUES -SSL_CTX_add_extra_chain_cert() returns 1 on success. Check out the -error stack to find out the reason for failure otherwise. +SSL_CTX_add_extra_chain_cert() and SSL_CTX_clear_extra_chain_certs() return +1 on success and 0 for failure. Check out the error stack to find out the +reason for failure. =head1 SEE ALSO diff --git a/doc/ssl/SSL_CTX_get0_param.pod b/doc/ssl/SSL_CTX_get0_param.pod index 332f181..ba16b50 100644 --- a/doc/ssl/SSL_CTX_get0_param.pod +++ b/doc/ssl/SSL_CTX_get0_param.pod @@ -34,7 +34,7 @@ them to suit its needs: for example to add a hostname check. Check hostname matches "www.foo.com" in peer certificate: X509_VERIFY_PARAM *vpm = SSL_get0_param(ssl); - X509_VERIFY_PARAM_set1_host(vpm, "www.foo.com"); + X509_VERIFY_PARAM_set1_host(vpm, "www.foo.com", 0); =head1 RETURN VALUES diff --git a/doc/ssl/SSL_check_chain.pod b/doc/ssl/SSL_check_chain.pod new file mode 100644 index 0000000..d3b7601 --- /dev/null +++ b/doc/ssl/SSL_check_chain.pod @@ -0,0 +1,85 @@ +=pod + +=head1 NAME + +SSL_check_chain - check certificate chain suitability + +=head1 SYNOPSIS + + #include <openssl/ssl.h> + + int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain); + +=head1 DESCRIPTION + +SSL_check_chain() checks whether certificate B<x>, private key B<pk> and +certificate chain B<chain> is suitable for use with the current session +B<s>. + +=head1 RETURN VALUES + +SSL_check_chain() returns a bitmap of flags indicating the validity of the +chain. + +B<CERT_PKEY_VALID>: the chain can be used with the current session. +If this flag is B<not> set then the certificate will never be used even +if the application tries to set it because it is inconsistent with the +peer preferences. + +B<CERT_PKEY_SIGN>: the EE key can be used for signing. + +B<CERT_PKEY_EE_SIGNATURE>: the signature algorithm of the EE certificate is +acceptable. + +B<CERT_PKEY_CA_SIGNATURE>: the signature algorithms of all CA certificates +are acceptable. + +B<CERT_PKEY_EE_PARAM>: the parameters of the end entity certificate are +acceptable (e.g. it is a supported curve). + +B<CERT_PKEY_CA_PARAM>: the parameters of all CA certificates are acceptable. + +B<CERT_PKEY_EXPLICIT_SIGN>: the end entity certificate algorithm +can be used explicitly for signing (i.e. it is mentioned in the signature +algorithms extension). + +B<CERT_PKEY_ISSUER_NAME>: the issuer name is acceptable. This is only +meaningful for client authentication. + +B<CERT_PKEY_CERT_TYPE>: the certificate type is acceptable. Only meaningful +for client authentication. + +B<CERT_PKEY_SUITEB>: chain is suitable for Suite B use. + +=head1 NOTES + +SSL_check_chain() must be called in servers after a client hello message or in +clients after a certificate request message. It will typically be called +in the certificate callback. + +An application wishing to support multiple certificate chains may call this +function on each chain in turn: starting with the one it considers the +most secure. It could then use the chain of the first set which returns +suitable flags. + +As a minimum the flag B<CERT_PKEY_VALID> must be set for a chain to be +usable. An application supporting multiple chains with different CA signature +algorithms may also wish to check B<CERT_PKEY_CA_SIGNATURE> too. If no +chain is suitable a server should fall back to the most secure chain which +sets B<CERT_PKEY_VALID>. + +The validity of a chain is determined by checking if it matches a supported +signature algorithm, supported curves and in the case of client authentication +certificate types and issuer names. + +Since the supported signature algorithms extension is only used in TLS 1.2 +and DTLS 1.2 the results for earlier versions of TLS and DTLS may not be +very useful. Applications may wish to specify a different "legacy" chain +for earlier versions of TLS or DTLS. + +=head1 SEE ALSO + +L<SSL_CTX_set_cert_cb(3)|SSL_CTX_set_cert_cb(3)>, +L<ssl(3)|ssl(3)> + +=cut @@ -619,7 +619,7 @@ struct servent *PASCAL getservbyname(const char *, const char *); # include <sys/select.h> # endif -# if defined(sun) +# if defined(__sun) || defined(sun) # include <sys/filio.h> # else # ifndef VMS @@ -661,7 +661,7 @@ struct servent *PASCAL getservbyname(const char *, const char *); # endif -# if defined(sun) && !defined(__svr4__) && !defined(__SVR4) +# if (defined(__sun) || defined(sun)) && !defined(__svr4__) && !defined(__SVR4) /* include headers first, so our defines don't break it */ # include <stdlib.h> # include <string.h> diff --git a/engines/e_chil.c b/engines/e_chil.c index 69d49d7..72d14fe 100644 --- a/engines/e_chil.c +++ b/engines/e_chil.c @@ -839,6 +839,10 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id, bn_fix_top(rtmp->n); res = EVP_PKEY_new(); + if (res == NULL) { + HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, HWCRHK_R_CHIL_ERROR); + goto err; + } EVP_PKEY_assign_RSA(res, rtmp); # endif diff --git a/include/openssl/aes.h b/include/openssl/aes.h deleted file mode 120000 index f555c13..0000000 --- a/include/openssl/aes.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/aes/aes.h
\ No newline at end of file diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h deleted file mode 120000 index dd51495..0000000 --- a/include/openssl/asn1.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/asn1/asn1.h
\ No newline at end of file diff --git a/include/openssl/asn1_mac.h b/include/openssl/asn1_mac.h deleted file mode 120000 index 97781d9..0000000 --- a/include/openssl/asn1_mac.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/asn1/asn1_mac.h
\ No newline at end of file diff --git a/include/openssl/asn1t.h b/include/openssl/asn1t.h deleted file mode 120000 index 31c87c3..0000000 --- a/include/openssl/asn1t.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/asn1/asn1t.h
\ No newline at end of file diff --git a/include/openssl/bio.h b/include/openssl/bio.h deleted file mode 120000 index c598b6f..0000000 --- a/include/openssl/bio.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/bio/bio.h
\ No newline at end of file diff --git a/include/openssl/blowfish.h b/include/openssl/blowfish.h deleted file mode 120000 index 88bf922..0000000 --- a/include/openssl/blowfish.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/bf/blowfish.h
\ No newline at end of file diff --git a/include/openssl/bn.h b/include/openssl/bn.h deleted file mode 120000 index 5c251c1..0000000 --- a/include/openssl/bn.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/bn/bn.h
\ No newline at end of file diff --git a/include/openssl/buffer.h b/include/openssl/buffer.h deleted file mode 120000 index 76ea711..0000000 --- a/include/openssl/buffer.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/buffer/buffer.h
\ No newline at end of file diff --git a/include/openssl/camellia.h b/include/openssl/camellia.h deleted file mode 120000 index ad10f97..0000000 --- a/include/openssl/camellia.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/camellia/camellia.h
\ No newline at end of file diff --git a/include/openssl/cast.h b/include/openssl/cast.h deleted file mode 120000 index b775ab0..0000000 --- a/include/openssl/cast.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/cast/cast.h
\ No newline at end of file diff --git a/include/openssl/cmac.h b/include/openssl/cmac.h deleted file mode 120000 index bfb70c4..0000000 --- a/include/openssl/cmac.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/cmac/cmac.h
\ No newline at end of file diff --git a/include/openssl/cms.h b/include/openssl/cms.h deleted file mode 120000 index 0f651ad..0000000 --- a/include/openssl/cms.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/cms/cms.h
\ No newline at end of file diff --git a/include/openssl/comp.h b/include/openssl/comp.h deleted file mode 120000 index 712c9d4..0000000 --- a/include/openssl/comp.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/comp/comp.h
\ No newline at end of file diff --git a/include/openssl/conf.h b/include/openssl/conf.h deleted file mode 120000 index 44156b1..0000000 --- a/include/openssl/conf.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/conf/conf.h
\ No newline at end of file diff --git a/include/openssl/conf_api.h b/include/openssl/conf_api.h deleted file mode 120000 index 26b4219..0000000 --- a/include/openssl/conf_api.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/conf/conf_api.h
\ No newline at end of file diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h deleted file mode 120000 index 2f3f63c..0000000 --- a/include/openssl/crypto.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/crypto.h
\ No newline at end of file diff --git a/include/openssl/des.h b/include/openssl/des.h deleted file mode 120000 index 5eb7c88..0000000 --- a/include/openssl/des.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/des/des.h
\ No newline at end of file diff --git a/include/openssl/des_old.h b/include/openssl/des_old.h deleted file mode 120000 index 9709898..0000000 --- a/include/openssl/des_old.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/des/des_old.h
\ No newline at end of file diff --git a/include/openssl/dh.h b/include/openssl/dh.h deleted file mode 120000 index c0eacb5..0000000 --- a/include/openssl/dh.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/dh/dh.h
\ No newline at end of file diff --git a/include/openssl/dsa.h b/include/openssl/dsa.h deleted file mode 120000 index ad4695f..0000000 --- a/include/openssl/dsa.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/dsa/dsa.h
\ No newline at end of file diff --git a/include/openssl/dso.h b/include/openssl/dso.h deleted file mode 120000 index b1f215d..0000000 --- a/include/openssl/dso.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/dso/dso.h
\ No newline at end of file diff --git a/include/openssl/dtls1.h b/include/openssl/dtls1.h deleted file mode 120000 index 95aef99..0000000 --- a/include/openssl/dtls1.h +++ /dev/null @@ -1 +0,0 @@ -../../ssl/dtls1.h
\ No newline at end of file diff --git a/include/openssl/e_os2.h b/include/openssl/e_os2.h deleted file mode 120000 index 0e8c039..0000000 --- a/include/openssl/e_os2.h +++ /dev/null @@ -1 +0,0 @@ -../../e_os2.h
\ No newline at end of file diff --git a/include/openssl/ebcdic.h b/include/openssl/ebcdic.h deleted file mode 120000 index a7ee60e..0000000 --- a/include/openssl/ebcdic.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/ebcdic.h
\ No newline at end of file diff --git a/include/openssl/ec.h b/include/openssl/ec.h deleted file mode 120000 index 245497e..0000000 --- a/include/openssl/ec.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/ec/ec.h
\ No newline at end of file diff --git a/include/openssl/ecdh.h b/include/openssl/ecdh.h deleted file mode 120000 index 3fd1c3b..0000000 --- a/include/openssl/ecdh.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/ecdh/ecdh.h
\ No newline at end of file diff --git a/include/openssl/ecdsa.h b/include/openssl/ecdsa.h deleted file mode 120000 index e48acc6..0000000 --- a/include/openssl/ecdsa.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/ecdsa/ecdsa.h
\ No newline at end of file diff --git a/include/openssl/engine.h b/include/openssl/engine.h deleted file mode 120000 index a02073e..0000000 --- a/include/openssl/engine.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/engine/engine.h
\ No newline at end of file diff --git a/include/openssl/err.h b/include/openssl/err.h deleted file mode 120000 index 20f65bd..0000000 --- a/include/openssl/err.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/err/err.h
\ No newline at end of file diff --git a/include/openssl/evp.h b/include/openssl/evp.h deleted file mode 120000 index 7e3a904..0000000 --- a/include/openssl/evp.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/evp/evp.h
\ No newline at end of file diff --git a/include/openssl/hmac.h b/include/openssl/hmac.h deleted file mode 120000 index de19ba7..0000000 --- a/include/openssl/hmac.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/hmac/hmac.h
\ No newline at end of file diff --git a/include/openssl/idea.h b/include/openssl/idea.h deleted file mode 120000 index 724fa34..0000000 --- a/include/openssl/idea.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/idea/idea.h
\ No newline at end of file diff --git a/include/openssl/krb5_asn.h b/include/openssl/krb5_asn.h deleted file mode 120000 index 1172e52..0000000 --- a/include/openssl/krb5_asn.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/krb5/krb5_asn.h
\ No newline at end of file diff --git a/include/openssl/kssl.h b/include/openssl/kssl.h deleted file mode 120000 index 2e5c2cd..0000000 --- a/include/openssl/kssl.h +++ /dev/null @@ -1 +0,0 @@ -../../ssl/kssl.h
\ No newline at end of file diff --git a/include/openssl/lhash.h b/include/openssl/lhash.h deleted file mode 120000 index 56eb099..0000000 --- a/include/openssl/lhash.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/lhash/lhash.h
\ No newline at end of file diff --git a/include/openssl/md4.h b/include/openssl/md4.h deleted file mode 120000 index 4ff863e..0000000 --- a/include/openssl/md4.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/md4/md4.h
\ No newline at end of file diff --git a/include/openssl/md5.h b/include/openssl/md5.h deleted file mode 120000 index 26fa47e..0000000 --- a/include/openssl/md5.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/md5/md5.h
\ No newline at end of file diff --git a/include/openssl/mdc2.h b/include/openssl/mdc2.h deleted file mode 120000 index 0bc32f1..0000000 --- a/include/openssl/mdc2.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/mdc2/mdc2.h
\ No newline at end of file diff --git a/include/openssl/modes.h b/include/openssl/modes.h deleted file mode 120000 index ccc1728..0000000 --- a/include/openssl/modes.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/modes/modes.h
\ No newline at end of file diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h deleted file mode 120000 index 0f443c8..0000000 --- a/include/openssl/obj_mac.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/objects/obj_mac.h
\ No newline at end of file diff --git a/include/openssl/objects.h b/include/openssl/objects.h deleted file mode 120000 index 7bd145c..0000000 --- a/include/openssl/objects.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/objects/objects.h
\ No newline at end of file diff --git a/include/openssl/ocsp.h b/include/openssl/ocsp.h deleted file mode 120000 index 08288c8..0000000 --- a/include/openssl/ocsp.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/ocsp/ocsp.h
\ No newline at end of file diff --git a/include/openssl/opensslconf.h b/include/openssl/opensslconf.h deleted file mode 120000 index 25d2bea..0000000 --- a/include/openssl/opensslconf.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/opensslconf.h
\ No newline at end of file diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h deleted file mode 120000 index f314f5f..0000000 --- a/include/openssl/opensslv.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/opensslv.h
\ No newline at end of file diff --git a/include/openssl/ossl_typ.h b/include/openssl/ossl_typ.h deleted file mode 120000 index e8f4245..0000000 --- a/include/openssl/ossl_typ.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/ossl_typ.h
\ No newline at end of file diff --git a/include/openssl/pem.h b/include/openssl/pem.h deleted file mode 120000 index ca37142..0000000 --- a/include/openssl/pem.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/pem/pem.h
\ No newline at end of file diff --git a/include/openssl/pem2.h b/include/openssl/pem2.h deleted file mode 120000 index c734dbd..0000000 --- a/include/openssl/pem2.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/pem/pem2.h
\ No newline at end of file diff --git a/include/openssl/pkcs12.h b/include/openssl/pkcs12.h deleted file mode 120000 index eebba77..0000000 --- a/include/openssl/pkcs12.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/pkcs12/pkcs12.h
\ No newline at end of file diff --git a/include/openssl/pkcs7.h b/include/openssl/pkcs7.h deleted file mode 120000 index 73e1b23..0000000 --- a/include/openssl/pkcs7.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/pkcs7/pkcs7.h
\ No newline at end of file diff --git a/include/openssl/pqueue.h b/include/openssl/pqueue.h deleted file mode 120000 index 93817c2..0000000 --- a/include/openssl/pqueue.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/pqueue/pqueue.h
\ No newline at end of file diff --git a/include/openssl/rand.h b/include/openssl/rand.h deleted file mode 120000 index 11231f8..0000000 --- a/include/openssl/rand.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/rand/rand.h
\ No newline at end of file diff --git a/include/openssl/rc2.h b/include/openssl/rc2.h deleted file mode 120000 index bb5a05c..0000000 --- a/include/openssl/rc2.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/rc2/rc2.h
\ No newline at end of file diff --git a/include/openssl/rc4.h b/include/openssl/rc4.h deleted file mode 120000 index ef7deeb..0000000 --- a/include/openssl/rc4.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/rc4/rc4.h
\ No newline at end of file diff --git a/include/openssl/ripemd.h b/include/openssl/ripemd.h deleted file mode 120000 index 200f562..0000000 --- a/include/openssl/ripemd.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/ripemd/ripemd.h
\ No newline at end of file diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h deleted file mode 120000 index 3e5a654..0000000 --- a/include/openssl/rsa.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/rsa/rsa.h
\ No newline at end of file diff --git a/include/openssl/safestack.h b/include/openssl/safestack.h deleted file mode 120000 index 8ca5b4c..0000000 --- a/include/openssl/safestack.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/stack/safestack.h
\ No newline at end of file diff --git a/include/openssl/seed.h b/include/openssl/seed.h deleted file mode 120000 index 05d04a5..0000000 --- a/include/openssl/seed.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/seed/seed.h
\ No newline at end of file diff --git a/include/openssl/sha.h b/include/openssl/sha.h deleted file mode 120000 index 3025cd5..0000000 --- a/include/openssl/sha.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/sha/sha.h
\ No newline at end of file diff --git a/include/openssl/srp.h b/include/openssl/srp.h deleted file mode 120000 index 16b73eb..0000000 --- a/include/openssl/srp.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/srp/srp.h
\ No newline at end of file diff --git a/include/openssl/srtp.h b/include/openssl/srtp.h deleted file mode 120000 index 9800e4e..0000000 --- a/include/openssl/srtp.h +++ /dev/null @@ -1 +0,0 @@ -../../ssl/srtp.h
\ No newline at end of file diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h deleted file mode 120000 index e87d9be..0000000 --- a/include/openssl/ssl.h +++ /dev/null @@ -1 +0,0 @@ -../../ssl/ssl.h
\ No newline at end of file diff --git a/include/openssl/ssl2.h b/include/openssl/ssl2.h deleted file mode 120000 index 7287688..0000000 --- a/include/openssl/ssl2.h +++ /dev/null @@ -1 +0,0 @@ -../../ssl/ssl2.h
\ No newline at end of file diff --git a/include/openssl/ssl23.h b/include/openssl/ssl23.h deleted file mode 120000 index 5605052..0000000 --- a/include/openssl/ssl23.h +++ /dev/null @@ -1 +0,0 @@ -../../ssl/ssl23.h
\ No newline at end of file diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h deleted file mode 120000 index 5ae2507..0000000 --- a/include/openssl/ssl3.h +++ /dev/null @@ -1 +0,0 @@ -../../ssl/ssl3.h
\ No newline at end of file diff --git a/include/openssl/stack.h b/include/openssl/stack.h deleted file mode 120000 index 61d342f..0000000 --- a/include/openssl/stack.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/stack/stack.h
\ No newline at end of file diff --git a/include/openssl/symhacks.h b/include/openssl/symhacks.h deleted file mode 120000 index 4a1a691..0000000 --- a/include/openssl/symhacks.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/symhacks.h
\ No newline at end of file diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h deleted file mode 120000 index 53d998f..0000000 --- a/include/openssl/tls1.h +++ /dev/null @@ -1 +0,0 @@ -../../ssl/tls1.h
\ No newline at end of file diff --git a/include/openssl/ts.h b/include/openssl/ts.h deleted file mode 120000 index a75d99d..0000000 --- a/include/openssl/ts.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/ts/ts.h
\ No newline at end of file diff --git a/include/openssl/txt_db.h b/include/openssl/txt_db.h deleted file mode 120000 index f672e35..0000000 --- a/include/openssl/txt_db.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/txt_db/txt_db.h
\ No newline at end of file diff --git a/include/openssl/ui.h b/include/openssl/ui.h deleted file mode 120000 index b07defa..0000000 --- a/include/openssl/ui.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/ui/ui.h
\ No newline at end of file diff --git a/include/openssl/ui_compat.h b/include/openssl/ui_compat.h deleted file mode 120000 index d8c74b7..0000000 --- a/include/openssl/ui_compat.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/ui/ui_compat.h
\ No newline at end of file diff --git a/include/openssl/whrlpool.h b/include/openssl/whrlpool.h deleted file mode 120000 index 125a081..0000000 --- a/include/openssl/whrlpool.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/whrlpool/whrlpool.h
\ No newline at end of file diff --git a/include/openssl/x509.h b/include/openssl/x509.h deleted file mode 120000 index b2b85c5..0000000 --- a/include/openssl/x509.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/x509/x509.h
\ No newline at end of file diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h deleted file mode 120000 index bb99ad4..0000000 --- a/include/openssl/x509_vfy.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/x509/x509_vfy.h
\ No newline at end of file diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h deleted file mode 120000 index 63d12f9..0000000 --- a/include/openssl/x509v3.h +++ /dev/null @@ -1 +0,0 @@ -../../crypto/x509v3/x509v3.h
\ No newline at end of file diff --git a/openssl.spec b/openssl.spec index 6e632b1..40dc16c 100644 --- a/openssl.spec +++ b/openssl.spec @@ -9,7 +9,7 @@ Release: 1 Summary: Secure Sockets Layer and cryptography libraries and tools Name: openssl -Version: 1.0.2d +Version: 1.0.2e Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz License: OpenSSL Group: System Environment/Libraries diff --git a/packaging/openssl.spec b/packaging/openssl.spec index 26bef15..64f321d 100644 --- a/packaging/openssl.spec +++ b/packaging/openssl.spec @@ -6,7 +6,7 @@ BuildRequires: zlib-devel %define ssletcdir %{_sysconfdir}/ssl %define num_version 1.0.0 Provides: ssl -Version: 1.0.2d +Version: 1.0.2e Release: 0 Summary: Secure Sockets and Transport Layer Security License: OpenSSL diff --git a/ssl/Makefile b/ssl/Makefile index 42f1af5..7b90fb0 100644 --- a/ssl/Makefile +++ b/ssl/Makefile @@ -15,7 +15,7 @@ KRB5_INCLUDES= CFLAGS= $(INCLUDES) $(CFLAG) GENERAL=Makefile README ssl-lib.com install.com -TEST=ssltest.c heartbeat_test.c +TEST=ssltest.c heartbeat_test.c clienthellotest.c APPS= LIB=$(TOP)/libssl.a diff --git a/ssl/bio_ssl.c b/ssl/bio_ssl.c index a0c583e..d2d4d2e 100644 --- a/ssl/bio_ssl.c +++ b/ssl/bio_ssl.c @@ -419,6 +419,10 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr) BIO_set_flags(b, BIO_FLAGS_IO_SPECIAL | BIO_FLAGS_SHOULD_RETRY); b->retry_reason = b->next_bio->retry_reason; break; + case SSL_ERROR_WANT_X509_LOOKUP: + BIO_set_retry_special(b); + b->retry_reason = BIO_RR_SSL_X509_LOOKUP; + break; default: break; } diff --git a/ssl/clienthellotest.c b/ssl/clienthellotest.c new file mode 100644 index 0000000..77517c6 --- /dev/null +++ b/ssl/clienthellotest.c @@ -0,0 +1,219 @@ +/* Written by Matt Caswell for the OpenSSL Project */ +/* ==================================================================== + * Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <string.h> + +#include <openssl/bio.h> +#include <openssl/crypto.h> +#include <openssl/evp.h> +#include <openssl/ssl.h> +#include <openssl/err.h> + + +#define CLIENT_VERSION_LEN 2 +#define SESSION_ID_LEN_LEN 1 +#define CIPHERS_LEN_LEN 2 +#define COMPRESSION_LEN_LEN 1 +#define EXTENSIONS_LEN_LEN 2 +#define EXTENSION_TYPE_LEN 2 +#define EXTENSION_SIZE_LEN 2 + + +#define TOTAL_NUM_TESTS 2 + +/* + * Test that explicitly setting ticket data results in it appearing in the + * ClientHello for TLS1.2 + */ +#define TEST_SET_SESSION_TICK_DATA_TLS_1_2 0 + +/* + * Test that explicitly setting ticket data results in it appearing in the + * ClientHello for a negotiated SSL/TLS version + */ +#define TEST_SET_SESSION_TICK_DATA_VER_NEG 1 + +int main(int argc, char *argv[]) +{ + SSL_CTX *ctx; + SSL *con; + BIO *rbio; + BIO *wbio; + BIO *err; + long len; + unsigned char *data; + unsigned char *dataend; + char *dummytick = "Hello World!"; + unsigned int tmplen; + unsigned int type; + unsigned int size; + int testresult = 0; + int currtest = 0; + + SSL_library_init(); + SSL_load_error_strings(); + + err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); + + CRYPTO_malloc_debug_init(); + CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + + /* + * For each test set up an SSL_CTX and SSL and see what ClientHello gets + * produced when we try to connect + */ + for (; currtest < TOTAL_NUM_TESTS; currtest++) { + testresult = 0; + if (currtest == TEST_SET_SESSION_TICK_DATA_TLS_1_2) { + ctx = SSL_CTX_new(TLSv1_2_method()); + } else { + ctx = SSL_CTX_new(SSLv23_method()); + } + con = SSL_new(ctx); + + rbio = BIO_new(BIO_s_mem()); + wbio = BIO_new(BIO_s_mem()); + SSL_set_bio(con, rbio, wbio); + SSL_set_connect_state(con); + + if (currtest == TEST_SET_SESSION_TICK_DATA_TLS_1_2 + || currtest == TEST_SET_SESSION_TICK_DATA_VER_NEG) { + if (!SSL_set_session_ticket_ext(con, dummytick, strlen(dummytick))) + goto end; + } + + if (SSL_connect(con) > 0) { + /* This shouldn't succeed because we don't have a server! */ + goto end; + } + + len = BIO_get_mem_data(wbio, (char **)&data); + dataend = data + len; + + /* Skip the record header */ + data += SSL3_RT_HEADER_LENGTH; + /* Skip the handshake message header */ + data += SSL3_HM_HEADER_LENGTH; + /* Skip client version and random */ + data += CLIENT_VERSION_LEN + SSL3_RANDOM_SIZE; + if (data + SESSION_ID_LEN_LEN > dataend) + goto end; + /* Skip session id */ + tmplen = *data; + data += SESSION_ID_LEN_LEN + tmplen; + if (data + CIPHERS_LEN_LEN > dataend) + goto end; + /* Skip ciphers */ + tmplen = ((*data) << 8) | *(data + 1); + data += CIPHERS_LEN_LEN + tmplen; + if (data + COMPRESSION_LEN_LEN > dataend) + goto end; + /* Skip compression */ + tmplen = *data; + data += COMPRESSION_LEN_LEN + tmplen; + if (data + EXTENSIONS_LEN_LEN > dataend) + goto end; + /* Extensions len */ + tmplen = ((*data) << 8) | *(data + 1); + data += EXTENSIONS_LEN_LEN; + if (data + tmplen > dataend) + goto end; + + /* Loop through all extensions */ + while (tmplen > EXTENSION_TYPE_LEN + EXTENSION_SIZE_LEN) { + type = ((*data) << 8) | *(data + 1); + data += EXTENSION_TYPE_LEN; + size = ((*data) << 8) | *(data + 1); + data += EXTENSION_SIZE_LEN; + if (data + size > dataend) + goto end; + + if (type == TLSEXT_TYPE_session_ticket) { + if (currtest == TEST_SET_SESSION_TICK_DATA_TLS_1_2 + || currtest == TEST_SET_SESSION_TICK_DATA_VER_NEG) { + if (size == strlen(dummytick) + && memcmp(data, dummytick, size) == 0) { + /* Ticket data is as we expected */ + testresult = 1; + } else { + printf("Received session ticket is not as expected\n"); + } + break; + } + } + + tmplen -= EXTENSION_TYPE_LEN + EXTENSION_SIZE_LEN + size; + data += size; + } + + end: + SSL_free(con); + SSL_CTX_free(ctx); + if (!testresult) { + printf("ClientHello test: FAILED (Test %d)\n", currtest); + break; + } + } + + ERR_free_strings(); + ERR_remove_thread_state(NULL); + EVP_cleanup(); + CRYPTO_cleanup_all_ex_data(); + CRYPTO_mem_leaks(err); + BIO_free(err); + + return testresult?0:1; +} diff --git a/ssl/d1_both.c b/ssl/d1_both.c index b4ee7ab..c2c8d57 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -1370,9 +1370,12 @@ int dtls1_shutdown(SSL *s) { int ret; #ifndef OPENSSL_NO_SCTP - if (BIO_dgram_is_sctp(SSL_get_wbio(s)) && + BIO *wbio; + + wbio = SSL_get_wbio(s); + if (wbio != NULL && BIO_dgram_is_sctp(wbio) && !(s->shutdown & SSL_SENT_SHUTDOWN)) { - ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s)); + ret = BIO_dgram_sctp_wait_for_dry(wbio); if (ret < 0) return -1; diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c index 4c2ccbf..3ddfa7b 100644 --- a/ssl/d1_clnt.c +++ b/ssl/d1_clnt.c @@ -133,12 +133,14 @@ static int dtls1_get_hello_verify(SSL *s); static const SSL_METHOD *dtls1_get_client_method(int ver) { - if (ver == DTLS1_VERSION || ver == DTLS1_BAD_VER) - return (DTLSv1_client_method()); + if (ver == DTLS_ANY_VERSION) + return DTLS_client_method(); + else if (ver == DTLS1_VERSION || ver == DTLS1_BAD_VER) + return DTLSv1_client_method(); else if (ver == DTLS1_2_VERSION) - return (DTLSv1_2_client_method()); + return DTLSv1_2_client_method(); else - return (NULL); + return NULL; } IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, @@ -147,13 +149,13 @@ IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, dtls1_connect, dtls1_get_client_method, DTLSv1_enc_data) - IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, +IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, DTLSv1_2_client_method, ssl_undefined_function, dtls1_connect, dtls1_get_client_method, DTLSv1_2_enc_data) - IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, +IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, DTLS_client_method, ssl_undefined_function, dtls1_connect, @@ -315,13 +317,12 @@ int dtls1_connect(SSL *s) #endif case SSL3_ST_CW_CLNT_HELLO_A: - case SSL3_ST_CW_CLNT_HELLO_B: - s->shutdown = 0; /* every DTLS ClientHello resets Finished MAC */ ssl3_init_finished_mac(s); + case SSL3_ST_CW_CLNT_HELLO_B: dtls1_start_timer(s); ret = ssl3_client_hello(s); if (ret <= 0) @@ -366,11 +367,15 @@ int dtls1_connect(SSL *s) sizeof(DTLS1_SCTP_AUTH_LABEL), DTLS1_SCTP_AUTH_LABEL); - SSL_export_keying_material(s, sctpauthkey, + if (SSL_export_keying_material(s, sctpauthkey, sizeof(sctpauthkey), labelbuffer, sizeof(labelbuffer), NULL, 0, - 0); + 0) <= 0) { + ret = -1; + s->state = SSL_ST_ERR; + goto end; + } BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, @@ -378,6 +383,10 @@ int dtls1_connect(SSL *s) #endif s->state = SSL3_ST_CR_FINISHED_A; + if (s->tlsext_ticket_expected) { + /* receive renewed session ticket */ + s->state = SSL3_ST_CR_SESSION_TICKET_A; + } } else s->state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A; } @@ -500,9 +509,13 @@ int dtls1_connect(SSL *s) snprintf((char *)labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL), DTLS1_SCTP_AUTH_LABEL); - SSL_export_keying_material(s, sctpauthkey, + if (SSL_export_keying_material(s, sctpauthkey, sizeof(sctpauthkey), labelbuffer, - sizeof(labelbuffer), NULL, 0, 0); + sizeof(labelbuffer), NULL, 0, 0) <= 0) { + ret = -1; + s->state = SSL_ST_ERR; + goto end; + } BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, sizeof(sctpauthkey), sctpauthkey); diff --git a/ssl/d1_meth.c b/ssl/d1_meth.c index 7340774..899010e 100644 --- a/ssl/d1_meth.c +++ b/ssl/d1_meth.c @@ -64,12 +64,14 @@ static const SSL_METHOD *dtls1_get_method(int ver); static const SSL_METHOD *dtls1_get_method(int ver) { - if (ver == DTLS1_VERSION) - return (DTLSv1_method()); + if (ver == DTLS_ANY_VERSION) + return DTLS_method(); + else if (ver == DTLS1_VERSION) + return DTLSv1_method(); else if (ver == DTLS1_2_VERSION) - return (DTLSv1_2_method()); + return DTLSv1_2_method(); else - return (NULL); + return NULL; } IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, @@ -77,12 +79,12 @@ IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, dtls1_accept, dtls1_connect, dtls1_get_method, DTLSv1_enc_data) - IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, +IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, DTLSv1_2_method, dtls1_accept, dtls1_connect, dtls1_get_method, DTLSv1_2_enc_data) - IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, +IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, DTLS_method, dtls1_accept, dtls1_connect, dtls1_get_method, DTLSv1_2_enc_data) diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index 655333a..e677d88 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -131,12 +131,14 @@ static int dtls1_send_hello_verify_request(SSL *s); static const SSL_METHOD *dtls1_get_server_method(int ver) { - if (ver == DTLS1_VERSION) - return (DTLSv1_server_method()); + if (ver == DTLS_ANY_VERSION) + return DTLS_server_method(); + else if (ver == DTLS1_VERSION) + return DTLSv1_server_method(); else if (ver == DTLS1_2_VERSION) - return (DTLSv1_2_server_method()); + return DTLSv1_2_server_method(); else - return (NULL); + return NULL; } IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, @@ -145,13 +147,13 @@ IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, ssl_undefined_function, dtls1_get_server_method, DTLSv1_enc_data) - IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, +IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, DTLSv1_2_server_method, dtls1_accept, ssl_undefined_function, dtls1_get_server_method, DTLSv1_2_enc_data) - IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, +IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, DTLS_server_method, dtls1_accept, ssl_undefined_function, @@ -283,6 +285,19 @@ int dtls1_accept(SSL *s) ssl3_init_finished_mac(s); s->state = SSL3_ST_SR_CLNT_HELLO_A; s->ctx->stats.sess_accept++; + } else if (!s->s3->send_connection_binding && + !(s->options & + SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) { + /* + * Server attempting to renegotiate with client that doesn't + * support secure renegotiation. + */ + SSLerr(SSL_F_DTLS1_ACCEPT, + SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); + ret = -1; + s->state = SSL_ST_ERR; + goto end; } else { /* * s->state == SSL_ST_RENEGOTIATE, we will just send a @@ -421,9 +436,13 @@ int dtls1_accept(SSL *s) snprintf((char *)labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL), DTLS1_SCTP_AUTH_LABEL); - SSL_export_keying_material(s, sctpauthkey, - sizeof(sctpauthkey), labelbuffer, - sizeof(labelbuffer), NULL, 0, 0); + if (SSL_export_keying_material(s, sctpauthkey, + sizeof(sctpauthkey), labelbuffer, + sizeof(labelbuffer), NULL, 0, 0) <= 0) { + ret = -1; + s->state = SSL_ST_ERR; + goto end; + } BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, sizeof(sctpauthkey), sctpauthkey); @@ -635,9 +654,13 @@ int dtls1_accept(SSL *s) snprintf((char *)labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL), DTLS1_SCTP_AUTH_LABEL); - SSL_export_keying_material(s, sctpauthkey, + if (SSL_export_keying_material(s, sctpauthkey, sizeof(sctpauthkey), labelbuffer, - sizeof(labelbuffer), NULL, 0, 0); + sizeof(labelbuffer), NULL, 0, 0) <= 0) { + ret = -1; + s->state = SSL_ST_ERR; + goto end; + } BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, sizeof(sctpauthkey), sctpauthkey); diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c index e4e707c..f782010 100644 --- a/ssl/s23_clnt.c +++ b/ssl/s23_clnt.c @@ -375,12 +375,13 @@ static int ssl23_client_hello(SSL *s) buf = (unsigned char *)s->init_buf->data; if (s->state == SSL23_ST_CW_CLNT_HELLO_A) { -#if 0 - /* don't reuse session-id's */ + /* + * Since we're sending s23 client hello, we're not reusing a session, as + * we'd be using the method from the saved session instead + */ if (!ssl_get_new_session(s, 0)) { - return (-1); + return -1; } -#endif p = s->s3->client_random; if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0) @@ -445,9 +446,6 @@ static int ssl23_client_hello(SSL *s) /* * put in the session-id length (zero since there is no reuse) */ -#if 0 - s->session->session_id_length = 0; -#endif s2n(0, d); if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG) @@ -738,6 +736,8 @@ static int ssl23_get_server_hello(SSL *s) goto err; } + s->session->ssl_version = s->version; + /* ensure that TLS_MAX_VERSION is up-to-date */ OPENSSL_assert(s->version <= TLS_MAX_VERSION); @@ -796,13 +796,6 @@ static int ssl23_get_server_hello(SSL *s) } s->init_num = 0; - /* - * Since, if we are sending a ssl23 client hello, we are not reusing a - * session-id - */ - if (!ssl_get_new_session(s, 0)) - goto err; - return (SSL_connect(s)); err: return (-1); diff --git a/ssl/s3_both.c b/ssl/s3_both.c index 019e21c..09d0661 100644 --- a/ssl/s3_both.c +++ b/ssl/s3_both.c @@ -648,7 +648,7 @@ int ssl3_setup_read_buffer(SSL *s) unsigned char *p; size_t len, align = 0, headerlen; - if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) + if (SSL_IS_DTLS(s)) headerlen = DTLS1_RT_HEADER_LENGTH; else headerlen = SSL3_RT_HEADER_LENGTH; @@ -687,7 +687,7 @@ int ssl3_setup_write_buffer(SSL *s) unsigned char *p; size_t len, align = 0, headerlen; - if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) + if (SSL_IS_DTLS(s)) headerlen = DTLS1_RT_HEADER_LENGTH + 1; else headerlen = SSL3_RT_HEADER_LENGTH; diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c index a0edcef..557622f 100644 --- a/ssl/s3_cbc.c +++ b/ssl/s3_cbc.c @@ -411,8 +411,9 @@ char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx) * functions, above, we know that data_plus_mac_size is large enough to contain * a padding byte and MAC. (If the padding was invalid, it might contain the * padding too. ) + * Returns 1 on success or 0 on error */ -void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, +int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char *md_out, size_t *md_out_size, const unsigned char header[13], @@ -455,7 +456,8 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, switch (EVP_MD_CTX_type(ctx)) { case NID_md5: - MD5_Init((MD5_CTX *)md_state.c); + if (MD5_Init((MD5_CTX *)md_state.c) <= 0) + return 0; md_final_raw = tls1_md5_final_raw; md_transform = (void (*)(void *ctx, const unsigned char *block))MD5_Transform; @@ -464,7 +466,8 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, length_is_big_endian = 0; break; case NID_sha1: - SHA1_Init((SHA_CTX *)md_state.c); + if (SHA1_Init((SHA_CTX *)md_state.c) <= 0) + return 0; md_final_raw = tls1_sha1_final_raw; md_transform = (void (*)(void *ctx, const unsigned char *block))SHA1_Transform; @@ -472,14 +475,16 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, break; #ifndef OPENSSL_NO_SHA256 case NID_sha224: - SHA224_Init((SHA256_CTX *)md_state.c); + if (SHA224_Init((SHA256_CTX *)md_state.c) <= 0) + return 0; md_final_raw = tls1_sha256_final_raw; md_transform = (void (*)(void *ctx, const unsigned char *block))SHA256_Transform; md_size = 224 / 8; break; case NID_sha256: - SHA256_Init((SHA256_CTX *)md_state.c); + if (SHA256_Init((SHA256_CTX *)md_state.c) <= 0) + return 0; md_final_raw = tls1_sha256_final_raw; md_transform = (void (*)(void *ctx, const unsigned char *block))SHA256_Transform; @@ -488,7 +493,8 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, #endif #ifndef OPENSSL_NO_SHA512 case NID_sha384: - SHA384_Init((SHA512_CTX *)md_state.c); + if (SHA384_Init((SHA512_CTX *)md_state.c) <= 0) + return 0; md_final_raw = tls1_sha512_final_raw; md_transform = (void (*)(void *ctx, const unsigned char *block))SHA512_Transform; @@ -497,7 +503,8 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, md_length_size = 16; break; case NID_sha512: - SHA512_Init((SHA512_CTX *)md_state.c); + if (SHA512_Init((SHA512_CTX *)md_state.c) <= 0) + return 0; md_final_raw = tls1_sha512_final_raw; md_transform = (void (*)(void *ctx, const unsigned char *block))SHA512_Transform; @@ -513,8 +520,8 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, */ OPENSSL_assert(0); if (md_out_size) - *md_out_size = -1; - return; + *md_out_size = 0; + return 0; } OPENSSL_assert(md_length_size <= MAX_HASH_BIT_COUNT_BYTES); @@ -652,7 +659,7 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, */ if (header_length <= md_block_size) { /* Should never happen */ - return; + return 0; } overhang = header_length - md_block_size; md_transform(md_state.c, header); @@ -733,26 +740,34 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, } EVP_MD_CTX_init(&md_ctx); - EVP_DigestInit_ex(&md_ctx, ctx->digest, NULL /* engine */ ); + if (EVP_DigestInit_ex(&md_ctx, ctx->digest, NULL /* engine */ ) <= 0) + goto err; if (is_sslv3) { /* We repurpose |hmac_pad| to contain the SSLv3 pad2 block. */ memset(hmac_pad, 0x5c, sslv3_pad_length); - EVP_DigestUpdate(&md_ctx, mac_secret, mac_secret_length); - EVP_DigestUpdate(&md_ctx, hmac_pad, sslv3_pad_length); - EVP_DigestUpdate(&md_ctx, mac_out, md_size); + if (EVP_DigestUpdate(&md_ctx, mac_secret, mac_secret_length) <= 0 + || EVP_DigestUpdate(&md_ctx, hmac_pad, sslv3_pad_length) <= 0 + || EVP_DigestUpdate(&md_ctx, mac_out, md_size) <= 0) + goto err; } else { /* Complete the HMAC in the standard manner. */ for (i = 0; i < md_block_size; i++) hmac_pad[i] ^= 0x6a; - EVP_DigestUpdate(&md_ctx, hmac_pad, md_block_size); - EVP_DigestUpdate(&md_ctx, mac_out, md_size); + if (EVP_DigestUpdate(&md_ctx, hmac_pad, md_block_size) <= 0 + || EVP_DigestUpdate(&md_ctx, mac_out, md_size) <= 0) + goto err; } EVP_DigestFinal(&md_ctx, md_out, &md_out_size_u); if (md_out_size) *md_out_size = md_out_size_u; EVP_MD_CTX_cleanup(&md_ctx); + + return 1; +err: + EVP_MD_CTX_cleanup(&md_ctx); + return 0; } #ifdef OPENSSL_FIPS diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 6af145a..bc5254c 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1050,6 +1050,11 @@ int ssl3_get_server_hello(SSL *s) SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_UNKNOWN_CIPHER_RETURNED); goto f_err; } + /* Set version disabled mask now we know version */ + if (!SSL_USE_TLS1_2_CIPHERS(s)) + ct->mask_ssl = SSL_TLSV1_2; + else + ct->mask_ssl = 0; /* * If it is a disabled cipher we didn't send it in client hello, so * return an error. @@ -1699,6 +1704,12 @@ int ssl3_get_key_exchange(SSL *s) } p += i; + if (BN_is_zero(dh->p)) { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_P_VALUE); + goto f_err; + } + + if (2 > n - param_len) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT); goto f_err; @@ -1719,6 +1730,11 @@ int ssl3_get_key_exchange(SSL *s) } p += i; + if (BN_is_zero(dh->g)) { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_G_VALUE); + goto f_err; + } + if (2 > n - param_len) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT); goto f_err; @@ -1740,6 +1756,11 @@ int ssl3_get_key_exchange(SSL *s) p += i; n -= param_len; + if (BN_is_zero(dh->pub_key)) { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_PUB_KEY_VALUE); + goto f_err; + } + # ifndef OPENSSL_NO_RSA if (alg_a & SSL_aRSA) pkey = @@ -1935,14 +1956,20 @@ int ssl3_get_key_exchange(SSL *s) q = md_buf; for (num = 2; num > 0; num--) { EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); - EVP_DigestInit_ex(&md_ctx, (num == 2) - ? s->ctx->md5 : s->ctx->sha1, NULL); - EVP_DigestUpdate(&md_ctx, &(s->s3->client_random[0]), - SSL3_RANDOM_SIZE); - EVP_DigestUpdate(&md_ctx, &(s->s3->server_random[0]), - SSL3_RANDOM_SIZE); - EVP_DigestUpdate(&md_ctx, param, param_len); - EVP_DigestFinal_ex(&md_ctx, q, &size); + if (EVP_DigestInit_ex(&md_ctx, + (num == 2) ? s->ctx->md5 : s->ctx->sha1, + NULL) <= 0 + || EVP_DigestUpdate(&md_ctx, &(s->s3->client_random[0]), + SSL3_RANDOM_SIZE) <= 0 + || EVP_DigestUpdate(&md_ctx, &(s->s3->server_random[0]), + SSL3_RANDOM_SIZE) <= 0 + || EVP_DigestUpdate(&md_ctx, param, param_len) <= 0 + || EVP_DigestFinal_ex(&md_ctx, q, &size) <= 0) { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); + al = SSL_AD_INTERNAL_ERROR; + goto f_err; + } q += size; j += size; } @@ -1961,12 +1988,16 @@ int ssl3_get_key_exchange(SSL *s) } else #endif { - EVP_VerifyInit_ex(&md_ctx, md, NULL); - EVP_VerifyUpdate(&md_ctx, &(s->s3->client_random[0]), - SSL3_RANDOM_SIZE); - EVP_VerifyUpdate(&md_ctx, &(s->s3->server_random[0]), - SSL3_RANDOM_SIZE); - EVP_VerifyUpdate(&md_ctx, param, param_len); + if (EVP_VerifyInit_ex(&md_ctx, md, NULL) <= 0 + || EVP_VerifyUpdate(&md_ctx, &(s->s3->client_random[0]), + SSL3_RANDOM_SIZE) <= 0 + || EVP_VerifyUpdate(&md_ctx, &(s->s3->server_random[0]), + SSL3_RANDOM_SIZE) <= 0 + || EVP_VerifyUpdate(&md_ctx, param, param_len) <= 0) { + al = SSL_AD_INTERNAL_ERROR; + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_EVP_LIB); + goto f_err; + } if (EVP_VerifyFinal(&md_ctx, p, (int)n, pkey) <= 0) { /* bad signature */ al = SSL_AD_DECRYPT_ERROR; @@ -2208,6 +2239,7 @@ int ssl3_get_new_session_ticket(SSL *s) long n; const unsigned char *p; unsigned char *d; + unsigned long ticket_lifetime_hint; n = s->method->ssl_get_message(s, SSL3_ST_CR_SESSION_TICKET_A, @@ -2226,6 +2258,19 @@ int ssl3_get_new_session_ticket(SSL *s) p = d = (unsigned char *)s->init_msg; + n2l(p, ticket_lifetime_hint); + n2s(p, ticklen); + /* ticket_lifetime_hint + ticket_length + ticket */ + if (ticklen + 6 != n) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, SSL_R_LENGTH_MISMATCH); + goto f_err; + } + + /* Server is allowed to change its mind and send an empty ticket. */ + if (ticklen == 0) + return 1; + if (s->session->session_id_length > 0) { int i = s->session_ctx->session_cache_mode; SSL_SESSION *new_sess; @@ -2257,14 +2302,6 @@ int ssl3_get_new_session_ticket(SSL *s) s->session = new_sess; } - n2l(p, s->session->tlsext_tick_lifetime_hint); - n2s(p, ticklen); - /* ticket_lifetime_hint + ticket_length + ticket */ - if (ticklen + 6 != n) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, SSL_R_LENGTH_MISMATCH); - goto f_err; - } if (s->session->tlsext_tick) { OPENSSL_free(s->session->tlsext_tick); s->session->tlsext_ticklen = 0; @@ -2275,6 +2312,7 @@ int ssl3_get_new_session_ticket(SSL *s) goto err; } memcpy(s->session->tlsext_tick, p, ticklen); + s->session->tlsext_tick_lifetime_hint = ticket_lifetime_hint; s->session->tlsext_ticklen = ticklen; /* * There are two ways to detect a resumed ticket session. One is to set @@ -2462,6 +2500,7 @@ int ssl3_send_client_key_exchange(SSL *s) || (pkey->pkey.rsa == NULL)) { SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); + EVP_PKEY_free(pkey); goto err; } rsa = pkey->pkey.rsa; @@ -2927,6 +2966,11 @@ int ssl3_send_client_key_exchange(SSL *s) pkey_ctx = EVP_PKEY_CTX_new(pub_key = X509_get_pubkey(peer_cert), NULL); + if (pkey_ctx == NULL) { + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + ERR_R_MALLOC_FAILURE); + goto err; + } /* * If we have send a certificate, and certificate key * @@ -2936,10 +2980,13 @@ int ssl3_send_client_key_exchange(SSL *s) /* Otherwise, generate ephemeral key pair */ - EVP_PKEY_encrypt_init(pkey_ctx); - /* Generate session key */ - if (RAND_bytes(premaster_secret, 32) <= 0) { + if (pkey_ctx == NULL + || EVP_PKEY_encrypt_init(pkey_ctx) <= 0 + /* Generate session key */ + || RAND_bytes(premaster_secret, 32) <= 0) { EVP_PKEY_CTX_free(pkey_ctx); + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); goto err; } /* @@ -2960,13 +3007,18 @@ int ssl3_send_client_key_exchange(SSL *s) * data */ ukm_hash = EVP_MD_CTX_create(); - EVP_DigestInit(ukm_hash, - EVP_get_digestbynid(NID_id_GostR3411_94)); - EVP_DigestUpdate(ukm_hash, s->s3->client_random, - SSL3_RANDOM_SIZE); - EVP_DigestUpdate(ukm_hash, s->s3->server_random, - SSL3_RANDOM_SIZE); - EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len); + if (EVP_DigestInit(ukm_hash, + EVP_get_digestbynid(NID_id_GostR3411_94)) <= 0 + || EVP_DigestUpdate(ukm_hash, s->s3->client_random, + SSL3_RANDOM_SIZE) <= 0 + || EVP_DigestUpdate(ukm_hash, s->s3->server_random, + SSL3_RANDOM_SIZE) <= 0 + || EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len) <= 0) { + EVP_MD_CTX_destroy(ukm_hash); + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); + goto err; + } EVP_MD_CTX_destroy(ukm_hash); if (EVP_PKEY_CTX_ctrl (pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT, EVP_PKEY_CTRL_SET_IV, 8, @@ -2982,7 +3034,7 @@ int ssl3_send_client_key_exchange(SSL *s) *(p++) = V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED; msglen = 255; if (EVP_PKEY_encrypt(pkey_ctx, tmp, &msglen, premaster_secret, 32) - < 0) { + <= 0) { SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, SSL_R_LIBRARY_BUG); goto err; @@ -3177,7 +3229,10 @@ int ssl3_send_client_verify(SSL *s) pkey = s->cert->key->privatekey; /* Create context from key and test if sha1 is allowed as digest */ pctx = EVP_PKEY_CTX_new(pkey, NULL); - EVP_PKEY_sign_init(pctx); + if (pctx == NULL || EVP_PKEY_sign_init(pctx) <= 0) { + SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR); + goto err; + } if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1()) > 0) { if (!SSL_USE_SIGALGS(s)) s->method->ssl3_enc->cert_verify_mac(s, @@ -3365,7 +3420,6 @@ int ssl3_send_client_certificate(SSL *s) * If we get an error, we need to ssl->rwstate=SSL_X509_LOOKUP; * return(-1); We then get retied later */ - i = 0; i = ssl_do_client_cert_cb(s, &x509, &pkey); if (i < 0) { s->rwstate = SSL_X509_LOOKUP; diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index cda2d8c..47a0ec9 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -253,7 +253,10 @@ int ssl3_change_cipher_state(SSL *s, int which) EVP_CIPHER_CTX_init(s->enc_read_ctx); dd = s->enc_read_ctx; - ssl_replace_hash(&s->read_hash, m); + if (ssl_replace_hash(&s->read_hash, m) == NULL) { + SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); + goto err2; + } #ifndef OPENSSL_NO_COMP /* COMPRESS */ if (s->expand != NULL) { @@ -288,7 +291,10 @@ int ssl3_change_cipher_state(SSL *s, int which) */ EVP_CIPHER_CTX_init(s->enc_write_ctx); dd = s->enc_write_ctx; - ssl_replace_hash(&s->write_hash, m); + if (ssl_replace_hash(&s->write_hash, m) == NULL) { + SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); + goto err2; + } #ifndef OPENSSL_NO_COMP /* COMPRESS */ if (s->compress != NULL) { @@ -691,19 +697,21 @@ static int ssl3_handshake_mac(SSL *s, int md_nid, return 0; npad = (48 / n) * n; - if (sender != NULL) - EVP_DigestUpdate(&ctx, sender, len); - EVP_DigestUpdate(&ctx, s->session->master_key, - s->session->master_key_length); - EVP_DigestUpdate(&ctx, ssl3_pad_1, npad); - EVP_DigestFinal_ex(&ctx, md_buf, &i); - - EVP_DigestInit_ex(&ctx, EVP_MD_CTX_md(&ctx), NULL); - EVP_DigestUpdate(&ctx, s->session->master_key, - s->session->master_key_length); - EVP_DigestUpdate(&ctx, ssl3_pad_2, npad); - EVP_DigestUpdate(&ctx, md_buf, i); - EVP_DigestFinal_ex(&ctx, p, &ret); + if ((sender != NULL && EVP_DigestUpdate(&ctx, sender, len) <= 0) + || EVP_DigestUpdate(&ctx, s->session->master_key, + s->session->master_key_length) <= 0 + || EVP_DigestUpdate(&ctx, ssl3_pad_1, npad) <= 0 + || EVP_DigestFinal_ex(&ctx, md_buf, &i) <= 0 + + || EVP_DigestInit_ex(&ctx, EVP_MD_CTX_md(&ctx), NULL) <= 0 + || EVP_DigestUpdate(&ctx, s->session->master_key, + s->session->master_key_length) <= 0 + || EVP_DigestUpdate(&ctx, ssl3_pad_2, npad) <= 0 + || EVP_DigestUpdate(&ctx, md_buf, i) <= 0 + || EVP_DigestFinal_ex(&ctx, p, &ret) <= 0) { + SSLerr(SSL_F_SSL3_HANDSHAKE_MAC, ERR_R_INTERNAL_ERROR); + ret = 0; + } EVP_MD_CTX_cleanup(&ctx); @@ -775,33 +783,36 @@ int n_ssl3_mac(SSL *ssl, unsigned char *md, int send) header[j++] = rec->length & 0xff; /* Final param == is SSLv3 */ - ssl3_cbc_digest_record(hash, - md, &md_size, - header, rec->input, - rec->length + md_size, orig_len, - mac_sec, md_size, 1); + if (ssl3_cbc_digest_record(hash, + md, &md_size, + header, rec->input, + rec->length + md_size, orig_len, + mac_sec, md_size, 1) <= 0) + return -1; } else { unsigned int md_size_u; /* Chop the digest off the end :-) */ EVP_MD_CTX_init(&md_ctx); - EVP_MD_CTX_copy_ex(&md_ctx, hash); - EVP_DigestUpdate(&md_ctx, mac_sec, md_size); - EVP_DigestUpdate(&md_ctx, ssl3_pad_1, npad); - EVP_DigestUpdate(&md_ctx, seq, 8); rec_char = rec->type; - EVP_DigestUpdate(&md_ctx, &rec_char, 1); p = md; s2n(rec->length, p); - EVP_DigestUpdate(&md_ctx, md, 2); - EVP_DigestUpdate(&md_ctx, rec->input, rec->length); - EVP_DigestFinal_ex(&md_ctx, md, NULL); - - EVP_MD_CTX_copy_ex(&md_ctx, hash); - EVP_DigestUpdate(&md_ctx, mac_sec, md_size); - EVP_DigestUpdate(&md_ctx, ssl3_pad_2, npad); - EVP_DigestUpdate(&md_ctx, md, md_size); - EVP_DigestFinal_ex(&md_ctx, md, &md_size_u); + if (EVP_MD_CTX_copy_ex(&md_ctx, hash) <= 0 + || EVP_DigestUpdate(&md_ctx, mac_sec, md_size) <= 0 + || EVP_DigestUpdate(&md_ctx, ssl3_pad_1, npad) <= 0 + || EVP_DigestUpdate(&md_ctx, seq, 8) <= 0 + || EVP_DigestUpdate(&md_ctx, &rec_char, 1) <= 0 + || EVP_DigestUpdate(&md_ctx, md, 2) <= 0 + || EVP_DigestUpdate(&md_ctx, rec->input, rec->length) <= 0 + || EVP_DigestFinal_ex(&md_ctx, md, NULL) <= 0 + || EVP_MD_CTX_copy_ex(&md_ctx, hash) <= 0 + || EVP_DigestUpdate(&md_ctx, mac_sec, md_size) <= 0 + || EVP_DigestUpdate(&md_ctx, ssl3_pad_2, npad) <= 0 + || EVP_DigestUpdate(&md_ctx, md, md_size) <= 0 + || EVP_DigestFinal_ex(&md_ctx, md, &md_size_u) <= 0) { + EVP_MD_CTX_cleanup(&md_ctx); + return -1; + } md_size = md_size_u; EVP_MD_CTX_cleanup(&md_ctx); @@ -846,24 +857,31 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, EVP_MD_CTX_init(&ctx); for (i = 0; i < 3; i++) { - EVP_DigestInit_ex(&ctx, s->ctx->sha1, NULL); - EVP_DigestUpdate(&ctx, salt[i], strlen((const char *)salt[i])); - EVP_DigestUpdate(&ctx, p, len); - EVP_DigestUpdate(&ctx, &(s->s3->client_random[0]), SSL3_RANDOM_SIZE); - EVP_DigestUpdate(&ctx, &(s->s3->server_random[0]), SSL3_RANDOM_SIZE); - EVP_DigestFinal_ex(&ctx, buf, &n); - - EVP_DigestInit_ex(&ctx, s->ctx->md5, NULL); - EVP_DigestUpdate(&ctx, p, len); - EVP_DigestUpdate(&ctx, buf, n); - EVP_DigestFinal_ex(&ctx, out, &n); + if (EVP_DigestInit_ex(&ctx, s->ctx->sha1, NULL) <= 0 + || EVP_DigestUpdate(&ctx, salt[i], + strlen((const char *)salt[i])) <= 0 + || EVP_DigestUpdate(&ctx, p, len) <= 0 + || EVP_DigestUpdate(&ctx, &(s->s3->client_random[0]), + SSL3_RANDOM_SIZE) <= 0 + || EVP_DigestUpdate(&ctx, &(s->s3->server_random[0]), + SSL3_RANDOM_SIZE) <= 0 + || EVP_DigestFinal_ex(&ctx, buf, &n) <= 0 + + || EVP_DigestInit_ex(&ctx, s->ctx->md5, NULL) <= 0 + || EVP_DigestUpdate(&ctx, p, len) <= 0 + || EVP_DigestUpdate(&ctx, buf, n) <= 0 + || EVP_DigestFinal_ex(&ctx, out, &n) <= 0) { + SSLerr(SSL_F_SSL3_GENERATE_MASTER_SECRET, ERR_R_INTERNAL_ERROR); + ret = 0; + break; + } out += n; ret += n; } EVP_MD_CTX_cleanup(&ctx); #ifdef OPENSSL_SSL_TRACE_CRYPTO - if (s->msg_callback) { + if (ret > 0 && s->msg_callback) { s->msg_callback(2, s->version, TLS1_RT_CRYPTO_PREMASTER, p, len, s, s->msg_callback_arg); s->msg_callback(2, s->version, TLS1_RT_CRYPTO_CLIENT_RANDOM, diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index ad9eeb6..64793d6 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -2983,7 +2983,7 @@ int ssl3_new(SSL *s) void ssl3_free(SSL *s) { - if (s == NULL) + if (s == NULL || s->s3 == NULL) return; #ifdef TLSEXT_TYPE_opaque_prf_input diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index 603c285..3798902 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -1115,7 +1115,7 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, s->rwstate = SSL_NOTHING; return (s->s3->wpend_ret); } else if (i <= 0) { - if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) { + if (SSL_IS_DTLS(s)) { /* * For DTLS, just drop it. That's kind of the whole point in * using a datagram service diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index acd3b9e..ee83105 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -383,7 +383,6 @@ int ssl3_accept(SSL *s) */ if (al != TLS1_AD_UNKNOWN_PSK_IDENTITY) SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_CLIENTHELLO_TLSEXT); - ret = SSL_TLSEXT_ERR_ALERT_FATAL; ret = -1; s->state = SSL_ST_ERR; goto end; @@ -902,7 +901,7 @@ int ssl3_send_hello_request(SSL *s) int ssl3_get_client_hello(SSL *s) { - int i, j, ok, al = SSL_AD_INTERNAL_ERROR, ret = -1; + int i, j, ok, al = SSL_AD_INTERNAL_ERROR, ret = -1, cookie_valid = 0; unsigned int cookie_len; long n; unsigned long id; @@ -1095,8 +1094,7 @@ int ssl3_get_client_hello(SSL *s) SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH); goto f_err; } - /* Set to -2 so if successful we return 2 */ - ret = -2; + cookie_valid = 1; } p += cookie_len; @@ -1231,7 +1229,7 @@ int ssl3_get_client_hello(SSL *s) #ifndef OPENSSL_NO_TLSEXT /* TLS extensions */ if (s->version >= SSL3_VERSION) { - if (!ssl_parse_clienthello_tlsext(s, &p, d, n)) { + if (!ssl_parse_clienthello_tlsext(s, &p, d + n)) { SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_PARSE_TLSEXT); goto err; } @@ -1466,8 +1464,7 @@ int ssl3_get_client_hello(SSL *s) } } - if (ret < 0) - ret = -ret; + ret = cookie_valid ? 2 : 1; if (0) { f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); @@ -1477,7 +1474,7 @@ int ssl3_get_client_hello(SSL *s) if (ciphers != NULL) sk_SSL_CIPHER_free(ciphers); - return ret < 0 ? -1 : ret; + return ret; } int ssl3_send_server_hello(SSL *s) @@ -1950,14 +1947,22 @@ int ssl3_send_server_key_exchange(SSL *s) for (num = 2; num > 0; num--) { EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); - EVP_DigestInit_ex(&md_ctx, (num == 2) - ? s->ctx->md5 : s->ctx->sha1, NULL); - EVP_DigestUpdate(&md_ctx, &(s->s3->client_random[0]), - SSL3_RANDOM_SIZE); - EVP_DigestUpdate(&md_ctx, &(s->s3->server_random[0]), - SSL3_RANDOM_SIZE); - EVP_DigestUpdate(&md_ctx, d, n); - EVP_DigestFinal_ex(&md_ctx, q, (unsigned int *)&i); + if (EVP_DigestInit_ex(&md_ctx, + (num == 2) ? s->ctx->md5 + : s->ctx->sha1, + NULL) <= 0 + || EVP_DigestUpdate(&md_ctx, &(s->s3->client_random[0]), + SSL3_RANDOM_SIZE) <= 0 + || EVP_DigestUpdate(&md_ctx, &(s->s3->server_random[0]), + SSL3_RANDOM_SIZE) <= 0 + || EVP_DigestUpdate(&md_ctx, d, n) <= 0 + || EVP_DigestFinal_ex(&md_ctx, q, + (unsigned int *)&i) <= 0) { + SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, + ERR_LIB_EVP); + al = SSL_AD_INTERNAL_ERROR; + goto f_err; + } q += i; j += i; } @@ -1985,16 +1990,17 @@ int ssl3_send_server_key_exchange(SSL *s) #ifdef SSL_DEBUG fprintf(stderr, "Using hash %s\n", EVP_MD_name(md)); #endif - EVP_SignInit_ex(&md_ctx, md, NULL); - EVP_SignUpdate(&md_ctx, &(s->s3->client_random[0]), - SSL3_RANDOM_SIZE); - EVP_SignUpdate(&md_ctx, &(s->s3->server_random[0]), - SSL3_RANDOM_SIZE); - EVP_SignUpdate(&md_ctx, d, n); - if (!EVP_SignFinal(&md_ctx, &(p[2]), - (unsigned int *)&i, pkey)) { + if (EVP_SignInit_ex(&md_ctx, md, NULL) <= 0 + || EVP_SignUpdate(&md_ctx, &(s->s3->client_random[0]), + SSL3_RANDOM_SIZE) <= 0 + || EVP_SignUpdate(&md_ctx, &(s->s3->server_random[0]), + SSL3_RANDOM_SIZE) <= 0 + || EVP_SignUpdate(&md_ctx, d, n) <= 0 + || EVP_SignFinal(&md_ctx, &(p[2]), + (unsigned int *)&i, pkey) <= 0) { SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_LIB_EVP); - goto err; + al = SSL_AD_INTERNAL_ERROR; + goto f_err; } s2n(i, p); n += i + 2; @@ -2867,7 +2873,15 @@ int ssl3_get_client_key_exchange(SSL *s) pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey; pkey_ctx = EVP_PKEY_CTX_new(pk, NULL); - EVP_PKEY_decrypt_init(pkey_ctx); + if (pkey_ctx == NULL) { + al = SSL_AD_INTERNAL_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); + goto f_err; + } + if (EVP_PKEY_decrypt_init(pkey_ctx) <= 0) { + SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); + goto gerr; + } /* * If client certificate is present and is of the same type, maybe * use it for key exchange. Don't mind errors from @@ -3099,7 +3113,17 @@ int ssl3_get_cert_verify(SSL *s) unsigned char signature[64]; int idx; EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new(pkey, NULL); - EVP_PKEY_verify_init(pctx); + if (pctx == NULL) { + al = SSL_AD_INTERNAL_ERROR; + SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, ERR_R_MALLOC_FAILURE); + goto f_err; + } + if (EVP_PKEY_verify_init(pctx) <= 0) { + EVP_PKEY_CTX_free(pctx); + al = SSL_AD_INTERNAL_ERROR; + SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, ERR_R_INTERNAL_ERROR); + goto f_err; + } if (i != 64) { fprintf(stderr, "GOST signature length is %d", i); } @@ -2681,6 +2681,7 @@ void ERR_load_SSL_strings(void); # define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 292 # define SSL_F_SSL3_ENC 134 # define SSL_F_SSL3_GENERATE_KEY_BLOCK 238 +# define SSL_F_SSL3_GENERATE_MASTER_SECRET 388 # define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135 # define SSL_F_SSL3_GET_CERT_STATUS 289 # define SSL_F_SSL3_GET_CERT_VERIFY 136 @@ -2846,8 +2847,11 @@ void ERR_load_SSL_strings(void); # define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106 # define SSL_R_BAD_DECOMPRESSION 107 # define SSL_R_BAD_DH_G_LENGTH 108 +# define SSL_R_BAD_DH_G_VALUE 375 # define SSL_R_BAD_DH_PUB_KEY_LENGTH 109 +# define SSL_R_BAD_DH_PUB_KEY_VALUE 393 # define SSL_R_BAD_DH_P_LENGTH 110 +# define SSL_R_BAD_DH_P_VALUE 395 # define SSL_R_BAD_DIGEST_LENGTH 111 # define SSL_R_BAD_DSA_SIGNATURE 112 # define SSL_R_BAD_ECC_CERT 304 diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c index 39d48ea..35cc27c 100644 --- a/ssl/ssl_asn1.c +++ b/ssl/ssl_asn1.c @@ -121,13 +121,16 @@ typedef struct ssl_session_asn1_st { int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) { #define LSIZE2 (sizeof(long)*2) - int v1 = 0, v2 = 0, v3 = 0, v4 = 0, v5 = 0, v7 = 0, v8 = 0; + int v1 = 0, v2 = 0, v3 = 0, v4 = 0, v5 = 0; unsigned char buf[4], ibuf1[LSIZE2], ibuf2[LSIZE2]; unsigned char ibuf3[LSIZE2], ibuf4[LSIZE2], ibuf5[LSIZE2]; #ifndef OPENSSL_NO_TLSEXT int v6 = 0, v9 = 0, v10 = 0; unsigned char ibuf6[LSIZE2]; #endif +#ifndef OPENSSL_NO_PSK + int v7 = 0, v8 = 0; +#endif #ifndef OPENSSL_NO_COMP unsigned char cbuf; int v11 = 0; diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 93a1eb9..a73f866 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -227,6 +227,7 @@ CERT *ssl_cert_dup(CERT *cert) memset(ret, 0, sizeof(CERT)); + ret->references = 1; ret->key = &ret->pkeys[cert->key - &cert->pkeys[0]]; /* * or ret->key = ret->pkeys + (cert->key - cert->pkeys), if you find that @@ -325,7 +326,6 @@ CERT *ssl_cert_dup(CERT *cert) #endif } - ret->references = 1; /* * Set digests to defaults. NB: we don't copy existing values as they * will be set during handshake. diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 2cc9a4a..6957bda 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -376,10 +376,11 @@ static int get_optional_pkey_id(const char *pkey_name) const EVP_PKEY_ASN1_METHOD *ameth; int pkey_id = 0; ameth = EVP_PKEY_asn1_find_str(NULL, pkey_name, -1); - if (ameth) { - EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth); + if (ameth && EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, + ameth) > 0) { + return pkey_id; } - return pkey_id; + return 0; } #else @@ -391,7 +392,9 @@ static int get_optional_pkey_id(const char *pkey_name) int pkey_id = 0; ameth = EVP_PKEY_asn1_find_str(&tmpeng, pkey_name, -1); if (ameth) { - EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth); + if (EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, + ameth) <= 0) + pkey_id = 0; } if (tmpeng) ENGINE_finish(tmpeng); @@ -1404,15 +1407,16 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c, const char **prule_str) { unsigned int suiteb_flags = 0, suiteb_comb2 = 0; - if (!strcmp(*prule_str, "SUITEB128")) - suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS; - else if (!strcmp(*prule_str, "SUITEB128ONLY")) + if (strncmp(*prule_str, "SUITEB128ONLY", 13) == 0) { suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS_ONLY; - else if (!strcmp(*prule_str, "SUITEB128C2")) { + } else if (strncmp(*prule_str, "SUITEB128C2", 11) == 0) { suiteb_comb2 = 1; suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS; - } else if (!strcmp(*prule_str, "SUITEB192")) + } else if (strncmp(*prule_str, "SUITEB128", 9) == 0) { + suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS; + } else if (strncmp(*prule_str, "SUITEB192", 9) == 0) { suiteb_flags = SSL_CERT_FLAG_SUITEB_192_LOS; + } if (suiteb_flags) { c->cert_flags &= ~SSL_CERT_FLAG_SUITEB_128_LOS; diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index 1a6030e..6d1366f 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -163,6 +163,8 @@ static ERR_STRING_DATA SSL_str_functs[] = { "ssl3_do_change_cipher_spec"}, {ERR_FUNC(SSL_F_SSL3_ENC), "ssl3_enc"}, {ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK), "SSL3_GENERATE_KEY_BLOCK"}, + {ERR_FUNC(SSL_F_SSL3_GENERATE_MASTER_SECRET), + "ssl3_generate_master_secret"}, {ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST), "ssl3_get_certificate_request"}, {ERR_FUNC(SSL_F_SSL3_GET_CERT_STATUS), "ssl3_get_cert_status"}, @@ -386,8 +388,11 @@ static ERR_STRING_DATA SSL_str_reasons[] = { "bad data returned by callback"}, {ERR_REASON(SSL_R_BAD_DECOMPRESSION), "bad decompression"}, {ERR_REASON(SSL_R_BAD_DH_G_LENGTH), "bad dh g length"}, + {ERR_REASON(SSL_R_BAD_DH_G_VALUE), "bad dh g value"}, {ERR_REASON(SSL_R_BAD_DH_PUB_KEY_LENGTH), "bad dh pub key length"}, + {ERR_REASON(SSL_R_BAD_DH_PUB_KEY_VALUE), "bad dh pub key value"}, {ERR_REASON(SSL_R_BAD_DH_P_LENGTH), "bad dh p length"}, + {ERR_REASON(SSL_R_BAD_DH_P_VALUE), "bad dh p value"}, {ERR_REASON(SSL_R_BAD_DIGEST_LENGTH), "bad digest length"}, {ERR_REASON(SSL_R_BAD_DSA_SIGNATURE), "bad dsa signature"}, {ERR_REASON(SSL_R_BAD_ECC_CERT), "bad ecc cert"}, diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index c0931e7..f2071db 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -307,6 +307,7 @@ SSL *SSL_new(SSL_CTX *ctx) s->options = ctx->options; s->mode = ctx->mode; s->max_cert_list = ctx->max_cert_list; + s->references = 1; if (ctx->cert != NULL) { /* @@ -405,7 +406,6 @@ SSL *SSL_new(SSL_CTX *ctx) if (!s->method->ssl_new(s)) goto err; - s->references = 1; s->server = (ctx->method->ssl_accept == ssl_undefined_function) ? 0 : 1; SSL_clear(s); @@ -1980,7 +1980,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) ret->extra_certs = NULL; /* No compression for DTLS */ - if (meth->version != DTLS1_VERSION) + if (!(meth->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS)) ret->comp_methods = SSL_COMP_get_compression_methods(); ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; @@ -3507,8 +3507,11 @@ EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md) { ssl_clear_hash_ctx(hash); *hash = EVP_MD_CTX_create(); - if (md) - EVP_DigestInit_ex(*hash, md, NULL); + if (*hash == NULL || (md && EVP_DigestInit_ex(*hash, md, NULL) <= 0)) { + EVP_MD_CTX_destroy(*hash); + *hash = NULL; + return NULL; + } return *hash; } diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 6c2c551..a8e4efc 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1366,7 +1366,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned char *limit, int *al); int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data, - unsigned char *d, int n); + unsigned char *limit); int tls1_set_server_sigalgs(SSL *s); int ssl_check_clienthello_tlsext_late(SSL *s); int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, @@ -1439,15 +1439,15 @@ int tls1_cbc_remove_padding(const SSL *s, SSL3_RECORD *rec, unsigned block_size, unsigned mac_size); char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx); -void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, - unsigned char *md_out, - size_t *md_out_size, - const unsigned char header[13], - const unsigned char *data, - size_t data_plus_mac_size, - size_t data_plus_mac_plus_padding_size, - const unsigned char *mac_secret, - unsigned mac_secret_length, char is_sslv3); +int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, + unsigned char *md_out, + size_t *md_out_size, + const unsigned char header[13], + const unsigned char *data, + size_t data_plus_mac_size, + size_t data_plus_mac_plus_padding_size, + const unsigned char *mac_secret, + unsigned mac_secret_length, char is_sslv3); void tls_fips_digest_extra(const EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *mac_ctx, const unsigned char *data, diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index b1b2318..b0f75c9 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -160,7 +160,10 @@ int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) } RSA_up_ref(rsa); - EVP_PKEY_assign_RSA(pkey, rsa); + if (EVP_PKEY_assign_RSA(pkey, rsa) <= 0) { + RSA_free(rsa); + return 0; + } ret = ssl_set_pkey(ssl->cert, pkey); EVP_PKEY_free(pkey); @@ -195,6 +198,15 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) if (c->pkeys[i].x509 != NULL) { EVP_PKEY *pktmp; pktmp = X509_get_pubkey(c->pkeys[i].x509); + if (pktmp == NULL) { + SSLerr(SSL_F_SSL_SET_PKEY, ERR_R_MALLOC_FAILURE); + EVP_PKEY_free(pktmp); + return 0; + } + /* + * The return code from EVP_PKEY_copy_parameters is deliberately + * ignored. Some EVP_PKEY types cannot do this. + */ EVP_PKEY_copy_parameters(pktmp, pkey); EVP_PKEY_free(pktmp); ERR_clear_error(); @@ -396,6 +408,10 @@ static int ssl_set_cert(CERT *c, X509 *x) } if (c->pkeys[i].privatekey != NULL) { + /* + * The return code from EVP_PKEY_copy_parameters is deliberately + * ignored. Some EVP_PKEY types cannot do this. + */ EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey); ERR_clear_error(); @@ -516,7 +532,10 @@ int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa) } RSA_up_ref(rsa); - EVP_PKEY_assign_RSA(pkey, rsa); + if (EVP_PKEY_assign_RSA(pkey, rsa) <= 0) { + RSA_free(rsa); + return 0; + } ret = ssl_set_pkey(ctx->cert, pkey); EVP_PKEY_free(pkey); @@ -750,31 +769,31 @@ static int serverinfo_find_extension(const unsigned char *serverinfo, *extension_data = NULL; *extension_length = 0; if (serverinfo == NULL || serverinfo_length == 0) - return 0; + return -1; for (;;) { unsigned int type = 0; size_t len = 0; /* end of serverinfo */ if (serverinfo_length == 0) - return -1; /* Extension not found */ + return 0; /* Extension not found */ /* read 2-byte type field */ if (serverinfo_length < 2) - return 0; /* Error */ + return -1; /* Error */ type = (serverinfo[0] << 8) + serverinfo[1]; serverinfo += 2; serverinfo_length -= 2; /* read 2-byte len field */ if (serverinfo_length < 2) - return 0; /* Error */ + return -1; /* Error */ len = (serverinfo[0] << 8) + serverinfo[1]; serverinfo += 2; serverinfo_length -= 2; if (len > serverinfo_length) - return 0; /* Error */ + return -1; /* Error */ if (type == extension_type) { *extension_data = serverinfo; @@ -814,10 +833,12 @@ static int serverinfo_srv_add_cb(SSL *s, unsigned int ext_type, /* Find the relevant extension from the serverinfo */ int retval = serverinfo_find_extension(serverinfo, serverinfo_length, ext_type, out, outlen); + if (retval == -1) { + *al = SSL_AD_DECODE_ERROR; + return -1; /* Error */ + } if (retval == 0) - return 0; /* Error */ - if (retval == -1) - return -1; /* No extension found, don't send extension */ + return 0; /* No extension found, don't send extension */ return 1; /* Send extension */ } return -1; /* No serverinfo data found, don't send diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 07e7379..68390d3 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -256,8 +256,8 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) dest->tlsext_ecpointformatlist = NULL; dest->tlsext_ellipticcurvelist = NULL; # endif -#endif dest->tlsext_tick = NULL; +#endif #ifndef OPENSSL_NO_SRP dest->srp_username = NULL; #endif @@ -324,7 +324,6 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) goto err; } # endif -#endif if (ticket != 0) { dest->tlsext_tick = BUF_memdup(src->tlsext_tick, src->tlsext_ticklen); @@ -334,6 +333,7 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) dest->tlsext_tick_lifetime_hint = 0; dest->tlsext_ticklen = 0; } +#endif #ifndef OPENSSL_NO_SRP if (src->srp_username) { diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 6737adf..aaf6c6b 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -142,6 +142,7 @@ /* Or gethostname won't be declared properly on Linux and GNU platforms. */ #define _BSD_SOURCE 1 +#define _DEFAULT_SOURCE 1 #include <assert.h> #include <errno.h> diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index e2a8f86..f46544b 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -384,6 +384,8 @@ int tls1_change_cipher_state(SSL *s, int which) EVP_CIPHER_CTX_init(s->enc_read_ctx); dd = s->enc_read_ctx; mac_ctx = ssl_replace_hash(&s->read_hash, NULL); + if (mac_ctx == NULL) + goto err; #ifndef OPENSSL_NO_COMP if (s->expand != NULL) { COMP_CTX_free(s->expand); @@ -422,11 +424,14 @@ int tls1_change_cipher_state(SSL *s, int which) dd = s->enc_write_ctx; if (SSL_IS_DTLS(s)) { mac_ctx = EVP_MD_CTX_create(); - if (!mac_ctx) + if (mac_ctx == NULL) goto err; s->write_hash = mac_ctx; - } else + } else { mac_ctx = ssl_replace_hash(&s->write_hash, NULL); + if (mac_ctx == NULL) + goto err; + } #ifndef OPENSSL_NO_COMP if (s->compress != NULL) { COMP_CTX_free(s->compress); @@ -499,7 +504,12 @@ int tls1_change_cipher_state(SSL *s, int which) if (!(EVP_CIPHER_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER)) { mac_key = EVP_PKEY_new_mac_key(mac_type, NULL, mac_secret, *mac_secret_size); - EVP_DigestSignInit(mac_ctx, NULL, m, NULL, mac_key); + if (mac_key == NULL + || EVP_DigestSignInit(mac_ctx, NULL, m, NULL, mac_key) <= 0) { + EVP_PKEY_free(mac_key); + SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); + goto err2; + } EVP_PKEY_free(mac_key); } #ifdef TLS_DEBUG @@ -931,8 +941,9 @@ int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out) } EVP_MD_CTX_init(&ctx); - EVP_MD_CTX_copy_ex(&ctx, d); - EVP_DigestFinal_ex(&ctx, out, &ret); + if (EVP_MD_CTX_copy_ex(&ctx, d) <=0 + || EVP_DigestFinal_ex(&ctx, out, &ret) <= 0) + ret = 0; EVP_MD_CTX_cleanup(&ctx); return ((int)ret); } @@ -1059,17 +1070,24 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send) * are hashing because that gives an attacker a timing-oracle. */ /* Final param == not SSLv3 */ - ssl3_cbc_digest_record(mac_ctx, - md, &md_size, - header, rec->input, - rec->length + md_size, orig_len, - ssl->s3->read_mac_secret, - ssl->s3->read_mac_secret_size, 0); + if (ssl3_cbc_digest_record(mac_ctx, + md, &md_size, + header, rec->input, + rec->length + md_size, orig_len, + ssl->s3->read_mac_secret, + ssl->s3->read_mac_secret_size, 0) <= 0) { + if (!stream_mac) + EVP_MD_CTX_cleanup(&hmac); + return -1; + } } else { - EVP_DigestSignUpdate(mac_ctx, header, sizeof(header)); - EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length); - t = EVP_DigestSignFinal(mac_ctx, md, &md_size); - OPENSSL_assert(t > 0); + if (EVP_DigestSignUpdate(mac_ctx, header, sizeof(header)) <= 0 + || EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length) <= 0 + || EVP_DigestSignFinal(mac_ctx, md, &md_size) <= 0) { + if (!stream_mac) + EVP_MD_CTX_cleanup(&hmac); + return -1; + } #ifdef OPENSSL_FIPS if (!send && FIPS_mode()) tls_fips_digest_extra(ssl->enc_read_ctx, diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 210a5e8..3176d1e 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -497,7 +497,7 @@ static int tls1_get_curvelist(SSL *s, int sess, } else # endif { - if (!s->server || (s->cert && s->cert->ecdh_tmp_auto)) { + if (!s->server || s->cert->ecdh_tmp_auto) { *pcurves = eccurves_auto; pcurveslen = sizeof(eccurves_auto); } else { @@ -1837,7 +1837,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, * 10.8..10.8.3 (which don't work). */ static void ssl_check_for_safari(SSL *s, const unsigned char *data, - const unsigned char *d, int n) + const unsigned char *limit) { unsigned short type, size; static const unsigned char kSafariExtensionsBlock[] = { @@ -1866,11 +1866,11 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data, 0x02, 0x03, /* SHA-1/ECDSA */ }; - if (data >= (d + n - 2)) + if (data >= (limit - 2)) return; data += 2; - if (data > (d + n - 4)) + if (data > (limit - 4)) return; n2s(data, type); n2s(data, size); @@ -1878,7 +1878,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data, if (type != TLSEXT_TYPE_server_name) return; - if (data + size > d + n) + if (data + size > limit) return; data += size; @@ -1886,7 +1886,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data, const size_t len1 = sizeof(kSafariExtensionsBlock); const size_t len2 = sizeof(kSafariTLS12ExtensionsBlock); - if (data + len1 + len2 != d + n) + if (data + len1 + len2 != limit) return; if (memcmp(data, kSafariExtensionsBlock, len1) != 0) return; @@ -1895,7 +1895,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data, } else { const size_t len = sizeof(kSafariExtensionsBlock); - if (data + len != d + n) + if (data + len != limit) return; if (memcmp(data, kSafariExtensionsBlock, len) != 0) return; @@ -1974,7 +1974,7 @@ static int tls1_alpn_handle_client_hello(SSL *s, const unsigned char *data, } static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, - unsigned char *d, int n, int *al) + unsigned char *limit, int *al) { unsigned short type; unsigned short size; @@ -1999,7 +1999,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, # ifndef OPENSSL_NO_EC if (s->options & SSL_OP_SAFARI_ECDHE_ECDSA_BUG) - ssl_check_for_safari(s, data, d, n); + ssl_check_for_safari(s, data, limit); # endif /* !OPENSSL_NO_EC */ /* Clear any signature algorithms extension received */ @@ -2016,22 +2016,22 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, s->srtp_profile = NULL; - if (data == d + n) + if (data == limit) goto ri_check; - if (data > (d + n - 2)) + if (data > (limit - 2)) goto err; n2s(data, len); - if (data > (d + n - len)) + if (data + len != limit) goto err; - while (data <= (d + n - 4)) { + while (data <= (limit - 4)) { n2s(data, type); n2s(data, size); - if (data + size > (d + n)) + if (data + size > (limit)) goto err; # if 0 fprintf(stderr, "Received extension type %d size %d\n", type, size); @@ -2405,7 +2405,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, } /* Spurious data on the end */ - if (data != d + n) + if (data != limit) goto err; *p = data; @@ -2465,8 +2465,8 @@ static int ssl_scan_clienthello_custom_tlsext(SSL *s, return 1; } -int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, - int n) +int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, + unsigned char *limit) { int al = -1; unsigned char *ptmp = *p; @@ -2476,7 +2476,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, * switch the parent context using SSL_set_SSL_CTX and custom extensions * need to be handled by the new SSL_CTX structure. */ - if (ssl_scan_clienthello_tlsext(s, p, d, n, &al) <= 0) { + if (ssl_scan_clienthello_tlsext(s, p, limit, &al) <= 0) { ssl3_send_alert(s, SSL3_AL_FATAL, al); return 0; } @@ -2487,7 +2487,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, } custom_ext_init(&s->cert->srv_ext); - if (ssl_scan_clienthello_custom_tlsext(s, ptmp, d + n, &al) <= 0) { + if (ssl_scan_clienthello_custom_tlsext(s, ptmp, limit, &al) <= 0) { ssl3_send_alert(s, SSL3_AL_FATAL, al); return 0; } @@ -3385,10 +3385,13 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, /* Check key name matches */ if (memcmp(etick, tctx->tlsext_tick_key_name, 16)) return 2; - HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, - tlsext_tick_md(), NULL); - EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, - tctx->tlsext_tick_aes_key, etick + 16); + if (HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, + tlsext_tick_md(), NULL) <= 0 + || EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, + tctx->tlsext_tick_aes_key, + etick + 16) <= 0) { + goto err; + } } /* * Attempt to process session ticket, first conduct sanity and integrity @@ -3396,13 +3399,14 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, */ mlen = HMAC_size(&hctx); if (mlen < 0) { - EVP_CIPHER_CTX_cleanup(&ctx); - return -1; + goto err; } eticklen -= mlen; /* Check HMAC of encrypted ticket */ - HMAC_Update(&hctx, etick, eticklen); - HMAC_Final(&hctx, tick_hmac, NULL); + if (HMAC_Update(&hctx, etick, eticklen) <= 0 + || HMAC_Final(&hctx, tick_hmac, NULL) <= 0) { + goto err; + } HMAC_CTX_cleanup(&hctx); if (CRYPTO_memcmp(tick_hmac, etick + eticklen, mlen)) { EVP_CIPHER_CTX_cleanup(&ctx); @@ -3413,11 +3417,10 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx); eticklen -= 16 + EVP_CIPHER_CTX_iv_length(&ctx); sdec = OPENSSL_malloc(eticklen); - if (!sdec) { + if (!sdec || EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen) <= 0) { EVP_CIPHER_CTX_cleanup(&ctx); return -1; } - EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen); if (EVP_DecryptFinal(&ctx, sdec + slen, &mlen) <= 0) { EVP_CIPHER_CTX_cleanup(&ctx); OPENSSL_free(sdec); @@ -3450,6 +3453,10 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, * For session parse failure, indicate that we need to send a new ticket. */ return 2; +err: + EVP_CIPHER_CTX_cleanup(&ctx); + HMAC_CTX_cleanup(&hctx); + return -1; } /* Tables to translate from NIDs to TLS v1.2 ids */ @@ -231,13 +231,12 @@ extern "C" { /* ExtensionType value from RFC5620 */ # define TLSEXT_TYPE_heartbeat 15 -/* ExtensionType value from draft-ietf-tls-applayerprotoneg-00 */ +/* ExtensionType value from RFC7301 */ # define TLSEXT_TYPE_application_layer_protocol_negotiation 16 /* * ExtensionType value for TLS padding extension. - * http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml - * http://tools.ietf.org/html/draft-agl-tls-padding-03 + * http://tools.ietf.org/html/draft-agl-tls-padding */ # define TLSEXT_TYPE_padding 21 @@ -262,20 +261,19 @@ extern "C" { # define TLSEXT_TYPE_next_proto_neg 13172 # endif -/* NameType value from RFC 3546 */ +/* NameType value from RFC3546 */ # define TLSEXT_NAMETYPE_host_name 0 -/* status request value from RFC 3546 */ +/* status request value from RFC3546 */ # define TLSEXT_STATUSTYPE_ocsp 1 -/* ECPointFormat values from draft-ietf-tls-ecc-12 */ +/* ECPointFormat values from RFC4492 */ # define TLSEXT_ECPOINTFORMAT_first 0 # define TLSEXT_ECPOINTFORMAT_uncompressed 0 # define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime 1 # define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 2 # define TLSEXT_ECPOINTFORMAT_last 2 -/* Signature and hash algorithms from RFC 5246 */ - +/* Signature and hash algorithms from RFC5246 */ # define TLSEXT_signature_anonymous 0 # define TLSEXT_signature_rsa 1 # define TLSEXT_signature_dsa 2 @@ -430,7 +428,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA 0x03000066 /* AES ciphersuites from RFC3268 */ - # define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F # define TLS1_CK_DH_DSS_WITH_AES_128_SHA 0x03000030 # define TLS1_CK_DH_RSA_WITH_AES_128_SHA 0x03000031 @@ -595,7 +592,7 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA "DHE-RSA-AES256-SHA" # define TLS1_TXT_ADH_WITH_AES_256_SHA "ADH-AES256-SHA" -/* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */ +/* ECC ciphersuites from RFC4492 */ # define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA "ECDH-ECDSA-NULL-SHA" # define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA "ECDH-ECDSA-RC4-SHA" # define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA "ECDH-ECDSA-DES-CBC3-SHA" diff --git a/test/Makefile b/test/Makefile index e695073..b180971 100644 --- a/test/Makefile +++ b/test/Makefile @@ -69,6 +69,7 @@ ASN1TEST= asn1test HEARTBEATTEST= heartbeat_test CONSTTIMETEST= constant_time_test VERIFYEXTRATEST= verify_extra_test +CLIENTHELLOTEST= clienthellotest TESTS= alltests @@ -81,7 +82,8 @@ EXE= $(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_EXT) $(ECDSATEST)$(EXE_EXT) $(ECDHTEST) $(BFTEST)$(EXE_EXT) $(CASTTEST)$(EXE_EXT) $(SSLTEST)$(EXE_EXT) $(EXPTEST)$(EXE_EXT) $(DSATEST)$(EXE_EXT) $(RSATEST)$(EXE_EXT) \ $(EVPTEST)$(EXE_EXT) $(EVPEXTRATEST)$(EXE_EXT) $(IGETEST)$(EXE_EXT) $(JPAKETEST)$(EXE_EXT) $(SRPTEST)$(EXE_EXT) \ $(ASN1TEST)$(EXE_EXT) $(V3NAMETEST)$(EXE_EXT) $(HEARTBEATTEST)$(EXE_EXT) \ - $(CONSTTIMETEST)$(EXE_EXT) $(VERIFYEXTRATEST)$(EXE_EXT) + $(CONSTTIMETEST)$(EXE_EXT) $(VERIFYEXTRATEST)$(EXE_EXT) \ + $(CLIENTHELLOTEST)$(EXE_EXT) # $(METHTEST)$(EXE_EXT) @@ -94,7 +96,8 @@ OBJ= $(BNTEST).o $(ECTEST).o $(ECDSATEST).o $(ECDHTEST).o $(IDEATEST).o \ $(RANDTEST).o $(DHTEST).o $(ENGINETEST).o $(CASTTEST).o \ $(BFTEST).o $(SSLTEST).o $(DSATEST).o $(EXPTEST).o $(RSATEST).o \ $(EVPTEST).o $(EVPEXTRATEST).o $(IGETEST).o $(JPAKETEST).o $(ASN1TEST).o $(V3NAMETEST).o \ - $(HEARTBEATTEST).o $(CONSTTIMETEST).o $(VERIFYEXTRATEST).o + $(HEARTBEATTEST).o $(CONSTTIMETEST).o $(VERIFYEXTRATEST).o \ + $(CLIENTHELLOTEST).o SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \ $(MD2TEST).c $(MD4TEST).c $(MD5TEST).c \ @@ -104,7 +107,8 @@ SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \ $(RANDTEST).c $(DHTEST).c $(ENGINETEST).c $(CASTTEST).c \ $(BFTEST).c $(SSLTEST).c $(DSATEST).c $(EXPTEST).c $(RSATEST).c \ $(EVPTEST).c $(EVPEXTRATEST).c $(IGETEST).c $(JPAKETEST).c $(SRPTEST).c $(ASN1TEST).c \ - $(V3NAMETEST).c $(HEARTBEATTEST).c $(CONSTTIMETEST).c $(VERIFYEXTRATEST).c + $(V3NAMETEST).c $(HEARTBEATTEST).c $(CONSTTIMETEST).c $(VERIFYEXTRATEST).c \ + $(CLIENTHELLOTEST).c EXHEADER= HEADER= testutil.h $(EXHEADER) @@ -148,7 +152,7 @@ alltests: \ test_gen test_req test_pkcs7 test_verify test_dh test_dsa \ test_ss test_ca test_engine test_evp test_evp_extra test_ssl test_tsa test_ige \ test_jpake test_srp test_cms test_ocsp test_v3name test_heartbeat \ - test_constant_time test_verify_extra + test_constant_time test_verify_extra test_clienthello test_evp: $(EVPTEST)$(EXE_EXT) evptests.txt ../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt @@ -241,7 +245,7 @@ test_bn: $(BNTEST)$(EXE_EXT) $(EXPTEST)$(EXE_EXT) bctest @../util/shlib_wrap.sh ./$(BNTEST) >tmp.bntest @echo quit >>tmp.bntest @echo "running bc" - @<tmp.bntest sh -c "`sh ./bctest ignore`" | $(PERL) -e '$$i=0; while (<STDIN>) {if (/^test (.*)/) {print STDERR "\nverify $$1";} elsif (!/^0$$/) {die "\nFailed! bc: $$_";} else {print STDERR "."; $$i++;}} print STDERR "\n$$i tests passed\n"' + @<tmp.bntest sh -c "`sh ./bctest ignore`" | $(PERL) -e '$$i=0; while (<STDIN>) {if (/^test (.*)/) {print STDERR "\nverify $$1";} elsif (!/^0\r?$$/) {die "\nFailed! bc: $$_";} else {print STDERR "."; $$i++;}} print STDERR "\n$$i tests passed\n"' @echo 'test a^b%c implementations' ../util/shlib_wrap.sh ./$(EXPTEST) @@ -353,6 +357,10 @@ test_verify_extra: $(VERIFYEXTRATEST)$(EXE_EXT) @echo $(START) $@ ../util/shlib_wrap.sh ./$(VERIFYEXTRATEST) +test_clienthello: $(CLIENTHELLOTEST)$(EXE_EXT) + @echo $(START) $@ + ../util/shlib_wrap.sh ./$(CLIENTHELLOTEST) + lint: lint -DLINT $(INCLUDES) $(SRC)>fluff @@ -527,6 +535,9 @@ $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMETEST).o $(VERIFYEXTRATEST)$(EXE_EXT): $(VERIFYEXTRATEST).o @target=$(VERIFYEXTRATEST) $(BUILD_CMD) +$(CLIENTHELLOTEST)$(EXE_EXT): $(CLIENTHELLOTEST).o + @target=$(CLIENTHELLOTEST) $(BUILD_CMD) + #$(AESTEST).o: $(AESTEST).c # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c @@ -572,6 +583,26 @@ bntest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h bntest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h bntest.c casttest.o: ../e_os.h ../include/openssl/cast.h ../include/openssl/e_os2.h casttest.o: ../include/openssl/opensslconf.h casttest.c +clienthellotest.o: ../include/openssl/asn1.h ../include/openssl/bio.h +clienthellotest.o: ../include/openssl/buffer.h ../include/openssl/comp.h +clienthellotest.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h +clienthellotest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +clienthellotest.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +clienthellotest.o: ../include/openssl/err.h ../include/openssl/evp.h +clienthellotest.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +clienthellotest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +clienthellotest.o: ../include/openssl/objects.h +clienthellotest.o: ../include/openssl/opensslconf.h +clienthellotest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +clienthellotest.o: ../include/openssl/pem.h ../include/openssl/pem2.h +clienthellotest.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +clienthellotest.o: ../include/openssl/safestack.h ../include/openssl/sha.h +clienthellotest.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +clienthellotest.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +clienthellotest.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +clienthellotest.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +clienthellotest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +clienthellotest.o: clienthellotest.c constant_time_test.o: ../crypto/constant_time_locl.h ../e_os.h constant_time_test.o: ../include/openssl/e_os2.h constant_time_test.o: ../include/openssl/opensslconf.h constant_time_test.c diff --git a/test/bftest.c b/test/bftest.c index 78b1749..eb8c15d 120000 --- a/test/bftest.c +++ b/test/bftest.c @@ -1 +1 @@ -../crypto/bf/bftest.c
\ No newline at end of file +openssl-1.0.2e/../crypto/bf/bftest.c
\ No newline at end of file diff --git a/test/bntest.c b/test/bntest.c index 03f54a2..1f78176 120000 --- a/test/bntest.c +++ b/test/bntest.c @@ -1 +1 @@ -../crypto/bn/bntest.c
\ No newline at end of file +openssl-1.0.2e/../crypto/bn/bntest.c
\ No newline at end of file diff --git a/test/casttest.c b/test/casttest.c index ac7ede8..823c4bb 120000 --- a/test/casttest.c +++ b/test/casttest.c @@ -1 +1 @@ -../crypto/cast/casttest.c
\ No newline at end of file +openssl-1.0.2e/../crypto/cast/casttest.c
\ No newline at end of file diff --git a/test/certs/pss1.pem b/test/certs/pss1.pem new file mode 100644 index 0000000..29da71d --- /dev/null +++ b/test/certs/pss1.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDdjCCAjqgAwIBAgIJANcwZLyfEv7DMD4GCSqGSIb3DQEBCjAxoA0wCwYJYIZI +AWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIEAgIA3jAnMSUwIwYD +VQQDDBxUZXN0IEludmFsaWQgUFNTIGNlcnRpZmljYXRlMB4XDTE1MTEwNDE2MDIz +NVoXDTE1MTIwNDE2MDIzNVowJzElMCMGA1UEAwwcVGVzdCBJbnZhbGlkIFBTUyBj +ZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMTaM7WH +qVCAGAIA+zL1KWvvASTrhlq+1ePdO7wsrWX2KiYoTYrJYTnxhLnn0wrHqApt79nL +IBG7cfShyZqFHOY/IzlYPMVt+gPo293gw96Fds5JBsjhjkyGnOyr9OUntFqvxDbT +IIFU7o9IdxD4edaqjRv+fegVE+B79pDk4s0ujsk6dULtCg9Rst0ucGFo19mr+b7k +dbfn8pZ72ZNDJPueVdrUAWw9oll61UcYfk75XdrLk6JlL41GrYHc8KlfXf43gGQq +QfrpHkg4Ih2cI6Wt2nhFGAzrlcorzLliQIUJRIhM8h4IgDfpBpaPdVQLqS2pFbXa +5eQjqiyJwak2vJ8CAwEAAaNQME4wHQYDVR0OBBYEFCt180N4oGUt5LbzBwQ4Ia+2 +4V97MB8GA1UdIwQYMBaAFCt180N4oGUt5LbzBwQ4Ia+24V97MAwGA1UdEwQFMAMB +Af8wMQYJKoZIhvcNAQEKMCSgDTALBglghkgBZQMEAgGhDTALBgkqhkiG9w0BAQii +BAICAN4DggEBAAjBtm90lGxgddjc4Xu/nbXXFHVs2zVcHv/mqOZoQkGB9r/BVgLb +xhHrFZ2pHGElbUYPfifdS9ztB73e1d4J+P29o0yBqfd4/wGAc/JA8qgn6AAEO/Xn +plhFeTRJQtLZVl75CkHXgUGUd3h+ADvKtcBuW9dSUncaUrgNKR8u/h/2sMG38RWY +DzBddC/66YTa3r7KkVUfW7yqRQfELiGKdcm+bjlTEMsvS+EhHup9CzbpoCx2Fx9p +NPtFY3yEObQhmL1JyoCRWqBE75GzFPbRaiux5UpEkns+i3trkGssZzsOuVqHNTNZ +lC9+9hPHIoc9UMmAQNo1vGIW3NWVoeGbaJ8= +-----END CERTIFICATE----- diff --git a/test/clienthellotest.c b/test/clienthellotest.c new file mode 120000 index 0000000..ae25f16 --- /dev/null +++ b/test/clienthellotest.c @@ -0,0 +1 @@ +openssl-1.0.2e/../ssl/clienthellotest.c
\ No newline at end of file diff --git a/test/constant_time_test.c b/test/constant_time_test.c index 519f2f3..4f9a6aa 120000 --- a/test/constant_time_test.c +++ b/test/constant_time_test.c @@ -1 +1 @@ -../crypto/constant_time_test.c
\ No newline at end of file +openssl-1.0.2e/../crypto/constant_time_test.c
\ No newline at end of file diff --git a/test/destest.c b/test/destest.c index 5988c73..fd77cd5 120000 --- a/test/destest.c +++ b/test/destest.c @@ -1 +1 @@ -../crypto/des/destest.c
\ No newline at end of file +openssl-1.0.2e/../crypto/des/destest.c
\ No newline at end of file diff --git a/test/dhtest.c b/test/dhtest.c index 9a67f91..7c3e64d 120000 --- a/test/dhtest.c +++ b/test/dhtest.c @@ -1 +1 @@ -../crypto/dh/dhtest.c
\ No newline at end of file +openssl-1.0.2e/../crypto/dh/dhtest.c
\ No newline at end of file diff --git a/test/dsatest.c b/test/dsatest.c index 16a1b5a..1a18175 120000 --- a/test/dsatest.c +++ b/test/dsatest.c @@ -1 +1 @@ -../crypto/dsa/dsatest.c
\ No newline at end of file +openssl-1.0.2e/../crypto/dsa/dsatest.c
\ No newline at end of file diff --git a/test/ecdhtest.c b/test/ecdhtest.c index 206d986..5e24a98 120000 --- a/test/ecdhtest.c +++ b/test/ecdhtest.c @@ -1 +1 @@ -../crypto/ecdh/ecdhtest.c
\ No newline at end of file +openssl-1.0.2e/../crypto/ecdh/ecdhtest.c
\ No newline at end of file diff --git a/test/ecdsatest.c b/test/ecdsatest.c index 441082b..c2bbe4f 120000 --- a/test/ecdsatest.c +++ b/test/ecdsatest.c @@ -1 +1 @@ -../crypto/ecdsa/ecdsatest.c
\ No newline at end of file +openssl-1.0.2e/../crypto/ecdsa/ecdsatest.c
\ No newline at end of file diff --git a/test/ectest.c b/test/ectest.c index df1831f..e25805f 120000 --- a/test/ectest.c +++ b/test/ectest.c @@ -1 +1 @@ -../crypto/ec/ectest.c
\ No newline at end of file +openssl-1.0.2e/../crypto/ec/ectest.c
\ No newline at end of file diff --git a/test/enginetest.c b/test/enginetest.c index 5c74a6f..7eb1831 120000 --- a/test/enginetest.c +++ b/test/enginetest.c @@ -1 +1 @@ -../crypto/engine/enginetest.c
\ No newline at end of file +openssl-1.0.2e/../crypto/engine/enginetest.c
\ No newline at end of file diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index 2f2a8f7..7be69e4 120000 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -1 +1 @@ -../crypto/evp/evp_extra_test.c
\ No newline at end of file +openssl-1.0.2e/../crypto/evp/evp_extra_test.c
\ No newline at end of file diff --git a/test/evp_test.c b/test/evp_test.c index 0741628..969b2df 120000 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -1 +1 @@ -../crypto/evp/evp_test.c
\ No newline at end of file +openssl-1.0.2e/../crypto/evp/evp_test.c
\ No newline at end of file diff --git a/test/exptest.c b/test/exptest.c index 50ccf71..cea2f17 120000 --- a/test/exptest.c +++ b/test/exptest.c @@ -1 +1 @@ -../crypto/bn/exptest.c
\ No newline at end of file +openssl-1.0.2e/../crypto/bn/exptest.c
\ No newline at end of file diff --git a/test/heartbeat_test.c b/test/heartbeat_test.c index 79576fd..836fb8a 120000 --- a/test/heartbeat_test.c +++ b/test/heartbeat_test.c @@ -1 +1 @@ -../ssl/heartbeat_test.c
\ No newline at end of file +openssl-1.0.2e/../ssl/heartbeat_test.c
\ No newline at end of file diff --git a/test/hmactest.c b/test/hmactest.c index 353ee2c..a646bcd 120000 --- a/test/hmactest.c +++ b/test/hmactest.c @@ -1 +1 @@ -../crypto/hmac/hmactest.c
\ No newline at end of file +openssl-1.0.2e/../crypto/hmac/hmactest.c
\ No newline at end of file diff --git a/test/ideatest.c b/test/ideatest.c index a9bfb3d..ba99358 120000 --- a/test/ideatest.c +++ b/test/ideatest.c @@ -1 +1 @@ -../crypto/idea/ideatest.c
\ No newline at end of file +openssl-1.0.2e/../crypto/idea/ideatest.c
\ No newline at end of file diff --git a/test/jpaketest.c b/test/jpaketest.c index 49f44f8..1b5e260 120000 --- a/test/jpaketest.c +++ b/test/jpaketest.c @@ -1 +1 @@ -dummytest.c
\ No newline at end of file +openssl-1.0.2e/dummytest.c
\ No newline at end of file diff --git a/test/md2test.c b/test/md2test.c index 49f44f8..1b5e260 120000 --- a/test/md2test.c +++ b/test/md2test.c @@ -1 +1 @@ -dummytest.c
\ No newline at end of file +openssl-1.0.2e/dummytest.c
\ No newline at end of file diff --git a/test/md4test.c b/test/md4test.c index 1509be9..88e2eb8 120000 --- a/test/md4test.c +++ b/test/md4test.c @@ -1 +1 @@ -../crypto/md4/md4test.c
\ No newline at end of file +openssl-1.0.2e/../crypto/md4/md4test.c
\ No newline at end of file diff --git a/test/md5test.c b/test/md5test.c index 20f4aaf..62779ae 120000 --- a/test/md5test.c +++ b/test/md5test.c @@ -1 +1 @@ -../crypto/md5/md5test.c
\ No newline at end of file +openssl-1.0.2e/../crypto/md5/md5test.c
\ No newline at end of file diff --git a/test/mdc2test.c b/test/mdc2test.c index c4ffe48..89c5faf 120000 --- a/test/mdc2test.c +++ b/test/mdc2test.c @@ -1 +1 @@ -../crypto/mdc2/mdc2test.c
\ No newline at end of file +openssl-1.0.2e/../crypto/mdc2/mdc2test.c
\ No newline at end of file diff --git a/test/randtest.c b/test/randtest.c index a2b107a..7094f41 120000 --- a/test/randtest.c +++ b/test/randtest.c @@ -1 +1 @@ -../crypto/rand/randtest.c
\ No newline at end of file +openssl-1.0.2e/../crypto/rand/randtest.c
\ No newline at end of file diff --git a/test/rc2test.c b/test/rc2test.c index 5c53ad9..4101b4f 120000 --- a/test/rc2test.c +++ b/test/rc2test.c @@ -1 +1 @@ -../crypto/rc2/rc2test.c
\ No newline at end of file +openssl-1.0.2e/../crypto/rc2/rc2test.c
\ No newline at end of file diff --git a/test/rc4test.c b/test/rc4test.c index 061ac37..d3c9079 120000 --- a/test/rc4test.c +++ b/test/rc4test.c @@ -1 +1 @@ -../crypto/rc4/rc4test.c
\ No newline at end of file +openssl-1.0.2e/../crypto/rc4/rc4test.c
\ No newline at end of file diff --git a/test/rc5test.c b/test/rc5test.c index 49f44f8..1b5e260 120000 --- a/test/rc5test.c +++ b/test/rc5test.c @@ -1 +1 @@ -dummytest.c
\ No newline at end of file +openssl-1.0.2e/dummytest.c
\ No newline at end of file diff --git a/test/rmdtest.c b/test/rmdtest.c index ce66460..1744939 120000 --- a/test/rmdtest.c +++ b/test/rmdtest.c @@ -1 +1 @@ -../crypto/ripemd/rmdtest.c
\ No newline at end of file +openssl-1.0.2e/../crypto/ripemd/rmdtest.c
\ No newline at end of file diff --git a/test/rsa_test.c b/test/rsa_test.c index aaea20d..4bc7c76 120000 --- a/test/rsa_test.c +++ b/test/rsa_test.c @@ -1 +1 @@ -../crypto/rsa/rsa_test.c
\ No newline at end of file +openssl-1.0.2e/../crypto/rsa/rsa_test.c
\ No newline at end of file diff --git a/test/sha1test.c b/test/sha1test.c index 8d66e9e..172c67c 120000 --- a/test/sha1test.c +++ b/test/sha1test.c @@ -1 +1 @@ -../crypto/sha/sha1test.c
\ No newline at end of file +openssl-1.0.2e/../crypto/sha/sha1test.c
\ No newline at end of file diff --git a/test/sha256t.c b/test/sha256t.c index 952a508..2f356c9 120000 --- a/test/sha256t.c +++ b/test/sha256t.c @@ -1 +1 @@ -../crypto/sha/sha256t.c
\ No newline at end of file +openssl-1.0.2e/../crypto/sha/sha256t.c
\ No newline at end of file diff --git a/test/sha512t.c b/test/sha512t.c index c80d152..fbab5ab 120000 --- a/test/sha512t.c +++ b/test/sha512t.c @@ -1 +1 @@ -../crypto/sha/sha512t.c
\ No newline at end of file +openssl-1.0.2e/../crypto/sha/sha512t.c
\ No newline at end of file diff --git a/test/shatest.c b/test/shatest.c index 43cfda7..b0bffa7 120000 --- a/test/shatest.c +++ b/test/shatest.c @@ -1 +1 @@ -../crypto/sha/shatest.c
\ No newline at end of file +openssl-1.0.2e/../crypto/sha/shatest.c
\ No newline at end of file diff --git a/test/srptest.c b/test/srptest.c index 9534868..4f8b8f8 120000 --- a/test/srptest.c +++ b/test/srptest.c @@ -1 +1 @@ -../crypto/srp/srptest.c
\ No newline at end of file +openssl-1.0.2e/../crypto/srp/srptest.c
\ No newline at end of file diff --git a/test/ssltest.c b/test/ssltest.c index 40191f0..9ee1c02 120000 --- a/test/ssltest.c +++ b/test/ssltest.c @@ -1 +1 @@ -../ssl/ssltest.c
\ No newline at end of file +openssl-1.0.2e/../ssl/ssltest.c
\ No newline at end of file @@ -74,5 +74,12 @@ if [ $? != 0 ]; then exit 1; fi cmp x509-f.p x509-ff.p3 if [ $? != 0 ]; then exit 1; fi +echo "Parsing test certificates" + +$cmd -in certs/pss1.pem -text -noout >/dev/null +if [ $? != 0 ]; then exit 1; fi + +echo OK + /bin/rm -f x509-f.* x509-ff.* x509-fff.* exit 0 diff --git a/test/v3nametest.c b/test/v3nametest.c index 1d209eb..05ac941 120000 --- a/test/v3nametest.c +++ b/test/v3nametest.c @@ -1 +1 @@ -../crypto/x509v3/v3nametest.c
\ No newline at end of file +openssl-1.0.2e/../crypto/x509v3/v3nametest.c
\ No newline at end of file diff --git a/test/verify_extra_test.c b/test/verify_extra_test.c index 11d837c..0d94843 120000 --- a/test/verify_extra_test.c +++ b/test/verify_extra_test.c @@ -1 +1 @@ -../crypto/x509/verify_extra_test.c
\ No newline at end of file +openssl-1.0.2e/../crypto/x509/verify_extra_test.c
\ No newline at end of file diff --git a/test/wp_test.c b/test/wp_test.c index 81b2021..a0a0526 120000 --- a/test/wp_test.c +++ b/test/wp_test.c @@ -1 +1 @@ -../crypto/whrlpool/wp_test.c
\ No newline at end of file +openssl-1.0.2e/../crypto/whrlpool/wp_test.c
\ No newline at end of file diff --git a/times/090/586-100.nt b/times/090/586-100.nt deleted file mode 100644 index 297ec3e..0000000 --- a/times/090/586-100.nt +++ /dev/null @@ -1,32 +0,0 @@ -SSLeay 0.9.0 08-Apr-1998 -built on Wed Apr 8 12:47:17 EST 1998 -options:bn(64,32) md2(int) rc4(idx,int) des(idx,cisc,4,long) idea(int) blowfish( -ptr2) -C flags:cl /MD /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DWIN32 -DL_ENDIAN --DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM -The 'numbers' are in 1000s of bytes per second processed. -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -md2 92.25k 256.80k 347.01k 380.40k 390.31k -mdc2 240.72k 251.10k 252.00k 250.80k 251.40k -md5 1013.61k 5651.94k 11831.61k 16294.89k 17901.43k -hmac(md5) 419.50k 2828.07k 7770.11k 13824.34k 17091.70k -sha1 524.31k 2721.45k 5216.15k 6766.10k 7308.42k -rmd160 462.09k 2288.59k 4260.77k 5446.44k 5841.65k -rc4 7895.90k 10326.73k 10555.43k 10728.22k 10429.44k -des cbc 2036.86k 2208.92k 2237.68k 2237.20k 2181.35k -des ede3 649.92k 739.42k 749.07k 748.86k 738.27k -idea cbc 823.19k 885.10k 894.92k 896.45k 891.87k -rc2 cbc 792.63k 859.00k 867.45k 868.96k 865.30k -rc5-32/12 cbc 3502.26k 4026.79k 4107.23k 4121.76k 4073.72k -blowfish cbc 3752.96k 4026.79k 4075.31k 3965.87k 3892.26k -cast cbc 2566.27k 2807.43k 2821.79k 2792.48k 2719.34k - sign verify sign/s verify/s -rsa 512 bits 0.0179s 0.0020s 56.0 501.7 -rsa 1024 bits 0.0950s 0.0060s 10.5 166.6 -rsa 2048 bits 0.6299s 0.0209s 1.6 47.8 -rsa 4096 bits 4.5870s 0.0787s 0.2 12.7 - sign verify sign/s verify/s -dsa 512 bits 0.0180s 0.0339s 55.6 29.5 -dsa 1024 bits 0.0555s 0.1076s 18.0 9.3 -dsa 2048 bits 0.1971s 0.3918s 5.1 2.6 - diff --git a/times/091/486-50.nt b/times/091/486-50.nt deleted file mode 100644 index 84820d9..0000000 --- a/times/091/486-50.nt +++ /dev/null @@ -1,30 +0,0 @@ -486-50 NT 4.0 - -SSLeay 0.9.1a 06-Jul-1998 -built on Sat Jul 18 18:03:20 EST 1998 -options:bn(64,32) md2(int) rc4(idx,int) des(idx,cisc,4,long) idea(int) blowfish(ptr2) -C flags:cl /MD /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DWIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM /Fdout32 -The 'numbers' are in 1000s of bytes per second processed. -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -md2 28.77k 80.30k 108.50k 118.98k 122.47k -mdc2 51.52k 54.06k 54.54k 54.65k 54.62k -md5 304.39k 1565.04k 3061.54k 3996.10k 4240.10k -hmac(md5) 119.53k 793.23k 2061.29k 3454.95k 4121.76k -sha1 127.51k 596.93k 1055.54k 1313.84k 1413.18k -rmd160 128.50k 572.49k 1001.03k 1248.01k 1323.63k -rc4 1224.40k 1545.11k 1590.29k 1600.20k 1576.90k -des cbc 448.19k 503.45k 512.30k 513.30k 508.23k -des ede3 148.66k 162.48k 163.68k 163.94k 164.24k -idea cbc 194.18k 211.10k 212.99k 213.18k 212.64k -rc2 cbc 245.78k 271.01k 274.12k 274.38k 273.52k -rc5-32/12 cbc 1252.48k 1625.20k 1700.03k 1711.12k 1677.18k -blowfish cbc 725.16k 828.26k 850.01k 846.99k 833.79k -cast cbc 643.30k 717.22k 739.48k 741.57k 735.33k - sign verify sign/s verify/s -rsa 512 bits 0.0904s 0.0104s 11.1 96.2 -rsa 1024 bits 0.5968s 0.0352s 1.7 28.4 -rsa 2048 bits 3.8860s 0.1017s 0.3 9.8 - sign verify sign/s verify/s -dsa 512 bits 0.1006s 0.1249s 9.9 8.0 -dsa 1024 bits 0.3306s 0.4093s 3.0 2.4 -dsa 2048 bits 0.9454s 1.1707s 1.1 0.9 diff --git a/times/091/586-100.lnx b/times/091/586-100.lnx deleted file mode 100644 index 92892a6..0000000 --- a/times/091/586-100.lnx +++ /dev/null @@ -1,32 +0,0 @@ -Pentium 100mhz, linux - -SSLeay 0.9.0a 14-Apr-1998 -built on Fri Apr 17 08:47:07 EST 1998 -options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2) -C flags:gcc -DL_ENDIAN -DTERMIO -DBN_ASM -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -The 'numbers' are in 1000s of bytes per second processed. -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -md2 56.65k 153.88k 208.47k 229.03k 237.57k -mdc2 189.59k 204.95k 206.93k 208.90k 209.56k -md5 1019.48k 5882.41k 12085.42k 16376.49k 18295.47k -hmac(md5) 415.86k 2887.85k 7891.29k 13894.66k 17446.23k -sha1 540.68k 2791.96k 5289.30k 6813.01k 7432.87k -rmd160 298.37k 1846.87k 3869.10k 5273.94k 5892.78k -rc4 7870.87k 10438.10k 10857.13k 10729.47k 10788.86k -des cbc 1960.60k 2226.37k 2241.88k 2054.83k 2181.80k -des ede3 734.44k 739.69k 779.43k 750.25k 772.78k -idea cbc 654.07k 711.00k 716.89k 718.51k 720.90k -rc2 cbc 648.83k 701.91k 708.61k 708.95k 709.97k -rc5-32/12 cbc 3504.71k 4054.76k 4131.41k 4105.56k 4134.23k -blowfish cbc 3762.25k 4313.79k 4460.54k 4356.78k 4317.18k -cast cbc 2755.01k 3038.91k 3076.44k 3027.63k 2998.27k - sign verify sign/s verify/s -rsa 512 bits 0.0195s 0.0019s 51.4 519.9 -rsa 1024 bits 0.1000s 0.0059s 10.0 168.2 -rsa 2048 bits 0.6406s 0.0209s 1.6 47.8 -rsa 4096 bits 4.6100s 0.0787s 0.2 12.7 - sign verify sign/s verify/s -dsa 512 bits 0.0188s 0.0360s 53.1 27.8 -dsa 1024 bits 0.0570s 0.1126s 17.5 8.9 -dsa 2048 bits 0.1990s 0.3954s 5.0 2.5 - diff --git a/times/091/68000.bsd b/times/091/68000.bsd deleted file mode 100644 index a3a14e8..0000000 --- a/times/091/68000.bsd +++ /dev/null @@ -1,32 +0,0 @@ -Motorolla 68020 20mhz, NetBSD - -SSLeay 0.9.0t 29-May-1998 -built on Fri Jun 5 12:42:23 EST 1998 -options:bn(64,32) md2(char) rc4(idx,int) des(idx,cisc,16,long) idea(int) blowfish(idx) -C flags:gcc -DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -The 'numbers' are in 1000s of bytes per second processed. -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -md2 2176.00 5994.67 8079.73 8845.18 9077.01 -mdc2 5730.67 6122.67 6167.66 6176.51 6174.87 -md5 29.10k 127.31k 209.66k 250.50k 263.99k -hmac(md5) 12.33k 73.02k 160.17k 228.04k 261.15k -sha1 11.27k 49.37k 84.31k 102.40k 109.23k -rmd160 11.69k 48.62k 78.76k 93.15k 98.41k -rc4 117.96k 148.94k 152.57k 153.09k 152.92k -des cbc 27.13k 30.06k 30.38k 30.38k 30.53k -des ede3 10.51k 10.94k 11.01k 11.01k 11.01k -idea cbc 26.74k 29.23k 29.45k 29.60k 29.74k -rc2 cbc 34.27k 39.39k 40.03k 40.07k 40.16k -rc5-32/12 cbc 64.31k 83.18k 85.70k 86.70k 87.09k -blowfish cbc 48.86k 59.18k 60.07k 60.42k 60.78k -cast cbc 42.67k 50.01k 50.86k 51.20k 51.37k - sign verify sign/s verify/s -rsa 512 bits 0.7738s 0.0774s 1.3 12.9 -rsa 1024 bits 4.3967s 0.2615s 0.2 3.8 -rsa 2048 bits 29.5200s 0.9664s 0.0 1.0 - sign verify sign/s verify/s -dsa 512 bits 0.7862s 0.9709s 1.3 1.0 -dsa 1024 bits 2.5375s 3.1625s 0.4 0.3 -dsa 2048 bits 9.2150s 11.8200s 0.1 0.1 - - diff --git a/times/091/686-200.lnx b/times/091/686-200.lnx deleted file mode 100644 index bb857d4..0000000 --- a/times/091/686-200.lnx +++ /dev/null @@ -1,32 +0,0 @@ -Pentium Pro 200mhz, linux - -SSLeay 0.9.0d 26-Apr-1998 -built on Sun Apr 26 10:25:33 EST 1998 -options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2) -C flags:gcc -DL_ENDIAN -DTERMIO -DBN_ASM -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -The 'numbers' are in 1000s of bytes per second processed. -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -md2 130.58k 364.54k 499.24k 545.79k 561.66k -mdc2 526.68k 579.72k 588.37k 588.80k 589.82k -md5 1917.71k 11434.69k 22512.21k 29495.30k 32677.89k -hmac(md5) 749.18k 5264.83k 14227.20k 25018.71k 31760.38k -sha1 1343.83k 6436.29k 11702.78k 14664.70k 15829.67k -rmd160 1038.05k 5138.77k 8985.51k 10985.13k 11799.21k -rc4 14891.04k 21334.06k 22376.79k 22579.54k 22574.42k -des cbc 4131.97k 4568.31k 4645.29k 4631.21k 4572.73k -des ede3 1567.17k 1631.13k 1657.32k 1653.08k 1643.86k -idea cbc 2427.23k 2671.21k 2716.67k 2723.84k 2733.40k -rc2 cbc 1629.90k 1767.38k 1788.50k 1797.12k 1799.51k -rc5-32/12 cbc 10290.55k 13161.60k 13744.55k 14011.73k 14123.01k -blowfish cbc 5896.42k 6920.77k 7122.01k 7151.62k 7146.15k -cast cbc 6037.71k 6935.19k 7101.35k 7145.81k 7116.12k - sign verify sign/s verify/s -rsa 512 bits 0.0070s 0.0007s 142.6 1502.9 -rsa 1024 bits 0.0340s 0.0019s 29.4 513.3 -rsa 2048 bits 0.2087s 0.0066s 4.8 151.3 -rsa 4096 bits 1.4700s 0.0242s 0.7 41.2 - sign verify sign/s verify/s -dsa 512 bits 0.0064s 0.0121s 156.1 82.9 -dsa 1024 bits 0.0184s 0.0363s 54.4 27.5 -dsa 2048 bits 0.0629s 0.1250s 15.9 8.0 - diff --git a/times/091/alpha064.osf b/times/091/alpha064.osf deleted file mode 100644 index a8e7fdf..0000000 --- a/times/091/alpha064.osf +++ /dev/null @@ -1,32 +0,0 @@ -Alpha EV4.5 (21064) 275mhz, OSF1 V4.0 -SSLeay 0.9.0g 01-May-1998 -built on Mon May 4 17:26:09 CST 1998 -options:bn(64,64) md2(int) rc4(ptr,int) des(idx,cisc,4,long) idea(int) blowfish(idx) -C flags:cc -tune host -O4 -readonly_strings -The 'numbers' are in 1000s of bytes per second processed. -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -md2 119.58k 327.48k 443.28k 480.09k 495.16k -mdc2 436.67k 456.35k 465.42k 466.57k 469.01k -md5 1459.34k 6566.46k 11111.91k 13375.30k 14072.60k -hmac(md5) 597.90k 3595.45k 8180.88k 12099.49k 13884.46k -sha1 707.01k 3253.09k 6131.73k 7798.23k 8439.67k -rmd160 618.57k 2729.07k 4711.33k 5825.16k 6119.23k -rc4 8796.43k 9393.62k 9548.88k 9378.77k 9472.57k -des cbc 2165.97k 2514.90k 2586.27k 2572.93k 2639.08k -des ede3 945.44k 1004.03k 1005.96k 1017.33k 1020.85k -idea cbc 1498.81k 1629.11k 1637.28k 1625.50k 1641.11k -rc2 cbc 1866.00k 2044.92k 2067.12k 2064.00k 2068.96k -rc5-32/12 cbc 4366.97k 5521.32k 5687.50k 5729.16k 5736.96k -blowfish cbc 3997.31k 4790.60k 4937.84k 4954.56k 5024.85k -cast cbc 2900.19k 3673.30k 3803.73k 3823.93k 3890.25k - sign verify sign/s verify/s -rsa 512 bits 0.0069s 0.0006s 144.2 1545.8 -rsa 1024 bits 0.0304s 0.0018s 32.9 552.6 -rsa 2048 bits 0.1887s 0.0062s 5.3 161.4 -rsa 4096 bits 1.3667s 0.0233s 0.7 42.9 - sign verify sign/s verify/s -dsa 512 bits 0.0067s 0.0123s 149.6 81.1 -dsa 1024 bits 0.0177s 0.0332s 56.6 30.1 -dsa 2048 bits 0.0590s 0.1162s 16.9 8.6 - - diff --git a/times/091/alpha164.lnx b/times/091/alpha164.lnx deleted file mode 100644 index c994662..0000000 --- a/times/091/alpha164.lnx +++ /dev/null @@ -1,32 +0,0 @@ -Alpha EV5.6 (21164A) 533mhz, Linux 2.0.32 - -SSLeay 0.9.0p 22-May-1998 -built on Sun May 27 14:23:38 GMT 2018 -options:bn(64,64) md2(int) rc4(ptr,int) des(idx,risc1,16,long) idea(int) blowfish(idx) -C flags:gcc -O3 -The 'numbers' are in 1000s of bytes per second processed. -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -md2 295.78k 825.34k 1116.42k 1225.10k 1262.65k -mdc2 918.16k 1017.55k 1032.18k 1034.24k 1035.60k -md5 3574.93k 15517.05k 25482.67k 30434.31k 32210.51k -hmac(md5) 1261.54k 7757.15k 18025.46k 27081.21k 31653.27k -sha1 2251.89k 10056.84k 16990.19k 20651.04k 21973.29k -rmd160 1615.49k 7017.13k 11601.11k 13875.62k 14690.31k -rc4 22435.16k 24476.40k 24349.95k 23042.36k 24581.53k -des cbc 5198.38k 6559.04k 6775.43k 6827.87k 6875.82k -des ede3 2257.73k 2602.18k 2645.60k 2657.12k 2670.59k -idea cbc 3694.42k 4125.61k 4180.74k 4193.28k 4192.94k -rc2 cbc 4642.47k 5323.85k 5415.42k 5435.86k 5434.03k -rc5-32/12 cbc 9705.26k 13277.79k 13843.46k 13989.66k 13987.57k -blowfish cbc 7861.28k 10852.34k 11447.98k 11616.97k 11667.54k -cast cbc 6718.13k 8599.98k 8967.17k 9070.81k 9099.28k - sign verify sign/s verify/s -rsa 512 bits 0.0018s 0.0002s 555.9 6299.5 -rsa 1024 bits 0.0081s 0.0005s 123.3 2208.7 -rsa 2048 bits 0.0489s 0.0015s 20.4 648.5 -rsa 4096 bits 0.3402s 0.0057s 2.9 174.7 - sign verify sign/s verify/s -dsa 512 bits 0.0019s 0.0032s 529.0 310.2 -dsa 1024 bits 0.0047s 0.0086s 214.1 115.7 -dsa 2048 bits 0.0150s 0.0289s 66.7 34.6 - diff --git a/times/091/alpha164.osf b/times/091/alpha164.osf deleted file mode 100644 index df712c6..0000000 --- a/times/091/alpha164.osf +++ /dev/null @@ -1,31 +0,0 @@ -Alpha EV5.6 (21164A) 400mhz, OSF1 V4.0 - -SSLeay 0.9.0 10-Apr-1998 -built on Sun Apr 19 07:54:37 EST 1998 -options:bn(64,64) md2(int) rc4(ptr,int) des(ptr,risc2,4,int) idea(int) blowfish(idx) -C flags:cc -O4 -tune host -fast -The 'numbers' are in 1000s of bytes per second processed. -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -md2 276.30k 762.07k 1034.35k 1134.07k 1160.53k -mdc2 814.99k 845.83k 849.09k 850.33k 849.24k -md5 2468.43k 10945.27k 17963.48k 21430.89k 22544.38k -hmac(md5) 1002.48k 6023.98k 13430.99k 19344.17k 22351.80k -sha1 1984.93k 8882.47k 14856.47k 17878.70k 18955.10k -rmd160 1286.96k 5595.52k 9167.00k 10957.74k 11582.30k -rc4 15948.15k 16710.29k 16793.20k 17929.50k 18474.56k -des cbc 3416.04k 4149.37k 4296.25k 4328.89k 4327.57k -des ede3 1540.14k 1683.36k 1691.14k 1705.90k 1705.22k -idea cbc 2795.87k 3192.93k 3238.13k 3238.17k 3256.66k -rc2 cbc 3529.00k 4069.93k 4135.79k 4135.25k 4160.07k -rc5-32/12 cbc 7212.35k 9849.71k 10260.91k 10423.38k 10439.99k -blowfish cbc 6061.75k 8363.50k 8706.80k 8779.40k 8784.55k -cast cbc 5401.75k 6433.31k 6638.18k 6662.40k 6702.80k - sign verify sign/s verify/s -rsa 512 bits 0.0022s 0.0002s 449.6 4916.2 -rsa 1024 bits 0.0105s 0.0006s 95.3 1661.2 -rsa 2048 bits 0.0637s 0.0020s 15.7 495.6 -rsa 4096 bits 0.4457s 0.0075s 2.2 132.7 - sign verify sign/s verify/s -dsa 512 bits 0.0028s 0.0048s 362.2 210.4 -dsa 1024 bits 0.0064s 0.0123s 155.2 81.6 -dsa 2048 bits 0.0201s 0.0394s 49.7 25.4 diff --git a/times/091/mips-rel.pl b/times/091/mips-rel.pl deleted file mode 100644 index 4b25093..0000000 --- a/times/091/mips-rel.pl +++ /dev/null @@ -1,21 +0,0 @@ -#!/usr/local/bin/perl - -&doit(100,"Pentium 100 32",0.0195,0.1000,0.6406,4.6100); # pentium-100 -&doit(200,"PPro 200 32",0.0070,0.0340,0.2087,1.4700); # pentium-100 -&doit( 25,"R3000 25 32",0.0860,0.4825,3.2417,23.8833); # R3000-25 -&doit(200,"R4400 200 32",0.0137,0.0717,0.4730,3.4367); # R4400 32bit -&doit(180,"R10000 180 32",0.0061,0.0311,0.1955,1.3871); # R10000 32bit -&doit(180,"R10000 180 64",0.0034,0.0149,0.0880,0.5933); # R10000 64bit -&doit(400,"DEC 21164 400 64",0.0022,0.0105,0.0637,0.4457); # R10000 64bit - -sub doit - { - local($mhz,$label,@data)=@_; - - for ($i=0; $i <= $#data; $i++) - { - $data[$i]=1/$data[$i]*200/$mhz; - } - printf("%s %6.1f %6.1f %6.1f %6.1f\n",$label,@data); - } - diff --git a/times/091/r10000.irx b/times/091/r10000.irx deleted file mode 100644 index 237ee5d..0000000 --- a/times/091/r10000.irx +++ /dev/null @@ -1,37 +0,0 @@ -MIPS R10000 32kI+32kD 180mhz, IRIX 6.4 - -Using crypto/bn/mips3.s - -This is built for n32, which is faster for all benchmarks than the n64 -compilation model - -SSLeay 0.9.0b 19-Apr-1998 -built on Sat Apr 25 12:43:14 EST 1998 -options:bn(64,64) md2(int) rc4(ptr,int) des(ptr,risc2,16,long) idea(int) blowfish(ptr) -C flags:cc -use_readonly_const -O2 -DTERMIOS -DB_ENDIAN -The 'numbers' are in 1000s of bytes per second processed. -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -md2 126.38k 349.38k 472.67k 517.01k 529.81k -mdc2 501.64k 545.87k 551.80k 553.64k 554.41k -md5 1825.77k 7623.64k 12630.47k 15111.74k 16012.09k -hmac(md5) 780.81k 4472.86k 9667.22k 13802.67k 15777.89k -sha1 1375.52k 6213.91k 11037.30k 13682.01k 14714.09k -rmd160 856.72k 3454.40k 5598.33k 6689.94k 7073.48k -rc4 11260.93k 13311.50k 13360.05k 13322.17k 13364.39k -des cbc 2770.78k 3055.42k 3095.18k 3092.48k 3103.03k -des ede3 1023.22k 1060.58k 1063.81k 1070.37k 1064.54k -idea cbc 3029.09k 3334.30k 3375.29k 3375.65k 3380.64k -rc2 cbc 2307.45k 2470.72k 2501.25k 2500.68k 2500.55k -rc5-32/12 cbc 6770.91k 8629.89k 8909.58k 9009.64k 9044.95k -blowfish cbc 4796.53k 5598.20k 5717.14k 5755.11k 5749.86k -cast cbc 3986.20k 4426.17k 4465.04k 4476.84k 4475.08k - sign verify sign/s verify/s -rsa 512 bits 0.0034s 0.0003s 296.1 3225.4 -rsa 1024 bits 0.0139s 0.0008s 71.8 1221.8 -rsa 2048 bits 0.0815s 0.0026s 12.3 380.3 -rsa 4096 bits 0.5656s 0.0096s 1.8 103.7 - sign verify sign/s verify/s -dsa 512 bits 0.0034s 0.0061s 290.8 164.9 -dsa 1024 bits 0.0084s 0.0161s 119.1 62.3 -dsa 2048 bits 0.0260s 0.0515s 38.5 19.4 - diff --git a/times/091/r3000.ult b/times/091/r3000.ult deleted file mode 100644 index ecd3390..0000000 --- a/times/091/r3000.ult +++ /dev/null @@ -1,32 +0,0 @@ -MIPS R3000 64kI+64kD 25mhz, ultrix 4.3 - -SSLeay 0.9.0b 19-Apr-1998 -built on Thu Apr 23 07:22:31 EST 1998 -options:bn(32,32) md2(int) rc4(ptr,int) des(ptr,risc2,16,long) idea(int) blowfish(idx) -C flags:cc -O2 -DL_ENDIAN -DNOPROTO -DNOCONST -The 'numbers' are in 1000s of bytes per second processed. -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -md2 14.63k 40.65k 54.70k 60.07k 61.78k -mdc2 29.43k 37.27k 38.23k 38.57k 38.60k -md5 140.04k 676.59k 1283.84k 1654.10k 1802.24k -hmac(md5) 60.51k 378.90k 937.82k 1470.46k 1766.74k -sha1 60.77k 296.79k 525.40k 649.90k 699.05k -rmd160 48.82k 227.16k 417.19k 530.31k 572.05k -rc4 904.76k 996.20k 1007.53k 1015.65k 1010.35k -des cbc 178.87k 209.39k 213.42k 215.55k 214.53k -des ede3 74.25k 79.30k 80.40k 80.21k 80.14k -idea cbc 181.02k 209.37k 214.44k 214.36k 213.83k -rc2 cbc 161.52k 184.98k 187.99k 188.76k 189.05k -rc5-32/12 cbc 398.99k 582.91k 614.66k 626.07k 621.87k -blowfish cbc 296.38k 387.69k 405.50k 412.57k 410.05k -cast cbc 214.76k 260.63k 266.92k 268.63k 258.26k - sign verify sign/s verify/s -rsa 512 bits 0.0870s 0.0089s 11.5 112.4 -rsa 1024 bits 0.4881s 0.0295s 2.0 33.9 -rsa 2048 bits 3.2750s 0.1072s 0.3 9.3 -rsa 4096 bits 23.9833s 0.4093s 0.0 2.4 - sign verify sign/s verify/s -dsa 512 bits 0.0898s 0.1706s 11.1 5.9 -dsa 1024 bits 0.2847s 0.5565s 3.5 1.8 -dsa 2048 bits 1.0267s 2.0433s 1.0 0.5 - diff --git a/times/091/r4400.irx b/times/091/r4400.irx deleted file mode 100644 index 9b96ca1..0000000 --- a/times/091/r4400.irx +++ /dev/null @@ -1,32 +0,0 @@ -R4400 16kI+16kD 200mhz, Irix 5.3 - -SSLeay 0.9.0e 27-Apr-1998 -built on Sun Apr 26 07:26:05 PDT 1998 -options:bn(64,32) md2(int) rc4(ptr,int) des(ptr,risc2,16,long) idea(int) blowfish(ptr) -C flags:cc -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -The 'numbers' are in 1000s of bytes per second processed. -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -md2 79.80k 220.59k 298.01k 327.06k 338.60k -mdc2 262.74k 285.30k 289.16k 288.36k 288.49k -md5 930.35k 4167.13k 7167.91k 8678.23k 9235.86k -hmac(md5) 399.44k 2367.57k 5370.74k 7884.28k 9076.98k -sha1 550.96k 2488.17k 4342.76k 5362.50k 5745.40k -rmd160 424.58k 1752.83k 2909.67k 3486.08k 3702.89k -rc4 6687.79k 7834.63k 7962.61k 8035.65k 7915.28k -des cbc 1544.20k 1725.94k 1748.35k 1758.17k 1745.61k -des ede3 587.29k 637.75k 645.93k 643.17k 646.01k -idea cbc 1575.52k 1719.75k 1732.41k 1736.69k 1740.11k -rc2 cbc 1496.21k 1629.90k 1643.19k 1652.14k 1646.62k -rc5-32/12 cbc 3452.48k 4276.47k 4390.74k 4405.25k 4400.12k -blowfish cbc 2354.58k 3242.36k 3401.11k 3433.65k 3383.65k -cast cbc 1942.22k 2152.28k 2187.51k 2185.67k 2177.20k - sign verify sign/s verify/s -rsa 512 bits 0.0130s 0.0014s 76.9 729.8 -rsa 1024 bits 0.0697s 0.0043s 14.4 233.9 -rsa 2048 bits 0.4664s 0.0156s 2.1 64.0 -rsa 4096 bits 3.4067s 0.0586s 0.3 17.1 - sign verify sign/s verify/s -dsa 512 bits 0.0140s 0.0261s 71.4 38.4 -dsa 1024 bits 0.0417s 0.0794s 24.0 12.6 -dsa 2048 bits 0.1478s 0.2929s 6.8 3.4 - diff --git a/times/100.lnx b/times/100.lnx deleted file mode 100644 index d0f4537..0000000 --- a/times/100.lnx +++ /dev/null @@ -1,32 +0,0 @@ -SSLeay 0.8.4c 03-Aug-1999 -built on Tue Nov 4 02:52:29 EST 1997 -options:bn(64,32) md2(int) rc4(ptr,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2) -C flags:gcc -DL_ENDIAN -DTERMIO -DBN_ASM -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DMD5_ASM -DSHA1_ASM -The 'numbers' are in 1000s of bytes per second processed. -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -md2 53.27k 155.95k 201.30k 216.41k 236.78k -mdc2 192.98k 207.98k 206.76k 206.17k 208.87k -md5 993.15k 5748.27k 11944.70k 16477.53k 18287.27k -hmac(md5) 404.97k 2787.58k 7690.07k 13744.43k 17601.88k -sha1 563.24k 2851.67k 5363.71k 6879.23k 7441.07k -rc4 7876.70k 10400.85k 10825.90k 10943.49k 10745.17k -des cbc 2047.39k 2188.25k 2188.29k 2239.49k 2233.69k -des ede3 660.55k 764.01k 773.55k 779.21k 780.97k -idea cbc 653.93k 708.48k 715.43k 719.87k 720.90k -rc2 cbc 648.08k 702.23k 708.78k 711.00k 709.97k -blowfish cbc 3764.39k 4288.66k 4375.04k 4497.07k 4423.68k -cast cbc 2757.14k 2993.75k 3035.31k 3078.90k 3055.62k - -blowfish cbc 3258.81k 3673.47k 3767.30k 3774.12k 3719.17k -cast cbc 2677.05k 3164.78k 3273.05k 3287.38k 3244.03k - - - sign verify -rsa 512 bits 0.0213s 0.0020s -rsa 1024 bits 0.1073s 0.0063s -rsa 2048 bits 0.6873s 0.0224s -rsa 4096 bits 4.9333s 0.0845s - sign verify -dsa 512 bits 0.0201s 0.0385s -dsa 1024 bits 0.0604s 0.1190s -dsa 2048 bits 0.2121s 0.4229s diff --git a/times/100.nt b/times/100.nt deleted file mode 100644 index 0dd7cfc..0000000 --- a/times/100.nt +++ /dev/null @@ -1,29 +0,0 @@ -SSLeay 0.8.4c 03-Aug-1999 -built on Tue Aug 3 09:49:58 EST 1999 -options:bn(64,32) md2(int) rc4(ptr,int) des(idx,cisc,4,long) idea(int) blowfish( -ptr2) -C flags:cl /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DWIN32 -DL_ENDIAN -DBN -_ASM -DMD5_ASM -DSHA1_ASM -The 'numbers' are in 1000s of bytes per second processed. -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -md2 93.07k 258.38k 349.03k 382.83k 392.87k -mdc2 245.80k 259.02k 259.34k 259.16k 260.14k -md5 1103.42k 6017.65k 12210.49k 16552.11k 18291.77k -hmac(md5) 520.15k 3394.00k 8761.86k 14593.96k 17742.40k -sha1 538.06k 2726.76k 5242.22k 6821.12k 7426.18k -rc4 8283.90k 10513.09k 10886.38k 10929.50k 10816.75k -des cbc 2073.10k 2232.91k 2251.61k 2256.46k 2232.44k -des ede3 758.85k 782.46k 786.14k 786.08k 781.24k -idea cbc 831.02k 892.63k 901.07k 903.48k 901.85k -rc2 cbc 799.89k 866.09k 873.96k 876.22k 874.03k -blowfish cbc 3835.32k 4418.78k 4511.94k 4494.54k 4416.92k -cast cbc 2974.68k 3272.71k 3313.04k 3335.17k 3261.51k - sign verify -rsa 512 bits 0.0202s 0.0019s -rsa 1024 bits 0.1029s 0.0062s -rsa 2048 bits 0.6770s 0.0220s -rsa 4096 bits 4.8770s 0.0838s - sign verify -dsa 512 bits 0.0191s 0.0364s -dsa 1024 bits 0.0590s 0.1141s -dsa 2048 bits 0.2088s 0.4171s diff --git a/times/200.lnx b/times/200.lnx deleted file mode 100644 index fd7e7f4..0000000 --- a/times/200.lnx +++ /dev/null @@ -1,30 +0,0 @@ -This machine was slightly loaded :-( - -SSLeay 0.8.4c 03-Aug-1999 -built on Tue Nov 4 02:52:29 EST 1997 -options:bn(64,32) md2(int) rc4(ptr,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2) -C flags:gcc -DL_ENDIAN -DTERMIO -DBN_ASM -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DMD5_ASM -DSHA1_ASM -The 'numbers' are in 1000s of bytes per second processed. -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -md2 130.86k 365.31k 499.60k 547.75k 561.41k -mdc2 526.03k 581.38k 587.12k 586.31k 589.60k -md5 1919.49k 11173.23k 22387.60k 29553.47k 32587.21k -hmac(md5) 747.09k 5248.35k 14275.44k 24713.26k 31737.13k -sha1 1336.63k 6400.50k 11668.67k 14648.83k 15700.85k -rc4 15002.32k 21327.21k 22301.63k 22503.78k 22549.26k -des cbc 4115.16k 4521.08k 4632.37k 4607.28k 4570.57k -des ede3 1540.29k 1609.76k 1623.64k 1620.76k 1624.18k -idea cbc 2405.08k 2664.78k 2704.22k 2713.95k 2716.29k -rc2 cbc 1634.07k 1764.30k 1780.23k 1790.27k 1788.12k -blowfish cbc 5993.98k 6927.27k 7083.61k 7088.40k 7123.72k -cast cbc 5981.52k 6900.44k 7079.70k 7110.40k 7057.72k - sign verify -rsa 512 bits 0.0085s 0.0007s -rsa 1024 bits 0.0377s 0.0020s -rsa 2048 bits 0.2176s 0.0067s -rsa 4096 bits 1.4800s 0.0242s -sign verify -dsa 512 bits 0.0071s 0.0132s -dsa 1024 bits 0.0192s 0.0376s -dsa 2048 bits 0.0638s 0.1280s - diff --git a/times/486-66.dos b/times/486-66.dos deleted file mode 100644 index 1644bf8..0000000 --- a/times/486-66.dos +++ /dev/null @@ -1,22 +0,0 @@ -MS-dos static libs, 16bit C build, 16bit assember - -SSLeay 0.6.1 -options:bn(32,16) md2(char) rc4(idx,int) des(ptr,long) idea(short) -C flags:cl /ALw /Gx- /Gf /f- /Ocgnotb2 /G2 /W3 /WX -DL_ENDIAN /nologo -DMSDOS -D -NO_SOCK -The 'numbers' are in 1000s of bytes per second processed. -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -md2 18.62k 55.54k 76.88k 85.39k 86.52k -md5 94.03k 442.06k 794.38k 974.51k 1061.31k -sha 38.37k 166.23k 272.78k 331.41k 353.77k -sha1 34.38k 147.77k 244.77k 292.57k 312.08k -rc4 641.25k 795.34k 817.16k 829.57k 817.16k -des cfb 111.46k 118.08k 120.69k 119.16k 119.37k -des cbc 122.96k 135.69k 137.10k 135.69k 135.40k -des ede3 48.01k 50.92k 50.32k 50.96k 50.96k -idea cfb 97.09k 100.21k 100.36k 101.14k 100.98k -idea cbc 102.08k 109.41k 111.46k 111.65k 110.52k -rc2 cfb 120.47k 125.55k 125.79k 125.55k 125.55k -rc2 cbc 129.77k 140.33k 143.72k 142.16k 141.85k -rsa 512 bits 0.264s -rsa 1024 bits 1.494s diff --git a/times/486-66.nt b/times/486-66.nt deleted file mode 100644 index b26a900..0000000 --- a/times/486-66.nt +++ /dev/null @@ -1,22 +0,0 @@ -SSLeay 0.6.1 02-Jul-1996 -built on Fri Jul 10 09:53:15 EST 1996 -options:bn(64,32) md2(int) rc4(idx,int) des(idx,long) idea(int) -C flags:cl /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /nologo -DWIN32 -DL_ENDIAN /MD -The 'numbers' are in 1000s of bytes per second processed. -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -md2 38.27k 107.28k 145.43k 159.60k 164.15k -md5 399.00k 1946.13k 3610.80k 4511.94k 4477.27k -sha 182.04k 851.26k 1470.65k 1799.20k 1876.48k -sha1 151.83k 756.55k 1289.76k 1567.38k 1625.70k -rc4 1853.92k 2196.25k 2232.91k 2241.31k 2152.96k -des cfb 360.58k 382.69k 384.94k 386.07k 377.19k -des cbc 376.10k 431.87k 436.32k 437.78k 430.45k -des ede3 152.55k 160.38k 161.51k 161.33k 159.98k -idea cfb 245.59k 255.60k 256.65k 257.16k 254.61k -idea cbc 257.16k 276.12k 279.05k 279.11k 276.70k -rc2 cfb 280.25k 293.49k 294.74k 294.15k 291.47k -rc2 cbc 295.47k 321.57k 324.76k 324.76k 320.00k -rsa 512 bits 0.084s -rsa 1024 bits 0.495s -rsa 2048 bits 3.435s - diff --git a/times/486-66.w31 b/times/486-66.w31 deleted file mode 100644 index 381f149..0000000 --- a/times/486-66.w31 +++ /dev/null @@ -1,23 +0,0 @@ -Windows 3.1 DLL's, 16 bit C with 32bit assember - -SSLeay 0.6.1 02-Jul-1996 -built on Wed Jul 10 09:53:15 EST 1996 -options:bn(32,32) md2(char) rc4(idx,int) des(ptr,long) idea(short) -C flags:cl /ALw /Gx- /Gf /G2 /f- /Ocgnotb2 /W3 /WX -DL_ENDIAN /nologo -DWIN16 -The 'numbers' are in 1000s of bytes per second processed. -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -md2 18.94k 54.27k 73.43k 80.91k 83.75k -md5 78.96k 391.26k 734.30k 919.80k 992.97k -sha 39.01k 168.04k 280.67k 336.08k 359.10k -sha1 35.20k 150.14k 247.31k 294.54k 313.94k -rc4 509.61k 655.36k 678.43k 677.02k 670.10k -des cfb 97.09k 104.69k 106.56k 105.70k 106.56k -des cbc 116.82k 129.77k 131.07k 131.07k 131.07k -des ede3 44.22k 47.90k 48.53k 48.47k 47.86k -idea cfb 83.49k 87.03k 87.03k 87.15k 87.73k -idea cbc 89.04k 96.23k 96.95k 97.81k 97.09k -rc2 cfb 108.32k 113.58k 113.78k 114.57k 114.77k -rc2 cbc 118.08k 131.07k 134.02k 134.02k 132.66k -rsa 512 bits 0.181s -rsa 1024 bits 0.846s - diff --git a/times/5.lnx b/times/5.lnx deleted file mode 100644 index 1c1e392..0000000 --- a/times/5.lnx +++ /dev/null @@ -1,29 +0,0 @@ -SSLeay 0.8.5g 24-Jan-1998 -built on Tue Jan 27 08:11:42 EST 1998 -options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2) -C flags:gcc -DL_ENDIAN -DTERMIO -DBN_ASM -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -The 'numbers' are in 1000s of bytes per second processed. -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -md2 56.55k 156.69k 211.63k 231.77k 238.71k -mdc2 192.26k 208.09k 210.09k 209.58k 210.26k -md5 991.04k 5745.51k 11932.67k 16465.24k 18306.39k -hmac(md5) 333.99k 2383.89k 6890.67k 13133.82k 17397.08k -sha1 571.68k 2883.88k 5379.07k 6880.26k 7443.80k -rmd160 409.41k 2212.91k 4225.45k 5456.55k 5928.28k -rc4 6847.57k 8596.22k 8901.80k 8912.90k 8850.09k -des cbc 2046.29k 2229.78k 2254.76k 2259.97k 2233.69k -des ede3 751.11k 779.95k 783.96k 784.38k 780.97k -idea cbc 653.40k 708.29k 718.42k 720.21k 720.90k -rc2 cbc 647.19k 702.46k 709.21k 710.66k 709.97k -rc5-32/12 cbc 3498.18k 4054.12k 4133.46k 4151.64k 4139.69k -blowfish cbc 3763.95k 4437.74k 4532.74k 4515.50k 4448.26k -cast cbc 2754.22k 3020.67k 3079.08k 3069.95k 3036.50k - sign verify sign/s verify/s -rsa 512 bits 0.0207s 0.0020s 48.3 511.3 -rsa 1024 bits 0.1018s 0.0059s 9.8 169.6 -rsa 2048 bits 0.6438s 0.0208s 1.6 48.0 -rsa 4096 bits 4.6033s 0.0793s 0.2 12.6 - sign verify sign/s verify/s -dsa 512 bits 0.0190s 0.0359s 52.6 27.8 -dsa 1024 bits 0.0566s 0.1109s 17.7 9.0 -dsa 2048 bits 0.1988s 0.3915s 5.0 2.6 diff --git a/times/586-085i.nt b/times/586-085i.nt deleted file mode 100644 index 8a57975..0000000 --- a/times/586-085i.nt +++ /dev/null @@ -1,29 +0,0 @@ -SSLeay 0.8.5i 28-Jan-1998 -built on Wed Jan 28 18:00:07 EST 1998 -options:bn(64,32) md2(int) rc4(idx,int) des(idx,cisc,4,long) idea(int) blowfish(ptr2) -C flags:cl /MT /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DWIN32 -DL_ENDIAN -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM -The 'numbers' are in 1000s of bytes per second processed. -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -md2 92.74k 257.59k 348.16k 381.79k 392.14k -mdc2 227.65k 247.82k 249.90k 250.65k 250.20k -md5 1089.54k 5966.29k 12104.77k 16493.53k 18204.44k -hmac(md5) 513.53k 3361.36k 8725.41k 14543.36k 17593.56k -sha1 580.74k 2880.51k 5376.62k 6865.78k 7413.05k -rmd160 508.06k 2427.96k 4385.51k 5510.84k 5915.80k -rc4 8004.40k 10408.74k 10794.48k 10884.12k 10728.22k -des cbc 2057.24k 2222.97k 2246.79k 2209.39k 2223.44k -des ede3 739.42k 761.99k 765.48k 760.26k 760.97k -idea cbc 827.08k 889.60k 898.83k 901.15k 897.98k -rc2 cbc 795.64k 861.04k 871.13k 872.58k 871.13k -rc5-32/12 cbc 3597.17k 4139.66k 4204.39k 4223.02k 4204.39k -blowfish cbc 3807.47k 3996.10k 4156.07k 4204.39k 4105.62k -cast cbc 2777.68k 2814.21k 2892.62k 2916.76k 2868.88k - sign verify sign/s verify/s -rsa 512 bits 0.0178s 0.0018s 56.3 541.6 -rsa 1024 bits 0.0945s 0.0059s 10.6 168.3 -rsa 2048 bits 0.6269s 0.0208s 1.6 48.0 -rsa 4096 bits 4.5560s 0.0784s 0.2 12.8 - sign verify sign/s verify/s -dsa 512 bits 0.0178s 0.0340s 56.2 29.4 -dsa 1024 bits 0.0552s 0.1077s 18.1 9.3 -dsa 2048 bits 0.1963s 0.3811s 5.1 2.6 diff --git a/times/586-100.LN3 b/times/586-100.LN3 deleted file mode 100644 index a6fa818..0000000 --- a/times/586-100.LN3 +++ /dev/null @@ -1,26 +0,0 @@ -SSLeay 0.8.3v 15-Oct-1997 -built on Wed Oct 15 10:05:00 EST 1997 -options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2) -C flags:gcc -DL_ENDIAN -DTERMIO -DX86_ASM -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -The 'numbers' are in 1000s of bytes per second processed. -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -md2 56.27k 156.76k 211.46k 231.77k 238.71k -mdc2 188.74k 206.12k 207.70k 207.87k 208.18k -md5 991.56k 5718.31k 11748.61k 16090.79k 17850.37k -hmac(md5) 387.56k 2636.01k 7327.83k 13340.33k 17091.24k -sha1 463.55k 2274.18k 4071.17k 5072.90k 5447.68k -rc4 3673.94k 4314.52k 4402.26k 4427.09k 4407.30k -des cbc 2023.79k 2209.77k 2233.34k 2220.71k 2222.76k -des ede3 747.17k 778.54k 781.57k 778.24k 778.24k -idea cbc 614.64k 678.04k 683.52k 685.06k 685.40k -rc2 cbc 536.83k 574.10k 578.05k 579.24k 578.90k -blowfish cbc 3673.39k 4354.58k 4450.22k 4429.48k 4377.26k - sign verify -rsa 512 bits 0.0217s 0.0021s -rsa 1024 bits 0.1083s 0.0064s -rsa 2048 bits 0.6867s 0.0223s -rsa 4096 bits 4.9400s 0.0846s - sign verify -dsa 512 bits 0.0203s 0.0387s -dsa 1024 bits 0.0599s 0.1170s -dsa 2048 bits 0.2115s 0.4242s diff --git a/times/586-100.NT2 b/times/586-100.NT2 deleted file mode 100644 index 7f8c167..0000000 --- a/times/586-100.NT2 +++ /dev/null @@ -1,26 +0,0 @@ -SSLeay 0.8.3e 30-Sep-1997 -built on Tue Sep 30 14:52:58 EST 1997 -options:bn(64,32) md2(int) rc4(idx,int) des(idx,cisc,4,long) idea(int) blowfish(ptr2) -C flags:cl /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DWIN32 -DL_ENDIAN -DX86_ASM -The 'numbers' are in 1000s of bytes per second processed. -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -md2 92.99k 257.59k 348.16k 381.47k 392.14k -mdc2 223.77k 235.30k 237.15k 236.77k 237.29k -md5 862.53k 4222.17k 7842.75k 9925.00k 10392.23k -sha 491.34k 2338.61k 4062.28k 4986.10k 5307.90k -sha1 494.38k 2234.94k 3838.83k 4679.58k 4980.18k -rc4 6338.10k 7489.83k 7676.25k 7698.80k 7631.56k -des cbc 1654.17k 1917.66k 1961.05k 1968.05k 1960.69k -des ede3 691.17k 739.42k 744.13k 745.82k 741.40k -idea cbc 788.46k 870.33k 879.16k 881.38k 879.90k -rc2 cbc 794.44k 859.63k 868.24k 869.68k 867.45k -blowfish cbc 2379.88k 3017.48k 3116.12k 3134.76k 3070.50k - sign verify -rsa 512 bits 0.0204s 0.0027s -rsa 1024 bits 0.1074s 0.0032s -rsa 2048 bits 0.6890s 0.0246s -rsa 4096 bits 5.0180s 0.0911s - sign verify -dsa 512 bits 0.0201s 0.0376s -dsa 1024 bits 0.0608s 0.1193s -dsa 2048 bits 0.2133s 0.4294s diff --git a/times/586-100.dos b/times/586-100.dos deleted file mode 100644 index 3085c25..0000000 --- a/times/586-100.dos +++ /dev/null @@ -1,24 +0,0 @@ -ms-dos static libs, 16 bit C and 16 bit assmber - -SSLeay 0.6.1 02-Jul-1996 -built on Tue Jul 9 22:52:54 EST 1996 -options:bn(32,16) md2(char) rc4(idx,int) des(ptr,long) idea(short) -C flags:cl /ALw /Gx- /Gf /G2 /f- /Ocgnotb2 /W3 /WX -DL_ENDIAN /nologo -DMSDOS -DNO_SOCK -The 'numbers' are in 1000s of bytes per second processed. -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -md2 45.99k 130.75k 176.53k 199.35k 203.21k -md5 236.17k 1072.16k 1839.61k 2221.56k 2383.13k -sha 107.97k 459.10k 757.64k 908.64k 954.99k -sha1 96.95k 409.92k 672.16k 788.40k 844.26k -rc4 1659.14k 1956.30k 2022.72k 2022.72k 2022.72k -des cfb 313.57k 326.86k 326.86k 331.83k 326.86k -des cbc 345.84k 378.82k 378.82k 384.38k 378.82k -des ede3 139.59k 144.66k 144.61k 144.45k 143.29k -idea cfb 262.67k 274.21k 274.21k 274.21k 274.21k -idea cbc 284.32k 318.14k 318.14k 318.14k 318.14k -rc2 cfb 265.33k 274.21k 277.69k 277.11k 277.69k -rc2 cbc 283.71k 310.60k 309.86k 313.57k 314.32k -rsa 512 bits 0.104s -rsa 1024 bits 0.566s -rsa 2048 bits 3.680s -rsa 4096 bits 26.740s diff --git a/times/586-100.ln4 b/times/586-100.ln4 deleted file mode 100644 index 14a9db9..0000000 --- a/times/586-100.ln4 +++ /dev/null @@ -1,26 +0,0 @@ -SSLeay 0.8.3aa 24-Oct-1997 -built on Mon Oct 27 10:16:25 EST 1997 -options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2) -C flags:gcc -DL_ENDIAN -DTERMIO -DBN_ASM -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DMD5_ASM -DSHA1_ASM -The 'numbers' are in 1000s of bytes per second processed. -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -md2 56.78k 156.71k 211.46k 231.77k 238.71k -mdc2 187.45k 200.49k 201.64k 202.75k 202.77k -md5 1002.51k 5798.66k 11967.15k 16449.19k 18251.78k -hmac(md5) 468.71k 3173.46k 8386.99k 14305.56k 17607.34k -sha1 586.98k 2934.87k 5393.58k 6863.19k 7408.30k -rc4 3675.10k 4314.15k 4402.77k 4427.78k 4404.57k -des cbc 1902.96k 2202.01k 2242.30k 2252.46k 2236.42k -des ede3 700.15k 774.23k 783.70k 781.62k 783.70k -idea cbc 618.46k 677.93k 683.61k 685.40k 685.40k -rc2 cbc 536.97k 573.87k 577.96k 579.24k 578.90k -blowfish cbc 3672.66k 4271.89k 4428.80k 4469.76k 4374.53k - sign verify -rsa 512 bits 0.0213s 0.0021s -rsa 1024 bits 0.1075s 0.0063s -rsa 2048 bits 0.6853s 0.0224s -rsa 4096 bits 4.9400s 0.0845s - sign verify -dsa 512 bits 0.0203s 0.0380s -dsa 1024 bits 0.0600s 0.1189s -dsa 2048 bits 0.2110s 0.4250s diff --git a/times/586-100.lnx b/times/586-100.lnx deleted file mode 100644 index 0c05173..0000000 --- a/times/586-100.lnx +++ /dev/null @@ -1,23 +0,0 @@ -SSLeay 0.7.3 30-Apr-1997 -built on Mon May 12 04:13:55 EST 1997 -options:bn(64,32) md2(char) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2) -C flags:gcc -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -The 'numbers' are in 1000s of bytes per second processed. -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -md2 72.95k 202.77k 274.01k 300.37k 309.23k -md5 770.57k 4094.02k 7409.41k 9302.36k 9986.05k -sha 363.05k 1571.07k 2613.85k 3134.81k 3320.49k -sha1 340.94k 1462.85k 2419.20k 2892.12k 3042.35k -rc4 3676.91k 4314.94k 4407.47k 4430.51k 4412.76k -des cbc 1489.95k 1799.08k 1841.66k 1851.73k 1848.66k -des ede3 621.93k 711.19k 726.10k 729.77k 729.09k -idea cbc 618.16k 676.99k 683.09k 684.37k 683.59k -rc2 cbc 537.59k 573.93k 578.56k 579.58k 579.70k -blowfish cbc 2077.57k 2682.20k 2827.18k 2840.92k 2842.62k -rsa 512 bits 0.024s 0.003 -rsa 1024 bits 0.120s 0.003 -rsa 2048 bits 0.751s 0.026 -rsa 4096 bits 5.320s 0.096 -dsa 512 bits 0.022s 0.042 -dsa 1024 bits 0.065s 0.126 -dsa 2048 bits 0.227s 0.449 diff --git a/times/586-100.nt b/times/586-100.nt deleted file mode 100644 index 9adcac3..0000000 --- a/times/586-100.nt +++ /dev/null @@ -1,23 +0,0 @@ -SSLeay 0.7.3 30-Apr-1997 -built on Mon May 19 10:47:38 EST 1997 -options:bn(64,32) md2(char) rc4(idx,int) des(idx,cisc,4,long) idea(int) blowfish(ptr2) -C flags not available -The 'numbers' are in 1000s of bytes per second processed. -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -md2 89.57k 245.94k 331.59k 362.95k 373.29k -md5 858.93k 4175.51k 7700.21k 9715.78k 10369.11k -sha 466.18k 2103.67k 3607.69k 4399.31k 4669.16k -sha1 449.59k 2041.02k 3496.13k 4256.45k 4512.92k -rc4 5862.55k 7447.27k 7698.80k 7768.38k 7653.84k -des cbc 1562.71k 1879.84k 1928.24k 1938.93k 1911.02k -des ede3 680.27k 707.97k 728.62k 733.15k 725.98k -idea cbc 797.46k 885.85k 895.68k 898.06k 896.45k -rc2 cbc 609.46k 648.75k 654.01k 654.42k 653.60k -blowfish cbc 2357.94k 3000.22k 3106.89k 3134.76k 3080.42k -rsa 512 bits 0.022s 0.003 -rsa 1024 bits 0.112s 0.003 -rsa 2048 bits 0.726s 0.026 -rsa 4096 bits 5.268s 0.095 -dsa 512 bits 0.021s 0.039 -dsa 1024 bits 0.063s 0.127 -dsa 2048 bits 0.224s 0.451 diff --git a/times/586-100.ntx b/times/586-100.ntx deleted file mode 100644 index 35166a5..0000000 --- a/times/586-100.ntx +++ /dev/null @@ -1,30 +0,0 @@ -SSLeay 0.8.5f 22-Jan-1998 -built on Wed Jan 21 17:11:53 EST 1998 -options:bn(64,32) md2(int) rc4(idx,int) des(idx,cisc,4,long) idea(int) blowfish( -ptr2) -C flags:cl /MT /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DWIN32 -DL_ENDIAN --DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM -The 'numbers' are in 1000s of bytes per second processed. -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -md2 92.99k 257.43k 347.84k 381.82k 392.14k -mdc2 232.19k 253.68k 257.57k 258.70k 258.70k -md5 1094.09k 5974.79k 12139.81k 16487.04k 18291.77k -hmac(md5) 375.70k 2590.04k 7309.70k 13469.18k 17447.19k -sha1 613.78k 2982.93k 5446.44k 6889.46k 7424.86k -rmd160 501.23k 2405.68k 4367.25k 5503.61k 5915.80k -rc4 8167.75k 10429.44k 10839.12k 10929.50k 10772.30k -des cbc 2057.24k 2218.27k 2237.20k 2227.69k 2213.59k -des ede3 719.63k 727.11k 728.77k 719.56k 722.97k -idea cbc 827.67k 888.85k 898.06k 900.30k 898.75k -rc2 cbc 797.46k 862.53k 870.33k 872.58k 870.40k -blowfish cbc 3835.32k 4435.60k 4513.89k 4513.89k 4416.92k -cast cbc 2785.06k 3052.62k 3088.59k 3034.95k 3034.95k - sign verify sign/s verify/s -rsa 512 bits 0.0202s 0.0020s 49.4 500.2 -rsa 1024 bits 0.1030s 0.0063s 9.7 159.4 -rsa 2048 bits 0.6740s 0.0223s 1.5 44.9 -rsa 4096 bits 4.8970s 0.0844s 0.2 11.8 - sign verify sign/s verify/s -dsa 512 bits 0.0191s 0.0361s 52.4 27.7 -dsa 1024 bits 0.0587s 0.1167s 17.0 8.6 -dsa 2048 bits 0.2091s 0.4123s 4.8 2.4 diff --git a/times/586-100.w31 b/times/586-100.w31 deleted file mode 100644 index d5b1c10..0000000 --- a/times/586-100.w31 +++ /dev/null @@ -1,27 +0,0 @@ -Pentium 100, Windows 3.1 DLL's, 16 bit C, 32bit assember. - -Running under Windows NT 4.0 Beta 2 - -SSLeay 0.6.4 20-Aug-1996 -built on Thu Aug 22 08:44:21 EST 1996 -options:bn(32,32) md2(char) rc4(idx,int) des(ptr,long) idea(short) -C flags:cl /ALw /Gx- /Gf /G2 /f- /Ocgnotb2 /W3 /WX -DL_ENDIAN /nologo -DWIN16 -The 'numbers' are in 1000s of bytes per second processed. -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -md2 45.83k 128.82k 180.17k 194.90k 198.59k -md5 224.82k 1038.19k 1801.68k 2175.47k 2330.17k -sha 105.11k 448.11k 739.48k 884.13k 944.66k -sha1 94.71k 402.99k 667.88k 795.58k 844.26k -rc4 1614.19k 1956.30k 2022.72k 2022.72k 2022.72k -des cfb 291.27k 318.14k 318.14k 318.14k 322.84k -des cbc 326.86k 356.17k 362.08k 362.08k 367.15k -des ede3 132.40k 139.57k 139.53k 139.37k 140.97k -idea cfb 265.33k 280.67k 280.67k 277.69k 281.27k -idea cbc 274.21k 302.01k 306.24k 306.24k 305.53k -rc2 cfb 264.79k 274.21k 274.78k 274.21k 274.21k -rc2 cbc 281.27k 306.24k 309.86k 305.53k 309.86k -rsa 512 bits 0.058s -rsa 1024 bits 0.280s -rsa 2048 bits 1.430s -rsa 4096 bits 10.600s - diff --git a/times/586-1002.lnx b/times/586-1002.lnx deleted file mode 100644 index d830bce..0000000 --- a/times/586-1002.lnx +++ /dev/null @@ -1,26 +0,0 @@ -SSLeay 0.8.3e 30-Sep-1997 -built on Wed Oct 1 03:01:44 EST 1997 -options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2) -C flags:gcc -DL_ENDIAN -DTERMIO -DX86_ASM -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -The 'numbers' are in 1000s of bytes per second processed. -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -md2 56.21k 156.57k 211.29k 231.77k 237.92k -mdc2 170.99k 191.70k 193.90k 195.58k 195.95k -md5 770.50k 3961.96k 7291.22k 9250.82k 9942.36k -sha 344.93k 1520.77k 2569.81k 3108.52k 3295.91k -sha1 326.20k 1423.74k 2385.15k 2870.95k 3041.96k -rc4 3672.88k 4309.65k 4374.41k 4408.66k 4355.41k -des cbc 1349.73k 1689.05k 1735.34k 1748.99k 1739.43k -des ede3 638.70k 704.00k 711.85k 714.41k 712.70k -idea cbc 619.55k 677.33k 683.26k 685.06k 685.40k -rc2 cbc 521.18k 571.20k 573.46k 578.90k 578.90k -blowfish cbc 2079.67k 2592.49k 2702.34k 2730.33k 2695.17k - sign verify -rsa 512 bits 0.0213s 0.0026s -rsa 1024 bits 0.1099s 0.0031s -rsa 2048 bits 0.7007s 0.0248s -rsa 4096 bits 5.0500s 0.0921s - sign verify -dsa 512 bits 0.0203s 0.0389s -dsa 1024 bits 0.0614s 0.1222s -dsa 2048 bits 0.2149s 0.4283s diff --git a/times/586p-100.lnx b/times/586p-100.lnx deleted file mode 100644 index 561eb31..0000000 --- a/times/586p-100.lnx +++ /dev/null @@ -1,26 +0,0 @@ -Pentium 100 - Linux 1.2.13 - gcc 2.7.2p -This is the pentium specific version of gcc - -SSLeay 0.6.4 20-Aug-1996 -built on Thu Aug 22 08:27:58 EST 1996 -options:bn(64,32) md2(char) rc4(idx,int) des(idx,long) idea(int) -C flags:gcc -DL_ENDIAN -DTERMIO -O6 -fomit-frame-pointer -mpentium -Wall -The 'numbers' are in 1000s of bytes per second processed. -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -md2 74.90k 208.43k 282.11k 309.59k 318.43k -md5 807.08k 4205.67k 7801.51k 9958.06k 10810.71k -sha 405.98k 1821.55k 3119.10k 3799.04k 4052.31k -sha1 389.13k 1699.50k 2852.78k 3437.57k 3656.36k -rc4 3621.15k 4130.07k 4212.74k 4228.44k 4213.42k -des cfb 794.39k 828.37k 831.74k 832.51k 832.85k -des cbc 817.68k 886.17k 894.72k 896.00k 892.93k -des ede3 308.83k 323.29k 324.61k 324.95k 324.95k -idea cfb 690.41k 715.39k 718.51k 719.19k 718.17k -idea cbc 696.80k 760.60k 767.32k 768.68k 770.05k -rc2 cfb 619.91k 639.74k 642.30k 642.73k 641.71k -rc2 cbc 631.99k 671.42k 676.35k 676.18k 677.21k -rsa 512 bits 0.025s -rsa 1024 bits 0.123s -rsa 2048 bits 0.756s -rsa 4096 bits 5.365s - diff --git a/times/686-200.bsd b/times/686-200.bsd deleted file mode 100644 index f23c580..0000000 --- a/times/686-200.bsd +++ /dev/null @@ -1,25 +0,0 @@ -Pentium Pro 200mhz -FreeBSD 2.1.5 -gcc 2.7.2.2 - -SSLeay 0.7.0 30-Jan-1997 -built on Tue Apr 22 12:14:36 EST 1997 -options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2) -C flags:gcc -DTERMIOS -D_ANSI_SOURCE -fomit-frame-pointer -O3 -m486 -Wall -The 'numbers' are in 1000s of bytes per second processed. -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -md2 130.99k 367.68k 499.09k 547.04k 566.50k -md5 1924.98k 8293.50k 13464.41k 16010.39k 16820.68k -sha 1250.75k 5330.43k 8636.88k 10227.36k 10779.14k -sha1 1071.55k 4572.50k 7459.98k 8791.96k 9341.61k -rc4 10724.22k 14546.25k 15240.18k 15259.50k 15265.63k -des cbc 3309.11k 3883.01k 3968.25k 3971.86k 3979.14k -des ede3 1442.98k 1548.33k 1562.48k 1562.00k 1563.33k -idea cbc 2195.69k 2506.39k 2529.59k 2545.66k 2546.54k -rc2 cbc 806.00k 833.52k 837.58k 838.52k 836.69k -blowfish cbc 4687.34k 5949.97k 6182.43k 6248.11k 6226.09k -rsa 512 bits 0.010s -rsa 1024 bits 0.045s -rsa 2048 bits 0.260s -rsa 4096 bits 1.690s - diff --git a/times/686-200.lnx b/times/686-200.lnx deleted file mode 100644 index a10cc2f..0000000 --- a/times/686-200.lnx +++ /dev/null @@ -1,26 +0,0 @@ -SSLeay 0.8.2a 04-Sep-1997 -built on Fri Sep 5 17:37:05 EST 1997 -options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2) C flags:gcc -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -The 'numbers' are in 1000s of bytes per second processed. -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -md2 131.02k 368.41k 500.57k 549.21k 566.09k -mdc2 535.60k 589.10k 595.88k 595.97k 594.54k -md5 1801.53k 9674.77k 17484.03k 21849.43k 23592.96k -sha 1261.63k 5533.25k 9285.63k 11187.88k 11913.90k -sha1 1103.13k 4782.53k 7933.78k 9472.34k 10070.70k -rc4 10722.53k 14443.93k 15215.79k 15299.24k 15219.59k -des cbc 3286.57k 3827.73k 3913.39k 3931.82k 3926.70k -des ede3 1443.50k 1549.08k 1561.17k 1566.38k 1564.67k -idea cbc 2203.64k 2508.16k 2538.33k 2543.62k 2547.71k -rc2 cbc 1430.94k 1511.59k 1524.82k 1527.13k 1523.33k -blowfish cbc 4716.07k 5965.82k 6190.17k 6243.67k 6234.11k - sign verify -rsa 512 bits 0.0100s 0.0011s -rsa 1024 bits 0.0451s 0.0012s -rsa 2048 bits 0.2605s 0.0086s -rsa 4096 bits 1.6883s 0.0302s - sign verify -dsa 512 bits 0.0083s 0.0156s -dsa 1024 bits 0.0228s 0.0454s -dsa 2048 bits 0.0719s 0.1446s - diff --git a/times/686-200.nt b/times/686-200.nt deleted file mode 100644 index c8cbaa0..0000000 --- a/times/686-200.nt +++ /dev/null @@ -1,24 +0,0 @@ -built on Tue May 13 08:24:51 EST 1997 -options:bn(64,32) md2(char) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfi -sh(ptr2) -C flags not available -The 'numbers' are in 1000s of bytes per second processed. -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -md2 156.39k 427.99k 576.14k 628.36k 647.27k -md5 2120.48k 10255.02k 18396.07k 22795.13k 24244.53k -sha 1468.59k 6388.89k 10686.12k 12826.62k 13640.01k -sha1 1393.46k 6013.34k 9974.56k 11932.59k 12633.45k -rc4 13833.46k 19275.29k 20321.24k 20281.93k 20520.08k -des cbc 3382.50k 4104.02k 4152.78k 4194.30k 4194.30k -des ede3 1465.51k 1533.00k 1549.96k 1553.29k 1570.29k -idea cbc 2579.52k 3079.52k 3130.08k 3153.61k 3106.89k -rc2 cbc 1204.57k 1276.42k 1285.81k 1289.76k 1285.81k -blowfish cbc 5229.81k 6374.32k 6574.14k 6574.14k 6594.82k -rsa 512 bits 0.008s 0.001 -rsa 1024 bits 0.038s 0.001 -rsa 2048 bits 0.231s 0.008 -rsa 4096 bits 1.540s 0.027 -dsa 512 bits 0.007s 0.013 -dsa 1024 bits 0.021s 0.040 -dsa 2048 bits 0.066s 0.130 - diff --git a/times/L1 b/times/L1 deleted file mode 100644 index 09253d7..0000000 --- a/times/L1 +++ /dev/null @@ -1,27 +0,0 @@ -SSLeay 0.8.3ad 27-Oct-1997 -built on Wed Oct 29 00:36:17 EST 1997 -options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2) -C flags:gcc -DL_ENDIAN -DTERMIO -DBN_ASM -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DMD5_ASM -DSHA1_ASM -The 'numbers' are in 1000s of bytes per second processed. -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -md2 56.16k 156.50k 211.46k 231.77k 238.71k -mdc2 183.37k 205.21k 205.57k 209.92k 207.53k -md5 1003.65k 5605.56k 11628.54k 15887.70k 17522.69k -hmac(md5) 411.24k 2803.46k 7616.94k 13475.84k 16864.60k -sha1 542.66k 2843.50k 5320.53k 6833.49k 7389.18k -rc4 3677.15k 4313.73k 4407.89k 4429.82k 4404.57k -des cbc 1787.94k 2174.51k 2236.76k 2249.73k 2230.95k -des ede3 719.46k 777.26k 784.81k 780.29k 783.70k -idea cbc 619.56k 677.89k 684.12k 685.40k 685.40k -rc2 cbc 537.51k 573.93k 578.47k 579.24k 578.90k -blowfish cbc 3226.76k 4221.65k 4424.19k 4468.39k 4377.26k -cast cbc 2866.13k 3165.35k 3263.15k 3287.04k 3233.11k - sign verify -rsa 512 bits 0.0212s 0.0021s -rsa 1024 bits 0.1072s 0.0064s -rsa 2048 bits 0.6853s 0.0222s -rsa 4096 bits 4.9300s 0.0848s - sign verify -dsa 512 bits 0.0200s 0.0380s -dsa 1024 bits 0.0600s 0.1180s -dsa 2048 bits 0.2110s 0.4221s diff --git a/times/R10000.t b/times/R10000.t deleted file mode 100644 index 6b3874c..0000000 --- a/times/R10000.t +++ /dev/null @@ -1,24 +0,0 @@ -IRIX 6.2 - R10000 195mhz -SLeay 0.6.5a 06-Dec-1996 -built on Tue Dec 24 03:51:45 EST 1996 -options:bn(32,32) md2(int) rc4(ptr,int) des(ptr,risc2,16,long) idea(int) -C flags:cc -O2 -DTERMIOS -DB_ENDIAN -The 'numbers' are in 1000s of bytes per second processed. -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -md2 156.34k 424.03k 571.88k 628.88k 646.01k -md5 1885.02k 8181.72k 13440.53k 16020.60k 16947.54k -sha 1587.12k 7022.05k 11951.24k 14440.12k 15462.74k -sha1 1413.13k 6215.86k 10571.16k 12736.22k 13628.51k -rc4 10556.28k 11974.08k 12077.10k 12111.38k 12103.20k -des cfb 2977.71k 3252.27k 3284.36k 3302.66k 3290.54k -des cbc 3298.31k 3704.96k 3771.30k 3730.73k 3778.80k -des ede3 1278.28k 1328.82k 1342.66k 1339.82k 1343.27k -idea cfb 2843.34k 3138.04k 3180.95k 3176.46k 3188.54k -idea cbc 3115.21k 3558.03k 3590.61k 3591.24k 3601.18k -rc2 cfb 2006.66k 2133.33k 2149.03k 2159.36k 2149.71k -rc2 cbc 2167.07k 2315.30k 2338.05k 2329.34k 2333.90k -rsa 512 bits 0.008s -rsa 1024 bits 0.043s -rsa 2048 bits 0.280s -rsa 4096 bits 2.064s - diff --git a/times/R4400.t b/times/R4400.t deleted file mode 100644 index af8848f..0000000 --- a/times/R4400.t +++ /dev/null @@ -1,26 +0,0 @@ -IRIX 5.3 -R4400 200mhz -cc -O2 -SSLeay 0.6.5a 06-Dec-1996 -built on Mon Dec 23 11:51:11 EST 1996 -options:bn(32,32) md2(int) rc4(ptr,int) des(ptr,risc2,16,long) idea(int) -C flags:cc -O2 -DTERMIOS -DB_ENDIAN -The 'numbers' are in 1000s of bytes per second processed. -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -md2 100.62k 280.25k 380.15k 416.02k 428.82k -md5 828.62k 3525.05k 6311.98k 7742.51k 8328.04k -sha 580.04k 2513.74k 4251.73k 5101.04k 5394.80k -sha1 520.23k 2382.94k 4107.82k 5024.62k 5362.56k -rc4 5871.53k 6323.08k 6357.49k 6392.04k 6305.45k -des cfb 1016.76k 1156.72k 1176.59k 1180.55k 1181.65k -des cbc 1016.38k 1303.81k 1349.10k 1359.41k 1356.62k -des ede3 607.39k 650.74k 655.11k 657.52k 654.18k -idea cfb 1296.10k 1348.66k 1353.80k 1358.75k 1355.40k -idea cbc 1453.90k 1554.68k 1567.84k 1569.89k 1573.57k -rc2 cfb 1199.86k 1251.69k 1253.57k 1259.56k 1251.31k -rc2 cbc 1334.60k 1428.55k 1441.89k 1445.42k 1441.45k -rsa 512 bits 0.024s -rsa 1024 bits 0.125s -rsa 2048 bits 0.806s -rsa 4096 bits 5.800s - diff --git a/times/aix.t b/times/aix.t deleted file mode 100644 index 4f24e39..0000000 --- a/times/aix.t +++ /dev/null @@ -1,34 +0,0 @@ -from Paco Garcia <pgarcia@ctv.es> -This machine is a Bull Estrella Minitower Model MT604-100 -Processor : PPC604 -P.Speed : 100Mhz -Data/Instr Cache : 16 K -L2 Cache : 256 K -PCI BUS Speed : 33 Mhz -TransfRate PCI : 132 MB/s -Memory : 96 MB - -AIX 4.1.4 - -SSLeay 0.6.6 14-Jan-1997 -built on Mon Jan 13 21:36:03 CUT 1997 -options:bn(64,32) md2(int) rc4(ptr,char) des(idx,cisc,4,long) idea(int) blowfish -(idx) -C flags:cc -O -DAIX -DB_ENDIAN -The 'numbers' are in 1000s of bytes per second processed. -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -md2 53.83k 147.46k 197.63k 215.72k 221.70k -md5 1278.13k 5354.77k 8679.60k 10195.09k 10780.56k -sha 1055.34k 4600.37k 7721.30k 9298.94k 9868.63k -sha1 276.90k 1270.25k 2187.95k 2666.84k 2850.82k -rc4 4660.57k 5268.93k 5332.48k 5362.47k 5346.65k -des cbc 1774.16k 1981.10k 1979.56k 2032.71k 1972.25k -des ede3 748.81k 781.42k 785.66k 785.75k 780.84k -idea cbc 2066.19k 2329.58k 2378.91k 2379.86k 2380.89k -rc2 cbc 1278.53k 1379.69k 1389.99k 1393.66k 1389.91k -blowfish cbc 2812.91k 3307.90k 3364.91k 3386.37k 3374.32k -rsa 512 bits 0.019s -rsa 1024 bits 0.096s -rsa 2048 bits 0.614s -rsa 4096 bits 4.433s - diff --git a/times/aixold.t b/times/aixold.t deleted file mode 100644 index 0b51412..0000000 --- a/times/aixold.t +++ /dev/null @@ -1,23 +0,0 @@ -SSLeay 0.7.3r 20-May-1997 -built on Mon Jun 2 04:06:32 EST 1997 -options:bn(64,32) md2(int) rc4(ptr,char) des(idx,cisc,4,long) idea(int) blowfish(idx) -C flags:cc -O -DAIX -DB_ENDIAN -The 'numbers' are in 1000s of bytes per second processed. -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -md2 19.09k 52.47k 71.23k 77.49k 78.93k -md5 214.56k 941.21k 1585.43k 1883.12k 1988.70k -sha 118.35k 521.65k 860.28k 1042.27k 1100.46k -sha1 109.52k 478.98k 825.90k 995.48k 1049.69k -rc4 1263.63k 1494.24k 1545.70k 1521.66k 1518.99k -des cbc 259.62k 286.55k 287.15k 288.15k 289.45k -des ede3 104.92k 107.88k 109.27k 109.25k 109.96k -idea cbc 291.63k 320.07k 319.40k 320.51k 318.27k -rc2 cbc 220.04k 237.76k 241.44k 245.90k 244.08k -blowfish cbc 407.95k 474.83k 480.99k 485.71k 481.07k -rsa 512 bits 0.157s 0.019 -rsa 1024 bits 0.908s 0.023 -rsa 2048 bits 6.225s 0.218 -rsa 4096 bits 46.500s 0.830 -dsa 512 bits 0.159s 0.312 -dsa 1024 bits 0.536s 1.057 -dsa 2048 bits 1.970s 3.977 diff --git a/times/alpha.t b/times/alpha.t deleted file mode 100644 index 3a7c6c4..0000000 --- a/times/alpha.t +++ /dev/null @@ -1,81 +0,0 @@ -SSLeay-051 Alpha gcc -O3 64Bit (assember bn_mul) -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -md2 44.40k 121.56k 162.73k 179.20k 185.01k -md5 780.85k 3278.53k 5281.52k 6327.98k 6684.67k -sha 501.40k 2249.19k 3855.27k 4801.19k 5160.96k -sha-1 384.99k 1759.72k 3113.64k 3946.92k 4229.80k -rc4 3505.05k 3724.54k 3723.78k 3555.33k 3694.68k -des cfb 946.96k 1015.27k 1021.87k 1033.56k 1037.65k -des cbc 1001.24k 1220.20k 1243.31k 1272.73k 1265.87k -des ede3 445.34k 491.65k 500.53k 502.10k 502.44k -idea cfb 643.53k 667.49k 663.81k 666.28k 664.51k -idea cbc 650.42k 735.41k 733.27k 742.74k 745.47k -rsa 512 bits 0.031s -rsa 1024 bits 0.141s -rsa 2048 bits 0.844s -rsa 4096 bits 6.033s - -SSLeay-051 Alpha cc -O2 64bit (assember bn_mul) -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -md2 45.37k 122.86k 165.97k 182.95k 188.42k -md5 842.42k 3629.93k 5916.76k 7039.17k 7364.61k -sha 498.93k 2197.23k 3895.60k 4756.48k 5132.13k -sha-1 382.02k 1757.21k 3112.53k 3865.23k 4128.77k -rc4 2975.25k 3049.33k 3180.97k 3214.68k 3424.26k -des cfb 901.55k 990.83k 1006.08k 1011.19k 1004.89k -des cbc 947.84k 1127.84k 1163.67k 1162.24k 1157.80k -des ede3 435.62k 485.57k 493.67k 491.52k 491.52k -idea cfb 629.31k 648.66k 647.77k 648.53k 649.90k -idea cbc 565.15k 608.00k 613.46k 613.38k 617.13k -rsa 512 bits 0.030s -rsa 1024 bits 0.141s -rsa 2048 bits 0.854s -rsa 4096 bits 6.067s - -des cfb 718.28k 822.64k 833.11k 836.27k 841.05k -des cbc 806.10k 951.42k 975.83k 983.73k 991.23k -des ede3 329.50k 379.11k 387.95k 387.41k 388.33k - -des cfb 871.62k 948.65k 951.81k 953.00k 955.58k -des cbc 953.60k 1174.27k 1206.70k 1216.10k 1216.44k -des ede3 349.34k 418.05k 427.26k 429.74k 431.45k - - - - -SSLeay-045c Alpha gcc -O3 64Bit -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -md2 44.95k 122.22k 164.27k 180.62k 184.66k -md5 808.71k 3371.95k 5415.68k 6385.66k 6684.67k -sha 493.68k 2162.05k 3725.82k 4552.02k 4838.74k -rc4 3317.32k 3649.09k 3728.30k 3744.09k 3691.86k -cfb des 996.45k 1050.77k 1058.30k 1059.16k 1064.96k -cbc des 1096.52k 1255.49k 1282.13k 1289.90k 1299.80k -ede3 des 482.14k 513.51k 518.66k 520.19k 521.39k -cfb idea 519.90k 533.40k 535.21k 535.55k 535.21k -cbc idea 619.34k 682.21k 688.04k 689.15k 690.86k -rsa 512 bits 0.050s -rsa 1024 bits 0.279s -rsa 2048 bits 1.908s -rsa 4096 bits 14.750s - -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -md2 37.31k 102.77k 137.64k 151.55k 155.78k -md5 516.65k 2535.21k 4655.72k 5859.66k 6343.34k -rc4 3519.61k 3707.01k 3746.86k 3755.39k 3675.48k -cfb des 780.27k 894.68k 913.10k 921.26k 922.97k -cbc des 867.54k 1040.13k 1074.17k 1075.54k 1084.07k -ede3 des 357.19k 397.36k 398.08k 402.28k 401.41k -cbc idea 646.53k 686.44k 694.03k 691.20k 693.59k -rsa 512 bits 0.046s -rsa 1024 bits 0.270s -rsa 2048 bits 1.858s -rsa 4096 bits 14.350s - -md2 C 37.83k 103.17k 137.90k 150.87k 155.37k -md2 L 37.30k 102.04k 139.01k 152.74k 155.78k -rc4 I 3532.24k 3718.08k 3750.83k 3768.78k 3694.59k -rc4 CI 2662.97k 2873.26k 2907.22k 2920.63k 2886.31k -rc4 LI 3514.63k 3738.72k 3747.41k 3752.96k 3708.49k -cbc idea S 619.01k 658.68k 661.50k 662.53k 663.55k -cbc idea L 645.69k 684.22k 694.55k 692.57k 690.86k diff --git a/times/alpha400.t b/times/alpha400.t deleted file mode 100644 index 079e0d1..0000000 --- a/times/alpha400.t +++ /dev/null @@ -1,25 +0,0 @@ -Alpha EV5.6 (21164A) 400mhz - -SSLeay 0.7.3r 20-May-1997 -built on Mon Jun 2 03:39:58 EST 1997 -options:bn(64,64) md2(int) rc4(ptr,int) des(idx,cisc,4,long) idea(int) blowfish(idx) -C flags:cc -arch host -tune host -fast -std -O4 -inline speed -The 'numbers' are in 1000s of bytes per second processed. -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -md2 274.98k 760.96k 1034.27k 1124.69k 1148.69k -md5 2524.46k 11602.60k 19838.81k 24075.26k 25745.10k -sha 1848.46k 8335.66k 14232.49k 17247.91k 18530.30k -sha1 1639.67k 7336.53k 12371.80k 14807.72k 15870.63k -rc4 17950.93k 19390.66k 19652.44k 19700.39k 19412.31k -des cbc 4018.59k 4872.06k 4988.76k 5003.26k 4995.73k -des ede3 1809.11k 1965.67k 1984.26k 1986.90k 1982.46k -idea cbc 2848.82k 3204.33k 3250.26k 3257.34k 3260.42k -rc2 cbc 3766.08k 4349.50k 4432.21k 4448.94k 4448.26k -blowfish cbc 6694.88k 9042.35k 9486.93k 9598.98k 9624.91k -rsa 512 bits 0.003s 0.000 -rsa 1024 bits 0.013s 0.000 -rsa 2048 bits 0.081s 0.003 -rsa 4096 bits 0.577s 0.011 -dsa 512 bits 0.003s 0.005 -dsa 1024 bits 0.007s 0.014 -dsa 2048 bits 0.025s 0.050 diff --git a/times/cyrix100.lnx b/times/cyrix100.lnx deleted file mode 100644 index 010a221..0000000 --- a/times/cyrix100.lnx +++ /dev/null @@ -1,22 +0,0 @@ -SSLeay 0.6.6 06-Dec-1996 -built on Fri Dec 6 10:05:20 GMT 1996 -options:bn(64,32) md2(char) rc4(idx,int) des(idx,risc,16,long) idea(int) -C flags:gcc -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -The 'numbers' are in 1000s of bytes per second processed. -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -md2 36.77k 102.48k 138.00k 151.57k 155.78k -md5 513.59k 2577.22k 4623.51k 5768.99k 6214.53k -sha 259.89k 1105.45k 1814.97k 2156.16k 2292.13k -sha1 242.43k 1040.95k 1719.44k 2049.74k 2164.64k -rc4 1984.48k 2303.41k 2109.37k 2071.47k 1985.61k -des cfb 712.08k 758.29k 753.17k 752.06k 748.67k -des cbc 787.37k 937.64k 956.77k 961.61k 957.54k -des ede3 353.97k 377.28k 379.99k 379.34k 379.11k -idea cfb 403.80k 418.50k 416.60k 415.78k 415.03k -idea cbc 426.54k 466.40k 471.31k 472.67k 473.14k -rc2 cfb 405.15k 420.05k 418.16k 416.72k 416.36k -rc2 cbc 428.21k 468.43k 473.09k 472.59k 474.70k -rsa 512 bits 0.040s -rsa 1024 bits 0.195s -rsa 2048 bits 1.201s -rsa 4096 bits 8.700s diff --git a/times/dgux-x86.t b/times/dgux-x86.t deleted file mode 100644 index 70635c5..0000000 --- a/times/dgux-x86.t +++ /dev/null @@ -1,23 +0,0 @@ -version:SSLeay 0.5.2c 15-May-1996 -built Fri Jun 14 19:47:04 EST 1996 -options:bn(LLONG,thirty_two) md2(CHAR) rc4(IDX,int) des(ary,long) idea(int) -C flags:gcc -O3 -fomit-frame-pointer -DL_ENDIAN - -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -md2 113.86k 316.48k 428.36k 467.63k 481.56k -md5 1001.99k 5037.99k 9545.94k 12036.95k 11800.38k -sha 628.77k 2743.48k 5113.42k 6206.99k 6165.42k -sha1 583.83k 2638.66k 4538.85k 5532.09k 5917.04k -rc4 5493.27k 6369.39k 6511.30k 6577.83k 6486.73k -des cfb 1219.01k 1286.06k 1299.33k 1288.87k 1381.72k -des cbc 1360.58k 1469.04k 1456.96k 1454.08k 1513.57k -des ede3 544.45k 567.84k 568.99k 570.37k 566.09k -idea cfb 1012.39k 1056.30k 1063.52k 989.17k 863.24k -idea cbc 985.36k 1090.44k 1105.92k 1108.65k 1090.17k -rc2 cfb 963.86k 979.06k 995.30k 937.35k 827.39k -rc2 cbc 951.72k 1042.11k 1049.60k 1047.21k 1059.11k -rsa 512 bits 0.032s -rsa 1024 bits 0.159s -rsa 2048 bits 1.025s -rsa 4096 bits 7.270s - diff --git a/times/dgux.t b/times/dgux.t deleted file mode 100644 index c7f7564..0000000 --- a/times/dgux.t +++ /dev/null @@ -1,17 +0,0 @@ -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -md2 38.54k 106.28k 144.00k 157.46k 161.72k -md5 323.23k 1471.62k 2546.11k 3100.20k 3309.57k -rc4 I 1902.74k 2055.20k 2080.42k 2077.88k 2065.46k -cfb des 456.23k 475.22k 481.79k 488.42k 487.17k -cbc des 484.30k 537.50k 553.09k 558.08k 558.67k -ede3 des 199.97k 209.05k 211.03k 211.85k 212.78k -cbc idea 478.50k 519.33k 523.42k 525.09k 526.44k -rsa 512 bits 0.159s !RSA_LLONG -rsa 1024 bits 1.053s -rsa 2048 bits 7.600s -rsa 4096 bits 59.760s - -md2 C 30.53k 83.58k 112.84k 123.22k 126.24k -rc4 1844.56k 1975.50k 1997.73k 1994.95k 1984.88k -rc4 C 1800.09k 1968.85k 1995.20k 1992.36k 1996.80k -rc4 CI 1830.81k 2035.75k 2067.28k 2070.23k 2062.77k diff --git a/times/hpux-acc.t b/times/hpux-acc.t deleted file mode 100644 index 0c0e936..0000000 --- a/times/hpux-acc.t +++ /dev/null @@ -1,25 +0,0 @@ -HPUX 887 - -SSLeay 0.7.3r 20-May-1997 -built on Mon Jun 2 02:59:45 EST 1997 -options:bn(32,32) md2(int) rc4(ptr,int) des(ptr,risc1,16,long) idea(int) blowfish(idx) -C flags:cc -DB_ENDIAN -D_HPUX_SOURCE -Aa -Ae +ESlit +O4 -Wl,-a,archive -The 'numbers' are in 1000s of bytes per second processed. -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -md2 58.99k 166.85k 225.07k 247.21k 253.76k -md5 639.22k 2726.98k 4477.25k 5312.69k 5605.20k -sha 381.08k 1661.49k 2793.84k 3368.86k 3581.23k -sha1 349.54k 1514.56k 2536.63k 3042.59k 3224.39k -rc4 2891.10k 4238.01k 4464.11k 4532.49k 4545.87k -des cbc 717.05k 808.76k 820.14k 821.97k 821.96k -des ede3 288.21k 303.50k 303.69k 305.82k 305.14k -idea cbc 325.83k 334.36k 335.89k 336.61k 333.43k -rc2 cbc 793.00k 915.81k 926.69k 933.28k 929.53k -blowfish cbc 1561.91k 2051.97k 2122.65k 2139.40k 2145.92k -rsa 512 bits 0.031s 0.004 -rsa 1024 bits 0.164s 0.004 -rsa 2048 bits 1.055s 0.037 -rsa 4096 bits 7.600s 0.137 -dsa 512 bits 0.029s 0.057 -dsa 1024 bits 0.092s 0.177 -dsa 2048 bits 0.325s 0.646 diff --git a/times/hpux-kr.t b/times/hpux-kr.t deleted file mode 100644 index ad4a0ad..0000000 --- a/times/hpux-kr.t +++ /dev/null @@ -1,23 +0,0 @@ -SSLeay 0.7.3r 20-May-1997 -built on Mon Jun 2 02:17:35 EST 1997 -options:bn(32,32) md2(int) rc4(ptr,int) des(ptr,cisc,16,long) idea(int) blowfish(idx) -C flags:cc -DB_ENDIAN -DNOCONST -DNOPROTO -D_HPUX_SOURCE -The 'numbers' are in 1000s of bytes per second processed. -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -md2 35.30k 98.36k 133.41k 146.34k 150.69k -md5 391.20k 1737.31k 2796.65k 3313.75k 3503.74k -sha 189.55k 848.14k 1436.72k 1735.87k 1848.03k -sha1 175.30k 781.14k 1310.32k 1575.61k 1675.81k -rc4 2070.55k 2501.47k 2556.65k 2578.34k 2584.91k -des cbc 465.13k 536.85k 545.87k 547.86k 548.89k -des ede3 190.05k 200.99k 202.31k 202.22k 202.75k -idea cbc 263.44k 277.77k 282.13k 281.51k 283.15k -rc2 cbc 448.37k 511.39k 519.54k 522.00k 521.31k -blowfish cbc 839.98k 1097.70k 1131.16k 1145.64k 1144.67k -rsa 512 bits 0.048s 0.005 -rsa 1024 bits 0.222s 0.006 -rsa 2048 bits 1.272s 0.042 -rsa 4096 bits 8.445s 0.149 -dsa 512 bits 0.041s 0.077 -dsa 1024 bits 0.111s 0.220 -dsa 2048 bits 0.363s 0.726 diff --git a/times/hpux.t b/times/hpux.t deleted file mode 100644 index dcf7615..0000000 --- a/times/hpux.t +++ /dev/null @@ -1,86 +0,0 @@ -HP-UX A.09.05 9000/712 - -SSLeay 0.6.6 14-Jan-1997 -built on Tue Jan 14 16:36:31 WET 1997 -options:bn(32,32) md2(int) rc4(ptr,int) des(ptr,risc1,16,long) idea(int) -blowfish(idx) -C flags:cc -DB_ENDIAN -D_HPUX_SOURCE -Aa +ESlit +O2 -Wl,-a,archive -The 'numbers' are in 1000s of bytes per second processed. -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -md2 66.56k 184.92k 251.82k 259.86k 282.62k -md5 615.54k 2805.92k 4764.30k 5724.21k 6084.39k -sha 358.23k 1616.46k 2781.50k 3325.72k 3640.89k -sha1 327.50k 1497.98k 2619.44k 3220.26k 3460.85k -rc4 3500.47k 3890.99k 3943.81k 3883.74k 3900.02k -des cbc 742.65k 871.66k 887.15k 891.21k 895.40k -des ede3 302.42k 322.50k 324.46k 326.66k 326.05k -idea cbc 664.41k 755.87k 765.61k 772.70k 773.69k -rc2 cbc 798.78k 931.04k 947.69k 950.31k 952.04k -blowfish cbc 1353.32k 1932.29k 2021.93k 2047.02k 2053.66k -rsa 512 bits 0.059s -rsa 1024 bits 0.372s -rsa 2048 bits 2.697s -rsa 4096 bits 20.790s - -SSLeay 0.6.6 14-Jan-1997 -built on Tue Jan 14 15:37:30 WET 1997 -options:bn(64,32) md2(int) rc4(ptr,int) des(ptr,risc1,16,long) idea(int) -blowfish(idx) -C flags:gcc -DB_ENDIAN -O3 -The 'numbers' are in 1000s of bytes per second processed. -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -md2 44.91k 122.57k 167.71k 183.89k 190.24k -md5 532.50k 2316.27k 3965.72k 4740.11k 5055.06k -sha 363.76k 1684.09k 2978.53k 3730.86k 3972.72k -sha1 385.76k 1743.53k 2997.69k 3650.74k 3899.08k -rc4 3178.84k 3621.31k 3672.71k 3684.01k 3571.54k -des cbc 733.00k 844.70k 863.28k 863.72k 868.73k -des ede3 289.99k 308.94k 310.11k 309.64k 312.08k -idea cbc 624.07k 713.91k 724.76k 723.35k 725.13k -rc2 cbc 704.34k 793.39k 804.25k 805.99k 782.63k -blowfish cbc 1371.24k 1823.66k 1890.05k 1915.51k 1920.12k -rsa 512 bits 0.030s -rsa 1024 bits 0.156s -rsa 2048 bits 1.113s -rsa 4096 bits 7.480s - - -HPUX B.10.01 V 9000/887 - HP92453-01 A.10.11 HP C Compiler -SSLeay 0.5.2 - -Aa +ESlit +Oall +O4 -Wl,-a,archive - -HPUX A.09.04 B 9000/887 - -ssleay 0.5.1 gcc v 2.7.0 -O3 -mpa-risc-1-1 -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -md2 53.00k 166.81k 205.66k 241.95k 242.20k -md5 743.22k 3128.44k 6031.85k 6142.07k 7025.26k -sha 481.30k 2008.24k 3361.31k 3985.07k 4180.74k -sha-1 463.60k 1916.15k 3139.24k 3786.27k 3997.70k -rc4 3708.61k 4125.16k 4547.53k 4206.21k 4390.07k -des cfb 665.91k 705.97k 698.48k 694.25k 666.08k -des cbc 679.80k 741.90k 769.85k 747.62k 719.47k -des ede3 264.31k 270.22k 265.63k 273.07k 273.07k -idea cfb 635.91k 673.40k 605.60k 699.53k 672.36k -idea cbc 705.85k 774.63k 750.60k 715.83k 721.50k -rsa 512 bits 0.066s -rsa 1024 bits 0.372s -rsa 2048 bits 2.177s -rsa 4096 bits 16.230s - -HP92453-01 A.09.61 HP C Compiler -ssleay 0.5.1 cc -Ae +ESlit +Oall -Wl,-a,archive -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -md2 58.69k 163.30k 213.57k 230.40k 254.23k -md5 608.60k 2596.82k 3871.43k 4684.10k 4763.88k -sha 343.26k 1482.43k 2316.80k 2766.27k 2860.26k -sha-1 319.15k 1324.13k 2106.03k 2527.82k 2747.95k -rc4 2467.47k 3374.41k 3265.49k 3354.39k 3368.55k -des cfb 812.05k 814.90k 851.20k 819.20k 854.56k -des cbc 836.35k 994.06k 916.02k 1020.01k 988.14k -des ede3 369.78k 389.15k 401.01k 382.94k 408.03k -idea cfb 290.40k 298.06k 286.11k 296.92k 299.46k -idea cbc 301.30k 297.72k 304.34k 300.10k 309.70k -rsa 512 bits 0.350s -rsa 1024 bits 2.635s -rsa 2048 bits 19.930s - diff --git a/times/p2.w95 b/times/p2.w95 deleted file mode 100644 index 82d1e55..0000000 --- a/times/p2.w95 +++ /dev/null @@ -1,22 +0,0 @@ -The 'numbers' are in 1000s of bytes per second processed. -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -md2 235.90k 652.30k 893.36k 985.74k 985.74k -mdc2 779.61k 816.81k 825.65k 816.01k 825.65k -md5 2788.77k 13508.23k 24672.38k 30504.03k 33156.55k -sha 1938.22k 8397.01k 14122.24k 16980.99k 18196.55k -sha1 1817.29k 7832.50k 13168.93k 15738.48k 16810.84k -rc4 15887.52k 21709.65k 22745.68k 22995.09k 22995.09k -des cbc 4599.02k 5377.31k 5377.31k 5533.38k 5533.38k -des ede3 1899.59k 2086.71k 2086.67k 2086.51k 2085.90k -idea cbc 3350.08k 3934.62k 3979.42k 4017.53k 4017.53k -rc2 cbc 1534.13k 1630.76k 1625.70k 1644.83k 1653.91k -blowfish cbc 6678.83k 8490.49k 8701.88k 8848.74k 8886.24k - sign verify -rsa 512 bits 0.0062s 0.0008s -rsa 1024 bits 0.0287s 0.0009s -rsa 2048 bits 0.1785s 0.0059s -rsa 4096 bits 1.1300s 0.0205s - sign verify -dsa 512 bits 0.0055s 0.0100s -dsa 1024 bits 0.0154s 0.0299s -dsa 2048 bits 0.0502s 0.0996s diff --git a/times/pent2.t b/times/pent2.t deleted file mode 100644 index b6dc269..0000000 --- a/times/pent2.t +++ /dev/null @@ -1,24 +0,0 @@ -pentium 2, 266mhz, Visual C++ 5.0, Windows 95 - -The 'numbers' are in 1000s of bytes per second processed. -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -md2 235.90k 652.30k 893.36k 985.74k 985.74k -mdc2 779.61k 816.81k 825.65k 816.01k 825.65k -md5 2788.77k 13508.23k 24672.38k 30504.03k 33156.55k -sha 1938.22k 8397.01k 14122.24k 16980.99k 18196.55k -sha1 1817.29k 7832.50k 13168.93k 15738.48k 16810.84k -rc4 15887.52k 21709.65k 22745.68k 22995.09k 22995.09k -des cbc 4599.02k 5377.31k 5377.31k 5533.38k 5533.38k -des ede3 1899.59k 2086.71k 2086.67k 2086.51k 2085.90k -idea cbc 3350.08k 3934.62k 3979.42k 4017.53k 4017.53k -rc2 cbc 1534.13k 1630.76k 1625.70k 1644.83k 1653.91k -blowfish cbc 6678.83k 8490.49k 8701.88k 8848.74k 8886.24k - sign verify -rsa 512 bits 0.0062s 0.0008s -rsa 1024 bits 0.0287s 0.0009s -rsa 2048 bits 0.1785s 0.0059s -rsa 4096 bits 1.1300s 0.0205s - sign verify -dsa 512 bits 0.0055s 0.0100s -dsa 1024 bits 0.0154s 0.0299s -dsa 2048 bits 0.0502s 0.0996s diff --git a/times/readme b/times/readme deleted file mode 100644 index 7074f58..0000000 --- a/times/readme +++ /dev/null @@ -1,11 +0,0 @@ -The 'times' in this directory are not all for the most recent version of -the library and it should be noted that on some CPUs (specifically sparc -and Alpha), the locations of files in the application after linking can -make upto a %10 speed difference when running benchmarks on things like -cbc mode DES. To put it mildly this can be very anoying. - -About the only way to get around this would be to compile the library as one -object file, or to 'include' the source files in a specific order. - -The best way to get an idea of the 'raw' DES speed is to build the -'speed' program in crypto/des. diff --git a/times/s586-100.lnx b/times/s586-100.lnx deleted file mode 100644 index cbc3e3c..0000000 --- a/times/s586-100.lnx +++ /dev/null @@ -1,25 +0,0 @@ -Shared library build - -SSLeay 0.7.3 30-Apr-1997 -built on Tue May 13 03:43:56 EST 1997 -options:bn(64,32) md2(char) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2) -C flags:-DTERMIO -O3 -DL_ENDIAN -fomit-frame-pointer -m486 -Wall -The 'numbers' are in 1000s of bytes per second processed. -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -md2 68.95k 191.40k 258.22k 283.31k 291.21k -md5 627.37k 3064.75k 5370.15k 6765.91k 7255.38k -sha 323.35k 1431.32k 2417.07k 2916.69k 3102.04k -sha1 298.08k 1318.34k 2228.82k 2694.83k 2864.47k -rc4 3404.13k 4026.33k 4107.43k 4136.28k 4117.85k -des cbc 1414.60k 1782.53k 1824.24k 1847.64k 1840.47k -des ede3 588.36k 688.19k 700.33k 702.46k 704.51k -idea cbc 582.96k 636.71k 641.54k 642.39k 642.30k -rc2 cbc 569.34k 612.37k 617.64k 617.47k 619.86k -blowfish cbc 2015.77k 2534.49k 2609.65k 2607.10k 2615.98k -rsa 512 bits 0.027s 0.003 -rsa 1024 bits 0.128s 0.003 -rsa 2048 bits 0.779s 0.027 -rsa 4096 bits 5.450s 0.098 -dsa 512 bits 0.024s 0.045 -dsa 1024 bits 0.068s 0.132 -dsa 2048 bits 0.231s 0.469 diff --git a/times/s586-100.nt b/times/s586-100.nt deleted file mode 100644 index 8e3baf6..0000000 --- a/times/s586-100.nt +++ /dev/null @@ -1,23 +0,0 @@ -SSLeay 0.7.3 30-Apr-1997 -built on Mon May 19 10:47:38 EST 1997 -options:bn(64,32) md2(char) rc4(idx,int) des(idx,cisc,4,long) idea(int) blowfish(ptr2) -C flags not available -The 'numbers' are in 1000s of bytes per second processed. -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -md2 90.26k 248.57k 335.06k 366.09k 376.64k -md5 863.95k 4205.24k 7628.78k 9582.60k 10290.25k -sha 463.93k 2102.51k 3623.28k 4417.85k 4695.29k -sha1 458.23k 2005.88k 3385.78k 4094.00k 4340.13k -rc4 5843.60k 7543.71k 7790.31k 7836.89k 7791.47k -des cbc 1583.95k 1910.67k 1960.69k 1972.12k 1946.13k -des ede3 654.79k 722.60k 740.97k 745.82k 738.27k -idea cbc 792.04k 876.96k 887.35k 892.63k 890.36k -rc2 cbc 603.50k 652.38k 661.85k 662.69k 661.44k -blowfish cbc 2379.88k 3043.76k 3153.61k 3153.61k 3134.76k -rsa 512 bits 0.022s 0.003 -rsa 1024 bits 0.111s 0.003 -rsa 2048 bits 0.716s 0.025 -rsa 4096 bits 5.188s 0.094 -dsa 512 bits 0.020s 0.039 -dsa 1024 bits 0.062s 0.124 -dsa 2048 bits 0.221s 0.441 diff --git a/times/sgi.t b/times/sgi.t deleted file mode 100644 index 7963610..0000000 --- a/times/sgi.t +++ /dev/null @@ -1,29 +0,0 @@ -SGI Challenge R4400 200mhz IRIX 5.3 - gcc (2.6.3) -SSLeay 0.6.1 02-Jul-1996 -built on Tue Jul 2 16:25:30 EST 1996 -options:bn(64,32) md2(char) rc4(idx,char) des(idx,long) idea(int) -C flags:gcc -O2 -mips2 -DTERMIOS -DB_ENDIAN -The 'numbers' are in 1000s of bytes per second processed. -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -md2 96.53k 266.70k 360.09k 393.70k 405.07k -md5 971.15k 4382.56k 7406.90k 8979.99k 9559.18k -sha 596.86k 2832.26k 4997.30k 6277.75k 6712.89k -sha1 578.34k 2630.16k 4632.05k 5684.34k 6083.37k -rc4 5641.12k 6821.76k 6996.13k 7052.61k 6913.32k -des cfb 1354.86k 1422.11k 1434.58k 1433.24k 1432.89k -des cbc 1467.13k 1618.92k 1630.08k 1637.00k 1629.62k -des ede3 566.13k 591.91k 596.86k 596.18k 592.54k -idea cfb 1190.60k 1264.49k 1270.38k 1267.84k 1272.37k -idea cbc 1271.45k 1410.37k 1422.49k 1426.46k 1421.73k -rc2 cfb 1285.73k 1371.40k 1380.92k 1383.13k 1379.23k -rc2 cbc 1386.61k 1542.10k 1562.49k 1572.45k 1567.93k -rsa 512 bits 0.018s -rsa 1024 bits 0.106s -rsa 2048 bits 0.738s -rsa 4096 bits 5.535s - -version:SSLeay 0.5.2c 15-May-1996 -rsa 512 bits 0.035s -rsa 1024 bits 0.204s -rsa 2048 bits 1.423s -rsa 4096 bits 10.800s diff --git a/times/sparc.t b/times/sparc.t deleted file mode 100644 index 1611f76..0000000 --- a/times/sparc.t +++ /dev/null @@ -1,26 +0,0 @@ -gcc 2.7.2 -Sparc 10 - Solaris 2.3 - 50mhz -SSLeay 0.7.3r 20-May-1997 -built on Mon Jun 2 00:55:51 EST 1997 -options:bn(64,32) md2(int) rc4(ptr,char) des(idx,cisc,16,long) idea(int) blowfish(ptr) -C flags:gcc -O3 -fomit-frame-pointer -mv8 -Wall -The 'numbers' are in 1000s of bytes per second processed. -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -md2 54.88k 154.52k 210.35k 231.08k 237.21k -md5 550.75k 2460.49k 4116.01k 4988.74k 5159.86k -sha 340.28k 1461.76k 2430.10k 2879.87k 2999.15k -sha1 307.27k 1298.41k 2136.26k 2540.07k 2658.28k -rc4 2652.21k 2805.24k 3301.63k 4003.98k 4071.18k -des cbc 811.78k 903.93k 914.19k 921.60k 932.29k -des ede3 328.21k 344.93k 349.64k 351.48k 345.07k -idea cbc 685.06k 727.42k 734.41k 730.11k 739.21k -rc2 cbc 718.59k 777.02k 781.96k 784.38k 782.60k -blowfish cbc 1268.85k 1520.64k 1568.88k 1587.54k 1591.98k -rsa 512 bits 0.037s 0.005 -rsa 1024 bits 0.213s 0.006 -rsa 2048 bits 1.471s 0.053 -rsa 4096 bits 11.100s 0.202 -dsa 512 bits 0.038s 0.074 -dsa 1024 bits 0.128s 0.248 -dsa 2048 bits 0.473s 0.959 - diff --git a/times/sparc2 b/times/sparc2 deleted file mode 100644 index 4b0dd80..0000000 --- a/times/sparc2 +++ /dev/null @@ -1,21 +0,0 @@ -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -md2 14.56k 40.25k 54.95k 60.13k 62.18k -mdc2 53.59k 57.45k 58.11k 58.21k 58.51k -md5 176.95k 764.75k 1270.36k 1520.14k 1608.36k -hmac(md5) 55.88k 369.70k 881.15k 1337.05k 1567.40k -sha1 92.69k 419.75k 723.63k 878.82k 939.35k -rc4 1247.28k 1414.09k 1434.30k 1434.34k 1441.13k -des cbc 284.41k 318.58k 323.07k 324.09k 323.87k -des ede3 109.99k 119.99k 121.60k 121.87k 121.66k -idea cbc 43.06k 43.68k 43.84k 43.64k 44.07k -rc2 cbc 278.85k 311.44k 316.50k 316.57k 317.37k -blowfish cbc 468.89k 569.35k 581.61k 568.34k 559.54k -cast cbc 285.84k 338.79k 345.71k 346.19k 341.09k - sign verify -rsa 512 bits 0.4175s 0.0519s -rsa 1024 bits 2.9325s 0.1948s -rsa 2048 bits 22.3600s 0.7669s - sign verify -dsa 512 bits 0.5178s 1.0300s -dsa 1024 bits 1.8780s 3.7167s -dsa 2048 bits 7.3500s 14.4800s diff --git a/times/sparcLX.t b/times/sparcLX.t deleted file mode 100644 index 2fdaed7..0000000 --- a/times/sparcLX.t +++ /dev/null @@ -1,22 +0,0 @@ -Sparc Station LX -SSLeay 0.7.3 30-Apr-1997 -built on Thu May 1 10:44:02 EST 1997 -options:bn(64,32) md2(int) rc4(ptr,char) des(idx,cisc,16,long) idea(int) blowfish(ptr) -C flags:gcc -O3 -fomit-frame-pointer -mv8 -Wall -The 'numbers' are in 1000s of bytes per second processed. -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -md2 17.60k 48.72k 66.47k 72.70k 74.72k -md5 226.24k 1082.21k 1982.72k 2594.02k 2717.01k -sha 71.38k 320.71k 551.08k 677.76k 720.90k -sha1 63.08k 280.79k 473.86k 576.94k 608.94k -rc4 1138.30k 1257.67k 1304.49k 1377.78k 1364.42k -des cbc 265.34k 308.85k 314.28k 315.39k 317.20k -des ede3 83.23k 93.13k 94.04k 94.50k 94.63k -idea cbc 254.48k 274.26k 275.88k 274.68k 275.80k -rc2 cbc 328.27k 375.39k 381.43k 381.61k 380.83k -blowfish cbc 487.00k 498.02k 510.12k 515.41k 516.10k -rsa 512 bits 0.093s -rsa 1024 bits 0.537s -rsa 2048 bits 3.823s -rsa 4096 bits 28.650s - diff --git a/times/usparc.t b/times/usparc.t deleted file mode 100644 index 2215624..0000000 --- a/times/usparc.t +++ /dev/null @@ -1,25 +0,0 @@ -Sparc 2000? - Solaris 2.5.1 - 167mhz Ultra sparc - -SSLeay 0.7.3r 20-May-1997 -built on Mon Jun 2 02:25:48 EST 1997 -options:bn(64,32) md2(int) rc4(ptr,char) des(ptr,risc1,16,long) idea(int) blowfish(ptr) -C flags:cc cc -xtarget=ultra -xarch=v8plus -Xa -xO5 -Xa -DB_ENDIAN -The 'numbers' are in 1000s of bytes per second processed. -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -md2 135.23k 389.87k 536.66k 591.87k 603.48k -md5 1534.38k 6160.41k 9842.69k 11446.95k 11993.09k -sha 1178.30k 5020.74k 8532.22k 10275.50k 11010.05k -sha1 1114.22k 4703.94k 7703.81k 9236.14k 9756.67k -rc4 10818.03k 13327.57k 13711.10k 13810.69k 13836.29k -des cbc 3052.44k 3320.02k 3356.25k 3369.98k 3295.91k -des ede3 1310.32k 1359.98k 1367.47k 1362.94k 1362.60k -idea cbc 1749.52k 1833.13k 1844.74k 1848.32k 1848.66k -rc2 cbc 1950.25k 2053.23k 2064.21k 2072.58k 2072.58k -blowfish cbc 4927.16k 5659.75k 5762.73k 5797.55k 5805.40k -rsa 512 bits 0.021s 0.003 -rsa 1024 bits 0.126s 0.003 -rsa 2048 bits 0.888s 0.032 -rsa 4096 bits 6.770s 0.122 -dsa 512 bits 0.022s 0.043 -dsa 1024 bits 0.076s 0.151 -dsa 2048 bits 0.286s 0.574 diff --git a/times/x86/bfs.cpp b/times/x86/bfs.cpp deleted file mode 100644 index d74c457..0000000 --- a/times/x86/bfs.cpp +++ /dev/null @@ -1,67 +0,0 @@ -// -// gettsc.inl -// -// gives access to the Pentium's (secret) cycle counter -// -// This software was written by Leonard Janke (janke@unixg.ubc.ca) -// in 1996-7 and is entered, by him, into the public domain. - -#if defined(__WATCOMC__) -void GetTSC(unsigned long&); -#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax]; -#elif defined(__GNUC__) -inline -void GetTSC(unsigned long& tsc) -{ - asm volatile(".byte 15, 49\n\t" - : "=eax" (tsc) - : - : "%edx", "%eax"); -} -#elif defined(_MSC_VER) -inline -void GetTSC(unsigned long& tsc) -{ - unsigned long a; - __asm _emit 0fh - __asm _emit 31h - __asm mov a, eax; - tsc=a; -} -#endif - -#include <stdio.h> -#include <stdlib.h> -#include <openssl/blowfish.h> - -void main(int argc,char *argv[]) - { - BF_KEY key; - unsigned long s1,s2,e1,e2; - unsigned long data[2]; - int i,j; - - for (j=0; j<6; j++) - { - for (i=0; i<1000; i++) /**/ - { - BF_encrypt(&data[0],&key); - GetTSC(s1); - BF_encrypt(&data[0],&key); - BF_encrypt(&data[0],&key); - BF_encrypt(&data[0],&key); - GetTSC(e1); - GetTSC(s2); - BF_encrypt(&data[0],&key); - BF_encrypt(&data[0],&key); - BF_encrypt(&data[0],&key); - BF_encrypt(&data[0],&key); - GetTSC(e2); - BF_encrypt(&data[0],&key); - } - - printf("blowfish %d %d (%d)\n", - e1-s1,e2-s2,((e2-s2)-(e1-s1))); - } - } - diff --git a/times/x86/casts.cpp b/times/x86/casts.cpp deleted file mode 100644 index 7661191..0000000 --- a/times/x86/casts.cpp +++ /dev/null @@ -1,67 +0,0 @@ -// -// gettsc.inl -// -// gives access to the Pentium's (secret) cycle counter -// -// This software was written by Leonard Janke (janke@unixg.ubc.ca) -// in 1996-7 and is entered, by him, into the public domain. - -#if defined(__WATCOMC__) -void GetTSC(unsigned long&); -#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax]; -#elif defined(__GNUC__) -inline -void GetTSC(unsigned long& tsc) -{ - asm volatile(".byte 15, 49\n\t" - : "=eax" (tsc) - : - : "%edx", "%eax"); -} -#elif defined(_MSC_VER) -inline -void GetTSC(unsigned long& tsc) -{ - unsigned long a; - __asm _emit 0fh - __asm _emit 31h - __asm mov a, eax; - tsc=a; -} -#endif - -#include <stdio.h> -#include <stdlib.h> -#include <openssl/cast.h> - -void main(int argc,char *argv[]) - { - CAST_KEY key; - unsigned long s1,s2,e1,e2; - unsigned long data[2]; - int i,j; - - for (j=0; j<6; j++) - { - for (i=0; i<1000; i++) /**/ - { - CAST_encrypt(&data[0],&key); - GetTSC(s1); - CAST_encrypt(&data[0],&key); - CAST_encrypt(&data[0],&key); - CAST_encrypt(&data[0],&key); - GetTSC(e1); - GetTSC(s2); - CAST_encrypt(&data[0],&key); - CAST_encrypt(&data[0],&key); - CAST_encrypt(&data[0],&key); - CAST_encrypt(&data[0],&key); - GetTSC(e2); - CAST_encrypt(&data[0],&key); - } - - printf("cast %d %d (%d)\n", - e1-s1,e2-s2,((e2-s2)-(e1-s1))); - } - } - diff --git a/times/x86/des3s.cpp b/times/x86/des3s.cpp deleted file mode 100644 index cd2b112..0000000 --- a/times/x86/des3s.cpp +++ /dev/null @@ -1,67 +0,0 @@ -// -// gettsc.inl -// -// gives access to the Pentium's (secret) cycle counter -// -// This software was written by Leonard Janke (janke@unixg.ubc.ca) -// in 1996-7 and is entered, by him, into the public domain. - -#if defined(__WATCOMC__) -void GetTSC(unsigned long&); -#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax]; -#elif defined(__GNUC__) -inline -void GetTSC(unsigned long& tsc) -{ - asm volatile(".byte 15, 49\n\t" - : "=eax" (tsc) - : - : "%edx", "%eax"); -} -#elif defined(_MSC_VER) -inline -void GetTSC(unsigned long& tsc) -{ - unsigned long a; - __asm _emit 0fh - __asm _emit 31h - __asm mov a, eax; - tsc=a; -} -#endif - -#include <stdio.h> -#include <stdlib.h> -#include <openssl/des.h> - -void main(int argc,char *argv[]) - { - des_key_schedule key1,key2,key3; - unsigned long s1,s2,e1,e2; - unsigned long data[2]; - int i,j; - - for (j=0; j<6; j++) - { - for (i=0; i<1000; i++) /**/ - { - des_encrypt3(&data[0],key1,key2,key3); - GetTSC(s1); - des_encrypt3(&data[0],key1,key2,key3); - des_encrypt3(&data[0],key1,key2,key3); - des_encrypt3(&data[0],key1,key2,key3); - GetTSC(e1); - GetTSC(s2); - des_encrypt3(&data[0],key1,key2,key3); - des_encrypt3(&data[0],key1,key2,key3); - des_encrypt3(&data[0],key1,key2,key3); - des_encrypt3(&data[0],key1,key2,key3); - GetTSC(e2); - des_encrypt3(&data[0],key1,key2,key3); - } - - printf("des3 %d %d (%d)\n", - e1-s1,e2-s2,((e2-s2)-(e1-s1))); - } - } - diff --git a/times/x86/dess.cpp b/times/x86/dess.cpp deleted file mode 100644 index 753e67a..0000000 --- a/times/x86/dess.cpp +++ /dev/null @@ -1,67 +0,0 @@ -// -// gettsc.inl -// -// gives access to the Pentium's (secret) cycle counter -// -// This software was written by Leonard Janke (janke@unixg.ubc.ca) -// in 1996-7 and is entered, by him, into the public domain. - -#if defined(__WATCOMC__) -void GetTSC(unsigned long&); -#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax]; -#elif defined(__GNUC__) -inline -void GetTSC(unsigned long& tsc) -{ - asm volatile(".byte 15, 49\n\t" - : "=eax" (tsc) - : - : "%edx", "%eax"); -} -#elif defined(_MSC_VER) -inline -void GetTSC(unsigned long& tsc) -{ - unsigned long a; - __asm _emit 0fh - __asm _emit 31h - __asm mov a, eax; - tsc=a; -} -#endif - -#include <stdio.h> -#include <stdlib.h> -#include <openssl/des.h> - -void main(int argc,char *argv[]) - { - des_key_schedule key; - unsigned long s1,s2,e1,e2; - unsigned long data[2]; - int i,j; - - for (j=0; j<6; j++) - { - for (i=0; i<1000; i++) /**/ - { - des_encrypt(&data[0],key,1); - GetTSC(s1); - des_encrypt(&data[0],key,1); - des_encrypt(&data[0],key,1); - des_encrypt(&data[0],key,1); - GetTSC(e1); - GetTSC(s2); - des_encrypt(&data[0],key,1); - des_encrypt(&data[0],key,1); - des_encrypt(&data[0],key,1); - des_encrypt(&data[0],key,1); - GetTSC(e2); - des_encrypt(&data[0],key,1); - } - - printf("des %d %d (%d)\n", - e1-s1,e2-s2,((e2-s2)-(e1-s1))); - } - } - diff --git a/times/x86/md4s.cpp b/times/x86/md4s.cpp deleted file mode 100644 index c0ec97f..0000000 --- a/times/x86/md4s.cpp +++ /dev/null @@ -1,78 +0,0 @@ -// -// gettsc.inl -// -// gives access to the Pentium's (secret) cycle counter -// -// This software was written by Leonard Janke (janke@unixg.ubc.ca) -// in 1996-7 and is entered, by him, into the public domain. - -#if defined(__WATCOMC__) -void GetTSC(unsigned long&); -#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax]; -#elif defined(__GNUC__) -inline -void GetTSC(unsigned long& tsc) -{ - asm volatile(".byte 15, 49\n\t" - : "=eax" (tsc) - : - : "%edx", "%eax"); -} -#elif defined(_MSC_VER) -inline -void GetTSC(unsigned long& tsc) -{ - unsigned long a; - __asm _emit 0fh - __asm _emit 31h - __asm mov a, eax; - tsc=a; -} -#endif - -#include <stdio.h> -#include <stdlib.h> -#include <openssl/md4.h> - -extern "C" { -void md4_block_x86(MD4_CTX *ctx, unsigned char *buffer,int num); -} - -void main(int argc,char *argv[]) - { - unsigned char buffer[64*256]; - MD4_CTX ctx; - unsigned long s1,s2,e1,e2; - unsigned char k[16]; - unsigned long data[2]; - unsigned char iv[8]; - int i,num=0,numm; - int j=0; - - if (argc >= 2) - num=atoi(argv[1]); - - if (num == 0) num=16; - if (num > 250) num=16; - numm=num+2; - num*=64; - numm*=64; - - for (j=0; j<6; j++) - { - for (i=0; i<10; i++) /**/ - { - md4_block_x86(&ctx,buffer,numm); - GetTSC(s1); - md4_block_x86(&ctx,buffer,numm); - GetTSC(e1); - GetTSC(s2); - md4_block_x86(&ctx,buffer,num); - GetTSC(e2); - md4_block_x86(&ctx,buffer,num); - } - printf("md4 (%d bytes) %d %d (%.2f)\n",num, - e1-s1,e2-s2,(double)((e1-s1)-(e2-s2))/2); - } - } - diff --git a/times/x86/md5s.cpp b/times/x86/md5s.cpp deleted file mode 100644 index dd343fd..0000000 --- a/times/x86/md5s.cpp +++ /dev/null @@ -1,78 +0,0 @@ -// -// gettsc.inl -// -// gives access to the Pentium's (secret) cycle counter -// -// This software was written by Leonard Janke (janke@unixg.ubc.ca) -// in 1996-7 and is entered, by him, into the public domain. - -#if defined(__WATCOMC__) -void GetTSC(unsigned long&); -#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax]; -#elif defined(__GNUC__) -inline -void GetTSC(unsigned long& tsc) -{ - asm volatile(".byte 15, 49\n\t" - : "=eax" (tsc) - : - : "%edx", "%eax"); -} -#elif defined(_MSC_VER) -inline -void GetTSC(unsigned long& tsc) -{ - unsigned long a; - __asm _emit 0fh - __asm _emit 31h - __asm mov a, eax; - tsc=a; -} -#endif - -#include <stdio.h> -#include <stdlib.h> -#include <openssl/md5.h> - -extern "C" { -void md5_block_x86(MD5_CTX *ctx, unsigned char *buffer,int num); -} - -void main(int argc,char *argv[]) - { - unsigned char buffer[64*256]; - MD5_CTX ctx; - unsigned long s1,s2,e1,e2; - unsigned char k[16]; - unsigned long data[2]; - unsigned char iv[8]; - int i,num=0,numm; - int j=0; - - if (argc >= 2) - num=atoi(argv[1]); - - if (num == 0) num=16; - if (num > 250) num=16; - numm=num+2; - num*=64; - numm*=64; - - for (j=0; j<6; j++) - { - for (i=0; i<10; i++) /**/ - { - md5_block_x86(&ctx,buffer,numm); - GetTSC(s1); - md5_block_x86(&ctx,buffer,numm); - GetTSC(e1); - GetTSC(s2); - md5_block_x86(&ctx,buffer,num); - GetTSC(e2); - md5_block_x86(&ctx,buffer,num); - } - printf("md5 (%d bytes) %d %d (%.2f)\n",num, - e1-s1,e2-s2,(double)((e1-s1)-(e2-s2))/2); - } - } - diff --git a/times/x86/rc4s.cpp b/times/x86/rc4s.cpp deleted file mode 100644 index 3814fde..0000000 --- a/times/x86/rc4s.cpp +++ /dev/null @@ -1,73 +0,0 @@ -// -// gettsc.inl -// -// gives access to the Pentium's (secret) cycle counter -// -// This software was written by Leonard Janke (janke@unixg.ubc.ca) -// in 1996-7 and is entered, by him, into the public domain. - -#if defined(__WATCOMC__) -void GetTSC(unsigned long&); -#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax]; -#elif defined(__GNUC__) -inline -void GetTSC(unsigned long& tsc) -{ - asm volatile(".byte 15, 49\n\t" - : "=eax" (tsc) - : - : "%edx", "%eax"); -} -#elif defined(_MSC_VER) -inline -void GetTSC(unsigned long& tsc) -{ - unsigned long a; - __asm _emit 0fh - __asm _emit 31h - __asm mov a, eax; - tsc=a; -} -#endif - -#include <stdio.h> -#include <stdlib.h> -#include <openssl/rc4.h> - -void main(int argc,char *argv[]) - { - unsigned char buffer[1024]; - RC4_KEY ctx; - unsigned long s1,s2,e1,e2; - unsigned char k[16]; - unsigned long data[2]; - unsigned char iv[8]; - int i,num=64,numm; - int j=0; - - if (argc >= 2) - num=atoi(argv[1]); - - if (num == 0) num=256; - if (num > 1024-16) num=1024-16; - numm=num+8; - - for (j=0; j<6; j++) - { - for (i=0; i<10; i++) /**/ - { - RC4(&ctx,numm,buffer,buffer); - GetTSC(s1); - RC4(&ctx,numm,buffer,buffer); - GetTSC(e1); - GetTSC(s2); - RC4(&ctx,num,buffer,buffer); - GetTSC(e2); - RC4(&ctx,num,buffer,buffer); - } - - printf("RC4 (%d bytes) %d %d (%d) - 8 bytes\n",num, - e1-s1,e2-s2,(e1-s1)-(e2-s2)); - } - } - diff --git a/times/x86/sha1s.cpp b/times/x86/sha1s.cpp deleted file mode 100644 index 3103e18..0000000 --- a/times/x86/sha1s.cpp +++ /dev/null @@ -1,79 +0,0 @@ -// -// gettsc.inl -// -// gives access to the Pentium's (secret) cycle counter -// -// This software was written by Leonard Janke (janke@unixg.ubc.ca) -// in 1996-7 and is entered, by him, into the public domain. - -#if defined(__WATCOMC__) -void GetTSC(unsigned long&); -#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax]; -#elif defined(__GNUC__) -inline -void GetTSC(unsigned long& tsc) -{ - asm volatile(".byte 15, 49\n\t" - : "=eax" (tsc) - : - : "%edx", "%eax"); -} -#elif defined(_MSC_VER) -inline -void GetTSC(unsigned long& tsc) -{ - unsigned long a; - __asm _emit 0fh - __asm _emit 31h - __asm mov a, eax; - tsc=a; -} -#endif - -#include <stdio.h> -#include <stdlib.h> -#include <openssl/sha.h> - -extern "C" { -void sha1_block_x86(SHA_CTX *ctx, unsigned char *buffer,int num); -} - -void main(int argc,char *argv[]) - { - unsigned char buffer[64*256]; - SHA_CTX ctx; - unsigned long s1,s2,e1,e2; - unsigned char k[16]; - unsigned long data[2]; - unsigned char iv[8]; - int i,num=0,numm; - int j=0; - - if (argc >= 2) - num=atoi(argv[1]); - - if (num == 0) num=16; - if (num > 250) num=16; - numm=num+2; - num*=64; - numm*=64; - - for (j=0; j<6; j++) - { - for (i=0; i<10; i++) /**/ - { - sha1_block_x86(&ctx,buffer,numm); - GetTSC(s1); - sha1_block_x86(&ctx,buffer,numm); - GetTSC(e1); - GetTSC(s2); - sha1_block_x86(&ctx,buffer,num); - GetTSC(e2); - sha1_block_x86(&ctx,buffer,num); - } - - printf("sha1 (%d bytes) %d %d (%.2f)\n",num, - e1-s1,e2-s2,(double)((e1-s1)-(e2-s2))/2); - } - } - @@ -14,7 +14,8 @@ if [ "$MAKEDEPEND" = "" ]; then MAKEDEPEND=makedepend; fi cp Makefile Makefile.save # fake the presence of Kerberos touch $TOP/krb5.h -if expr "$MAKEDEPEND" : '.*gcc$' > /dev/null; then +if ${MAKEDEPEND} --version 2>&1 | grep -q "clang" || + echo $MAKEDEPEND | grep -q "gcc"; then args="" while [ $# -gt 0 ]; do if [ "$1" != "--" ]; then args="$args $1"; fi diff --git a/util/indent.pro b/util/indent.pro index e871431..4dcda5d 100644 --- a/util/indent.pro +++ b/util/indent.pro @@ -749,3 +749,19 @@ -T ssl_trace_tbl -T _stdcall -T tls12_lookup +-T OPTIONS +-T OPT_PAIR +-T uint64_t +-T int64_t +-T uint32_t +-T int32_t +-T uint16_t +-T int16_t +-T uint8_t +-T int8_t +-T STRINT_PAIR +-T felem +-T felem_bytearray +-T SH_LIST +-T PACKET +-T RECORD_LAYER diff --git a/util/mk1mf.pl b/util/mk1mf.pl index 9b8abc0..99652af 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -447,7 +447,7 @@ $defs= <<"EOF"; # N.B. You MUST use -j on FreeBSD. # This makefile has been automatically generated from the OpenSSL distribution. # This single makefile will build the complete OpenSSL distribution and -# by default leave the 'intertesting' output files in .${o}out and the stuff +# by default leave the 'interesting' output files in .${o}out and the stuff # that needs deleting in .${o}tmp. # The file was generated by running 'make makefile.one', which # does a 'make files', which writes all the environment variables from all diff --git a/util/mkrc.pl b/util/mkrc.pl index 0ceadcf..83ee6a4 100755 --- a/util/mkrc.pl +++ b/util/mkrc.pl @@ -57,7 +57,7 @@ BEGIN VALUE "ProductVersion", "$version\\0" // Optional: //VALUE "Comments", "\\0" - VALUE "LegalCopyright", "Copyright © 1998-2006 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.\\0" + VALUE "LegalCopyright", "Copyright © 1998-2006 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.\\0" //VALUE "LegalTrademarks", "\\0" //VALUE "PrivateBuild", "\\0" //VALUE "SpecialBuild", "\\0" diff --git a/util/mkstack.pl b/util/mkstack.pl index 2bd96cd..f4520d4 100755 --- a/util/mkstack.pl +++ b/util/mkstack.pl @@ -98,7 +98,7 @@ while(<IN>) { EOF } - foreach $type_thing (sort @sstacklst) { + foreach $type_thing (sort { $a->[0] cmp $b->[0]} @sstacklst) { my $t1 = $type_thing->[0]; my $t2 = $type_thing->[1]; $new_stackfile .= <<EOF; diff --git a/util/pl/VC-32.pl b/util/pl/VC-32.pl index da05e9d..284fe03 100644 --- a/util/pl/VC-32.pl +++ b/util/pl/VC-32.pl @@ -358,15 +358,17 @@ sub do_link_rule local($ret,$_); $file =~ s/\//$o/g if $o ne '/'; $n=&bname($target); - $ret.="$target: $files $dep_libs\n"; + $ret.="$target: $files $dep_libs"; if ($standalone == 1) { + $ret.=" \$(OBJ_D)${o}applink.obj\n"; $ret.=" \$(LINK) \$(LFLAGS) $efile$target @<<\n\t"; - $ret.= "\$(EX_LIBS) " if ($files =~ /O_FIPSCANISTER/ && !$fipscanisterbuild); + $ret.= "\$(EX_LIBS) \$(OBJ_D)${o}applink.obj " if ($files =~ /O_FIPSCANISTER/ && !$fipscanisterbuild); $ret.="$files $libs\n<<\n"; } elsif ($standalone == 2) { + $ret.="\n"; $ret.="\tSET FIPS_LINK=\$(LINK)\n"; $ret.="\tSET FIPS_CC=\$(CC)\n"; $ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\n"; @@ -379,6 +381,7 @@ sub do_link_rule } else { + $ret.="\n"; $ret.="\t\$(LINK) \$(LFLAGS) $efile$target @<<\n"; $ret.="\t\$(APP_EX_OBJ) $files $libs\n<<\n"; } diff --git a/util/selftest.pl b/util/selftest.pl index 7b32e9f..59842ef 100644 --- a/util/selftest.pl +++ b/util/selftest.pl @@ -199,3 +199,4 @@ while (<IN>) { } print "\nTest report in file $report\n"; +die if $ok != 2; diff --git a/util/toutf8.sh b/util/toutf8.sh new file mode 100644 index 0000000..8a4254b --- /dev/null +++ b/util/toutf8.sh @@ -0,0 +1,17 @@ +#! /bin/sh +# +# Very simple script to detect and convert files that we want to re-encode to UTF8 + +git ls-tree -r --name-only HEAD | \ + while read F; do + charset=`file -bi "$F" | sed -e 's|.*charset=||'` + if [ "$charset" != "utf-8" -a "$charset" != "binary" -a "$charset" != "us-ascii" ]; then + iconv -f ISO-8859-1 -t UTF8 < "$F" > "$F.utf8" && \ + ( cmp -s "$F" "$F.utf8" || \ + ( echo "$F" + mv "$F" "$F.iso-8859-1" + mv "$F.utf8" "$F" + ) + ) + fi + done |