system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-10-01 14:14:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

OpenSSL: Vendor import of OpenSSL 3.0.13

Browse source 
* Fixed PKCS12 Decoding crashes ([CVE-2024-0727])
* Fixed Excessive time spent checking invalid RSA public keys
  ([CVE-2023-6237])
* Fixed POLY1305 MAC implementation corrupting vector registers on
  PowerPC CPUs which support PowerISA 2.07 ([CVE-2023-6129])
* Fix excessive time spent in DH check / generation with large Q
  parameter value ([CVE-2023-5678])

Release notes can be found at
	https://www.openssl.org/news/openssl-3.0-notes.html.
This commit is contained in:
Cy Schubert 2024-02-01 20:39:16 -08:00
parent 825caf7e12
commit 9dd13e84fa
2000 changed files with 451476 additions and 795 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

88
CHANGES.md
View file

@ -28,6 +28,90 @@ breaking changes, and mappings for the large list of deprecated functions.
[Migration guide]: https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod
### Changes between 3.0.12 and 3.0.13 [30 Jan 2024]
* A file in PKCS12 format can contain certificates and keys and may come from
an untrusted source. The PKCS12 specification allows certain fields to be
NULL, but OpenSSL did not correctly check for this case. A fix has been
applied to prevent a NULL pointer dereference that results in OpenSSL
crashing. If an application processes PKCS12 files from an untrusted source
using the OpenSSL APIs then that application will be vulnerable to this
issue prior to this fix.
OpenSSL APIs that were vulnerable to this are: PKCS12_parse(),
PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()
and PKCS12_newpass().
We have also fixed a similar issue in SMIME_write_PKCS7(). However since this
function is related to writing data we do not consider it security
significant.
([CVE-2024-0727])
*Matt Caswell*
* When function EVP_PKEY_public_check() is called on RSA public keys,
a computation is done to confirm that the RSA modulus, n, is composite.
For valid RSA keys, n is a product of two or more large primes and this
computation completes quickly. However, if n is an overly large prime,
then this computation would take a long time.
An application that calls EVP_PKEY_public_check() and supplies an RSA key
obtained from an untrusted source could be vulnerable to a Denial of Service
attack.
The function EVP_PKEY_public_check() is not called from other OpenSSL
functions however it is called from the OpenSSL pkey command line
application. For that reason that application is also vulnerable if used
with the "-pubin" and "-check" options on untrusted data.
To resolve this issue RSA keys larger than OPENSSL_RSA_MAX_MODULUS_BITS will
now fail the check immediately with an RSA_R_MODULUS_TOO_LARGE error reason.
([CVE-2023-6237])
*Tomáš Mráz*
* Restore the encoding of SM2 PrivateKeyInfo and SubjectPublicKeyInfo to
have the contained AlgorithmIdentifier.algorithm set to id-ecPublicKey
rather than SM2.
*Richard Levitte*
* The POLY1305 MAC (message authentication code) implementation in OpenSSL
for PowerPC CPUs saves the contents of vector registers in different
order than they are restored. Thus the contents of some of these vector
registers is corrupted when returning to the caller. The vulnerable code is
used only on newer PowerPC processors supporting the PowerISA 2.07
instructions.
The consequences of this kind of internal application state corruption can
be various - from no consequences, if the calling application does not
depend on the contents of non-volatile XMM registers at all, to the worst
consequences, where the attacker could get complete control of the
application process. However unless the compiler uses the vector registers
for storing pointers, the most likely consequence, if any, would be an
incorrect result of some application dependent calculations or a crash
leading to a denial of service.
([CVE-2023-6129])
*Rohan McLure*
* Fix excessive time spent in DH check / generation with large Q parameter
value.
Applications that use the functions DH_generate_key() to generate an
X9.42 DH key may experience long delays. Likewise, applications that use
DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()
to check an X9.42 DH key or X9.42 DH parameters may experience long delays.
Where the key or parameters that are being checked have been obtained from
an untrusted source this may lead to a Denial of Service.
([CVE-2023-5678])
*Richard Levitte*
### Changes between 3.0.11 and 3.0.12 [24 Oct 2023]
* Fix incorrect key and IV resizing issues when calling EVP_EncryptInit_ex2(),
@ -19740,6 +19824,10 @@ ndif
<!-- Links -->
[CVE-2024-0727]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-0727
[CVE-2023-6237]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6237
[CVE-2023-6129]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6129
[CVE-2023-5678]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5678
[CVE-2023-5363]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363
[CVE-2023-4807]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-4807
[CVE-2023-3817]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3817

56
CONTRIBUTING.md
View file

@ -9,22 +9,36 @@ Development is done on GitHub in the [openssl/openssl] repository.
[openssl/openssl]: <https://github.com/openssl/openssl>
To request new features or report bugs, please open an issue on GitHub
To request new a feature, ask a question, or report a bug,
please open an [issue on GitHub](https://github.com/openssl/openssl/issues).
To submit a patch, please open a pull request on GitHub. If you are thinking
of making a large contribution, open an issue for it before starting work,
to get comments from the community. Someone may be already working on
the same thing or there may be reasons why that feature isn't implemented.
To submit a patch or implement a new feature, please open a
[pull request on GitHub](https://github.com/openssl/openssl/pulls).
If you are thinking of making a large contribution,
open an issue for it before starting work, to get comments from the community.
Someone may be already working on the same thing,
or there may be special reasons why a feature is not implemented.
To make it easier to review and accept your pull request, please follow these
guidelines:
1. Anything other than a trivial contribution requires a [Contributor
License Agreement] (CLA), giving us permission to use your code.
If your contribution is too small to require a CLA (e.g. fixing a spelling
mistake), place the text "`CLA: trivial`" on a line by itself separated by
an empty line from the rest of the commit message. It is not sufficient to
only place the text in the GitHub pull request description.
If your contribution is too small to require a CLA (e.g., fixing a spelling
mistake), then place the text "`CLA: trivial`" on a line by itself below
the rest of your commit message separated by an empty line, like this:
```
One-line summary of trivial change
Optional main body of commit message. It might contain a sentence
or two explaining the trivial change.
CLA: trivial
```
It is not sufficient to only place the text "`CLA: trivial`" in the GitHub
pull request description.
[Contributor License Agreement]: <https://www.openssl.org/policies/cla.html>
@ -32,8 +46,8 @@ guidelines:
```
git commit --amend
[add the line, save and quit the editor]
git push -f
# add the line, save and quit the editor
git push -f [<repository> [<branch>]]
```
2. All source files should start with the following text (with
@ -53,22 +67,24 @@ guidelines:
often. We do not accept merge commits, you will have to remove them
(usually by rebasing) before it will be acceptable.
4. Patches should follow our [coding style] and compile without warnings.
Where `gcc` or `clang` is available you should use the
4. Code provided should follow our [coding style] and compile without warnings.
There is a [Perl tool](util/check-format.pl) that helps
finding code formatting mistakes and other coding style nits.
Where `gcc` or `clang` is available, you should use the
`--strict-warnings` `Configure` option. OpenSSL compiles on many varied
platforms: try to ensure you only use portable features. Clean builds via
GitHub Actions and AppVeyor are required, and they are started automatically
whenever a PR is created or updated.
platforms: try to ensure you only use portable features.
Clean builds via GitHub Actions are required. They are started automatically
whenever a PR is created or updated by committers.
[coding style]: https://www.openssl.org/policies/technical/coding-style.html
5. When at all possible, patches should include tests. These can
5. When at all possible, code contributions should include tests. These can
either be added to an existing test, or completely new. Please see
[test/README.md](test/README.md) for information on the test framework.
6. New features or changed functionality must include
documentation. Please look at the "pod" files in doc/man[1357] for
examples of our style. Run "make doc-nits" to make sure that your
documentation. Please look at the `.pod` files in `doc/man[1357]` for
examples of our style. Run `make doc-nits` to make sure that your
documentation changes are clean.
7. For user visible changes (API changes, behaviour changes, ...),
@ -78,7 +94,7 @@ guidelines:
Have a look through existing entries for inspiration.
Please note that this is NOT simply a copy of git-log one-liners.
Also note that security fixes get an entry in [CHANGES.md](CHANGES.md).
This file helps users get more in depth information of what comes
This file helps users get more in-depth information of what comes
with a specific release without having to sift through the higher
noise ratio in git-log.

141
Configurations/00-base-templates.conf Normal file
View file

@ -0,0 +1,141 @@
# -*- Mode: perl -*-
my %targets=(
DEFAULTS => {
template => 1,
cflags => "",
cppflags => "",
lflags => "",
defines => [],
includes => [],
lib_cflags => "",
lib_cppflags => "",
lib_defines => [],
thread_scheme => "(unknown)", # Assume we don't know
thread_defines => [],
unistd => "<unistd.h>",
shared_target => "",
shared_cflag => "",
shared_defines => [],
shared_ldflag => "",
shared_rcflag => "",
#### Defaults for the benefit of the config targets who don't inherit
#### a BASE and assume Unix defaults
#### THESE WILL DISAPPEAR IN OpenSSL 1.2
build_scheme => [ "unified", "unix" ],
build_file => "Makefile",
AR => "(unused)",
ARFLAGS => "(unused)",
CC => "cc",
HASHBANGPERL => "/usr/bin/env perl",
RANLIB => sub { which("$config{cross_compile_prefix}ranlib")
? "ranlib" : "" },
RC => "windres",
#### THESE WILL BE ENABLED IN OpenSSL 1.2
#HASHBANGPERL => "PERL", # Only Unix actually cares
},
BASE_common => {
template => 1,
enable => [],
disable => [],
defines =>
sub {
my @defs = ( 'OPENSSL_BUILDING_OPENSSL' );
push @defs, "ZLIB" unless $disabled{zlib};
push @defs, "ZLIB_SHARED" unless $disabled{"zlib-dynamic"};
return [ @defs ];
},
includes =>
sub {
my @incs = ();
push @incs, $withargs{zlib_include}
if !$disabled{zlib} && $withargs{zlib_include};
return [ @incs ];
},
},
BASE_unix => {
inherit_from => [ "BASE_common" ],
template => 1,
AR => "ar",
ARFLAGS => "qc",
CC => "cc",
lflags =>
sub { $withargs{zlib_lib} ? "-L".$withargs{zlib_lib} : () },
ex_libs =>
sub { !defined($disabled{zlib})
&& defined($disabled{"zlib-dynamic"})
? "-lz" : () },
HASHBANGPERL => "/usr/bin/env perl", # Only Unix actually cares
RANLIB => sub { which("$config{cross_compile_prefix}ranlib")
? "ranlib" : "" },
RC => "windres",
build_scheme => [ "unified", "unix" ],
build_file => "Makefile",
perl_platform => 'Unix',
},
BASE_Windows => {
inherit_from => [ "BASE_common" ],
template => 1,
lib_defines =>
sub {
my @defs = ();
unless ($disabled{"zlib-dynamic"}) {
my $zlib = $withargs{zlib_lib} // "ZLIB1";
push @defs, 'LIBZ=' . (quotify("perl", $zlib))[0];
}
return [ @defs ];
},
ex_libs =>
sub {
unless ($disabled{zlib}) {
if (defined($disabled{"zlib-dynamic"})) {
return $withargs{zlib_lib} // "ZLIB1";
}
}
return ();
},
MT => "mt",
MTFLAGS => "-nologo",
mtinflag => "-manifest ",
mtoutflag => "-outputresource:",
build_file => "makefile",
build_scheme => [ "unified", "windows" ],
perl_platform => 'Windows',
},
BASE_VMS => {
inherit_from => [ "BASE_common" ],
template => 1,
includes =>
add(sub {
my @incs = ();
# GNV$ZLIB_INCLUDE is the standard logical name for later
# zlib incarnations.
push @incs, 'GNV$ZLIB_INCLUDE:'
if !$disabled{zlib} && !$withargs{zlib_include};
return [ @incs ];
}),
build_file => "descrip.mms",
build_scheme => [ "unified", "VMS" ],
perl_platform => 'VMS',
},
);

1955
Configurations/10-main.conf Normal file
View file

File diff suppressed because it is too large Load diff

291
Configurations/15-android.conf Normal file
View file

@ -0,0 +1,291 @@
#### Android...
#
# See NOTES-Android.md for details, and don't miss platform-specific
# comments below...
{
use File::Spec::Functions;
my $android_ndk = {};
my %triplet = (
arm => "arm-linux-androideabi",
arm64 => "aarch64-linux-android",
mips => "mipsel-linux-android",
mips64 => "mips64el-linux-android",
x86 => "i686-linux-android",
x86_64 => "x86_64-linux-android",
);
sub android_ndk {
unless (%$android_ndk) {
if ($now_printing =~ m|^android|) {
return $android_ndk = { bn_ops => "BN_AUTO" };
}
my $ndk_var;
my $ndk;
foreach (qw(ANDROID_NDK_ROOT ANDROID_NDK)) {
$ndk_var = $_;
$ndk = $ENV{$ndk_var};
last if defined $ndk;
}
die "\$ANDROID_NDK_ROOT is not defined" if (!$ndk);
my $is_standalone_toolchain = -f "$ndk/AndroidVersion.txt";
my $ndk_src_props = "$ndk/source.properties";
my $is_ndk = -f $ndk_src_props;
if ($is_ndk == $is_standalone_toolchain) {
die "\$ANDROID_NDK_ROOT=$ndk is invalid";
}
$ndk = canonpath($ndk);
my $ndkver = undef;
if (open my $fh, "<$ndk_src_props") {
local $_;
while(<$fh>) {
if (m|Pkg\.Revision\s*=\s*([0-9]+)|) {
$ndkver = $1;
last;
}
}
close $fh;
}
my ($sysroot, $api, $arch);
$config{target} =~ m|[^-]+-([^-]+)$|; # split on dash
$arch = $1;
if ($sysroot = $ENV{CROSS_SYSROOT}) {
$sysroot =~ m|/android-([0-9]+)/arch-(\w+)/?$|;
($api, $arch) = ($1, $2);
} elsif ($is_standalone_toolchain) {
$sysroot = "$ndk/sysroot";
} else {
$api = "*";
# see if user passed -D__ANDROID_API__=N
foreach (@{$useradd{CPPDEFINES}}, @{$user{CPPFLAGS}}) {
if (m|__ANDROID_API__=([0-9]+)|) {
$api = $1;
last;
}
}
if (-d "$ndk/platforms") {
# list available platforms (numerically)
my @platforms = sort { $a =~ m/-([0-9]+)$/; my $aa = $1;
$b =~ m/-([0-9]+)$/; $aa <=> $1;
} glob("$ndk/platforms/android-$api");
die "no $ndk/platforms/android-$api" if ($#platforms < 0);
$sysroot = "@platforms[$#platforms]/arch-$arch";
$sysroot =~ m|/android-([0-9]+)/arch-$arch|;
$api = $1;
} elsif ($api eq "*") {
# r22 Removed platforms dir, use this JSON file
my $path = "$ndk/meta/platforms.json";
open my $fh, $path or die "Could not open '$path' $!";
while (<$fh>) {
if (/"max": (\d+),/) {
$api = $1;
last;
}
}
close $fh;
}
die "Could not get default API Level" if ($api eq "*");
}
die "no sysroot=$sysroot" if (length $sysroot && !-d $sysroot);
my $triarch = $triplet{$arch};
my $cflags;
my $cppflags;
# see if there is NDK clang on $PATH, "universal" or "standalone"
if (which("clang") =~ m|^$ndk/.*/prebuilt/([^/]+)/|) {
my $host=$1;
# harmonize with gcc default
my $arm = $ndkver > 16 ? "armv7a" : "armv5te";
(my $tridefault = $triarch) =~ s/^arm-/$arm-/;
(my $tritools = $triarch) =~ s/(?:x|i6)86(_64)?-.*/x86$1/;
if (length $sysroot) {
$cflags .= " -target $tridefault "
. "-gcc-toolchain \$($ndk_var)/toolchains"
. "/$tritools-4.9/prebuilt/$host";
$user{CC} = "clang" if ($user{CC} !~ m|clang|);
} else {
$user{CC} = "$tridefault$api-clang";
}
$user{CROSS_COMPILE} = undef;
if (which("llvm-ar") =~ m|^$ndk/.*/prebuilt/([^/]+)/|) {
$user{AR} = "llvm-ar";
$user{ARFLAGS} = [ "rs" ];
$user{RANLIB} = ":";
}
} elsif ($is_standalone_toolchain) {
my $cc = $user{CC} // "clang";
# One can probably argue that both clang and gcc should be
# probed, but support for "standalone toolchain" was added
# *after* announcement that gcc is being phased out, so
# favouring clang is considered adequate. Those who insist
# have option to enforce test for gcc with CC=gcc.
if (which("$triarch-$cc") !~ m|^$ndk|) {
die "no NDK $triarch-$cc on \$PATH";
}
$user{CC} = $cc;
$user{CROSS_COMPILE} = "$triarch-";
} elsif ($user{CC} eq "clang") {
die "no NDK clang on \$PATH";
} else {
if (which("$triarch-gcc") !~ m|^$ndk/.*/prebuilt/([^/]+)/|) {
die "no NDK $triarch-gcc on \$PATH";
}
$cflags .= " -mandroid";
$user{CROSS_COMPILE} = "$triarch-";
}
if (length $sysroot) {
if (!-d "$sysroot/usr/include") {
my $incroot = "$ndk/sysroot/usr/include";
die "no $incroot" if (!-d $incroot);
die "no $incroot/$triarch" if (!-d "$incroot/$triarch");
$incroot =~ s|^$ndk/||;
$cppflags = "-D__ANDROID_API__=$api";
$cppflags .= " -isystem \$($ndk_var)/$incroot/$triarch";
$cppflags .= " -isystem \$($ndk_var)/$incroot";
}
$sysroot =~ s|^$ndk/||;
$sysroot = " --sysroot=\$($ndk_var)/$sysroot";
}
$android_ndk = {
cflags => $cflags . $sysroot,
cppflags => $cppflags,
bn_ops => $arch =~ m/64$/ ? "SIXTY_FOUR_BIT_LONG"
: "BN_LLONG",
};
}
return $android_ndk;
}
}
my %targets = (
"android" => {
inherit_from => [ "linux-generic32" ],
template => 1,
################################################################
# Special note about -pie. The underlying reason is that
# Lollipop refuses to run non-PIE. But what about older systems
# and NDKs? -fPIC was never problem, so the only concern is -pie.
# Older toolchains, e.g. r4, appear to handle it and binaries
# turn out mostly functional. "Mostly" means that oldest
# Androids, such as Froyo, fail to handle executable, but newer
# systems are perfectly capable of executing binaries targeting
# Froyo. Keep in mind that in the nutshell Android builds are
# about JNI, i.e. shared libraries, not applications.
cflags => add(sub { android_ndk()->{cflags} }),
cppflags => add(sub { android_ndk()->{cppflags} }),
cxxflags => add(sub { android_ndk()->{cflags} }),
bn_ops => sub { android_ndk()->{bn_ops} },
bin_cflags => "-fPIE",
bin_lflags => "-pie",
enable => [ ],
shared_extension => ".so",
},
"android-arm" => {
################################################################
# Contemporary Android applications can provide multiple JNI
# providers in .apk, targeting multiple architectures. Among
# them there is "place" for two ARM flavours: generic eabi and
# armv7-a/hard-float. However, it should be noted that OpenSSL's
# ability to engage NEON is not constrained by ABI choice, nor
# is your ability to call OpenSSL from your application code
# compiled with floating-point ABI other than default 'soft'.
# (Latter thanks to __attribute__((pcs("aapcs"))) declaration.)
# This means that choice of ARM libraries you provide in .apk
# is driven by application needs. For example if application
# itself benefits from NEON or is floating-point intensive, then
# it might be appropriate to provide both libraries. Otherwise
# just generic eabi would do. But in latter case it would be
# appropriate to
#
# ./Configure android-arm -D__ARM_MAX_ARCH__=8
#
# in order to build "universal" binary and allow OpenSSL take
# advantage of NEON when it's available.
#
# Keep in mind that (just like with linux-armv4) we rely on
# compiler defaults, which is not necessarily what you had
# in mind, in which case you would have to pass additional
# -march and/or -mfloat-abi flags. NDK defaults to armv5te.
# Newer NDK versions reportedly require additional -latomic.
#
inherit_from => [ "android" ],
bn_ops => add("RC4_CHAR"),
asm_arch => 'armv4',
perlasm_scheme => "void",
},
"android-arm64" => {
inherit_from => [ "android" ],
bn_ops => add("RC4_CHAR"),
asm_arch => 'aarch64',
perlasm_scheme => "linux64",
},
"android-mips" => {
inherit_from => [ "android" ],
bn_ops => add("RC4_CHAR"),
asm_arch => 'mips32',
perlasm_scheme => "o32",
},
"android-mips64" => {
################################################################
# You are more than likely have to specify target processor
# on ./Configure command line. Trouble is that toolchain's
# default is MIPS64r6 (at least in r10d), but there are no
# such processors around (or they are too rare to spot one).
# Actual problem is that MIPS64r6 is binary incompatible
# with previous MIPS ISA versions, in sense that unlike
# prior versions original MIPS binary code will fail.
#
inherit_from => [ "android" ],
bn_ops => add("RC4_CHAR"),
asm_arch => 'mips64',
perlasm_scheme => "64",
},
"android-x86" => {
inherit_from => [ "android" ],
CFLAGS => add(picker(release => "-fomit-frame-pointer")),
bn_ops => add("RC4_INT"),
asm_arch => 'x86',
perlasm_scheme => "android",
ex_libs => add(threads("-latomic")),
},
"android-x86_64" => {
inherit_from => [ "android" ],
bn_ops => add("RC4_INT"),
asm_arch => 'x86_64',
perlasm_scheme => "elf",
},
####################################################################
# Backward compatible targets, (might) require $CROSS_SYSROOT
#
"android-armeabi" => {
inherit_from => [ "android-arm" ],
},
"android64" => {
inherit_from => [ "android" ],
},
"android64-aarch64" => {
inherit_from => [ "android-arm64" ],
},
"android64-x86_64" => {
inherit_from => [ "android-x86_64" ],
},
"android64-mips64" => {
inherit_from => [ "android-mips64" ],
},
);

64
Configurations/15-ios.conf Normal file
View file

@ -0,0 +1,64 @@
#### iPhoneOS/iOS
#
# It takes recent enough Xcode to use following two targets. It shouldn't
# be a problem by now, but if they don't work, original targets below
# that depend on manual definition of environment variables should still
# work...
#
my %targets = (
"ios-common" => {
template => 1,
inherit_from => [ "darwin-common" ],
sys_id => "iOS",
disable => [ "shared", "async" ],
},
"ios-xcrun" => {
inherit_from => [ "ios-common" ],
# It should be possible to go below iOS 6 and even add -arch armv6,
# thus targeting iPhone pre-3GS, but it's assumed to be irrelevant
# at this point.
CC => "xcrun -sdk iphoneos cc",
cflags => add("-arch armv7 -mios-version-min=6.0.0 -fno-common"),
asm_arch => 'armv4',
perlasm_scheme => "ios32",
},
"ios64-xcrun" => {
inherit_from => [ "ios-common" ],
CC => "xcrun -sdk iphoneos cc",
cflags => add("-arch arm64 -mios-version-min=7.0.0 -fno-common"),
bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR",
asm_arch => 'aarch64',
perlasm_scheme => "ios64",
},
"iossimulator-xcrun" => {
inherit_from => [ "ios-common" ],
CC => "xcrun -sdk iphonesimulator cc",
},
# It takes three prior-set environment variables to make it work:
#
# CROSS_COMPILE=/where/toolchain/is/usr/bin/ [note ending slash]
# CROSS_TOP=/where/SDKs/are
# CROSS_SDK=iPhoneOSx.y.sdk
#
# Exact paths vary with Xcode releases, but for couple of last ones
# they would look like this:
#
# CROSS_COMPILE=`xcode-select --print-path`/Toolchains/XcodeDefault.xctoolchain/usr/bin/
# CROSS_TOP=`xcode-select --print-path`/Platforms/iPhoneOS.platform/Developer
# CROSS_SDK=iPhoneOS.sdk
#
"iphoneos-cross" => {
inherit_from => [ "ios-common" ],
cflags => add("-isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fno-common"),
},
"ios-cross" => {
inherit_from => [ "ios-xcrun" ],
CC => "cc",
cflags => add("-isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK)"),
},
"ios64-cross" => {
inherit_from => [ "ios64-xcrun" ],
CC => "cc",
cflags => add("-isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK)"),
},
);

62
Configurations/50-cppbuilder.conf Normal file
View file

@ -0,0 +1,62 @@
my %targets = (
"BC-32" => {
inherit_from => [ "BASE_Windows" ],
sys_id => "WIN32",
bn_ops => "BN_LLONG",
thread_scheme => "winthreads",
cc => "bcc32c",
CPP => "cpp32 -oCON -Sc -Sr",
defines => add("WIN32_LEAN_AND_MEAN", "OPENSSL_SYS_WIN32",
"L_ENDIAN", "DSO_WIN32", "_stricmp=stricmp",
"_strnicmp=strnicmp", "_malloca=malloc",
"_freea=free", "_setmode=setmode"),
cflags => picker(default => add("-q -c",
threads("-tM"),
shared("-tR")),
debug => "-Od -v -vi- -D_DEBUG",
release => "-O2"),
bin_cflags => "-tWC",
lib_cflags => shared("-tWD -D_WINDLL -D_DLL"),
coutflag => "-o",
# -Sx isn't documented, but 'cpp32 -H -S' explains it:
#
# -Sx Omit preprocessed text in output
makedepcmd => "cpp32 -oCON -Sx -Hp",
makedep_scheme => "embarcadero",
LD => "ilink32",
LDFLAGS => picker(default => "-x -Gn -q -w-dup",
debug => '-j"$(BDS)\lib\win32c\debug" ' .
'-L"$(BDS)\lib\win32c\debug" -v',
release => '-j"$(BDS)\lib\win32c\release" ' .
'-L"$(BDS)\lib\win32c\release"'),
bin_lflags => "-ap -Tpe c0x32.obj wildargs.obj",
ldoutflag => ",",
ldpostoutflag => ",,",
ld_resp_delim => " +\n",
ex_libs => add(sub {
my @ex_libs = ("import32.lib",
($disabled{shared}
? ($disabled{threads} ? "cw32.lib" : "cw32mt.lib")
: ($disabled{threads} ? "cw32i.lib" : "cw32mti.lib")));
push @ex_libs, "ws2_32.lib" unless $disabled{sock};
return join(" ", @ex_libs);
}),
AR => "tlib",
ARFLAGS => "/P256 /N /u",
ar_resp_delim => " &\n",
RC => "brcc32",
RCFLAGS => '-i"$(BDS)\include\windows\sdk"',
rcoutflag => "-fo",
shared_target => "win-shared",
shared_ldflag => "-aa -Tpd c0d32.obj",
lddefflag => ",",
ldresflag => ",",
ld_implib_rule => 'implib -a $< $**',
dso_scheme => "win32",
shared_defflag => '',
perl_platform => 'Windows::cppbuilder',
uplink_arch => 'common',
}
);

18
Configurations/50-djgpp.conf Normal file
View file

@ -0,0 +1,18 @@
# We can't make any commitment to support the DJGPP platform,
# and rely entirely on the OpenSSL community to help is fine
# tune and test.
my %targets = (
"DJGPP" => {
inherit_from => [ "BASE_unix" ],
CC => "gcc",
CFLAGS => "-fomit-frame-pointer -O2 -Wall",
cflags => "-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN",
sys_id => "MSDOS",
lflags => add("-L/dev/env/WATT_ROOT/lib"),
ex_libs => add("-lwatt"),
bn_ops => "BN_LLONG",
asm_arch => 'x86',
perlasm_scheme => "a.out",
},
);

35
Configurations/50-haiku.conf Normal file
View file

@ -0,0 +1,35 @@
my %targets = (
"haiku-common" => {
template => 1,
CC => "cc",
CFLAGS => add_before(picker(default => "-Wall",
debug => "-g -O0",
release => "-O2")),
cflags => add_before("-DL_ENDIAN -include \$(SRCDIR)/os-dep/haiku.h",
threads("-D_REENTRANT")),
AR => "ar",
ARFLAGS => "qc",
HASHBANGPERL => "/bin/env perl",
sys_id => "HAIKU",
ex_libs => "-lnetwork",
perlasm_scheme => "elf",
thread_scheme => "pthreads",
dso_scheme => "dlfcn",
shared_target => "gnu-shared",
shared_cflag => "-fPIC",
shared_ldflag => "-shared",
perl_platform => 'Unix',
},
"haiku-x86" => {
inherit_from => [ "haiku-common" ],
CFLAGS => add(picker(release => "-fomit-frame-pointer")),
bn_ops => "BN_LLONG",
asm_arch => 'x86',
perlasm_scheme => 'elf',
},
"haiku-x86_64" => {
inherit_from => [ "haiku-common" ],
cflags => add("-m64"),
bn_ops => "SIXTY_FOUR_BIT_LONG",
},
);

22
Configurations/50-masm.conf Normal file
View file

@ -0,0 +1,22 @@
# We can't make commitment to supporting Microsoft assembler,
# because it would mean supporting all masm versions. This in
# in turn is because masm is not really an interchangeable option,
# while users tend to have reasons to stick with specific Visual
# Studio versions. It's usually lesser hassle to make it work
# with latest assembler, but tweaking for older versions had
# proven to be daunting task. This is experimental target, for
# production builds stick with [up-to-date version of] nasm.
my %targets = (
"VC-WIN64A-masm" => {
inherit_from => [ "VC-WIN64-common" ],
AS => "ml64",
ASFLAGS => "/nologo /Zi",
asoutflag => "/Fo",
asflags => "/c /Cp /Cx",
sys_id => "WIN64A",
uplink_arch => 'x86_64',
asm_arch => 'x86_64',
perlasm_scheme => "masm",
},
);

315
Configurations/50-nonstop.conf Normal file
View file

@ -0,0 +1,315 @@
#### Nonstop configurations
# Common for all
'nonstop-common' => {
inherit_from => [ 'BASE_unix' ],
template => 1,
cc => 'c99',
cflags => add_before(picker(debug => '-g -O0',
release => '-g -O2'),
'-Wextensions',
'-Wnowarn=203,220,272,734,770,1506',
'-Wbuild_neutral_library',
'-Wverbose'),
defines => add('OPENSSL_VPROC=$(OPENSSL_VPROC)',
'_XOPEN_SOURCE',
'_XOPEN_SOURCE_EXTENDED=1',
'_TANDEM_SOURCE',
'B_ENDIAN'),
perl => '/usr/bin/perl',
shared_target => 'nonstop-shared',
shared_extension => ".so",
ex_libs => add('-lrld'),
enable => ['egd'],
dso_scheme => 'DLFCN',
sys_id => 'TANDEM',
},
######################################################################
# Additional variant settings, to be combined with nonstop-common
# Note that these do not inherit anything. However, the diverse values
# are merged with other entries in an 'inherit_from'.
#
# These combine:
# - System architecture (MIPS, Itanium, or x86)
# - Execution environment (oss [default] or guardian)
#
# Unfortunately, they can't be separated into independent templates, because
# a number of the above are encoded as different linkers, and by consequence,
# different c99 linker flags (-Wld, -Weld, and -Wxld)
#
# In addition, the are modifiers for:
# - Size of long + pointer (ilp32 [default] and lp64)
# - Float type (neutral and tandem)
#
# Unfortunately, because the float types affect the linker settings, those
# are divided per system architecture
#
# MIPS + guardian (unused but present for convenience):
'nonstop-archenv-mips-guardian' => {
template => 1,
defines => ['NO_GETPID'],
cflags => '-Wtarget=tns/r -Wsystype=guardian',
lflags => '-Wld="-set systype guardian"',
shared_ldflag => '-Wshared -Wld="-soname $(@:lib%.so=%)"',
shared_defflag => '-Wld_obey=',
shared_argfileflag => '-Wld_obey=',
},
# Itanium + guardian:
'nonstop-archenv-itanium-guardian' => {
template => 1,
defines => ['NO_GETPID', '_TANDEM_ARCH=2'],
cflags => '-Wtarget=tns/e -Wsystype=guardian',
lflags => '-Weld="-set systype guardian"',
shared_ldflag => '-Wshared -Weld="-soname $(@:lib%.so=%)"',
shared_defflag => '-Weld_obey=',
shared_argfileflag => '-Weld_obey=',
},
# x86 + guardian:
'nonstop-archenv-x86_64-guardian' => {
template => 1,
defines => ['NO_GETPID', '_TANDEM_ARCH=3'],
cflags => '-Wtarget=tns/x -Wsystype=guardian',
lflags => '-Wxld="-set systype guardian"',
shared_ldflag => '-Wshared -Wxld="-soname $(@:lib%.so=%)"',
shared_defflag => '-Wxld_obey=',
shared_argfileflag => '-Wxld_obey=',
},
# MIPS + oss (unused but present for convenience):
'nonstop-archenv-mips-oss' => {
template => 1,
cflags => '-Wtarget=tns/r -Wsystype=oss',
lflags => '-Wld="-set systype oss"',
shared_ldflag => '-Wshared',
shared_defflag => '-Wld_obey=',
shared_argfileflag => '-Wld_obey=',
},
# Itanium + oss:
'nonstop-archenv-itanium-oss' => {
template => 1,
defines => ['_TANDEM_ARCH=2'],
cflags => '-Wtarget=tns/e -Wsystype=oss',
lflags => '-Weld="-set systype oss"',
shared_ldflag => '-Wshared',
shared_defflag => '-Weld_obey=',
shared_argfileflag => '-Weld_obey=',
},
# x86_64 + oss:
'nonstop-archenv-x86_64-oss' => {
template => 1,
defines => ['_TANDEM_ARCH=3'],
cflags => '-Wtarget=tns/x -Wsystype=oss',
lflags => '-Wxld="-set systype oss"',
shared_ldflag => '-Wshared',
shared_defflag => '-Wxld_obey=',
shared_argfileflag => '-Wxld_obey=',
},
# Size variants
'nonstop-ilp32' => {
template => 1,
cflags => '-Wilp32',
bn_ops => 'THIRTY_TWO_BIT',
},
'nonstop-lp64-itanium' => {
template => 1,
cflags => '-Wlp64',
bn_ops => 'SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR',
},
'nonstop-lp64-x86_64' => {
template => 1,
cflags => '-Wlp64',
lflags => '-Wxld="-set data_model lp64"',
bn_ops => 'SIXTY_FOUR_BIT',
},
# Float variants
'nonstop-nfloat-mips' => {
template => 1,
lflags => '-Wld="-set floattype neutral_float"',
},
'nonstop-tfloat-mips' => {
template => 1,
lflags => '-Wld="-set floattype tandem_float"',
},
'nonstop-efloat-itanium' => {
template => 1,
cflags => '-WIEEE_float',
lflags => '-Weld="-set floattype ieee_float"',
},
'nonstop-nfloat-itanium' => {
template => 1,
lflags => '-Weld="-set floattype neutral_float"',
},
'nonstop-tfloat-itanium' => {
template => 1,
cflags => '-WTandem_float',
lflags => '-Weld="-set floattype tandem_float"',
},
'nonstop-efloat-x86_64' => {
template => 1,
cflags => '-WIEEE_float',
lflags => '-Wxld="-set floattype ieee_float"',
},
'nonstop-nfloat-x86_64' => {
template => 1,
lflags => '-Wxld="-set floattype neutral_float"',
},
'nonstop-tfloat-x86_64' => {
template => 1,
cflags => '-WTandem_float',
lflags => '-Wxld="-set floattype tandem_float"',
},
######################################################################
# Build models
'nonstop-model-put' => {
template => 1,
defines => ['_PUT_MODEL_',
'_REENTRANT', '_THREAD_SUPPORT_FUNCTIONS'],
ex_libs => '-lput',
},
'nonstop-model-spt' => {
template => 1,
defines => ['_SPT_MODEL_',
'_REENTRANT', '_ENABLE_FLOSS_THREADS'],
ex_libs => '-lspt',
},
# Additional floss model that can be combined with any of the other models.
# If used without any of the other models, the entry that does so must
# disable threads.
'nonstop-model-floss' => {
template => 1,
defines => ['OPENSSL_TANDEM_FLOSS'],
includes => ['/usr/local/include'],
ex_libs => '-lfloss',
},
######################################################################
# Now for the entries themselves, let's combine things!
'nonstop-nsx' => {
inherit_from => [ 'nonstop-common',
'nonstop-archenv-x86_64-oss',
'nonstop-ilp32',
'nonstop-efloat-x86_64' ],
disable => ['threads'],
},
'nonstop-nsx_put' => {
inherit_from => [ 'nonstop-common',
'nonstop-archenv-x86_64-oss',
'nonstop-ilp32',
'nonstop-efloat-x86_64',
'nonstop-model-put' ],
multilib => '-put',
},
'nonstop-nsx_64' => {
inherit_from => [ 'nonstop-common',
'nonstop-archenv-x86_64-oss',
'nonstop-lp64-x86_64',
'nonstop-efloat-x86_64' ],
multilib => '64',
disable => ['threads'],
},
'nonstop-nsx_64_put' => {
inherit_from => [ 'nonstop-common',
'nonstop-archenv-x86_64-oss',
'nonstop-lp64-x86_64',
'nonstop-efloat-x86_64',
'nonstop-model-put' ],
multilib => '64-put',
},
'nonstop-nsx_spt' => {
inherit_from => [ 'nonstop-common',
'nonstop-archenv-x86_64-oss',
'nonstop-ilp32',
'nonstop-efloat-x86_64',
'nonstop-model-spt' ],
multilib => '-spt',
},
'nonstop-nsx_spt_floss' => {
inherit_from => [ 'nonstop-common',
'nonstop-archenv-x86_64-oss',
'nonstop-ilp32',
'nonstop-efloat-x86_64',
'nonstop-model-floss',
'nonstop-model-spt'],
multilib => '-spt',
},
'nonstop-nsx_g' => {
inherit_from => [ 'nonstop-common',
'nonstop-archenv-x86_64-guardian',
'nonstop-ilp32', 'nonstop-nfloat-x86_64' ],
disable => ['threads'],
},
'nonstop-nsx_g_tandem' => {
inherit_from => [ 'nonstop-common',
'nonstop-archenv-x86_64-guardian',
'nonstop-ilp32', 'nonstop-tfloat-x86_64' ],
disable => ['threads'],
},
'nonstop-nsv' => {
inherit_from => [ 'nonstop-nsx' ],
},
'nonstop-nse' => {
inherit_from => [ 'nonstop-common',
'nonstop-archenv-itanium-oss',
'nonstop-ilp32',
'nonstop-efloat-itanium' ],
disable => ['threads'],
},
'nonstop-nse_put' => {
inherit_from => [ 'nonstop-common',
'nonstop-archenv-itanium-oss',
'nonstop-ilp32',
'nonstop-efloat-itanium',
'nonstop-model-put' ],
multilib => '-put',
},
'nonstop-nse_64' => {
inherit_from => [ 'nonstop-common',
'nonstop-archenv-itanium-oss',
'nonstop-lp64-itanium',
'nonstop-efloat-itanium' ],
multilib => '64',
disable => ['threads'],
},
'nonstop-nse_64_put' => {
inherit_from => [ 'nonstop-common',
'nonstop-archenv-itanium-oss',
'nonstop-lp64-itanium',
'nonstop-efloat-itanium',
'nonstop-model-put' ],
multilib => '64-put',
},
'nonstop-nse_spt' => {
inherit_from => [ 'nonstop-common',
'nonstop-archenv-itanium-oss',
'nonstop-ilp32',
'nonstop-efloat-itanium',
'nonstop-model-spt' ],
multilib => '-spt',
},
'nonstop-nse_spt_floss' => {
inherit_from => [ 'nonstop-common',
'nonstop-archenv-itanium-oss',
'nonstop-ilp32',
'nonstop-efloat-itanium',
'nonstop-model-floss', 'nonstop-model-spt' ],
multilib => '-spt',
},
'nonstop-nse_g' => {
inherit_from => [ 'nonstop-common',
'nonstop-archenv-itanium-guardian',
'nonstop-ilp32', 'nonstop-nfloat-itanium' ],
disable => ['threads'],
},
'nonstop-nse_g_tandem' => {
inherit_from => [ 'nonstop-common',
'nonstop-archenv-itanium-guardian',
'nonstop-ilp32', 'nonstop-tfloat-itanium' ],
disable => ['threads'],
},

11
Configurations/50-os390.conf Normal file
View file

@ -0,0 +1,11 @@
## -*- mode: perl; -*-
(
# OS/390 Unix an EBCDIC-based Unix system on IBM mainframe
"OS390-Unix" => {
inherit_from => [ "BASE_unix" ],
cc => "cc",
cflags => "-O -DB_ENDIAN -DCHARSET_EBCDIC",
bn_ops => "THIRTY_TWO_BIT RC4_CHAR",
thread_scheme => "(unknown)",
}
);

14
Configurations/50-vms-x86_64.conf Normal file
View file

@ -0,0 +1,14 @@
## -*- mode: perl; -*-
# OpenVMS cross compilation of x86_64 binaries on Itanium. This doesn't
# fit the usual cross compilation parameters that are used on Unixly machines
(
'vms-x86_64-cross-ia64' => {
inherit_from => [ 'vms-generic' ],
CC => 'XCC',
bn_ops => 'SIXTY_FOUR_BIT',
pointer_size => '',
setup_commands => [ '@SYS$MANAGER:X86_XTOOLS$SYLOGIN.COM' ],
}
);

138
Configurations/50-win-onecore.conf Normal file
View file

@ -0,0 +1,138 @@
## -*- mode: perl; -*-
# Windows OneCore targets.
#
# OneCore is new API stability "contract" that transcends Desktop, IoT and
# Mobile[?] Windows editions. It's a set up "umbrella" libraries that
# export subset of Win32 API that are common to all Windows 10 devices.
#
# OneCore Configuration temporarily dedicated for console applications
# due to disabled event logging, which is incompatible with one core.
# Error messages are provided via standard error only.
# TODO: extend error handling to use ETW based eventing
# (Or rework whole error messaging)
my $UWP_info = {};
sub UWP_info {
unless (%$UWP_info) {
my $SDKver = `powershell -Command \"& {\$(Get-Item \\\"hklm:\\SOFTWARE\\WOW6432Node\\Microsoft\\Microsoft SDKs\\Windows\\\").GetValue(\\\"CurrentVersion\\\")}\"`;
$SDKver =~ s|\R$||;
my @SDKver_split = split(/\./, $SDKver);
# SDK version older than 10.0.17763 don't support our ASM builds
if ($SDKver_split[0] < 10
|| ($SDKver_split[0] == 10
&& $SDKver_split[1] == 0
&& $SDKver_split[2] < 17763)) {
$UWP_info->{disable} = [ 'asm' ];
} else {
$UWP_info->{disable} = [ ];
}
}
return $UWP_info;
}
my %targets = (
"VC-WIN32-ONECORE" => {
inherit_from => [ "VC-WIN32" ],
# /NODEFAULTLIB:kernel32.lib is needed, because MSVCRT.LIB has
# hidden reference to kernel32.lib, but we don't actually want
# it in "onecore" build.
# /APPCONTAINER is needed for Universal Windows Platform compat
lflags => add("/NODEFAULTLIB:kernel32.lib /APPCONTAINER"),
defines => add("OPENSSL_SYS_WIN_CORE"),
ex_libs => "onecore.lib",
},
"VC-WIN64A-ONECORE" => {
inherit_from => [ "VC-WIN64A" ],
lflags => add("/NODEFAULTLIB:kernel32.lib /APPCONTAINER"),
defines => add("OPENSSL_SYS_WIN_CORE"),
ex_libs => "onecore.lib",
},
# Windows on ARM targets. ARM compilers are additional components in
# VS2017, i.e. they are not installed by default. And when installed,
# there are no "ARM Tool Command Prompt"s on Start menu, you have
# to locate vcvarsall.bat and act accordingly. VC-WIN32-ARM has
# received limited testing with evp_test.exe on Windows 10 IoT Core,
# but not VC-WIN64-ARM, no hardware... In other words they are not
# actually supported...
#
# Another thing to keep in mind [in cross-compilation scenario such
# as this one] is that target's file system has nothing to do with
# compilation system's one. This means that you're are likely to use
# --prefix and --openssldir with target-specific values. 'nmake install'
# step is effectively meaningless in cross-compilation case, though
# it might be useful to 'nmake install DESTDIR=S:\ome\where' where you
# can point Visual Studio to when compiling custom application code.
"VC-WIN32-ARM" => {
inherit_from => [ "VC-noCE-common" ],
defines => add("_ARM_WINAPI_PARTITION_DESKTOP_SDK_AVAILABLE",
"OPENSSL_SYS_WIN_CORE"),
bn_ops => "BN_LLONG RC4_CHAR",
lflags => add("/NODEFAULTLIB:kernel32.lib /APPCONTAINER"),
ex_libs => "onecore.lib",
multilib => "-arm",
},
"VC-WIN64-ARM" => {
inherit_from => [ "VC-noCE-common" ],
defines => add("_ARM_WINAPI_PARTITION_DESKTOP_SDK_AVAILABLE",
"OPENSSL_SYS_WIN_CORE"),
bn_ops => "SIXTY_FOUR_BIT RC4_CHAR",
lflags => add("/NODEFAULTLIB:kernel32.lib /APPCONTAINER"),
ex_libs => "onecore.lib",
multilib => "-arm64",
},
# Universal Windows Platform (UWP) App Support
# TODO
#
# The 'disable' attribute should have 'uplink'.
# however, these are checked in some 'inherit_from', which is processed
# very early, before the 'disable' attributes are seen.
# This is a problem that needs to be resolved in Configure first.
#
# But if you want to build library with Windows 10 Version 1809 SDK or
# earlier, the 'disable' attribute should also have 'asm'.
"VC-WIN32-UWP" => {
inherit_from => [ "VC-WIN32-ONECORE" ],
lflags => add("/APPCONTAINER"),
defines => add("WINAPI_FAMILY=WINAPI_FAMILY_APP",
"_WIN32_WINNT=0x0A00"),
dso_scheme => "",
disable => sub { [ 'ui-console', 'stdio', 'async', 'uplink',
@{ UWP_info()->{disable} } ] },
ex_libs => "WindowsApp.lib",
},
"VC-WIN64A-UWP" => {
inherit_from => [ "VC-WIN64A-ONECORE" ],
lflags => add("/APPCONTAINER"),
defines => add("WINAPI_FAMILY=WINAPI_FAMILY_APP",
"_WIN32_WINNT=0x0A00"),
dso_scheme => "",
disable => sub { [ 'ui-console', 'stdio', 'async', 'uplink',
@{ UWP_info()->{disable} } ] },
ex_libs => "WindowsApp.lib",
},
"VC-WIN32-ARM-UWP" => {
inherit_from => [ "VC-WIN32-ARM" ],
lflags => add("/APPCONTAINER"),
defines => add("WINAPI_FAMILY=WINAPI_FAMILY_APP",
"_WIN32_WINNT=0x0A00"),
dso_scheme => "",
disable => sub { [ 'ui-console', 'stdio', 'async', 'uplink',
@{ UWP_info()->{disable} } ] },
ex_libs => "WindowsApp.lib",
},
"VC-WIN64-ARM-UWP" => {
inherit_from => [ "VC-WIN64-ARM" ],
lflags => add("/APPCONTAINER"),
defines => add("WINAPI_FAMILY=WINAPI_FAMILY_APP",
"_WIN32_WINNT=0x0A00"),
dso_scheme => "",
disable => sub { [ 'ui-console', 'stdio', 'async', 'uplink',
@{ UWP_info()->{disable} } ] },
ex_libs => "WindowsApp.lib",
},
);

136
Configurations/INTERNALS.Configure Normal file
View file

@ -0,0 +1,136 @@
Configure Internals
===================
[ note: this file uses markdown for formatting ]
Intro
-----
This is a collection of notes that are hopefully of interest to those
who decide to dive into Configure and what it does. This is a living
document and anyone is encouraged to add to it and submit changes.
There's no claim for this document to be complete at any time, but it
will hopefully reach such a point in time.
----------------------------------------------------------------------
Parsing build.info files, processing conditions
-----------------------------------------------
Processing conditions in build.info files is done with the help of a
condition stack that tell if a build.info should be processed or if it
should just be skipped over. The possible states of the stack top are
expressed in the following comment from Configure:
# The top item of this stack has the following values
# -2 positive already run and we found ELSE (following ELSIF should fail)
# -1 positive already run (skip until ENDIF)
# 0 negatives so far (if we're at a condition, check it)
# 1 last was positive (don't skip lines until next ELSE, ELSIF or ENDIF)
# 2 positive ELSE (following ELSIF should fail)
Ground rule is that non-condition lines are skipped over if the
stack top is > 0. Condition lines (IF, ELSIF, ELSE and ENDIF
statements) need to be processed either way to keep track of the skip
stack states, so they are a little more intricate.
Instead of trying to describe in words, here are some example of what
the skip stack should look like after each line is processed:
Example 1:
| IF[1] | 1 | |
| ... whatever ... | | this line is processed |
| IF[1] | 1 1 | |
| ... whatever ... | | this line is processed |
| ELSIF[1] | 1 -1 | |
| ... whatever ... | | this line is skipped over |
| ELSE | 1 -2 | |
| ... whatever ... | | this line is skipped over |
| ENDIF | 1 | |
| ... whatever ... | | this line is processed |
| ELSIF[1] | -1 | |
| ... whatever ... | | this line is skipped over |
| IF[1] | -1 -1 | |
| ... whatever ... | | this line is skipped over |
| ELSIF[1] | -1 -1 | |
| ... whatever ... | | this line is skipped over |
| ELSE | -1 -2 | |
| ... whatever ... | | this line is skipped over |
| ENDIF | -1 | |
| ... whatever ... | | this line is skipped over |
| ENDIF | | |
Example 2:
| IF[0] | 0 | |
| ... whatever ... | | this line is skipped over |
| IF[1] | 0 -1 | |
| ... whatever ... | | this line is skipped over |
| ELSIF[1] | 0 -1 | |
| ... whatever ... | | this line is skipped over |
| ELSE | 0 -2 | |
| ... whatever ... | | this line is skipped over |
| ENDIF | 0 | |
| ... whatever ... | | this line is skipped over |
| ELSIF[1] | 1 | |
| ... whatever ... | | this line is processed |
| IF[1] | 1 1 | |
| ... whatever ... | | this line is processed |
| ELSIF[1] | 1 -1 | |
| ... whatever ... | | this line is skipped over |
| ELSE | 1 -2 | |
| ... whatever ... | | this line is skipped over |
| ENDIF | 1 | |
| ... whatever ... | | this line is processed |
| ENDIF | | |
Example 3:
| IF[0] | 0 | |
| ... whatever ... | | this line is skipped over |
| IF[0] | 0 -1 | |
| ... whatever ... | | this line is skipped over |
| ELSIF[1] | 0 -1 | |
| ... whatever ... | | this line is skipped over |
| ELSE | 0 -2 | |
| ... whatever ... | | this line is skipped over |
| ENDIF | 0 | |
| ... whatever ... | | this line is skipped over |
| ELSIF[1] | 1 | |
| ... whatever ... | | this line is processed |
| IF[0] | 1 0 | |
| ... whatever ... | | this line is skipped over |
| ELSIF[1] | 1 1 | |
| ... whatever ... | | this line is processed |
| ELSE | 1 -2 | |
| ... whatever ... | | this line is skipped over |
| ENDIF | 1 | |
| ... whatever ... | | this line is processed |
| ENDIF | | |
Example 4:
| IF[0] | 0 | |
| ... whatever ... | | this line is skipped over |
| IF[0] | 0 -1 | |
| ... whatever ... | | this line is skipped over |
| ELSIF[0] | 0 -1 | |
| ... whatever ... | | this line is skipped over |
| ELSE | 0 -2 | |
| ... whatever ... | | this line is skipped over |
| ENDIF | 0 | |
| ... whatever ... | | this line is skipped over |
| ELSIF[1] | 1 | |
| ... whatever ... | | this line is processed |
| IF[0] | 1 0 | |
| ... whatever ... | | this line is skipped over |
| ELSIF[0] | 1 0 | |
| ... whatever ... | | this line is skipped over |
| ELSE | 1 2 | |
| ... whatever ... | | this line is processed |
| ENDIF | 1 | |
| ... whatever ... | | this line is processed |
| ENDIF | | |

604
Configurations/README-design.md Normal file
View file

@ -0,0 +1,604 @@
Design document for the unified scheme data
===========================================
How are things connected?
-------------------------
The unified scheme takes all its data from the `build.info` files seen
throughout the source tree. These files hold the minimum information
needed to build end product files from diverse sources. See the
section on `build.info` files below.
From the information in `build.info` files, `Configure` builds up an
information database as a hash table called `%unified_info`, which is
stored in configdata.pm, found at the top of the build tree (which may
or may not be the same as the source tree).
[`Configurations/common.tmpl`](common.tmpl) uses the data from `%unified_info` to
generate the rules for building end product files as well as
intermediary files with the help of a few functions found in the
build-file templates. See the section on build-file templates further
down for more information.
build.info files
----------------
As mentioned earlier, `build.info` files are meant to hold the minimum
information needed to build output files, and therefore only (with a
few possible exceptions [1]) have information about end products (such
as scripts, library files and programs) and source files (such as C
files, C header files, assembler files, etc). Intermediate files such
as object files are rarely directly referred to in `build.info` files (and
when they are, it's always with the file name extension `.o`), they are
inferred by `Configure`. By the same rule of minimalism, end product
file name extensions (such as `.so`, `.a`, `.exe`, etc) are never mentioned
in `build.info`. Their file name extensions will be inferred by the
build-file templates, adapted for the platform they are meant for (see
sections on `%unified_info` and build-file templates further down).
The variables `PROGRAMS`, `LIBS`, `MODULES` and `SCRIPTS` are used to declare
end products. There are variants for them with `_NO_INST` as suffix
(`PROGRAM_NO_INST` etc) to specify end products that shouldn't get installed.
The variables `SOURCE`, `DEPEND`, `INCLUDE` and `DEFINE` are indexed by a
produced file, and their values are the source used to produce that
particular produced file, extra dependencies, include directories
needed, or C macros to be defined.
All their values in all the `build.info` throughout the source tree are
collected together and form a set of programs, libraries, modules and
scripts to be produced, source files, dependencies, etc etc etc.
Let's have a pretend example, a very limited contraption of OpenSSL,
composed of the program `apps/openssl`, the libraries `libssl` and
`libcrypto`, an module `engines/ossltest` and their sources and
dependencies.
# build.info
LIBS=libcrypto libssl
INCLUDE[libcrypto]=include
INCLUDE[libssl]=include
DEPEND[libssl]=libcrypto
This is the top directory `build.info` file, and it tells us that two
libraries are to be built, the include directory `include/` shall be
used throughout when building anything that will end up in each
library, and that the library `libssl` depend on the library
`libcrypto` to function properly.
# apps/build.info
PROGRAMS=openssl
SOURCE[openssl]=openssl.c
INCLUDE[openssl]=.. ../include
DEPEND[openssl]=../libssl
This is the `build.info` file in `apps/`, one may notice that all file
paths mentioned are relative to the directory the `build.info` file is
located in. This one tells us that there's a program to be built
called `apps/openss` (the file name extension will depend on the
platform and is therefore not mentioned in the `build.info` file). It's
built from one source file, `apps/openssl.c`, and building it requires
the use of `.` and `include/` include directories (both are declared
from the point of view of the `apps/` directory), and that the program
depends on the library `libssl` to function properly.
# crypto/build.info
LIBS=../libcrypto
SOURCE[../libcrypto]=aes.c evp.c cversion.c
DEPEND[cversion.o]=buildinf.h
GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)"
DEPEND[buildinf.h]=../Makefile
DEPEND[../util/mkbuildinf.pl]=../util/Foo.pm
This is the `build.info` file in `crypto/`, and it tells us a little more
about what's needed to produce `libcrypto`. LIBS is used again to
declare that `libcrypto` is to be produced. This declaration is
really unnecessary as it's already mentioned in the top `build.info`
file, but can make the info file easier to understand. This is to
show that duplicate information isn't an issue.
This `build.info` file informs us that `libcrypto` is built from a few
source files, `crypto/aes.c`, `crypto/evp.c` and `crypto/cversion.c`.
It also shows us that building the object file inferred from
`crypto/cversion.c` depends on `crypto/buildinf.h`. Finally, it
also shows the possibility to declare how some files are generated
using some script, in this case a perl script, and how such scripts
can be declared to depend on other files, in this case a perl module.
Two things are worth an extra note:
`DEPEND[cversion.o]` mentions an object file. DEPEND indexes is the
only location where it's valid to mention them
# ssl/build.info
LIBS=../libssl
SOURCE[../libssl]=tls.c
This is the build.info file in `ssl/`, and it tells us that the
library `libssl` is built from the source file `ssl/tls.c`.
# engines/build.info
MODULES=dasync
SOURCE[dasync]=e_dasync.c
DEPEND[dasync]=../libcrypto
INCLUDE[dasync]=../include
MODULES_NO_INST=ossltest
SOURCE[ossltest]=e_ossltest.c
DEPEND[ossltest]=../libcrypto.a
INCLUDE[ossltest]=../include
This is the `build.info` file in `engines/`, telling us that two modules
called `engines/dasync` and `engines/ossltest` shall be built, that
`dasync`'s source is `engines/e_dasync.c` and `ossltest`'s source is
`engines/e_ossltest.c` and that the include directory `include/` may
be used when building anything that will be part of these modules.
Also, both modules depend on the library `libcrypto` to function
properly. `ossltest` is explicitly linked with the static variant of
the library `libcrypto`. Finally, only `dasync` is being installed, as
`ossltest` is only for internal testing.
When `Configure` digests these `build.info` files, the accumulated
information comes down to this:
LIBS=libcrypto libssl
SOURCE[libcrypto]=crypto/aes.c crypto/evp.c crypto/cversion.c
DEPEND[crypto/cversion.o]=crypto/buildinf.h
INCLUDE[libcrypto]=include
SOURCE[libssl]=ssl/tls.c
INCLUDE[libssl]=include
DEPEND[libssl]=libcrypto
PROGRAMS=apps/openssl
SOURCE[apps/openssl]=apps/openssl.c
INCLUDE[apps/openssl]=. include
DEPEND[apps/openssl]=libssl
MODULES=engines/dasync
SOURCE[engines/dasync]=engines/e_dasync.c
DEPEND[engines/dasync]=libcrypto
INCLUDE[engines/dasync]=include
MODULES_NO_INST=engines/ossltest
SOURCE[engines/ossltest]=engines/e_ossltest.c
DEPEND[engines/ossltest]=libcrypto.a
INCLUDE[engines/ossltest]=include
GENERATE[crypto/buildinf.h]=util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)"
DEPEND[crypto/buildinf.h]=Makefile
DEPEND[util/mkbuildinf.pl]=util/Foo.pm
A few notes worth mentioning:
`LIBS` may be used to declare routine libraries only.
`PROGRAMS` may be used to declare programs only.
`MODULES` may be used to declare modules only.
The indexes for `SOURCE` must only be end product files, such as
libraries, programs or modules. The values of `SOURCE` variables must
only be source files (possibly generated).
`INCLUDE` and `DEPEND` shows a relationship between different files
(usually produced files) or between files and directories, such as a
program depending on a library, or between an object file and some
extra source file.
When `Configure` processes the `build.info` files, it will take it as
truth without question, and will therefore perform very few checks.
If the build tree is separate from the source tree, it will assume
that all built files and up in the build directory and that all source
files are to be found in the source tree, if they can be found there.
`Configure` will assume that source files that can't be found in the
source tree (such as `crypto/bildinf.h` in the example above) are
generated and will be found in the build tree.
The `%unified_info` database
----------------------------
The information in all the `build.info` get digested by `Configure` and
collected into the `%unified_info` database, divided into the following
indexes:
depends => a hash table containing 'file' => [ 'dependency' ... ]
pairs. These are directly inferred from the DEPEND
variables in build.info files.
modules => a list of modules. These are directly inferred from
the MODULES variable in build.info files.
generate => a hash table containing 'file' => [ 'generator' ... ]
pairs. These are directly inferred from the GENERATE
variables in build.info files.
includes => a hash table containing 'file' => [ 'include' ... ]
pairs. These are directly inferred from the INCLUDE
variables in build.info files.
install => a hash table containing 'type' => [ 'file' ... ] pairs.
The types are 'programs', 'libraries', 'modules' and
'scripts', and the array of files list the files of
that type that should be installed.
libraries => a list of libraries. These are directly inferred from
the LIBS variable in build.info files.
programs => a list of programs. These are directly inferred from
the PROGRAMS variable in build.info files.
scripts => a list of scripts. There are directly inferred from
the SCRIPTS variable in build.info files.
sources => a hash table containing 'file' => [ 'sourcefile' ... ]
pairs. These are indirectly inferred from the SOURCE
variables in build.info files. Object files are
mentioned in this hash table, with source files from
SOURCE variables, and AS source files for programs and
libraries.
shared_sources =>
a hash table just like 'sources', but only as source
files (object files) for building shared libraries.
As an example, here is how the `build.info` files example from the
section above would be digested into a `%unified_info` table:
our %unified_info = (
"depends" =>
{
"apps/openssl" =>
[
"libssl",
],
"crypto/buildinf.h" =>
[
"Makefile",
],
"crypto/cversion.o" =>
[
"crypto/buildinf.h",
],
"engines/dasync" =>
[
"libcrypto",
],
"engines/ossltest" =>
[
"libcrypto.a",
],
"libssl" =>
[
"libcrypto",
],
"util/mkbuildinf.pl" =>
[
"util/Foo.pm",
],
},
"modules" =>
[
"engines/dasync",
"engines/ossltest",
],
"generate" =>
{
"crypto/buildinf.h" =>
[
"util/mkbuildinf.pl",
"\"\$(CC)",
"\$(CFLAGS)\"",
"\"$(PLATFORM)\"",
],
},
"includes" =>
{
"apps/openssl" =>
[
".",
"include",
],
"engines/ossltest" =>
[
"include"
],
"libcrypto" =>
[
"include",
],
"libssl" =>
[
"include",
],
"util/mkbuildinf.pl" =>
[
"util",
],
}
"install" =>
{
"modules" =>
[
"engines/dasync",
],
"libraries" =>
[
"libcrypto",
"libssl",
],
"programs" =>
[
"apps/openssl",
],
},
"libraries" =>
[
"libcrypto",
"libssl",
],
"programs" =>
[
"apps/openssl",
],
"sources" =>
{
"apps/openssl" =>
[
"apps/openssl.o",
],
"apps/openssl.o" =>
[
"apps/openssl.c",
],
"crypto/aes.o" =>
[
"crypto/aes.c",
],
"crypto/cversion.o" =>
[
"crypto/cversion.c",
],
"crypto/evp.o" =>
[
"crypto/evp.c",
],
"engines/e_dasync.o" =>
[
"engines/e_dasync.c",
],
"engines/dasync" =>
[
"engines/e_dasync.o",
],
"engines/e_ossltest.o" =>
[
"engines/e_ossltest.c",
],
"engines/ossltest" =>
[
"engines/e_ossltest.o",
],
"libcrypto" =>
[
"crypto/aes.c",
"crypto/cversion.c",
"crypto/evp.c",
],
"libssl" =>
[
"ssl/tls.c",
],
"ssl/tls.o" =>
[
"ssl/tls.c",
],
},
);
As can be seen, everything in `%unified_info` is fairly simple suggest
of information. Still, it tells us that to build all programs, we
must build `apps/openssl`, and to build the latter, we will need to
build all its sources (`apps/openssl.o` in this case) and all the
other things it depends on (such as `libssl`). All those dependencies
need to be built as well, using the same logic, so to build `libssl`,
we need to build `ssl/tls.o` as well as `libcrypto`, and to build the
latter...
Build-file templates
--------------------
Build-file templates are essentially build-files (such as `Makefile` on
Unix) with perl code fragments mixed in. Those perl code fragment
will generate all the configuration dependent data, including all the
rules needed to build end product files and intermediary files alike.
At a minimum, there must be a perl code fragment that defines a set of
functions that are used to generates specific build-file rules, to
build static libraries from object files, to build shared libraries
from static libraries, to programs from object files and libraries,
etc.
generatesrc - function that produces build file lines to generate
a source file from some input.
It's called like this:
generatesrc(src => "PATH/TO/tobegenerated",
generator => [ "generatingfile", ... ]
generator_incs => [ "INCL/PATH", ... ]
generator_deps => [ "dep1", ... ]
incs => [ "INCL/PATH", ... ],
deps => [ "dep1", ... ],
intent => one of "libs", "dso", "bin" );
'src' has the name of the file to be generated.
'generator' is the command or part of command to
generate the file, of which the first item is
expected to be the file to generate from.
generatesrc() is expected to analyse and figure out
exactly how to apply that file and how to capture
the result. 'generator_incs' and 'generator_deps'
are include directories and files that the generator
file itself depends on. 'incs' and 'deps' are
include directories and files that are used if $(CC)
is used as an intermediary step when generating the
end product (the file indicated by 'src'). 'intent'
indicates what the generated file is going to be
used for.
src2obj - function that produces build file lines to build an
object file from source files and associated data.
It's called like this:
src2obj(obj => "PATH/TO/objectfile",
srcs => [ "PATH/TO/sourcefile", ... ],
deps => [ "dep1", ... ],
incs => [ "INCL/PATH", ... ]
intent => one of "lib", "dso", "bin" );
'obj' has the intended object file with `.o`
extension, src2obj() is expected to change it to
something more suitable for the platform.
'srcs' has the list of source files to build the
object file, with the first item being the source
file that directly corresponds to the object file.
'deps' is a list of explicit dependencies. 'incs'
is a list of include file directories. Finally,
'intent' indicates what this object file is going
to be used for.
obj2lib - function that produces build file lines to build a
static library file ("libfoo.a" in Unix terms) from
object files.
called like this:
obj2lib(lib => "PATH/TO/libfile",
objs => [ "PATH/TO/objectfile", ... ]);
'lib' has the intended library file name *without*
extension, obj2lib is expected to add that. 'objs'
has the list of object files to build this library.
libobj2shlib - backward compatibility function that's used the
same way as obj2shlib (described next), and was
expected to build the shared library from the
corresponding static library when that was suitable.
NOTE: building a shared library from a static
library is now DEPRECATED, as they no longer share
object files. Attempting to do this will fail.
obj2shlib - function that produces build file lines to build a
shareable object library file ("libfoo.so" in Unix
terms) from the corresponding object files.
called like this:
obj2shlib(shlib => "PATH/TO/shlibfile",
lib => "PATH/TO/libfile",
objs => [ "PATH/TO/objectfile", ... ],
deps => [ "PATH/TO/otherlibfile", ... ]);
'lib' has the base (static) library file name
*without* extension. This is useful in case
supporting files are needed (such as import
libraries on Windows).
'shlib' has the corresponding shared library name
*without* extension. 'deps' has the list of other
libraries (also *without* extension) this library
needs to be linked with. 'objs' has the list of
object files to build this library.
obj2dso - function that produces build file lines to build a
dynamic shared object file from object files.
called like this:
obj2dso(lib => "PATH/TO/libfile",
objs => [ "PATH/TO/objectfile", ... ],
deps => [ "PATH/TO/otherlibfile",
... ]);
This is almost the same as obj2shlib, but the
intent is to build a shareable library that can be
loaded in runtime (a "plugin"...).
obj2bin - function that produces build file lines to build an
executable file from object files.
called like this:
obj2bin(bin => "PATH/TO/binfile",
objs => [ "PATH/TO/objectfile", ... ],
deps => [ "PATH/TO/libfile", ... ]);
'bin' has the intended executable file name
*without* extension, obj2bin is expected to add
that. 'objs' has the list of object files to build
this library. 'deps' has the list of library files
(also *without* extension) that the programs needs
to be linked with.
in2script - function that produces build file lines to build a
script file from some input.
called like this:
in2script(script => "PATH/TO/scriptfile",
sources => [ "PATH/TO/infile", ... ]);
'script' has the intended script file name.
'sources' has the list of source files to build the
resulting script from.
Along with the build-file templates is the driving template
[`Configurations/common.tmpl`](common.tmpl), which looks through all the
information in `%unified_info` and generates all the rulesets to build libraries,
programs and all intermediate files, using the rule generating
functions defined in the build-file template.
As an example with the smaller `build.info` set we've seen as an
example, producing the rules to build `libcrypto` would result in the
following calls:
# Note: obj2shlib will only be called if shared libraries are
# to be produced.
# Note 2: obj2shlib must convert the '.o' extension to whatever
# is suitable on the local platform.
obj2shlib(shlib => "libcrypto",
objs => [ "crypto/aes.o", "crypto/evp.o", "crypto/cversion.o" ],
deps => [ ]);
obj2lib(lib => "libcrypto"
objs => [ "crypto/aes.o", "crypto/evp.o", "crypto/cversion.o" ]);
src2obj(obj => "crypto/aes.o"
srcs => [ "crypto/aes.c" ],
deps => [ ],
incs => [ "include" ],
intent => "lib");
src2obj(obj => "crypto/evp.o"
srcs => [ "crypto/evp.c" ],
deps => [ ],
incs => [ "include" ],
intent => "lib");
src2obj(obj => "crypto/cversion.o"
srcs => [ "crypto/cversion.c" ],
deps => [ "crypto/buildinf.h" ],
incs => [ "include" ],
intent => "lib");
generatesrc(src => "crypto/buildinf.h",
generator => [ "util/mkbuildinf.pl", "\"$(CC)",
"$(CFLAGS)\"", "\"$(PLATFORM)\"" ],
generator_incs => [ "util" ],
generator_deps => [ "util/Foo.pm" ],
incs => [ ],
deps => [ ],
intent => "lib");
The returned strings from all those calls are then concatenated
together and written to the resulting build-file.

667
Configurations/README.md Normal file
View file

@ -0,0 +1,667 @@
Intro
=====
This directory contains a few sets of files that are used for
configuration in diverse ways:
*.conf Target platform configurations, please read
'Configurations of OpenSSL target platforms' for more
information.
*.tmpl Build file templates, please read 'Build-file
programming with the "unified" build system' as well
as 'Build info files' for more information.
*.pm Helper scripts / modules for the main `Configure`
script. See 'Configure helper scripts for more
information.
Configurations of OpenSSL target platforms
==========================================
Configuration targets are a collection of facts that we know about
different platforms and their capabilities. We organise them in a
hash table, where each entry represent a specific target.
Note that configuration target names must be unique across all config
files. The Configure script does check that a config file doesn't
have config targets that shadow config targets from other files.
In each table entry, the following keys are significant:
inherit_from => Other targets to inherit values from.
Explained further below. [1]
template => Set to 1 if this isn't really a platform
target. Instead, this target is a template
upon which other targets can be built.
Explained further below. [1]
sys_id => System identity for systems where that
is difficult to determine automatically.
enable => Enable specific configuration features.
This MUST be an array of words.
disable => Disable specific configuration features.
This MUST be an array of words.
Note: if the same feature is both enabled
and disabled, disable wins.
as => The assembler command. This is not always
used (for example on Unix, where the C
compiler is used instead).
asflags => Default assembler command flags [4].
cpp => The C preprocessor command, normally not
given, as the build file defaults are
usually good enough.
cppflags => Default C preprocessor flags [4].
defines => As an alternative, macro definitions may be
given here instead of in 'cppflags' [4].
If given here, they MUST be as an array of
the string such as "MACRO=value", or just
"MACRO" for definitions without value.
includes => As an alternative, inclusion directories
may be given here instead of in 'cppflags'
[4]. If given here, the MUST be an array
of strings, one directory specification
each.
cc => The C compiler command, usually one of "cc",
"gcc" or "clang". This command is normally
also used to link object files and
libraries into the final program.
cxx => The C++ compiler command, usually one of
"c++", "g++" or "clang++". This command is
also used when linking a program where at
least one of the object file is made from
C++ source.
cflags => Defaults C compiler flags [4].
cxxflags => Default C++ compiler flags [4]. If unset,
it gets the same value as cflags.
(linking is a complex thing, see [3] below)
ld => Linker command, usually not defined
(meaning the compiler command is used
instead).
(NOTE: this is here for future use, it's
not implemented yet)
lflags => Default flags used when linking apps,
shared libraries or DSOs [4].
ex_libs => Extra libraries that are needed when
linking shared libraries, DSOs or programs.
The value is also assigned to Libs.private
in $(libdir)/pkgconfig/libcrypto.pc.
shared_cppflags => Extra C preprocessor flags used when
processing C files for shared libraries.
shared_cflag => Extra C compiler flags used when compiling
for shared libraries, typically something
like "-fPIC".
shared_ldflag => Extra linking flags used when linking
shared libraries.
module_cppflags
module_cflags
module_ldflags => Has the same function as the corresponding
'shared_' attributes, but for building DSOs.
When unset, they get the same values as the
corresponding 'shared_' attributes.
ar => The library archive command, the default is
"ar".
(NOTE: this is here for future use, it's
not implemented yet)
arflags => Flags to be used with the library archive
command. On Unix, this includes the
command letter, 'r' by default.
ranlib => The library archive indexing command, the
default is 'ranlib' it it exists.
unistd => An alternative header to the typical
'<unistd.h>'. This is very rarely needed.
shared_extension => File name extension used for shared
libraries.
obj_extension => File name extension used for object files.
On unix, this defaults to ".o" (NOTE: this
is here for future use, it's not
implemented yet)
exe_extension => File name extension used for executable
files. On unix, this defaults to "" (NOTE:
this is here for future use, it's not
implemented yet)
shlib_variant => A "variant" identifier inserted between the base
shared library name and the extension. On "unixy"
platforms (BSD, Linux, Solaris, MacOS/X, ...) this
supports installation of custom OpenSSL libraries
that don't conflict with other builds of OpenSSL
installed on the system. The variant identifier
becomes part of the SONAME of the library and also
any symbol versions (symbol versions are not used or
needed with MacOS/X). For example, on a system
where a default build would normally create the SSL
shared library as 'libssl.so -> libssl.so.1.1' with
the value of the symlink as the SONAME, a target
definition that sets 'shlib_variant => "-abc"' will
create 'libssl.so -> libssl-abc.so.1.1', again with
an SONAME equal to the value of the symlink. The
symbol versions associated with the variant library
would then be 'OPENSSL_ABC_<version>' rather than
the default 'OPENSSL_<version>'. The string inserted
into symbol versions is obtained by mapping all
letters in the "variant" identifier to upper case
and all non-alphanumeric characters to '_'.
thread_scheme => The type of threads is used on the
configured platform. Currently known
values are "(unknown)", "pthreads",
"uithreads" (a.k.a solaris threads) and
"winthreads". Except for "(unknown)", the
actual value is currently ignored but may
be used in the future. See further notes
below [2].
dso_scheme => The type of dynamic shared objects to build
for. This mostly comes into play with
modules, but can be used for other purposes
as well. Valid values are "DLFCN"
(dlopen() et al), "DLFCN_NO_H" (for systems
that use dlopen() et al but do not have
fcntl.h), "DL" (shl_load() et al), "WIN32"
and "VMS".
asm_arch => The architecture to be used for compiling assembly
source. This acts as a selector in build.info files.
uplink_arch => The architecture to be used for compiling uplink
source. This acts as a selector in build.info files.
This is separate from asm_arch because it's compiled
even when 'no-asm' is given, even though it contains
assembler source.
perlasm_scheme => The perlasm method used to create the
assembler files used when compiling with
assembler implementations.
shared_target => The shared library building method used.
This serves multiple purposes:
- as index for targets found in shared_info.pl.
- as linker script generation selector.
To serve both purposes, the index for shared_info.pl
should end with '-shared', and this suffix will be
removed for use as a linker script generation
selector. Note that the latter is only used if
'shared_defflag' is defined.
build_scheme => The scheme used to build up a Makefile.
In its simplest form, the value is a string
with the name of the build scheme.
The value may also take the form of a list
of strings, if the build_scheme is to have
some options. In this case, the first
string in the list is the name of the build
scheme.
Currently recognised build scheme is "unified".
For the "unified" build scheme, this item
*must* be an array with the first being the
word "unified" and the second being a word
to identify the platform family.
multilib => On systems that support having multiple
implementations of a library (typically a
32-bit and a 64-bit variant), this is used
to have the different variants in different
directories.
bn_ops => Building options (was just bignum options in
the earlier history of this option, hence the
name). This is a string of words that describe
algorithms' implementation parameters that
are optimal for the designated target platform,
such as the type of integers used to build up
the bignum, different ways to implement certain
ciphers and so on. To fully comprehend the
meaning, the best is to read the affected
source.
The valid words are:
THIRTY_TWO_BIT bignum limbs are 32 bits,
this is default if no
option is specified, it
works on any supported
system [unless "wider"
limb size is implied in
assembly code];
BN_LLONG bignum limbs are 32 bits,
but 64-bit 'unsigned long
long' is used internally
in calculations;
SIXTY_FOUR_BIT_LONG bignum limbs are 64 bits
and sizeof(long) is 8;
SIXTY_FOUR_BIT bignums limbs are 64 bits,
but execution environment
is ILP32;
RC4_CHAR RC4 key schedule is made
up of 'unsigned char's;
Note: should not be used
for new configuration
targets
RC4_INT RC4 key schedule is made
up of 'unsigned int's;
Note: should not be used
for new configuration
targets
[1] as part of the target configuration, one can have a key called
`inherit_from` that indicates what other configurations to inherit
data from. These are resolved recursively.
Inheritance works as a set of default values that can be overridden
by corresponding key values in the inheriting configuration.
Note 1: any configuration table can be used as a template.
Note 2: pure templates have the attribute `template => 1` and
cannot be used as build targets.
If several configurations are given in the `inherit_from` array,
the values of same attribute are concatenated with space
separation. With this, it's possible to have several smaller
templates for different configuration aspects that can be combined
into a complete configuration.
Instead of a scalar value or an array, a value can be a code block
of the form `sub { /* your code here */ }`. This code block will
be called with the list of inherited values for that key as
arguments. In fact, the concatenation of strings is really done
by using `sub { join(" ",@_) }` on the list of inherited values.
An example:
"foo" => {
template => 1,
haha => "ha ha",
hoho => "ho",
ignored => "This should not appear in the end result",
},
"bar" => {
template => 1,
haha => "ah",
hoho => "haho",
hehe => "hehe"
},
"laughter" => {
inherit_from => [ "foo", "bar" ],
hehe => sub { join(" ",(@_,"!!!")) },
ignored => "",
}
The entry for "laughter" will become as follows after processing:
"laughter" => {
haha => "ha ha ah",
hoho => "ho haho",
hehe => "hehe !!!",
ignored => ""
}
[2] OpenSSL is built with threading capabilities unless the user
specifies `no-threads`. The value of the key `thread_scheme` may
be `(unknown)`, in which case the user MUST give some compilation
flags to `Configure`.
[3] OpenSSL has three types of things to link from object files or
static libraries:
- shared libraries; that would be libcrypto and libssl.
- shared objects (sometimes called dynamic libraries); that would
be the modules.
- applications; those are apps/openssl and all the test apps.
Very roughly speaking, linking is done like this (words in braces
represent the configuration settings documented at the beginning
of this file):
shared libraries:
{ld} $(CFLAGS) {lflags} {shared_ldflag} -o libfoo.so \
foo/something.o foo/somethingelse.o {ex_libs}
shared objects:
{ld} $(CFLAGS) {lflags} {module_ldflags} -o libeng.so \
blah1.o blah2.o -lcrypto {ex_libs}
applications:
{ld} $(CFLAGS) {lflags} -o app \
app1.o utils.o -lssl -lcrypto {ex_libs}
[4] There are variants of these attribute, prefixed with `lib_`,
`dso_` or `bin_`. Those variants replace the unprefixed attribute
when building library, DSO or program modules specifically.
Historically, the target configurations came in form of a string with
values separated by colons. This use is deprecated. The string form
looked like this:
"target" => "{cc}:{cflags}:{unistd}:{thread_cflag}:{sys_id}:{lflags}:
{bn_ops}:{cpuid_obj}:{bn_obj}:{ec_obj}:{des_obj}:{aes_obj}:
{bf_obj}:{md5_obj}:{sha1_obj}:{cast_obj}:{rc4_obj}:
{rmd160_obj}:{rc5_obj}:{wp_obj}:{cmll_obj}:{modes_obj}:
{padlock_obj}:{perlasm_scheme}:{dso_scheme}:{shared_target}:
{shared_cflag}:{shared_ldflag}:{shared_extension}:{ranlib}:
{arflags}:{multilib}"
Build info files
================
The `build.info` files that are spread over the source tree contain the
minimum information needed to build and distribute OpenSSL. It uses a
simple and yet fairly powerful language to determine what needs to be
built, from what sources, and other relationships between files.
For every `build.info` file, all file references are relative to the
directory of the `build.info` file for source files, and the
corresponding build directory for built files if the build tree
differs from the source tree.
When processed, every line is processed with the perl module
Text::Template, using the delimiters `{-` and `-}`. The hashes
`%config` and `%target` are passed to the perl fragments, along with
$sourcedir and $builddir, which are the locations of the source
directory for the current `build.info` file and the corresponding build
directory, all relative to the top of the build tree.
`Configure` only knows inherently about the top `build.info` file. For
any other directory that has one, further directories to look into
must be indicated like this:
SUBDIRS=something someelse
On to things to be built; they are declared by setting specific
variables:
PROGRAMS=foo bar
LIBS=libsomething
MODULES=libeng
SCRIPTS=myhack
Note that the files mentioned for PROGRAMS, LIBS and MODULES *must* be
without extensions. The build file templates will figure them out.
For each thing to be built, it is then possible to say what sources
they are built from:
PROGRAMS=foo bar
SOURCE[foo]=foo.c common.c
SOURCE[bar]=bar.c extra.c common.c
It's also possible to tell some other dependencies:
DEPEND[foo]=libsomething
DEPEND[libbar]=libsomethingelse
(it could be argued that 'libsomething' and 'libsomethingelse' are
source as well. However, the files given through SOURCE are expected
to be located in the source tree while files given through DEPEND are
expected to be located in the build tree)
It's also possible to depend on static libraries explicitly:
DEPEND[foo]=libsomething.a
DEPEND[libbar]=libsomethingelse.a
This should be rarely used, and care should be taken to make sure it's
only used when supported. For example, native Windows build doesn't
support building static libraries and DLLs at the same time, so using
static libraries on Windows can only be done when configured
`no-shared`.
In some cases, it's desirable to include some source files in the
shared form of a library only:
SHARED_SOURCE[libfoo]=dllmain.c
For any file to be built, it's also possible to tell what extra
include paths the build of their source files should use:
INCLUDE[foo]=include
It's also possible to specify C macros that should be defined:
DEFINE[foo]=FOO BAR=1
In some cases, one might want to generate some source files from
others, that's done as follows:
GENERATE[foo.s]=asm/something.pl $(CFLAGS)
GENERATE[bar.s]=asm/bar.S
The value of each GENERATE line is a command line or part of it.
Configure places no rules on the command line, except that the first
item must be the generator file. It is, however, entirely up to the
build file template to define exactly how those command lines should
be handled, how the output is captured and so on.
Sometimes, the generator file itself depends on other files, for
example if it is a perl script that depends on other perl modules.
This can be expressed using DEPEND like this:
DEPEND[asm/something.pl]=../perlasm/Foo.pm
There may also be cases where the exact file isn't easily specified,
but an inclusion directory still needs to be specified. INCLUDE can
be used in that case:
INCLUDE[asm/something.pl]=../perlasm
NOTE: GENERATE lines are limited to one command only per GENERATE.
Finally, you can have some simple conditional use of the `build.info`
information, looking like this:
IF[1]
something
ELSIF[2]
something other
ELSE
something else
ENDIF
The expression in square brackets is interpreted as a string in perl,
and will be seen as true if perl thinks it is, otherwise false. For
example, the above would have "something" used, since 1 is true.
Together with the use of Text::Template, this can be used as
conditions based on something in the passed variables, for example:
IF[{- $disabled{shared} -}]
LIBS=libcrypto
SOURCE[libcrypto]=...
ELSE
LIBS=libfoo
SOURCE[libfoo]=...
ENDIF
Build-file programming with the "unified" build system
======================================================
"Build files" are called `Makefile` on Unix-like operating systems,
`descrip.mms` for MMS on VMS, `makefile` for `nmake` on Windows, etc.
To use the "unified" build system, the target configuration needs to
set the three items `build_scheme`, `build_file` and `build_command`.
In the rest of this section, we will assume that `build_scheme` is set
to "unified" (see the configurations documentation above for the
details).
For any name given by `build_file`, the "unified" system expects a
template file in `Configurations/` named like the build file, with
`.tmpl` appended, or in case of possible ambiguity, a combination of
the second `build_scheme` list item and the `build_file` name. For
example, if `build_file` is set to `Makefile`, the template could be
`Configurations/Makefile.tmpl` or `Configurations/unix-Makefile.tmpl`.
In case both `Configurations/unix-Makefile.tmpl` and
`Configurations/Makefile.tmpl` are present, the former takes precedence.
The build-file template is processed with the perl module
Text::Template, using `{-` and `-}` as delimiters that enclose the
perl code fragments that generate configuration-dependent content.
Those perl fragments have access to all the hash variables from
configdata.pem.
The build-file template is expected to define at least the following
perl functions in a perl code fragment enclosed with `{-` and `-}`.
They are all expected to return a string with the lines they produce.
generatesrc - function that produces build file lines to generate
a source file from some input.
It's called like this:
generatesrc(src => "PATH/TO/tobegenerated",
generator => [ "generatingfile", ... ]
generator_incs => [ "INCL/PATH", ... ]
generator_deps => [ "dep1", ... ]
generator => [ "generatingfile", ... ]
incs => [ "INCL/PATH", ... ],
deps => [ "dep1", ... ],
intent => one of "libs", "dso", "bin" );
'src' has the name of the file to be generated.
'generator' is the command or part of command to
generate the file, of which the first item is
expected to be the file to generate from.
generatesrc() is expected to analyse and figure out
exactly how to apply that file and how to capture
the result. 'generator_incs' and 'generator_deps'
are include directories and files that the generator
file itself depends on. 'incs' and 'deps' are
include directories and files that are used if $(CC)
is used as an intermediary step when generating the
end product (the file indicated by 'src'). 'intent'
indicates what the generated file is going to be
used for.
src2obj - function that produces build file lines to build an
object file from source files and associated data.
It's called like this:
src2obj(obj => "PATH/TO/objectfile",
srcs => [ "PATH/TO/sourcefile", ... ],
deps => [ "dep1", ... ],
incs => [ "INCL/PATH", ... ]
intent => one of "lib", "dso", "bin" );
'obj' has the intended object file with '.o'
extension, src2obj() is expected to change it to
something more suitable for the platform.
'srcs' has the list of source files to build the
object file, with the first item being the source
file that directly corresponds to the object file.
'deps' is a list of explicit dependencies. 'incs'
is a list of include file directories. Finally,
'intent' indicates what this object file is going
to be used for.
obj2lib - function that produces build file lines to build a
static library file ("libfoo.a" in Unix terms) from
object files.
called like this:
obj2lib(lib => "PATH/TO/libfile",
objs => [ "PATH/TO/objectfile", ... ]);
'lib' has the intended library file name *without*
extension, obj2lib is expected to add that. 'objs'
has the list of object files to build this library.
libobj2shlib - backward compatibility function that's used the
same way as obj2shlib (described next), and was
expected to build the shared library from the
corresponding static library when that was suitable.
NOTE: building a shared library from a static
library is now DEPRECATED, as they no longer share
object files. Attempting to do this will fail.
obj2shlib - function that produces build file lines to build a
shareable object library file ("libfoo.so" in Unix
terms) from the corresponding object files.
called like this:
obj2shlib(shlib => "PATH/TO/shlibfile",
lib => "PATH/TO/libfile",
objs => [ "PATH/TO/objectfile", ... ],
deps => [ "PATH/TO/otherlibfile", ... ]);
'lib' has the base (static) library ffile name
*without* extension. This is useful in case
supporting files are needed (such as import
libraries on Windows).
'shlib' has the corresponding shared library name
*without* extension. 'deps' has the list of other
libraries (also *without* extension) this library
needs to be linked with. 'objs' has the list of
object files to build this library.
obj2dso - function that produces build file lines to build a
dynamic shared object file from object files.
called like this:
obj2dso(lib => "PATH/TO/libfile",
objs => [ "PATH/TO/objectfile", ... ],
deps => [ "PATH/TO/otherlibfile",
... ]);
This is almost the same as obj2shlib, but the
intent is to build a shareable library that can be
loaded in runtime (a "plugin"...).
obj2bin - function that produces build file lines to build an
executable file from object files.
called like this:
obj2bin(bin => "PATH/TO/binfile",
objs => [ "PATH/TO/objectfile", ... ],
deps => [ "PATH/TO/libfile", ... ]);
'bin' has the intended executable file name
*without* extension, obj2bin is expected to add
that. 'objs' has the list of object files to build
this library. 'deps' has the list of library files
(also *without* extension) that the programs needs
to be linked with.
in2script - function that produces build file lines to build a
script file from some input.
called like this:
in2script(script => "PATH/TO/scriptfile",
sources => [ "PATH/TO/infile", ... ]);
'script' has the intended script file name.
'sources' has the list of source files to build the
resulting script from.
In all cases, file file paths are relative to the build tree top, and
the build file actions run with the build tree top as current working
directory.
Make sure to end the section with these functions with a string that
you thing is appropriate for the resulting build file. If nothing
else, end it like this:
""; # Make sure no lingering values end up in the Makefile
-}
Configure helper scripts
========================
Configure uses helper scripts in this directory:
Checker scripts
---------------
These scripts are per platform family, to check the integrity of the
tools used for configuration and building. The checker script used is
either `{build_platform}-{build_file}-checker.pm` or
`{build_platform}-checker.pm`, where `{build_platform}` is the second
`build_scheme` list element from the configuration target data, and
`{build_file}` is `build_file` from the same target data.
If the check succeeds, the script is expected to end with a non-zero
expression. If the check fails, the script can end with a zero, or
with a `die`.

31
Configurations/common0.tmpl Normal file
View file

@ -0,0 +1,31 @@
{- # -*- Mode: perl -*-
# Commonly used list of generated files
# The reason for the complexity is that the build.info files provide
# GENERATE rules for *all* platforms without discrimination, while the
# build files only want those for a particular build. Therefore, we
# need to extrapolate exactly what we need to generate. The way to do
# that is to extract all possible source files from diverse tables and
# filter out all that are not generated
my %generatables =
map { $_ => 1 }
( # The sources of stuff may be generated
( map { @{$unified_info{sources}->{$_}} }
keys %{$unified_info{sources}} ),
$disabled{shared}
? ()
: ( map { @{$unified_info{shared_sources}->{$_}} }
keys %{$unified_info{shared_sources}} ),
# Things we explicitly depend on are usually generated
( map { $_ eq "" ? () : @{$unified_info{depends}->{$_}} }
keys %{$unified_info{depends}} ));
our @generated =
sort ( ( grep { defined $unified_info{generate}->{$_} }
sort keys %generatables ),
# Scripts are assumed to be generated, so add them too
( grep { defined $unified_info{sources}->{$_} }
@{$unified_info{scripts}} ) );
# Avoid strange output
"";
-}

1402
Configurations/descrip.mms.tmpl Normal file
View file

File diff suppressed because it is too large Load diff

556
Configurations/gentemplate.pm Normal file
View file

@ -0,0 +1,556 @@
package gentemplate;
use strict;
use warnings;
use Carp;
use Exporter;
use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS);
@ISA = qw(Exporter);
@EXPORT = qw(gentemplate);
use File::Basename;
sub gentemplate {
my %opts = @_;
my $generator = OpenSSL::GenTemplate->new(%opts);
# Build mandatory header file generators
foreach (@{$generator->{info}->{depends}->{""}}) { $generator->dogenerate($_); }
# Build all known targets, libraries, modules, programs and scripts.
# Everything else will be handled as a consequence.
foreach (@{$generator->{info}->{targets}}) { $generator->dotarget($_); }
foreach (@{$generator->{info}->{libraries}}) { $generator->dolib($_); }
foreach (@{$generator->{info}->{modules}}) { $generator->domodule($_); }
foreach (@{$generator->{info}->{programs}}) { $generator->dobin($_); }
foreach (@{$generator->{info}->{scripts}}) { $generator->doscript($_); }
foreach (sort keys %{$generator->{info}->{htmldocs}}) { $generator->dodocs('html', $_); }
foreach (sort keys %{$generator->{info}->{mandocs}}) { $generator->dodocs('man', $_); }
foreach (sort keys %{$generator->{info}->{dirinfo}}) { $generator->dodir($_); }
}
package OpenSSL::GenTemplate;
use OpenSSL::Util;
sub new {
my $class = shift;
my %opts = @_;
my $data = {
output => $opts{output},
config => $opts{config} // {},
disabled => $opts{disabled} // {},
info => $opts{unified_info} // {},
};
return bless $data, $class;
};
sub emit {
my $self = shift;
my $name = shift;
my %opts = @_;
my $fh = $self->{output};
die "No name?" unless $name;
print $fh "{-\n ", $name, '(', dump_data(\%opts), ');', " \n-}"
unless defined $opts{attrs}->{skip};
}
my $debug_resolvedepends = $ENV{BUILDFILE_DEBUG_DEPENDS};
my $debug_rules = $ENV{BUILDFILE_DEBUG_RULES};
# A cache of objects for which a recipe has already been generated
our %cache;
# collectdepends, expanddepends and reducedepends work together to make
# sure there are no duplicate or weak dependencies and that they are in
# the right order. This is used to sort the list of libraries that a
# build depends on.
sub extensionlesslib {
my @result = map { $_ =~ /(\.a)?$/; $` } @_;
return @result if wantarray;
return $result[0];
}
# collectdepends dives into the tree of dependencies and returns
# a list of all the non-weak ones.
sub collectdepends {
my $self = shift;
return () unless @_;
my $thing = shift;
my $extensionlessthing = extensionlesslib($thing);
my @listsofar = @_; # to check if we're looping
my @list = @{ $self->{info}->{depends}->{$thing} //
$self->{info}->{depends}->{$extensionlessthing}
// [] };
my @newlist = ();
print STDERR "DEBUG[collectdepends] $thing > ", join(' ', @listsofar), "\n"
if $debug_resolvedepends;
foreach my $item (@list) {
my $extensionlessitem = extensionlesslib($item);
# It's time to break off when the dependency list starts looping
next if grep { extensionlesslib($_) eq $extensionlessitem } @listsofar;
# Don't add anything here if the dependency is weak
next if defined $self->{info}->{attributes}->{depends}->{$thing}->{$item}->{'weak'};
my @resolved = $self->collectdepends($item, @listsofar, $item);
push @newlist, $item, @resolved;
}
print STDERR "DEBUG[collectdepends] $thing < ", join(' ', @newlist), "\n"
if $debug_resolvedepends;
@newlist;
}
# expanddepends goes through a list of stuff, checks if they have any
# dependencies, and adds them at the end of the current position if
# they aren't already present later on.
sub expanddepends {
my $self = shift;
my @after = ( @_ );
print STDERR "DEBUG[expanddepends]> ", join(' ', @after), "\n"
if $debug_resolvedepends;
my @before = ();
while (@after) {
my $item = shift @after;
print STDERR "DEBUG[expanddepends]\\ ", join(' ', @before), "\n"
if $debug_resolvedepends;
print STDERR "DEBUG[expanddepends] - ", $item, "\n"
if $debug_resolvedepends;
my @middle = (
$item,
map {
my $x = $_;
my $extlessx = extensionlesslib($x);
if (grep { $extlessx eq extensionlesslib($_) } @before
and
!grep { $extlessx eq extensionlesslib($_) } @after) {
print STDERR "DEBUG[expanddepends] + ", $x, "\n"
if $debug_resolvedepends;
( $x )
} else {
print STDERR "DEBUG[expanddepends] ! ", $x, "\n"
if $debug_resolvedepends;
()
}
} @{$self->{info}->{depends}->{$item} // []}
);
print STDERR "DEBUG[expanddepends] = ", join(' ', @middle), "\n"
if $debug_resolvedepends;
print STDERR "DEBUG[expanddepends]/ ", join(' ', @after), "\n"
if $debug_resolvedepends;
push @before, @middle;
}
print STDERR "DEBUG[expanddepends]< ", join(' ', @before), "\n"
if $debug_resolvedepends;
@before;
}
# reducedepends looks through a list, and checks if each item is
# repeated later on. If it is, the earlier copy is dropped.
sub reducedepends {
my @list = @_;
print STDERR "DEBUG[reducedepends]> ", join(' ', @list), "\n"
if $debug_resolvedepends;
my @newlist = ();
my %replace = ();
while (@list) {
my $item = shift @list;
my $extensionlessitem = extensionlesslib($item);
if (grep { $extensionlessitem eq extensionlesslib($_) } @list) {
if ($item ne $extensionlessitem) {
# If this instance of the library is explicitly static, we
# prefer that to any shared library name, since it must have
# been done on purpose.
$replace{$extensionlessitem} = $item;
}
} else {
push @newlist, $item;
}
}
@newlist = map { $replace{$_} // $_; } @newlist;
print STDERR "DEBUG[reducedepends]< ", join(' ', @newlist), "\n"
if $debug_resolvedepends;
@newlist;
}
# Do it all
# This takes multiple inputs and combine them into a single list of
# interdependent things. The returned value will include all the input.
# Callers are responsible for taking away the things they are building.
sub resolvedepends {
my $self = shift;
print STDERR "DEBUG[resolvedepends] START (", join(', ', @_), ")\n"
if $debug_resolvedepends;
my @all =
reducedepends($self->expanddepends(map { ( $_, $self->collectdepends($_) ) } @_));
print STDERR "DEBUG[resolvedepends] END (", join(', ', @_), ") : ",
join(',', map { "\n $_" } @all), "\n"
if $debug_resolvedepends;
@all;
}
# dogenerate is responsible for producing all the recipes that build
# generated source files. It recurses in case a dependency is also a
# generated source file.
sub dogenerate {
my $self = shift;
my $src = shift;
# Safety measure
return "" unless defined $self->{info}->{generate}->{$src};
return "" if $cache{$src};
my $obj = shift;
my $bin = shift;
my %opts = @_;
if ($self->{info}->{generate}->{$src}) {
die "$src is generated by Configure, should not appear in build file\n"
if ref $self->{info}->{generate}->{$src} eq "";
my $script = $self->{info}->{generate}->{$src}->[0];
my %attrs = %{$self->{info}->{attributes}->{generate}->{$src} // {}};
$self->emit('generatesrc',
src => $src,
product => $bin,
generator => $self->{info}->{generate}->{$src},
generator_incs => $self->{info}->{includes}->{$script} // [],
generator_deps => $self->{info}->{depends}->{$script} // [],
deps => $self->{info}->{depends}->{$src} // [],
incs => [ defined $obj ? @{$self->{info}->{includes}->{$obj} // []} : (),
defined $bin ? @{$self->{info}->{includes}->{$bin} // []} : () ],
defs => [ defined $obj ? @{$self->{info}->{defines}->{$obj} // []} : (),
defined $bin ? @{$self->{info}->{defines}->{$bin} // []} : () ],
attrs => { %attrs },
%opts);
foreach (@{$self->{info}->{depends}->{$src} // []}) {
$self->dogenerate($_, $obj, $bin, %opts);
}
# The generator itself may be is generated
if ($self->{info}->{generate}->{$script}) {
$self->dogenerate($script, $obj, $bin, %opts);
}
}
$cache{$src} = 1;
}
sub dotarget {
my $self = shift;
my $target = shift;
return "" if $cache{$target};
$self->emit('generatetarget',
target => $target,
deps => $self->{info}->{depends}->{$target} // []);
foreach (@{$self->{info}->{depends}->{$target} // []}) {
$self->dogenerate($_);
}
$cache{$target} = 1;
}
# doobj is responsible for producing all the recipes that build
# object files as well as dependency files.
sub doobj {
my $self = shift;
my $obj = shift;
return "" if $cache{$obj};
my $bin = shift;
my %opts = @_;
if (@{$self->{info}->{sources}->{$obj} // []}) {
my @srcs = @{$self->{info}->{sources}->{$obj}};
my @deps = @{$self->{info}->{depends}->{$obj} // []};
my @incs = ( @{$self->{info}->{includes}->{$obj} // []},
@{$self->{info}->{includes}->{$bin} // []} );
my @defs = ( @{$self->{info}->{defines}->{$obj} // []},
@{$self->{info}->{defines}->{$bin} // []} );
print STDERR "DEBUG[doobj] \@srcs for $obj ($bin) : ",
join(",", map { "\n $_" } @srcs), "\n"
if $debug_rules;
print STDERR "DEBUG[doobj] \@deps for $obj ($bin) : ",
join(",", map { "\n $_" } @deps), "\n"
if $debug_rules;
print STDERR "DEBUG[doobj] \@incs for $obj ($bin) : ",
join(",", map { "\n $_" } @incs), "\n"
if $debug_rules;
print STDERR "DEBUG[doobj] \@defs for $obj ($bin) : ",
join(",", map { "\n $_" } @defs), "\n"
if $debug_rules;
print STDERR "DEBUG[doobj] \%opts for $obj ($bin) : ", ,
join(",", map { "\n $_ = $opts{$_}" } sort keys %opts), "\n"
if $debug_rules;
$self->emit('src2obj',
obj => $obj, product => $bin,
srcs => [ @srcs ], deps => [ @deps ],
incs => [ @incs ], defs => [ @defs ],
%opts);
foreach ((@{$self->{info}->{sources}->{$obj}},
@{$self->{info}->{depends}->{$obj} // []})) {
$self->dogenerate($_, $obj, $bin, %opts);
}
}
$cache{$obj} = 1;
}
# Helper functions to grab all applicable intermediary files.
# This is particularly useful when a library is given as source
# rather than a dependency. In that case, we consider it to be a
# container with object file references, or possibly references
# to further libraries to pilfer in the same way.
sub getsrclibs {
my $self = shift;
my $section = shift;
# For all input, see if it sources static libraries. If it does,
# return them together with the result of a recursive call.
map { ( $_, getsrclibs($section, $_) ) }
grep { $_ =~ m|\.a$| }
map { @{$self->{info}->{$section}->{$_} // []} }
@_;
}
sub getlibobjs {
my $self = shift;
my $section = shift;
# For all input, see if it's an intermediary file (library or object).
# If it is, collect the result of a recursive call, or if that returns
# an empty list, the element itself. Return the result.
map {
my @x = $self->getlibobjs($section, @{$self->{info}->{$section}->{$_}});
@x ? @x : ( $_ );
}
grep { defined $self->{info}->{$section}->{$_} }
@_;
}
# dolib is responsible for building libraries. It will call
# obj2shlib if shared libraries are produced, and obj2lib in all
# cases. It also makes sure all object files for the library are
# built.
sub dolib {
my $self = shift;
my $lib = shift;
return "" if $cache{$lib};
my %attrs = %{$self->{info}->{attributes}->{libraries}->{$lib} // {}};
my @deps = ( $self->resolvedepends(getsrclibs('sources', $lib)) );
# We support two types of objs, those who are specific to this library
# (they end up in @objs) and those that we get indirectly, via other
# libraries (they end up in @foreign_objs). We get the latter any time
# someone has done something like this in build.info:
# SOURCE[libfoo.a]=libbar.a
# The indirect object files must be kept in a separate array so they
# don't get rebuilt unnecessarily (and with incorrect auxiliary
# information).
#
# Object files can't be collected commonly for shared and static
# libraries, because we contain their respective object files in
# {shared_sources} and {sources}, and because the implications are
# slightly different for each library form.
#
# We grab all these "foreign" object files recursively with getlibobjs().
unless ($self->{disabled}->{shared} || $lib =~ /\.a$/) {
# If this library sources other static libraries and those
# libraries are marked {noinst}, there's no need to include
# all of their object files. Instead, we treat those static
# libraries as dependents alongside any other library this
# one depends on, and let symbol resolution do its job.
my @sourced_libs = ();
my @objs = ();
my @foreign_objs = ();
my @deps = ();
foreach (@{$self->{info}->{shared_sources}->{$lib} // []}) {
if ($_ !~ m|\.a$|) {
push @objs, $_;
} elsif ($self->{info}->{attributes}->{libraries}->{$_}->{noinst}) {
push @deps, $_;
} else {
push @deps, $self->getsrclibs('sources', $_);
push @foreign_objs, $self->getlibobjs('sources', $_);
}
}
@deps = ( grep { $_ ne $lib } $self->resolvedepends($lib, @deps) );
print STDERR "DEBUG[dolib:shlib] \%attrs for $lib : ", ,
join(",", map { "\n $_ = $attrs{$_}" } sort keys %attrs), "\n"
if %attrs && $debug_rules;
print STDERR "DEBUG[dolib:shlib] \@deps for $lib : ",
join(",", map { "\n $_" } @deps), "\n"
if @deps && $debug_rules;
print STDERR "DEBUG[dolib:shlib] \@objs for $lib : ",
join(",", map { "\n $_" } @objs), "\n"
if @objs && $debug_rules;
print STDERR "DEBUG[dolib:shlib] \@foreign_objs for $lib : ",
join(",", map { "\n $_" } @foreign_objs), "\n"
if @foreign_objs && $debug_rules;
$self->emit('obj2shlib',
lib => $lib,
attrs => { %attrs },
objs => [ @objs, @foreign_objs ],
deps => [ @deps ]);
foreach (@objs) {
# If this is somehow a compiled object, take care of it that way
# Otherwise, it might simply be generated
if (defined $self->{info}->{sources}->{$_}) {
if($_ =~ /\.a$/) {
$self->dolib($_);
} else {
$self->doobj($_, $lib, intent => "shlib", attrs => { %attrs });
}
} else {
$self->dogenerate($_, undef, undef, intent => "lib");
}
}
}
{
# When putting static libraries together, we cannot rely on any
# symbol resolution, so for all static libraries used as source for
# this one, as well as other libraries they depend on, we simply
# grab all their object files unconditionally,
# Symbol resolution will happen when any program, module or shared
# library is linked with this one.
my @objs = ();
my @sourcedeps = ();
my @foreign_objs = ();
foreach (@{$self->{info}->{sources}->{$lib}}) {
if ($_ !~ m|\.a$|) {
push @objs, $_;
} else {
push @sourcedeps, $_;
}
}
@sourcedeps = ( grep { $_ ne $lib } $self->resolvedepends(@sourcedeps) );
print STDERR "DEBUG[dolib:lib] : \@sourcedeps for $_ : ",
join(",", map { "\n $_" } @sourcedeps), "\n"
if @sourcedeps && $debug_rules;
@foreign_objs = $self->getlibobjs('sources', @sourcedeps);
print STDERR "DEBUG[dolib:lib] \%attrs for $lib : ", ,
join(",", map { "\n $_ = $attrs{$_}" } sort keys %attrs), "\n"
if %attrs && $debug_rules;
print STDERR "DEBUG[dolib:lib] \@objs for $lib : ",
join(",", map { "\n $_" } @objs), "\n"
if @objs && $debug_rules;
print STDERR "DEBUG[dolib:lib] \@foreign_objs for $lib : ",
join(",", map { "\n $_" } @foreign_objs), "\n"
if @foreign_objs && $debug_rules;
$self->emit('obj2lib',
lib => $lib, attrs => { %attrs },
objs => [ @objs, @foreign_objs ]);
foreach (@objs) {
$self->doobj($_, $lib, intent => "lib", attrs => { %attrs });
}
}
$cache{$lib} = 1;
}
# domodule is responsible for building modules. It will call
# obj2dso, and also makes sure all object files for the library
# are built.
sub domodule {
my $self = shift;
my $module = shift;
return "" if $cache{$module};
my %attrs = %{$self->{info}->{attributes}->{modules}->{$module} // {}};
my @objs = @{$self->{info}->{sources}->{$module}};
my @deps = ( grep { $_ ne $module }
$self->resolvedepends($module) );
print STDERR "DEBUG[domodule] \%attrs for $module :",
join(",", map { "\n $_ = $attrs{$_}" } sort keys %attrs), "\n"
if $debug_rules;
print STDERR "DEBUG[domodule] \@objs for $module : ",
join(",", map { "\n $_" } @objs), "\n"
if $debug_rules;
print STDERR "DEBUG[domodule] \@deps for $module : ",
join(",", map { "\n $_" } @deps), "\n"
if $debug_rules;
$self->emit('obj2dso',
module => $module,
attrs => { %attrs },
objs => [ @objs ],
deps => [ @deps ]);
foreach (@{$self->{info}->{sources}->{$module}}) {
# If this is somehow a compiled object, take care of it that way
# Otherwise, it might simply be generated
if (defined $self->{info}->{sources}->{$_}) {
$self->doobj($_, $module, intent => "dso", attrs => { %attrs });
} else {
$self->dogenerate($_, undef, $module, intent => "dso");
}
}
$cache{$module} = 1;
}
# dobin is responsible for building programs. It will call obj2bin,
# and also makes sure all object files for the library are built.
sub dobin {
my $self = shift;
my $bin = shift;
return "" if $cache{$bin};
my %attrs = %{$self->{info}->{attributes}->{programs}->{$bin} // {}};
my @objs = @{$self->{info}->{sources}->{$bin}};
my @deps = ( grep { $_ ne $bin } $self->resolvedepends($bin) );
print STDERR "DEBUG[dobin] \%attrs for $bin : ",
join(",", map { "\n $_ = $attrs{$_}" } sort keys %attrs), "\n"
if %attrs && $debug_rules;
print STDERR "DEBUG[dobin] \@objs for $bin : ",
join(",", map { "\n $_" } @objs), "\n"
if @objs && $debug_rules;
print STDERR "DEBUG[dobin] \@deps for $bin : ",
join(",", map { "\n $_" } @deps), "\n"
if @deps && $debug_rules;
$self->emit('obj2bin',
bin => $bin,
attrs => { %attrs },
objs => [ @objs ],
deps => [ @deps ]);
foreach (@objs) {
$self->doobj($_, $bin, intent => "bin", attrs => { %attrs });
}
$cache{$bin} = 1;
}
# doscript is responsible for building scripts from templates. It will
# call in2script.
sub doscript {
my $self = shift;
my $script = shift;
return "" if $cache{$script};
$self->emit('in2script',
script => $script,
attrs => $self->{info}->{attributes}->{scripts}->{$script} // {},
sources => $self->{info}->{sources}->{$script});
$cache{$script} = 1;
}
sub dodir {
my $self = shift;
my $dir = shift;
return "" if !exists(&generatedir) or $cache{$dir};
$self->emit('generatedir',
dir => $dir,
deps => $self->{info}->{dirinfo}->{$dir}->{deps} // [],
%{$self->{info}->{dirinfo}->{$_}->{products}});
$cache{$dir} = 1;
}
# dodocs is responsible for building documentation from .pods.
# It will call generatesrc.
sub dodocs {
my $self = shift;
my $type = shift;
my $section = shift;
foreach my $doc (@{$self->{info}->{"${type}docs"}->{$section}}) {
next if $cache{$doc};
$self->emit('generatesrc',
src => $doc,
generator => $self->{info}->{generate}->{$doc});
foreach ((@{$self->{info}->{depends}->{$doc} // []})) {
$self->dogenerate($_, undef, undef);
}
$cache{$doc} = 1;
}
}
1;

18
Configurations/platform.pm Normal file
View file

@ -0,0 +1,18 @@
package platform;
use strict;
use warnings;
use vars qw(@ISA);
# Callers must make sure @INC has the build directory
use configdata;
my $module = $target{perl_platform} || 'Unix';
(my $module_path = $module) =~ s|::|/|g;
require "platform/$module_path.pm";
@ISA = ("platform::$module");
1;
__END__

29
Configurations/platform/AIX.pm Normal file
View file

@ -0,0 +1,29 @@
package platform::AIX;
use strict;
use warnings;
use Carp;
use vars qw(@ISA);
require platform::Unix;
@ISA = qw(platform::Unix);
# Assume someone set @INC right before loading this module
use configdata;
sub dsoext { '.so' }
sub shlibextsimple { '.a' }
# In shared mode, the default static library names clashes with the final
# "simple" full shared library name, so we add '_a' to the basename of the
# static libraries in that case.
sub staticname {
# Non-installed libraries are *always* static, and their names remain
# the same, except for the mandatory extension
my $in_libname = platform::BASE->staticname($_[1]);
return $in_libname
if $unified_info{attributes}->{libraries}->{$_[1]}->{noinst};
return platform::BASE->staticname($_[1]) . ($disabled{shared} ? '' : '_a');
}

99
Configurations/platform/BASE.pm Normal file
View file

@ -0,0 +1,99 @@
package platform::BASE;
use strict;
use warnings;
use Carp;
# Assume someone set @INC right before loading this module
use configdata;
# Globally defined "platform specific" extensions, available for uniformity
sub depext { '.d' }
# Functions to convert internal file representations to platform specific
# ones. Note that these all depend on extension functions that MUST be
# defined per platform.
#
# Currently known internal or semi-internal extensions are:
#
# .a For libraries that are made static only.
# Internal libraries only.
# .o For object files.
# .s, .S Assembler files. This is an actual extension on Unix
# .res Resource file. This is an actual extension on Windows
sub binname { return $_[1] } # Name of executable binary
sub dsoname { return $_[1] } # Name of dynamic shared object (DSO)
sub sharedname { return __isshared($_[1]) ? $_[1] : undef } # Name of shared lib
sub staticname { return __base($_[1], '.a') } # Name of static lib
# Convenience function to convert the shlib version to an acceptable part
# of a file or directory name. By default, we consider it acceptable as is.
sub shlib_version_as_filename { return $config{shlib_version} }
# Convenience functions to convert the possible extension of an input file name
sub bin { return $_[0]->binname($_[1]) . $_[0]->binext() }
sub dso { return $_[0]->dsoname($_[1]) . $_[0]->dsoext() }
sub sharedlib { return __concat($_[0]->sharedname($_[1]), $_[0]->shlibext()) }
sub staticlib { return $_[0]->staticname($_[1]) . $_[0]->libext() }
# More convenience functions for intermediary files
sub def { return __base($_[1], '.ld') . $_[0]->defext() }
sub obj { return __base($_[1], '.o') . $_[0]->objext() }
sub res { return __base($_[1], '.res') . $_[0]->resext() }
sub dep { return __base($_[1], '.o') . $_[0]->depext() } # <- objname
sub asm { return __base($_[1], '.s') . $_[0]->asmext() }
# Another set of convenience functions for standard checks of certain
# internal extensions and conversion from internal to platform specific
# extension. Note that the latter doesn't deal with libraries because
# of ambivalence
sub isdef { return $_[1] =~ m|\.ld$|; }
sub isobj { return $_[1] =~ m|\.o$|; }
sub isres { return $_[1] =~ m|\.res$|; }
sub isasm { return $_[1] =~ m|\.s$|; }
sub iscppasm { return $_[1] =~ m|\.S$|; }
sub isstaticlib { return $_[1] =~ m|\.a$|; }
sub convertext {
if ($_[0]->isdef($_[1])) { return $_[0]->def($_[1]); }
if ($_[0]->isobj($_[1])) { return $_[0]->obj($_[1]); }
if ($_[0]->isres($_[1])) { return $_[0]->res($_[1]); }
if ($_[0]->isasm($_[1])) { return $_[0]->asm($_[1]); }
if ($_[0]->isstaticlib($_[1])) { return $_[0]->staticlib($_[1]); }
return $_[1];
}
# Helpers ############################################################
# __base EXPR, LIST
# This returns the given path (EXPR) with the matching suffix from LIST stripped
sub __base {
my $path = shift;
foreach (@_) {
if ($path =~ m|\Q${_}\E$|) {
return $`;
}
}
return $path;
}
# __isshared EXPR
# EXPR is supposed to be a library name. This will return true if that library
# can be assumed to be a shared library, otherwise false
sub __isshared {
return !($disabled{shared} || $_[0] =~ /\.a$/);
}
# __concat LIST
# Returns the concatenation of all elements of LIST if none of them is
# undefined. If one of them is undefined, returns undef instead.
sub __concat {
my $result = '';
foreach (@_) {
return undef unless defined $_;
$result .= $_;
}
return $result;
}
1;

22
Configurations/platform/Cygwin.pm Normal file
View file

@ -0,0 +1,22 @@
package platform::Cygwin;
use strict;
use warnings;
use Carp;
use vars qw(@ISA);
require platform::mingw;
@ISA = qw(platform::mingw);
# Assume someone set @INC right before loading this module
use configdata;
sub sharedname {
my $class = shift;
my $lib = platform::mingw->sharedname(@_);
$lib =~ s|^lib|cyg| if defined $lib;
return $lib;
}
1;

87
Configurations/platform/Unix.pm Normal file
View file

@ -0,0 +1,87 @@
package platform::Unix;
use strict;
use warnings;
use Carp;
use vars qw(@ISA);
require platform::BASE;
@ISA = qw(platform::BASE);
# Assume someone set @INC right before loading this module
use configdata;
sub binext { $target{exe_extension} || '' }
sub dsoext { $target{dso_extension} || platform->shlibextsimple()
|| '.so' }
# Because these are also used in scripts and not just Makefile, we must
# convert $(SHLIB_VERSION_NUMBER) to the actual number.
sub shlibext { (my $x = $target{shared_extension}
|| '.so.$(SHLIB_VERSION_NUMBER)')
=~ s|\.\$\(SHLIB_VERSION_NUMBER\)
|.$config{shlib_version}|x;
$x; }
sub libext { $target{lib_extension} || '.a' }
sub defext { $target{def_extension} || '.ld' }
sub objext { $target{obj_extension} || '.o' }
sub depext { $target{obj_extension} || '.d' }
# Other extra that aren't defined in platform::BASE
sub shlibextsimple { (my $x = $target{shared_extension} || '.so')
=~ s|\.\$\(SHLIB_VERSION_NUMBER\)||;
$x; }
sub shlibvariant { $target{shlib_variant} || "" }
sub makedepcmd { $disabled{makedepend} ? undef : $config{makedepcmd} }
# No conversion of assembler extension on Unix
sub asm {
return $_[1];
}
# At some point, we might decide that static libraries are called something
# other than the default...
sub staticname {
# Non-installed libraries are *always* static, and their names remain
# the same, except for the mandatory extension
my $in_libname = platform::BASE->staticname($_[1]);
return $in_libname
if $unified_info{attributes}->{libraries}->{$_[1]}->{noinst};
# We currently return the same name anyway... but we might choose to
# append '_static' or '_a' some time in the future.
return platform::BASE->staticname($_[1]);
}
sub sharedname {
return platform::BASE::__concat(platform::BASE->sharedname($_[1]),
($_[0]->shlibvariant() // ''));
}
sub sharedname_simple {
return platform::BASE::__isshared($_[1]) ? $_[1] : undef;
}
sub sharedlib_simple {
# This function returns the simplified shared library name (no version
# or variant in the shared library file name) if the simple variants of
# the base name or the suffix differ from the full variants of the same.
# Note: if $_[1] isn't a shared library name, then $_[0]->sharedname()
# and $_[0]->sharedname_simple() will return undef. This needs being
# accounted for.
my $name = $_[0]->sharedname($_[1]);
my $simplename = $_[0]->sharedname_simple($_[1]);
my $ext = $_[0]->shlibext();
my $simpleext = $_[0]->shlibextsimple();
return undef unless defined $simplename && defined $name;
return undef if ($name eq $simplename && $ext eq $simpleext);
return platform::BASE::__concat($simplename, $simpleext);
}
sub sharedlib_import {
return undef;
}
1;

65
Configurations/platform/VMS.pm Normal file
View file

@ -0,0 +1,65 @@
package platform::VMS;
use strict;
use warnings;
use Carp;
use vars qw(@ISA);
require platform::BASE;
@ISA = qw(platform::BASE);
# Assume someone set @INC right before loading this module
use configdata;
# VMS has a cultural standard where all installed libraries are prefixed.
# For OpenSSL, the choice is 'ossl$' (this prefix was claimed in a
# conversation with VSI, Tuesday January 26 2016)
sub osslprefix { 'OSSL$' }
sub binext { '.EXE' }
sub dsoext { '.EXE' }
sub shlibext { '.EXE' }
sub libext { '.OLB' }
sub defext { '.OPT' }
sub objext { '.OBJ' }
sub depext { '.D' }
sub asmext { '.ASM' }
# Other extra that aren't defined in platform::BASE
sub shlibvariant { $target{shlib_variant} || '' }
sub optext { '.OPT' }
sub optname { return $_[1] }
sub opt { return $_[0]->optname($_[1]) . $_[0]->optext() }
# Other projects include the pointer size in the name of installed libraries,
# so we do too.
sub staticname {
# Non-installed libraries are *always* static, and their names remain
# the same, except for the mandatory extension
my $in_libname = platform::BASE->staticname($_[1]);
return $in_libname
if $unified_info{attributes}->{libraries}->{$_[1]}->{noinst};
return platform::BASE::__concat($_[0]->osslprefix(),
platform::BASE->staticname($_[1]),
$target{pointer_size});
}
# To enable installation of multiple major OpenSSL releases, we include the
# version number in installed shared library names.
my $sover_filename =
join('', map { sprintf "%02d", $_ } split(m|\.|, $config{shlib_version}));
sub shlib_version_as_filename {
return $sover_filename;
}
sub sharedname {
return platform::BASE::__concat($_[0]->osslprefix(),
platform::BASE->sharedname($_[1]),
$_[0]->shlib_version_as_filename(),
($_[0]->shlibvariant() // ''),
"_shr$target{pointer_size}");
}
1;

64
Configurations/platform/Windows.pm Normal file
View file

@ -0,0 +1,64 @@
package platform::Windows;
use strict;
use warnings;
use Carp;
use vars qw(@ISA);
require platform::BASE;
@ISA = qw(platform::BASE);
# Assume someone set @INC right before loading this module
use configdata;
sub binext { '.exe' }
sub dsoext { '.dll' }
sub shlibext { '.dll' }
sub libext { '.lib' }
sub defext { '.def' }
sub objext { '.obj' }
sub depext { '.d' }
sub asmext { '.asm' }
# Other extra that aren't defined in platform::BASE
sub resext { '.res' }
sub shlibextimport { '.lib' }
sub shlibvariant { $target{shlib_variant} || '' }
sub staticname {
# Non-installed libraries are *always* static, and their names remain
# the same, except for the mandatory extension
my $in_libname = platform::BASE->staticname($_[1]);
return $in_libname
if $unified_info{attributes}->{libraries}->{$_[1]}->{noinst};
# To make sure not to clash with an import library, we make the static
# variant of our installed libraries get '_static' added to their names.
return platform::BASE->staticname($_[1])
. ($disabled{shared} ? '' : '_static');
}
# To mark forward compatibility, we include the OpenSSL major release version
# number in the installed shared library names.
(my $sover_filename = $config{shlib_version}) =~ s|\.|_|g;
sub shlib_version_as_filename {
return $sover_filename
}
sub sharedname {
return platform::BASE::__concat(platform::BASE->sharedname($_[1]),
"-",
$_[0]->shlib_version_as_filename(),
($_[0]->shlibvariant() // ''));
}
sub sharedname_import {
return platform::BASE::__isshared($_[1]) ? $_[1] : undef;
}
sub sharedlib_import {
return platform::BASE::__concat($_[0]->sharedname_import($_[1]),
$_[0]->shlibextimport());
}
1;

44
Configurations/platform/Windows/MSVC.pm Normal file
View file

@ -0,0 +1,44 @@
package platform::Windows::MSVC;
use strict;
use warnings;
use Carp;
use vars qw(@ISA);
require platform::Windows;
@ISA = qw(platform::Windows);
# Assume someone set @INC right before loading this module
use configdata;
sub pdbext { '.pdb' }
# It's possible that this variant of |sharedname| should be in Windows.pm.
# However, this variant was VC only in 1.1.1, so we maintain that here until
# further notice.
sub sharedname {
return platform::BASE::__concat(platform::BASE->sharedname($_[1]),
"-",
$_[0]->shlib_version_as_filename(),
($target{multilib} // '' ),
($_[0]->shlibvariant() // ''));
}
sub staticlibpdb {
return platform::BASE::__concat($_[0]->staticname($_[1]), $_[0]->pdbext());
}
sub sharedlibpdb {
return platform::BASE::__concat($_[0]->sharedname($_[1]), $_[0]->pdbext());
}
sub dsopdb {
return platform::BASE::__concat($_[0]->dsoname($_[1]), $_[0]->pdbext());
}
sub binpdb {
return platform::BASE::__concat($_[0]->binname($_[1]), $_[0]->pdbext());
}
1;

16
Configurations/platform/Windows/cppbuilder.pm Normal file
View file

@ -0,0 +1,16 @@
package platform::Windows::cppbuilder;
use vars qw(@ISA);
require platform::Windows::MSVC;
@ISA = qw(platform::Windows::MSVC);
sub pdbext { '.tds' }
# C++Builder's Clang-based compilers prepend an underscore to __cdecl-convention
# C functions, and the linker needs those as the InternalName in the .def file.
sub export2internal {
return "_$_[1]";
}
1;

51
Configurations/platform/mingw.pm Normal file
View file

@ -0,0 +1,51 @@
package platform::mingw;
use strict;
use warnings;
use Carp;
use vars qw(@ISA);
require platform::Unix;
@ISA = qw(platform::Unix);
# Assume someone set @INC right before loading this module
use configdata;
sub binext { '.exe' }
sub objext { '.obj' }
sub libext { '.a' }
sub dsoext { '.dll' }
sub defext { '.def' }
# Other extra that aren't defined in platform::BASE
sub resext { '.res.obj' }
sub shlibext { '.dll' }
sub shlibextimport { $target{shared_import_extension} || '.dll.a' }
sub shlibextsimple { undef }
sub makedepcmd { $disabled{makedepend} ? undef : $config{makedepcmd} }
(my $sover_filename = $config{shlib_version}) =~ s|\.|_|g;
sub shlib_version_as_filename {
return $sover_filename;
}
sub sharedname {
return platform::BASE::__concat(platform::BASE->sharedname($_[1]),
"-",
$_[0]->shlib_version_as_filename(),
($config{target} eq "mingw64"
? "-x64" : ""));
}
# With Mingw and other DLL producers, there isn't any "simpler" shared
# library name. However, there is a static import library.
sub sharedlib_simple {
return undef;
}
sub sharedlib_import {
return platform::BASE::__concat(platform::BASE->sharedname($_[1]),
$_[0]->shlibextimport());
}
1;

94
Configurations/shared-info.pl Normal file
View file

@ -0,0 +1,94 @@
#! /usr/bin/env perl
# -*- mode: perl; -*-
# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
# This is a collection of extra attributes to be used as input for creating
# shared libraries, currently on any Unix variant, including Unix like
# environments on Windows.
sub detect_gnu_ld {
my @lines =
`$config{CROSS_COMPILE}$config{CC} -Wl,-V /dev/null 2>&1`;
return grep /^GNU ld/, @lines;
}
sub detect_gnu_cc {
my @lines =
`$config{CROSS_COMPILE}$config{CC} -v 2>&1`;
return grep /gcc/, @lines;
}
my %shared_info;
%shared_info = (
'gnu-shared' => {
shared_ldflag => '-shared -Wl,-Bsymbolic',
shared_sonameflag => '-Wl,-soname=',
},
'linux-shared' => sub {
return {
%{$shared_info{'gnu-shared'}},
shared_defflag => '-Wl,--version-script=',
dso_ldflags =>
(grep /(?:^|\s)-fsanitize/,
@{$config{CFLAGS}}, @{$config{cflags}})
? ''
: '-Wl,-z,defs',
};
},
'bsd-gcc-shared' => sub { return $shared_info{'linux-shared'}; },
'darwin-shared' => {
module_ldflags => '-bundle',
shared_ldflag => '-dynamiclib -current_version $(SHLIB_VERSION_NUMBER) -compatibility_version $(SHLIB_VERSION_NUMBER)',
shared_sonameflag => '-install_name $(libdir)/',
},
'cygwin-shared' => {
shared_ldflag => '-shared -Wl,--enable-auto-image-base',
shared_impflag => '-Wl,--out-implib=',
},
'mingw-shared' => sub {
return {
%{$shared_info{'cygwin-shared'}},
# def_flag made to empty string so it still generates
# something
shared_defflag => '',
shared_argfileflag => '@',
};
},
'alpha-osf1-shared' => sub {
return $shared_info{'gnu-shared'} if detect_gnu_ld();
return {
module_ldflags => '-shared -Wl,-Bsymbolic',
shared_ldflag => '-shared -Wl,-Bsymbolic -set_version $(SHLIB_VERSION_NUMBER)',
};
},
'svr3-shared' => sub {
return $shared_info{'gnu-shared'} if detect_gnu_ld();
return {
shared_ldflag => '-G',
shared_sonameflag => '-h ',
};
},
'svr5-shared' => sub {
return $shared_info{'gnu-shared'} if detect_gnu_ld();
return {
shared_ldflag => detect_gnu_cc() ? '-shared' : '-G',
shared_sonameflag => '-h ',
};
},
'solaris-gcc-shared' => sub {
return $shared_info{'linux-shared'} if detect_gnu_ld();
return {
# Note: we should also have -shared here, but because some
# config targets define it with an added -static-libgcc
# following it, we don't want to change the order. This
# forces all solaris gcc config targets to define shared_ldflag
shared_ldflag => '-Wl,-Bsymbolic',
shared_defflag => "-Wl,-M,",
shared_sonameflag => "-Wl,-h,",
};
},
);

1996
Configurations/unix-Makefile.tmpl Normal file
View file

File diff suppressed because it is too large Load diff

22
Configurations/unix-checker.pm Normal file
View file

@ -0,0 +1,22 @@
#! /usr/bin/env perl
use Config;
# Check that the perl implementation file modules generate paths that
# we expect for the platform
use File::Spec::Functions qw(:DEFAULT rel2abs);
if (rel2abs('.') !~ m|/|) {
die <<EOF;
******************************************************************************
This perl implementation doesn't produce Unix like paths (with forward slash
directory separators). Please use an implementation that matches your
building platform.
This Perl version: $Config{version} for $Config{archname}
******************************************************************************
EOF
}
1;

22
Configurations/windows-checker.pm Normal file
View file

@ -0,0 +1,22 @@
#! /usr/bin/env perl
use Config;
# Check that the perl implementation file modules generate paths that
# we expect for the platform
use File::Spec::Functions qw(:DEFAULT rel2abs);
if (!$ENV{CONFIGURE_INSIST} && rel2abs('.') !~ m|\\|) {
die <<EOF;
******************************************************************************
This perl implementation doesn't produce Windows like paths (with backward
slash directory separators). Please use an implementation that matches your
building platform.
This Perl version: $Config{version} for $Config{archname}
******************************************************************************
EOF
}
1;

1050
Configurations/windows-makefile.tmpl Normal file
View file

File diff suppressed because it is too large Load diff

37
Configure
View file

@ -933,8 +933,6 @@ while (@argvcopy)
if (/^--prefix=(.*)$/)
{
$config{prefix}=$1;
die "Directory given with --prefix MUST be absolute\n"
unless file_name_is_absolute($config{prefix});
}
elsif (/^--api=(.*)$/)
{
@ -1377,6 +1375,11 @@ foreach (keys %useradd) {
# At this point, we can forget everything about %user and %useradd,
# because it's now all been merged into the corresponding $config entry
if ($config{prefix} && !$config{CROSS_COMPILE}) {
die "Directory given with --prefix MUST be absolute\n"
unless file_name_is_absolute($config{prefix});
}
if (grep { $_ =~ /(?:^|\s)-static(?:\s|$)/ } @{$config{LDFLAGS}}) {
disable('static', 'pic', 'threads');
}
@ -1832,11 +1835,12 @@ if ($builder eq "unified") {
my $base = shift;
my $dir = shift;
my $relativeto = shift || ".";
my $no_mkpath = shift // 0;
$dir = catdir($base,$dir) unless isabsolute($dir);
# Make sure the directories we're building in exists
mkpath($dir);
mkpath($dir) unless $no_mkpath;
my $res = abs2rel(absolutedir($dir), rel2abs($relativeto));
#print STDERR "DEBUG[cleandir]: $dir , $base => $res\n";
@ -1847,6 +1851,7 @@ if ($builder eq "unified") {
my $base = shift;
my $file = shift;
my $relativeto = shift || ".";
my $no_mkpath = shift // 0;
$file = catfile($base,$file) unless isabsolute($file);
@ -1854,7 +1859,7 @@ if ($builder eq "unified") {
my $f = basename($file);
# Make sure the directories we're building in exists
mkpath($d);
mkpath($d) unless $no_mkpath;
my $res = abs2rel(catfile(absolutedir($d), $f), rel2abs($relativeto));
#print STDERR "DEBUG[cleanfile]: $d , $f => $res\n";
@ -1884,7 +1889,7 @@ if ($builder eq "unified") {
}
# Then, look in our standard directory
push @build_file_templates,
( map { cleanfile($srcdir, catfile("Configurations", $_), $blddir) }
( map { cleanfile($srcdir, catfile("Configurations", $_), $blddir, 1) }
@build_file_template_names );
my $build_file_template;
@ -1899,7 +1904,7 @@ if ($builder eq "unified") {
}
$config{build_file_templates}
= [ cleanfile($srcdir, catfile("Configurations", "common0.tmpl"),
$blddir),
$blddir, 1),
$build_file_template ];
my @build_dirs = ( [ ] ); # current directory
@ -1908,7 +1913,7 @@ if ($builder eq "unified") {
# We want to detect configdata.pm in the source tree, so we
# don't use it if the build tree is different.
my $src_configdata = cleanfile($srcdir, "configdata.pm", $blddir);
my $src_configdata = cleanfile($srcdir, "configdata.pm", $blddir, 1);
# Any source file that we recognise is placed in this hash table, with
# the list of its intended destinations as value. When everything has
@ -2261,7 +2266,7 @@ EOF
my $dest = $_;
my $ddest = cleanfile($buildd, $_, $blddir);
foreach (@{$sources{$dest}}) {
my $s = cleanfile($sourced, $_, $blddir);
my $s = cleanfile($sourced, $_, $blddir, 1);
# If it's generated or we simply don't find it in the source
# tree, we assume it's in the build tree.
@ -2306,7 +2311,7 @@ EOF
my $dest = $_;
my $ddest = cleanfile($buildd, $_, $blddir);
foreach (@{$shared_sources{$dest}}) {
my $s = cleanfile($sourced, $_, $blddir);
my $s = cleanfile($sourced, $_, $blddir, 1);
# If it's generated or we simply don't find it in the source
# tree, we assume it's in the build tree.
@ -2361,7 +2366,7 @@ EOF
if scalar @{$generate{$_}} > 1;
my @generator = split /\s+/, $generate{$dest}->[0];
my $gen = $generator[0];
$generator[0] = cleanfile($sourced, $gen, $blddir);
$generator[0] = cleanfile($sourced, $gen, $blddir, 1);
# If the generator is itself generated, it's in the build tree
if ($generate{$gen} || ! -f $generator[0]) {
@ -2387,7 +2392,7 @@ EOF
} elsif ($dest eq '') {
$ddest = '';
} else {
$ddest = cleanfile($sourced, $_, $blddir);
$ddest = cleanfile($sourced, $_, $blddir, 1);
# If the destination doesn't exist in source, it can only be
# a generated file in the build tree.
@ -2396,7 +2401,7 @@ EOF
}
}
foreach (@{$depends{$dest}}) {
my $d = cleanfile($sourced, $_, $blddir);
my $d = cleanfile($sourced, $_, $blddir, 1);
my $d2 = cleanfile($buildd, $_, $blddir);
# If we know it's generated, or assume it is because we can't
@ -2419,7 +2424,7 @@ EOF
foreach (keys %includes) {
my $dest = $_;
my $ddest = cleanfile($sourced, $_, $blddir);
my $ddest = cleanfile($sourced, $_, $blddir, 1);
# If the destination doesn't exist in source, it can only be
# a generated file in the build tree.
@ -2427,7 +2432,7 @@ EOF
$ddest = cleanfile($buildd, $_, $blddir);
}
foreach (@{$includes{$dest}}) {
my $is = cleandir($sourced, $_, $blddir);
my $is = cleandir($sourced, $_, $blddir, 1);
my $ib = cleandir($buildd, $_, $blddir);
push @{$unified_info{includes}->{$ddest}->{source}}, $is
unless grep { $_ eq $is } @{$unified_info{includes}->{$ddest}->{source}};
@ -2440,7 +2445,7 @@ EOF
my $ddest;
if ($dest ne "") {
$ddest = cleanfile($sourced, $dest, $blddir);
$ddest = cleanfile($sourced, $dest, $blddir, 1);
# If the destination doesn't exist in source, it can only
# be a generated file in the build tree.
@ -2822,7 +2827,7 @@ my %template_vars = (
my $configdata_outname = 'configdata.pm';
open CONFIGDATA, ">$configdata_outname.new"
or die "Trying to create $configdata_outname.new: $!";
my $configdata_tmplname = cleanfile($srcdir, "configdata.pm.in", $blddir);
my $configdata_tmplname = cleanfile($srcdir, "configdata.pm.in", $blddir, 1);
my $configdata_tmpl =
OpenSSL::Template->new(TYPE => 'FILE', SOURCE => $configdata_tmplname);
$configdata_tmpl->fill_in(

40
FREEBSD-Xlist
View file

@ -1,40 +0,0 @@
openssl-*/.git*
openssl-*/.travis*
openssl-*/*.com
openssl-*/*/*.com
openssl-*/*/*/*.com
openssl-*/Configurations
openssl-*/NOTES.ANDROID
openssl-*/NOTES.DJGPP
openssl-*/NOTES.VMS
openssl-*/NOTES.WIN
openssl-*/VMS
openssl-*/apps/demoCA
openssl-*/apps/demoSRP
openssl-*/apps/openssl-vms.cnf
openssl-*/apps/vms_*
openssl-*/apps/win32_init.c
openssl-*/crypto/*/asm/*-alpha.pl
openssl-*/crypto/*/asm/alpha-*.pl
openssl-*/crypto/LPdir_nyi.c
openssl-*/crypto/LPdir_vms.c
openssl-*/crypto/LPdir_win.c
openssl-*/crypto/LPdir_win32.c
openssl-*/crypto/LPdir_wince.c
openssl-*/crypto/alphacpuid.pl
openssl-*/crypto/async/arch/async_win.c
openssl-*/crypto/dso/dso_vms.c
openssl-*/crypto/dso/dso_win32.c
openssl-*/crypto/err/openssl.ec
openssl-*/crypto/rand/rand_vms.c
openssl-*/crypto/rand/rand_win.c
openssl-*/crypto/threads_win.c
openssl-*/demos
openssl-*/engines/*.ec
openssl-*/external
openssl-*/fuzz
openssl-*/ms
openssl-*/os-dep
openssl-*/test
openssl-*/tools
openssl-*/util

80
FREEBSD-upgrade
View file

@ -1,80 +0,0 @@
This contains various notes used to import a new OpenSSL version into
the FreeBSD base system. It is not expected to be complete but just to
contain some hints for imports. Note that this doesn't actually deal
with getting OpenSSL to compile...
XXX This file currently partly contain CVS and SVN instructions.
First, read http://wiki.freebsd.org/SubversionPrimer/VendorImports
# Xlist
setenv XLIST /FreeBSD/work/openssl/svn-FREEBSD-files/FREEBSD-Xlist
setenv FSVN "svn+ssh://repo.freebsd.org/base"
setenv OSSLVER 1.1.1i
###setenv OSSLTAG v`echo ${OSSLVER} | tr . _`
cd /FreeBSD/work/openssl/merge
fetch http://www.openssl.org/source/openssl-${OSSLVER}.tar.gz \
http://www.openssl.org/source/openssl-${OSSLVER}.tar.gz.asc
gpg --verify openssl-${OSSLVER}.tar.gz.asc openssl-${OSSLVER}.tar.gz
svn co $FSVN/vendor-crypto/openssl/dist dist
tar -x -X $XLIST -f openssl-${OSSLVER}.tar.gz
cd dist
svn list -R | egrep -v -e '/$' -e '^FREEBSD-(Xlist|upgrade)$' | sort >../old
cd ../openssl-${OSSLVER}
find . -type f -or -type l | cut -c 3- | sort >../new
cd ..
# See that files to remove makes sense
comm -23 old new
# See that files to add makes sense
comm -13 old new
tar -cf - -C openssl-${OSSLVER} . | tar -xf - -C dist
cd dist
comm -23 ../old ../new | xargs svn rm
# Make sure to remove empty directories
comm -13 ../old ../new | xargs svn --parents add
svn stat
svn ci
svn cp ^/vendor-crypto/openssl/dist ^/vendor-crypto/openssl/$OSSLVER
# Merge to head
mkdir ../head
cd ../head
svn co $FSVN/head/crypto/openssl crypto/openssl
svn merge ^/vendor-crypto/openssl/dist crypto/openssl
# Resolve conflicts manually
svn co $FSVN/head/secure/lib/libcrypto secure/lib/libcrypto
svn co $FSVN/head/secure/lib/libssl secure/lib/libssl
svn co $FSVN/head/secure/usr.bin/openssl secure/usr.bin/openssl
svn co $FSVN/head/sys/crypto/openssl sys/crypto/openssl
cd secure/lib/libcrypto
# Update version number and release date in Makefile.inc
# Update all opensslconf-${MACHINE_CPUARCH}.h
# Update Version.map
# Regen assembly files if necessary
make -f Makefile.asm all
mv *.S sys/crypto/openssl/${MACHINE_CPUARCH}
make -f Makefile.asm clean
cd ../../..
# Regen manual pages and update makefiles accordingly
# Commit!
svn ci crypto/openssl secure/lib/libcrypto secure/lib/libssl \
secure/usr.bin/openssl sys/crypto/openssl
-- simon@, jkim@
$FreeBSD$

16
NEWS.md
View file

@ -18,6 +18,18 @@ OpenSSL Releases
OpenSSL 3.0
-----------
### Major changes between OpenSSL 3.0.12 and OpenSSL 3.0.13 [30 Jan 2024]
* Fixed PKCS12 Decoding crashes
([CVE-2024-0727])
* Fixed Excessive time spent checking invalid RSA public keys
([CVE-2023-6237])
* Fixed POLY1305 MAC implementation corrupting vector registers on PowerPC
CPUs which support PowerISA 2.07
([CVE-2023-6129])
* Fix excessive time spent in DH check / generation with large Q parameter
value ([CVE-2023-5678])
### Major changes between OpenSSL 3.0.11 and OpenSSL 3.0.12 [24 Oct 2023]
* Mitigate incorrect resize handling for symmetric cipher keys and IVs.
@ -1458,6 +1470,10 @@ OpenSSL 0.9.x
<!-- Links -->
[CVE-2024-0727]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-0727
[CVE-2023-6237]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6237
[CVE-2023-6129]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6129
[CVE-2023-5678]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5678
[CVE-2023-5363]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363
[CVE-2023-4807]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-4807
[CVE-2023-3817]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3817

2
README.md
View file

@ -166,7 +166,7 @@ attempting to develop or distribute cryptographic code.
Copyright
=========
Copyright (c) 1998-2023 The OpenSSL Project
Copyright (c) 1998-2024 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson

4
VERSION.dat
View file

@ -1,7 +1,7 @@
MAJOR=3
MINOR=0
PATCH=12
PATCH=13
PRE_RELEASE_TAG=
BUILD_METADATA=
RELEASE_DATE="24 Oct 2023"
RELEASE_DATE="30 Jan 2024"
SHLIB_VERSION=3

41
VMS/VMSify-conf.pl Normal file
View file

@ -0,0 +1,41 @@
#! /usr/bin/env perl
# Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
use strict;
use warnings;
my @directory_vars = ( "dir", "certs", "crl_dir", "new_certs_dir" );
my @file_vars = ( "database", "certificate", "serial", "crlnumber",
"crl", "private_key", "RANDFILE" );
while(<STDIN>) {
s|\R$||;
foreach my $d (@directory_vars) {
if (/^(\s*\#?\s*${d}\s*=\s*)\.\/([^\s\#]*)([\s\#].*)$/) {
$_ = "$1sys\\\$disk:\[.$2$3";
} elsif (/^(\s*\#?\s*${d}\s*=\s*)(\w[^\s\#]*)([\s\#].*)$/) {
$_ = "$1sys\\\$disk:\[.$2$3";
}
s/^(\s*\#?\s*${d}\s*=\s*\$\w+)\/([^\s\#]*)([\s\#].*)$/$1.$2\]$3/;
while(/^(\s*\#?\s*${d}\s*=\s*(\$\w+\.|sys\\\$disk:\[\.)[\w\.]+)\/([^\]]*)\](.*)$/) {
$_ = "$1.$3]$4";
}
}
foreach my $f (@file_vars) {
s/^(\s*\#?\s*${f}\s*=\s*)\.\/(.*)$/$1sys\\\$disk:\[\/$2/;
while(/^(\s*\#?\s*${f}\s*=\s*(\$\w+|sys\\\$disk:\[)[^\/]*)\/(\w+\/[^\s\#]*)([\s\#].*)$/) {
$_ = "$1.$3$4";
}
if (/^(\s*\#?\s*${f}\s*=\s*(\$\w+|sys\\\$disk:\[)[^\/]*)\/(\w+)([\s\#].*)$/) {
$_ = "$1]$3.$4";
} elsif (/^(\s*\#?\s*${f}\s*=\s*(\$\w+|sys\\\$disk:\[)[^\/]*)\/([^\s\#]*)([\s\#].*)$/) {
$_ = "$1]$3$4";
}
}
print $_,"\n";
}

3
VMS/engine.opt Normal file
View file

@ -0,0 +1,3 @@
CASE_SENSITIVE=YES
SYMBOL_VECTOR=(BIND_ENGINE=PROCEDURE,V_CHECK=PROCEDURE,-
bind_engine/BIND_ENGINE=PROCEDURE,v_check/V_CHECK=PROCEDURE)

19
VMS/msg_install.com Normal file
View file

@ -0,0 +1,19 @@
$ ! Used by the main descrip.mms to print the installation complete
$ ! message.
$ ! Arguments:
$ ! P1 startup / setup / shutdown scripts directory
$ ! P2 distinguishing version number ("major version")
$
$ systartup = p1
$ osslver = p2
$
$ WRITE SYS$OUTPUT "Installation complete"
$ WRITE SYS$OUTPUT ""
$ WRITE SYS$OUTPUT "The following commands need to be executed to enable you to use OpenSSL:"
$ WRITE SYS$OUTPUT ""
$ WRITE SYS$OUTPUT "- to set up OpenSSL logical names:"
$ WRITE SYS$OUTPUT " @''systartup'openssl_startup''osslver'"
$ WRITE SYS$OUTPUT ""
$ WRITE SYS$OUTPUT "- to define the OpenSSL command"
$ WRITE SYS$OUTPUT " @''systartup'openssl_utils''osslver'"
$ WRITE SYS$OUTPUT ""

37
VMS/msg_staging.com Normal file
View file

@ -0,0 +1,37 @@
$ ! Used by the main descrip.mms to print the statging installation
$ ! complete
$ ! message.
$ ! Arguments:
$ ! P1 staging software installation directory
$ ! P2 staging data installation directory
$ ! P3 final software installation directory
$ ! P4 final data installation directory
$ ! P5 startup / setup / shutdown scripts directory
$ ! P6 distinguishing version number ("major version")
$
$ staging_instdir = p1
$ staging_datadir = p2
$ final_instdir = p3
$ final_datadir = p4
$ systartup = p5
$ osslver = p6
$
$ WRITE SYS$OUTPUT "Staging installation complete"
$ WRITE SYS$OUTPUT ""
$ WRITE SYS$OUTPUT "Finish or package in such a way that the contents of the following directory"
$ WRITE SYS$OUTPUT "trees end up being copied:"
$ WRITE SYS$OUTPUT ""
$ WRITE SYS$OUTPUT "- from ", staging_instdir
$ WRITE SYS$OUTPUT " to ", final_instdir
$ WRITE SYS$OUTPUT "- from ", staging_datadir
$ WRITE SYS$OUTPUT " to ", final_datadir
$ WRITE SYS$OUTPUT ""
$ WRITE SYS$OUTPUT "When in its final destination, the following commands need to be executed"
$ WRITE SYS$OUTPUT "to use OpenSSL:"
$ WRITE SYS$OUTPUT ""
$ WRITE SYS$OUTPUT "- to set up OpenSSL logical names:"
$ WRITE SYS$OUTPUT " @''systartup'openssl_startup''osslver'"
$ WRITE SYS$OUTPUT ""
$ WRITE SYS$OUTPUT "- to define the OpenSSL command"
$ WRITE SYS$OUTPUT " @''systartup'openssl_utils''osslver'"
$ WRITE SYS$OUTPUT ""

56
VMS/openssl_ivp.com.in Normal file
View file

@ -0,0 +1,56 @@
$ ! OpenSSL Internal Verification Procedure
$ !
$ ! This script checks the consistency of a OpenSSL installation
$ ! It had better be spawned, as it creates process logicals
$
$ ! Generated information
$ INSTALLTOP := {- $config{INSTALLTOP} -}
$ OPENSSLDIR := {- $config{OPENSSLDIR} -}
$
$ ! Make sure that INSTALLTOP and OPENSSLDIR become something one
$ ! can use to call the startup procedure
$ INSTALLTOP_ = F$PARSE("A.;",INSTALLTOP,,,"NO_CONCEAL") -
- ".][000000" - "[000000." - "][" - "]A.;" + "."
$ OPENSSLDIR_ = F$PARSE("A.;",OPENSSLDIR,,,"NO_CONCEAL") -
- ".][000000" - "[000000." - "][" - "]A.;" + "."
$
$ v := {- sprintf "%02d", split(/\./, $config{version}) -}
$ pz := {- $target{pointer_size} -}
$
$ @'INSTALLTOP_'SYS$STARTUP]openssl_startup'v'
$ @'INSTALLTOP_'SYS$STARTUP]openssl_utils'v'
$
$ IF F$SEARCH("OSSL$LIBCRYPTO''pz'") .EQS. "" -
.OR. F$SEARCH("OSSL$LIBSSL''pz'") .EQS. "" {- output_off() if $disabled{shared}; "" -}-
.OR. F$SEARCH("OSSL$LIBCRYPTO_SHR''pz'") .EQS. "" -
.OR. F$SEARCH("OSSL$LIBSSL_SHR''pz'") .EQS. "" {- output_on() if $disabled{shared}; "" -}-
.OR. F$SEARCH("OSSL$INCLUDE:[OPENSSL]crypto.h") .EQS. "" -
.OR. F$SEARCH("OPENSSL:crypto.h") .EQS. "" -
.OR. F$SEARCH("OSSL$EXE:OPENSSL''v'.EXE") .EQS. ""
$ THEN
$ WRITE SYS$ERROR "Installation inconsistent"
$ EXIT %x00018292 ! RMS$_FNF, file not found
$ ENDIF
$
$ ON ERROR THEN GOTO error
$
$ ! If something else is wrong with the installation, we're likely
$ ! to get an image activation error here
$ openssl version -a
$
$ ! FUTURE ENHANCEMENT: Verify that engines are where they should be.
$ ! openssl engine -c -t checker
$
$ ! Verify that the built in providers are reachable. If they aren't,
$ ! then we're likely to get an image activation error here
$ openssl list -provider base -providers
$ openssl list -provider default -providers
$ openssl list -provider legacy -providers
$
$ WRITE SYS$ERROR "OpenSSL IVP passed"
$ EXIT %x10000001
$
$ error:
$ save_status = $STATUS
$ WRITE SYS$ERROR "OpenSSL IVP failed"
$ EXIT 'save_status'

57
VMS/openssl_shutdown.com.in Normal file
View file

@ -0,0 +1,57 @@
$ ! OpenSSL shutdown script
$ !
$ ! This script deassigns the logical names used by the installation
$ ! of OpenSSL. It can do so at any level, defined by P1.
$ !
$ ! P1 Qualifier(s) for DEASSIGN.
$ ! Default: /PROCESS
$ !
$ ! P2 If the value is "NOALIASES", no alias logical names are
$ ! deassigned.
$
$ status = %x10000001 ! Generic success
$
$ ! In case there's a problem
$ ON CONTROL_Y THEN GOTO bailout
$ ON ERROR THEN GOTO bailout
$
$ ! Find the architecture
$ IF F$GETSYI("CPU") .LT. 128
$ THEN
$ arch := VAX
$ ELSE
$ arch := F$EDIT(F$GETSYI("ARCH_NAME"),"UPCASE")
$ IF arch .EQS. "" THEN GOTO unknown_arch
$ ENDIF
$
$ ! Abbrevs
$ DEAS := DEASSIGN /NOLOG 'P1'
$ sv := {- platform->shlib_version_as_filename(); -}
$ pz := {- $target{pointer_size} -}
$
$ DEAS OSSL$DATAROOT
$ DEAS OSSL$INSTROOT
$ DEAS OSSL$INCLUDE
$ DEAS OSSL$LIB
$ DEAS OSSL$SHARE
$ DEAS OSSL$ENGINES'sv''pz'
$ DEAS OSSL$MODULES'pz'
$ DEAS OSSL$EXE
$ DEAS OSSL$LIBCRYPTO'pz'
$ DEAS OSSL$LIBSSL'pz'
${- output_off() if $disabled{shared}; "" -}
$ DEAS OSSL$LIBCRYPTO'sv'_SHR'pz'
$ DEAS OSSL$LIBSSL'sv'_SHR'pz'
${- output_on() if $disabled{shared}; "" -}
$ DEAS OPENSSL
$
$ IF P2 .NES. "NOALIASES"
$ THEN
$ DEAS OSSL$ENGINES'pz'
${- output_off() if $disabled{shared}; "" -}
$ DEAS OSSL$LIBCRYPTO_SHR'pz'
$ DEAS OSSL$LIBSSL_SHR'pz'
${- output_on() if $disabled{shared}; "" -}
$ ENDIF
$
$ EXIT 'status'

125
VMS/openssl_startup.com.in Normal file
View file

@ -0,0 +1,125 @@
$ ! OpenSSL startup script
$ !
$ ! This script defines the logical names used by the installation
$ ! of OpenSSL. It can provide those logical names at any level,
$ ! defined by P1.
$ !
$ ! The logical names created are:
$ !
$ ! OSSL$INSTROOT Installation root
$ ! OSSL$DATAROOT Data root (common directory
$ ! for certs etc)
$ ! OSSL$INCLUDE Include directory root
$ ! OSSL$LIB Where the static library files
$ ! are located
$ ! OSSL$SHARE Where the shareable image files
$ ! are located
$ ! OSSL$EXE Where the executables are located
$ ! OSSL$ENGINESnnn Where the engines modules are located
$ ! OSSL$MODULES Where the non-engine modules are located
$ ! OSSL$LIBCRYPTO The static crypto library
$ ! OSSL$LIBSSL The static ssl library
$ ! OSSL$LIBCRYPTOnnn_SHR The shareable crypto image
$ ! OSSL$LIBSSLnnn_SHR The shareable ssl image
$ ! OPENSSL is OSSL$INCLUDE:[OPENSSL]
$ !
$ ! In all these, nnn is the OpenSSL version number. This allows
$ ! several OpenSSL versions to be installed simultaneously, which
$ ! matters for applications that are linked to the shareable images
$ ! or that depend on engines.
$ !
$ ! In addition, unless P2 is "NOALIASES", these logical names are
$ ! created:
$ !
$ ! OSSL$ENGINES Alias for OSSL$ENGINESnnn
$ ! OSSL$LIBCRYPTO_SHR Alias for OSSL$LIBCRYPTOnnn_SHR
$ ! OSSL$LIBSSL_SHR Alias for OSSL$LIBSSLnnn_SHR
$ !
$ ! P1 Qualifier(s) for DEFINE. "/SYSTEM" would be typical when
$ ! calling this script from SYS$STARTUP:SYSTARTUP_VMS.COM,
$ ! while "/PROCESS" would be typical for a personal install.
$ ! Default: /PROCESS
$ !
$ ! P2 If the value is "NOALIASES", no alias logical names are
$ ! created.
$
$ status = %x10000001 ! Generic success
$
$ ! In case there's a problem
$ ON CONTROL_Y THEN GOTO bailout
$ ON ERROR THEN GOTO bailout
$
$ ! Find the architecture
$ IF F$GETSYI("CPU") .LT. 128
$ THEN
$ arch := VAX
$ ELSE
$ arch = F$EDIT(F$GETSYI("ARCH_NAME"),"UPCASE")
$ IF arch .EQS. "" THEN GOTO unknown_arch
$ ENDIF
$
$ ! Generated information
$ INSTALLTOP := {- $config{INSTALLTOP} -}
$ OPENSSLDIR := {- $config{OPENSSLDIR} -}
$
$ ! Make sure that INSTALLTOP and OPENSSLDIR become something one
$ ! can build concealed logical names on
$ INSTALLTOP_ = F$PARSE("A.;",INSTALLTOP,,,"NO_CONCEAL") -
- ".][000000" - "[000000." - "][" - "]A.;" + "."
$ OPENSSLDIR_ = F$PARSE("A.;",OPENSSLDIR,,,"NO_CONCEAL") -
- ".][000000" - "[000000." - "][" - "]A.;" + "."
$
$ DEFINE /TRANSLATION=CONCEALED /NOLOG WRK_INSTALLTOP 'INSTALLTOP_']
$ DEFINE /TRANSLATION=CONCEALED /NOLOG WRK_OPENSSLDIR 'OPENSSLDIR_']
$
$ ! Check that things are in place, and specifically, the stuff
$ ! belonging to this architecture
$ IF F$SEARCH("WRK_INSTALLTOP:[000000]INCLUDE.DIR;1") .EQS. "" -
.OR. F$SEARCH("WRK_INSTALLTOP:[000000]LIB.DIR;1") .EQS. "" -
.OR. F$SEARCH("WRK_INSTALLTOP:[000000]EXE.DIR;1") .EQS. "" -
.OR. F$SEARCH("WRK_INSTALLTOP:[LIB]''arch'.DIR;1") .EQS. "" -
.OR. F$SEARCH("WRK_INSTALLTOP:[EXE]''arch'.DIR;1") .EQS. "" -
.OR. F$SEARCH("WRK_OPENSSLDIR:[000000]openssl.cnf") .EQS. ""
$ THEN
$ WRITE SYS$ERROR "''INSTALLTOP' doesn't look like an OpenSSL installation for ''arch'"
$ status = %x00018292 ! RMS$_FNF, file not found
$ GOTO bailout
$ ENDIF
$
$ ! Abbrevs
$ DEFT := DEFINE /TRANSLATION=CONCEALED /NOLOG 'P1'
$ DEF := DEFINE /NOLOG 'P1'
$ sv := {- platform->shlib_version_as_filename(); -}
$ pz := {- $target{pointer_size} -}
$
$ DEFT OSSL$DATAROOT 'OPENSSLDIR_']
$ DEFT OSSL$INSTROOT 'INSTALLTOP_']
$ DEFT OSSL$INCLUDE 'INSTALLTOP_'INCLUDE.]
$ DEF OSSL$LIB OSSL$INSTROOT:[LIB.'arch']
$ DEF OSSL$SHARE OSSL$INSTROOT:[LIB.'arch']
$ DEF OSSL$ENGINES'sv''pz' OSSL$INSTROOT:[ENGINES'sv''pz'.'arch']
$ DEF OSSL$MODULES'pz' OSSL$INSTROOT:[MODULES'pz'.'arch']
$ DEF OSSL$EXE OSSL$INSTROOT:[EXE.'arch'],-
OSSL$INSTROOT:[EXE]
$ DEF OSSL$LIBCRYPTO'pz' OSSL$LIB:OSSL$LIBCRYPTO'pz'.OLB
$ DEF OSSL$LIBSSL'pz' OSSL$LIB:OSSL$LIBSSL'pz'.OLB
${- output_off() if $disabled{shared}; "" -}
$ DEF OSSL$LIBCRYPTO'sv'_SHR'pz' OSSL$SHARE:OSSL$LIBCRYPTO'sv'_SHR'pz'.EXE
$ DEF OSSL$LIBSSL'sv'_SHR'pz' OSSL$SHARE:OSSL$LIBSSL'sv'_SHR'pz'.EXE
${- output_on() if $disabled{shared}; "" -}
$ DEF OPENSSL OSSL$INCLUDE:[OPENSSL]
$
$ IF P2 .NES. "NOALIASES"
$ THEN
$ DEF OSSL$ENGINES'pz' OSSL$ENGINES'sv''pz'
${- output_off() if $disabled{shared}; "" -}
$ DEF OSSL$LIBCRYPTO_SHR'pz' OSSL$LIBCRYPTO'sv'_SHR'pz'
$ DEF OSSL$LIBSSL_SHR'pz' OSSL$LIBSSL'sv'_SHR'pz'
${- output_on() if $disabled{shared}; "" -}
$ ENDIF
$
$ bailout:
$ DEASSIGN WRK_INSTALLTOP
$ DEASSIGN WRK_OPENSSLDIR
$
$ EXIT 'status'

14
VMS/openssl_utils.com.in Normal file
View file

@ -0,0 +1,14 @@
$ ! OpenSSL utilities
$ !
$
$ v := {- sprintf "%02d", split(/\./, $config{version}) -}
$
$ OPENSSL'v' :== $OSSL$EXE:OPENSSL'v'
$ OPENSSL :== $OSSL$EXE:OPENSSL'v'
$
$ IF F$TYPE(PERL) .EQS. "STRING"
$ THEN
$ C_REHASH :== 'PERL' OSSL$EXE:c_rehash.pl
$ ELSE
$ WRITE SYS$ERROR "NOTE: no perl => no C_REHASH"
$ ENDIF

28
VMS/test-includes.com Normal file
View file

@ -0,0 +1,28 @@
$! Quick script to check how well including individual header files works
$! on VMS, even when the VMS macro isn't defined.
$
$ sav_def = f$env("DEFAULT")
$ here = f$parse("A.;0",f$ENV("PROCEDURE")) - "A.;0"
$ set default 'here'
$ set default [-.include.openssl]
$ define openssl 'f$env("DEFAULT")'
$ set default [--]
$
$ loop:
$ f = f$search("openssl:*.h")
$ if f .eqs. "" then goto loop_end
$ write sys$output "Checking ",f
$ open/write foo foo.c
$ write foo "#undef VMS"
$ write foo "#include <stdio.h>"
$ write foo "#include <openssl/",f$parse(f,,,"NAME"),".h>"
$ write foo "main()"
$ write foo "{printf(""foo\n"");}"
$ close foo
$ cc/STANDARD=ANSI89/NOLIST/PREFIX=ALL foo.c
$ delete foo.c;
$ goto loop
$ loop_end:
$ set default 'save_def'
$ exit

62
VMS/translatesyms.pl Normal file
View file

@ -0,0 +1,62 @@
#! /usr/bin/env perl
# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
# This script will translate any SYMBOL_VECTOR item that has a translation
# in CXX$DEMANGLER_DB. The latter is generated by and CC/DECC command that
# uses the qualifier /REPOSITORY with the build directory as value. When
# /NAMES=SHORTENED has been used, this file will hold the translations from
# the original symbols to the shortened variants.
#
# CXX$DEMAGLER_DB. is an ISAM file, but with the magic of RMS, it can be
# read as a text file, with each record as one line.
#
# The lines will have the following syntax for any symbol found that's longer
# than 31 characters:
#
# LONG_symbol_34567890123{cksum}$LONG_symbol_34567890123_more_than_31_chars
#
# $ is present at the end of the shortened symbol name, and is preceded by a
# 7 character checksum. The $ makes it easy to separate the shortened name
# from the original one.
use strict;
use warnings;
usage() if scalar @ARGV < 1;
my %translations = ();
open DEMANGLER_DATA, $ARGV[0]
or die "Couldn't open $ARGV[0]: $!\n";
while(<DEMANGLER_DATA>) {
s|\R$||;
(my $translated, my $original) = split /\$/;
$translations{$original} = $translated.'$';
}
close DEMANGLER_DATA;
$| = 1; # Autoflush
while(<STDIN>) {
s@
((?:[A-Za-z0-9_]+)\/)?([A-Za-z0-9_]+)=(PROCEDURE|DATA)
@
if (defined($translations{$2})) {
my $trans = $translations{$2};
my $trans_uc = uc $trans;
if (defined($1) && $trans ne $trans_uc) {
"$trans_uc/$trans=$3"
} else {
"$trans=$3"
}
} else {
$&
}
@gxe;
print $_;
}

15
apps/cms.c
View file

@ -620,7 +620,8 @@ int cms_main(int argc, char **argv)
"recipient certificate file");
if (cert == NULL)
goto end;
sk_X509_push(encerts, cert);
if (!sk_X509_push(encerts, cert))
goto end;
cert = NULL;
} else {
recipfile = opt_arg();
@ -831,7 +832,8 @@ int cms_main(int argc, char **argv)
"recipient certificate file");
if (cert == NULL)
goto end;
sk_X509_push(encerts, cert);
if (!sk_X509_push(encerts, cert))
goto end;
cert = NULL;
}
}
@ -1413,6 +1415,7 @@ static CMS_ReceiptRequest
STACK_OF(OPENSSL_STRING) *rr_from)
{
STACK_OF(GENERAL_NAMES) *rct_to = NULL, *rct_from = NULL;
CMS_ReceiptRequest *rr;
rct_to = make_names_stack(rr_to);
if (rct_to == NULL)
@ -1424,10 +1427,14 @@ static CMS_ReceiptRequest
} else {
rct_from = NULL;
}
return CMS_ReceiptRequest_create0_ex(NULL, -1, rr_allorfirst, rct_from,
rct_to, app_get0_libctx());
rr = CMS_ReceiptRequest_create0_ex(NULL, -1, rr_allorfirst, rct_from,
rct_to, app_get0_libctx());
if (rr == NULL)
goto err;
return rr;
err:
sk_GENERAL_NAMES_pop_free(rct_to, GENERAL_NAMES_free);
sk_GENERAL_NAMES_pop_free(rct_from, GENERAL_NAMES_free);
return NULL;
}

6
apps/demoSRP/srp_verifier.txt Normal file
View file

@ -0,0 +1,6 @@
# This is a file that will be filled by the openssl srp routine.
# You can initialize the file with additional groups, these are
# records starting with a I followed by the g and N values and the id.
# The exact values ... you have to dig this out from the source of srp.c
# or srp_vfy.c
# The last value of an I is used as the default group for new users.

1
apps/demoSRP/srp_verifier.txt.attr Normal file
View file

@ -0,0 +1 @@
unique_subject = yes

2
apps/errstr.c
View file

@ -62,7 +62,7 @@ int errstr_main(int argc, char **argv)
/* All remaining arg are error code. */
ret = 0;
for (argv = opt_rest(); *argv != NULL; argv++) {
if (sscanf(*argv, "%lx", &l) == 0) {
if (sscanf(*argv, "%lx", &l) <= 0) {
ret++;
} else {
ERR_error_string_n(l, buf, sizeof(buf));

7
apps/lib/opt.c
View file

@ -696,7 +696,12 @@ int opt_verify(int opt, X509_VERIFY_PARAM *vpm)
opt_printf_stderr("%s: Invalid Policy %s\n", prog, opt_arg());
return 0;
}
X509_VERIFY_PARAM_add0_policy(vpm, otmp);
if (!X509_VERIFY_PARAM_add0_policy(vpm, otmp)) {
ASN1_OBJECT_free(otmp);
opt_printf_stderr("%s: Internal error adding Policy %s\n",
prog, opt_arg());
return 0;
}
break;
case OPT_V_PURPOSE:
/* purpose name -> purpose index */

52
apps/list.c
View file

@ -1209,9 +1209,11 @@ static int provider_cmp(const OSSL_PROVIDER * const *a,
static int collect_providers(OSSL_PROVIDER *provider, void *stack)
{
STACK_OF(OSSL_PROVIDER) *provider_stack = stack;
sk_OSSL_PROVIDER_push(provider_stack, provider);
return 1;
/*
* If OK - result is the index of inserted data
* Error - result is -1 or 0
*/
return sk_OSSL_PROVIDER_push(provider_stack, provider) > 0 ? 1 : 0;
}
static void list_provider_info(void)
@ -1226,11 +1228,19 @@ static void list_provider_info(void)
BIO_printf(bio_err, "ERROR: Memory allocation\n");
return;
}
if (OSSL_PROVIDER_do_all(NULL, &collect_providers, providers) != 1) {
BIO_printf(bio_err, "ERROR: Memory allocation\n");
return;
}
BIO_printf(bio_out, "Providers:\n");
OSSL_PROVIDER_do_all(NULL, &collect_providers, providers);
sk_OSSL_PROVIDER_sort(providers);
for (i = 0; i < sk_OSSL_PROVIDER_num(providers); i++) {
const OSSL_PROVIDER *prov = sk_OSSL_PROVIDER_value(providers, i);
const char *provname = OSSL_PROVIDER_get0_name(prov);
BIO_printf(bio_out, " %s\n", provname);
/* Query the "known" information parameters, the order matches below */
params[0] = OSSL_PARAM_construct_utf8_ptr(OSSL_PROV_PARAM_NAME,
@ -1243,23 +1253,23 @@ static void list_provider_info(void)
params[4] = OSSL_PARAM_construct_end();
OSSL_PARAM_set_all_unmodified(params);
if (!OSSL_PROVIDER_get_params(prov, params)) {
BIO_printf(bio_err, "ERROR: Unable to query provider parameters\n");
return;
}
/* Print out the provider information, the params order matches above */
BIO_printf(bio_out, " %s\n", OSSL_PROVIDER_get0_name(prov));
if (OSSL_PARAM_modified(params))
BIO_printf(bio_out, " name: %s\n", name);
if (OSSL_PARAM_modified(params + 1))
BIO_printf(bio_out, " version: %s\n", version);
if (OSSL_PARAM_modified(params + 2))
BIO_printf(bio_out, " status: %sactive\n", status ? "" : "in");
if (verbose) {
if (OSSL_PARAM_modified(params + 3))
BIO_printf(bio_out, " build info: %s\n", buildinfo);
print_param_types("gettable provider parameters",
OSSL_PROVIDER_gettable_params(prov), 4);
BIO_printf(bio_err,
"WARNING: Unable to query provider parameters for %s\n",
provname);
} else {
/* Print out the provider information, the params order matches above */
if (OSSL_PARAM_modified(params))
BIO_printf(bio_out, " name: %s\n", name);
if (OSSL_PARAM_modified(params + 1))
BIO_printf(bio_out, " version: %s\n", version);
if (OSSL_PARAM_modified(params + 2))
BIO_printf(bio_out, " status: %sactive\n", status ? "" : "in");
if (verbose) {
if (OSSL_PARAM_modified(params + 3))
BIO_printf(bio_out, " build info: %s\n", buildinfo);
print_param_types("gettable provider parameters",
OSSL_PROVIDER_gettable_params(prov), 4);
}
}
}
sk_OSSL_PROVIDER_free(providers);

390
apps/openssl-vms.cnf Normal file
View file

@ -0,0 +1,390 @@
#
# OpenSSL example configuration file.
# See doc/man5/config.pod for more info.
#
# This is mostly being used for generation of certificate requests,
# but may be used for auto loading of providers
# Note that you can include other files from the main configuration
# file using the .include directive.
#.include filename
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
# Use this in order to automatically load providers.
openssl_conf = openssl_init
# Comment out the next line to ignore configuration errors
config_diagnostics = 1
# Extra OBJECT IDENTIFIER info:
# oid_file = $ENV::HOME/.oid
oid_section = new_oids
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
# Policies used by the TSA examples.
tsa_policy1 = 1.2.3.4.1
tsa_policy2 = 1.2.3.4.5.6
tsa_policy3 = 1.2.3.4.5.7
# For FIPS
# Optionally include a file that is generated by the OpenSSL fipsinstall
# application. This file contains configuration data required by the OpenSSL
# fips provider. It contains a named section e.g. [fips_sect] which is
# referenced from the [provider_sect] below.
# Refer to the OpenSSL security policy for more information.
# .include fipsmodule.cnf
[openssl_init]
providers = provider_sect
# List of providers to load
[provider_sect]
default = default_sect
# The fips section name should match the section name inside the
# included fipsmodule.cnf.
# fips = fips_sect
# If no providers are activated explicitly, the default one is activated implicitly.
# See man 7 OSSL_PROVIDER-default for more details.
#
# If you add a section explicitly activating any other provider(s), you most
# probably need to explicitly activate the default provider, otherwise it
# becomes unavailable in openssl. As a consequence applications depending on
# OpenSSL may not work correctly which could lead to significant system
# problems including inability to remotely access the system.
[default_sect]
# activate = 1
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = sys\$disk:[.demoCA # Where everything is kept
certs = $dir.certs] # Where the issued certs are kept
crl_dir = $dir.crl] # Where the issued crl are kept
database = $dir]index.txt # database index file.
#unique_subject = no # Set to 'no' to allow creation of
# several certs with same subject.
new_certs_dir = $dir.newcerts] # default place for new certs.
certificate = $dir]cacert.pem # The CA certificate
serial = $dir]serial. # The current serial number
crlnumber = $dir]crlnumber. # the current crl number
# must be commented out to leave a V1 CRL
crl = $dir]crl.pem # The current CRL
private_key = $dir.private]cakey.pem# The private key
x509_extensions = usr_cert # The extensions to add to the cert
# Comment out the following two lines for the "traditional"
# (and highly broken) format.
name_opt = ca_default # Subject Name options
cert_opt = ca_default # Certificate field options
# Extension copying option: use with caution.
# copy_extensions = copy
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crlnumber must also be commented out to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 365 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = default # use public key default MD
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_match
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
####################################################################
[ req ]
default_bits = 2048
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extensions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString (PKIX recommendation before 2004)
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
string_mask = utf8only
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = AU
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Some-State
localityName = Locality Name (eg, city)
0.organizationName = Organization Name (eg, company)
0.organizationName_default = Internet Widgits Pty Ltd
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 64
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
# An alternative to produce certificates that aren't
# deprecated according to PKIX.
# subjectAltName=email:move
# Copy subject details
# issuerAltName=issuer:copy
# This is required for TSA certificates.
# extendedKeyUsage = critical,timeStamping
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer
basicConstraints = critical,CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always
[ proxy_cert_ext ]
# These extensions should be added when creating a proxy certificate
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
# An alternative to produce certificates that aren't
# deprecated according to PKIX.
# subjectAltName=email:move
# Copy subject details
# issuerAltName=issuer:copy
# This really needs to be in place for it to be a proxy certificate.
proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
####################################################################
[ tsa ]
default_tsa = tsa_config1 # the default TSA section
[ tsa_config1 ]
# These are used by the TSA reply generation only.
dir = sys\$disk:[.demoCA # TSA root directory
serial = $dir]tsaserial. # The current serial number (mandatory)
crypto_device = builtin # OpenSSL engine to use for signing
signer_cert = $dir/tsacert.pem # The TSA signing certificate
# (optional)
certs = $dir.cacert.pem] # Certificate chain to include in reply
# (optional)
signer_key = $dir/private/tsakey.pem # The TSA private key (optional)
signer_digest = sha256 # Signing digest to use. (Optional)
default_policy = tsa_policy1 # Policy if request did not specify it
# (optional)
other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory)
accuracy = secs:1, millisecs:500, microsecs:100 # (optional)
clock_precision_digits = 0 # number of digits after dot. (optional)
ordering = yes # Is ordering defined for timestamps?
# (optional, default: no)
tsa_name = yes # Must the TSA name be included in the reply?
# (optional, default: no)
ess_cert_id_chain = no # Must the ESS cert id chain be included?
# (optional, default: no)
ess_cert_id_alg = sha1 # algorithm to compute certificate
# identifier (optional, default: sha1)
[insta] # CMP using Insta Demo CA
# Message transfer
server = pki.certificate.fi:8700
# proxy = # set this as far as needed, e.g., http://192.168.1.1:8080
# tls_use = 0
path = pkix/
# Server authentication
recipient = "/C=FI/O=Insta Demo/CN=Insta Demo CA" # or set srvcert or issuer
ignore_keyusage = 1 # potentially needed quirk
unprotected_errors = 1 # potentially needed quirk
extracertsout = insta.extracerts.pem
# Client authentication
ref = 3078 # user identification
secret = pass:insta # can be used for both client and server side
# Generic message options
cmd = ir # default operation, can be overridden on cmd line with, e.g., kur
# Certificate enrollment
subject = "/CN=openssl-cmp-test"
newkey = insta.priv.pem
out_trusted = apps/insta.ca.crt # does not include keyUsage digitalSignature
certout = insta.cert.pem
[pbm] # Password-based protection for Insta CA
# Server and client authentication
ref = $insta::ref # 3078
secret = $insta::secret # pass:insta
[signature] # Signature-based protection for Insta CA
# Server authentication
trusted = $insta::out_trusted # apps/insta.ca.crt
# Client authentication
secret = # disable PBM
key = $insta::newkey # insta.priv.pem
cert = $insta::certout # insta.cert.pem
[ir]
cmd = ir
[cr]
cmd = cr
[kur]
# Certificate update
cmd = kur
oldcert = $insta::certout # insta.cert.pem
[rr]
# Certificate revocation
cmd = rr
oldcert = $insta::certout # insta.cert.pem

40
apps/rehash.c
View file

@ -45,9 +45,6 @@
# ifndef PATH_MAX
# define PATH_MAX 4096
# endif
# ifndef NAME_MAX
# define NAME_MAX 255
# endif
# define MAX_COLLISIONS 256
# if defined(OPENSSL_SYS_VXWORKS)
@ -355,21 +352,22 @@ static int do_dir(const char *dirname, enum Hash h)
OPENSSL_DIR_CTX *d = NULL;
struct stat st;
unsigned char idmask[MAX_COLLISIONS / 8];
int n, numfiles, nextid, buflen, errs = 0;
size_t i;
const char *pathsep;
int n, numfiles, nextid, dirlen, buflen, errs = 0;
size_t i, fname_max_len = 20; /* maximum length of "%08x.r%d" */
const char *pathsep = "";
const char *filename;
char *buf, *copy = NULL;
char *buf = NULL, *copy = NULL;
STACK_OF(OPENSSL_STRING) *files = NULL;
if (app_access(dirname, W_OK) < 0) {
BIO_printf(bio_err, "Skipping %s, can't write\n", dirname);
return 1;
}
buflen = strlen(dirname);
pathsep = (buflen && !ends_with_dirsep(dirname)) ? "/": "";
buflen += NAME_MAX + 1 + 1;
buf = app_malloc(buflen, "filename buffer");
dirlen = strlen(dirname);
if (dirlen != 0 && !ends_with_dirsep(dirname)) {
pathsep = "/";
dirlen++;
}
if (verbose)
BIO_printf(bio_out, "Doing %s\n", dirname);
@ -380,17 +378,25 @@ static int do_dir(const char *dirname, enum Hash h)
goto err;
}
while ((filename = OPENSSL_DIR_read(&d, dirname)) != NULL) {
size_t fname_len = strlen(filename);
if ((copy = OPENSSL_strdup(filename)) == NULL
|| sk_OPENSSL_STRING_push(files, copy) == 0) {
OPENSSL_free(copy);
OPENSSL_DIR_end(&d);
BIO_puts(bio_err, "out of memory\n");
errs = 1;
goto err;
}
if (fname_len > fname_max_len)
fname_max_len = fname_len;
}
OPENSSL_DIR_end(&d);
sk_OPENSSL_STRING_sort(files);
buflen = dirlen + fname_max_len + 1;
buf = app_malloc(buflen, "filename buffer");
numfiles = sk_OPENSSL_STRING_num(files);
for (n = 0; n < numfiles; ++n) {
filename = sk_OPENSSL_STRING_value(files, n);
@ -427,12 +433,12 @@ static int do_dir(const char *dirname, enum Hash h)
while (bit_isset(idmask, nextid))
nextid++;
BIO_snprintf(buf, buflen, "%s%s%n%08x.%s%d",
dirname, pathsep, &n, bp->hash,
BIO_snprintf(buf, buflen, "%s%s%08x.%s%d",
dirname, pathsep, bp->hash,
suffixes[bp->type], nextid);
if (verbose)
BIO_printf(bio_out, "link %s -> %s\n",
ep->filename, &buf[n]);
ep->filename, &buf[dirlen]);
if (unlink(buf) < 0 && errno != ENOENT) {
BIO_printf(bio_err,
"%s: Can't unlink %s, %s\n",
@ -449,12 +455,12 @@ static int do_dir(const char *dirname, enum Hash h)
bit_set(idmask, nextid);
} else if (remove_links) {
/* Link to be deleted */
BIO_snprintf(buf, buflen, "%s%s%n%08x.%s%d",
dirname, pathsep, &n, bp->hash,
BIO_snprintf(buf, buflen, "%s%s%08x.%s%d",
dirname, pathsep, bp->hash,
suffixes[bp->type], ep->old_id);
if (verbose)
BIO_printf(bio_out, "unlink %s\n",
&buf[n]);
&buf[dirlen]);
if (unlink(buf) < 0 && errno != ENOENT) {
BIO_printf(bio_err,
"%s: Can't unlink %s, %s\n",

4
apps/req.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -733,7 +733,7 @@ int req_main(int argc, char **argv)
}
goto end;
}
BIO_free(out);
BIO_free_all(out);
out = NULL;
BIO_printf(bio_err, "-----\n");
}

7
apps/s_server.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* Copyright 2005 Nokia. All rights reserved.
*
@ -1670,6 +1670,11 @@ int s_server_main(int argc, char *argv[])
BIO_printf(bio_err, "Can only use -listen with DTLS\n");
goto end;
}
if (rev && socket_type == SOCK_DGRAM) {
BIO_printf(bio_err, "Can't use -rev with DTLS\n");
goto end;
}
#endif
if (stateless && socket_type != SOCK_STREAM) {

3
apps/smime.c
View file

@ -453,7 +453,8 @@ int smime_main(int argc, char **argv)
"recipient certificate file");
if (cert == NULL)
goto end;
sk_X509_push(encerts, cert);
if (!sk_X509_push(encerts, cert))
goto end;
cert = NULL;
argv++;
}

176
apps/vms_decc_init.c Normal file
View file

@ -0,0 +1,176 @@
/*
* Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#if defined( __VMS) && !defined( OPENSSL_NO_DECC_INIT) && \
defined( __DECC) && !defined( __VAX) && (__CRTL_VER >= 70301000)
# define USE_DECC_INIT 1
#endif
#ifdef USE_DECC_INIT
/*
* ----------------------------------------------------------------------
* decc_init() On non-VAX systems, uses LIB$INITIALIZE to set a collection
* of C RTL features without using the DECC$* logical name method.
* ----------------------------------------------------------------------
*/
# include <stdio.h>
# include <stdlib.h>
# include <unixlib.h>
/* Global storage. */
/* Flag to sense if decc_init() was called. */
int decc_init_done = -1;
/* Structure to hold a DECC$* feature name and its desired value. */
typedef struct {
char *name;
int value;
} decc_feat_t;
/*
* Array of DECC$* feature names and their desired values. Note:
* DECC$ARGV_PARSE_STYLE is the urgent one.
*/
decc_feat_t decc_feat_array[] = {
/* Preserve command-line case with SET PROCESS/PARSE_STYLE=EXTENDED */
{"DECC$ARGV_PARSE_STYLE", 1},
/* Preserve case for file names on ODS5 disks. */
{"DECC$EFS_CASE_PRESERVE", 1},
/*
* Enable multiple dots (and most characters) in ODS5 file names, while
* preserving VMS-ness of ";version".
*/
{"DECC$EFS_CHARSET", 1},
/* List terminator. */
{(char *)NULL, 0}
};
/* LIB$INITIALIZE initialization function. */
static void decc_init(void)
{
char *openssl_debug_decc_init;
int verbose = 0;
int feat_index;
int feat_value;
int feat_value_max;
int feat_value_min;
int i;
int sts;
/* Get debug option. */
openssl_debug_decc_init = getenv("OPENSSL_DEBUG_DECC_INIT");
if (openssl_debug_decc_init != NULL) {
verbose = strtol(openssl_debug_decc_init, NULL, 10);
if (verbose <= 0) {
verbose = 1;
}
}
/* Set the global flag to indicate that LIB$INITIALIZE worked. */
decc_init_done = 1;
/* Loop through all items in the decc_feat_array[]. */
for (i = 0; decc_feat_array[i].name != NULL; i++) {
/* Get the feature index. */
feat_index = decc$feature_get_index(decc_feat_array[i].name);
if (feat_index >= 0) {
/* Valid item. Collect its properties. */
feat_value = decc$feature_get_value(feat_index, 1);
feat_value_min = decc$feature_get_value(feat_index, 2);
feat_value_max = decc$feature_get_value(feat_index, 3);
/* Check the validity of our desired value. */
if ((decc_feat_array[i].value >= feat_value_min) &&
(decc_feat_array[i].value <= feat_value_max)) {
/* Valid value. Set it if necessary. */
if (feat_value != decc_feat_array[i].value) {
sts = decc$feature_set_value(feat_index,
1, decc_feat_array[i].value);
if (verbose > 1) {
fprintf(stderr, " %s = %d, sts = %d.\n",
decc_feat_array[i].name,
decc_feat_array[i].value, sts);
}
}
} else {
/* Invalid DECC feature value. */
fprintf(stderr,
" INVALID DECC$FEATURE VALUE, %d: %d <= %s <= %d.\n",
feat_value,
feat_value_min, decc_feat_array[i].name,
feat_value_max);
}
} else {
/* Invalid DECC feature name. */
fprintf(stderr,
" UNKNOWN DECC$FEATURE: %s.\n", decc_feat_array[i].name);
}
}
if (verbose > 0) {
fprintf(stderr, " DECC_INIT complete.\n");
}
}
/* Get "decc_init()" into a valid, loaded LIB$INITIALIZE PSECT. */
# pragma nostandard
/*
* Establish the LIB$INITIALIZE PSECTs, with proper alignment and other
* attributes. Note that "nopic" is significant only on VAX.
*/
# pragma extern_model save
# if __INITIAL_POINTER_SIZE == 64
# define PSECT_ALIGN 3
# else
# define PSECT_ALIGN 2
# endif
# pragma extern_model strict_refdef "LIB$INITIALIZ" PSECT_ALIGN, nopic, nowrt
const int spare[8] = { 0 };
# pragma extern_model strict_refdef "LIB$INITIALIZE" PSECT_ALIGN, nopic, nowrt
void (*const x_decc_init) () = decc_init;
# pragma extern_model restore
/* Fake reference to ensure loading the LIB$INITIALIZE PSECT. */
# pragma extern_model save
int LIB$INITIALIZE(void);
# pragma extern_model strict_refdef
int dmy_lib$initialize = (int)LIB$INITIALIZE;
# pragma extern_model restore
# pragma standard
#else /* def USE_DECC_INIT */
/* Dummy code to avoid a %CC-W-EMPTYFILE complaint. */
int decc_init_dummy(void);
#endif /* def USE_DECC_INIT */

82
appveyor.yml
View file

@ -1,82 +0,0 @@
image:
- Visual Studio 2017
platform:
- x64
- x86
environment:
fast_finish: true
matrix:
- VSVER: 15
configuration:
- shared
- minimal
for:
-
branches:
only:
- master
configuration:
- shared
- plain
- minimal
before_build:
- ps: >-
Install-Module VSSetup -Scope CurrentUser
- ps: >-
Get-VSSetupInstance -All
- ps: >-
If ($env:Platform -Match "x86") {
$env:VCVARS_PLATFORM="x86"
$env:TARGET="VC-WIN32 no-asm --strict-warnings"
} Else {
$env:VCVARS_PLATFORM="amd64"
$env:TARGET="VC-WIN64A-masm"
}
- ps: >-
If ($env:Configuration -Match "shared") {
$env:CONFIG_OPTS="enable-fips"
} ElseIf ($env:Configuration -Match "minimal") {
$env:CONFIG_OPTS="no-bulk no-asm -DOPENSSL_SMALL_FOOTPRINT"
} Else {
$env:CONFIG_OPTS="no-fips no-shared"
}
- call "C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Auxiliary\Build\vcvarsall.bat" %VCVARS_PLATFORM%
- mkdir _build
- cd _build
- perl ..\Configure %TARGET% no-makedepend %CONFIG_OPTS%
- perl configdata.pm --dump
- cd ..
- ps: >-
If ($env:BUILDONLY -or $env:MAKEVERBOSE) {
$env:NMAKE="nmake"
} Else {
$env:NMAKE="nmake /S"
}
- ps: >-
gci env:* | sort-object name
build_script:
- cd _build
- "%NMAKE% build_all_generated"
- "%NMAKE% PERL=no-perl"
- cd ..
test_script:
- cd _build
- ps: >-
if ($env:Configuration -Match "plain") {
cmd /c "%NMAKE% test VERBOSE_FAILURE=yes 2>&1"
} Else {
cmd /c "%NMAKE% test VERBOSE_FAILURE=yes TESTS=-test_fuzz 2>&1"
}
- ps: >-
if ($env:Configuration -Match "shared") {
mkdir ..\_install
cmd /c "%NMAKE% install DESTDIR=..\_install 2>&1"
}
- cd ..

93
config.com Normal file
View file

@ -0,0 +1,93 @@
$ ! OpenSSL config: determine the architecture and run Configure
$ ! Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
$ !
$ ! Licensed under the Apache License 2.0 (the "License"). You may not use
$ ! this file except in compliance with the License. You can obtain a
$ ! copy in the file LICENSE in the source distribution or at
$ ! https://www.openssl.org/source/license.html
$ !
$ ! Very simple for the moment, it will take the following arguments:
$ !
$ ! -32 or 32 sets /POINTER_SIZE=32
$ ! -64 or 64 sets /POINTER_SIZE=64
$ ! -d sets debugging
$ ! -h prints a usage and exits
$ ! -t test mode, doesn't run Configure
$
$ arch = f$edit( f$getsyi( "arch_name"), "lowercase")
$ pointer_size = ""
$ dryrun = 0
$ verbose = 0
$ here = F$PARSE("A.;",F$ENVIRONMENT("PROCEDURE"),,,"SYNTAX_ONLY") - "A.;"
$
$ collected_args = ""
$ P_index = 0
$ LOOP1:
$ P_index = P_index + 1
$ IF P_index .GT. 8 THEN GOTO ENDLOOP1
$ P = F$EDIT(P1,"TRIM,LOWERCASE")
$ IF P .EQS. "-h"
$ THEN
$ dryrun = 1
$ P = ""
$ TYPE SYS$INPUT
$ DECK
Usage: @config [options]
-32 or 32 Build with 32-bit pointer size.
-64 or 64 Build with 64-bit pointer size.
-d Build with debugging.
-t Test mode, do not run the Configure perl script.
-v Verbose mode, show the exact Configure call that is being made.
-h This help.
Any other text will be passed to the Configure perl script.
See INSTALL.md for instructions.
$ EOD
$ ENDIF
$ IF P .EQS. "-t"
$ THEN
$ dryrun = 1
$ verbose = 1
$ P = ""
$ ENDIF
$ IF P .EQS. "-v"
$ THEN
$ verbose = 1
$ P = ""
$ ENDIF
$ IF P .EQS. "-32" .OR. P .EQS. "32"
$ THEN
$ pointer_size = "-P32"
$ P = ""
$ ENDIF
$ IF P .EQS. "-64" .OR. P .EQS. "64"
$ THEN
$ pointer_size = "-P64"
$ P = ""
$ ENDIF
$ IF P .EQS. "-d"
$ THEN
$ collected_args = collected_args + " --debug"
$ P = ""
$ ENDIF
$ IF P .NES. "" THEN -
collected_args = collected_args + " """ + P1 + """"
$ P1 = P2
$ P2 = P3
$ P3 = P4
$ P4 = P5
$ P5 = P6
$ P6 = P7
$ P7 = P8
$ P8 = ""
$ GOTO LOOP1
$ ENDLOOP1:
$
$ target = "vms-''arch'''pointer_size'"
$ IF verbose THEN -
WRITE SYS$OUTPUT "PERL ''here'Configure ""''target'""",collected_args
$ IF .not. dryrun THEN -
PERL 'here'Configure "''target'"'collected_args'
$ EXIT $STATUS

56
crypto/LPdir_nyi.c Normal file
View file

@ -0,0 +1,56 @@
/*
* Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/*
* This file is dual-licensed and is also available under the following
* terms:
*
* Copyright (c) 2004, Richard Levitte <richard@levitte.org>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifndef LPDIR_H
# include "LPdir.h"
#endif
struct LP_dir_context_st {
void *dummy;
};
const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
{
errno = EINVAL;
return 0;
}
int LP_find_file_end(LP_DIR_CTX **ctx)
{
errno = EINVAL;
return 0;
}

207
crypto/LPdir_vms.c Normal file
View file

@ -0,0 +1,207 @@
/*
* Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/*
* This file is dual-licensed and is also available under the following
* terms:
*
* Copyright (c) 2004, Richard Levitte <richard@levitte.org>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include <stddef.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <descrip.h>
#include <namdef.h>
#include <rmsdef.h>
#include <libfildef.h>
#include <lib$routines.h>
#include <strdef.h>
#include <str$routines.h>
#include <stsdef.h>
#ifndef LPDIR_H
# include "LPdir.h"
#endif
#include "vms_rms.h"
/* Some compiler options hide EVMSERR. */
#ifndef EVMSERR
# define EVMSERR 65535 /* error for non-translatable VMS errors */
#endif
struct LP_dir_context_st {
unsigned long VMS_context;
char filespec[NAMX_MAXRSS + 1];
char result[NAMX_MAXRSS + 1];
struct dsc$descriptor_d filespec_dsc;
struct dsc$descriptor_d result_dsc;
};
const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
{
int status;
char *p, *r;
size_t l;
unsigned long flags = 0;
/* Arrange 32-bit pointer to (copied) string storage, if needed. */
#if __INITIAL_POINTER_SIZE == 64
# pragma pointer_size save
# pragma pointer_size 32
char *ctx_filespec_32p;
# pragma pointer_size restore
char ctx_filespec_32[NAMX_MAXRSS + 1];
#endif /* __INITIAL_POINTER_SIZE == 64 */
#ifdef NAML$C_MAXRSS
flags |= LIB$M_FIL_LONG_NAMES;
#endif
if (ctx == NULL || directory == NULL) {
errno = EINVAL;
return 0;
}
errno = 0;
if (*ctx == NULL) {
size_t filespeclen = strlen(directory);
char *filespec = NULL;
if (filespeclen == 0) {
errno = ENOENT;
return 0;
}
/* MUST be a VMS directory specification! Let's estimate if it is. */
if (directory[filespeclen - 1] != ']'
&& directory[filespeclen - 1] != '>'
&& directory[filespeclen - 1] != ':') {
errno = EINVAL;
return 0;
}
filespeclen += 4; /* "*.*;" */
if (filespeclen > NAMX_MAXRSS) {
errno = ENAMETOOLONG;
return 0;
}
*ctx = malloc(sizeof(**ctx));
if (*ctx == NULL) {
errno = ENOMEM;
return 0;
}
memset(*ctx, 0, sizeof(**ctx));
strcpy((*ctx)->filespec, directory);
strcat((*ctx)->filespec, "*.*;");
/* Arrange 32-bit pointer to (copied) string storage, if needed. */
#if __INITIAL_POINTER_SIZE == 64
# define CTX_FILESPEC ctx_filespec_32p
/* Copy the file name to storage with a 32-bit pointer. */
ctx_filespec_32p = ctx_filespec_32;
strcpy(ctx_filespec_32p, (*ctx)->filespec);
#else /* __INITIAL_POINTER_SIZE == 64 */
# define CTX_FILESPEC (*ctx)->filespec
#endif /* __INITIAL_POINTER_SIZE == 64 [else] */
(*ctx)->filespec_dsc.dsc$w_length = filespeclen;
(*ctx)->filespec_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
(*ctx)->filespec_dsc.dsc$b_class = DSC$K_CLASS_S;
(*ctx)->filespec_dsc.dsc$a_pointer = CTX_FILESPEC;
}
(*ctx)->result_dsc.dsc$w_length = 0;
(*ctx)->result_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
(*ctx)->result_dsc.dsc$b_class = DSC$K_CLASS_D;
(*ctx)->result_dsc.dsc$a_pointer = 0;
status = lib$find_file(&(*ctx)->filespec_dsc, &(*ctx)->result_dsc,
&(*ctx)->VMS_context, 0, 0, 0, &flags);
if (status == RMS$_NMF) {
errno = 0;
vaxc$errno = status;
return NULL;
}
if (!$VMS_STATUS_SUCCESS(status)) {
errno = EVMSERR;
vaxc$errno = status;
return NULL;
}
/*
* Quick, cheap and dirty way to discard any device and directory, since
* we only want file names
*/
l = (*ctx)->result_dsc.dsc$w_length;
p = (*ctx)->result_dsc.dsc$a_pointer;
r = p;
for (; *p; p++) {
if (*p == '^' && p[1] != '\0') { /* Take care of ODS-5 escapes */
p++;
} else if (*p == ':' || *p == '>' || *p == ']') {
l -= p + 1 - r;
r = p + 1;
} else if (*p == ';') {
l = p - r;
break;
}
}
strncpy((*ctx)->result, r, l);
(*ctx)->result[l] = '\0';
str$free1_dx(&(*ctx)->result_dsc);
return (*ctx)->result;
}
int LP_find_file_end(LP_DIR_CTX **ctx)
{
if (ctx != NULL && *ctx != NULL) {
int status = lib$find_file_end(&(*ctx)->VMS_context);
free(*ctx);
if (!$VMS_STATUS_SUCCESS(status)) {
errno = EVMSERR;
vaxc$errno = status;
return 0;
}
return 1;
}
errno = EINVAL;
return 0;
}

214
crypto/LPdir_win.c Normal file
View file

@ -0,0 +1,214 @@
/*
* Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/*
* This file is dual-licensed and is also available under the following
* terms:
*
* Copyright (c) 2004, Richard Levitte <richard@levitte.org>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include <windows.h>
#include <tchar.h>
#include "internal/numbers.h"
#ifndef LPDIR_H
# include "LPdir.h"
#endif
/*
* We're most likely overcautious here, but let's reserve for broken WinCE
* headers and explicitly opt for UNICODE call. Keep in mind that our WinCE
* builds are compiled with -DUNICODE [as well as -D_UNICODE].
*/
#if defined(LP_SYS_WINCE) && !defined(FindFirstFile)
# define FindFirstFile FindFirstFileW
#endif
#if defined(LP_SYS_WINCE) && !defined(FindNextFile)
# define FindNextFile FindNextFileW
#endif
#ifndef NAME_MAX
# define NAME_MAX 255
#endif
#ifdef CP_UTF8
# define CP_DEFAULT CP_UTF8
#else
# define CP_DEFAULT CP_ACP
#endif
struct LP_dir_context_st {
WIN32_FIND_DATA ctx;
HANDLE handle;
char entry_name[NAME_MAX + 1];
};
const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
{
if (ctx == NULL || directory == NULL) {
errno = EINVAL;
return 0;
}
errno = 0;
if (*ctx == NULL) {
size_t dirlen = strlen(directory);
if (dirlen == 0 || dirlen > INT_MAX - 3) {
errno = ENOENT;
return 0;
}
*ctx = malloc(sizeof(**ctx));
if (*ctx == NULL) {
errno = ENOMEM;
return 0;
}
memset(*ctx, 0, sizeof(**ctx));
if (sizeof(TCHAR) != sizeof(char)) {
TCHAR *wdir = NULL;
/* len_0 denotes string length *with* trailing 0 */
size_t index = 0, len_0 = dirlen + 1;
#ifdef LP_MULTIBYTE_AVAILABLE
int sz = 0;
UINT cp;
do {
# ifdef CP_UTF8
if ((sz = MultiByteToWideChar((cp = CP_UTF8), 0,
directory, len_0,
NULL, 0)) > 0 ||
GetLastError() != ERROR_NO_UNICODE_TRANSLATION)
break;
# endif
sz = MultiByteToWideChar((cp = CP_ACP), 0,
directory, len_0,
NULL, 0);
} while (0);
if (sz > 0) {
/*
* allocate two additional characters in case we need to
* concatenate asterisk, |sz| covers trailing '\0'!
*/
wdir = _alloca((sz + 2) * sizeof(TCHAR));
if (!MultiByteToWideChar(cp, 0, directory, len_0,
(WCHAR *)wdir, sz)) {
free(*ctx);
*ctx = NULL;
errno = EINVAL;
return 0;
}
} else
#endif
{
sz = len_0;
/*
* allocate two additional characters in case we need to
* concatenate asterisk, |sz| covers trailing '\0'!
*/
wdir = _alloca((sz + 2) * sizeof(TCHAR));
for (index = 0; index < len_0; index++)
wdir[index] = (TCHAR)directory[index];
}
sz--; /* wdir[sz] is trailing '\0' now */
if (wdir[sz - 1] != TEXT('*')) {
if (wdir[sz - 1] != TEXT('/') && wdir[sz - 1] != TEXT('\\'))
_tcscpy(wdir + sz, TEXT("/*"));
else
_tcscpy(wdir + sz, TEXT("*"));
}
(*ctx)->handle = FindFirstFile(wdir, &(*ctx)->ctx);
} else {
if (directory[dirlen - 1] != '*') {
char *buf = _alloca(dirlen + 3);
strcpy(buf, directory);
if (buf[dirlen - 1] != '/' && buf[dirlen - 1] != '\\')
strcpy(buf + dirlen, "/*");
else
strcpy(buf + dirlen, "*");
directory = buf;
}
(*ctx)->handle = FindFirstFile((TCHAR *)directory, &(*ctx)->ctx);
}
if ((*ctx)->handle == INVALID_HANDLE_VALUE) {
free(*ctx);
*ctx = NULL;
errno = EINVAL;
return 0;
}
} else {
if (FindNextFile((*ctx)->handle, &(*ctx)->ctx) == FALSE) {
return 0;
}
}
if (sizeof(TCHAR) != sizeof(char)) {
TCHAR *wdir = (*ctx)->ctx.cFileName;
size_t index, len_0 = 0;
while (wdir[len_0] && len_0 < (sizeof((*ctx)->entry_name) - 1))
len_0++;
len_0++;
#ifdef LP_MULTIBYTE_AVAILABLE
if (!WideCharToMultiByte(CP_DEFAULT, 0, (WCHAR *)wdir, len_0,
(*ctx)->entry_name,
sizeof((*ctx)->entry_name), NULL, 0))
#endif
for (index = 0; index < len_0; index++)
(*ctx)->entry_name[index] = (char)wdir[index];
} else
strncpy((*ctx)->entry_name, (const char *)(*ctx)->ctx.cFileName,
sizeof((*ctx)->entry_name) - 1);
(*ctx)->entry_name[sizeof((*ctx)->entry_name) - 1] = '\0';
return (*ctx)->entry_name;
}
int LP_find_file_end(LP_DIR_CTX **ctx)
{
if (ctx != NULL && *ctx != NULL) {
FindClose((*ctx)->handle);
free(*ctx);
*ctx = NULL;
return 1;
}
errno = EINVAL;
return 0;
}

41
crypto/LPdir_win32.c Normal file
View file

@ -0,0 +1,41 @@
/*
* Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/*
* This file is dual-licensed and is also available under the following
* terms:
*
* Copyright (c) 2004, Richard Levitte <richard@levitte.org>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#define LP_SYS_WIN32
#define LP_MULTIBYTE_AVAILABLE
#include "LPdir_win.c"

44
crypto/LPdir_wince.c Normal file
View file

@ -0,0 +1,44 @@
/*
* Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/*
* This file is dual-licensed and is also available under the following
* terms:
*
* Copyright (c) 2004, Richard Levitte <richard@levitte.org>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#define LP_SYS_WINCE
/*
* We might want to define LP_MULTIBYTE_AVAILABLE here. It's currently under
* investigation what the exact conditions would be
*/
#include "LPdir_win.c"

256
crypto/alphacpuid.pl Normal file
View file

@ -0,0 +1,256 @@
#! /usr/bin/env perl
# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
$output = pop and open STDOUT,">$output";
print <<'___';
.text
.set noat
.globl OPENSSL_cpuid_setup
.ent OPENSSL_cpuid_setup
OPENSSL_cpuid_setup:
.frame $30,0,$26
.prologue 0
ret ($26)
.end OPENSSL_cpuid_setup
.globl OPENSSL_wipe_cpu
.ent OPENSSL_wipe_cpu
OPENSSL_wipe_cpu:
.frame $30,0,$26
.prologue 0
clr $1
clr $2
clr $3
clr $4
clr $5
clr $6
clr $7
clr $8
clr $16
clr $17
clr $18
clr $19
clr $20
clr $21
clr $22
clr $23
clr $24
clr $25
clr $27
clr $at
clr $29
fclr $f0
fclr $f1
fclr $f10
fclr $f11
fclr $f12
fclr $f13
fclr $f14
fclr $f15
fclr $f16
fclr $f17
fclr $f18
fclr $f19
fclr $f20
fclr $f21
fclr $f22
fclr $f23
fclr $f24
fclr $f25
fclr $f26
fclr $f27
fclr $f28
fclr $f29
fclr $f30
mov $sp,$0
ret ($26)
.end OPENSSL_wipe_cpu
.globl OPENSSL_atomic_add
.ent OPENSSL_atomic_add
OPENSSL_atomic_add:
.frame $30,0,$26
.prologue 0
1: ldl_l $0,0($16)
addl $0,$17,$1
stl_c $1,0($16)
beq $1,1b
addl $0,$17,$0
ret ($26)
.end OPENSSL_atomic_add
.globl OPENSSL_rdtsc
.ent OPENSSL_rdtsc
OPENSSL_rdtsc:
.frame $30,0,$26
.prologue 0
rpcc $0
ret ($26)
.end OPENSSL_rdtsc
.globl OPENSSL_cleanse
.ent OPENSSL_cleanse
OPENSSL_cleanse:
.frame $30,0,$26
.prologue 0
beq $17,.Ldone
and $16,7,$0
bic $17,7,$at
beq $at,.Little
beq $0,.Laligned
.Little:
subq $0,8,$0
ldq_u $1,0($16)
mov $16,$2
.Lalign:
mskbl $1,$16,$1
lda $16,1($16)
subq $17,1,$17
addq $0,1,$0
beq $17,.Lout
bne $0,.Lalign
.Lout: stq_u $1,0($2)
beq $17,.Ldone
bic $17,7,$at
beq $at,.Little
.Laligned:
stq $31,0($16)
subq $17,8,$17
lda $16,8($16)
bic $17,7,$at
bne $at,.Laligned
bne $17,.Little
.Ldone: ret ($26)
.end OPENSSL_cleanse
.globl CRYPTO_memcmp
.ent CRYPTO_memcmp
CRYPTO_memcmp:
.frame $30,0,$26
.prologue 0
xor $0,$0,$0
beq $18,.Lno_data
xor $1,$1,$1
nop
.Loop_cmp:
ldq_u $2,0($16)
subq $18,1,$18
ldq_u $3,0($17)
extbl $2,$16,$2
lda $16,1($16)
extbl $3,$17,$3
lda $17,1($17)
xor $3,$2,$2
or $2,$0,$0
bne $18,.Loop_cmp
subq $31,$0,$0
srl $0,63,$0
.Lno_data:
ret ($26)
.end CRYPTO_memcmp
___
{
my ($out,$cnt,$max)=("\$16","\$17","\$18");
my ($tick,$lasttick)=("\$19","\$20");
my ($diff,$lastdiff)=("\$21","\$22");
my ($v0,$ra,$sp,$zero)=("\$0","\$26","\$30","\$31");
print <<___;
.globl OPENSSL_instrument_bus
.ent OPENSSL_instrument_bus
OPENSSL_instrument_bus:
.frame $sp,0,$ra
.prologue 0
mov $cnt,$v0
rpcc $lasttick
mov 0,$diff
ecb ($out)
ldl_l $tick,0($out)
addl $diff,$tick,$tick
mov $tick,$diff
stl_c $tick,0($out)
stl $diff,0($out)
.Loop: rpcc $tick
subq $tick,$lasttick,$diff
mov $tick,$lasttick
ecb ($out)
ldl_l $tick,0($out)
addl $diff,$tick,$tick
mov $tick,$diff
stl_c $tick,0($out)
stl $diff,0($out)
subl $cnt,1,$cnt
lda $out,4($out)
bne $cnt,.Loop
ret ($ra)
.end OPENSSL_instrument_bus
.globl OPENSSL_instrument_bus2
.ent OPENSSL_instrument_bus2
OPENSSL_instrument_bus2:
.frame $sp,0,$ra
.prologue 0
mov $cnt,$v0
rpcc $lasttick
mov 0,$diff
ecb ($out)
ldl_l $tick,0($out)
addl $diff,$tick,$tick
mov $tick,$diff
stl_c $tick,0($out)
stl $diff,0($out)
rpcc $tick
subq $tick,$lasttick,$diff
mov $tick,$lasttick
mov $diff,$lastdiff
.Loop2:
ecb ($out)
ldl_l $tick,0($out)
addl $diff,$tick,$tick
mov $tick,$diff
stl_c $tick,0($out)
stl $diff,0($out)
subl $max,1,$max
beq $max,.Ldone2
rpcc $tick
subq $tick,$lasttick,$diff
mov $tick,$lasttick
subq $lastdiff,$diff,$tick
mov $diff,$lastdiff
cmovne $tick,1,$tick
subl $cnt,$tick,$cnt
s4addq $tick,$out,$out
bne $cnt,.Loop2
.Ldone2:
subl $v0,$cnt,$v0
ret ($ra)
.end OPENSSL_instrument_bus2
___
}
close STDOUT or die "error closing STDOUT: $!";

4
crypto/asn1/asn_moid.c
View file

@ -67,6 +67,10 @@ static int do_create(const char *value, const char *name)
if (p == NULL) {
ln = name;
ostr = value;
} else if (p == value) {
/* we started with a leading comma */
ln = name;
ostr = p + 1;
} else {
ln = value;
ostr = p + 1;

8
crypto/asn1/asn_mstbl.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2012-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -72,6 +72,8 @@ static int do_tcreate(const char *value, const char *name)
goto err;
for (i = 0; i < sk_CONF_VALUE_num(lst); i++) {
cnf = sk_CONF_VALUE_value(lst, i);
if (cnf->value == NULL)
goto err;
if (strcmp(cnf->name, "min") == 0) {
tbl_min = strtoul(cnf->value, &eptr, 0);
if (*eptr)
@ -98,7 +100,9 @@ static int do_tcreate(const char *value, const char *name)
if (rv == 0) {
if (cnf)
ERR_raise_data(ERR_LIB_ASN1, ASN1_R_INVALID_STRING_TABLE_VALUE,
"field=%s, value=%s", cnf->name, cnf->value);
"field=%s, value=%s", cnf->name,
cnf->value != NULL ? cnf->value
: value);
else
ERR_raise_data(ERR_LIB_ASN1, ASN1_R_INVALID_STRING_TABLE_VALUE,
"name=%s, value=%s", name, value);

6
crypto/asn1/x_algor.c
View file

@ -179,7 +179,11 @@ int ossl_x509_algor_md_to_mgf1(X509_ALGOR **palg, const EVP_MD *mgf1md)
*palg = X509_ALGOR_new();
if (*palg == NULL)
goto err;
X509_ALGOR_set0(*palg, OBJ_nid2obj(NID_mgf1), V_ASN1_SEQUENCE, stmp);
if (!X509_ALGOR_set0(*palg, OBJ_nid2obj(NID_mgf1), V_ASN1_SEQUENCE, stmp)) {
X509_ALGOR_free(*palg);
*palg = NULL;
goto err;
}
stmp = NULL;
err:
ASN1_STRING_free(stmp);

59
crypto/async/arch/async_win.c Normal file
View file

@ -0,0 +1,59 @@
/*
* Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/* This must be the first #include file */
#include "../async_local.h"
#ifdef ASYNC_WIN
# include <windows.h>
# include "internal/cryptlib.h"
int ASYNC_is_capable(void)
{
return 1;
}
void async_local_cleanup(void)
{
async_ctx *ctx = async_get_ctx();
if (ctx != NULL) {
async_fibre *fibre = &ctx->dispatcher;
if (fibre != NULL && fibre->fibre != NULL && fibre->converted) {
ConvertFiberToThread();
fibre->fibre = NULL;
}
}
}
int async_fibre_init_dispatcher(async_fibre *fibre)
{
# if defined(_WIN32_WINNT) && _WIN32_WINNT >= 0x600
fibre->fibre = ConvertThreadToFiberEx(NULL, FIBER_FLAG_FLOAT_SWITCH);
# else
fibre->fibre = ConvertThreadToFiber(NULL);
# endif
if (fibre->fibre == NULL) {
fibre->converted = 0;
fibre->fibre = GetCurrentFiber();
if (fibre->fibre == NULL)
return 0;
} else {
fibre->converted = 1;
}
return 1;
}
VOID CALLBACK async_start_func_win(PVOID unused)
{
async_start_func();
}
#endif

327
crypto/bn/asm/alpha-mont.pl Normal file
View file

@ -0,0 +1,327 @@
#! /usr/bin/env perl
# Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
#
# ====================================================================
# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
# project. The module is, however, dual licensed under OpenSSL and
# CRYPTOGAMS licenses depending on where you obtain it. For further
# details see http://www.openssl.org/~appro/cryptogams/.
# ====================================================================
#
# On 21264 RSA sign performance improves by 70/35/20/15 percent for
# 512/1024/2048/4096 bit key lengths. This is against vendor compiler
# instructed to '-tune host' code with in-line assembler. Other
# benchmarks improve by 15-20%. To anchor it to something else, the
# code provides approximately the same performance per GHz as AMD64.
# I.e. if you compare 1GHz 21264 and 2GHz Opteron, you'll observe ~2x
# difference.
$output=pop and open STDOUT,">$output";
# int bn_mul_mont(
$rp="a0"; # BN_ULONG *rp,
$ap="a1"; # const BN_ULONG *ap,
$bp="a2"; # const BN_ULONG *bp,
$np="a3"; # const BN_ULONG *np,
$n0="a4"; # const BN_ULONG *n0,
$num="a5"; # int num);
$lo0="t0";
$hi0="t1";
$lo1="t2";
$hi1="t3";
$aj="t4";
$bi="t5";
$nj="t6";
$tp="t7";
$alo="t8";
$ahi="t9";
$nlo="t10";
$nhi="t11";
$tj="t12";
$i="s3";
$j="s4";
$m1="s5";
$code=<<___;
#ifdef __linux__
#include <asm/regdef.h>
#else
#include <asm.h>
#include <regdef.h>
#endif
.text
.set noat
.set noreorder
.globl bn_mul_mont
.align 5
.ent bn_mul_mont
bn_mul_mont:
lda sp,-48(sp)
stq ra,0(sp)
stq s3,8(sp)
stq s4,16(sp)
stq s5,24(sp)
stq fp,32(sp)
mov sp,fp
.mask 0x0400f000,-48
.frame fp,48,ra
.prologue 0
.align 4
.set reorder
sextl $num,$num
mov 0,v0
cmplt $num,4,AT
bne AT,.Lexit
ldq $hi0,0($ap) # ap[0]
s8addq $num,16,AT
ldq $aj,8($ap)
subq sp,AT,sp
ldq $bi,0($bp) # bp[0]
lda AT,-4096(zero) # mov -4096,AT
ldq $n0,0($n0)
and sp,AT,sp
mulq $hi0,$bi,$lo0
ldq $hi1,0($np) # np[0]
umulh $hi0,$bi,$hi0
ldq $nj,8($np)
mulq $lo0,$n0,$m1
mulq $hi1,$m1,$lo1
umulh $hi1,$m1,$hi1
addq $lo1,$lo0,$lo1
cmpult $lo1,$lo0,AT
addq $hi1,AT,$hi1
mulq $aj,$bi,$alo
mov 2,$j
umulh $aj,$bi,$ahi
mov sp,$tp
mulq $nj,$m1,$nlo
s8addq $j,$ap,$aj
umulh $nj,$m1,$nhi
s8addq $j,$np,$nj
.align 4
.L1st:
.set noreorder
ldq $aj,0($aj)
addl $j,1,$j
ldq $nj,0($nj)
lda $tp,8($tp)
addq $alo,$hi0,$lo0
mulq $aj,$bi,$alo
cmpult $lo0,$hi0,AT
addq $nlo,$hi1,$lo1
mulq $nj,$m1,$nlo
addq $ahi,AT,$hi0
cmpult $lo1,$hi1,v0
cmplt $j,$num,$tj
umulh $aj,$bi,$ahi
addq $nhi,v0,$hi1
addq $lo1,$lo0,$lo1
s8addq $j,$ap,$aj
umulh $nj,$m1,$nhi
cmpult $lo1,$lo0,v0
addq $hi1,v0,$hi1
s8addq $j,$np,$nj
stq $lo1,-8($tp)
nop
unop
bne $tj,.L1st
.set reorder
addq $alo,$hi0,$lo0
addq $nlo,$hi1,$lo1
cmpult $lo0,$hi0,AT
cmpult $lo1,$hi1,v0
addq $ahi,AT,$hi0
addq $nhi,v0,$hi1
addq $lo1,$lo0,$lo1
cmpult $lo1,$lo0,v0
addq $hi1,v0,$hi1
stq $lo1,0($tp)
addq $hi1,$hi0,$hi1
cmpult $hi1,$hi0,AT
stq $hi1,8($tp)
stq AT,16($tp)
mov 1,$i
.align 4
.Louter:
s8addq $i,$bp,$bi
ldq $hi0,0($ap)
ldq $aj,8($ap)
ldq $bi,0($bi)
ldq $hi1,0($np)
ldq $nj,8($np)
ldq $tj,0(sp)
mulq $hi0,$bi,$lo0
umulh $hi0,$bi,$hi0
addq $lo0,$tj,$lo0
cmpult $lo0,$tj,AT
addq $hi0,AT,$hi0
mulq $lo0,$n0,$m1
mulq $hi1,$m1,$lo1
umulh $hi1,$m1,$hi1
addq $lo1,$lo0,$lo1
cmpult $lo1,$lo0,AT
mov 2,$j
addq $hi1,AT,$hi1
mulq $aj,$bi,$alo
mov sp,$tp
umulh $aj,$bi,$ahi
mulq $nj,$m1,$nlo
s8addq $j,$ap,$aj
umulh $nj,$m1,$nhi
.align 4
.Linner:
.set noreorder
ldq $tj,8($tp) #L0
nop #U1
ldq $aj,0($aj) #L1
s8addq $j,$np,$nj #U0
ldq $nj,0($nj) #L0
nop #U1
addq $alo,$hi0,$lo0 #L1
lda $tp,8($tp)
mulq $aj,$bi,$alo #U1
cmpult $lo0,$hi0,AT #L0
addq $nlo,$hi1,$lo1 #L1
addl $j,1,$j
mulq $nj,$m1,$nlo #U1
addq $ahi,AT,$hi0 #L0
addq $lo0,$tj,$lo0 #L1
cmpult $lo1,$hi1,v0 #U0
umulh $aj,$bi,$ahi #U1
cmpult $lo0,$tj,AT #L0
addq $lo1,$lo0,$lo1 #L1
addq $nhi,v0,$hi1 #U0
umulh $nj,$m1,$nhi #U1
s8addq $j,$ap,$aj #L0
cmpult $lo1,$lo0,v0 #L1
cmplt $j,$num,$tj #U0 # borrow $tj
addq $hi0,AT,$hi0 #L0
addq $hi1,v0,$hi1 #U1
stq $lo1,-8($tp) #L1
bne $tj,.Linner #U0
.set reorder
ldq $tj,8($tp)
addq $alo,$hi0,$lo0
addq $nlo,$hi1,$lo1
cmpult $lo0,$hi0,AT
cmpult $lo1,$hi1,v0
addq $ahi,AT,$hi0
addq $nhi,v0,$hi1
addq $lo0,$tj,$lo0
cmpult $lo0,$tj,AT
addq $hi0,AT,$hi0
ldq $tj,16($tp)
addq $lo1,$lo0,$j
cmpult $j,$lo0,v0
addq $hi1,v0,$hi1
addq $hi1,$hi0,$lo1
stq $j,0($tp)
cmpult $lo1,$hi0,$hi1
addq $lo1,$tj,$lo1
cmpult $lo1,$tj,AT
addl $i,1,$i
addq $hi1,AT,$hi1
stq $lo1,8($tp)
cmplt $i,$num,$tj # borrow $tj
stq $hi1,16($tp)
bne $tj,.Louter
s8addq $num,sp,$tj # &tp[num]
mov $rp,$bp # put rp aside
mov sp,$tp
mov sp,$ap
mov 0,$hi0 # clear borrow bit
.align 4
.Lsub: ldq $lo0,0($tp)
ldq $lo1,0($np)
lda $tp,8($tp)
lda $np,8($np)
subq $lo0,$lo1,$lo1 # tp[i]-np[i]
cmpult $lo0,$lo1,AT
subq $lo1,$hi0,$lo0
cmpult $lo1,$lo0,$hi0
or $hi0,AT,$hi0
stq $lo0,0($rp)
cmpult $tp,$tj,v0
lda $rp,8($rp)
bne v0,.Lsub
subq $hi1,$hi0,$hi0 # handle upmost overflow bit
mov sp,$tp
mov $bp,$rp # restore rp
.align 4
.Lcopy: ldq $aj,0($tp) # conditional copy
ldq $nj,0($rp)
lda $tp,8($tp)
lda $rp,8($rp)
cmoveq $hi0,$nj,$aj
stq zero,-8($tp) # zap tp
cmpult $tp,$tj,AT
stq $aj,-8($rp)
bne AT,.Lcopy
mov 1,v0
.Lexit:
.set noreorder
mov fp,sp
/*ldq ra,0(sp)*/
ldq s3,8(sp)
ldq s4,16(sp)
ldq s5,24(sp)
ldq fp,32(sp)
lda sp,48(sp)
ret (ra)
.end bn_mul_mont
.ascii "Montgomery Multiplication for Alpha, CRYPTOGAMS by <appro\@openssl.org>"
.align 2
___
print $code;
close STDOUT or die "error closing STDOUT: $!";

21
crypto/bn/bn_exp.c
View file

@ -243,6 +243,14 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
wstart = bits - 1; /* The top bit of the window */
wend = 0; /* The bottom bit of the window */
if (r == p) {
BIGNUM *p_dup = BN_CTX_get(ctx);
if (p_dup == NULL || BN_copy(p_dup, p) == NULL)
goto err;
p = p_dup;
}
if (!BN_one(r))
goto err;
@ -1317,6 +1325,11 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
return 0;
}
if (r == m) {
ERR_raise(ERR_LIB_BN, ERR_R_PASSED_INVALID_ARGUMENT);
return 0;
}
bits = BN_num_bits(p);
if (bits == 0) {
/* x**0 mod 1, or x**0 mod -1 is still zero. */
@ -1362,6 +1375,14 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
wstart = bits - 1; /* The top bit of the window */
wend = 0; /* The bottom bit of the window */
if (r == p) {
BIGNUM *p_dup = BN_CTX_get(ctx);
if (p_dup == NULL || BN_copy(p_dup, p) == NULL)
goto err;
p = p_dup;
}
if (!BN_one(r))
goto err;

8
crypto/bn/bn_gf2m.c
View file

@ -734,14 +734,20 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
{
BIGNUM *b = NULL;
int ret = 0;
int numbits;
BN_CTX_start(ctx);
if ((b = BN_CTX_get(ctx)) == NULL)
goto err;
/* Fail on a non-sensical input p value */
numbits = BN_num_bits(p);
if (numbits <= 1)
goto err;
/* generate blinding value */
do {
if (!BN_priv_rand_ex(b, BN_num_bits(p) - 1,
if (!BN_priv_rand_ex(b, numbits - 1,
BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, 0, ctx))
goto err;
} while (BN_is_zero(b));

10
crypto/bn/bn_mod.c
View file

@ -17,6 +17,11 @@ int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx)
* always holds)
*/
if (r == d) {
ERR_raise(ERR_LIB_BN, ERR_R_PASSED_INVALID_ARGUMENT);
return 0;
}
if (!(BN_mod(r, m, d, ctx)))
return 0;
if (!r->neg)
@ -186,6 +191,11 @@ int bn_mod_sub_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
const BIGNUM *m)
{
if (r == m) {
ERR_raise(ERR_LIB_BN, ERR_R_PASSED_INVALID_ARGUMENT);
return 0;
}
if (!BN_sub(r, a, b))
return 0;
if (r->neg)

126
crypto/bn/bn_nist.c
View file

@ -319,6 +319,28 @@ static void nist_cp_bn(BN_ULONG *dst, const BN_ULONG *src, int top)
# endif
#endif /* BN_BITS2 != 64 */
#ifdef NIST_INT64
/* Helpers to load/store a 32-bit word (uint32_t) from/into a memory
* location and avoid potential aliasing issue. */
static ossl_inline uint32_t load_u32(const void *ptr)
{
uint32_t tmp;
memcpy(&tmp, ptr, sizeof(tmp));
return tmp;
}
static ossl_inline void store_lo32(void *ptr, NIST_INT64 val)
{
/* A cast is needed for big-endian system: on a 32-bit BE system
* NIST_INT64 may be defined as well if the compiler supports 64-bit
* long long. */
uint32_t tmp = (uint32_t)val;
memcpy(ptr, &tmp, sizeof(tmp));
}
#endif /* NIST_INT64 */
#define nist_set_192(to, from, a1, a2, a3) \
{ \
bn_cp_64(to, 0, from, (a3) - 3) \
@ -374,42 +396,42 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
unsigned int *rp = (unsigned int *)r_d;
const unsigned int *bp = (const unsigned int *)buf.ui;
acc = rp[0];
acc = load_u32(&rp[0]);
acc += bp[3 * 2 - 6];
acc += bp[5 * 2 - 6];
rp[0] = (unsigned int)acc;
store_lo32(&rp[0], acc);
acc >>= 32;
acc += rp[1];
acc += load_u32(&rp[1]);
acc += bp[3 * 2 - 5];
acc += bp[5 * 2 - 5];
rp[1] = (unsigned int)acc;
store_lo32(&rp[1], acc);
acc >>= 32;
acc += rp[2];
acc += load_u32(&rp[2]);
acc += bp[3 * 2 - 6];
acc += bp[4 * 2 - 6];
acc += bp[5 * 2 - 6];
rp[2] = (unsigned int)acc;
store_lo32(&rp[2], acc);
acc >>= 32;
acc += rp[3];
acc += load_u32(&rp[3]);
acc += bp[3 * 2 - 5];
acc += bp[4 * 2 - 5];
acc += bp[5 * 2 - 5];
rp[3] = (unsigned int)acc;
store_lo32(&rp[3], acc);
acc >>= 32;
acc += rp[4];
acc += load_u32(&rp[4]);
acc += bp[4 * 2 - 6];
acc += bp[5 * 2 - 6];
rp[4] = (unsigned int)acc;
store_lo32(&rp[4], acc);
acc >>= 32;
acc += rp[5];
acc += load_u32(&rp[5]);
acc += bp[4 * 2 - 5];
acc += bp[5 * 2 - 5];
rp[5] = (unsigned int)acc;
store_lo32(&rp[5], acc);
carry = (int)(acc >> 32);
}
@ -683,36 +705,36 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
unsigned int *rp = (unsigned int *)r_d;
const unsigned int *bp = (const unsigned int *)buf.ui;
acc = rp[0];
acc = load_u32(&rp[0]);
acc += bp[8 - 8];
acc += bp[9 - 8];
acc -= bp[11 - 8];
acc -= bp[12 - 8];
acc -= bp[13 - 8];
acc -= bp[14 - 8];
rp[0] = (unsigned int)acc;
store_lo32(&rp[0], acc);
acc >>= 32;
acc += rp[1];
acc += load_u32(&rp[1]);
acc += bp[9 - 8];
acc += bp[10 - 8];
acc -= bp[12 - 8];
acc -= bp[13 - 8];
acc -= bp[14 - 8];
acc -= bp[15 - 8];
rp[1] = (unsigned int)acc;
store_lo32(&rp[1], acc);
acc >>= 32;
acc += rp[2];
acc += load_u32(&rp[2]);
acc += bp[10 - 8];
acc += bp[11 - 8];
acc -= bp[13 - 8];
acc -= bp[14 - 8];
acc -= bp[15 - 8];
rp[2] = (unsigned int)acc;
store_lo32(&rp[2], acc);
acc >>= 32;
acc += rp[3];
acc += load_u32(&rp[3]);
acc += bp[11 - 8];
acc += bp[11 - 8];
acc += bp[12 - 8];
@ -721,10 +743,10 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
acc -= bp[15 - 8];
acc -= bp[8 - 8];
acc -= bp[9 - 8];
rp[3] = (unsigned int)acc;
store_lo32(&rp[3], acc);
acc >>= 32;
acc += rp[4];
acc += load_u32(&rp[4]);
acc += bp[12 - 8];
acc += bp[12 - 8];
acc += bp[13 - 8];
@ -732,10 +754,10 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
acc += bp[14 - 8];
acc -= bp[9 - 8];
acc -= bp[10 - 8];
rp[4] = (unsigned int)acc;
store_lo32(&rp[4], acc);
acc >>= 32;
acc += rp[5];
acc += load_u32(&rp[5]);
acc += bp[13 - 8];
acc += bp[13 - 8];
acc += bp[14 - 8];
@ -743,10 +765,10 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
acc += bp[15 - 8];
acc -= bp[10 - 8];
acc -= bp[11 - 8];
rp[5] = (unsigned int)acc;
store_lo32(&rp[5], acc);
acc >>= 32;
acc += rp[6];
acc += load_u32(&rp[6]);
acc += bp[14 - 8];
acc += bp[14 - 8];
acc += bp[15 - 8];
@ -755,10 +777,10 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
acc += bp[13 - 8];
acc -= bp[8 - 8];
acc -= bp[9 - 8];
rp[6] = (unsigned int)acc;
store_lo32(&rp[6], acc);
acc >>= 32;
acc += rp[7];
acc += load_u32(&rp[7]);
acc += bp[15 - 8];
acc += bp[15 - 8];
acc += bp[15 - 8];
@ -767,7 +789,7 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
acc -= bp[11 - 8];
acc -= bp[12 - 8];
acc -= bp[13 - 8];
rp[7] = (unsigned int)acc;
store_lo32(&rp[7], acc);
carry = (int)(acc >> 32);
}
@ -920,32 +942,32 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
unsigned int *rp = (unsigned int *)r_d;
const unsigned int *bp = (const unsigned int *)buf.ui;
acc = rp[0];
acc = load_u32(&rp[0]);
acc += bp[12 - 12];
acc += bp[21 - 12];
acc += bp[20 - 12];
acc -= bp[23 - 12];
rp[0] = (unsigned int)acc;
store_lo32(&rp[0], acc);
acc >>= 32;
acc += rp[1];
acc += load_u32(&rp[1]);
acc += bp[13 - 12];
acc += bp[22 - 12];
acc += bp[23 - 12];
acc -= bp[12 - 12];
acc -= bp[20 - 12];
rp[1] = (unsigned int)acc;
store_lo32(&rp[1], acc);
acc >>= 32;
acc += rp[2];
acc += load_u32(&rp[2]);
acc += bp[14 - 12];
acc += bp[23 - 12];
acc -= bp[13 - 12];
acc -= bp[21 - 12];
rp[2] = (unsigned int)acc;
store_lo32(&rp[2], acc);
acc >>= 32;
acc += rp[3];
acc += load_u32(&rp[3]);
acc += bp[15 - 12];
acc += bp[12 - 12];
acc += bp[20 - 12];
@ -953,10 +975,10 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
acc -= bp[14 - 12];
acc -= bp[22 - 12];
acc -= bp[23 - 12];
rp[3] = (unsigned int)acc;
store_lo32(&rp[3], acc);
acc >>= 32;
acc += rp[4];
acc += load_u32(&rp[4]);
acc += bp[21 - 12];
acc += bp[21 - 12];
acc += bp[16 - 12];
@ -967,10 +989,10 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
acc -= bp[15 - 12];
acc -= bp[23 - 12];
acc -= bp[23 - 12];
rp[4] = (unsigned int)acc;
store_lo32(&rp[4], acc);
acc >>= 32;
acc += rp[5];
acc += load_u32(&rp[5]);
acc += bp[22 - 12];
acc += bp[22 - 12];
acc += bp[17 - 12];
@ -979,10 +1001,10 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
acc += bp[21 - 12];
acc += bp[23 - 12];
acc -= bp[16 - 12];
rp[5] = (unsigned int)acc;
store_lo32(&rp[5], acc);
acc >>= 32;
acc += rp[6];
acc += load_u32(&rp[6]);
acc += bp[23 - 12];
acc += bp[23 - 12];
acc += bp[18 - 12];
@ -990,48 +1012,48 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
acc += bp[14 - 12];
acc += bp[22 - 12];
acc -= bp[17 - 12];
rp[6] = (unsigned int)acc;
store_lo32(&rp[6], acc);
acc >>= 32;
acc += rp[7];
acc += load_u32(&rp[7]);
acc += bp[19 - 12];
acc += bp[16 - 12];
acc += bp[15 - 12];
acc += bp[23 - 12];
acc -= bp[18 - 12];
rp[7] = (unsigned int)acc;
store_lo32(&rp[7], acc);
acc >>= 32;
acc += rp[8];
acc += load_u32(&rp[8]);
acc += bp[20 - 12];
acc += bp[17 - 12];
acc += bp[16 - 12];
acc -= bp[19 - 12];
rp[8] = (unsigned int)acc;
store_lo32(&rp[8], acc);
acc >>= 32;
acc += rp[9];
acc += load_u32(&rp[9]);
acc += bp[21 - 12];
acc += bp[18 - 12];
acc += bp[17 - 12];
acc -= bp[20 - 12];
rp[9] = (unsigned int)acc;
store_lo32(&rp[9], acc);
acc >>= 32;
acc += rp[10];
acc += load_u32(&rp[10]);
acc += bp[22 - 12];
acc += bp[19 - 12];
acc += bp[18 - 12];
acc -= bp[21 - 12];
rp[10] = (unsigned int)acc;
store_lo32(&rp[10], acc);
acc >>= 32;
acc += rp[11];
acc += load_u32(&rp[11]);
acc += bp[23 - 12];
acc += bp[20 - 12];
acc += bp[19 - 12];
acc -= bp[22 - 12];
rp[11] = (unsigned int)acc;
store_lo32(&rp[11], acc);
carry = (int)(acc >> 32);
}

4
crypto/build.info
View file

@ -74,8 +74,8 @@ DEFINE[../providers/libfips.a]=$CPUIDDEF
# already gets everything that the static libcrypto.a has, and doesn't need it
# added again.
IF[{- !$disabled{module} && !$disabled{shared} -}]
SOURCE[../providers/liblegacy.a]=$CPUID_COMMON
DEFINE[../providers/liblegacy.a]=$CPUIDDEF
SOURCE[../providers/legacy]=$CPUID_COMMON
DEFINE[../providers/legacy]=$CPUIDDEF
ENDIF
# Implementations are now spread across several libraries, so the CPUID define

24
crypto/cms/cms_att.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2008-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -12,8 +12,9 @@
#include <openssl/x509v3.h>
#include <openssl/err.h>
#include <openssl/cms.h>
#include "cms_local.h"
#include "internal/nelem.h"
#include "crypto/x509.h"
#include "cms_local.h"
/*-
* Attribute flags.
@ -94,7 +95,7 @@ X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc)
int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr)
{
if (X509at_add1_attr(&si->signedAttrs, attr))
if (ossl_x509at_add1_attr(&si->signedAttrs, attr))
return 1;
return 0;
}
@ -103,7 +104,7 @@ int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si,
const ASN1_OBJECT *obj, int type,
const void *bytes, int len)
{
if (X509at_add1_attr_by_OBJ(&si->signedAttrs, obj, type, bytes, len))
if (ossl_x509at_add1_attr_by_OBJ(&si->signedAttrs, obj, type, bytes, len))
return 1;
return 0;
}
@ -111,7 +112,7 @@ int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si,
int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si,
int nid, int type, const void *bytes, int len)
{
if (X509at_add1_attr_by_NID(&si->signedAttrs, nid, type, bytes, len))
if (ossl_x509at_add1_attr_by_NID(&si->signedAttrs, nid, type, bytes, len))
return 1;
return 0;
}
@ -120,7 +121,8 @@ int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si,
const char *attrname, int type,
const void *bytes, int len)
{
if (X509at_add1_attr_by_txt(&si->signedAttrs, attrname, type, bytes, len))
if (ossl_x509at_add1_attr_by_txt(&si->signedAttrs, attrname, type, bytes,
len))
return 1;
return 0;
}
@ -161,7 +163,7 @@ X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc)
int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr)
{
if (X509at_add1_attr(&si->unsignedAttrs, attr))
if (ossl_x509at_add1_attr(&si->unsignedAttrs, attr))
return 1;
return 0;
}
@ -170,7 +172,7 @@ int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si,
const ASN1_OBJECT *obj, int type,
const void *bytes, int len)
{
if (X509at_add1_attr_by_OBJ(&si->unsignedAttrs, obj, type, bytes, len))
if (ossl_x509at_add1_attr_by_OBJ(&si->unsignedAttrs, obj, type, bytes, len))
return 1;
return 0;
}
@ -179,7 +181,7 @@ int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si,
int nid, int type,
const void *bytes, int len)
{
if (X509at_add1_attr_by_NID(&si->unsignedAttrs, nid, type, bytes, len))
if (ossl_x509at_add1_attr_by_NID(&si->unsignedAttrs, nid, type, bytes, len))
return 1;
return 0;
}
@ -188,8 +190,8 @@ int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si,
const char *attrname, int type,
const void *bytes, int len)
{
if (X509at_add1_attr_by_txt(&si->unsignedAttrs, attrname,
type, bytes, len))
if (ossl_x509at_add1_attr_by_txt(&si->unsignedAttrs, attrname,
type, bytes, len))
return 1;
return 0;
}

8
crypto/cms/cms_dh.c
View file

@ -316,10 +316,10 @@ static int dh_cms_encrypt(CMS_RecipientInfo *ri)
goto err;
ASN1_STRING_set0(wrap_str, penc, penclen);
penc = NULL;
X509_ALGOR_set0(talg, OBJ_nid2obj(NID_id_smime_alg_ESDH),
V_ASN1_SEQUENCE, wrap_str);
rv = 1;
rv = X509_ALGOR_set0(talg, OBJ_nid2obj(NID_id_smime_alg_ESDH),
V_ASN1_SEQUENCE, wrap_str);
if (!rv)
ASN1_STRING_free(wrap_str);
err:
OPENSSL_free(penc);

35
crypto/cms/cms_rsa.c
View file

@ -99,8 +99,10 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0)
goto err;
if (label != NULL
&& EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, label, labellen) <= 0)
&& EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, label, labellen) <= 0) {
OPENSSL_free(label);
goto err;
}
/* Carry on */
rv = 1;
@ -114,6 +116,7 @@ static int rsa_cms_encrypt(CMS_RecipientInfo *ri)
const EVP_MD *md, *mgf1md;
RSA_OAEP_PARAMS *oaep = NULL;
ASN1_STRING *os = NULL;
ASN1_OCTET_STRING *los = NULL;
X509_ALGOR *alg;
EVP_PKEY_CTX *pkctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
int pad_mode = RSA_PKCS1_PADDING, rv = 0, labellen;
@ -125,10 +128,10 @@ static int rsa_cms_encrypt(CMS_RecipientInfo *ri)
if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0)
return 0;
}
if (pad_mode == RSA_PKCS1_PADDING) {
X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), V_ASN1_NULL, 0);
return 1;
}
if (pad_mode == RSA_PKCS1_PADDING)
return X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption),
V_ASN1_NULL, NULL);
/* Not supported */
if (pad_mode != RSA_PKCS1_OAEP_PADDING)
return 0;
@ -147,30 +150,32 @@ static int rsa_cms_encrypt(CMS_RecipientInfo *ri)
if (!ossl_x509_algor_md_to_mgf1(&oaep->maskGenFunc, mgf1md))
goto err;
if (labellen > 0) {
ASN1_OCTET_STRING *los;
oaep->pSourceFunc = X509_ALGOR_new();
if (oaep->pSourceFunc == NULL)
goto err;
los = ASN1_OCTET_STRING_new();
if (los == NULL)
goto err;
if (!ASN1_OCTET_STRING_set(los, label, labellen)) {
ASN1_OCTET_STRING_free(los);
if (!ASN1_OCTET_STRING_set(los, label, labellen))
goto err;
}
X509_ALGOR_set0(oaep->pSourceFunc, OBJ_nid2obj(NID_pSpecified),
V_ASN1_OCTET_STRING, los);
if (!X509_ALGOR_set0(oaep->pSourceFunc, OBJ_nid2obj(NID_pSpecified),
V_ASN1_OCTET_STRING, los))
goto err;
los = NULL;
}
/* create string with pss parameter encoding. */
/* create string with oaep parameter encoding. */
if (!ASN1_item_pack(oaep, ASN1_ITEM_rptr(RSA_OAEP_PARAMS), &os))
goto err;
X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaesOaep), V_ASN1_SEQUENCE, os);
goto err;
if (!X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaesOaep), V_ASN1_SEQUENCE, os))
goto err;
os = NULL;
rv = 1;
err:
RSA_OAEP_PARAMS_free(oaep);
ASN1_STRING_free(os);
ASN1_OCTET_STRING_free(los);
return rv;
}

31
crypto/cms/cms_sd.c
View file

@ -1037,31 +1037,32 @@ int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs)
int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
int algnid, int keysize)
{
X509_ALGOR *alg;
X509_ALGOR *alg = NULL;
ASN1_INTEGER *key = NULL;
if (keysize > 0) {
key = ASN1_INTEGER_new();
if (key == NULL || !ASN1_INTEGER_set(key, keysize)) {
ASN1_INTEGER_free(key);
return 0;
}
if (key == NULL || !ASN1_INTEGER_set(key, keysize))
goto err;
}
alg = X509_ALGOR_new();
if (alg == NULL) {
ASN1_INTEGER_free(key);
return 0;
}
if (alg == NULL)
goto err;
X509_ALGOR_set0(alg, OBJ_nid2obj(algnid),
key ? V_ASN1_INTEGER : V_ASN1_UNDEF, key);
if (!X509_ALGOR_set0(alg, OBJ_nid2obj(algnid),
key ? V_ASN1_INTEGER : V_ASN1_UNDEF, key))
goto err;
key = NULL;
if (*algs == NULL)
*algs = sk_X509_ALGOR_new_null();
if (*algs == NULL || !sk_X509_ALGOR_push(*algs, alg)) {
X509_ALGOR_free(alg);
return 0;
}
if (*algs == NULL || !sk_X509_ALGOR_push(*algs, alg))
goto err;
return 1;
err:
ASN1_INTEGER_free(key);
X509_ALGOR_free(alg);
return 0;
}
/* Check to see if a cipher exists and if so add S/MIME capabilities */

3
crypto/cms/cms_smime.c
View file

@ -558,7 +558,7 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
{
CMS_SignerInfo *rct_si;
CMS_ContentInfo *cms = NULL;
ASN1_OCTET_STRING **pos, *os;
ASN1_OCTET_STRING **pos, *os = NULL;
BIO *rct_cont = NULL;
int r = 0;
const CMS_CTX *ctx = si->cms_ctx;
@ -620,6 +620,7 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
if (r)
return cms;
CMS_ContentInfo_free(cms);
ASN1_OCTET_STRING_free(os);
return NULL;
}

2
crypto/conf/conf_err.c
View file

@ -41,6 +41,8 @@ static const ERR_STRING_DATA CONF_str_reasons[] = {
"openssl conf references missing section"},
{ERR_PACK(ERR_LIB_CONF, 0, CONF_R_RECURSIVE_DIRECTORY_INCLUDE),
"recursive directory include"},
{ERR_PACK(ERR_LIB_CONF, 0, CONF_R_RECURSIVE_SECTION_REFERENCE),
"recursive section reference"},
{ERR_PACK(ERR_LIB_CONF, 0, CONF_R_RELATIVE_PATH), "relative path"},
{ERR_PACK(ERR_LIB_CONF, 0, CONF_R_SSL_COMMAND_SECTION_EMPTY),
"ssl command section empty"},

12
crypto/dh/dh_check.c
View file

@ -249,6 +249,18 @@ int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key)
*/
int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
{
/* Don't do any checks at all with an excessively large modulus */
if (BN_num_bits(dh->params.p) > OPENSSL_DH_CHECK_MAX_MODULUS_BITS) {
ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE);
*ret = DH_MODULUS_TOO_LARGE | DH_CHECK_PUBKEY_INVALID;
return 0;
}
if (dh->params.q != NULL && BN_ucmp(dh->params.p, dh->params.q) < 0) {
*ret |= DH_CHECK_INVALID_Q_VALUE | DH_CHECK_PUBKEY_INVALID;
return 1;
}
return ossl_ffc_validate_public_key(&dh->params, pub_key, ret);
}

3
crypto/dh/dh_err.c
View file

@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -54,6 +54,7 @@ static const ERR_STRING_DATA DH_str_reasons[] = {
{ERR_PACK(ERR_LIB_DH, 0, DH_R_PARAMETER_ENCODING_ERROR),
"parameter encoding error"},
{ERR_PACK(ERR_LIB_DH, 0, DH_R_PEER_KEY_ERROR), "peer key error"},
{ERR_PACK(ERR_LIB_DH, 0, DH_R_Q_TOO_LARGE), "q too large"},
{ERR_PACK(ERR_LIB_DH, 0, DH_R_SHARED_INFO_ERROR), "shared info error"},
{ERR_PACK(ERR_LIB_DH, 0, DH_R_UNABLE_TO_CHECK_GENERATOR),
"unable to check generator"},

12
crypto/dh/dh_key.c
View file

@ -49,6 +49,12 @@ int ossl_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
goto err;
}
if (dh->params.q != NULL
&& BN_num_bits(dh->params.q) > OPENSSL_DH_MAX_MODULUS_BITS) {
ERR_raise(ERR_LIB_DH, DH_R_Q_TOO_LARGE);
goto err;
}
if (BN_num_bits(dh->params.p) < DH_MIN_MODULUS_BITS) {
ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_SMALL);
return 0;
@ -267,6 +273,12 @@ static int generate_key(DH *dh)
return 0;
}
if (dh->params.q != NULL
&& BN_num_bits(dh->params.q) > OPENSSL_DH_MAX_MODULUS_BITS) {
ERR_raise(ERR_LIB_DH, DH_R_Q_TOO_LARGE);
return 0;
}
if (BN_num_bits(dh->params.p) < DH_MIN_MODULUS_BITS) {
ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_SMALL);
return 0;

489
crypto/dso/dso_vms.c Normal file
View file

@ -0,0 +1,489 @@
/*
* Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "dso_local.h"
#ifdef OPENSSL_SYS_VMS
# pragma message disable DOLLARID
# include <errno.h>
# include <rms.h>
# include <lib$routines.h>
# include <libfisdef.h>
# include <stsdef.h>
# include <descrip.h>
# include <starlet.h>
# include "../vms_rms.h"
/* Some compiler options may mask the declaration of "_malloc32". */
# if __INITIAL_POINTER_SIZE && defined _ANSI_C_SOURCE
# if __INITIAL_POINTER_SIZE == 64
# pragma pointer_size save
# pragma pointer_size 32
void *_malloc32(__size_t);
# pragma pointer_size restore
# endif /* __INITIAL_POINTER_SIZE == 64 */
# endif /* __INITIAL_POINTER_SIZE && defined
* _ANSI_C_SOURCE */
# pragma message disable DOLLARID
static int vms_load(DSO *dso);
static int vms_unload(DSO *dso);
static DSO_FUNC_TYPE vms_bind_func(DSO *dso, const char *symname);
static char *vms_name_converter(DSO *dso, const char *filename);
static char *vms_merger(DSO *dso, const char *filespec1,
const char *filespec2);
static DSO_METHOD dso_meth_vms = {
"OpenSSL 'VMS' shared library method",
vms_load,
NULL, /* unload */
vms_bind_func,
NULL, /* ctrl */
vms_name_converter,
vms_merger,
NULL, /* init */
NULL, /* finish */
NULL, /* pathbyaddr */
NULL /* globallookup */
};
/*
* On VMS, the only "handle" is the file name. LIB$FIND_IMAGE_SYMBOL depends
* on the reference to the file name being the same for all calls regarding
* one shared image, so we'll just store it in an instance of the following
* structure and put a pointer to that instance in the meth_data stack.
*/
typedef struct dso_internal_st {
/*
* This should contain the name only, no directory, no extension, nothing
* but a name.
*/
struct dsc$descriptor_s filename_dsc;
char filename[NAMX_MAXRSS + 1];
/*
* This contains whatever is not in filename, if needed. Normally not
* defined.
*/
struct dsc$descriptor_s imagename_dsc;
char imagename[NAMX_MAXRSS + 1];
} DSO_VMS_INTERNAL;
DSO_METHOD *DSO_METHOD_openssl(void)
{
return &dso_meth_vms;
}
static int vms_load(DSO *dso)
{
void *ptr = NULL;
/* See applicable comments in dso_dl.c */
char *filename = DSO_convert_filename(dso, NULL);
/* Ensure 32-bit pointer for "p", and appropriate malloc() function. */
# if __INITIAL_POINTER_SIZE == 64
# define DSO_MALLOC _malloc32
# pragma pointer_size save
# pragma pointer_size 32
# else /* __INITIAL_POINTER_SIZE == 64 */
# define DSO_MALLOC OPENSSL_malloc
# endif /* __INITIAL_POINTER_SIZE == 64 [else] */
DSO_VMS_INTERNAL *p = NULL;
# if __INITIAL_POINTER_SIZE == 64
# pragma pointer_size restore
# endif /* __INITIAL_POINTER_SIZE == 64 */
const char *sp1, *sp2; /* Search result */
const char *ext = NULL; /* possible extension to add */
if (filename == NULL) {
ERR_raise(ERR_LIB_DSO, DSO_R_NO_FILENAME);
goto err;
}
/*-
* A file specification may look like this:
*
* node::dev:[dir-spec]name.type;ver
*
* or (for compatibility with TOPS-20):
*
* node::dev:<dir-spec>name.type;ver
*
* and the dir-spec uses '.' as separator. Also, a dir-spec
* may consist of several parts, with mixed use of [] and <>:
*
* [dir1.]<dir2>
*
* We need to split the file specification into the name and
* the rest (both before and after the name itself).
*/
/*
* Start with trying to find the end of a dir-spec, and save the position
* of the byte after in sp1
*/
sp1 = strrchr(filename, ']');
sp2 = strrchr(filename, '>');
if (sp1 == NULL)
sp1 = sp2;
if (sp2 != NULL && sp2 > sp1)
sp1 = sp2;
if (sp1 == NULL)
sp1 = strrchr(filename, ':');
if (sp1 == NULL)
sp1 = filename;
else
sp1++; /* The byte after the found character */
/* Now, let's see if there's a type, and save the position in sp2 */
sp2 = strchr(sp1, '.');
/*
* If there is a period and the next character is a semi-colon,
* we need to add an extension
*/
if (sp2 != NULL && sp2[1] == ';')
ext = ".EXE";
/*
* If we found it, that's where we'll cut. Otherwise, look for a version
* number and save the position in sp2
*/
if (sp2 == NULL) {
sp2 = strchr(sp1, ';');
ext = ".EXE";
}
/*
* If there was still nothing to find, set sp2 to point at the end of the
* string
*/
if (sp2 == NULL)
sp2 = sp1 + strlen(sp1);
/* Check that we won't get buffer overflows */
if (sp2 - sp1 > FILENAME_MAX
|| (sp1 - filename) + strlen(sp2) > FILENAME_MAX) {
ERR_raise(ERR_LIB_DSO, DSO_R_FILENAME_TOO_BIG);
goto err;
}
p = DSO_MALLOC(sizeof(*p));
if (p == NULL) {
ERR_raise(ERR_LIB_DSO, ERR_R_MALLOC_FAILURE);
goto err;
}
strncpy(p->filename, sp1, sp2 - sp1);
p->filename[sp2 - sp1] = '\0';
strncpy(p->imagename, filename, sp1 - filename);
p->imagename[sp1 - filename] = '\0';
if (ext) {
strcat(p->imagename, ext);
if (*sp2 == '.')
sp2++;
}
strcat(p->imagename, sp2);
p->filename_dsc.dsc$w_length = strlen(p->filename);
p->filename_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
p->filename_dsc.dsc$b_class = DSC$K_CLASS_S;
p->filename_dsc.dsc$a_pointer = p->filename;
p->imagename_dsc.dsc$w_length = strlen(p->imagename);
p->imagename_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
p->imagename_dsc.dsc$b_class = DSC$K_CLASS_S;
p->imagename_dsc.dsc$a_pointer = p->imagename;
if (!sk_void_push(dso->meth_data, (char *)p)) {
ERR_raise(ERR_LIB_DSO, DSO_R_STACK_ERROR);
goto err;
}
/* Success (for now, we lie. We actually do not know...) */
dso->loaded_filename = filename;
return 1;
err:
/* Cleanup! */
OPENSSL_free(p);
OPENSSL_free(filename);
return 0;
}
/*
* Note that this doesn't actually unload the shared image, as there is no
* such thing in VMS. Next time it get loaded again, a new copy will
* actually be loaded.
*/
static int vms_unload(DSO *dso)
{
DSO_VMS_INTERNAL *p;
if (dso == NULL) {
ERR_raise(ERR_LIB_DSO, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (sk_void_num(dso->meth_data) < 1)
return 1;
p = (DSO_VMS_INTERNAL *)sk_void_pop(dso->meth_data);
if (p == NULL) {
ERR_raise(ERR_LIB_DSO, DSO_R_NULL_HANDLE);
return 0;
}
/* Cleanup */
OPENSSL_free(p);
return 1;
}
/*
* We must do this in a separate function because of the way the exception
* handler works (it makes this function return
*/
static int do_find_symbol(DSO_VMS_INTERNAL *ptr,
struct dsc$descriptor_s *symname_dsc, void **sym,
unsigned long flags)
{
/*
* Make sure that signals are caught and returned instead of aborting the
* program. The exception handler gets unestablished automatically on
* return from this function.
*/
lib$establish(lib$sig_to_ret);
if (ptr->imagename_dsc.dsc$w_length)
return lib$find_image_symbol(&ptr->filename_dsc,
symname_dsc, sym,
&ptr->imagename_dsc, flags);
else
return lib$find_image_symbol(&ptr->filename_dsc,
symname_dsc, sym, 0, flags);
}
# ifndef LIB$M_FIS_MIXEDCASE
# define LIB$M_FIS_MIXEDCASE (1 << 4);
# endif
void vms_bind_sym(DSO *dso, const char *symname, void **sym)
{
DSO_VMS_INTERNAL *ptr;
int status = 0;
struct dsc$descriptor_s symname_dsc;
/* Arrange 32-bit pointer to (copied) string storage, if needed. */
# if __INITIAL_POINTER_SIZE == 64
# define SYMNAME symname_32p
# pragma pointer_size save
# pragma pointer_size 32
char *symname_32p;
# pragma pointer_size restore
char symname_32[NAMX_MAXRSS + 1];
# else /* __INITIAL_POINTER_SIZE == 64 */
# define SYMNAME ((char *) symname)
# endif /* __INITIAL_POINTER_SIZE == 64 [else] */
*sym = NULL;
if ((dso == NULL) || (symname == NULL)) {
ERR_raise(ERR_LIB_DSO, ERR_R_PASSED_NULL_PARAMETER);
return;
}
# if __INITIAL_POINTER_SIZE == 64
/* Copy the symbol name to storage with a 32-bit pointer. */
symname_32p = symname_32;
strcpy(symname_32p, symname);
# endif /* __INITIAL_POINTER_SIZE == 64 [else] */
symname_dsc.dsc$w_length = strlen(SYMNAME);
symname_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
symname_dsc.dsc$b_class = DSC$K_CLASS_S;
symname_dsc.dsc$a_pointer = SYMNAME;
if (sk_void_num(dso->meth_data) < 1) {
ERR_raise(ERR_LIB_DSO, DSO_R_STACK_ERROR);
return;
}
ptr = (DSO_VMS_INTERNAL *)sk_void_value(dso->meth_data,
sk_void_num(dso->meth_data) - 1);
if (ptr == NULL) {
ERR_raise(ERR_LIB_DSO, DSO_R_NULL_HANDLE);
return;
}
status = do_find_symbol(ptr, &symname_dsc, sym, LIB$M_FIS_MIXEDCASE);
if (!$VMS_STATUS_SUCCESS(status))
status = do_find_symbol(ptr, &symname_dsc, sym, 0);
if (!$VMS_STATUS_SUCCESS(status)) {
unsigned short length;
char errstring[257];
struct dsc$descriptor_s errstring_dsc;
errstring_dsc.dsc$w_length = sizeof(errstring);
errstring_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
errstring_dsc.dsc$b_class = DSC$K_CLASS_S;
errstring_dsc.dsc$a_pointer = errstring;
*sym = NULL;
status = sys$getmsg(status, &length, &errstring_dsc, 1, 0);
if (!$VMS_STATUS_SUCCESS(status))
lib$signal(status); /* This is really bad. Abort! */
else {
errstring[length] = '\0';
if (ptr->imagename_dsc.dsc$w_length)
ERR_raise_data(ERR_LIB_DSO, DSO_R_SYM_FAILURE,
"Symbol %s in %s (%s): %s",
symname, ptr->filename, ptr->imagename,
errstring);
else
ERR_raise_data(ERR_LIB_DSO, DSO_R_SYM_FAILURE,
"Symbol %s in %s: %s",
symname, ptr->filename, errstring);
}
return;
}
return;
}
static DSO_FUNC_TYPE vms_bind_func(DSO *dso, const char *symname)
{
DSO_FUNC_TYPE sym = 0;
vms_bind_sym(dso, symname, (void **)&sym);
return sym;
}
static char *vms_merger(DSO *dso, const char *filespec1,
const char *filespec2)
{
int status;
int filespec1len, filespec2len;
struct FAB fab;
struct NAMX_STRUCT nam;
char esa[NAMX_MAXRSS + 1];
char *merged;
/* Arrange 32-bit pointer to (copied) string storage, if needed. */
# if __INITIAL_POINTER_SIZE == 64
# define FILESPEC1 filespec1_32p;
# define FILESPEC2 filespec2_32p;
# pragma pointer_size save
# pragma pointer_size 32
char *filespec1_32p;
char *filespec2_32p;
# pragma pointer_size restore
char filespec1_32[NAMX_MAXRSS + 1];
char filespec2_32[NAMX_MAXRSS + 1];
# else /* __INITIAL_POINTER_SIZE == 64 */
# define FILESPEC1 ((char *) filespec1)
# define FILESPEC2 ((char *) filespec2)
# endif /* __INITIAL_POINTER_SIZE == 64 [else] */
if (!filespec1)
filespec1 = "";
if (!filespec2)
filespec2 = "";
filespec1len = strlen(filespec1);
filespec2len = strlen(filespec2);
# if __INITIAL_POINTER_SIZE == 64
/* Copy the file names to storage with a 32-bit pointer. */
filespec1_32p = filespec1_32;
filespec2_32p = filespec2_32;
strcpy(filespec1_32p, filespec1);
strcpy(filespec2_32p, filespec2);
# endif /* __INITIAL_POINTER_SIZE == 64 [else] */
fab = cc$rms_fab;
nam = CC_RMS_NAMX;
FAB_OR_NAML(fab, nam).FAB_OR_NAML_FNA = FILESPEC1;
FAB_OR_NAML(fab, nam).FAB_OR_NAML_FNS = filespec1len;
FAB_OR_NAML(fab, nam).FAB_OR_NAML_DNA = FILESPEC2;
FAB_OR_NAML(fab, nam).FAB_OR_NAML_DNS = filespec2len;
NAMX_DNA_FNA_SET(fab)
nam.NAMX_ESA = esa;
nam.NAMX_ESS = NAMX_MAXRSS;
nam.NAMX_NOP = NAM$M_SYNCHK | NAM$M_PWD;
SET_NAMX_NO_SHORT_UPCASE(nam);
fab.FAB_NAMX = &nam;
status = sys$parse(&fab, 0, 0);
if (!$VMS_STATUS_SUCCESS(status)) {
unsigned short length;
char errstring[257];
struct dsc$descriptor_s errstring_dsc;
errstring_dsc.dsc$w_length = sizeof(errstring);
errstring_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
errstring_dsc.dsc$b_class = DSC$K_CLASS_S;
errstring_dsc.dsc$a_pointer = errstring;
status = sys$getmsg(status, &length, &errstring_dsc, 1, 0);
if (!$VMS_STATUS_SUCCESS(status))
lib$signal(status); /* This is really bad. Abort! */
else {
errstring[length] = '\0';
ERR_raise_data(ERR_LIB_DSO, DSO_R_FAILURE,
"filespec \"%s\", default \"%s\": %s",
filespec1, filespec2, errstring);
}
return NULL;
}
merged = OPENSSL_malloc(nam.NAMX_ESL + 1);
if (merged == NULL)
goto malloc_err;
strncpy(merged, nam.NAMX_ESA, nam.NAMX_ESL);
merged[nam.NAMX_ESL] = '\0';
return merged;
malloc_err:
ERR_raise(ERR_LIB_DSO, ERR_R_MALLOC_FAILURE);
}
static char *vms_name_converter(DSO *dso, const char *filename)
{
char *translated;
int len, transform;
const char *p;
len = strlen(filename);
p = strchr(filename, ':');
if (p != NULL) {
transform = 0;
} else {
p = filename;
transform = (strrchr(p, '>') == NULL && strrchr(p, ']') == NULL);
}
if (transform) {
int rsize = len + sizeof(DSO_EXTENSION);
if ((translated = OPENSSL_malloc(rsize)) != NULL) {
p = strrchr(filename, ';');
if (p != NULL)
len = p - filename;
strncpy(translated, filename, len);
translated[len] = '\0';
strcat(translated, DSO_EXTENSION);
if (p != NULL)
strcat(translated, p);
}
} else {
translated = OPENSSL_strdup(filename);
}
return translated;
}
#endif /* OPENSSL_SYS_VMS */

671
crypto/dso/dso_win32.c Normal file
View file

@ -0,0 +1,671 @@
/*
* Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "e_os.h"
#include "dso_local.h"
#if defined(DSO_WIN32)
# ifdef _WIN32_WCE
# if _WIN32_WCE < 300
static FARPROC GetProcAddressA(HMODULE hModule, LPCSTR lpProcName)
{
WCHAR lpProcNameW[64];
int i;
for (i = 0; lpProcName[i] && i < 64; i++)
lpProcNameW[i] = (WCHAR)lpProcName[i];
if (i == 64)
return NULL;
lpProcNameW[i] = 0;
return GetProcAddressW(hModule, lpProcNameW);
}
# endif
# undef GetProcAddress
# define GetProcAddress GetProcAddressA
static HINSTANCE LoadLibraryA(LPCSTR lpLibFileName)
{
WCHAR *fnamw;
size_t len_0 = strlen(lpLibFileName) + 1, i;
# ifdef _MSC_VER
fnamw = (WCHAR *)_alloca(len_0 * sizeof(WCHAR));
# else
fnamw = (WCHAR *)alloca(len_0 * sizeof(WCHAR));
# endif
if (fnamw == NULL) {
SetLastError(ERROR_NOT_ENOUGH_MEMORY);
return NULL;
}
# if defined(_WIN32_WCE) && _WIN32_WCE>=101
if (!MultiByteToWideChar(CP_ACP, 0, lpLibFileName, len_0, fnamw, len_0))
# endif
for (i = 0; i < len_0; i++)
fnamw[i] = (WCHAR)lpLibFileName[i];
return LoadLibraryW(fnamw);
}
# endif
/* Part of the hack in "win32_load" ... */
# define DSO_MAX_TRANSLATED_SIZE 256
static int win32_load(DSO *dso);
static int win32_unload(DSO *dso);
static DSO_FUNC_TYPE win32_bind_func(DSO *dso, const char *symname);
static char *win32_name_converter(DSO *dso, const char *filename);
static char *win32_merger(DSO *dso, const char *filespec1,
const char *filespec2);
static int win32_pathbyaddr(void *addr, char *path, int sz);
static void *win32_globallookup(const char *name);
static const char *openssl_strnchr(const char *string, int c, size_t len);
static DSO_METHOD dso_meth_win32 = {
"OpenSSL 'win32' shared library method",
win32_load,
win32_unload,
win32_bind_func,
NULL, /* ctrl */
win32_name_converter,
win32_merger,
NULL, /* init */
NULL, /* finish */
win32_pathbyaddr, /* pathbyaddr */
win32_globallookup
};
DSO_METHOD *DSO_METHOD_openssl(void)
{
return &dso_meth_win32;
}
/*
* For this DSO_METHOD, our meth_data STACK will contain; (i) a pointer to
* the handle (HINSTANCE) returned from LoadLibrary(), and copied.
*/
static int win32_load(DSO *dso)
{
HINSTANCE h = NULL, *p = NULL;
/* See applicable comments from dso_dl.c */
char *filename = DSO_convert_filename(dso, NULL);
if (filename == NULL) {
ERR_raise(ERR_LIB_DSO, DSO_R_NO_FILENAME);
goto err;
}
h = LoadLibraryA(filename);
if (h == NULL) {
ERR_raise_data(ERR_LIB_DSO, DSO_R_LOAD_FAILED,
"filename(%s)", filename);
goto err;
}
p = OPENSSL_malloc(sizeof(*p));
if (p == NULL) {
ERR_raise(ERR_LIB_DSO, ERR_R_MALLOC_FAILURE);
goto err;
}
*p = h;
if (!sk_void_push(dso->meth_data, p)) {
ERR_raise(ERR_LIB_DSO, DSO_R_STACK_ERROR);
goto err;
}
/* Success */
dso->loaded_filename = filename;
return 1;
err:
/* Cleanup ! */
OPENSSL_free(filename);
OPENSSL_free(p);
if (h != NULL)
FreeLibrary(h);
return 0;
}
static int win32_unload(DSO *dso)
{
HINSTANCE *p;
if (dso == NULL) {
ERR_raise(ERR_LIB_DSO, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (sk_void_num(dso->meth_data) < 1)
return 1;
p = sk_void_pop(dso->meth_data);
if (p == NULL) {
ERR_raise(ERR_LIB_DSO, DSO_R_NULL_HANDLE);
return 0;
}
if (!FreeLibrary(*p)) {
ERR_raise(ERR_LIB_DSO, DSO_R_UNLOAD_FAILED);
/*
* We should push the value back onto the stack in case of a retry.
*/
sk_void_push(dso->meth_data, p);
return 0;
}
/* Cleanup */
OPENSSL_free(p);
return 1;
}
static DSO_FUNC_TYPE win32_bind_func(DSO *dso, const char *symname)
{
HINSTANCE *ptr;
union {
void *p;
FARPROC f;
} sym;
if ((dso == NULL) || (symname == NULL)) {
ERR_raise(ERR_LIB_DSO, ERR_R_PASSED_NULL_PARAMETER);
return NULL;
}
if (sk_void_num(dso->meth_data) < 1) {
ERR_raise(ERR_LIB_DSO, DSO_R_STACK_ERROR);
return NULL;
}
ptr = sk_void_value(dso->meth_data, sk_void_num(dso->meth_data) - 1);
if (ptr == NULL) {
ERR_raise(ERR_LIB_DSO, DSO_R_NULL_HANDLE);
return NULL;
}
sym.f = GetProcAddress(*ptr, symname);
if (sym.p == NULL) {
ERR_raise_data(ERR_LIB_DSO, DSO_R_SYM_FAILURE, "symname(%s)", symname);
return NULL;
}
return (DSO_FUNC_TYPE)sym.f;
}
struct file_st {
const char *node;
int nodelen;
const char *device;
int devicelen;
const char *predir;
int predirlen;
const char *dir;
int dirlen;
const char *file;
int filelen;
};
static struct file_st *win32_splitter(DSO *dso, const char *filename,
int assume_last_is_dir)
{
struct file_st *result = NULL;
enum { IN_NODE, IN_DEVICE, IN_FILE } position;
const char *start = filename;
char last;
if (!filename) {
ERR_raise(ERR_LIB_DSO, DSO_R_NO_FILENAME);
return NULL;
}
result = OPENSSL_zalloc(sizeof(*result));
if (result == NULL) {
ERR_raise(ERR_LIB_DSO, ERR_R_MALLOC_FAILURE);
return NULL;
}
position = IN_DEVICE;
if ((filename[0] == '\\' && filename[1] == '\\')
|| (filename[0] == '/' && filename[1] == '/')) {
position = IN_NODE;
filename += 2;
start = filename;
result->node = start;
}
do {
last = filename[0];
switch (last) {
case ':':
if (position != IN_DEVICE) {
ERR_raise(ERR_LIB_DSO, DSO_R_INCORRECT_FILE_SYNTAX);
OPENSSL_free(result);
return NULL;
}
result->device = start;
result->devicelen = (int)(filename - start);
position = IN_FILE;
start = ++filename;
result->dir = start;
break;
case '\\':
case '/':
if (position == IN_NODE) {
result->nodelen = (int)(filename - start);
position = IN_FILE;
start = ++filename;
result->dir = start;
} else if (position == IN_DEVICE) {
position = IN_FILE;
filename++;
result->dir = start;
result->dirlen = (int)(filename - start);
start = filename;
} else {
filename++;
result->dirlen += (int)(filename - start);
start = filename;
}
break;
case '\0':
if (position == IN_NODE) {
result->nodelen = (int)(filename - start);
} else {
if (filename - start > 0) {
if (assume_last_is_dir) {
if (position == IN_DEVICE) {
result->dir = start;
result->dirlen = 0;
}
result->dirlen += (int)(filename - start);
} else {
result->file = start;
result->filelen = (int)(filename - start);
}
}
}
break;
default:
filename++;
break;
}
}
while (last);
if (!result->nodelen)
result->node = NULL;
if (!result->devicelen)
result->device = NULL;
if (!result->dirlen)
result->dir = NULL;
if (!result->filelen)
result->file = NULL;
return result;
}
static char *win32_joiner(DSO *dso, const struct file_st *file_split)
{
int len = 0, offset = 0;
char *result = NULL;
const char *start;
if (!file_split) {
ERR_raise(ERR_LIB_DSO, ERR_R_PASSED_NULL_PARAMETER);
return NULL;
}
if (file_split->node) {
len += 2 + file_split->nodelen; /* 2 for starting \\ */
if (file_split->predir || file_split->dir || file_split->file)
len++; /* 1 for ending \ */
} else if (file_split->device) {
len += file_split->devicelen + 1; /* 1 for ending : */
}
len += file_split->predirlen;
if (file_split->predir && (file_split->dir || file_split->file)) {
len++; /* 1 for ending \ */
}
len += file_split->dirlen;
if (file_split->dir && file_split->file) {
len++; /* 1 for ending \ */
}
len += file_split->filelen;
if (!len) {
ERR_raise(ERR_LIB_DSO, DSO_R_EMPTY_FILE_STRUCTURE);
return NULL;
}
result = OPENSSL_malloc(len + 1);
if (result == NULL) {
ERR_raise(ERR_LIB_DSO, ERR_R_MALLOC_FAILURE);
return NULL;
}
if (file_split->node) {
strcpy(&result[offset], "\\\\");
offset += 2;
strncpy(&result[offset], file_split->node, file_split->nodelen);
offset += file_split->nodelen;
if (file_split->predir || file_split->dir || file_split->file) {
result[offset] = '\\';
offset++;
}
} else if (file_split->device) {
strncpy(&result[offset], file_split->device, file_split->devicelen);
offset += file_split->devicelen;
result[offset] = ':';
offset++;
}
start = file_split->predir;
while (file_split->predirlen > (start - file_split->predir)) {
const char *end = openssl_strnchr(start, '/',
file_split->predirlen - (start -
file_split->predir));
if (!end)
end = start
+ file_split->predirlen - (start - file_split->predir);
strncpy(&result[offset], start, end - start);
offset += (int)(end - start);
result[offset] = '\\';
offset++;
start = end + 1;
}
start = file_split->dir;
while (file_split->dirlen > (start - file_split->dir)) {
const char *end = openssl_strnchr(start, '/',
file_split->dirlen - (start -
file_split->dir));
if (!end)
end = start + file_split->dirlen - (start - file_split->dir);
strncpy(&result[offset], start, end - start);
offset += (int)(end - start);
result[offset] = '\\';
offset++;
start = end + 1;
}
strncpy(&result[offset], file_split->file, file_split->filelen);
offset += file_split->filelen;
result[offset] = '\0';
return result;
}
static char *win32_merger(DSO *dso, const char *filespec1,
const char *filespec2)
{
char *merged = NULL;
struct file_st *filespec1_split = NULL;
struct file_st *filespec2_split = NULL;
if (!filespec1 && !filespec2) {
ERR_raise(ERR_LIB_DSO, ERR_R_PASSED_NULL_PARAMETER);
return NULL;
}
if (!filespec2) {
merged = OPENSSL_strdup(filespec1);
if (merged == NULL) {
ERR_raise(ERR_LIB_DSO, ERR_R_MALLOC_FAILURE);
return NULL;
}
} else if (!filespec1) {
merged = OPENSSL_strdup(filespec2);
if (merged == NULL) {
ERR_raise(ERR_LIB_DSO, ERR_R_MALLOC_FAILURE);
return NULL;
}
} else {
filespec1_split = win32_splitter(dso, filespec1, 0);
if (!filespec1_split) {
ERR_raise(ERR_LIB_DSO, ERR_R_MALLOC_FAILURE);
return NULL;
}
filespec2_split = win32_splitter(dso, filespec2, 1);
if (!filespec2_split) {
ERR_raise(ERR_LIB_DSO, ERR_R_MALLOC_FAILURE);
OPENSSL_free(filespec1_split);
return NULL;
}
/* Fill in into filespec1_split */
if (!filespec1_split->node && !filespec1_split->device) {
filespec1_split->node = filespec2_split->node;
filespec1_split->nodelen = filespec2_split->nodelen;
filespec1_split->device = filespec2_split->device;
filespec1_split->devicelen = filespec2_split->devicelen;
}
if (!filespec1_split->dir) {
filespec1_split->dir = filespec2_split->dir;
filespec1_split->dirlen = filespec2_split->dirlen;
} else if (filespec1_split->dir[0] != '\\'
&& filespec1_split->dir[0] != '/') {
filespec1_split->predir = filespec2_split->dir;
filespec1_split->predirlen = filespec2_split->dirlen;
}
if (!filespec1_split->file) {
filespec1_split->file = filespec2_split->file;
filespec1_split->filelen = filespec2_split->filelen;
}
merged = win32_joiner(dso, filespec1_split);
}
OPENSSL_free(filespec1_split);
OPENSSL_free(filespec2_split);
return merged;
}
static char *win32_name_converter(DSO *dso, const char *filename)
{
char *translated;
int len, transform;
len = strlen(filename);
transform = ((strstr(filename, "/") == NULL) &&
(strstr(filename, "\\") == NULL) &&
(strstr(filename, ":") == NULL));
if (transform)
/* We will convert this to "%s.dll" */
translated = OPENSSL_malloc(len + 5);
else
/* We will simply duplicate filename */
translated = OPENSSL_malloc(len + 1);
if (translated == NULL) {
ERR_raise(ERR_LIB_DSO, DSO_R_NAME_TRANSLATION_FAILED);
return NULL;
}
if (transform)
sprintf(translated, "%s.dll", filename);
else
sprintf(translated, "%s", filename);
return translated;
}
static const char *openssl_strnchr(const char *string, int c, size_t len)
{
size_t i;
const char *p;
for (i = 0, p = string; i < len && *p; i++, p++) {
if (*p == c)
return p;
}
return NULL;
}
# include <tlhelp32.h>
# ifdef _WIN32_WCE
# define DLLNAME "TOOLHELP.DLL"
# else
# ifdef MODULEENTRY32
# undef MODULEENTRY32 /* unmask the ASCII version! */
# endif
# define DLLNAME "KERNEL32.DLL"
# endif
typedef HANDLE(WINAPI *CREATETOOLHELP32SNAPSHOT) (DWORD, DWORD);
typedef BOOL(WINAPI *CLOSETOOLHELP32SNAPSHOT) (HANDLE);
typedef BOOL(WINAPI *MODULE32) (HANDLE, MODULEENTRY32 *);
static int win32_pathbyaddr(void *addr, char *path, int sz)
{
HMODULE dll;
HANDLE hModuleSnap = INVALID_HANDLE_VALUE;
MODULEENTRY32 me32;
CREATETOOLHELP32SNAPSHOT create_snap;
CLOSETOOLHELP32SNAPSHOT close_snap;
MODULE32 module_first, module_next;
if (addr == NULL) {
union {
int (*f) (void *, char *, int);
void *p;
} t = {
win32_pathbyaddr
};
addr = t.p;
}
dll = LoadLibrary(TEXT(DLLNAME));
if (dll == NULL) {
ERR_raise(ERR_LIB_DSO, DSO_R_UNSUPPORTED);
return -1;
}
create_snap = (CREATETOOLHELP32SNAPSHOT)
GetProcAddress(dll, "CreateToolhelp32Snapshot");
if (create_snap == NULL) {
FreeLibrary(dll);
ERR_raise(ERR_LIB_DSO, DSO_R_UNSUPPORTED);
return -1;
}
/* We take the rest for granted... */
# ifdef _WIN32_WCE
close_snap = (CLOSETOOLHELP32SNAPSHOT)
GetProcAddress(dll, "CloseToolhelp32Snapshot");
# else
close_snap = (CLOSETOOLHELP32SNAPSHOT) CloseHandle;
# endif
module_first = (MODULE32) GetProcAddress(dll, "Module32First");
module_next = (MODULE32) GetProcAddress(dll, "Module32Next");
/*
* Take a snapshot of current process which includes
* list of all involved modules.
*/
hModuleSnap = (*create_snap) (TH32CS_SNAPMODULE, 0);
if (hModuleSnap == INVALID_HANDLE_VALUE) {
FreeLibrary(dll);
ERR_raise(ERR_LIB_DSO, DSO_R_UNSUPPORTED);
return -1;
}
me32.dwSize = sizeof(me32);
if (!(*module_first) (hModuleSnap, &me32)) {
(*close_snap) (hModuleSnap);
FreeLibrary(dll);
ERR_raise(ERR_LIB_DSO, DSO_R_FAILURE);
return -1;
}
/* Enumerate the modules to find one which includes me. */
do {
if ((size_t) addr >= (size_t) me32.modBaseAddr &&
(size_t) addr < (size_t) (me32.modBaseAddr + me32.modBaseSize)) {
(*close_snap) (hModuleSnap);
FreeLibrary(dll);
# ifdef _WIN32_WCE
# if _WIN32_WCE >= 101
return WideCharToMultiByte(CP_ACP, 0, me32.szExePath, -1,
path, sz, NULL, NULL);
# else
{
int i, len = (int)wcslen(me32.szExePath);
if (sz <= 0)
return len + 1;
if (len >= sz)
len = sz - 1;
for (i = 0; i < len; i++)
path[i] = (char)me32.szExePath[i];
path[len++] = '\0';
return len;
}
# endif
# else
{
int len = (int)strlen(me32.szExePath);
if (sz <= 0)
return len + 1;
if (len >= sz)
len = sz - 1;
memcpy(path, me32.szExePath, len);
path[len++] = '\0';
return len;
}
# endif
}
} while ((*module_next) (hModuleSnap, &me32));
(*close_snap) (hModuleSnap);
FreeLibrary(dll);
return 0;
}
static void *win32_globallookup(const char *name)
{
HMODULE dll;
HANDLE hModuleSnap = INVALID_HANDLE_VALUE;
MODULEENTRY32 me32;
CREATETOOLHELP32SNAPSHOT create_snap;
CLOSETOOLHELP32SNAPSHOT close_snap;
MODULE32 module_first, module_next;
union {
void *p;
FARPROC f;
} ret = { NULL };
dll = LoadLibrary(TEXT(DLLNAME));
if (dll == NULL) {
ERR_raise(ERR_LIB_DSO, DSO_R_UNSUPPORTED);
return NULL;
}
create_snap = (CREATETOOLHELP32SNAPSHOT)
GetProcAddress(dll, "CreateToolhelp32Snapshot");
if (create_snap == NULL) {
FreeLibrary(dll);
ERR_raise(ERR_LIB_DSO, DSO_R_UNSUPPORTED);
return NULL;
}
/* We take the rest for granted... */
# ifdef _WIN32_WCE
close_snap = (CLOSETOOLHELP32SNAPSHOT)
GetProcAddress(dll, "CloseToolhelp32Snapshot");
# else
close_snap = (CLOSETOOLHELP32SNAPSHOT) CloseHandle;
# endif
module_first = (MODULE32) GetProcAddress(dll, "Module32First");
module_next = (MODULE32) GetProcAddress(dll, "Module32Next");
hModuleSnap = (*create_snap) (TH32CS_SNAPMODULE, 0);
if (hModuleSnap == INVALID_HANDLE_VALUE) {
FreeLibrary(dll);
ERR_raise(ERR_LIB_DSO, DSO_R_UNSUPPORTED);
return NULL;
}
me32.dwSize = sizeof(me32);
if (!(*module_first) (hModuleSnap, &me32)) {
(*close_snap) (hModuleSnap);
FreeLibrary(dll);
return NULL;
}
do {
if ((ret.f = GetProcAddress(me32.hModule, name))) {
(*close_snap) (hModuleSnap);
FreeLibrary(dll);
return ret.p;
}
} while ((*module_next) (hModuleSnap, &me32));
(*close_snap) (hModuleSnap);
FreeLibrary(dll);
return NULL;
}
#endif /* DSO_WIN32 */

9
crypto/ec/ecx_backend.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -122,7 +122,7 @@ ECX_KEY *ossl_ecx_key_dup(const ECX_KEY *key, int selection)
}
ret->libctx = key->libctx;
ret->haspubkey = key->haspubkey;
ret->haspubkey = 0;
ret->keylen = key->keylen;
ret->type = key->type;
ret->references = 1;
@ -133,8 +133,11 @@ ECX_KEY *ossl_ecx_key_dup(const ECX_KEY *key, int selection)
goto err;
}
if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0
&& key->haspubkey == 1) {
memcpy(ret->pubkey, key->pubkey, sizeof(ret->pubkey));
ret->haspubkey = 1;
}
if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0
&& key->privkey != NULL) {

81
crypto/err/openssl.ec Normal file
View file

@ -0,0 +1,81 @@
# configuration file for util/mkerr.pl
# The INPUT HEADER is scanned for declarations
# LIBNAME PUBLIC HEADER ERROR-TABLE FILE INTERNAL HEADER (if relevant)
L ERR NONE NONE
L FUNC NONE NONE
L BN include/openssl/bnerr.h crypto/bn/bn_err.c include/crypto/bnerr.h
L RSA include/openssl/rsaerr.h crypto/rsa/rsa_err.c include/crypto/rsaerr.h
L DH include/openssl/dherr.h crypto/dh/dh_err.c include/crypto/dherr.h
L EVP include/openssl/evperr.h crypto/evp/evp_err.c include/crypto/evperr.h
L BUF include/openssl/buffererr.h crypto/buffer/buf_err.c include/crypto/buffererr.h
L OBJ include/openssl/objectserr.h crypto/objects/obj_err.c include/crypto/objectserr.h
L PEM include/openssl/pemerr.h crypto/pem/pem_err.c include/crypto/pemerr.h
L DSA include/openssl/dsaerr.h crypto/dsa/dsa_err.c include/crypto/dsaerr.h
L X509 include/openssl/x509err.h crypto/x509/x509_err.c include/crypto/x509err.h
L ASN1 include/openssl/asn1err.h crypto/asn1/asn1_err.c include/crypto/asn1err.h
L CONF include/openssl/conferr.h crypto/conf/conf_err.c include/crypto/conferr.h
L CRYPTO include/openssl/cryptoerr.h crypto/cpt_err.c include/crypto/cryptoerr.h
L EC include/openssl/ecerr.h crypto/ec/ec_err.c include/crypto/ecerr.h
L SSL include/openssl/sslerr.h ssl/ssl_err.c ssl/sslerr.h
L BIO include/openssl/bioerr.h crypto/bio/bio_err.c include/crypto/bioerr.h
L PKCS7 include/openssl/pkcs7err.h crypto/pkcs7/pkcs7err.c include/crypto/pkcs7err.h
L X509V3 include/openssl/x509v3err.h crypto/x509/v3err.c include/crypto/x509v3err.h
L PKCS12 include/openssl/pkcs12err.h crypto/pkcs12/pk12err.c include/crypto/pkcs12err.h
L RAND include/openssl/randerr.h crypto/rand/rand_err.c include/crypto/randerr.h
L DSO NONE crypto/dso/dso_err.c include/internal/dsoerr.h
L ENGINE include/openssl/engineerr.h crypto/engine/eng_err.c include/crypto/engineerr.h
L OCSP include/openssl/ocsperr.h crypto/ocsp/ocsp_err.c include/crypto/ocsperr.h
L UI include/openssl/uierr.h crypto/ui/ui_err.c include/crypto/uierr.h
L COMP include/openssl/comperr.h crypto/comp/comp_err.c include/crypto/comperr.h
L TS include/openssl/tserr.h crypto/ts/ts_err.c include/crypto/tserr.h
L CMS include/openssl/cmserr.h crypto/cms/cms_err.c include/crypto/cmserr.h
L CRMF include/openssl/crmferr.h crypto/crmf/crmf_err.c include/crypto/crmferr.h
L CMP include/openssl/cmperr.h crypto/cmp/cmp_err.c include/crypto/cmperr.h
L CT include/openssl/cterr.h crypto/ct/ct_err.c include/crypto/cterr.h
L ASYNC include/openssl/asyncerr.h crypto/async/async_err.c include/crypto/asyncerr.h
# KDF is only here for conservation purposes
L KDF NONE NONE NONE
L SM2 NONE crypto/sm2/sm2_err.c include/crypto/sm2err.h
L OSSL_STORE include/openssl/storeerr.h crypto/store/store_err.c include/crypto/storeerr.h
L ESS include/openssl/esserr.h crypto/ess/ess_err.c include/crypto/esserr.h
L PROP NONE crypto/property/property_err.c include/internal/propertyerr.h
L PROV include/openssl/proverr.h providers/common/provider_err.c providers/common/include/prov/proverr.h
L OSSL_ENCODER include/openssl/encodererr.h crypto/encode_decode/encoder_err.c include/crypto/encodererr.h
L OSSL_DECODER include/openssl/decodererr.h crypto/encode_decode/decoder_err.c include/crypto/decodererr.h
L HTTP include/openssl/httperr.h crypto/http/http_err.c include/crypto/httperr.h
# SSL/TLS alerts
R SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010
R SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
R SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021
R SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022
R SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030
R SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040
R SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041
R SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
R SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043
R SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044
R SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045
R SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046
R SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047
R SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048
R SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049
R SSL_R_TLSV1_ALERT_DECODE_ERROR 1050
R SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051
R SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060
R SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070
R SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071
R SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080
R SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086
R SSL_R_TLSV1_ALERT_USER_CANCELLED 1090
R SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100
R SSL_R_TLSV13_ALERT_MISSING_EXTENSION 1109
R SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110
R SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111
R SSL_R_TLSV1_UNRECOGNIZED_NAME 1112
R SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113
R SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114
R TLS1_AD_UNKNOWN_PSK_IDENTITY 1115
R SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED 1116
R TLS1_AD_NO_APPLICATION_PROTOCOL 1120

2
crypto/err/openssl.txt
View file

@ -403,6 +403,7 @@ CONF_R_NUMBER_TOO_LARGE:121:number too large
CONF_R_OPENSSL_CONF_REFERENCES_MISSING_SECTION:124:\
openssl conf references missing section
CONF_R_RECURSIVE_DIRECTORY_INCLUDE:111:recursive directory include
CONF_R_RECURSIVE_SECTION_REFERENCE:126:recursive section reference
CONF_R_RELATIVE_PATH:125:relative path
CONF_R_SSL_COMMAND_SECTION_EMPTY:117:ssl command section empty
CONF_R_SSL_COMMAND_SECTION_NOT_FOUND:118:ssl command section not found
@ -500,6 +501,7 @@ DH_R_NO_PARAMETERS_SET:107:no parameters set
DH_R_NO_PRIVATE_VALUE:100:no private value
DH_R_PARAMETER_ENCODING_ERROR:105:parameter encoding error
DH_R_PEER_KEY_ERROR:111:peer key error
DH_R_Q_TOO_LARGE:130:q too large
DH_R_SHARED_INFO_ERROR:113:shared info error
DH_R_UNABLE_TO_CHECK_GENERATOR:121:unable to check generator
DSA_R_BAD_FFC_PARAMETERS:114:bad ffc parameters

16
crypto/evp/e_aes.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -831,8 +831,6 @@ typedef struct {
/* KMO-AES parameter block - end */
} kmo;
unsigned int fc;
int res;
} S390X_AES_OFB_CTX;
typedef struct {
@ -849,8 +847,6 @@ typedef struct {
/* KMF-AES parameter block - end */
} kmf;
unsigned int fc;
int res;
} S390X_AES_CFB_CTX;
typedef struct {
@ -1002,7 +998,6 @@ static int s390x_aes_ofb_init_key(EVP_CIPHER_CTX *ctx,
memcpy(cctx->kmo.param.cv, iv, ivlen);
memcpy(cctx->kmo.param.k, key, keylen);
cctx->fc = S390X_AES_FC(keylen);
cctx->res = 0;
return 1;
}
@ -1012,7 +1007,7 @@ static int s390x_aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
S390X_AES_OFB_CTX *cctx = EVP_C_DATA(S390X_AES_OFB_CTX, ctx);
const int ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx);
int n = cctx->res;
int n = ctx->num;
int rem;
memcpy(cctx->kmo.param.cv, iv, ivlen);
@ -1045,7 +1040,7 @@ static int s390x_aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
}
memcpy(iv, cctx->kmo.param.cv, ivlen);
cctx->res = n;
ctx->num = n;
return 1;
}
@ -1063,7 +1058,6 @@ static int s390x_aes_cfb_init_key(EVP_CIPHER_CTX *ctx,
if (!enc)
cctx->fc |= S390X_DECRYPT;
cctx->res = 0;
memcpy(cctx->kmf.param.cv, iv, ivlen);
memcpy(cctx->kmf.param.k, key, keylen);
return 1;
@ -1077,7 +1071,7 @@ static int s390x_aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const int enc = EVP_CIPHER_CTX_is_encrypting(ctx);
const int ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx);
int n = cctx->res;
int n = ctx->num;
int rem;
unsigned char tmp;
@ -1115,7 +1109,7 @@ static int s390x_aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
}
memcpy(iv, cctx->kmf.param.cv, ivlen);
cctx->res = n;
ctx->num = n;
return 1;
}

23
crypto/evp/evp_fetch.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -349,13 +349,26 @@ inner_evp_generic_fetch(struct evp_method_data_st *methdata,
* there is a correct name_id and meth_id, since those have
* already been calculated in get_evp_method_from_store() and
* put_evp_method_in_store() above.
* Note that there is a corner case here, in which, if a user
* passes a name of the form name1:name2:..., then the construction
* will create a method against all names, but the lookup will fail
* as ossl_namemap_name2num treats the name string as a single name
* rather than introducing new features where in the EVP_<obj>_fetch
* parses the string and querys for each, return an error.
*/
if (name_id == 0)
name_id = ossl_namemap_name2num(namemap, name);
meth_id = evp_method_id(name_id, operation_id);
if (name_id != 0)
ossl_method_store_cache_set(store, prov, meth_id, propq,
method, up_ref_method, free_method);
if (name_id == 0) {
ERR_raise_data(ERR_LIB_EVP, ERR_R_FETCH_FAILED,
"Algorithm %s cannot be found", name);
free_method(method);
method = NULL;
} else {
meth_id = evp_method_id(name_id, operation_id);
if (meth_id != 0)
ossl_method_store_cache_set(store, prov, meth_id, propq,
method, up_ref_method, free_method);
}
}
/*

8
crypto/http/http_client.c
View file

@ -487,13 +487,17 @@ static int parse_http_line1(char *line, int *found_keep_alive)
static int check_set_resp_len(OSSL_HTTP_REQ_CTX *rctx, size_t len)
{
if (rctx->max_resp_len != 0 && len > rctx->max_resp_len)
if (rctx->max_resp_len != 0 && len > rctx->max_resp_len) {
ERR_raise_data(ERR_LIB_HTTP, HTTP_R_MAX_RESP_LEN_EXCEEDED,
"length=%zu, max=%zu", len, rctx->max_resp_len);
if (rctx->resp_len != 0 && rctx->resp_len != len)
return 0;
}
if (rctx->resp_len != 0 && rctx->resp_len != len) {
ERR_raise_data(ERR_LIB_HTTP, HTTP_R_INCONSISTENT_CONTENT_LENGTH,
"ASN.1 length=%zu, Content-Length=%zu",
len, rctx->resp_len);
return 0;
}
rctx->resp_len = len;
return 1;
}

2
crypto/http/http_lib.c
View file

@ -118,7 +118,7 @@ int OSSL_parse_url(const char *url, char **pscheme, char **puser, char **phost,
port = ++p;
/* remaining port spec handling is also done for the default values */
/* make sure a decimal port number is given */
if (!sscanf(port, "%u", &portnum) || portnum > 65535) {
if (sscanf(port, "%u", &portnum) <= 0 || portnum > 65535) {
ERR_raise_data(ERR_LIB_HTTP, HTTP_R_INVALID_PORT_NUMBER, "%s", port);
goto err;
}

12
crypto/mem_sec.c
View file

@ -238,11 +238,17 @@ int CRYPTO_secure_allocated(const void *ptr)
size_t CRYPTO_secure_used(void)
{
size_t ret = 0;
#ifndef OPENSSL_NO_SECURE_MEMORY
return secure_mem_used;
#else
return 0;
if (!CRYPTO_THREAD_read_lock(sec_malloc_lock))
return 0;
ret = secure_mem_used;
CRYPTO_THREAD_unlock(sec_malloc_lock);
#endif /* OPENSSL_NO_SECURE_MEMORY */
return ret;
}
size_t CRYPTO_secure_actual_size(void *ptr)

Some files were not shown because too many files have changed in this diff Show more