diff options
| author | cvs2svn <cvs2svn> | 2000-10-10 13:15:51 +0400 |
|---|---|---|
| committer | cvs2svn <cvs2svn> | 2000-10-10 13:15:51 +0400 |
| commit | 978ac5339837285a9e2f5970d308f1de8eae2b2c (patch) | |
| tree | 2f544ce4b57af98add378bdc75aeae0226de2cc6 | |
| parent | 9beaae61ecc3e24b09430db467f350716d1e418e (diff) | |
| parent | a440d6636f0a8469f6f498cef409a04ba9884972 (diff) | |
This commit was manufactured by cvs2svn to create tag 'OpenSSL_0_9_6-beta2'.OpenSSL_0_9_6-beta2
131 files changed, 333 insertions, 3034 deletions
@@ -2,71 +2,10 @@ OpenSSL CHANGES _______________ - Changes between 0.9.5a and 0.9.6 [24 Sep 2000] - - *) In ssl23_get_client_hello, generate an error message when faced - with an initial SSL 3.0/TLS record that is too small to contain the - first two bytes of the ClientHello message, i.e. client_version. - (Note that this is a pathologic case that probably has never happened - in real life.) The previous approach was to use the version number - from the record header as a substitute; but our protocol choice - should not depend on that one because it is not authenticated - by the Finished messages. - [Bodo Moeller] - - *) More robust randomness gathering functions for Windows. - [Jeffrey Altman <jaltman@columbia.edu>] - - *) For compatibility reasons if the flag X509_V_FLAG_ISSUER_CHECK is - not set then we don't setup the error code for issuer check errors - to avoid possibly overwriting other errors which the callback does - handle. If an application does set the flag then we assume it knows - what it is doing and can handle the new informational codes - appropriately. - [Steve Henson] - - *) Fix for a nasty bug in ASN1_TYPE handling. ASN1_TYPE is used for - a general "ANY" type, as such it should be able to decode anything - including tagged types. However it didn't check the class so it would - wrongly interpret tagged types in the same way as their universal - counterpart and unknown types were just rejected. Changed so that the - tagged and unknown types are handled in the same way as a SEQUENCE: - that is the encoding is stored intact. There is also a new type - "V_ASN1_OTHER" which is used when the class is not universal, in this - case we have no idea what the actual type is so we just lump them all - together. - [Steve Henson] - - *) On VMS, stdout may very well lead to a file that is written to - in a record-oriented fashion. That means that every write() will - write a separate record, which will be read separately by the - programs trying to read from it. This can be very confusing. - - The solution is to put a BIO filter in the way that will buffer - text until a linefeed is reached, and then write everything a - line at a time, so every record written will be an actual line, - not chunks of lines and not (usually doesn't happen, but I've - seen it once) several lines in one record. BIO_f_linebuffer() is - the answer. - - Currently, it's a VMS-only method, because that's where it has - been tested well enough. - [Richard Levitte] - - *) Remove 'optimized' squaring variant in BN_mod_mul_montgomery, - it can return incorrect results. - (Note: The buggy variant was not enabled in OpenSSL 0.9.5a, - but it was in 0.9.6-beta[12].) - [Bodo Moeller] - - *) Disable the check for content being present when verifying detached - signatures in pk7_smime.c. Some versions of Netscape (wrongly) - include zero length content when signing messages. - [Steve Henson] + Changes between 0.9.5a and 0.9.6 [xx XXX 2000] *) New BIO_shutdown_wr macro, which invokes the BIO_C_SHUTDOWN_WR BIO_ctrl (for BIO pairs). - [Bodo Möller] *) Add DSO method for VMS. [Richard Levitte] @@ -300,7 +239,7 @@ [Steve Henson] *) Changes needed for Tandem NSK. - [Scott Uroff <scott@xypro.com>] + [Scott Uroff scott@xypro.com] *) Fix SSL 2.0 rollback checking: Due to an off-by-one error in RSA_padding_check_SSLv23(), special padding was never detected @@ -216,16 +216,16 @@ my %table=( # Since there is mention of this in shlib/hpux10-cc.sh "hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl", "hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl", -"hpux64-parisc-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn", +"hpux64-parisc-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldld:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl", # More attempts at unified 10.X and 11.X targets for HP C compiler. # # Chris Ruemmler <ruemmler@cup.hp.com> # Kevin Steves <ks@hp.se> -"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT:-ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl", -"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2.o:::::::::dl", -"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn", -"hpux-parisc1_1-cc","cc:+DA1.1 +DS1.1 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl", +"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT:-ldl:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl", +"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2.o:::::::::dl", +"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dl", +"hpux-parisc1_1-cc","cc:+DA1.1 +DS1.1 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl", # HPUX 9.X config. # Don't use the bundled cc. It is broken. Use HP ANSI C if possible, or @@ -256,16 +256,13 @@ my %table=( #"hpux11-64bit-cc","cc:+DA2.0W -g -D_HPUX_SOURCE -Aa -Ae +ESlit::-D_REENTRANT::SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT :::", # Use unified settings above instead. -#### HP MPE/iX http://jazz.external.hp.com/src/openssl/ -"MPE/iX-gcc", "gcc:-D_ENDIAN -DBN_DIV2W -O3 -DMPE -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::", - # Dec Alpha, OSF/1 - the alpha164-cc is the flags for a 21164A with # the new compiler # For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version "alpha-gcc","gcc:-O3::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:asm/alpha.o:::::::::dlfcn:true64-shared", "alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/alpha.o:::::::::dlfcn:true64-shared", "alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/alpha.o:::::::::dlfcn:true64-shared", -"FreeBSD-alpha","gcc:-DTERMIOS -O -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC2:::", +"FreeBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC2:::", #### Alpha Linux with GNU C and Compaq C setups # Special notes: @@ -32,7 +32,7 @@ OpenSSL - Frequently Asked Questions * Which is the current version of OpenSSL? The current version is available from <URL: http://www.openssl.org>. -OpenSSL 0.9.6 was released on September 24th, 2000. +OpenSSL 0.9.5a was released on April 1st, 2000. In addition to the current stable release, you can also access daily snapshots of the OpenSSL development version at <URL: @@ -135,7 +135,7 @@ installing the SUNski package from Sun patch 105710-01 (Sparc) which adds a /dev/random device and make sure it gets used, usually through $RANDFILE. There are probably similar patches for the other Solaris versions. However, be warned that /dev/random is usually a blocking -device, which may have some effects on OpenSSL. +device, which may have som effects on OpenSSL. * Why does the linker complain about undefined symbols? @@ -194,7 +194,7 @@ unsigned char *buf, *p; int len; len = i2d_PKCS7(p7, NULL); -buf = OPENSSL_malloc(len); /* or Malloc, error checking omitted */ +buf = OPENSSL_Malloc(len); /* or Malloc, error checking omitted */ p = buf; i2d_PKCS7(p7, &p); diff --git a/INSTALL.W32 b/INSTALL.W32 index e30e8ee6c9..2ef764a614 100644 --- a/INSTALL.W32 +++ b/INSTALL.W32 @@ -108,8 +108,8 @@ * Compiler installation: - Mingw32 is available from <ftp://ftp.xraylith.wisc.edu/pub/khan/ - gnu-win32/mingw32/gcc-2.95.2/gcc-2.95.2-msvcrt.exe>. GNU make is at + Mingw32 is available from <ftp://ftp.xraylith.wisc.edu/pub/khan/gnu-win32/ + mingw32/egcs-1.1.2/egcs-1.1.2-mingw32.zip>. GNU make is at <ftp://agnes.dida.physik.uni-essen.de/home/janjaap/mingw32/binaries/ make-3.76.1.zip>. Install both of them in C:\egcs-1.1.2 and run C:\egcs-1.1.2\mingw32.bat to set the PATH. diff --git a/Makefile.org b/Makefile.org index c6f660954b..f93913f2af 100644 --- a/Makefile.org +++ b/Makefile.org @@ -62,7 +62,7 @@ AR=ar r RANLIB= ranlib PERL= perl TAR= tar -TARFLAGS= --no-recursion +TARFLAGS= --norecurse # Set BN_ASM to bn_asm.o if you want to use the C version BN_ASM= bn_asm.o @@ -5,21 +5,6 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. - Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6: - - o Some documentation for BIO and SSL libraries. - o Enhanced chain verification using key identifiers. - o New sign and verify options to 'dgst' application. - o Support for DER and PEM encoded messages in 'smime' application. - o New 'rsautl' application, low level RSA utility. - o MD4 now included. - o Bugfix for SSL rollback padding check. - o Support for external crypto devices [1]. - o Enhanced EVP interface. - - [1] The support for external crypto devices is currently a separate - distribution. See the file README.ENGINE. - Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a: o Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8 @@ -1,5 +1,5 @@ - OpenSSL 0.9.6 24 Sep 2000 + OpenSSL 0.9.6-beta2 17 Sep 2000 Copyright (c) 1998-2000 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson @@ -163,9 +163,6 @@ the string "[PATCH]" in the subject. Please be sure to include a textual explanation of what your patch does. - Note: For legal reasons, contributions from the US can be accepted only - if a copy of the patch is sent to crypt@bxa.doc.gov - The preferred format for changes is "diff -u" output. You might generate it like this: diff --git a/README.ENGINE b/README.ENGINE deleted file mode 100644 index 3d88ed152f..0000000000 --- a/README.ENGINE +++ /dev/null @@ -1,63 +0,0 @@ - - ENGINE - ====== - - With OpenSSL 0.9.6, a new component has been added to support external - crypto devices, for example accelerator cards. The component is called - ENGINE, and has still a pretty experimental status and almost no - documentation. It's designed to be faily easily extensible by the - calling programs. - - There's currently built-in support for the following crypto devices: - - o CryptoSwift - o Compaq Atalla - o nCipher CHIL - - A number of things are still needed and are being worked on: - - o An openssl utility command to handle or at least check available - engines. - o A better way of handling the methods that are handled by the - engines. - o Documentation! - - What already exists is fairly stable as far as it has been tested, but - the test base has been a bit small most of the time. - - Because of this experimental status and what's lacking, the ENGINE - component is not yet part of the default OpenSSL distribution. However, - we have made a separate kit for those who want to try this out, to be - found in the same places as the default OpenSSL distribution, but with - "-engine-" being part of the kit file name. For example, version 0.9.6 - is distributed in the following two files: - - openssl-0.9.6.tar.gz - openssl-engine-0.9.6.tar.gz - - NOTES - ===== - - openssl-engine-0.9.6.tar.gz does not depend on openssl-0.9.6.tar, you do - not need to download both. - - openssl-engine-0.9.6.tar.gz is usable even if you don't have an external - crypto device. The internal OpenSSL functions are contained in the - engine "openssl", and will be used by default. - - No external crypto device is chosen unless you say so. You have actively - tell the openssl utility commands to use it through a new command line - switch called "-engine". And if you want to use the ENGINE library to - do something similar, you must also explicitely choose an external crypto - device, or the built-in crypto routines will be used, just as in the - default OpenSSL distribution. - - - PROBLEMS - ======== - - It seems like the ENGINE part doesn't work too well with Cryptoswift on - Win32. A quick test done right before the release showed that trying - "openssl speed -engine cswift" generated errors. If the DSO gets enabled, - an attempt is made to write at memory address 0x00000002. - @@ -1,17 +1,49 @@ OpenSSL STATUS Last modified at - ______________ $Date: 2000/09/24 15:42:34 $ + ______________ $Date: 2000/09/17 11:56:53 $ DEVELOPMENT STATE - o OpenSSL 0.9.6: Released on September 24th, 2000 - o OpenSSL 0.9.5a: Released on April 1st, 2000 - o OpenSSL 0.9.5: Released on February 28th, 2000 - o OpenSSL 0.9.4: Released on August 09th, 1999 - o OpenSSL 0.9.3a: Released on May 29th, 1999 - o OpenSSL 0.9.3: Released on May 25th, 1999 - o OpenSSL 0.9.2b: Released on March 22th, 1999 - o OpenSSL 0.9.1c: Released on December 23th, 1998 + o OpenSSL 0.9.6: Under development (in release cycle)... + Proposed release date September 24, 2000 + 0.9.6-beta1 is available: + OpenBSD-x86 2.7 - failed + ftime not supported [FIXED] + hpux-parisc-cc 10.20 - passed + hpux-parisc-gcc 10.20 - passed + hpux-parisc-gcc 11.00 - passed + hpux-gcc - passed + hpux-brokengcc - failed + BN_sqr fails in test + linux-elf - passed + linux-sparcv7 - passed + linux-ppc - passed + Solaris [engine] - failed + speed cswift gives odd errors [FIXED] + solaris-sparcv8-gcc - passed + solaris-sparcv9-gcc - passed + solaris-sparcv9-cc - passed + solaris64-sparcv9-cc - passed + sco5-gcc - passed + sco5-cc - passed + FreeBSD - passed + Win32 VC++ - failed + PCURSORINFO not defined unless Win2000 [FIXED] + RAND_poll() problem on Win2000 [FIXED] + DSO method always DSO_METHOD_null [FIXED] + CygWin32 - test failed + MingW32 - failed + thelp32.h + aix-gcc (AIX 4.3.2) - passed + VMS/Alpha - failed + Some things were missing [FIXED] + o OpenSSL 0.9.5a: Released on April 1st, 2000 + o OpenSSL 0.9.5: Released on February 28th, 2000 + o OpenSSL 0.9.4: Released on August 09th, 1999 + o OpenSSL 0.9.3a: Released on May 29th, 1999 + o OpenSSL 0.9.3: Released on May 25th, 1999 + o OpenSSL 0.9.2b: Released on March 22th, 1999 + o OpenSSL 0.9.1c: Released on December 23th, 1998 RELEASE SHOWSTOPPERS @@ -102,7 +102,7 @@ $shared_cflag = *** FreeBSD-alpha $cc = gcc -$cflags = -DTERMIOS -O -fomit-frame-pointer +$cflags = -DTERMIOS -O3 -fomit-frame-pointer $unistd = $thread_cflag = (unknown) $lflags = @@ -140,26 +140,6 @@ $dso_scheme = $shared_target= $shared_cflag = -*** MPE/iX-gcc -$cc = gcc -$cflags = -D_ENDIAN -DBN_DIV2W -O3 -DMPE -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB -$unistd = -$thread_cflag = (unknown) -$lflags = -L/SYSLOG/PUB -lsyslog -lsocket -lcurses -$bn_ops = BN_LLONG DES_PTR DES_UNROLL DES_RISC1 -$bn_obj = -$des_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$dso_scheme = -$shared_target= -$shared_cflag = - *** Mingw32 $cc = gcc $cflags = -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall @@ -1185,7 +1165,7 @@ $cc = cc $cflags = +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY $unistd = $thread_cflag = -D_REENTRANT -$lflags = -ldld +$lflags = -ldl $bn_ops = MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT $bn_obj = $des_obj = @@ -1245,7 +1225,7 @@ $cc = cc $cflags = +DA1.1 +DS1.1 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY $unistd = $thread_cflag = -D_REENTRANT -$lflags = -ldld +$lflags = -ldl $bn_ops = MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT $bn_obj = $des_obj = @@ -1265,7 +1245,7 @@ $cc = cc $cflags = +DA2.0 +DS2.0 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY $unistd = $thread_cflag = -D_REENTRANT -$lflags = -ldld +$lflags = -ldl $bn_ops = SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT $bn_obj = asm/pa-risc2.o $des_obj = @@ -1365,7 +1345,7 @@ $cc = cc $cflags = -Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY $unistd = $thread_cflag = -D_REENTRANT -$lflags = -ldl +$lflags = -ldld $bn_ops = SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT $bn_obj = $des_obj = @@ -1376,7 +1356,7 @@ $cast_obj = $rc4_obj = $rmd160_obj = $rc5_obj = -$dso_scheme = dlfcn +$dso_scheme = dl $shared_target= $shared_cflag = @@ -1396,7 +1376,7 @@ $cast_obj = $rc4_obj = $rmd160_obj = $rc5_obj = -$dso_scheme = dlfcn +$dso_scheme = dl $shared_target= $shared_cflag = diff --git a/apps/asn1pars.c b/apps/asn1pars.c index f25c9f84e8..30e1da443a 100644 --- a/apps/asn1pars.c +++ b/apps/asn1pars.c @@ -206,12 +206,6 @@ bad: goto end; } BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT); -#ifdef VMS - { - BIO *tmpbio = BIO_new(BIO_f_linebuffer()); - out = BIO_push(tmpbio, out); - } -#endif if (oidfile != NULL) { @@ -321,7 +315,7 @@ bad: end: BIO_free(derout); if (in != NULL) BIO_free(in); - if (out != NULL) BIO_free_all(out); + if (out != NULL) BIO_free(out); if (b64 != NULL) BIO_free(b64); if (ret != 0) ERR_print_errors(bio_err); @@ -690,12 +690,6 @@ bad: if (verbose) { BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT); /* cannot fail */ -#ifdef VMS - { - BIO *tmpbio = BIO_new(BIO_f_linebuffer()); - out = BIO_push(tmpbio, out); - } -#endif TXT_DB_write(out,db); BIO_printf(bio_err,"%d entries loaded from the database\n", db->data->num); @@ -730,15 +724,7 @@ bad: } } else - { BIO_set_fp(Sout,stdout,BIO_NOCLOSE|BIO_FP_TEXT); -#ifdef VMS - { - BIO *tmpbio = BIO_new(BIO_f_linebuffer()); - Sout = BIO_push(tmpbio, Sout); - } -#endif - } } if (req) @@ -1034,7 +1020,7 @@ bad: #endif BIO_free(in); - BIO_free_all(out); + BIO_free(out); in=NULL; out=NULL; if (rename(serialfile,buf[2]) < 0) @@ -1251,9 +1237,9 @@ bad: ret=0; err: BIO_free(hex); - BIO_free_all(Cout); - BIO_free_all(Sout); - BIO_free_all(out); + BIO_free(Cout); + BIO_free(Sout); + BIO_free(out); BIO_free(in); sk_X509_pop_free(cert_sk,X509_free); @@ -1368,7 +1354,7 @@ static int save_serial(char *serialfile, BIGNUM *serial) BIO_puts(out,"\n"); ret=1; err: - if (out != NULL) BIO_free_all(out); + if (out != NULL) BIO_free(out); if (ai != NULL) ASN1_INTEGER_free(ai); return(ret); } diff --git a/apps/ciphers.c b/apps/ciphers.c index b6e2f966d8..72b2009e18 100644 --- a/apps/ciphers.c +++ b/apps/ciphers.c @@ -108,12 +108,6 @@ int MAIN(int argc, char **argv) if (bio_err == NULL) bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); STDout=BIO_new_fp(stdout,BIO_NOCLOSE); -#ifdef VMS - { - BIO *tmpbio = BIO_new(BIO_f_linebuffer()); - STDout = BIO_push(tmpbio, STDout); - } -#endif argc--; argv++; @@ -201,7 +195,7 @@ err: end: if (ctx != NULL) SSL_CTX_free(ctx); if (ssl != NULL) SSL_free(ssl); - if (STDout != NULL) BIO_free_all(STDout); + if (STDout != NULL) BIO_free(STDout); EXIT(ret); } diff --git a/apps/crl.c b/apps/crl.c index 3b5725f23f..b1c3325f21 100644 --- a/apps/crl.c +++ b/apps/crl.c @@ -122,15 +122,7 @@ int MAIN(int argc, char **argv) if (bio_out == NULL) if ((bio_out=BIO_new(BIO_s_file())) != NULL) - { BIO_set_fp(bio_out,stdout,BIO_NOCLOSE); -#ifdef VMS - { - BIO *tmpbio = BIO_new(BIO_f_linebuffer()); - bio_out = BIO_push(tmpbio, bio_out); - } -#endif - } informat=FORMAT_PEM; outformat=FORMAT_PEM; @@ -322,15 +314,7 @@ bad: } if (outfile == NULL) - { BIO_set_fp(out,stdout,BIO_NOCLOSE); -#ifdef VMS - { - BIO *tmpbio = BIO_new(BIO_f_linebuffer()); - out = BIO_push(tmpbio, out); - } -#endif - } else { if (BIO_write_filename(out,outfile) <= 0) @@ -356,8 +340,8 @@ bad: if (!i) { BIO_printf(bio_err,"unable to write CRL\n"); goto end; } ret=0; end: - BIO_free_all(out); - BIO_free_all(bio_out); + BIO_free(out); + BIO_free(bio_out); bio_out=NULL; X509_CRL_free(x); if(store) { diff --git a/apps/crl2p7.c b/apps/crl2p7.c index 7f853b65ab..d02862710d 100644 --- a/apps/crl2p7.c +++ b/apps/crl2p7.c @@ -239,15 +239,7 @@ bad: sk_free(certflst); if (outfile == NULL) - { BIO_set_fp(out,stdout,BIO_NOCLOSE); -#ifdef VMS - { - BIO *tmpbio = BIO_new(BIO_f_linebuffer()); - out = BIO_push(tmpbio, out); - } -#endif - } else { if (BIO_write_filename(out,outfile) <= 0) @@ -274,7 +266,7 @@ bad: ret=0; end: if (in != NULL) BIO_free(in); - if (out != NULL) BIO_free_all(out); + if (out != NULL) BIO_free(out); if (p7 != NULL) PKCS7_free(p7); if (crl != NULL) X509_CRL_free(crl); diff --git a/apps/dgst.c b/apps/dgst.c index 0e93c97ca5..5d5ab94aea 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -74,7 +74,7 @@ #define PROG dgst_main void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, char binout, - EVP_PKEY *key, unsigned char *sigin, int siglen); + EVP_PKEY *key, unsigned char *sigin, unsigned int siglen); int MAIN(int, char **); @@ -96,7 +96,7 @@ int MAIN(int argc, char **argv) char out_bin = -1, want_pub = 0, do_verify = 0; EVP_PKEY *sigkey = NULL; unsigned char *sigbuf = NULL; - int siglen = 0; + unsigned int siglen = 0; apps_startup(); @@ -236,15 +236,7 @@ int MAIN(int argc, char **argv) if(out_bin) out = BIO_new_file(outfile, "wb"); else out = BIO_new_file(outfile, "w"); - } else { - out = BIO_new_fp(stdout, BIO_NOCLOSE); -#ifdef VMS - { - BIO *tmpbio = BIO_new(BIO_f_linebuffer()); - out = BIO_push(tmpbio, out); - } -#endif - } + } else out = BIO_new_fp(stdout, BIO_NOCLOSE); if(!out) { BIO_printf(bio_err, "Error opening output file %s\n", @@ -288,7 +280,7 @@ int MAIN(int argc, char **argv) } siglen = BIO_read(sigbio, sigbuf, siglen); BIO_free(sigbio); - if(siglen <= 0) { + if(siglen == 0) { BIO_printf(bio_err, "Error reading signature file %s\n", sigfile); ERR_print_errors(bio_err); @@ -331,7 +323,7 @@ end: OPENSSL_free(buf); } if (in != NULL) BIO_free(in); - BIO_free_all(out); + BIO_free(out); EVP_PKEY_free(sigkey); if(sigbuf) OPENSSL_free(sigbuf); if (bmd != NULL) BIO_free(bmd); @@ -339,7 +331,7 @@ end: } void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, char binout, - EVP_PKEY *key, unsigned char *sigin, int siglen) + EVP_PKEY *key, unsigned char *sigin, unsigned int siglen) { int len; int i; @@ -353,7 +345,7 @@ void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, char binout, { EVP_MD_CTX *ctx; BIO_get_md_ctx(bp, &ctx); - i = EVP_VerifyFinal(ctx, sigin, (unsigned int)siglen, key); + i = EVP_VerifyFinal(ctx, sigin, siglen, key); if(i > 0) BIO_printf(out, "Verified OK\n"); else if(i == 0) BIO_printf(out, "Verification Failure\n"); else @@ -184,15 +184,7 @@ bad: } } if (outfile == NULL) - { BIO_set_fp(out,stdout,BIO_NOCLOSE); -#ifdef VMS - { - BIO *tmpbio = BIO_new(BIO_f_linebuffer()); - out = BIO_push(tmpbio, out); - } -#endif - } else { if (BIO_write_filename(out,outfile) <= 0) @@ -317,7 +309,7 @@ bad: ret=0; end: if (in != NULL) BIO_free(in); - if (out != NULL) BIO_free_all(out); + if (out != NULL) BIO_free(out); if (dh != NULL) DH_free(dh); EXIT(ret); } diff --git a/apps/dhparam.c b/apps/dhparam.c index 5f9b60148d..a738c5af67 100644 --- a/apps/dhparam.c +++ b/apps/dhparam.c @@ -391,15 +391,7 @@ bad: goto end; } if (outfile == NULL) - { BIO_set_fp(out,stdout,BIO_NOCLOSE); -#ifdef VMS - { - BIO *tmpbio = BIO_new(BIO_f_linebuffer()); - out = BIO_push(tmpbio, out); - } -#endif - } else { if (BIO_write_filename(out,outfile) <= 0) @@ -504,7 +496,7 @@ bad: ret=0; end: if (in != NULL) BIO_free(in); - if (out != NULL) BIO_free_all(out); + if (out != NULL) BIO_free(out); if (dh != NULL) DH_free(dh); EXIT(ret); } diff --git a/apps/dsa.c b/apps/dsa.c index 7c4a46f78e..842e0c0d15 100644 --- a/apps/dsa.c +++ b/apps/dsa.c @@ -233,15 +233,7 @@ bad: } if (outfile == NULL) - { BIO_set_fp(out,stdout,BIO_NOCLOSE); -#ifdef VMS - { - BIO *tmpbio = BIO_new(BIO_f_linebuffer()); - out = BIO_push(tmpbio, out); - } -#endif - } else { if (BIO_write_filename(out,outfile) <= 0) @@ -289,7 +281,7 @@ bad: ret=0; end: if(in != NULL) BIO_free(in); - if(out != NULL) BIO_free_all(out); + if(out != NULL) BIO_free(out); if(dsa != NULL) DSA_free(dsa); if(passin) OPENSSL_free(passin); if(passout) OPENSSL_free(passout); diff --git a/apps/dsaparam.c b/apps/dsaparam.c index f861ec7b1a..a15d6ea309 100644 --- a/apps/dsaparam.c +++ b/apps/dsaparam.c @@ -205,15 +205,7 @@ bad: } } if (outfile == NULL) - { BIO_set_fp(out,stdout,BIO_NOCLOSE); -#ifdef VMS - { - BIO *tmpbio = BIO_new(BIO_f_linebuffer()); - out = BIO_push(tmpbio, out); - } -#endif - } else { if (BIO_write_filename(out,outfile) <= 0) @@ -355,7 +347,7 @@ bad: ret=0; end: if (in != NULL) BIO_free(in); - if (out != NULL) BIO_free_all(out); + if (out != NULL) BIO_free(out); if (dsa != NULL) DSA_free(dsa); EXIT(ret); } diff --git a/apps/enc.c b/apps/enc.c index 2101b4cc64..49338aca0f 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -416,15 +416,7 @@ bad: if (outf == NULL) - { BIO_set_fp(out,stdout,BIO_NOCLOSE); -#ifdef VMS - { - BIO *tmpbio = BIO_new(BIO_f_linebuffer()); - out = BIO_push(tmpbio, out); - } -#endif - } else { if (BIO_write_filename(out,outf) <= 0) @@ -592,7 +584,7 @@ end: if (strbuf != NULL) OPENSSL_free(strbuf); if (buff != NULL) OPENSSL_free(buff); if (in != NULL) BIO_free(in); - if (out != NULL) BIO_free_all(out); + if (out != NULL) BIO_free(out); if (benc != NULL) BIO_free(benc); if (b64 != NULL) BIO_free(b64); if(pass) OPENSSL_free(pass); diff --git a/apps/errstr.c b/apps/errstr.c index e392328f93..2c62046476 100644 --- a/apps/errstr.c +++ b/apps/errstr.c @@ -91,18 +91,12 @@ int MAIN(int argc, char **argv) out=BIO_new(BIO_s_file()); if ((out != NULL) && BIO_set_fp(out,stdout,BIO_NOCLOSE)) { -#ifdef VMS - { - BIO *tmpbio = BIO_new(BIO_f_linebuffer()); - out = BIO_push(tmpbio, out); - } -#endif lh_node_stats_bio((LHASH *)ERR_get_string_table(),out); lh_stats_bio((LHASH *)ERR_get_string_table(),out); lh_node_usage_stats_bio((LHASH *) ERR_get_string_table(),out); } - if (out != NULL) BIO_free_all(out); + if (out != NULL) BIO_free(out); argc--; argv++; } diff --git a/apps/gendh.c b/apps/gendh.c index e0c7889a31..caf5e8d736 100644 --- a/apps/gendh.c +++ b/apps/gendh.c @@ -142,15 +142,7 @@ bad: } if (outfile == NULL) - { BIO_set_fp(out,stdout,BIO_NOCLOSE); -#ifdef VMS - { - BIO *tmpbio = BIO_new(BIO_f_linebuffer()); - out = BIO_push(tmpbio, out); - } -#endif - } else { if (BIO_write_filename(out,outfile) <= 0) @@ -182,7 +174,7 @@ bad: end: if (ret != 0) ERR_print_errors(bio_err); - if (out != NULL) BIO_free_all(out); + if (out != NULL) BIO_free(out); if (dh != NULL) DH_free(dh); EXIT(ret); } diff --git a/apps/gendsa.c b/apps/gendsa.c index 6022d8f142..1937613849 100644 --- a/apps/gendsa.c +++ b/apps/gendsa.c @@ -178,15 +178,7 @@ bad: if (out == NULL) goto end; if (outfile == NULL) - { BIO_set_fp(out,stdout,BIO_NOCLOSE); -#ifdef VMS - { - BIO *tmpbio = BIO_new(BIO_f_linebuffer()); - out = BIO_push(tmpbio, out); - } -#endif - } else { if (BIO_write_filename(out,outfile) <= 0) @@ -217,7 +209,7 @@ end: if (ret != 0) ERR_print_errors(bio_err); if (in != NULL) BIO_free(in); - if (out != NULL) BIO_free_all(out); + if (out != NULL) BIO_free(out); if (dsa != NULL) DSA_free(dsa); if(passout) OPENSSL_free(passout); EXIT(ret); diff --git a/apps/genrsa.c b/apps/genrsa.c index ac0b709e7a..5cf47e6921 100644 --- a/apps/genrsa.c +++ b/apps/genrsa.c @@ -168,15 +168,7 @@ bad: } if (outfile == NULL) - { BIO_set_fp(out,stdout,BIO_NOCLOSE); -#ifdef VMS - { - BIO *tmpbio = BIO_new(BIO_f_linebuffer()); - out = BIO_push(tmpbio, out); - } -#endif - } else { if (BIO_write_filename(out,outfile) <= 0) @@ -220,7 +212,7 @@ bad: ret=0; err: if (rsa != NULL) RSA_free(rsa); - if (out != NULL) BIO_free_all(out); + if (out != NULL) BIO_free(out); if(passout) OPENSSL_free(passout); if (ret != 0) ERR_print_errors(bio_err); diff --git a/apps/nseq.c b/apps/nseq.c index 1d73d1ad52..7210fbdb5e 100644 --- a/apps/nseq.c +++ b/apps/nseq.c @@ -119,15 +119,8 @@ int MAIN(int argc, char **argv) "Can't open output file %s\n", outfile); goto end; } - } else { - out = BIO_new_fp(stdout, BIO_NOCLOSE); -#ifdef VMS - { - BIO *tmpbio = BIO_new(BIO_f_linebuffer()); - out = BIO_push(tmpbio, out); - } -#endif - } + } else out = BIO_new_fp(stdout, BIO_NOCLOSE); + if (toseq) { seq = NETSCAPE_CERT_SEQUENCE_new(); seq->certs = sk_X509_new_null(); @@ -159,7 +152,7 @@ int MAIN(int argc, char **argv) ret = 0; end: BIO_free(in); - BIO_free_all(out); + BIO_free(out); NETSCAPE_CERT_SEQUENCE_free(seq); EXIT(ret); diff --git a/apps/openssl.c b/apps/openssl.c index 4f61006b73..c3680c5e71 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -238,19 +238,13 @@ static int do_cmd(LHASH *prog, int argc, char *argv[]) else if ((strncmp(argv[0],"no-",3)) == 0) { BIO *bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE); -#ifdef VMS - { - BIO *tmpbio = BIO_new(BIO_f_linebuffer()); - bio_stdout = BIO_push(tmpbio, bio_stdout); - } -#endif f.name=argv[0]+3; ret = (lh_retrieve(prog,&f) != NULL); if (!ret) BIO_printf(bio_stdout, "%s\n", argv[0]); else BIO_printf(bio_stdout, "%s\n", argv[0]+3); - BIO_free_all(bio_stdout); + BIO_free(bio_stdout); goto end; } else if ((strcmp(argv[0],"quit") == 0) || @@ -275,17 +269,11 @@ static int do_cmd(LHASH *prog, int argc, char *argv[]) else /* strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0 */ list_type = FUNC_TYPE_CIPHER; bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE); -#ifdef VMS - { - BIO *tmpbio = BIO_new(BIO_f_linebuffer()); - bio_stdout = BIO_push(tmpbio, bio_stdout); - } -#endif for (fp=functions; fp->name != NULL; fp++) if (fp->type == list_type) BIO_printf(bio_stdout, "%s\n", fp->name); - BIO_free_all(bio_stdout); + BIO_free(bio_stdout); ret=0; goto end; } diff --git a/apps/passwd.c b/apps/passwd.c index 6851a9927d..6c1aed0f0b 100644 --- a/apps/passwd.c +++ b/apps/passwd.c @@ -81,12 +81,6 @@ int MAIN(int argc, char **argv) if (out == NULL) goto err; BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT); -#ifdef VMS - { - BIO *tmpbio = BIO_new(BIO_f_linebuffer()); - out = BIO_push(tmpbio, out); - } -#endif badopt = 0, opt_done = 0; i = 0; @@ -282,7 +276,7 @@ err: if (in) BIO_free(in); if (out) - BIO_free_all(out); + BIO_free(out); EXIT(ret); } diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 6789169bdb..261139565d 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -350,15 +350,8 @@ int MAIN(int argc, char **argv) CRYPTO_push_info("write files"); #endif - if (!outfile) { - out = BIO_new_fp(stdout, BIO_NOCLOSE); -#ifdef VMS - { - BIO *tmpbio = BIO_new(BIO_f_linebuffer()); - out = BIO_push(tmpbio, out); - } -#endif - } else out = BIO_new_file(outfile, "wb"); + if (!outfile) out = BIO_new_fp(stdout, BIO_NOCLOSE); + else out = BIO_new_file(outfile, "wb"); if (!out) { BIO_printf(bio_err, "Error opening output file %s\n", outfile ? outfile : "<stdout>"); @@ -664,7 +657,7 @@ int MAIN(int argc, char **argv) CRYPTO_remove_all_info(); #endif BIO_free(in); - BIO_free_all(out); + BIO_free(out); if (canames) sk_free(canames); if(passin) OPENSSL_free(passin); if(passout) OPENSSL_free(passout); @@ -887,14 +880,14 @@ int print_attribs (BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst, char *name) break; case V_ASN1_OCTET_STRING: - hex_prin(out, av->value.octet_string->data, - av->value.octet_string->length); + hex_prin(out, av->value.bit_string->data, + av->value.bit_string->length); BIO_printf(out, "\n"); break; case V_ASN1_BIT_STRING: - hex_prin(out, av->value.bit_string->data, - av->value.bit_string->length); + hex_prin(out, av->value.octet_string->data, + av->value.octet_string->length); BIO_printf(out, "\n"); break; diff --git a/apps/pkcs7.c b/apps/pkcs7.c index 0af269007a..f471cc77fd 100644 --- a/apps/pkcs7.c +++ b/apps/pkcs7.c @@ -196,15 +196,7 @@ bad: } if (outfile == NULL) - { BIO_set_fp(out,stdout,BIO_NOCLOSE); -#ifdef VMS - { - BIO *tmpbio = BIO_new(BIO_f_linebuffer()); - out = BIO_push(tmpbio, out); - } -#endif - } else { if (BIO_write_filename(out,outfile) <= 0) @@ -288,6 +280,6 @@ bad: end: if (p7 != NULL) PKCS7_free(p7); if (in != NULL) BIO_free(in); - if (out != NULL) BIO_free_all(out); + if (out != NULL) BIO_free(out); EXIT(ret); } diff --git a/apps/pkcs8.c b/apps/pkcs8.c index 7b588e4337..b0914cd453 100644 --- a/apps/pkcs8.c +++ b/apps/pkcs8.c @@ -194,15 +194,8 @@ int MAIN(int argc, char **argv) "Can't open output file %s\n", outfile); return (1); } - } else { - out = BIO_new_fp (stdout, BIO_NOCLOSE); -#ifdef VMS - { - BIO *tmpbio = BIO_new(BIO_f_linebuffer()); - out = BIO_push(tmpbio, out); - } -#endif - } + } else out = BIO_new_fp (stdout, BIO_NOCLOSE); + if (topk8) { if(informat == FORMAT_PEM) pkey = PEM_read_bio_PrivateKey(in, NULL, NULL, passin); @@ -260,7 +253,7 @@ int MAIN(int argc, char **argv) } PKCS8_PRIV_KEY_INFO_free (p8inf); EVP_PKEY_free(pkey); - BIO_free_all(out); + BIO_free(out); if(passin) OPENSSL_free(passin); if(passout) OPENSSL_free(passout); return (0); @@ -343,7 +336,7 @@ int MAIN(int argc, char **argv) } EVP_PKEY_free(pkey); - BIO_free_all(out); + BIO_free(out); BIO_free(in); if(passin) OPENSSL_free(passin); if(passout) OPENSSL_free(passout); diff --git a/apps/rand.c b/apps/rand.c index 04764d7ffb..fa9bc023f4 100644 --- a/apps/rand.c +++ b/apps/rand.c @@ -101,15 +101,7 @@ int MAIN(int argc, char **argv) if (outfile != NULL) r = BIO_write_filename(out, outfile); else - { r = BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT); -#ifdef VMS - { - BIO *tmpbio = BIO_new(BIO_f_linebuffer()); - out = BIO_push(tmpbio, out); - } -#endif - } if (r <= 0) goto err; diff --git a/apps/req.c b/apps/req.c index 1aab38d9d7..2c1b9ee876 100644 --- a/apps/req.c +++ b/apps/req.c @@ -609,12 +609,6 @@ bad: { BIO_printf(bio_err,"writing new private key to stdout\n"); BIO_set_fp(out,stdout,BIO_NOCLOSE); -#ifdef VMS - { - BIO *tmpbio = BIO_new(BIO_f_linebuffer()); - out = BIO_push(tmpbio, out); - } -#endif } else { @@ -810,15 +804,7 @@ loop: } if (outfile == NULL) - { BIO_set_fp(out,stdout,BIO_NOCLOSE); -#ifdef VMS - { - BIO *tmpbio = BIO_new(BIO_f_linebuffer()); - out = BIO_push(tmpbio, out); - } -#endif - } else { if ((keyout != NULL) && (strcmp(outfile,keyout) == 0)) @@ -904,7 +890,7 @@ end: } if ((req_conf != NULL) && (req_conf != config)) CONF_free(req_conf); BIO_free(in); - BIO_free_all(out); + BIO_free(out); EVP_PKEY_free(pkey); X509_REQ_free(req); X509_free(x509ss); diff --git a/apps/rsa.c b/apps/rsa.c index b4b0651a94..fc8fa54941 100644 --- a/apps/rsa.c +++ b/apps/rsa.c @@ -278,15 +278,7 @@ bad: } if (outfile == NULL) - { BIO_set_fp(out,stdout,BIO_NOCLOSE); -#ifdef VMS - { - BIO *tmpbio = BIO_new(BIO_f_linebuffer()); - out = BIO_push(tmpbio, out); - } -#endif - } else { if (BIO_write_filename(out,outfile) <= 0) @@ -385,7 +377,7 @@ bad: ret=0; end: if(in != NULL) BIO_free(in); - if(out != NULL) BIO_free_all(out); + if(out != NULL) BIO_free(out); if(rsa != NULL) RSA_free(rsa); if(passin) OPENSSL_free(passin); if(passout) OPENSSL_free(passout); diff --git a/apps/rsautl.c b/apps/rsautl.c index bcb94c3d81..ba95229e1a 100644 --- a/apps/rsautl.c +++ b/apps/rsautl.c @@ -198,15 +198,7 @@ int MAIN(int argc, char **argv) ERR_print_errors(bio_err); goto end; } - } else { - out = BIO_new_fp(stdout, BIO_NOCLOSE); -#ifdef VMS - { - BIO *tmpbio = BIO_new(BIO_f_linebuffer()); - out = BIO_push(tmpbio, out); - } -#endif - } + } else out = BIO_new_fp(stdout, BIO_NOCLOSE); keysize = RSA_size(rsa); @@ -263,7 +255,7 @@ int MAIN(int argc, char **argv) end: RSA_free(rsa); BIO_free(in); - BIO_free_all(out); + BIO_free(out); if(rsa_in) OPENSSL_free(rsa_in); if(rsa_out) OPENSSL_free(rsa_out); return ret; diff --git a/apps/s_socket.c b/apps/s_socket.c index 9812e6d505..0238566a81 100644 --- a/apps/s_socket.c +++ b/apps/s_socket.c @@ -209,11 +209,9 @@ static int init_client_ip(int *sock, unsigned char ip[4], int port) s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL); if (s == INVALID_SOCKET) { perror("socket"); return(0); } -#ifndef MPE i=0; i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i)); if (i < 0) { perror("keepalive"); return(0); } -#endif if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1) { close(s); perror("connect"); return(0); } diff --git a/apps/sess_id.c b/apps/sess_id.c index 60cc3f1e49..71d5aa0b7c 100644 --- a/apps/sess_id.c +++ b/apps/sess_id.c @@ -206,15 +206,7 @@ bad: } if (outfile == NULL) - { BIO_set_fp(out,stdout,BIO_NOCLOSE); -#ifdef VMS - { - BIO *tmpbio = BIO_new(BIO_f_linebuffer()); - out = BIO_push(tmpbio, out); - } -#endif - } else { if (BIO_write_filename(out,outfile) <= 0) @@ -270,7 +262,7 @@ bad: } ret=0; end: - if (out != NULL) BIO_free_all(out); + if (out != NULL) BIO_free(out); if (x != NULL) SSL_SESSION_free(x); EXIT(ret); } diff --git a/apps/smime.c b/apps/smime.c index 9467b59bef..25997feb6d 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -393,15 +393,7 @@ int MAIN(int argc, char **argv) "Can't open output file %s\n", outfile); goto end; } - } else { - out = BIO_new_fp(stdout, BIO_NOCLOSE); -#ifdef VMS - { - BIO *tmpbio = BIO_new(BIO_f_linebuffer()); - out = BIO_push(tmpbio, out); - } -#endif - } + } else out = BIO_new_fp(stdout, BIO_NOCLOSE); if(operation == SMIME_VERIFY) { if(!(store = setup_verify(CAfile, CApath))) goto end; @@ -498,7 +490,7 @@ end: PKCS7_free(p7); BIO_free(in); BIO_free(indata); - BIO_free_all(out); + BIO_free(out); if(passin) OPENSSL_free(passin); return (ret); } diff --git a/apps/speed.c b/apps/speed.c index 627cab1d31..d0f705c324 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -87,7 +87,7 @@ #elif !defined(MSDOS) && (!defined(VMS) || defined(__DECC)) # define TIMES #endif -#if !defined(_UNICOS) && !defined(__OpenBSD__) && !defined(sgi) && !defined(__FreeBSD__) && !(defined(__bsdi) || defined(__bsdi__)) && !defined(_AIX) && !defined(MPE) +#if !defined(_UNICOS) && !defined(__OpenBSD__) # define TIMEB #endif @@ -115,7 +115,7 @@ #include <sys/timeb.h> #endif -#if !defined(TIMES) && !defined(TIMEB) && !defined(USE_TOD) +#if !defined(TIMES) && !defined(TIMEB) #error "It seems neither struct tms nor struct timeb is supported in this platform!" #endif diff --git a/apps/spkac.c b/apps/spkac.c index 459d730a70..ad45c2ddb7 100644 --- a/apps/spkac.c +++ b/apps/spkac.c @@ -192,15 +192,7 @@ bad: spkstr = NETSCAPE_SPKI_b64_encode(spki); if (outfile) out = BIO_new_file(outfile, "w"); - else { - out = BIO_new_fp(stdout, BIO_NOCLOSE); -#ifdef VMS - { - BIO *tmpbio = BIO_new(BIO_f_linebuffer()); - out = BIO_push(tmpbio, out); - } -#endif - } + else out = BIO_new_fp(stdout, BIO_NOCLOSE); if(!out) { BIO_printf(bio_err, "Error opening output file\n"); @@ -249,15 +241,7 @@ bad: } if (outfile) out = BIO_new_file(outfile, "w"); - else { - out = BIO_new_fp(stdout, BIO_NOCLOSE); -#ifdef VMS - { - BIO *tmpbio = BIO_new(BIO_f_linebuffer()); - out = BIO_push(tmpbio, out); - } -#endif - } + else out = BIO_new_fp(stdout, BIO_NOCLOSE); if(!out) { BIO_printf(bio_err, "Error opening output file\n"); @@ -284,7 +268,7 @@ end: CONF_free(conf); NETSCAPE_SPKI_free(spki); BIO_free(in); - BIO_free_all(out); + BIO_free(out); BIO_free(key); EVP_PKEY_free(pkey); if(passin) OPENSSL_free(passin); diff --git a/apps/x509.c b/apps/x509.c index 76dd66db86..b86352e2fb 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -183,12 +183,6 @@ int MAIN(int argc, char **argv) if (bio_err == NULL) bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); STDout=BIO_new_fp(stdout,BIO_NOCLOSE); -#ifdef VMS - { - BIO *tmpbio = BIO_new(BIO_f_linebuffer()); - STDout = BIO_push(tmpbio, STDout); - } -#endif informat=FORMAT_PEM; outformat=FORMAT_PEM; @@ -582,15 +576,7 @@ bad: goto end; } if (outfile == NULL) - { BIO_set_fp(out,stdout,BIO_NOCLOSE); -#ifdef VMS - { - BIO *tmpbio = BIO_new(BIO_f_linebuffer()); - out = BIO_push(tmpbio, out); - } -#endif - } else { if (BIO_write_filename(out,outfile) <= 0) @@ -947,8 +933,8 @@ end: app_RAND_write_file(NULL, bio_err); OBJ_cleanup(); CONF_free(extconf); - BIO_free_all(out); - BIO_free_all(STDout); + BIO_free(out); + BIO_free(STDout); X509_STORE_free(ctx); X509_REQ_free(req); X509_free(x); @@ -71,10 +71,6 @@ fi # Now we simply scan though... In most cases, the SYSTEM info is enough # case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in - MPE/iX:*) - MACHINE=`echo "$MACHINE" | sed -e 's/-/_/g'` - echo "parisc-hp-MPE/iX"; exit 0 - ;; A/UX:*) echo "m68k-apple-aux3"; exit 0 ;; diff --git a/crypto/asn1/a_type.c b/crypto/asn1/a_type.c index e72a6b29e0..3620e60e99 100644 --- a/crypto/asn1/a_type.c +++ b/crypto/asn1/a_type.c @@ -123,8 +123,6 @@ int i2d_ASN1_TYPE(ASN1_TYPE *a, unsigned char **pp) break; case V_ASN1_SET: case V_ASN1_SEQUENCE: - case V_ASN1_OTHER: - default: if (a->value.set == NULL) r=0; else @@ -161,8 +159,6 @@ ASN1_TYPE *d2i_ASN1_TYPE(ASN1_TYPE **a, unsigned char **pp, long length) inf=ASN1_get_object(&q,&len,&tag,&xclass,length); if (inf & 0x80) goto err; - /* If not universal tag we've no idea what it is */ - if(xclass != V_ASN1_UNIVERSAL) tag = V_ASN1_OTHER; ASN1_TYPE_component_free(ret); @@ -249,8 +245,6 @@ ASN1_TYPE *d2i_ASN1_TYPE(ASN1_TYPE **a, unsigned char **pp, long length) break; case V_ASN1_SET: case V_ASN1_SEQUENCE: - case V_ASN1_OTHER: - default: /* Sets and sequences are left complete */ if ((ret->value.set=ASN1_STRING_new()) == NULL) goto err; ret->value.set->type=tag; @@ -258,6 +252,9 @@ ASN1_TYPE *d2i_ASN1_TYPE(ASN1_TYPE **a, unsigned char **pp, long length) if (!ASN1_STRING_set(ret->value.set,p,(int)len)) goto err; p+=len; break; + default: + ASN1err(ASN1_F_D2I_ASN1_TYPE,ASN1_R_BAD_TYPE); + goto err; } ret->type=tag; @@ -315,8 +312,6 @@ static void ASN1_TYPE_component_free(ASN1_TYPE *a) case V_ASN1_OBJECT: ASN1_OBJECT_free(a->value.object); break; - case V_ASN1_NULL: - break; case V_ASN1_INTEGER: case V_ASN1_NEG_INTEGER: case V_ASN1_ENUMERATED: @@ -338,10 +333,11 @@ static void ASN1_TYPE_component_free(ASN1_TYPE *a) case V_ASN1_UNIVERSALSTRING: case V_ASN1_BMPSTRING: case V_ASN1_UTF8STRING: - case V_ASN1_OTHER: - default: ASN1_STRING_free((ASN1_STRING *)a->value.ptr); break; + default: + /* MEMORY LEAK */ + break; } a->type=0; a->value.ptr=NULL; diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index 6f956b1963..3346377527 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -83,7 +83,6 @@ extern "C" { #define V_ASN1_PRIMATIVE_TAG 0x1f #define V_ASN1_APP_CHOOSE -2 /* let the recipient choose */ -#define V_ASN1_OTHER -3 /* used in ASN1_TYPE */ #define V_ASN1_NEG 0x100 /* negative flag */ diff --git a/crypto/bio/Makefile.ssl b/crypto/bio/Makefile.ssl index af5998b102..17d2314398 100644 --- a/crypto/bio/Makefile.ssl +++ b/crypto/bio/Makefile.ssl @@ -27,13 +27,11 @@ LIBSRC= bio_lib.c bio_cb.c bio_err.c \ bss_file.c bss_sock.c bss_conn.c \ bf_null.c bf_buff.c b_print.c b_dump.c \ b_sock.c bss_acpt.c bf_nbio.c bss_log.c bss_bio.c -# bf_lbuf.c LIBOBJ= bio_lib.o bio_cb.o bio_err.o \ bss_mem.o bss_null.o bss_fd.o \ bss_file.o bss_sock.o bss_conn.o \ bf_null.o bf_buff.o b_print.o b_dump.o \ b_sock.o bss_acpt.o bf_nbio.o bss_log.o bss_bio.o -# bf_lbuf.o SRC= $(LIBSRC) diff --git a/crypto/bio/bf_lbuf.c b/crypto/bio/bf_lbuf.c deleted file mode 100644 index 7bcf8ed941..0000000000 --- a/crypto/bio/bf_lbuf.c +++ /dev/null @@ -1,397 +0,0 @@ -/* crypto/bio/bf_buff.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include <stdio.h> -#include <errno.h> -#include "cryptlib.h" -#include <openssl/bio.h> -#include <openssl/evp.h> - -static int linebuffer_write(BIO *h, const char *buf,int num); -static int linebuffer_read(BIO *h, char *buf, int size); -static int linebuffer_puts(BIO *h, const char *str); -static int linebuffer_gets(BIO *h, char *str, int size); -static long linebuffer_ctrl(BIO *h, int cmd, long arg1, void *arg2); -static int linebuffer_new(BIO *h); -static int linebuffer_free(BIO *data); -static long linebuffer_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); - -/* A 10k maximum should be enough for most purposes */ -#define DEFAULT_LINEBUFFER_SIZE 1024*10 - -/* #define DEBUG */ - -static BIO_METHOD methods_linebuffer= - { - BIO_TYPE_LINEBUFFER, - "linebuffer", - linebuffer_write, - linebuffer_read, - linebuffer_puts, - linebuffer_gets, - linebuffer_ctrl, - linebuffer_new, - linebuffer_free, - linebuffer_callback_ctrl, - }; - -BIO_METHOD *BIO_f_linebuffer(void) - { - return(&methods_linebuffer); - } - -typedef struct bio_linebuffer_ctx_struct - { - char *obuf; /* the output char array */ - int obuf_size; /* how big is the output buffer */ - int obuf_len; /* how many bytes are in it */ - } BIO_LINEBUFFER_CTX; - -static int linebuffer_new(BIO *bi) - { - BIO_LINEBUFFER_CTX *ctx; - - ctx=(BIO_LINEBUFFER_CTX *)OPENSSL_malloc(sizeof(BIO_LINEBUFFER_CTX)); - if (ctx == NULL) return(0); - ctx->obuf=(char *)OPENSSL_malloc(DEFAULT_LINEBUFFER_SIZE); - if (ctx->obuf == NULL) { OPENSSL_free(ctx); return(0); } - ctx->obuf_size=DEFAULT_LINEBUFFER_SIZE; - ctx->obuf_len=0; - - bi->init=1; - bi->ptr=(char *)ctx; - bi->flags=0; - return(1); - } - -static int linebuffer_free(BIO *a) - { - BIO_LINEBUFFER_CTX *b; - - if (a == NULL) return(0); - b=(BIO_LINEBUFFER_CTX *)a->ptr; - if (b->obuf != NULL) OPENSSL_free(b->obuf); - OPENSSL_free(a->ptr); - a->ptr=NULL; - a->init=0; - a->flags=0; - return(1); - } - -static int linebuffer_read(BIO *b, char *out, int outl) - { - int ret=0; - - if (out == NULL) return(0); - if (b->next_bio == NULL) return(0); - ret=BIO_read(b->next_bio,out,outl); - BIO_clear_retry_flags(b); - BIO_copy_next_retry(b); - return(ret); - } - -static int linebuffer_write(BIO *b, const char *in, int inl) - { - int i,num=0,foundnl; - BIO_LINEBUFFER_CTX *ctx; - - if ((in == NULL) || (inl <= 0)) return(0); - ctx=(BIO_LINEBUFFER_CTX *)b->ptr; - if ((ctx == NULL) || (b->next_bio == NULL)) return(0); - - BIO_clear_retry_flags(b); - - do - { - const char *p; - - for(p = in; p < in + inl && *p != '\n'; p++) - ; - if (*p == '\n') - { - p++; - foundnl = 1; - } - else - foundnl = 0; - - /* If a NL was found and we already have text in the save - buffer, concatenate them and write */ - while ((foundnl || p - in > ctx->obuf_size - ctx->obuf_len) - && ctx->obuf_len > 0) - { - int orig_olen = ctx->obuf_len; - - i = ctx->obuf_size - ctx->obuf_len; - if (p - in > 0) - { - if (i >= p - in) - { - memcpy(&(ctx->obuf[ctx->obuf_len]), - in,p - in); - ctx->obuf_len += p - in; - inl -= p - in; - num += p - in; - in = p; - } - else - { - memcpy(&(ctx->obuf[ctx->obuf_len]), - in,i); - ctx->obuf_len += i; - inl -= i; - in += i; - num += i; - } - } - -#ifdef DEBUG -BIO_write(b->next_bio, "<*<", 3); -#endif - i=BIO_write(b->next_bio, - ctx->obuf, ctx->obuf_len); - if (i <= 0) - { - ctx->obuf_len = orig_olen; - BIO_copy_next_retry(b); - -#ifdef DEBUG -BIO_write(b->next_bio, ">*>", 3); -#endif - if (i < 0) return((num > 0)?num:i); - if (i == 0) return(num); - } -#ifdef DEBUG -BIO_write(b->next_bio, ">*>", 3); -#endif - if (i < ctx->obuf_len) - memmove(ctx->obuf, ctx->obuf + i, - ctx->obuf_len - i); - ctx->obuf_len-=i; - } - - /* Now that the save buffer is emptied, let's write the input - buffer if a NL was found and there is anything to write. */ - if ((foundnl || p - in > ctx->obuf_size) && p - in > 0) - { -#ifdef DEBUG -BIO_write(b->next_bio, "<*<", 3); -#endif - i=BIO_write(b->next_bio,in,p - in); - if (i <= 0) - { - BIO_copy_next_retry(b); -#ifdef DEBUG -BIO_write(b->next_bio, ">*>", 3); -#endif - if (i < 0) return((num > 0)?num:i); - if (i == 0) return(num); - } -#ifdef DEBUG -BIO_write(b->next_bio, ">*>", 3); -#endif - num+=i; - in+=i; - inl-=i; - } - } - while(foundnl && inl > 0); - /* We've written as much as we can. The rest of the input buffer, if - any, is text that doesn't and with a NL and therefore needs to be - saved for the next trip. */ - if (inl > 0) - { - memcpy(&(ctx->obuf[ctx->obuf_len]), in, inl); - ctx->obuf_len += inl; - num += inl; - } - return num; - } - -static long linebuffer_ctrl(BIO *b, int cmd, long num, void *ptr) - { - BIO *dbio; - BIO_LINEBUFFER_CTX *ctx; - long ret=1; - char *p; - int r; - int obs; - - ctx=(BIO_LINEBUFFER_CTX *)b->ptr; - - switch (cmd) - { - case BIO_CTRL_RESET: - ctx->obuf_len=0; - if (b->next_bio == NULL) return(0); - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); - break; - case BIO_CTRL_INFO: - ret=(long)ctx->obuf_len; - break; - case BIO_CTRL_WPENDING: - ret=(long)ctx->obuf_len; - if (ret == 0) - { - if (b->next_bio == NULL) return(0); - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); - } - break; - case BIO_C_SET_BUFF_SIZE: - obs=(int)num; - p=ctx->obuf; - if ((obs > DEFAULT_LINEBUFFER_SIZE) && (obs != ctx->obuf_size)) - { - p=(char *)OPENSSL_malloc((int)num); - if (p == NULL) - goto malloc_error; - } - if (ctx->obuf != p) - { - if (ctx->obuf_len > obs) - { - ctx->obuf_len = obs; - } - memcpy(p, ctx->obuf, ctx->obuf_len); - OPENSSL_free(ctx->obuf); - ctx->obuf=p; - ctx->obuf_size=obs; - } - break; - case BIO_C_DO_STATE_MACHINE: - if (b->next_bio == NULL) return(0); - BIO_clear_retry_flags(b); - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); - BIO_copy_next_retry(b); - break; - - case BIO_CTRL_FLUSH: - if (b->next_bio == NULL) return(0); - if (ctx->obuf_len <= 0) - { - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); - break; - } - - for (;;) - { - BIO_clear_retry_flags(b); - if (ctx->obuf_len > 0) - { - r=BIO_write(b->next_bio, - ctx->obuf, ctx->obuf_len); -#if 0 -fprintf(stderr,"FLUSH %3d -> %3d\n",ctx->obuf_len,r); -#endif - BIO_copy_next_retry(b); - if (r <= 0) return((long)r); - if (r < ctx->obuf_len) - memmove(ctx->obuf, ctx->obuf + r, - ctx->obuf_len - r); - ctx->obuf_len-=r; - } - else - { - ctx->obuf_len=0; - ret=1; - break; - } - } - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); - break; - case BIO_CTRL_DUP: - dbio=(BIO *)ptr; - if ( !BIO_set_write_buffer_size(dbio,ctx->obuf_size)) - ret=0; - break; - default: - if (b->next_bio == NULL) return(0); - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); - break; - } - return(ret); -malloc_error: - BIOerr(BIO_F_LINEBUFFER_CTRL,ERR_R_MALLOC_FAILURE); - return(0); - } - -static long linebuffer_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) - { - long ret=1; - - if (b->next_bio == NULL) return(0); - switch (cmd) - { - default: - ret=BIO_callback_ctrl(b->next_bio,cmd,fp); - break; - } - return(ret); - } - -static int linebuffer_gets(BIO *b, char *buf, int size) - { - if (b->next_bio == NULL) return(0); - return(BIO_gets(b->next_bio,buf,size)); - } - -static int linebuffer_puts(BIO *b, const char *str) - { - return(linebuffer_write(b,str,strlen(str))); - } - diff --git a/crypto/bio/bio.h b/crypto/bio/bio.h index 97003b503c..b7ab206777 100644 --- a/crypto/bio/bio.h +++ b/crypto/bio/bio.h @@ -91,7 +91,6 @@ extern "C" { #define BIO_TYPE_NULL_FILTER (17|0x0200) #define BIO_TYPE_BER (18|0x0200) /* BER -> bin filter */ #define BIO_TYPE_BIO (19|0x0400) /* (half a) BIO pair */ -#define BIO_TYPE_LINEBUFFER (20|0x0200) /* filter */ #define BIO_TYPE_DESCRIPTOR 0x0100 /* socket, fd, connect or accept */ #define BIO_TYPE_FILTER 0x0200 @@ -555,9 +554,6 @@ BIO_METHOD *BIO_s_bio(void); BIO_METHOD *BIO_s_null(void); BIO_METHOD *BIO_f_null(void); BIO_METHOD *BIO_f_buffer(void); -#ifdef VMS -BIO_METHOD *BIO_f_linebuffer(void); -#endif BIO_METHOD *BIO_f_nbio_test(void); /* BIO_METHOD *BIO_f_ber(void); */ @@ -644,7 +640,6 @@ int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args); #define BIO_F_CONN_CTRL 127 #define BIO_F_CONN_STATE 115 #define BIO_F_FILE_CTRL 116 -#define BIO_F_LINEBUFFER_CTRL 129 #define BIO_F_MEM_READ 128 #define BIO_F_MEM_WRITE 117 #define BIO_F_SSL_NEW 118 diff --git a/crypto/bio/bio_err.c b/crypto/bio/bio_err.c index bb815fb1e6..fb99195471 100644 --- a/crypto/bio/bio_err.c +++ b/crypto/bio/bio_err.c @@ -91,7 +91,6 @@ static ERR_STRING_DATA BIO_str_functs[]= {ERR_PACK(0,BIO_F_CONN_CTRL,0), "CONN_CTRL"}, {ERR_PACK(0,BIO_F_CONN_STATE,0), "CONN_STATE"}, {ERR_PACK(0,BIO_F_FILE_CTRL,0), "FILE_CTRL"}, -{ERR_PACK(0,BIO_F_LINEBUFFER_CTRL,0), "LINEBUFFER_CTRL"}, {ERR_PACK(0,BIO_F_MEM_READ,0), "MEM_READ"}, {ERR_PACK(0,BIO_F_MEM_WRITE,0), "MEM_WRITE"}, {ERR_PACK(0,BIO_F_SSL_NEW,0), "SSL_new"}, diff --git a/crypto/bio/bss_conn.c b/crypto/bio/bss_conn.c index a6b77a2cb9..e092528b3e 100644 --- a/crypto/bio/bss_conn.c +++ b/crypto/bio/bss_conn.c @@ -236,7 +236,7 @@ static int conn_state(BIO *b, BIO_CONNECT *c) } c->state=BIO_CONN_S_CONNECT; -#if defined(SO_KEEPALIVE) && !defined(MPE) +#ifdef SO_KEEPALIVE i=1; i=setsockopt(b->num,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i)); if (i < 0) diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c index 8cf1febacc..ca58ad33d2 100644 --- a/crypto/bn/bn_mont.c +++ b/crypto/bn/bn_mont.c @@ -85,7 +85,16 @@ int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b, if (a == b) { +#if 1 + bn_wexpand(tmp,a->top*2); + bn_wexpand(tmp2,a->top*4); + bn_sqr_recursive(tmp->d,a->d,a->top,tmp2->d); + tmp->top=a->top*2; + if (tmp->top > 0 && tmp->d[tmp->top-1] == 0) + tmp->top--; +#else if (!BN_sqr(tmp,a,ctx)) goto err; +#endif } else { diff --git a/crypto/bn/bn_sqr.c b/crypto/bn/bn_sqr.c index 75f4f38392..fe00c5f69a 100644 --- a/crypto/bn/bn_sqr.c +++ b/crypto/bn/bn_sqr.c @@ -188,7 +188,7 @@ void bn_sqr_normal(BN_ULONG *r, BN_ULONG *a, int n, BN_ULONG *tmp) #ifdef BN_RECURSION /* r is 2*n words in size, - * a and b are both n words in size. (There's not actually a 'b' here ...) + * a and b are both n words in size. * n must be a power of 2. * We multiply and return the result. * t must be 2*n words in size diff --git a/crypto/crypto-lib.com b/crypto/crypto-lib.com index edffeffde1..73337b3d9a 100644 --- a/crypto/crypto-lib.com +++ b/crypto/crypto-lib.com @@ -211,8 +211,7 @@ $ LIB_BIO = "bio_lib,bio_cb,bio_err,"+ - "bss_mem,bss_null,bss_fd,"+ - "bss_file,bss_sock,bss_conn,"+ - "bf_null,bf_buff,b_print,b_dump,"+ - - "b_sock,bss_acpt,bf_nbio,bss_rtcp,bss_bio,bss_log,"+ - - "bf_lbuf" + "b_sock,bss_acpt,bf_nbio,bss_rtcp,bss_bio,bss_log" $ LIB_STACK = "stack" $ LIB_LHASH = "lhash,lh_stats" $ LIB_RAND = "md_rand,randfile,rand_lib,rand_err,rand_egd,rand_win" diff --git a/crypto/des/read_pwd.c b/crypto/des/read_pwd.c index c27ec336e7..9555abe3a5 100644 --- a/crypto/des/read_pwd.c +++ b/crypto/des/read_pwd.c @@ -271,9 +271,7 @@ int des_read_pw(char *buf, char *buff, int size, const char *prompt, #elif defined(MAC_OS_pre_X) tty=stdin; #else -#ifndef MPE if ((tty=fopen("/dev/tty","r")) == NULL) -#endif tty=stdin; #endif @@ -314,12 +312,8 @@ int des_read_pw(char *buf, char *buff, int size, const char *prompt, #if defined(TTY_set) && !defined(VMS) if (is_a_tty && (TTY_set(fileno(tty),&tty_new) == -1)) -#ifdef MPE - ; /* MPE lies -- echo really has been disabled */ -#else return(-1); #endif -#endif #ifdef VMS tty_new[0] = tty_orig[0]; tty_new[1] = tty_orig[1] | TT$M_NOECHO; diff --git a/crypto/dso/dso_vms.c b/crypto/dso/dso_vms.c index 8ff7090129..d2c06ddafa 100644 --- a/crypto/dso/dso_vms.c +++ b/crypto/dso/dso_vms.c @@ -340,7 +340,7 @@ static void *vms_bind_var(DSO *dso, const char *symname) static DSO_FUNC_TYPE vms_bind_func(DSO *dso, const char *symname) { DSO_FUNC_TYPE sym = 0; - vms_bind_sym(dso, symname, (void **)&sym); + vms_bind_sym(dso, symname, &sym); return sym; } diff --git a/crypto/install.com b/crypto/install.com index 8c283c4ceb..ea97665471 100644 --- a/crypto/install.com +++ b/crypto/install.com @@ -34,7 +34,7 @@ $ IF F$PARSE("WRK_SSLINCLUDE:") .EQS. "" THEN - $ $ SDIRS := ,MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,- DES,RC2,RC4,RC5,IDEA,BF,CAST,- - BN,RSA,DSA,DH,DSO,- + BN,RSA,DSA,DH,DSO,ENGINE,- BUFFER,BIO,STACK,LHASH,RAND,ERR,OBJECTS,- EVP,ASN1,PEM,X509,X509V3,CONF,TXT_DB,PKCS7,PKCS12,COMP $ EXHEADER_ := crypto.h,tmdiff.h,opensslv.h,opensslconf.h,ebcdic.h,symhacks.h @@ -57,6 +57,7 @@ $ EXHEADER_RSA := rsa.h $ EXHEADER_DSA := dsa.h $ EXHEADER_DH := dh.h $ EXHEADER_DSO := dso.h +$ EXHEADER_ENGINE := engine.h $ EXHEADER_BUFFER := buffer.h $ EXHEADER_BIO := bio.h $ EXHEADER_STACK := stack.h,safestack.h diff --git a/crypto/opensslv.h b/crypto/opensslv.h index 71b53efd51..938fc80b7e 100644 --- a/crypto/opensslv.h +++ b/crypto/opensslv.h @@ -25,8 +25,8 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -#define OPENSSL_VERSION_NUMBER 0x0090600fL -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.6 24 Sep 2000" +#define OPENSSL_VERSION_NUMBER 0x00906002L +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.6-beta2 17 Sep 2000" #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c index d716f9faeb..2ececcd07e 100644 --- a/crypto/pkcs7/pk7_smime.c +++ b/crypto/pkcs7/pk7_smime.c @@ -172,17 +172,12 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_CONTENT); return 0; } -#if 0 - /* NB: this test commented out because some versions of Netscape - * illegally include zero length content when signing data. - */ /* Check for data and content: two sets of data */ if(!PKCS7_get_detached(p7) && indata) { PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CONTENT_AND_DATA_PRESENT); return 0; } -#endif sinfos = PKCS7_get_signer_info(p7); diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c index 9f2dcff9a9..5ef197341f 100644 --- a/crypto/rand/rand_win.c +++ b/crypto/rand/rand_win.c @@ -171,16 +171,9 @@ typedef BOOL (WINAPI *MODULE32)(HANDLE, LPMODULEENTRY32); #include <lmcons.h> #include <lmstats.h> -#if 1 /* The NET API is Unicode only. It requires the use of the UNICODE - * macro. When UNICODE is defined LPTSTR becomes LPWSTR. LMSTR was - * was added to the Platform SDK to allow the NET API to be used in - * non-Unicode applications provided that Unicode strings were still - * used for input. LMSTR is defined as LPWSTR. - */ typedef NET_API_STATUS (NET_API_FUNCTION * NETSTATGET) - (LPWSTR, LPWSTR, DWORD, DWORD, LPBYTE*); + (LMSTR, LMSTR, DWORD, DWORD, LPBYTE*); typedef NET_API_STATUS (NET_API_FUNCTION * NETFREE)(LPBYTE); -#endif /* 1 */ int RAND_poll(void) { @@ -191,34 +184,18 @@ int RAND_poll(void) HWND h; HMODULE advapi, kernel, user, netapi; - CRYPTACQUIRECONTEXT acquire = 0; - CRYPTGENRANDOM gen = 0; - CRYPTRELEASECONTEXT release = 0; -#if 1 /* There was previously a problem with NETSTATGET. Currently, this - * section is still experimental, but if all goes well, this conditional - * will be removed - */ - NETSTATGET netstatget = 0; - NETFREE netfree = 0; -#endif /* 1 */ - - /* Determine the OS version we are on so we can turn off things - * that do not work properly. - */ - OSVERSIONINFO osverinfo ; - osverinfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO) ; - GetVersionEx( &osverinfo ) ; + CRYPTACQUIRECONTEXT acquire; + CRYPTGENRANDOM gen; + CRYPTRELEASECONTEXT release; + NETSTATGET netstatget; + NETFREE netfree; /* load functions dynamically - not available on all systems */ - advapi = LoadLibrary("ADVAPI32.DLL"); - kernel = LoadLibrary("KERNEL32.DLL"); - user = LoadLibrary("USER32.DLL"); - netapi = LoadLibrary("NETAPI32.DLL"); - -#if 1 /* There was previously a problem with NETSTATGET. Currently, this - * section is still experimental, but if all goes well, this conditional - * will be removed - */ + advapi = GetModuleHandle("ADVAPI32.DLL"); + kernel = GetModuleHandle("KERNEL32.DLL"); + user = GetModuleHandle("USER32.DLL"); + netapi = GetModuleHandle("NETAPI32.DLL"); + if (netapi) { netstatget = (NETSTATGET) GetProcAddress(netapi,"NetStatisticsGet"); @@ -228,68 +205,49 @@ int RAND_poll(void) if (netstatget && netfree) { LPBYTE outbuf; - /* NetStatisticsGet() is a Unicode only function - * STAT_WORKSTATION_0 contains 45 fields and STAT_SERVER_0 - * contains 17 fields. We treat each field as a source of - * one byte of entropy. - */ - + /* NetStatisticsGet() is a Unicode only function */ if (netstatget(NULL, L"LanmanWorkstation", 0, 0, &outbuf) == 0) { - RAND_add(outbuf, sizeof(STAT_WORKSTATION_0), 45); + RAND_add(outbuf, sizeof(STAT_WORKSTATION_0), 0); netfree(outbuf); } if (netstatget(NULL, L"LanmanServer", 0, 0, &outbuf) == 0) { - RAND_add(outbuf, sizeof(STAT_SERVER_0), 17); + RAND_add(outbuf, sizeof(STAT_SERVER_0), 0); netfree(outbuf); } } - if (netapi) - FreeLibrary(netapi); -#endif /* 1 */ - - /* It appears like this can cause an exception deep within ADVAPI32.DLL - * at random times on Windows 2000. Reported by Jeffrey Altman. - * Only use it on NT. - */ - if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT && - osverinfo.dwMajorVersion < 5) + /* Read Performance Statistics from NT/2000 registry */ + /* The size of the performance data can vary from call to call */ + /* so we must guess the size of the buffer to use and increase */ + /* its size if we get an ERROR_MORE_DATA return instead of */ + /* ERROR_SUCCESS. */ + { + LONG rc=ERROR_MORE_DATA; + char * buf=NULL; + DWORD bufsz=0; + DWORD length; + + while (rc == ERROR_MORE_DATA) { - /* Read Performance Statistics from NT/2000 registry - * The size of the performance data can vary from call - * to call so we must guess the size of the buffer to use - * and increase its size if we get an ERROR_MORE_DATA - * return instead of ERROR_SUCCESS. - */ - LONG rc=ERROR_MORE_DATA; - char * buf=NULL; - DWORD bufsz=0; - DWORD length; - - while (rc == ERROR_MORE_DATA) - { - buf = realloc(buf,bufsz+8192); - if (!buf) - break; - bufsz += 8192; - - length = bufsz; - rc = RegQueryValueEx(HKEY_PERFORMANCE_DATA, "Global", - NULL, NULL, buf, &length); - } - if (rc == ERROR_SUCCESS) - { - /* For entropy count assume only least significant - * byte of each DWORD is random. - */ - RAND_add(&length, sizeof(length), 0); - RAND_add(buf, length, length / 4.0); - } - if (buf) - free(buf); + buf = realloc(buf,bufsz+8192); + if (!buf) + break; + bufsz += 8192; + + length = bufsz; + rc = RegQueryValueEx(HKEY_PERFORMANCE_DATA, "Global", + NULL, NULL, buf, &length); + } + if (rc == ERROR_SUCCESS) + { + RAND_add(&length, sizeof(length), 0); + RAND_add(buf, length, 0); } + if ( buf ) + free(buf); + } if (advapi) { @@ -304,13 +262,12 @@ int RAND_poll(void) if (acquire && gen && release) { /* poll the CryptoAPI PRNG */ - /* The CryptoAPI returns sizeof(buf) bytes of randomness */ if (acquire(&hProvider, 0, 0, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) { if (gen(hProvider, sizeof(buf), buf) != 0) { - RAND_add(buf, sizeof(buf), sizeof(buf)); + RAND_add(buf, sizeof(buf), 0); #ifdef DEBUG printf("randomness from PROV_RSA_FULL\n"); #endif @@ -323,7 +280,7 @@ int RAND_poll(void) { if (gen(hProvider, sizeof(buf), buf) != 0) { - RAND_add(buf, sizeof(buf), sizeof(buf)); + RAND_add(buf, sizeof(buf), 0); #ifdef DEBUG printf("randomness from PROV_INTEL_SEC\n"); #endif @@ -332,9 +289,6 @@ int RAND_poll(void) } } - if (advapi) - FreeLibrary(advapi); - /* timer data */ readtimer(); @@ -344,7 +298,7 @@ int RAND_poll(void) /* process ID */ w = GetCurrentProcessId(); - RAND_add(&w, sizeof(w), 1); + RAND_add(&w, sizeof(w), 0); if (user) { @@ -357,40 +311,42 @@ int RAND_poll(void) queue = (GETQUEUESTATUS) GetProcAddress(user, "GetQueueStatus"); if (win) - { + { /* window handle */ h = win(); RAND_add(&h, sizeof(h), 0); - } + } + if (cursor) { /* unfortunately, its not safe to call GetCursorInfo() * on NT4 even though it exists in SP3 (or SP6) and * higher. */ + OSVERSIONINFO osverinfo ; + osverinfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO) ; + GetVersionEx( &osverinfo ) ; + if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT && osverinfo.dwMajorVersion < 5) cursor = 0; } + if (cursor) { /* cursor position */ - /* assume 2 bytes of entropy */ CURSORINFO ci; ci.cbSize = sizeof(CURSORINFO); if (cursor(&ci)) - RAND_add(&ci, ci.cbSize, 2); + RAND_add(&ci, ci.cbSize, 0); } if (queue) { /* message queue status */ - /* assume 1 byte of entropy */ w = queue(QS_ALLEVENTS); - RAND_add(&w, sizeof(w), 1); + RAND_add(&w, sizeof(w), 0); } - - FreeLibrary(user); } /* Toolhelp32 snapshot: enumerate processes, threads, modules and heap @@ -425,7 +381,7 @@ int RAND_poll(void) MODULEENTRY32 m; snap = (CREATETOOLHELP32SNAPSHOT) - GetProcAddress(kernel, "CreateToolhelp32Snapshot"); + GetProcAddress(kernel, "CreateToolhelp32Snapshot"); heap_first = (HEAP32FIRST) GetProcAddress(kernel, "Heap32First"); heap_next = (HEAP32NEXT) GetProcAddress(kernel, "Heap32Next"); heaplist_first = (HEAP32LIST) GetProcAddress(kernel, "Heap32ListFirst"); @@ -444,18 +400,11 @@ int RAND_poll(void) != NULL) { /* heap list and heap walking */ - /* HEAPLIST32 contains 3 fields that will change with - * each entry. Consider each field a source of 1 byte - * of entropy. - * HEAPENTRY32 contains 5 fields that will change with - * each entry. Consider each field a source of 1 byte - * of entropy. - */ hlist.dwSize = sizeof(HEAPLIST32); if (heaplist_first(handle, &hlist)) do { - RAND_add(&hlist, hlist.dwSize, 3); + RAND_add(&hlist, hlist.dwSize, 0); hentry.dwSize = sizeof(HEAPENTRY32); if (heap_first(&hentry, hlist.th32ProcessID, @@ -464,50 +413,36 @@ int RAND_poll(void) int entrycnt = 50; do RAND_add(&hentry, - hentry.dwSize, 5); + hentry.dwSize, 0); while (heap_next(&hentry) && --entrycnt > 0); } } while (heaplist_next(handle, &hlist)); - + /* process walking */ - /* PROCESSENTRY32 contains 9 fields that will change - * with each entry. Consider each field a source of - * 1 byte of entropy. - */ p.dwSize = sizeof(PROCESSENTRY32); if (process_first(handle, &p)) do - RAND_add(&p, p.dwSize, 9); + RAND_add(&p, p.dwSize, 0); while (process_next(handle, &p)); - + /* thread walking */ - /* THREADENTRY32 contains 6 fields that will change - * with each entry. Consider each field a source of - * 1 byte of entropy. - */ t.dwSize = sizeof(THREADENTRY32); if (thread_first(handle, &t)) do - RAND_add(&t, t.dwSize, 6); + RAND_add(&t, t.dwSize, 0); while (thread_next(handle, &t)); - + /* module walking */ - /* MODULEENTRY32 contains 9 fields that will change - * with each entry. Consider each field a source of - * 1 byte of entropy. - */ m.dwSize = sizeof(MODULEENTRY32); if (module_first(handle, &m)) do - RAND_add(&m, m.dwSize, 9); + RAND_add(&m, m.dwSize, 1); while (module_next(handle, &m)); - + CloseHandle(handle); } - - FreeLibrary(kernel); } #ifdef DEBUG @@ -567,12 +502,11 @@ void RAND_screen(void) /* function available for backward compatibility */ /* feed timing information to the PRNG */ static void readtimer(void) { - DWORD w; + DWORD w, cyclecount; LARGE_INTEGER l; static int have_perfc = 1; #ifndef __GNUC__ static int have_tsc = 1; - DWORD cyclecount; if (have_tsc) { __try { diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 0f4110cc64..db62c9f6a3 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -339,15 +339,16 @@ static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer) ret = X509_check_issued(issuer, x); if (ret == X509_V_OK) return 1; - /* If we haven't asked for issuer errors don't set ctx */ - if (!(ctx->flags & X509_V_FLAG_CB_ISSUER_CHECK)) - return 0; - - ctx->error = ret; - ctx->current_cert = x; - ctx->current_issuer = issuer; - if (ctx->verify_cb) - return ctx->verify_cb(0, ctx); + else + { + ctx->error = ret; + ctx->current_cert = x; + ctx->current_issuer = issuer; + if ((ctx->flags & X509_V_FLAG_CB_ISSUER_CHECK) && ctx->verify_cb) + return ctx->verify_cb(0, ctx); + else + return 0; + } return 0; } diff --git a/demos/pkcs12/README b/demos/pkcs12/README deleted file mode 100644 index c87434b04f..0000000000 --- a/demos/pkcs12/README +++ /dev/null @@ -1,3 +0,0 @@ -PKCS#12 demo applications - -Written by Steve Henson. diff --git a/demos/pkcs12/pkread.c b/demos/pkcs12/pkread.c deleted file mode 100644 index 8e1b686312..0000000000 --- a/demos/pkcs12/pkread.c +++ /dev/null @@ -1,61 +0,0 @@ -/* pkread.c */ - -#include <stdio.h> -#include <stdlib.h> -#include <openssl/pem.h> -#include <openssl/err.h> -#include <openssl/pkcs12.h> - -/* Simple PKCS#12 file reader */ - -int main(int argc, char **argv) -{ - FILE *fp; - EVP_PKEY *pkey; - X509 *cert; - STACK_OF(X509) *ca = NULL; - PKCS12 *p12; - int i; - if (argc != 4) { - fprintf(stderr, "Usage: pkread p12file password opfile\n"); - exit (1); - } - SSLeay_add_all_algorithms(); - ERR_load_crypto_strings(); - if (!(fp = fopen(argv[1], "rb"))) { - fprintf(stderr, "Error opening file %s\n", argv[1]); - exit(1); - } - p12 = d2i_PKCS12_fp(fp, NULL); - fclose (fp); - if (!p12) { - fprintf(stderr, "Error reading PKCS#12 file\n"); - ERR_print_errors_fp(stderr); - exit (1); - } - if (!PKCS12_parse(p12, argv[2], &pkey, &cert, &ca)) { - fprintf(stderr, "Error parsing PKCS#12 file\n"); - ERR_print_errors_fp(stderr); - exit (1); - } - PKCS12_free(p12); - if (!(fp = fopen(argv[3], "w"))) { - fprintf(stderr, "Error opening file %s\n", argv[1]); - exit(1); - } - if (pkey) { - fprintf(fp, "***Private Key***\n"); - PEM_write_PrivateKey(fp, pkey, NULL, NULL, 0, NULL, NULL); - } - if (cert) { - fprintf(fp, "***User Certificate***\n"); - PEM_write_X509_AUX(fp, cert); - } - if (ca && sk_num(ca)) { - fprintf(fp, "***Other Certificates***\n"); - for (i = 0; i < sk_X509_num(ca); i++) - PEM_write_X509_AUX(fp, sk_X509_value(ca, i)); - } - fclose(fp); - return 0; -} diff --git a/demos/pkcs12/pkwrite.c b/demos/pkcs12/pkwrite.c deleted file mode 100644 index 15f839d1eb..0000000000 --- a/demos/pkcs12/pkwrite.c +++ /dev/null @@ -1,46 +0,0 @@ -/* pkwrite.c */ - -#include <stdio.h> -#include <stdlib.h> -#include <openssl/pem.h> -#include <openssl/err.h> -#include <openssl/pkcs12.h> - -/* Simple PKCS#12 file creator */ - -int main(int argc, char **argv) -{ - FILE *fp; - EVP_PKEY *pkey; - X509 *cert; - PKCS12 *p12; - if (argc != 5) { - fprintf(stderr, "Usage: pkwrite infile password name p12file\n"); - exit(1); - } - SSLeay_add_all_algorithms(); - ERR_load_crypto_strings(); - if (!(fp = fopen(argv[1], "r"))) { - fprintf(stderr, "Error opening file %s\n", argv[1]); - exit(1); - } - cert = PEM_read_X509(fp, NULL, NULL, NULL); - rewind(fp); - pkey = PEM_read_PrivateKey(fp, NULL, NULL, NULL); - fclose(fp); - p12 = PKCS12_create(argv[2], argv[3], pkey, cert, NULL, 0,0,0,0,0); - if(!p12) { - fprintf(stderr, "Error creating PKCS#12 structure\n"); - ERR_print_errors_fp(stderr); - exit(1); - } - if (!(fp = fopen(argv[4], "wb"))) { - fprintf(stderr, "Error opening file %s\n", argv[1]); - ERR_print_errors_fp(stderr); - exit(1); - } - i2d_PKCS12_fp(fp, p12); - PKCS12_free(p12); - fclose(fp); - return 0; -} diff --git a/demos/state_machine/.cvsignore b/demos/state_machine/.cvsignore deleted file mode 100644 index 9aef0f5d4c..0000000000 --- a/demos/state_machine/.cvsignore +++ /dev/null @@ -1 +0,0 @@ -state_machine diff --git a/demos/state_machine/Makefile b/demos/state_machine/Makefile deleted file mode 100644 index c7a114540d..0000000000 --- a/demos/state_machine/Makefile +++ /dev/null @@ -1,9 +0,0 @@ -CFLAGS=-I../../include -Wall -Werror -g - -all: state_machine - -state_machine: state_machine.o - $(CC) -o state_machine state_machine.o -L../.. -lssl -lcrypto - -test: state_machine - ./state_machine 10000 ../../apps/server.pem ../../apps/server.pem diff --git a/demos/state_machine/state_machine.c b/demos/state_machine/state_machine.c deleted file mode 100644 index 0140fbca70..0000000000 --- a/demos/state_machine/state_machine.c +++ /dev/null @@ -1,395 +0,0 @@ -/* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -/* - * Nuron, a leader in hardware encryption technology, generously - * sponsored the development of this demo by Ben Laurie. - * - * See http://www.nuron.com/. - */ - -/* - * the aim of this demo is to provide a fully working state-machine - * style SSL implementation, i.e. one where the main loop acquires - * some data, then converts it from or to SSL by feeding it into the - * SSL state machine. It then does any I/O required by the state machine - * and loops. - * - * In order to keep things as simple as possible, this implementation - * listens on a TCP socket, which it expects to get an SSL connection - * on (for example, from s_client) and from then on writes decrypted - * data to stdout and encrypts anything arriving on stdin. Verbose - * commentary is written to stderr. - * - * This implementation acts as a server, but it can also be done for a client. */ - -#include <openssl/ssl.h> -#include <assert.h> -#include <unistd.h> -#include <string.h> -#include <openssl/err.h> -#include <sys/types.h> -#include <sys/socket.h> -#include <netinet/in.h> - -/* die_unless is intended to work like assert, except that it happens - always, even if NDEBUG is defined. Use assert as a stopgap. */ - -#define die_unless(x) assert(x) - -typedef struct - { - SSL_CTX *pCtx; - BIO *pbioRead; - BIO *pbioWrite; - SSL *pSSL; - } SSLStateMachine; - -void SSLStateMachine_print_error(SSLStateMachine *pMachine,const char *szErr) - { - unsigned long l; - - fprintf(stderr,"%s\n",szErr); - while((l=ERR_get_error())) - { - char buf[1024]; - - ERR_error_string_n(l,buf,sizeof buf); - fprintf(stderr,"Error %lx: %s\n",l,buf); - } - } - -SSLStateMachine *SSLStateMachine_new(const char *szCertificateFile, - const char *szKeyFile) - { - SSLStateMachine *pMachine=malloc(sizeof *pMachine); - int n; - - die_unless(pMachine); - - pMachine->pCtx=SSL_CTX_new(SSLv23_server_method()); - die_unless(pMachine->pCtx); - - n=SSL_CTX_use_certificate_file(pMachine->pCtx,szCertificateFile, - SSL_FILETYPE_PEM); - die_unless(n > 0); - - n=SSL_CTX_use_PrivateKey_file(pMachine->pCtx,szKeyFile,SSL_FILETYPE_PEM); - die_unless(n > 0); - - pMachine->pSSL=SSL_new(pMachine->pCtx); - die_unless(pMachine->pSSL); - - pMachine->pbioRead=BIO_new(BIO_s_mem()); - - pMachine->pbioWrite=BIO_new(BIO_s_mem()); - - SSL_set_bio(pMachine->pSSL,pMachine->pbioRead,pMachine->pbioWrite); - - SSL_set_accept_state(pMachine->pSSL); - - return pMachine; - } - -void SSLStateMachine_read_inject(SSLStateMachine *pMachine, - const unsigned char *aucBuf,int nBuf) - { - int n=BIO_write(pMachine->pbioRead,aucBuf,nBuf); - /* If it turns out this assert fails, then buffer the data here - * and just feed it in in churn instead. Seems to me that it - * should be guaranteed to succeed, though. - */ - assert(n == nBuf); - fprintf(stderr,"%d bytes of encrypted data fed to state machine\n",n); - } - -int SSLStateMachine_read_extract(SSLStateMachine *pMachine, - unsigned char *aucBuf,int nBuf) - { - int n; - - if(!SSL_is_init_finished(pMachine->pSSL)) - { - fprintf(stderr,"Doing SSL_accept\n"); - n=SSL_accept(pMachine->pSSL); - if(n == 0) - fprintf(stderr,"SSL_accept returned zero\n"); - if(n < 0) - { - int err; - - if((err=SSL_get_error(pMachine->pSSL,n)) == SSL_ERROR_WANT_READ) - { - fprintf(stderr,"SSL_accept wants more data\n"); - return 0; - } - - SSLStateMachine_print_error(pMachine,"SSL_accept error"); - exit(7); - } - return 0; - } - - n=SSL_read(pMachine->pSSL,aucBuf,nBuf); - if(n < 0) - { - int err=SSL_get_error(pMachine->pSSL,n); - - if(err == SSL_ERROR_WANT_READ) - { - fprintf(stderr,"SSL_read wants more data\n"); - return 0; - } - } - - fprintf(stderr,"%d bytes of decrypted data read from state machine\n",n); - return n; - } - -int SSLStateMachine_write_can_extract(SSLStateMachine *pMachine) - { - int n=BIO_pending(pMachine->pbioWrite); - if(n) - fprintf(stderr,"There is encrypted data available to write\n"); - else - fprintf(stderr,"There is no encrypted data available to write\n"); - - return n; - } - -int SSLStateMachine_write_extract(SSLStateMachine *pMachine, - unsigned char *aucBuf,int nBuf) - { - int n; - - n=BIO_read(pMachine->pbioWrite,aucBuf,nBuf); - fprintf(stderr,"%d bytes of encrypted data read from state machine\n",n); - return n; - } - -void SSLStateMachine_write_inject(SSLStateMachine *pMachine, - const unsigned char *aucBuf,int nBuf) - { - int n=SSL_write(pMachine->pSSL,aucBuf,nBuf); - /* If it turns out this assert fails, then buffer the data here - * and just feed it in in churn instead. Seems to me that it - * should be guaranteed to succeed, though. - */ - assert(n == nBuf); - fprintf(stderr,"%d bytes of unencrypted data fed to state machine\n",n); - } - -int OpenSocket(int nPort) - { - int nSocket; - struct sockaddr_in saServer; - struct sockaddr_in saClient; - int one=1; - int nSize; - int nFD; - int nLen; - - nSocket=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP); - if(nSocket < 0) - { - perror("socket"); - exit(1); - } - - if(setsockopt(nSocket,SOL_SOCKET,SO_REUSEADDR,(char *)&one,sizeof one) < 0) - { - perror("setsockopt"); - exit(2); - } - - memset(&saServer,0,sizeof saServer); - saServer.sin_family=AF_INET; - saServer.sin_port=htons(nPort); - nSize=sizeof saServer; - if(bind(nSocket,(struct sockaddr *)&saServer,nSize) < 0) - { - perror("bind"); - exit(3); - } - - if(listen(nSocket,512) < 0) - { - perror("listen"); - exit(4); - } - - nLen=sizeof saClient; - nFD=accept(nSocket,(struct sockaddr *)&saClient,&nLen); - if(nFD < 0) - { - perror("accept"); - exit(5); - } - - fprintf(stderr,"Incoming accepted on port %d\n",nPort); - - return nFD; - } - -int main(int argc,char **argv) - { - SSLStateMachine *pMachine; - int nPort; - int nFD; - const char *szCertificateFile; - const char *szKeyFile; - - if(argc != 4) - { - fprintf(stderr,"%s <port> <certificate file> <key file>\n",argv[0]); - exit(6); - } - - nPort=atoi(argv[1]); - szCertificateFile=argv[2]; - szKeyFile=argv[3]; - - SSL_library_init(); - OpenSSL_add_ssl_algorithms(); - SSL_load_error_strings(); - ERR_load_crypto_strings(); - - nFD=OpenSocket(nPort); - - pMachine=SSLStateMachine_new(szCertificateFile,szKeyFile); - - for( ; ; ) - { - fd_set rfds,wfds; - unsigned char buf[1024]; - int n; - - FD_ZERO(&rfds); - FD_ZERO(&wfds); - - /* Select socket for input */ - FD_SET(nFD,&rfds); - - /* Select socket for output */ - if(SSLStateMachine_write_can_extract(pMachine)) - FD_SET(nFD,&wfds); - - /* Select stdin for input */ - FD_SET(0,&rfds); - - /* Wait for something to do something */ - n=select(nFD+1,&rfds,&wfds,NULL,NULL); - assert(n > 0); - - /* Socket is ready for input */ - if(FD_ISSET(nFD,&rfds)) - { - n=read(nFD,buf,sizeof buf); - if(n == 0) - { - fprintf(stderr,"Got EOF on socket\n"); - exit(0); - } - assert(n > 0); - - SSLStateMachine_read_inject(pMachine,buf,n); - } - - /* FIXME: we should only extract if stdout is ready */ - n=SSLStateMachine_read_extract(pMachine,buf,n); - if(n < 0) - { - SSLStateMachine_print_error(pMachine,"read extract failed"); - break; - } - assert(n >= 0); - if(n > 0) - { - int w; - - w=write(1,buf,n); - /* FIXME: we should push back any unwritten data */ - assert(w == n); - } - - /* Socket is ready for output (and therefore we have output to send) */ - if(FD_ISSET(nFD,&wfds)) - { - int w; - - n=SSLStateMachine_write_extract(pMachine,buf,sizeof buf); - assert(n > 0); - - w=write(nFD,buf,n); - /* FIXME: we should push back any unwritten data */ - assert(w == n); - } - - /* Stdin is ready for input */ - if(FD_ISSET(0,&rfds)) - { - n=read(0,buf,sizeof buf); - if(n == 0) - { - fprintf(stderr,"Got EOF on stdin\n"); - exit(0); - } - assert(n > 0); - - SSLStateMachine_write_inject(pMachine,buf,n); - } - } - /* not reached */ - return 0; - } diff --git a/doc/apps/smime.pod b/doc/apps/smime.pod index ce99b5c345..4ab53322c5 100644 --- a/doc/apps/smime.pod +++ b/doc/apps/smime.pod @@ -325,7 +325,7 @@ Send encrypted mail using triple DES: Sign and encrypt mail: openssl smime -sign -in ml.txt -signer my.pem -text \ - | openssl smime -encrypt -out mail.msg \ + | openssl -encrypt -out mail.msg \ -from steve@openssl.org -to someone@somewhere \ -subject "Signed and Encrypted message" -des3 user.pem diff --git a/doc/crypto/BIO_ctrl.pod b/doc/crypto/BIO_ctrl.pod index 722e8b8f46..acc46db8ce 100644 --- a/doc/crypto/BIO_ctrl.pod +++ b/doc/crypto/BIO_ctrl.pod @@ -47,8 +47,8 @@ BIO_reset() typically resets a BIO to some initial state, in the case of file related BIOs for example it rewinds the file pointer to the start of the file. -BIO_seek() resets a file related BIO's (that is file descriptor and -FILE BIOs) file position pointer to B<ofs> bytes from start of file. +BIO_seek() resets a file related BIO's file position pointer to B<ofs> +bytes from start of file. BIO_tell() returns the current file position of a file related BIO. @@ -73,12 +73,10 @@ macros which call BIO_ctrl(). =head1 RETURN VALUES -BIO_reset() normally returns 1 for success and 0 or -1 for failure. File -BIOs are an exception, they return 0 for success and -1 for failure. +BIO_reset() returns 1 for success and 0 for failure. BIO_seek() and BIO_tell() both return the current file position on success -and -1 for failure, except file BIOs which for BIO_seek() always return 0 -for success and -1 for failure. +and -1 for failure. BIO_flush() returns 1 for success and 0 or -1 for failure. @@ -104,24 +102,14 @@ case of a file BIO some data may be available in the FILE structures internal buffers but it is not possible to determine this in a portably way. For other types of BIO they may not be supported. -Filter BIOs if they do not internally handle a particular BIO_ctrl() +Filter BIOs if the do not internally handle a particular BIO_ctrl() operation usually pass the operation to the next BIO in the chain. This often means there is no need to locate the required BIO for a particular operation, it can be called on a chain and it will -be automatically passed to the relevant BIO. However this can cause -unexpected results: for example no current filter BIOs implement -BIO_seek(), but this may still succeed if the chain ends in a FILE -or file descriptor BIO. +be automatically passed to the relevant BIO. -Source/sink BIOs return an 0 if they do not recognize the BIO_ctrl() -operation. - -=head1 BUGS - -Some of the return values are ambiguous and care should be taken. In -particular a return value of 0 can be returned if an operation is not -supported, if an error occurred, if EOF has not been reached and in -the case of BIO_seek() on a file BIO for a successful operation. +Source/sink BIOs will return an error if the do not recognize the +BIO_ctrl() operation. =head1 SEE ALSO diff --git a/doc/crypto/BIO_f_buffer.pod b/doc/crypto/BIO_f_buffer.pod deleted file mode 100644 index c9093c6a57..0000000000 --- a/doc/crypto/BIO_f_buffer.pod +++ /dev/null @@ -1,69 +0,0 @@ -=pod - -=head1 NAME - -BIO_f_buffer - buffering BIO - -=head1 SYNOPSIS - - #include <openssl/bio.h> - - BIO_METHOD * BIO_f_buffer(void); - - #define BIO_get_buffer_num_lines(b) BIO_ctrl(b,BIO_C_GET_BUFF_NUM_LINES,0,NULL) - #define BIO_set_read_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,0) - #define BIO_set_write_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,1) - #define BIO_set_buffer_size(b,size) BIO_ctrl(b,BIO_C_SET_BUFF_SIZE,size,NULL) - #define BIO_set_buffer_read_data(b,buf,num) BIO_ctrl(b,BIO_C_SET_BUFF_READ_DATA,num,buf) - -=head1 DESCRIPTION - -BIO_f_buffer() returns the buffering BIO method. - -Data written to a buffering BIO is buffered and periodically written -to the next BIO in the chain. Data read from a buffering BIO comes from -an internal buffer which is filled from the next BIO in the chain. -Both BIO_gets() and BIO_puts() are supported. - -Calling BIO_reset() on a buffering BIO clears any buffered data. - -BIO_get_buffer_num_lines() returns the number of lines currently buffered. - -BIO_set_read_buffer_size(), BIO_set_write_buffer_size() and BIO_set_buffer_size() -set the read, write or both read and write buffer sizes to B<size>. The initial -buffer size is DEFAULT_BUFFER_SIZE, currently 1024. Any attempt to reduce the -buffer size below DEFAULT_BUFFER_SIZE is ignored. Any buffered data is cleared -when the buffer is resized. - -BIO_set_buffer_read_data() clears the read buffer and fills it with B<num> -bytes of B<buf>. If B<num> is larger than the current buffer size the buffer -is expanded. - -=head1 NOTES - -Buffering BIOs implement BIO_gets() by using BIO_read() operations on the -next BIO in the chain. By prepending a buffering BIO to a chain it is therefore -possible to provide BIO_gets() functionality if the following BIOs do not -support it (for example SSL BIOs). - -Data is only written to the next BIO in the chain when the write buffer fills -or when BIO_flush() is called. It is therefore important to call BIO_flush() -whenever any pending data should be written such as when removing a buffering -BIO using BIO_pop(). BIO_flush() may need to be retried if the ultimate -source/sink BIO is non blocking. - -=head1 RETURN VALUES - -BIO_f_buffer() returns the buffering BIO method. - -BIO_get_buffer_num_lines() returns the number of lines buffered (may be 0). - -BIO_set_read_buffer_size(), BIO_set_write_buffer_size() and BIO_set_buffer_size() -return 1 if the buffer was successfully resized or 0 for failure. - -BIO_set_buffer_read_data() returns 1 if the data was set correctly or 0 if -there was an error. - -=head1 SEE ALSO - -TBA diff --git a/doc/crypto/BIO_s_file.pod b/doc/crypto/BIO_s_file.pod index b2a29263f4..d449702bff 100644 --- a/doc/crypto/BIO_s_file.pod +++ b/doc/crypto/BIO_s_file.pod @@ -38,7 +38,7 @@ BIO_reset() attempts to change the file pointer to the start of file using fseek(stream, 0, 0). BIO_seek() sets the file pointer to position B<ofs> from start of file -using fseek(stream, ofs, 0). +using lseek(stream, ofs, 0). BIO_eof() calls feof(). @@ -105,7 +105,7 @@ Alternative technique: BIO *out; out = BIO_new(BIO_s_file()); if(out == NULL) /* Error ... */ - if(!BIO_write_filename(out, "filename.txt")) /* Error ... */ + if(!BIO_read_filename(out, "filename.txt")) /* Error ... */ BIO_printf(out, "Hello World\n"); BIO_free(out); @@ -127,13 +127,6 @@ BIO_tell() returns the current file position. BIO_read_filename(), BIO_write_filename(), BIO_append_filename() and BIO_rw_filename() return 1 for success or 0 for failure. -=head1 BUGS - -BIO_reset() and BIO_seek() are implemented using fseek() on the underlying -stream. The return value for fseek() is 0 for success or -1 if an error -occurred this differs from other types of BIO which will typically return -1 for success and a non positive value if an error occurred. - =head1 SEE ALSO L<BIO_seek(3)|BIO_seek(3)>, L<BIO_tell(3)|BIO_tell(3)>, diff --git a/doc/crypto/BN_bn2bin.pod b/doc/crypto/BN_bn2bin.pod index c12af9c9f9..05f9e628cc 100644 --- a/doc/crypto/BN_bn2bin.pod +++ b/doc/crypto/BN_bn2bin.pod @@ -36,7 +36,7 @@ NULL, a new B<BIGNUM> is created. BN_bn2hex() and BN_bn2dec() return printable strings containing the hexadecimal and decimal encoding of B<a> respectively. For negative numbers, the string is prefaced with a leading '-'. The string must be -freed later using OPENSSL_free(). +Free()d later. BN_hex2bn() converts the string B<str> containing a hexadecimal number to a B<BIGNUM> and stores it in **B<bn>. If *B<bn> is NULL, a new diff --git a/doc/crypto/ERR_get_error.pod b/doc/crypto/ERR_get_error.pod index 3551bacb8d..04074ffa90 100644 --- a/doc/crypto/ERR_get_error.pod +++ b/doc/crypto/ERR_get_error.pod @@ -41,7 +41,7 @@ the error occurred in *B<file> and *B<line>, unless these are B<NULL>. ERR_get_error_line_data() and ERR_peek_error_line_data() store additional data and flags associated with the error code in *B<data> and *B<flags>, unless these are B<NULL>. *B<data> contains a string -if *B<flags>&B<ERR_TXT_STRING>. If it has been allocated by OPENSSL_malloc(), +if *B<flags>&B<ERR_TXT_STRING>. If it has been allocated by Malloc(), *B<flags>&B<ERR_TXT_MALLOCED> is true. =head1 RETURN VALUES diff --git a/doc/crypto/EVP_DigestInit.pod b/doc/crypto/EVP_DigestInit.pod index b8a231c642..f87377945b 100644 --- a/doc/crypto/EVP_DigestInit.pod +++ b/doc/crypto/EVP_DigestInit.pod @@ -50,12 +50,12 @@ EVP digest routines The EVP digest routines are a high level interface to message digests. -EVP_DigestInit() initializes a digest context B<ctx> to use a digest +EVP_DigestInit() initialises a digest context B<ctx> to use a digest B<type>: this will typically be supplied by a function such as EVP_sha1(). EVP_DigestUpdate() hashes B<cnt> bytes of data at B<d> into the -digest context B<ctx>. This function can be called several times on the +digest context B<ctx>. This funtion can be called several times on the same B<ctx> to hash additional data. EVP_DigestFinal() retrieves the digest value from B<ctx> and places @@ -63,7 +63,7 @@ it in B<md>. If the B<s> parameter is not NULL then the number of bytes of data written (i.e. the length of the digest) will be written to the integer at B<s>, at most B<EVP_MAX_MD_SIZE> bytes will be written. After calling EVP_DigestFinal() no additional calls to EVP_DigestUpdate() -can be made, but EVP_DigestInit() can be called to initialize a new +can be made, but EVP_DigestInit() can be called to initialiase a new digest operation. EVP_MD_CTX_copy() can be used to copy the message digest state from @@ -102,7 +102,7 @@ returns is of zero length. EVP_get_digestbyname(), EVP_get_digestbynid() and EVP_get_digestbyobj() return an B<EVP_MD> structure when passed a digest name, a digest NID or -an ASN1_OBJECT structure respectively. The digest table must be initialized +an ASN1_OBJECT structure respectively. The digest table must be initialised using, for example, OpenSSL_add_all_digests() for these functions to work. =head1 RETURN VALUES diff --git a/doc/crypto/EVP_EncryptInit.pod b/doc/crypto/EVP_EncryptInit.pod index 9afe2396e2..447e7f1a92 100644 --- a/doc/crypto/EVP_EncryptInit.pod +++ b/doc/crypto/EVP_EncryptInit.pod @@ -74,7 +74,7 @@ EVP_CIPHER_asn1_to_param - EVP cipher routines The EVP cipher routines are a high level interface to certain symmetric ciphers. -EVP_EncryptInit() initializes a cipher context B<ctx> for encryption +EVP_EncryptInit() initialises a cipher context B<ctx> for encryption with cipher B<type>. B<type> is normally supplied by a function such as EVP_des_cbc() . B<key> is the symmetric key to use and B<iv> is the IV to use (if necessary), the actual number of bytes used for the @@ -255,7 +255,7 @@ and the EVP_CIPHER_CTX_set_key_length() function. =item EVP_idea_cbc() EVP_idea_ecb(void), EVP_idea_cfb(void), EVP_idea_ofb(void), EVP_idea_cbc(void) -IDEA encryption algorithm in CBC, ECB, CFB and OFB modes respectively. +IDES encryption algorothm in CBC, ECB, CFB and OFB modes respectively. =item EVP_rc2_cbc(void), EVP_rc2_ecb(void), EVP_rc2_cfb(void), EVP_rc2_ofb(void) @@ -325,7 +325,7 @@ default key lengths. If custom ciphers exceed these values the results are unpredictable. This is because it has become standard practice to define a generic key as a fixed unsigned char array containing EVP_MAX_KEY_LENGTH bytes. -The ASN1 code is incomplete (and sometimes inaccurate) it has only been tested +The ASN1 code is incomplete (and sometimes innacurate) it has only been tested for certain common S/MIME ciphers (RC2, DES, triple DES) in CBC mode. =head1 EXAMPLES diff --git a/doc/crypto/EVP_OpenInit.pod b/doc/crypto/EVP_OpenInit.pod index 2e710da945..c0e5163e8c 100644 --- a/doc/crypto/EVP_OpenInit.pod +++ b/doc/crypto/EVP_OpenInit.pod @@ -21,7 +21,7 @@ The EVP envelope routines are a high level interface to envelope decryption. They decrypt a public key encrypted symmetric key and then decrypt data using it. -EVP_OpenInit() initializes a cipher context B<ctx> for decryption +EVP_OpenInit() initialises a cipher context B<ctx> for decryption with cipher B<type>. It decrypts the encrypted symmetric key of length B<ekl> bytes passed in the B<ek> parameter using the private key B<priv>. The IV is supplied in the B<iv> parameter. @@ -35,7 +35,7 @@ page. It is possible to call EVP_OpenInit() twice in the same way as EVP_DecryptInit(). The first call should have B<priv> set to NULL -and (after setting any cipher parameters) it should be called again +and (after setting any cipher paramaters) it should be called again with B<type> set to NULL. If the cipher passed in the B<type> parameter is a variable length @@ -54,7 +54,7 @@ EVP_OpenFinal() returns 0 if the decrypt failed or 1 for success. =head1 SEE ALSO -L<evp(3)|evp(3)>, L<rand(3)|rand(3)>, +L<evp(3)|evp(3)>,L<rand(3)|rand(3)> L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>, L<EVP_SealInit(3)|EVP_SealInit(3)> diff --git a/doc/crypto/EVP_SealInit.pod b/doc/crypto/EVP_SealInit.pod index 0451eb648a..9579e91d2e 100644 --- a/doc/crypto/EVP_SealInit.pod +++ b/doc/crypto/EVP_SealInit.pod @@ -22,7 +22,7 @@ encryption. They generate a random key and then "envelope" it by using public key encryption. Data can then be encrypted using this key. -EVP_SealInit() initializes a cipher context B<ctx> for encryption +EVP_SealInit() initialises a cipher context B<ctx> for encryption with cipher B<type> using a random secret key and IV supplied in the B<iv> parameter. B<type> is normally supplied by a function such as EVP_des_cbc(). The secret key is encrypted using one or more public @@ -62,12 +62,12 @@ using public key encryption. It is possible to call EVP_SealInit() twice in the same way as EVP_EncryptInit(). The first call should have B<npubk> set to 0 -and (after setting any cipher parameters) it should be called again +and (after setting any cipher paramaters) it should be called again with B<type> set to NULL. =head1 SEE ALSO -L<evp(3)|evp(3)>, L<rand(3)|rand(3)>, +L<evp(3)|evp(3)>,L<rand(3)|rand(3)> L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>, L<EVP_OpenInit(3)|EVP_OpenInit(3)> diff --git a/doc/crypto/EVP_SignInit.pod b/doc/crypto/EVP_SignInit.pod index 7f9265d0a6..bbc9203c9c 100644 --- a/doc/crypto/EVP_SignInit.pod +++ b/doc/crypto/EVP_SignInit.pod @@ -19,12 +19,12 @@ EVP_SignInit, EVP_SignUpdate, EVP_SignFinal - EVP signing functions The EVP signature routines are a high level interface to digital signatures. -EVP_SignInit() initializes a signing context B<ctx> to using digest +EVP_SignInit() initialises a signing context B<ctx> to using digest B<type>: this will typically be supplied by a function such as EVP_sha1(). EVP_SignUpdate() hashes B<cnt> bytes of data at B<d> into the -signature context B<ctx>. This function can be called several times on the +signature context B<ctx>. This funtion can be called several times on the same B<ctx> to include additional data. EVP_SignFinal() signs the data in B<ctx> using the private key B<pkey> @@ -32,7 +32,7 @@ and places the signature in B<sig>. If the B<s> parameter is not NULL then the number of bytes of data written (i.e. the length of the signature) will be written to the integer at B<s>, at most EVP_PKEY_size(pkey) bytes will be written. After calling EVP_SignFinal() no additional calls to -EVP_SignUpdate() can be made, but EVP_SignInit() can be called to initialize +EVP_SignUpdate() can be made, but EVP_SignInit() can be called to initialiase a new signature operation. EVP_PKEY_size() returns the maximum size of a signature in bytes. The actual diff --git a/doc/crypto/EVP_VerifyInit.pod b/doc/crypto/EVP_VerifyInit.pod index 736a0f4a82..3b5e07f4ad 100644 --- a/doc/crypto/EVP_VerifyInit.pod +++ b/doc/crypto/EVP_VerifyInit.pod @@ -17,17 +17,17 @@ EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal - EVP signature verification f The EVP signature verification routines are a high level interface to digital signatures. -EVP_VerifyInit() initializes a verification context B<ctx> to using digest +EVP_VerifyInit() initialises a verification context B<ctx> to using digest B<type>: this will typically be supplied by a function such as EVP_sha1(). EVP_VerifyUpdate() hashes B<cnt> bytes of data at B<d> into the -verification context B<ctx>. This function can be called several times on the +verification context B<ctx>. This funtion can be called several times on the same B<ctx> to include additional data. EVP_VerifyFinal() verifies the data in B<ctx> using the public key B<pkey> and against the B<siglen> bytes at B<sigbuf>. After calling EVP_VerifyFinal() no additional calls to EVP_VerifyUpdate() can be made, but EVP_VerifyInit() -can be called to initialize a new verification operation. +can be called to initialiase a new verification operation. =head1 RETURN VALUES @@ -57,7 +57,6 @@ might. =head1 SEE ALSO -L<evp(3)|evp(3)>, L<EVP_SignInit(3)|EVP_SignInit(3)>, L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>, L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>, diff --git a/doc/crypto/OPENSSL_VERSION_NUMBER.pod b/doc/crypto/OPENSSL_VERSION_NUMBER.pod index 68ea723259..e333b30723 100644 --- a/doc/crypto/OPENSSL_VERSION_NUMBER.pod +++ b/doc/crypto/OPENSSL_VERSION_NUMBER.pod @@ -39,7 +39,7 @@ for example 0x000904100 == 0.9.4 release 0x000905000 == 0.9.5 dev -Version 0.9.5a had an interim interpretation that is like the current one, +Version 0.9.5a had an interrim interpretation that is like the current one, except the patch level got the highest bit set, to keep continuity. The number was therefore 0x0090581f. diff --git a/doc/crypto/OpenSSL_add_all_algorithms.pod b/doc/crypto/OpenSSL_add_all_algorithms.pod index 486c903430..3f89068001 100644 --- a/doc/crypto/OpenSSL_add_all_algorithms.pod +++ b/doc/crypto/OpenSSL_add_all_algorithms.pod @@ -44,7 +44,7 @@ by EVP_sha1(). It just needs to add them if it (or any of the functions it calls needs to lookup algorithms. The cipher and digest lookup functions are used in many parts of the library. If -the table is not initialized several functions will misbehave and complain they +the table is not initialised several functions will misbehave and complain they cannot find algorithms. This includes the PEM, PKCS#12, SSL and S/MIME libraries. This is a common query in the OpenSSL mailing lists. diff --git a/doc/crypto/blowfish.pod b/doc/crypto/blowfish.pod index 65b8be388c..4320af0809 100644 --- a/doc/crypto/blowfish.pod +++ b/doc/crypto/blowfish.pod @@ -11,6 +11,9 @@ BF_cfb64_encrypt, BF_ofb64_encrypt, BF_options - Blowfish encryption void BF_set_key(BF_KEY *key, int len, const unsigned char *data); + void BF_encrypt(BF_LONG *data,const BF_KEY *key); + void BF_decrypt(BF_LONG *data,const BF_KEY *key); + void BF_ecb_encrypt(const unsigned char *in, unsigned char *out, BF_KEY *key, int enc); void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, @@ -22,9 +25,6 @@ BF_cfb64_encrypt, BF_ofb64_encrypt, BF_options - Blowfish encryption long length, BF_KEY *schedule, unsigned char *ivec, int *num); const char *BF_options(void); - void BF_encrypt(BF_LONG *data,const BF_KEY *key); - void BF_decrypt(BF_LONG *data,const BF_KEY *key); - =head1 DESCRIPTION This library implements the Blowfish cipher, which is invented and described @@ -43,6 +43,11 @@ phase. BF_set_key() sets up the B<BF_KEY> B<key> using the B<len> bytes long key at B<data>. +BF_encrypt() and BF_decrypt() are the lowest level functions for Blowfish +encryption. They encrypt/decrypt the first 64 bits of the vector pointed by +B<data>, using the key B<key>. These functions should not be used unless you +implement 'modes' of Blowfish. + BF_ecb_encrypt() is the basic Blowfish encryption and decryption function. It encrypts or decrypts the first 64 bits of B<in> using the key B<key>, putting the result in B<out>. B<enc> decides if encryption (B<BF_ENCRYPT>) @@ -51,45 +56,37 @@ B<in> and B<out> must be 64 bits in length, no less. If they are larger, everything after the first 64 bits is ignored. The mode functions BF_cbc_encrypt(), BF_cfb64_encrypt() and BF_ofb64_encrypt() -all operate on variable length data. They all take an initialization vector +all operate on variable length data. They all take an initialisation vector B<ivec> which needs to be passed along into the next call of the same function -for the same message. B<ivec> may be initialized with anything, but the -recipient needs to know what it was initialized with, or it won't be able +for the same message. B<ivec> may be initialised with anything, but the +recipient needs to know what it was initialised with, or it won't be able to decrypt. Some programs and protocols simplify this, like SSH, where -B<ivec> is simply initialized to zero. +B<ivec> is simply initialised to zero. BF_cbc_encrypt() operates of data that is a multiple of 8 bytes long, while BF_cfb64_encrypt() and BF_ofb64_encrypt() are used to encrypt an variable number of bytes (the amount does not have to be an exact multiple of 8). The purpose of the latter two is to simulate stream ciphers, and therefore, they need the parameter B<num>, which is a pointer to an integer where the current -offset in B<ivec> is stored between calls. This integer must be initialized -to zero when B<ivec> is initialized. +offset in B<ivec> is stored between calls. This integer must be initialised +to zero when B<ivec> is initialised. BF_cbc_encrypt() is the Cipher Block Chaining function for Blowfish. It encrypts or decrypts the 64 bits chunks of B<in> using the key B<schedule>, putting the result in B<out>. B<enc> decides if encryption (BF_ENCRYPT) or decryption (BF_DECRYPT) shall be performed. B<ivec> must point at an 8 byte -long initialization vector. +long initialisation vector. BF_cfb64_encrypt() is the CFB mode for Blowfish with 64 bit feedback. It encrypts or decrypts the bytes in B<in> using the key B<schedule>, putting the result in B<out>. B<enc> decides if encryption (B<BF_ENCRYPT>) or decryption (B<BF_DECRYPT>) shall be performed. B<ivec> must point at an -8 byte long initialization vector. B<num> must point at an integer which must +8 byte long initialisation vector. B<num> must point at an integer which must be initially zero. BF_ofb64_encrypt() is the OFB mode for Blowfish with 64 bit feedback. -It uses the same parameters as BF_cfb64_encrypt(), which must be initialized +It uses the same parameters as BF_cfb64_encrypt(), which must be initialised the same way. -BF_encrypt() and BF_decrypt() are the lowest level functions for Blowfish -encryption. They encrypt/decrypt the first 64 bits of the vector pointed by -B<data>, using the key B<key>. These functions should not be used unless you -implement 'modes' of Blowfish. The alternative is to use BF_ecb_encrypt(). -If you still want to use these functions, you should be aware that they take -each 32-bit chunk in host-byte order, which is little-endian on little-endian -platforms and big-endian on big-endian ones. - =head1 RETURN VALUES None of the functions presented here return any value. diff --git a/doc/crypto/bn_internal.pod b/doc/crypto/bn_internal.pod index 8da244aed4..5af0c791c8 100644 --- a/doc/crypto/bn_internal.pod +++ b/doc/crypto/bn_internal.pod @@ -149,7 +149,7 @@ word array B<a>, the B<nb> word array B<b> and the B<na>+B<nb> word array B<r>. It computes B<a>*B<b> and places the result in B<r>. bn_mul_low_normal(B<r>, B<a>, B<b>, B<n>) operates on the B<n> word -arrays B<r>, B<a> and B<b>. It computes the B<n> low words of +arrays B<r>, B<a> und B<b>. It computes the B<n> low words of B<a>*B<b> and places the result in B<r>. bn_mul_recursive(B<r>, B<a>, B<b>, B<n2>, B<t>) operates on the B<n2> diff --git a/doc/crypto/buffer.pod b/doc/crypto/buffer.pod index 781f5b11ee..7088f51bc4 100644 --- a/doc/crypto/buffer.pod +++ b/doc/crypto/buffer.pod @@ -46,11 +46,11 @@ size. BUF_strdup() copies a null terminated string into a block of allocated memory and returns a pointer to the allocated block. -Unlike the standard C library strdup() this function uses OPENSSL_malloc() and so +Unlike the standard C library strdup() this function uses Malloc() and so should be used in preference to the standard library strdup() because it can be used for memory leak checking or replacing the malloc() function. -The memory allocated from BUF_strdup() should be freed up using the OPENSSL_free() +The memory allocated from BUF_strdup() should be freed up using the Free() function. =head1 RETURN VALUES @@ -68,6 +68,6 @@ L<bio(3)|bio(3)> =head1 HISTORY BUF_MEM_new(), BUF_MEM_free() and BUF_MEM_grow() are available in all -versions of SSLeay and OpenSSL. BUF_strdup() was added in SSLeay 0.8. +versions of SSLeay and OpenSSL. BUF_strdup() was addded in SSLeay 0.8. =cut diff --git a/doc/crypto/des.pod b/doc/crypto/des.pod index ab3e26e9ec..c553210ef2 100644 --- a/doc/crypto/des.pod +++ b/doc/crypto/des.pod @@ -130,7 +130,7 @@ earlier versions of the library, des_random_key() did not generate secure keys. Before a DES key can be used, it must be converted into the -architecture dependent I<des_key_schedule> via the +architecture dependant I<des_key_schedule> via the des_set_key_checked() or des_set_key_unchecked() function. des_set_key_checked() will check that the key passed is of odd parity @@ -200,7 +200,7 @@ reusing I<ks1> for the final encryption. C<C=E(ks1,D(ks2,E(ks1,M)))>. This form of Triple-DES is used by the RSAREF library. des_pcbc_encrypt() encrypt/decrypts using the propagating cipher block -chaining mode used by Kerberos v4. Its parameters are the same as +chaing mode used by Kerberos v4. Its parameters are the same as des_ncbc_encrypt(). des_cfb_encrypt() encrypt/decrypts using cipher feedback mode. This @@ -241,7 +241,7 @@ compatibility with the MIT Kerberos library. des_read_pw_string() is also available under the name EVP_read_pw_string(). des_read_pw_string() writes the string specified by I<prompt> to -standard output, turns echo off and reads in input string from the +standarf output, turns echo off and reads in input string from the terminal. The string is returned in I<buf>, which must have space for at least I<length> bytes. If I<verify> is set, the user is asked for the password twice and unless the two copies match, an error is @@ -268,9 +268,9 @@ input, depending on I<out_count>, 1, 2, 3 or 4 times. If I<output> is non-NULL, the 8 bytes generated by each pass are written into I<output>. -The following are DES-based transformations: +The following are DES-based tranformations: -des_fcrypt() is a fast version of the Unix crypt(3) function. This +des_fcrypt() is a fast version of the unix crypt(3) function. This version takes only a small amount of space relative to other fast crypt() implementations. This is different to the normal crypt in that the third parameter is the buffer that the return value is diff --git a/doc/crypto/des_modes.pod b/doc/crypto/des_modes.pod index 36b77c454d..1aa3ac763b 100644 --- a/doc/crypto/des_modes.pod +++ b/doc/crypto/des_modes.pod @@ -6,7 +6,7 @@ Modes of DES - the variants of DES and other crypto algorithms of OpenSSL =head1 DESCRIPTION -Several crypto algorithms for OpenSSL can be used in a number of modes. Those +Several crypto algorithms fo OpenSSL can be used in a number of modes. Those are used for using block ciphers in a way similar to stream ciphers, among other things. @@ -165,13 +165,13 @@ only one bit to be in error in the deciphered plaintext. =item * -OFB mode is not self-synchronizing. If the two operation of +OFB mode is not self-synchronising. If the two operation of encipherment and decipherment get out of synchronism, the system needs -to be re-initialized. +to be re-initialised. =item * -Each re-initialization should use a value of the start variable +Each re-initialisation should use a value of the start variable different from the start variable values used before with the same key. The reason for this is that an identical bit stream would be produced each time from the same parameters. This would be diff --git a/doc/crypto/err.pod b/doc/crypto/err.pod index 264e30103d..b824c92b57 100644 --- a/doc/crypto/err.pod +++ b/doc/crypto/err.pod @@ -143,7 +143,7 @@ The closing #endif etc will be automatically added by the script. The generated C error code file B<xxx_err.c> will load the header files B<stdio.h>, B<openssl/err.h> and B<openssl/xxx.h> so the -header file must load any additional header files containing any +header file must load any additional header files containg any definitions it uses. =head1 USING ERROR CODES IN EXTERNAL LIBRARIES diff --git a/doc/crypto/evp.pod b/doc/crypto/evp.pod deleted file mode 100644 index f089dd49a2..0000000000 --- a/doc/crypto/evp.pod +++ /dev/null @@ -1,37 +0,0 @@ -=pod - -=head1 NAME - -evp - high-level cryptographic functions - -=head1 SYNOPSIS - - #include <openssl/evp.h> - -=head1 DESCRIPTION - -The EVP library provided a high-level interface to cryptographic -functions. - -B<EVP_Seal>I<...> and B<EVP_Open>I<...> provide public key encryption -and decryption to implement digital "envelopes". - -The B<EVP_Sign>I<...> and B<EVP_Verify>I<...> functions implement -digital signatures. - -Symmetric encryption is available with the B<EVP_Encrypt>I<...> -functions. The B<EVP_Digest>I<...> functions provide message digests. - -Algorithms are loaded with OpenSSL_add_all_algorithms(3). - -=head1 SEE ALSO - -L<EVP_DigestInit(3)|EVP_DigestInit(3)>, -L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>, -L<EVP_OpenInit(3)|EVP_OpenInit(3)>, -L<EVP_SealInit(3)|EVP_SealInit(3)>, -L<EVP_SignInit(3)|EVP_SignInit(3)>, -L<EVP_VerifyInit(3)|EVP_VerifyInit(3)>, -L<OpenSSL_add_all_algorithms(3)|OpenSSL_add_all_algorithms(3)> - -=cut diff --git a/doc/crypto/lhash.pod b/doc/crypto/lhash.pod index 4e87aee824..af2c9a7102 100644 --- a/doc/crypto/lhash.pod +++ b/doc/crypto/lhash.pod @@ -102,7 +102,7 @@ The following description is based on the SSLeay documentation: The B<lhash> library implements a hash table described in the I<Communications of the ACM> in 1991. What makes this hash table different is that as the table fills, the hash table is increased (or -decreased) in size via OPENSSL_realloc(). When a 'resize' is done, instead of +decreased) in size via Realloc(). When a 'resize' is done, instead of all hashes being redistributed over twice as many 'buckets', one bucket is split. So when an 'expand' is done, there is only a minimal cost to redistribute some values. Subsequent inserts will cause more diff --git a/doc/crypto/rsa.pod b/doc/crypto/rsa.pod index 1633840d4c..eb8ba612c4 100644 --- a/doc/crypto/rsa.pod +++ b/doc/crypto/rsa.pod @@ -96,7 +96,7 @@ SSL, PKCS #1 v2.0 =head1 PATENTS -RSA was covered by a US patent which expired in September 2000. +RSA is covered by a US patent which expires in September 2000. =head1 SEE ALSO diff --git a/doc/crypto/threads.pod b/doc/crypto/threads.pod index bc7ff9b705..7fa18aa443 100644 --- a/doc/crypto/threads.pod +++ b/doc/crypto/threads.pod @@ -53,7 +53,7 @@ OpenSSL can safely be used in multi-threaded applications provided that at least two callback functions are set. locking_function(int mode, int n, const char *file, int line) is -needed to perform locking on shared data structures. Multi-threaded +needed to perform locking on shared data stuctures. Multi-threaded applications will crash at random if it is not set. locking_function() must be able to handle up to CRYPTO_num_locks() @@ -89,7 +89,7 @@ dyn_create_function(const char *file, int line) is needed to create a lock. Multi-threaded applications might crash at random if it is not set. dyn_lock_function(int mode, CRYPTO_dynlock *l, const char *file, int line) -is needed to perform locking off dynamic lock numbered n. Multi-threaded +is needed to perform locking off dynamic lock nunmbered n. Multi-threaded applications might crash at random if it is not set. dyn_destroy_function(CRYPTO_dynlock *l, const char *file, int line) is diff --git a/doc/openssl.txt b/doc/openssl.txt index 5da519e7e4..e8c0cd7ea6 100644 --- a/doc/openssl.txt +++ b/doc/openssl.txt @@ -507,47 +507,6 @@ details about the structures returned. The returned structure should be freed after use using the relevant free function, BASIC_CONSTRAINTS_free() for example. -void * X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx); -void * X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx); -void * X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx); -void * X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx); - -These functions combine the operations of searching for extensions and -parsing them. They search a certificate, a CRL a CRL entry or a stack -of extensions respectively for extension whose NID is 'nid' and return -the parsed result of NULL if an error occurred. For example: - -BASIC_CONSTRAINTS *bs; -bs = X509_get_ext_d2i(cert, NID_basic_constraints, NULL, NULL); - -This will search for the basicConstraints extension and either return -it value or NULL. NULL can mean either the extension was not found, it -occurred more than once or it could not be parsed. - -If 'idx' is NULL then an extension is only parsed if it occurs precisely -once. This is standard behaviour because extensions normally cannot occur -more than once. If however more than one extension of the same type can -occur it can be used to parse successive extensions for example: - -int i; -void *ext; - -i = -1; -for(;;) { - ext = X509_get_ext_d2i(x, nid, crit, &idx); - if(ext == NULL) break; - /* Do something with ext */ -} - -If 'crit' is not NULL and the extension was found then the int it points to -is set to 1 for critical extensions and 0 for non critical. Therefore if the -function returns NULL but 'crit' is set to 0 or 1 then the extension was -found but it could not be parsed. - -The int pointed to by crit will be set to -1 if the extension was not found -and -2 if the extension occurred more than once (this will only happen if -idx is NULL). In both cases the function will return NULL. - 3. Generating extensions. An extension will typically be generated from a configuration file, or some diff --git a/doc/ssl/SSL_CIPHER_get_name.pod b/doc/ssl/SSL_CIPHER_get_name.pod deleted file mode 100644 index 7fea14ee68..0000000000 --- a/doc/ssl/SSL_CIPHER_get_name.pod +++ /dev/null @@ -1,57 +0,0 @@ -=pod - -=head1 NAME - -SSL_CIPHER_get_name, SSL_CIPHER_get_bits, SSL_CIPHER_get_version, -SSL_CIPHER_description - get SSL_CIPHER properties - -=head1 SYNOPSIS - - #include <openssl/ssl.h> - - const char *SSL_CIPHER_get_name(SSL_CIPHER *cipher); - int SSL_CIPHER_get_bits(SSL_CIPHER *cipher, int *alg_bits); - char *SSL_CIPHER_get_version(SSL_CIPHER *cipher); - char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int size); - -=head1 DESCRIPTION - -SSL_CIPHER_get_name() returns a pointer to the name of B<cipher>. If the -argument is the NULL pointer, a pointer to the constant value "NONE" is -returned. - -SSL_CIPHER_get_bits() returns the number of secret bits used for B<cipher>. If -B<alg_bits> is not NULL, it contains the number of bits processed by the -chosen algorithm. If B<cipher> is NULL, 0 is returned. - -SSL_CIPHER_get_version() returns the protocol version for B<cipher>, currently -"SSLv2", "SSLv3", or "TLSv1". If B<cipher> is NULL, "(NONE)" is returned. - -SSL_CIPHER_description() returns a textual description of the cipher used -into the buffer B<buf> of length B<len> provided. B<len> must be at least -128 bytes, otherwise the string "Buffer too small" is returned. If B<buf> -is NULL, a buffer of 128 bytes is allocated using OPENSSL_malloc(). If the -allocation fails, the string "OPENSSL_malloc Error" is returned. - -=head1 NOTES - -The number of bits processed can be different from the secret bits. An -export cipher like e.g. EXP-RC4-MD5 has only 40 secret bits. The algorithm -does use the full 128 bits (which would be returned for B<alg_bits>), of -which however 88bits are fixed. The search space is hence only 40 bits. - -=head1 BUGS - -If SSL_CIPHER_description() is called with B<cipher> being NULL, the -library crashes. - -=head1 RETURN VALUES - -See DESCRIPTION - -=head1 SEE ALSO - -L<ssl(3)|ssl(3)>, L<SSL_get_current_cipher(3)|SSL_get_current_cipher(3)>, -L<SSL_get_ciphers(3)|SSL_get_ciphers(3)> - -=cut diff --git a/doc/ssl/SSL_CTX_free.pod b/doc/ssl/SSL_CTX_free.pod deleted file mode 100644 index de69672422..0000000000 --- a/doc/ssl/SSL_CTX_free.pod +++ /dev/null @@ -1,29 +0,0 @@ -=pod - -=head1 NAME - -SSL_CTX_free - free an allocated SSL_CTX object - -=head1 SYNOPSIS - - #include <openssl/ssl.h> - - void SSL_CTX_free(SSL_CTX *ctx); - -=head1 DESCRIPTION - -SSL_CTX_free() decrements the reference count of B<ctx>, and removes the -SSL_CTX object pointed to by B<ctx> and frees up the allocated memory if the -the reference count has reached 0. - -It also calls the free()ing procedures for indirectly affected items, if -applicable: the session cacahe, the list of ciphers, the list of Client CAs, -the certificates and keys. - -=head1 RETURN VALUES - -SSL_CTX_free() does not provide diagnostic information. - -L<SSL_CTX_new(3)|SSL_CTX_new(3)>, L<ssl(3)|ssl(3)> - -=cut diff --git a/doc/ssl/SSL_CTX_load_verify_locations.pod b/doc/ssl/SSL_CTX_load_verify_locations.pod deleted file mode 100644 index d46f8aab5f..0000000000 --- a/doc/ssl/SSL_CTX_load_verify_locations.pod +++ /dev/null @@ -1,93 +0,0 @@ -=pod - -=head1 NAME - -SSL_CTX_load_verify_locations - set default locations for trusted CA -certificates - -=head1 SYNOPSIS - - #include <openssl/ssl.h> - - int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, - const char *CApath); - -=head1 DESCRIPTION - -SSL_CTX_load_verify_locations() specifies the locations for B<ctx>, at -which CA certificates for verification purposes are located. The certificates -available via B<CAfile> and B<CApath> are trusted. - -=head1 NOTES - -If B<CAfile> is not NULL, it points to a file of CA certificates in PEM -format. The file can contain several CA certificates identified by - - -----BEGIN CERTIFICATE----- - ... (CA certificate in base64 encoding) ... - -----END CERTIFICATE----- - -sequences. Before, between, and after the certificates text is allowed -which can be used e.g. for descriptions of the certificates. - -The B<CAfile> is processed on execution of the SSL_CTX_load_verify_locations() -function. - -If on an TLS/SSL server no special setting is perfomed using *client_CA_list() -functions, the certificates contained in B<CAfile> are listed to the client -as available CAs during the TLS/SSL handshake. - -If B<CApath> is not NULL, it points to a directory containing CA certificates -in PEM format. The files each contain one CA certificate. The files are -looked up by the CA subject name hash value, which must hence be available. -Use the B<c_rehash> utility to create the necessary links. - -The certificates in B<CAfile> are only looked up when required, e.g. when -building the certificate chain or when actually performing the verification -of a peer certificate. - -On a server, the certificates in B<CApath> are not listed as available -CA certificates to a client during a TLS/SSL handshake. - -=head1 EXAMPLES - -Generate a CA certificate file with descriptive text from the CA certificates -ca1.pem ca2.pem ca3.pem: - - #!/bin/sh - rm CAfile.pem - for i in ca1.pem ca2.pem ca3.pem ; do - openssl x509 -in $i -text >> CAfile.pem - done - -Prepare the directory /some/where/certs containing several CA certificates -for use as B<CApath>: - - cd /some/where/certs - c_rehash . - -=head1 RETURN VALUES - -The following return values can occur: - -=over 4 - -=item 0 - -The operation failed because B<CAfile> and B<CApath> are NULL or the -processing at one of the locations specified failed. Check the error -stack to find out the reason. - -=item 1 - -The operation succeeded. - -=back - -=head1 SEE ALSO - -L<ssl(3)|ssl(3)>, -L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)>, -L<SSL_get_client_CA_list(3)|SSL_get_client_CA_list(3)> - -=cut diff --git a/doc/ssl/SSL_CTX_new.pod b/doc/ssl/SSL_CTX_new.pod deleted file mode 100644 index e166c692c3..0000000000 --- a/doc/ssl/SSL_CTX_new.pod +++ /dev/null @@ -1,93 +0,0 @@ -=pod - -=head1 NAME - -SSL_CTX_new - create a new SSL_CTX object as framework for TLS/SSL enabled functions - -=head1 SYNOPSIS - - #include <openssl/ssl.h> - - SSL_CTX *SSL_CTX_new(SSL_METHOD *method); - -=head1 DESCRIPTION - -SSL_CTX_new() creates a new B<SSL_CTX> object as framework to establish -TLS/SSL enabled connections. - -=head1 NOTES - -The SSL_CTX object uses B<method> as connection method. The methods exist -in a generic type (for client and server use), a server only type, and a -client only type. B<method> can be of the following types: - -=over 4 - -=item SSLv2_method(void), SSLv2_server_method(void), SSLv2_client_method(void) - -A TLS/SSL connection established with these methods will only understand -the SSLv2 protocol. A client will send out SSLv2 client hello messages -and will also indicate that it only understand SSLv2. A server will only -understand SSLv2 client hello messages. - -=item SSLv3_method(void), SSLv3_server_method(void), SSLv3_client_method(void) - -A TLS/SSL connection established with these methods will only understand the -SSLv3 and TLSv1 protocol. A client will send out SSLv3 client hello messages -and will indicate that it also understands TLSv1. A server will only understand -SSLv3 and TLSv1 client hello messages. This especially means, that it will -not understand SSLv2 client hello messages which are widely used for -compatibility reasons, see SSLv23_*_method(). - -=item TLSv1_method(void), TLSv1_server_method(void), TLSv1_client_method(void) - -A TLS/SSL connection established with these methods will only understand the -TLSv1 protocol. A client will send out TLSv1 client hello messages -and will indicate that it only understands TLSv1. A server will only understand -TLSv1 client hello messages. This especially means, that it will -not understand SSLv2 client hello messages which are widely used for -compatibility reasons, see SSLv23_*_method(). - -=item SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void) - -A TLS/SSL connection established with these methods will understand the SSLv2, -SSLv3, and TLSv1 protocol. A client will send out SSLv2 client hello messages -and will indicate that it also understands SSLv3 and TLSv1. A server will -understand SSLv2, SSLv3, and TLSv1 client hello messages. This is the best -choice when compatibility is a concern. - -=back - -The list of protocols available can later be limited using the SSL_OP_NO_SSLv2, -SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1 options of the B<SSL_CTX_set_options()> or -B<SSL_set_options()> functions. Using these options it is possible to choose -e.g. SSLv23_server_method() and be able to negotiate with all possible -clients, but to only allow newer protocols like SSLv3 or TLSv1. - -SSL_CTX_new() initializes the list of ciphers, the session cache setting, -the callbacks, the keys and certificates, and the options to its default -values. - -=head1 RETURN VALUES - -The following return values can occur: - -=over 4 - -=item NULL - -The creation of a new SSL_CTX object failed. Check the error stack to -find out the reason. - -=item Pointer to an SSL_CTX object - -The return value points to an allocated SSL_CTX object. - -=back - -=head1 SEE ALSO - -L<SSL_CTX_free(3)|SSL_CTX_free(3)>, L<SSL_accept(3)|SSL_accept(3)>, -L<ssl(3)|ssl(3)> - -=cut diff --git a/doc/ssl/SSL_CTX_set_cipher_list.pod b/doc/ssl/SSL_CTX_set_cipher_list.pod deleted file mode 100644 index 272d6b3de2..0000000000 --- a/doc/ssl/SSL_CTX_set_cipher_list.pod +++ /dev/null @@ -1,52 +0,0 @@ -=pod - -=head1 NAME - -SSL_CTX_set_cipher_list, SSL_set_cipher_list -- choose list of available SSL_CIPHERs - -=head1 SYNOPSIS - - #include <openssl/ssl.h> - - int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str); - int SSL_set_cipher_list(SSL *ssl, const char *str); - -=head1 DESCRIPTION - -SSL_CTX_set_cipher_list() sets the list of available ciphers for B<ctx> -using the control string B<str>. The format of the string is described -in L<ciphers(1)|ciphers(1)>. The list of ciphers is inherited by all -B<ssl> objects created from B<ctx>. - -SSL_set_cipher_list() sets the list of ciphers only for B<ssl>. - -=head1 NOTES - -The control string B<str> should be universally usable and not depend -on details of the library configuration (ciphers compiled in). Thus no -syntax checking takes place. Items that are not recognized, because the -corresponding ciphers are not compiled in or because they are mistyped, -are simply ignored. Failure is only flagged if no ciphers could be collected -at all. - -It should be noted, that inclusion of a cipher to be used into the list is -a necessary condition. On the client side, the inclusion into the list is -also sufficient. On the server side, additional restrictions apply. All ciphers -have additional requirements. ADH ciphers don't need a certificate, but -DH-parameters must have been set. All other ciphers need a corresponding -certificate and key. A RSA cipher can only be chosen, when a RSA certificate is -available, the respective is valid for DSA ciphers. Ciphers using EDH need -a certificate and key and DH-parameters. - -=head1 RETURN VALUES - -SSL_CTX_set_cipher_list() and SSL_set_cipher_list() return 1 if any cipher -could be selected and 0 on complete failure. - -=head1 SEE ALSO - -L<ssl(3)|ssl(3)>, L<SSL_get_ciphers(3)|SSL_get_ciphers(3)>, -L<ciphers(1)|ciphers(1)> - -=cut diff --git a/doc/ssl/SSL_CTX_set_client_CA_list.pod b/doc/ssl/SSL_CTX_set_client_CA_list.pod deleted file mode 100644 index f27a291cb6..0000000000 --- a/doc/ssl/SSL_CTX_set_client_CA_list.pod +++ /dev/null @@ -1,90 +0,0 @@ -=pod - -=head1 NAME - -SSL_CTX_set_client_CA_list, SSL_set_client_CA_list, SSL_CTX_add_client_CA, -SSL_add_client_CA - set list of CAs sent to the client when requesting a -client certificate - -=head1 SYNOPSIS - - #include <openssl/ssl.h> - - void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list); - void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list); - int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *cacert); - int SSL_add_client_CA(SSL *ssl, X509 *cacert); - -=head1 DESCRIPTION - -SSL_CTX_set_client_CA_list() sets the B<list> of CAs sent to the client when -requesting a client certificate for B<ctx>. - -SSL_set_client_CA_list() sets the B<list> of CAs sent to the client when -requesting a client certificate for the chosen B<ssl>, overriding the -setting valid for B<ssl>'s SSL_CTX object. - -SSL_CTX_add_client_CA() adds the CA name extracted from B<cacert> to the -list of CAs sent to the client when requesting a client certificate for -B<ctx>. - -SSL_add_client_CA() adds the CA name extracted from B<cacert> to the -list of CAs sent to the client when requesting a client certificate for -the chosen B<ssl>, overriding the setting valid for B<ssl>'s SSL_CTX object. - -=head1 NOTES - -When a TLS/SSL server requests a client certificate (see -B<SSL_CTX_set_verify_options()>), it sends a list of CAs, for which -it will accept certificates, to the client. If no special list is provided, -the CAs available using the B<CAfile> option in -L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)> -are sent. - -This list can be explicitely set using the SSL_CTX_set_client_CA_list() for -B<ctx> and SSL_set_client_CA_list() for the specific B<ssl>. The list -specified overrides the previous setting. The CAs listed do not become -trusted (B<list> only contains the names, not the complete certificates); use -L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)> -to additionally load them for verification. - -SSL_CTX_add_client_CA() and SSL_add_client_CA() can be used to add additional -items the list of client CAs. If no list was specified before using -SSL_CTX_set_client_CA_list() or SSL_set_client_CA_list(), a new client -CA list for B<ctx> or B<ssl> (as appropriate) is opened. The CAs implicitly -specified using -L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)> -are no longer used automatically. - -These functions are only useful for TLS/SSL servers. - -=head1 RETURN VALUES - -SSL_CTX_set_client_CA_list() and SSL_set_client_CA_list() do not return -diagnostic information. - -SSL_CTX_add_client_CA() and SSL_add_client_CA() have the following return -values: - -=over 4 - -=item 1 - -The operation succeeded. - -=item 0 - -A failure while manipulating the STACK_OF(X509_NAME) object occured or -the X509_NAME could not be extracted from B<cacert>. Check the error stack -to find out the reason. - -=back - -=head1 SEE ALSO - -L<ssl(3)|ssl(3)>, -L<SSL_get_client_CA_list(3)|SSL_get_client_CA_list(3)>, -L<SSL_load_client_CA_file(3)|SSL_load_client_CA_file(3)> -L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)> - -=cut diff --git a/doc/ssl/SSL_CTX_set_ssl_version.pod b/doc/ssl/SSL_CTX_set_ssl_version.pod deleted file mode 100644 index 3091bd6895..0000000000 --- a/doc/ssl/SSL_CTX_set_ssl_version.pod +++ /dev/null @@ -1,60 +0,0 @@ -=pod - -=head1 NAME - -SSL_CTX_set_ssl_version, SSL_set_ssl_method, SSL_get_ssl_method -- choose a new TLS/SSL method - -=head1 SYNOPSIS - - #include <openssl/ssl.h> - - int SSL_CTX_set_ssl_version(SSL_CTX *ctx, SSL_METHOD *method); - int SSL_set_ssl_method(SSL *s, SSL_METHOD *method); - SSL_METHOD *SSL_get_ssl_method(SSL *ssl); - -=head1 DESCRIPTION - -SSL_CTX_set_ssl_version() sets a new default TLS/SSL B<method> for SSL objects -newly created from this B<ctx>. SSL objects already created with -L<SSL_new(3)|SSL_new(3)> are not affected, except when SSL_clear() is -being called. - -SSL_set_ssl_method() sets a new TLS/SSL B<method> for a particular B<ssl> -object. It may be reset, when SSL_clear() is called. - -SSL_get_ssl_method() returns a function pointer to the TLS/SSL method -set in B<ssl>. - -=head1 NOTES - -The available B<method> choices are described in -L<SSL_CTX_new(3)|SSL_CTX_new(3)>. - -When SSL_clear() is called and no session is connected to an SSL object, -the method of the SSL object is reset to the method currently set in -the corresponding SSL_CTX object. - -=head1 RETURN VALUES - -The following return values can occur for SSL_CTX_set_ssl_version() -and SSL_set_ssl_method(): - -=over 4 - -=item 0 - -The new choice failed, check the error stack to find out the reason. - -=item 1 - -The operation succeeded. - -=back - -=head1 SEE ALSO - -L<SSL_CTX_new(3)|SSL_CTX_new(3)>, L<SSL_new(3)|SSL_new(3)>, -L<SSL_clear(3)|SSL_clear(3)>, L<ssl(3)|ssl(3)> - -=cut diff --git a/doc/ssl/SSL_SESSION_free.pod b/doc/ssl/SSL_SESSION_free.pod index df30ccbb32..5e104d5f2f 100644 --- a/doc/ssl/SSL_SESSION_free.pod +++ b/doc/ssl/SSL_SESSION_free.pod @@ -8,7 +8,7 @@ SSL_SESSION_free - free an allocated SSL_SESSION structure #include <openssl/ssl.h> - void SSL_SESSION_free(SSL_SESSION *session); + void *SSL_SESSION_free(SSL_SESSION *session); =head1 DESCRIPTION diff --git a/doc/ssl/SSL_accept.pod b/doc/ssl/SSL_accept.pod index 0c79ac515e..fc6a57b5da 100644 --- a/doc/ssl/SSL_accept.pod +++ b/doc/ssl/SSL_accept.pod @@ -14,11 +14,8 @@ SSL_accept - wait for a TLS/SSL client to initiate a TLS/SSL handshake SSL_accept() waits for a TLS/SSL client to initiate the TLS/SSL handshake. The communication channel must already have been set and assigned to the -B<ssl> by setting an underlying B<BIO>. - -=head1 NOTES - -The behaviour of SSL_accept() depends on the underlying BIO. +B<ssl> by setting an underlying B<BIO>. The behaviour of SSL_accept() depends +on the underlying BIO. If the underlying BIO is B<blocking>, SSL_accept() will only return once the handshake has been finished or an error occurred, except for SGC (Server diff --git a/doc/ssl/SSL_clear.pod b/doc/ssl/SSL_clear.pod index 862fd8291d..1d80b45f0c 100644 --- a/doc/ssl/SSL_clear.pod +++ b/doc/ssl/SSL_clear.pod @@ -8,7 +8,7 @@ SSL_clear - reset SSL object to allow another connection #include <openssl/ssl.h> - int SSL_clear(SSL *ssl); + int *SSL_clear(SSL *ssl); =head1 DESCRIPTION diff --git a/doc/ssl/SSL_connect.pod b/doc/ssl/SSL_connect.pod index debe41744f..7123bf3257 100644 --- a/doc/ssl/SSL_connect.pod +++ b/doc/ssl/SSL_connect.pod @@ -14,11 +14,8 @@ SSL_connect - initiate the TLS/SSL handshake with an TLS/SSL server SSL_connect() initiates the TLS/SSL handshake with a server. The communication channel must already have been set and assigned to the B<ssl> by setting an -underlying B<BIO>. - -=head1 NOTES - -The behaviour of SSL_connect() depends on the underlying BIO. +underlying B<BIO>. The behaviour of SSL_connect() depends on the underlying +BIO. If the underlying BIO is B<blocking>, SSL_connect() will only return once the handshake has been finished or an error occurred. diff --git a/doc/ssl/SSL_free.pod b/doc/ssl/SSL_free.pod index f3f0c345f8..3bbde4273c 100644 --- a/doc/ssl/SSL_free.pod +++ b/doc/ssl/SSL_free.pod @@ -8,7 +8,7 @@ SSL_free - free an allocated SSL structure #include <openssl/ssl.h> - void SSL_free(SSL *ssl); + void *SSL_free(SSL *ssl); =head1 DESCRIPTION diff --git a/doc/ssl/SSL_get_ciphers.pod b/doc/ssl/SSL_get_ciphers.pod deleted file mode 100644 index 2a57455c23..0000000000 --- a/doc/ssl/SSL_get_ciphers.pod +++ /dev/null @@ -1,42 +0,0 @@ -=pod - -=head1 NAME - -SSL_get_ciphers, SSL_get_cipher_list - get list of available SSL_CIPHERs - -=head1 SYNOPSIS - - #include <openssl/ssl.h> - - STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *ssl); - const char *SSL_get_cipher_list(SSL *ssl, int priority); - -=head1 DESCRIPTION - -SSL_get_ciphers() returns the stack of available SSL_CIPHERs for B<ssl>, -sorted by preference. If B<ssl> is NULL or no ciphers are available, NULL -is returned. - -SSL_get_cipher_list() returns a pointer to the name of the SSL_CIPHER -listed for B<ssl> with B<priority>. If B<ssl> is NULL, no ciphers are -available, or there are less ciphers than B<priority> available, NULL -is returned. - -=head1 NOTES - -The details of the ciphers obtained by SSL_get_ciphers() can be obtained using -the L<SSL_CIPHER_get_name(3)|SSL_CIPHER_get_name(3)> family of functions. - -Call SSL_get_cipher_list() with B<priority> starting from 0 to obtain the -sorted list of available ciphers, until NULL is returned. - -=head1 RETURN VALUES - -See DESCRIPTION - -=head1 SEE ALSO - -L<ssl(3)|ssl(3)>, L<SSL_CTX_set_cipher_list(3)|SSL_CTX_set_cipher_list(3)>, -L<SSL_CIPHER_get_name(3)|SSL_CIPHER_get_name(3)> - -=cut diff --git a/doc/ssl/SSL_get_client_CA_list.pod b/doc/ssl/SSL_get_client_CA_list.pod deleted file mode 100644 index d358bc352e..0000000000 --- a/doc/ssl/SSL_get_client_CA_list.pod +++ /dev/null @@ -1,52 +0,0 @@ -=pod - -=head1 NAME - -SSL_get_client_CA_list, SSL_CTX_get_client_CA_list - get list of client CAs - -=head1 SYNOPSIS - - #include <openssl/ssl.h> - - STACK_OF(X509_NAME) *SSL_get_client_CA_list(SSL *s); - STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *ctx); - -=head1 DESCRIPTION - -SSL_CTX_get_client_CA_list() returns the list of client CAs explicitely set for -B<ctx> using L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)>. - -SSL_get_client_CA_list() returns the list of client CAs explicitely -set for B<ssl> using SSL_set_client_CA_list() or B<ssl>'s SSL_CTX object with -L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)>, when in -server mode. In client mode, SSL_get_client_CA_list returns the list of -client CAs sent from the server, if any. - -=head1 RETURN VALUES - -SSL_CTX_set_client_CA_list() and SSL_set_client_CA_list() do not return -diagnostic information. - -SSL_CTX_add_client_CA() and SSL_add_client_CA() have the following return -values: - -=over 4 - -=item STACK_OF(X509_NAMES) - -List of CA names explicitely set (for B<ctx> or in server mode) or send -by the server (client mode). - -=item NULL - -No client CA list was explicitely set (for B<ctx> or in server mode) or -the server did not send a list of CAs (client mode). - -=back - -=head1 SEE ALSO - -L<ssl(3)|ssl(3)>, -L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)> - -=cut diff --git a/doc/ssl/SSL_get_current_cipher.pod b/doc/ssl/SSL_get_current_cipher.pod deleted file mode 100644 index 2dd7261d89..0000000000 --- a/doc/ssl/SSL_get_current_cipher.pod +++ /dev/null @@ -1,43 +0,0 @@ -=pod - -=head1 NAME - -SSL_get_current_cipher, SSL_get_cipher, SSL_get_cipher_name, -SSL_get_cipher_bits, SSL_get_cipher_version - get SSL_CIPHER of a connection - -=head1 SYNOPSIS - - #include <openssl/ssl.h> - - SSL_CIPHER *SSL_get_current_cipher(SSL *ssl); - #define SSL_get_cipher(s) \ - SSL_CIPHER_get_name(SSL_get_current_cipher(s)) - #define SSL_get_cipher_name(s) \ - SSL_CIPHER_get_name(SSL_get_current_cipher(s)) - #define SSL_get_cipher_bits(s,np) \ - SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np) - #define SSL_get_cipher_version(s) \ - SSL_CIPHER_get_version(SSL_get_current_cipher(s)) - -=head1 DESCRIPTION - -SSL_get_current_cipher() returns a pointer to an SSL_CIPHER object containing -the description of the actually used cipher of a connection established with -the B<ssl> object. - -SSL_get_cipher() and SSL_get_cipher_name() are identical macros to obtain the -name of the currently used cipher. SSL_get_cipher_bits() is a -macro to obtain the number of secret/algorithm bits used and -SSL_get_cipher_version() returns the protocol name. -See L<SSL_CIPHER_get_name(3)|SSL_CIPHER_get_name(3)> for more details. - -=head1 RETURN VALUES - -SSL_get_current_cipher() returns the cipher actually used or NULL, when -no session has been established. - -=head1 SEE ALSO - -L<ssl(3)|ssl(3)>, L<SSL_CIPHER_get_name(3)|SSL_CIPHER_get_name(3)> - -=cut diff --git a/doc/ssl/SSL_get_peer_cert_chain.pod b/doc/ssl/SSL_get_peer_cert_chain.pod deleted file mode 100644 index e93e8206fa..0000000000 --- a/doc/ssl/SSL_get_peer_cert_chain.pod +++ /dev/null @@ -1,52 +0,0 @@ -=pod - -=head1 NAME - -SSL_get_peer_cert_chain - get the X509 certificate chain of the peer - -=head1 SYNOPSIS - - #include <openssl/ssl.h> - - STACKOF(X509) *SSL_get_peer_cert_chain(SSL *ssl); - -=head1 DESCRIPTION - -SSL_get_peer_cert_chain() returns a pointer to STACKOF(X509) certificates -forming the certificate chain of the peer. If called on the client side, -the stack also contains the peer's certificate; if called on the server -side, the peer's certificate must be obtained seperately using -L<SSL_get_peer_certificate(3)|SSL_get_peer_certificate(3)>. -If the peer did not present a certificate, NULL is returned. - -=head1 NOTES - -The peer certificate chain is not necessarily available after reusing -a session, in which case a NULL pointer is returned. - -The reference count of the STACKOF(X509) object is not incremented. -If the corresponding session is freed, the pointer must not be used -any longer. - -=head1 RETURN VALUES - -The following return values can occur: - -=over 4 - -=item NULL - -No certificate was presented by the peer or no connection was established -or the certificate chain is no longer available when a session is reused. - -=item Pointer to a STACKOF(X509) - -The return value points to the certificate chain presented by the peer. - -=back - -=head1 SEE ALSO - -L<ssl(3)|ssl(3)>, L<SSL_get_peer_certificate(3)|SSL_get_peer_certificate(3)> - -=cut diff --git a/doc/ssl/SSL_get_peer_certificate.pod b/doc/ssl/SSL_get_peer_certificate.pod deleted file mode 100644 index 79c089aa51..0000000000 --- a/doc/ssl/SSL_get_peer_certificate.pod +++ /dev/null @@ -1,48 +0,0 @@ -=pod - -=head1 NAME - -SSL_get_peer_certificate - get the X509 certificate of the peer - -=head1 SYNOPSIS - - #include <openssl/ssl.h> - - X509 *SSL_get_peer_certificate(SSL *ssl); - -=head1 DESCRIPTION - -SSL_get_peer_certificate() returns a pointer to the X509 certificate the -peer presented. If the peer did not present a certificate, NULL is returned. - -=head1 NOTES - -That a certificate is returned does not indicate information about the -verification state, use L<SSL_get_verify_result(3)|SSL_get_verify_result(3)> -to check the verification state. - -The reference count of the X509 object is incremented by one, so that it -will not be destroyed when the session containing the peer certificate is -freed. The X509 object must be explicitely freed using X509_free(). - -=head1 RETURN VALUES - -The following return values can occur: - -=over 4 - -=item NULL - -No certificate was presented by the peer or no connection was established. - -=item Pointer to an X509 certificate - -The return value points to the certificate presented by the peer. - -=back - -=head1 SEE ALSO - -L<ssl(3)|ssl(3)>, L<SSL_get_verify_result(3)|SSL_get_verify_result(3)> - -=cut diff --git a/doc/ssl/SSL_get_verify_result.pod b/doc/ssl/SSL_get_verify_result.pod deleted file mode 100644 index 4d66236a05..0000000000 --- a/doc/ssl/SSL_get_verify_result.pod +++ /dev/null @@ -1,57 +0,0 @@ -=pod - -=head1 NAME - -SSL_get_verify_result - get result of peer certificate verification - -=head1 SYNOPSIS - - #include <openssl/ssl.h> - - long SSL_get_verify_result(SSL *ssl); - -=head1 DESCRIPTION - -SSL_get_verify_result() returns the result of the verification of the -X509 certificate presented by the peer, if any. - -=head1 NOTES - -SSL_get_verify_result() can only return one error code while the verification -of a certificate can fail because of many reasons at the same time. Only -the last verification error that occured during the processing is available -from SSL_get_verify_result(). - -The verification result is part of the established session and is restored -when a session is reused. - -=head1 BUGS - -If no peer certificate was presented, the returned result code is -X509_V_OK. This is because no verification error occured, it does however -not indicate success. SSL_get_verify_result() is only useful in connection -with L<SSL_get_peer_certificate(3)|SSL_get_peer_certificate(3)>. - -=head1 RETURN VALUES - -The following return values can currently occur: - -=over 4 - -=item X509_V_OK - -The verification succeeded or no peer certificate was presented. - -=item Any other value - -Documented in L<verify(1)|verify(1)>. - -=back - -=head1 SEE ALSO - -L<ssl(3)|ssl(3)>, L<SSL_set_verify_result(3)|SSL_set_verify_result(3)>, -L<SSL_get_peer_certificate(3)|SSL_get_peer_certificate(3)>, -L<verify(1)|verify(1)> - -=cut diff --git a/doc/ssl/SSL_library_init.pod b/doc/ssl/SSL_library_init.pod deleted file mode 100644 index ecf3c4858e..0000000000 --- a/doc/ssl/SSL_library_init.pod +++ /dev/null @@ -1,52 +0,0 @@ -=pod - -=head1 NAME - -SSL_library_init, OpenSSL_add_ssl_algorithms, SSLeay_add_ssl_algorithms -- initialize SSL library by registering algorithms - -=head1 SYNOPSIS - - #include <openssl/ssl.h> - - int SSL_library_init(void); - #define OpenSSL_add_ssl_algorithms() SSL_library_init() - #define SSLeay_add_ssl_algorithms() SSL_library_init() - -=head1 DESCRIPTION - -SSL_library_init() registers the available ciphers and digests. - -OpenSSL_add_ssl_algorithms() and SSLeay_add_ssl_algorithms() are synonyms -for SSL_library_init(). - -=head1 NOTES - -SSL_library_init() must be called before any other action takes place. - -=head1 WARNING - -SSL_library_init() only registers ciphers. Another important initialization -is the seeding of the PRNG (Pseudo Random Number Generator), which has to -be performed separately. - -=head1 EXAMPLES - -A typical TLS/SSL application will start with the library initialization, -will provide readable error messages and will seed the PRNG. - - SSL_load_error_strings(); /* readable error messages */ - SSL_library_init(); /* initialize library */ - actions_to_seed_PRNG(); - -=head1 RETURN VALUES - -SSL_library_init() always returns "1", so it is safe to discard the return -value. - -=head1 SEE ALSO - -L<ssl(3)|ssl(3)>, L<SSL_load_error_strings(3)|SSL_load_error_strings(3)>, -L<RAND_add(3)|RAND_add(3)> - -=cut diff --git a/doc/ssl/SSL_load_client_CA_file.pod b/doc/ssl/SSL_load_client_CA_file.pod deleted file mode 100644 index 02527dc2ed..0000000000 --- a/doc/ssl/SSL_load_client_CA_file.pod +++ /dev/null @@ -1,62 +0,0 @@ -=pod - -=head1 NAME - -SSL_load_client_CA_file - load certificate names from file - -=head1 SYNOPSIS - - #include <openssl/ssl.h> - - STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); - -=head1 DESCRIPTION - -SSL_load_client_CA_file() reads certificates from B<file> and returns -a STACK_OF(X509_NAME) with the subject names found. - -=head1 NOTES - -SSL_load_client_CA_file() reads a file of PEM formatted certificates and -extracts the X509_NAMES of the certificates found. While the name suggests -the specific usage as support function for -L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)>, -it is not limited to CA certificates. - -=head1 EXAMPLES - -Load names of CAs from file and use it as a client CA list: - - SSL_CTX *ctx; - STACK_OF(X509_NAME) *cert_names; - - ... - cert_names = SSL_load_client_CA_file("/path/to/CAfile.pem"); - if (cert_names != NULL) - SSL_CTX_set_client_CA_list(ctx, cert_names); - else - error_handling(); - ... - -=head1 RETURN VALUES - -The following return values can occur: - -=over 4 - -=item NULL - -The operation failed, check out the error stack for the reason. - -=item Pointer to STACK_OF(X509_NAME) - -Pointer to the subject names of the successfully read certificates. - -=back - -=head1 SEE ALSO - -L<ssl(3)|ssl(3)>, -L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)> - -=cut diff --git a/doc/ssl/SSL_pending.pod b/doc/ssl/SSL_pending.pod deleted file mode 100644 index 744e1855e1..0000000000 --- a/doc/ssl/SSL_pending.pod +++ /dev/null @@ -1,30 +0,0 @@ -=pod - -=head1 NAME - -SSL_pending - obtain number of readable bytes buffered in an SSL object - -=head1 SYNOPSIS - - #include <openssl/ssl.h> - - int SSL_pending(SSL *ssl); - -=head1 DESCRIPTION - -SSL_pending() returns the number of bytes which are available inside -B<ssl> for immediate read. - -=head1 NOTES - -Data are received in blocks from the peer. Therefore data can be buffered -inside B<ssl> and are ready for immediate retrieval with -L<SSL_read(3)|SSL_read(3)>. - -=head1 RETURN VALUES - -The number of bytes pending is returned. - -L<SSL_read(3)|SSL_read(3)>, L<ssl(3)|ssl(3)> - -=cut diff --git a/doc/ssl/SSL_read.pod b/doc/ssl/SSL_read.pod index 072dc26cf2..3b082a7c90 100644 --- a/doc/ssl/SSL_read.pod +++ b/doc/ssl/SSL_read.pod @@ -13,11 +13,7 @@ SSL_read - read bytes from a TLS/SSL connection. =head1 DESCRIPTION SSL_read() tries to read B<num> bytes from the specified B<ssl> into the -buffer B<buf>. - -=head1 NOTES - -If necessary, SSL_read() will negotiate a TLS/SSL session, if +buffer B<buf>. If necessary, SSL_read() will negotiate a TLS/SSL session, if not already explicitly performed by SSL_connect() or SSL_accept(). If the peer requests a re-negotiation, it will be performed transparently during the SSL_read() operation. The behaviour of SSL_read() depends on the @@ -38,12 +34,6 @@ non-blocking socket, nothing is to be done, but select() can be used to check for the required condition. When using a buffering BIO, like a BIO pair, data must be written into or retrieved out of the BIO before being able to continue. -=head1 WARNING - -When an SSL_read() operation has to be repeated because of -B<SSL_ERROR_WANT_READ> or B<SSL_ERROR_WANT_WRITE>, it must be repeated -with the same arguments. - =head1 RETURN VALUES The following return values can occur: diff --git a/doc/ssl/SSL_set_session.pod b/doc/ssl/SSL_set_session.pod index 9f78d9e434..447f5d4acc 100644 --- a/doc/ssl/SSL_set_session.pod +++ b/doc/ssl/SSL_set_session.pod @@ -8,7 +8,7 @@ SSL_set_session - set a TLS/SSL session to be used during TLS/SSL connect #include <openssl/ssl.h> - int SSL_set_session(SSL *ssl, SSL_SESSION *session); + int *SSL_set_session(SSL *ssl, SSL_SESSION *session); =head1 DESCRIPTION diff --git a/doc/ssl/SSL_set_verify_result.pod b/doc/ssl/SSL_set_verify_result.pod deleted file mode 100644 index 04ab101aad..0000000000 --- a/doc/ssl/SSL_set_verify_result.pod +++ /dev/null @@ -1,38 +0,0 @@ -=pod - -=head1 NAME - -SSL_set_verify_result - override result of peer certificate verification - -=head1 SYNOPSIS - - #include <openssl/ssl.h> - - void SSL_set_verify_result(SSL *ssl, long verify_result); - -=head1 DESCRIPTION - -SSL_set_verify_result() sets B<verify_result> of the object B<ssl> to be the -result of the verification of the X509 certificate presented by the peer, -if any. - -=head1 NOTES - -SSL_set_verify_result() overrides the verification result. It only changes -the verification result of the B<ssl> object. It does not become part of the -established session, so if the session is to be reused later, the original -value will reappear. - -The valid codes for B<verify_result> are documented in L<verify(1)|verify(1)>. - -=head1 RETURN VALUES - -SSL_set_verify_result() does not provide a return value. - -=head1 SEE ALSO - -L<ssl(3)|ssl(3)>, L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>, -L<SSL_get_peer_certificate(3)|SSL_get_peer_certificate(3)>, -L<verify(1)|verify(1)> - -=cut diff --git a/doc/ssl/SSL_write.pod b/doc/ssl/SSL_write.pod index db67c187e0..b086258e82 100644 --- a/doc/ssl/SSL_write.pod +++ b/doc/ssl/SSL_write.pod @@ -13,11 +13,7 @@ SSL_read - write bytes to a TLS/SSL connection. =head1 DESCRIPTION SSL_write() writes B<num> bytes from the buffer B<buf> into the specified -B<ssl> connection. - -=head1 NOTES - -If necessary, SSL_write() will negotiate a TLS/SSL session, if +B<ssl>. If necessary, SSL_write() will negotiate a TLS/SSL session, if not already explicitly performed by SSL_connect() or SSL_accept(). If the peer requests a re-negotiation, it will be performed transparently during the SSL_write() operation. The behaviour of SSL_write() depends on the @@ -38,12 +34,6 @@ non-blocking socket, nothing is to be done, but select() can be used to check for the required condition. When using a buffering BIO, like a BIO pair, data must be written into or retrieved out of the BIO before being able to continue. -=head1 WARNING - -When an SSL_write() operation has to be repeated because of -B<SSL_ERROR_WANT_READ> or B<SSL_ERROR_WANT_WRITE>, it must be repeated -with the same arguments. - =head1 RETURN VALUES The following return values can occur: diff --git a/doc/ssl/ssl.pod b/doc/ssl/ssl.pod index 8ffe5904d5..41d6114649 100644 --- a/doc/ssl/ssl.pod +++ b/doc/ssl/ssl.pod @@ -625,17 +625,12 @@ connection defined in the B<SSL> structure. L<openssl(1)|openssl(1)>, L<crypto(3)|crypto(3)>, L<SSL_accept(3)|SSL_accept(3)>, L<SSL_clear(3)|SSL_clear(3)>, -L<SSL_connect(3)|SSL_connect(3)>, L<SSL_CTX_new(3)|SSL_CTX_new(3)>, -L<SSL_CTX_set_ssl_version(3)|SSL_CTX_set_ssl_version(3)>, -L<SSL_get_ciphers(3)|SSL_get_ciphers(3)>, +L<SSL_connect(3)|SSL_connect(3)>, L<SSL_free(3)|SSL_free(3)>, L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_get_fd(3)|SSL_get_fd(3)>, -L<SSL_get_peer_cert_chain(3)|SSL_get_peer_cert_chain(3)>, L<SSL_get_rbio(3)|SSL_get_rbio(3)>, -L<SSL_get_session(3)|SSL_get_session(3)>, -L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>, -L<SSL_library_init(3)|SSL_library_init(3)>, L<SSL_new(3)|SSL_new(3)>, +L<SSL_get_session(3)|SSL_get_session(3)>, L<SSL_new(3)|SSL_new(3)>, L<SSL_read(3)|SSL_read(3)>, L<SSL_set_bio(3)|SSL_set_bio(3)>, -L<SSL_set_fd(3)|SSL_set_fd(3)>, L<SSL_pending(3)|SSL_pending(3)>, +L<SSL_set_fd(3)|SSL_set_fd(3)>, L<SSL_set_session(3)|SSL_set_session(3)>, L<SSL_shutdown(3)|SSL_shutdown(3)>, L<SSL_write(3)|SSL_write(3)>, L<SSL_SESSION_free(3)|SSL_SESSION_free(3)> @@ -275,9 +275,6 @@ extern "C" { # define NO_SYS_PARAM_H # else /* !defined VMS */ -# ifdef MPE -# define NO_SYS_PARAM_H -# endif # ifdef OPENSSL_UNISTD # include OPENSSL_UNISTD # else @@ -347,9 +344,7 @@ extern HINSTANCE _hInstance; # ifndef NO_SYS_PARAM_H # include <sys/param.h> # endif -# ifndef MPE -# include <sys/time.h> /* Needed under linux for FD_XXX */ -# endif +# include <sys/time.h> /* Needed under linux for FD_XXX */ # include <netdb.h> # if defined(VMS) && !defined(__DECC) diff --git a/ms/mingw32.bat b/ms/mingw32.bat index db70b8580e..1726c55bcd 100644 --- a/ms/mingw32.bat +++ b/ms/mingw32.bat @@ -76,8 +76,6 @@ rem Create files -- this can be skipped if using the GNU file utilities make -f ms/mingw32f.mak
echo You can ignore the error messages above
-copy ms\tlhelp32.h outinc
-
echo Building the libraries
make -f ms/mingw32a.mak
if errorlevel 1 goto end
diff --git a/ms/tlhelp32.h b/ms/tlhelp32.h deleted file mode 100644 index 8f4222e34f..0000000000 --- a/ms/tlhelp32.h +++ /dev/null @@ -1,136 +0,0 @@ -/* - tlhelp32.h - Include file for Tool help functions. - - Written by Mumit Khan <khan@nanotech.wisc.edu> - - This file is part of a free library for the Win32 API. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - -*/ -#ifndef _TLHELP32_H -#define _TLHELP32_H -#ifdef __cplusplus -extern "C" { -#endif -#define HF32_DEFAULT 1 -#define HF32_SHARED 2 -#define LF32_FIXED 0x1 -#define LF32_FREE 0x2 -#define LF32_MOVEABLE 0x4 -#define MAX_MODULE_NAME32 255 -#define TH32CS_SNAPHEAPLIST 0x1 -#define TH32CS_SNAPPROCESS 0x2 -#define TH32CS_SNAPTHREAD 0x4 -#define TH32CS_SNAPMODULE 0x8 -#define TH32CS_SNAPALL (TH32CS_SNAPHEAPLIST|TH32CS_SNAPPROCESS|TH32CS_SNAPTHREAD|TH32CS_SNAPMODULE) -#define TH32CS_INHERIT 0x80000000 -typedef struct tagHEAPLIST32 { - DWORD dwSize; - DWORD th32ProcessID; - DWORD th32HeapID; - DWORD dwFlags; -} HEAPLIST32,*PHEAPLIST32,*LPHEAPLIST32; -typedef struct tagHEAPENTRY32 { - DWORD dwSize; - HANDLE hHandle; - DWORD dwAddress; - DWORD dwBlockSize; - DWORD dwFlags; - DWORD dwLockCount; - DWORD dwResvd; - DWORD th32ProcessID; - DWORD th32HeapID; -} HEAPENTRY32,*PHEAPENTRY32,*LPHEAPENTRY32; -typedef struct tagPROCESSENTRY32W { - DWORD dwSize; - DWORD cntUsage; - DWORD th32ProcessID; - DWORD th32DefaultHeapID; - DWORD th32ModuleID; - DWORD cntThreads; - DWORD th32ParentProcessID; - LONG pcPriClassBase; - DWORD dwFlags; - WCHAR szExeFile[MAX_PATH]; -} PROCESSENTRY32W,*PPROCESSENTRY32W,*LPPROCESSENTRY32W; -typedef struct tagPROCESSENTRY32 { - DWORD dwSize; - DWORD cntUsage; - DWORD th32ProcessID; - DWORD th32DefaultHeapID; - DWORD th32ModuleID; - DWORD cntThreads; - DWORD th32ParentProcessID; - LONG pcPriClassBase; - DWORD dwFlags; - CHAR szExeFile[MAX_PATH]; -} PROCESSENTRY32,*PPROCESSENTRY32,*LPPROCESSENTRY32; -typedef struct tagTHREADENTRY32 { - DWORD dwSize; - DWORD cntUsage; - DWORD th32ThreadID; - DWORD th32OwnerProcessID; - LONG tpBasePri; - LONG tpDeltaPri; - DWORD dwFlags; -} THREADENTRY32,*PTHREADENTRY32,*LPTHREADENTRY32; -typedef struct tagMODULEENTRY32W { - DWORD dwSize; - DWORD th32ModuleID; - DWORD th32ProcessID; - DWORD GlblcntUsage; - DWORD ProccntUsage; - BYTE *modBaseAddr; - DWORD modBaseSize; - HMODULE hModule; - WCHAR szModule[MAX_MODULE_NAME32 + 1]; - WCHAR szExePath[MAX_PATH]; -} MODULEENTRY32W,*PMODULEENTRY32W,*LPMODULEENTRY32W; -typedef struct tagMODULEENTRY32 { - DWORD dwSize; - DWORD th32ModuleID; - DWORD th32ProcessID; - DWORD GlblcntUsage; - DWORD ProccntUsage; - BYTE *modBaseAddr; - DWORD modBaseSize; - HMODULE hModule; - char szModule[MAX_MODULE_NAME32 + 1]; - char szExePath[MAX_PATH]; -} MODULEENTRY32,*PMODULEENTRY32,*LPMODULEENTRY32; -BOOL WINAPI Heap32First(LPHEAPENTRY32,DWORD,DWORD); -BOOL WINAPI Heap32ListFirst(HANDLE,LPHEAPLIST32); -BOOL WINAPI Heap32ListNext(HANDLE,LPHEAPLIST32); -BOOL WINAPI Heap32Next(LPHEAPENTRY32); -BOOL WINAPI Module32First(HANDLE,LPMODULEENTRY32); -BOOL WINAPI Module32FirstW(HANDLE,LPMODULEENTRY32W); -BOOL WINAPI Module32Next(HANDLE,LPMODULEENTRY32); -BOOL WINAPI Module32NextW(HANDLE,LPMODULEENTRY32W); -BOOL WINAPI Process32First(HANDLE,LPPROCESSENTRY32); -BOOL WINAPI Process32FirstW(HANDLE,LPPROCESSENTRY32W); -BOOL WINAPI Process32Next(HANDLE,LPPROCESSENTRY32); -BOOL WINAPI Process32NextW(HANDLE,LPPROCESSENTRY32W); -BOOL WINAPI Thread32First(HANDLE,LPTHREADENTRY32); -BOOL WINAPI Thread32Next(HANDLE,LPTHREADENTRY32); -BOOL WINAPI Toolhelp32ReadProcessMemory(DWORD,LPCVOID,LPVOID,DWORD,LPDWORD); -HANDLE WINAPI CreateToolhelp32Snapshot(DWORD,DWORD); -#ifdef UNICODE -#define LPMODULEENTRY32 LPMODULEENTRY32W -#define LPPROCESSENTRY32 LPPROCESSENTRY32W -#define MODULEENTRY32 MODULEENTRY32W -#define Module32First Module32FirstW -#define Module32Next Module32NextW -#define PMODULEENTRY32 PMODULEENTRY32W -#define PPROCESSENTRY32 PPROCESSENTRY32W -#define PROCESSENTRY32 PROCESSENTRY32W -#define Process32First Process32FirstW -#define Process32Next Process32NextW -#endif /* UNICODE */ -#ifdef __cplusplus -} -#endif -#endif /* _TLHELP32_H */ - diff --git a/openssl.spec b/openssl.spec index 18ae94e54c..46c9acec91 100644 --- a/openssl.spec +++ b/openssl.spec @@ -22,9 +22,9 @@ BuildRoot: /var/tmp/%{name}-%{version}-root The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, fully featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) -protocols as well as a full-strength general purpose cryptography library. -The project is managed by a worldwide community of volunteers that use the -Internet to communicate, plan, and develop the OpenSSL tookit and its related +protocols with full-strength cryptography world-wide. The project is +managed by a worldwide community of volunteers that use the Internet to +communicate, plan, and develop the OpenSSL tookit and its related documentation. OpenSSL is based on the excellent SSLeay library developed from Eric A. @@ -43,9 +43,9 @@ Requires: openssl The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, fully featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) -protocols as well as a full-strength general purpose cryptography library. -The project is managed by a worldwide community of volunteers that use the -Internet to communicate, plan, and develop the OpenSSL tookit and its related +protocols with full-strength cryptography world-wide. The project is +managed by a worldwide community of volunteers that use the Internet to +communicate, plan, and develop the OpenSSL tookit and its related documentation. OpenSSL is based on the excellent SSLeay library developed from Eric A. @@ -64,9 +64,9 @@ Requires: openssl The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, fully featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) -protocols as well as a full-strength general purpose cryptography library. -The project is managed by a worldwide community of volunteers that use the -Internet to communicate, plan, and develop the OpenSSL tookit and its related +protocols with full-strength cryptography world-wide. The project is +managed by a worldwide community of volunteers that use the Internet to +communicate, plan, and develop the OpenSSL tookit and its related documentation. OpenSSL is based on the excellent SSLeay library developed from Eric A. diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c index 050618235f..a81544a1b6 100644 --- a/ssl/s23_srvr.c +++ b/ssl/s23_srvr.c @@ -348,21 +348,16 @@ int ssl23_get_client_hello(SSL *s) * SSLv3 or tls1 header */ - v[0]=p[1]; /* major version (= SSL3_VERSION_MAJOR) */ + v[0]=p[1]; /* major version */ /* We must look at client_version inside the Client Hello message - * to get the correct minor version. - * However if we have only a pathologically small fragment of the - * Client Hello message, this would be difficult, we'd have - * to read at least one additional record to find out. - * This doesn't usually happen in real life, so we just complain - * for now. - */ + * to get the correct minor version: */ + v[1]=p[10]; + /* However if we have only a pathologically small fragment of the + * Client Hello message, we simply use the version from the + * record header -- this is incorrect but unlikely to fail in + * practice */ if (p[3] == 0 && p[4] < 6) - { - SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_SMALL); - goto err; - } - v[1]=p[10]; /* minor version according to client_version */ + v[1]=p[2]; if (v[1] >= TLS1_VERSION_MINOR) { if (!(s->options & SSL_OP_NO_TLSv1)) @@ -1471,7 +1471,6 @@ int SSL_COMP_add_compression_method(int id,char *cm); #define SSL_R_READ_WRONG_PACKET_TYPE 212 #define SSL_R_RECORD_LENGTH_MISMATCH 213 #define SSL_R_RECORD_TOO_LARGE 214 -#define SSL_R_RECORD_TOO_SMALL 1093 #define SSL_R_REQUIRED_CIPHER_MISSING 215 #define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216 #define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217 diff --git a/ssl/ssl2.h b/ssl/ssl2.h index df7d03c18f..01d41c88c5 100644 --- a/ssl/ssl2.h +++ b/ssl/ssl2.h @@ -133,11 +133,7 @@ extern "C" { /* Upper/Lower Bounds */ #define SSL2_MAX_MASTER_KEY_LENGTH_IN_BITS 256 -#ifdef MPE -#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER (unsigned int)29998 -#else #define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER (unsigned int)32767 -#endif #define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER 16383 /**/ #define SSL2_CHALLENGE_LENGTH 16 diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index 17b4caf528..642c3f93e7 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -327,7 +327,6 @@ static ERR_STRING_DATA SSL_str_reasons[]= {SSL_R_READ_WRONG_PACKET_TYPE ,"read wrong packet type"}, {SSL_R_RECORD_LENGTH_MISMATCH ,"record length mismatch"}, {SSL_R_RECORD_TOO_LARGE ,"record too large"}, -{SSL_R_RECORD_TOO_SMALL ,"record too small"}, {SSL_R_REQUIRED_CIPHER_MISSING ,"required cipher missing"}, {SSL_R_REUSE_CERT_LENGTH_NOT_ZERO ,"reuse cert length not zero"}, {SSL_R_REUSE_CERT_TYPE_NOT_ZERO ,"reuse cert type not zero"}, diff --git a/util/libeay.num b/util/libeay.num index 3a72228d6a..842039bf76 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -1869,4 +1869,3 @@ RSA_PKCS1_RSAref 2459 EXIST:RSAREF:FUNCTION:RSA X509_keyid_set1 2460 EXIST::FUNCTION: BIO_next 2461 EXIST::FUNCTION: DSO_METHOD_vms 2462 EXIST::FUNCTION: -BIO_f_linebuffer 2463 EXIST:VMS:FUNCTION: diff --git a/util/mk1mf.pl b/util/mk1mf.pl index 46755fa287..72e47af9b4 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -366,6 +366,10 @@ all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers lib exe banner: $banner +# Generate perlasm output files +%.cpp: + (cd \$(\@D)/..; PERL=perl make -f Makefile.ssl asm/\$(\@F)) + \$(TMP_D): \$(MKDIR) \$(TMP_D) # NB: uncomment out these lines if BIN_D, TEST_D and LIB_D are different @@ -613,14 +617,6 @@ $rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPT $rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)"); print $defs; - -if ($platform eq "linux-elf") { - print <<"EOF"; -# Generate perlasm output files -%.cpp: - (cd \$(\@D)/..; PERL=perl make -f Makefile.ssl asm/\$(\@F)) -EOF -} print "###################################################################\n"; print $rules; diff --git a/util/mkdef.pl b/util/mkdef.pl index 0ac793555c..b673e05a7b 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -867,7 +867,7 @@ sub update_numbers $new_syms++; printf OUT "%s%-40s%d\t%s\n","",$s, ++$start_num,$i; if (exists $r{$s}) { - ($s, $i) = split /\\/,$r{$s}; + ($s, $i) = split /\\/,$r{$sym}; printf OUT "%s%-40s%d\t%s\n","",$s, $start_num,$i; } } diff --git a/util/pl/BC-32.pl b/util/pl/BC-32.pl index 20cb3a9c50..7f57809a16 100644 --- a/util/pl/BC-32.pl +++ b/util/pl/BC-32.pl @@ -19,7 +19,7 @@ $out_def="out32"; $tmp_def="tmp32"; $inc_def="inc32"; #enable max error messages, disable most common warnings -$cflags="-DWIN32_LEAN_AND_MEAN -q -w-aus -w-par -w-inl -c -tWC -tWM -DWINDOWS -DWIN32 -DL_ENDIAN -DDSO_WIN32 "; +$cflags="-DWIN32_LEAN_AND_MEAN -q -w-aus -w-par -w-inl -c -tWC -tWM -DWINDOWS -DWIN32 -DL_ENDIAN "; if ($debug) { $cflags.="-Od -y -v -vi- -D_DEBUG"; diff --git a/util/pl/Mingw32.pl b/util/pl/Mingw32.pl index 37f36126f3..c687d9b118 100644 --- a/util/pl/Mingw32.pl +++ b/util/pl/Mingw32.pl @@ -17,9 +17,9 @@ $mkdir='gmkdir'; $cc='gcc'; if ($debug) - { $cflags="-DL_ENDIAN -DDSO_WIN32 -g2 -ggdb"; } + { $cflags="-DL_ENDIAN -g2 -ggdb"; } else - { $cflags="-DL_ENDIAN -DDSO_WIN32 -fomit-frame-pointer -O3 -m486 -Wall"; } + { $cflags="-DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall"; } if ($gaswin and !$no_asm) { diff --git a/util/pl/Mingw32f.pl b/util/pl/Mingw32f.pl index 44f5673d7a..a53c537646 100644 --- a/util/pl/Mingw32f.pl +++ b/util/pl/Mingw32f.pl @@ -11,9 +11,9 @@ $rm='del'; $cc='gcc'; if ($debug) - { $cflags="-g2 -ggdb -DDSO_WIN32"; } + { $cflags="-g2 -ggdb"; } else - { $cflags="-O3 -fomit-frame-pointer -DDSO_WIN32"; } + { $cflags="-O3 -fomit-frame-pointer"; } $obj='.o'; $ofile='-o '; diff --git a/util/pl/VC-32.pl b/util/pl/VC-32.pl index 7c6674b971..046f0e253c 100644 --- a/util/pl/VC-32.pl +++ b/util/pl/VC-32.pl @@ -12,7 +12,7 @@ $rm='del'; # C compiler stuff $cc='cl'; -$cflags=' /MD /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DWIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32'; +$cflags=' /MD /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DWIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN'; $lflags="/nologo /subsystem:console /machine:I386 /opt:ref"; $mlflags=''; @@ -22,7 +22,7 @@ $inc_def="inc32"; if ($debug) { - $cflags=" /MDd /W3 /WX /Zi /Yd /Od /nologo -DWIN32 -D_DEBUG -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -DDEBUG -DDSO_WIN32"; + $cflags=" /MDd /W3 /WX /Zi /Yd /Od /nologo -DWIN32 -D_DEBUG -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -DDEBUG"; $lflags.=" /debug"; $mlflags.=' /debug'; } @@ -112,8 +112,7 @@ sub do_lib_rule if (!$shlib) { # $ret.="\t\$(RM) \$(O_$Name)\n"; - $ex =' advapi32.lib'; - $ret.="\t\$(MKLIB) $lfile$target @<<\n $objs $ex\n<<\n"; + $ret.="\t\$(MKLIB) $lfile$target @<<\n $objs\n<<\n"; } else { |