...
 
Commits (449)
......@@ -16,6 +16,8 @@
# *all* Makefiles
Makefile
# ... except in demos
!/demos/*/Makefile
# Links under apps
/apps/CA.pl
......@@ -72,6 +74,7 @@ Makefile
/include/openssl/opensslconf.h
/tools/c_rehash
/tools/c_rehash.pl
/util/shlib_wrap.sh
/tags
/TAGS
/crypto.map
......
dist: trusty
sudo: required
language: c
cache: ccache
......@@ -8,13 +11,12 @@ addons:
apt:
packages:
- ccache
- clang-3.6
- clang-3.9
- gcc-5
- binutils-mingw-w64
- gcc-mingw-w64
- wine
sources:
- llvm-toolchain-precise-3.6
- llvm-toolchain-trusty-3.9
- ubuntu-toolchain-r-test
os:
......@@ -31,26 +33,30 @@ env:
- CONFIG_OPTS="no-pic --strict-warnings" BUILDONLY="yes"
- CONFIG_OPTS="no-engine no-shared --strict-warnings" BUILDONLY="yes"
- CONFIG_OPTS="no-stdio --strict-warnings" BUILDONLY="yes"
- CONFIG_OPTS="no-ec" BUILDONLY="yes"
matrix:
include:
- os: linux
compiler: clang-3.9
env: CONFIG_OPTS="--strict-warnings no-deprecated" BUILDONLY="yes"
- os: linux
compiler: gcc
env: CONFIG_OPTS="--debug --coverage no-asm enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers" COVERALLS="yes"
- os: linux
compiler: clang-3.6
env: CONFIG_OPTS="no-shared enable-asan"
compiler: clang-3.9
env: CONFIG_OPTS="enable-asan"
- os: linux
compiler: clang-3.6
env: CONFIG_OPTS="no-shared enable-msan"
compiler: clang-3.9
env: CONFIG_OPTS="enable-msan"
- os: linux
compiler: clang-3.6
compiler: clang-3.9
env: CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method -fno-sanitize=alignment"
- os: linux
compiler: clang-3.6
env: CONFIG_OPTS="no-shared no-asm enable-asan enable-rc5 enable-md2"
compiler: clang-3.9
env: CONFIG_OPTS="no-asm enable-asan enable-rc5 enable-md2"
- os: linux
compiler: clang-3.6
compiler: clang-3.9
env: CONFIG_OPTS="no-stdio"
- os: linux
compiler: gcc-5
......@@ -92,11 +98,20 @@ before_script:
export CROSS_COMPILE=${CC%%gcc}; unset CC;
$srcdir/Configure mingw64 $CONFIG_OPTS -Wno-pedantic-ms-format;
else
if which ccache >/dev/null && [ "$CC" != clang-3.6 ]; then
if which ccache >/dev/null && [ "$CC" != clang-3.9 ]; then
CC="ccache $CC";
fi;
$srcdir/config -v $CONFIG_OPTS;
fi
- if [ -z "$BUILDONLY" ]; then
if [ -n "$CROSS_COMPILE" ]; then
if [ "$TRAVIS_OS_NAME" == "linux" ]; then
sudo dpkg --add-architecture i386;
sudo apt-get update;
sudo apt-get -yq install wine;
fi;
fi;
fi
- cd $top
script:
......@@ -134,5 +149,4 @@ after_success:
notifications:
email:
- openssl-commits@openssl.org
secure: "xeGNgWO7aoaDgRvcZubposqMsj36aU8c6F0oHfw+rUqltCQ14IgYCUwzocmR2O+Pa7B3Cx5VjMfBFHbQaajZsfod8vu7g+aGq/zkjwbhsr/SR4dljJjFJXLGZjIalm9KgP6KInmVDuINfCqP+MHIY5lZkNI7DMcyHDhVc5nSKvCXV7xTDNgmstvh8rB/z51WfHDqGqfBtiuK5FDNxmvYK8OFJ5W94Lu9LDlizcxwK3GAj7arOui7Z5w8bQ6p4seUE3IvJL1Zbj0pZHxvNb6Zeb2Pn8QF1qLlN8YmBktD4aiw0ce4wYRiL87uLgcOxZY7SVXtv2XYFIYWapU/FKjCqa6vK93V/H9eZWEIYNMKnN3wXm2beqVdnKek3OeGJ8v0y7MbSfuLfRtBqbTSNYnpU1Zuo4MQAvHvEPuwCAYkYQajOSRplMH5sULFKptuVqNtOMfjL8jHb8AEoL1acYIk43ydxeYrzzas4fqgCDJ52573/u0RNdF1lkQBLkuM365OB8VRqtpnoxcdEIY/qBc/8TzZ24fxyrs5qdHFcxGSgpN2EP6cJMqpvkemnCNSdhxUqfzm22N7a3O8+4LFSBGOnHto/PwdsvF/01yGYL0LoZTnoO1i6x7AMJPBh+eyDU0ZjGhj/msjmqeb9C8vRqQ+1WjHrIS1iqCD0Czib8tUPD4="
This diff is collapsed.
HOW TO CONTRIBUTE TO PATCHES OpenSSL
HOW TO CONTRIBUTE PATCHES TO OpenSSL
------------------------------------
(Please visit https://www.openssl.org/community/getting-started.html for
......@@ -11,34 +11,12 @@ OpenSSL community you might want to discuss it on the openssl-dev mailing
list first. Someone may be already working on the same thing or there
may be a good reason as to why that feature isn't implemented.
The best way to submit a patch is to make a pull request on GitHub.
(It is not necessary to send mail to rt@openssl.org to open a ticket!)
If you think the patch could use feedback from the community, please
start a thread on openssl-dev.
To submit a patch, make a pull request on GitHub. If you think the patch
could use feedback from the community, please start a thread on openssl-dev
to discuss it.
You can also submit patches by sending it as mail to rt@openssl.org.
Please include the word "PATCH" and an explanation of what the patch
does in the subject line. If you do this, our preferred format is "git
format-patch" output. For example to provide a patch file containing the
last commit in your local git repository use the following command:
% git format-patch --stdout HEAD^ >mydiffs.patch
Another method of creating an acceptable patch file without using git is as
follows:
% cd openssl-work
...make your changes...
% ./Configure dist; make clean
% cd ..
% diff -ur openssl-orig openssl-work >mydiffs.patch
Note that pull requests are generally easier for the team, and community, to
work with. Pull requests benefit from all of the standard GitHub features,
including code review tools, simpler integration, and CI build support.
No matter how a patch is submitted, the following items will help make
the acceptance and review process faster:
Having addressed the following items before the PR will help make the
acceptance and review process faster:
1. Anything other than trivial contributions will require a contributor
licensing agreement, giving us permission to use your code. See
......@@ -55,21 +33,22 @@ the acceptance and review process faster:
in the file LICENSE in the source distribution or at
https://www.openssl.org/source/license.html
3. Patches should be as current as possible. When using GitHub, please
expect to have to rebase and update often. Note that we do not accept merge
commits. You will be asked to remove them before a patch is considered
acceptable.
3. Patches should be as current as possible; expect to have to rebase
often. We do not accept merge commits; You will be asked to remove
them before a patch is considered acceptable.
4. Patches should follow our coding style (see
https://www.openssl.org/policies/codingstyle.html) and compile without
warnings. Where gcc or clang is available you should use the
--strict-warnings Configure option. OpenSSL compiles on many varied
platforms: try to ensure you only use portable features.
Clean builds via Travis and AppVeyor are expected, and done whenever
a PR is created or updated.
5. When at all possible, patches should include tests. These can either be
added to an existing test, or completely new. Please see test/README
for information on the test framework.
5. When at all possible, patches should include tests. These can
either be added to an existing test, or completely new. Please see
test/README for information on the test framework.
6. New features or changed functionality must include documentation. Please
look at the "pod" files in doc/apps, doc/crypto and doc/ssl for examples of
our style.
6. New features or changed functionality must include
documentation. Please look at the "pod" files in doc/apps, doc/crypto
and doc/ssl for examples of our style.
......@@ -80,10 +80,11 @@
sub {
unless ($disabled{zlib}) {
if (defined($disabled{"zlib-dynamic"})) {
return $withargs{zlib_lib};
return $withargs{zlib_lib} // "ZLIB1";
}
}
return (); },
return ();
},
ld => "link",
lflags => "/nologo",
......
This diff is collapsed.
......@@ -12,7 +12,6 @@
cc => "gcc",
cflags => "-DBN_DEBUG -DREF_DEBUG -DCONF_DEBUG -DBN_CTX_DEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror",
thread_scheme => "(unknown)",
ex_libs => add(" ","-lefence"),
},
"debug-erbridge" => {
inherit_from => [ "x86_64_asm" ],
......@@ -50,19 +49,6 @@
thread_scheme => "pthreads",
dso_scheme => "dlfcn",
},
"debug-linux-elf-noefence" => {
inherit_from => [ "x86_elf_asm" ],
cc => "gcc",
cflags => combine("-DBN_DEBUG -DREF_DEBUG -DCONF_DEBUG -DBN_CTX_DEBUG -DL_ENDIAN -g -Wall",
threads("-D_REENTRANT")),
ex_libs => add(" ","-ldl"),
bn_ops => "BN_LLONG",
thread_scheme => "pthreads",
dso_scheme => "dlfcn",
shared_target => "linux-shared",
shared_cflag => "-fPIC",
shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
},
"debug-linux-ia32-aes" => {
cc => "gcc",
cflags => combine("-DL_ENDIAN -O3 -fomit-frame-pointer -Wall",
......
......@@ -151,7 +151,7 @@ INSTALLTOP={- our $installtop =
$installtop -}
SYSTARTUP={- catdir($installtop, '[.SYS$STARTUP]'); -}
# This is the standard central area to store certificates, private keys...
OPENSSLDIR={- catdir($config{openssldir}) ||
OPENSSLDIR={- catdir($config{openssldir}) or
$config{prefix} ? catdir($config{prefix},"COMMON")
: "SYS\$COMMON:[OPENSSL-COMMON]" -}
# The same, but for C
......@@ -223,7 +223,7 @@ NODEBUG=@
$(NODEBUG) !
$(NODEBUG) ! Figure out the architecture
$(NODEBUG) !
$(NODEBUG) arch == f$edit( f$getsyi( "arch_name"), "upcase")
$(NODEBUG) arch = f$edit( f$getsyi( "arch_name"), "upcase")
$(NODEBUG) !
$(NODEBUG) ! Set up logical names for the libraries, so LINK and
$(NODEBUG) ! running programs can use them.
......@@ -264,8 +264,10 @@ test tests : build_generated, build_programs_nodep, build_engines_nodep, -
DEFINE SRCTOP {- sourcedir() -}
DEFINE BLDTOP {- builddir() -}
DEFINE OPENSSL_ENGINES {- builddir("engines") -}
DEFINE OPENSSL_DEBUG_MEMORY "on"
IF "$(VERBOSE)" .NES. "" THEN DEFINE VERBOSE "$(VERBOSE)"
$(PERL) {- sourcefile("test", "run_tests.pl") -} $(TESTS)
DEASSIGN OPENSSL_DEBUG_MEMORY
DEASSIGN OPENSSL_ENGINES
DEASSIGN BLDTOP
DEASSIGN SRCTOP
......@@ -508,7 +510,7 @@ debug_logicals :
# Building targets ###################################################
configdata.pm : {- join(" ", sourcefile("Configurations", "descrip.mms.tmpl"), sourcefile("Configurations", "common.tmpl")) -} $(SRCDIR)Configure $(SRCDIR)config.com {- join(" ", @{$config{build_infos}}) -}
configdata.pm : $(SRCDIR)Configure $(SRCDIR)config.com {- join(" ", @{$config{build_file_templates}}, @{$config{build_infos}}, @{$config{conf_files}}) -}
@ WRITE SYS$OUTPUT "Reconfiguring..."
perl $(SRCDIR)Configure reconf
@ WRITE SYS$OUTPUT "*************************************************"
......@@ -677,10 +679,11 @@ EOF
# previous line's file spec as default, so if no directory spec
# is present in the current line and the previous line has one that
# doesn't apply, you're in for a surprise.
my $write_opt =
my $write_opt1 =
join(",-\"\n\t", map { my $x = $_ =~ /\[/ ? $_ : "[]".$_;
"WRITE OPT_FILE \"$x" } @objs).
"\"\n\t".
"\"";
my $write_opt2 =
join("\n\t", map { my $x = $_ =~ /\[/ ? $_ : "[]".$_;
$x =~ s|(\.EXE)|$1/SHARE|;
$x =~ s|(\.OLB)|$1/LIB|;
......@@ -690,7 +693,8 @@ EOF
$lib.EXE : $deps
OPEN/WRITE/SHARE=READ OPT_FILE $lib.OPT
TYPE $engine_opt /OUTPUT=OPT_FILE:
$write_opt
$write_opt1
$write_opt2
CLOSE OPT_FILE
LINK /MAP=$lib.MAP /FULL/SHARE=$lib.EXE $lib.OPT/OPT \$(EX_LIBS)
- PURGE $lib.EXE,$lib.OPT,$lib.MAP
......@@ -723,10 +727,11 @@ EOF
# previous line's file spec as default, so if no directory spec
# is present in the current line and the previous line has one that
# doesn't apply, you're in for a surprise.
my $write_opt =
my $write_opt1 =
join(",-\"\n\t", map { my $x = $_ =~ /\[/ ? $_ : "[]".$_;
"WRITE OPT_FILE \"$x" } @objs).
"\"\n\t".
"\"";
my $write_opt2 =
join("\n\t", map { my $x = $_ =~ /\[/ ? $_ : "[]".$_;
$x =~ s|(\.EXE)|$1/SHARE|;
$x =~ s|(\.OLB)|$1/LIB|;
......@@ -735,7 +740,8 @@ EOF
return <<"EOF";
$bin.EXE : $deps
OPEN/WRITE/SHARE=READ OPT_FILE $bin.OPT
$write_opt
$write_opt1
$write_opt2
CLOSE OPT_FILE
LINK/EXEC=$bin.EXE \$(LDFLAGS) $bin.OPT/OPT \$(EX_LIBS)
- PURGE $bin.EXE,$bin.OPT
......
......@@ -153,6 +153,10 @@ LIBDIR={- #
ENGINESDIR={- use File::Spec::Functions;
catdir($prefix,$libdir,"engines-$sover") -}
# Convenience variable for those who want to set the rpath in shared
# libraries and applications
LIBRPATH=$(INSTALLTOP)/$(LIBDIR)
MANDIR=$(INSTALLTOP)/share/man
DOCDIR=$(INSTALLTOP)/share/doc/$(BASENAME)
HTMLDIR=$(DOCDIR)/html
......@@ -173,20 +177,7 @@ LDFLAGS= {- $target{lflags} -}
PLIB_LDFLAGS= {- $target{plib_lflags} -}
EX_LIBS= {- $target{ex_libs} -} {- $config{ex_libs} -}
LIB_CFLAGS={- $target{shared_cflag} || "" -}
LIB_LDFLAGS={- $target{shared_ldflag}." ".$config{shared_ldflag}
# Unlike other OSes (like Solaris, Linux, Tru64,
# IRIX) BSD run-time linkers (tested OpenBSD, NetBSD
# and FreeBSD) "demand" RPATH set on .so objects.
# Apparently application RPATH is not global and
# does not apply to .so linked with other .so.
# Problem manifests itself when libssl.so fails to
# load libcrypto.so. One can argue that we should
# engrave this into Makefile.shared rules or into
# BSD-* config lines above. Meanwhile let's try to
# be cautious and pass -rpath to linker only when
# $prefix is not /usr.
. ($config{target} =~ m|^BSD-| && $prefix !~ m|^/usr/.*$|
? " -Wl,-rpath,\$\$(LIBRPATH)" : "") -}
LIB_LDFLAGS={- $target{shared_ldflag}." ".$config{shared_ldflag} -}
DSO_CFLAGS={- $target{shared_cflag} || "" -}
DSO_LDFLAGS=$(LIB_LDFLAGS)
BIN_CFLAGS={- $target{bin_cflags} -}
......@@ -255,6 +246,7 @@ test: tests
PERL="$(PERL)" \
EXE_EXT={- $exeext -} \
OPENSSL_ENGINES=../$(BLDDIR)/engines \
OPENSSL_DEBUG_MEMORY=on \
$(PERL) ../$(SRCDIR)/test/run_tests.pl $(TESTS) )
@ : {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -}
@echo "Tests are not supported with your chosen Configure options"
......@@ -293,6 +285,7 @@ clean: libclean
-$(RM) `find . -name '*{- $objext -}' -a \! -path "./.git/*"`
$(RM) core
$(RM) tags TAGS
$(RM) test/.rnd
$(RM) openssl.pc libcrypto.pc libssl.pc
-$(RM) `find . -type l -a \! -path "./.git/*"`
$(RM) $(TARFILE)
......@@ -301,14 +294,12 @@ distclean: clean
$(RM) configdata.pm
$(RM) Makefile
# This exists solely for those who still type 'make depend'
#
# We check if any depfile is newer than Makefile and decide to
# concatenate only if that is true.
depend:
@: {- output_off() if $disabled{makedepend}; "" -}
@if [ -n "`find $(DEPS) -newer Makefile 2>/dev/null; exit 0`" ]; then \
( sed -e '/^# DO NOT DELETE THIS LINE.*/,$$d' < Makefile; \
@if egrep "^# DO NOT DELETE THIS LINE" Makefile >/dev/null && [ -z "`find $(DEPS) -newer Makefile 2>/dev/null; exit 0`" ]; then :; else \
( $(PERL) -pe 'exit 0 if /^# DO NOT DELETE THIS LINE.*/' < Makefile; \
echo '# DO NOT DELETE THIS LINE -- make depend depends on it.'; \
echo; \
for f in $(DEPS); do \
......@@ -771,22 +762,18 @@ tar:
cd $(SRCDIR); ls -l $(TARFILE).gz
dist:
@$(MAKE) PREPARE_CMD='./Configure dist' tar
@$(MAKE) PREPARE_CMD='$(PERL) ./Configure dist' tar
# Helper targets #####################################################
link-utils: $(BLDDIR)/util/opensslwrap.sh $(BLDDIR)/util/shlib_wrap.sh
link-utils: $(BLDDIR)/util/opensslwrap.sh
$(BLDDIR)/util/opensslwrap.sh: configdata.pm
@if [ "$(SRCDIR)" != "$(BLDDIR)" ]; then \
mkdir -p "$(BLDDIR)/util"; \
ln -sf "../$(SRCDIR)/util/opensslwrap.sh" "$(BLDDIR)/util"; \
fi
$(BLDDIR)/util/shlib_wrap.sh: configdata.pm
@if [ "$(SRCDIR)" != "$(BLDDIR)" ]; then \
mkdir -p "$(BLDDIR)/util"; \
ln -sf "../$(SRCDIR)/util/shlib_wrap.sh" "$(BLDDIR)/util"; \
fi
FORCE:
# Building targets ###################################################
......@@ -797,6 +784,7 @@ libcrypto.pc:
echo 'exec_prefix=$${prefix}'; \
echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
echo 'includedir=$${prefix}/include'; \
echo 'enginesdir=$${libdir}/engines-{- $sover -}'; \
echo ''; \
echo 'Name: OpenSSL-libcrypto'; \
echo 'Description: OpenSSL cryptography library'; \
......@@ -830,10 +818,10 @@ openssl.pc:
echo 'Version: '$(VERSION); \
echo 'Requires: libssl libcrypto' ) > openssl.pc
configdata.pm: {- $config{build_file_template} -} $(SRCDIR)/Configurations/common.tmpl $(SRCDIR)/Configure $(SRCDIR)/config {- join(" ", @{$config{build_infos}}) -}
configdata.pm: $(SRCDIR)/Configure $(SRCDIR)/config {- join(" ", @{$config{build_file_templates}}, @{$config{build_infos}}, @{$config{conf_files}}) -}
@echo "Detected changed: $?"
@echo "Reconfiguring..."
$(SRCDIR)/Configure reconf
$(PERL) $(SRCDIR)/Configure reconf
@echo "**************************************************"
@echo "*** ***"
@echo "*** Please run the same make command again ***"
......@@ -944,38 +932,35 @@ EOF
dso => '$(DSO_CFLAGS)',
bin => '$(BIN_CFLAGS)' } -> {$args{intent}};
my $makedepprog = $config{makedepprog};
my $recipe = "";
if (!$disabled{makedepend} && $makedepprog =~ /\/makedepend/) {
my $recipe = <<"EOF";
$obj$objext: $deps
EOF
if (!$disabled{makedepend} && $makedepprog !~ /\/makedepend/) {
$recipe .= <<"EOF";
$obj$depext: $deps
-\$(MAKEDEPEND) -f- -o"|$obj$objext" -- $incs \$(CFLAGS) $ecflags -- $srcs \\
>\$\@.tmp 2>/dev/null
-\$(PERL) -i -pe 's/^.*\\|//; s/ \\/(\\\\.|[^ ])*//; \$\$_ = undef if (/: *\$\$/ || /^(#.*| *)\$\$/); \$\$_.="\\n" unless !defined(\$\$_) or /\\R\$\$/g;' \$\@.tmp
\@if cmp \$\@.tmp \$\@ > /dev/null 2> /dev/null; then \\
rm -f \$\@.tmp; \\
\$(CC) $incs \$(CFLAGS) $ecflags -MMD -MF $obj$depext.tmp -MT \$\@ -c -o \$\@ $srcs
\@touch $obj$depext.tmp
\@if cmp $obj$depext.tmp $obj$depext > /dev/null 2> /dev/null; then \\
rm -f $obj$depext.tmp; \\
else \\
mv \$\@.tmp \$\@; \\
mv $obj$depext.tmp $obj$depext; \\
fi
EOF
$deps = $obj.$depext;
}
if ($disabled{makedepend} || $makedepprog =~ /\/makedepend/) {
} else {
$recipe .= <<"EOF";
$obj$objext: $deps
\$(CC) $incs \$(CFLAGS) $ecflags -c -o \$\@ $srcs
EOF
}
if (!$disabled{makedepend} && $makedepprog !~ /\/makedepend/) {
$recipe .= <<"EOF";
$obj$objext: $deps
\$(CC) $incs \$(CFLAGS) $ecflags -MMD -MF $obj$depext.tmp -MT \$\@ -c -o \$\@ $srcs
\@touch $obj$depext.tmp
if (!$disabled{makedepend} && $makedepprog =~ /\/makedepend/) {
$recipe .= <<"EOF";
-\$(MAKEDEPEND) -f- -o"|\$\@" -- $incs \$(CFLAGS) $ecflags -- $srcs \\
>$obj$depext.tmp 2>/dev/null
-\$(PERL) -i -pe 's/^.*\\|//; s/ \\/(\\\\.|[^ ])*//; \$\$_ = undef if (/: *\$\$/ || /^(#.*| *)\$\$/); \$\$_.="\\n" unless !defined(\$\$_) or /\\R\$\$/g;' $obj$depext.tmp
\@if cmp $obj$depext.tmp $obj$depext > /dev/null 2> /dev/null; then \\
rm -f $obj$depext.tmp; \\
else \\
mv $obj$depext.tmp $obj$depext; \\
fi
EOF
}
}
return $recipe;
}
......@@ -1085,7 +1070,7 @@ $bin$exeext: $objs $deps
APPNAME=$bin$exeext OBJECTS="$objs" \\
LIBDEPS='\$(PLIB_LDFLAGS) '"$linklibs"' \$(EX_LIBS)' \\
CC='\$(CC)' CFLAGS='\$(CFLAGS) \$(BIN_CFLAGS)' \\
LDFLAGS='\$(LDFLAGS)' LIBRPATH='\$(INSTALLTOP)/\$(LIBDIR)' \\
LDFLAGS='\$(LDFLAGS)' \\
link_app.$shlib_target
EOF
}
......
......@@ -198,6 +198,7 @@ tests: build_generated build_programs_nodep build_engines_nodep depend
set SRCTOP=$(SRCDIR)
set BLDTOP=$(BLDDIR)
set PERL=$(PERL)
set OPENSSL_DEBUG_MEMORY=on
"$(PERL)" "$(SRCDIR)\test\run_tests.pl" $(TESTS)
@rem {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -}
@echo "Tests are not supported with your chosen Configure options"
......@@ -322,7 +323,7 @@ uninstall_html_docs:
# Building targets ###################################################
configdata.pm: "{- $config{build_file_template} -}" "$(SRCDIR)\Configurations\common.tmpl" "$(SRCDIR)\Configure" {- join(" ", map { '"'.$_.'"' } @{$config{build_infos}}) -}
configdata.pm: "$(SRCDIR)\Configure" {- join(" ", map { '"'.$_.'"' } @{$config{build_file_templates}}, @{$config{build_infos}}, @{$config{conf_files}}) -}
@echo "Detected changed: $?"
@echo "Reconfiguring..."
"$(PERL)" "$(SRCDIR)\Configure" reconf
......
This diff is collapsed.
......@@ -379,19 +379,19 @@
Don't build SRTP support
no-sse2
Exclude SSE2 code paths. Normally SSE2 extension is
detected at run-time, but the decision whether or not the
machine code will be executed is taken solely on CPU
capability vector. This means that if you happen to run OS
kernel which does not support SSE2 extension on Intel P4
processor, then your application might be exposed to
"illegal instruction" exception. There might be a way
to enable support in kernel, e.g. FreeBSD kernel can be
compiled with CPU_ENABLE_SSE, and there is a way to
disengage SSE2 code paths upon application start-up,
but if you aim for wider "audience" running such kernel,
consider no-sse2. Both the 386 and no-asm options imply
no-sse2.
Exclude SSE2 code paths from 32-bit x86 assembly modules.
Normally SSE2 extension is detected at run-time, but the
decision whether or not the machine code will be executed
is taken solely on CPU capability vector. This means that
if you happen to run OS kernel which does not support SSE2
extension on Intel P4 processor, then your application
might be exposed to "illegal instruction" exception.
There might be a way to enable support in kernel, e.g.
FreeBSD kernel can be compiled with CPU_ENABLE_SSE, and
there is a way to disengage SSE2 code paths upon application
start-up, but if you aim for wider "audience" running
such kernel, consider no-sse2. Both the 386 and
no-asm options imply no-sse2.
enable-ssl-trace
Build with the SSL Trace capabilities (adds the "-trace"
......@@ -451,11 +451,12 @@
where loading of shared libraries is supported.
386
On Intel hardware, use the 80386 instruction set only
(the default x86 code is more efficient, but requires at
least a 486). Note: Use compiler flags for any other CPU
specific configuration, e.g. "-m32" to build x86 code on
an x64 system.
In 32-bit x86 builds, when generating assembly modules,
use the 80386 instruction set only (the default x86 code
is more efficient, but requires at least a 486). Note:
This doesn't affect code generated by compiler, you're
likely to complement configuration command line with
suitable compiler-specific option.
no-<prot>
Don't build support for negotiating the specified SSL/TLS
......@@ -479,16 +480,20 @@
no-<alg>
Build without support for the specified algorithm, where
<alg> is one of: bf, blake2, camellia, cast, chacha, cmac,
des, dh, dsa, ecdh, ecdsa, idea, md4, md5, mdc2, ocb,
ploy1305, rc2, rc4, rmd160, scrypt, seed or whirlpool. The
"ripemd" algorithm is deprecated and if used is synonymous
with rmd160.
des, dh, dsa, ecdh, ecdsa, idea, md4, mdc2, ocb, poly1305,
rc2, rc4, rmd160, scrypt, seed or whirlpool. The "ripemd"
algorithm is deprecated and if used is synonymous with rmd160.
-Dxxx, -lxxx, -Lxxx, -fxxx, -mXXX, -Kxxx
These system specific options will be passed through to the
compiler to allow you to define preprocessor symbols, specify
additional libraries, library directories or other compiler
options.
options. It might be worth noting that some compilers
generate code specifically for processor the compiler
currently executes on. This is not necessarily what you might
have in mind, since it might be unsuitable for execution on
other, typically older, processor. Consult your compiler
documentation.
Installation in Detail
......@@ -602,17 +607,14 @@
("openssl"). The libraries will be built in the top-level directory,
and the binary will be in the "apps" subdirectory.
If the build fails, look at the output. There may be reasons for
the failure that aren't problems in OpenSSL itself (like missing
standard headers). If you are having problems you can get help by
sending an email to the openssl-users email list (see
https://www.openssl.org/community/mailinglists.html for details). If it
is a bug with OpenSSL itself, please report the problem to
<rt@openssl.org> (note that your message will be recorded in the request
tracker publicly readable at
https://www.openssl.org/community/index.html#bugs and will be
forwarded to a public mailing list). Please check out the request
tracker. Maybe the bug was already reported or has already been
If the build fails, look at the output. There may be reasons
for the failure that aren't problems in OpenSSL itself (like
missing standard headers). If you are having problems you can
get help by sending an email to the openssl-users email list (see
https://www.openssl.org/community/mailinglists.html for details). If
it is a bug with OpenSSL itself, please open an issue on GitHub, at
https://github.com/openssl/openssl/issues. Please review the existing
ones first; maybe the bug was already reported or has already been
fixed.
(If you encounter assembler error messages, try the "no-asm"
......@@ -770,6 +772,13 @@
AR
The name of the ar executable to use.
BUILDFILE
Use a different build file name than the platform default
("Makefile" on Unixly platforms, "makefile" on native Windows,
"descrip.mms" on OpenVMS). This requires that there is a
corresponding build file template. See Configurations/README
for further information.
CC
The compiler to use. Configure will attempt to pick a default
compiler for your platform but this choice can be overridden
......@@ -786,13 +795,19 @@
OPENSSL_LOCAL_CONFIG_DIR
OpenSSL comes with a database of information about how it
should be built on different platforms. This information is
held in ".conf" files in the Configurations directory. See the
should be built on different platforms as well as build file
templates for those platforms. The database is comprised of
".conf" files in the Configurations directory. The build
file templates reside there as well as ".tmpl" files. See the
file Configurations/README for further information about the
format of ".conf" files. As well as the standard ".conf" files
it is possible to create your own ".conf" files and store them
locally, outside the OpenSSL source tree. This environment
variable can be set to the directory where these files are held.
format of ".conf" files as well as information on the ".tmpl"
files.
In addition to the standard ".conf" and ".tmpl" files, it is
possible to create your own ".conf" and ".tmpl" files and store
them locally, outside the OpenSSL source tree. This environment
variable can be set to the directory where these files are held
and will have Configure to consider them in addition to the
standard ones.
PERL
The name of the Perl executable to use when building OpenSSL.
......@@ -887,8 +902,8 @@
supported. If your platform does not provide pthreads or Windows threads then
you should Configure with the "no-threads" option.
Note on shared libraries
------------------------
Notes on shared libraries
-------------------------
For most systems the OpenSSL Configure script knows what is needed to
build shared libraries for libcrypto and libssl. On these systems
......@@ -897,6 +912,31 @@
where OpenSSL does not know how to build shared libraries the "no-shared"
option will be forced and only static libraries will be created.
Shared libraries are named a little differently on different platforms.
One way or another, they all have the major OpenSSL version number as
part of the file name, i.e. for OpenSSL 1.1.x, 1.1 is somehow part of
the name.
On most POSIXly platforms, shared libraries are named libcrypto.so.1.1
and libssl.so.1.1.
on Cygwin, shared libraries are named cygcrypto-1.1.dll and cygssl-1.1.dll
with import libraries libcrypto.dll.a and libssl.dll.a.
On Windows build with MSVC or using MingW, shared libraries are named
libcrypto-1_1.dll and libssl-1_1.dll for 32-bit Windows, libcrypto-1_1-x64.dll
and libssl-1_1-x64.dll for 64-bit x86_64 Windows, and libcrypto-1_1-ia64.dll
and libssl-1_1-ia64.dll for IA64 Windows. With MSVC, the import libraries
are named libcrypto.lib and libssl.lib, while with MingW, they are named
libcrypto.dll.a and libssl.dll.a.
On VMS, shareable images (VMS speak for shared libraries) are named
ossl$libcrypto0101_shr.exe and ossl$libssl0101_shr.exe. However, when
OpenSSL is specifically built for 32-bit pointers, the shareable images
are named ossl$libcrypto0101_shr32.exe and ossl$libssl0101_shr32.exe
instead, and when built for 64-bit pointers, they are named
ossl$libcrypto0101_shr64.exe and ossl$libssl0101_shr64.exe.
Note on random number generation
--------------------------------
......
......@@ -150,8 +150,8 @@ LINK_SO_DSO= INHIBIT_SYMLINKS=yes; SHOBJECTS="$(LIBEXTRAS)"; $(LINK_SO)
LINK_SO_SHLIB_VIA_O= \
SHOBJECTS=$(DSTDIR)/lib$(LIBNAME).o; \
ALL=$$ALLSYMSFLAGS; ALLSYMSFLAGS=; NOALLSYMSFLAGS=; \
( echo ld $(LDFLAGS) -r -o $$SHOBJECTS.o $$ALL lib$(LIBNAME).a $(LIBEXTRAS); \
ld $(LDFLAGS) -r -o $$SHOBJECTS.o $$ALL $(DSTDIR)/lib$(LIBNAME).a $(LIBEXTRAS) ); \
( echo ld $(LDFLAGS) -r -o $$SHOBJECTS $$ALL lib$(LIBNAME).a $(LIBEXTRAS); \
ld $(LDFLAGS) -r -o $$SHOBJECTS $$ALL $(DSTDIR)/lib$(LIBNAME).a $(LIBEXTRAS) ); \
$(LINK_SO) && ( echo rm -f $$SHOBJECTS; rm -f $$SHOBJECTS )
LINK_SO_SHLIB_UNPACKED= \
......@@ -176,7 +176,7 @@ DO_GNU_SO=\
ALLSYMSFLAGS='-Wl,--whole-archive'; \
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
$(DO_GNU_SO_COMMON)
DO_GNU_APP=LDFLAGS="$(CFLAGS) $(LDFLAGS) -Wl,-rpath,$(LIBRPATH)"
DO_GNU_APP=LDFLAGS="$(CFLAGS) $(LDFLAGS)"
#This is rather special. It's a special target with which one can link
#applications without bothering with any features that have anything to
......@@ -220,7 +220,7 @@ link_shlib.bsd:
fi; $(LINK_SO_SHLIB)
link_app.bsd:
@if $(DETECT_GNU_LD); then $(DO_GNU_APP); else \
LDFLAGS="$(CFLAGS) $(LDFLAGS) -Wl,-rpath,$(LIBPATH)"; \
LDFLAGS="$(CFLAGS) $(LDFLAGS)"; \
fi; $(LINK_APP)
# For Darwin AKA Mac OS/X (dyld)
......@@ -352,7 +352,7 @@ link_app.alpha-osf1:
@if $(DETECT_GNU_LD); then \
$(DO_GNU_APP); \
else \
LDFLAGS="$(CFLAGS) $(LDFLAGS) -rpath $(LIBRPATH)"; \
LDFLAGS="$(CFLAGS) $(LDFLAGS)"; \
fi; \
$(LINK_APP)
......@@ -385,7 +385,7 @@ link_app.solaris:
@ if $(DETECT_GNU_LD); then \
$(DO_GNU_APP); \
else \
LDFLAGS="$(CFLAGS) $(LDFLAGS) -R $(LIBRPATH)"; \
LDFLAGS="$(CFLAGS) $(LDFLAGS)"; \
fi; \
$(LINK_APP)
......@@ -476,7 +476,7 @@ link_shlib.irix:
fi; \
$(LINK_SO_SHLIB)
link_app.irix:
@LDFLAGS="$(CFLAGS) $(LDFLAGS) -Wl,-rpath,$(LIBRPATH)"; \
@LDFLAGS="$(CFLAGS) $(LDFLAGS)"; \
$(LINK_APP)
# 32-bit PA-RISC HP-UX embeds the -L pathname of libs we link with, so
......@@ -497,8 +497,8 @@ link_dso.hpux:
expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$$SHLIB$$SHLIB_SUFFIX,+cdp,../:,+cdp,./:"; \
fi; \
rm -f $$SHLIB$$SHLIB_SUFFIX || :; \
$(LINK_SO_DSO) && chmod a=rx $$SHLIB$$SHLIB_SUFFIX
rm -f $(DSTDIR)/$$SHLIB$$SHLIB_SUFFIX || :; \
$(LINK_SO_DSO) && chmod a=rx $(DSTDIR)/$$SHLIB$$SHLIB_SUFFIX
link_shlib.hpux:
@if $(DETECT_GNU_LD); then $(DO_GNU_SO); else \
$(CALC_VERSIONS); \
......@@ -510,11 +510,11 @@ link_shlib.hpux:
expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX,+cdp,../:,+cdp,./:"; \
fi; \
rm -f $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX || :; \
$(LINK_SO_SHLIB) && chmod a=rx $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX
rm -f $(DSTDIR)/$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX || :; \
$(LINK_SO_SHLIB) && chmod a=rx $(DSTDIR)/$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX
link_app.hpux:
@if $(DETECT_GNU_LD); then $(DO_GNU_APP); else \
LDFLAGS="$(CFLAGS) $(LDFLAGS) -Wl,+s,+cdp,../:,+cdp,./:,+b,$(LIBRPATH)"; \
LDFLAGS="$(CFLAGS) $(LDFLAGS) -Wl,+s,+cdp,../:,+cdp,./:"; \
fi; \
$(LINK_APP)
......@@ -526,6 +526,7 @@ link_dso.aix:
ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-bexpall,-bnolibpath,-bM:SRE'; \
rm -f $(DSTDIR)/$$SHLIB$$SHLIB_SOVER 2>&1 > /dev/null ; \
$(LINK_SO_DSO);
link_shlib.aix:
@ $(CALC_VERSIONS); \
......@@ -536,9 +537,10 @@ link_shlib.aix:
ALLSYMSFLAGS='-bnogc'; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-bexpall,-bnolibpath,-bM:SRE'; \
rm -f $(DSTDIR)/$$SHLIB$$SHLIB_SOVER 2>&1 > /dev/null ; \
$(LINK_SO_SHLIB_VIA_O)
link_app.aix:
LDFLAGS="$(CFLAGS) $(LDFLAGS) -Wl,-brtl,-blibpath:$(LIBRPATH):$${LIBPATH:-/usr/lib:/lib}"; \
LDFLAGS="$(CFLAGS) -Wl,-bsvr4 $(LDFLAGS)"; \
$(LINK_APP)
......
......@@ -5,7 +5,36 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
Major changes between OpenSSL 1.0.2h and OpenSSL 1.1.0 [in pre-release]
Major changes between OpenSSL 1.1.0d and OpenSSL 1.1.0e [16 Feb 2017]
o Encrypt-Then-Mac renegotiation crash (CVE-2017-3733)
Major changes between OpenSSL 1.1.0c and OpenSSL 1.1.0d [26 Jan 2017]
o Truncated packet could crash via OOB read (CVE-2017-3731)
o Bad (EC)DHE parameters cause a client crash (CVE-2017-3730)
o BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)
Major changes between OpenSSL 1.1.0b and OpenSSL 1.1.0c [10 Nov 2016]
o ChaCha20/Poly1305 heap-buffer-overflow (CVE-2016-7054)
o CMS Null dereference (CVE-2016-7053)
o Montgomery multiplication may produce incorrect results (CVE-2016-7055)
Major changes between OpenSSL 1.1.0a and OpenSSL 1.1.0b [26 Sep 2016]
o Fix Use After Free for large message sizes (CVE-2016-6309)
Major changes between OpenSSL 1.1.0 and OpenSSL 1.1.0a [22 Sep 2016]
o OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
o SSL_peek() hang on empty record (CVE-2016-6305)
o Excessive allocation of memory in tls_get_message_header()
(CVE-2016-6307)
o Excessive allocation of memory in dtls1_preprocess_fragment()
(CVE-2016-6308)
Major changes between OpenSSL 1.0.2h and OpenSSL 1.1.0 [25 Aug 2016]
o Copyright text was shrunk to a boilerplate that points to the license
o "shared" builds are now the default when possible
......
......@@ -36,7 +36,7 @@
PREFIX: %ProgramFiles(86)%\OpenSSL
OPENSSLDIR: %CommonProgramFiles(86)%\SSL
For VC-WIN32, the following defaults are use:
For VC-WIN64, the following defaults are use:
PREFIX: %ProgramW6432%\OpenSSL
OPENSSLDIR: %CommonProgramW6432%\SSL
......
OpenSSL 1.1.0-pre7-dev
OpenSSL 1.1.0e 16 Feb 2017
Copyright (c) 1998-2016 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
......@@ -59,13 +59,13 @@
If you have any problems with OpenSSL then please take the following steps
first:
- Download the current snapshot from ftp://ftp.openssl.org/snapshot/
- Download the latest version from the repository
to see if the problem has already been addressed
- Remove ASM versions of libraries
- Configure with no-asm
- Remove compiler optimisation flags
If you wish to report a bug then please include the following information in
any bug report:
If you wish to report a bug then please include the following information
and create an issue on GitHub:
- OpenSSL version: output of 'openssl version -a'
- Any "Configure" options that you selected during compilation of the
......@@ -76,27 +76,10 @@
- Problem Description (steps that will reproduce the problem, if known)
- Stack Traceback (if the application dumps core)
Email the report to:
rt@openssl.org
In order to avoid spam, this is a moderated mailing list, and it might
take a couple of days for the ticket to show up. (We also scan posts to make
sure that security disclosures aren't publicly posted by mistake.) Mail
to this address is recorded in the public RT (request tracker) database
(see https://www.openssl.org/community/index.html#bugs for details) and
also forwarded the public openssl-dev mailing list. Confidential mail
may be sent to openssl-security@openssl.org (PGP key available from the
key servers).
Please do NOT use this for general assistance or support queries.
Just because something doesn't work the way you expect does not mean it
is necessarily a bug in OpenSSL. Use the openssl-users email list for this type
of query.
You can also make GitHub pull requests. See the CONTRIBUTING file for more
details.
HOW TO CONTRIBUTE TO OpenSSL
----------------------------
......@@ -105,7 +88,7 @@
LEGALITIES
----------
A number of nations, in particular the U.S., restrict the use or export
of cryptography. If you are potentially subject to such restrictions
you should seek competent professional legal advice before attempting to
develop or distribute cryptographic code.
A number of nations restrict the use or export of cryptography. If you
are potentially subject to such restrictions you should seek competent
professional legal advice before attempting to develop or distribute
cryptographic code.
......@@ -244,36 +244,27 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp)
int res = 0;
#ifndef OPENSSL_NO_UI
UI *ui = NULL;
const char *prompt_info = NULL;
#endif
const char *password = NULL;
PW_CB_DATA *cb_data = (PW_CB_DATA *)cb_tmp;
if (cb_data) {
if (cb_data->password)
password = cb_data->password;
#ifndef OPENSSL_NO_UI
if (cb_data->prompt_info)
prompt_info = cb_data->prompt_info;
#endif
}
if (password) {
res = strlen(password);
#ifdef OPENSSL_NO_UI
if (cb_data != NULL && cb_data->password != NULL) {
res = strlen(cb_data->password);
if (res > bufsiz)
res = bufsiz;
memcpy(buf, password, res);
return res;
memcpy(buf, cb_data->password, res);
}
#ifndef OPENSSL_NO_UI
#else
ui = UI_new_method(ui_method);
if (ui) {
int ok = 0;
char *buff = NULL;
int ui_flags = 0;
const char *prompt_info = NULL;
char *prompt;
if (cb_data != NULL && cb_data->prompt_info != NULL)
prompt_info = cb_data->prompt_info;
prompt = UI_construct_prompt(ui, "pass phrase", prompt_info);
if (!prompt) {
BIO_printf(bio_err, "Out of memory\n");
......@@ -284,6 +275,9 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp)
ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD;
UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
/* We know that there is no previous user data to return to us */
(void)UI_add_user_data(ui, cb_data);
if (ok >= 0)
ok = UI_add_input_string(ui, prompt, ui_flags, buf,
PW_MIN_LENGTH, bufsiz - 1);
......@@ -692,7 +686,10 @@ EVP_PKEY *load_key(const char *file, int format, int maybe_stdin,
BIO_printf(bio_err, "no engine specified\n");
else {
#ifndef OPENSSL_NO_ENGINE
pkey = ENGINE_load_private_key(e, file, ui_method, &cb_data);
if (ENGINE_init(e)) {
pkey = ENGINE_load_private_key(e, file, ui_method, &cb_data);
ENGINE_finish(e);
}
if (pkey == NULL) {
BIO_printf(bio_err, "cannot load %s from engine\n", key_descrip);
ERR_print_errors(bio_err);
......@@ -1240,11 +1237,13 @@ static ENGINE *try_load_engine(const char *engine)
}
return e;
}
#endif
ENGINE *setup_engine(const char *engine, int debug)
{
ENGINE *e = NULL;
#ifndef OPENSSL_NO_ENGINE
if (engine) {
if (strcmp(engine, "auto") == 0) {
BIO_printf(bio_err, "enabling auto ENGINE support\n");
......@@ -1269,13 +1268,19 @@ ENGINE *setup_engine(const char *engine, int debug)
}
BIO_printf(bio_err, "engine \"%s\" set.\n", ENGINE_get_id(e));
/* Free our "structural" reference. */
ENGINE_free(e);
}
#endif
return e;
}
void release_engine(ENGINE *e)
{
#ifndef OPENSSL_NO_ENGINE
if (e != NULL)
/* Free our "structural" reference. */
ENGINE_free(e);
#endif
}
static unsigned long index_serial_hash(const OPENSSL_CSTRING *a)
{
......@@ -2300,6 +2305,36 @@ int app_isdir(const char *name)
#endif
/* raw_read|write section */
#if defined(__VMS)
# include "vms_term_sock.h"
static int stdin_sock = -1;
static void close_stdin_sock(void)
{
TerminalSocket (TERM_SOCK_DELETE, &stdin_sock);
}
int fileno_stdin(void)
{
if (stdin_sock == -1) {
TerminalSocket(TERM_SOCK_CREATE, &stdin_sock);
atexit(close_stdin_sock);
}
return stdin_sock;
}
#else
int fileno_stdin(void)
{
return fileno(stdin);
}
#endif
int fileno_stdout(void)
{
return fileno(stdout);
}
#if defined(_WIN32) && defined(STD_INPUT_HANDLE)
int raw_read_stdin(void *buf, int siz)
{
......@@ -2309,10 +2344,17 @@ int raw_read_stdin(void *buf, int siz)
else
return (-1);
}
#elif defined(__VMS)
#include <sys/socket.h>
int raw_read_stdin(void *buf, int siz)
{
return recv(fileno_stdin(), buf, siz, 0);
}
#else
int raw_read_stdin(void *buf, int siz)
{
return read(fileno(stdin), buf, siz);
return read(fileno_stdin(), buf, siz);
}
#endif
......@@ -2328,7 +2370,7 @@ int raw_write_stdout(const void *buf, int siz)
#else
int raw_write_stdout(const void *buf, int siz)
{
return write(fileno(stdout), buf, siz);
return write(fileno_stdout(), buf, siz);
}
#endif
......
......@@ -430,11 +430,9 @@ __owur int ctx_set_ctlog_list_file(SSL_CTX *ctx, const char *path);
#endif
# ifdef OPENSSL_NO_ENGINE
# define setup_engine(engine, debug) NULL
# else
ENGINE *setup_engine(const char *engine, int debug);
# endif
void release_engine(ENGINE *e);
# ifndef OPENSSL_NO_OCSP
OCSP_RESPONSE *process_responder(OCSP_REQUEST *req,
const char *host, const char *path,
......@@ -548,6 +546,8 @@ void store_setup_crl_download(X509_STORE *st);
int app_isdir(const char *);
int app_access(const char *, int flag);
int fileno_stdin(void);
int fileno_stdout(void);
int raw_read_stdin(void *, int);
int raw_write_stdout(const void *, int);
......
......@@ -983,12 +983,11 @@ end_of_options:
BIO_printf(bio_err, "writing new certificates\n");
for (i = 0; i < sk_X509_num(cert_sk); i++) {
BIO *Cout = NULL;
ASN1_INTEGER *serialNumber = X509_get_serialNumber(x);
X509 *xi = sk_X509_value(cert_sk, i);
ASN1_INTEGER *serialNumber = X509_get_serialNumber(xi);
int k;
char *n;
x = sk_X509_value(cert_sk, i);
j = ASN1_STRING_length(serialNumber);
p = (const char *)ASN1_STRING_get0_data(serialNumber);
......@@ -1030,8 +1029,8 @@ end_of_options:
perror(buf[2]);
goto end;
}
write_new_certificate(Cout, x, 0, notext);
write_new_certificate(Sout, x, output_der, notext);
write_new_certificate(Cout, xi, 0, notext);
write_new_certificate(Sout, xi, output_der, notext);
BIO_free_all(Cout);
}
......@@ -1236,6 +1235,7 @@ end_of_options:
X509_CRL_free(crl);
NCONF_free(conf);
NCONF_free(extconf);
release_engine(e);
return (ret);
}
......@@ -1916,7 +1916,6 @@ static int certify_spkac(X509 **xret, const char *infile, EVP_PKEY *pkey,
sk = CONF_get_section(parms, "default");
if (sk_CONF_VALUE_num(sk) == 0) {
BIO_printf(bio_err, "no name/value pairs found in %s\n", infile);
CONF_free(parms);
goto end;
}
......
......@@ -72,7 +72,7 @@ typedef enum OPTION_choice {
OPT_ASCIICRLF, OPT_NOINTERN, OPT_NOVERIFY, OPT_NOCERTS,
OPT_NOATTR, OPT_NODETACH, OPT_NOSMIMECAP, OPT_BINARY, OPT_KEYID,
OPT_NOSIGS, OPT_NO_CONTENT_VERIFY, OPT_NO_ATTR_VERIFY, OPT_INDEF,
OPT_NOINDEF, OPT_NOOLDMIME, OPT_CRLFEOL, OPT_NOOUT, OPT_RR_PRINT,
OPT_NOINDEF, OPT_CRLFEOL, OPT_NOOUT, OPT_RR_PRINT,
OPT_RR_ALL, OPT_RR_FIRST, OPT_RCTFORM, OPT_CERTFILE, OPT_CAFILE,
OPT_CAPATH, OPT_NOCAPATH, OPT_NOCAFILE,OPT_CONTENT, OPT_PRINT,
OPT_SECRETKEY, OPT_SECRETKEYID, OPT_PWRI_PASSWORD, OPT_ECONTENT_TYPE,
......@@ -99,7 +99,7 @@ OPTIONS cms_options[] = {
{"decrypt", OPT_DECRYPT, '-', "Decrypt encrypted message"},
{"sign", OPT_SIGN, '-', "Sign message"},
{"sign_receipt", OPT_SIGN_RECEIPT, '-', "Generate a signed receipt for the message"},
{"resign", OPT_RESIGN, '-'},
{"resign", OPT_RESIGN, '-', "Resign a signed message"},
{"verify", OPT_VERIFY, '-', "Verify signed message"},
{"verify_retcode", OPT_VERIFY_RETCODE, '-'},
{"verify_receipt", OPT_VERIFY_RECEIPT, '<'},
......@@ -122,22 +122,21 @@ OPTIONS cms_options[] = {
"Don't include signers certificate when signing"},
{"noattr", OPT_NOATTR, '-', "Don't include any signed attributes"},
{"nodetach", OPT_NODETACH, '-', "Use opaque signing"},
{"nosmimecap", OPT_NOSMIMECAP, '-'},
{"nosmimecap", OPT_NOSMIMECAP, '-', "Omit the SMIMECapabilities attribute"},
{"binary", OPT_BINARY, '-', "Don't translate message to text"},
{"keyid", OPT_KEYID, '-', "Use subject key identifier"},
{"nosigs", OPT_NOSIGS, '-', "Don't verify message signature"},
{"no_content_verify", OPT_NO_CONTENT_VERIFY, '-'},
{"no_attr_verify", OPT_NO_ATTR_VERIFY, '-'},
{"stream", OPT_INDEF, '-'},
{"indef", OPT_INDEF, '-'},
{"noindef", OPT_NOINDEF, '-'},
{"nooldmime", OPT_NOOLDMIME, '-'},
{"crlfeol", OPT_CRLFEOL, '-'},
{"stream", OPT_INDEF, '-', "Enable CMS streaming"},
{"indef", OPT_INDEF, '-', "Same as -stream"},
{"noindef", OPT_NOINDEF, '-', "Disable CMS streaming"},
{"crlfeol", OPT_CRLFEOL, '-', "Use CRLF as EOL termination instead of CR only" },
{"noout", OPT_NOOUT, '-', "For the -cmsout operation do not output the parsed CMS structure"},