Trim trailing whitespace. It doesn't match OpenSSL coding standards,
AFAICT, and it can cause problems with git tooling.
Trailing whitespace remains in test data and external source.
Backport-of: https://github.com/openssl/openssl/pull/8092
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8134)
58 files changed:
7. For user visible changes (API changes, behaviour changes, ...),
consider adding a note in CHANGES. This could be a summarising
description of the change, and could explain the grander details.
7. For user visible changes (API changes, behaviour changes, ...),
consider adding a note in CHANGES. This could be a summarising
description of the change, and could explain the grander details.
- Have a look through existing entries for inspiration.
+ Have a look through existing entries for inspiration.
Please note that this is NOT simply a copy of git-log oneliners.
Also note that security fixes get an entry in CHANGES.
This file helps users get more in depth information of what comes
Please note that this is NOT simply a copy of git-log oneliners.
Also note that security fixes get an entry in CHANGES.
This file helps users get more in depth information of what comes
sha1_asm_src => "sha1-armv4-large.S sha256-armv4.S sha512-armv4.S",
modes_asm_src => "ghash-armv4.S ghashv8-armx.S",
chacha_asm_src => "chacha-armv4.S",
sha1_asm_src => "sha1-armv4-large.S sha256-armv4.S sha512-armv4.S",
modes_asm_src => "ghash-armv4.S ghashv8-armx.S",
chacha_asm_src => "chacha-armv4.S",
- poly1305_asm_src=> "poly1305-armv4.S",
+ poly1305_asm_src=> "poly1305-armv4.S",
keccak1600_asm_src => "keccak1600-armv4.S",
perlasm_scheme => "void"
},
keccak1600_asm_src => "keccak1600-armv4.S",
perlasm_scheme => "void"
},
# Mobile[?] Windows editions. It's a set up "umbrella" libraries that
# export subset of Win32 API that are common to all Windows 10 devices.
#
# Mobile[?] Windows editions. It's a set up "umbrella" libraries that
# export subset of Win32 API that are common to all Windows 10 devices.
#
-# OneCore Configuration temporarly dedicated for console applications
+# OneCore Configuration temporarly dedicated for console applications
# due to disabled event logging, which is incompatible with one core.
# Error messages are provided via standard error only.
# TODO: extend error handling to use ETW based eventing
# due to disabled event logging, which is incompatible with one core.
# Error messages are provided via standard error only.
# TODO: extend error handling to use ETW based eventing
'<unistd.h>'. This is very rarely needed.
shared_extension => File name extension used for shared
'<unistd.h>'. This is very rarely needed.
shared_extension => File name extension used for shared
obj_extension => File name extension used for object files.
On unix, this defaults to ".o" (NOTE: this
is here for future use, it's not
obj_extension => File name extension used for object files.
On unix, this defaults to ".o" (NOTE: this
is here for future use, it's not
not to generate them with the use of OVERRIDES, for example:
SOURCE[libfoo]=foo.c bar.c
not to generate them with the use of OVERRIDES, for example:
SOURCE[libfoo]=foo.c bar.c
OVERRIDES=bar.o
BEGINRAW[Makefile(unix)]
bar.o: bar.c
OVERRIDES=bar.o
BEGINRAW[Makefile(unix)]
bar.o: bar.c
LIBS=../libcrypto
SOURCE[../libcrypto]=aes.c evp.c cversion.c
DEPEND[cversion.o]=buildinf.h
LIBS=../libcrypto
SOURCE[../libcrypto]=aes.c evp.c cversion.c
DEPEND[cversion.o]=buildinf.h
GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)"
DEPEND[buildinf.h]=../Makefile
DEPEND[../util/mkbuildinf.pl]=../util/Foo.pm
GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)"
DEPEND[buildinf.h]=../Makefile
DEPEND[../util/mkbuildinf.pl]=../util/Foo.pm
This build.info file informs us that 'libcrypto' is built from a few
source files, 'crypto/aes.c', 'crypto/evp.c' and 'crypto/cversion.c'.
It also shows us that building the object file inferred from
This build.info file informs us that 'libcrypto' is built from a few
source files, 'crypto/aes.c', 'crypto/evp.c' and 'crypto/cversion.c'.
It also shows us that building the object file inferred from
-'crypto/cversion.c' depends on 'crypto/buildinf.h'. Finally, it
+'crypto/cversion.c' depends on 'crypto/buildinf.h'. Finally, it
also shows the possibility to declare how some files are generated
using some script, in this case a perl script, and how such scripts
can be declared to depend on other files, in this case a perl module.
also shows the possibility to declare how some files are generated
using some script, in this case a perl script, and how such scripts
can be declared to depend on other files, in this case a perl module.
SOURCE[libssl]=ssl/tls.c
INCLUDE[libssl]=include
DEPEND[libssl]=libcrypto
SOURCE[libssl]=ssl/tls.c
INCLUDE[libssl]=include
DEPEND[libssl]=libcrypto
PROGRAMS=apps/openssl
SOURCE[apps/openssl]=apps/openssl.c
INCLUDE[apps/openssl]=. include
PROGRAMS=apps/openssl
SOURCE[apps/openssl]=apps/openssl.c
INCLUDE[apps/openssl]=. include
SOURCE[engines/ossltest]=engines/e_ossltest.c
DEPEND[engines/ossltest]=libcrypto.a
INCLUDE[engines/ossltest]=include
SOURCE[engines/ossltest]=engines/e_ossltest.c
DEPEND[engines/ossltest]=libcrypto.a
INCLUDE[engines/ossltest]=include
GENERATE[crypto/buildinf.h]=util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)"
DEPEND[crypto/buildinf.h]=Makefile
DEPEND[util/mkbuildinf.pl]=util/Foo.pm
GENERATE[crypto/buildinf.h]=util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)"
DEPEND[crypto/buildinf.h]=Makefile
DEPEND[util/mkbuildinf.pl]=util/Foo.pm
push @lines, "\@ WRITE OPT_FILE \"$x/SHARE\"";
} elsif ($x =~ m|\.OLB$|) {
(my $l = $x) =~ s/\W/_/g;
push @lines, "\@ WRITE OPT_FILE \"$x/SHARE\"";
} elsif ($x =~ m|\.OLB$|) {
(my $l = $x) =~ s/\W/_/g;
"\@ IF nomain THEN WRITE OPT_FILE \"$x/LIB\$(INCLUDE_MAIN_$l)\"",
"\@ IF .NOT. nomain THEN WRITE OPT_FILE \"$x/LIB\""
}
"\@ IF nomain THEN WRITE OPT_FILE \"$x/LIB\$(INCLUDE_MAIN_$l)\"",
"\@ IF .NOT. nomain THEN WRITE OPT_FILE \"$x/LIB\""
}
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
you need to set ANDROID_NDK_HOME environment to point at NDK directory
as /some/where/android-ndk-<ver>. Both variables are significant at both
configuration and compilation times. NDK customarily supports multiple
you need to set ANDROID_NDK_HOME environment to point at NDK directory
as /some/where/android-ndk-<ver>. Both variables are significant at both
configuration and compilation times. NDK customarily supports multiple
- Android API levels, e.g. android-14, android-21, etc. By default latest
+ Android API levels, e.g. android-14, android-21, etc. By default latest
one available is chosen. If you need to target older platform, pass
additional -D__ANDROID_API__=N to Configure. N is numeric value of the
target platform version. For example, to compile for ICS on ARM with
one available is chosen. If you need to target older platform, pass
additional -D__ANDROID_API__=N to Configure. N is numeric value of the
target platform version. For example, to compile for ICS on ARM with
INSTALLATION ON THE DOS PLATFORM WITH DJGPP
-------------------------------------------
INSTALLATION ON THE DOS PLATFORM WITH DJGPP
-------------------------------------------
running "./Configure" with appropriate arguments:
./Configure no-threads --prefix=/dev/env/DJDIR DJGPP
running "./Configure" with appropriate arguments:
./Configure no-threads --prefix=/dev/env/DJDIR DJGPP
And finally fire up "make". You may run out of DPMI selectors when
running in a DOS box under Windows. If so, just close the BASH
shell, go back to Windows, and restart BASH. Then run "make" again.
And finally fire up "make". You may run out of DPMI selectors when
running in a DOS box under Windows. If so, just close the BASH
shell, go back to Windows, and restart BASH. Then run "make" again.
for now is to rename the OpenSSL source directory, as follows (please
adjust for the actual source directory name you have):
for now is to rename the OpenSSL source directory, as follows (please
adjust for the actual source directory name you have):
- $ rename openssl-1^.1^.0.DIR openssl-1_1_0.DIR
+ $ rename openssl-1^.1^.0.DIR openssl-1_1_0.DIR
# that are to be trusted.
# Google's list of logs can be found here:
# that are to be trusted.
# Google's list of logs can be found here:
-# www.certificate-transparency.org/known-logs
+# www.certificate-transparency.org/known-logs
# A Python program to convert the log list to OpenSSL's format can be
# found here:
# A Python program to convert the log list to OpenSSL's format can be
# found here:
-# https://github.com/google/certificate-transparency/blob/master/python/utilities/log_list/print_log_list.py
+# https://github.com/google/certificate-transparency/blob/master/python/utilities/log_list/print_log_list.py
# Use the "--openssl_output" flag.
# Use the "--openssl_output" flag.
# records starting with a I followed by the g and N values and the id.
# The exact values ... you have to dig this out from the source of srp.c
# or srp_vfy.c
# records starting with a I followed by the g and N values and the id.
# The exact values ... you have to dig this out from the source of srp.c
# or srp_vfy.c
-# The last value of an I is used as the default group for new users.
+# The last value of an I is used as the default group for new users.
/1y29Aa37e44a/taiZ+lrp8kEXxLH+ZJKGZR7OZTgf//////////AgEC
-----END DH PARAMETERS-----
/1y29Aa37e44a/taiZ+lrp8kEXxLH+ZJKGZR7OZTgf//////////AgEC
-----END DH PARAMETERS-----
-These are the 1024-bit DH parameters from "Internet Key Exchange
+These are the 1024-bit DH parameters from "Internet Key Exchange
Protocol Version 2 (IKEv2)": https://tools.ietf.org/html/rfc5996
See https://tools.ietf.org/html/rfc2412 for how they were generated.
Protocol Version 2 (IKEv2)": https://tools.ietf.org/html/rfc5996
See https://tools.ietf.org/html/rfc2412 for how they were generated.
5RXSJhiY+gUQFXKOWoqsqmj//////////wIBAg==
-----END DH PARAMETERS-----
5RXSJhiY+gUQFXKOWoqsqmj//////////wIBAg==
-----END DH PARAMETERS-----
-These are the 2048-bit DH parameters from "More Modular Exponential
-(MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)":
+These are the 2048-bit DH parameters from "More Modular Exponential
+(MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)":
https://tools.ietf.org/html/rfc3526
See https://tools.ietf.org/html/rfc2412 for how they were generated.
https://tools.ietf.org/html/rfc3526
See https://tools.ietf.org/html/rfc2412 for how they were generated.
HNAGkSfVsFqpk7TqmI2P3cGG/7fckKbAj030Nck0BjGZ//////////8CAQI=
-----END DH PARAMETERS-----
HNAGkSfVsFqpk7TqmI2P3cGG/7fckKbAj030Nck0BjGZ//////////8CAQI=
-----END DH PARAMETERS-----
-These are the 4096-bit DH parameters from "More Modular Exponential
-(MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)":
+These are the 4096-bit DH parameters from "More Modular Exponential
+(MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)":
https://tools.ietf.org/html/rfc3526
See https://tools.ietf.org/html/rfc2412 for how they were generated.
https://tools.ietf.org/html/rfc3526
See https://tools.ietf.org/html/rfc2412 for how they were generated.
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
# input_password = secret
# output_password = secret
# input_password = secret
# output_password = secret
-# This sets a mask for permitted string types. There are several options.
+# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString (PKIX recommendation before 2004)
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString (PKIX recommendation before 2004)
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
# input_password = secret
# output_password = secret
# input_password = secret
# output_password = secret
-# This sets a mask for permitted string types. There are several options.
+# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString (PKIX recommendation before 2004)
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString (PKIX recommendation before 2004)
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
# pick up any command line args to config
for i
do
# pick up any command line args to config
for i
do
-d*) options=$options" --debug";;
-t*) DRYRUN="true" VERBOSE="true";;
-v*) VERBOSE="true";;
-d*) options=$options" --debug";;
-t*) DRYRUN="true" VERBOSE="true";;
-v*) VERBOSE="true";;
# Now test for ISC and SCO, since it is has a braindamaged uname.
#
# Now test for ISC and SCO, since it is has a braindamaged uname.
#
-# We need to work around FreeBSD 1.1.5.1
+# We need to work around FreeBSD 1.1.5.1
(
XREL=`uname -X 2>/dev/null | grep "^Release" | awk '{print $3}'`
if [ "x$XREL" != "x" ]; then
(
XREL=`uname -X 2>/dev/null | grep "^Release" | awk '{print $3}'`
if [ "x$XREL" != "x" ]; then
# At this point we gone through all the one's
# we know of: Punt
# At this point we gone through all the one's
# we know of: Punt
-echo "${MACHINE}-whatever-${SYSTEM}"
+echo "${MACHINE}-whatever-${SYSTEM}"
-# read the output of the embedded GuessOS
+# read the output of the embedded GuessOS
read GUESSOS
echo Operating system: $GUESSOS
read GUESSOS
echo Operating system: $GUESSOS
*-*-[Uu]nix[Ww]are7)
if [ "$CC" = "gcc" ]; then
OUT="unixware-7-gcc" ; options="$options no-sse2"
*-*-[Uu]nix[Ww]are7)
if [ "$CC" = "gcc" ]; then
OUT="unixware-7-gcc" ; options="$options no-sse2"
OUT="unixware-7" ; options="$options no-sse2"
__CNF_CPPFLAGS="$__CNF_CPPFLAGS -D__i386__"
fi
OUT="unixware-7" ; options="$options no-sse2"
__CNF_CPPFLAGS="$__CNF_CPPFLAGS -D__i386__"
fi
OUT="aix64-gcc"
fi
elif [ $OBJECT_MODE -eq 64 ]; then
OUT="aix64-gcc"
fi
elif [ $OBJECT_MODE -eq 64 ]; then
- echo 'Your $OBJECT_MODE was found to be set to 64'
+ echo 'Your $OBJECT_MODE was found to be set to 64'
OUT="aix64-cc"
else
OUT="aix-cc"
OUT="aix64-cc"
else
OUT="aix-cc"
-# run Configure to check to see if we need to specify the
+# run Configure to check to see if we need to specify the
# compiler for the platform ... in which case we add it on
# the end ... otherwise we leave it off
# compiler for the platform ... in which case we add it on
# the end ... otherwise we leave it off
__CNF_LDFLAGS="'$__CNF_LDFLAGS'" \
__CNF_LDLIBS="'$__CNF_LDLIBS'" \
$PERL $THERE/Configure $OUT $options
__CNF_LDFLAGS="'$__CNF_LDFLAGS'" \
__CNF_LDLIBS="'$__CNF_LDLIBS'" \
$PERL $THERE/Configure $OUT $options
if [ "$DRYRUN" = "false" ]; then
# eval to make sure quoted options, possibly with spaces inside,
# are treated right
if [ "$DRYRUN" = "false" ]; then
# eval to make sure quoted options, possibly with spaces inside,
# are treated right
// on Itanium2! What to do? Reschedule loops for Itanium2? But then
// Itanium would exhibit anti-scalability. So I've chosen to reschedule
// for worst latency for every instruction aiming for best *all-round*
// on Itanium2! What to do? Reschedule loops for Itanium2? But then
// Itanium would exhibit anti-scalability. So I've chosen to reschedule
// for worst latency for every instruction aiming for best *all-round*
// Q. How much faster does it get?
// A. Here is the output from 'openssl speed rsa dsa' for vanilla
// Q. How much faster does it get?
// A. Here is the output from 'openssl speed rsa dsa' for vanilla
.global bn_sqr_words#
.proc bn_sqr_words#
.align 64
.global bn_sqr_words#
.proc bn_sqr_words#
.align 64
-.skip 32 // makes the loop body aligned at 64-byte boundary
+.skip 32 // makes the loop body aligned at 64-byte boundary
bn_sqr_words:
.prologue
.save ar.pfs,r2
bn_sqr_words:
.prologue
.save ar.pfs,r2
.register %g2,#scratch
.register %g3,#scratch
# define FRAME_SIZE -192
.register %g2,#scratch
.register %g3,#scratch
# define FRAME_SIZE -192
/*
* GNU assembler can't stand stuw:-(
*/
/*
* GNU assembler can't stand stuw:-(
*/
unsigned int newsize =
st->size ? (st->size * 3 / 2) : BN_CTX_START_FRAMES;
unsigned int *newitems;
unsigned int newsize =
st->size ? (st->size * 3 / 2) : BN_CTX_START_FRAMES;
unsigned int *newitems;
if ((newitems = OPENSSL_malloc(sizeof(*newitems) * newsize)) == NULL) {
BNerr(BN_F_BN_STACK_PUSH, ERR_R_MALLOC_FAILURE);
return 0;
if ((newitems = OPENSSL_malloc(sizeof(*newitems) * newsize)) == NULL) {
BNerr(BN_F_BN_STACK_PUSH, ERR_R_MALLOC_FAILURE);
return 0;
/* Full; allocate a new pool item and link it in. */
if (p->used == p->size) {
BN_POOL_ITEM *item;
/* Full; allocate a new pool item and link it in. */
if (p->used == p->size) {
BN_POOL_ITEM *item;
if ((item = OPENSSL_malloc(sizeof(*item))) == NULL) {
BNerr(BN_F_BN_POOL_GET, ERR_R_MALLOC_FAILURE);
return NULL;
if ((item = OPENSSL_malloc(sizeof(*item))) == NULL) {
BNerr(BN_F_BN_POOL_GET, ERR_R_MALLOC_FAILURE);
return NULL;
/*
* TODO: (For non GUI and no std error cases)
/*
* TODO: (For non GUI and no std error cases)
- * Add event logging feature here.
+ * Add event logging feature here.
# if !defined(NDEBUG)
/*
* We are in a situation where we tried to report a critical
# if !defined(NDEBUG)
/*
* We are in a situation where we tried to report a critical
# endif
# else
MessageBox(NULL, buf, _T("OpenSSL: FATAL"), MB_OK | MB_ICONERROR);
# endif
# else
MessageBox(NULL, buf, _T("OpenSSL: FATAL"), MB_OK | MB_ICONERROR);
}
#else
void OPENSSL_showfatal(const char *fmta, ...)
}
#else
void OPENSSL_showfatal(const char *fmta, ...)
sll out1, 28, out1 ! rotate
xor $1, local1, $1 ! 1 finished, local1 now sbox 7
sll out1, 28, out1 ! rotate
xor $1, local1, $1 ! 1 finished, local1 now sbox 7
- ld [global2+local2], local2 ! 2
+ ld [global2+local2], local2 ! 2
srl out0, 24, local1 ! 7
or out1, local0, out1 ! rotate
srl out0, 24, local1 ! 7
or out1, local0, out1 ! rotate
add %o7,global1,global1
sub global1,.PIC.DES_SPtrans-.des_and,out2
add %o7,global1,global1
sub global1,.PIC.DES_SPtrans-.des_and,out2
be .ncbc.dec
STPTR in4, IVEC
be .ncbc.dec
STPTR in4, IVEC
/*
* Add two scalars. |a|, |b| and |out| may alias each other.
/*
* Add two scalars. |a|, |b| and |out| may alias each other.
* a (in): One scalar.
* b (in): Another scalar.
* out (out): a+b.
* a (in): One scalar.
* b (in): Another scalar.
* out (out): a+b.
/*
* Multiply two scalars. |a|, |b| and |out| may alias each other.
/*
* Multiply two scalars. |a|, |b| and |out| may alias each other.
* a (in): One scalar.
* b (in): Another scalar.
* out (out): a*b.
* a (in): One scalar.
* b (in): Another scalar.
* out (out): a*b.
/*
* Halve a scalar. |a| and |out| may alias each other.
/*
* Halve a scalar. |a| and |out| may alias each other.
* a (in): A scalar.
* out (out): a/2.
*/
* a (in): A scalar.
* out (out): a/2.
*/
/*
* Copy a scalar. The scalars may alias each other, in which case this
* function does nothing.
/*
* Copy a scalar. The scalars may alias each other, in which case this
* function does nothing.
* a (in): A scalar.
* out (out): Will become a copy of a.
*/
* a (in): A scalar.
* out (out): Will become a copy of a.
*/
*
* a (in): A point.
* b (in): Another point.
*
* a (in): A point.
* b (in): Another point.
* Returns:
* C448_TRUE: The points are equal.
* C448_FALSE: The points are not equal.
* Returns:
* C448_TRUE: The points are equal.
* C448_FALSE: The points are not equal.
/*
* RFC 7748 Diffie-Hellman base point scalarmul. This function uses a different
* (non-Decaf) encoding.
/*
* RFC 7748 Diffie-Hellman base point scalarmul. This function uses a different
* (non-Decaf) encoding.
* out (out): The scaled point base*scalar
* scalar (in): The scalar to multiply by.
*/
* out (out): The scaled point base*scalar
* scalar (in): The scalar to multiply by.
*/
* base2 (in): A second point to be scaled.
* scalar2 (in) A second scalar to multiply by.
*
* base2 (in): A second point to be scaled.
* scalar2 (in) A second scalar to multiply by.
*
- * Warning: This function takes variable time, and may leak the scalars used.
+ * Warning: This function takes variable time, and may leak the scalars used.
* It is designed for signature verification.
*/
void curve448_base_double_scalarmul_non_secret(curve448_point_t combo,
* It is designed for signature verification.
*/
void curve448_base_double_scalarmul_non_secret(curve448_point_t combo,
EVP_EncryptInit(&ctx, cipher, key, iv);
[ ... use EVP_EncryptUpdate() and EVP_EncryptFinal() ...]
EVP_EncryptInit(&ctx, cipher, key, iv);
[ ... use EVP_EncryptUpdate() and EVP_EncryptFinal() ...]
OpenSSL_add_all_ciphers();
cipher = EVP_get_cipherbyname("des_cbc");
EVP_EncryptInit(&ctx, cipher, key, iv);
OpenSSL_add_all_ciphers();
cipher = EVP_get_cipherbyname("des_cbc");
EVP_EncryptInit(&ctx, cipher, key, iv);
static ENGINE_CLEANUP_ITEM *int_cleanup_item(ENGINE_CLEANUP_CB *cb)
{
ENGINE_CLEANUP_ITEM *item;
static ENGINE_CLEANUP_ITEM *int_cleanup_item(ENGINE_CLEANUP_CB *cb)
{
ENGINE_CLEANUP_ITEM *item;
if ((item = OPENSSL_malloc(sizeof(*item))) == NULL) {
ENGINEerr(ENGINE_F_INT_CLEANUP_ITEM, ERR_R_MALLOC_FAILURE);
return NULL;
if ((item = OPENSSL_malloc(sizeof(*item))) == NULL) {
ENGINEerr(ENGINE_F_INT_CLEANUP_ITEM, ERR_R_MALLOC_FAILURE);
return NULL;
- /* Create the right magic header stuff */
+ /* Create the right magic header stuff */
buf[0] = '\0';
PEM_proc_type(buf, PEM_TYPE_ENCRYPTED);
PEM_dek_info(buf, objstr, EVP_CIPHER_iv_length(enc),
buf[0] = '\0';
PEM_proc_type(buf, PEM_TYPE_ENCRYPTED);
PEM_dek_info(buf, objstr, EVP_CIPHER_iv_length(enc),
static SRP_user_pwd *SRP_user_pwd_new(void)
{
SRP_user_pwd *ret;
static SRP_user_pwd *SRP_user_pwd_new(void)
{
SRP_user_pwd *ret;
if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) {
/* SRPerr(SRP_F_SRP_USER_PWD_NEW, ERR_R_MALLOC_FAILURE); */ /*ckerr_ignore*/
return NULL;
if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) {
/* SRPerr(SRP_F_SRP_USER_PWD_NEW, ERR_R_MALLOC_FAILURE); */ /*ckerr_ignore*/
return NULL;
# Only support 3 curves
Curves = P-521:P-384:P-256
# Restricted signature algorithms
# Only support 3 curves
Curves = P-521:P-384:P-256
# Restricted signature algorithms
-SignatureAlgorithms = RSA+SHA512:ECDSA+SHA512
+SignatureAlgorithms = RSA+SHA512:ECDSA+SHA512
Certificate=server.pem
PrivateKey=server.pem
ChainCAFile=root.pem
Certificate=server.pem
PrivateKey=server.pem
ChainCAFile=root.pem
# Only support 3 curves
Curves = P-521:P-384:P-256
# Restricted signature algorithms
# Only support 3 curves
Curves = P-521:P-384:P-256
# Restricted signature algorithms
-SignatureAlgorithms = RSA+SHA512:ECDSA+SHA512
+SignatureAlgorithms = RSA+SHA512:ECDSA+SHA512
@ !
# Because we use an option file, we need to redefine this
@ !
# Because we use an option file, we need to redefine this
$(LINK) $(LINKFLAGS) $<,OPT:/OPT
all : client-arg.exe client-conf.exe saccept.exe sconnect.exe -
$(LINK) $(LINKFLAGS) $<,OPT:/OPT
all : client-arg.exe client-conf.exe saccept.exe sconnect.exe -
signed by the root and several certificates signed by the intermediate CA.
The script then creates an empty index.txt file and adds entries for the
signed by the root and several certificates signed by the intermediate CA.
The script then creates an empty index.txt file and adds entries for the
-certificates and generates a CRL. Then one certificate is revoked and a
+certificates and generates a CRL. Then one certificate is revoked and a
second CRL generated.
The script ocsprun.sh runs the test responder on port 8888 covering the
second CRL generated.
The script ocsprun.sh runs the test responder on port 8888 covering the
-config apps.cnf -extensions usr_cert -x509 -nodes \
-keyout tsha512.pem -out tsha512.pem -new -days 3650 -sha512
-config apps.cnf -extensions usr_cert -x509 -nodes \
-keyout tsha512.pem -out tsha512.pem -new -days 3650 -sha512
$OPENSSL ecparam -name P-256 -out ecp256.pem
$OPENSSL ecparam -name P-384 -out ecp384.pem
$OPENSSL ecparam -name P-256 -out ecp256.pem
$OPENSSL ecparam -name P-384 -out ecp384.pem
$OPENSSL x509 -req -in respreq.pem -CA intca.pem -CAkey intkey.pem -days 3600 \
-extfile ca.cnf -extensions ocsp_cert -CAcreateserial -out resp.pem
$OPENSSL x509 -req -in respreq.pem -CA intca.pem -CAkey intkey.pem -days 3600 \
-extfile ca.cnf -extensions ocsp_cert -CAcreateserial -out resp.pem
-# Example creating a PKCS#3 DH certificate.
+# Example creating a PKCS#3 DH certificate.
By now, you have your certificate and your private key and can start
using applications that depend on it.
By now, you have your certificate and your private key and can start
using applications that depend on it.
SSL_CTX_set_cert_verify_callback(s_ctx, my_X509_verify_cert, &needed_rights);
SSL_CTX_set_cert_verify_callback(s_ctx, my_X509_verify_cert, &needed_rights);
uid Richard Levitte <levitte@openssl.org>
uid Richard Levitte <richard@openssl.com>
uid Richard Levitte <levitte@openssl.org>
uid Richard Levitte <richard@openssl.com>
-pub 2048R/0E604491 2013-04-30
+pub 2048R/0E604491 2013-04-30
Key fingerprint = 8657 ABB2 60F0 56B1 E519 0839 D9C4 D26D 0E60 4491
uid Matt Caswell <matt@openssl.org>
uid Matt Caswell <frodo@baggins.org>
Key fingerprint = 8657 ABB2 60F0 56B1 E519 0839 D9C4 D26D 0E60 4491
uid Matt Caswell <matt@openssl.org>
uid Matt Caswell <frodo@baggins.org>
Note that it is valid in some circumstances for certificates to be created
without any subject. In the case where there are multiple certificates without
Note that it is valid in some circumstances for certificates to be created
without any subject. In the case where there are multiple certificates without
-subjects this does not count as a duplicate.
+subjects this does not count as a duplicate.
L<SSL_CONF_cmd(3)>, L<sess_id(1)>, L<s_client(1)>, L<ciphers(1)>
L<SSL_CTX_set_max_send_fragment(3)>,
L<SSL_CTX_set_split_send_fragment(3)>,
L<SSL_CONF_cmd(3)>, L<sess_id(1)>, L<s_client(1)>, L<ciphers(1)>
L<SSL_CTX_set_max_send_fragment(3)>,
L<SSL_CTX_set_split_send_fragment(3)>,
-L<SSL_CTX_set_max_pipelines(3)>
+L<SSL_CTX_set_max_pipelines(3)>
EVP_PKEY_asn1_get0_info() returns the public key ID, base public key
ID (both NIDs), any flags, the method description and PEM type string
EVP_PKEY_asn1_get0_info() returns the public key ID, base public key
ID (both NIDs), any flags, the method description and PEM type string
-associated with the public key ASN.1 method B<*ameth>.
+associated with the public key ASN.1 method B<*ameth>.
EVP_PKEY_asn1_count(), EVP_PKEY_asn1_get0(), EVP_PKEY_asn1_find() and
EVP_PKEY_asn1_find_str() are not thread safe, but as long as all
EVP_PKEY_asn1_count(), EVP_PKEY_asn1_get0(), EVP_PKEY_asn1_find() and
EVP_PKEY_asn1_find_str() are not thread safe, but as long as all
HMAC_Init() initializes a B<HMAC_CTX> structure to use the hash
function B<evp_md> and the key B<key> which is B<key_len> bytes
HMAC_Init() initializes a B<HMAC_CTX> structure to use the hash
function B<evp_md> and the key B<key> which is B<key_len> bytes
HMAC_Update() can be called repeatedly with chunks of the message to
be authenticated (B<len> bytes at B<data>).
HMAC_Update() can be called repeatedly with chunks of the message to
be authenticated (B<len> bytes at B<data>).
used on the server side then the "client CA list" functions take precedence.
Typically, on the server side, the "client CA list " functions should be used in
preference. As noted above in most cases it is not necessary to set CA names on
used on the server side then the "client CA list" functions take precedence.
Typically, on the server side, the "client CA list " functions should be used in
preference. As noted above in most cases it is not necessary to set CA names on
SSL_CTX_set0_CA_list() sets the list of CAs to be sent to the peer to
B<name_list>. Ownership of B<name_list> is transferred to B<ctx> and
SSL_CTX_set0_CA_list() sets the list of CAs to be sent to the peer to
B<name_list>. Ownership of B<name_list> is transferred to B<ctx> and
=head1 NOTES
These functions will not clear the existing CT log list - it will be appended
=head1 NOTES
These functions will not clear the existing CT log list - it will be appended
-to. To replace the existing list, use L<SSL_CTX_set0_ctlog_store> first.
+to. To replace the existing list, use L<SSL_CTX_set0_ctlog_store> first.
If an error occurs whilst parsing a particular log entry in the file, that log
entry will be skipped.
If an error occurs whilst parsing a particular log entry in the file, that log
entry will be skipped.
A client uses the function SSL_write_early_data() to send early data. This
function is similar to the L<SSL_write_ex(3)> function, but with the following
differences. See L<SSL_write_ex(3)> for information on how to write bytes to
A client uses the function SSL_write_early_data() to send early data. This
function is similar to the L<SSL_write_ex(3)> function, but with the following
differences. See L<SSL_write_ex(3)> for information on how to write bytes to
-the underlying connection, and how to handle any errors that may arise. This
+the underlying connection, and how to handle any errors that may arise. This
page describes the differences between SSL_write_early_data() and
L<SSL_write_ex(3)>.
page describes the differences between SSL_write_early_data() and
L<SSL_write_ex(3)>.
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/*
* Contemporary compilers implement lock-free atomic memory access
* primitives that facilitate writing "thread-opportunistic" or even real
/*
* Contemporary compilers implement lock-free atomic memory access
* primitives that facilitate writing "thread-opportunistic" or even real
- Enter subdirectory and pull from the repository (use a specific branch/tag if required):
- Enter subdirectory and pull from the repository (use a specific branch/tag if required):
$ git pull origin master
- Go to root directory, there should be a new git status:
$ git pull origin master
- Go to root directory, there should be a new git status:
/*
* Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
/*
* Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
extern unsigned int OPENSSL_ia32cap_P[4];
extern unsigned int OPENSSL_ia32cap_P[4];
-static int sanity_check_bytes(size_t (*rng)(unsigned char *, size_t),
+static int sanity_check_bytes(size_t (*rng)(unsigned char *, size_t),
int rounds, int min_failures, int max_retries, int max_zero_words)
{
int testresult = 0;
int rounds, int min_failures, int max_retries, int max_zero_words)
{
int testresult = 0;
/* SNI should have been cleared during handshake */
goto end;
}
/* SNI should have been cleared during handshake */
goto end;
}
testresult = 1;
end:
SSL_free(serverssl);
testresult = 1;
end:
SSL_free(serverssl);
ret = pulldown_test_framework(ret);
test_close_streams();
ret = pulldown_test_framework(ret);
test_close_streams();
}
const char *test_get_program_name(void)
}
const char *test_get_program_name(void)
/*
* Based on the test vectors availble in:
/*
* Based on the test vectors availble in:
- * https://tools.ietf.org/html/draft-ietf-tls-tls13-vectors-06
+ * https://tools.ietf.org/html/draft-ietf-tls-tls13-vectors-06
*/
static unsigned char hs_start_hash[] = {
*/
static unsigned char hs_start_hash[] = {
$ NAMES := {- join(",", keys %names); -}
{-
join("\n", map { "\$ __$_ = \"".$names{$_}."\"" } keys %names);
$ NAMES := {- join(",", keys %names); -}
{-
join("\n", map { "\$ __$_ = \"".$names{$_}."\"" } keys %names);
$ I = 0
$ LOOP:
$ E = F$ELEMENT(I,",",NAMES)
$ I = 0
$ LOOP:
$ E = F$ELEMENT(I,",",NAMES)
# https://www.openssl.org/source/license.html
#
# https://www.openssl.org/source/license.html
#
# - format source tree according to OpenSSL coding style using indent
#
# usage:
# openssl-format-source [-v] [-n] [file|directory] ...
#
# note: the indent options assume GNU indent v2.2.10 which was released
# - format source tree according to OpenSSL coding style using indent
#
# usage:
# openssl-format-source [-v] [-n] [file|directory] ...
#
# note: the indent options assume GNU indent v2.2.10 which was released
-# Feb-2009 so if you have an older indent the options may not
+# Feb-2009 so if you have an older indent the options may not
# match what is expected
#
# any marked block comment blocks have to be moved to align manually after
# match what is expected
#
# any marked block comment blocks have to be moved to align manually after
-# the reformatting has been completed as marking a block causes indent to
+# the reformatting has been completed as marking a block causes indent to
# not move it at all ...
#
# not move it at all ...
#
# Extra arguments; for adding the comment-formatting
INDENT_ARGS=""
# Extra arguments; for adding the comment-formatting
INDENT_ARGS=""
do
if [ "$STOPARGS" != "true" ]; then
case $i in
--) STOPARGS="true"; continue;;
-n) DONT="true"; continue;;
do
if [ "$STOPARGS" != "true" ]; then
case $i in
--) STOPARGS="true"; continue;;
-n) DONT="true"; continue;;
echo "INDENT_PROFILE=$INDENT_PROFILE";
continue;;
echo "INDENT_PROFILE=$INDENT_PROFILE";
continue;;
- -c) COMMENTS="true";
- INDENT_ARGS="-fc1 -fca -cdb -sc";
+ -c) COMMENTS="true";
+ INDENT_ARGS="-fc1 -fca -cdb -sc";
continue;;
-nc) COMMENTS="true";
continue;;
continue;;
-nc) COMMENTS="true";
continue;;
if [ -d "$i" ]; then
LIST=`find "$i" -name '*.[ch]' -print`
if [ -d "$i" ]; then
LIST=`find "$i" -name '*.[ch]' -print`
if [ ! -f "$i" ]; then
echo "$0: source file not found: $i" >&2
exit 1
fi
LIST="$i"
fi
if [ ! -f "$i" ]; then
echo "$0: source file not found: $i" >&2
exit 1
fi
LIST="$i"
fi
for j in $LIST
do
# ignore symlinks - we only ever process the base file - so if we
for j in $LIST
do
# ignore symlinks - we only ever process the base file - so if we
tmp=$(mktemp /tmp/indent.XXXXXX)
trap 'rm -f "$tmp"' HUP INT TERM EXIT
tmp=$(mktemp /tmp/indent.XXXXXX)
trap 'rm -f "$tmp"' HUP INT TERM EXIT
# the list of files that indent is unable to handle correctly
# that we simply leave alone for manual formatting now
obj_dat.h|aes_core.c|aes_x86core.c|ecp_nistz256.c)
# the list of files that indent is unable to handle correctly
# that we simply leave alone for manual formatting now
obj_dat.h|aes_core.c|aes_x86core.c|ecp_nistz256.c)
if [ "$COMMENTS" = "true" ]; then
# we have to mark single line comments as /*- ...*/ to stop indent
# messing with them, run expand then indent as usual but with the
if [ "$COMMENTS" = "true" ]; then
# we have to mark single line comments as /*- ...*/ to stop indent
# messing with them, run expand then indent as usual but with the
- # the process-comments options and then undo that marking, and then
+ # the process-comments options and then undo that marking, and then
# finally re-run indent without process-comments so the marked-to-
# finally re-run indent without process-comments so the marked-to-
- # be-ignored comments we did automatically end up getting moved
- # into the right position within the code as indent leaves marked
- # comments entirely untouched - we appear to have no way to avoid
+ # be-ignored comments we did automatically end up getting moved
+ # into the right position within the code as indent leaves marked
+ # comments entirely untouched - we appear to have no way to avoid
# the double processing and get the desired output
cat "$j" | \
expand | \
# the double processing and get the desired output
cat "$j" | \
expand | \
$encrypted,
$level,
$description) = @_;
$encrypted,
$level,
$description) = @_;
my $self = {
server => $server,
encrypted => $encrypted,
my $self = {
server => $server,
encrypted => $encrypted,
$startoffset = $recoffset;
$recoffset += 4;
$payload = "";
$startoffset = $recoffset;
$recoffset += 4;
$payload = "";
if ($recoffset <= $record->decrypt_len) {
#Some payload data is present in this record
if ($record->decrypt_len - $recoffset >= $messlen) {
if ($recoffset <= $record->decrypt_len) {
#Some payload data is present in this record
if ($record->decrypt_len - $recoffset >= $messlen) {
$records,
$startoffset,
$message_frag_lens) = @_;
$records,
$startoffset,
$message_frag_lens) = @_;
my $self = {
server => $server,
data => $data,
my $self = {
server => $server,
data => $data,
$decrypt_len,
$data,
$decrypt_data) = @_;
$decrypt_len,
$data,
$decrypt_data) = @_;
my $self = {
flight => $flight,
content_type => $content_type,
my $self = {
flight => $flight,
content_type => $content_type,
$records,
$startoffset,
$message_frag_lens) = @_;
$records,
$startoffset,
$message_frag_lens) = @_;
my $self = $class->SUPER::new(
$server,
TLSProxy::Message::MT_SERVER_HELLO,
my $self = $class->SUPER::new(
$server,
TLSProxy::Message::MT_SERVER_HELLO,
my $extension_data;
if ($extensions_len != 0) {
$extension_data = substr($self->data, $ptr);
my $extension_data;
if ($extensions_len != 0) {
$extension_data = substr($self->data, $ptr);
if (length($extension_data) != $extensions_len) {
die "Invalid extension length\n";
}
if (length($extension_data) != $extensions_len) {
die "Invalid extension length\n";
}
$records,
$startoffset,
$message_frag_lens) = @_;
$records,
$startoffset,
$message_frag_lens) = @_;
my $self = $class->SUPER::new(
$server,
TLSProxy::Message::MT_SERVER_KEY_EXCHANGE,
my $self = $class->SUPER::new(
$server,
TLSProxy::Message::MT_SERVER_KEY_EXCHANGE,
projects / openssl.git / commitdiff