diff options
author | Shigeki Ohtsu <ohtsu@ohtsu.org> | 2018-08-14 23:11:54 +0900 |
---|---|---|
committer | Rod Vagg <rod@vagg.org> | 2018-08-16 11:52:37 +1000 |
commit | 6090e1f54d8e6e8c4ba18091e19faf46c0b09ece (patch) | |
tree | a2d2fb7b4b4a5e365ac4b6515cf4d7a5c8262d23 /deps/openssl/openssl/apps | |
parent | 32902d09b43e9d7f19eb6178ef5db835652d97c1 (diff) | |
download | android-node-v8-6090e1f54d8e6e8c4ba18091e19faf46c0b09ece.tar.gz android-node-v8-6090e1f54d8e6e8c4ba18091e19faf46c0b09ece.tar.bz2 android-node-v8-6090e1f54d8e6e8c4ba18091e19faf46c0b09ece.zip |
deps: upgrade openssl sources to 1.1.0i
This updates all sources in deps/openssl/openssl with openssl-1.1.0i.
PR-URL: https://github.com/nodejs/node/pull/22318
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
Diffstat (limited to 'deps/openssl/openssl/apps')
-rw-r--r-- | deps/openssl/openssl/apps/apps.c | 5 | ||||
-rw-r--r-- | deps/openssl/openssl/apps/asn1pars.c | 22 | ||||
-rw-r--r-- | deps/openssl/openssl/apps/ca.c | 29 | ||||
-rw-r--r-- | deps/openssl/openssl/apps/cms.c | 2 | ||||
-rw-r--r-- | deps/openssl/openssl/apps/ct_log_list.cnf | 1 | ||||
-rw-r--r-- | deps/openssl/openssl/apps/dh1024.pem | 2 | ||||
-rw-r--r-- | deps/openssl/openssl/apps/dh2048.pem | 4 | ||||
-rw-r--r-- | deps/openssl/openssl/apps/dh4096.pem | 4 | ||||
-rw-r--r-- | deps/openssl/openssl/apps/dhparam.c | 11 | ||||
-rw-r--r-- | deps/openssl/openssl/apps/dsaparam.c | 29 | ||||
-rw-r--r-- | deps/openssl/openssl/apps/ocsp.c | 3 | ||||
-rw-r--r-- | deps/openssl/openssl/apps/rehash.c | 20 | ||||
-rw-r--r-- | deps/openssl/openssl/apps/s_client.c | 10 | ||||
-rw-r--r-- | deps/openssl/openssl/apps/s_server.c | 17 | ||||
-rw-r--r-- | deps/openssl/openssl/apps/smime.c | 2 | ||||
-rw-r--r-- | deps/openssl/openssl/apps/speed.c | 231 | ||||
-rw-r--r-- | deps/openssl/openssl/apps/verify.c | 3 |
17 files changed, 201 insertions, 194 deletions
diff --git a/deps/openssl/openssl/apps/apps.c b/deps/openssl/openssl/apps/apps.c index 8703d0cc31..d52201f1f3 100644 --- a/deps/openssl/openssl/apps/apps.c +++ b/deps/openssl/openssl/apps/apps.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -1012,7 +1012,8 @@ int set_name_ex(unsigned long *flags, const char *arg) }; if (set_multi_opts(flags, arg, ex_tbl) == 0) return 0; - if ((*flags & XN_FLAG_SEP_MASK) == 0) + if (*flags != XN_FLAG_COMPAT + && (*flags & XN_FLAG_SEP_MASK) == 0) *flags |= XN_FLAG_SEP_CPLUS_SPC; return 1; } diff --git a/deps/openssl/openssl/apps/asn1pars.c b/deps/openssl/openssl/apps/asn1pars.c index 1ac261c762..008a6797d0 100644 --- a/deps/openssl/openssl/apps/asn1pars.c +++ b/deps/openssl/openssl/apps/asn1pars.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -41,7 +41,7 @@ OPTIONS asn1parse_options[] = { {"dump", OPT_DUMP, 0, "unknown data in hex form"}, {"dlimit", OPT_DLIMIT, 'p', "dump the first arg bytes of unknown data in hex form"}, - {"strparse", OPT_STRPARSE, 's', + {"strparse", OPT_STRPARSE, 'p', "offset; a series of these can be used to 'dig'"}, {OPT_MORE_STR, 0, 0, "into multiple ASN1 blob wrappings"}, {"genstr", OPT_GENSTR, 's', "string to generate ASN1 structure from"}, @@ -113,13 +113,13 @@ int asn1parse_main(int argc, char **argv) offset = strtol(opt_arg(), NULL, 0); break; case OPT_LENGTH: - length = atoi(opt_arg()); + length = strtol(opt_arg(), NULL, 0); break; case OPT_DUMP: dump = -1; break; case OPT_DLIMIT: - dump = atoi(opt_arg()); + dump = strtol(opt_arg(), NULL, 0); break; case OPT_STRPARSE: sk_OPENSSL_STRING_push(osk, opt_arg()); @@ -191,7 +191,7 @@ int asn1parse_main(int argc, char **argv) num = 0; for (;;) { - if (!BUF_MEM_grow(buf, (int)num + BUFSIZ)) + if (!BUF_MEM_grow(buf, num + BUFSIZ)) goto end; i = BIO_read(in, &(buf->data[num]), BUFSIZ); if (i <= 0) @@ -211,9 +211,9 @@ int asn1parse_main(int argc, char **argv) for (i = 0; i < sk_OPENSSL_STRING_num(osk); i++) { ASN1_TYPE *atmp; int typ; - j = atoi(sk_OPENSSL_STRING_value(osk, i)); - if (j == 0) { - BIO_printf(bio_err, "'%s' is an invalid number\n", + j = strtol(sk_OPENSSL_STRING_value(osk, i), NULL, 0); + if (j <= 0 || j >= tmplen) { + BIO_printf(bio_err, "'%s' is out of range\n", sk_OPENSSL_STRING_value(osk, i)); continue; } @@ -244,14 +244,14 @@ int asn1parse_main(int argc, char **argv) num = tmplen; } - if (offset >= num) { - BIO_printf(bio_err, "Error: offset too large\n"); + if (offset < 0 || offset >= num) { + BIO_printf(bio_err, "Error: offset out of range\n"); goto end; } num -= offset; - if ((length == 0) || ((long)length > num)) + if (length == 0 || length > (unsigned int)num) length = (unsigned int)num; if (derout) { if (BIO_write(derout, str + offset, length) != (int)length) { diff --git a/deps/openssl/openssl/apps/ca.c b/deps/openssl/openssl/apps/ca.c index d474a2b69a..c69a2b5cdd 100644 --- a/deps/openssl/openssl/apps/ca.c +++ b/deps/openssl/openssl/apps/ca.c @@ -725,10 +725,10 @@ end_of_options: /*****************************************************************/ if (req || gencrl) { - /* FIXME: Is it really always text? */ - Sout = bio_open_default(outfile, 'w', FORMAT_TEXT); - if (Sout == NULL) - goto end; + if (spkac_file != NULL) { + output_der = 1; + batch = 1; + } } if (md == NULL @@ -872,10 +872,6 @@ end_of_options: BIO_printf(bio_err, "Memory allocation failure\n"); goto end; } - if (outfile) { - output_der = 1; - batch = 1; - } } } if (ss_cert_file != NULL) { @@ -929,10 +925,13 @@ end_of_options: if (j > 0) { total_done++; BIO_printf(bio_err, "\n"); - if (!BN_add_word(serial, 1)) + if (!BN_add_word(serial, 1)) { + X509_free(x); goto end; + } if (!sk_X509_push(cert_sk, x)) { BIO_printf(bio_err, "Memory allocation failure\n"); + X509_free(x); goto end; } } @@ -1017,6 +1016,11 @@ end_of_options: if (verbose) BIO_printf(bio_err, "writing %s\n", buf[2]); + Sout = bio_open_default(outfile, 'w', + output_der ? FORMAT_ASN1 : FORMAT_TEXT); + if (Sout == NULL) + goto end; + Cout = BIO_new_file(buf[2], "w"); if (Cout == NULL) { perror(buf[2]); @@ -1025,6 +1029,8 @@ end_of_options: write_new_certificate(Cout, xi, 0, notext); write_new_certificate(Sout, xi, output_der, notext); BIO_free_all(Cout); + BIO_free_all(Sout); + Sout = NULL; } if (sk_X509_num(cert_sk)) { @@ -1173,6 +1179,11 @@ end_of_options: if (!do_X509_CRL_sign(crl, pkey, dgst, sigopts)) goto end; + Sout = bio_open_default(outfile, 'w', + output_der ? FORMAT_ASN1 : FORMAT_TEXT); + if (Sout == NULL) + goto end; + PEM_write_bio_X509_CRL(Sout, crl); if (crlnumberfile != NULL) /* Rename the crlnumber file */ diff --git a/deps/openssl/openssl/apps/cms.c b/deps/openssl/openssl/apps/cms.c index b999c70c95..640f92eb1b 100644 --- a/deps/openssl/openssl/apps/cms.c +++ b/deps/openssl/openssl/apps/cms.c @@ -146,7 +146,7 @@ OPTIONS cms_options[] = { "Do not load certificates from the default certificates directory"}, {"content", OPT_CONTENT, '<', "Supply or override content for detached signature"}, - {"print", OPT_PRINT, '-', + {"print", OPT_PRINT, '-', "For the -cmsout operation print out all fields of the CMS structure"}, {"secretkey", OPT_SECRETKEY, 's'}, {"secretkeyid", OPT_SECRETKEYID, 's'}, diff --git a/deps/openssl/openssl/apps/ct_log_list.cnf b/deps/openssl/openssl/apps/ct_log_list.cnf index a637b477af..243487453c 100644 --- a/deps/openssl/openssl/apps/ct_log_list.cnf +++ b/deps/openssl/openssl/apps/ct_log_list.cnf @@ -31,3 +31,4 @@ key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEluqsHEYMG1XcDfy1lCdGV0JwOmkY4r87xNuroP [venafi] description = Venafi log key = MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAolpIHxdSlTXLo1s6H1OCdpSj/4DyHDc8wLG9wVmLqy1lk9fz4ATVmm+/1iN2Nk8jmctUKK2MFUtlWXZBSpym97M7frGlSaQXUWyA3CqQUEuIJOmlEjKTBEiQAvpfDjCHjlV2Be4qTM6jamkJbiWtgnYPhJL6ONaGTiSPm7Byy57iaz/hbckldSOIoRhYBiMzeNoA0DiRZ9KmfSeXZ1rB8y8X5urSW+iBzf2SaOfzBvDpcoTuAaWx2DPazoOl28fP1hZ+kHUYvxbcMjttjauCFx+JII0dmuZNIwjfeG/GBb9frpSX219k1O4Wi6OEbHEr8at/XQ0y7gTikOxBn/s5wQIDAQAB + diff --git a/deps/openssl/openssl/apps/dh1024.pem b/deps/openssl/openssl/apps/dh1024.pem index 813e8a4a48..f1a5e180aa 100644 --- a/deps/openssl/openssl/apps/dh1024.pem +++ b/deps/openssl/openssl/apps/dh1024.pem @@ -4,7 +4,7 @@ Sgh5jjQE3e+VGbPNOkMbMCsKbfJfFDdP4TVtbVHCReSFtXZiXn7G9ExC6aY37WsL /1y29Aa37e44a/taiZ+lrp8kEXxLH+ZJKGZR7OZTgf//////////AgEC -----END DH PARAMETERS----- -These are the 1024-bit DH parameters from "Internet Key Exchange +These are the 1024-bit DH parameters from "Internet Key Exchange Protocol Version 2 (IKEv2)": https://tools.ietf.org/html/rfc5996 See https://tools.ietf.org/html/rfc2412 for how they were generated. diff --git a/deps/openssl/openssl/apps/dh2048.pem b/deps/openssl/openssl/apps/dh2048.pem index 288a20997e..e899f2e029 100644 --- a/deps/openssl/openssl/apps/dh2048.pem +++ b/deps/openssl/openssl/apps/dh2048.pem @@ -7,8 +7,8 @@ fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq 5RXSJhiY+gUQFXKOWoqsqmj//////////wIBAg== -----END DH PARAMETERS----- -These are the 2048-bit DH parameters from "More Modular Exponential -(MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)": +These are the 2048-bit DH parameters from "More Modular Exponential +(MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)": https://tools.ietf.org/html/rfc3526 See https://tools.ietf.org/html/rfc2412 for how they were generated. diff --git a/deps/openssl/openssl/apps/dh4096.pem b/deps/openssl/openssl/apps/dh4096.pem index 08560e1284..adada2b558 100644 --- a/deps/openssl/openssl/apps/dh4096.pem +++ b/deps/openssl/openssl/apps/dh4096.pem @@ -12,8 +12,8 @@ ARpyPBKnh+bXiHGaEL26WyaZwycYavTiPBqUaDS2FQvaJYPpyirUTOjbu8LbBN6O HNAGkSfVsFqpk7TqmI2P3cGG/7fckKbAj030Nck0BjGZ//////////8CAQI= -----END DH PARAMETERS----- -These are the 4096-bit DH parameters from "More Modular Exponential -(MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)": +These are the 4096-bit DH parameters from "More Modular Exponential +(MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)": https://tools.ietf.org/html/rfc3526 See https://tools.ietf.org/html/rfc2412 for how they were generated. diff --git a/deps/openssl/openssl/apps/dhparam.c b/deps/openssl/openssl/apps/dhparam.c index 94322e37de..8a28414562 100644 --- a/deps/openssl/openssl/apps/dhparam.c +++ b/deps/openssl/openssl/apps/dhparam.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -151,6 +151,11 @@ int dhparam_main(int argc, char **argv) goto end; } # endif + + out = bio_open_default(outfile, 'w', outformat); + if (out == NULL) + goto end; + /* DH parameters */ if (num && !g) g = 2; @@ -266,10 +271,6 @@ int dhparam_main(int argc, char **argv) /* dh != NULL */ } - out = bio_open_default(outfile, 'w', outformat); - if (out == NULL) - goto end; - if (text) { DHparams_print(out, dh); } diff --git a/deps/openssl/openssl/apps/dsaparam.c b/deps/openssl/openssl/apps/dsaparam.c index 5c3c8f8089..20891cf3dd 100644 --- a/deps/openssl/openssl/apps/dsaparam.c +++ b/deps/openssl/openssl/apps/dsaparam.c @@ -226,25 +226,28 @@ int dsaparam_main(int argc, char **argv) data = app_malloc(len + 20, "BN space"); - BIO_printf(bio_out, "DSA *get_dsa%d()\n{\n", bits_p); - print_bignum_var(bio_out, p, "dsap", len, data); - print_bignum_var(bio_out, q, "dsaq", len, data); - print_bignum_var(bio_out, g, "dsag", len, data); + BIO_printf(bio_out, "static DSA *get_dsa%d(void)\n{\n", bits_p); + print_bignum_var(bio_out, p, "dsap", bits_p, data); + print_bignum_var(bio_out, q, "dsaq", bits_p, data); + print_bignum_var(bio_out, g, "dsag", bits_p, data); BIO_printf(bio_out, " DSA *dsa = DSA_new();\n" + " BIGNUM *p, *q, *g;\n" "\n"); BIO_printf(bio_out, " if (dsa == NULL)\n" " return NULL;\n"); - BIO_printf(bio_out, " dsa->p = BN_bin2bn(dsap_%d, sizeof(dsap_%d), NULL);\n", - bits_p, bits_p); - BIO_printf(bio_out, " dsa->q = BN_bin2bn(dsaq_%d, sizeof(dsaq_%d), NULL);\n", - bits_p, bits_p); - BIO_printf(bio_out, " dsa->g = BN_bin2bn(dsag_%d, sizeof(dsag_%d), NULL);\n", - bits_p, bits_p); - BIO_printf(bio_out, " if (!dsa->p || !dsa->q || !dsa->g) {\n" - " DSA_free(dsa);\n" + BIO_printf(bio_out, " if (!DSA_set0_pqg(dsa, p = BN_bin2bn(dsap_%d, sizeof(dsap_%d), NULL),\n", + bits_p, bits_p); + BIO_printf(bio_out, " q = BN_bin2bn(dsaq_%d, sizeof(dsaq_%d), NULL),\n", + bits_p, bits_p); + BIO_printf(bio_out, " g = BN_bin2bn(dsag_%d, sizeof(dsag_%d), NULL))) {\n", + bits_p, bits_p); + BIO_printf(bio_out, " DSA_free(dsa);\n" + " BN_free(p);\n" + " BN_free(q);\n" + " BN_free(g);\n" " return NULL;\n" " }\n" - " return(dsa);\n}\n"); + " return dsa;\n}\n"); OPENSSL_free(data); } diff --git a/deps/openssl/openssl/apps/ocsp.c b/deps/openssl/openssl/apps/ocsp.c index 4b533348b4..0c15f5114d 100644 --- a/deps/openssl/openssl/apps/ocsp.c +++ b/deps/openssl/openssl/apps/ocsp.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -639,7 +639,6 @@ int ocsp_main(int argc, char **argv) OCSP_response_status_str(i), i); if (ignore_err) goto redo_accept; - ret = 0; goto end; } diff --git a/deps/openssl/openssl/apps/rehash.c b/deps/openssl/openssl/apps/rehash.c index 273ad74969..aa3f8643a5 100644 --- a/deps/openssl/openssl/apps/rehash.c +++ b/deps/openssl/openssl/apps/rehash.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -130,9 +130,10 @@ static int add_entry(enum Type type, unsigned int hash, const char *filename, for (ep = bp->first_entry; ep; ep = ep->next) { if (digest && memcmp(digest, ep->digest, evpmdsize) == 0) { BIO_printf(bio_err, - "%s: skipping duplicate %s in %s\n", opt_getprog(), + "%s: warning: skipping duplicate %s in %s\n", + opt_getprog(), type == TYPE_CERT ? "certificate" : "CRL", filename); - return 1; + return 0; } if (strcmp(filename, ep->filename) == 0) { found = ep; @@ -144,7 +145,7 @@ static int add_entry(enum Type type, unsigned int hash, const char *filename, if (ep == NULL) { if (bp->num_needed >= MAX_COLLISIONS) { BIO_printf(bio_err, - "%s: hash table overflow for %s\n", + "%s: error: hash table overflow for %s\n", opt_getprog(), filename); return 1; } @@ -235,7 +236,7 @@ static int do_file(const char *filename, const char *fullpath, enum Hash h) /* Does it have X.509 data in it? */ if ((b = BIO_new_file(fullpath, "r")) == NULL) { - BIO_printf(bio_err, "%s: skipping %s, cannot open file\n", + BIO_printf(bio_err, "%s: error: skipping %s, cannot open file\n", opt_getprog(), filename); errs++; goto end; @@ -247,7 +248,7 @@ static int do_file(const char *filename, const char *fullpath, enum Hash h) if (sk_X509_INFO_num(inf) != 1) { BIO_printf(bio_err, - "%s: skipping %s," + "%s: warning: skipping %s," "it does not contain exactly one certificate or CRL\n", opt_getprog(), filename); /* This is not an error. */ @@ -502,13 +503,14 @@ int rehash_main(int argc, char **argv) if (*argv) { while (*argv) errs += do_dir(*argv++, h); - } else if ((env = getenv("SSL_CERT_DIR")) != NULL) { + } else if ((env = getenv(X509_get_default_cert_dir_env())) != NULL) { + char lsc[2] = { LIST_SEPARATOR_CHAR, '\0' }; m = OPENSSL_strdup(env); - for (e = strtok(m, ":"); e != NULL; e = strtok(NULL, ":")) + for (e = strtok(m, lsc); e != NULL; e = strtok(NULL, lsc)) errs += do_dir(e, h); OPENSSL_free(m); } else { - errs += do_dir("/etc/ssl/certs", h); + errs += do_dir(X509_get_default_cert_dir(), h); } end: diff --git a/deps/openssl/openssl/apps/s_client.c b/deps/openssl/openssl/apps/s_client.c index fb89f0cd61..3c0c73e851 100644 --- a/deps/openssl/openssl/apps/s_client.c +++ b/deps/openssl/openssl/apps/s_client.c @@ -593,7 +593,8 @@ OPTIONS s_client_options[] = { "Disable name checks when matching DANE-EE(3) TLSA records"}, {"reconnect", OPT_RECONNECT, '-', "Drop and re-make the connection with the same Session-ID"}, - {"showcerts", OPT_SHOWCERTS, '-', "Show all certificates in the chain"}, + {"showcerts", OPT_SHOWCERTS, '-', + "Show all certificates sent by the server"}, {"debug", OPT_DEBUG, '-', "Extra output"}, {"msg", OPT_MSG, '-', "Show protocol messages"}, {"msgfile", OPT_MSGFILE, '>', @@ -2114,8 +2115,7 @@ int s_client_main(int argc, char **argv) FD_ZERO(&readfds); FD_ZERO(&writefds); - if ((SSL_version(con) == DTLS1_VERSION) && - DTLSv1_get_timeout(con, &timeout)) + if (SSL_is_dtls(con) && DTLSv1_get_timeout(con, &timeout)) timeoutp = &timeout; else timeoutp = NULL; @@ -2235,10 +2235,8 @@ int s_client_main(int argc, char **argv) } } - if ((SSL_version(con) == DTLS1_VERSION) - && DTLSv1_handle_timeout(con) > 0) { + if (SSL_is_dtls(con) && DTLSv1_handle_timeout(con) > 0) BIO_printf(bio_err, "TIMEOUT occurred\n"); - } if (!ssl_pending && FD_ISSET(SSL_get_fd(con), &writefds)) { k = SSL_write(con, &(cbuf[cbuf_off]), (unsigned int)cbuf_len); diff --git a/deps/openssl/openssl/apps/s_server.c b/deps/openssl/openssl/apps/s_server.c index 31c90fdd0e..e8aa323a4f 100644 --- a/deps/openssl/openssl/apps/s_server.c +++ b/deps/openssl/openssl/apps/s_server.c @@ -2012,9 +2012,7 @@ static int sv_body(int s, int stype, unsigned char *context) SSL *con = NULL; BIO *sbio; struct timeval timeout; -#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) - struct timeval tv; -#else +#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)) struct timeval *timeoutp; #endif @@ -2149,26 +2147,23 @@ static int sv_body(int s, int stype, unsigned char *context) * second and check for any keypress. In a proper Windows * application we wouldn't do this because it is inefficient. */ - tv.tv_sec = 1; - tv.tv_usec = 0; - i = select(width, (void *)&readfds, NULL, NULL, &tv); + timeout.tv_sec = 1; + timeout.tv_usec = 0; + i = select(width, (void *)&readfds, NULL, NULL, &timeout); if (has_stdin_waiting()) read_from_terminal = 1; if ((i < 0) || (!i && !read_from_terminal)) continue; #else - if ((SSL_version(con) == DTLS1_VERSION) && - DTLSv1_get_timeout(con, &timeout)) + if (SSL_is_dtls(con) && DTLSv1_get_timeout(con, &timeout)) timeoutp = &timeout; else timeoutp = NULL; i = select(width, (void *)&readfds, NULL, NULL, timeoutp); - if ((SSL_version(con) == DTLS1_VERSION) - && DTLSv1_handle_timeout(con) > 0) { + if ((SSL_is_dtls(con)) && DTLSv1_handle_timeout(con) > 0) BIO_printf(bio_err, "TIMEOUT occurred\n"); - } if (i <= 0) continue; diff --git a/deps/openssl/openssl/apps/smime.c b/deps/openssl/openssl/apps/smime.c index 8edb1ed994..e18d7de75f 100644 --- a/deps/openssl/openssl/apps/smime.c +++ b/deps/openssl/openssl/apps/smime.c @@ -89,7 +89,7 @@ OPTIONS smime_options[] = { {"no-CApath", OPT_NOCAPATH, '-', "Do not load certificates from the default certificates directory"}, {"resign", OPT_RESIGN, '-', "Resign a signed message"}, - {"nochain", OPT_NOCHAIN, '-', + {"nochain", OPT_NOCHAIN, '-', "set PKCS7_NOCHAIN so certificates contained in the message are not used as untrusted CAs" }, {"nosmimecap", OPT_NOSMIMECAP, '-', "Omit the SMIMECapabilities attribute"}, {"stream", OPT_STREAM, '-', "Enable CMS streaming" }, diff --git a/deps/openssl/openssl/apps/speed.c b/deps/openssl/openssl/apps/speed.c index f388a9852d..3ef37b78a6 100644 --- a/deps/openssl/openssl/apps/speed.c +++ b/deps/openssl/openssl/apps/speed.c @@ -129,13 +129,6 @@ #define BUFSIZE (1024*16+1) #define MAX_MISALIGNMENT 63 -#define ALGOR_NUM 30 -#define SIZE_NUM 6 -#define PRIME_NUM 3 -#define RSA_NUM 7 -#define DSA_NUM 3 - -#define EC_NUM 17 #define MAX_ECDH_SIZE 256 #define MISALIGN 64 @@ -144,37 +137,6 @@ static volatile int run = 0; static int mr = 0; static int usertime = 1; -typedef void *(*kdf_fn) ( - const void *in, size_t inlen, void *out, size_t *xoutlen); - -typedef struct loopargs_st { - ASYNC_JOB *inprogress_job; - ASYNC_WAIT_CTX *wait_ctx; - unsigned char *buf; - unsigned char *buf2; - unsigned char *buf_malloc; - unsigned char *buf2_malloc; - unsigned int siglen; -#ifndef OPENSSL_NO_RSA - RSA *rsa_key[RSA_NUM]; -#endif -#ifndef OPENSSL_NO_DSA - DSA *dsa_key[DSA_NUM]; -#endif -#ifndef OPENSSL_NO_EC - EC_KEY *ecdsa[EC_NUM]; - EC_KEY *ecdh_a[EC_NUM]; - EC_KEY *ecdh_b[EC_NUM]; - unsigned char *secret_a; - unsigned char *secret_b; - size_t outlen; - kdf_fn kdf; -#endif - EVP_CIPHER_CTX *ctx; - HMAC_CTX *hctx; - GCM128_CONTEXT *gcm_ctx; -} loopargs_t; - #ifndef OPENSSL_NO_MD2 static int EVP_Digest_MD2_loop(void *args); #endif @@ -227,7 +189,6 @@ static int ECDSA_sign_loop(void *args); static int ECDSA_verify_loop(void *args); static int ECDH_compute_key_loop(void *args); #endif -static int run_benchmark(int async_jobs, int (*loop_function)(void *), loopargs_t *loopargs); static double Time_F(int s); static void print_message(const char *s, long num, int length); @@ -238,32 +199,10 @@ static void print_result(int alg, int run_no, int count, double time_used); static int do_multi(int multi); #endif -static const char *names[ALGOR_NUM] = { - "md2", "mdc2", "md4", "md5", "hmac(md5)", "sha1", "rmd160", "rc4", - "des cbc", "des ede3", "idea cbc", "seed cbc", - "rc2 cbc", "rc5-32/12 cbc", "blowfish cbc", "cast cbc", - "aes-128 cbc", "aes-192 cbc", "aes-256 cbc", - "camellia-128 cbc", "camellia-192 cbc", "camellia-256 cbc", - "evp", "sha256", "sha512", "whirlpool", - "aes-128 ige", "aes-192 ige", "aes-256 ige", "ghash" -}; - -static double results[ALGOR_NUM][SIZE_NUM]; - -static const int lengths[SIZE_NUM] = { +static const int lengths[] = { 16, 64, 256, 1024, 8 * 1024, 16 * 1024 }; - -#ifndef OPENSSL_NO_RSA -static double rsa_results[RSA_NUM][2]; -#endif -#ifndef OPENSSL_NO_DSA -static double dsa_results[DSA_NUM][2]; -#endif -#ifndef OPENSSL_NO_EC -static double ecdsa_results[EC_NUM][2]; -static double ecdh_results[EC_NUM][1]; -#endif +#define SIZE_NUM OSSL_NELEM(lengths) #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC) static const char rnd_seed[] = @@ -348,9 +287,14 @@ static double Time_F(int s) static void multiblock_speed(const EVP_CIPHER *evp_cipher); -static int found(const char *name, const OPT_PAIR *pairs, int *result) +#define found(value, pairs, result)\ + opt_found(value, result, pairs, OSSL_NELEM(pairs)) +static int opt_found(const char *name, unsigned int *result, + const OPT_PAIR pairs[], unsigned int nbelem) { - for (; pairs->name; pairs++) + unsigned int idx; + + for (idx = 0; idx < nbelem; ++idx, pairs++) if (strcmp(name, pairs->name) == 0) { *result = pairs->retval; return 1; @@ -387,7 +331,7 @@ OPTIONS speed_options[] = { #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, #endif - {NULL}, + {NULL} }; #define D_MD2 0 @@ -420,7 +364,19 @@ OPTIONS speed_options[] = { #define D_IGE_192_AES 27 #define D_IGE_256_AES 28 #define D_GHASH 29 -static OPT_PAIR doit_choices[] = { +/* name of algorithms to test */ +static const char *names[] = { + "md2", "mdc2", "md4", "md5", "hmac(md5)", "sha1", "rmd160", "rc4", + "des cbc", "des ede3", "idea cbc", "seed cbc", + "rc2 cbc", "rc5-32/12 cbc", "blowfish cbc", "cast cbc", + "aes-128 cbc", "aes-192 cbc", "aes-256 cbc", + "camellia-128 cbc", "camellia-192 cbc", "camellia-256 cbc", + "evp", "sha256", "sha512", "whirlpool", + "aes-128 ige", "aes-192 ige", "aes-256 ige", "ghash" +}; +#define ALGOR_NUM OSSL_NELEM(names) +/* list of configured algorithm (remaining) */ +static const OPT_PAIR doit_choices[] = { #ifndef OPENSSL_NO_MD2 {"md2", D_MD2}, #endif @@ -484,21 +440,24 @@ static OPT_PAIR doit_choices[] = { {"cast", D_CBC_CAST}, {"cast5", D_CBC_CAST}, #endif - {"ghash", D_GHASH}, - {NULL} + {"ghash", D_GHASH} }; +static double results[ALGOR_NUM][SIZE_NUM]; + #ifndef OPENSSL_NO_DSA # define R_DSA_512 0 # define R_DSA_1024 1 # define R_DSA_2048 2 -static OPT_PAIR dsa_choices[] = { +static const OPT_PAIR dsa_choices[] = { {"dsa512", R_DSA_512}, {"dsa1024", R_DSA_1024}, - {"dsa2048", R_DSA_2048}, - {NULL}, + {"dsa2048", R_DSA_2048} }; -#endif +# define DSA_NUM OSSL_NELEM(dsa_choices) + +static double dsa_results[DSA_NUM][2]; /* 2 ops: sign then verify */ +#endif /* OPENSSL_NO_DSA */ #define R_RSA_512 0 #define R_RSA_1024 1 @@ -507,16 +466,18 @@ static OPT_PAIR dsa_choices[] = { #define R_RSA_4096 4 #define R_RSA_7680 5 #define R_RSA_15360 6 -static OPT_PAIR rsa_choices[] = { +static const OPT_PAIR rsa_choices[] = { {"rsa512", R_RSA_512}, {"rsa1024", R_RSA_1024}, {"rsa2048", R_RSA_2048}, {"rsa3072", R_RSA_3072}, {"rsa4096", R_RSA_4096}, {"rsa7680", R_RSA_7680}, - {"rsa15360", R_RSA_15360}, - {NULL} + {"rsa15360", R_RSA_15360} }; +# define RSA_NUM OSSL_NELEM(rsa_choices) + +static double rsa_results[RSA_NUM][2]; /* 2 ops: sign then verify */ #define R_EC_P160 0 #define R_EC_P192 1 @@ -536,7 +497,7 @@ static OPT_PAIR rsa_choices[] = { #define R_EC_B571 15 #define R_EC_X25519 16 #ifndef OPENSSL_NO_EC -static OPT_PAIR ecdsa_choices[] = { +static const OPT_PAIR ecdsa_choices[] = { {"ecdsap160", R_EC_P160}, {"ecdsap192", R_EC_P192}, {"ecdsap224", R_EC_P224}, @@ -552,11 +513,13 @@ static OPT_PAIR ecdsa_choices[] = { {"ecdsab233", R_EC_B233}, {"ecdsab283", R_EC_B283}, {"ecdsab409", R_EC_B409}, - {"ecdsab571", R_EC_B571}, - {NULL} + {"ecdsab571", R_EC_B571} }; +# define ECDSA_NUM OSSL_NELEM(ecdsa_choices) + +static double ecdsa_results[ECDSA_NUM][2]; /* 2 ops: sign then verify */ -static OPT_PAIR ecdh_choices[] = { +static const OPT_PAIR ecdh_choices[] = { {"ecdhp160", R_EC_P160}, {"ecdhp192", R_EC_P192}, {"ecdhp224", R_EC_P224}, @@ -576,7 +539,10 @@ static OPT_PAIR ecdh_choices[] = { {"ecdhx25519", R_EC_X25519}, {NULL} }; -#endif +# define EC_NUM OSSL_NELEM(ecdh_choices) + +static double ecdh_results[EC_NUM][1]; /* 1 op: derivation */ +#endif /* OPENSSL_NO_EC */ #ifndef SIGALRM # define COND(d) (count < (d)) @@ -586,7 +552,40 @@ static OPT_PAIR ecdh_choices[] = { # define COUNT(d) (count) #endif /* SIGALRM */ -static int testnum; +static unsigned int testnum; +typedef void *(*kdf_fn) (const void *in, size_t inlen, void *out, + size_t *xoutlen); + +typedef struct loopargs_st { + ASYNC_JOB *inprogress_job; + ASYNC_WAIT_CTX *wait_ctx; + unsigned char *buf; + unsigned char *buf2; + unsigned char *buf_malloc; + unsigned char *buf2_malloc; + unsigned int siglen; +#ifndef OPENSSL_NO_RSA + RSA *rsa_key[RSA_NUM]; +#endif +#ifndef OPENSSL_NO_DSA + DSA *dsa_key[DSA_NUM]; +#endif +#ifndef OPENSSL_NO_EC + EC_KEY *ecdsa[ECDSA_NUM]; + EC_KEY *ecdh_a[EC_NUM]; + EC_KEY *ecdh_b[EC_NUM]; + unsigned char *secret_a; + unsigned char *secret_b; + size_t outlen; + kdf_fn kdf; +#endif + EVP_CIPHER_CTX *ctx; + HMAC_CTX *hctx; + GCM128_CONTEXT *gcm_ctx; +} loopargs_t; + +static int run_benchmark(int async_jobs, int (*loop_function) (void *), + loopargs_t * loopargs); /* Nb of iterations to do per algorithm and key-size */ static long c[ALGOR_NUM][SIZE_NUM]; @@ -995,7 +994,7 @@ static int DSA_verify_loop(void *args) #endif #ifndef OPENSSL_NO_EC -static long ecdsa_c[EC_NUM][2]; +static long ecdsa_c[ECDSA_NUM][2]; static int ECDSA_sign_loop(void *args) { loopargs_t *tempargs = *(loopargs_t **)args; @@ -1188,8 +1187,8 @@ static int run_benchmark(int async_jobs, continue; #endif - ret = ASYNC_start_job(&loopargs[i].inprogress_job, - loopargs[i].wait_ctx, &job_op_count, loop_function, + ret = ASYNC_start_job(&loopargs[i].inprogress_job, + loopargs[i].wait_ctx, &job_op_count, loop_function, (void *)(loopargs + i), sizeof(loopargs_t)); switch (ret) { case ASYNC_PAUSE: @@ -1222,26 +1221,23 @@ int speed_main(int argc, char **argv) { ENGINE *e = NULL; loopargs_t *loopargs = NULL; - int async_init = 0; - int loopargs_len = 0; - char *prog; + const char *prog; const char *engine_id = NULL; const EVP_CIPHER *evp_cipher = NULL; double d = 0.0; OPTION_CHOICE o; - int multiblock = 0, pr_header = 0; + int async_init = 0, multiblock = 0, pr_header = 0; int doit[ALGOR_NUM] = { 0 }; - int ret = 1, i, k, misalign = 0; + int ret = 1, misalign = 0; long count = 0; + unsigned int i, k, loop, loopargs_len = 0, async_jobs = 0; #ifndef NO_FORK int multi = 0; #endif - unsigned int async_jobs = 0; #if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) \ || !defined(OPENSSL_NO_EC) long rsa_count = 1; #endif - size_t loop; /* What follows are the buffers and key material. */ #ifndef OPENSSL_NO_RC5 @@ -1325,7 +1321,7 @@ int speed_main(int argc, char **argv) /* * We only test over the following curves as they are representative, To * add tests over more curves, simply add the curve NID and curve name to - * the following arrays and increase the EC_NUM value accordingly. + * the following arrays and increase the |ecdh_choices| list accordingly. */ static const unsigned int test_curves[EC_NUM] = { /* Prime Curves */ @@ -1360,7 +1356,7 @@ int speed_main(int argc, char **argv) 571, 253 /* X25519 */ }; - int ecdsa_doit[EC_NUM] = { 0 }; + int ecdsa_doit[ECDSA_NUM] = { 0 }; int ecdh_doit[EC_NUM] = { 0 }; #endif /* ndef OPENSSL_NO_EC */ @@ -1418,9 +1414,7 @@ int speed_main(int argc, char **argv) goto opterr; } if (async_jobs > 99999) { - BIO_printf(bio_err, - "%s: too many async_jobs\n", - prog); + BIO_printf(bio_err, "%s: too many async_jobs\n", prog); goto opterr; } #endif @@ -1471,10 +1465,8 @@ int speed_main(int argc, char **argv) if (strcmp(*argv, "openssl") == 0) continue; if (strcmp(*argv, "rsa") == 0) { - rsa_doit[R_RSA_512] = rsa_doit[R_RSA_1024] = - rsa_doit[R_RSA_2048] = rsa_doit[R_RSA_3072] = - rsa_doit[R_RSA_4096] = rsa_doit[R_RSA_7680] = - rsa_doit[R_RSA_15360] = 1; + for (loop = 0; loop < OSSL_NELEM(rsa_doit); loop++) + rsa_doit[loop] = 1; continue; } if (found(*argv, rsa_choices, &i)) { @@ -1507,8 +1499,8 @@ int speed_main(int argc, char **argv) #endif #ifndef OPENSSL_NO_EC if (strcmp(*argv, "ecdsa") == 0) { - for (loop = 0; loop < OSSL_NELEM(ecdsa_choices); loop++) - ecdsa_doit[ecdsa_choices[loop].retval] = 1; + for (loop = 0; loop < OSSL_NELEM(ecdsa_doit); loop++) + ecdsa_doit[loop] = 1; continue; } if (found(*argv, ecdsa_choices, &i)) { @@ -1516,8 +1508,8 @@ int speed_main(int argc, char **argv) continue; } if (strcmp(*argv, "ecdh") == 0) { - for (loop = 0; loop < OSSL_NELEM(ecdh_choices); loop++) - ecdh_doit[ecdh_choices[loop].retval] = 1; + for (loop = 0; loop < OSSL_NELEM(ecdh_doit); loop++) + ecdh_doit[loop] = 1; continue; } if (found(*argv, ecdh_choices, &i)) { @@ -1584,10 +1576,10 @@ int speed_main(int argc, char **argv) dsa_doit[i] = 1; #endif #ifndef OPENSSL_NO_EC - for (loop = 0; loop < OSSL_NELEM(ecdsa_choices); loop++) - ecdsa_doit[ecdsa_choices[loop].retval] = 1; - for (loop = 0; loop < OSSL_NELEM(ecdh_choices); loop++) - ecdh_doit[ecdh_choices[loop].retval] = 1; + for (loop = 0; loop < OSSL_NELEM(ecdsa_doit); loop++) + ecdsa_doit[loop] = 1; + for (loop = 0; loop < OSSL_NELEM(ecdh_doit); loop++) + ecdh_doit[loop] = 1; #endif } for (i = 0; i < ALGOR_NUM; i++) @@ -1850,6 +1842,8 @@ int speed_main(int argc, char **argv) } } } + /* default iteration count for the last EC Curve */ + ecdh_c[R_EC_X25519][0] = count / 1800; # endif # else @@ -2472,7 +2466,7 @@ int speed_main(int argc, char **argv) if (RAND_status() != 1) { RAND_seed(rnd_seed, sizeof(rnd_seed)); } - for (testnum = 0; testnum < EC_NUM; testnum++) { + for (testnum = 0; testnum < ECDSA_NUM; testnum++) { int st = 1; if (!ecdsa_doit[testnum]) @@ -2584,7 +2578,7 @@ int speed_main(int argc, char **argv) ecdh_checks = 0; rsa_count = 1; } else { - int secret_size_a, secret_size_b; + int secret_size_a, secret_size_b, j; /* * If field size is not more than 24 octets, then use SHA-1 * hash of result; otherwise, use result (see section 4.8 of @@ -2613,8 +2607,8 @@ int speed_main(int argc, char **argv) else ecdh_checks = 1; - for (k = 0; k < secret_size_a && ecdh_checks == 1; k++) { - if (loopargs[i].secret_a[k] != loopargs[i].secret_b[k]) + for (j = 0; j < secret_size_a && ecdh_checks == 1; j++) { + if (loopargs[i].secret_a[j] != loopargs[i].secret_b[j]) ecdh_checks = 0; } @@ -2644,7 +2638,7 @@ int speed_main(int argc, char **argv) if (rsa_count <= 1) { /* if longer than 10s, don't do any more */ - for (testnum++; testnum < EC_NUM; testnum++) + for (testnum++; testnum < OSSL_NELEM(ecdh_doit); testnum++) ecdh_doit[testnum] = 0; } } @@ -2693,7 +2687,7 @@ int speed_main(int argc, char **argv) if (!doit[k]) continue; if (mr) - printf("+F:%d:%s", k, names[k]); + printf("+F:%u:%s", k, names[k]); else printf("%-13s", names[k]); for (testnum = 0; testnum < SIZE_NUM; testnum++) { @@ -2742,7 +2736,7 @@ int speed_main(int argc, char **argv) #endif #ifndef OPENSSL_NO_EC testnum = 1; - for (k = 0; k < EC_NUM; k++) { + for (k = 0; k < OSSL_NELEM(ecdsa_doit); k++) { if (!ecdsa_doit[k]) continue; if (testnum && !mr) { @@ -2800,8 +2794,9 @@ int speed_main(int argc, char **argv) DSA_free(loopargs[i].dsa_key[k]); #endif #ifndef OPENSSL_NO_EC - for (k = 0; k < EC_NUM; k++) { + for (k = 0; k < ECDSA_NUM; k++) EC_KEY_free(loopargs[i].ecdsa[k]); + for (k = 0; k < EC_NUM; k++) { EC_KEY_free(loopargs[i].ecdh_a[k]); EC_KEY_free(loopargs[i].ecdh_b[k]); } @@ -2950,7 +2945,7 @@ static int do_multi(int multi) printf("Got: %s from %d\n", buf, n); if (strncmp(buf, "+F:", 3) == 0) { int alg; - int j; + unsigned int j; p = buf + 3; alg = atoi(sstrsep(&p, sep)); diff --git a/deps/openssl/openssl/apps/verify.c b/deps/openssl/openssl/apps/verify.c index 0925ee627f..8bcbff6177 100644 --- a/deps/openssl/openssl/apps/verify.c +++ b/deps/openssl/openssl/apps/verify.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -219,6 +219,7 @@ static int check(X509_STORE *ctx, const char *file, X509_STORE_set_flags(ctx, vflags); if (!X509_STORE_CTX_init(csc, ctx, x, uchain)) { + X509_STORE_CTX_free(csc); printf("error %s: X.509 store context initialization failed\n", (file == NULL) ? "stdin" : file); goto end; |