diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 6c89c650961dc3e6bd139237baaaf2981ec36a7b..8c994d4f968485610af0a2a159c4e779521ac377 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -237,7 +237,7 @@ jobs: - name: modprobe tls run: sudo modprobe tls - name: config - run: ./config --banner=Configured --strict-warnings no-ec enable-ssl-trace enable-zlib enable-zlib-dynamic enable-crypto-mdebug enable-crypto-mdebug-backtrace enable-egd enable-ktls enable-fips no-threads && perl configdata.pm --dump + run: ./config --banner=Configured --strict-warnings no-ec enable-ssl-trace enable-zlib enable-zlib-dynamic enable-crypto-mdebug enable-egd enable-ktls enable-fips no-threads && perl configdata.pm --dump - name: make run: make -s -j4 - name: get cpu info diff --git a/.github/workflows/provider-compatibility.yml b/.github/workflows/provider-compatibility.yml index ccb0fbdd7d803aa1f7031f4e1f4e3d8ba846f146..8fc125cbd83e5c07330b9f44f442d19ab70a79d9 100644 --- a/.github/workflows/provider-compatibility.yml +++ b/.github/workflows/provider-compatibility.yml @@ -236,10 +236,11 @@ jobs: working-directory: ${{ matrix.tree_b }} - name: get cpu info + if: steps.early_exit.outcome == 'success' run: | cat /proc/cpuinfo ./util/opensslwrap.sh version -c - working-directory: ${{ matrix.branch.dir }} + working-directory: ${{ matrix.tree_b }} - name: run cross validation tests of FIPS from A with tree from B if: steps.early_exit.outcome == 'success' diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 7125b91f75e54e5f436e3f269b5b19b68786b87b..c80741cf517cf30c52219ab41050ddd7ad156ed9 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -87,7 +87,7 @@ jobs: - name: config working-directory: _build run: | - perl ..\Configure --banner=Configured no-makedepend no-shared no-fips VC-WIN64A-masm + perl ..\Configure --banner=Configured no-makedepend no-shared no-fips enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-trace enable-crypto-mdebug VC-WIN64A-masm perl configdata.pm --dump - name: build working-directory: _build diff --git a/CHANGES.md b/CHANGES.md index af5f3cd2aba9b9b4a0632dd14c4ac007d8252903..ef801c2f7362b8c6a7b341dbf83f62e8c860f4a3 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -25,6 +25,10 @@ OpenSSL 3.2 ### Changes between 3.1 and 3.2 [xx XXX xxxx] + * Enable extra Arm64 optimization on Windows for GHASH, RAND and AES. + + *Evgeny Karpov* + * Added a function to delete objects from store by URI - OSSL_STORE_delete() and the corresponding provider-storemgmt API function OSSL_FUNC_store_delete(). diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl index 3d9ce086f9496a11d4990f52d6dfbda78e56824b..8ddb1282af7b628374036133f03f8273927bcb43 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl @@ -635,28 +635,28 @@ uninstall_sw: uninstall_runtime uninstall_modules uninstall_engines uninstall_de install_docs: install_man_docs install_html_docs ## Install manpages and HTML documentation uninstall_docs: uninstall_man_docs uninstall_html_docs ## Uninstall manpages and HTML documentation - $(RM) -r $(DESTDIR)$(DOCDIR) + $(RM) -r "$(DESTDIR)$(DOCDIR)" {- output_off() if $disabled{fips}; "" -} install_fips: build_sw $(INSTALL_FIPSMODULECONF) @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(MODULESDIR) - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(OPENSSLDIR) + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(MODULESDIR)" + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(OPENSSLDIR)" @$(ECHO) "*** Installing FIPS module" @$(ECHO) "install $(INSTALL_FIPSMODULE) -> $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME)" - @cp "$(INSTALL_FIPSMODULE)" $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).new - @chmod 755 $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).new - @mv -f $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).new \ - $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME) + @cp "$(INSTALL_FIPSMODULE)" "$(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).new" + @chmod 755 "$(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).new" + @mv -f "$(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).new" \ + "$(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME)" @$(ECHO) "*** Installing FIPS module configuration" @$(ECHO) "install $(INSTALL_FIPSMODULECONF) -> $(DESTDIR)$(OPENSSLDIR)/fipsmodule.cnf" - @cp $(INSTALL_FIPSMODULECONF) $(DESTDIR)$(OPENSSLDIR)/fipsmodule.cnf + @cp $(INSTALL_FIPSMODULECONF) "$(DESTDIR)$(OPENSSLDIR)/fipsmodule.cnf" uninstall_fips: @$(ECHO) "*** Uninstalling FIPS module configuration" - $(RM) $(DESTDIR)$(OPENSSLDIR)/fipsmodule.cnf + $(RM) "$(DESTDIR)$(OPENSSLDIR)/fipsmodule.cnf" @$(ECHO) "*** Uninstalling FIPS module" - $(RM) $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME) + $(RM) "$(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME)" {- if ($disabled{fips}) { output_on(); } else { output_off(); } "" -} install_fips: @$(ECHO) "The 'install_fips' target requires the 'enable-fips' option" @@ -667,75 +667,75 @@ uninstall_fips: install_ssldirs: - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(OPENSSLDIR)/certs - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(OPENSSLDIR)/private - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(OPENSSLDIR)/misc + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(OPENSSLDIR)/certs" + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(OPENSSLDIR)/private" + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(OPENSSLDIR)/misc" @set -e; for x in dummy $(MISC_SCRIPTS); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ x1=`echo "$$x" | cut -f1 -d:`; \ x2=`echo "$$x" | cut -f2 -d:`; \ fn=`basename $$x1`; \ $(ECHO) "install $$x1 -> $(DESTDIR)$(OPENSSLDIR)/misc/$$fn"; \ - cp $$x1 $(DESTDIR)$(OPENSSLDIR)/misc/$$fn.new; \ - chmod 755 $(DESTDIR)$(OPENSSLDIR)/misc/$$fn.new; \ - mv -f $(DESTDIR)$(OPENSSLDIR)/misc/$$fn.new \ - $(DESTDIR)$(OPENSSLDIR)/misc/$$fn; \ + cp $$x1 "$(DESTDIR)$(OPENSSLDIR)/misc/$$fn.new"; \ + chmod 755 "$(DESTDIR)$(OPENSSLDIR)/misc/$$fn.new"; \ + mv -f "$(DESTDIR)$(OPENSSLDIR)/misc/$$fn.new" \ + "$(DESTDIR)$(OPENSSLDIR)/misc/$$fn"; \ if [ "$$x1" != "$$x2" ]; then \ ln=`basename "$$x2"`; \ : {- output_off() unless windowsdll(); "" -}; \ $(ECHO) "copy $(DESTDIR)$(OPENSSLDIR)/misc/$$ln -> $(DESTDIR)$(OPENSSLDIR)/misc/$$fn"; \ - cp $(DESTDIR)$(OPENSSLDIR)/misc/$$fn $(DESTDIR)$(OPENSSLDIR)/misc/$$ln; \ + cp "$(DESTDIR)$(OPENSSLDIR)/misc/$$fn" "$(DESTDIR)$(OPENSSLDIR)/misc/$$ln"; \ : {- output_on() unless windowsdll(); output_off() if windowsdll(); "" -}; \ $(ECHO) "link $(DESTDIR)$(OPENSSLDIR)/misc/$$ln -> $(DESTDIR)$(OPENSSLDIR)/misc/$$fn"; \ - ln -sf $$fn $(DESTDIR)$(OPENSSLDIR)/misc/$$ln; \ + ln -sf $$fn "$(DESTDIR)$(OPENSSLDIR)/misc/$$ln"; \ : {- output_on() if windowsdll(); "" -}; \ fi; \ done @$(ECHO) "install $(SRCDIR)/apps/openssl.cnf -> $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.dist" - @cp $(SRCDIR)/apps/openssl.cnf $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new - @chmod 644 $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new - @mv -f $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.dist + @cp $(SRCDIR)/apps/openssl.cnf "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new" + @chmod 644 "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new" + @mv -f "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new" "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf.dist" @if [ ! -f "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf" ]; then \ $(ECHO) "install $(SRCDIR)/apps/openssl.cnf -> $(DESTDIR)$(OPENSSLDIR)/openssl.cnf"; \ - cp $(SRCDIR)/apps/openssl.cnf $(DESTDIR)$(OPENSSLDIR)/openssl.cnf; \ - chmod 644 $(DESTDIR)$(OPENSSLDIR)/openssl.cnf; \ + cp $(SRCDIR)/apps/openssl.cnf "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf"; \ + chmod 644 "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf"; \ fi @$(ECHO) "install $(SRCDIR)/apps/ct_log_list.cnf -> $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.dist" - @cp $(SRCDIR)/apps/ct_log_list.cnf $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.new - @chmod 644 $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.new - @mv -f $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.new $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.dist + @cp $(SRCDIR)/apps/ct_log_list.cnf "$(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.new" + @chmod 644 "$(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.new" + @mv -f "$(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.new" "$(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.dist" @if [ ! -f "$(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf" ]; then \ $(ECHO) "install $(SRCDIR)/apps/ct_log_list.cnf -> $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf"; \ - cp $(SRCDIR)/apps/ct_log_list.cnf $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf; \ - chmod 644 $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf; \ + cp $(SRCDIR)/apps/ct_log_list.cnf "$(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf"; \ + chmod 644 "$(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf"; \ fi install_dev: install_runtime_libs @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) @$(ECHO) "*** Installing development files" - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/include/openssl + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(INSTALLTOP)/include/openssl" @ : {- output_off() if $disabled{uplink}; "" -} @$(ECHO) "install $(SRCDIR)/ms/applink.c -> $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c" - @cp $(SRCDIR)/ms/applink.c $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c - @chmod 644 $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c + @cp $(SRCDIR)/ms/applink.c "$(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c" + @chmod 644 "$(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c" @ : {- output_on() if $disabled{uplink}; "" -} @set -e; for i in $(SRCDIR)/include/openssl/*.h \ $(BLDDIR)/include/openssl/*.h; do \ fn=`basename $$i`; \ $(ECHO) "install $$i -> $(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn"; \ - cp $$i $(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn; \ - chmod 644 $(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn; \ + cp $$i "$(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn"; \ + chmod 644 "$(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn"; \ done - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(libdir) + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(libdir)" @set -e; for l in $(INSTALL_LIBS); do \ fn=`basename $$l`; \ $(ECHO) "install $$l -> $(DESTDIR)$(libdir)/$$fn"; \ - cp $$l $(DESTDIR)$(libdir)/$$fn.new; \ - $(RANLIB) $(DESTDIR)$(libdir)/$$fn.new; \ - chmod 644 $(DESTDIR)$(libdir)/$$fn.new; \ - mv -f $(DESTDIR)$(libdir)/$$fn.new \ - $(DESTDIR)$(libdir)/$$fn; \ + cp $$l "$(DESTDIR)$(libdir)/$$fn.new"; \ + $(RANLIB) "$(DESTDIR)$(libdir)/$$fn.new"; \ + chmod 644 "$(DESTDIR)$(libdir)/$$fn.new"; \ + mv -f "$(DESTDIR)$(libdir)/$$fn.new" \ + "$(DESTDIR)$(libdir)/$$fn"; \ done @ : {- output_off() if $disabled{shared}; "" -} @set -e; for s in $(INSTALL_SHLIB_INFO); do \ @@ -748,18 +748,18 @@ install_dev: install_runtime_libs : {- output_off(); output_on() unless windowsdll() or sharedaix(); "" -}; \ if [ "$$fn2" != "" ]; then \ $(ECHO) "link $(DESTDIR)$(libdir)/$$fn2 -> $(DESTDIR)$(libdir)/$$fn1"; \ - ln -sf $$fn1 $(DESTDIR)$(libdir)/$$fn2; \ + ln -sf $$fn1 "$(DESTDIR)$(libdir)/$$fn2"; \ fi; \ : {- output_off() unless windowsdll() or sharedaix(); output_on() if windowsdll(); "" -}; \ if [ "$$fn3" != "" ]; then \ $(ECHO) "install $$s3 -> $(DESTDIR)$(libdir)/$$fn3"; \ - cp $$s3 $(DESTDIR)$(libdir)/$$fn3.new; \ - chmod 755 $(DESTDIR)$(libdir)/$$fn3.new; \ - mv -f $(DESTDIR)$(libdir)/$$fn3.new \ - $(DESTDIR)$(libdir)/$$fn3; \ + cp $$s3 "$(DESTDIR)$(libdir)/$$fn3.new"; \ + chmod 755 "$(DESTDIR)$(libdir)/$$fn3.new"; \ + mv -f "$(DESTDIR)$(libdir)/$$fn3.new" \ + "$(DESTDIR)$(libdir)/$$fn3"; \ fi; \ : {- output_off() if windowsdll(); output_on() if sharedaix(); "" -}; \ - a=$(DESTDIR)$(libdir)/$$fn2; \ + a="$(DESTDIR)$(libdir)/$$fn2"; \ $(ECHO) "install $$s1 -> $$a"; \ if [ -f $$a ]; then ( trap "rm -rf /tmp/ar.$$$$" INT 0; \ mkdir /tmp/ar.$$$$; ( cd /tmp/ar.$$$$; \ @@ -776,35 +776,35 @@ install_dev: install_runtime_libs : {- output_off() if sharedaix(); output_on(); "" -}; \ done @ : {- output_on() if $disabled{shared}; "" -} - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(libdir)/pkgconfig + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(libdir)/pkgconfig" @$(ECHO) "install libcrypto.pc -> $(DESTDIR)$(libdir)/pkgconfig/libcrypto.pc" - @cp libcrypto.pc $(DESTDIR)$(libdir)/pkgconfig - @chmod 644 $(DESTDIR)$(libdir)/pkgconfig/libcrypto.pc + @cp libcrypto.pc "$(DESTDIR)$(libdir)/pkgconfig" + @chmod 644 "$(DESTDIR)$(libdir)/pkgconfig/libcrypto.pc" @$(ECHO) "install libssl.pc -> $(DESTDIR)$(libdir)/pkgconfig/libssl.pc" - @cp libssl.pc $(DESTDIR)$(libdir)/pkgconfig - @chmod 644 $(DESTDIR)$(libdir)/pkgconfig/libssl.pc + @cp libssl.pc "$(DESTDIR)$(libdir)/pkgconfig" + @chmod 644 "$(DESTDIR)$(libdir)/pkgconfig/libssl.pc" @$(ECHO) "install openssl.pc -> $(DESTDIR)$(libdir)/pkgconfig/openssl.pc" - @cp openssl.pc $(DESTDIR)$(libdir)/pkgconfig - @chmod 644 $(DESTDIR)$(libdir)/pkgconfig/openssl.pc + @cp openssl.pc "$(DESTDIR)$(libdir)/pkgconfig" + @chmod 644 "$(DESTDIR)$(libdir)/pkgconfig/openssl.pc" uninstall_dev: uninstall_runtime_libs @$(ECHO) "*** Uninstalling development files" @ : {- output_off() if $disabled{uplink}; "" -} @$(ECHO) "$(RM) $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c" - @$(RM) $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c + @$(RM) "$(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c" @ : {- output_on() if $disabled{uplink}; "" -} @set -e; for i in $(SRCDIR)/include/openssl/*.h \ $(BLDDIR)/include/openssl/*.h; do \ fn=`basename $$i`; \ $(ECHO) "$(RM) $(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn"; \ - $(RM) $(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn; \ + $(RM) "$(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn"; \ done - -$(RMDIR) $(DESTDIR)$(INSTALLTOP)/include/openssl - -$(RMDIR) $(DESTDIR)$(INSTALLTOP)/include + -$(RMDIR) "$(DESTDIR)$(INSTALLTOP)/include/openssl" + -$(RMDIR) "$(DESTDIR)$(INSTALLTOP)/include" @set -e; for l in $(INSTALL_LIBS); do \ fn=`basename $$l`; \ $(ECHO) "$(RM) $(DESTDIR)$(libdir)/$$fn"; \ - $(RM) $(DESTDIR)$(libdir)/$$fn; \ + $(RM) "$(DESTDIR)$(libdir)/$$fn"; \ done @ : {- output_off() if $disabled{shared}; "" -} @set -e; for s in $(INSTALL_SHLIB_INFO); do \ @@ -816,39 +816,39 @@ uninstall_dev: uninstall_runtime_libs fn3=`basename "$$s3"`; \ : {- output_off() if windowsdll(); "" -}; \ $(ECHO) "$(RM) $(DESTDIR)$(libdir)/$$fn1"; \ - $(RM) $(DESTDIR)$(libdir)/$$fn1; \ + $(RM) "$(DESTDIR)$(libdir)/$$fn1"; \ if [ -n "$$fn2" ]; then \ $(ECHO) "$(RM) $(DESTDIR)$(libdir)/$$fn2"; \ - $(RM) $(DESTDIR)$(libdir)/$$fn2; \ + $(RM) "$(DESTDIR)$(libdir)/$$fn2"; \ fi; \ : {- output_on() if windowsdll(); "" -}{- output_off() unless windowsdll(); "" -}; \ if [ -n "$$fn3" ]; then \ $(ECHO) "$(RM) $(DESTDIR)$(libdir)/$$fn3"; \ - $(RM) $(DESTDIR)$(libdir)/$$fn3; \ + $(RM) "$(DESTDIR)$(libdir)/$$fn3"; \ fi; \ : {- output_on() unless windowsdll(); "" -}; \ done @ : {- output_on() if $disabled{shared}; "" -} - $(RM) $(DESTDIR)$(libdir)/pkgconfig/libcrypto.pc - $(RM) $(DESTDIR)$(libdir)/pkgconfig/libssl.pc - $(RM) $(DESTDIR)$(libdir)/pkgconfig/openssl.pc - -$(RMDIR) $(DESTDIR)$(libdir)/pkgconfig - -$(RMDIR) $(DESTDIR)$(libdir) + $(RM) "$(DESTDIR)$(libdir)/pkgconfig/libcrypto.pc" + $(RM) "$(DESTDIR)$(libdir)/pkgconfig/libssl.pc" + $(RM) "$(DESTDIR)$(libdir)/pkgconfig/openssl.pc" + -$(RMDIR) "$(DESTDIR)$(libdir)/pkgconfig" + -$(RMDIR) "$(DESTDIR)$(libdir)" _install_modules_deps: install_runtime_libs build_modules install_engines: _install_modules_deps @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(ENGINESDIR)/ + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(ENGINESDIR)/" @$(ECHO) "*** Installing engines" @set -e; for e in dummy $(INSTALL_ENGINES); do \ if [ "$$e" = "dummy" ]; then continue; fi; \ fn=`basename $$e`; \ $(ECHO) "install $$e -> $(DESTDIR)$(ENGINESDIR)/$$fn"; \ - cp $$e $(DESTDIR)$(ENGINESDIR)/$$fn.new; \ - chmod 755 $(DESTDIR)$(ENGINESDIR)/$$fn.new; \ - mv -f $(DESTDIR)$(ENGINESDIR)/$$fn.new \ - $(DESTDIR)$(ENGINESDIR)/$$fn; \ + cp $$e "$(DESTDIR)$(ENGINESDIR)/$$fn.new"; \ + chmod 755 "$(DESTDIR)$(ENGINESDIR)/$$fn.new"; \ + mv -f "$(DESTDIR)$(ENGINESDIR)/$$fn.new" \ + "$(DESTDIR)$(ENGINESDIR)/$$fn"; \ done uninstall_engines: @@ -857,22 +857,22 @@ uninstall_engines: if [ "$$e" = "dummy" ]; then continue; fi; \ fn=`basename $$e`; \ $(ECHO) "$(RM) $(DESTDIR)$(ENGINESDIR)/$$fn"; \ - $(RM) $(DESTDIR)$(ENGINESDIR)/$$fn; \ + $(RM) "$(DESTDIR)$(ENGINESDIR)/$$fn"; \ done - -$(RMDIR) $(DESTDIR)$(ENGINESDIR) + -$(RMDIR) "$(DESTDIR)$(ENGINESDIR)" install_modules: _install_modules_deps @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(MODULESDIR)/ + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(MODULESDIR)/" @$(ECHO) "*** Installing modules" @set -e; for e in dummy $(INSTALL_MODULES); do \ if [ "$$e" = "dummy" ]; then continue; fi; \ fn=`basename $$e`; \ $(ECHO) "install $$e -> $(DESTDIR)$(MODULESDIR)/$$fn"; \ - cp $$e $(DESTDIR)$(MODULESDIR)/$$fn.new; \ - chmod 755 $(DESTDIR)$(MODULESDIR)/$$fn.new; \ - mv -f $(DESTDIR)$(MODULESDIR)/$$fn.new \ - $(DESTDIR)$(MODULESDIR)/$$fn; \ + cp $$e "$(DESTDIR)$(MODULESDIR)/$$fn.new"; \ + chmod 755 "$(DESTDIR)$(MODULESDIR)/$$fn.new"; \ + mv -f "$(DESTDIR)$(MODULESDIR)/$$fn.new" \ + "$(DESTDIR)$(MODULESDIR)/$$fn"; \ done uninstall_modules: @@ -881,18 +881,18 @@ uninstall_modules: if [ "$$e" = "dummy" ]; then continue; fi; \ fn=`basename $$e`; \ $(ECHO) "$(RM) $(DESTDIR)$(MODULESDIR)/$$fn"; \ - $(RM) $(DESTDIR)$(MODULESDIR)/$$fn; \ + $(RM) "$(DESTDIR)$(MODULESDIR)/$$fn"; \ done - -$(RMDIR) $(DESTDIR)$(MODULESDIR) + -$(RMDIR) "$(DESTDIR)$(MODULESDIR)" install_runtime: install_programs install_runtime_libs: build_libs @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) @ : {- output_off() if windowsdll(); "" -} - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(libdir) + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(libdir)" @ : {- output_on() if windowsdll(); output_off() unless windowsdll(); "" -} - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(bindir)/ + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(bindir)/" @ : {- output_on() unless windowsdll(); "" -} @$(ECHO) "*** Installing runtime libraries" @set -e; for s in dummy $(INSTALL_SHLIBS); do \ @@ -900,40 +900,40 @@ install_runtime_libs: build_libs fn=`basename $$s`; \ : {- output_off() unless windowsdll(); "" -}; \ $(ECHO) "install $$s -> $(DESTDIR)$(bindir)/$$fn"; \ - cp $$s $(DESTDIR)$(bindir)/$$fn.new; \ - chmod 755 $(DESTDIR)$(bindir)/$$fn.new; \ - mv -f $(DESTDIR)$(bindir)/$$fn.new \ - $(DESTDIR)$(bindir)/$$fn; \ + cp $$s "$(DESTDIR)$(bindir)/$$fn.new"; \ + chmod 755 "$(DESTDIR)$(bindir)/$$fn.new"; \ + mv -f "$(DESTDIR)$(bindir)/$$fn.new" \ + "$(DESTDIR)$(bindir)/$$fn"; \ : {- output_on() unless windowsdll(); "" -}{- output_off() if windowsdll(); "" -}; \ $(ECHO) "install $$s -> $(DESTDIR)$(libdir)/$$fn"; \ - cp $$s $(DESTDIR)$(libdir)/$$fn.new; \ - chmod 755 $(DESTDIR)$(libdir)/$$fn.new; \ - mv -f $(DESTDIR)$(libdir)/$$fn.new \ - $(DESTDIR)$(libdir)/$$fn; \ + cp $$s "$(DESTDIR)$(libdir)/$$fn.new"; \ + chmod 755 "$(DESTDIR)$(libdir)/$$fn.new"; \ + mv -f "$(DESTDIR)$(libdir)/$$fn.new" \ + "$(DESTDIR)$(libdir)/$$fn"; \ : {- output_on() if windowsdll(); "" -}; \ done install_programs: install_runtime_libs build_programs @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(bindir) + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(bindir)" @$(ECHO) "*** Installing runtime programs" @set -e; for x in dummy $(INSTALL_PROGRAMS); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "install $$x -> $(DESTDIR)$(bindir)/$$fn"; \ - cp $$x $(DESTDIR)$(bindir)/$$fn.new; \ - chmod 755 $(DESTDIR)$(bindir)/$$fn.new; \ - mv -f $(DESTDIR)$(bindir)/$$fn.new \ - $(DESTDIR)$(bindir)/$$fn; \ + cp $$x "$(DESTDIR)$(bindir)/$$fn.new"; \ + chmod 755 "$(DESTDIR)$(bindir)/$$fn.new"; \ + mv -f "$(DESTDIR)$(bindir)/$$fn.new" \ + "$(DESTDIR)$(bindir)/$$fn"; \ done @set -e; for x in dummy $(BIN_SCRIPTS); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "install $$x -> $(DESTDIR)$(bindir)/$$fn"; \ - cp $$x $(DESTDIR)$(bindir)/$$fn.new; \ - chmod 755 $(DESTDIR)$(bindir)/$$fn.new; \ - mv -f $(DESTDIR)$(bindir)/$$fn.new \ - $(DESTDIR)$(bindir)/$$fn; \ + cp $$x "$(DESTDIR)$(bindir)/$$fn.new"; \ + chmod 755 "$(DESTDIR)$(bindir)/$$fn.new"; \ + mv -f "$(DESTDIR)$(bindir)/$$fn.new" \ + "$(DESTDIR)$(bindir)/$$fn"; \ done uninstall_runtime: uninstall_programs uninstall_runtime_libs @@ -945,16 +945,16 @@ uninstall_programs: if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "$(RM) $(DESTDIR)$(bindir)/$$fn"; \ - $(RM) $(DESTDIR)$(bindir)/$$fn; \ + $(RM) "$(DESTDIR)$(bindir)/$$fn"; \ done; @set -e; for x in dummy $(BIN_SCRIPTS); \ do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "$(RM) $(DESTDIR)$(bindir)/$$fn"; \ - $(RM) $(DESTDIR)$(bindir)/$$fn; \ + $(RM) "$(DESTDIR)$(bindir)/$$fn"; \ done - -$(RMDIR) $(DESTDIR)$(bindir) + -$(RMDIR) "$(DESTDIR)$(bindir)" uninstall_runtime_libs: @$(ECHO) "*** Uninstalling runtime libraries" @@ -963,49 +963,49 @@ uninstall_runtime_libs: if [ "$$s" = "dummy" ]; then continue; fi; \ fn=`basename $$s`; \ $(ECHO) "$(RM) $(DESTDIR)$(bindir)/$$fn"; \ - $(RM) $(DESTDIR)$(bindir)/$$fn; \ + $(RM) "$(DESTDIR)$(bindir)/$$fn"; \ done @ : {- output_on() unless windowsdll(); "" -} install_man_docs: build_man_docs @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(MANDIR)/man1 - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(MANDIR)/man3 - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(MANDIR)/man5 - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(MANDIR)/man7 + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(MANDIR)/man1" + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(MANDIR)/man3" + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(MANDIR)/man5" + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(MANDIR)/man7" @$(ECHO) "*** Installing manpages" @set -e; for x in dummy $(MANDOCS1); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "install $$x -> $(DESTDIR)$(MANDIR)/man1/$${fn}$(MANSUFFIX)"; \ - cp $$x $(DESTDIR)$(MANDIR)/man1/$${fn}$(MANSUFFIX); \ - chmod 644 $(DESTDIR)$(MANDIR)/man1/$${fn}$(MANSUFFIX); \ - $(PERL) $(SRCDIR)/util/write-man-symlinks install $(SRCDIR)/doc/man1 $(BLDDIR)/doc/man1 $${fn}$(MANSUFFIX) $(DESTDIR)$(MANDIR)/man1; \ + cp $$x "$(DESTDIR)$(MANDIR)/man1/$${fn}$(MANSUFFIX)"; \ + chmod 644 "$(DESTDIR)$(MANDIR)/man1/$${fn}$(MANSUFFIX)"; \ + $(PERL) $(SRCDIR)/util/write-man-symlinks install $(SRCDIR)/doc/man1 $(BLDDIR)/doc/man1 $${fn}$(MANSUFFIX) "$(DESTDIR)$(MANDIR)/man1"; \ done @set -e; for x in dummy $(MANDOCS3); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "install $$x -> $(DESTDIR)$(MANDIR)/man3/$${fn}$(MANSUFFIX)"; \ - cp $$x $(DESTDIR)$(MANDIR)/man3/$${fn}$(MANSUFFIX); \ - chmod 644 $(DESTDIR)$(MANDIR)/man3/$${fn}$(MANSUFFIX); \ - $(PERL) $(SRCDIR)/util/write-man-symlinks install $(SRCDIR)/doc/man3 $(BLDDIR)/doc/man3 $${fn}$(MANSUFFIX) $(DESTDIR)$(MANDIR)/man3; \ + cp $$x "$(DESTDIR)$(MANDIR)/man3/$${fn}$(MANSUFFIX)"; \ + chmod 644 "$(DESTDIR)$(MANDIR)/man3/$${fn}$(MANSUFFIX)"; \ + $(PERL) $(SRCDIR)/util/write-man-symlinks install $(SRCDIR)/doc/man3 $(BLDDIR)/doc/man3 $${fn}$(MANSUFFIX) "$(DESTDIR)$(MANDIR)/man3"; \ done @set -e; for x in dummy $(MANDOCS5); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "install $$x -> $(DESTDIR)$(MANDIR)/man5/$${fn}$(MANSUFFIX)"; \ - cp $$x $(DESTDIR)$(MANDIR)/man5/$${fn}$(MANSUFFIX); \ - chmod 644 $(DESTDIR)$(MANDIR)/man5/$${fn}$(MANSUFFIX); \ - $(PERL) $(SRCDIR)/util/write-man-symlinks install $(SRCDIR)/doc/man5 $(BLDDIR)/doc/man5 $${fn}$(MANSUFFIX) $(DESTDIR)$(MANDIR)/man5; \ + cp $$x "$(DESTDIR)$(MANDIR)/man5/$${fn}$(MANSUFFIX)"; \ + chmod 644 "$(DESTDIR)$(MANDIR)/man5/$${fn}$(MANSUFFIX)"; \ + $(PERL) $(SRCDIR)/util/write-man-symlinks install $(SRCDIR)/doc/man5 $(BLDDIR)/doc/man5 $${fn}$(MANSUFFIX) "$(DESTDIR)$(MANDIR)/man5"; \ done @set -e; for x in dummy $(MANDOCS7); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "install $$x -> $(DESTDIR)$(MANDIR)/man7/$${fn}$(MANSUFFIX)"; \ - cp $$x $(DESTDIR)$(MANDIR)/man7/$${fn}$(MANSUFFIX); \ - chmod 644 $(DESTDIR)$(MANDIR)/man7/$${fn}$(MANSUFFIX); \ - $(PERL) $(SRCDIR)/util/write-man-symlinks install $(SRCDIR)/doc/man7 $(BLDDIR)/doc/man7 $${fn}$(MANSUFFIX) $(DESTDIR)$(MANDIR)/man7; \ + cp $$x "$(DESTDIR)$(MANDIR)/man7/$${fn}$(MANSUFFIX)"; \ + chmod 644 "$(DESTDIR)$(MANDIR)/man7/$${fn}$(MANSUFFIX)"; \ + $(PERL) $(SRCDIR)/util/write-man-symlinks install $(SRCDIR)/doc/man7 $(BLDDIR)/doc/man7 $${fn}$(MANSUFFIX) "$(DESTDIR)$(MANDIR)/man7"; \ done uninstall_man_docs: build_man_docs @@ -1014,65 +1014,65 @@ uninstall_man_docs: build_man_docs if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "$(RM) $(DESTDIR)$(MANDIR)/man1/$${fn}$(MANSUFFIX)"; \ - $(RM) $(DESTDIR)$(MANDIR)/man1/$${fn}$(MANSUFFIX); \ - $(PERL) $(SRCDIR)/util/write-man-symlinks uninstall $(SRCDIR)/doc/man1 $(BLDDIR)/doc/man1 $${fn}$(MANSUFFIX) $(DESTDIR)$(MANDIR)/man1; \ + $(RM) "$(DESTDIR)$(MANDIR)/man1/$${fn}$(MANSUFFIX)"; \ + $(PERL) $(SRCDIR)/util/write-man-symlinks uninstall $(SRCDIR)/doc/man1 $(BLDDIR)/doc/man1 $${fn}$(MANSUFFIX) "$(DESTDIR)$(MANDIR)/man1"; \ done @set -e; for x in dummy $(MANDOCS3); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "$(RM) $(DESTDIR)$(MANDIR)/man3/$${fn}$(MANSUFFIX)"; \ - $(RM) $(DESTDIR)$(MANDIR)/man3/$${fn}$(MANSUFFIX); \ - $(PERL) $(SRCDIR)/util/write-man-symlinks uninstall $(SRCDIR)/doc/man3 $(BLDDIR)/doc/man3 $${fn}$(MANSUFFIX) $(DESTDIR)$(MANDIR)/man3; \ + $(RM) "$(DESTDIR)$(MANDIR)/man3/$${fn}$(MANSUFFIX)"; \ + $(PERL) $(SRCDIR)/util/write-man-symlinks uninstall $(SRCDIR)/doc/man3 $(BLDDIR)/doc/man3 $${fn}$(MANSUFFIX) "$(DESTDIR)$(MANDIR)/man3"; \ done @set -e; for x in dummy $(MANDOCS5); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "$(RM) $(DESTDIR)$(MANDIR)/man5/$${fn}$(MANSUFFIX)"; \ - $(RM) $(DESTDIR)$(MANDIR)/man5/$${fn}$(MANSUFFIX); \ - $(PERL) $(SRCDIR)/util/write-man-symlinks uninstall $(SRCDIR)/doc/man5 $(BLDDIR)/doc/man5 $${fn}$(MANSUFFIX) $(DESTDIR)$(MANDIR)/man5; \ + $(RM) "$(DESTDIR)$(MANDIR)/man5/$${fn}$(MANSUFFIX)"; \ + $(PERL) $(SRCDIR)/util/write-man-symlinks uninstall $(SRCDIR)/doc/man5 $(BLDDIR)/doc/man5 $${fn}$(MANSUFFIX) "$(DESTDIR)$(MANDIR)/man5"; \ done @set -e; for x in dummy $(MANDOCS7); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "$(RM) $(DESTDIR)$(MANDIR)/man7/$${fn}$(MANSUFFIX)"; \ - $(RM) $(DESTDIR)$(MANDIR)/man7/$${fn}$(MANSUFFIX); \ - $(PERL) $(SRCDIR)/util/write-man-symlinks uninstall $(SRCDIR)/doc/man7 $(BLDDIR)/doc/man7 $${fn}$(MANSUFFIX) $(DESTDIR)$(MANDIR)/man7; \ + $(RM) "$(DESTDIR)$(MANDIR)/man7/$${fn}$(MANSUFFIX)"; \ + $(PERL) $(SRCDIR)/util/write-man-symlinks uninstall $(SRCDIR)/doc/man7 $(BLDDIR)/doc/man7 $${fn}$(MANSUFFIX) "$(DESTDIR)$(MANDIR)/man7"; \ done install_html_docs: install_image_docs build_html_docs @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(HTMLDIR)/man1 - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(HTMLDIR)/man3 - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(HTMLDIR)/man5 - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(HTMLDIR)/man7 + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(HTMLDIR)/man1" + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(HTMLDIR)/man3" + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(HTMLDIR)/man5" + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(HTMLDIR)/man7" @$(ECHO) "*** Installing HTML manpages" @set -e; for x in dummy $(HTMLDOCS1); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "install $$x -> $(DESTDIR)$(HTMLDIR)/man1/$$fn"; \ - cp $$x $(DESTDIR)$(HTMLDIR)/man1/$$fn; \ - chmod 644 $(DESTDIR)$(HTMLDIR)/man1/$$fn; \ + cp $$x "$(DESTDIR)$(HTMLDIR)/man1/$$fn"; \ + chmod 644 "$(DESTDIR)$(HTMLDIR)/man1/$$fn"; \ done @set -e; for x in dummy $(HTMLDOCS3); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "install $$x -> $(DESTDIR)$(HTMLDIR)/man3/$$fn"; \ - cp $$x $(DESTDIR)$(HTMLDIR)/man3/$$fn; \ - chmod 644 $(DESTDIR)$(HTMLDIR)/man3/$$fn; \ + cp $$x "$(DESTDIR)$(HTMLDIR)/man3/$$fn"; \ + chmod 644 "$(DESTDIR)$(HTMLDIR)/man3/$$fn"; \ done @set -e; for x in dummy $(HTMLDOCS5); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "install $$x -> $(DESTDIR)$(HTMLDIR)/man5/$$fn"; \ - cp $$x $(DESTDIR)$(HTMLDIR)/man5/$$fn; \ - chmod 644 $(DESTDIR)$(HTMLDIR)/man5/$$fn; \ + cp $$x "$(DESTDIR)$(HTMLDIR)/man5/$$fn"; \ + chmod 644 "$(DESTDIR)$(HTMLDIR)/man5/$$fn"; \ done @set -e; for x in dummy $(HTMLDOCS7); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "install $$x -> $(DESTDIR)$(HTMLDIR)/man7/$$fn"; \ - cp $$x $(DESTDIR)$(HTMLDIR)/man7/$$fn; \ - chmod 644 $(DESTDIR)$(HTMLDIR)/man7/$$fn; \ + cp $$x "$(DESTDIR)$(HTMLDIR)/man7/$$fn"; \ + chmod 644 "$(DESTDIR)$(HTMLDIR)/man7/$$fn"; \ done uninstall_html_docs: uninstall_image_docs @@ -1081,35 +1081,35 @@ uninstall_html_docs: uninstall_image_docs if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "$(RM) $(DESTDIR)$(HTMLDIR)/man1/$$fn"; \ - $(RM) $(DESTDIR)$(HTMLDIR)/man1/$$fn; \ + $(RM) "$(DESTDIR)$(HTMLDIR)/man1/$$fn"; \ done @set -e; for x in dummy $(HTMLDOCS3); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "$(RM) $(DESTDIR)$(HTMLDIR)/man3/$$fn"; \ - $(RM) $(DESTDIR)$(HTMLDIR)/man3/$$fn; \ + $(RM) "$(DESTDIR)$(HTMLDIR)/man3/$$fn"; \ done @set -e; for x in dummy $(HTMLDOCS5); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "$(RM) $(DESTDIR)$(HTMLDIR)/man5/$$fn"; \ - $(RM) $(DESTDIR)$(HTMLDIR)/man5/$$fn; \ + $(RM) "$(DESTDIR)$(HTMLDIR)/man5/$$fn"; \ done @set -e; for x in dummy $(HTMLDOCS7); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "$(RM) $(DESTDIR)$(HTMLDIR)/man7/$$fn"; \ - $(RM) $(DESTDIR)$(HTMLDIR)/man7/$$fn; \ + $(RM) "$(DESTDIR)$(HTMLDIR)/man7/$$fn"; \ done install_image_docs: - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(HTMLDIR)/man7/img + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(HTMLDIR)/man7/img" @set -e; for x in dummy $(IMAGEDOCS7); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "install $$x -> $(DESTDIR)$(HTMLDIR)/man7/img/$$fn"; \ - cp $(SRCDIR)/$$x $(DESTDIR)$(HTMLDIR)/man7/img/$$fn; \ - chmod 644 $(DESTDIR)$(HTMLDIR)/man7/img/$$fn; \ + cp $(SRCDIR)/$$x "$(DESTDIR)$(HTMLDIR)/man7/img/$$fn"; \ + chmod 644 "$(DESTDIR)$(HTMLDIR)/man7/img/$$fn"; \ done uninstall_image_docs: @@ -1117,7 +1117,7 @@ uninstall_image_docs: if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "$(RM) $(DESTDIR)$(HTMLDIR)/man7/img/$$fn"; \ - $(RM) $(DESTDIR)$(HTMLDIR)/man7/img/$$fn; \ + $(RM) "$(DESTDIR)$(HTMLDIR)/man7/img/$$fn"; \ done # Developer targets (note: these are only available on Unix) ######### diff --git a/INSTALL.md b/INSTALL.md index 3322acb6a26751c9b8f587279f2a3d4586d8c95c..37b57027f4f123ddd06311f469f8edd988b688c2 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -2,8 +2,8 @@ Build and Install ================= This document describes installation on all supported operating -systems (the Unix/Linux family, including macOS), OpenVMS, -and Windows). +systems: the Unix/Linux family (including macOS), OpenVMS, +and Windows. Table of Contents ================= diff --git a/apps/cmp.c b/apps/cmp.c index e38f0010a095c7304d7ab4ff5e56b9338d8c2890..dd5a69af7c35b1593756461fc847a2d7eadb3740 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -1933,10 +1933,6 @@ static int setup_client_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) CMP_warn("ignoring -proxy option since -server is not given"); if (opt_no_proxy != NULL) CMP_warn("ignoring -no_proxy option since -server is not given"); - if (opt_tls_used) { - CMP_warn("ignoring -tls_used option since -server is not given"); - opt_tls_used = 0; - } goto set_path; } if (!OSSL_HTTP_parse_url(opt_server, &use_ssl, NULL /* user */, @@ -1946,9 +1942,11 @@ static int setup_client_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) goto err; } if (use_ssl && !opt_tls_used) { - CMP_err("missing -tls_used option since -server URL indicates HTTPS"); - goto err; + CMP_warn("assuming -tls_used since -server URL indicates HTTPS"); + opt_tls_used = 1; } + if (!OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_USE_TLS, opt_tls_used)) + goto err; BIO_snprintf(server_port, sizeof(server_port), "%s", port); if (opt_path == NULL) diff --git a/apps/speed.c b/apps/speed.c index 88d389523b3780a18b17a6afddd2d7c39f223b5f..44e3af7591453ec4b769335a0e2e1db18198cca7 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -4747,7 +4747,8 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single, } else { int pad; - RAND_bytes(out, 16); + if (RAND_bytes(inp, 16) <= 0) + app_bail_out("error setting random bytes\n"); len += 16; aad[11] = (unsigned char)(len >> 8); aad[12] = (unsigned char)(len); diff --git a/crypto/arm_arch.h b/crypto/arm_arch.h index 43aa6b97c5eed7f6b22d3e98e0b7c64c9d276344..83acbe012654dfa458fab41dfed972d4bfd5d1a7 100644 --- a/crypto/arm_arch.h +++ b/crypto/arm_arch.h @@ -49,6 +49,8 @@ # else # error "unsupported ARM architecture" # endif +# elif defined(__ARM_ARCH) +# define __ARM_ARCH__ __ARM_ARCH # endif # endif diff --git a/crypto/cmp/cmp_ctx.c b/crypto/cmp/cmp_ctx.c index b95c540133ca7a69bc3285cf3760dc36633dbe64..947d2ceb8fde8b255ce0e119aac585715c0bff9a 100644 --- a/crypto/cmp/cmp_ctx.c +++ b/crypto/cmp/cmp_ctx.c @@ -123,6 +123,7 @@ OSSL_CMP_CTX *OSSL_CMP_CTX_new(OSSL_LIB_CTX *libctx, const char *propq) ctx->keep_alive = 1; ctx->msg_timeout = -1; + ctx->tls_used = -1; /* default for backward compatibility */ if ((ctx->untrusted = sk_X509_new_null()) == NULL) { ERR_raise(ERR_LIB_X509, ERR_R_CRYPTO_LIB); @@ -949,6 +950,9 @@ int OSSL_CMP_CTX_set_option(OSSL_CMP_CTX *ctx, int opt, int val) case OSSL_CMP_OPT_TOTAL_TIMEOUT: ctx->total_timeout = val; break; + case OSSL_CMP_OPT_USE_TLS: + ctx->tls_used = val; + break; case OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR: ctx->permitTAInExtraCertsForIR = val; break; @@ -1013,6 +1017,8 @@ int OSSL_CMP_CTX_get_option(const OSSL_CMP_CTX *ctx, int opt) return ctx->msg_timeout; case OSSL_CMP_OPT_TOTAL_TIMEOUT: return ctx->total_timeout; + case OSSL_CMP_OPT_USE_TLS: + return ctx->tls_used; case OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR: return ctx->permitTAInExtraCertsForIR; case OSSL_CMP_OPT_REVOCATION_REASON: diff --git a/crypto/cmp/cmp_http.c b/crypto/cmp/cmp_http.c index ef77d251efc93a3cf6eb63285cbc9bae9a711568..d08c362a7023f1237ed6298670c1333f60732fb8 100644 --- a/crypto/cmp/cmp_http.c +++ b/crypto/cmp/cmp_http.c @@ -68,7 +68,8 @@ OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx, if (ctx->serverPort != 0) BIO_snprintf(server_port, sizeof(server_port), "%d", ctx->serverPort); - tls_used = OSSL_CMP_CTX_get_http_cb_arg(ctx) != NULL; + tls_used = ctx->tls_used >= 0 ? ctx->tls_used != 0 + : OSSL_CMP_CTX_get_http_cb_arg(ctx) != NULL; /* backward compat */ if (ctx->http_ctx == NULL) ossl_cmp_log3(DEBUG, ctx, "connecting to CMP server %s:%s%s", ctx->server, server_port, tls_used ? " using TLS" : ""); diff --git a/crypto/cmp/cmp_local.h b/crypto/cmp/cmp_local.h index 3fb479ca39c3941c88f8e532da07ae110a5d848a..29aa84cd2a09e69afe0790ab9947cc0712bb899a 100644 --- a/crypto/cmp/cmp_local.h +++ b/crypto/cmp/cmp_local.h @@ -49,6 +49,7 @@ struct ossl_cmp_ctx_st { int keep_alive; /* persistent connection: 0=no, 1=prefer, 2=require */ int msg_timeout; /* max seconds to wait for each CMP message round trip */ int total_timeout; /* max number of seconds an enrollment may take, incl. */ + int tls_used; /* whether to use TLS for client-side HTTP connections */ /* attempts polling for a response if a 'waiting' PKIStatus is received */ time_t end_time; /* session start time + totaltimeout */ # ifndef OPENSSL_NO_HTTP diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c index f4173e21371e01ef03f990a83e764b5141693f83..7ba2beae7fd6b9be1f19c86a002524d3fe66f403 100644 --- a/crypto/dh/dh_check.c +++ b/crypto/dh/dh_check.c @@ -259,7 +259,8 @@ int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret) */ int ossl_dh_check_pub_key_partial(const DH *dh, const BIGNUM *pub_key, int *ret) { - return ossl_ffc_validate_public_key_partial(&dh->params, pub_key, ret); + return ossl_ffc_validate_public_key_partial(&dh->params, pub_key, ret) + && *ret == 0; } int ossl_dh_check_priv_key(const DH *dh, const BIGNUM *priv_key, int *ret) diff --git a/crypto/dsa/dsa_check.c b/crypto/dsa/dsa_check.c index 7ee914a477ecea60ffa548e20bcea00b83589a29..ec3534d35c2c6c0c1b988b4ace6de0b13886895e 100644 --- a/crypto/dsa/dsa_check.c +++ b/crypto/dsa/dsa_check.c @@ -39,7 +39,8 @@ int ossl_dsa_check_params(const DSA *dsa, int checktype, int *ret) */ int ossl_dsa_check_pub_key(const DSA *dsa, const BIGNUM *pub_key, int *ret) { - return ossl_ffc_validate_public_key(&dsa->params, pub_key, ret); + return ossl_ffc_validate_public_key(&dsa->params, pub_key, ret) + && *ret == 0; } /* @@ -49,7 +50,8 @@ int ossl_dsa_check_pub_key(const DSA *dsa, const BIGNUM *pub_key, int *ret) */ int ossl_dsa_check_pub_key_partial(const DSA *dsa, const BIGNUM *pub_key, int *ret) { - return ossl_ffc_validate_public_key_partial(&dsa->params, pub_key, ret); + return ossl_ffc_validate_public_key_partial(&dsa->params, pub_key, ret) + && *ret == 0; } int ossl_dsa_check_priv_key(const DSA *dsa, const BIGNUM *priv_key, int *ret) diff --git a/crypto/ffc/ffc_key_validate.c b/crypto/ffc/ffc_key_validate.c index 342789621d6df1a6758a875490aec6dd7b2da4af..a4a2a58e9a7fd94d3d6d3407f96d5327b3022f1d 100644 --- a/crypto/ffc/ffc_key_validate.c +++ b/crypto/ffc/ffc_key_validate.c @@ -26,7 +26,7 @@ int ossl_ffc_validate_public_key_partial(const FFC_PARAMS *params, *ret = 0; if (params == NULL || pub_key == NULL || params->p == NULL) { *ret = FFC_ERROR_PASSED_NULL_PARAM; - return 0; + return 1; } ctx = BN_CTX_new_ex(NULL); @@ -39,18 +39,14 @@ int ossl_ffc_validate_public_key_partial(const FFC_PARAMS *params, if (tmp == NULL || !BN_set_word(tmp, 1)) goto err; - if (BN_cmp(pub_key, tmp) <= 0) { + if (BN_cmp(pub_key, tmp) <= 0) *ret |= FFC_ERROR_PUBKEY_TOO_SMALL; - goto err; - } /* Step(1): Verify pub_key <= p-2 */ if (BN_copy(tmp, params->p) == NULL || !BN_sub_word(tmp, 1)) goto err; - if (BN_cmp(pub_key, tmp) >= 0) { + if (BN_cmp(pub_key, tmp) >= 0) *ret |= FFC_ERROR_PUBKEY_TOO_LARGE; - goto err; - } ok = 1; err: if (ctx != NULL) { @@ -73,7 +69,7 @@ int ossl_ffc_validate_public_key(const FFC_PARAMS *params, if (!ossl_ffc_validate_public_key_partial(params, pub_key, ret)) return 0; - if (params->q != NULL) { + if (*ret == 0 && params->q != NULL) { ctx = BN_CTX_new_ex(NULL); if (ctx == NULL) goto err; @@ -84,10 +80,8 @@ int ossl_ffc_validate_public_key(const FFC_PARAMS *params, if (tmp == NULL || !BN_mod_exp(tmp, pub_key, params->q, params->p, ctx)) goto err; - if (!BN_is_one(tmp)) { + if (!BN_is_one(tmp)) *ret |= FFC_ERROR_PUBKEY_INVALID; - goto err; - } } ok = 1; diff --git a/crypto/mem.c b/crypto/mem.c index 62fee878429acae2178e0f03047f4b6694290663..eef1165708c24357e63880dc14a055a0a3ea48f4 100644 --- a/crypto/mem.c +++ b/crypto/mem.c @@ -100,6 +100,9 @@ void CRYPTO_get_alloc_counts(int *mcount, int *rcount, int *fcount) * or 100;100@25;0 * This means 100 mallocs succeed, then next 100 fail 25% of the time, and * all remaining (count is zero) succeed. + * The failure percentge can have 2 digits after the comma. For example: + * 0@0.01 + * This means 0.01% of all allocations will fail. */ static void parseit(void) { @@ -112,26 +115,27 @@ static void parseit(void) /* Get the count (atol will stop at the @ if there), and percentage */ md_count = atol(md_failstring); atsign = strchr(md_failstring, '@'); - md_fail_percent = atsign == NULL ? 0 : atoi(atsign + 1); + md_fail_percent = atsign == NULL ? 0 : (int)(atof(atsign + 1) * 100 + 0.5); if (semi != NULL) md_failstring = semi; } /* - * Windows doesn't have random(), but it has rand() + * Windows doesn't have random() and srandom(), but it has rand() and srand(). * Some rand() implementations aren't good, but we're not * dealing with secure randomness here. */ # ifdef _WIN32 # define random() rand() +# define srandom(seed) srand(seed) # endif /* * See if the current malloc should fail. */ static int shouldfail(void) { - int roll = (int)(random() % 100); + int roll = (int)(random() % 10000); int shoulditfail = roll < md_fail_percent; # ifndef _WIN32 /* suppressed on Windows as POSIX-like file descriptors are non-inheritable */ @@ -165,6 +169,8 @@ void ossl_malloc_setup_failures(void) parseit(); if ((cp = getenv("OPENSSL_MALLOC_FD")) != NULL) md_tracefd = atoi(cp); + if ((cp = getenv("OPENSSL_MALLOC_SEED")) != NULL) + srandom(atoi(cp)); } #endif diff --git a/crypto/modes/gcm128.c b/crypto/modes/gcm128.c index 677eb21a0bd35ad8dc880b93dca445859f94c1de..77ff5dd06b45a44e8d7fb7664204d54e87ce83cb 100644 --- a/crypto/modes/gcm128.c +++ b/crypto/modes/gcm128.c @@ -369,7 +369,7 @@ void gcm_gmult_4bit_x86(u64 Xi[2], const u128 Htable[16]); void gcm_ghash_4bit_x86(u64 Xi[2], const u128 Htable[16], const u8 *inp, size_t len); # endif -# elif defined(__arm__) || defined(__arm) || defined(__aarch64__) +# elif defined(__arm__) || defined(__arm) || defined(__aarch64__) || defined(_M_ARM64) # include "arm_arch.h" # if __ARM_MAX_ARCH__>=7 # define GHASH_ASM_ARM diff --git a/crypto/sm3/sm3_local.h b/crypto/sm3/sm3_local.h index cb5a187a12fe1a8e46ebe9a6003f870588bac961..18e10890eb56ed9bbab33d7d1efe049aca474b8f 100644 --- a/crypto/sm3/sm3_local.h +++ b/crypto/sm3/sm3_local.h @@ -34,7 +34,7 @@ } while (0) #if defined(OPENSSL_SM3_ASM) -# if defined(__aarch64__) +# if defined(__aarch64__) || defined(_M_ARM64) # include "crypto/arm_arch.h" # define HWSM3_CAPABLE (OPENSSL_armcap_P & ARMV8_SM3) void ossl_hwsm3_block_data_order(SM3_CTX *c, const void *p, size_t num); diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in index fec815e756bc051a97793fd7936ec66b1f41529b..051c749d08e617e879651bb79274838c15b18735 100644 --- a/doc/man1/openssl-cmp.pod.in +++ b/doc/man1/openssl-cmp.pod.in @@ -480,8 +480,8 @@ IP address may be for v4 or v6, such as C<127.0.0.1> or C<[::1]> for localhost. This option excludes I<-port> and I<-use_mock_srv>. It is ignored if I<-rspin> is given with enough filename arguments. -The scheme C may be given only if the B<-tls_used> option is provided. -In this case the default port is 443, else 80. +If the scheme C is given, the B<-tls_used> option is implied. +When TLS is used, the default port is 443, otherwise 80. The optional userinfo and fragment components are ignored. Any given query component is handled as part of the path component. If a path is included it provides the default value for the B<-path> option. @@ -491,9 +491,9 @@ If a path is included it provides the default value for the B<-path> option. The HTTP(S) proxy server to use for reaching the CMP server unless B<-no_proxy> applies, see below. The proxy port defaults to 80 or 443 if the scheme is C; apart from that -the optional C or C prefix is ignored (note that TLS may be -enabled by B<-tls_used>), as well as any path, userinfo, and query, and fragment -components. +the optional C or C prefix is ignored (note that using TLS +may be required by B<-tls_used> or B<-server> with the prefix C), +as well as any path, userinfo, and query, and fragment components. Defaults to the environment variable C if set, else C in case no TLS is used, otherwise C if set, else C. This option is ignored if I<-server> is not given. @@ -584,7 +584,7 @@ Non-trusted intermediate CA certificate(s). Any extra certificates given with the B<-cert> option are appended to it. All these certificates may be useful for cert path construction for the own CMP signer certificate (to include in the extraCerts field of -request messages) and for the TLS client certificate (if TLS is enabled) +request messages) and for the TLS client certificate (if TLS is used) as well as for chain building when validating server certificates (checking signature-based CMP message protection) and when validating newly enrolled certificates. @@ -898,14 +898,14 @@ B<-tls_key>. =item B<-tls_used> -Enable using TLS (even when other TLS-related options are not set) -for message exchange with CMP server via HTTP. +Make the CMP client use TLS (regardless if other TLS-related options are set) +for message exchange with the server via HTTP. This option is not supported with the I<-port> option. -It is ignored if the I<-server> option is not given or I<-use_mock_srv> is given -or I<-rspin> is given with enough filename arguments. +It is implied if the B<-server> option is given with the scheme C. +It is ignored if the B<-server> option is not given or B<-use_mock_srv> is given +or B<-rspin> is given with enough filename arguments. -The following TLS-related options are ignored -if B<-tls_used> is not given or does not take effect. +The following TLS-related options are ignored if TLS is not used. =item B<-tls_cert> I|I diff --git a/doc/man3/OSSL_CMP_CTX_new.pod b/doc/man3/OSSL_CMP_CTX_new.pod index 32fbc0915813db8895cec539576287898b7b37df..810997017176b32b9a408dadcf185a9b0adec5bc 100644 --- a/doc/man3/OSSL_CMP_CTX_new.pod +++ b/doc/man3/OSSL_CMP_CTX_new.pod @@ -237,6 +237,17 @@ The following options can be set: A value <= 0 means no limitation (waiting indefinitely). Default is 0. +=item B + + Use this option to indicate to the HTTP implementation + whether TLS is going to be used for the connection (resulting in HTTPS). + The value 1 indicates that TLS is used for client-side HTTP connections, + which needs to be implemented via a callback function set by + OSSL_CMP_CTX_set_http_cb(). + The value 0 indicates that TLS is not used. + Default is -1 for backward compatibility: TLS is used by the client side + if and only if OSSL_CMP_CTX_set_http_cb_arg() sets a non-NULL I. + =item B Number of days new certificates are asked to be valid for. @@ -377,22 +388,17 @@ Defaults to the environment variable C if set, else C. OSSL_CMP_CTX_set_http_cb() sets the optional BIO connect/disconnect callback function, which has the prototype - typedef BIO *(*HTTP_bio_cb_t) (BIO *bio, void *ctx, int connect, int detail); - -The callback may modify the I provided by L, -whereby it may make use of a custom defined argument I -stored in the OSSL_CMP_CTX by means of OSSL_CMP_CTX_set_http_cb_arg(). -During connection establishment, just after calling BIO_do_connect_retry(), -the function is invoked with the I argument being 1 and the I -argument being 1 if HTTPS is requested, i.e., SSL/TLS should be enabled. On -disconnect I is 0 and I is 1 in case no error occurred, else 0. -For instance, on connect the function may prepend a TLS BIO to implement HTTPS; -after disconnect it may do some diagnostic output and/or specific cleanup. -The function should return NULL to indicate failure. -After disconnect the modified BIO will be deallocated using BIO_free_all(). - -OSSL_CMP_CTX_set_http_cb_arg() sets an argument, respectively a pointer to -a structure containing arguments, + typedef BIO *(*HTTP_bio_cb_t) (BIO *bio, void *arg, int connect, int detail); + +The callback may modify the I provided by L +as described for the I parameter of L. +The callback may make use of a custom defined argument I, +as described for the I parameter of L. +The argument is stored in the OSSL_CMP_CTX using OSSL_CMP_CTX_set_http_cb_arg(). +See also the B option described above. + +OSSL_CMP_CTX_set_http_cb_arg() sets the argument, respectively a pointer to +a structure containing arguments such as an B structure, optionally to be used by the http connect/disconnect callback function. I is not consumed, and it must therefore explicitly be freed when not needed any more. I may be NULL to clear the entry. @@ -407,8 +413,6 @@ which has the type typedef OSSL_CMP_MSG *(*OSSL_CMP_transfer_cb_t) (OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *req); -Returns 1 on success, 0 on error. - Default is NULL, which implies the use of L. The callback should send the CMP request message it obtains via the I parameter and on success return the response, else it must return NULL. @@ -824,7 +828,7 @@ the id-it-signKeyPairTypes OID and prints info on the General Response contents: L, L, L, L, L, L, -L +L, L =head1 HISTORY diff --git a/doc/man3/OSSL_HTTP_transfer.pod b/doc/man3/OSSL_HTTP_transfer.pod index e0375377e66c87a82dc0fb5b40a963ba2f7c099f..323525c5b06524b30a2f7b08a2d4d7e6c020e4c6 100644 --- a/doc/man3/OSSL_HTTP_transfer.pod +++ b/doc/man3/OSSL_HTTP_transfer.pod @@ -99,8 +99,8 @@ I is a BIO connect/disconnect callback function with prototype BIO *(*OSSL_HTTP_bio_cb_t)(BIO *bio, void *arg, int connect, int detail) The callback function may modify the BIO provided in the I argument, -whereby it may make use of a custom defined argument I, -which may for instance point to an B structure. +whereby it may use an optional custom defined argument I, +which can for instance point to an B structure. During connection establishment, just after calling BIO_do_connect_retry(), the callback function is invoked with the I argument being 1 and I being 1 if I is nonzero (i.e., HTTPS is requested), else 0. @@ -108,7 +108,7 @@ On disconnect I is 0 and I is 1 if no error occurred, else 0. For instance, on connect the callback may push an SSL BIO to implement HTTPS; after disconnect it may do some diagnostic output and pop and free the SSL BIO. -The callback function must return either the potentially modified BIO I. +The callback function must return either the potentially modified BIO I or NULL to indicate failure, in which case it should not modify the BIO. Here is a simple example that supports TLS connections (but not via a proxy): @@ -135,6 +135,8 @@ Here is a simple example that supports TLS connections (but not via a proxy): } After disconnect the modified BIO will be deallocated using BIO_free_all(). +The optional callback function argument I is not consumed, +so must be freed by the caller when not needed any more. The I parameter specifies the response header maximum line length. A value <= 0 means that the B (4KiB) is used. diff --git a/include/crypto/aes_platform.h b/include/crypto/aes_platform.h index cbc035926e036268397f1464a987afd3cb9fe031..e641450b15dfc86ace79b4033184a32981bb77c3 100644 --- a/include/crypto/aes_platform.h +++ b/include/crypto/aes_platform.h @@ -90,7 +90,7 @@ void gcm_ghash_p8(u64 Xi[2],const u128 Htable[16],const u8 *inp, size_t len); # endif /* OPENSSL_SYS_AIX || OPENSSL_SYS_MACOSX */ # endif /* PPC */ -# if (defined(__arm__) || defined(__arm) || defined(__aarch64__)) +# if (defined(__arm__) || defined(__arm) || defined(__aarch64__) || defined(_M_ARM64)) # include "arm_arch.h" # if __ARM_MAX_ARCH__>=7 # if defined(BSAES_ASM) @@ -106,7 +106,7 @@ void gcm_ghash_p8(u64 Xi[2],const u128 Htable[16],const u8 *inp, size_t len); # define HWAES_decrypt aes_v8_decrypt # define HWAES_cbc_encrypt aes_v8_cbc_encrypt # define HWAES_ecb_encrypt aes_v8_ecb_encrypt -# if __ARM_MAX_ARCH__>=8 && defined(__aarch64__) +# if __ARM_MAX_ARCH__>=8 && (defined(__aarch64__) || defined(_M_ARM64)) # define HWAES_xts_encrypt aes_v8_xts_encrypt # define HWAES_xts_decrypt aes_v8_xts_decrypt # endif @@ -114,7 +114,7 @@ void gcm_ghash_p8(u64 Xi[2],const u128 Htable[16],const u8 *inp, size_t len); # define AES_PMULL_CAPABLE ((OPENSSL_armcap_P & ARMV8_PMULL) && (OPENSSL_armcap_P & ARMV8_AES)) # define AES_GCM_ENC_BYTES 512 # define AES_GCM_DEC_BYTES 512 -# if __ARM_MAX_ARCH__>=8 && defined(__aarch64__) +# if __ARM_MAX_ARCH__>=8 && (defined(__aarch64__) || defined(_M_ARM64)) # define AES_gcm_encrypt armv8_aes_gcm_encrypt # define AES_gcm_decrypt armv8_aes_gcm_decrypt # define AES_GCM_ASM(gctx) ((gctx)->ctr==aes_v8_ctr32_encrypt_blocks && \ diff --git a/include/crypto/sm4_platform.h b/include/crypto/sm4_platform.h index 8a26885097b38a3f363ff19de1d3ebf4f1ae9155..cc4f514256c2207a42e545ee5e5b689a746694e6 100644 --- a/include/crypto/sm4_platform.h +++ b/include/crypto/sm4_platform.h @@ -12,7 +12,7 @@ # pragma once # if defined(OPENSSL_CPUID_OBJ) -# if defined(__aarch64__) +# if defined(__aarch64__) || defined (_M_ARM64) # include "arm_arch.h" extern unsigned int OPENSSL_arm_midr; static inline int vpsm4_capable(void) diff --git a/include/internal/quic_thread_assist.h b/include/internal/quic_thread_assist.h index 7d1b47453a1549fddba9854e08418e82d5e78f94..592c2ffabffebda8200caf7cec4d6aa507264fe0 100644 --- a/include/internal/quic_thread_assist.h +++ b/include/internal/quic_thread_assist.h @@ -12,6 +12,7 @@ # include # include "internal/thread.h" +# include "internal/time.h" # if defined(OPENSSL_NO_QUIC) || defined(OPENSSL_NO_THREAD_POOL) # define OPENSSL_NO_QUIC_THREAD_ASSIST @@ -46,6 +47,8 @@ typedef struct quic_thread_assist_st { CRYPTO_CONDVAR *cv; CRYPTO_THREAD *t; int teardown, joined; + OSSL_TIME (*now_cb)(void *arg); + void *now_cb_arg; } QUIC_THREAD_ASSIST; /* @@ -55,7 +58,9 @@ typedef struct quic_thread_assist_st { * not affect the state of the mutex. */ int ossl_quic_thread_assist_init_start(QUIC_THREAD_ASSIST *qta, - QUIC_CHANNEL *ch); + QUIC_CHANNEL *ch, + OSSL_TIME (*now_cb)(void *arg), + void *now_cb_arg); /* * Request the thread assist helper to begin stopping the assist thread. This diff --git a/include/openssl/cmp.h.in b/include/openssl/cmp.h.in index e6af016c7fe4d74052fcb34c968b193b292df693..5bd8beb57a14dbe1d743343586b63c581b9dd7b7 100644 --- a/include/openssl/cmp.h.in +++ b/include/openssl/cmp.h.in @@ -285,9 +285,10 @@ const char *OSSL_CMP_CTX_get0_propq(const OSSL_CMP_CTX *ctx); /* CMP general options: */ # define OSSL_CMP_OPT_LOG_VERBOSITY 0 /* CMP transfer options: */ -# define OSSL_CMP_OPT_KEEP_ALIVE 10 -# define OSSL_CMP_OPT_MSG_TIMEOUT 11 +# define OSSL_CMP_OPT_KEEP_ALIVE 10 +# define OSSL_CMP_OPT_MSG_TIMEOUT 11 # define OSSL_CMP_OPT_TOTAL_TIMEOUT 12 +# define OSSL_CMP_OPT_USE_TLS 13 /* CMP request options: */ # define OSSL_CMP_OPT_VALIDITY_DAYS 20 # define OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT 21 diff --git a/include/openssl/e_ostime.h b/include/openssl/e_ostime.h new file mode 100644 index 0000000000000000000000000000000000000000..8a7cc9880fa797e98a2ea562afb5ebf75e2bd75c --- /dev/null +++ b/include/openssl/e_ostime.h @@ -0,0 +1,30 @@ +/* + * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_E_OSTIME_H +# define OPENSSL_E_OSTIME_H +# pragma once + +# include +# include +# include + +/* + * This header guarantees that 'struct timeval' will be available. It includes + * the minimum headers needed to facilitate this. This may still be a + * substantial set of headers on some platforms (e.g. on Win32). + */ + +# if defined(OPENSSL_SYS_WINDOWS) +# include +# else +# include +# endif + +#endif diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in index 5df101ff8721014754a5d854ec8e3042bd8c5dd0..59b587e657e67eae5115d4efa3613259fe3e3d07 100644 --- a/include/openssl/ssl.h.in +++ b/include/openssl/ssl.h.in @@ -25,6 +25,7 @@ use OpenSSL::stackhash qw(generate_stack_macros generate_const_stack_macros); # endif # include +# include # include # include # include diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c index 1d6b1f3730277bc0a1ad49338defdb1e57a5f5f5..795a3f2fab0b734d01783abb96b803f8867ee018 100644 --- a/providers/implementations/keymgmt/dh_kmgmt.c +++ b/providers/implementations/keymgmt/dh_kmgmt.c @@ -392,7 +392,7 @@ static int dh_validate_public(const DH *dh, int checktype) && ossl_dh_is_named_safe_prime_group(dh)) return ossl_dh_check_pub_key_partial(dh, pub_key, &res); - return DH_check_pub_key(dh, pub_key, &res); + return DH_check_pub_key_ex(dh, pub_key); } static int dh_validate_private(const DH *dh) diff --git a/providers/implementations/macs/kmac_prov.c b/providers/implementations/macs/kmac_prov.c index 4d920c249a74e3b13ea073f3bc3cb53d7abbf6f6..ddaab4ba86dc6d784f52a0ce28289f58c5567369 100644 --- a/providers/implementations/macs/kmac_prov.c +++ b/providers/implementations/macs/kmac_prov.c @@ -249,7 +249,7 @@ static int kmac_setkey(struct kmac_data_st *kctx, const unsigned char *key, ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); return 0; } - if (w < 0) { + if (w <= 0) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST_LENGTH); return 0; } @@ -289,7 +289,7 @@ static int kmac_init(void *vmacctx, const unsigned char *key, return 0; t = EVP_MD_get_block_size(ossl_prov_digest_md(&kctx->digest)); - if (t < 0) { + if (t <= 0) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST_LENGTH); return 0; } diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c index cb927fa52d131263af5ec8d9dedb7a4985b9321f..29a283dca0b27707fc91bb9ffce1af047c8e65e4 100644 --- a/ssl/quic/quic_impl.c +++ b/ssl/quic/quic_impl.c @@ -1532,7 +1532,9 @@ static int ensure_channel_started(QCTX *ctx) #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST) if (qc->is_thread_assisted) - if (!ossl_quic_thread_assist_init_start(&qc->thread_assist, qc->ch)) { + if (!ossl_quic_thread_assist_init_start(&qc->thread_assist, qc->ch, + qc->override_now_cb, + qc->override_now_cb_arg)) { QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, "failed to start assist thread"); return 0; @@ -1834,6 +1836,7 @@ static int qc_wait_for_default_xso_for_read(QCTX *ctx) QUIC_STREAM *qs; int res; struct quic_wait_for_stream_args wargs; + OSSL_RTT_INFO rtt_info; /* * If default stream functionality is disabled or we already detached @@ -1888,8 +1891,15 @@ static int qc_wait_for_default_xso_for_read(QCTX *ctx) } /* - * We now have qs != NULL. Make it the default stream, creating the - * necessary XSO. + * We now have qs != NULL. Remove it from the incoming stream queue so that + * it isn't also returned by any future SSL_accept_stream calls. + */ + ossl_statm_get_rtt_info(ossl_quic_channel_get_statm(qc->ch), &rtt_info); + ossl_quic_stream_map_remove_from_accept_queue(ossl_quic_channel_get_qsm(qc->ch), + qs, rtt_info.smoothed_rtt); + + /* + * Now make qs the default stream, creating the necessary XSO. */ qc_set_default_xso(qc, create_xso_from_stream(qc, qs), /*touch=*/0); if (qc->default_xso == NULL) diff --git a/ssl/quic/quic_thread_assist.c b/ssl/quic/quic_thread_assist.c index b5c1829e8e6012c50098e7f02aca710e9c38e9bd..e1de72a910a8112345ee1005ada524847daf2972 100644 --- a/ssl/quic/quic_thread_assist.c +++ b/ssl/quic/quic_thread_assist.c @@ -28,11 +28,24 @@ static unsigned int assist_thread_main(void *arg) rtor = ossl_quic_channel_get_reactor(qta->ch); for (;;) { + OSSL_TIME deadline; + if (qta->teardown) break; - ossl_crypto_condvar_wait_timeout(qta->cv, m, - ossl_quic_reactor_get_tick_deadline(rtor)); + deadline = ossl_quic_reactor_get_tick_deadline(rtor); + if (qta->now_cb != NULL + && !ossl_time_is_zero(deadline) + && !ossl_time_is_infinite(deadline)) { + /* + * ossl_crypto_condvar_wait_timeout needs to use real time for the + * deadline + */ + deadline = ossl_time_add(ossl_time_subtract(deadline, + qta->now_cb(qta->now_cb_arg)), + ossl_time_now()); + } + ossl_crypto_condvar_wait_timeout(qta->cv, m, deadline); /* * We have now been woken up. This can be for one of the following @@ -56,7 +69,9 @@ static unsigned int assist_thread_main(void *arg) } int ossl_quic_thread_assist_init_start(QUIC_THREAD_ASSIST *qta, - QUIC_CHANNEL *ch) + QUIC_CHANNEL *ch, + OSSL_TIME (*now_cb)(void *arg), + void *now_cb_arg) { CRYPTO_MUTEX *mutex = ossl_quic_channel_get_mutex(ch); @@ -66,6 +81,8 @@ int ossl_quic_thread_assist_init_start(QUIC_THREAD_ASSIST *qta, qta->ch = ch; qta->teardown = 0; qta->joined = 0; + qta->now_cb = now_cb; + qta->now_cb_arg = now_cb_arg; qta->cv = ossl_crypto_condvar_new(); if (qta->cv == NULL) diff --git a/test/bio_addr_test.c b/test/bio_addr_test.c index 9ca007e51195dfa3d955d7de2607ba99af9b445a..38ea3de36c94d574543bf0daa1a8e6d9a6049bc7 100644 --- a/test/bio_addr_test.c +++ b/test/bio_addr_test.c @@ -80,8 +80,9 @@ static BIO_ADDR *make_dummy_addr(int family) static int bio_addr_is_eq(const BIO_ADDR *a, const BIO_ADDR *b) { - struct sockaddr_storage adata, bdata; + unsigned char *adata = NULL, *bdata = NULL; size_t alen, blen; + int ret = 0; /* True even if a and b are NULL */ if (a == b) @@ -98,15 +99,11 @@ static int bio_addr_is_eq(const BIO_ADDR *a, const BIO_ADDR *b) if (BIO_ADDR_rawport(a) != BIO_ADDR_rawport(b)) return 0; - if (!BIO_ADDR_rawaddress(a, NULL, &alen) - || alen > sizeof(adata) - || !BIO_ADDR_rawaddress(a, &adata, &alen)) + if (!BIO_ADDR_rawaddress(a, NULL, &alen)) return 0; - if (!BIO_ADDR_rawaddress(a, NULL, &blen) - || blen > sizeof(bdata) - || !BIO_ADDR_rawaddress(a, &bdata, &blen)) - return 0; + if (!BIO_ADDR_rawaddress(b, NULL, &blen)) + goto err; if (alen != blen) return 0; @@ -114,7 +111,22 @@ static int bio_addr_is_eq(const BIO_ADDR *a, const BIO_ADDR *b) if (alen == 0) return 1; - return memcmp(&adata, &bdata, alen) == 0; + adata = OPENSSL_malloc(alen); + if (!TEST_ptr(adata) + || !BIO_ADDR_rawaddress(a, adata, &alen)) + goto err; + + bdata = OPENSSL_malloc(blen); + if (!TEST_ptr(bdata) + || !BIO_ADDR_rawaddress(b, bdata, &blen)) + goto err; + + ret = (memcmp(adata, bdata, alen) == 0); + + err: + OPENSSL_free(adata); + OPENSSL_free(bdata); + return ret; } static int test_bio_addr_copy_dup(int idx) diff --git a/test/cmp_protect_test.c b/test/cmp_protect_test.c index 0d2311fc29c7399daef440ad4d750d3d9925c702..89f342458ec4e58d7b7effba4102ec0104d85e3a 100644 --- a/test/cmp_protect_test.c +++ b/test/cmp_protect_test.c @@ -38,15 +38,17 @@ static OSSL_PROVIDER *default_null_provider = NULL, *provider = NULL; static void tear_down(CMP_PROTECT_TEST_FIXTURE *fixture) { - OSSL_CMP_CTX_free(fixture->cmp_ctx); - OSSL_CMP_MSG_free(fixture->msg); - OSSL_CMP_PKISI_free(fixture->si); + if (fixture != NULL) { + OSSL_CMP_CTX_free(fixture->cmp_ctx); + OSSL_CMP_MSG_free(fixture->msg); + OSSL_CMP_PKISI_free(fixture->si); - OPENSSL_free(fixture->mem); - sk_X509_free(fixture->certs); - sk_X509_free(fixture->chain); + OPENSSL_free(fixture->mem); + sk_X509_free(fixture->certs); + sk_X509_free(fixture->chain); - OPENSSL_free(fixture); + OPENSSL_free(fixture); + } } static CMP_PROTECT_TEST_FIXTURE *set_up(const char *const test_case_name) diff --git a/test/ffc_internal_test.c b/test/ffc_internal_test.c index 0332e777c0aec39727cc9de3d316e952c8c0799a..c56d1d0e9982e5566ae8010d4245f519dfd57cc2 100644 --- a/test/ffc_internal_test.c +++ b/test/ffc_internal_test.c @@ -455,22 +455,20 @@ static int ffc_public_validate_test(void) if (!TEST_true(BN_set_word(pub, 1))) goto err; BN_set_negative(pub, 1); - /* Fail if public key is negative */ - if (!TEST_false(ossl_ffc_validate_public_key(params, pub, &res))) + /* Check must succeed but set res if public key is negative */ + if (!TEST_true(ossl_ffc_validate_public_key(params, pub, &res))) goto err; if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_SMALL, res)) goto err; if (!TEST_true(BN_set_word(pub, 0))) goto err; - if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_SMALL, res)) - goto err; - /* Fail if public key is zero */ - if (!TEST_false(ossl_ffc_validate_public_key(params, pub, &res))) + /* Check must succeed but set res if public key is zero */ + if (!TEST_true(ossl_ffc_validate_public_key(params, pub, &res))) goto err; if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_SMALL, res)) goto err; - /* Fail if public key is 1 */ - if (!TEST_false(ossl_ffc_validate_public_key(params, BN_value_one(), &res))) + /* Check must succeed but set res if public key is 1 */ + if (!TEST_true(ossl_ffc_validate_public_key(params, BN_value_one(), &res))) goto err; if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_SMALL, res)) goto err; @@ -482,24 +480,24 @@ static int ffc_public_validate_test(void) if (!TEST_ptr(BN_copy(pub, params->p))) goto err; - /* Fail if public key = p */ - if (!TEST_false(ossl_ffc_validate_public_key(params, pub, &res))) + /* Check must succeed but set res if public key = p */ + if (!TEST_true(ossl_ffc_validate_public_key(params, pub, &res))) goto err; if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_LARGE, res)) goto err; if (!TEST_true(BN_sub_word(pub, 1))) goto err; - /* Fail if public key = p - 1 */ - if (!TEST_false(ossl_ffc_validate_public_key(params, pub, &res))) + /* Check must succeed but set res if public key = p - 1 */ + if (!TEST_true(ossl_ffc_validate_public_key(params, pub, &res))) goto err; if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_LARGE, res)) goto err; if (!TEST_true(BN_sub_word(pub, 1))) goto err; - /* Fail if public key is not related to p & q */ - if (!TEST_false(ossl_ffc_validate_public_key(params, pub, &res))) + /* Check must succeed but set res if public key is not related to p & q */ + if (!TEST_true(ossl_ffc_validate_public_key(params, pub, &res))) goto err; if (!TEST_int_eq(FFC_ERROR_PUBKEY_INVALID, res)) goto err; @@ -510,14 +508,14 @@ static int ffc_public_validate_test(void) if (!TEST_true(ossl_ffc_validate_public_key(params, pub, &res))) goto err; - /* Fail if params is NULL */ - if (!TEST_false(ossl_ffc_validate_public_key(NULL, pub, &res))) + /* Check must succeed but set res if params is NULL */ + if (!TEST_true(ossl_ffc_validate_public_key(NULL, pub, &res))) goto err; if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res)) goto err; res = -1; - /* Fail if pubkey is NULL */ - if (!TEST_false(ossl_ffc_validate_public_key(params, NULL, &res))) + /* Check must succeed but set res if pubkey is NULL */ + if (!TEST_true(ossl_ffc_validate_public_key(params, NULL, &res))) goto err; if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res)) goto err; @@ -525,8 +523,8 @@ static int ffc_public_validate_test(void) BN_free(params->p); params->p = NULL; - /* Fail if params->p is NULL */ - if (!TEST_false(ossl_ffc_validate_public_key(params, pub, &res))) + /* Check must succeed but set res if params->p is NULL */ + if (!TEST_true(ossl_ffc_validate_public_key(params, pub, &res))) goto err; if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res)) goto err; diff --git a/test/provider_test.c b/test/provider_test.c index 3268a287a2f6d6dfcb09af52d913d29a05de7a28..2d20d12071ae74652243dd8e02293ada3bce5bbe 100644 --- a/test/provider_test.c +++ b/test/provider_test.c @@ -166,13 +166,15 @@ static int test_provider_ex(OSSL_LIB_CTX **libctx, const char *name) int ok = 0; long err; const char custom_buf[] = "Custom greeting"; - OSSL_PARAM_BLD *bld = OSSL_PARAM_BLD_new(); + OSSL_PARAM_BLD *bld = NULL; OSSL_PARAM *params = NULL; - OSSL_PARAM_BLD_push_utf8_string(bld, "greeting", custom_buf, strlen(custom_buf)); - params = OSSL_PARAM_BLD_to_param(bld); - - OSSL_PARAM_BLD_free(bld); + if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) + || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, "greeting", custom_buf, + strlen(custom_buf))) + || !TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))) { + goto err; + } if (!TEST_ptr(prov = OSSL_PROVIDER_load_ex(*libctx, name, params))) goto err; @@ -204,6 +206,7 @@ static int test_provider_ex(OSSL_LIB_CTX **libctx, const char *name) ERR_print_errors_fp(stderr); ok = 1; err: + OSSL_PARAM_BLD_free(bld); OSSL_PARAM_free(params); OSSL_PROVIDER_unload(prov); OSSL_LIB_CTX_free(*libctx); diff --git a/test/quic_multistream_test.c b/test/quic_multistream_test.c index 58b0831ebb9ae9c86f95aa8a44186eac51407eac..e4663ece172f7564b68fdaf3781df9d578fae278 100644 --- a/test/quic_multistream_test.c +++ b/test/quic_multistream_test.c @@ -4902,6 +4902,26 @@ static const struct script_op script_76[] = { OP_END }; +static const struct script_op script_77[] = { + OP_C_SET_ALPN ("ossltest") + OP_C_CONNECT_WAIT () + + OP_C_SET_INCOMING_STREAM_POLICY(SSL_INCOMING_STREAM_POLICY_ACCEPT) + + OP_S_NEW_STREAM_BIDI (a, S_BIDI_ID(0)) + OP_S_WRITE (a, "Strawberry", 10) + + OP_C_READ_EXPECT (DEFAULT, "Strawberry", 10) + + OP_S_NEW_STREAM_BIDI (b, S_BIDI_ID(1)) + OP_S_WRITE (b, "xyz", 3) + + OP_C_ACCEPT_STREAM_WAIT (b) + OP_C_READ_EXPECT (b, "xyz", 3) + + OP_END +}; + static const struct script_op *const scripts[] = { script_1, script_2, @@ -4978,7 +4998,8 @@ static const struct script_op *const scripts[] = { script_73, script_74, script_75, - script_76 + script_76, + script_77 }; static int test_script(int idx) diff --git a/test/recipes/05-test_rand.t b/test/recipes/05-test_rand.t index 60fcb04ca6f013af92726da9ac87a4a4e04e64ca..6d097c1721a99402eca7ecd736cbf130999c29dc 100644 --- a/test/recipes/05-test_rand.t +++ b/test/recipes/05-test_rand.t @@ -29,12 +29,12 @@ SKIP: { @randdata = run(app(['openssl', 'rand', '-engine', 'ossltest', '-hex', '16' ]), capture => 1, statusvar => \$success); chomp(@randdata); - ok($success and $randdata[0] eq $expected, + ok($success && $randdata[0] eq $expected, "rand with ossltest: Check rand output is as expected"); @randdata = run(app(['openssl', 'rand', '-engine', 'dasync', '-hex', '16' ]), capture => 1, statusvar => \$success); chomp(@randdata); - ok($success and length($randdata[0]) == 32, + ok($success && length($randdata[0]) == 32, "rand with dasync: Check rand output is of expected length"); } diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t index 48af75ab2eb4f71a26f54419bbd3879281ffe0d4..1c8fce86fd86a17c291baf72fe915ba7f81ff70b 100644 --- a/test/recipes/25-test_verify.t +++ b/test/recipes/25-test_verify.t @@ -369,6 +369,19 @@ SKIP: { skip "EC is not supported or FIPS is disabled", 7 if disabled("ec") || $no_fips; + $ENV{OPENSSL_CONF} = $provconf; + + ok(verify("ee-cert-ec-sha3-224", "", ["root-cert"], ["ca-cert-ec-named"], @prov), + "accept cert generated with EC and SHA3-224 w/fips"); + ok(verify("ee-cert-ec-sha3-256", "", ["root-cert"], ["ca-cert-ec-named"], @prov), + "accept cert generated with EC and SHA3-256 w/fips"); + ok(verify("ee-cert-ec-sha3-384", "", ["root-cert"], ["ca-cert-ec-named"], @prov), + "accept cert generated with EC and SHA3-384 w/fips"); + ok(verify("ee-cert-ec-sha3-512", "", ["root-cert"], ["ca-cert-ec-named"], @prov), + "accept cert generated with EC and SHA3-512 w/fips"); + + delete $ENV{OPENSSL_CONF}; + run(test(["fips_version_test", "-config", $provconf, ">3.0.0"]), capture => 1, statusvar => \my $exit); skip "FIPS provider version is too old", 3 @@ -385,15 +398,6 @@ SKIP: { ok(verify("ee-cert-ec-named-named", "", ["root-cert"], ["ca-cert-ec-named"], @prov), "accept named curve leaf with named curve intermediate w/fips"); - ok(verify("ee-cert-ec-sha3-224", "", ["root-cert"], ["ca-cert-ec-named"], @prov), - "accept cert generated with EC and SHA3-224 w/fips"); - ok(verify("ee-cert-ec-sha3-256", "", ["root-cert"], ["ca-cert-ec-named"], @prov), - "accept cert generated with EC and SHA3-256 w/fips"); - ok(verify("ee-cert-ec-sha3-384", "", ["root-cert"], ["ca-cert-ec-named"], @prov), - "accept cert generated with EC and SHA3-384 w/fips"); - ok(verify("ee-cert-ec-sha3-512", "", ["root-cert"], ["ca-cert-ec-named"], @prov), - "accept cert generated with EC and SHA3-512 w/fips"); - delete $ENV{OPENSSL_CONF}; } diff --git a/test/recipes/80-test_cmp_http_data/test_connection.csv b/test/recipes/80-test_cmp_http_data/test_connection.csv index 202eb223c496a7349376206c0c34df40535af22c..8814da5009bda7d69d42fbfc22006e8608a6dfeb 100644 --- a/test/recipes/80-test_cmp_http_data/test_connection.csv +++ b/test/recipes/80-test_cmp_http_data/test_connection.csv @@ -21,6 +21,8 @@ TBD,server IP address with TLS port, -section,, -server,_SERVER_IP:_SERVER_TLS,, 0,proxy default port, -section,, -server,_SERVER_HOST:_SERVER_PORT, -proxy,127.0.0.1, -no_proxy,nonmatch.com,BLANK,,,,-msg_timeout,1,BLANK,,BLANK, 0,proxy missing argument, -section,, -server,_SERVER_HOST:_SERVER_PORT, -proxy,, -no_proxy,nonmatch.com,BLANK,,,,BLANK,,BLANK,,BLANK, ,,,,,,,,,,,,,,,,,,, +0,tls_used, -section,, -server,_SERVER_HOST:_SERVER_PORT,,,,,-tls_used,,,,-msg_timeout,1,BLANK,,BLANK, +,,,,,,,,,,,,,,,,,,, 1,path explicit, -section,, -server,_SERVER_HOST:_SERVER_PORT,,,,,BLANK,, -path,_SERVER_PATH,BLANK,,BLANK,,BLANK, 1,path overrides -server path, -section,, -server,_SERVER_HOST:_SERVER_PORT/ignored,,,,,BLANK,, -path,_SERVER_PATH,BLANK,,BLANK,,BLANK, 1,path default -server path, -section,, -server,_SERVER_HOST:_SERVER_PORT/_SERVER_PATH,,,,,BLANK,, -path,"""",BLANK,,BLANK,,BLANK, diff --git a/test/trace_api_test.c b/test/trace_api_test.c index e12750f06a70b8f5133077247ad280360feea7f1..f4f7ab42d46a69e8b4375cc19d0335d5b1736002 100644 --- a/test/trace_api_test.c +++ b/test/trace_api_test.c @@ -84,14 +84,14 @@ static int put_trace_output(void) int res = 1; OSSL_TRACE_BEGIN(HTTP) { - res = TEST_int_eq(BIO_printf(trc_out, OSSL_HELLO), strlen(OSSL_HELLO)) - + TEST_int_eq(trace_string(0, 0, OSSL_STR80), strlen(OSSL_STR80)) - + TEST_int_eq(trace_string(0, 0, OSSL_STR81), strlen(OSSL_STR80)) - + TEST_int_eq(trace_string(1, 1, OSSL_CTRL), strlen(OSSL_CTRL)) - + TEST_int_eq(trace_string(0, 1, OSSL_MASKED), strlen(OSSL_MASKED) - + 1) /* newline added */ - + TEST_int_eq(BIO_printf(trc_out, OSSL_BYE), strlen(OSSL_BYE)) - == 6; + res = TEST_int_eq(BIO_printf(trc_out, OSSL_HELLO), strlen(OSSL_HELLO)); + res += TEST_int_eq(trace_string(0, 0, OSSL_STR80), strlen(OSSL_STR80)); + res += TEST_int_eq(trace_string(0, 0, OSSL_STR81), strlen(OSSL_STR80)); + res += TEST_int_eq(trace_string(1, 1, OSSL_CTRL), strlen(OSSL_CTRL)); + res += TEST_int_eq(trace_string(0, 1, OSSL_MASKED), strlen(OSSL_MASKED) + + 1); /* newline added */ + res += TEST_int_eq(BIO_printf(trc_out, OSSL_BYE), strlen(OSSL_BYE)); + res = res == 6; /* not using '&&' but '+' to catch potentially multiple test failures */ } OSSL_TRACE_END(HTTP); return res;