diff options
| author | neel <neel@FreeBSD.org> | 2014-10-19 23:05:18 +0000 |
|---|---|---|
| committer | neel <neel@FreeBSD.org> | 2014-10-19 23:05:18 +0000 |
| commit | 53c23ba9a2104ef3682a2b22cb1ab9269ca0745d (patch) | |
| tree | 5660ad82f8ccde1ac8cad42c5caa05dc307f1c94 | |
| parent | 13e9198693c3c4ccfd604fbab375f3b96aa149dc (diff) | |
| parent | 0486efbb500e4ad95f421a2b8786764022256893 (diff) | |
| download | FreeBSD-src-53c23ba9a2104ef3682a2b22cb1ab9269ca0745d.zip FreeBSD-src-53c23ba9a2104ef3682a2b22cb1ab9269ca0745d.tar.gz | |
IFC @r273206
606 files changed, 5361 insertions, 3793 deletions
diff --git a/ObsoleteFiles.inc b/ObsoleteFiles.inc index 3c4878b..debdbc6 100644 --- a/ObsoleteFiles.inc +++ b/ObsoleteFiles.inc @@ -38,6 +38,8 @@ # xargs -n1 | sort | uniq -d; # done +# 20141015: OpenSSL 1.0.1j import +OLD_FILES+=usr/share/openssl/man/man3/CMS_sign_add1_signer.3.gz # 20140922: sleepq_calc_signal_retval.9 and sleepq_catch_signals.9 removed OLD_FILES+=usr/share/man/man9/sleepq_calc_signal_retval.9.gz OLD_FILES+=usr/share/man/man9/sleepq_catch_signals.9.gz diff --git a/bin/sh/expand.c b/bin/sh/expand.c index b716f5c..e0be64a 100644 --- a/bin/sh/expand.c +++ b/bin/sh/expand.c @@ -884,24 +884,22 @@ varvalue(const char *name, int quoted, int subtype, int flag) switch (*name) { case '$': num = rootpid; - goto numvar; + break; case '?': num = oexitstatus; - goto numvar; + break; case '#': num = shellparam.nparam; - goto numvar; + break; case '!': num = backgndpidval(); -numvar: - expdest = cvtnum(num, expdest); break; case '-': for (i = 0 ; i < NOPTS ; i++) { if (optlist[i].val) STPUTC(optlist[i].letter, expdest); } - break; + return; case '@': if (flag & EXP_FULL && quoted) { for (ap = shellparam.p ; (p = *ap++) != NULL ; ) { @@ -909,7 +907,7 @@ numvar: if (*ap) STPUTC('\0', expdest); } - break; + return; } /* FALLTHROUGH */ case '*': @@ -924,7 +922,7 @@ numvar: if (sep || (flag & EXP_FULL && !quoted && **ap != '\0')) STPUTC(sep, expdest); } - break; + return; default: if (is_digit(*name)) { num = atoi(name); @@ -933,11 +931,12 @@ numvar: else if (num > 0 && num <= shellparam.nparam) p = shellparam.p[num - 1]; else - break; + return; strtodest(p, flag, subtype, quoted); } - break; + return; } + expdest = cvtnum(num, expdest); } @@ -1105,24 +1104,23 @@ expandmeta(struct strlist *str, int flag __unused) /* TODO - EXP_REDIR */ while (str) { - if (fflag) - goto nometa; - p = str->text; - for (;;) { /* fast check for meta chars */ - if ((c = *p++) == '\0') - goto nometa; - if (c == '*' || c == '?' || c == '[') - break; - } savelastp = exparg.lastp; - INTOFF; - expmeta(expdir, str->text); - INTON; + if (!fflag) { + p = str->text; + for (; (c = *p) != '\0'; p++) { + /* fast check for meta chars */ + if (c == '*' || c == '?' || c == '[') { + INTOFF; + expmeta(expdir, str->text); + INTON; + break; + } + } + } if (exparg.lastp == savelastp) { /* * no matches */ -nometa: *exparg.lastp = str; rmescapes(str->text); exparg.lastp = &str->next; diff --git a/bin/sh/jobs.c b/bin/sh/jobs.c index 218e63d..765e6a2 100644 --- a/bin/sh/jobs.c +++ b/bin/sh/jobs.c @@ -592,23 +592,23 @@ getjob_nonotfound(const char *name) if (name == NULL) { #if JOBS -currentjob: if ((jp = getcurjob(NULL)) == NULL) - error("No current job"); - return (jp); + name = "%+"; #else error("No current job"); #endif - } else if (name[0] == '%') { + } + if (name[0] == '%') { if (is_digit(name[1])) { jobno = number(name + 1); if (jobno > 0 && jobno <= njobs && jobtab[jobno - 1].used != 0) return &jobtab[jobno - 1]; #if JOBS - } else if (name[1] == '%' && name[2] == '\0') { - goto currentjob; - } else if (name[1] == '+' && name[2] == '\0') { - goto currentjob; + } else if ((name[1] == '%' || name[1] == '+') && + name[2] == '\0') { + if ((jp = getcurjob(NULL)) == NULL) + error("No current job"); + return (jp); } else if (name[1] == '-' && name[2] == '\0') { if ((jp = getcurjob(NULL)) == NULL || (jp = getcurjob(jp)) == NULL) @@ -1288,13 +1288,43 @@ commandtext(union node *n) static void +cmdtxtdogroup(union node *n) +{ + cmdputs("; do "); + cmdtxt(n); + cmdputs("; done"); +} + + +static void +cmdtxtredir(union node *n, const char *op, int deffd) +{ + char s[2]; + + if (n->nfile.fd != deffd) { + s[0] = n->nfile.fd + '0'; + s[1] = '\0'; + cmdputs(s); + } + cmdputs(op); + if (n->type == NTOFD || n->type == NFROMFD) { + if (n->ndup.dupfd >= 0) + s[0] = n->ndup.dupfd + '0'; + else + s[0] = '-'; + s[1] = '\0'; + cmdputs(s); + } else { + cmdtxt(n->nfile.fname); + } +} + + +static void cmdtxt(union node *n) { union node *np; struct nodelist *lp; - const char *p; - int i; - char s[2]; if (n == NULL) return; @@ -1339,14 +1369,13 @@ cmdtxt(union node *n) break; case NWHILE: cmdputs("while "); - goto until; + cmdtxt(n->nbinary.ch1); + cmdtxtdogroup(n->nbinary.ch2); + break; case NUNTIL: cmdputs("until "); -until: cmdtxt(n->nbinary.ch1); - cmdputs("; do "); - cmdtxt(n->nbinary.ch2); - cmdputs("; done"); + cmdtxtdogroup(n->nbinary.ch2); break; case NFOR: cmdputs("for "); @@ -1381,36 +1410,25 @@ until: cmdputs(n->narg.text); break; case NTO: - p = ">"; i = 1; goto redir; + cmdtxtredir(n, ">", 1); + break; case NAPPEND: - p = ">>"; i = 1; goto redir; + cmdtxtredir(n, ">>", 1); + break; case NTOFD: - p = ">&"; i = 1; goto redir; + cmdtxtredir(n, ">&", 1); + break; case NCLOBBER: - p = ">|"; i = 1; goto redir; + cmdtxtredir(n, ">|", 1); + break; case NFROM: - p = "<"; i = 0; goto redir; + cmdtxtredir(n, "<", 0); + break; case NFROMTO: - p = "<>"; i = 0; goto redir; + cmdtxtredir(n, "<>", 0); + break; case NFROMFD: - p = "<&"; i = 0; goto redir; -redir: - if (n->nfile.fd != i) { - s[0] = n->nfile.fd + '0'; - s[1] = '\0'; - cmdputs(s); - } - cmdputs(p); - if (n->type == NTOFD || n->type == NFROMFD) { - if (n->ndup.dupfd >= 0) - s[0] = n->ndup.dupfd + '0'; - else - s[0] = '-'; - s[1] = '\0'; - cmdputs(s); - } else { - cmdtxt(n->nfile.fname); - } + cmdtxtredir(n, "<&", 0); break; case NHERE: case NXHERE: diff --git a/bin/sh/parser.c b/bin/sh/parser.c index f1f4e07..a8ecf03 100644 --- a/bin/sh/parser.c +++ b/bin/sh/parser.c @@ -889,7 +889,9 @@ xxreadtoken(void) continue; } pungetc(); - goto breakloop; + /* FALLTHROUGH */ + default: + return readtoken1(c, BASESYNTAX, (char *)NULL, 0); case '\n': plinno++; needprompt = doprompt; @@ -918,12 +920,8 @@ xxreadtoken(void) RETURN(TLP); case ')': RETURN(TRP); - default: - goto breakloop; } } -breakloop: - return readtoken1(c, BASESYNTAX, (char *)NULL, 0); #undef RETURN } @@ -979,6 +977,63 @@ checkend(int c, const char *eofmark, int striptabs) /* + * Parse a redirection operator. The variable "out" points to a string + * specifying the fd to be redirected. The variable "c" contains the + * first character of the redirection operator. + */ + +static void +parseredir(char *out, int c) +{ + char fd = *out; + union node *np; + + np = (union node *)stalloc(sizeof (struct nfile)); + if (c == '>') { + np->nfile.fd = 1; + c = pgetc(); + if (c == '>') + np->type = NAPPEND; + else if (c == '&') + np->type = NTOFD; + else if (c == '|') + np->type = NCLOBBER; + else { + np->type = NTO; + pungetc(); + } + } else { /* c == '<' */ + np->nfile.fd = 0; + c = pgetc(); + if (c == '<') { + if (sizeof (struct nfile) != sizeof (struct nhere)) { + np = (union node *)stalloc(sizeof (struct nhere)); + np->nfile.fd = 0; + } + np->type = NHERE; + heredoc = (struct heredoc *)stalloc(sizeof (struct heredoc)); + heredoc->here = np; + if ((c = pgetc()) == '-') { + heredoc->striptabs = 1; + } else { + heredoc->striptabs = 0; + pungetc(); + } + } else if (c == '&') + np->type = NFROMFD; + else if (c == '>') + np->type = NFROMTO; + else { + np->type = NFROM; + pungetc(); + } + } + if (fd != '\0') + np->nfile.fd = digit_val(fd); + redirnode = np; +} + +/* * Called to parse command substitutions. */ @@ -1039,10 +1094,10 @@ parsebackq(char *out, struct nodelist **pbqlist, needprompt = 0; } CHECKSTRSPACE(2, oout); - switch (c = pgetc()) { - case '`': - goto done; - + c = pgetc(); + if (c == '`') + break; + switch (c) { case '\\': if ((c = pgetc()) == '\n') { plinno++; @@ -1078,7 +1133,6 @@ parsebackq(char *out, struct nodelist **pbqlist, } USTPUTC(c, oout); } -done: USTPUTC('\0', oout); olen = oout - stackblock(); INTOFF; @@ -1309,7 +1363,6 @@ readcstyleesc(char *out) * will run code that appears at the end of readtoken1. */ -#define PARSEREDIR() {goto parseredir; parseredir_return:;} #define PARSESUB() {goto parsesub; parsesub_return:;} #define PARSEARITH() {goto parsearith; parsearith_return:;} @@ -1509,7 +1562,7 @@ endword: && quotef == 0 && len <= 2 && (*out == '\0' || is_digit(*out))) { - PARSEREDIR(); + parseredir(out, c); return lasttoken = TREDIR; } else { pungetc(); @@ -1524,63 +1577,6 @@ endword: /* - * Parse a redirection operator. The variable "out" points to a string - * specifying the fd to be redirected. The variable "c" contains the - * first character of the redirection operator. - */ - -parseredir: { - char fd = *out; - union node *np; - - np = (union node *)stalloc(sizeof (struct nfile)); - if (c == '>') { - np->nfile.fd = 1; - c = pgetc(); - if (c == '>') - np->type = NAPPEND; - else if (c == '&') - np->type = NTOFD; - else if (c == '|') - np->type = NCLOBBER; - else { - np->type = NTO; - pungetc(); - } - } else { /* c == '<' */ - np->nfile.fd = 0; - c = pgetc(); - if (c == '<') { - if (sizeof (struct nfile) != sizeof (struct nhere)) { - np = (union node *)stalloc(sizeof (struct nhere)); - np->nfile.fd = 0; - } - np->type = NHERE; - heredoc = (struct heredoc *)stalloc(sizeof (struct heredoc)); - heredoc->here = np; - if ((c = pgetc()) == '-') { - heredoc->striptabs = 1; - } else { - heredoc->striptabs = 0; - pungetc(); - } - } else if (c == '&') - np->type = NFROMFD; - else if (c == '>') - np->type = NFROMTO; - else { - np->type = NFROM; - pungetc(); - } - } - if (fd != '\0') - np->nfile.fd = digit_val(fd); - redirnode = np; - goto parseredir_return; -} - - -/* * Parse a substitution. At this point, we have read the dollar sign * and nothing else. */ diff --git a/cddl/contrib/opensolaris/cmd/dtrace/test/tst/common/usdt/main.c b/cddl/contrib/opensolaris/cmd/dtrace/test/tst/common/usdt/main.c deleted file mode 100644 index 9dc0a0e..0000000 --- a/cddl/contrib/opensolaris/cmd/dtrace/test/tst/common/usdt/main.c +++ /dev/null @@ -1,11 +0,0 @@ -#include <stdlib.h> -#include <sys/sdt.h> -#include "prov.h" - -int -main(int argc, char **argv, char **envp) -{ - envp[0] = (char*)0xff; - TESTER_ENTRY(); - return 0; -} diff --git a/crypto/openssl/CHANGES b/crypto/openssl/CHANGES index 064c1d9..277b46f 100644 --- a/crypto/openssl/CHANGES +++ b/crypto/openssl/CHANGES @@ -2,6 +2,57 @@ OpenSSL CHANGES _______________ + Changes between 1.0.1i and 1.0.1j [15 Oct 2014] + + *) SRTP Memory Leak. + + A flaw in the DTLS SRTP extension parsing code allows an attacker, who + sends a carefully crafted handshake message, to cause OpenSSL to fail + to free up to 64k of memory causing a memory leak. This could be + exploited in a Denial Of Service attack. This issue affects OpenSSL + 1.0.1 server implementations for both SSL/TLS and DTLS regardless of + whether SRTP is used or configured. Implementations of OpenSSL that + have been compiled with OPENSSL_NO_SRTP defined are not affected. + + The fix was developed by the OpenSSL team. + (CVE-2014-3513) + [OpenSSL team] + + *) Session Ticket Memory Leak. + + When an OpenSSL SSL/TLS/DTLS server receives a session ticket the + integrity of that ticket is first verified. In the event of a session + ticket integrity check failing, OpenSSL will fail to free memory + causing a memory leak. By sending a large number of invalid session + tickets an attacker could exploit this issue in a Denial Of Service + attack. + (CVE-2014-3567) + [Steve Henson] + + *) Build option no-ssl3 is incomplete. + + When OpenSSL is configured with "no-ssl3" as a build option, servers + could accept and complete a SSL 3.0 handshake, and clients could be + configured to send them. + (CVE-2014-3568) + [Akamai and the OpenSSL team] + + *) Add support for TLS_FALLBACK_SCSV. + Client applications doing fallback retries should call + SSL_set_mode(s, SSL_MODE_SEND_FALLBACK_SCSV). + (CVE-2014-3566) + [Adam Langley, Bodo Moeller] + + *) Add additional DigestInfo checks. + + Reencode DigestInto in DER and check against the original when + verifying RSA signature: this will reject any improperly encoded + DigestInfo structures. + + Note: this is a precautionary measure and no attacks are currently known. + + [Steve Henson] + Changes between 1.0.1h and 1.0.1i [6 Aug 2014] *) Fix SRP buffer overrun vulnerability. Invalid parameters passed to the diff --git a/crypto/openssl/Configure b/crypto/openssl/Configure index 36844b7..6f0da76 100755 --- a/crypto/openssl/Configure +++ b/crypto/openssl/Configure @@ -1767,6 +1767,9 @@ open(OUT,'>crypto/opensslconf.h.new') || die "unable to create crypto/opensslcon print OUT "/* opensslconf.h */\n"; print OUT "/* WARNING: Generated automatically from opensslconf.h.in by Configure. */\n\n"; +print OUT "#ifdef __cplusplus\n"; +print OUT "extern \"C\" {\n"; +print OUT "#endif\n"; print OUT "/* OpenSSL was configured with the following options: */\n"; my $openssl_algorithm_defines_trans = $openssl_algorithm_defines; $openssl_experimental_defines =~ s/^\s*#\s*define\s+OPENSSL_NO_(.*)/#ifndef OPENSSL_EXPERIMENTAL_$1\n# ifndef OPENSSL_NO_$1\n# define OPENSSL_NO_$1\n# endif\n#endif/mg; @@ -1871,6 +1874,9 @@ while (<IN>) { print OUT $_; } } close(IN); +print OUT "#ifdef __cplusplus\n"; +print OUT "}\n"; +print OUT "#endif\n"; close(OUT); rename("crypto/opensslconf.h","crypto/opensslconf.h.bak") || die "unable to rename crypto/opensslconf.h\n" if -e "crypto/opensslconf.h"; rename("crypto/opensslconf.h.new","crypto/opensslconf.h") || die "unable to rename crypto/opensslconf.h.new\n"; diff --git a/crypto/openssl/Makefile b/crypto/openssl/Makefile index 998c032..d475c12 100644 --- a/crypto/openssl/Makefile +++ b/crypto/openssl/Makefile @@ -4,7 +4,7 @@ ## Makefile for OpenSSL ## -VERSION=1.0.1i +VERSION=1.0.1j MAJOR=1 MINOR=0.1 SHLIB_VERSION_NUMBER=1.0.0 diff --git a/crypto/openssl/NEWS b/crypto/openssl/NEWS index 8b2be4b..512a667 100644 --- a/crypto/openssl/NEWS +++ b/crypto/openssl/NEWS @@ -5,6 +5,13 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 1.0.1i and OpenSSL 1.0.1j [15 Oct 2014] + + o Fix for CVE-2014-3513 + o Fix for CVE-2014-3567 + o Mitigation for CVE-2014-3566 (SSL protocol vulnerability) + o Fix for CVE-2014-3568 + Major changes between OpenSSL 1.0.1h and OpenSSL 1.0.1i [6 Aug 2014] o Fix for CVE-2014-3512 diff --git a/crypto/openssl/README b/crypto/openssl/README index b2cf1ce..cb90c9f 100644 --- a/crypto/openssl/README +++ b/crypto/openssl/README @@ -1,5 +1,5 @@ - OpenSSL 1.0.1i 6 Aug 2014 + OpenSSL 1.0.1j 15 Oct 2014 Copyright (c) 1998-2011 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson diff --git a/crypto/openssl/apps/s_client.c b/crypto/openssl/apps/s_client.c index 4625467..c2e160c 100644 --- a/crypto/openssl/apps/s_client.c +++ b/crypto/openssl/apps/s_client.c @@ -337,6 +337,7 @@ static void sc_usage(void) BIO_printf(bio_err," -tls1_1 - just use TLSv1.1\n"); BIO_printf(bio_err," -tls1 - just use TLSv1\n"); BIO_printf(bio_err," -dtls1 - just use DTLSv1\n"); + BIO_printf(bio_err," -fallback_scsv - send TLS_FALLBACK_SCSV\n"); BIO_printf(bio_err," -mtu - set the link layer MTU\n"); BIO_printf(bio_err," -no_tls1_2/-no_tls1_1/-no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n"); BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n"); @@ -617,6 +618,7 @@ int MAIN(int argc, char **argv) char *sess_out = NULL; struct sockaddr peer; int peerlen = sizeof(peer); + int fallback_scsv = 0; int enable_timeouts = 0 ; long socket_mtu = 0; #ifndef OPENSSL_NO_JPAKE @@ -823,6 +825,10 @@ int MAIN(int argc, char **argv) meth=DTLSv1_client_method(); socket_type=SOCK_DGRAM; } + else if (strcmp(*argv,"-fallback_scsv") == 0) + { + fallback_scsv = 1; + } else if (strcmp(*argv,"-timeout") == 0) enable_timeouts=1; else if (strcmp(*argv,"-mtu") == 0) @@ -1235,6 +1241,10 @@ bad: SSL_set_session(con, sess); SSL_SESSION_free(sess); } + + if (fallback_scsv) + SSL_set_mode(con, SSL_MODE_SEND_FALLBACK_SCSV); + #ifndef OPENSSL_NO_TLSEXT if (servername != NULL) { diff --git a/crypto/openssl/crypto/Makefile b/crypto/openssl/crypto/Makefile index 2498df2..b57dd78 100644 --- a/crypto/openssl/crypto/Makefile +++ b/crypto/openssl/crypto/Makefile @@ -32,6 +32,7 @@ CPUID_OBJ=mem_clr.o LIBS= GENERAL=Makefile README crypto-lib.com install.com +TEST=constant_time_test.c LIB= $(TOP)/libcrypto.a SHARED_LIB= libcrypto$(SHLIB_EXT) @@ -44,7 +45,8 @@ SRC= $(LIBSRC) EXHEADER= crypto.h opensslv.h opensslconf.h ebcdic.h symhacks.h \ ossl_typ.h -HEADER= cryptlib.h buildinf.h md32_common.h o_time.h o_str.h o_dir.h $(EXHEADER) +HEADER= cryptlib.h buildinf.h md32_common.h o_time.h o_str.h o_dir.h \ + constant_time_locl.h $(EXHEADER) ALL= $(GENERAL) $(SRC) $(HEADER) diff --git a/crypto/openssl/crypto/aes/asm/aesni-x86_64.pl b/crypto/openssl/crypto/aes/asm/aesni-x86_64.pl index 0dbb194..c9270df 100755 --- a/crypto/openssl/crypto/aes/asm/aesni-x86_64.pl +++ b/crypto/openssl/crypto/aes/asm/aesni-x86_64.pl @@ -525,6 +525,16 @@ $code.=<<___; .type aesni_ecb_encrypt,\@function,5 .align 16 aesni_ecb_encrypt: +___ +$code.=<<___ if ($win64); + lea -0x58(%rsp),%rsp + movaps %xmm6,(%rsp) + movaps %xmm7,0x10(%rsp) + movaps %xmm8,0x20(%rsp) + movaps %xmm9,0x30(%rsp) +.Lecb_enc_body: +___ +$code.=<<___; and \$-16,$len jz .Lecb_ret @@ -805,6 +815,16 @@ $code.=<<___; movups $inout5,0x50($out) .Lecb_ret: +___ +$code.=<<___ if ($win64); + movaps (%rsp),%xmm6 + movaps 0x10(%rsp),%xmm7 + movaps 0x20(%rsp),%xmm8 + movaps 0x30(%rsp),%xmm9 + lea 0x58(%rsp),%rsp +.Lecb_enc_ret: +___ +$code.=<<___; ret .size aesni_ecb_encrypt,.-aesni_ecb_encrypt ___ @@ -2730,28 +2750,9 @@ $code.=<<___; .extern __imp_RtlVirtualUnwind ___ $code.=<<___ if ($PREFIX eq "aesni"); -.type ecb_se_handler,\@abi-omnipotent -.align 16 -ecb_se_handler: - push %rsi - push %rdi - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - pushfq - sub \$64,%rsp - - mov 152($context),%rax # pull context->Rsp - - jmp .Lcommon_seh_tail -.size ecb_se_handler,.-ecb_se_handler - -.type ccm64_se_handler,\@abi-omnipotent +.type ecb_ccm64_se_handler,\@abi-omnipotent .align 16 -ccm64_se_handler: +ecb_ccm64_se_handler: push %rsi push %rdi push %rbx @@ -2788,7 +2789,7 @@ ccm64_se_handler: lea 0x58(%rax),%rax # adjust stack pointer jmp .Lcommon_seh_tail -.size ccm64_se_handler,.-ccm64_se_handler +.size ecb_ccm64_se_handler,.-ecb_ccm64_se_handler .type ctr32_se_handler,\@abi-omnipotent .align 16 @@ -2993,14 +2994,15 @@ ___ $code.=<<___ if ($PREFIX eq "aesni"); .LSEH_info_ecb: .byte 9,0,0,0 - .rva ecb_se_handler + .rva ecb_ccm64_se_handler + .rva .Lecb_enc_body,.Lecb_enc_ret # HandlerData[] .LSEH_info_ccm64_enc: .byte 9,0,0,0 - .rva ccm64_se_handler + .rva ecb_ccm64_se_handler .rva .Lccm64_enc_body,.Lccm64_enc_ret # HandlerData[] .LSEH_info_ccm64_dec: .byte 9,0,0,0 - .rva ccm64_se_handler + .rva ecb_ccm64_se_handler .rva .Lccm64_dec_body,.Lccm64_dec_ret # HandlerData[] .LSEH_info_ctr32: .byte 9,0,0,0 diff --git a/crypto/openssl/crypto/asn1/a_strex.c b/crypto/openssl/crypto/asn1/a_strex.c index ead37ac3..8fb4193 100644 --- a/crypto/openssl/crypto/asn1/a_strex.c +++ b/crypto/openssl/crypto/asn1/a_strex.c @@ -568,6 +568,7 @@ int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in) mbflag |= MBSTRING_FLAG; stmp.data = NULL; stmp.length = 0; + stmp.flags = 0; ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING); if(ret < 0) return ret; *out = stmp.data; diff --git a/crypto/openssl/crypto/bn/asm/x86_64-gcc.c b/crypto/openssl/crypto/bn/asm/x86_64-gcc.c index acb0b40..31476ab 100644 --- a/crypto/openssl/crypto/bn/asm/x86_64-gcc.c +++ b/crypto/openssl/crypto/bn/asm/x86_64-gcc.c @@ -189,7 +189,7 @@ BN_ULONG bn_add_words (BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int if (n <= 0) return 0; - asm ( + asm volatile ( " subq %2,%2 \n" ".p2align 4 \n" "1: movq (%4,%2,8),%0 \n" @@ -200,7 +200,7 @@ BN_ULONG bn_add_words (BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int " sbbq %0,%0 \n" : "=&a"(ret),"+c"(n),"=&r"(i) : "r"(rp),"r"(ap),"r"(bp) - : "cc" + : "cc", "memory" ); return ret&1; @@ -212,7 +212,7 @@ BN_ULONG bn_sub_words (BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int if (n <= 0) return 0; - asm ( + asm volatile ( " subq %2,%2 \n" ".p2align 4 \n" "1: movq (%4,%2,8),%0 \n" @@ -223,7 +223,7 @@ BN_ULONG bn_sub_words (BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int " sbbq %0,%0 \n" : "=&a"(ret),"+c"(n),"=&r"(i) : "r"(rp),"r"(ap),"r"(bp) - : "cc" + : "cc", "memory" ); return ret&1; diff --git a/crypto/openssl/crypto/bn/bn_exp.c b/crypto/openssl/crypto/bn/bn_exp.c index 5e7eb33..611fa32 100644 --- a/crypto/openssl/crypto/bn/bn_exp.c +++ b/crypto/openssl/crypto/bn/bn_exp.c @@ -874,7 +874,14 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, bits = BN_num_bits(p); if (bits == 0) { - ret = BN_one(rr); + /* x**0 mod 1 is still zero. */ + if (BN_is_one(m)) + { + ret = 1; + BN_zero(rr); + } + else + ret = BN_one(rr); return ret; } if (a == 0) diff --git a/crypto/openssl/crypto/bn/bn_nist.c b/crypto/openssl/crypto/bn/bn_nist.c index e22968d..abb1570 100644 --- a/crypto/openssl/crypto/bn/bn_nist.c +++ b/crypto/openssl/crypto/bn/bn_nist.c @@ -1088,9 +1088,9 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, /* ... and right shift */ for (val=t_d[0],i=0; i<BN_NIST_521_TOP-1; i++) { - tmp = val>>BN_NIST_521_RSHIFT; - val = t_d[i+1]; - t_d[i] = (tmp | val<<BN_NIST_521_LSHIFT) & BN_MASK2; + t_d[i] = ( val>>BN_NIST_521_RSHIFT | + (tmp=t_d[i+1])<<BN_NIST_521_LSHIFT ) & BN_MASK2; + val=tmp; } t_d[i] = val>>BN_NIST_521_RSHIFT; /* lower 521 bits */ diff --git a/crypto/openssl/crypto/bn/exptest.c b/crypto/openssl/crypto/bn/exptest.c index 074a8e8..5fa02a1 100644 --- a/crypto/openssl/crypto/bn/exptest.c +++ b/crypto/openssl/crypto/bn/exptest.c @@ -71,6 +71,43 @@ static const char rnd_seed[] = "string to make the random number generator think it has entropy"; +/* test_exp_mod_zero tests that x**0 mod 1 == 0. It returns zero on success. */ +static int test_exp_mod_zero() { + BIGNUM a, p, m; + BIGNUM r; + BN_CTX *ctx = BN_CTX_new(); + int ret = 1; + + BN_init(&m); + BN_one(&m); + + BN_init(&a); + BN_one(&a); + + BN_init(&p); + BN_zero(&p); + + BN_init(&r); + BN_mod_exp(&r, &a, &p, &m, ctx); + BN_CTX_free(ctx); + + if (BN_is_zero(&r)) + ret = 0; + else + { + printf("1**0 mod 1 = "); + BN_print_fp(stdout, &r); + printf(", should be 0\n"); + } + + BN_free(&r); + BN_free(&a); + BN_free(&p); + BN_free(&m); + + return ret; +} + int main(int argc, char *argv[]) { BN_CTX *ctx; @@ -190,7 +227,13 @@ int main(int argc, char *argv[]) ERR_remove_thread_state(NULL); CRYPTO_mem_leaks(out); BIO_free(out); - printf(" done\n"); + printf("\n"); + + if (test_exp_mod_zero() != 0) + goto err; + + printf("done\n"); + EXIT(0); err: ERR_load_crypto_strings(); diff --git a/crypto/openssl/crypto/constant_time_locl.h b/crypto/openssl/crypto/constant_time_locl.h new file mode 100644 index 0000000..c048393 --- /dev/null +++ b/crypto/openssl/crypto/constant_time_locl.h @@ -0,0 +1,216 @@ +/* crypto/constant_time_locl.h */ +/* + * Utilities for constant-time cryptography. + * + * Author: Emilia Kasper (emilia@openssl.org) + * Based on previous work by Bodo Moeller, Emilia Kasper, Adam Langley + * (Google). + * ==================================================================== + * Copyright (c) 2014 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_CONSTANT_TIME_LOCL_H +#define HEADER_CONSTANT_TIME_LOCL_H + +#include "e_os.h" /* For 'inline' */ + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * The boolean methods return a bitmask of all ones (0xff...f) for true + * and 0 for false. This is useful for choosing a value based on the result + * of a conditional in constant time. For example, + * + * if (a < b) { + * c = a; + * } else { + * c = b; + * } + * + * can be written as + * + * unsigned int lt = constant_time_lt(a, b); + * c = constant_time_select(lt, a, b); + */ + +/* + * Returns the given value with the MSB copied to all the other + * bits. Uses the fact that arithmetic shift shifts-in the sign bit. + * However, this is not ensured by the C standard so you may need to + * replace this with something else on odd CPUs. + */ +static inline unsigned int constant_time_msb(unsigned int a); + +/* + * Returns 0xff..f if a < b and 0 otherwise. + */ +static inline unsigned int constant_time_lt(unsigned int a, unsigned int b); +/* Convenience method for getting an 8-bit mask. */ +static inline unsigned char constant_time_lt_8(unsigned int a, unsigned int b); + +/* + * Returns 0xff..f if a >= b and 0 otherwise. + */ +static inline unsigned int constant_time_ge(unsigned int a, unsigned int b); +/* Convenience method for getting an 8-bit mask. */ +static inline unsigned char constant_time_ge_8(unsigned int a, unsigned int b); + +/* + * Returns 0xff..f if a == 0 and 0 otherwise. + */ +static inline unsigned int constant_time_is_zero(unsigned int a); +/* Convenience method for getting an 8-bit mask. */ +static inline unsigned char constant_time_is_zero_8(unsigned int a); + + +/* + * Returns 0xff..f if a == b and 0 otherwise. + */ +static inline unsigned int constant_time_eq(unsigned int a, unsigned int b); +/* Convenience method for getting an 8-bit mask. */ +static inline unsigned char constant_time_eq_8(unsigned int a, unsigned int b); +/* Signed integers. */ +static inline unsigned int constant_time_eq_int(int a, int b); +/* Convenience method for getting an 8-bit mask. */ +static inline unsigned char constant_time_eq_int_8(int a, int b); + + +/* + * Returns (mask & a) | (~mask & b). + * + * When |mask| is all 1s or all 0s (as returned by the methods above), + * the select methods return either |a| (if |mask| is nonzero) or |b| + * (if |mask| is zero). + */ +static inline unsigned int constant_time_select(unsigned int mask, + unsigned int a, unsigned int b); +/* Convenience method for unsigned chars. */ +static inline unsigned char constant_time_select_8(unsigned char mask, + unsigned char a, unsigned char b); +/* Convenience method for signed integers. */ +static inline int constant_time_select_int(unsigned int mask, int a, int b); + +static inline unsigned int constant_time_msb(unsigned int a) + { + return (unsigned int)((int)(a) >> (sizeof(int) * 8 - 1)); + } + +static inline unsigned int constant_time_lt(unsigned int a, unsigned int b) + { + unsigned int lt; + /* Case 1: msb(a) == msb(b). a < b iff the MSB of a - b is set.*/ + lt = ~(a ^ b) & (a - b); + /* Case 2: msb(a) != msb(b). a < b iff the MSB of b is set. */ + lt |= ~a & b; + return constant_time_msb(lt); + } + +static inline unsigned char constant_time_lt_8(unsigned int a, unsigned int b) + { + return (unsigned char)(constant_time_lt(a, b)); + } + +static inline unsigned int constant_time_ge(unsigned int a, unsigned int b) + { + unsigned int ge; + /* Case 1: msb(a) == msb(b). a >= b iff the MSB of a - b is not set.*/ + ge = ~((a ^ b) | (a - b)); + /* Case 2: msb(a) != msb(b). a >= b iff the MSB of a is set. */ + ge |= a & ~b; + return constant_time_msb(ge); + } + +static inline unsigned char constant_time_ge_8(unsigned int a, unsigned int b) + { + return (unsigned char)(constant_time_ge(a, b)); + } + +static inline unsigned int constant_time_is_zero(unsigned int a) + { + return constant_time_msb(~a & (a - 1)); + } + +static inline unsigned char constant_time_is_zero_8(unsigned int a) + { + return (unsigned char)(constant_time_is_zero(a)); + } + +static inline unsigned int constant_time_eq(unsigned int a, unsigned int b) + { + return constant_time_is_zero(a ^ b); + } + +static inline unsigned char constant_time_eq_8(unsigned int a, unsigned int b) + { + return (unsigned char)(constant_time_eq(a, b)); + } + +static inline unsigned int constant_time_eq_int(int a, int b) + { + return constant_time_eq((unsigned)(a), (unsigned)(b)); + } + +static inline unsigned char constant_time_eq_int_8(int a, int b) + { + return constant_time_eq_8((unsigned)(a), (unsigned)(b)); + } + +static inline unsigned int constant_time_select(unsigned int mask, + unsigned int a, unsigned int b) + { + return (mask & a) | (~mask & b); + } + +static inline unsigned char constant_time_select_8(unsigned char mask, + unsigned char a, unsigned char b) + { + return (unsigned char)(constant_time_select(mask, a, b)); + } + +inline int constant_time_select_int(unsigned int mask, int a, int b) + { + return (int)(constant_time_select(mask, (unsigned)(a), (unsigned)(b))); + } + +#ifdef __cplusplus +} +#endif + +#endif /* HEADER_CONSTANT_TIME_LOCL_H */ diff --git a/crypto/openssl/crypto/constant_time_test.c b/crypto/openssl/crypto/constant_time_test.c new file mode 100644 index 0000000..d9c6a44 --- /dev/null +++ b/crypto/openssl/crypto/constant_time_test.c @@ -0,0 +1,330 @@ +/* crypto/constant_time_test.c */ +/* + * Utilities for constant-time cryptography. + * + * Author: Emilia Kasper (emilia@openssl.org) + * Based on previous work by Bodo Moeller, Emilia Kasper, Adam Langley + * (Google). + * ==================================================================== + * Copyright (c) 2014 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include "../crypto/constant_time_locl.h" + +#include <limits.h> +#include <stdio.h> +#include <stdlib.h> + +static const unsigned int CONSTTIME_TRUE = (unsigned)(~0); +static const unsigned int CONSTTIME_FALSE = 0; +static const unsigned char CONSTTIME_TRUE_8 = 0xff; +static const unsigned char CONSTTIME_FALSE_8 = 0; + +static int test_binary_op(unsigned int (*op)(unsigned int a, unsigned int b), + const char* op_name, unsigned int a, unsigned int b, int is_true) + { + unsigned c = op(a, b); + if (is_true && c != CONSTTIME_TRUE) + { + fprintf(stderr, "Test failed for %s(%du, %du): expected %du " + "(TRUE), got %du\n", op_name, a, b, CONSTTIME_TRUE, c); + return 1; + } + else if (!is_true && c != CONSTTIME_FALSE) + { + fprintf(stderr, "Test failed for %s(%du, %du): expected %du " + "(FALSE), got %du\n", op_name, a, b, CONSTTIME_FALSE, + c); + return 1; + } + return 0; + } + +static int test_binary_op_8(unsigned char (*op)(unsigned int a, unsigned int b), + const char* op_name, unsigned int a, unsigned int b, int is_true) + { + unsigned char c = op(a, b); + if (is_true && c != CONSTTIME_TRUE_8) + { + fprintf(stderr, "Test failed for %s(%du, %du): expected %u " + "(TRUE), got %u\n", op_name, a, b, CONSTTIME_TRUE_8, c); + return 1; + } + else if (!is_true && c != CONSTTIME_FALSE_8) + { + fprintf(stderr, "Test failed for %s(%du, %du): expected %u " + "(FALSE), got %u\n", op_name, a, b, CONSTTIME_FALSE_8, + c); + return 1; + } + return 0; + } + +static int test_is_zero(unsigned int a) + { + unsigned int c = constant_time_is_zero(a); + if (a == 0 && c != CONSTTIME_TRUE) + { + fprintf(stderr, "Test failed for constant_time_is_zero(%du): " + "expected %du (TRUE), got %du\n", a, CONSTTIME_TRUE, c); + return 1; + } + else if (a != 0 && c != CONSTTIME_FALSE) + { + fprintf(stderr, "Test failed for constant_time_is_zero(%du): " + "expected %du (FALSE), got %du\n", a, CONSTTIME_FALSE, + c); + return 1; + } + return 0; + } + +static int test_is_zero_8(unsigned int a) + { + unsigned char c = constant_time_is_zero_8(a); + if (a == 0 && c != CONSTTIME_TRUE_8) + { + fprintf(stderr, "Test failed for constant_time_is_zero(%du): " + "expected %u (TRUE), got %u\n", a, CONSTTIME_TRUE_8, c); + return 1; + } + else if (a != 0 && c != CONSTTIME_FALSE) + { + fprintf(stderr, "Test failed for constant_time_is_zero(%du): " + "expected %u (FALSE), got %u\n", a, CONSTTIME_FALSE_8, + c); + return 1; + } + return 0; + } + +static int test_select(unsigned int a, unsigned int b) + { + unsigned int selected = constant_time_select(CONSTTIME_TRUE, a, b); + if (selected != a) + { + fprintf(stderr, "Test failed for constant_time_select(%du, %du," + "%du): expected %du(first value), got %du\n", + CONSTTIME_TRUE, a, b, a, selected); + return 1; + } + selected = constant_time_select(CONSTTIME_FALSE, a, b); + if (selected != b) + { + fprintf(stderr, "Test failed for constant_time_select(%du, %du," + "%du): expected %du(second value), got %du\n", + CONSTTIME_FALSE, a, b, b, selected); + return 1; + } + return 0; + } + +static int test_select_8(unsigned char a, unsigned char b) + { + unsigned char selected = constant_time_select_8(CONSTTIME_TRUE_8, a, b); + if (selected != a) + { + fprintf(stderr, "Test failed for constant_time_select(%u, %u," + "%u): expected %u(first value), got %u\n", + CONSTTIME_TRUE, a, b, a, selected); + return 1; + } + selected = constant_time_select_8(CONSTTIME_FALSE_8, a, b); + if (selected != b) + { + fprintf(stderr, "Test failed for constant_time_select(%u, %u," + "%u): expected %u(second value), got %u\n", + CONSTTIME_FALSE, a, b, b, selected); + return 1; + } + return 0; + } + +static int test_select_int(int a, int b) + { + int selected = constant_time_select_int(CONSTTIME_TRUE, a, b); + if (selected != a) + { + fprintf(stderr, "Test failed for constant_time_select(%du, %d," + "%d): expected %d(first value), got %d\n", + CONSTTIME_TRUE, a, b, a, selected); + return 1; + } + selected = constant_time_select_int(CONSTTIME_FALSE, a, b); + if (selected != b) + { + fprintf(stderr, "Test failed for constant_time_select(%du, %d," + "%d): expected %d(second value), got %d\n", + CONSTTIME_FALSE, a, b, b, selected); + return 1; + } + return 0; + } + +static int test_eq_int(int a, int b) + { + unsigned int equal = constant_time_eq_int(a, b); + if (a == b && equal != CONSTTIME_TRUE) + { + fprintf(stderr, "Test failed for constant_time_eq_int(%d, %d): " + "expected %du(TRUE), got %du\n", + a, b, CONSTTIME_TRUE, equal); + return 1; + } + else if (a != b && equal != CONSTTIME_FALSE) + { + fprintf(stderr, "Test failed for constant_time_eq_int(%d, %d): " + "expected %du(FALSE), got %du\n", + a, b, CONSTTIME_FALSE, equal); + return 1; + } + return 0; + } + +static int test_eq_int_8(int a, int b) + { + unsigned char equal = constant_time_eq_int_8(a, b); + if (a == b && equal != CONSTTIME_TRUE_8) + { + fprintf(stderr, "Test failed for constant_time_eq_int_8(%d, %d): " + "expected %u(TRUE), got %u\n", + a, b, CONSTTIME_TRUE_8, equal); + return 1; + } + else if (a != b && equal != CONSTTIME_FALSE_8) + { + fprintf(stderr, "Test failed for constant_time_eq_int_8(%d, %d): " + "expected %u(FALSE), got %u\n", + a, b, CONSTTIME_FALSE_8, equal); + return 1; + } + return 0; + } + +static unsigned int test_values[] = {0, 1, 1024, 12345, 32000, UINT_MAX/2-1, + UINT_MAX/2, UINT_MAX/2+1, UINT_MAX-1, + UINT_MAX}; + +static unsigned char test_values_8[] = {0, 1, 2, 20, 32, 127, 128, 129, 255}; + +static int signed_test_values[] = {0, 1, -1, 1024, -1024, 12345, -12345, + 32000, -32000, INT_MAX, INT_MIN, INT_MAX-1, + INT_MIN+1}; + + +int main(int argc, char *argv[]) + { + unsigned int a, b, i, j; + int c, d; + unsigned char e, f; + int num_failed = 0, num_all = 0; + fprintf(stdout, "Testing constant time operations...\n"); + + for (i = 0; i < sizeof(test_values)/sizeof(int); ++i) + { + a = test_values[i]; + num_failed += test_is_zero(a); + num_failed += test_is_zero_8(a); + num_all += 2; + for (j = 0; j < sizeof(test_values)/sizeof(int); ++j) + { + b = test_values[j]; + num_failed += test_binary_op(&constant_time_lt, + "constant_time_lt", a, b, a < b); + num_failed += test_binary_op_8(&constant_time_lt_8, + "constant_time_lt_8", a, b, a < b); + num_failed += test_binary_op(&constant_time_lt, + "constant_time_lt_8", b, a, b < a); + num_failed += test_binary_op_8(&constant_time_lt_8, + "constant_time_lt_8", b, a, b < a); + num_failed += test_binary_op(&constant_time_ge, + "constant_time_ge", a, b, a >= b); + num_failed += test_binary_op_8(&constant_time_ge_8, + "constant_time_ge_8", a, b, a >= b); + num_failed += test_binary_op(&constant_time_ge, + "constant_time_ge", b, a, b >= a); + num_failed += test_binary_op_8(&constant_time_ge_8, + "constant_time_ge_8", b, a, b >= a); + num_failed += test_binary_op(&constant_time_eq, + "constant_time_eq", a, b, a == b); + num_failed += test_binary_op_8(&constant_time_eq_8, + "constant_time_eq_8", a, b, a == b); + num_failed += test_binary_op(&constant_time_eq, + "constant_time_eq", b, a, b == a); + num_failed += test_binary_op_8(&constant_time_eq_8, + "constant_time_eq_8", b, a, b == a); + num_failed += test_select(a, b); + num_all += 13; + } + } + + for (i = 0; i < sizeof(signed_test_values)/sizeof(int); ++i) + { + c = signed_test_values[i]; + for (j = 0; j < sizeof(signed_test_values)/sizeof(int); ++j) + { + d = signed_test_values[j]; + num_failed += test_select_int(c, d); + num_failed += test_eq_int(c, d); + num_failed += test_eq_int_8(c, d); + num_all += 3; + } + } + + for (i = 0; i < sizeof(test_values_8); ++i) + { + e = test_values_8[i]; + for (j = 0; j < sizeof(test_values_8); ++j) + { + f = test_values_8[j]; + num_failed += test_select_8(e, f); + num_all += 1; + } + } + + if (!num_failed) + { + fprintf(stdout, "ok (ran %d tests)\n", num_all); + return EXIT_SUCCESS; + } + else + { + fprintf(stdout, "%d of %d tests failed!\n", num_failed, num_all); + return EXIT_FAILURE; + } + } diff --git a/crypto/openssl/crypto/dsa/dsa_ameth.c b/crypto/openssl/crypto/dsa/dsa_ameth.c index 376156e..5af76ea 100644 --- a/crypto/openssl/crypto/dsa/dsa_ameth.c +++ b/crypto/openssl/crypto/dsa/dsa_ameth.c @@ -307,6 +307,12 @@ static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) unsigned char *dp = NULL; int dplen; + if (!pkey->pkey.dsa || !pkey->pkey.dsa->priv_key) + { + DSAerr(DSA_F_DSA_PRIV_ENCODE,DSA_R_MISSING_PARAMETERS); + goto err; + } + params = ASN1_STRING_new(); if (!params) @@ -701,4 +707,3 @@ const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[] = old_dsa_priv_encode } }; - diff --git a/crypto/openssl/crypto/ebcdic.h b/crypto/openssl/crypto/ebcdic.h index 6d65afc..85f3cf7 100644 --- a/crypto/openssl/crypto/ebcdic.h +++ b/crypto/openssl/crypto/ebcdic.h @@ -5,6 +5,10 @@ #include <sys/types.h> +#ifdef __cplusplus +extern "C" { +#endif + /* Avoid name clashes with other applications */ #define os_toascii _openssl_os_toascii #define os_toebcdic _openssl_os_toebcdic @@ -16,4 +20,7 @@ extern const unsigned char os_toebcdic[256]; void *ebcdic2ascii(void *dest, const void *srce, size_t count); void *ascii2ebcdic(void *dest, const void *srce, size_t count); +#ifdef __cplusplus +} +#endif #endif diff --git a/crypto/openssl/crypto/ec/ec.h b/crypto/openssl/crypto/ec/ec.h index dfe8710..572111f 100644 --- a/crypto/openssl/crypto/ec/ec.h +++ b/crypto/openssl/crypto/ec/ec.h @@ -629,7 +629,7 @@ int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx); int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx); -/** Computes r = generator * n sum_{i=0}^num p[i] * m[i] +/** Computes r = generator * n sum_{i=0}^{num-1} p[i] * m[i] * \param group underlying EC_GROUP object * \param r EC_POINT object for the result * \param n BIGNUM with the multiplier for the group generator (optional) diff --git a/crypto/openssl/crypto/ec/ec2_smpl.c b/crypto/openssl/crypto/ec/ec2_smpl.c index e0e59c7..62223cb 100644 --- a/crypto/openssl/crypto/ec/ec2_smpl.c +++ b/crypto/openssl/crypto/ec/ec2_smpl.c @@ -80,9 +80,6 @@ const EC_METHOD *EC_GF2m_simple_method(void) { -#ifdef OPENSSL_FIPS - return fips_ec_gf2m_simple_method(); -#else static const EC_METHOD ret = { EC_FLAGS_DEFAULT_OCT, NID_X9_62_characteristic_two_field, @@ -125,8 +122,12 @@ const EC_METHOD *EC_GF2m_simple_method(void) 0 /* field_decode */, 0 /* field_set_to_one */ }; - return &ret; +#ifdef OPENSSL_FIPS + if (FIPS_mode()) + return fips_ec_gf2m_simple_method(); #endif + + return &ret; } diff --git a/crypto/openssl/crypto/ec/ec_ameth.c b/crypto/openssl/crypto/ec/ec_ameth.c index f715a23..1128376 100644 --- a/crypto/openssl/crypto/ec/ec_ameth.c +++ b/crypto/openssl/crypto/ec/ec_ameth.c @@ -453,14 +453,16 @@ static int do_EC_KEY_print(BIO *bp, const EC_KEY *x, int off, int ktype) if (ktype > 0) { public_key = EC_KEY_get0_public_key(x); - if ((pub_key = EC_POINT_point2bn(group, public_key, - EC_KEY_get_conv_form(x), NULL, ctx)) == NULL) + if (public_key != NULL) { - reason = ERR_R_EC_LIB; - goto err; - } - if (pub_key) + if ((pub_key = EC_POINT_point2bn(group, public_key, + EC_KEY_get_conv_form(x), NULL, ctx)) == NULL) + { + reason = ERR_R_EC_LIB; + goto err; + } buf_len = (size_t)BN_num_bytes(pub_key); + } } if (ktype == 2) diff --git a/crypto/openssl/crypto/ec/ec_asn1.c b/crypto/openssl/crypto/ec/ec_asn1.c index e94f34e..52d31c2 100644 --- a/crypto/openssl/crypto/ec/ec_asn1.c +++ b/crypto/openssl/crypto/ec/ec_asn1.c @@ -1183,29 +1183,46 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) goto err; } + if (ret->pub_key) + EC_POINT_clear_free(ret->pub_key); + ret->pub_key = EC_POINT_new(ret->group); + if (ret->pub_key == NULL) + { + ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); + goto err; + } + if (priv_key->publicKey) { const unsigned char *pub_oct; - size_t pub_oct_len; + int pub_oct_len; - if (ret->pub_key) - EC_POINT_clear_free(ret->pub_key); - ret->pub_key = EC_POINT_new(ret->group); - if (ret->pub_key == NULL) + pub_oct = M_ASN1_STRING_data(priv_key->publicKey); + pub_oct_len = M_ASN1_STRING_length(priv_key->publicKey); + /* The first byte - point conversion form - must be present. */ + if (pub_oct_len <= 0) { - ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); + ECerr(EC_F_D2I_ECPRIVATEKEY, EC_R_BUFFER_TOO_SMALL); goto err; } - pub_oct = M_ASN1_STRING_data(priv_key->publicKey); - pub_oct_len = M_ASN1_STRING_length(priv_key->publicKey); - /* save the point conversion form */ + /* Save the point conversion form. */ ret->conv_form = (point_conversion_form_t)(pub_oct[0] & ~0x01); if (!EC_POINT_oct2point(ret->group, ret->pub_key, - pub_oct, pub_oct_len, NULL)) + pub_oct, (size_t)(pub_oct_len), NULL)) + { + ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); + goto err; + } + } + else + { + if (!EC_POINT_mul(ret->group, ret->pub_key, ret->priv_key, NULL, NULL, NULL)) { ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); goto err; } + /* Remember the original private-key-only encoding. */ + ret->enc_flag |= EC_PKEY_NO_PUBKEY; } ok = 1; @@ -1230,7 +1247,8 @@ int i2d_ECPrivateKey(EC_KEY *a, unsigned char **out) size_t buf_len=0, tmp_len; EC_PRIVATEKEY *priv_key=NULL; - if (a == NULL || a->group == NULL || a->priv_key == NULL) + if (a == NULL || a->group == NULL || a->priv_key == NULL || + (!(a->enc_flag & EC_PKEY_NO_PUBKEY) && a->pub_key == NULL)) { ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); diff --git a/crypto/openssl/crypto/ec/ecp_mont.c b/crypto/openssl/crypto/ec/ecp_mont.c index f04f132..3c5ec19 100644 --- a/crypto/openssl/crypto/ec/ecp_mont.c +++ b/crypto/openssl/crypto/ec/ecp_mont.c @@ -72,9 +72,6 @@ const EC_METHOD *EC_GFp_mont_method(void) { -#ifdef OPENSSL_FIPS - return fips_ec_gfp_mont_method(); -#else static const EC_METHOD ret = { EC_FLAGS_DEFAULT_OCT, NID_X9_62_prime_field, @@ -114,8 +111,12 @@ const EC_METHOD *EC_GFp_mont_method(void) ec_GFp_mont_field_decode, ec_GFp_mont_field_set_to_one }; - return &ret; +#ifdef OPENSSL_FIPS + if (FIPS_mode()) + return fips_ec_gfp_mont_method(); #endif + + return &ret; } diff --git a/crypto/openssl/crypto/ec/ecp_nist.c b/crypto/openssl/crypto/ec/ecp_nist.c index aad2d5f..db3b99e 100644 --- a/crypto/openssl/crypto/ec/ecp_nist.c +++ b/crypto/openssl/crypto/ec/ecp_nist.c @@ -73,9 +73,6 @@ const EC_METHOD *EC_GFp_nist_method(void) { -#ifdef OPENSSL_FIPS - return fips_ec_gfp_nist_method(); -#else static const EC_METHOD ret = { EC_FLAGS_DEFAULT_OCT, NID_X9_62_prime_field, @@ -115,8 +112,12 @@ const EC_METHOD *EC_GFp_nist_method(void) 0 /* field_decode */, 0 /* field_set_to_one */ }; - return &ret; +#ifdef OPENSSL_FIPS + if (FIPS_mode()) + return fips_ec_gfp_nist_method(); #endif + + return &ret; } int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src) diff --git a/crypto/openssl/crypto/ec/ecp_smpl.c b/crypto/openssl/crypto/ec/ecp_smpl.c index ef52854..2d1f357 100644 --- a/crypto/openssl/crypto/ec/ecp_smpl.c +++ b/crypto/openssl/crypto/ec/ecp_smpl.c @@ -73,9 +73,6 @@ const EC_METHOD *EC_GFp_simple_method(void) { -#ifdef OPENSSL_FIPS - return fips_ec_gfp_simple_method(); -#else static const EC_METHOD ret = { EC_FLAGS_DEFAULT_OCT, NID_X9_62_prime_field, @@ -115,8 +112,12 @@ const EC_METHOD *EC_GFp_simple_method(void) 0 /* field_decode */, 0 /* field_set_to_one */ }; - return &ret; +#ifdef OPENSSL_FIPS + if (FIPS_mode()) + return fips_ec_gfp_simple_method(); #endif + + return &ret; } @@ -1317,8 +1318,8 @@ int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT { for (i = 0; i < num; i++) { - if (prod_Z[i] != NULL) - BN_clear_free(prod_Z[i]); + if (prod_Z[i] == NULL) break; + BN_clear_free(prod_Z[i]); } OPENSSL_free(prod_Z); } diff --git a/crypto/openssl/crypto/ec/ectest.c b/crypto/openssl/crypto/ec/ectest.c index 82c8c8b..d1bf980 100644 --- a/crypto/openssl/crypto/ec/ectest.c +++ b/crypto/openssl/crypto/ec/ectest.c @@ -251,14 +251,15 @@ static void group_order_tests(EC_GROUP *group) if (!EC_POINT_is_at_infinity(group, Q)) ABORT; /* Exercise EC_POINTs_mul, including corner cases. */ + if (EC_POINT_is_at_infinity(group, P)) ABORT; scalars[0] = n1; points[0] = Q; /* => infinity */ scalars[1] = n2; points[1] = P; /* => -P */ scalars[2] = n1; points[2] = Q; /* => infinity */ scalars[3] = n2; points[3] = Q; /* => infinity */ scalars[4] = n1; points[4] = P; /* => P */ scalars[5] = n2; points[5] = Q; /* => infinity */ - if (!EC_POINTs_mul(group, Q, NULL, 5, points, scalars, ctx)) ABORT; - if (!EC_POINT_is_at_infinity(group, Q)) ABORT; + if (!EC_POINTs_mul(group, P, NULL, 6, points, scalars, ctx)) ABORT; + if (!EC_POINT_is_at_infinity(group, P)) ABORT; } fprintf(stdout, "ok\n"); diff --git a/crypto/openssl/crypto/evp/Makefile b/crypto/openssl/crypto/evp/Makefile index 5d0c6b7..fa25bff 100644 --- a/crypto/openssl/crypto/evp/Makefile +++ b/crypto/openssl/crypto/evp/Makefile @@ -383,7 +383,7 @@ evp_enc.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h evp_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h evp_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h evp_enc.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -evp_enc.o: ../cryptlib.h evp_enc.c evp_locl.h +evp_enc.o: ../constant_time_locl.h ../cryptlib.h evp_enc.c evp_locl.h evp_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h evp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h evp_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h diff --git a/crypto/openssl/crypto/evp/e_aes.c b/crypto/openssl/crypto/evp/e_aes.c index 07bf83a..dc3c2a1 100644 --- a/crypto/openssl/crypto/evp/e_aes.c +++ b/crypto/openssl/crypto/evp/e_aes.c @@ -166,7 +166,7 @@ extern unsigned int OPENSSL_ia32cap_P[2]; #define VPAES_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(41-32))) #endif #ifdef BSAES_ASM -#define BSAES_CAPABLE VPAES_CAPABLE +#define BSAES_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(41-32))) #endif /* * AES-NI section diff --git a/crypto/openssl/crypto/evp/evp_enc.c b/crypto/openssl/crypto/evp/evp_enc.c index 0c54f05..7b1842a 100644 --- a/crypto/openssl/crypto/evp/evp_enc.c +++ b/crypto/openssl/crypto/evp/evp_enc.c @@ -67,6 +67,7 @@ #ifdef OPENSSL_FIPS #include <openssl/fips.h> #endif +#include "constant_time_locl.h" #include "evp_locl.h" #ifdef OPENSSL_FIPS @@ -500,21 +501,21 @@ int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { - int i,n; - unsigned int b; + unsigned int i, b; + unsigned char pad, padding_good; *outl=0; if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { - i = M_do_cipher(ctx, out, NULL, 0); - if (i < 0) + int ret = M_do_cipher(ctx, out, NULL, 0); + if (ret < 0) return 0; else - *outl = i; + *outl = ret; return 1; } - b=ctx->cipher->block_size; + b=(unsigned int)(ctx->cipher->block_size); if (ctx->flags & EVP_CIPH_NO_PADDING) { if(ctx->buf_len) @@ -533,28 +534,34 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) return(0); } OPENSSL_assert(b <= sizeof ctx->final); - n=ctx->final[b-1]; - if (n == 0 || n > (int)b) - { - EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT); - return(0); - } - for (i=0; i<n; i++) + pad=ctx->final[b-1]; + + padding_good = (unsigned char)(~constant_time_is_zero_8(pad)); + padding_good &= constant_time_ge_8(b, pad); + + for (i = 1; i < b; ++i) { - if (ctx->final[--b] != n) - { - EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT); - return(0); - } + unsigned char is_pad_index = constant_time_lt_8(i, pad); + unsigned char pad_byte_good = constant_time_eq_8(ctx->final[b-i-1], pad); + padding_good &= constant_time_select_8(is_pad_index, pad_byte_good, 0xff); } - n=ctx->cipher->block_size-n; - for (i=0; i<n; i++) - out[i]=ctx->final[i]; - *outl=n; + + /* + * At least 1 byte is always padding, so we always write b - 1 + * bytes to avoid a timing leak. The caller is required to have |b| + * bytes space in |out| by the API contract. + */ + for (i = 0; i < b - 1; ++i) + out[i] = ctx->final[i] & padding_good; + /* Safe cast: for a good padding, EVP_MAX_IV_LENGTH >= b >= pad */ + *outl = padding_good & ((unsigned char)(b - pad)); + return padding_good & 1; } else - *outl=0; - return(1); + { + *outl = 0; + return 1; + } } void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx) @@ -678,4 +685,3 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) return in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out); return 1; } - diff --git a/crypto/openssl/crypto/md5/asm/md5-x86_64.pl b/crypto/openssl/crypto/md5/asm/md5-x86_64.pl index f11224d..381bf77 100755 --- a/crypto/openssl/crypto/md5/asm/md5-x86_64.pl +++ b/crypto/openssl/crypto/md5/asm/md5-x86_64.pl @@ -108,6 +108,7 @@ sub round4_step EOF } +no warnings qw(uninitialized); my $flavour = shift; my $output = shift; if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } @@ -119,7 +120,6 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; my $dir=$1; my $xlate; ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or die "can't locate x86_64-xlate.pl"; -no warnings qw(uninitialized); open OUT,"| \"$^X\" $xlate $flavour $output"; *STDOUT=*OUT; diff --git a/crypto/openssl/crypto/modes/modes.h b/crypto/openssl/crypto/modes/modes.h index f18215b..7773c25 100644 --- a/crypto/openssl/crypto/modes/modes.h +++ b/crypto/openssl/crypto/modes/modes.h @@ -7,6 +7,9 @@ #include <stddef.h> +#ifdef __cplusplus +extern "C" { +#endif typedef void (*block128_f)(const unsigned char in[16], unsigned char out[16], const void *key); @@ -133,3 +136,6 @@ typedef struct xts128_context XTS128_CONTEXT; int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, const unsigned char iv[16], const unsigned char *inp, unsigned char *out, size_t len, int enc); +#ifdef __cplusplus +} +#endif diff --git a/crypto/openssl/crypto/ocsp/ocsp_vfy.c b/crypto/openssl/crypto/ocsp/ocsp_vfy.c index 2767183..fc0d4cc 100644 --- a/crypto/openssl/crypto/ocsp/ocsp_vfy.c +++ b/crypto/openssl/crypto/ocsp/ocsp_vfy.c @@ -436,8 +436,11 @@ static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, X509_NAME *nm if(!(flags & OCSP_NOINTERN)) { signer = X509_find_by_subject(req->optionalSignature->certs, nm); - *psigner = signer; - return 1; + if (signer) + { + *psigner = signer; + return 1; + } } signer = X509_find_by_subject(certs, nm); diff --git a/crypto/openssl/crypto/opensslconf.h b/crypto/openssl/crypto/opensslconf.h index 57abb87..7513d14 100644 --- a/crypto/openssl/crypto/opensslconf.h +++ b/crypto/openssl/crypto/opensslconf.h @@ -1,6 +1,9 @@ /* opensslconf.h */ /* WARNING: Generated automatically from opensslconf.h.in by Configure. */ +#ifdef __cplusplus +extern "C" { +#endif /* OpenSSL was configured with the following options: */ #ifndef OPENSSL_DOING_MAKEDEPEND @@ -233,3 +236,6 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! #endif /* DES_DEFAULT_OPTIONS */ #endif /* HEADER_DES_LOCL_H */ +#ifdef __cplusplus +} +#endif diff --git a/crypto/openssl/crypto/opensslv.h b/crypto/openssl/crypto/opensslv.h index e03bece..2f94b87 100644 --- a/crypto/openssl/crypto/opensslv.h +++ b/crypto/openssl/crypto/opensslv.h @@ -1,6 +1,10 @@ #ifndef HEADER_OPENSSLV_H #define HEADER_OPENSSLV_H +#ifdef __cplusplus +extern "C" { +#endif + /* Numeric release version identifier: * MNNFFPPS: major minor fix patch status * The status nibble has one of the values 0 for development, 1 to e for betas @@ -25,11 +29,11 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -#define OPENSSL_VERSION_NUMBER 0x1000109fL +#define OPENSSL_VERSION_NUMBER 0x100010afL #ifdef OPENSSL_FIPS -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1i-fips 6 Aug 2014" +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1j-fips 15 Oct 2014" #else -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1i-freebsd 6 Aug 2014" +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1j-freebsd 15 Oct 2014" #endif #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT @@ -86,4 +90,7 @@ #define SHLIB_VERSION_NUMBER "7" +#ifdef __cplusplus +} +#endif #endif /* HEADER_OPENSSLV_H */ diff --git a/crypto/openssl/crypto/ossl_typ.h b/crypto/openssl/crypto/ossl_typ.h index ea9227f..12cdd43 100644 --- a/crypto/openssl/crypto/ossl_typ.h +++ b/crypto/openssl/crypto/ossl_typ.h @@ -55,6 +55,10 @@ #ifndef HEADER_OPENSSL_TYPES_H #define HEADER_OPENSSL_TYPES_H +#ifdef __cplusplus +extern "C" { +#endif + #include <openssl/e_os2.h> #ifdef NO_ASN1_TYPEDEFS @@ -199,4 +203,7 @@ typedef struct ocsp_req_ctx_st OCSP_REQ_CTX; typedef struct ocsp_response_st OCSP_RESPONSE; typedef struct ocsp_responder_id_st OCSP_RESPID; +#ifdef __cplusplus +} +#endif #endif /* def HEADER_OPENSSL_TYPES_H */ diff --git a/crypto/openssl/crypto/pkcs7/pkcs7.h b/crypto/openssl/crypto/pkcs7/pkcs7.h index 04f6037..5d54c4a 100644 --- a/crypto/openssl/crypto/pkcs7/pkcs7.h +++ b/crypto/openssl/crypto/pkcs7/pkcs7.h @@ -233,10 +233,6 @@ DECLARE_PKCS12_STACK_OF(PKCS7) (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped) #define PKCS7_type_is_data(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_data) #define PKCS7_type_is_digest(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_digest) -#define PKCS7_type_is_encrypted(a) \ - (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted) - -#define PKCS7_type_is_digest(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_digest) #define PKCS7_set_detached(p,v) \ PKCS7_ctrl(p,PKCS7_OP_SET_DETACHED_SIGNATURE,v,NULL) diff --git a/crypto/openssl/crypto/pqueue/pqueue.h b/crypto/openssl/crypto/pqueue/pqueue.h index 87fc903..26b5348 100644 --- a/crypto/openssl/crypto/pqueue/pqueue.h +++ b/crypto/openssl/crypto/pqueue/pqueue.h @@ -64,6 +64,9 @@ #include <stdlib.h> #include <string.h> +#ifdef __cplusplus +extern "C" { +#endif typedef struct _pqueue *pqueue; typedef struct _pitem @@ -91,4 +94,7 @@ pitem *pqueue_next(piterator *iter); void pqueue_print(pqueue pq); int pqueue_size(pqueue pq); +#ifdef __cplusplus +} +#endif #endif /* ! HEADER_PQUEUE_H */ diff --git a/crypto/openssl/crypto/rsa/Makefile b/crypto/openssl/crypto/rsa/Makefile index f798d2f..e8121a4 100644 --- a/crypto/openssl/crypto/rsa/Makefile +++ b/crypto/openssl/crypto/rsa/Makefile @@ -212,7 +212,7 @@ rsa_oaep.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rsa_oaep.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h rsa_oaep.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h rsa_oaep.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -rsa_oaep.o: ../cryptlib.h rsa_oaep.c +rsa_oaep.o: ../constant_time_locl.h ../cryptlib.h rsa_oaep.c rsa_pk1.o: ../../e_os.h ../../include/openssl/asn1.h rsa_pk1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h rsa_pk1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -221,7 +221,8 @@ rsa_pk1.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h rsa_pk1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rsa_pk1.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h rsa_pk1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -rsa_pk1.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_pk1.c +rsa_pk1.o: ../../include/openssl/symhacks.h ../constant_time_locl.h +rsa_pk1.o: ../cryptlib.h rsa_pk1.c rsa_pmeth.o: ../../e_os.h ../../include/openssl/asn1.h rsa_pmeth.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h rsa_pmeth.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h diff --git a/crypto/openssl/crypto/rsa/rsa.h b/crypto/openssl/crypto/rsa/rsa.h index 5f269e5..11853fe 100644 --- a/crypto/openssl/crypto/rsa/rsa.h +++ b/crypto/openssl/crypto/rsa/rsa.h @@ -559,6 +559,7 @@ void ERR_load_RSA_strings(void); #define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 158 #define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 #define RSA_R_PADDING_CHECK_FAILED 114 +#define RSA_R_PKCS_DECODING_ERROR 159 #define RSA_R_P_NOT_PRIME 128 #define RSA_R_Q_NOT_PRIME 129 #define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130 diff --git a/crypto/openssl/crypto/rsa/rsa_err.c b/crypto/openssl/crypto/rsa/rsa_err.c index 46e0bf9..9da79d9 100644 --- a/crypto/openssl/crypto/rsa/rsa_err.c +++ b/crypto/openssl/crypto/rsa/rsa_err.c @@ -175,6 +175,7 @@ static ERR_STRING_DATA RSA_str_reasons[]= {ERR_REASON(RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE),"operation not allowed in fips mode"}, {ERR_REASON(RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),"operation not supported for this keytype"}, {ERR_REASON(RSA_R_PADDING_CHECK_FAILED) ,"padding check failed"}, +{ERR_REASON(RSA_R_PKCS_DECODING_ERROR) ,"pkcs decoding error"}, {ERR_REASON(RSA_R_P_NOT_PRIME) ,"p not prime"}, {ERR_REASON(RSA_R_Q_NOT_PRIME) ,"q not prime"}, {ERR_REASON(RSA_R_RSA_OPERATIONS_NOT_SUPPORTED),"rsa operations not supported"}, diff --git a/crypto/openssl/crypto/rsa/rsa_oaep.c b/crypto/openssl/crypto/rsa/rsa_oaep.c index af4d24a..c363331 100644 --- a/crypto/openssl/crypto/rsa/rsa_oaep.c +++ b/crypto/openssl/crypto/rsa/rsa_oaep.c @@ -18,6 +18,7 @@ * an equivalent notion. */ +#include "constant_time_locl.h" #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) #include <stdio.h> @@ -95,92 +96,117 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, const unsigned char *from, int flen, int num, const unsigned char *param, int plen) { - int i, dblen, mlen = -1; - const unsigned char *maskeddb; - int lzero; - unsigned char *db = NULL, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH]; - unsigned char *padded_from; - int bad = 0; - - if (--num < 2 * SHA_DIGEST_LENGTH + 1) - /* 'num' is the length of the modulus, i.e. does not depend on the - * particular ciphertext. */ - goto decoding_err; + int i, dblen, mlen = -1, one_index = 0, msg_index; + unsigned int good, found_one_byte; + const unsigned char *maskedseed, *maskeddb; + /* |em| is the encoded message, zero-padded to exactly |num| bytes: + * em = Y || maskedSeed || maskedDB */ + unsigned char *db = NULL, *em = NULL, seed[EVP_MAX_MD_SIZE], + phash[EVP_MAX_MD_SIZE]; - lzero = num - flen; - if (lzero < 0) - { - /* signalling this error immediately after detection might allow - * for side-channel attacks (e.g. timing if 'plen' is huge - * -- cf. James H. Manger, "A Chosen Ciphertext Attack on RSA Optimal - * Asymmetric Encryption Padding (OAEP) [...]", CRYPTO 2001), - * so we use a 'bad' flag */ - bad = 1; - lzero = 0; - flen = num; /* don't overflow the memcpy to padded_from */ - } + if (tlen <= 0 || flen <= 0) + return -1; - dblen = num - SHA_DIGEST_LENGTH; - db = OPENSSL_malloc(dblen + num); - if (db == NULL) + /* + * |num| is the length of the modulus; |flen| is the length of the + * encoded message. Therefore, for any |from| that was obtained by + * decrypting a ciphertext, we must have |flen| <= |num|. Similarly, + * num < 2 * SHA_DIGEST_LENGTH + 2 must hold for the modulus + * irrespective of the ciphertext, see PKCS #1 v2.2, section 7.1.2. + * This does not leak any side-channel information. + */ + if (num < flen || num < 2 * SHA_DIGEST_LENGTH + 2) + goto decoding_err; + + dblen = num - SHA_DIGEST_LENGTH - 1; + db = OPENSSL_malloc(dblen); + em = OPENSSL_malloc(num); + if (db == NULL || em == NULL) { RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, ERR_R_MALLOC_FAILURE); - return -1; + goto cleanup; } - /* Always do this zero-padding copy (even when lzero == 0) - * to avoid leaking timing info about the value of lzero. */ - padded_from = db + dblen; - memset(padded_from, 0, lzero); - memcpy(padded_from + lzero, from, flen); + /* + * Always do this zero-padding copy (even when num == flen) to avoid + * leaking that information. The copy still leaks some side-channel + * information, but it's impossible to have a fixed memory access + * pattern since we can't read out of the bounds of |from|. + * + * TODO(emilia): Consider porting BN_bn2bin_padded from BoringSSL. + */ + memset(em, 0, num); + memcpy(em + num - flen, from, flen); - maskeddb = padded_from + SHA_DIGEST_LENGTH; + /* + * The first byte must be zero, however we must not leak if this is + * true. See James H. Manger, "A Chosen Ciphertext Attack on RSA + * Optimal Asymmetric Encryption Padding (OAEP) [...]", CRYPTO 2001). + */ + good = constant_time_is_zero(em[0]); + + maskedseed = em + 1; + maskeddb = em + 1 + SHA_DIGEST_LENGTH; if (MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen)) - return -1; + goto cleanup; for (i = 0; i < SHA_DIGEST_LENGTH; i++) - seed[i] ^= padded_from[i]; - + seed[i] ^= maskedseed[i]; + if (MGF1(db, dblen, seed, SHA_DIGEST_LENGTH)) - return -1; + goto cleanup; for (i = 0; i < dblen; i++) db[i] ^= maskeddb[i]; if (!EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1(), NULL)) - return -1; + goto cleanup; + + good &= constant_time_is_zero(CRYPTO_memcmp(db, phash, SHA_DIGEST_LENGTH)); - if (CRYPTO_memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad) + found_one_byte = 0; + for (i = SHA_DIGEST_LENGTH; i < dblen; i++) + { + /* Padding consists of a number of 0-bytes, followed by a 1. */ + unsigned int equals1 = constant_time_eq(db[i], 1); + unsigned int equals0 = constant_time_is_zero(db[i]); + one_index = constant_time_select_int(~found_one_byte & equals1, + i, one_index); + found_one_byte |= equals1; + good &= (found_one_byte | equals0); + } + + good &= found_one_byte; + + /* + * At this point |good| is zero unless the plaintext was valid, + * so plaintext-awareness ensures timing side-channels are no longer a + * concern. + */ + if (!good) goto decoding_err; + + msg_index = one_index + 1; + mlen = dblen - msg_index; + + if (tlen < mlen) + { + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE); + mlen = -1; + } else { - for (i = SHA_DIGEST_LENGTH; i < dblen; i++) - if (db[i] != 0x00) - break; - if (i == dblen || db[i] != 0x01) - goto decoding_err; - else - { - /* everything looks OK */ - - mlen = dblen - ++i; - if (tlen < mlen) - { - RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE); - mlen = -1; - } - else - memcpy(to, db + i, mlen); - } + memcpy(to, db + msg_index, mlen); + goto cleanup; } - OPENSSL_free(db); - return mlen; decoding_err: - /* to avoid chosen ciphertext attacks, the error message should not reveal - * which kind of decoding error happened */ + /* To avoid chosen ciphertext attacks, the error message should not reveal + * which kind of decoding error happened. */ RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR); +cleanup: if (db != NULL) OPENSSL_free(db); - return -1; + if (em != NULL) OPENSSL_free(em); + return mlen; } int PKCS1_MGF1(unsigned char *mask, long len, diff --git a/crypto/openssl/crypto/rsa/rsa_pk1.c b/crypto/openssl/crypto/rsa/rsa_pk1.c index 8560755..c2da56f 100644 --- a/crypto/openssl/crypto/rsa/rsa_pk1.c +++ b/crypto/openssl/crypto/rsa/rsa_pk1.c @@ -56,6 +56,8 @@ * [including the GNU Public Licence.] */ +#include "constant_time_locl.h" + #include <stdio.h> #include "cryptlib.h" #include <openssl/bn.h> @@ -181,44 +183,87 @@ int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen, int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, const unsigned char *from, int flen, int num) { - int i,j; - const unsigned char *p; + int i; + /* |em| is the encoded message, zero-padded to exactly |num| bytes */ + unsigned char *em = NULL; + unsigned int good, found_zero_byte; + int zero_index = 0, msg_index, mlen = -1; - p=from; - if ((num != (flen+1)) || (*(p++) != 02)) - { - RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_BLOCK_TYPE_IS_NOT_02); - return(-1); - } -#ifdef PKCS1_CHECK - return(num-11); -#endif + if (tlen < 0 || flen < 0) + return -1; - /* scan over padding data */ - j=flen-1; /* one for type. */ - for (i=0; i<j; i++) - if (*(p++) == 0) break; + /* PKCS#1 v1.5 decryption. See "PKCS #1 v2.2: RSA Cryptography + * Standard", section 7.2.2. */ - if (i == j) + if (flen > num) + goto err; + + if (num < 11) + goto err; + + em = OPENSSL_malloc(num); + if (em == NULL) { - RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_NULL_BEFORE_BLOCK_MISSING); - return(-1); + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, ERR_R_MALLOC_FAILURE); + return -1; } + memset(em, 0, num); + /* + * Always do this zero-padding copy (even when num == flen) to avoid + * leaking that information. The copy still leaks some side-channel + * information, but it's impossible to have a fixed memory access + * pattern since we can't read out of the bounds of |from|. + * + * TODO(emilia): Consider porting BN_bn2bin_padded from BoringSSL. + */ + memcpy(em + num - flen, from, flen); - if (i < 8) + good = constant_time_is_zero(em[0]); + good &= constant_time_eq(em[1], 2); + + found_zero_byte = 0; + for (i = 2; i < num; i++) { - RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_BAD_PAD_BYTE_COUNT); - return(-1); + unsigned int equals0 = constant_time_is_zero(em[i]); + zero_index = constant_time_select_int(~found_zero_byte & equals0, i, zero_index); + found_zero_byte |= equals0; } - i++; /* Skip over the '\0' */ - j-=i; - if (j > tlen) + + /* + * PS must be at least 8 bytes long, and it starts two bytes into |em|. + * If we never found a 0-byte, then |zero_index| is 0 and the check + * also fails. + */ + good &= constant_time_ge((unsigned int)(zero_index), 2 + 8); + + /* Skip the zero byte. This is incorrect if we never found a zero-byte + * but in this case we also do not copy the message out. */ + msg_index = zero_index + 1; + mlen = num - msg_index; + + /* For good measure, do this check in constant time as well; it could + * leak something if |tlen| was assuming valid padding. */ + good &= constant_time_ge((unsigned int)(tlen), (unsigned int)(mlen)); + + /* + * We can't continue in constant-time because we need to copy the result + * and we cannot fake its length. This unavoidably leaks timing + * information at the API boundary. + * TODO(emilia): this could be addressed at the call site, + * see BoringSSL commit 0aa0767340baf925bda4804882aab0cb974b2d26. + */ + if (!good) { - RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_DATA_TOO_LARGE); - return(-1); + mlen = -1; + goto err; } - memcpy(to,p,(unsigned int)j); - return(j); - } + memcpy(to, em + msg_index, mlen); +err: + if (em != NULL) + OPENSSL_free(em); + if (mlen == -1) + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, RSA_R_PKCS_DECODING_ERROR); + return mlen; + } diff --git a/crypto/openssl/crypto/rsa/rsa_sign.c b/crypto/openssl/crypto/rsa/rsa_sign.c index b6f6037..225bcfe 100644 --- a/crypto/openssl/crypto/rsa/rsa_sign.c +++ b/crypto/openssl/crypto/rsa/rsa_sign.c @@ -151,6 +151,25 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len, return(ret); } +/* + * Check DigestInfo structure does not contain extraneous data by reencoding + * using DER and checking encoding against original. + */ +static int rsa_check_digestinfo(X509_SIG *sig, const unsigned char *dinfo, int dinfolen) + { + unsigned char *der = NULL; + int derlen; + int ret = 0; + derlen = i2d_X509_SIG(sig, &der); + if (derlen <= 0) + return 0; + if (derlen == dinfolen && !memcmp(dinfo, der, derlen)) + ret = 1; + OPENSSL_cleanse(der, derlen); + OPENSSL_free(der); + return ret; + } + int int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len, unsigned char *rm, size_t *prm_len, @@ -228,7 +247,7 @@ int int_rsa_verify(int dtype, const unsigned char *m, if (sig == NULL) goto err; /* Excess data can be used to create forgeries */ - if(p != s+i) + if(p != s+i || !rsa_check_digestinfo(sig, s, i)) { RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_BAD_SIGNATURE); goto err; diff --git a/crypto/openssl/crypto/stack/safestack.h b/crypto/openssl/crypto/stack/safestack.h index ea3aa0d..bc194cb 100644 --- a/crypto/openssl/crypto/stack/safestack.h +++ b/crypto/openssl/crypto/stack/safestack.h @@ -57,6 +57,10 @@ #include <openssl/stack.h> +#ifdef __cplusplus +extern "C" { +#endif + #ifndef CHECKED_PTR_OF #define CHECKED_PTR_OF(type, p) \ ((void*) (1 ? p : (type*)0)) @@ -2660,4 +2664,8 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) #define lh_SSL_SESSION_free(lh) LHM_lh_free(SSL_SESSION,lh) /* End of util/mkstack.pl block, you may now edit :-) */ + +#ifdef __cplusplus +} +#endif #endif /* !defined HEADER_SAFESTACK_H */ diff --git a/crypto/openssl/doc/apps/c_rehash.pod b/crypto/openssl/doc/apps/c_rehash.pod new file mode 100644 index 0000000..c564e86 --- /dev/null +++ b/crypto/openssl/doc/apps/c_rehash.pod @@ -0,0 +1,81 @@ +=pod + +=for comment +Original text by James Westby, contributed under the OpenSSL license. + +=head1 NAME + +c_rehash - Create symbolic links to files named by the hash values + +=head1 SYNOPSIS + +B<c_rehash> +[ I<directory>...] + +=head1 DESCRIPTION + +B<c_rehash> scans directories and calculates a hash value of each C<.pem> +file in the specified directory list and creates symbolic links +for each file, where the name of the link is the hash value. +This utility is useful as many programs that use OpenSSL require +directories to be set up like this in order to find certificates. + +If any directories are named on the command line, then those are +processed in turn. If not, then the B<SSL_CERT_DIR> environment variable +is consulted; this shold be a colon-separated list of directories, +like the Unix B<PATH> variable. +If that is not set then the default directory (installation-specific +but often B</usr/local/ssl/certs>) is processed. + +In order for a directory to be processed, the user must have write +permissions on that directory, otherwise it will be skipped. +The links created are of the form C<HHHHHHHH.D>, where each B<H> +is a hexadecimal character and B<D> is a single decimal digit. +When processing a directory, B<c_rehash> will first remove all links +that have a name in that syntax. If you have links in that format +used for other purposes, they will be removed. +Hashes for CRL's look similar except the letter B<r> appears after +the period, like this: C<HHHHHHHH.rD>. + +Multiple objects may have the same hash; they will be indicated by +incrementing the B<D> value. Duplicates are found by comparing the +full SHA-1 fingerprint. A warning will be displayed if a duplicate +is found. + +A warning will also be displayed if there are B<.pem> files that +cannot be parsed as either a certificate or a CRL. + +The program uses the B<openssl> program to compute the hashes and +fingerprints. If not found in the user's B<PATH>, then set the +B<OPENSSL> environment variable to the full pathname. +Any program can be used, it will be invoked as follows for either +a certificate or CRL: + + $OPENSSL x509 -hash -fingerprint -noout -in FFFFFF + $OPENSSL crl -hash -fingerprint -noout -in FFFFFF + +where B<FFFFFF> is the filename. It must output the hash of the +file on the first line, and the fingerprint on the second, +optionally prefixed with some text and an equals sign. + +=head1 ENVIRONMENT + +=over + +=item B<OPENSSL> + +The path to an executable to use to generate hashes and +fingerprints (see above). + +=item B<SSL_CERT_DIR> + +Colon separated list of directories to operate on. +Ignored if directories are listed on the command line. + +=back + +=head1 SEE ALSO + +L<openssl(1)|openssl(1)>, +L<crl(1)|crl(1)>. +L<x509(1)|x509(1)>. diff --git a/crypto/openssl/doc/apps/dgst.pod b/crypto/openssl/doc/apps/dgst.pod index d79fb5c..b159d91 100644 --- a/crypto/openssl/doc/apps/dgst.pod +++ b/crypto/openssl/doc/apps/dgst.pod @@ -2,16 +2,17 @@ =head1 NAME -dgst, md5, md4, md2, sha1, sha, mdc2, ripemd160 - message digests +dgst, sha, sha1, mdc2, ripemd160, sha224, sha256, sha384, sha512, md2, md4, md5, dss1 - message digests =head1 SYNOPSIS B<openssl> B<dgst> -[B<-md5|-md4|-md2|-sha1|-sha|-mdc2|-ripemd160|-dss1>] +[B<-sha|-sha1|-mdc2|-ripemd160|-sha224|-sha256|-sha384|-sha512|-md2|-md4|-md5|-dss1>] [B<-c>] [B<-d>] [B<-hex>] [B<-binary>] +[B<-r>] [B<-out filename>] [B<-sign filename>] [B<-keyform arg>] @@ -20,17 +21,19 @@ B<openssl> B<dgst> [B<-prverify filename>] [B<-signature filename>] [B<-hmac key>] +[B<-non-fips-allow>] +[B<-fips-fingerprint>] [B<file...>] -[B<md5|md4|md2|sha1|sha|mdc2|ripemd160>] -[B<-c>] -[B<-d>] -[B<file...>] +B<openssl> +[I<digest>] +[B<...>] =head1 DESCRIPTION The digest functions output the message digest of a supplied file or files -in hexadecimal form. They can also be used for digital signing and verification. +in hexadecimal. The digest functions also generate and verify digital +signatures using message digests. =head1 OPTIONS @@ -48,12 +51,17 @@ print out BIO debugging information. =item B<-hex> digest is to be output as a hex dump. This is the default case for a "normal" -digest as opposed to a digital signature. +digest as opposed to a digital signature. See NOTES below for digital +signatures using B<-hex>. =item B<-binary> output the digest or signature in binary form. +=item B<-r> + +output the digest in the "coreutils" format used by programs like B<sha1sum>. + =item B<-out filename> filename to output to, or standard output by default. @@ -64,8 +72,8 @@ digitally sign the digest using the private key in "filename". =item B<-keyform arg> -Specifies the key format to sign digest with. Only PEM and ENGINE -formats are supported by the B<dgst> command. +Specifies the key format to sign digest with. The DER, PEM, P12, +and ENGINE formats are supported. =item B<-engine id> @@ -117,7 +125,7 @@ Following options are supported by both by B<HMAC> and B<gost-mac>: =over 8 =item B<key:string> - + Specifies MAC key as alphnumeric string (use if key contain printable characters only). String length must conform to any restrictions of the MAC algorithm for example exactly 32 chars for gost-mac. @@ -138,6 +146,15 @@ Multiple files can be specified separated by a OS-dependent character. The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for all others. +=item B<-non-fips-allow> + +enable use of non-FIPS algorithms such as MD5 even in FIPS mode. + +=item B<-fips-fingerprint> + +compute HMAC using a specific key +for certain OpenSSL-FIPS operations. + =item B<file...> file or files to digest. If no files are specified then standard input is @@ -145,18 +162,41 @@ used. =back + +=head1 EXAMPLES + +To create a hex-encoded message digest of a file: + openssl dgst -md5 -hex file.txt + +To sign a file using SHA-256 with binary file output: + openssl dgst -sha256 -sign privatekey.pem -out signature.sign file.txt + +To verify a signature: + openssl dgst -sha256 -verify publickey.pem \ + -signature signature.sign \ + file.txt + + =head1 NOTES The digest of choice for all new applications is SHA1. Other digests are however still widely used. -If you wish to sign or verify data using the DSA algorithm then the dss1 -digest must be used. +When signing a file, B<dgst> will automatically determine the algorithm +(RSA, ECC, etc) to use for signing based on the private key's ASN.1 info. +When verifying signatures, it only handles the RSA, DSA, or ECDSA signature +itself, not the related data to identify the signer and algorithm used in +formats such as x.509, CMS, and S/MIME. A source of random numbers is required for certain signing algorithms, in -particular DSA. +particular ECDSA and DSA. The signing and verify options should only be used if a single file is being signed or verified. +Hex signatures cannot be verified using B<openssl>. Instead, use "xxd -r" +or similar program to transform the hex signature into a binary signature +prior to verification. + + =cut diff --git a/crypto/openssl/doc/crypto/BIO_s_accept.pod b/crypto/openssl/doc/crypto/BIO_s_accept.pod index 7b63e46..b80b6ae 100644 --- a/crypto/openssl/doc/crypto/BIO_s_accept.pod +++ b/crypto/openssl/doc/crypto/BIO_s_accept.pod @@ -59,8 +59,8 @@ the accept socket. See L<BIO_s_fd(3)|BIO_s_fd(3)> BIO_set_accept_port() uses the string B<name> to set the accept port. The port is represented as a string of the form "host:port", where "host" is the interface to use and "port" is the port. -Either or both values can be "*" which is interpreted as meaning -any interface or port respectively. "port" has the same syntax +The host can be can be "*" which is interpreted as meaning +any interface; "port" has the same syntax as the port specified in BIO_set_conn_port() for connect BIOs, that is it can be a numerical port string or a string to lookup using getservbyname() and a string table. diff --git a/crypto/openssl/doc/crypto/CMS_sign_add1_signer.pod b/crypto/openssl/doc/crypto/CMS_add1_signer.pod index bda3ca2..a055b82 100644 --- a/crypto/openssl/doc/crypto/CMS_sign_add1_signer.pod +++ b/crypto/openssl/doc/crypto/CMS_add1_signer.pod @@ -2,20 +2,20 @@ =head1 NAME - CMS_sign_add1_signer, CMS_SignerInfo_sign - add a signer to a CMS_ContentInfo signed data structure. + CMS_add1_signer, CMS_SignerInfo_sign - add a signer to a CMS_ContentInfo signed data structure. =head1 SYNOPSIS #include <openssl/cms.h> - CMS_SignerInfo *CMS_sign_add1_signer(CMS_ContentInfo *cms, X509 *signcert, EVP_PKEY *pkey, const EVP_MD *md, unsigned int flags); + CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, X509 *signcert, EVP_PKEY *pkey, const EVP_MD *md, unsigned int flags); int CMS_SignerInfo_sign(CMS_SignerInfo *si); =head1 DESCRIPTION -CMS_sign_add1_signer() adds a signer with certificate B<signcert> and private +CMS_add1_signer() adds a signer with certificate B<signcert> and private key B<pkey> using message digest B<md> to CMS_ContentInfo SignedData structure B<cms>. @@ -36,7 +36,7 @@ are both set. =head1 NOTES -The main purpose of CMS_sign_add1_signer() is to provide finer control +The main purpose of CMS_add1_signer() is to provide finer control over a CMS signed data structure where the simpler CMS_sign() function defaults are not appropriate. For example if multiple signers or non default digest algorithms are needed. New attributes can also be added using the returned @@ -80,13 +80,13 @@ bit AES, 128 bit AES, triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. If any of these algorithms is not available then it will not be included: for example the GOST algorithms will not be included if the GOST ENGINE is not loaded. -CMS_sign_add1_signer() returns an internal pointer to the CMS_SignerInfo +CMS_add1_signer() returns an internal pointer to the CMS_SignerInfo structure just added, this can be used to set additional attributes before it is finalized. =head1 RETURN VALUES -CMS_sign1_add_signers() returns an internal pointer to the CMS_SignerInfo +CMS_add1_signer() returns an internal pointer to the CMS_SignerInfo structure just added or NULL if an error occurs. =head1 SEE ALSO @@ -96,6 +96,6 @@ L<CMS_final(3)|CMS_final(3)>, =head1 HISTORY -CMS_sign_add1_signer() was added to OpenSSL 0.9.8 +CMS_add1_signer() was added to OpenSSL 0.9.8 =cut diff --git a/crypto/openssl/doc/crypto/EVP_DigestInit.pod b/crypto/openssl/doc/crypto/EVP_DigestInit.pod index 310c65e..ac526bb 100644 --- a/crypto/openssl/doc/crypto/EVP_DigestInit.pod +++ b/crypto/openssl/doc/crypto/EVP_DigestInit.pod @@ -26,13 +26,13 @@ EVP digest routines int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx); void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx); - int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in); + int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in); int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s); - int EVP_MD_CTX_copy(EVP_MD_CTX *out,EVP_MD_CTX *in); + int EVP_MD_CTX_copy(EVP_MD_CTX *out,EVP_MD_CTX *in); #define EVP_MAX_MD_SIZE 64 /* SHA512 */ @@ -136,10 +136,10 @@ reasons. EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_sha224(), EVP_sha256(), EVP_sha384(), EVP_sha512(), EVP_mdc2() and EVP_ripemd160() return B<EVP_MD> structures for the MD2, MD5, SHA, SHA1, SHA224, SHA256, SHA384, SHA512, MDC2 -and RIPEMD160 digest algorithms respectively. +and RIPEMD160 digest algorithms respectively. EVP_dss() and EVP_dss1() return B<EVP_MD> structures for SHA and SHA1 digest -algorithms but using DSS (DSA) for the signature algorithm. Note: there is +algorithms but using DSS (DSA) for the signature algorithm. Note: there is no need to use these pseudo-digests in OpenSSL 1.0.0 and later, they are however retained for compatibility. @@ -177,21 +177,21 @@ The B<EVP> interface to message digests should almost always be used in preference to the low level interfaces. This is because the code then becomes transparent to the digest used and much more flexible. -New applications should use the SHA2 digest algorithms such as SHA256. +New applications should use the SHA2 digest algorithms such as SHA256. The other digest algorithms are still in common use. For most applications the B<impl> parameter to EVP_DigestInit_ex() will be set to NULL to use the default digest implementation. -The functions EVP_DigestInit(), EVP_DigestFinal() and EVP_MD_CTX_copy() are +The functions EVP_DigestInit(), EVP_DigestFinal() and EVP_MD_CTX_copy() are obsolete but are retained to maintain compatibility with existing code. New -applications should use EVP_DigestInit_ex(), EVP_DigestFinal_ex() and +applications should use EVP_DigestInit_ex(), EVP_DigestFinal_ex() and EVP_MD_CTX_copy_ex() because they can efficiently reuse a digest context instead of initializing and cleaning it up on each call and allow non default implementations of digests to be specified. In OpenSSL 0.9.7 and later if digest contexts are not cleaned up after use -memory leaks will occur. +memory leaks will occur. Stack allocation of EVP_MD_CTX structures is common, for example: @@ -245,15 +245,19 @@ digest name passed on the command line. EVP_MD_CTX_destroy(mdctx); printf("Digest is: "); - for(i = 0; i < md_len; i++) printf("%02x", md_value[i]); + for(i = 0; i < md_len; i++) + printf("%02x", md_value[i]); printf("\n"); + + /* Call this once before exit. */ + EVP_cleanup(); + exit(0); } =head1 SEE ALSO -L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>, -L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>, -L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)> +L<dgst(1)|dgst(1)>, +L<evp(3)|evp(3)> =head1 HISTORY @@ -269,7 +273,7 @@ EVP_dss(), EVP_dss1(), EVP_mdc2() and EVP_ripemd160() were changed to return truely const EVP_MD * in OpenSSL 0.9.7. The link between digests and signing algorithms was fixed in OpenSSL 1.0 and -later, so now EVP_sha1() can be used with RSA and DSA, there is no need to +later, so now EVP_sha1() can be used with RSA and DSA; there is no need to use EVP_dss1() any more. OpenSSL 1.0 and later does not include the MD2 digest algorithm in the diff --git a/crypto/openssl/doc/crypto/EVP_DigestVerifyInit.pod b/crypto/openssl/doc/crypto/EVP_DigestVerifyInit.pod index f224488..cfeccd9 100644 --- a/crypto/openssl/doc/crypto/EVP_DigestVerifyInit.pod +++ b/crypto/openssl/doc/crypto/EVP_DigestVerifyInit.pod @@ -38,7 +38,7 @@ or a negative value for failure. In particular a return value of -2 indicates the operation is not supported by the public key algorithm. Unlike other functions the return value 0 from EVP_DigestVerifyFinal() only -indicates that the signature did not not verify successfully (that is tbs did +indicates that the signature did not verify successfully (that is tbs did not match the original data or the signature was of invalid form) it is not an indication of a more serious error. @@ -59,7 +59,7 @@ For some key types and parameters the random number generator must be seeded or the operation will fail. The call to EVP_DigestVerifyFinal() internally finalizes a copy of the digest -context. This means that calls to EVP_VerifyUpdate() and EVP_VerifyFinal() can +context. This means that EVP_VerifyUpdate() and EVP_VerifyFinal() can be called later to digest and verify additional data. Since only a copy of the digest context is ever finalized the context must diff --git a/crypto/openssl/doc/crypto/EVP_EncryptInit.pod b/crypto/openssl/doc/crypto/EVP_EncryptInit.pod index d11e054..4e22edc 100644 --- a/crypto/openssl/doc/crypto/EVP_EncryptInit.pod +++ b/crypto/openssl/doc/crypto/EVP_EncryptInit.pod @@ -387,27 +387,7 @@ for certain common S/MIME ciphers (RC2, DES, triple DES) in CBC mode. =head1 EXAMPLES -Get the number of rounds used in RC5: - - int nrounds; - EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC5_ROUNDS, 0, &nrounds); - -Get the RC2 effective key length: - - int key_bits; - EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC2_KEY_BITS, 0, &key_bits); - -Set the number of rounds used in RC5: - - int nrounds; - EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC5_ROUNDS, nrounds, NULL); - -Set the effective key length used in RC2: - - int key_bits; - EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL); - -Encrypt a string using blowfish: +Encrypt a string using IDEA: int do_crypt(char *outfile) { @@ -421,8 +401,9 @@ Encrypt a string using blowfish: char intext[] = "Some Crypto Text"; EVP_CIPHER_CTX ctx; FILE *out; + EVP_CIPHER_CTX_init(&ctx); - EVP_EncryptInit_ex(&ctx, EVP_bf_cbc(), NULL, key, iv); + EVP_EncryptInit_ex(&ctx, EVP_idea_cbc(), NULL, key, iv); if(!EVP_EncryptUpdate(&ctx, outbuf, &outlen, intext, strlen(intext))) { @@ -451,28 +432,34 @@ Encrypt a string using blowfish: } The ciphertext from the above example can be decrypted using the B<openssl> -utility with the command line: +utility with the command line (shown on two lines for clarity): - S<openssl bf -in cipher.bin -K 000102030405060708090A0B0C0D0E0F -iv 0102030405060708 -d> + openssl idea -d <filename + -K 000102030405060708090A0B0C0D0E0F -iv 0102030405060708 -General encryption, decryption function example using FILE I/O and RC2 with an -80 bit key: +General encryption and decryption function example using FILE I/O and AES128 +with a 128-bit key: int do_crypt(FILE *in, FILE *out, int do_encrypt) { /* Allow enough space in output buffer for additional block */ - inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH]; + unsigned char inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH]; int inlen, outlen; + EVP_CIPHER_CTX ctx; /* Bogus key and IV: we'd normally set these from * another source. */ - unsigned char key[] = "0123456789"; - unsigned char iv[] = "12345678"; - /* Don't set key or IV because we will modify the parameters */ + unsigned char key[] = "0123456789abcdeF"; + unsigned char iv[] = "1234567887654321"; + + /* Don't set key or IV right away; we want to check lengths */ EVP_CIPHER_CTX_init(&ctx); - EVP_CipherInit_ex(&ctx, EVP_rc2(), NULL, NULL, NULL, do_encrypt); - EVP_CIPHER_CTX_set_key_length(&ctx, 10); - /* We finished modifying parameters so now we can set key and IV */ + EVP_CipherInit_ex(&ctx, EVP_aes_128_cbc(), NULL, NULL, NULL, + do_encrypt); + OPENSSL_assert(EVP_CIPHER_CTX_key_length(&ctx) == 16); + OPENSSL_assert(EVP_CIPHER_CTX_iv_length(&ctx) == 16); + + /* Now we can set key and IV */ EVP_CipherInit_ex(&ctx, NULL, NULL, key, iv, do_encrypt); for(;;) @@ -511,4 +498,7 @@ EVP_DecryptInit_ex(), EVP_DecryptFinal_ex(), EVP_CipherInit_ex(), EVP_CipherFinal_ex() and EVP_CIPHER_CTX_set_padding() appeared in OpenSSL 0.9.7. +IDEA appeared in OpenSSL 0.9.7 but was often disabled due to +patent concerns; the last patents expired in 2012. + =cut diff --git a/crypto/openssl/doc/crypto/EVP_PKEY_set1_RSA.pod b/crypto/openssl/doc/crypto/EVP_PKEY_set1_RSA.pod index 2db692e..6f10175 100644 --- a/crypto/openssl/doc/crypto/EVP_PKEY_set1_RSA.pod +++ b/crypto/openssl/doc/crypto/EVP_PKEY_set1_RSA.pod @@ -37,7 +37,7 @@ EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and EVP_PKEY_get1_EC_KEY() return the referenced key in B<pkey> or B<NULL> if the key is not of the correct type. -EVP_PKEY_assign_RSA() EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH() +EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH() and EVP_PKEY_assign_EC_KEY() also set the referenced key to B<key> however these use the supplied B<key> internally and so B<key> will be freed when the parent B<pkey> is freed. @@ -54,8 +54,8 @@ In accordance with the OpenSSL naming convention the key obtained from or assigned to the B<pkey> using the B<1> functions must be freed as well as B<pkey>. -EVP_PKEY_assign_RSA() EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH() -EVP_PKEY_assign_EC_KEY() are implemented as macros. +EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH() +and EVP_PKEY_assign_EC_KEY() are implemented as macros. =head1 RETURN VALUES @@ -66,7 +66,7 @@ EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and EVP_PKEY_get1_EC_KEY() return the referenced key or B<NULL> if an error occurred. -EVP_PKEY_assign_RSA() EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH() +EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH() and EVP_PKEY_assign_EC_KEY() return 1 for success and 0 for failure. =head1 SEE ALSO diff --git a/crypto/openssl/doc/crypto/EVP_PKEY_sign.pod b/crypto/openssl/doc/crypto/EVP_PKEY_sign.pod index a044f2c..21974b4 100644 --- a/crypto/openssl/doc/crypto/EVP_PKEY_sign.pod +++ b/crypto/openssl/doc/crypto/EVP_PKEY_sign.pod @@ -28,9 +28,14 @@ B<sig> and the amount of data written to B<siglen>. =head1 NOTES +EVP_PKEY_sign() does not hash the data to be signed, and therefore is +normally used to sign digests. For signing arbitrary messages, see the +L<EVP_DigestSignInit(3)|EVP_DigestSignInit(3)> and +L<EVP_SignInit(3)|EVP_SignInit(3)> signing interfaces instead. + After the call to EVP_PKEY_sign_init() algorithm specific control operations can be performed to set any appropriate parameters for the -operation. +operation (see L<EVP_PKEY_CTX_ctrl(3)|EVP_PKEY_CTX_ctrl(3)>). The function EVP_PKEY_sign() can be called more than once on the same context if several operations are performed using the same parameters. @@ -49,13 +54,17 @@ Sign data using RSA with PKCS#1 padding and SHA256 digest: #include <openssl/rsa.h> EVP_PKEY_CTX *ctx; + /* md is a SHA-256 digest in this example. */ unsigned char *md, *sig; - size_t mdlen, siglen; + size_t mdlen = 32, siglen; EVP_PKEY *signing_key; - /* NB: assumes signing_key, md and mdlen are already set up - * and that signing_key is an RSA private key + + /* + * NB: assumes signing_key and md are set up before the next + * step. signing_key must be an RSA private key and md must + * point to the SHA-256 digest to be signed. */ - ctx = EVP_PKEY_CTX_new(signing_key); + ctx = EVP_PKEY_CTX_new(signing_key, NULL /* no engine */); if (!ctx) /* Error occurred */ if (EVP_PKEY_sign_init(ctx) <= 0) @@ -83,6 +92,7 @@ Sign data using RSA with PKCS#1 padding and SHA256 digest: =head1 SEE ALSO L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>, +L<EVP_PKEY_CTX_ctrl(3)|EVP_PKEY_CTX_ctrl(3)>, L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>, L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>, L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>, diff --git a/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod b/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod index b34c68a..7a27eef 100644 --- a/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod +++ b/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod @@ -48,12 +48,13 @@ even if he gets hold of the normal (certified) key, as this key was only used for signing. In order to perform a DH key exchange the server must use a DH group -(DH parameters) and generate a DH key. The server will always generate a new -DH key during the negotiation, when the DH parameters are supplied via -callback and/or when the SSL_OP_SINGLE_DH_USE option of -L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)> is set. It will -immediately create a DH key, when DH parameters are supplied via -SSL_CTX_set_tmp_dh() and SSL_OP_SINGLE_DH_USE is not set. In this case, +(DH parameters) and generate a DH key. +The server will always generate a new DH key during the negotiation +if either the DH parameters are supplied via callback or the +SSL_OP_SINGLE_DH_USE option of SSL_CTX_set_options(3) is set (or both). +It will immediately create a DH key if DH parameters are supplied via +SSL_CTX_set_tmp_dh() and SSL_OP_SINGLE_DH_USE is not set. +In this case, it may happen that a key is generated on initialization without later being needed, while on the other hand the computer time during the negotiation is being saved. @@ -139,7 +140,7 @@ partly left out.) dh_tmp = dh_512; break; case 1024: - if (!dh_1024) + if (!dh_1024) dh_1024 = get_dh1024(); dh_tmp = dh_1024; break; diff --git a/crypto/openssl/e_os.h b/crypto/openssl/e_os.h index 6a0aad1..733155e 100644 --- a/crypto/openssl/e_os.h +++ b/crypto/openssl/e_os.h @@ -373,7 +373,16 @@ static unsigned int _strlen31(const char *str) # define check_winnt() (1) #else # define check_winnt() (GetVersion() < 0x80000000) -#endif +#endif + +/* + * Visual Studio: inline is available in C++ only, however + * __inline is available for C, see + * http://msdn.microsoft.com/en-us/library/z8y1yy88.aspx + */ +#if defined(_MSC_VER) && !defined(__cplusplus) && !defined(inline) +# define inline __inline +#endif #else /* The non-microsoft world */ @@ -738,4 +747,3 @@ struct servent *getservbyname(const char *name, const char *proto); #endif #endif - diff --git a/crypto/openssl/ssl/Makefile b/crypto/openssl/ssl/Makefile index bffd928..8dd390e 100644 --- a/crypto/openssl/ssl/Makefile +++ b/crypto/openssl/ssl/Makefile @@ -547,26 +547,27 @@ s3_both.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h s3_both.o: ../include/openssl/stack.h ../include/openssl/symhacks.h s3_both.o: ../include/openssl/tls1.h ../include/openssl/x509.h s3_both.o: ../include/openssl/x509_vfy.h s3_both.c ssl_locl.h -s3_cbc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -s3_cbc.o: ../include/openssl/buffer.h ../include/openssl/comp.h -s3_cbc.o: ../include/openssl/crypto.h ../include/openssl/dsa.h -s3_cbc.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h -s3_cbc.o: ../include/openssl/ec.h ../include/openssl/ecdh.h -s3_cbc.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -s3_cbc.o: ../include/openssl/evp.h ../include/openssl/hmac.h -s3_cbc.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s3_cbc.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h -s3_cbc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s3_cbc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -s3_cbc.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s3_cbc.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h -s3_cbc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s3_cbc.o: ../include/openssl/sha.h ../include/openssl/srtp.h -s3_cbc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s3_cbc.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s3_cbc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s3_cbc.o: ../include/openssl/tls1.h ../include/openssl/x509.h -s3_cbc.o: ../include/openssl/x509_vfy.h s3_cbc.c ssl_locl.h +s3_cbc.o: ../crypto/constant_time_locl.h ../e_os.h ../include/openssl/asn1.h +s3_cbc.o: ../include/openssl/bio.h ../include/openssl/buffer.h +s3_cbc.o: ../include/openssl/comp.h ../include/openssl/crypto.h +s3_cbc.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h +s3_cbc.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +s3_cbc.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +s3_cbc.o: ../include/openssl/err.h ../include/openssl/evp.h +s3_cbc.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +s3_cbc.o: ../include/openssl/lhash.h ../include/openssl/md5.h +s3_cbc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s3_cbc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s3_cbc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +s3_cbc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +s3_cbc.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h +s3_cbc.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s3_cbc.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +s3_cbc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s3_cbc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s3_cbc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s3_cbc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s3_cbc.c +s3_cbc.o: ssl_locl.h s3_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s3_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h s3_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -671,28 +672,29 @@ s3_pkt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h s3_pkt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h s3_pkt.o: ../include/openssl/tls1.h ../include/openssl/x509.h s3_pkt.o: ../include/openssl/x509_vfy.h s3_pkt.c ssl_locl.h -s3_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -s3_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h -s3_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h -s3_srvr.o: ../include/openssl/dh.h ../include/openssl/dsa.h -s3_srvr.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h -s3_srvr.o: ../include/openssl/ec.h ../include/openssl/ecdh.h -s3_srvr.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -s3_srvr.o: ../include/openssl/evp.h ../include/openssl/hmac.h -s3_srvr.o: ../include/openssl/krb5_asn.h ../include/openssl/kssl.h -s3_srvr.o: ../include/openssl/lhash.h ../include/openssl/md5.h -s3_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s3_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s3_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s3_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s3_srvr.o: ../include/openssl/pqueue.h ../include/openssl/rand.h -s3_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s3_srvr.o: ../include/openssl/sha.h ../include/openssl/srtp.h -s3_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s3_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s3_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s3_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h -s3_srvr.o: ../include/openssl/x509_vfy.h kssl_lcl.h s3_srvr.c ssl_locl.h +s3_srvr.o: ../crypto/constant_time_locl.h ../e_os.h ../include/openssl/asn1.h +s3_srvr.o: ../include/openssl/bio.h ../include/openssl/bn.h +s3_srvr.o: ../include/openssl/buffer.h ../include/openssl/comp.h +s3_srvr.o: ../include/openssl/crypto.h ../include/openssl/dh.h +s3_srvr.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h +s3_srvr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +s3_srvr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +s3_srvr.o: ../include/openssl/err.h ../include/openssl/evp.h +s3_srvr.o: ../include/openssl/hmac.h ../include/openssl/krb5_asn.h +s3_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s3_srvr.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h +s3_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s3_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s3_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s3_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +s3_srvr.o: ../include/openssl/rand.h ../include/openssl/rsa.h +s3_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s3_srvr.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +s3_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s3_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s3_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s3_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h kssl_lcl.h +s3_srvr.o: s3_srvr.c ssl_locl.h ssl_algs.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ssl_algs.o: ../include/openssl/buffer.h ../include/openssl/comp.h ssl_algs.o: ../include/openssl/crypto.h ../include/openssl/dsa.h diff --git a/crypto/openssl/ssl/d1_both.c b/crypto/openssl/ssl/d1_both.c index 89cdca8..2e4250f 100644 --- a/crypto/openssl/ssl/d1_both.c +++ b/crypto/openssl/ssl/d1_both.c @@ -1492,6 +1492,9 @@ dtls1_process_heartbeat(SSL *s) /* Read type and payload length first */ if (1 + 2 + 16 > s->s3->rrec.length) return 0; /* silently discard */ + if (s->s3->rrec.length > SSL3_RT_MAX_PLAIN_LENGTH) + return 0; /* silently discard per RFC 6520 sec. 4 */ + hbtype = *p++; n2s(p, payload); if (1 + 2 + payload + 16 > s->s3->rrec.length) diff --git a/crypto/openssl/ssl/d1_lib.c b/crypto/openssl/ssl/d1_lib.c index 6bde16f..82ca653 100644 --- a/crypto/openssl/ssl/d1_lib.c +++ b/crypto/openssl/ssl/d1_lib.c @@ -266,6 +266,16 @@ long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg) case DTLS_CTRL_LISTEN: ret = dtls1_listen(s, parg); break; + case SSL_CTRL_CHECK_PROTO_VERSION: + /* For library-internal use; checks that the current protocol + * is the highest enabled version (according to s->ctx->method, + * as version negotiation may have changed s->method). */ +#if DTLS_MAX_VERSION != DTLS1_VERSION +# error Code needs update for DTLS_method() support beyond DTLS1_VERSION. +#endif + /* Just one protocol version is supported so far; + * fail closed if the version is not as expected. */ + return s->version == DTLS_MAX_VERSION; default: ret = ssl3_ctrl(s, cmd, larg, parg); diff --git a/crypto/openssl/ssl/d1_srtp.c b/crypto/openssl/ssl/d1_srtp.c index ab9c419..535539b 100644 --- a/crypto/openssl/ssl/d1_srtp.c +++ b/crypto/openssl/ssl/d1_srtp.c @@ -168,25 +168,6 @@ static int find_profile_by_name(char *profile_name, return 1; } -static int find_profile_by_num(unsigned profile_num, - SRTP_PROTECTION_PROFILE **pptr) - { - SRTP_PROTECTION_PROFILE *p; - - p=srtp_known_profiles; - while(p->name) - { - if(p->id == profile_num) - { - *pptr=p; - return 0; - } - p++; - } - - return 1; - } - static int ssl_ctx_make_profiles(const char *profiles_string,STACK_OF(SRTP_PROTECTION_PROFILE) **out) { STACK_OF(SRTP_PROTECTION_PROFILE) *profiles; @@ -209,11 +190,19 @@ static int ssl_ctx_make_profiles(const char *profiles_string,STACK_OF(SRTP_PROTE if(!find_profile_by_name(ptr,&p, col ? col-ptr : (int)strlen(ptr))) { + if (sk_SRTP_PROTECTION_PROFILE_find(profiles,p) >= 0) + { + SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); + sk_SRTP_PROTECTION_PROFILE_free(profiles); + return 1; + } + sk_SRTP_PROTECTION_PROFILE_push(profiles,p); } else { SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE); + sk_SRTP_PROTECTION_PROFILE_free(profiles); return 1; } @@ -305,13 +294,12 @@ int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int max int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al) { - SRTP_PROTECTION_PROFILE *cprof,*sprof; - STACK_OF(SRTP_PROTECTION_PROFILE) *clnt=0,*srvr; + SRTP_PROTECTION_PROFILE *sprof; + STACK_OF(SRTP_PROTECTION_PROFILE) *srvr; int ct; int mki_len; - int i,j; - int id; - int ret; + int i, srtp_pref; + unsigned int id; /* Length value + the MKI length */ if(len < 3) @@ -341,22 +329,32 @@ int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al return 1; } + srvr=SSL_get_srtp_profiles(s); + s->srtp_profile = NULL; + /* Search all profiles for a match initially */ + srtp_pref = sk_SRTP_PROTECTION_PROFILE_num(srvr); - clnt=sk_SRTP_PROTECTION_PROFILE_new_null(); - while(ct) { n2s(d,id); ct-=2; len-=2; - if(!find_profile_by_num(id,&cprof)) + /* + * Only look for match in profiles of higher preference than + * current match. + * If no profiles have been have been configured then this + * does nothing. + */ + for (i = 0; i < srtp_pref; i++) { - sk_SRTP_PROTECTION_PROFILE_push(clnt,cprof); - } - else - { - ; /* Ignore */ + sprof = sk_SRTP_PROTECTION_PROFILE_value(srvr, i); + if (sprof->id == id) + { + s->srtp_profile = sprof; + srtp_pref = i; + break; + } } } @@ -371,36 +369,7 @@ int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al return 1; } - srvr=SSL_get_srtp_profiles(s); - - /* Pick our most preferred profile. If no profiles have been - configured then the outer loop doesn't run - (sk_SRTP_PROTECTION_PROFILE_num() = -1) - and so we just return without doing anything */ - for(i=0;i<sk_SRTP_PROTECTION_PROFILE_num(srvr);i++) - { - sprof=sk_SRTP_PROTECTION_PROFILE_value(srvr,i); - - for(j=0;j<sk_SRTP_PROTECTION_PROFILE_num(clnt);j++) - { - cprof=sk_SRTP_PROTECTION_PROFILE_value(clnt,j); - - if(cprof->id==sprof->id) - { - s->srtp_profile=sprof; - *al=0; - ret=0; - goto done; - } - } - } - - ret=0; - -done: - if(clnt) sk_SRTP_PROTECTION_PROFILE_free(clnt); - - return ret; + return 0; } int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen) diff --git a/crypto/openssl/ssl/dtls1.h b/crypto/openssl/ssl/dtls1.h index e65d501..192c5de 100644 --- a/crypto/openssl/ssl/dtls1.h +++ b/crypto/openssl/ssl/dtls1.h @@ -84,6 +84,8 @@ extern "C" { #endif #define DTLS1_VERSION 0xFEFF +#define DTLS_MAX_VERSION DTLS1_VERSION + #define DTLS1_BAD_VER 0x0100 #if 0 @@ -284,4 +286,3 @@ typedef struct dtls1_record_data_st } #endif #endif - diff --git a/crypto/openssl/ssl/s23_clnt.c b/crypto/openssl/ssl/s23_clnt.c index 2b93c63..86ab3de 100644 --- a/crypto/openssl/ssl/s23_clnt.c +++ b/crypto/openssl/ssl/s23_clnt.c @@ -125,9 +125,11 @@ static const SSL_METHOD *ssl23_get_client_method(int ver) if (ver == SSL2_VERSION) return(SSLv2_client_method()); #endif +#ifndef OPENSSL_NO_SSL3 if (ver == SSL3_VERSION) return(SSLv3_client_method()); - else if (ver == TLS1_VERSION) +#endif + if (ver == TLS1_VERSION) return(TLSv1_client_method()); else if (ver == TLS1_1_VERSION) return(TLSv1_1_client_method()); @@ -698,6 +700,7 @@ static int ssl23_get_server_hello(SSL *s) { /* we have sslv3 or tls1 (server hello or alert) */ +#ifndef OPENSSL_NO_SSL3 if ((p[2] == SSL3_VERSION_MINOR) && !(s->options & SSL_OP_NO_SSLv3)) { @@ -712,7 +715,9 @@ static int ssl23_get_server_hello(SSL *s) s->version=SSL3_VERSION; s->method=SSLv3_client_method(); } - else if ((p[2] == TLS1_VERSION_MINOR) && + else +#endif + if ((p[2] == TLS1_VERSION_MINOR) && !(s->options & SSL_OP_NO_TLSv1)) { s->version=TLS1_VERSION; @@ -736,6 +741,9 @@ static int ssl23_get_server_hello(SSL *s) goto err; } + /* ensure that TLS_MAX_VERSION is up-to-date */ + OPENSSL_assert(s->version <= TLS_MAX_VERSION); + if (p[0] == SSL3_RT_ALERT && p[5] != SSL3_AL_WARNING) { /* fatal alert */ diff --git a/crypto/openssl/ssl/s23_srvr.c b/crypto/openssl/ssl/s23_srvr.c index 2901a6b..93ca7d5 100644 --- a/crypto/openssl/ssl/s23_srvr.c +++ b/crypto/openssl/ssl/s23_srvr.c @@ -127,9 +127,11 @@ static const SSL_METHOD *ssl23_get_server_method(int ver) if (ver == SSL2_VERSION) return(SSLv2_server_method()); #endif +#ifndef OPENSSL_NO_SSL3 if (ver == SSL3_VERSION) return(SSLv3_server_method()); - else if (ver == TLS1_VERSION) +#endif + if (ver == TLS1_VERSION) return(TLSv1_server_method()); else if (ver == TLS1_1_VERSION) return(TLSv1_1_server_method()); @@ -421,6 +423,9 @@ int ssl23_get_client_hello(SSL *s) } } + /* ensure that TLS_MAX_VERSION is up-to-date */ + OPENSSL_assert(s->version <= TLS_MAX_VERSION); + #ifdef OPENSSL_FIPS if (FIPS_mode() && (s->version < TLS1_VERSION)) { @@ -597,6 +602,12 @@ int ssl23_get_client_hello(SSL *s) if ((type == 2) || (type == 3)) { /* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */ + s->method = ssl23_get_server_method(s->version); + if (s->method == NULL) + { + SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL); + goto err; + } if (!ssl_init_wbio_buffer(s,1)) goto err; @@ -624,14 +635,6 @@ int ssl23_get_client_hello(SSL *s) s->s3->rbuf.left=0; s->s3->rbuf.offset=0; } - if (s->version == TLS1_2_VERSION) - s->method = TLSv1_2_server_method(); - else if (s->version == TLS1_1_VERSION) - s->method = TLSv1_1_server_method(); - else if (s->version == TLS1_VERSION) - s->method = TLSv1_server_method(); - else - s->method = SSLv3_server_method(); #if 0 /* ssl3_get_client_hello does this */ s->client_version=(v[0]<<8)|v[1]; #endif diff --git a/crypto/openssl/ssl/s2_lib.c b/crypto/openssl/ssl/s2_lib.c index c0bdae5..c63be30 100644 --- a/crypto/openssl/ssl/s2_lib.c +++ b/crypto/openssl/ssl/s2_lib.c @@ -391,6 +391,8 @@ long ssl2_ctrl(SSL *s, int cmd, long larg, void *parg) case SSL_CTRL_GET_SESSION_REUSED: ret=s->hit; break; + case SSL_CTRL_CHECK_PROTO_VERSION: + return ssl3_ctrl(s, SSL_CTRL_CHECK_PROTO_VERSION, larg, parg); default: break; } @@ -437,7 +439,7 @@ int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) if (p != NULL) { l=c->id; - if ((l & 0xff000000) != 0x02000000) return(0); + if ((l & 0xff000000) != 0x02000000 && l != SSL3_CK_FALLBACK_SCSV) return(0); p[0]=((unsigned char)(l>>16L))&0xFF; p[1]=((unsigned char)(l>> 8L))&0xFF; p[2]=((unsigned char)(l ))&0xFF; diff --git a/crypto/openssl/ssl/s3_cbc.c b/crypto/openssl/ssl/s3_cbc.c index 443a31e..11f13ad 100644 --- a/crypto/openssl/ssl/s3_cbc.c +++ b/crypto/openssl/ssl/s3_cbc.c @@ -53,6 +53,7 @@ * */ +#include "../crypto/constant_time_locl.h" #include "ssl_locl.h" #include <openssl/md5.h> @@ -67,37 +68,6 @@ * supported by TLS.) */ #define MAX_HASH_BLOCK_SIZE 128 -/* Some utility functions are needed: - * - * These macros return the given value with the MSB copied to all the other - * bits. They use the fact that arithmetic shift shifts-in the sign bit. - * However, this is not ensured by the C standard so you may need to replace - * them with something else on odd CPUs. */ -#define DUPLICATE_MSB_TO_ALL(x) ( (unsigned)( (int)(x) >> (sizeof(int)*8-1) ) ) -#define DUPLICATE_MSB_TO_ALL_8(x) ((unsigned char)(DUPLICATE_MSB_TO_ALL(x))) - -/* constant_time_lt returns 0xff if a<b and 0x00 otherwise. */ -static unsigned constant_time_lt(unsigned a, unsigned b) - { - a -= b; - return DUPLICATE_MSB_TO_ALL(a); - } - -/* constant_time_ge returns 0xff if a>=b and 0x00 otherwise. */ -static unsigned constant_time_ge(unsigned a, unsigned b) - { - a -= b; - return DUPLICATE_MSB_TO_ALL(~a); - } - -/* constant_time_eq_8 returns 0xff if a==b and 0x00 otherwise. */ -static unsigned char constant_time_eq_8(unsigned a, unsigned b) - { - unsigned c = a ^ b; - c--; - return DUPLICATE_MSB_TO_ALL_8(c); - } - /* ssl3_cbc_remove_padding removes padding from the decrypted, SSLv3, CBC * record in |rec| by updating |rec->length| in constant time. * @@ -126,8 +96,8 @@ int ssl3_cbc_remove_padding(const SSL* s, padding_length = good & (padding_length+1); rec->length -= padding_length; rec->type |= padding_length<<8; /* kludge: pass padding length */ - return (int)((good & 1) | (~good & -1)); -} + return constant_time_select_int(good, 1, -1); + } /* tls1_cbc_remove_padding removes the CBC padding from the decrypted, TLS, CBC * record in |rec| in constant time and returns 1 if the padding is valid and @@ -208,7 +178,7 @@ int tls1_cbc_remove_padding(const SSL* s, for (i = 0; i < to_check; i++) { - unsigned char mask = constant_time_ge(padding_length, i); + unsigned char mask = constant_time_ge_8(padding_length, i); unsigned char b = rec->data[rec->length-1-i]; /* The final |padding_length+1| bytes should all have the value * |padding_length|. Therefore the XOR should be zero. */ @@ -216,20 +186,14 @@ int tls1_cbc_remove_padding(const SSL* s, } /* If any of the final |padding_length+1| bytes had the wrong value, - * one or more of the lower eight bits of |good| will be cleared. We - * AND the bottom 8 bits together and duplicate the result to all the - * bits. */ - good &= good >> 4; - good &= good >> 2; - good &= good >> 1; - good <<= sizeof(good)*8-1; - good = DUPLICATE_MSB_TO_ALL(good); - + * one or more of the lower eight bits of |good| will be cleared. + */ + good = constant_time_eq(0xff, good & 0xff); padding_length = good & (padding_length+1); rec->length -= padding_length; rec->type |= padding_length<<8; /* kludge: pass padding length */ - return (int)((good & 1) | (~good & -1)); + return constant_time_select_int(good, 1, -1); } /* ssl3_cbc_copy_mac copies |md_size| bytes from the end of |rec| to |out| in @@ -296,8 +260,8 @@ void ssl3_cbc_copy_mac(unsigned char* out, memset(rotated_mac, 0, md_size); for (i = scan_start, j = 0; i < orig_len; i++) { - unsigned char mac_started = constant_time_ge(i, mac_start); - unsigned char mac_ended = constant_time_ge(i, mac_end); + unsigned char mac_started = constant_time_ge_8(i, mac_start); + unsigned char mac_ended = constant_time_ge_8(i, mac_end); unsigned char b = rec->data[i]; rotated_mac[j++] |= b & mac_started & ~mac_ended; j &= constant_time_lt(j,md_size); @@ -683,12 +647,12 @@ void ssl3_cbc_digest_record( b = data[k-header_length]; k++; - is_past_c = is_block_a & constant_time_ge(j, c); - is_past_cp1 = is_block_a & constant_time_ge(j, c+1); + is_past_c = is_block_a & constant_time_ge_8(j, c); + is_past_cp1 = is_block_a & constant_time_ge_8(j, c+1); /* If this is the block containing the end of the * application data, and we are at the offset for the * 0x80 value, then overwrite b with 0x80. */ - b = (b&~is_past_c) | (0x80&is_past_c); + b = constant_time_select_8(is_past_c, 0x80, b); /* If this the the block containing the end of the * application data and we're past the 0x80 value then * just write zero. */ @@ -704,7 +668,8 @@ void ssl3_cbc_digest_record( if (j >= md_block_size - md_length_size) { /* If this is index_b, write a length byte. */ - b = (b&~is_block_b) | (is_block_b&length_bytes[j-(md_block_size-md_length_size)]); + b = constant_time_select_8( + is_block_b, length_bytes[j-(md_block_size-md_length_size)], b); } block[j] = b; } diff --git a/crypto/openssl/ssl/s3_clnt.c b/crypto/openssl/ssl/s3_clnt.c index ea0c82d..263e634 100644 --- a/crypto/openssl/ssl/s3_clnt.c +++ b/crypto/openssl/ssl/s3_clnt.c @@ -326,9 +326,9 @@ int ssl3_connect(SSL *s) break; } #endif - /* Check if it is anon DH/ECDH */ + /* Check if it is anon DH/ECDH, SRP auth */ /* or PSK */ - if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) && + if (!(s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL|SSL_aSRP)) && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) { ret=ssl3_get_server_certificate(s); @@ -1277,8 +1277,8 @@ int ssl3_get_key_exchange(SSL *s) #endif EVP_MD_CTX md_ctx; unsigned char *param,*p; - int al,i,j,param_len,ok; - long n,alg_k,alg_a; + int al,j,ok; + long i,param_len,n,alg_k,alg_a; EVP_PKEY *pkey=NULL; const EVP_MD *md = NULL; #ifndef OPENSSL_NO_RSA @@ -1354,36 +1354,48 @@ int ssl3_get_key_exchange(SSL *s) s->session->sess_cert=ssl_sess_cert_new(); } + /* Total length of the parameters including the length prefix */ param_len=0; + alg_k=s->s3->tmp.new_cipher->algorithm_mkey; alg_a=s->s3->tmp.new_cipher->algorithm_auth; EVP_MD_CTX_init(&md_ctx); + al=SSL_AD_DECODE_ERROR; + #ifndef OPENSSL_NO_PSK if (alg_k & SSL_kPSK) { char tmp_id_hint[PSK_MAX_IDENTITY_LEN+1]; - al=SSL_AD_HANDSHAKE_FAILURE; + param_len = 2; + if (param_len > n) + { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_LENGTH_TOO_SHORT); + goto f_err; + } n2s(p,i); - param_len=i+2; + /* Store PSK identity hint for later use, hint is used * in ssl3_send_client_key_exchange. Assume that the * maximum length of a PSK identity hint can be as * long as the maximum length of a PSK identity. */ if (i > PSK_MAX_IDENTITY_LEN) { + al=SSL_AD_HANDSHAKE_FAILURE; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_DATA_LENGTH_TOO_LONG); goto f_err; } - if (param_len > n) + if (i > n - param_len) { - al=SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH); goto f_err; } + param_len += i; + /* If received PSK identity hint contains NULL * characters, the hint is truncated from the first * NULL. p may not be ending with NULL, so create a @@ -1395,6 +1407,7 @@ int ssl3_get_key_exchange(SSL *s) s->ctx->psk_identity_hint = BUF_strdup(tmp_id_hint); if (s->ctx->psk_identity_hint == NULL) { + al=SSL_AD_HANDSHAKE_FAILURE; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); goto f_err; } @@ -1407,14 +1420,22 @@ int ssl3_get_key_exchange(SSL *s) #ifndef OPENSSL_NO_SRP if (alg_k & SSL_kSRP) { - n2s(p,i); - param_len=i+2; + param_len = 2; if (param_len > n) { - al=SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_LENGTH_TOO_SHORT); + goto f_err; + } + n2s(p,i); + + if (i > n - param_len) + { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SRP_N_LENGTH); goto f_err; } + param_len += i; + if (!(s->srp_ctx.N=BN_bin2bn(p,i,NULL))) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); @@ -1422,14 +1443,24 @@ int ssl3_get_key_exchange(SSL *s) } p+=i; + + if (2 > n - param_len) + { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_LENGTH_TOO_SHORT); + goto f_err; + } + param_len += 2; + n2s(p,i); - param_len+=i+2; - if (param_len > n) + + if (i > n - param_len) { - al=SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SRP_G_LENGTH); goto f_err; } + param_len += i; + if (!(s->srp_ctx.g=BN_bin2bn(p,i,NULL))) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); @@ -1437,15 +1468,25 @@ int ssl3_get_key_exchange(SSL *s) } p+=i; + + if (1 > n - param_len) + { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_LENGTH_TOO_SHORT); + goto f_err; + } + param_len += 1; + i = (unsigned int)(p[0]); p++; - param_len+=i+1; - if (param_len > n) + + if (i > n - param_len) { - al=SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SRP_S_LENGTH); goto f_err; } + param_len += i; + if (!(s->srp_ctx.s=BN_bin2bn(p,i,NULL))) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); @@ -1453,14 +1494,23 @@ int ssl3_get_key_exchange(SSL *s) } p+=i; + if (2 > n - param_len) + { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_LENGTH_TOO_SHORT); + goto f_err; + } + param_len += 2; + n2s(p,i); - param_len+=i+2; - if (param_len > n) + + if (i > n - param_len) { - al=SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SRP_B_LENGTH); goto f_err; } + param_len += i; + if (!(s->srp_ctx.B=BN_bin2bn(p,i,NULL))) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); @@ -1498,14 +1548,23 @@ int ssl3_get_key_exchange(SSL *s) SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); goto err; } - n2s(p,i); - param_len=i+2; + + param_len = 2; if (param_len > n) { - al=SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_LENGTH_TOO_SHORT); + goto f_err; + } + n2s(p,i); + + if (i > n - param_len) + { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_MODULUS_LENGTH); goto f_err; } + param_len += i; + if (!(rsa->n=BN_bin2bn(p,i,rsa->n))) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); @@ -1513,14 +1572,23 @@ int ssl3_get_key_exchange(SSL *s) } p+=i; + if (2 > n - param_len) + { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_LENGTH_TOO_SHORT); + goto f_err; + } + param_len += 2; + n2s(p,i); - param_len+=i+2; - if (param_len > n) + + if (i > n - param_len) { - al=SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_E_LENGTH); goto f_err; } + param_len += i; + if (!(rsa->e=BN_bin2bn(p,i,rsa->e))) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); @@ -1552,14 +1620,23 @@ int ssl3_get_key_exchange(SSL *s) SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_DH_LIB); goto err; } - n2s(p,i); - param_len=i+2; + + param_len = 2; if (param_len > n) { - al=SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_LENGTH_TOO_SHORT); + goto f_err; + } + n2s(p,i); + + if (i > n - param_len) + { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_P_LENGTH); goto f_err; } + param_len += i; + if (!(dh->p=BN_bin2bn(p,i,NULL))) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); @@ -1567,14 +1644,23 @@ int ssl3_get_key_exchange(SSL *s) } p+=i; + if (2 > n - param_len) + { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_LENGTH_TOO_SHORT); + goto f_err; + } + param_len += 2; + n2s(p,i); - param_len+=i+2; - if (param_len > n) + + if (i > n - param_len) { - al=SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_G_LENGTH); goto f_err; } + param_len += i; + if (!(dh->g=BN_bin2bn(p,i,NULL))) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); @@ -1582,14 +1668,23 @@ int ssl3_get_key_exchange(SSL *s) } p+=i; + if (2 > n - param_len) + { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_LENGTH_TOO_SHORT); + goto f_err; + } + param_len += 2; + n2s(p,i); - param_len+=i+2; - if (param_len > n) + + if (i > n - param_len) { - al=SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_PUB_KEY_LENGTH); goto f_err; } + param_len += i; + if (!(dh->pub_key=BN_bin2bn(p,i,NULL))) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); @@ -1641,12 +1736,19 @@ int ssl3_get_key_exchange(SSL *s) */ /* XXX: For now we only support named (not generic) curves - * and the ECParameters in this case is just three bytes. + * and the ECParameters in this case is just three bytes. We + * also need one byte for the length of the encoded point */ - param_len=3; - if ((param_len > n) || - (*p != NAMED_CURVE_TYPE) || - ((curve_nid = tls1_ec_curve_id2nid(*(p + 2))) == 0)) + param_len=4; + if (param_len > n) + { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_LENGTH_TOO_SHORT); + goto f_err; + } + + if ((*p != NAMED_CURVE_TYPE) || + ((curve_nid = tls1_ec_curve_id2nid(*(p + 2))) == 0)) { al=SSL_AD_INTERNAL_ERROR; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); @@ -1688,15 +1790,15 @@ int ssl3_get_key_exchange(SSL *s) encoded_pt_len = *p; /* length of encoded point */ p+=1; - param_len += (1 + encoded_pt_len); - if ((param_len > n) || + + if ((encoded_pt_len > n - param_len) || (EC_POINT_oct2point(group, srvr_ecpoint, p, encoded_pt_len, bn_ctx) == 0)) { - al=SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_ECPOINT); goto f_err; } + param_len += encoded_pt_len; n-=param_len; p+=encoded_pt_len; @@ -1739,7 +1841,15 @@ int ssl3_get_key_exchange(SSL *s) { if (TLS1_get_version(s) >= TLS1_2_VERSION) { - int sigalg = tls12_get_sigid(pkey); + int sigalg; + if (2 > n) + { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_LENGTH_TOO_SHORT); + goto f_err; + } + + sigalg = tls12_get_sigid(pkey); /* Should never happen */ if (sigalg == -1) { @@ -1757,7 +1867,6 @@ int ssl3_get_key_exchange(SSL *s) if (md == NULL) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNKNOWN_DIGEST); - al=SSL_AD_DECODE_ERROR; goto f_err; } #ifdef SSL_DEBUG @@ -1768,15 +1877,21 @@ fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md)); } else md = EVP_sha1(); - + + if (2 > n) + { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_LENGTH_TOO_SHORT); + goto f_err; + } n2s(p,i); n-=2; j=EVP_PKEY_size(pkey); + /* Check signature length. If n is 0 then signature is empty */ if ((i != n) || (n > j) || (n <= 0)) { /* wrong packet length */ - al=SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_WRONG_SIGNATURE_LENGTH); goto f_err; } @@ -1785,6 +1900,7 @@ fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md)); if (pkey->type == EVP_PKEY_RSA && TLS1_get_version(s) < TLS1_2_VERSION) { int num; + unsigned int size; j=0; q=md_buf; @@ -1797,9 +1913,9 @@ fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md)); EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); EVP_DigestUpdate(&md_ctx,param,param_len); - EVP_DigestFinal_ex(&md_ctx,q,(unsigned int *)&i); - q+=i; - j+=i; + EVP_DigestFinal_ex(&md_ctx,q,&size); + q+=size; + j+=size; } i=RSA_verify(NID_md5_sha1, md_buf, j, p, n, pkey->pkey.rsa); @@ -1835,8 +1951,8 @@ fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md)); } else { - if (!(alg_a & SSL_aNULL) && !(alg_k & SSL_kPSK)) - /* aNULL or kPSK do not need public keys */ + /* aNULL, aSRP or kPSK do not need public keys */ + if (!(alg_a & (SSL_aNULL|SSL_aSRP)) && !(alg_k & SSL_kPSK)) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); goto err; @@ -1844,7 +1960,6 @@ fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md)); /* still data left over */ if (n != 0) { - al=SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_EXTRA_DATA_IN_MESSAGE); goto f_err; } @@ -2846,7 +2961,11 @@ int ssl3_send_client_key_exchange(SSL *s) #ifndef OPENSSL_NO_PSK else if (alg_k & SSL_kPSK) { - char identity[PSK_MAX_IDENTITY_LEN]; + /* The callback needs PSK_MAX_IDENTITY_LEN + 1 bytes + * to return a \0-terminated identity. The last byte + * is for us for simulating strnlen. */ + char identity[PSK_MAX_IDENTITY_LEN + 2]; + size_t identity_len; unsigned char *t = NULL; unsigned char psk_or_pre_ms[PSK_MAX_PSK_LEN*2+4]; unsigned int pre_ms_len = 0, psk_len = 0; @@ -2860,8 +2979,9 @@ int ssl3_send_client_key_exchange(SSL *s) goto err; } + memset(identity, 0, sizeof(identity)); psk_len = s->psk_client_callback(s, s->ctx->psk_identity_hint, - identity, PSK_MAX_IDENTITY_LEN, + identity, sizeof(identity) - 1, psk_or_pre_ms, sizeof(psk_or_pre_ms)); if (psk_len > PSK_MAX_PSK_LEN) { @@ -2875,7 +2995,14 @@ int ssl3_send_client_key_exchange(SSL *s) SSL_R_PSK_IDENTITY_NOT_FOUND); goto psk_err; } - + identity[PSK_MAX_IDENTITY_LEN + 1] = '\0'; + identity_len = strlen(identity); + if (identity_len > PSK_MAX_IDENTITY_LEN) + { + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); + goto psk_err; + } /* create PSK pre_master_secret */ pre_ms_len = 2+psk_len+2+psk_len; t = psk_or_pre_ms; @@ -2909,14 +3036,13 @@ int ssl3_send_client_key_exchange(SSL *s) s->session->master_key_length = s->method->ssl3_enc->generate_master_secret(s, s->session->master_key, - psk_or_pre_ms, pre_ms_len); - n = strlen(identity); - s2n(n, p); - memcpy(p, identity, n); - n+=2; + psk_or_pre_ms, pre_ms_len); + s2n(identity_len, p); + memcpy(p, identity, identity_len); + n = 2 + identity_len; psk_err = 0; psk_err: - OPENSSL_cleanse(identity, PSK_MAX_IDENTITY_LEN); + OPENSSL_cleanse(identity, sizeof(identity)); OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms)); if (psk_err != 0) { diff --git a/crypto/openssl/ssl/s3_enc.c b/crypto/openssl/ssl/s3_enc.c index 9962677..9db45af 100644 --- a/crypto/openssl/ssl/s3_enc.c +++ b/crypto/openssl/ssl/s3_enc.c @@ -900,7 +900,7 @@ int ssl3_alert_code(int code) case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: return(SSL3_AD_HANDSHAKE_FAILURE); case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: return(SSL3_AD_HANDSHAKE_FAILURE); case SSL_AD_UNKNOWN_PSK_IDENTITY:return(TLS1_AD_UNKNOWN_PSK_IDENTITY); + case SSL_AD_INAPPROPRIATE_FALLBACK:return(TLS1_AD_INAPPROPRIATE_FALLBACK); default: return(-1); } } - diff --git a/crypto/openssl/ssl/s3_lib.c b/crypto/openssl/ssl/s3_lib.c index 4835bef..3f17453 100644 --- a/crypto/openssl/ssl/s3_lib.c +++ b/crypto/openssl/ssl/s3_lib.c @@ -3355,6 +3355,33 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) #endif #endif /* !OPENSSL_NO_TLSEXT */ + + case SSL_CTRL_CHECK_PROTO_VERSION: + /* For library-internal use; checks that the current protocol + * is the highest enabled version (according to s->ctx->method, + * as version negotiation may have changed s->method). */ + if (s->version == s->ctx->method->version) + return 1; + /* Apparently we're using a version-flexible SSL_METHOD + * (not at its highest protocol version). */ + if (s->ctx->method->version == SSLv23_method()->version) + { +#if TLS_MAX_VERSION != TLS1_2_VERSION +# error Code needs update for SSLv23_method() support beyond TLS1_2_VERSION. +#endif + if (!(s->options & SSL_OP_NO_TLSv1_2)) + return s->version == TLS1_2_VERSION; + if (!(s->options & SSL_OP_NO_TLSv1_1)) + return s->version == TLS1_1_VERSION; + if (!(s->options & SSL_OP_NO_TLSv1)) + return s->version == TLS1_VERSION; + if (!(s->options & SSL_OP_NO_SSLv3)) + return s->version == SSL3_VERSION; + if (!(s->options & SSL_OP_NO_SSLv2)) + return s->version == SSL2_VERSION; + } + return 0; /* Unexpected state; fail closed. */ + default: break; } @@ -3714,6 +3741,7 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) break; #endif #endif + default: return(0); } @@ -3822,10 +3850,15 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, emask_k = cert->export_mask_k; emask_a = cert->export_mask_a; #ifndef OPENSSL_NO_SRP - mask_k=cert->mask_k | s->srp_ctx.srp_Mask; - emask_k=cert->export_mask_k | s->srp_ctx.srp_Mask; + if (s->srp_ctx.srp_Mask & SSL_kSRP) + { + mask_k |= SSL_kSRP; + emask_k |= SSL_kSRP; + mask_a |= SSL_aSRP; + emask_a |= SSL_aSRP; + } #endif - + #ifdef KSSL_DEBUG /* printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/ #endif /* KSSL_DEBUG */ @@ -4291,4 +4324,3 @@ long ssl_get_algorithm2(SSL *s) return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256; return alg2; } - diff --git a/crypto/openssl/ssl/s3_pkt.c b/crypto/openssl/ssl/s3_pkt.c index eff7356..4c9285f 100644 --- a/crypto/openssl/ssl/s3_pkt.c +++ b/crypto/openssl/ssl/s3_pkt.c @@ -273,6 +273,12 @@ int ssl3_read_n(SSL *s, int n, int max, int extend) return(n); } +/* MAX_EMPTY_RECORDS defines the number of consecutive, empty records that will + * be processed per call to ssl3_get_record. Without this limit an attacker + * could send empty records at a faster rate than we can process and cause + * ssl3_get_record to loop forever. */ +#define MAX_EMPTY_RECORDS 32 + /* Call this to get a new input record. * It will return <= 0 if more data is needed, normally due to an error * or non-blocking IO. @@ -293,6 +299,7 @@ static int ssl3_get_record(SSL *s) short version; unsigned mac_size, orig_len; size_t extra; + unsigned empty_record_count = 0; rr= &(s->s3->rrec); sess=s->session; @@ -523,7 +530,17 @@ printf("\n"); s->packet_length=0; /* just read a 0 length packet */ - if (rr->length == 0) goto again; + if (rr->length == 0) + { + empty_record_count++; + if (empty_record_count > MAX_EMPTY_RECORDS) + { + al=SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_RECORD_TOO_SMALL); + goto f_err; + } + goto again; + } #if 0 fprintf(stderr, "Ultimate Record type=%d, Length=%d\n", rr->type, rr->length); diff --git a/crypto/openssl/ssl/s3_srvr.c b/crypto/openssl/ssl/s3_srvr.c index 2867501..c23d987 100644 --- a/crypto/openssl/ssl/s3_srvr.c +++ b/crypto/openssl/ssl/s3_srvr.c @@ -154,6 +154,7 @@ #include <stdio.h> #include "ssl_locl.h" #include "kssl_lcl.h" +#include "../crypto/constant_time_locl.h" #include <openssl/buffer.h> #include <openssl/rand.h> #include <openssl/objects.h> @@ -410,9 +411,8 @@ int ssl3_accept(SSL *s) case SSL3_ST_SW_CERT_B: /* Check if it is anon DH or anon ECDH, */ /* normal PSK or KRB5 or SRP */ - if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) - && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK) - && !(s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5)) + if (!(s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL|SSL_aKRB5|SSL_aSRP)) + && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) { ret=ssl3_send_server_certificate(s); if (ret <= 0) goto end; @@ -515,7 +515,9 @@ int ssl3_accept(SSL *s) * (against the specs, but s3_clnt.c accepts this for SSL 3) */ !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) || /* never request cert in Kerberos ciphersuites */ - (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5) + (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5) || + /* don't request certificate for SRP auth */ + (s->s3->tmp.new_cipher->algorithm_auth & SSL_aSRP) /* With normal PSK Certificates and * Certificate Requests are omitted */ || (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) @@ -1846,7 +1848,7 @@ int ssl3_send_server_key_exchange(SSL *s) n+=2+nr[i]; } - if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) + if (!(s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL|SSL_aSRP)) && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) { if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher,&md)) @@ -2166,6 +2168,10 @@ int ssl3_get_client_key_exchange(SSL *s) #ifndef OPENSSL_NO_RSA if (alg_k & SSL_kRSA) { + unsigned char rand_premaster_secret[SSL_MAX_MASTER_KEY_LENGTH]; + int decrypt_len; + unsigned char decrypt_good, version_good; + /* FIX THIS UP EAY EAY EAY EAY */ if (s->s3->tmp.use_rsa_tmp) { @@ -2213,54 +2219,61 @@ int ssl3_get_client_key_exchange(SSL *s) n=i; } - i=RSA_private_decrypt((int)n,p,p,rsa,RSA_PKCS1_PADDING); - - al = -1; - - if (i != SSL_MAX_MASTER_KEY_LENGTH) - { - al=SSL_AD_DECODE_ERROR; - /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); */ - } - - if ((al == -1) && !((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff)))) - { - /* The premaster secret must contain the same version number as the - * ClientHello to detect version rollback attacks (strangely, the - * protocol does not offer such protection for DH ciphersuites). - * However, buggy clients exist that send the negotiated protocol - * version instead if the server does not support the requested - * protocol version. - * If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients. */ - if (!((s->options & SSL_OP_TLS_ROLLBACK_BUG) && - (p[0] == (s->version>>8)) && (p[1] == (s->version & 0xff)))) - { - al=SSL_AD_DECODE_ERROR; - /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); */ + /* We must not leak whether a decryption failure occurs because + * of Bleichenbacher's attack on PKCS #1 v1.5 RSA padding (see + * RFC 2246, section 7.4.7.1). The code follows that advice of + * the TLS RFC and generates a random premaster secret for the + * case that the decrypt fails. See + * https://tools.ietf.org/html/rfc5246#section-7.4.7.1 */ - /* The Klima-Pokorny-Rosa extension of Bleichenbacher's attack - * (http://eprint.iacr.org/2003/052/) exploits the version - * number check as a "bad version oracle" -- an alert would - * reveal that the plaintext corresponding to some ciphertext - * made up by the adversary is properly formatted except - * that the version number is wrong. To avoid such attacks, - * we should treat this just like any other decryption error. */ - } + /* should be RAND_bytes, but we cannot work around a failure. */ + if (RAND_pseudo_bytes(rand_premaster_secret, + sizeof(rand_premaster_secret)) <= 0) + goto err; + decrypt_len = RSA_private_decrypt((int)n,p,p,rsa,RSA_PKCS1_PADDING); + ERR_clear_error(); + + /* decrypt_len should be SSL_MAX_MASTER_KEY_LENGTH. + * decrypt_good will be 0xff if so and zero otherwise. */ + decrypt_good = constant_time_eq_int_8(decrypt_len, SSL_MAX_MASTER_KEY_LENGTH); + + /* If the version in the decrypted pre-master secret is correct + * then version_good will be 0xff, otherwise it'll be zero. + * The Klima-Pokorny-Rosa extension of Bleichenbacher's attack + * (http://eprint.iacr.org/2003/052/) exploits the version + * number check as a "bad version oracle". Thus version checks + * are done in constant time and are treated like any other + * decryption error. */ + version_good = constant_time_eq_8(p[0], (unsigned)(s->client_version>>8)); + version_good &= constant_time_eq_8(p[1], (unsigned)(s->client_version&0xff)); + + /* The premaster secret must contain the same version number as + * the ClientHello to detect version rollback attacks + * (strangely, the protocol does not offer such protection for + * DH ciphersuites). However, buggy clients exist that send the + * negotiated protocol version instead if the server does not + * support the requested protocol version. If + * SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients. */ + if (s->options & SSL_OP_TLS_ROLLBACK_BUG) + { + unsigned char workaround_good; + workaround_good = constant_time_eq_8(p[0], (unsigned)(s->version>>8)); + workaround_good &= constant_time_eq_8(p[1], (unsigned)(s->version&0xff)); + version_good |= workaround_good; + } + + /* Both decryption and version must be good for decrypt_good + * to remain non-zero (0xff). */ + decrypt_good &= version_good; + + /* Now copy rand_premaster_secret over p using + * decrypt_good_mask. */ + for (i = 0; i < (int) sizeof(rand_premaster_secret); i++) + { + p[i] = constant_time_select_8(decrypt_good, p[i], + rand_premaster_secret[i]); } - if (al != -1) - { - /* Some decryption failure -- use random value instead as countermeasure - * against Bleichenbacher's attack on PKCS #1 v1.5 RSA padding - * (see RFC 2246, section 7.4.7.1). */ - ERR_clear_error(); - i = SSL_MAX_MASTER_KEY_LENGTH; - p[0] = s->client_version >> 8; - p[1] = s->client_version & 0xff; - if (RAND_pseudo_bytes(p+2, i-2) <= 0) /* should be RAND_bytes, but we cannot work around a failure */ - goto err; - } - s->session->master_key_length= s->method->ssl3_enc->generate_master_secret(s, s->session->master_key, diff --git a/crypto/openssl/ssl/srtp.h b/crypto/openssl/ssl/srtp.h index 1e9ed3a..fe5217e 100644 --- a/crypto/openssl/ssl/srtp.h +++ b/crypto/openssl/ssl/srtp.h @@ -130,12 +130,16 @@ extern "C" { #define SRTP_NULL_SHA1_80 0x0005 #define SRTP_NULL_SHA1_32 0x0006 +#ifndef OPENSSL_NO_SRTP + int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles); int SSL_set_tlsext_use_srtp(SSL *ctx, const char *profiles); SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s); STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl); +#endif + #ifdef __cplusplus } #endif diff --git a/crypto/openssl/ssl/ssl.h b/crypto/openssl/ssl/ssl.h index b73da5e..b78a1cc 100644 --- a/crypto/openssl/ssl/ssl.h +++ b/crypto/openssl/ssl/ssl.h @@ -653,6 +653,10 @@ struct ssl_session_st */ #define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L #define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L +/* Send TLS_FALLBACK_SCSV in the ClientHello. + * To be set by applications that reconnect with a downgraded protocol + * version; see draft-ietf-tls-downgrade-scsv-00 for details. */ +#define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080L /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, * they cannot be used to clear bits. */ @@ -1511,6 +1515,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE #define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE #define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */ +#define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK /* fatal */ #define SSL_ERROR_NONE 0 #define SSL_ERROR_SSL 1 @@ -1621,6 +1626,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82 #define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83 +#define SSL_CTRL_CHECK_PROTO_VERSION 119 + #define DTLSv1_get_timeout(ssl, arg) \ SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg) #define DTLSv1_handle_timeout(ssl) \ @@ -2379,6 +2386,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_HTTPS_PROXY_REQUEST 155 #define SSL_R_HTTP_REQUEST 156 #define SSL_R_ILLEGAL_PADDING 283 +#define SSL_R_INAPPROPRIATE_FALLBACK 373 #define SSL_R_INCONSISTENT_COMPRESSION 340 #define SSL_R_INVALID_CHALLENGE_LENGTH 158 #define SSL_R_INVALID_COMMAND 280 @@ -2525,6 +2533,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021 #define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051 #define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060 +#define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086 #define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071 #define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080 #define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100 diff --git a/crypto/openssl/ssl/ssl3.h b/crypto/openssl/ssl/ssl3.h index 37f19e3..85f1504 100644 --- a/crypto/openssl/ssl/ssl3.h +++ b/crypto/openssl/ssl/ssl3.h @@ -128,9 +128,14 @@ extern "C" { #endif -/* Signalling cipher suite value: from draft-ietf-tls-renegotiation-03.txt */ +/* Signalling cipher suite value from RFC 5746 + * (TLS_EMPTY_RENEGOTIATION_INFO_SCSV) */ #define SSL3_CK_SCSV 0x030000FF +/* Signalling cipher suite value from draft-ietf-tls-downgrade-scsv-00 + * (TLS_FALLBACK_SCSV) */ +#define SSL3_CK_FALLBACK_SCSV 0x03005600 + #define SSL3_CK_RSA_NULL_MD5 0x03000001 #define SSL3_CK_RSA_NULL_SHA 0x03000002 #define SSL3_CK_RSA_RC4_40_MD5 0x03000003 diff --git a/crypto/openssl/ssl/ssl_err.c b/crypto/openssl/ssl/ssl_err.c index d2f0dec..1b7eb47 100644 --- a/crypto/openssl/ssl/ssl_err.c +++ b/crypto/openssl/ssl/ssl_err.c @@ -383,6 +383,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST) ,"https proxy request"}, {ERR_REASON(SSL_R_HTTP_REQUEST) ,"http request"}, {ERR_REASON(SSL_R_ILLEGAL_PADDING) ,"illegal padding"}, +{ERR_REASON(SSL_R_INAPPROPRIATE_FALLBACK),"inappropriate fallback"}, {ERR_REASON(SSL_R_INCONSISTENT_COMPRESSION),"inconsistent compression"}, {ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH),"invalid challenge length"}, {ERR_REASON(SSL_R_INVALID_COMMAND) ,"invalid command"}, @@ -529,6 +530,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPTION_FAILED),"tlsv1 alert decryption failed"}, {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPT_ERROR),"tlsv1 alert decrypt error"}, {ERR_REASON(SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION),"tlsv1 alert export restriction"}, +{ERR_REASON(SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK),"tlsv1 alert inappropriate fallback"}, {ERR_REASON(SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY),"tlsv1 alert insufficient security"}, {ERR_REASON(SSL_R_TLSV1_ALERT_INTERNAL_ERROR),"tlsv1 alert internal error"}, {ERR_REASON(SSL_R_TLSV1_ALERT_NO_RENEGOTIATION),"tlsv1 alert no renegotiation"}, diff --git a/crypto/openssl/ssl/ssl_lib.c b/crypto/openssl/ssl/ssl_lib.c index 82a2c80..3f66fc0 100644 --- a/crypto/openssl/ssl/ssl_lib.c +++ b/crypto/openssl/ssl/ssl_lib.c @@ -1387,6 +1387,8 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p, if (sk == NULL) return(0); q=p; + if (put_cb == NULL) + put_cb = s->method->put_cipher_by_char; for (i=0; i<sk_SSL_CIPHER_num(sk); i++) { @@ -1411,24 +1413,36 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p, !(s->srp_ctx.srp_Mask & SSL_kSRP)) continue; #endif /* OPENSSL_NO_SRP */ - j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p); + j = put_cb(c,p); p+=j; } - /* If p == q, no ciphers and caller indicates an error. Otherwise - * add SCSV if not renegotiating. - */ - if (p != q && !s->renegotiate) + /* If p == q, no ciphers; caller indicates an error. + * Otherwise, add applicable SCSVs. */ + if (p != q) { - static SSL_CIPHER scsv = + if (!s->renegotiate) { - 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0 - }; - j = put_cb ? put_cb(&scsv,p) : ssl_put_cipher_by_char(s,&scsv,p); - p+=j; + static SSL_CIPHER scsv = + { + 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0 + }; + j = put_cb(&scsv,p); + p+=j; #ifdef OPENSSL_RI_DEBUG - fprintf(stderr, "SCSV sent by client\n"); + fprintf(stderr, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV sent by client\n"); #endif - } + } + + if (s->mode & SSL_MODE_SEND_FALLBACK_SCSV) + { + static SSL_CIPHER scsv = + { + 0, NULL, SSL3_CK_FALLBACK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0 + }; + j = put_cb(&scsv,p); + p+=j; + } + } return(p-q); } @@ -1439,11 +1453,12 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num, const SSL_CIPHER *c; STACK_OF(SSL_CIPHER) *sk; int i,n; + if (s->s3) s->s3->send_connection_binding = 0; n=ssl_put_cipher_by_char(s,NULL,NULL); - if ((num%n) != 0) + if (n == 0 || (num%n) != 0) { SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); return(NULL); @@ -1458,7 +1473,7 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num, for (i=0; i<num; i+=n) { - /* Check for SCSV */ + /* Check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV */ if (s->s3 && (n != 3 || !p[0]) && (p[n-2] == ((SSL3_CK_SCSV >> 8) & 0xff)) && (p[n-1] == (SSL3_CK_SCSV & 0xff))) @@ -1478,6 +1493,23 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num, continue; } + /* Check for TLS_FALLBACK_SCSV */ + if ((n != 3 || !p[0]) && + (p[n-2] == ((SSL3_CK_FALLBACK_SCSV >> 8) & 0xff)) && + (p[n-1] == (SSL3_CK_FALLBACK_SCSV & 0xff))) + { + /* The SCSV indicates that the client previously tried a higher version. + * Fail if the current version is an unexpected downgrade. */ + if (!SSL_ctrl(s, SSL_CTRL_CHECK_PROTO_VERSION, 0, NULL)) + { + SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_INAPPROPRIATE_FALLBACK); + if (s->s3) + ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_INAPPROPRIATE_FALLBACK); + goto err; + } + continue; + } + c=ssl_get_cipher_by_char(s,p); p+=n; if (c != NULL) @@ -2944,15 +2976,26 @@ SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl) SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx) { + CERT *ocert = ssl->cert; if (ssl->ctx == ctx) return ssl->ctx; #ifndef OPENSSL_NO_TLSEXT if (ctx == NULL) ctx = ssl->initial_ctx; #endif - if (ssl->cert != NULL) - ssl_cert_free(ssl->cert); ssl->cert = ssl_cert_dup(ctx->cert); + if (ocert != NULL) + { + int i; + /* Copy negotiated digests from original */ + for (i = 0; i < SSL_PKEY_NUM; i++) + { + CERT_PKEY *cpk = ocert->pkeys + i; + CERT_PKEY *rpk = ssl->cert->pkeys + i; + rpk->digest = cpk->digest; + } + ssl_cert_free(ocert); + } CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); if (ssl->ctx != NULL) SSL_CTX_free(ssl->ctx); /* decrement reference count */ diff --git a/crypto/openssl/ssl/t1_enc.c b/crypto/openssl/ssl/t1_enc.c index 1427484..1923cf3 100644 --- a/crypto/openssl/ssl/t1_enc.c +++ b/crypto/openssl/ssl/t1_enc.c @@ -1241,6 +1241,7 @@ int tls1_alert_code(int code) case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: return(TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE); case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: return(TLS1_AD_BAD_CERTIFICATE_HASH_VALUE); case SSL_AD_UNKNOWN_PSK_IDENTITY:return(TLS1_AD_UNKNOWN_PSK_IDENTITY); + case SSL_AD_INAPPROPRIATE_FALLBACK:return(TLS1_AD_INAPPROPRIATE_FALLBACK); #if 0 /* not appropriate for TLS, not used for DTLS */ case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE: return (DTLS1_AD_MISSING_HANDSHAKE_MESSAGE); diff --git a/crypto/openssl/ssl/t1_lib.c b/crypto/openssl/ssl/t1_lib.c index 022a4fb..d6aff4b 100644 --- a/crypto/openssl/ssl/t1_lib.c +++ b/crypto/openssl/ssl/t1_lib.c @@ -643,7 +643,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c #endif #ifndef OPENSSL_NO_SRTP - if(SSL_get_srtp_profiles(s)) + if(SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s)) { int el; @@ -806,7 +806,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned c #endif #ifndef OPENSSL_NO_SRTP - if(s->srtp_profile) + if(SSL_IS_DTLS(s) && s->srtp_profile) { int el; @@ -1444,7 +1444,8 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in /* session ticket processed earlier */ #ifndef OPENSSL_NO_SRTP - else if (type == TLSEXT_TYPE_use_srtp) + else if (SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s) + && type == TLSEXT_TYPE_use_srtp) { if(ssl_parse_clienthello_use_srtp_ext(s, data, size, al)) @@ -1698,7 +1699,7 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in } #endif #ifndef OPENSSL_NO_SRTP - else if (type == TLSEXT_TYPE_use_srtp) + else if (SSL_IS_DTLS(s) && type == TLSEXT_TYPE_use_srtp) { if(ssl_parse_serverhello_use_srtp_ext(s, data, size, al)) @@ -2347,7 +2348,10 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen, HMAC_Final(&hctx, tick_hmac, NULL); HMAC_CTX_cleanup(&hctx); if (CRYPTO_memcmp(tick_hmac, etick + eticklen, mlen)) + { + EVP_CIPHER_CTX_cleanup(&ctx); return 2; + } /* Attempt to decrypt session data */ /* Move p after IV to start of encrypted ticket, update length */ p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx); diff --git a/crypto/openssl/ssl/tls1.h b/crypto/openssl/ssl/tls1.h index c992091..6ae8876 100644 --- a/crypto/openssl/ssl/tls1.h +++ b/crypto/openssl/ssl/tls1.h @@ -159,17 +159,19 @@ extern "C" { #define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0 +#define TLS1_VERSION 0x0301 +#define TLS1_1_VERSION 0x0302 #define TLS1_2_VERSION 0x0303 -#define TLS1_2_VERSION_MAJOR 0x03 -#define TLS1_2_VERSION_MINOR 0x03 +#define TLS_MAX_VERSION TLS1_2_VERSION + +#define TLS1_VERSION_MAJOR 0x03 +#define TLS1_VERSION_MINOR 0x01 -#define TLS1_1_VERSION 0x0302 #define TLS1_1_VERSION_MAJOR 0x03 #define TLS1_1_VERSION_MINOR 0x02 -#define TLS1_VERSION 0x0301 -#define TLS1_VERSION_MAJOR 0x03 -#define TLS1_VERSION_MINOR 0x01 +#define TLS1_2_VERSION_MAJOR 0x03 +#define TLS1_2_VERSION_MINOR 0x03 #define TLS1_get_version(s) \ ((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0) @@ -187,6 +189,7 @@ extern "C" { #define TLS1_AD_PROTOCOL_VERSION 70 /* fatal */ #define TLS1_AD_INSUFFICIENT_SECURITY 71 /* fatal */ #define TLS1_AD_INTERNAL_ERROR 80 /* fatal */ +#define TLS1_AD_INAPPROPRIATE_FALLBACK 86 /* fatal */ #define TLS1_AD_USER_CANCELLED 90 #define TLS1_AD_NO_RENEGOTIATION 100 /* codes 110-114 are from RFC3546 */ diff --git a/crypto/openssl/util/mk1mf.pl b/crypto/openssl/util/mk1mf.pl index bcd00ba..f0c2df0 100755 --- a/crypto/openssl/util/mk1mf.pl +++ b/crypto/openssl/util/mk1mf.pl @@ -1145,6 +1145,7 @@ sub read_options "dll" => \$shlib, "shared" => 0, "no-sctp" => 0, + "no-srtp" => 0, "no-gmp" => 0, "no-rfc3779" => 0, "no-montasm" => 0, diff --git a/crypto/openssl/util/mkdef.pl b/crypto/openssl/util/mkdef.pl index 79d4de8..1eaa7b8 100755 --- a/crypto/openssl/util/mkdef.pl +++ b/crypto/openssl/util/mkdef.pl @@ -117,6 +117,8 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", "SSL_INTERN", # SCTP "SCTP", + # SRTP + "SRTP", # Unit testing "UNIT_TEST"); @@ -138,7 +140,7 @@ my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw; my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated; my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng; my $no_jpake; my $no_srp; my $no_ssl2; my $no_ec2m; my $no_nistp_gcc; -my $no_nextprotoneg; my $no_sctp; +my $no_nextprotoneg; my $no_sctp; my $no_srtp; my $no_unit_test; my $fips; @@ -238,6 +240,7 @@ foreach (@ARGV, split(/ /, $options)) elsif (/^no-jpake$/) { $no_jpake=1; } elsif (/^no-srp$/) { $no_srp=1; } elsif (/^no-sctp$/) { $no_sctp=1; } + elsif (/^no-srtp$/) { $no_srtp=1; } elsif (/^no-unit-test$/){ $no_unit_test=1; } } @@ -1209,6 +1212,7 @@ sub is_valid if ($keyword eq "JPAKE" && $no_jpake) { return 0; } if ($keyword eq "SRP" && $no_srp) { return 0; } if ($keyword eq "SCTP" && $no_sctp) { return 0; } + if ($keyword eq "SRTP" && $no_srtp) { return 0; } if ($keyword eq "UNIT_TEST" && $no_unit_test) { return 0; } if ($keyword eq "DEPRECATED" && $no_deprecated) { return 0; } diff --git a/crypto/openssl/util/ssleay.num b/crypto/openssl/util/ssleay.num index 1c05a3c..dd21e95 100644 --- a/crypto/openssl/util/ssleay.num +++ b/crypto/openssl/util/ssleay.num @@ -310,14 +310,14 @@ TLSv1_2_method 350 EXIST::FUNCTION: SSL_SESSION_get_id_len 351 NOEXIST::FUNCTION: kssl_ctx_get0_client_princ 352 EXIST::FUNCTION:KRB5 SSL_export_keying_material 353 EXIST::FUNCTION:TLSEXT -SSL_set_tlsext_use_srtp 354 EXIST::FUNCTION: +SSL_set_tlsext_use_srtp 354 EXIST::FUNCTION:SRTP SSL_CTX_set_next_protos_advertised_cb 355 EXIST:!VMS:FUNCTION:NEXTPROTONEG SSL_CTX_set_next_protos_adv_cb 355 EXIST:VMS:FUNCTION:NEXTPROTONEG SSL_get0_next_proto_negotiated 356 EXIST::FUNCTION:NEXTPROTONEG -SSL_get_selected_srtp_profile 357 EXIST::FUNCTION: -SSL_CTX_set_tlsext_use_srtp 358 EXIST::FUNCTION: +SSL_get_selected_srtp_profile 357 EXIST::FUNCTION:SRTP +SSL_CTX_set_tlsext_use_srtp 358 EXIST::FUNCTION:SRTP SSL_select_next_proto 359 EXIST::FUNCTION:NEXTPROTONEG -SSL_get_srtp_profiles 360 EXIST::FUNCTION: +SSL_get_srtp_profiles 360 EXIST::FUNCTION:SRTP SSL_CTX_set_next_proto_select_cb 361 EXIST:!VMS:FUNCTION:NEXTPROTONEG SSL_CTX_set_next_proto_sel_cb 361 EXIST:VMS:FUNCTION:NEXTPROTONEG SSL_SESSION_get_compress_id 362 EXIST::FUNCTION: diff --git a/etc/devd/Makefile b/etc/devd/Makefile index 6d1031e..27dfb92 100644 --- a/etc/devd/Makefile +++ b/etc/devd/Makefile @@ -8,6 +8,9 @@ FILES+= apple.conf .if ${MACHINE} == "amd64" || ${MACHINE} == "i386" FILES+= asus.conf +.if ${MK_HYPERV} != "no" +FILES+= hyperv.conf +.endif .endif .if ${MK_USB} != "no" @@ -18,10 +21,6 @@ FILES+= uath.conf ulpt.conf usb.conf FILES+= zfs.conf .endif -.if ${MK_HYPERV} != "no" -FILES+= hyperv.conf -.endif - NO_OBJ= FILESDIR= /etc/devd FILESMODE= 644 diff --git a/etc/rc.firewall b/etc/rc.firewall index d8a3f6c..2065253 100644 --- a/etc/rc.firewall +++ b/etc/rc.firewall @@ -422,8 +422,8 @@ case ${firewall_type} in [Ww][Oo][Rr][Kk][Ss][Tt][Aa][Tt][Ii][Oo][Nn]) # Configuration: - # firewall_myservices: List of TCP ports on which this host - # offers services. + # firewall_myservices: List of ports/protocols on which this + # host offers services. # firewall_allowservices: List of IPv4 and/or IPv6 addresses # that have access to # $firewall_myservices. @@ -487,7 +487,24 @@ case ${firewall_type} in # for i in ${firewall_allowservices} ; do for j in ${firewall_myservices} ; do - ${fwcmd} add pass tcp from $i to me $j + case $j in + [0-9A-Za-z]*/[Pp][Rr][Oo][Tt][Oo]) + ${fwcmd} add pass ${j%/[Pp][Rr][Oo][Tt][Oo]} from $i to me + ;; + [0-9A-Za-z]*/[Tt][Cc][Pp]) + ${fwcmd} add pass tcp from $i to me ${j%/[Tt][Cc][Pp]} + ;; + [0-9A-Za-z]*/[Uu][Dd][Pp]) + ${fwcmd} add pass udp from $i to me ${j%/[Uu][Dd][Pp]} + ;; + *[0-9A-Za-z]) + echo "Consider using tcp/$j in firewall_myservices." > /dev/stderr + ${fwcmd} add pass tcp from $i to me $j + ;; + *) + echo "Invalid port in firewall_myservices: $j" > /dev/stderr + ;; + esac done done diff --git a/lib/libc/arm/aeabi/Makefile.inc b/lib/libc/arm/aeabi/Makefile.inc index c0ce512..b204a53 100644 --- a/lib/libc/arm/aeabi/Makefile.inc +++ b/lib/libc/arm/aeabi/Makefile.inc @@ -6,7 +6,9 @@ SRCS+= aeabi_atexit.c \ aeabi_unwind_cpp.c \ aeabi_unwind_exidx.c .if ${MACHINE_ARCH:Marm*hf*} == "" -SRCS+= aeabi_double.c \ +SRCS+= aeabi_asm_double.S \ + aeabi_asm_float.S \ + aeabi_double.c \ aeabi_float.c .endif .if ${MACHINE_ARCH:Marmv6*} diff --git a/lib/libc/arm/aeabi/Symbol.map b/lib/libc/arm/aeabi/Symbol.map index 9493427..164d3e7 100644 --- a/lib/libc/arm/aeabi/Symbol.map +++ b/lib/libc/arm/aeabi/Symbol.map @@ -17,6 +17,10 @@ FBSDprivate_1.0 { __aeabi_dcmpgt; __aeabi_dcmpun; + __aeabi_cdcmpeq; + __aeabi_cdcmple; + __aeabi_cdrcmple; + __aeabi_d2iz; __aeabi_d2f; @@ -33,6 +37,10 @@ FBSDprivate_1.0 { __aeabi_fcmpgt; __aeabi_fcmpun; + __aeabi_cfcmpeq; + __aeabi_cfcmple; + __aeabi_cfrcmple; + __aeabi_f2iz; __aeabi_f2d; diff --git a/lib/libc/arm/aeabi/aeabi_asm_double.S b/lib/libc/arm/aeabi/aeabi_asm_double.S new file mode 100644 index 0000000..ab44362 --- /dev/null +++ b/lib/libc/arm/aeabi/aeabi_asm_double.S @@ -0,0 +1,117 @@ +/* + * Copyright (C) 2014 Andrew Turner + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + */ + +#include <machine/asm.h> +__FBSDID("$FreeBSD$"); + +#define PCR_Z (1 << 30) +#define PCR_C (1 << 29) + +/* + * These functions return the result in the CPSR register. + * + * For __aeabi_cdcmple: + * Z C + * LT 0 0 + * EQ 1 1 + * else 0 1 + * + * __aeabi_cdrcmple is the same as __aeabi_cdcmple, however the arguments + * have been swapped. + */ +ENTRY(__aeabi_cdcmple) + push {r4, r5, r6, r7, ip, lr} + + /* Backup the input registers */ + mov r4, r0 + mov r5, r1 + mov r6, r2 + mov r7, r3 + /* Is it less than? */ + bl __aeabi_dcmplt + cmp r0, #1 + bne 1f + /* Yes, clear Z and C */ + msr cpsr_c, #(0) + b 99f + +1: + /* Restore the input regsters for the next function call */ + mov r0, r4 + mov r1, r5 + mov r2, r6 + mov r3, r7 + /* Is it equal? */ + bl __aeabi_dcmpeq + cmp r0, #1 + bne 2f + /* Yes, set Z and C */ + msr cpsr_c, #(PCR_Z | PCR_C) + b 99f + +2: + /* Not less than or equal, set C and clear Z */ + msr cpsr_c, #(PCR_C) + +99: + pop {r4, r5, r6, r7, ip, pc} +END(__aeabi_cdcmple) + +ENTRY(__aeabi_cdrcmple) + /* Swap the first half of the arguments */ + mov ip, r0 + mov r0, r2 + mov r2, ip + + /* And the second half */ + mov ip, r1 + mov r1, r3 + mov r3, ip + + b __aeabi_cdcmple +END(__aeabi_cdrcmple) + +/* + * This is just like __aeabi_cdcmple except it will not throw an exception + * in the presence of a quiet NaN. If either argument is a signalling NaN we + * will still signal. + */ +ENTRY(__aeabi_cdcmpeq) + /* Check if we can call __aeabi_cfcmple safely */ + push {r0, r1, r2, r3, r4, lr} + bl __aeabi_cdcmpeq_helper + cmp r0, #1 + pop {r0, r1, r2, r3, r4, lr} + beq 1f + + bl __aeabi_cdcmple + RET + +1: + msr cpsr_c, #(PCR_C) + RET +END(__aeabi_cdcmpeq) diff --git a/lib/libc/arm/aeabi/aeabi_asm_float.S b/lib/libc/arm/aeabi/aeabi_asm_float.S new file mode 100644 index 0000000..bf32af7 --- /dev/null +++ b/lib/libc/arm/aeabi/aeabi_asm_float.S @@ -0,0 +1,108 @@ +/* + * Copyright (C) 2014 Andrew Turner + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + */ + +#include <machine/asm.h> +__FBSDID("$FreeBSD$"); + +#define PCR_Z (1 << 30) +#define PCR_C (1 << 29) + +/* + * These functions return the result in the CPSR register. + * + * For __aeabi_cfcmple: + * Z C + * LT 0 0 + * EQ 1 1 + * else 0 1 + * + * __aeabi_cfrcmple is the same as __aeabi_cfcmple, however the arguments + * have been swapped. + */ +ENTRY(__aeabi_cfcmple) + push {r4, r5, ip, lr} + + /* Backup the input registers */ + mov r4, r0 + mov r5, r1 + /* Is it less than? */ + bl __aeabi_fcmplt + cmp r0, #1 + bne 1f + /* Yes, clear Z and C */ + msr cpsr_c, #(0) + b 99f + +1: + /* Restore the input regsters for the next function call */ + mov r0, r4 + mov r1, r5 + /* Is it equal? */ + bl __aeabi_fcmpeq + cmp r0, #1 + bne 2f + /* Yes, set Z and C */ + msr cpsr_c, #(PCR_Z | PCR_C) + b 99f + +2: + /* Not less than or equal, set C and clear Z */ + msr cpsr_c, #(PCR_C) + +99: + pop {r4, r5, ip, pc} +END(__aeabi_cfcmple) + +ENTRY(__aeabi_cfrcmple) + /* Swap the arguments */ + mov ip, r0 + mov r0, r1 + mov r1, ip + + b __aeabi_cfcmple +END(__aeabi_cfrcmple) + +/* + * This is just like __aeabi_cfcmple except it will not throw an exception + * in the presence of a quiet NaN. If either argument is a signalling NaN we + * will still signal. + */ +ENTRY(__aeabi_cfcmpeq) + /* Check if we can call __aeabi_cfcmple safely */ + push {r0, r1, r2, lr} + bl __aeabi_cfcmpeq_helper + cmp r0, #1 + pop {r0, r1, r2, lr} + beq 1f + + bl __aeabi_cfcmple + RET + +1: + msreq cpsr_c, #(PCR_C) + RET +END(__aeabi_cfcmpeq) diff --git a/lib/libc/arm/aeabi/aeabi_double.c b/lib/libc/arm/aeabi/aeabi_double.c index 274279d..a69e8a7 100644 --- a/lib/libc/arm/aeabi/aeabi_double.c +++ b/lib/libc/arm/aeabi/aeabi_double.c @@ -74,3 +74,28 @@ float64 AEABI_FUNC2(ddiv, float64, float64_div) float64 AEABI_FUNC2(dmul, float64, float64_mul) float64 AEABI_FUNC2(dsub, float64, float64_sub) +int +__aeabi_cdcmpeq_helper(float64 a, float64 b) +{ + int quiet = 0; + + /* Check if a is a NaN */ + if ((a << 1) > 0xffe0000000000000ull) { + /* If it's a signalling NaN we will always signal */ + if ((a & 0x0008000000000000ull) == 0) + return (0); + + quiet = 1; + } + + /* Check if b is a NaN */ + if ((b << 1) > 0xffe0000000000000ull) { + /* If it's a signalling NaN we will always signal */ + if ((b & 0x0008000000000000ull) == 0) + return (0); + + quiet = 1; + } + + return (quiet); +} diff --git a/lib/libc/arm/aeabi/aeabi_float.c b/lib/libc/arm/aeabi/aeabi_float.c index be7a6d6..2e93594 100644 --- a/lib/libc/arm/aeabi/aeabi_float.c +++ b/lib/libc/arm/aeabi/aeabi_float.c @@ -74,3 +74,28 @@ float32 AEABI_FUNC2(fdiv, float32, float32_div) float32 AEABI_FUNC2(fmul, float32, float32_mul) float32 AEABI_FUNC2(fsub, float32, float32_sub) +int +__aeabi_cfcmpeq_helper(float32 a, float32 b) +{ + int quiet = 0; + + /* Check if a is a NaN */ + if ((a << 1) > 0xff000000u) { + /* If it's a signalling NaN we will always signal */ + if ((a & 0x00400000u) == 0) + return (0); + + quiet = 1; + } + + /* Check if b is a NaN */ + if ((b << 1) > 0xff000000u) { + /* If it's a signalling NaN we will always signal */ + if ((b & 0x00400000u) == 0) + return (0); + + quiet = 1; + } + + return (quiet); +} diff --git a/lib/libc/arm/aeabi/aeabi_vfp_double.S b/lib/libc/arm/aeabi/aeabi_vfp_double.S index 842412b..62100d2 100644 --- a/lib/libc/arm/aeabi/aeabi_vfp_double.S +++ b/lib/libc/arm/aeabi/aeabi_vfp_double.S @@ -33,6 +33,33 @@ __FBSDID("$FreeBSD$"); .fpu vfp .syntax unified +/* void __aeabi_cdcmpeq(double, double) */ +AEABI_ENTRY(cdcmpeq) + LOAD_DREG(d0, r0, r1) + LOAD_DREG(d1, r2, r3) + vcmp.f64 d0, d1 + vmrs APSR_nzcv, fpscr + RET +AEABI_END(cdcmpeq) + +/* void __aeabi_cdcmple(double, double) */ +AEABI_ENTRY(cdcmple) + LOAD_DREG(d0, r0, r1) + LOAD_DREG(d1, r2, r3) + vcmpe.f64 d0, d1 + vmrs APSR_nzcv, fpscr + RET +AEABI_END(cdcmple) + +/* void __aeabi_cdrcmple(double, double) */ +AEABI_ENTRY(cdrcmple) + LOAD_DREG(d0, r0, r1) + LOAD_DREG(d1, r2, r3) + vcmpe.f64 d1, d0 + vmrs APSR_nzcv, fpscr + RET +AEABI_END(cdrcmple) + /* int __aeabi_dcmpeq(double, double) */ AEABI_ENTRY(dcmpeq) LOAD_DREG(d0, r0, r1) diff --git a/lib/libc/arm/aeabi/aeabi_vfp_float.S b/lib/libc/arm/aeabi/aeabi_vfp_float.S index d81b2b2..c9a9a7e 100644 --- a/lib/libc/arm/aeabi/aeabi_vfp_float.S +++ b/lib/libc/arm/aeabi/aeabi_vfp_float.S @@ -33,6 +33,30 @@ __FBSDID("$FreeBSD$"); .fpu vfp .syntax unified +/* void __aeabi_cfcmpeq(float, float) */ +AEABI_ENTRY(cfcmpeq) + LOAD_SREGS(s0, s1, r0, r1) + vcmp.f32 s0, s1 + vmrs APSR_nzcv, fpscr + RET +AEABI_END(cfcmpeq) + +/* void __aeabi_cfcmple(float, float) */ +AEABI_ENTRY(cfcmple) + LOAD_SREGS(s0, s1, r0, r1) + vcmpe.f32 s0, s1 + vmrs APSR_nzcv, fpscr + RET +AEABI_END(cfcmple) + +/* void __aeabi_cfrcmple(float, float) */ +AEABI_ENTRY(cfrcmple) + LOAD_SREGS(s0, s1, r0, r1) + vcmpe.f32 s1, s0 + vmrs APSR_nzcv, fpscr + RET +AEABI_END(cfrcmple) + /* int __aeabi_fcmpeq(float, float) */ AEABI_ENTRY(fcmpeq) LOAD_SREGS(s0, s1, r0, r1) diff --git a/lib/libc/string/Makefile.inc b/lib/libc/string/Makefile.inc index 385837c..1217b7b 100644 --- a/lib/libc/string/Makefile.inc +++ b/lib/libc/string/Makefile.inc @@ -2,6 +2,7 @@ # $FreeBSD$ .PATH: ${LIBC_SRCTOP}/${LIBC_ARCH}/string ${LIBC_SRCTOP}/string +.PATH: ${LIBC_SRCTOP}/../../sys/libkern CFLAGS+= -I${LIBC_SRCTOP}/locale diff --git a/lib/libc/string/explicit_bzero.c b/lib/libc/string/explicit_bzero.c deleted file mode 100644 index a7811b0..0000000 --- a/lib/libc/string/explicit_bzero.c +++ /dev/null @@ -1,22 +0,0 @@ -/* $OpenBSD: explicit_bzero.c,v 1.3 2014/06/21 02:34:26 matthew Exp $ */ -/* - * Public domain. - * Written by Matthew Dempsky. - */ - -#include <sys/cdefs.h> -__FBSDID("$FreeBSD$"); - -#include <string.h> - -__attribute__((weak)) void -__explicit_bzero_hook(void *buf, size_t len) -{ -} - -void -explicit_bzero(void *buf, size_t len) -{ - memset(buf, 0, len); - __explicit_bzero_hook(buf, len); -} diff --git a/lib/libc/sys/recv.2 b/lib/libc/sys/recv.2 index e0a1f04..326e7ff 100644 --- a/lib/libc/sys/recv.2 +++ b/lib/libc/sys/recv.2 @@ -28,7 +28,7 @@ .\" @(#)recv.2 8.3 (Berkeley) 2/21/94 .\" $FreeBSD$ .\" -.Dd March 19, 2013 +.Dd October 15, 2014 .Dt RECV 2 .Os .Sh NAME @@ -324,9 +324,9 @@ In this case the descriptors are closed, any pending data can be returned by another call to .Fn recvmsg . .It Bq Er EAGAIN -The socket is marked non-blocking, and the receive operation +The socket is marked non-blocking and the receive operation would block, or -a receive timeout had been set, +a receive timeout had been set and the timeout expired before data were received. .It Bq Er EINTR The receive was interrupted by delivery of a signal before diff --git a/lib/libfetch/common.c b/lib/libfetch/common.c index a6fc47c..eabea2b 100644 --- a/lib/libfetch/common.c +++ b/lib/libfetch/common.c @@ -675,10 +675,14 @@ fetch_ssl_setup_transport_layer(SSL_CTX *ctx, int verbose) ssl_ctx_options = SSL_OP_ALL | SSL_OP_NO_TICKET; if (getenv("SSL_ALLOW_SSL2") == NULL) ssl_ctx_options |= SSL_OP_NO_SSLv2; - if (getenv("SSL_NO_SSL3") != NULL) + if (getenv("SSL_ALLOW_SSL3") == NULL) ssl_ctx_options |= SSL_OP_NO_SSLv3; if (getenv("SSL_NO_TLS1") != NULL) ssl_ctx_options |= SSL_OP_NO_TLSv1; + if (getenv("SSL_NO_TLS1_1") != NULL) + ssl_ctx_options |= SSL_OP_NO_TLSv1_1; + if (getenv("SSL_NO_TLS1_2") != NULL) + ssl_ctx_options |= SSL_OP_NO_TLSv1_2; if (verbose) fetch_info("SSL options: %lx", ssl_ctx_options); SSL_CTX_set_options(ctx, ssl_ctx_options); @@ -873,8 +877,8 @@ fetch_ssl(conn_t *conn, const struct url *URL, int verbose) } if (verbose) { - fetch_info("SSL connection established using %s", - SSL_get_cipher(conn->ssl)); + fetch_info("%s connection established using %s", + SSL_get_version(conn->ssl), SSL_get_cipher(conn->ssl)); name = X509_get_subject_name(conn->ssl_cert); str = X509_NAME_oneline(name, 0, 0); fetch_info("Certificate subject: %s", str); diff --git a/lib/libfetch/fetch.3 b/lib/libfetch/fetch.3 index 57ecea5..5b9f0db 100644 --- a/lib/libfetch/fetch.3 +++ b/lib/libfetch/fetch.3 @@ -26,7 +26,7 @@ .\" .\" $FreeBSD$ .\" -.Dd July 30, 2013 +.Dd October 15, 2014 .Dt FETCH 3 .Os .Sh NAME @@ -438,15 +438,17 @@ input (see .Pp By default .Nm libfetch -allows SSLv3 and TLSv1 when negotiating the connecting with the remote +allows TLSv1 and newer when negotiating the connecting with the remote peer. -You can change this behavior by setting the environment variable +You can change this behavior by setting the .Ev SSL_ALLOW_SSL2 -to allow SSLv2 (not recommended) and -.Ev SSL_NO_SSL3 -or -.Ev SSL_NO_TLS1 -to disable the respective methods. +and +.Ev SSL_ALLOW_SSL3 +environment variables to allow SSLv2 and SSLv3, respectively, and +.Ev SSL_NO_TLS1 , +.Ev SSL_NO_TLS1_1 and +.Ev SSL_NO_TLS1_2 +to disable TLS 1.0, 1.1 and 1.2 respectively. .Sh AUTHENTICATION Apart from setting the appropriate environment variables and specifying the user name and password in the URL or the @@ -646,6 +648,8 @@ Same as for compatibility. .It Ev SSL_ALLOW_SSL2 Allow SSL version 2 when negotiating the connection (not recommended). +.It Ev SSL_ALLOW_SSL3 +Allow SSL version 3 when negotiating the connection (not recommended). .It Ev SSL_CA_CERT_FILE CA certificate bundle containing trusted CA certificates. Default value: @@ -660,10 +664,12 @@ PEM encoded client key in case key and client certificate are stored separately. .It Ev SSL_CRL_FILE File containing certificate revocation list. -.It Ev SSL_NO_SSL3 -Don't allow SSL version 3 when negotiating the connection. .It Ev SSL_NO_TLS1 -Don't allow TLV version 1 when negotiating the connection. +Do not allow TLS version 1.0 when negotiating the connection. +.It Ev SSL_NO_TLS1_1 +Do not allow TLS version 1.1 when negotiating the connection. +.It Ev SSL_NO_TLS1_2 +Do not allow TLS version 1.2 when negotiating the connection. .It Ev SSL_NO_VERIFY_HOSTNAME If set, do not verify that the hostname matches the subject of the certificate presented by the server. diff --git a/lib/libkvm/kvm_arm.c b/lib/libkvm/kvm_arm.c index d221f6a..ceff383 100644 --- a/lib/libkvm/kvm_arm.c +++ b/lib/libkvm/kvm_arm.c @@ -212,7 +212,7 @@ _kvm_kvatop(kvm_t *kd, u_long va, off_t *pa) struct vmstate *vm = kd->vmst; pd_entry_t pd; pt_entry_t pte; - u_long pte_pa; + off_t pte_pa; if (kd->vmst->minidump) return (_kvm_minidump_kvatop(kd, va, pa)); @@ -228,7 +228,7 @@ _kvm_kvatop(kvm_t *kd, u_long va, off_t *pa) return (_kvm_pa2off(kd, *pa, pa, L1_S_SIZE)); } pte_pa = (pd & L1_ADDR_MASK) + l2pte_index(va) * sizeof(pte); - _kvm_pa2off(kd, pte_pa, (off_t *)&pte_pa, L1_S_SIZE); + _kvm_pa2off(kd, pte_pa, &pte_pa, L1_S_SIZE); if (lseek(kd->pmfd, pte_pa, 0) == -1) { _kvm_syserr(kd, kd->program, "_kvm_kvatop: lseek"); goto invalid; diff --git a/libexec/Makefile b/libexec/Makefile index 74cc6d8..7d1c1f8 100644 --- a/libexec/Makefile +++ b/libexec/Makefile @@ -13,7 +13,6 @@ SUBDIR= ${_atf} \ fingerd \ ftpd \ getty \ - ${_hyperv} \ ${_mail.local} \ ${_mknetid} \ ${_pppoed} \ @@ -55,10 +54,6 @@ _dma= dma _dma-mbox-create= dma-mbox-create .endif -.if ${MK_HYPERV} != "no" -_hyperv= hyperv -.endif - .if ${MK_NIS} != "no" _mknetid= mknetid _ypxfr= ypxfr @@ -95,4 +90,6 @@ _atf= atf _tests= tests .endif +.include <bsd.arch.inc.mk> + .include <bsd.subdir.mk> diff --git a/libexec/Makefile.amd64 b/libexec/Makefile.amd64 new file mode 100644 index 0000000..1092a29 --- /dev/null +++ b/libexec/Makefile.amd64 @@ -0,0 +1,5 @@ +# $FreeBSD$ + +.if ${MK_HYPERV} != "no" +SUBDIR+= hyperv +.endif diff --git a/libexec/Makefile.i386 b/libexec/Makefile.i386 new file mode 100644 index 0000000..1092a29 --- /dev/null +++ b/libexec/Makefile.i386 @@ -0,0 +1,5 @@ +# $FreeBSD$ + +.if ${MK_HYPERV} != "no" +SUBDIR+= hyperv +.endif diff --git a/libexec/Makefile.pc98 b/libexec/Makefile.pc98 new file mode 100644 index 0000000..a755298 --- /dev/null +++ b/libexec/Makefile.pc98 @@ -0,0 +1,4 @@ +# $FreeBSD$ + +# Because i386 adds extra stuff we don't need or want for PC98 we need +# an empty file so it doesn't get added. diff --git a/release/Makefile b/release/Makefile index 8a6ece7..1bba6f1 100644 --- a/release/Makefile +++ b/release/Makefile @@ -62,6 +62,8 @@ OSRELEASE= ${TYPE}-${REVISION}-${BRANCH}-${TARGET}-${TARGET_ARCH} .endfor .endif +VOLUME_LABEL= ${OSRELEASE:C/[-\.]/_/g:S/^$${TYPE}_//} + .if !exists(${DOCDIR}) NODOC= true .endif @@ -101,6 +103,7 @@ VMTARGETS= vm-base vm-image VMFORMATS?= vhd vmdk qcow2 raw VMSIZE?= 20G VMBASE?= vm +AZURECONF?= ${.CURDIR}/tools/azure.conf CLEANFILES= packagesystem *.txz MANIFEST system ${IMAGES} .if defined(WITH_COMPRESSED_IMAGES) && !empty(WITH_COMPRESSED_IMAGES) @@ -121,6 +124,12 @@ CLEANDIRS= dist ftp release bootonly dvd .if defined(WITH_VMIMAGES) && !empty(WITH_VMIMAGES) CLEANDIRS+= ${VMTARGETS} .endif +.if exists(${.CURDIR}/${TARGET}/mk-azure.sh) +CLEANFILES+= ${OSRELEASE}.vhd \ + ${OSRELEASE}.vhd.raw \ + azure.img +CLEANDIRS+= vm-azure +.endif beforeclean: chflags -R noschg . .include <bsd.obj.mk> @@ -240,13 +249,13 @@ dvd: release.iso: disc1.iso disc1.iso: system - sh ${.CURDIR}/${TARGET}/mkisoimages.sh -b FreeBSD_Install ${.TARGET} release + sh ${.CURDIR}/${TARGET}/mkisoimages.sh -b ${VOLUME_LABEL}_CD ${.TARGET} release dvd1.iso: dvd pkg-stage - sh ${.CURDIR}/${TARGET}/mkisoimages.sh -b FreeBSD_Install ${.TARGET} dvd + sh ${.CURDIR}/${TARGET}/mkisoimages.sh -b ${VOLUME_LABEL}_DVD ${.TARGET} dvd bootonly.iso: bootonly - sh ${.CURDIR}/${TARGET}/mkisoimages.sh -b FreeBSD_Install ${.TARGET} bootonly + sh ${.CURDIR}/${TARGET}/mkisoimages.sh -b ${VOLUME_LABEL}_BO ${.TARGET} bootonly memstick: memstick.img memstick.img: system @@ -338,3 +347,11 @@ vm-image: vm-base . endif .endif touch ${.TARGET} + +vm-azure: +.if exists(${.CURDIR}/${TARGET}/mk-azure.sh) + env TARGET=${TARGET} TARGET_ARCH=${TARGET_ARCH} AZURECONF=${AZURECONF} \ + ${.CURDIR}/${TARGET}/mk-azure.sh ${.TARGET} azure.img \ + ${WORLDDIR} ${.TARGET} ${VMSIZE} ${OSRELEASE}.vhd +.endif + touch ${.TARGET} diff --git a/release/amd64/mk-azure.sh b/release/amd64/mk-azure.sh new file mode 100755 index 0000000..45b70ae --- /dev/null +++ b/release/amd64/mk-azure.sh @@ -0,0 +1,173 @@ +#!/bin/sh +#- +# Copyright (c) 2014 The FreeBSD Foundation +# All rights reserved. +# +# This software was developed by Glen Barber under sponsorship +# from the FreeBSD Foundation. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# mk-azure.sh: Create virtual machine disk images for Microsoft Azure +# +# $FreeBSD$ +# + +export PATH="/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin" + +usage() { + echo "Usage:" + echo -n "$(basename ${0}) vm-azure <base image>" + echo " <source tree> <dest dir> <disk image size> <vm image name>" + exit 1 +} + +panic() { + msg="${@}" + printf "${msg}\n" + if [ ! -z "${mddev}" ]; then + mdconfig -d -u ${mddev} + fi + # Do not allow one failure case to chain through any remaining image + # builds. + exit 0 +} + +vm_create_azure() { + # Arguments: + # vm-azure <base image> <source tree> <dest dir> <disk image size> <vm image name> + + VMBASE="${1}" + WORLDDIR="${2}" + DESTDIR="${3}" + VMSIZE="${4}" + VMIMAGE="${5}" + + if [ -z "${VMBASE}" -o -z "${WORLDDIR}" -o -z "${DESTDIR}" \ + -o -z "${VMSIZE}" -o -z "${VMIMAGE}" ]; then + usage + fi + + trap "umount ${DESTDIR}/dev ${DESTDIR}" INT QUIT TRAP ABRT TERM + + i=0 + mkdir -p ${DESTDIR} + truncate -s ${VMSIZE} ${VMBASE} + mddev=$(mdconfig -f ${VMBASE}) + newfs -j /dev/${mddev} + mkdir -p ${DESTDIR} + mount /dev/${mddev} ${DESTDIR} + make -C ${WORLDDIR} DESTDIR=$(realpath ${DESTDIR}) \ + installworld installkernel distribution || \ + panic 1 "\n\nCannot install the base system to ${DESTDIR}." + mount -t devfs devfs ${DESTDIR}/dev + chroot ${DESTDIR} /usr/bin/newaliases + echo '# Custom /etc/fstab for FreeBSD VM images' \ + > ${DESTDIR}/etc/fstab + echo '/dev/gpt/rootfs / ufs rw 2 2' \ + >> ${DESTDIR}/etc/fstab + # Although a swap partition is created, it is not used in Azure. + echo '#/dev/gpt/swapfs none swap sw 0 0' \ + >> ${DESTDIR}/etc/fstab + + chroot ${DESTDIR} /etc/rc.d/ldconfig forcestart + chroot ${DESTDIR} env ASSUME_ALWAYS_YES=yes /usr/sbin/pkg bootstrap -y + chroot ${DESTDIR} env ASSUME_ALWAYS_YES=yes /usr/sbin/pkg install -y \ + python python2 python27 py27-asn1 sudo bash + if [ ! -z "${VM_EXTRA_PACKAGES}" ]; then + chroot ${DESTDIR} env ASSUME_ALWAYS_YES=yes /usr/sbin/pkg install -y \ + ${VM_EXTRA_PACKAGES} + fi + + fetch -o ${DESTDIR}/usr/sbin/waagent \ + http://people.freebsd.org/~gjb/waagent + chmod +x ${DESTDIR}/usr/sbin/waagent + rm -f ${DESTDIR}/etc/resolv.conf + chroot ${DESTDIR} /usr/sbin/waagent -verbose -install + yes | chroot ${DESTDIR} /usr/sbin/waagent -deprovision + echo 'sshd_enable="YES"' > ${DESTDIR}/etc/rc.conf + echo 'ifconfig_hn0="SYNCDHCP"' >> ${DESTDIR}/etc/rc.conf + echo 'waagent_enable="YES"' >> ${DESTDIR}/etc/rc.conf + + echo 'console="comconsole vidconsole"' >> ${DESTDIR}/boot/loader.conf + echo 'comconsole_speed="115200"' >> ${DESTDIR}/boot/loader.conf + + if [ ! -z "${VM_RC_LIST}" ]; then + for _rcvar in ${VM_RC_LIST}; do + echo ${_rcvar}_enable="YES" >> ${DESTDIR}/etc/rc.conf + done + fi + + sync + + while ! umount ${DESTDIR}/dev ${DESTDIR}; do + i=$(( $i + 1 )) + if [ $i -ge 10 ]; then + # This should never happen. But, it has happened. + msg="Cannot umount(8) ${DESTDIR}\n" + msg="${msg}Something has gone horribly wrong." + panic 1 "${msg}" + fi + sleep 1 + done + + echo "Creating image... Please wait." + + mkimg -f vhdf -s gpt \ + -b /boot/pmbr -p freebsd-boot/bootfs:=/boot/gptboot \ + -p freebsd-swap/swapfs::1G \ + -p freebsd-ufs/rootfs:=${VMBASE} \ + -o ${VMIMAGE}.raw + + if [ ! -x "/usr/local/bin/qemu-img" ]; then + env ASSUME_ALWAYS_YES=yes pkg install -y emulators/qemu-devel + fi + + size=$(qemu-img info -f raw --output json ${VMIMAGE}.raw | awk '/virtual-size/ {print $2}' | tr -d ',') + size=$(( ( ${size} / ( 1024 * 1024 ) + 1 ) * ( 1024 * 1024 ) )) + qemu-img resize ${VMIMAGE}.raw ${size} + qemu-img convert -f raw -o subformat=fixed -O vpc ${VMIMAGE}.raw ${VMIMAGE} + + return 0 +} + +main() { + cmd="${1}" + shift 1 + + if [ -e "${AZURECONF}" -a ! -c "${AZURECONF}" ]; then + . ${AZURECONF} + fi + + case ${cmd} in + vm-azure) + eval vm_create_azure "$@" || return 0 + ;; + *|\?) + usage + ;; + esac + + return 0 +} + +main "$@" diff --git a/release/amd64/mk-vmimage.sh b/release/amd64/mk-vmimage.sh index 6ee1482..b3ffd23 100755 --- a/release/amd64/mk-vmimage.sh +++ b/release/amd64/mk-vmimage.sh @@ -32,7 +32,7 @@ # $FreeBSD$ # -PATH="/bin:/usr/bin:/sbin:/usr/sbin" +PATH="/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin" export PATH usage_vm_base() { @@ -58,16 +58,25 @@ usage() { } panic() { - rc="${1}" - shift 1 msg="${@}" printf "${msg}\n" if [ ! -z "${mddev}" ]; then mdconfig -d -u ${mddev} fi + case ${cmd} in + vm-base) + # If the vm-base target fails, the vm-image target + # cannot possibly succeed. Touch the .TARGET file + # so it is not attempted. + touch vm-image + ;; + *) + # FALLTHROUGH + ;; + esac # Do not allow one failure case to chain through any remaining image # builds. - exit 0 + return 1 } vm_create_baseimage() { @@ -96,7 +105,7 @@ vm_create_baseimage() { cd ${WORLDDIR} && \ make DESTDIR=${DESTDIR} \ installworld installkernel distribution || \ - panic 1 "\n\nCannot install the base system to ${DESTDIR}." + panic "\n\nCannot install the base system to ${DESTDIR}." chroot ${DESTDIR} /usr/bin/newaliases echo '# Custom /etc/fstab for FreeBSD VM images' \ > ${DESTDIR}/etc/fstab @@ -111,7 +120,7 @@ vm_create_baseimage() { # This should never happen. But, it has happened. msg="Cannot umount(8) ${DESTDIR}\n" msg="${msg}Something has gone horribly wrong." - panic 1 "${msg}" + panic "${msg}" fi sleep 1 done @@ -141,11 +150,11 @@ vm_create_vmdisk() { if [ -z "${mkimg_version}" ]; then msg="Cannot determine mkimg(1) version.\n" msg="${msg}Cannot continue without a known mkimg(1) version." - panic 0 "${msg}" + panic "${msg}" fi if ! mkimg --formats 2>/dev/null | grep -q ${FORMAT}; then - panic 0 "'${FORMAT}' is not supported by this mkimg(1).\n" + panic "'${FORMAT}' is not supported by this mkimg(1).\n" fi case ${FORMAT} in diff --git a/release/i386/mk-azure.sh b/release/i386/mk-azure.sh new file mode 100755 index 0000000..45b70ae --- /dev/null +++ b/release/i386/mk-azure.sh @@ -0,0 +1,173 @@ +#!/bin/sh +#- +# Copyright (c) 2014 The FreeBSD Foundation +# All rights reserved. +# +# This software was developed by Glen Barber under sponsorship +# from the FreeBSD Foundation. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# mk-azure.sh: Create virtual machine disk images for Microsoft Azure +# +# $FreeBSD$ +# + +export PATH="/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin" + +usage() { + echo "Usage:" + echo -n "$(basename ${0}) vm-azure <base image>" + echo " <source tree> <dest dir> <disk image size> <vm image name>" + exit 1 +} + +panic() { + msg="${@}" + printf "${msg}\n" + if [ ! -z "${mddev}" ]; then + mdconfig -d -u ${mddev} + fi + # Do not allow one failure case to chain through any remaining image + # builds. + exit 0 +} + +vm_create_azure() { + # Arguments: + # vm-azure <base image> <source tree> <dest dir> <disk image size> <vm image name> + + VMBASE="${1}" + WORLDDIR="${2}" + DESTDIR="${3}" + VMSIZE="${4}" + VMIMAGE="${5}" + + if [ -z "${VMBASE}" -o -z "${WORLDDIR}" -o -z "${DESTDIR}" \ + -o -z "${VMSIZE}" -o -z "${VMIMAGE}" ]; then + usage + fi + + trap "umount ${DESTDIR}/dev ${DESTDIR}" INT QUIT TRAP ABRT TERM + + i=0 + mkdir -p ${DESTDIR} + truncate -s ${VMSIZE} ${VMBASE} + mddev=$(mdconfig -f ${VMBASE}) + newfs -j /dev/${mddev} + mkdir -p ${DESTDIR} + mount /dev/${mddev} ${DESTDIR} + make -C ${WORLDDIR} DESTDIR=$(realpath ${DESTDIR}) \ + installworld installkernel distribution || \ + panic 1 "\n\nCannot install the base system to ${DESTDIR}." + mount -t devfs devfs ${DESTDIR}/dev + chroot ${DESTDIR} /usr/bin/newaliases + echo '# Custom /etc/fstab for FreeBSD VM images' \ + > ${DESTDIR}/etc/fstab + echo '/dev/gpt/rootfs / ufs rw 2 2' \ + >> ${DESTDIR}/etc/fstab + # Although a swap partition is created, it is not used in Azure. + echo '#/dev/gpt/swapfs none swap sw 0 0' \ + >> ${DESTDIR}/etc/fstab + + chroot ${DESTDIR} /etc/rc.d/ldconfig forcestart + chroot ${DESTDIR} env ASSUME_ALWAYS_YES=yes /usr/sbin/pkg bootstrap -y + chroot ${DESTDIR} env ASSUME_ALWAYS_YES=yes /usr/sbin/pkg install -y \ + python python2 python27 py27-asn1 sudo bash + if [ ! -z "${VM_EXTRA_PACKAGES}" ]; then + chroot ${DESTDIR} env ASSUME_ALWAYS_YES=yes /usr/sbin/pkg install -y \ + ${VM_EXTRA_PACKAGES} + fi + + fetch -o ${DESTDIR}/usr/sbin/waagent \ + http://people.freebsd.org/~gjb/waagent + chmod +x ${DESTDIR}/usr/sbin/waagent + rm -f ${DESTDIR}/etc/resolv.conf + chroot ${DESTDIR} /usr/sbin/waagent -verbose -install + yes | chroot ${DESTDIR} /usr/sbin/waagent -deprovision + echo 'sshd_enable="YES"' > ${DESTDIR}/etc/rc.conf + echo 'ifconfig_hn0="SYNCDHCP"' >> ${DESTDIR}/etc/rc.conf + echo 'waagent_enable="YES"' >> ${DESTDIR}/etc/rc.conf + + echo 'console="comconsole vidconsole"' >> ${DESTDIR}/boot/loader.conf + echo 'comconsole_speed="115200"' >> ${DESTDIR}/boot/loader.conf + + if [ ! -z "${VM_RC_LIST}" ]; then + for _rcvar in ${VM_RC_LIST}; do + echo ${_rcvar}_enable="YES" >> ${DESTDIR}/etc/rc.conf + done + fi + + sync + + while ! umount ${DESTDIR}/dev ${DESTDIR}; do + i=$(( $i + 1 )) + if [ $i -ge 10 ]; then + # This should never happen. But, it has happened. + msg="Cannot umount(8) ${DESTDIR}\n" + msg="${msg}Something has gone horribly wrong." + panic 1 "${msg}" + fi + sleep 1 + done + + echo "Creating image... Please wait." + + mkimg -f vhdf -s gpt \ + -b /boot/pmbr -p freebsd-boot/bootfs:=/boot/gptboot \ + -p freebsd-swap/swapfs::1G \ + -p freebsd-ufs/rootfs:=${VMBASE} \ + -o ${VMIMAGE}.raw + + if [ ! -x "/usr/local/bin/qemu-img" ]; then + env ASSUME_ALWAYS_YES=yes pkg install -y emulators/qemu-devel + fi + + size=$(qemu-img info -f raw --output json ${VMIMAGE}.raw | awk '/virtual-size/ {print $2}' | tr -d ',') + size=$(( ( ${size} / ( 1024 * 1024 ) + 1 ) * ( 1024 * 1024 ) )) + qemu-img resize ${VMIMAGE}.raw ${size} + qemu-img convert -f raw -o subformat=fixed -O vpc ${VMIMAGE}.raw ${VMIMAGE} + + return 0 +} + +main() { + cmd="${1}" + shift 1 + + if [ -e "${AZURECONF}" -a ! -c "${AZURECONF}" ]; then + . ${AZURECONF} + fi + + case ${cmd} in + vm-azure) + eval vm_create_azure "$@" || return 0 + ;; + *|\?) + usage + ;; + esac + + return 0 +} + +main "$@" diff --git a/release/i386/mk-vmimage.sh b/release/i386/mk-vmimage.sh index 6ee1482..b3ffd23 100755 --- a/release/i386/mk-vmimage.sh +++ b/release/i386/mk-vmimage.sh @@ -32,7 +32,7 @@ # $FreeBSD$ # -PATH="/bin:/usr/bin:/sbin:/usr/sbin" +PATH="/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin" export PATH usage_vm_base() { @@ -58,16 +58,25 @@ usage() { } panic() { - rc="${1}" - shift 1 msg="${@}" printf "${msg}\n" if [ ! -z "${mddev}" ]; then mdconfig -d -u ${mddev} fi + case ${cmd} in + vm-base) + # If the vm-base target fails, the vm-image target + # cannot possibly succeed. Touch the .TARGET file + # so it is not attempted. + touch vm-image + ;; + *) + # FALLTHROUGH + ;; + esac # Do not allow one failure case to chain through any remaining image # builds. - exit 0 + return 1 } vm_create_baseimage() { @@ -96,7 +105,7 @@ vm_create_baseimage() { cd ${WORLDDIR} && \ make DESTDIR=${DESTDIR} \ installworld installkernel distribution || \ - panic 1 "\n\nCannot install the base system to ${DESTDIR}." + panic "\n\nCannot install the base system to ${DESTDIR}." chroot ${DESTDIR} /usr/bin/newaliases echo '# Custom /etc/fstab for FreeBSD VM images' \ > ${DESTDIR}/etc/fstab @@ -111,7 +120,7 @@ vm_create_baseimage() { # This should never happen. But, it has happened. msg="Cannot umount(8) ${DESTDIR}\n" msg="${msg}Something has gone horribly wrong." - panic 1 "${msg}" + panic "${msg}" fi sleep 1 done @@ -141,11 +150,11 @@ vm_create_vmdisk() { if [ -z "${mkimg_version}" ]; then msg="Cannot determine mkimg(1) version.\n" msg="${msg}Cannot continue without a known mkimg(1) version." - panic 0 "${msg}" + panic "${msg}" fi if ! mkimg --formats 2>/dev/null | grep -q ${FORMAT}; then - panic 0 "'${FORMAT}' is not supported by this mkimg(1).\n" + panic "'${FORMAT}' is not supported by this mkimg(1).\n" fi case ${FORMAT} in diff --git a/release/tools/azure.conf b/release/tools/azure.conf new file mode 100644 index 0000000..8f16acc --- /dev/null +++ b/release/tools/azure.conf @@ -0,0 +1,14 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# Set to a list of packages to install. +# Example: +#export VM_EXTRA_PACKAGES="www/apache24" +export VM_EXTRA_PACKAGES= + +# Set to a list of third-party software to enable in rc.conf(5). +# Example: +#export VM_RC_LIST="apache24" +export VM_RC_LIST= diff --git a/secure/lib/libcrypto/Makefile.inc b/secure/lib/libcrypto/Makefile.inc index 6127758..adc9fbf 100644 --- a/secure/lib/libcrypto/Makefile.inc +++ b/secure/lib/libcrypto/Makefile.inc @@ -3,8 +3,8 @@ .include <bsd.own.mk> # OpenSSL version used for manual page generation -OPENSSL_VER= 1.0.1i -OPENSSL_DATE= 2014-08-06 +OPENSSL_VER= 1.0.1j +OPENSSL_DATE= 2014-10-15 LCRYPTO_SRC= ${.CURDIR}/../../../crypto/openssl LCRYPTO_DOC= ${.CURDIR}/../../../crypto/openssl/doc diff --git a/secure/lib/libcrypto/Makefile.man b/secure/lib/libcrypto/Makefile.man index 2b88bd3..095356e 100644 --- a/secure/lib/libcrypto/Makefile.man +++ b/secure/lib/libcrypto/Makefile.man @@ -47,6 +47,7 @@ MAN+= BN_swap.3 MAN+= BN_zero.3 MAN+= CMS_add0_cert.3 MAN+= CMS_add1_recipient_cert.3 +MAN+= CMS_add1_signer.3 MAN+= CMS_compress.3 MAN+= CMS_decrypt.3 MAN+= CMS_encrypt.3 @@ -56,7 +57,6 @@ MAN+= CMS_get0_SignerInfos.3 MAN+= CMS_get0_type.3 MAN+= CMS_get1_ReceiptRequest.3 MAN+= CMS_sign.3 -MAN+= CMS_sign_add1_signer.3 MAN+= CMS_sign_receipt.3 MAN+= CMS_uncompress.3 MAN+= CMS_verify.3 @@ -397,6 +397,7 @@ MLINKS+= CMS_add0_cert.3 CMS_get1_certs.3 MLINKS+= CMS_add0_cert.3 CMS_add0_crl.3 MLINKS+= CMS_add0_cert.3 CMS_get1_crls.3 MLINKS+= CMS_add1_recipient_cert.3 CMS_add0_recipient_key.3 +MLINKS+= CMS_add1_signer.3 CMS_SignerInfo_sign.3 MLINKS+= CMS_get0_RecipientInfos.3 CMS_RecipientInfo_type.3 MLINKS+= CMS_get0_RecipientInfos.3 CMS_RecipientInfo_ktri_get0_signer_id.3 MLINKS+= CMS_get0_RecipientInfos.3 CMS_RecipientInfo_ktri_cert_cmp.3 @@ -413,7 +414,6 @@ MLINKS+= CMS_get0_type.3 CMS_get0_eContentType.3 MLINKS+= CMS_get1_ReceiptRequest.3 CMS_ReceiptRequest_create0.3 MLINKS+= CMS_get1_ReceiptRequest.3 CMS_add1_ReceiptRequest.3 MLINKS+= CMS_get1_ReceiptRequest.3 CMS_ReceiptRequest_get0_values.3 -MLINKS+= CMS_sign_add1_signer.3 CMS_SignerInfo_sign.3 MLINKS+= CONF_modules_free.3 CONF_modules_finish.3 MLINKS+= CONF_modules_free.3 CONF_modules_unload.3 MLINKS+= CONF_modules_load_file.3 CONF_modules_load.3 diff --git a/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 b/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 index 12eb24d..71ed173 100644 --- a/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 +++ b/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_OBJECT_new 3" -.TH ASN1_OBJECT_new 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH ASN1_OBJECT_new 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ASN1_STRING_length.3 b/secure/lib/libcrypto/man/ASN1_STRING_length.3 index 26b0d81..2be88a3 100644 --- a/secure/lib/libcrypto/man/ASN1_STRING_length.3 +++ b/secure/lib/libcrypto/man/ASN1_STRING_length.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_STRING_length 3" -.TH ASN1_STRING_length 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH ASN1_STRING_length 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ASN1_STRING_new.3 b/secure/lib/libcrypto/man/ASN1_STRING_new.3 index 74579bd..9fce1c9 100644 --- a/secure/lib/libcrypto/man/ASN1_STRING_new.3 +++ b/secure/lib/libcrypto/man/ASN1_STRING_new.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_STRING_new 3" -.TH ASN1_STRING_new 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH ASN1_STRING_new 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 b/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 index 8521774..ba782a8 100644 --- a/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 +++ b/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_STRING_print_ex 3" -.TH ASN1_STRING_print_ex 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH ASN1_STRING_print_ex 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ASN1_generate_nconf.3 b/secure/lib/libcrypto/man/ASN1_generate_nconf.3 index 7dfb488..91a2fbb 100644 --- a/secure/lib/libcrypto/man/ASN1_generate_nconf.3 +++ b/secure/lib/libcrypto/man/ASN1_generate_nconf.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_generate_nconf 3" -.TH ASN1_generate_nconf 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH ASN1_generate_nconf 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_ctrl.3 b/secure/lib/libcrypto/man/BIO_ctrl.3 index ad86553..5471335 100644 --- a/secure/lib/libcrypto/man/BIO_ctrl.3 +++ b/secure/lib/libcrypto/man/BIO_ctrl.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_ctrl 3" -.TH BIO_ctrl 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BIO_ctrl 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_f_base64.3 b/secure/lib/libcrypto/man/BIO_f_base64.3 index 9ebb393..c9ae354 100644 --- a/secure/lib/libcrypto/man/BIO_f_base64.3 +++ b/secure/lib/libcrypto/man/BIO_f_base64.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_f_base64 3" -.TH BIO_f_base64 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BIO_f_base64 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_f_buffer.3 b/secure/lib/libcrypto/man/BIO_f_buffer.3 index 7dc4a89..e5be835 100644 --- a/secure/lib/libcrypto/man/BIO_f_buffer.3 +++ b/secure/lib/libcrypto/man/BIO_f_buffer.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_f_buffer 3" -.TH BIO_f_buffer 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BIO_f_buffer 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_f_cipher.3 b/secure/lib/libcrypto/man/BIO_f_cipher.3 index cb7094a..6e0a0c3 100644 --- a/secure/lib/libcrypto/man/BIO_f_cipher.3 +++ b/secure/lib/libcrypto/man/BIO_f_cipher.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_f_cipher 3" -.TH BIO_f_cipher 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BIO_f_cipher 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_f_md.3 b/secure/lib/libcrypto/man/BIO_f_md.3 index 32e3d9f..57a7e58 100644 --- a/secure/lib/libcrypto/man/BIO_f_md.3 +++ b/secure/lib/libcrypto/man/BIO_f_md.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_f_md 3" -.TH BIO_f_md 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BIO_f_md 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_f_null.3 b/secure/lib/libcrypto/man/BIO_f_null.3 index 814cc25..c90186f 100644 --- a/secure/lib/libcrypto/man/BIO_f_null.3 +++ b/secure/lib/libcrypto/man/BIO_f_null.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_f_null 3" -.TH BIO_f_null 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BIO_f_null 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_f_ssl.3 b/secure/lib/libcrypto/man/BIO_f_ssl.3 index 79f656e..f16c971 100644 --- a/secure/lib/libcrypto/man/BIO_f_ssl.3 +++ b/secure/lib/libcrypto/man/BIO_f_ssl.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_f_ssl 3" -.TH BIO_f_ssl 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BIO_f_ssl 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_find_type.3 b/secure/lib/libcrypto/man/BIO_find_type.3 index 9589d69..f0af94a 100644 --- a/secure/lib/libcrypto/man/BIO_find_type.3 +++ b/secure/lib/libcrypto/man/BIO_find_type.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_find_type 3" -.TH BIO_find_type 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BIO_find_type 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_new.3 b/secure/lib/libcrypto/man/BIO_new.3 index dcbeccf..7d47353 100644 --- a/secure/lib/libcrypto/man/BIO_new.3 +++ b/secure/lib/libcrypto/man/BIO_new.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_new 3" -.TH BIO_new 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BIO_new 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_new_CMS.3 b/secure/lib/libcrypto/man/BIO_new_CMS.3 index 71e78f3..650cf59 100644 --- a/secure/lib/libcrypto/man/BIO_new_CMS.3 +++ b/secure/lib/libcrypto/man/BIO_new_CMS.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_new_CMS 3" -.TH BIO_new_CMS 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BIO_new_CMS 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_push.3 b/secure/lib/libcrypto/man/BIO_push.3 index 40eb996..f2f4fc0 100644 --- a/secure/lib/libcrypto/man/BIO_push.3 +++ b/secure/lib/libcrypto/man/BIO_push.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_push 3" -.TH BIO_push 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BIO_push 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_read.3 b/secure/lib/libcrypto/man/BIO_read.3 index 42a3560..7778c2e 100644 --- a/secure/lib/libcrypto/man/BIO_read.3 +++ b/secure/lib/libcrypto/man/BIO_read.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_read 3" -.TH BIO_read 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BIO_read 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_s_accept.3 b/secure/lib/libcrypto/man/BIO_s_accept.3 index 13d1277..e370a9e 100644 --- a/secure/lib/libcrypto/man/BIO_s_accept.3 +++ b/secure/lib/libcrypto/man/BIO_s_accept.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_accept 3" -.TH BIO_s_accept 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BIO_s_accept 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -187,8 +187,8 @@ the accept socket. See \fIBIO_s_fd\fR\|(3) \&\fIBIO_set_accept_port()\fR uses the string \fBname\fR to set the accept port. The port is represented as a string of the form \*(L"host:port\*(R", where \*(L"host\*(R" is the interface to use and \*(L"port\*(R" is the port. -Either or both values can be \*(L"*\*(R" which is interpreted as meaning -any interface or port respectively. \*(L"port\*(R" has the same syntax +The host can be can be \*(L"*\*(R" which is interpreted as meaning +any interface; \*(L"port\*(R" has the same syntax as the port specified in \fIBIO_set_conn_port()\fR for connect BIOs, that is it can be a numerical port string or a string to lookup using \fIgetservbyname()\fR and a string table. diff --git a/secure/lib/libcrypto/man/BIO_s_bio.3 b/secure/lib/libcrypto/man/BIO_s_bio.3 index f28110b..6aaa478 100644 --- a/secure/lib/libcrypto/man/BIO_s_bio.3 +++ b/secure/lib/libcrypto/man/BIO_s_bio.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_bio 3" -.TH BIO_s_bio 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BIO_s_bio 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_s_connect.3 b/secure/lib/libcrypto/man/BIO_s_connect.3 index 5f24efa..a51cc92 100644 --- a/secure/lib/libcrypto/man/BIO_s_connect.3 +++ b/secure/lib/libcrypto/man/BIO_s_connect.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_connect 3" -.TH BIO_s_connect 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BIO_s_connect 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_s_fd.3 b/secure/lib/libcrypto/man/BIO_s_fd.3 index d7acd5a..6fd7657 100644 --- a/secure/lib/libcrypto/man/BIO_s_fd.3 +++ b/secure/lib/libcrypto/man/BIO_s_fd.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_fd 3" -.TH BIO_s_fd 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BIO_s_fd 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_s_file.3 b/secure/lib/libcrypto/man/BIO_s_file.3 index fc08e32..337a9dd 100644 --- a/secure/lib/libcrypto/man/BIO_s_file.3 +++ b/secure/lib/libcrypto/man/BIO_s_file.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_file 3" -.TH BIO_s_file 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BIO_s_file 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_s_mem.3 b/secure/lib/libcrypto/man/BIO_s_mem.3 index d04a366..72421dc 100644 --- a/secure/lib/libcrypto/man/BIO_s_mem.3 +++ b/secure/lib/libcrypto/man/BIO_s_mem.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_mem 3" -.TH BIO_s_mem 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BIO_s_mem 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_s_null.3 b/secure/lib/libcrypto/man/BIO_s_null.3 index 42f2534..0bdfee4 100644 --- a/secure/lib/libcrypto/man/BIO_s_null.3 +++ b/secure/lib/libcrypto/man/BIO_s_null.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_null 3" -.TH BIO_s_null 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BIO_s_null 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_s_socket.3 b/secure/lib/libcrypto/man/BIO_s_socket.3 index 3b23471..7cf5df7 100644 --- a/secure/lib/libcrypto/man/BIO_s_socket.3 +++ b/secure/lib/libcrypto/man/BIO_s_socket.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_socket 3" -.TH BIO_s_socket 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BIO_s_socket 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_set_callback.3 b/secure/lib/libcrypto/man/BIO_set_callback.3 index 0a3632d..2c6618c 100644 --- a/secure/lib/libcrypto/man/BIO_set_callback.3 +++ b/secure/lib/libcrypto/man/BIO_set_callback.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_set_callback 3" -.TH BIO_set_callback 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BIO_set_callback 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_should_retry.3 b/secure/lib/libcrypto/man/BIO_should_retry.3 index c04c1fd..1590f97 100644 --- a/secure/lib/libcrypto/man/BIO_should_retry.3 +++ b/secure/lib/libcrypto/man/BIO_should_retry.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_should_retry 3" -.TH BIO_should_retry 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BIO_should_retry 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_BLINDING_new.3 b/secure/lib/libcrypto/man/BN_BLINDING_new.3 index d628684..5d7a0e8 100644 --- a/secure/lib/libcrypto/man/BN_BLINDING_new.3 +++ b/secure/lib/libcrypto/man/BN_BLINDING_new.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_BLINDING_new 3" -.TH BN_BLINDING_new 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BN_BLINDING_new 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_CTX_new.3 b/secure/lib/libcrypto/man/BN_CTX_new.3 index 095a9b7..66dcd12 100644 --- a/secure/lib/libcrypto/man/BN_CTX_new.3 +++ b/secure/lib/libcrypto/man/BN_CTX_new.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_CTX_new 3" -.TH BN_CTX_new 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BN_CTX_new 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_CTX_start.3 b/secure/lib/libcrypto/man/BN_CTX_start.3 index dc80555..f69b705 100644 --- a/secure/lib/libcrypto/man/BN_CTX_start.3 +++ b/secure/lib/libcrypto/man/BN_CTX_start.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_CTX_start 3" -.TH BN_CTX_start 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BN_CTX_start 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_add.3 b/secure/lib/libcrypto/man/BN_add.3 index 58b02fe..b446d4c 100644 --- a/secure/lib/libcrypto/man/BN_add.3 +++ b/secure/lib/libcrypto/man/BN_add.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_add 3" -.TH BN_add 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BN_add 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_add_word.3 b/secure/lib/libcrypto/man/BN_add_word.3 index e65b3fe..33d20b4 100644 --- a/secure/lib/libcrypto/man/BN_add_word.3 +++ b/secure/lib/libcrypto/man/BN_add_word.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_add_word 3" -.TH BN_add_word 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BN_add_word 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_bn2bin.3 b/secure/lib/libcrypto/man/BN_bn2bin.3 index 4094b6e..9375149 100644 --- a/secure/lib/libcrypto/man/BN_bn2bin.3 +++ b/secure/lib/libcrypto/man/BN_bn2bin.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_bn2bin 3" -.TH BN_bn2bin 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BN_bn2bin 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_cmp.3 b/secure/lib/libcrypto/man/BN_cmp.3 index c1f8fa8..bc035ec 100644 --- a/secure/lib/libcrypto/man/BN_cmp.3 +++ b/secure/lib/libcrypto/man/BN_cmp.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_cmp 3" -.TH BN_cmp 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BN_cmp 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_copy.3 b/secure/lib/libcrypto/man/BN_copy.3 index 37133ac..fcf2ab5 100644 --- a/secure/lib/libcrypto/man/BN_copy.3 +++ b/secure/lib/libcrypto/man/BN_copy.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_copy 3" -.TH BN_copy 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BN_copy 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_generate_prime.3 b/secure/lib/libcrypto/man/BN_generate_prime.3 index 19d4df9..bd8a469 100644 --- a/secure/lib/libcrypto/man/BN_generate_prime.3 +++ b/secure/lib/libcrypto/man/BN_generate_prime.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_generate_prime 3" -.TH BN_generate_prime 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BN_generate_prime 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_mod_inverse.3 b/secure/lib/libcrypto/man/BN_mod_inverse.3 index 2d85768..5d6ce78 100644 --- a/secure/lib/libcrypto/man/BN_mod_inverse.3 +++ b/secure/lib/libcrypto/man/BN_mod_inverse.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_mod_inverse 3" -.TH BN_mod_inverse 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BN_mod_inverse 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 b/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 index de0b96d..85c3597 100644 --- a/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 +++ b/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_mod_mul_montgomery 3" -.TH BN_mod_mul_montgomery 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BN_mod_mul_montgomery 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 b/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 index 26f6486..ef922a2 100644 --- a/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 +++ b/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_mod_mul_reciprocal 3" -.TH BN_mod_mul_reciprocal 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BN_mod_mul_reciprocal 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_new.3 b/secure/lib/libcrypto/man/BN_new.3 index 547f0cc..1ecfdb5 100644 --- a/secure/lib/libcrypto/man/BN_new.3 +++ b/secure/lib/libcrypto/man/BN_new.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_new 3" -.TH BN_new 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BN_new 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_num_bytes.3 b/secure/lib/libcrypto/man/BN_num_bytes.3 index a7cd684..9bdf420 100644 --- a/secure/lib/libcrypto/man/BN_num_bytes.3 +++ b/secure/lib/libcrypto/man/BN_num_bytes.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_num_bytes 3" -.TH BN_num_bytes 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BN_num_bytes 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_rand.3 b/secure/lib/libcrypto/man/BN_rand.3 index 004a66b..c86aeb0 100644 --- a/secure/lib/libcrypto/man/BN_rand.3 +++ b/secure/lib/libcrypto/man/BN_rand.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_rand 3" -.TH BN_rand 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BN_rand 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_set_bit.3 b/secure/lib/libcrypto/man/BN_set_bit.3 index 6bebfc2..11fac7d 100644 --- a/secure/lib/libcrypto/man/BN_set_bit.3 +++ b/secure/lib/libcrypto/man/BN_set_bit.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_set_bit 3" -.TH BN_set_bit 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BN_set_bit 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_swap.3 b/secure/lib/libcrypto/man/BN_swap.3 index ff6d38a..1c30db1 100644 --- a/secure/lib/libcrypto/man/BN_swap.3 +++ b/secure/lib/libcrypto/man/BN_swap.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_swap 3" -.TH BN_swap 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BN_swap 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_zero.3 b/secure/lib/libcrypto/man/BN_zero.3 index 41efb6c..ffc9f55 100644 --- a/secure/lib/libcrypto/man/BN_zero.3 +++ b/secure/lib/libcrypto/man/BN_zero.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_zero 3" -.TH BN_zero 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BN_zero 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_add0_cert.3 b/secure/lib/libcrypto/man/CMS_add0_cert.3 index 51e6c0c..1a549bb 100644 --- a/secure/lib/libcrypto/man/CMS_add0_cert.3 +++ b/secure/lib/libcrypto/man/CMS_add0_cert.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CMS_add0_cert 3" -.TH CMS_add0_cert 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH CMS_add0_cert 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3 b/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3 index 23861a5..f40e50e 100644 --- a/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3 +++ b/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CMS_add1_recipient_cert 3" -.TH CMS_add1_recipient_cert 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH CMS_add1_recipient_cert 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_sign_add1_signer.3 b/secure/lib/libcrypto/man/CMS_add1_signer.3 index 72d4fcb..8eb6505 100644 --- a/secure/lib/libcrypto/man/CMS_sign_add1_signer.3 +++ b/secure/lib/libcrypto/man/CMS_add1_signer.3 @@ -123,28 +123,28 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "CMS_sign_add1_signer 3" -.TH CMS_sign_add1_signer 3 "2014-08-06" "1.0.1i" "OpenSSL" +.IX Title "CMS_add1_signer 3" +.TH CMS_add1_signer 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" .Vb 1 -\& CMS_sign_add1_signer, CMS_SignerInfo_sign \- add a signer to a CMS_ContentInfo signed data structure. +\& CMS_add1_signer, CMS_SignerInfo_sign \- add a signer to a CMS_ContentInfo signed data structure. .Ve .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/cms.h> \& -\& CMS_SignerInfo *CMS_sign_add1_signer(CMS_ContentInfo *cms, X509 *signcert, EVP_PKEY *pkey, const EVP_MD *md, unsigned int flags); +\& CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, X509 *signcert, EVP_PKEY *pkey, const EVP_MD *md, unsigned int flags); \& \& int CMS_SignerInfo_sign(CMS_SignerInfo *si); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fICMS_sign_add1_signer()\fR adds a signer with certificate \fBsigncert\fR and private +\&\fICMS_add1_signer()\fR adds a signer with certificate \fBsigncert\fR and private key \fBpkey\fR using message digest \fBmd\fR to CMS_ContentInfo SignedData structure \fBcms\fR. .PP @@ -164,7 +164,7 @@ structure, its main use is when \fB\s-1CMS_REUSE_DIGEST\s0\fR and \fB\s-1CMS_PAR are both set. .SH "NOTES" .IX Header "NOTES" -The main purpose of \fICMS_sign_add1_signer()\fR is to provide finer control +The main purpose of \fICMS_add1_signer()\fR is to provide finer control over a \s-1CMS\s0 signed data structure where the simpler \fICMS_sign()\fR function defaults are not appropriate. For example if multiple signers or non default digest algorithms are needed. New attributes can also be added using the returned @@ -208,12 +208,12 @@ bit \s-1AES\s0, 128 bit \s-1AES\s0, triple \s-1DES\s0, 128 bit \s-1RC2\s0, 64 bi If any of these algorithms is not available then it will not be included: for example the \s-1GOST\s0 algorithms will not be included if the \s-1GOST\s0 \s-1ENGINE\s0 is not loaded. .PP -\&\fICMS_sign_add1_signer()\fR returns an internal pointer to the CMS_SignerInfo +\&\fICMS_add1_signer()\fR returns an internal pointer to the CMS_SignerInfo structure just added, this can be used to set additional attributes before it is finalized. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fICMS_sign1_add_signers()\fR returns an internal pointer to the CMS_SignerInfo +\&\fICMS_add1_signer()\fR returns an internal pointer to the CMS_SignerInfo structure just added or \s-1NULL\s0 if an error occurs. .SH "SEE ALSO" .IX Header "SEE ALSO" @@ -221,4 +221,4 @@ structure just added or \s-1NULL\s0 if an error occurs. \&\fICMS_final\fR\|(3), .SH "HISTORY" .IX Header "HISTORY" -\&\fICMS_sign_add1_signer()\fR was added to OpenSSL 0.9.8 +\&\fICMS_add1_signer()\fR was added to OpenSSL 0.9.8 diff --git a/secure/lib/libcrypto/man/CMS_compress.3 b/secure/lib/libcrypto/man/CMS_compress.3 index 886cb40..0e6af65 100644 --- a/secure/lib/libcrypto/man/CMS_compress.3 +++ b/secure/lib/libcrypto/man/CMS_compress.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CMS_compress 3" -.TH CMS_compress 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH CMS_compress 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_decrypt.3 b/secure/lib/libcrypto/man/CMS_decrypt.3 index 9df040b..7b2e424 100644 --- a/secure/lib/libcrypto/man/CMS_decrypt.3 +++ b/secure/lib/libcrypto/man/CMS_decrypt.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CMS_decrypt 3" -.TH CMS_decrypt 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH CMS_decrypt 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_encrypt.3 b/secure/lib/libcrypto/man/CMS_encrypt.3 index fc531de..d37152e 100644 --- a/secure/lib/libcrypto/man/CMS_encrypt.3 +++ b/secure/lib/libcrypto/man/CMS_encrypt.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CMS_encrypt 3" -.TH CMS_encrypt 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH CMS_encrypt 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_final.3 b/secure/lib/libcrypto/man/CMS_final.3 index 4686635..fb8afcb 100644 --- a/secure/lib/libcrypto/man/CMS_final.3 +++ b/secure/lib/libcrypto/man/CMS_final.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CMS_final 3" -.TH CMS_final 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH CMS_final 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3 b/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3 index 56efdda..d6e4766 100644 --- a/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3 +++ b/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CMS_get0_RecipientInfos 3" -.TH CMS_get0_RecipientInfos 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH CMS_get0_RecipientInfos 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3 b/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3 index 2ec7e43..e52b9c6 100644 --- a/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3 +++ b/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CMS_get0_SignerInfos 3" -.TH CMS_get0_SignerInfos 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH CMS_get0_SignerInfos 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_get0_type.3 b/secure/lib/libcrypto/man/CMS_get0_type.3 index 7a95909..1a848ae 100644 --- a/secure/lib/libcrypto/man/CMS_get0_type.3 +++ b/secure/lib/libcrypto/man/CMS_get0_type.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CMS_get0_type 3" -.TH CMS_get0_type 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH CMS_get0_type 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 b/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 index 29a7ae8..bd41eb8 100644 --- a/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 +++ b/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CMS_get1_ReceiptRequest 3" -.TH CMS_get1_ReceiptRequest 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH CMS_get1_ReceiptRequest 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_sign.3 b/secure/lib/libcrypto/man/CMS_sign.3 index 5fd7f4b..a1430ad 100644 --- a/secure/lib/libcrypto/man/CMS_sign.3 +++ b/secure/lib/libcrypto/man/CMS_sign.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CMS_sign 3" -.TH CMS_sign 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH CMS_sign 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_sign_receipt.3 b/secure/lib/libcrypto/man/CMS_sign_receipt.3 index 104260a..17c157f 100644 --- a/secure/lib/libcrypto/man/CMS_sign_receipt.3 +++ b/secure/lib/libcrypto/man/CMS_sign_receipt.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CMS_sign_receipt 3" -.TH CMS_sign_receipt 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH CMS_sign_receipt 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_uncompress.3 b/secure/lib/libcrypto/man/CMS_uncompress.3 index 0fc03b3..812002e 100644 --- a/secure/lib/libcrypto/man/CMS_uncompress.3 +++ b/secure/lib/libcrypto/man/CMS_uncompress.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CMS_uncompress 3" -.TH CMS_uncompress 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH CMS_uncompress 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_verify.3 b/secure/lib/libcrypto/man/CMS_verify.3 index 79520f3..acdccc2 100644 --- a/secure/lib/libcrypto/man/CMS_verify.3 +++ b/secure/lib/libcrypto/man/CMS_verify.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CMS_verify 3" -.TH CMS_verify 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH CMS_verify 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_verify_receipt.3 b/secure/lib/libcrypto/man/CMS_verify_receipt.3 index 02e3df4..460634b 100644 --- a/secure/lib/libcrypto/man/CMS_verify_receipt.3 +++ b/secure/lib/libcrypto/man/CMS_verify_receipt.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CMS_verify_receipt 3" -.TH CMS_verify_receipt 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH CMS_verify_receipt 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CONF_modules_free.3 b/secure/lib/libcrypto/man/CONF_modules_free.3 index b7573c7..0e75a1f 100644 --- a/secure/lib/libcrypto/man/CONF_modules_free.3 +++ b/secure/lib/libcrypto/man/CONF_modules_free.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CONF_modules_free 3" -.TH CONF_modules_free 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH CONF_modules_free 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CONF_modules_load_file.3 b/secure/lib/libcrypto/man/CONF_modules_load_file.3 index 20569a2..7d00b03 100644 --- a/secure/lib/libcrypto/man/CONF_modules_load_file.3 +++ b/secure/lib/libcrypto/man/CONF_modules_load_file.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CONF_modules_load_file 3" -.TH CONF_modules_load_file 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH CONF_modules_load_file 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 b/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 index a3738ed..1bcd3ef 100644 --- a/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 +++ b/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CRYPTO_set_ex_data 3" -.TH CRYPTO_set_ex_data 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH CRYPTO_set_ex_data 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DH_generate_key.3 b/secure/lib/libcrypto/man/DH_generate_key.3 index 876458b..aac2544 100644 --- a/secure/lib/libcrypto/man/DH_generate_key.3 +++ b/secure/lib/libcrypto/man/DH_generate_key.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DH_generate_key 3" -.TH DH_generate_key 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH DH_generate_key 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DH_generate_parameters.3 b/secure/lib/libcrypto/man/DH_generate_parameters.3 index aadfea9..fba24a7 100644 --- a/secure/lib/libcrypto/man/DH_generate_parameters.3 +++ b/secure/lib/libcrypto/man/DH_generate_parameters.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DH_generate_parameters 3" -.TH DH_generate_parameters 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH DH_generate_parameters 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DH_get_ex_new_index.3 b/secure/lib/libcrypto/man/DH_get_ex_new_index.3 index 1f4a8ef..fb8f1f0 100644 --- a/secure/lib/libcrypto/man/DH_get_ex_new_index.3 +++ b/secure/lib/libcrypto/man/DH_get_ex_new_index.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DH_get_ex_new_index 3" -.TH DH_get_ex_new_index 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH DH_get_ex_new_index 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DH_new.3 b/secure/lib/libcrypto/man/DH_new.3 index 635f1cb..d16ab5a 100644 --- a/secure/lib/libcrypto/man/DH_new.3 +++ b/secure/lib/libcrypto/man/DH_new.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DH_new 3" -.TH DH_new 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH DH_new 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DH_set_method.3 b/secure/lib/libcrypto/man/DH_set_method.3 index 067e9bf..8868f61 100644 --- a/secure/lib/libcrypto/man/DH_set_method.3 +++ b/secure/lib/libcrypto/man/DH_set_method.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DH_set_method 3" -.TH DH_set_method 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH DH_set_method 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DH_size.3 b/secure/lib/libcrypto/man/DH_size.3 index da90382..c1aa7e7 100644 --- a/secure/lib/libcrypto/man/DH_size.3 +++ b/secure/lib/libcrypto/man/DH_size.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DH_size 3" -.TH DH_size 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH DH_size 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DSA_SIG_new.3 b/secure/lib/libcrypto/man/DSA_SIG_new.3 index bb0bcf0..5d57e16 100644 --- a/secure/lib/libcrypto/man/DSA_SIG_new.3 +++ b/secure/lib/libcrypto/man/DSA_SIG_new.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DSA_SIG_new 3" -.TH DSA_SIG_new 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH DSA_SIG_new 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DSA_do_sign.3 b/secure/lib/libcrypto/man/DSA_do_sign.3 index 2f3f5c3..bd3b157 100644 --- a/secure/lib/libcrypto/man/DSA_do_sign.3 +++ b/secure/lib/libcrypto/man/DSA_do_sign.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DSA_do_sign 3" -.TH DSA_do_sign 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH DSA_do_sign 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DSA_dup_DH.3 b/secure/lib/libcrypto/man/DSA_dup_DH.3 index 4285dca..539bbe8 100644 --- a/secure/lib/libcrypto/man/DSA_dup_DH.3 +++ b/secure/lib/libcrypto/man/DSA_dup_DH.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DSA_dup_DH 3" -.TH DSA_dup_DH 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH DSA_dup_DH 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DSA_generate_key.3 b/secure/lib/libcrypto/man/DSA_generate_key.3 index 5bd84b8..831de26 100644 --- a/secure/lib/libcrypto/man/DSA_generate_key.3 +++ b/secure/lib/libcrypto/man/DSA_generate_key.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DSA_generate_key 3" -.TH DSA_generate_key 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH DSA_generate_key 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DSA_generate_parameters.3 b/secure/lib/libcrypto/man/DSA_generate_parameters.3 index e857072..6114d3b 100644 --- a/secure/lib/libcrypto/man/DSA_generate_parameters.3 +++ b/secure/lib/libcrypto/man/DSA_generate_parameters.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DSA_generate_parameters 3" -.TH DSA_generate_parameters 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH DSA_generate_parameters 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 b/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 index 6896517..0387194 100644 --- a/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 +++ b/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DSA_get_ex_new_index 3" -.TH DSA_get_ex_new_index 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH DSA_get_ex_new_index 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DSA_new.3 b/secure/lib/libcrypto/man/DSA_new.3 index 303c38d..e1aa0ca 100644 --- a/secure/lib/libcrypto/man/DSA_new.3 +++ b/secure/lib/libcrypto/man/DSA_new.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DSA_new 3" -.TH DSA_new 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH DSA_new 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DSA_set_method.3 b/secure/lib/libcrypto/man/DSA_set_method.3 index 53f4ac0..baefa6d 100644 --- a/secure/lib/libcrypto/man/DSA_set_method.3 +++ b/secure/lib/libcrypto/man/DSA_set_method.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DSA_set_method 3" -.TH DSA_set_method 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH DSA_set_method 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DSA_sign.3 b/secure/lib/libcrypto/man/DSA_sign.3 index 0fa050f..58ed2de 100644 --- a/secure/lib/libcrypto/man/DSA_sign.3 +++ b/secure/lib/libcrypto/man/DSA_sign.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DSA_sign 3" -.TH DSA_sign 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH DSA_sign 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DSA_size.3 b/secure/lib/libcrypto/man/DSA_size.3 index e783b4a..c689c06 100644 --- a/secure/lib/libcrypto/man/DSA_size.3 +++ b/secure/lib/libcrypto/man/DSA_size.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DSA_size 3" -.TH DSA_size 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH DSA_size 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ERR_GET_LIB.3 b/secure/lib/libcrypto/man/ERR_GET_LIB.3 index a49d787..ebdfa01 100644 --- a/secure/lib/libcrypto/man/ERR_GET_LIB.3 +++ b/secure/lib/libcrypto/man/ERR_GET_LIB.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ERR_GET_LIB 3" -.TH ERR_GET_LIB 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH ERR_GET_LIB 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ERR_clear_error.3 b/secure/lib/libcrypto/man/ERR_clear_error.3 index 5256ca1..24fd7f3 100644 --- a/secure/lib/libcrypto/man/ERR_clear_error.3 +++ b/secure/lib/libcrypto/man/ERR_clear_error.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ERR_clear_error 3" -.TH ERR_clear_error 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH ERR_clear_error 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ERR_error_string.3 b/secure/lib/libcrypto/man/ERR_error_string.3 index 4bffebf..ddacdc9 100644 --- a/secure/lib/libcrypto/man/ERR_error_string.3 +++ b/secure/lib/libcrypto/man/ERR_error_string.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ERR_error_string 3" -.TH ERR_error_string 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH ERR_error_string 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ERR_get_error.3 b/secure/lib/libcrypto/man/ERR_get_error.3 index 68e5beb..8110d43 100644 --- a/secure/lib/libcrypto/man/ERR_get_error.3 +++ b/secure/lib/libcrypto/man/ERR_get_error.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ERR_get_error 3" -.TH ERR_get_error 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH ERR_get_error 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 b/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 index 16a894d..aafb918 100644 --- a/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 +++ b/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ERR_load_crypto_strings 3" -.TH ERR_load_crypto_strings 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH ERR_load_crypto_strings 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ERR_load_strings.3 b/secure/lib/libcrypto/man/ERR_load_strings.3 index a4a3163..6683dd5 100644 --- a/secure/lib/libcrypto/man/ERR_load_strings.3 +++ b/secure/lib/libcrypto/man/ERR_load_strings.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ERR_load_strings 3" -.TH ERR_load_strings 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH ERR_load_strings 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ERR_print_errors.3 b/secure/lib/libcrypto/man/ERR_print_errors.3 index b1e6174..bc81b5d 100644 --- a/secure/lib/libcrypto/man/ERR_print_errors.3 +++ b/secure/lib/libcrypto/man/ERR_print_errors.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ERR_print_errors 3" -.TH ERR_print_errors 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH ERR_print_errors 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ERR_put_error.3 b/secure/lib/libcrypto/man/ERR_put_error.3 index 82fecce..33820a7 100644 --- a/secure/lib/libcrypto/man/ERR_put_error.3 +++ b/secure/lib/libcrypto/man/ERR_put_error.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ERR_put_error 3" -.TH ERR_put_error 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH ERR_put_error 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ERR_remove_state.3 b/secure/lib/libcrypto/man/ERR_remove_state.3 index 9f17ba9..db9228c 100644 --- a/secure/lib/libcrypto/man/ERR_remove_state.3 +++ b/secure/lib/libcrypto/man/ERR_remove_state.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ERR_remove_state 3" -.TH ERR_remove_state 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH ERR_remove_state 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ERR_set_mark.3 b/secure/lib/libcrypto/man/ERR_set_mark.3 index 8bee880..3b0f52b 100644 --- a/secure/lib/libcrypto/man/ERR_set_mark.3 +++ b/secure/lib/libcrypto/man/ERR_set_mark.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ERR_set_mark 3" -.TH ERR_set_mark 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH ERR_set_mark 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_BytesToKey.3 b/secure/lib/libcrypto/man/EVP_BytesToKey.3 index 2e2835f..448ad2a 100644 --- a/secure/lib/libcrypto/man/EVP_BytesToKey.3 +++ b/secure/lib/libcrypto/man/EVP_BytesToKey.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_BytesToKey 3" -.TH EVP_BytesToKey 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH EVP_BytesToKey 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_DigestInit.3 b/secure/lib/libcrypto/man/EVP_DigestInit.3 index 248aebb..0536aae 100644 --- a/secure/lib/libcrypto/man/EVP_DigestInit.3 +++ b/secure/lib/libcrypto/man/EVP_DigestInit.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_DigestInit 3" -.TH EVP_DigestInit 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH EVP_DigestInit 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -154,13 +154,13 @@ EVP digest routines \& int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx); \& void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx); \& -\& int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in); +\& int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in); \& \& int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); \& int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, \& unsigned int *s); \& -\& int EVP_MD_CTX_copy(EVP_MD_CTX *out,EVP_MD_CTX *in); +\& int EVP_MD_CTX_copy(EVP_MD_CTX *out,EVP_MD_CTX *in); \& \& #define EVP_MAX_MD_SIZE 64 /* SHA512 */ \& @@ -267,7 +267,7 @@ structures for the \s-1MD2\s0, \s-1MD5\s0, \s-1SHA\s0, \s-1SHA1\s0, \s-1SHA224\s and \s-1RIPEMD160\s0 digest algorithms respectively. .PP \&\fIEVP_dss()\fR and \fIEVP_dss1()\fR return \fB\s-1EVP_MD\s0\fR structures for \s-1SHA\s0 and \s-1SHA1\s0 digest -algorithms but using \s-1DSS\s0 (\s-1DSA\s0) for the signature algorithm. Note: there is +algorithms but using \s-1DSS\s0 (\s-1DSA\s0) for the signature algorithm. Note: there is no need to use these pseudo-digests in OpenSSL 1.0.0 and later, they are however retained for compatibility. .PP @@ -303,15 +303,15 @@ The \fB\s-1EVP\s0\fR interface to message digests should almost always be used i preference to the low level interfaces. This is because the code then becomes transparent to the digest used and much more flexible. .PP -New applications should use the \s-1SHA2\s0 digest algorithms such as \s-1SHA256\s0. +New applications should use the \s-1SHA2\s0 digest algorithms such as \s-1SHA256\s0. The other digest algorithms are still in common use. .PP For most applications the \fBimpl\fR parameter to \fIEVP_DigestInit_ex()\fR will be set to \s-1NULL\s0 to use the default digest implementation. .PP -The functions \fIEVP_DigestInit()\fR, \fIEVP_DigestFinal()\fR and \fIEVP_MD_CTX_copy()\fR are +The functions \fIEVP_DigestInit()\fR, \fIEVP_DigestFinal()\fR and \fIEVP_MD_CTX_copy()\fR are obsolete but are retained to maintain compatibility with existing code. New -applications should use \fIEVP_DigestInit_ex()\fR, \fIEVP_DigestFinal_ex()\fR and +applications should use \fIEVP_DigestInit_ex()\fR, \fIEVP_DigestFinal_ex()\fR and \&\fIEVP_MD_CTX_copy_ex()\fR because they can efficiently reuse a digest context instead of initializing and cleaning it up on each call and allow non default implementations of digests to be specified. @@ -374,15 +374,19 @@ digest name passed on the command line. \& EVP_MD_CTX_destroy(mdctx); \& \& printf("Digest is: "); -\& for(i = 0; i < md_len; i++) printf("%02x", md_value[i]); +\& for(i = 0; i < md_len; i++) +\& printf("%02x", md_value[i]); \& printf("\en"); +\& +\& /* Call this once before exit. */ +\& EVP_cleanup(); +\& exit(0); \& } .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIevp\fR\|(3), \fIhmac\fR\|(3), \fImd2\fR\|(3), -\&\fImd5\fR\|(3), \fImdc2\fR\|(3), \fIripemd\fR\|(3), -\&\fIsha\fR\|(3), \fIdgst\fR\|(1) +\&\fIdgst\fR\|(1), +\&\fIevp\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\fIEVP_DigestInit()\fR, \fIEVP_DigestUpdate()\fR and \fIEVP_DigestFinal()\fR are @@ -397,7 +401,7 @@ and \fIEVP_DigestFinal_ex()\fR were added in OpenSSL 0.9.7. changed to return truely const \s-1EVP_MD\s0 * in OpenSSL 0.9.7. .PP The link between digests and signing algorithms was fixed in OpenSSL 1.0 and -later, so now \fIEVP_sha1()\fR can be used with \s-1RSA\s0 and \s-1DSA\s0, there is no need to +later, so now \fIEVP_sha1()\fR can be used with \s-1RSA\s0 and \s-1DSA\s0; there is no need to use \fIEVP_dss1()\fR any more. .PP OpenSSL 1.0 and later does not include the \s-1MD2\s0 digest algorithm in the diff --git a/secure/lib/libcrypto/man/EVP_DigestSignInit.3 b/secure/lib/libcrypto/man/EVP_DigestSignInit.3 index d076247..274d761 100644 --- a/secure/lib/libcrypto/man/EVP_DigestSignInit.3 +++ b/secure/lib/libcrypto/man/EVP_DigestSignInit.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_DigestSignInit 3" -.TH EVP_DigestSignInit 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH EVP_DigestSignInit 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3 b/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3 index d6c4aef..2db25cc 100644 --- a/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3 +++ b/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_DigestVerifyInit 3" -.TH EVP_DigestVerifyInit 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH EVP_DigestVerifyInit 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -165,7 +165,7 @@ or a negative value for failure. In particular a return value of \-2 indicates the operation is not supported by the public key algorithm. .PP Unlike other functions the return value 0 from \fIEVP_DigestVerifyFinal()\fR only -indicates that the signature did not not verify successfully (that is tbs did +indicates that the signature did not verify successfully (that is tbs did not match the original data or the signature was of invalid form) it is not an indication of a more serious error. .PP @@ -185,7 +185,7 @@ For some key types and parameters the random number generator must be seeded or the operation will fail. .PP The call to \fIEVP_DigestVerifyFinal()\fR internally finalizes a copy of the digest -context. This means that calls to \fIEVP_VerifyUpdate()\fR and \fIEVP_VerifyFinal()\fR can +context. This means that \fIEVP_VerifyUpdate()\fR and \fIEVP_VerifyFinal()\fR can be called later to digest and verify additional data. .PP Since only a copy of the digest context is ever finalized the context must diff --git a/secure/lib/libcrypto/man/EVP_EncryptInit.3 b/secure/lib/libcrypto/man/EVP_EncryptInit.3 index 8707153..07532b9 100644 --- a/secure/lib/libcrypto/man/EVP_EncryptInit.3 +++ b/secure/lib/libcrypto/man/EVP_EncryptInit.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_EncryptInit 3" -.TH EVP_EncryptInit 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH EVP_EncryptInit 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -493,37 +493,9 @@ The \s-1ASN1\s0 code is incomplete (and sometimes inaccurate) it has only been t for certain common S/MIME ciphers (\s-1RC2\s0, \s-1DES\s0, triple \s-1DES\s0) in \s-1CBC\s0 mode. .SH "EXAMPLES" .IX Header "EXAMPLES" -Get the number of rounds used in \s-1RC5:\s0 +Encrypt a string using \s-1IDEA:\s0 .PP -.Vb 2 -\& int nrounds; -\& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC5_ROUNDS, 0, &nrounds); -.Ve -.PP -Get the \s-1RC2\s0 effective key length: -.PP -.Vb 2 -\& int key_bits; -\& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC2_KEY_BITS, 0, &key_bits); -.Ve -.PP -Set the number of rounds used in \s-1RC5:\s0 -.PP -.Vb 2 -\& int nrounds; -\& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC5_ROUNDS, nrounds, NULL); -.Ve -.PP -Set the effective key length used in \s-1RC2:\s0 -.PP -.Vb 2 -\& int key_bits; -\& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL); -.Ve -.PP -Encrypt a string using blowfish: -.PP -.Vb 10 +.Vb 12 \& int do_crypt(char *outfile) \& { \& unsigned char outbuf[1024]; @@ -536,8 +508,9 @@ Encrypt a string using blowfish: \& char intext[] = "Some Crypto Text"; \& EVP_CIPHER_CTX ctx; \& FILE *out; +\& \& EVP_CIPHER_CTX_init(&ctx); -\& EVP_EncryptInit_ex(&ctx, EVP_bf_cbc(), NULL, key, iv); +\& EVP_EncryptInit_ex(&ctx, EVP_idea_cbc(), NULL, key, iv); \& \& if(!EVP_EncryptUpdate(&ctx, outbuf, &outlen, intext, strlen(intext))) \& { @@ -567,31 +540,37 @@ Encrypt a string using blowfish: .Ve .PP The ciphertext from the above example can be decrypted using the \fBopenssl\fR -utility with the command line: +utility with the command line (shown on two lines for clarity): .PP -.Vb 1 -\& S<openssl bf \-in cipher.bin \-K 000102030405060708090A0B0C0D0E0F \-iv 0102030405060708 \-d> +.Vb 2 +\& openssl idea \-d <filename +\& \-K 000102030405060708090A0B0C0D0E0F \-iv 0102030405060708 .Ve .PP -General encryption, decryption function example using \s-1FILE\s0 I/O and \s-1RC2\s0 with an -80 bit key: +General encryption and decryption function example using \s-1FILE\s0 I/O and \s-1AES128\s0 +with a 128\-bit key: .PP -.Vb 10 +.Vb 11 \& int do_crypt(FILE *in, FILE *out, int do_encrypt) \& { \& /* Allow enough space in output buffer for additional block */ -\& inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH]; +\& unsigned char inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH]; \& int inlen, outlen; +\& EVP_CIPHER_CTX ctx; \& /* Bogus key and IV: we\*(Aqd normally set these from \& * another source. \& */ -\& unsigned char key[] = "0123456789"; -\& unsigned char iv[] = "12345678"; -\& /* Don\*(Aqt set key or IV because we will modify the parameters */ +\& unsigned char key[] = "0123456789abcdeF"; +\& unsigned char iv[] = "1234567887654321"; +\& +\& /* Don\*(Aqt set key or IV right away; we want to check lengths */ \& EVP_CIPHER_CTX_init(&ctx); -\& EVP_CipherInit_ex(&ctx, EVP_rc2(), NULL, NULL, NULL, do_encrypt); -\& EVP_CIPHER_CTX_set_key_length(&ctx, 10); -\& /* We finished modifying parameters so now we can set key and IV */ +\& EVP_CipherInit_ex(&ctx, EVP_aes_128_cbc(), NULL, NULL, NULL, +\& do_encrypt); +\& OPENSSL_assert(EVP_CIPHER_CTX_key_length(&ctx) == 16); +\& OPENSSL_assert(EVP_CIPHER_CTX_iv_length(&ctx) == 16); +\& +\& /* Now we can set key and IV */ \& EVP_CipherInit_ex(&ctx, NULL, NULL, key, iv, do_encrypt); \& \& for(;;) @@ -627,3 +606,6 @@ General encryption, decryption function example using \s-1FILE\s0 I/O and \s-1RC \&\fIEVP_DecryptInit_ex()\fR, \fIEVP_DecryptFinal_ex()\fR, \fIEVP_CipherInit_ex()\fR, \&\fIEVP_CipherFinal_ex()\fR and \fIEVP_CIPHER_CTX_set_padding()\fR appeared in OpenSSL 0.9.7. +.PP +\&\s-1IDEA\s0 appeared in OpenSSL 0.9.7 but was often disabled due to +patent concerns; the last patents expired in 2012. diff --git a/secure/lib/libcrypto/man/EVP_OpenInit.3 b/secure/lib/libcrypto/man/EVP_OpenInit.3 index 2679872..bae7da0 100644 --- a/secure/lib/libcrypto/man/EVP_OpenInit.3 +++ b/secure/lib/libcrypto/man/EVP_OpenInit.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_OpenInit 3" -.TH EVP_OpenInit 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH EVP_OpenInit 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 b/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 index ca9e443..150e1b1 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_CTX_ctrl 3" -.TH EVP_PKEY_CTX_ctrl 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH EVP_PKEY_CTX_ctrl 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3 b/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3 index b825c09..dabe8b9 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_CTX_new 3" -.TH EVP_PKEY_CTX_new 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH EVP_PKEY_CTX_new 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_cmp.3 b/secure/lib/libcrypto/man/EVP_PKEY_cmp.3 index a252663..74e8e88 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_cmp.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_cmp.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_cmp 3" -.TH EVP_PKEY_cmp 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH EVP_PKEY_cmp 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3 b/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3 index bb9a9fd..a59895c 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_decrypt 3" -.TH EVP_PKEY_decrypt 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH EVP_PKEY_decrypt 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_derive.3 b/secure/lib/libcrypto/man/EVP_PKEY_derive.3 index 69e1b30..e07e97c 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_derive.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_derive.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_derive 3" -.TH EVP_PKEY_derive 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH EVP_PKEY_derive 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3 b/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3 index 9753df8..63fa3d9 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_encrypt 3" -.TH EVP_PKEY_encrypt 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH EVP_PKEY_encrypt 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3 b/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3 index 9a4a964..221b632 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_get_default_digest 3" -.TH EVP_PKEY_get_default_digest 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH EVP_PKEY_get_default_digest 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_keygen.3 b/secure/lib/libcrypto/man/EVP_PKEY_keygen.3 index ba589f2..93b555d 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_keygen.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_keygen.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_keygen 3" -.TH EVP_PKEY_keygen 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH EVP_PKEY_keygen 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_new.3 b/secure/lib/libcrypto/man/EVP_PKEY_new.3 index 9e60871..4b8f058 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_new.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_new.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_new 3" -.TH EVP_PKEY_new 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH EVP_PKEY_new 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_print_private.3 b/secure/lib/libcrypto/man/EVP_PKEY_print_private.3 index c84936d..ae76b2a 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_print_private.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_print_private.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_print_private 3" -.TH EVP_PKEY_print_private 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH EVP_PKEY_print_private 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 b/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 index c83a758..b673677 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_set1_RSA 3" -.TH EVP_PKEY_set1_RSA 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH EVP_PKEY_set1_RSA 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -165,7 +165,7 @@ EVP_PKEY_type \- EVP_PKEY assignment functions. \&\fIEVP_PKEY_get1_EC_KEY()\fR return the referenced key in \fBpkey\fR or \&\fB\s-1NULL\s0\fR if the key is not of the correct type. .PP -\&\fIEVP_PKEY_assign_RSA()\fR \fIEVP_PKEY_assign_DSA()\fR, \fIEVP_PKEY_assign_DH()\fR +\&\fIEVP_PKEY_assign_RSA()\fR, \fIEVP_PKEY_assign_DSA()\fR, \fIEVP_PKEY_assign_DH()\fR and \fIEVP_PKEY_assign_EC_KEY()\fR also set the referenced key to \fBkey\fR however these use the supplied \fBkey\fR internally and so \fBkey\fR will be freed when the parent \fBpkey\fR is freed. @@ -181,8 +181,8 @@ In accordance with the OpenSSL naming convention the key obtained from or assigned to the \fBpkey\fR using the \fB1\fR functions must be freed as well as \fBpkey\fR. .PP -\&\fIEVP_PKEY_assign_RSA()\fR \fIEVP_PKEY_assign_DSA()\fR, \fIEVP_PKEY_assign_DH()\fR -\&\fIEVP_PKEY_assign_EC_KEY()\fR are implemented as macros. +\&\fIEVP_PKEY_assign_RSA()\fR, \fIEVP_PKEY_assign_DSA()\fR, \fIEVP_PKEY_assign_DH()\fR +and \fIEVP_PKEY_assign_EC_KEY()\fR are implemented as macros. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fIEVP_PKEY_set1_RSA()\fR, \fIEVP_PKEY_set1_DSA()\fR, \fIEVP_PKEY_set1_DH()\fR and @@ -192,7 +192,7 @@ freed as well as \fBpkey\fR. \&\fIEVP_PKEY_get1_EC_KEY()\fR return the referenced key or \fB\s-1NULL\s0\fR if an error occurred. .PP -\&\fIEVP_PKEY_assign_RSA()\fR \fIEVP_PKEY_assign_DSA()\fR, \fIEVP_PKEY_assign_DH()\fR +\&\fIEVP_PKEY_assign_RSA()\fR, \fIEVP_PKEY_assign_DSA()\fR, \fIEVP_PKEY_assign_DH()\fR and \fIEVP_PKEY_assign_EC_KEY()\fR return 1 for success and 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" diff --git a/secure/lib/libcrypto/man/EVP_PKEY_sign.3 b/secure/lib/libcrypto/man/EVP_PKEY_sign.3 index b1ec19d..a53da46 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_sign.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_sign.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_sign 3" -.TH EVP_PKEY_sign 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH EVP_PKEY_sign 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -155,9 +155,14 @@ before the call the \fBsiglen\fR parameter should contain the length of the \&\fBsig\fR and the amount of data written to \fBsiglen\fR. .SH "NOTES" .IX Header "NOTES" +\&\fIEVP_PKEY_sign()\fR does not hash the data to be signed, and therefore is +normally used to sign digests. For signing arbitrary messages, see the +\&\fIEVP_DigestSignInit\fR\|(3) and +\&\fIEVP_SignInit\fR\|(3) signing interfaces instead. +.PP After the call to \fIEVP_PKEY_sign_init()\fR algorithm specific control operations can be performed to set any appropriate parameters for the -operation. +operation (see \fIEVP_PKEY_CTX_ctrl\fR\|(3)). .PP The function \fIEVP_PKEY_sign()\fR can be called more than once on the same context if several operations are performed using the same parameters. @@ -175,13 +180,17 @@ Sign data using \s-1RSA\s0 with PKCS#1 padding and \s-1SHA256\s0 digest: \& #include <openssl/rsa.h> \& \& EVP_PKEY_CTX *ctx; +\& /* md is a SHA\-256 digest in this example. */ \& unsigned char *md, *sig; -\& size_t mdlen, siglen; +\& size_t mdlen = 32, siglen; \& EVP_PKEY *signing_key; -\& /* NB: assumes signing_key, md and mdlen are already set up -\& * and that signing_key is an RSA private key +\& +\& /* +\& * NB: assumes signing_key and md are set up before the next +\& * step. signing_key must be an RSA private key and md must +\& * point to the SHA\-256 digest to be signed. \& */ -\& ctx = EVP_PKEY_CTX_new(signing_key); +\& ctx = EVP_PKEY_CTX_new(signing_key, NULL /* no engine */); \& if (!ctx) \& /* Error occurred */ \& if (EVP_PKEY_sign_init(ctx) <= 0) @@ -208,6 +217,7 @@ Sign data using \s-1RSA\s0 with PKCS#1 padding and \s-1SHA256\s0 digest: .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIEVP_PKEY_CTX_new\fR\|(3), +\&\fIEVP_PKEY_CTX_ctrl\fR\|(3), \&\fIEVP_PKEY_encrypt\fR\|(3), \&\fIEVP_PKEY_decrypt\fR\|(3), \&\fIEVP_PKEY_verify\fR\|(3), diff --git a/secure/lib/libcrypto/man/EVP_PKEY_verify.3 b/secure/lib/libcrypto/man/EVP_PKEY_verify.3 index 768071a..90d6c8c 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_verify.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_verify.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_verify 3" -.TH EVP_PKEY_verify 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH EVP_PKEY_verify 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3 b/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3 index 757ba0d..be65935 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_verify_recover 3" -.TH EVP_PKEY_verify_recover 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH EVP_PKEY_verify_recover 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_SealInit.3 b/secure/lib/libcrypto/man/EVP_SealInit.3 index a8204bd..9d21939 100644 --- a/secure/lib/libcrypto/man/EVP_SealInit.3 +++ b/secure/lib/libcrypto/man/EVP_SealInit.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_SealInit 3" -.TH EVP_SealInit 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH EVP_SealInit 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_SignInit.3 b/secure/lib/libcrypto/man/EVP_SignInit.3 index 9a9a7eb..2d30fd0 100644 --- a/secure/lib/libcrypto/man/EVP_SignInit.3 +++ b/secure/lib/libcrypto/man/EVP_SignInit.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_SignInit 3" -.TH EVP_SignInit 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH EVP_SignInit 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_VerifyInit.3 b/secure/lib/libcrypto/man/EVP_VerifyInit.3 index 76468a0..1e1f485 100644 --- a/secure/lib/libcrypto/man/EVP_VerifyInit.3 +++ b/secure/lib/libcrypto/man/EVP_VerifyInit.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_VerifyInit 3" -.TH EVP_VerifyInit 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH EVP_VerifyInit 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/OBJ_nid2obj.3 b/secure/lib/libcrypto/man/OBJ_nid2obj.3 index 27b5f9b..8049dee 100644 --- a/secure/lib/libcrypto/man/OBJ_nid2obj.3 +++ b/secure/lib/libcrypto/man/OBJ_nid2obj.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "OBJ_nid2obj 3" -.TH OBJ_nid2obj 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH OBJ_nid2obj 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/OPENSSL_Applink.3 b/secure/lib/libcrypto/man/OPENSSL_Applink.3 index 5a422bd..1bd1cea 100644 --- a/secure/lib/libcrypto/man/OPENSSL_Applink.3 +++ b/secure/lib/libcrypto/man/OPENSSL_Applink.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_Applink 3" -.TH OPENSSL_Applink 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH OPENSSL_Applink 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 b/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 index 114df3c..4db6f354 100644 --- a/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 +++ b/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_VERSION_NUMBER 3" -.TH OPENSSL_VERSION_NUMBER 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH OPENSSL_VERSION_NUMBER 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/OPENSSL_config.3 b/secure/lib/libcrypto/man/OPENSSL_config.3 index 7658dab..203236d 100644 --- a/secure/lib/libcrypto/man/OPENSSL_config.3 +++ b/secure/lib/libcrypto/man/OPENSSL_config.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_config 3" -.TH OPENSSL_config 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH OPENSSL_config 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 b/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 index 299d3bb..6e296d1 100644 --- a/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 +++ b/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_ia32cap 3" -.TH OPENSSL_ia32cap 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH OPENSSL_ia32cap 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 b/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 index f38e4a1..4f9c2dd 100644 --- a/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 +++ b/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_load_builtin_modules 3" -.TH OPENSSL_load_builtin_modules 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH OPENSSL_load_builtin_modules 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 b/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 index 5e57a23d..157bf2d 100644 --- a/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 +++ b/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "OpenSSL_add_all_algorithms 3" -.TH OpenSSL_add_all_algorithms 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH OpenSSL_add_all_algorithms 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 b/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 index a586a8f..c3b3ac7 100644 --- a/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 +++ b/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "PEM_write_bio_CMS_stream 3" -.TH PEM_write_bio_CMS_stream 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH PEM_write_bio_CMS_stream 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 b/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 index c3dac2a..fae1dd5 100644 --- a/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 +++ b/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "PEM_write_bio_PKCS7_stream 3" -.TH PEM_write_bio_PKCS7_stream 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH PEM_write_bio_PKCS7_stream 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/PKCS12_create.3 b/secure/lib/libcrypto/man/PKCS12_create.3 index f4bb075..11f6d27 100644 --- a/secure/lib/libcrypto/man/PKCS12_create.3 +++ b/secure/lib/libcrypto/man/PKCS12_create.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "PKCS12_create 3" -.TH PKCS12_create 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH PKCS12_create 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/PKCS12_parse.3 b/secure/lib/libcrypto/man/PKCS12_parse.3 index 74afcdc..7814702 100644 --- a/secure/lib/libcrypto/man/PKCS12_parse.3 +++ b/secure/lib/libcrypto/man/PKCS12_parse.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "PKCS12_parse 3" -.TH PKCS12_parse 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH PKCS12_parse 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/PKCS7_decrypt.3 b/secure/lib/libcrypto/man/PKCS7_decrypt.3 index e3d939e..874fb29 100644 --- a/secure/lib/libcrypto/man/PKCS7_decrypt.3 +++ b/secure/lib/libcrypto/man/PKCS7_decrypt.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7_decrypt 3" -.TH PKCS7_decrypt 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH PKCS7_decrypt 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/PKCS7_encrypt.3 b/secure/lib/libcrypto/man/PKCS7_encrypt.3 index 27ff30b..74011b6 100644 --- a/secure/lib/libcrypto/man/PKCS7_encrypt.3 +++ b/secure/lib/libcrypto/man/PKCS7_encrypt.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7_encrypt 3" -.TH PKCS7_encrypt 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH PKCS7_encrypt 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/PKCS7_sign.3 b/secure/lib/libcrypto/man/PKCS7_sign.3 index 6047344..f4d9257 100644 --- a/secure/lib/libcrypto/man/PKCS7_sign.3 +++ b/secure/lib/libcrypto/man/PKCS7_sign.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7_sign 3" -.TH PKCS7_sign 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH PKCS7_sign 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3 b/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3 index 6695b6a..139ac54 100644 --- a/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3 +++ b/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7_sign_add_signer 3" -.TH PKCS7_sign_add_signer 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH PKCS7_sign_add_signer 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/PKCS7_verify.3 b/secure/lib/libcrypto/man/PKCS7_verify.3 index 9a9a683..80f641d 100644 --- a/secure/lib/libcrypto/man/PKCS7_verify.3 +++ b/secure/lib/libcrypto/man/PKCS7_verify.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7_verify 3" -.TH PKCS7_verify 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH PKCS7_verify 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RAND_add.3 b/secure/lib/libcrypto/man/RAND_add.3 index 060a071..1f6a383 100644 --- a/secure/lib/libcrypto/man/RAND_add.3 +++ b/secure/lib/libcrypto/man/RAND_add.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RAND_add 3" -.TH RAND_add 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH RAND_add 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RAND_bytes.3 b/secure/lib/libcrypto/man/RAND_bytes.3 index 78fca76..e17aded 100644 --- a/secure/lib/libcrypto/man/RAND_bytes.3 +++ b/secure/lib/libcrypto/man/RAND_bytes.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RAND_bytes 3" -.TH RAND_bytes 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH RAND_bytes 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RAND_cleanup.3 b/secure/lib/libcrypto/man/RAND_cleanup.3 index b3d1cca..8534861 100644 --- a/secure/lib/libcrypto/man/RAND_cleanup.3 +++ b/secure/lib/libcrypto/man/RAND_cleanup.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RAND_cleanup 3" -.TH RAND_cleanup 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH RAND_cleanup 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RAND_egd.3 b/secure/lib/libcrypto/man/RAND_egd.3 index a6c912a..9020fbd 100644 --- a/secure/lib/libcrypto/man/RAND_egd.3 +++ b/secure/lib/libcrypto/man/RAND_egd.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RAND_egd 3" -.TH RAND_egd 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH RAND_egd 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RAND_load_file.3 b/secure/lib/libcrypto/man/RAND_load_file.3 index 5d9c741..3e36537 100644 --- a/secure/lib/libcrypto/man/RAND_load_file.3 +++ b/secure/lib/libcrypto/man/RAND_load_file.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RAND_load_file 3" -.TH RAND_load_file 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH RAND_load_file 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RAND_set_rand_method.3 b/secure/lib/libcrypto/man/RAND_set_rand_method.3 index 316853c..f71a643 100644 --- a/secure/lib/libcrypto/man/RAND_set_rand_method.3 +++ b/secure/lib/libcrypto/man/RAND_set_rand_method.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RAND_set_rand_method 3" -.TH RAND_set_rand_method 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH RAND_set_rand_method 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_blinding_on.3 b/secure/lib/libcrypto/man/RSA_blinding_on.3 index 45f89ae..fcd6958 100644 --- a/secure/lib/libcrypto/man/RSA_blinding_on.3 +++ b/secure/lib/libcrypto/man/RSA_blinding_on.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RSA_blinding_on 3" -.TH RSA_blinding_on 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH RSA_blinding_on 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_check_key.3 b/secure/lib/libcrypto/man/RSA_check_key.3 index e211795..ed450e2 100644 --- a/secure/lib/libcrypto/man/RSA_check_key.3 +++ b/secure/lib/libcrypto/man/RSA_check_key.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RSA_check_key 3" -.TH RSA_check_key 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH RSA_check_key 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_generate_key.3 b/secure/lib/libcrypto/man/RSA_generate_key.3 index 114e83f..91cbb03 100644 --- a/secure/lib/libcrypto/man/RSA_generate_key.3 +++ b/secure/lib/libcrypto/man/RSA_generate_key.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RSA_generate_key 3" -.TH RSA_generate_key 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH RSA_generate_key 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 b/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 index b7123a5..36af6de 100644 --- a/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 +++ b/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RSA_get_ex_new_index 3" -.TH RSA_get_ex_new_index 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH RSA_get_ex_new_index 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_new.3 b/secure/lib/libcrypto/man/RSA_new.3 index fa371c9..e05e31a 100644 --- a/secure/lib/libcrypto/man/RSA_new.3 +++ b/secure/lib/libcrypto/man/RSA_new.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RSA_new 3" -.TH RSA_new 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH RSA_new 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 b/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 index 66e8195..4241c6b 100644 --- a/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 +++ b/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RSA_padding_add_PKCS1_type_1 3" -.TH RSA_padding_add_PKCS1_type_1 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH RSA_padding_add_PKCS1_type_1 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_print.3 b/secure/lib/libcrypto/man/RSA_print.3 index 407b2eb..f44a466 100644 --- a/secure/lib/libcrypto/man/RSA_print.3 +++ b/secure/lib/libcrypto/man/RSA_print.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RSA_print 3" -.TH RSA_print 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH RSA_print 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_private_encrypt.3 b/secure/lib/libcrypto/man/RSA_private_encrypt.3 index c61876b..20a6d1a 100644 --- a/secure/lib/libcrypto/man/RSA_private_encrypt.3 +++ b/secure/lib/libcrypto/man/RSA_private_encrypt.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RSA_private_encrypt 3" -.TH RSA_private_encrypt 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH RSA_private_encrypt 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_public_encrypt.3 b/secure/lib/libcrypto/man/RSA_public_encrypt.3 index 3d8840f..5e9cdee 100644 --- a/secure/lib/libcrypto/man/RSA_public_encrypt.3 +++ b/secure/lib/libcrypto/man/RSA_public_encrypt.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RSA_public_encrypt 3" -.TH RSA_public_encrypt 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH RSA_public_encrypt 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_set_method.3 b/secure/lib/libcrypto/man/RSA_set_method.3 index d2b458a..0c6facc7 100644 --- a/secure/lib/libcrypto/man/RSA_set_method.3 +++ b/secure/lib/libcrypto/man/RSA_set_method.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RSA_set_method 3" -.TH RSA_set_method 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH RSA_set_method 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_sign.3 b/secure/lib/libcrypto/man/RSA_sign.3 index 83af30c..12a6a5c 100644 --- a/secure/lib/libcrypto/man/RSA_sign.3 +++ b/secure/lib/libcrypto/man/RSA_sign.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RSA_sign 3" -.TH RSA_sign 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH RSA_sign 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 b/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 index 557aff1..56f16da 100644 --- a/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 +++ b/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RSA_sign_ASN1_OCTET_STRING 3" -.TH RSA_sign_ASN1_OCTET_STRING 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH RSA_sign_ASN1_OCTET_STRING 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_size.3 b/secure/lib/libcrypto/man/RSA_size.3 index 98975e9..31861d5 100644 --- a/secure/lib/libcrypto/man/RSA_size.3 +++ b/secure/lib/libcrypto/man/RSA_size.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RSA_size 3" -.TH RSA_size 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH RSA_size 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SMIME_read_CMS.3 b/secure/lib/libcrypto/man/SMIME_read_CMS.3 index 523a657..c8eda72 100644 --- a/secure/lib/libcrypto/man/SMIME_read_CMS.3 +++ b/secure/lib/libcrypto/man/SMIME_read_CMS.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SMIME_read_CMS 3" -.TH SMIME_read_CMS 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SMIME_read_CMS 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 b/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 index dc3376a..4829c7d 100644 --- a/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 +++ b/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SMIME_read_PKCS7 3" -.TH SMIME_read_PKCS7 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SMIME_read_PKCS7 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SMIME_write_CMS.3 b/secure/lib/libcrypto/man/SMIME_write_CMS.3 index 57c473c..8445e65 100644 --- a/secure/lib/libcrypto/man/SMIME_write_CMS.3 +++ b/secure/lib/libcrypto/man/SMIME_write_CMS.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SMIME_write_CMS 3" -.TH SMIME_write_CMS 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SMIME_write_CMS 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 b/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 index 622273f..85af2a7 100644 --- a/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 +++ b/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SMIME_write_PKCS7 3" -.TH SMIME_write_PKCS7 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SMIME_write_PKCS7 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 b/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 index 0e09a56..ab889bd 100644 --- a/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 +++ b/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "X509_NAME_ENTRY_get_object 3" -.TH X509_NAME_ENTRY_get_object 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH X509_NAME_ENTRY_get_object 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 b/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 index 7b27eee..f5c0ecf 100644 --- a/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 +++ b/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "X509_NAME_add_entry_by_txt 3" -.TH X509_NAME_add_entry_by_txt 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH X509_NAME_add_entry_by_txt 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 b/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 index 5f42eb1..70a4b02 100644 --- a/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 +++ b/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "X509_NAME_get_index_by_NID 3" -.TH X509_NAME_get_index_by_NID 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH X509_NAME_get_index_by_NID 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_NAME_print_ex.3 b/secure/lib/libcrypto/man/X509_NAME_print_ex.3 index bf7e225..2ce8da4 100644 --- a/secure/lib/libcrypto/man/X509_NAME_print_ex.3 +++ b/secure/lib/libcrypto/man/X509_NAME_print_ex.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "X509_NAME_print_ex 3" -.TH X509_NAME_print_ex 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH X509_NAME_print_ex 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3 b/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3 index 4deff28..ab59435 100644 --- a/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3 +++ b/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "X509_STORE_CTX_get_error 3" -.TH X509_STORE_CTX_get_error 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH X509_STORE_CTX_get_error 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3 b/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3 index 24859d1..27607bd 100644 --- a/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3 +++ b/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "X509_STORE_CTX_get_ex_new_index 3" -.TH X509_STORE_CTX_get_ex_new_index 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH X509_STORE_CTX_get_ex_new_index 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_STORE_CTX_new.3 b/secure/lib/libcrypto/man/X509_STORE_CTX_new.3 index ef8557d..25d63be 100644 --- a/secure/lib/libcrypto/man/X509_STORE_CTX_new.3 +++ b/secure/lib/libcrypto/man/X509_STORE_CTX_new.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "X509_STORE_CTX_new 3" -.TH X509_STORE_CTX_new 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH X509_STORE_CTX_new 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 b/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 index 5d2084f..6f4246f 100644 --- a/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 +++ b/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "X509_STORE_CTX_set_verify_cb 3" -.TH X509_STORE_CTX_set_verify_cb 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH X509_STORE_CTX_set_verify_cb 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 b/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 index 287050c..bf5ccf3 100644 --- a/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 +++ b/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "X509_STORE_set_verify_cb_func 3" -.TH X509_STORE_set_verify_cb_func 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH X509_STORE_set_verify_cb_func 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 b/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 index 66fc0dc..f3548f8 100644 --- a/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 +++ b/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "X509_VERIFY_PARAM_set_flags 3" -.TH X509_VERIFY_PARAM_set_flags 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH X509_VERIFY_PARAM_set_flags 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_new.3 b/secure/lib/libcrypto/man/X509_new.3 index f7e07f7..1b7084e 100644 --- a/secure/lib/libcrypto/man/X509_new.3 +++ b/secure/lib/libcrypto/man/X509_new.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "X509_new 3" -.TH X509_new 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH X509_new 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_verify_cert.3 b/secure/lib/libcrypto/man/X509_verify_cert.3 index 2da12b5..09dcf5b 100644 --- a/secure/lib/libcrypto/man/X509_verify_cert.3 +++ b/secure/lib/libcrypto/man/X509_verify_cert.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "X509_verify_cert 3" -.TH X509_verify_cert 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH X509_verify_cert 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/bio.3 b/secure/lib/libcrypto/man/bio.3 index 36868f0..d177bd9 100644 --- a/secure/lib/libcrypto/man/bio.3 +++ b/secure/lib/libcrypto/man/bio.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "bio 3" -.TH bio 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH bio 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/blowfish.3 b/secure/lib/libcrypto/man/blowfish.3 index cbfcd82..67094b9 100644 --- a/secure/lib/libcrypto/man/blowfish.3 +++ b/secure/lib/libcrypto/man/blowfish.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "blowfish 3" -.TH blowfish 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH blowfish 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/bn.3 b/secure/lib/libcrypto/man/bn.3 index 1734d97..881238c 100644 --- a/secure/lib/libcrypto/man/bn.3 +++ b/secure/lib/libcrypto/man/bn.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "bn 3" -.TH bn 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH bn 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/bn_internal.3 b/secure/lib/libcrypto/man/bn_internal.3 index afee356..0489224 100644 --- a/secure/lib/libcrypto/man/bn_internal.3 +++ b/secure/lib/libcrypto/man/bn_internal.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "bn_internal 3" -.TH bn_internal 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH bn_internal 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/buffer.3 b/secure/lib/libcrypto/man/buffer.3 index d2044cf..6b32781 100644 --- a/secure/lib/libcrypto/man/buffer.3 +++ b/secure/lib/libcrypto/man/buffer.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "buffer 3" -.TH buffer 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH buffer 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/crypto.3 b/secure/lib/libcrypto/man/crypto.3 index 9a12663..f01e109 100644 --- a/secure/lib/libcrypto/man/crypto.3 +++ b/secure/lib/libcrypto/man/crypto.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "crypto 3" -.TH crypto 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH crypto 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 b/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 index 0d194bc..66a366b 100644 --- a/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 +++ b/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "d2i_ASN1_OBJECT 3" -.TH d2i_ASN1_OBJECT 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH d2i_ASN1_OBJECT 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/d2i_DHparams.3 b/secure/lib/libcrypto/man/d2i_DHparams.3 index 91b38a3..ac5d631 100644 --- a/secure/lib/libcrypto/man/d2i_DHparams.3 +++ b/secure/lib/libcrypto/man/d2i_DHparams.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "d2i_DHparams 3" -.TH d2i_DHparams 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH d2i_DHparams 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 b/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 index 4ca1d58..990ee3a 100644 --- a/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 +++ b/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "d2i_DSAPublicKey 3" -.TH d2i_DSAPublicKey 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH d2i_DSAPublicKey 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 b/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 index 2014f60..3e0aea5 100644 --- a/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 +++ b/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "d2i_PKCS8PrivateKey 3" -.TH d2i_PKCS8PrivateKey 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH d2i_PKCS8PrivateKey 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 b/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 index 5c2080c..fbad715 100644 --- a/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 +++ b/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "d2i_RSAPublicKey 3" -.TH d2i_RSAPublicKey 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH d2i_RSAPublicKey 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/d2i_X509.3 b/secure/lib/libcrypto/man/d2i_X509.3 index 05585ba..cf59fd5 100644 --- a/secure/lib/libcrypto/man/d2i_X509.3 +++ b/secure/lib/libcrypto/man/d2i_X509.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "d2i_X509 3" -.TH d2i_X509 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH d2i_X509 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 b/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 index da90fbd..e4e8bd4 100644 --- a/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 +++ b/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "d2i_X509_ALGOR 3" -.TH d2i_X509_ALGOR 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH d2i_X509_ALGOR 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/d2i_X509_CRL.3 b/secure/lib/libcrypto/man/d2i_X509_CRL.3 index ce32f40..ac05f6a 100644 --- a/secure/lib/libcrypto/man/d2i_X509_CRL.3 +++ b/secure/lib/libcrypto/man/d2i_X509_CRL.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "d2i_X509_CRL 3" -.TH d2i_X509_CRL 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH d2i_X509_CRL 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/d2i_X509_NAME.3 b/secure/lib/libcrypto/man/d2i_X509_NAME.3 index 4e82d22..23d00ae 100644 --- a/secure/lib/libcrypto/man/d2i_X509_NAME.3 +++ b/secure/lib/libcrypto/man/d2i_X509_NAME.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "d2i_X509_NAME 3" -.TH d2i_X509_NAME 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH d2i_X509_NAME 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/d2i_X509_REQ.3 b/secure/lib/libcrypto/man/d2i_X509_REQ.3 index 484f834..d65145f 100644 --- a/secure/lib/libcrypto/man/d2i_X509_REQ.3 +++ b/secure/lib/libcrypto/man/d2i_X509_REQ.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "d2i_X509_REQ 3" -.TH d2i_X509_REQ 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH d2i_X509_REQ 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/d2i_X509_SIG.3 b/secure/lib/libcrypto/man/d2i_X509_SIG.3 index 2d147a0..5ada7ce 100644 --- a/secure/lib/libcrypto/man/d2i_X509_SIG.3 +++ b/secure/lib/libcrypto/man/d2i_X509_SIG.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "d2i_X509_SIG 3" -.TH d2i_X509_SIG 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH d2i_X509_SIG 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/des.3 b/secure/lib/libcrypto/man/des.3 index 1662db4..555e52f 100644 --- a/secure/lib/libcrypto/man/des.3 +++ b/secure/lib/libcrypto/man/des.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "des 3" -.TH des 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH des 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/dh.3 b/secure/lib/libcrypto/man/dh.3 index 5dd1d67..3073957 100644 --- a/secure/lib/libcrypto/man/dh.3 +++ b/secure/lib/libcrypto/man/dh.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "dh 3" -.TH dh 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH dh 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/dsa.3 b/secure/lib/libcrypto/man/dsa.3 index 6291a17..760f5fb 100644 --- a/secure/lib/libcrypto/man/dsa.3 +++ b/secure/lib/libcrypto/man/dsa.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "dsa 3" -.TH dsa 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH dsa 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ecdsa.3 b/secure/lib/libcrypto/man/ecdsa.3 index 7a35479..070340c 100644 --- a/secure/lib/libcrypto/man/ecdsa.3 +++ b/secure/lib/libcrypto/man/ecdsa.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ecdsa 3" -.TH ecdsa 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH ecdsa 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/engine.3 b/secure/lib/libcrypto/man/engine.3 index 9e55809..2086ac8 100644 --- a/secure/lib/libcrypto/man/engine.3 +++ b/secure/lib/libcrypto/man/engine.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "engine 3" -.TH engine 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH engine 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/err.3 b/secure/lib/libcrypto/man/err.3 index 3eff152..52835d4 100644 --- a/secure/lib/libcrypto/man/err.3 +++ b/secure/lib/libcrypto/man/err.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "err 3" -.TH err 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH err 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/evp.3 b/secure/lib/libcrypto/man/evp.3 index b77de7d..93c1328 100644 --- a/secure/lib/libcrypto/man/evp.3 +++ b/secure/lib/libcrypto/man/evp.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "evp 3" -.TH evp 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH evp 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/hmac.3 b/secure/lib/libcrypto/man/hmac.3 index 2e6fc0b..3f48c7f 100644 --- a/secure/lib/libcrypto/man/hmac.3 +++ b/secure/lib/libcrypto/man/hmac.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "hmac 3" -.TH hmac 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH hmac 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3 b/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3 index a57567a..dd0d263 100644 --- a/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3 +++ b/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "i2d_CMS_bio_stream 3" -.TH i2d_CMS_bio_stream 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH i2d_CMS_bio_stream 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 b/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 index 35b8752..11642b3 100644 --- a/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 +++ b/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "i2d_PKCS7_bio_stream 3" -.TH i2d_PKCS7_bio_stream 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH i2d_PKCS7_bio_stream 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/lh_stats.3 b/secure/lib/libcrypto/man/lh_stats.3 index a17b90b..56e08c9 100644 --- a/secure/lib/libcrypto/man/lh_stats.3 +++ b/secure/lib/libcrypto/man/lh_stats.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "lh_stats 3" -.TH lh_stats 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH lh_stats 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/lhash.3 b/secure/lib/libcrypto/man/lhash.3 index 9576ee4..52b7b0e 100644 --- a/secure/lib/libcrypto/man/lhash.3 +++ b/secure/lib/libcrypto/man/lhash.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "lhash 3" -.TH lhash 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH lhash 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/md5.3 b/secure/lib/libcrypto/man/md5.3 index 003b8d3..387b70a 100644 --- a/secure/lib/libcrypto/man/md5.3 +++ b/secure/lib/libcrypto/man/md5.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "md5 3" -.TH md5 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH md5 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/mdc2.3 b/secure/lib/libcrypto/man/mdc2.3 index 32f0ed1..1fb1020 100644 --- a/secure/lib/libcrypto/man/mdc2.3 +++ b/secure/lib/libcrypto/man/mdc2.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "mdc2 3" -.TH mdc2 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH mdc2 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/pem.3 b/secure/lib/libcrypto/man/pem.3 index d478da8..1a660e9 100644 --- a/secure/lib/libcrypto/man/pem.3 +++ b/secure/lib/libcrypto/man/pem.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "pem 3" -.TH pem 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH pem 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/rand.3 b/secure/lib/libcrypto/man/rand.3 index 6e80e00..fc246c1 100644 --- a/secure/lib/libcrypto/man/rand.3 +++ b/secure/lib/libcrypto/man/rand.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "rand 3" -.TH rand 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH rand 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/rc4.3 b/secure/lib/libcrypto/man/rc4.3 index e79d9225..31ba03f 100644 --- a/secure/lib/libcrypto/man/rc4.3 +++ b/secure/lib/libcrypto/man/rc4.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "rc4 3" -.TH rc4 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH rc4 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ripemd.3 b/secure/lib/libcrypto/man/ripemd.3 index f5cbb43..05a4f49 100644 --- a/secure/lib/libcrypto/man/ripemd.3 +++ b/secure/lib/libcrypto/man/ripemd.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ripemd 3" -.TH ripemd 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH ripemd 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/rsa.3 b/secure/lib/libcrypto/man/rsa.3 index c259d3c..2e8f9b4 100644 --- a/secure/lib/libcrypto/man/rsa.3 +++ b/secure/lib/libcrypto/man/rsa.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "rsa 3" -.TH rsa 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH rsa 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/sha.3 b/secure/lib/libcrypto/man/sha.3 index d4f863e..2d62a69 100644 --- a/secure/lib/libcrypto/man/sha.3 +++ b/secure/lib/libcrypto/man/sha.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "sha 3" -.TH sha 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH sha 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/threads.3 b/secure/lib/libcrypto/man/threads.3 index 1fc2c0e..78ef432 100644 --- a/secure/lib/libcrypto/man/threads.3 +++ b/secure/lib/libcrypto/man/threads.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "threads 3" -.TH threads 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH threads 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ui.3 b/secure/lib/libcrypto/man/ui.3 index 178092b..e07c530 100644 --- a/secure/lib/libcrypto/man/ui.3 +++ b/secure/lib/libcrypto/man/ui.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ui 3" -.TH ui 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH ui 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ui_compat.3 b/secure/lib/libcrypto/man/ui_compat.3 index 05dc09d..b6cb7a9 100644 --- a/secure/lib/libcrypto/man/ui_compat.3 +++ b/secure/lib/libcrypto/man/ui_compat.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ui_compat 3" -.TH ui_compat 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH ui_compat 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/x509.3 b/secure/lib/libcrypto/man/x509.3 index 61e84db..85c3ad0 100644 --- a/secure/lib/libcrypto/man/x509.3 +++ b/secure/lib/libcrypto/man/x509.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "x509 3" -.TH x509 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH x509 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CIPHER_get_name.3 b/secure/lib/libssl/man/SSL_CIPHER_get_name.3 index 5aefa50..fbeb0e3 100644 --- a/secure/lib/libssl/man/SSL_CIPHER_get_name.3 +++ b/secure/lib/libssl/man/SSL_CIPHER_get_name.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CIPHER_get_name 3" -.TH SSL_CIPHER_get_name 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CIPHER_get_name 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 b/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 index 19dc636..d498914 100644 --- a/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 +++ b/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_COMP_add_compression_method 3" -.TH SSL_COMP_add_compression_method 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_COMP_add_compression_method 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 b/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 index 5de9d3a..d5d6fac 100644 --- a/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 +++ b/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_add_extra_chain_cert 3" -.TH SSL_CTX_add_extra_chain_cert 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_add_extra_chain_cert 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_add_session.3 b/secure/lib/libssl/man/SSL_CTX_add_session.3 index 3ce2f7a..778c04a 100644 --- a/secure/lib/libssl/man/SSL_CTX_add_session.3 +++ b/secure/lib/libssl/man/SSL_CTX_add_session.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_add_session 3" -.TH SSL_CTX_add_session 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_add_session 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_ctrl.3 b/secure/lib/libssl/man/SSL_CTX_ctrl.3 index a9d7e48..3eef39c 100644 --- a/secure/lib/libssl/man/SSL_CTX_ctrl.3 +++ b/secure/lib/libssl/man/SSL_CTX_ctrl.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_ctrl 3" -.TH SSL_CTX_ctrl 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_ctrl 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 b/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 index 6ed2246..492ac1c 100644 --- a/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 +++ b/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_flush_sessions 3" -.TH SSL_CTX_flush_sessions 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_flush_sessions 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_free.3 b/secure/lib/libssl/man/SSL_CTX_free.3 index 83d368d..5c79b35 100644 --- a/secure/lib/libssl/man/SSL_CTX_free.3 +++ b/secure/lib/libssl/man/SSL_CTX_free.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_free 3" -.TH SSL_CTX_free 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_free 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 b/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 index 4a167a5..0a677e1 100644 --- a/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 +++ b/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_get_ex_new_index 3" -.TH SSL_CTX_get_ex_new_index 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_get_ex_new_index 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 b/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 index 4500cdd..118e473 100644 --- a/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 +++ b/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_get_verify_mode 3" -.TH SSL_CTX_get_verify_mode 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_get_verify_mode 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 b/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 index 50fc72f..1543288 100644 --- a/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 +++ b/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_load_verify_locations 3" -.TH SSL_CTX_load_verify_locations 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_load_verify_locations 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_new.3 b/secure/lib/libssl/man/SSL_CTX_new.3 index 02e2956..ab73ce3 100644 --- a/secure/lib/libssl/man/SSL_CTX_new.3 +++ b/secure/lib/libssl/man/SSL_CTX_new.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_new 3" -.TH SSL_CTX_new 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_new 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_sess_number.3 b/secure/lib/libssl/man/SSL_CTX_sess_number.3 index 2e0b9d6..0a5520c 100644 --- a/secure/lib/libssl/man/SSL_CTX_sess_number.3 +++ b/secure/lib/libssl/man/SSL_CTX_sess_number.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_sess_number 3" -.TH SSL_CTX_sess_number 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_sess_number 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 b/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 index b6748a7..b8c775e 100644 --- a/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 +++ b/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_sess_set_cache_size 3" -.TH SSL_CTX_sess_set_cache_size 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_sess_set_cache_size 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 b/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 index 1cf7f31..d0e7c48 100644 --- a/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 +++ b/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_sess_set_get_cb 3" -.TH SSL_CTX_sess_set_get_cb 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_sess_set_get_cb 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_sessions.3 b/secure/lib/libssl/man/SSL_CTX_sessions.3 index 6e43552..a0e9000 100644 --- a/secure/lib/libssl/man/SSL_CTX_sessions.3 +++ b/secure/lib/libssl/man/SSL_CTX_sessions.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_sessions 3" -.TH SSL_CTX_sessions 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_sessions 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 b/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 index 97293ff..04a9c19 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_cert_store 3" -.TH SSL_CTX_set_cert_store 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_set_cert_store 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 index 709fc39..4a43a97 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_cert_verify_callback 3" -.TH SSL_CTX_set_cert_verify_callback 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_set_cert_verify_callback 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 b/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 index 7f6d90d..b45446e 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_cipher_list 3" -.TH SSL_CTX_set_cipher_list 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_set_cipher_list 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 b/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 index 6b30038..fd89882 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_client_CA_list 3" -.TH SSL_CTX_set_client_CA_list 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_set_client_CA_list 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 b/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 index cd4db2e..faa862f 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_client_cert_cb 3" -.TH SSL_CTX_set_client_cert_cb 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_set_client_cert_cb 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 b/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 index f10adaf..56d0a22 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_default_passwd_cb 3" -.TH SSL_CTX_set_default_passwd_cb 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_set_default_passwd_cb 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 b/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 index 9796a36..7c57e97 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_generate_session_id 3" -.TH SSL_CTX_set_generate_session_id 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_set_generate_session_id 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 index ce25dc9..072de37 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_info_callback 3" -.TH SSL_CTX_set_info_callback 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_set_info_callback 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 b/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 index 0757e0e..cdf44ee 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_max_cert_list 3" -.TH SSL_CTX_set_max_cert_list 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_set_max_cert_list 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_mode.3 b/secure/lib/libssl/man/SSL_CTX_set_mode.3 index 81cb0e9..5d3c168 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_mode.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_mode.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_mode 3" -.TH SSL_CTX_set_mode 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_set_mode 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 index 409782b..3ee8806 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_msg_callback 3" -.TH SSL_CTX_set_msg_callback 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_set_msg_callback 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_options.3 b/secure/lib/libssl/man/SSL_CTX_set_options.3 index b4943de..cc855f7 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_options.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_options.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_options 3" -.TH SSL_CTX_set_options 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_set_options 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3 index 7727a56..e71024c 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_psk_client_callback 3" -.TH SSL_CTX_set_psk_client_callback 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_set_psk_client_callback 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 b/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 index 5e51332..58d51ee 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_quiet_shutdown 3" -.TH SSL_CTX_set_quiet_shutdown 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_set_quiet_shutdown 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 b/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 index 40811d9..40f130d 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_session_cache_mode 3" -.TH SSL_CTX_set_session_cache_mode 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_set_session_cache_mode 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 b/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 index b197662..2c625be 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_session_id_context 3" -.TH SSL_CTX_set_session_id_context 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_set_session_id_context 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 b/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 index b03716a..941b433 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_ssl_version 3" -.TH SSL_CTX_set_ssl_version 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_set_ssl_version 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_timeout.3 b/secure/lib/libssl/man/SSL_CTX_set_timeout.3 index 97cb2a4f..c689d95 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_timeout.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_timeout.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_timeout 3" -.TH SSL_CTX_set_timeout 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_set_timeout 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 b/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 index b0d969b3..4b29611 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_tlsext_ticket_key_cb 3" -.TH SSL_CTX_set_tlsext_ticket_key_cb 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_set_tlsext_ticket_key_cb 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 index 4664653..267ef4e 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_tmp_dh_callback 3" -.TH SSL_CTX_set_tmp_dh_callback 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_set_tmp_dh_callback 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -175,12 +175,13 @@ even if he gets hold of the normal (certified) key, as this key was only used for signing. .PP In order to perform a \s-1DH\s0 key exchange the server must use a \s-1DH\s0 group -(\s-1DH\s0 parameters) and generate a \s-1DH\s0 key. The server will always generate a new -\&\s-1DH\s0 key during the negotiation, when the \s-1DH\s0 parameters are supplied via -callback and/or when the \s-1SSL_OP_SINGLE_DH_USE\s0 option of -\&\fISSL_CTX_set_options\fR\|(3) is set. It will -immediately create a \s-1DH\s0 key, when \s-1DH\s0 parameters are supplied via -\&\fISSL_CTX_set_tmp_dh()\fR and \s-1SSL_OP_SINGLE_DH_USE\s0 is not set. In this case, +(\s-1DH\s0 parameters) and generate a \s-1DH\s0 key. +The server will always generate a new \s-1DH\s0 key during the negotiation +if either the \s-1DH\s0 parameters are supplied via callback or the +\&\s-1SSL_OP_SINGLE_DH_USE\s0 option of \fISSL_CTX_set_options\fR\|(3) is set (or both). +It will immediately create a \s-1DH\s0 key if \s-1DH\s0 parameters are supplied via +\&\fISSL_CTX_set_tmp_dh()\fR and \s-1SSL_OP_SINGLE_DH_USE\s0 is not set. +In this case, it may happen that a key is generated on initialization without later being needed, while on the other hand the computer time during the negotiation is being saved. @@ -266,7 +267,7 @@ partly left out.) \& dh_tmp = dh_512; \& break; \& case 1024: -\& if (!dh_1024) +\& if (!dh_1024) \& dh_1024 = get_dh1024(); \& dh_tmp = dh_1024; \& break; diff --git a/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 index 42189f8..79cf7ea 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_tmp_rsa_callback 3" -.TH SSL_CTX_set_tmp_rsa_callback 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_set_tmp_rsa_callback 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_verify.3 b/secure/lib/libssl/man/SSL_CTX_set_verify.3 index 15777e1..fb27dd0 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_verify.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_verify.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_verify 3" -.TH SSL_CTX_set_verify 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_set_verify 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_use_certificate.3 b/secure/lib/libssl/man/SSL_CTX_use_certificate.3 index 8c56743..81b7957 100644 --- a/secure/lib/libssl/man/SSL_CTX_use_certificate.3 +++ b/secure/lib/libssl/man/SSL_CTX_use_certificate.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_use_certificate 3" -.TH SSL_CTX_use_certificate 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_use_certificate 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3 b/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3 index 82735f6..a7957fc 100644 --- a/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3 +++ b/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_use_psk_identity_hint 3" -.TH SSL_CTX_use_psk_identity_hint 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_use_psk_identity_hint 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_SESSION_free.3 b/secure/lib/libssl/man/SSL_SESSION_free.3 index 5379d25..ee8de88 100644 --- a/secure/lib/libssl/man/SSL_SESSION_free.3 +++ b/secure/lib/libssl/man/SSL_SESSION_free.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_free 3" -.TH SSL_SESSION_free 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_SESSION_free 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 b/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 index 5732f21..59b2959 100644 --- a/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 +++ b/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_get_ex_new_index 3" -.TH SSL_SESSION_get_ex_new_index 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_SESSION_get_ex_new_index 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_SESSION_get_time.3 b/secure/lib/libssl/man/SSL_SESSION_get_time.3 index beda3cb..6e428a0 100644 --- a/secure/lib/libssl/man/SSL_SESSION_get_time.3 +++ b/secure/lib/libssl/man/SSL_SESSION_get_time.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_get_time 3" -.TH SSL_SESSION_get_time 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_SESSION_get_time 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_accept.3 b/secure/lib/libssl/man/SSL_accept.3 index c9030e0..ea8b4de 100644 --- a/secure/lib/libssl/man/SSL_accept.3 +++ b/secure/lib/libssl/man/SSL_accept.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_accept 3" -.TH SSL_accept 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_accept 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_alert_type_string.3 b/secure/lib/libssl/man/SSL_alert_type_string.3 index 91928a0..b7fb723 100644 --- a/secure/lib/libssl/man/SSL_alert_type_string.3 +++ b/secure/lib/libssl/man/SSL_alert_type_string.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_alert_type_string 3" -.TH SSL_alert_type_string 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_alert_type_string 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_clear.3 b/secure/lib/libssl/man/SSL_clear.3 index 199d248..39e78b1 100644 --- a/secure/lib/libssl/man/SSL_clear.3 +++ b/secure/lib/libssl/man/SSL_clear.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_clear 3" -.TH SSL_clear 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_clear 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_connect.3 b/secure/lib/libssl/man/SSL_connect.3 index 72851af..2eb35d7 100644 --- a/secure/lib/libssl/man/SSL_connect.3 +++ b/secure/lib/libssl/man/SSL_connect.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_connect 3" -.TH SSL_connect 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_connect 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_do_handshake.3 b/secure/lib/libssl/man/SSL_do_handshake.3 index 8c53494..a2c12f2 100644 --- a/secure/lib/libssl/man/SSL_do_handshake.3 +++ b/secure/lib/libssl/man/SSL_do_handshake.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_do_handshake 3" -.TH SSL_do_handshake 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_do_handshake 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_free.3 b/secure/lib/libssl/man/SSL_free.3 index 552cf26..105b257 100644 --- a/secure/lib/libssl/man/SSL_free.3 +++ b/secure/lib/libssl/man/SSL_free.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_free 3" -.TH SSL_free 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_free 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_SSL_CTX.3 b/secure/lib/libssl/man/SSL_get_SSL_CTX.3 index d383f6a..4391501 100644 --- a/secure/lib/libssl/man/SSL_get_SSL_CTX.3 +++ b/secure/lib/libssl/man/SSL_get_SSL_CTX.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_SSL_CTX 3" -.TH SSL_get_SSL_CTX 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_get_SSL_CTX 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_ciphers.3 b/secure/lib/libssl/man/SSL_get_ciphers.3 index 6c785d4..444c467 100644 --- a/secure/lib/libssl/man/SSL_get_ciphers.3 +++ b/secure/lib/libssl/man/SSL_get_ciphers.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_ciphers 3" -.TH SSL_get_ciphers 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_get_ciphers 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_client_CA_list.3 b/secure/lib/libssl/man/SSL_get_client_CA_list.3 index 6b83efc..7b3d5bd 100644 --- a/secure/lib/libssl/man/SSL_get_client_CA_list.3 +++ b/secure/lib/libssl/man/SSL_get_client_CA_list.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_client_CA_list 3" -.TH SSL_get_client_CA_list 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_get_client_CA_list 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_current_cipher.3 b/secure/lib/libssl/man/SSL_get_current_cipher.3 index 3d837a5..a47b281 100644 --- a/secure/lib/libssl/man/SSL_get_current_cipher.3 +++ b/secure/lib/libssl/man/SSL_get_current_cipher.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_current_cipher 3" -.TH SSL_get_current_cipher 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_get_current_cipher 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_default_timeout.3 b/secure/lib/libssl/man/SSL_get_default_timeout.3 index 515d81c..4d208cd 100644 --- a/secure/lib/libssl/man/SSL_get_default_timeout.3 +++ b/secure/lib/libssl/man/SSL_get_default_timeout.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_default_timeout 3" -.TH SSL_get_default_timeout 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_get_default_timeout 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_error.3 b/secure/lib/libssl/man/SSL_get_error.3 index a70f963..f9269c2 100644 --- a/secure/lib/libssl/man/SSL_get_error.3 +++ b/secure/lib/libssl/man/SSL_get_error.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_error 3" -.TH SSL_get_error 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_get_error 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 b/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 index aa37340..11cf6f4 100644 --- a/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 +++ b/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_ex_data_X509_STORE_CTX_idx 3" -.TH SSL_get_ex_data_X509_STORE_CTX_idx 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_get_ex_data_X509_STORE_CTX_idx 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_ex_new_index.3 b/secure/lib/libssl/man/SSL_get_ex_new_index.3 index 03f00d5..6d5abc5 100644 --- a/secure/lib/libssl/man/SSL_get_ex_new_index.3 +++ b/secure/lib/libssl/man/SSL_get_ex_new_index.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_ex_new_index 3" -.TH SSL_get_ex_new_index 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_get_ex_new_index 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_fd.3 b/secure/lib/libssl/man/SSL_get_fd.3 index e8c2050..d741620 100644 --- a/secure/lib/libssl/man/SSL_get_fd.3 +++ b/secure/lib/libssl/man/SSL_get_fd.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_fd 3" -.TH SSL_get_fd 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_get_fd 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 b/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 index 368f567..0d120ad 100644 --- a/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 +++ b/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_peer_cert_chain 3" -.TH SSL_get_peer_cert_chain 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_get_peer_cert_chain 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_peer_certificate.3 b/secure/lib/libssl/man/SSL_get_peer_certificate.3 index 086329e..ccadf3b 100644 --- a/secure/lib/libssl/man/SSL_get_peer_certificate.3 +++ b/secure/lib/libssl/man/SSL_get_peer_certificate.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_peer_certificate 3" -.TH SSL_get_peer_certificate 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_get_peer_certificate 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_psk_identity.3 b/secure/lib/libssl/man/SSL_get_psk_identity.3 index fdddcb5..78589c0 100644 --- a/secure/lib/libssl/man/SSL_get_psk_identity.3 +++ b/secure/lib/libssl/man/SSL_get_psk_identity.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_psk_identity 3" -.TH SSL_get_psk_identity 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_get_psk_identity 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_rbio.3 b/secure/lib/libssl/man/SSL_get_rbio.3 index 073f5e4..5ccf029 100644 --- a/secure/lib/libssl/man/SSL_get_rbio.3 +++ b/secure/lib/libssl/man/SSL_get_rbio.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_rbio 3" -.TH SSL_get_rbio 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_get_rbio 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_session.3 b/secure/lib/libssl/man/SSL_get_session.3 index 38332de..40b1d92 100644 --- a/secure/lib/libssl/man/SSL_get_session.3 +++ b/secure/lib/libssl/man/SSL_get_session.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_session 3" -.TH SSL_get_session 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_get_session 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_verify_result.3 b/secure/lib/libssl/man/SSL_get_verify_result.3 index 51ac504..5bc95d7 100644 --- a/secure/lib/libssl/man/SSL_get_verify_result.3 +++ b/secure/lib/libssl/man/SSL_get_verify_result.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_verify_result 3" -.TH SSL_get_verify_result 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_get_verify_result 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_version.3 b/secure/lib/libssl/man/SSL_get_version.3 index b0ccef6..4cf77b4 100644 --- a/secure/lib/libssl/man/SSL_get_version.3 +++ b/secure/lib/libssl/man/SSL_get_version.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_version 3" -.TH SSL_get_version 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_get_version 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_library_init.3 b/secure/lib/libssl/man/SSL_library_init.3 index 3fa07d1..462a91c 100644 --- a/secure/lib/libssl/man/SSL_library_init.3 +++ b/secure/lib/libssl/man/SSL_library_init.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_library_init 3" -.TH SSL_library_init 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_library_init 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_load_client_CA_file.3 b/secure/lib/libssl/man/SSL_load_client_CA_file.3 index aa70809..d82d946 100644 --- a/secure/lib/libssl/man/SSL_load_client_CA_file.3 +++ b/secure/lib/libssl/man/SSL_load_client_CA_file.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_load_client_CA_file 3" -.TH SSL_load_client_CA_file 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_load_client_CA_file 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_new.3 b/secure/lib/libssl/man/SSL_new.3 index 38fd212..4b792c2 100644 --- a/secure/lib/libssl/man/SSL_new.3 +++ b/secure/lib/libssl/man/SSL_new.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_new 3" -.TH SSL_new 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_new 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_pending.3 b/secure/lib/libssl/man/SSL_pending.3 index 65ad186..c5eb556 100644 --- a/secure/lib/libssl/man/SSL_pending.3 +++ b/secure/lib/libssl/man/SSL_pending.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_pending 3" -.TH SSL_pending 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_pending 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_read.3 b/secure/lib/libssl/man/SSL_read.3 index cdd8d20..de00b8e 100644 --- a/secure/lib/libssl/man/SSL_read.3 +++ b/secure/lib/libssl/man/SSL_read.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_read 3" -.TH SSL_read 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_read 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_rstate_string.3 b/secure/lib/libssl/man/SSL_rstate_string.3 index 4c6523e..b354468 100644 --- a/secure/lib/libssl/man/SSL_rstate_string.3 +++ b/secure/lib/libssl/man/SSL_rstate_string.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_rstate_string 3" -.TH SSL_rstate_string 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_rstate_string 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_session_reused.3 b/secure/lib/libssl/man/SSL_session_reused.3 index 384c4ac..80943dd 100644 --- a/secure/lib/libssl/man/SSL_session_reused.3 +++ b/secure/lib/libssl/man/SSL_session_reused.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_session_reused 3" -.TH SSL_session_reused 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_session_reused 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_set_bio.3 b/secure/lib/libssl/man/SSL_set_bio.3 index 32b959f..b0e0ae0 100644 --- a/secure/lib/libssl/man/SSL_set_bio.3 +++ b/secure/lib/libssl/man/SSL_set_bio.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_set_bio 3" -.TH SSL_set_bio 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_set_bio 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_set_connect_state.3 b/secure/lib/libssl/man/SSL_set_connect_state.3 index 718ba26..8e13165 100644 --- a/secure/lib/libssl/man/SSL_set_connect_state.3 +++ b/secure/lib/libssl/man/SSL_set_connect_state.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_set_connect_state 3" -.TH SSL_set_connect_state 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_set_connect_state 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_set_fd.3 b/secure/lib/libssl/man/SSL_set_fd.3 index d3e1756..cb15388 100644 --- a/secure/lib/libssl/man/SSL_set_fd.3 +++ b/secure/lib/libssl/man/SSL_set_fd.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_set_fd 3" -.TH SSL_set_fd 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_set_fd 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_set_session.3 b/secure/lib/libssl/man/SSL_set_session.3 index 8a8bd10..abfc8b7 100644 --- a/secure/lib/libssl/man/SSL_set_session.3 +++ b/secure/lib/libssl/man/SSL_set_session.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_set_session 3" -.TH SSL_set_session 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_set_session 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_set_shutdown.3 b/secure/lib/libssl/man/SSL_set_shutdown.3 index fcad1df..6ecbee7 100644 --- a/secure/lib/libssl/man/SSL_set_shutdown.3 +++ b/secure/lib/libssl/man/SSL_set_shutdown.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_set_shutdown 3" -.TH SSL_set_shutdown 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_set_shutdown 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_set_verify_result.3 b/secure/lib/libssl/man/SSL_set_verify_result.3 index fd19c3f..37791ec 100644 --- a/secure/lib/libssl/man/SSL_set_verify_result.3 +++ b/secure/lib/libssl/man/SSL_set_verify_result.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_set_verify_result 3" -.TH SSL_set_verify_result 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_set_verify_result 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_shutdown.3 b/secure/lib/libssl/man/SSL_shutdown.3 index e7cb7bd..c006793 100644 --- a/secure/lib/libssl/man/SSL_shutdown.3 +++ b/secure/lib/libssl/man/SSL_shutdown.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_shutdown 3" -.TH SSL_shutdown 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_shutdown 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_state_string.3 b/secure/lib/libssl/man/SSL_state_string.3 index 2b16a8d..a068ab0 100644 --- a/secure/lib/libssl/man/SSL_state_string.3 +++ b/secure/lib/libssl/man/SSL_state_string.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_state_string 3" -.TH SSL_state_string 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_state_string 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_want.3 b/secure/lib/libssl/man/SSL_want.3 index 9350078..d3df1c6 100644 --- a/secure/lib/libssl/man/SSL_want.3 +++ b/secure/lib/libssl/man/SSL_want.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_want 3" -.TH SSL_want 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_want 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_write.3 b/secure/lib/libssl/man/SSL_write.3 index 35ac546..7532f88 100644 --- a/secure/lib/libssl/man/SSL_write.3 +++ b/secure/lib/libssl/man/SSL_write.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_write 3" -.TH SSL_write 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_write 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/d2i_SSL_SESSION.3 b/secure/lib/libssl/man/d2i_SSL_SESSION.3 index 2a4b2f6..5389b54 100644 --- a/secure/lib/libssl/man/d2i_SSL_SESSION.3 +++ b/secure/lib/libssl/man/d2i_SSL_SESSION.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "d2i_SSL_SESSION 3" -.TH d2i_SSL_SESSION 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH d2i_SSL_SESSION 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/ssl.3 b/secure/lib/libssl/man/ssl.3 index c5f83ae..9e2c8e9 100644 --- a/secure/lib/libssl/man/ssl.3 +++ b/secure/lib/libssl/man/ssl.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ssl 3" -.TH ssl 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH ssl 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/Makefile.man b/secure/usr.bin/openssl/Makefile.man index 5903f66..a7b249c 100644 --- a/secure/usr.bin/openssl/Makefile.man +++ b/secure/usr.bin/openssl/Makefile.man @@ -2,6 +2,7 @@ # DO NOT EDIT: generated from man-makefile-update target MAN+= CA.pl.1 MAN+= asn1parse.1 +MAN+= c_rehash.1 MAN+= ca.1 MAN+= ciphers.1 MAN+= cms.1 @@ -45,10 +46,15 @@ MAN+= verify.1 MAN+= version.1 MAN+= x509.1 MAN+= x509v3_config.1 -MLINKS+= dgst.1 md5.1 -MLINKS+= dgst.1 md4.1 -MLINKS+= dgst.1 md2.1 -MLINKS+= dgst.1 sha1.1 MLINKS+= dgst.1 sha.1 +MLINKS+= dgst.1 sha1.1 MLINKS+= dgst.1 mdc2.1 MLINKS+= dgst.1 ripemd160.1 +MLINKS+= dgst.1 sha224.1 +MLINKS+= dgst.1 sha256.1 +MLINKS+= dgst.1 sha384.1 +MLINKS+= dgst.1 sha512.1 +MLINKS+= dgst.1 md2.1 +MLINKS+= dgst.1 md4.1 +MLINKS+= dgst.1 md5.1 +MLINKS+= dgst.1 dss1.1 diff --git a/secure/usr.bin/openssl/man/CA.pl.1 b/secure/usr.bin/openssl/man/CA.pl.1 index e02c196..fd44610 100644 --- a/secure/usr.bin/openssl/man/CA.pl.1 +++ b/secure/usr.bin/openssl/man/CA.pl.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CA.PL 1" -.TH CA.PL 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH CA.PL 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/asn1parse.1 b/secure/usr.bin/openssl/man/asn1parse.1 index 1119dfc..b1a1b61 100644 --- a/secure/usr.bin/openssl/man/asn1parse.1 +++ b/secure/usr.bin/openssl/man/asn1parse.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ASN1PARSE 1" -.TH ASN1PARSE 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH ASN1PARSE 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/c_rehash.1 b/secure/usr.bin/openssl/man/c_rehash.1 new file mode 100644 index 0000000..83735ed --- /dev/null +++ b/secure/usr.bin/openssl/man/c_rehash.1 @@ -0,0 +1,199 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "C_REHASH 1" +.TH C_REHASH 1 "2014-10-15" "1.0.1j" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +c_rehash \- Create symbolic links to files named by the hash values +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBc_rehash\fR +[ \fIdirectory\fR...] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBc_rehash\fR scans directories and calculates a hash value of each \f(CW\*(C`.pem\*(C'\fR +file in the specified directory list and creates symbolic links +for each file, where the name of the link is the hash value. +This utility is useful as many programs that use OpenSSL require +directories to be set up like this in order to find certificates. +.PP +If any directories are named on the command line, then those are +processed in turn. If not, then the \fB\s-1SSL_CERT_DIR\s0\fR environment variable +is consulted; this shold be a colon-separated list of directories, +like the Unix \fB\s-1PATH\s0\fR variable. +If that is not set then the default directory (installation-specific +but often \fB/usr/local/ssl/certs\fR) is processed. +.PP +In order for a directory to be processed, the user must have write +permissions on that directory, otherwise it will be skipped. +The links created are of the form \f(CW\*(C`HHHHHHHH.D\*(C'\fR, where each \fBH\fR +is a hexadecimal character and \fBD\fR is a single decimal digit. +When processing a directory, \fBc_rehash\fR will first remove all links +that have a name in that syntax. If you have links in that format +used for other purposes, they will be removed. +Hashes for \s-1CRL\s0's look similar except the letter \fBr\fR appears after +the period, like this: \f(CW\*(C`HHHHHHHH.rD\*(C'\fR. +.PP +Multiple objects may have the same hash; they will be indicated by +incrementing the \fBD\fR value. Duplicates are found by comparing the +full \s-1SHA\-1\s0 fingerprint. A warning will be displayed if a duplicate +is found. +.PP +A warning will also be displayed if there are \fB.pem\fR files that +cannot be parsed as either a certificate or a \s-1CRL\s0. +.PP +The program uses the \fBopenssl\fR program to compute the hashes and +fingerprints. If not found in the user's \fB\s-1PATH\s0\fR, then set the +\&\fB\s-1OPENSSL\s0\fR environment variable to the full pathname. +Any program can be used, it will be invoked as follows for either +a certificate or \s-1CRL:\s0 +.PP +.Vb 2 +\& $OPENSSL x509 \-hash \-fingerprint \-noout \-in FFFFFF +\& $OPENSSL crl \-hash \-fingerprint \-noout \-in FFFFFF +.Ve +.PP +where \fB\s-1FFFFFF\s0\fR is the filename. It must output the hash of the +file on the first line, and the fingerprint on the second, +optionally prefixed with some text and an equals sign. +.SH "ENVIRONMENT" +.IX Header "ENVIRONMENT" +.IP "\fB\s-1OPENSSL\s0\fR" 4 +.IX Item "OPENSSL" +The path to an executable to use to generate hashes and +fingerprints (see above). +.IP "\fB\s-1SSL_CERT_DIR\s0\fR" 4 +.IX Item "SSL_CERT_DIR" +Colon separated list of directories to operate on. +Ignored if directories are listed on the command line. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIcrl\fR\|(1). +\&\fIx509\fR\|(1). diff --git a/secure/usr.bin/openssl/man/ca.1 b/secure/usr.bin/openssl/man/ca.1 index 17f2b8f..f28f636 100644 --- a/secure/usr.bin/openssl/man/ca.1 +++ b/secure/usr.bin/openssl/man/ca.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CA 1" -.TH CA 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH CA 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/ciphers.1 b/secure/usr.bin/openssl/man/ciphers.1 index 46afe12..b46cf88 100644 --- a/secure/usr.bin/openssl/man/ciphers.1 +++ b/secure/usr.bin/openssl/man/ciphers.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CIPHERS 1" -.TH CIPHERS 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH CIPHERS 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/cms.1 b/secure/usr.bin/openssl/man/cms.1 index c86144c..2c39684 100644 --- a/secure/usr.bin/openssl/man/cms.1 +++ b/secure/usr.bin/openssl/man/cms.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CMS 1" -.TH CMS 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH CMS 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/crl.1 b/secure/usr.bin/openssl/man/crl.1 index 3f3db94..79bed64 100644 --- a/secure/usr.bin/openssl/man/crl.1 +++ b/secure/usr.bin/openssl/man/crl.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CRL 1" -.TH CRL 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH CRL 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/crl2pkcs7.1 b/secure/usr.bin/openssl/man/crl2pkcs7.1 index acb441a..7e430ea 100644 --- a/secure/usr.bin/openssl/man/crl2pkcs7.1 +++ b/secure/usr.bin/openssl/man/crl2pkcs7.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CRL2PKCS7 1" -.TH CRL2PKCS7 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH CRL2PKCS7 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/dgst.1 b/secure/usr.bin/openssl/man/dgst.1 index 6f6068b..42e5acc 100644 --- a/secure/usr.bin/openssl/man/dgst.1 +++ b/secure/usr.bin/openssl/man/dgst.1 @@ -124,21 +124,22 @@ .\" ======================================================================== .\" .IX Title "DGST 1" -.TH DGST 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH DGST 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -dgst, md5, md4, md2, sha1, sha, mdc2, ripemd160 \- message digests +dgst, sha, sha1, mdc2, ripemd160, sha224, sha256, sha384, sha512, md2, md4, md5, dss1 \- message digests .SH "SYNOPSIS" .IX Header "SYNOPSIS" \&\fBopenssl\fR \fBdgst\fR -[\fB\-md5|\-md4|\-md2|\-sha1|\-sha|\-mdc2|\-ripemd160|\-dss1\fR] +[\fB\-sha|\-sha1|\-mdc2|\-ripemd160|\-sha224|\-sha256|\-sha384|\-sha512|\-md2|\-md4|\-md5|\-dss1\fR] [\fB\-c\fR] [\fB\-d\fR] [\fB\-hex\fR] [\fB\-binary\fR] +[\fB\-r\fR] [\fB\-out filename\fR] [\fB\-sign filename\fR] [\fB\-keyform arg\fR] @@ -147,16 +148,18 @@ dgst, md5, md4, md2, sha1, sha, mdc2, ripemd160 \- message digests [\fB\-prverify filename\fR] [\fB\-signature filename\fR] [\fB\-hmac key\fR] +[\fB\-non\-fips\-allow\fR] +[\fB\-fips\-fingerprint\fR] [\fBfile...\fR] .PP -[\fBmd5|md4|md2|sha1|sha|mdc2|ripemd160\fR] -[\fB\-c\fR] -[\fB\-d\fR] -[\fBfile...\fR] +\&\fBopenssl\fR +[\fIdigest\fR] +[\fB...\fR] .SH "DESCRIPTION" .IX Header "DESCRIPTION" The digest functions output the message digest of a supplied file or files -in hexadecimal form. They can also be used for digital signing and verification. +in hexadecimal. The digest functions also generate and verify digital +signatures using message digests. .SH "OPTIONS" .IX Header "OPTIONS" .IP "\fB\-c\fR" 4 @@ -169,10 +172,14 @@ print out \s-1BIO\s0 debugging information. .IP "\fB\-hex\fR" 4 .IX Item "-hex" digest is to be output as a hex dump. This is the default case for a \*(L"normal\*(R" -digest as opposed to a digital signature. +digest as opposed to a digital signature. See \s-1NOTES\s0 below for digital +signatures using \fB\-hex\fR. .IP "\fB\-binary\fR" 4 .IX Item "-binary" output the digest or signature in binary form. +.IP "\fB\-r\fR" 4 +.IX Item "-r" +output the digest in the \*(L"coreutils\*(R" format used by programs like \fBsha1sum\fR. .IP "\fB\-out filename\fR" 4 .IX Item "-out filename" filename to output to, or standard output by default. @@ -181,8 +188,8 @@ filename to output to, or standard output by default. digitally sign the digest using the private key in \*(L"filename\*(R". .IP "\fB\-keyform arg\fR" 4 .IX Item "-keyform arg" -Specifies the key format to sign digest with. Only \s-1PEM\s0 and \s-1ENGINE\s0 -formats are supported by the \fBdgst\fR command. +Specifies the key format to sign digest with. The \s-1DER\s0, \s-1PEM\s0, P12, +and \s-1ENGINE\s0 formats are supported. .IP "\fB\-engine id\fR" 4 .IX Item "-engine id" Use engine \fBid\fR for operations (including private key storage). @@ -241,20 +248,46 @@ generator, or an \s-1EGD\s0 socket (see \fIRAND_egd\fR\|(3)). Multiple files can be specified separated by a OS-dependent character. The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for all others. +.IP "\fB\-non\-fips\-allow\fR" 4 +.IX Item "-non-fips-allow" +enable use of non-FIPS algorithms such as \s-1MD5\s0 even in \s-1FIPS\s0 mode. +.IP "\fB\-fips\-fingerprint\fR" 4 +.IX Item "-fips-fingerprint" +compute \s-1HMAC\s0 using a specific key +for certain OpenSSL-FIPS operations. .IP "\fBfile...\fR" 4 .IX Item "file..." file or files to digest. If no files are specified then standard input is used. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +To create a hex-encoded message digest of a file: + openssl dgst \-md5 \-hex file.txt +.PP +To sign a file using \s-1SHA\-256\s0 with binary file output: + openssl dgst \-sha256 \-sign privatekey.pem \-out signature.sign file.txt +.PP +To verify a signature: + openssl dgst \-sha256 \-verify publickey.pem \e + \-signature signature.sign \e + file.txt .SH "NOTES" .IX Header "NOTES" The digest of choice for all new applications is \s-1SHA1\s0. Other digests are however still widely used. .PP -If you wish to sign or verify data using the \s-1DSA\s0 algorithm then the dss1 -digest must be used. +When signing a file, \fBdgst\fR will automatically determine the algorithm +(\s-1RSA\s0, \s-1ECC\s0, etc) to use for signing based on the private key's \s-1ASN\s0.1 info. +When verifying signatures, it only handles the \s-1RSA\s0, \s-1DSA\s0, or \s-1ECDSA\s0 signature +itself, not the related data to identify the signer and algorithm used in +formats such as x.509, \s-1CMS\s0, and S/MIME. .PP A source of random numbers is required for certain signing algorithms, in -particular \s-1DSA\s0. +particular \s-1ECDSA\s0 and \s-1DSA\s0. .PP The signing and verify options should only be used if a single file is being signed or verified. +.PP +Hex signatures cannot be verified using \fBopenssl\fR. Instead, use \*(L"xxd \-r\*(R" +or similar program to transform the hex signature into a binary signature +prior to verification. diff --git a/secure/usr.bin/openssl/man/dhparam.1 b/secure/usr.bin/openssl/man/dhparam.1 index 1271ee4..77d469c5 100644 --- a/secure/usr.bin/openssl/man/dhparam.1 +++ b/secure/usr.bin/openssl/man/dhparam.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DHPARAM 1" -.TH DHPARAM 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH DHPARAM 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/dsa.1 b/secure/usr.bin/openssl/man/dsa.1 index d2b81c0..9909747 100644 --- a/secure/usr.bin/openssl/man/dsa.1 +++ b/secure/usr.bin/openssl/man/dsa.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DSA 1" -.TH DSA 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH DSA 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/dsaparam.1 b/secure/usr.bin/openssl/man/dsaparam.1 index 0ccead2..f0bdb75 100644 --- a/secure/usr.bin/openssl/man/dsaparam.1 +++ b/secure/usr.bin/openssl/man/dsaparam.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DSAPARAM 1" -.TH DSAPARAM 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH DSAPARAM 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/ec.1 b/secure/usr.bin/openssl/man/ec.1 index 637d8ca..f3e2749 100644 --- a/secure/usr.bin/openssl/man/ec.1 +++ b/secure/usr.bin/openssl/man/ec.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EC 1" -.TH EC 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH EC 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/ecparam.1 b/secure/usr.bin/openssl/man/ecparam.1 index 298278f..d8124b9 100644 --- a/secure/usr.bin/openssl/man/ecparam.1 +++ b/secure/usr.bin/openssl/man/ecparam.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ECPARAM 1" -.TH ECPARAM 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH ECPARAM 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/enc.1 b/secure/usr.bin/openssl/man/enc.1 index 3f3299d..941bed5 100644 --- a/secure/usr.bin/openssl/man/enc.1 +++ b/secure/usr.bin/openssl/man/enc.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ENC 1" -.TH ENC 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH ENC 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/errstr.1 b/secure/usr.bin/openssl/man/errstr.1 index 05c3739..2cdc01f 100644 --- a/secure/usr.bin/openssl/man/errstr.1 +++ b/secure/usr.bin/openssl/man/errstr.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ERRSTR 1" -.TH ERRSTR 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH ERRSTR 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/gendsa.1 b/secure/usr.bin/openssl/man/gendsa.1 index 0d026a6..ae95cef 100644 --- a/secure/usr.bin/openssl/man/gendsa.1 +++ b/secure/usr.bin/openssl/man/gendsa.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "GENDSA 1" -.TH GENDSA 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH GENDSA 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/genpkey.1 b/secure/usr.bin/openssl/man/genpkey.1 index 80838a1..1c56f39 100644 --- a/secure/usr.bin/openssl/man/genpkey.1 +++ b/secure/usr.bin/openssl/man/genpkey.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "GENPKEY 1" -.TH GENPKEY 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH GENPKEY 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/genrsa.1 b/secure/usr.bin/openssl/man/genrsa.1 index 0b63274..7db0df0 100644 --- a/secure/usr.bin/openssl/man/genrsa.1 +++ b/secure/usr.bin/openssl/man/genrsa.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "GENRSA 1" -.TH GENRSA 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH GENRSA 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/nseq.1 b/secure/usr.bin/openssl/man/nseq.1 index a1c9144..81f13c7 100644 --- a/secure/usr.bin/openssl/man/nseq.1 +++ b/secure/usr.bin/openssl/man/nseq.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "NSEQ 1" -.TH NSEQ 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH NSEQ 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/ocsp.1 b/secure/usr.bin/openssl/man/ocsp.1 index 89543d5..67c8336 100644 --- a/secure/usr.bin/openssl/man/ocsp.1 +++ b/secure/usr.bin/openssl/man/ocsp.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "OCSP 1" -.TH OCSP 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH OCSP 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/openssl.1 b/secure/usr.bin/openssl/man/openssl.1 index 37a5fcb..6a79a51 100644 --- a/secure/usr.bin/openssl/man/openssl.1 +++ b/secure/usr.bin/openssl/man/openssl.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL 1" -.TH OPENSSL 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH OPENSSL 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/passwd.1 b/secure/usr.bin/openssl/man/passwd.1 index 0e97a24..8648dc9 100644 --- a/secure/usr.bin/openssl/man/passwd.1 +++ b/secure/usr.bin/openssl/man/passwd.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "PASSWD 1" -.TH PASSWD 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH PASSWD 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/pkcs12.1 b/secure/usr.bin/openssl/man/pkcs12.1 index 2d0d998..8c17470 100644 --- a/secure/usr.bin/openssl/man/pkcs12.1 +++ b/secure/usr.bin/openssl/man/pkcs12.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "PKCS12 1" -.TH PKCS12 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH PKCS12 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/pkcs7.1 b/secure/usr.bin/openssl/man/pkcs7.1 index cd08761..0335b06 100644 --- a/secure/usr.bin/openssl/man/pkcs7.1 +++ b/secure/usr.bin/openssl/man/pkcs7.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7 1" -.TH PKCS7 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH PKCS7 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/pkcs8.1 b/secure/usr.bin/openssl/man/pkcs8.1 index 45c4d33..644cb67 100644 --- a/secure/usr.bin/openssl/man/pkcs8.1 +++ b/secure/usr.bin/openssl/man/pkcs8.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "PKCS8 1" -.TH PKCS8 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH PKCS8 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/pkey.1 b/secure/usr.bin/openssl/man/pkey.1 index 1de162a..9177c1d 100644 --- a/secure/usr.bin/openssl/man/pkey.1 +++ b/secure/usr.bin/openssl/man/pkey.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "PKEY 1" -.TH PKEY 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH PKEY 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/pkeyparam.1 b/secure/usr.bin/openssl/man/pkeyparam.1 index 41b3cf8..aee0833 100644 --- a/secure/usr.bin/openssl/man/pkeyparam.1 +++ b/secure/usr.bin/openssl/man/pkeyparam.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "PKEYPARAM 1" -.TH PKEYPARAM 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH PKEYPARAM 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/pkeyutl.1 b/secure/usr.bin/openssl/man/pkeyutl.1 index 7514c7e..857d758 100644 --- a/secure/usr.bin/openssl/man/pkeyutl.1 +++ b/secure/usr.bin/openssl/man/pkeyutl.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "PKEYUTL 1" -.TH PKEYUTL 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH PKEYUTL 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/rand.1 b/secure/usr.bin/openssl/man/rand.1 index e0fbe01..d089011 100644 --- a/secure/usr.bin/openssl/man/rand.1 +++ b/secure/usr.bin/openssl/man/rand.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RAND 1" -.TH RAND 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH RAND 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/req.1 b/secure/usr.bin/openssl/man/req.1 index b6500de..5b48dd1 100644 --- a/secure/usr.bin/openssl/man/req.1 +++ b/secure/usr.bin/openssl/man/req.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "REQ 1" -.TH REQ 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH REQ 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/rsa.1 b/secure/usr.bin/openssl/man/rsa.1 index 41eafa6..2db0626 100644 --- a/secure/usr.bin/openssl/man/rsa.1 +++ b/secure/usr.bin/openssl/man/rsa.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RSA 1" -.TH RSA 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH RSA 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/rsautl.1 b/secure/usr.bin/openssl/man/rsautl.1 index 3cfe92a..bda3b30 100644 --- a/secure/usr.bin/openssl/man/rsautl.1 +++ b/secure/usr.bin/openssl/man/rsautl.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RSAUTL 1" -.TH RSAUTL 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH RSAUTL 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/s_client.1 b/secure/usr.bin/openssl/man/s_client.1 index 2e99fb2..b973e34 100644 --- a/secure/usr.bin/openssl/man/s_client.1 +++ b/secure/usr.bin/openssl/man/s_client.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "S_CLIENT 1" -.TH S_CLIENT 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH S_CLIENT 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/s_server.1 b/secure/usr.bin/openssl/man/s_server.1 index aad3a54..53efb82 100644 --- a/secure/usr.bin/openssl/man/s_server.1 +++ b/secure/usr.bin/openssl/man/s_server.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "S_SERVER 1" -.TH S_SERVER 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH S_SERVER 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/s_time.1 b/secure/usr.bin/openssl/man/s_time.1 index 927cc83..a314b7b 100644 --- a/secure/usr.bin/openssl/man/s_time.1 +++ b/secure/usr.bin/openssl/man/s_time.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "S_TIME 1" -.TH S_TIME 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH S_TIME 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/sess_id.1 b/secure/usr.bin/openssl/man/sess_id.1 index 4e6eb1c..f1a240f 100644 --- a/secure/usr.bin/openssl/man/sess_id.1 +++ b/secure/usr.bin/openssl/man/sess_id.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SESS_ID 1" -.TH SESS_ID 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SESS_ID 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/smime.1 b/secure/usr.bin/openssl/man/smime.1 index 0a1549b..5a50a6a 100644 --- a/secure/usr.bin/openssl/man/smime.1 +++ b/secure/usr.bin/openssl/man/smime.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SMIME 1" -.TH SMIME 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SMIME 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/speed.1 b/secure/usr.bin/openssl/man/speed.1 index c0bd2e1..c134531 100644 --- a/secure/usr.bin/openssl/man/speed.1 +++ b/secure/usr.bin/openssl/man/speed.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SPEED 1" -.TH SPEED 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SPEED 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/spkac.1 b/secure/usr.bin/openssl/man/spkac.1 index 7c571d7..a08ed95 100644 --- a/secure/usr.bin/openssl/man/spkac.1 +++ b/secure/usr.bin/openssl/man/spkac.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SPKAC 1" -.TH SPKAC 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SPKAC 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/ts.1 b/secure/usr.bin/openssl/man/ts.1 index d00f866..7ce2e5b 100644 --- a/secure/usr.bin/openssl/man/ts.1 +++ b/secure/usr.bin/openssl/man/ts.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "TS 1" -.TH TS 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH TS 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/tsget.1 b/secure/usr.bin/openssl/man/tsget.1 index 5bfbaf1..d310623 100644 --- a/secure/usr.bin/openssl/man/tsget.1 +++ b/secure/usr.bin/openssl/man/tsget.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "TSGET 1" -.TH TSGET 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH TSGET 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/verify.1 b/secure/usr.bin/openssl/man/verify.1 index 4b8af54..01cd000 100644 --- a/secure/usr.bin/openssl/man/verify.1 +++ b/secure/usr.bin/openssl/man/verify.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "VERIFY 1" -.TH VERIFY 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH VERIFY 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/version.1 b/secure/usr.bin/openssl/man/version.1 index 0e6ca87..b3c01ba 100644 --- a/secure/usr.bin/openssl/man/version.1 +++ b/secure/usr.bin/openssl/man/version.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "VERSION 1" -.TH VERSION 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH VERSION 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/x509.1 b/secure/usr.bin/openssl/man/x509.1 index d325626..66530e5 100644 --- a/secure/usr.bin/openssl/man/x509.1 +++ b/secure/usr.bin/openssl/man/x509.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "X509 1" -.TH X509 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH X509 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/x509v3_config.1 b/secure/usr.bin/openssl/man/x509v3_config.1 index 216559e..aeb0060 100644 --- a/secure/usr.bin/openssl/man/x509v3_config.1 +++ b/secure/usr.bin/openssl/man/x509v3_config.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "X509V3_CONFIG 1" -.TH X509V3_CONFIG 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH X509V3_CONFIG 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/share/examples/bhyve/vmrun.sh b/share/examples/bhyve/vmrun.sh index f7bb2a0..93f3c94 100755 --- a/share/examples/bhyve/vmrun.sh +++ b/share/examples/bhyve/vmrun.sh @@ -152,7 +152,7 @@ make_and_check_diskdev() { local virtio_diskdev="$1" # Create the virtio diskdev file if needed - if [ ! -f ${virtio_diskdev} ]; then + if [ ! -e ${virtio_diskdev} ]; then echo "virtio disk device file \"${virtio_diskdev}\" does not exist." echo "Creating it ..." truncate -s 8G ${virtio_diskdev} > /dev/null diff --git a/share/man/man4/gif.4 b/share/man/man4/gif.4 index 453b4bd..27ee61b 100644 --- a/share/man/man4/gif.4 +++ b/share/man/man4/gif.4 @@ -29,7 +29,7 @@ .\" .\" $FreeBSD$ .\" -.Dd August 1, 2011 +.Dd October 14, 2014 .Dt GIF 4 .Os .Sh NAME @@ -160,16 +160,6 @@ routed network. It can be turned off by .Dv IFF_LINK2 bit. -.Ss Route caching -Processing each packet requires two route lookups: first on the -packet itself, and second on the tunnel destination. -This second route can be cached, increasing tunnel performance. -However, in a dynamically routed network, the tunnel will stick -to the cached route, ignoring routing table updates. -Route caching can be enabled with the -.Dv IFF_LINK0 -flag. -.\" .Ss Miscellaneous By default, .Nm diff --git a/share/man/man4/igb.4 b/share/man/man4/igb.4 index cd916b0..a894c11 100644 --- a/share/man/man4/igb.4 +++ b/share/man/man4/igb.4 @@ -31,7 +31,7 @@ .\" .\" $FreeBSD$ .\" -.Dd March 25, 2013 +.Dd October 17, 2014 .Dt IGB 4 .Os .Sh NAME @@ -55,7 +55,8 @@ if_igb_load="YES" The .Nm driver provides support for PCI Express Gigabit Ethernet adapters -based on the Intel 82575 and 82576 Ethernet controller chips. +based on the Intel 82575, 82576, 82580, i21x and i35x +Ethernet controller chips. The driver supports Transmit/Receive checksum offload and Jumbo Frames. Furthermore it supports TCP segmentation offload (TSO) on all @@ -142,6 +143,12 @@ driver supports Gigabit Ethernet adapters based on the Intel 82575 and Intel Gigabit ET Dual Port Server Adapter (82576) .It Intel Gigabit VT Quad Port Server Adapter (82575) +.It +Intel Single, Dual and Quad Gigabit Ethernet Controller (82580) +.It +Intel i210 and i211 Gigabit Ethernet Controller +.It +Intel i350 and i354 Gigabit Ethernet Controller .El .Sh LOADER TUNABLES Tunables can be set at the diff --git a/share/man/man4/tcp.4 b/share/man/man4/tcp.4 index cbca912..7814a0d 100644 --- a/share/man/man4/tcp.4 +++ b/share/man/man4/tcp.4 @@ -516,13 +516,20 @@ ECN allows a TCP sender to reduce the transmission rate in order to avoid packet drops. .It Va ecn.maxretries Number of retries (SYN or SYN/ACK retransmits) before disabling ECN on a -specific connection. This is needed to help with connection establishment +specific connection. +This is needed to help with connection establishment when a broken firewall is in the network path. .It Va pmtud_blackhole_detection -Turn on automatic path MTU blackhole detection. In case of retransmits we will -lower the MSS to check if it's MTU problem. If current MSS is greater than +Turn on automatic path MTU blackhole detection. +In case of retransmits we will +lower the MSS to check if it's MTU problem. +If current MSS is greater than configured value to try, it will be set to it, otherwise, MSS will be set to -default values (net.inet.tcp.mssdflt and net.inet.tcp.v6mssdflt). +default values +.Po Va net.inet.tcp.mssdflt +and +.Va net.inet.tcp.v6mssdflt +.Pc . .It Va pmtud_blackhole_mss MSS to try for IPv4 if PMTU blackhole detection is turned on. .It Va v6pmtud_blackhole_mss diff --git a/share/man/man4/vt.4 b/share/man/man4/vt.4 index 889c75c..9929b2d 100644 --- a/share/man/man4/vt.4 +++ b/share/man/man4/vt.4 @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd July 2, 2014 +.Dd October 16, 2014 .Dt "VIRTUAL TERMINALS" 4 .Os .Sh NAME @@ -45,7 +45,15 @@ In .Xr loader.conf 5 : .Cd hw.vga.textmode=1 .Cd kern.vty=vt -.Cd kern.vt.spclkeys=15 +.Pp +In +.Xr loader.conf 5 or +.Xr sysctl.conf 5 : +.Cd kern.vt.kbd_halt=1 +.Cd kern.vt.kbd_poweroff=1 +.Cd kern.vt.kbd_reboot=1 +.Cd kern.vt.kbd_debug=1 +.Cd kern.vt.kbd_panic=0 .Sh DESCRIPTION The .Nm @@ -185,30 +193,41 @@ Set to 1 to use virtual terminals in text mode instead of graphics mode. Features that require graphics mode, like loadable fonts, will be disabled. .It Va kern.vty -When both -.Nm -and -.Xr sc 4 have been compiled into the kernel, the one to use for the -system console can be selected by setting this value to +Set this value to .Ql vt or -.Ql sc . -If this value is not set, +.Ql sc +to override the default driver used for the system console. +By default, .Xr sc 4 -is used. -.It Va kern.vt.spclkeys -bitmap of allowed special keys. 1 is enabled, 0 is disabled. Encoded as: -.Bl -tag -compact -width 0x000000 -.It 0x0001 -Debug request key combination. (Ctrl+Alt+Esc) -.It 0x0002 -Reboot. (Ctrl+Alt+Del) -.It 0x0004 -Halt. -.It 0x0008 -Power down. -.El -Default is 15, all enabled. +is used on computers that boot from BIOS, and +.Nm +is used on computers that boot from UEFI. +.Sh KEYBOARD SYSCTL TUNABLES +These settings control whether certain special key combinations are enabled or +ignored. +The specific key combinations can be configured by using a +.Xr keymap 5 +file. +.Pp +These settings can be entered at the +.Xr loader 8 +prompt or in +.Xr loader.conf 5 +and can also be changed at runtime with the +.Xr sysctl 8 +command. +.Bl -tag -width indent +.It Va kern.vt.kbd_halt +Enable halt keyboard combination. +.It Va kern.vt.kbd_poweroff +Enable power off key combination. +.It Va kern.vt.kbd_reboot. +Enable reboot key combination, usually Ctrl+Alt+Del. +.It Va kern.vt.kbd_debug +Enable debug request key combination, usually Ctrl+Alt+Esc. +.It Va kern.vt.kbd_panic +Enable panic key combination. .El .Sh FILES .Bl -tag -width /usr/share/vt/keymaps/* -compact diff --git a/share/man/man5/src.conf.5 b/share/man/man5/src.conf.5 index 5997846..74ebd0b 100644 --- a/share/man/man5/src.conf.5 +++ b/share/man/man5/src.conf.5 @@ -1,7 +1,7 @@ .\" DO NOT EDIT-- this file is automatically generated. .\" from FreeBSD: head/tools/build/options/makeman 255964 2013-10-01 07:22:04Z des .\" $FreeBSD$ -.Dd September 12, 2014 +.Dd October 16, 2014 .Dt SRC.CONF 5 .Os .Sh NAME @@ -100,9 +100,6 @@ Set to not build .Xr apm 8 , .Xr apmd 8 and related programs. -.It Va WITHOUT_ARM_EABI -.\" from FreeBSD: head/tools/build/options/WITHOUT_ARM_EABI 253396 2013-07-16 19:15:19Z andrew -Set the ARM ABI to OABI. .It Va WITHOUT_ASSERT_DEBUG .\" from FreeBSD: head/tools/build/options/WITHOUT_ASSERT_DEBUG 162215 2006-09-11 13:55:27Z ru Set to compile programs and libraries without the @@ -525,15 +522,6 @@ Set to not build HTML docs. .It Va WITHOUT_HYPERV .\" from FreeBSD: head/tools/build/options/WITHOUT_HYPERV 271493 2014-09-13 02:15:31Z delphij Set to not build or install HyperV utilities. -.Pp -It is a default setting on -arm/arm, arm/armeb, arm/armv6, arm/armv6hf, mips/mipsel, mips/mips, mips/mips64el, mips/mips64, mips/mipsn32, powerpc/powerpc, powerpc/powerpc64 and sparc64/sparc64. -.It Va WITH_HYPERV -.\" from FreeBSD: head/tools/build/options/WITH_HYPERV 271493 2014-09-13 02:15:31Z delphij -Set to build and install HyperV utilities. -.Pp -It is a default setting on -amd64/amd64, i386/i386 and pc98/i386. .It Va WITHOUT_ICONV .\" from FreeBSD: head/tools/build/options/WITHOUT_ICONV 254919 2013-08-26 17:15:56Z antoine Set to not build iconv as part of libc. @@ -1058,8 +1046,8 @@ When set, it also enforces the following options: .Va WITHOUT_GROFF .El .It Va WITHOUT_TOOLCHAIN -.\" from FreeBSD: head/tools/build/options/WITHOUT_TOOLCHAIN 174550 2007-12-12 16:43:17Z ru -Set to not install +.\" from FreeBSD: head/tools/build/options/WITHOUT_TOOLCHAIN 273172 2014-10-16 15:55:13Z brooks +Set to not install header or programs used for program development, compilers, debuggers etc. .Bf -symbolic diff --git a/share/misc/scsi_modes b/share/misc/scsi_modes index 4f7e59a..781b8f1 100644 --- a/share/misc/scsi_modes +++ b/share/misc/scsi_modes @@ -223,7 +223,8 @@ {Correction Span} i1 {Head Offset Count} i1 {Data Strobe Offset Count} i1 - {Reserved} *i1 + {LBPERE (LBP Error Reporting Enabled)} t1 + {Reserved} *t7 {Write Retry Count} i1 {Reserved} *i1 {Recovery Time Limit} i2 diff --git a/share/mk/bsd.progs.mk b/share/mk/bsd.progs.mk index 7a7c086..e722313 100644 --- a/share/mk/bsd.progs.mk +++ b/share/mk/bsd.progs.mk @@ -99,9 +99,11 @@ $p.$t: .PHONY .MAKE .endfor .endfor +.if !empty(PROGS) .for t in ${PROGS_TARGETS:O:u} $t: ${PROGS:%=%.$t} .endfor +.endif .if empty(PROGS) && !empty(SCRIPTS) diff --git a/share/mk/src.opts.mk b/share/mk/src.opts.mk index a852d3d..91ed3c0 100644 --- a/share/mk/src.opts.mk +++ b/share/mk/src.opts.mk @@ -90,6 +90,7 @@ __DEFAULT_YES_OPTIONS = \ GPL_DTC \ GROFF \ HTML \ + HYPERV \ ICONV \ INET \ INET6 \ @@ -211,13 +212,6 @@ __DEFAULT_NO_OPTIONS+=CLANG_IS_CC CLANG CLANG_BOOTSTRAP __DEFAULT_YES_OPTIONS+=GCC GCC_BOOTSTRAP GNUCXX .endif -# HyperV is only available for x86 and amd64. -.if ${__T} == "amd64" || ${__T} == "i386" -__DEFAULT_YES_OPTIONS+=HYPERV -.else -__DEFAULT_NO_OPTIONS+=HYPERV -.endif - .include <bsd.mkopt.mk> # diff --git a/sys/amd64/amd64/machdep.c b/sys/amd64/amd64/machdep.c index ab82771..95d67c0 100644 --- a/sys/amd64/amd64/machdep.c +++ b/sys/amd64/amd64/machdep.c @@ -244,7 +244,7 @@ cpu_startup(dummy) * We do this by disabling a bit in the SMI_EN (SMI Control and * Enable register) of the Intel ICH LPC Interface Bridge. */ - sysenv = getenv("smbios.system.product"); + sysenv = kern_getenv("smbios.system.product"); if (sysenv != NULL) { if (strncmp(sysenv, "MacBook1,1", 10) == 0 || strncmp(sysenv, "MacBook3,1", 10) == 0 || @@ -276,7 +276,7 @@ cpu_startup(dummy) * Display physical memory if SMBIOS reports reasonable amount. */ memsize = 0; - sysenv = getenv("smbios.memory.enabled"); + sysenv = kern_getenv("smbios.memory.enabled"); if (sysenv != NULL) { memsize = (uintmax_t)strtoul(sysenv, (char **)NULL, 10) << 10; freeenv(sysenv); @@ -2070,7 +2070,7 @@ hammer_time(u_int64_t modulep, u_int64_t physfree) thread0.td_pcb->pcb_cr3 = KPML4phys; /* PCID 0 is reserved for kernel */ thread0.td_frame = &proc0_tf; - env = getenv("kernelname"); + env = kern_getenv("kernelname"); if (env != NULL) strlcpy(kernelname, env, sizeof(kernelname)); diff --git a/sys/amd64/vmm/vmm.c b/sys/amd64/vmm/vmm.c index af62294..7d06749 100644 --- a/sys/amd64/vmm/vmm.c +++ b/sys/amd64/vmm/vmm.c @@ -1950,7 +1950,7 @@ vmm_is_pptdev(int bus, int slot, int func) /* set pptdevs="1/2/3 4/5/6 7/8/9 10/11/12" */ found = 0; for (i = 0; names[i] != NULL && !found; i++) { - cp = val = getenv(names[i]); + cp = val = kern_getenv(names[i]); while (cp != NULL && *cp != '\0') { if ((cp2 = strchr(cp, ' ')) != NULL) *cp2 = '\0'; diff --git a/sys/amd64/vmm/vmm_instruction_emul.c b/sys/amd64/vmm/vmm_instruction_emul.c index ef19792..d1d7173 100644 --- a/sys/amd64/vmm/vmm_instruction_emul.c +++ b/sys/amd64/vmm/vmm_instruction_emul.c @@ -69,6 +69,7 @@ enum { VIE_OP_TYPE_TWO_BYTE, VIE_OP_TYPE_PUSH, VIE_OP_TYPE_CMP, + VIE_OP_TYPE_POP, VIE_OP_TYPE_LAST }; @@ -159,6 +160,11 @@ static const struct vie_op one_byte_opcodes[256] = { .op_type = VIE_OP_TYPE_OR, .op_flags = VIE_OP_F_IMM8, }, + [0x8F] = { + /* XXX Group 1A extended opcode - not just POP */ + .op_byte = 0x8F, + .op_type = VIE_OP_TYPE_POP, + }, [0xFF] = { /* XXX Group 5 extended opcode - not just PUSH */ .op_byte = 0xFF, @@ -821,7 +827,7 @@ emulate_sub(void *vm, int vcpuid, uint64_t gpa, struct vie *vie, } static int -emulate_push(void *vm, int vcpuid, uint64_t mmio_gpa, struct vie *vie, +emulate_stack_op(void *vm, int vcpuid, uint64_t mmio_gpa, struct vie *vie, struct vm_guest_paging *paging, mem_region_read_t memread, mem_region_write_t memwrite, void *arg) { @@ -832,18 +838,12 @@ emulate_push(void *vm, int vcpuid, uint64_t mmio_gpa, struct vie *vie, #endif struct seg_desc ss_desc; uint64_t cr0, rflags, rsp, stack_gla, val; - int error, size, stackaddrsize; - - /* - * Table A-6, "Opcode Extensions", Intel SDM, Vol 2. - * - * PUSH is part of the group 5 extended opcodes and is identified - * by ModRM:reg = b110. - */ - if ((vie->reg & 7) != 6) - return (EINVAL); + int error, size, stackaddrsize, pushop; + val = 0; size = vie->opsize; + pushop = (vie->op.op_type == VIE_OP_TYPE_PUSH) ? 1 : 0; + /* * From "Address-Size Attributes for Stack Accesses", Intel SDL, Vol 1 */ @@ -882,10 +882,13 @@ emulate_push(void *vm, int vcpuid, uint64_t mmio_gpa, struct vie *vie, error = vie_read_register(vm, vcpuid, VM_REG_GUEST_RSP, &rsp); KASSERT(error == 0, ("%s: error %d getting rsp", __func__, error)); + if (pushop) { + rsp -= size; + } - rsp -= size; if (vie_calculate_gla(paging->cpu_mode, VM_REG_GUEST_SS, &ss_desc, - rsp, size, stackaddrsize, PROT_WRITE, &stack_gla)) { + rsp, size, stackaddrsize, pushop ? PROT_WRITE : PROT_READ, + &stack_gla)) { vm_inject_ss(vm, vcpuid, 0); return (0); } @@ -900,8 +903,8 @@ emulate_push(void *vm, int vcpuid, uint64_t mmio_gpa, struct vie *vie, return (0); } - error = vm_copy_setup(vm, vcpuid, paging, stack_gla, size, PROT_WRITE, - copyinfo, nitems(copyinfo)); + error = vm_copy_setup(vm, vcpuid, paging, stack_gla, size, + pushop ? PROT_WRITE : PROT_READ, copyinfo, nitems(copyinfo)); if (error == -1) { /* * XXX cannot return a negative error value here because it @@ -914,16 +917,66 @@ emulate_push(void *vm, int vcpuid, uint64_t mmio_gpa, struct vie *vie, return (0); } - error = memread(vm, vcpuid, mmio_gpa, &val, size, arg); + if (pushop) { + error = memread(vm, vcpuid, mmio_gpa, &val, size, arg); + if (error == 0) + vm_copyout(vm, vcpuid, &val, copyinfo, size); + } else { + vm_copyin(vm, vcpuid, copyinfo, &val, size); + error = memwrite(vm, vcpuid, mmio_gpa, val, size, arg); + rsp += size; + } +#ifdef _KERNEL + vm_copy_teardown(vm, vcpuid, copyinfo, nitems(copyinfo)); +#endif + if (error == 0) { - vm_copyout(vm, vcpuid, &val, copyinfo, size); error = vie_update_register(vm, vcpuid, VM_REG_GUEST_RSP, rsp, stackaddrsize); KASSERT(error == 0, ("error %d updating rsp", error)); } -#ifdef _KERNEL - vm_copy_teardown(vm, vcpuid, copyinfo, nitems(copyinfo)); -#endif + return (error); +} + +static int +emulate_push(void *vm, int vcpuid, uint64_t mmio_gpa, struct vie *vie, + struct vm_guest_paging *paging, mem_region_read_t memread, + mem_region_write_t memwrite, void *arg) +{ + int error; + + /* + * Table A-6, "Opcode Extensions", Intel SDM, Vol 2. + * + * PUSH is part of the group 5 extended opcodes and is identified + * by ModRM:reg = b110. + */ + if ((vie->reg & 7) != 6) + return (EINVAL); + + error = emulate_stack_op(vm, vcpuid, mmio_gpa, vie, paging, memread, + memwrite, arg); + return (error); +} + +static int +emulate_pop(void *vm, int vcpuid, uint64_t mmio_gpa, struct vie *vie, + struct vm_guest_paging *paging, mem_region_read_t memread, + mem_region_write_t memwrite, void *arg) +{ + int error; + + /* + * Table A-6, "Opcode Extensions", Intel SDM, Vol 2. + * + * POP is part of the group 1A extended opcodes and is identified + * by ModRM:reg = b000. + */ + if ((vie->reg & 7) != 0) + return (EINVAL); + + error = emulate_stack_op(vm, vcpuid, mmio_gpa, vie, paging, memread, + memwrite, arg); return (error); } @@ -938,6 +991,10 @@ vmm_emulate_instruction(void *vm, int vcpuid, uint64_t gpa, struct vie *vie, return (EINVAL); switch (vie->op.op_type) { + case VIE_OP_TYPE_POP: + error = emulate_pop(vm, vcpuid, gpa, vie, paging, memread, + memwrite, memarg); + break; case VIE_OP_TYPE_PUSH: error = emulate_push(vm, vcpuid, gpa, vie, paging, memread, memwrite, memarg); diff --git a/sys/arm/arm/db_trace.c b/sys/arm/arm/db_trace.c index af661f31..e0d7552 100644 --- a/sys/arm/arm/db_trace.c +++ b/sys/arm/arm/db_trace.c @@ -382,7 +382,7 @@ db_stack_trace_cmd(struct unwind_state *state) } else { /* A prel31 offset to the unwind table */ state->insn = (uint32_t *) - ((uintptr_t)&index->insn + + ((uintptr_t)&index->insn + db_expand_prel31(index->insn)); } /* Run the unwind function */ @@ -407,7 +407,7 @@ db_stack_trace_cmd(struct unwind_state *state) state->registers[SP], state->registers[FP]); /* Don't print the registers we have already printed */ - upd_mask = state->update_mask & + upd_mask = state->update_mask & ~((1 << SP) | (1 << FP) | (1 << LR) | (1 << PC)); sep = "\n\t"; for (i = 0, reg = 0; upd_mask != 0; upd_mask >>= 1, reg++) { @@ -421,7 +421,7 @@ db_stack_trace_cmd(struct unwind_state *state) i = 0; } else sep = " "; - + } } db_printf("\n"); @@ -436,7 +436,6 @@ db_stack_trace_cmd(struct unwind_state *state) * message (maybe it needs a STOP_UNWINDING). */ if (index->insn == EXIDX_CANTUNWIND) { - db_printf("Unable to unwind further\n"); finished = true; } else if (state->registers[PC] < VM_MIN_KERNEL_ADDRESS) { db_printf("Unable to unwind into user mode\n"); diff --git a/sys/arm/arm/machdep.c b/sys/arm/arm/machdep.c index 98c424e..96c5b20 100644 --- a/sys/arm/arm/machdep.c +++ b/sys/arm/arm/machdep.c @@ -1245,7 +1245,7 @@ initarm(struct arm_boot_params *abp) debugf(" dtbp = 0x%08x\n", (uint32_t)dtbp); print_kenv(); - env = getenv("kernelname"); + env = kern_getenv("kernelname"); if (env != NULL) strlcpy(kernelname, env, sizeof(kernelname)); diff --git a/sys/arm/conf/PANDABOARD b/sys/arm/conf/PANDABOARD index 5f0dccd..cc345cb 100644 --- a/sys/arm/conf/PANDABOARD +++ b/sys/arm/conf/PANDABOARD @@ -35,7 +35,7 @@ makeoptions WITHOUT_MODULES="ahc" options HZ=100 options SCHED_4BSD # 4BSD scheduler options INET # InterNETworking -#options INET6 # IPv6 communications protocols +options INET6 # IPv6 communications protocols options FFS # Berkeley Fast Filesystem options SOFTUPDATES # Enable FFS soft updates support options UFS_ACL # Support for access control lists @@ -44,8 +44,8 @@ options GEOM_PART_BSD # BSD partition scheme options GEOM_PART_MBR # MBR partition scheme options TMPFS # Efficient memory filesystem options MSDOSFS # MSDOS Filesystem -#options CD9660 # ISO 9660 Filesystem -#options PROCFS # Process filesystem (requires PSEUDOFS) +options CD9660 # ISO 9660 Filesystem +options PROCFS # Process filesystem (requires PSEUDOFS) options PSEUDOFS # Pseudo-filesystem framework options COMPAT_43 # Compatible with BSD 4.3 [KEEP THIS!] options SCSI_DELAY=5000 # Delay (in ms) before probing SCSI diff --git a/sys/arm/ti/am335x/am335x_scm_padconf.c b/sys/arm/ti/am335x/am335x_scm_padconf.c index 91b6856..d288efe 100644 --- a/sys/arm/ti/am335x/am335x_scm_padconf.c +++ b/sys/arm/ti/am335x/am335x_scm_padconf.c @@ -74,7 +74,7 @@ __FBSDID("$FreeBSD$"); #define PADCONF_INPUT_PULLDOWN (RXACTIVE) #define PADCONF_INPUT_PULLUP_SLOW (PADCONF_INPUT_PULLUP | SLEWCTRL) -const struct ti_scm_padstate ti_padstate_devmap[] = { +const static struct ti_scm_padstate ti_padstate_devmap[] = { {"output", PADCONF_OUTPUT }, {"output_pullup", PADCONF_OUTPUT_PULLUP }, {"input", PADCONF_INPUT }, diff --git a/sys/arm/ti/omap4/omap4_scm_padconf.c b/sys/arm/ti/omap4/omap4_scm_padconf.c index 4bf7e3e..ca48023 100644 --- a/sys/arm/ti/omap4/omap4_scm_padconf.c +++ b/sys/arm/ti/omap4/omap4_scm_padconf.c @@ -131,7 +131,7 @@ __FBSDID("$FreeBSD$"); .muxmodes[7] = m7, \ } -const struct ti_scm_padstate ti_padstate_devmap[] = { +const static struct ti_scm_padstate ti_padstate_devmap[] = { {"output", PADCONF_PIN_OUTPUT}, {"input", PADCONF_PIN_INPUT}, {"input_pullup", PADCONF_PIN_INPUT_PULLUP}, diff --git a/sys/boot/i386/gptzfsboot/gptzfsboot.8 b/sys/boot/i386/gptzfsboot/gptzfsboot.8 index 400c8c6..20c2856 100644 --- a/sys/boot/i386/gptzfsboot/gptzfsboot.8 +++ b/sys/boot/i386/gptzfsboot/gptzfsboot.8 @@ -56,7 +56,7 @@ itself was loaded. Other disks are probed in BIOS defined order. After a disk is probed and .Nm -determines that the whole disk is not a ZFS pool member, then +determines that the whole disk is not a ZFS pool member, the individual partitions are probed in their partition table order. Currently GPT and MBR partition schemes are supported. With the GPT scheme, only partitions of type @@ -103,9 +103,9 @@ accepts all the options that .Xr boot 8 supports. .Pp -Filesystem specification and the path to +The filesystem specification and the path to .Xr zfsloader 8 -is different from +are different from .Xr boot 8 . The format is .Pp diff --git a/sys/cam/ata/ata_da.c b/sys/cam/ata/ata_da.c index 9209e36..f33a2c4 100644 --- a/sys/cam/ata/ata_da.c +++ b/sys/cam/ata/ata_da.c @@ -459,6 +459,14 @@ static struct ada_quirk_entry ada_quirk_table[] = }, { /* + * Samsung PM853T Series SSDs + * 4k optimised + */ + { T_DIRECT, SIP_MEDIA_FIXED, "*", "SAMSUNG MZ7GE*", "*" }, + /*quirks*/ADA_Q_4K + }, + { + /* * SuperTalent TeraDrive CT SSDs * 4k optimised & trim only works in 4k requests + 4k aligned */ @@ -1316,7 +1324,7 @@ adaregister(struct cam_periph *periph, void *arg) softc->disk->d_name, softc->disk->d_unit); snprintf(buf1, sizeof(buf1), "ad%d", legacy_id); - setenv(announce_buf, buf1); + kern_setenv(announce_buf, buf1); } } else legacy_id = -1; diff --git a/sys/cam/ctl/ctl.c b/sys/cam/ctl/ctl.c index 7a7fa02..d8fed4b 100644 --- a/sys/cam/ctl/ctl.c +++ b/sys/cam/ctl/ctl.c @@ -109,56 +109,6 @@ struct ctl_softc *control_softc = NULL; * Note that these are default values only. The actual values will be * filled in when the user does a mode sense. */ -static struct copan_power_subpage power_page_default = { - /*page_code*/ PWR_PAGE_CODE | SMPH_SPF, - /*subpage*/ PWR_SUBPAGE_CODE, - /*page_length*/ {(sizeof(struct copan_power_subpage) - 4) & 0xff00, - (sizeof(struct copan_power_subpage) - 4) & 0x00ff}, - /*page_version*/ PWR_VERSION, - /* total_luns */ 26, - /* max_active_luns*/ PWR_DFLT_MAX_LUNS, - /*reserved*/ {0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0} -}; - -static struct copan_power_subpage power_page_changeable = { - /*page_code*/ PWR_PAGE_CODE | SMPH_SPF, - /*subpage*/ PWR_SUBPAGE_CODE, - /*page_length*/ {(sizeof(struct copan_power_subpage) - 4) & 0xff00, - (sizeof(struct copan_power_subpage) - 4) & 0x00ff}, - /*page_version*/ 0, - /* total_luns */ 0, - /* max_active_luns*/ 0, - /*reserved*/ {0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0} -}; - -static struct copan_aps_subpage aps_page_default = { - APS_PAGE_CODE | SMPH_SPF, //page_code - APS_SUBPAGE_CODE, //subpage - {(sizeof(struct copan_aps_subpage) - 4) & 0xff00, - (sizeof(struct copan_aps_subpage) - 4) & 0x00ff}, //page_length - APS_VERSION, //page_version - 0, //lock_active - {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0} //reserved -}; - -static struct copan_aps_subpage aps_page_changeable = { - APS_PAGE_CODE | SMPH_SPF, //page_code - APS_SUBPAGE_CODE, //subpage - {(sizeof(struct copan_aps_subpage) - 4) & 0xff00, - (sizeof(struct copan_aps_subpage) - 4) & 0x00ff}, //page_length - 0, //page_version - 0, //lock_active - {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0} //reserved -}; - static struct copan_debugconf_subpage debugconf_page_default = { DBGCNF_PAGE_CODE | SMPH_SPF, /* page_code */ DBGCNF_SUBPAGE_CODE, /* subpage */ @@ -178,6 +128,34 @@ static struct copan_debugconf_subpage debugconf_page_changeable = { {0xff,0xff}, /* ctl_time_io_secs */ }; +static struct scsi_da_rw_recovery_page rw_er_page_default = { + /*page_code*/SMS_RW_ERROR_RECOVERY_PAGE, + /*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2, + /*byte3*/SMS_RWER_AWRE|SMS_RWER_ARRE, + /*read_retry_count*/0, + /*correction_span*/0, + /*head_offset_count*/0, + /*data_strobe_offset_cnt*/0, + /*byte8*/0, + /*write_retry_count*/0, + /*reserved2*/0, + /*recovery_time_limit*/{0, 0}, +}; + +static struct scsi_da_rw_recovery_page rw_er_page_changeable = { + /*page_code*/SMS_RW_ERROR_RECOVERY_PAGE, + /*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2, + /*byte3*/0, + /*read_retry_count*/0, + /*correction_span*/0, + /*head_offset_count*/0, + /*data_strobe_offset_cnt*/0, + /*byte8*/0, + /*write_retry_count*/0, + /*reserved2*/0, + /*recovery_time_limit*/{0, 0}, +}; + static struct scsi_format_page format_page_default = { /*page_code*/SMS_FORMAT_DEVICE_PAGE, /*page_length*/sizeof(struct scsi_format_page) - 2, @@ -300,6 +278,41 @@ static struct scsi_control_page control_page_changeable = { /*extended_selftest_completion_time*/{0, 0} }; +static struct scsi_info_exceptions_page ie_page_default = { + /*page_code*/SMS_INFO_EXCEPTIONS_PAGE, + /*page_length*/sizeof(struct scsi_info_exceptions_page) - 2, + /*info_flags*/SIEP_FLAGS_DEXCPT, + /*mrie*/0, + /*interval_timer*/{0, 0, 0, 0}, + /*report_count*/{0, 0, 0, 0} +}; + +static struct scsi_info_exceptions_page ie_page_changeable = { + /*page_code*/SMS_INFO_EXCEPTIONS_PAGE, + /*page_length*/sizeof(struct scsi_info_exceptions_page) - 2, + /*info_flags*/0, + /*mrie*/0, + /*interval_timer*/{0, 0, 0, 0}, + /*report_count*/{0, 0, 0, 0} +}; + +static struct scsi_logical_block_provisioning_page lbp_page_default = { + /*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF, + /*subpage_code*/0x02, + /*page_length*/{0, sizeof(struct scsi_logical_block_provisioning_page) - 4}, + /*flags*/0, + /*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}, + /*descr*/{} +}; + +static struct scsi_logical_block_provisioning_page lbp_page_changeable = { + /*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF, + /*subpage_code*/0x02, + /*page_length*/{0, sizeof(struct scsi_logical_block_provisioning_page) - 4}, + /*flags*/0, + /*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}, + /*descr*/{} +}; /* * XXX KDM move these into the softc. @@ -308,15 +321,14 @@ static int rcv_sync_msg; static int persis_offset; static uint8_t ctl_pause_rtr; static int ctl_is_single = 1; -static int index_to_aps_page; SYSCTL_NODE(_kern_cam, OID_AUTO, ctl, CTLFLAG_RD, 0, "CAM Target Layer"); static int worker_threads = -1; SYSCTL_INT(_kern_cam_ctl, OID_AUTO, worker_threads, CTLFLAG_RDTUN, &worker_threads, 1, "Number of worker threads"); -static int verbose = 0; -SYSCTL_INT(_kern_cam_ctl, OID_AUTO, verbose, CTLFLAG_RWTUN, - &verbose, 0, "Show SCSI errors returned to initiator"); +static int ctl_debug = CTL_DEBUG_NONE; +SYSCTL_INT(_kern_cam_ctl, OID_AUTO, debug, CTLFLAG_RWTUN, + &ctl_debug, 0, "Enabled debug flags"); /* * Supported pages (0x00), Serial number (0x80), Device ID (0x83), @@ -886,26 +898,6 @@ ctl_isc_event_handler(ctl_ha_channel channel, ctl_ha_event event, int param) case CTL_MSG_SYNC_FE: rcv_sync_msg = 1; break; - case CTL_MSG_APS_LOCK: { - // It's quicker to execute this then to - // queue it. - struct ctl_lun *lun; - struct ctl_page_index *page_index; - struct copan_aps_subpage *current_sp; - uint32_t targ_lun; - - targ_lun = msg_info.hdr.nexus.targ_mapped_lun; - lun = ctl_softc->ctl_luns[targ_lun]; - mtx_lock(&lun->lun_lock); - page_index = &lun->mode_pages.index[index_to_aps_page]; - current_sp = (struct copan_aps_subpage *) - (page_index->page_data + - (page_index->page_len * CTL_PAGE_CURRENT)); - - current_sp->lock_active = msg_info.aps.lock_flag; - mtx_unlock(&lun->lun_lock); - break; - } default: printf("How did I get here?\n"); } @@ -3994,156 +3986,6 @@ ctl_copy_io(union ctl_io *src, union ctl_io *dest) dest->io_hdr.flags |= CTL_FLAG_INT_COPY; } -#ifdef NEEDTOPORT -static void -ctl_update_power_subpage(struct copan_power_subpage *page) -{ - int num_luns, num_partitions, config_type; - struct ctl_softc *softc; - cs_BOOL_t aor_present, shelf_50pct_power; - cs_raidset_personality_t rs_type; - int max_active_luns; - - softc = control_softc; - - /* subtract out the processor LUN */ - num_luns = softc->num_luns - 1; - /* - * Default to 7 LUNs active, which was the only number we allowed - * in the past. - */ - max_active_luns = 7; - - num_partitions = config_GetRsPartitionInfo(); - config_type = config_GetConfigType(); - shelf_50pct_power = config_GetShelfPowerMode(); - aor_present = config_IsAorRsPresent(); - - rs_type = ddb_GetRsRaidType(1); - if ((rs_type != CS_RAIDSET_PERSONALITY_RAID5) - && (rs_type != CS_RAIDSET_PERSONALITY_RAID1)) { - EPRINT(0, "Unsupported RS type %d!", rs_type); - } - - - page->total_luns = num_luns; - - switch (config_type) { - case 40: - /* - * In a 40 drive configuration, it doesn't matter what DC - * cards we have, whether we have AOR enabled or not, - * partitioning or not, or what type of RAIDset we have. - * In that scenario, we can power up every LUN we present - * to the user. - */ - max_active_luns = num_luns; - - break; - case 64: - if (shelf_50pct_power == CS_FALSE) { - /* 25% power */ - if (aor_present == CS_TRUE) { - if (rs_type == - CS_RAIDSET_PERSONALITY_RAID5) { - max_active_luns = 7; - } else if (rs_type == - CS_RAIDSET_PERSONALITY_RAID1){ - max_active_luns = 14; - } else { - /* XXX KDM now what?? */ - } - } else { - if (rs_type == - CS_RAIDSET_PERSONALITY_RAID5) { - max_active_luns = 8; - } else if (rs_type == - CS_RAIDSET_PERSONALITY_RAID1){ - max_active_luns = 16; - } else { - /* XXX KDM now what?? */ - } - } - } else { - /* 50% power */ - /* - * With 50% power in a 64 drive configuration, we - * can power all LUNs we present. - */ - max_active_luns = num_luns; - } - break; - case 112: - if (shelf_50pct_power == CS_FALSE) { - /* 25% power */ - if (aor_present == CS_TRUE) { - if (rs_type == - CS_RAIDSET_PERSONALITY_RAID5) { - max_active_luns = 7; - } else if (rs_type == - CS_RAIDSET_PERSONALITY_RAID1){ - max_active_luns = 14; - } else { - /* XXX KDM now what?? */ - } - } else { - if (rs_type == - CS_RAIDSET_PERSONALITY_RAID5) { - max_active_luns = 8; - } else if (rs_type == - CS_RAIDSET_PERSONALITY_RAID1){ - max_active_luns = 16; - } else { - /* XXX KDM now what?? */ - } - } - } else { - /* 50% power */ - if (aor_present == CS_TRUE) { - if (rs_type == - CS_RAIDSET_PERSONALITY_RAID5) { - max_active_luns = 14; - } else if (rs_type == - CS_RAIDSET_PERSONALITY_RAID1){ - /* - * We're assuming here that disk - * caching is enabled, and so we're - * able to power up half of each - * LUN, and cache all writes. - */ - max_active_luns = num_luns; - } else { - /* XXX KDM now what?? */ - } - } else { - if (rs_type == - CS_RAIDSET_PERSONALITY_RAID5) { - max_active_luns = 15; - } else if (rs_type == - CS_RAIDSET_PERSONALITY_RAID1){ - max_active_luns = 30; - } else { - /* XXX KDM now what?? */ - } - } - } - break; - default: - /* - * In this case, we have an unknown configuration, so we - * just use the default from above. - */ - break; - } - - page->max_active_luns = max_active_luns; -#if 0 - printk("%s: total_luns = %d, max_active_luns = %d\n", __func__, - page->total_luns, page->max_active_luns); -#endif -} -#endif /* NEEDTOPORT */ - /* * This routine could be used in the future to load default and/or saved * mode page parameters for a particuar lun. @@ -4153,14 +3995,11 @@ ctl_init_page_index(struct ctl_lun *lun) { int i; struct ctl_page_index *page_index; - struct ctl_softc *softc; const char *value; memcpy(&lun->mode_pages.index, page_index_template, sizeof(page_index_template)); - softc = lun->ctl_softc; - for (i = 0; i < CTL_NUM_MODE_PAGES; i++) { page_index = &lun->mode_pages.index[i]; @@ -4175,6 +4014,25 @@ ctl_init_page_index(struct ctl_lun *lun) continue; switch (page_index->page_code & SMPH_PC_MASK) { + case SMS_RW_ERROR_RECOVERY_PAGE: { + if (page_index->subpage != SMS_SUBPAGE_PAGE_0) + panic("subpage is incorrect!"); + memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CURRENT], + &rw_er_page_default, + sizeof(rw_er_page_default)); + memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CHANGEABLE], + &rw_er_page_changeable, + sizeof(rw_er_page_changeable)); + memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_DEFAULT], + &rw_er_page_default, + sizeof(rw_er_page_default)); + memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_SAVED], + &rw_er_page_default, + sizeof(rw_er_page_default)); + page_index->page_data = + (uint8_t *)lun->mode_pages.rw_er_page; + break; + } case SMS_FORMAT_DEVICE_PAGE: { struct scsi_format_page *format_page; @@ -4364,79 +4222,44 @@ ctl_init_page_index(struct ctl_lun *lun) break; } - case SMS_VENDOR_SPECIFIC_PAGE:{ + case SMS_INFO_EXCEPTIONS_PAGE: { switch (page_index->subpage) { - case PWR_SUBPAGE_CODE: { - struct copan_power_subpage *current_page, - *saved_page; - - memcpy(&lun->mode_pages.power_subpage[ - CTL_PAGE_CURRENT], - &power_page_default, - sizeof(power_page_default)); - memcpy(&lun->mode_pages.power_subpage[ - CTL_PAGE_CHANGEABLE], - &power_page_changeable, - sizeof(power_page_changeable)); - memcpy(&lun->mode_pages.power_subpage[ - CTL_PAGE_DEFAULT], - &power_page_default, - sizeof(power_page_default)); - memcpy(&lun->mode_pages.power_subpage[ - CTL_PAGE_SAVED], - &power_page_default, - sizeof(power_page_default)); + case SMS_SUBPAGE_PAGE_0: + memcpy(&lun->mode_pages.ie_page[CTL_PAGE_CURRENT], + &ie_page_default, + sizeof(ie_page_default)); + memcpy(&lun->mode_pages.ie_page[ + CTL_PAGE_CHANGEABLE], &ie_page_changeable, + sizeof(ie_page_changeable)); + memcpy(&lun->mode_pages.ie_page[CTL_PAGE_DEFAULT], + &ie_page_default, + sizeof(ie_page_default)); + memcpy(&lun->mode_pages.ie_page[CTL_PAGE_SAVED], + &ie_page_default, + sizeof(ie_page_default)); page_index->page_data = - (uint8_t *)lun->mode_pages.power_subpage; - - current_page = (struct copan_power_subpage *) - (page_index->page_data + - (page_index->page_len * - CTL_PAGE_CURRENT)); - saved_page = (struct copan_power_subpage *) - (page_index->page_data + - (page_index->page_len * - CTL_PAGE_SAVED)); + (uint8_t *)lun->mode_pages.ie_page; break; - } - case APS_SUBPAGE_CODE: { - struct copan_aps_subpage *current_page, - *saved_page; - - // This gets set multiple times but - // it should always be the same. It's - // only done during init so who cares. - index_to_aps_page = i; - - memcpy(&lun->mode_pages.aps_subpage[ - CTL_PAGE_CURRENT], - &aps_page_default, - sizeof(aps_page_default)); - memcpy(&lun->mode_pages.aps_subpage[ - CTL_PAGE_CHANGEABLE], - &aps_page_changeable, - sizeof(aps_page_changeable)); - memcpy(&lun->mode_pages.aps_subpage[ - CTL_PAGE_DEFAULT], - &aps_page_default, - sizeof(aps_page_default)); - memcpy(&lun->mode_pages.aps_subpage[ - CTL_PAGE_SAVED], - &aps_page_default, - sizeof(aps_page_default)); + case 0x02: + memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_CURRENT], + &lbp_page_default, + sizeof(lbp_page_default)); + memcpy(&lun->mode_pages.lbp_page[ + CTL_PAGE_CHANGEABLE], &lbp_page_changeable, + sizeof(lbp_page_changeable)); + memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_DEFAULT], + &lbp_page_default, + sizeof(lbp_page_default)); + memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_SAVED], + &lbp_page_default, + sizeof(lbp_page_default)); page_index->page_data = - (uint8_t *)lun->mode_pages.aps_subpage; - - current_page = (struct copan_aps_subpage *) - (page_index->page_data + - (page_index->page_len * - CTL_PAGE_CURRENT)); - saved_page = (struct copan_aps_subpage *) - (page_index->page_data + - (page_index->page_len * - CTL_PAGE_SAVED)); - break; + (uint8_t *)lun->mode_pages.lbp_page; } + break; + } + case SMS_VENDOR_SPECIFIC_PAGE:{ + switch (page_index->subpage) { case DBGCNF_SUBPAGE_CODE: { struct copan_debugconf_subpage *current_page, *saved_page; @@ -4487,6 +4310,45 @@ ctl_init_page_index(struct ctl_lun *lun) return (CTL_RETVAL_COMPLETE); } +static int +ctl_init_log_page_index(struct ctl_lun *lun) +{ + struct ctl_page_index *page_index; + int i, j, prev; + + memcpy(&lun->log_pages.index, log_page_index_template, + sizeof(log_page_index_template)); + + prev = -1; + for (i = 0, j = 0; i < CTL_NUM_LOG_PAGES; i++) { + + page_index = &lun->log_pages.index[i]; + /* + * If this is a disk-only mode page, there's no point in + * setting it up. For some pages, we have to have some + * basic information about the disk in order to calculate the + * mode page data. + */ + if ((lun->be_lun->lun_type != T_DIRECT) + && (page_index->page_flags & CTL_PAGE_FLAG_DISK_ONLY)) + continue; + + if (page_index->page_code != prev) { + lun->log_pages.pages_page[j] = page_index->page_code; + prev = page_index->page_code; + j++; + } + lun->log_pages.subpages_page[i*2] = page_index->page_code; + lun->log_pages.subpages_page[i*2+1] = page_index->subpage; + } + lun->log_pages.index[0].page_data = &lun->log_pages.pages_page[0]; + lun->log_pages.index[0].page_len = j; + lun->log_pages.index[1].page_data = &lun->log_pages.subpages_page[0]; + lun->log_pages.index[1].page_len = i * 2; + + return (CTL_RETVAL_COMPLETE); +} + /* * LUN allocation. * @@ -4682,9 +4544,10 @@ ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *ctl_lun, ctl_tpc_lun_init(lun); /* - * Initialize the mode page index. + * Initialize the mode and log page index. */ ctl_init_page_index(lun); + ctl_init_log_page_index(lun); /* * Set the poweron UA for all initiators on this LUN only. @@ -5115,95 +4978,6 @@ ctl_lun_operable(struct ctl_be_lun *be_lun) return (0); } -int -ctl_lun_power_lock(struct ctl_be_lun *be_lun, struct ctl_nexus *nexus, - int lock) -{ - struct ctl_softc *softc; - struct ctl_lun *lun; - struct copan_aps_subpage *current_sp; - struct ctl_page_index *page_index; - int i; - - softc = control_softc; - - mtx_lock(&softc->ctl_lock); - - lun = (struct ctl_lun *)be_lun->ctl_lun; - mtx_lock(&lun->lun_lock); - - page_index = NULL; - for (i = 0; i < CTL_NUM_MODE_PAGES; i++) { - if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) != - APS_PAGE_CODE) - continue; - - if (lun->mode_pages.index[i].subpage != APS_SUBPAGE_CODE) - continue; - page_index = &lun->mode_pages.index[i]; - } - - if (page_index == NULL) { - mtx_unlock(&lun->lun_lock); - mtx_unlock(&softc->ctl_lock); - printf("%s: APS subpage not found for lun %ju!\n", __func__, - (uintmax_t)lun->lun); - return (1); - } -#if 0 - if ((softc->aps_locked_lun != 0) - && (softc->aps_locked_lun != lun->lun)) { - printf("%s: attempt to lock LUN %llu when %llu is already " - "locked\n"); - mtx_unlock(&lun->lun_lock); - mtx_unlock(&softc->ctl_lock); - return (1); - } -#endif - - current_sp = (struct copan_aps_subpage *)(page_index->page_data + - (page_index->page_len * CTL_PAGE_CURRENT)); - - if (lock != 0) { - current_sp->lock_active = APS_LOCK_ACTIVE; - softc->aps_locked_lun = lun->lun; - } else { - current_sp->lock_active = 0; - softc->aps_locked_lun = 0; - } - - - /* - * If we're in HA mode, try to send the lock message to the other - * side. - */ - if (ctl_is_single == 0) { - int isc_retval; - union ctl_ha_msg lock_msg; - - lock_msg.hdr.nexus = *nexus; - lock_msg.hdr.msg_type = CTL_MSG_APS_LOCK; - if (lock != 0) - lock_msg.aps.lock_flag = 1; - else - lock_msg.aps.lock_flag = 0; - isc_retval = ctl_ha_msg_send(CTL_HA_CHAN_CTL, &lock_msg, - sizeof(lock_msg), 0); - if (isc_retval > CTL_HA_STATUS_SUCCESS) { - printf("%s: APS (lock=%d) error returned from " - "ctl_ha_msg_send: %d\n", __func__, lock, isc_retval); - mtx_unlock(&lun->lun_lock); - mtx_unlock(&softc->ctl_lock); - return (1); - } - } - - mtx_unlock(&lun->lun_lock); - mtx_unlock(&softc->ctl_lock); - - return (0); -} - void ctl_lun_capacity_changed(struct ctl_be_lun *be_lun) { @@ -5292,6 +5066,8 @@ ctl_config_move_done(union ctl_io *io) * * - Call some other function once the data is in? */ + if (ctl_debug & CTL_DEBUG_CDB_DATA) + ctl_data_print(io); /* * XXX KDM call ctl_scsiio() again for now, and check flag @@ -6360,121 +6136,6 @@ ctl_caching_sp_handler(struct ctl_scsiio *ctsio, } int -ctl_power_sp_handler(struct ctl_scsiio *ctsio, - struct ctl_page_index *page_index, uint8_t *page_ptr) -{ - return (0); -} - -int -ctl_power_sp_sense_handler(struct ctl_scsiio *ctsio, - struct ctl_page_index *page_index, int pc) -{ - struct copan_power_subpage *page; - - page = (struct copan_power_subpage *)page_index->page_data + - (page_index->page_len * pc); - - switch (pc) { - case SMS_PAGE_CTRL_CHANGEABLE >> 6: - /* - * We don't update the changable bits for this page. - */ - break; - case SMS_PAGE_CTRL_CURRENT >> 6: - case SMS_PAGE_CTRL_DEFAULT >> 6: - case SMS_PAGE_CTRL_SAVED >> 6: -#ifdef NEEDTOPORT - ctl_update_power_subpage(page); -#endif - break; - default: -#ifdef NEEDTOPORT - EPRINT(0, "Invalid PC %d!!", pc); -#endif - break; - } - return (0); -} - - -int -ctl_aps_sp_handler(struct ctl_scsiio *ctsio, - struct ctl_page_index *page_index, uint8_t *page_ptr) -{ - struct copan_aps_subpage *user_sp; - struct copan_aps_subpage *current_sp; - union ctl_modepage_info *modepage_info; - struct ctl_softc *softc; - struct ctl_lun *lun; - int retval; - - retval = CTL_RETVAL_COMPLETE; - current_sp = (struct copan_aps_subpage *)(page_index->page_data + - (page_index->page_len * CTL_PAGE_CURRENT)); - softc = control_softc; - lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr; - - user_sp = (struct copan_aps_subpage *)page_ptr; - - modepage_info = (union ctl_modepage_info *) - ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes; - - modepage_info->header.page_code = page_index->page_code & SMPH_PC_MASK; - modepage_info->header.subpage = page_index->subpage; - modepage_info->aps.lock_active = user_sp->lock_active; - - mtx_lock(&softc->ctl_lock); - - /* - * If there is a request to lock the LUN and another LUN is locked - * this is an error. If the requested LUN is already locked ignore - * the request. If no LUN is locked attempt to lock it. - * if there is a request to unlock the LUN and the LUN is currently - * locked attempt to unlock it. Otherwise ignore the request. i.e. - * if another LUN is locked or no LUN is locked. - */ - if (user_sp->lock_active & APS_LOCK_ACTIVE) { - if (softc->aps_locked_lun == lun->lun) { - /* - * This LUN is already locked, so we're done. - */ - retval = CTL_RETVAL_COMPLETE; - } else if (softc->aps_locked_lun == 0) { - /* - * No one has the lock, pass the request to the - * backend. - */ - retval = lun->backend->config_write( - (union ctl_io *)ctsio); - } else { - /* - * Someone else has the lock, throw out the request. - */ - ctl_set_already_locked(ctsio); - free(ctsio->kern_data_ptr, M_CTL); - ctl_done((union ctl_io *)ctsio); - - /* - * Set the return value so that ctl_do_mode_select() - * won't try to complete the command. We already - * completed it here. - */ - retval = CTL_RETVAL_ERROR; - } - } else if (softc->aps_locked_lun == lun->lun) { - /* - * This LUN is locked, so pass the unlock request to the - * backend. - */ - retval = lun->backend->config_write((union ctl_io *)ctsio); - } - mtx_unlock(&softc->ctl_lock); - - return (retval); -} - -int ctl_debugconf_sp_select_handler(struct ctl_scsiio *ctsio, struct ctl_page_index *page_index, uint8_t *page_ptr) @@ -7266,6 +6927,91 @@ ctl_mode_sense(struct ctl_scsiio *ctsio) } int +ctl_log_sense(struct ctl_scsiio *ctsio) +{ + struct ctl_lun *lun; + int i, pc, page_code, subpage; + int alloc_len, total_len; + struct ctl_page_index *page_index; + struct scsi_log_sense *cdb; + struct scsi_log_header *header; + + CTL_DEBUG_PRINT(("ctl_log_sense\n")); + + lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr; + cdb = (struct scsi_log_sense *)ctsio->cdb; + pc = (cdb->page & SLS_PAGE_CTRL_MASK) >> 6; + page_code = cdb->page & SLS_PAGE_CODE; + subpage = cdb->subpage; + alloc_len = scsi_2btoul(cdb->length); + + page_index = NULL; + for (i = 0; i < CTL_NUM_LOG_PAGES; i++) { + page_index = &lun->log_pages.index[i]; + + /* Look for the right page code */ + if ((page_index->page_code & SL_PAGE_CODE) != page_code) + continue; + + /* Look for the right subpage or the subpage wildcard*/ + if (page_index->subpage != subpage) + continue; + + break; + } + if (i >= CTL_NUM_LOG_PAGES) { + ctl_set_invalid_field(ctsio, + /*sks_valid*/ 1, + /*command*/ 1, + /*field*/ 2, + /*bit_valid*/ 0, + /*bit*/ 0); + ctl_done((union ctl_io *)ctsio); + return (CTL_RETVAL_COMPLETE); + } + + total_len = sizeof(struct scsi_log_header) + page_index->page_len; + + ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO); + ctsio->kern_sg_entries = 0; + ctsio->kern_data_resid = 0; + ctsio->kern_rel_offset = 0; + if (total_len < alloc_len) { + ctsio->residual = alloc_len - total_len; + ctsio->kern_data_len = total_len; + ctsio->kern_total_len = total_len; + } else { + ctsio->residual = 0; + ctsio->kern_data_len = alloc_len; + ctsio->kern_total_len = alloc_len; + } + + header = (struct scsi_log_header *)ctsio->kern_data_ptr; + header->page = page_index->page_code; + if (page_index->subpage) { + header->page |= SL_SPF; + header->subpage = page_index->subpage; + } + scsi_ulto2b(page_index->page_len, header->datalen); + + /* + * Call the handler, if it exists, to update the + * page to the latest values. + */ + if (page_index->sense_handler != NULL) + page_index->sense_handler(ctsio, page_index, pc); + + memcpy(header + 1, page_index->page_data, page_index->page_len); + + ctsio->scsi_status = SCSI_STATUS_OK; + ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED; + ctsio->be_move_done = ctl_config_move_done; + ctl_datamove((union ctl_io *)ctsio); + + return (CTL_RETVAL_COMPLETE); +} + +int ctl_read_capacity(struct ctl_scsiio *ctsio) { struct scsi_read_capacity *cdb; @@ -13764,17 +13510,14 @@ ctl_process_done(union ctl_io *io) case CTL_IO_SCSI: break; case CTL_IO_TASK: - if (bootverbose || verbose > 0) + if (bootverbose || (ctl_debug & CTL_DEBUG_INFO)) ctl_io_error_print(io, NULL); if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) ctl_free_io(io); else fe_done(io); return (CTL_RETVAL_COMPLETE); - break; default: - printf("ctl_process_done: invalid io type %d\n", - io->io_hdr.io_type); panic("ctl_process_done: invalid io type %d\n", io->io_hdr.io_type); break; /* NOTREACHED */ @@ -13868,74 +13611,28 @@ ctl_process_done(union ctl_io *io) ctl_set_task_aborted(&io->scsiio); /* - * We print out status for every task management command. For SCSI - * commands, we filter out any unit attention errors; they happen - * on every boot, and would clutter up the log. Note: task - * management commands aren't printed here, they are printed above, - * since they should never even make it down here. + * If enabled, print command error status. + * We don't print UAs unless debugging was enabled explicitly. */ - switch (io->io_hdr.io_type) { - case CTL_IO_SCSI: { - int error_code, sense_key, asc, ascq; - - sense_key = 0; + do { + if ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS) + break; + if (!bootverbose && (ctl_debug & CTL_DEBUG_INFO) == 0) + break; + if ((ctl_debug & CTL_DEBUG_INFO) == 0 && + ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SCSI_ERROR) && + (io->scsiio.scsi_status == SCSI_STATUS_CHECK_COND)) { + int error_code, sense_key, asc, ascq; - if (((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SCSI_ERROR) - && (io->scsiio.scsi_status == SCSI_STATUS_CHECK_COND)) { - /* - * Since this is just for printing, no need to - * show errors here. - */ scsi_extract_sense_len(&io->scsiio.sense_data, - io->scsiio.sense_len, - &error_code, - &sense_key, - &asc, - &ascq, - /*show_errors*/ 0); + io->scsiio.sense_len, &error_code, &sense_key, + &asc, &ascq, /*show_errors*/ 0); + if (sense_key == SSD_KEY_UNIT_ATTENTION) + break; } - if (((io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS) - && (((io->io_hdr.status & CTL_STATUS_MASK) != CTL_SCSI_ERROR) - || (io->scsiio.scsi_status != SCSI_STATUS_CHECK_COND) - || (sense_key != SSD_KEY_UNIT_ATTENTION))) { - - if ((time_uptime - ctl_softc->last_print_jiffies) <= 0){ - ctl_softc->skipped_prints++; - } else { - uint32_t skipped_prints; - - skipped_prints = ctl_softc->skipped_prints; - - ctl_softc->skipped_prints = 0; - ctl_softc->last_print_jiffies = time_uptime; - - if (skipped_prints > 0) { -#ifdef NEEDTOPORT - csevent_log(CSC_CTL | CSC_SHELF_SW | - CTL_ERROR_REPORT, - csevent_LogType_Trace, - csevent_Severity_Information, - csevent_AlertLevel_Green, - csevent_FRU_Firmware, - csevent_FRU_Unknown, - "High CTL error volume, %d prints " - "skipped", skipped_prints); -#endif - } - if (bootverbose || verbose > 0) - ctl_io_error_print(io, NULL); - } - } - break; - } - case CTL_IO_TASK: - if (bootverbose || verbose > 0) - ctl_io_error_print(io, NULL); - break; - default: - break; - } + ctl_io_error_print(io, NULL); + } while (0); /* * Tell the FETD or the other shelf controller we're done with this @@ -14080,6 +13777,8 @@ ctl_queue(union ctl_io *io) switch (io->io_hdr.io_type) { case CTL_IO_SCSI: case CTL_IO_TASK: + if (ctl_debug & CTL_DEBUG_CDB) + ctl_io_print(io); ctl_enqueue_incoming(io); break; default: diff --git a/sys/cam/ctl/ctl.h b/sys/cam/ctl/ctl.h index fa09c0e..9c7b04b 100644 --- a/sys/cam/ctl/ctl.h +++ b/sys/cam/ctl/ctl.h @@ -172,12 +172,6 @@ int ctl_failover_sp_handler(struct ctl_scsiio *ctsio, struct ctl_page_index *page_index, uint8_t *page_ptr); **/ -int ctl_power_sp_handler(struct ctl_scsiio *ctsio, - struct ctl_page_index *page_index, uint8_t *page_ptr); -int ctl_power_sp_sense_handler(struct ctl_scsiio *ctsio, - struct ctl_page_index *page_index, int pc); -int ctl_aps_sp_handler(struct ctl_scsiio *ctsio, - struct ctl_page_index *page_index, uint8_t *page_ptr); int ctl_debugconf_sp_sense_handler(struct ctl_scsiio *ctsio, struct ctl_page_index *page_index, int pc); diff --git a/sys/cam/ctl/ctl_backend.h b/sys/cam/ctl/ctl_backend.h index fab34ad..4d88f64 100644 --- a/sys/cam/ctl/ctl_backend.h +++ b/sys/cam/ctl/ctl_backend.h @@ -280,14 +280,6 @@ int ctl_lun_inoperable(struct ctl_be_lun *be_lun); int ctl_lun_operable(struct ctl_be_lun *be_lun); /* - * If a LUN is locked on or unlocked from a power/APS standpoint, call - * ctl_lun_power_lock() to update the current status in CTL's APS subpage. - * Set the lock flag to 1 to lock the LUN, set it to 0 to unlock the LUN. - */ -int ctl_lun_power_lock(struct ctl_be_lun *be_lun, struct ctl_nexus *nexus, - int lock); - -/* * To take a LUN offline, call ctl_lun_offline(). Generally the LUN will * be online again once the user sends a SCSI START STOP UNIT command with * the start and on/offline bits set. The backend can bring the LUN back diff --git a/sys/cam/ctl/ctl_cmd_table.c b/sys/cam/ctl/ctl_cmd_table.c index c1c1673..a9bd500 100644 --- a/sys/cam/ctl/ctl_cmd_table.c +++ b/sys/cam/ctl/ctl_cmd_table.c @@ -850,7 +850,10 @@ const struct ctl_cmd_entry ctl_cmd_table[256] = {NULL, CTL_SERIDX_INVLD, CTL_CMD_FLAG_NONE, CTL_LUN_PAT_NONE}, /* 4D LOG SENSE */ -{NULL, CTL_SERIDX_INVLD, CTL_CMD_FLAG_NONE, CTL_LUN_PAT_NONE}, +{ctl_log_sense, CTL_SERIDX_LOG_SNS, CTL_CMD_FLAG_OK_ON_SLUN | + CTL_FLAG_DATA_IN | + CTL_CMD_FLAG_ALLOW_ON_PR_RESV, + CTL_LUN_PAT_NONE, 10, {0, 0xff, 0xff, 0, 0xff, 0xff, 0xff, 0xff, 0x07} }, /* 4E STOP PLAY/SCAN */ {NULL, CTL_SERIDX_INVLD, CTL_CMD_FLAG_NONE, CTL_LUN_PAT_NONE}, diff --git a/sys/cam/ctl/ctl_debug.h b/sys/cam/ctl/ctl_debug.h index 53f406b..8bd0870 100644 --- a/sys/cam/ctl/ctl_debug.h +++ b/sys/cam/ctl/ctl_debug.h @@ -39,6 +39,16 @@ #ifndef _CTL_DEBUG_H_ #define _CTL_DEBUG_H_ +/* + * Debugging flags. + */ +typedef enum { + CTL_DEBUG_NONE = 0x00, /* no debugging */ + CTL_DEBUG_INFO = 0x01, /* SCSI errors */ + CTL_DEBUG_CDB = 0x02, /* SCSI CDBs and tasks */ + CTL_DEBUG_CDB_DATA = 0x04 /* SCSI CDB DATA */ +} ctl_debug_flags; + #ifdef CAM_CTL_DEBUG #define CTL_DEBUG_PRINT(X) \ do { \ diff --git a/sys/cam/ctl/ctl_io.h b/sys/cam/ctl/ctl_io.h index c810817..4de17f4 100644 --- a/sys/cam/ctl/ctl_io.h +++ b/sys/cam/ctl/ctl_io.h @@ -234,7 +234,6 @@ typedef enum { CTL_MSG_MANAGE_TASKS, CTL_MSG_PERS_ACTION, CTL_MSG_SYNC_FE, - CTL_MSG_APS_LOCK, CTL_MSG_DATAMOVE, CTL_MSG_DATAMOVE_DONE } ctl_msg_type; @@ -424,14 +423,6 @@ struct ctl_ha_msg_hdr { #define CTL_HA_MAX_SG_ENTRIES 16 /* - * Used for CTL_MSG_APS_LOCK. - */ -struct ctl_ha_msg_aps { - struct ctl_ha_msg_hdr hdr; - uint8_t lock_flag; -}; - -/* * Used for CTL_MSG_PERS_ACTION. */ struct ctl_ha_msg_pr { @@ -500,7 +491,6 @@ union ctl_ha_msg { struct ctl_ha_msg_scsi scsi; struct ctl_ha_msg_dt dt; struct ctl_ha_msg_pr pr; - struct ctl_ha_msg_aps aps; }; diff --git a/sys/cam/ctl/ctl_private.h b/sys/cam/ctl/ctl_private.h index 30418df..c470345 100644 --- a/sys/cam/ctl/ctl_private.h +++ b/sys/cam/ctl/ctl_private.h @@ -302,6 +302,8 @@ struct ctl_page_index { #define CTL_PAGE_SAVED 0x03 static const struct ctl_page_index page_index_template[] = { + {SMS_RW_ERROR_RECOVERY_PAGE, 0, sizeof(struct scsi_da_rw_recovery_page), NULL, + CTL_PAGE_FLAG_DISK_ONLY, NULL, NULL}, {SMS_FORMAT_DEVICE_PAGE, 0, sizeof(struct scsi_format_page), NULL, CTL_PAGE_FLAG_DISK_ONLY, NULL, NULL}, {SMS_RIGID_DISK_PAGE, 0, sizeof(struct scsi_rigid_disk_page), NULL, @@ -310,12 +312,11 @@ static const struct ctl_page_index page_index_template[] = { CTL_PAGE_FLAG_DISK_ONLY, NULL, ctl_caching_sp_handler}, {SMS_CONTROL_MODE_PAGE, 0, sizeof(struct scsi_control_page), NULL, CTL_PAGE_FLAG_NONE, NULL, ctl_control_page_handler}, - {SMS_VENDOR_SPECIFIC_PAGE | SMPH_SPF, PWR_SUBPAGE_CODE, - sizeof(struct copan_power_subpage), NULL, CTL_PAGE_FLAG_NONE, - ctl_power_sp_sense_handler, ctl_power_sp_handler}, - {SMS_VENDOR_SPECIFIC_PAGE | SMPH_SPF, APS_SUBPAGE_CODE, - sizeof(struct copan_aps_subpage), NULL, CTL_PAGE_FLAG_NONE, - NULL, ctl_aps_sp_handler}, + {SMS_INFO_EXCEPTIONS_PAGE, 0, sizeof(struct scsi_info_exceptions_page), NULL, + CTL_PAGE_FLAG_NONE, NULL, NULL}, + {SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF, 0x02, + sizeof(struct scsi_logical_block_provisioning_page), NULL, + CTL_PAGE_FLAG_DISK_ONLY, NULL, NULL}, {SMS_VENDOR_SPECIFIC_PAGE | SMPH_SPF, DBGCNF_SUBPAGE_CODE, sizeof(struct copan_debugconf_subpage), NULL, CTL_PAGE_FLAG_NONE, ctl_debugconf_sp_sense_handler, ctl_debugconf_sp_select_handler}, @@ -325,16 +326,33 @@ static const struct ctl_page_index page_index_template[] = { sizeof(page_index_template[0]) struct ctl_mode_pages { + struct scsi_da_rw_recovery_page rw_er_page[4]; struct scsi_format_page format_page[4]; struct scsi_rigid_disk_page rigid_disk_page[4]; struct scsi_caching_page caching_page[4]; struct scsi_control_page control_page[4]; - struct copan_power_subpage power_subpage[4]; - struct copan_aps_subpage aps_subpage[4]; + struct scsi_info_exceptions_page ie_page[4]; + struct scsi_logical_block_provisioning_page lbp_page[4]; struct copan_debugconf_subpage debugconf_subpage[4]; struct ctl_page_index index[CTL_NUM_MODE_PAGES]; }; +static const struct ctl_page_index log_page_index_template[] = { + {SLS_SUPPORTED_PAGES_PAGE, 0, 0, NULL, + CTL_PAGE_FLAG_NONE, NULL, NULL}, + {SLS_SUPPORTED_PAGES_PAGE, SLS_SUPPORTED_SUBPAGES_SUBPAGE, 0, NULL, + CTL_PAGE_FLAG_NONE, NULL, NULL}, +}; + +#define CTL_NUM_LOG_PAGES sizeof(log_page_index_template)/ \ + sizeof(log_page_index_template[0]) + +struct ctl_log_pages { + uint8_t pages_page[CTL_NUM_LOG_PAGES]; + uint8_t subpages_page[CTL_NUM_LOG_PAGES * 2]; + struct ctl_page_index index[CTL_NUM_LOG_PAGES]; +}; + struct ctl_lun_delay_info { ctl_delay_type datamove_type; uint32_t datamove_delay; @@ -391,6 +409,7 @@ struct ctl_lun { #endif ctl_ua_type pending_ua[CTL_MAX_INITIATORS]; struct ctl_mode_pages mode_pages; + struct ctl_log_pages log_pages; struct ctl_lun_io_stats stats; uint32_t res_idx; unsigned int PRGeneration; @@ -442,7 +461,6 @@ struct ctl_softc { uint32_t ctl_lun_mask[(CTL_MAX_LUNS + 31) / 32]; struct ctl_lun *ctl_luns[CTL_MAX_LUNS]; uint32_t ctl_port_mask[(CTL_MAX_PORTS + 31) / 32]; - uint64_t aps_locked_lun; STAILQ_HEAD(, ctl_lun) lun_list; STAILQ_HEAD(, ctl_be_lun) pending_lun_queue; uint32_t num_frontends; @@ -456,8 +474,6 @@ struct ctl_softc { uint32_t num_pools; uint32_t cur_pool_id; STAILQ_HEAD(, ctl_io_pool) io_pools; - time_t last_print_jiffies; - uint32_t skipped_prints; struct ctl_thread threads[CTL_MAX_THREADS]; TAILQ_HEAD(tpc_tokens, tpc_token) tpc_tokens; struct callout tpc_timeout; @@ -484,6 +500,7 @@ int ctl_write_same(struct ctl_scsiio *ctsio); int ctl_unmap(struct ctl_scsiio *ctsio); int ctl_mode_select(struct ctl_scsiio *ctsio); int ctl_mode_sense(struct ctl_scsiio *ctsio); +int ctl_log_sense(struct ctl_scsiio *ctsio); int ctl_read_capacity(struct ctl_scsiio *ctsio); int ctl_read_capacity_16(struct ctl_scsiio *ctsio); int ctl_read_defect(struct ctl_scsiio *ctsio); diff --git a/sys/cam/ctl/ctl_scsi_all.c b/sys/cam/ctl/ctl_scsi_all.c index 91b79f3..815e383 100644 --- a/sys/cam/ctl/ctl_scsi_all.c +++ b/sys/cam/ctl/ctl_scsi_all.c @@ -112,32 +112,10 @@ ctl_scsi_command_string(struct ctl_scsiio *ctsio, void ctl_scsi_path_string(union ctl_io *io, char *path_str, int len) { - if (io->io_hdr.nexus.targ_target.wwid[0] == 0) { - snprintf(path_str, len, "(%ju:%d:%ju:%d): ", - (uintmax_t)io->io_hdr.nexus.initid.id, - io->io_hdr.nexus.targ_port, - (uintmax_t)io->io_hdr.nexus.targ_target.id, - io->io_hdr.nexus.targ_lun); - } else { - /* - * XXX KDM find a better way to display FC WWIDs. - */ -#ifdef _KERNEL - snprintf(path_str, len, "(%ju:%d:%#jx,%#jx:%d): ", - (uintmax_t)io->io_hdr.nexus.initid.id, - io->io_hdr.nexus.targ_port, - (intmax_t)io->io_hdr.nexus.targ_target.wwid[0], - (intmax_t)io->io_hdr.nexus.targ_target.wwid[1], - io->io_hdr.nexus.targ_lun); -#else /* _KERNEL */ - snprintf(path_str, len, "(%ju:%d:%#jx,%#jx:%d): ", - (uintmax_t)io->io_hdr.nexus.initid.id, - io->io_hdr.nexus.targ_port, - (intmax_t)io->io_hdr.nexus.targ_target.wwid[0], - (intmax_t)io->io_hdr.nexus.targ_target.wwid[1], - io->io_hdr.nexus.targ_lun); -#endif /* _KERNEL */ - } + + snprintf(path_str, len, "(%u:%u:%u/%u): ", + io->io_hdr.nexus.initid.id, io->io_hdr.nexus.targ_port, + io->io_hdr.nexus.targ_lun, io->io_hdr.nexus.targ_mapped_lun); } /* diff --git a/sys/cam/ctl/ctl_util.c b/sys/cam/ctl/ctl_util.c index 61b0085..a991cfb 100644 --- a/sys/cam/ctl/ctl_util.c +++ b/sys/cam/ctl/ctl_util.c @@ -731,69 +731,64 @@ ctl_scsi_task_string(struct ctl_taskio *taskio) } void -ctl_io_error_sbuf(union ctl_io *io, struct scsi_inquiry_data *inq_data, - struct sbuf *sb) +ctl_io_sbuf(union ctl_io *io, struct sbuf *sb) { - struct ctl_status_desc *status_desc; + const char *task_desc; char path_str[64]; - unsigned int i; - - status_desc = NULL; - - for (i = 0; i < (sizeof(ctl_status_table)/sizeof(ctl_status_table[0])); - i++) { - if ((io->io_hdr.status & CTL_STATUS_MASK) == - ctl_status_table[i].status) { - status_desc = &ctl_status_table[i]; - break; - } - } ctl_scsi_path_string(io, path_str, sizeof(path_str)); switch (io->io_hdr.io_type) { case CTL_IO_SCSI: sbuf_cat(sb, path_str); - ctl_scsi_command_string(&io->scsiio, NULL, sb); - - sbuf_printf(sb, "\n"); - - sbuf_printf(sb, "%sTag: 0x%04x, Type: %d\n", path_str, + sbuf_printf(sb, " Tag: %#x/%d\n", io->scsiio.tag_num, io->scsiio.tag_type); break; - case CTL_IO_TASK: { - const char *task_desc; - + case CTL_IO_TASK: sbuf_cat(sb, path_str); - task_desc = ctl_scsi_task_string(&io->taskio); - if (task_desc == NULL) sbuf_printf(sb, "Unknown Task Action %d (%#x)", - io->taskio.task_action, - io->taskio.task_action); + io->taskio.task_action, io->taskio.task_action); else sbuf_printf(sb, "Task Action: %s", task_desc); - - sbuf_printf(sb, "\n"); - switch (io->taskio.task_action) { case CTL_TASK_ABORT_TASK: - case CTL_TASK_ABORT_TASK_SET: - case CTL_TASK_CLEAR_TASK_SET: - sbuf_printf(sb, "%sTag: 0x%04x, Type: %d\n", path_str, - io->taskio.tag_num, - io->taskio.tag_type); + sbuf_printf(sb, " Tag: %#x/%d\n", + io->taskio.tag_num, io->taskio.tag_type); break; default: + sbuf_printf(sb, "\n"); break; } break; - } default: break; } +} + +void +ctl_io_error_sbuf(union ctl_io *io, struct scsi_inquiry_data *inq_data, + struct sbuf *sb) +{ + struct ctl_status_desc *status_desc; + char path_str[64]; + unsigned int i; + + ctl_io_sbuf(io, sb); + + status_desc = NULL; + for (i = 0; i < (sizeof(ctl_status_table)/sizeof(ctl_status_table[0])); + i++) { + if ((io->io_hdr.status & CTL_STATUS_MASK) == + ctl_status_table[i].status) { + status_desc = &ctl_status_table[i]; + break; + } + } + + ctl_scsi_path_string(io, path_str, sizeof(path_str)); sbuf_cat(sb, path_str); if (status_desc == NULL) @@ -815,23 +810,39 @@ ctl_io_error_sbuf(union ctl_io *io, struct scsi_inquiry_data *inq_data, } char * +ctl_io_string(union ctl_io *io, char *str, int str_len) +{ + struct sbuf sb; + + sbuf_new(&sb, str, str_len, SBUF_FIXEDLEN); + ctl_io_sbuf(io, &sb); + sbuf_finish(&sb); + return (sbuf_data(&sb)); +} + +char * ctl_io_error_string(union ctl_io *io, struct scsi_inquiry_data *inq_data, char *str, int str_len) { struct sbuf sb; sbuf_new(&sb, str, str_len, SBUF_FIXEDLEN); - ctl_io_error_sbuf(io, inq_data, &sb); - sbuf_finish(&sb); - return (sbuf_data(&sb)); } #ifdef _KERNEL void +ctl_io_print(union ctl_io *io) +{ + char str[512]; + + printf("%s", ctl_io_string(io, str, sizeof(str))); +} + +void ctl_io_error_print(union ctl_io *io, struct scsi_inquiry_data *inq_data) { char str[512]; @@ -856,6 +867,37 @@ ctl_io_error_print(union ctl_io *io, struct scsi_inquiry_data *inq_data) } +void +ctl_data_print(union ctl_io *io) +{ + char str[128]; + char path_str[64]; + struct sbuf sb; + int i, j, len; + + if (io->io_hdr.io_type != CTL_IO_SCSI) + return; + if (io->io_hdr.flags & CTL_FLAG_BUS_ADDR) + return; + if (io->io_hdr.flags & CTL_FLAG_EDPTR_SGLIST) /* XXX: Implement */ + return; + ctl_scsi_path_string(io, path_str, sizeof(path_str)); + len = min(io->scsiio.kern_data_len, 4096); + for (i = 0; i < len; ) { + sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN); + sbuf_cat(&sb, path_str); + sbuf_printf(&sb, " %#6x:%04x:", io->scsiio.tag_num, i); + for (j = 0; j < 16 && i < len; i++, j++) { + if (j == 8) + sbuf_cat(&sb, " "); + sbuf_printf(&sb, " %02x", io->scsiio.kern_data_ptr[i]); + } + sbuf_cat(&sb, "\n"); + sbuf_finish(&sb); + printf("%s", sbuf_data(&sb)); + } +} + #else /* _KERNEL */ void diff --git a/sys/cam/ctl/ctl_util.h b/sys/cam/ctl/ctl_util.h index 774ac27..af5e55f 100644 --- a/sys/cam/ctl/ctl_util.h +++ b/sys/cam/ctl/ctl_util.h @@ -99,19 +99,20 @@ void ctl_scsi_free_io(union ctl_io *io); #endif /* !_KERNEL */ void ctl_scsi_zero_io(union ctl_io *io); const char *ctl_scsi_task_string(struct ctl_taskio *taskio); +void ctl_io_sbuf(union ctl_io *io, struct sbuf *sb); void ctl_io_error_sbuf(union ctl_io *io, struct scsi_inquiry_data *inq_data, struct sbuf *sb); +char *ctl_io_string(union ctl_io *io, char *str, int str_len); char *ctl_io_error_string(union ctl_io *io, struct scsi_inquiry_data *inq_data, char *str, int str_len); #ifdef _KERNEL - +void ctl_io_print(union ctl_io *io); void ctl_io_error_print(union ctl_io *io, struct scsi_inquiry_data *inq_data); +void ctl_data_print(union ctl_io *io); #else /* _KERNEL */ -void -ctl_io_error_print(union ctl_io *io, struct scsi_inquiry_data *inq_data, +void ctl_io_error_print(union ctl_io *io, struct scsi_inquiry_data *inq_data, FILE *ofile); - #endif /* _KERNEL */ __END_DECLS diff --git a/sys/cam/scsi/scsi_all.h b/sys/cam/scsi/scsi_all.h index fbb131e..90fc585 100644 --- a/sys/cam/scsi/scsi_all.h +++ b/sys/cam/scsi/scsi_all.h @@ -551,7 +551,7 @@ struct scsi_log_sense #define SLS_PPC 0x02 u_int8_t page; #define SLS_PAGE_CODE 0x3F -#define SLS_ALL_PAGES_PAGE 0x00 +#define SLS_SUPPORTED_PAGES_PAGE 0x00 #define SLS_OVERRUN_PAGE 0x01 #define SLS_ERROR_WRITE_PAGE 0x02 #define SLS_ERROR_READ_PAGE 0x03 @@ -566,7 +566,9 @@ struct scsi_log_sense #define SLS_PAGE_CTRL_CUMULATIVE 0x40 #define SLS_PAGE_CTRL_THRESH_DEFAULT 0x80 #define SLS_PAGE_CTRL_CUMUL_DEFAULT 0xC0 - u_int8_t reserved[2]; + u_int8_t subpage; +#define SLS_SUPPORTED_SUBPAGES_SUBPAGE 0xff + u_int8_t reserved; u_int8_t paramptr[2]; u_int8_t length[2]; u_int8_t control; @@ -592,7 +594,10 @@ struct scsi_log_select struct scsi_log_header { u_int8_t page; - u_int8_t reserved; +#define SL_PAGE_CODE 0x3F +#define SL_SPF 0x40 +#define SL_DS 0x80 + u_int8_t subpage; u_int8_t datalen[2]; }; @@ -704,40 +709,6 @@ struct scsi_caching_page { /* * XXX KDM move this off to a vendor shim. */ -struct copan_power_subpage { - uint8_t page_code; -#define PWR_PAGE_CODE 0x00 - uint8_t subpage; -#define PWR_SUBPAGE_CODE 0x02 - uint8_t page_length[2]; - uint8_t page_version; -#define PWR_VERSION 0x01 - uint8_t total_luns; - uint8_t max_active_luns; -#define PWR_DFLT_MAX_LUNS 0x07 - uint8_t reserved[25]; -}; - -/* - * XXX KDM move this off to a vendor shim. - */ -struct copan_aps_subpage { - uint8_t page_code; -#define APS_PAGE_CODE 0x00 - uint8_t subpage; -#define APS_SUBPAGE_CODE 0x03 - uint8_t page_length[2]; - uint8_t page_version; -#define APS_VERSION 0x00 - uint8_t lock_active; -#define APS_LOCK_ACTIVE 0x01 -#define APS_LOCK_INACTIVE 0x00 - uint8_t reserved[26]; -}; - -/* - * XXX KDM move this off to a vendor shim. - */ struct copan_debugconf_subpage { uint8_t page_code; #define DBGCNF_PAGE_CODE 0x00 @@ -767,6 +738,23 @@ struct scsi_info_exceptions_page { u_int8_t report_count[4]; }; +struct scsi_logical_block_provisioning_page_descr { + uint8_t flags; + uint8_t resource; + uint8_t reserved[2]; + uint8_t count[4]; +}; + +struct scsi_logical_block_provisioning_page { + uint8_t page_code; + uint8_t subpage_code; + uint8_t page_length[2]; + uint8_t flags; +#define SLBPP_SITUA 0x01 + uint8_t reserved[11]; + struct scsi_logical_block_provisioning_page_descr descr[0]; +}; + /* * SCSI protocol identifier values, current as of SPC4r36l. */ diff --git a/sys/cam/scsi/scsi_da.c b/sys/cam/scsi/scsi_da.c index 3793f31..f6da890 100644 --- a/sys/cam/scsi/scsi_da.c +++ b/sys/cam/scsi/scsi_da.c @@ -1134,6 +1134,14 @@ static struct da_quirk_entry da_quirk_table[] = }, { /* + * Samsung PM853T Series SSDs + * 4k optimised + */ + { T_DIRECT, SIP_MEDIA_FIXED, "ATA", "SAMSUNG MZ7GE*", "*" }, + /*quirks*/DA_Q_4K + }, + { + /* * SuperTalent TeraDrive CT SSDs * 4k optimised & trim only works in 4k requests + 4k aligned */ diff --git a/sys/cam/scsi/scsi_da.h b/sys/cam/scsi/scsi_da.h index f48d327..9e5563d 100644 --- a/sys/cam/scsi/scsi_da.h +++ b/sys/cam/scsi/scsi_da.h @@ -527,7 +527,8 @@ struct scsi_da_rw_recovery_page { u_int8_t correction_span; u_int8_t head_offset_count; u_int8_t data_strobe_offset_cnt; - u_int8_t reserved; + u_int8_t byte8; +#define SMS_RWER_LBPERE 0x80 u_int8_t write_retry_count; u_int8_t reserved2; u_int8_t recovery_time_limit[2]; diff --git a/sys/cddl/contrib/opensolaris/uts/common/dtrace/dtrace.c b/sys/cddl/contrib/opensolaris/uts/common/dtrace/dtrace.c index 3efe022..0cd832e 100644 --- a/sys/cddl/contrib/opensolaris/uts/common/dtrace/dtrace.c +++ b/sys/cddl/contrib/opensolaris/uts/common/dtrace/dtrace.c @@ -13052,7 +13052,7 @@ dtrace_dof_property(const char *name) char *p; char *p_env; - if ((p_env = getenv(name)) == NULL) + if ((p_env = kern_getenv(name)) == NULL) return (NULL); len = strlen(p_env) / 2; diff --git a/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dsl_scan.c b/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dsl_scan.c index bcf04c1..4a27c64 100644 --- a/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dsl_scan.c +++ b/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dsl_scan.c @@ -1459,13 +1459,6 @@ dsl_scan_sync(dsl_pool_t *dp, dmu_tx_t *tx) "traverse_dataset_destroyed()", err); } - /* - * If we didn't make progress, mark the async destroy as - * stalled, so that we will not initiate a spa_sync() on - * its behalf. - */ - scn->scn_async_stalled = (scn->scn_visited_this_txg == 0); - if (bptree_is_empty(dp->dp_meta_objset, dp->dp_bptree_obj)) { /* finished; deactivate async destroy feature */ spa_feature_decr(spa, SPA_FEATURE_ASYNC_DESTROY, tx); @@ -1478,6 +1471,14 @@ dsl_scan_sync(dsl_pool_t *dp, dmu_tx_t *tx) dp->dp_bptree_obj, tx)); dp->dp_bptree_obj = 0; scn->scn_async_destroying = B_FALSE; + } else { + /* + * If we didn't make progress, mark the async destroy as + * stalled, so that we will not initiate a spa_sync() on + * its behalf. + */ + scn->scn_async_stalled = + (scn->scn_visited_this_txg == 0); } } if (scn->scn_visited_this_txg) { diff --git a/sys/conf/files b/sys/conf/files index 9d2a787..13150f4 100644 --- a/sys/conf/files +++ b/sys/conf/files @@ -3231,7 +3231,7 @@ net/if_ethersubr.c optional ether net/if_faith.c optional faith net/if_fddisubr.c optional fddi net/if_fwsubr.c optional fwip -net/if_gif.c optional gif | netgraph_gif +net/if_gif.c optional gif inet | gif inet6 | netgraph_gif net/if_gre.c optional gre inet net/if_iso88025subr.c optional token net/if_lagg.c optional lagg diff --git a/sys/conf/files.powerpc b/sys/conf/files.powerpc index 10515a5..62f645e 100644 --- a/sys/conf/files.powerpc +++ b/sys/conf/files.powerpc @@ -33,6 +33,7 @@ dev/hwpmc/hwpmc_powerpc.c optional hwpmc dev/hwpmc/hwpmc_mpc7xxx.c optional hwpmc dev/hwpmc/hwpmc_ppc970.c optional hwpmc dev/iicbus/ad7417.c optional ad7417 powermac +dev/iicbus/adm1030.c optional powermac windtunnel | adm1030 powermac dev/iicbus/adt746x.c optional adt746x powermac dev/iicbus/ds1631.c optional ds1631 powermac dev/iicbus/ds1775.c optional ds1775 powermac @@ -169,7 +170,6 @@ powerpc/powermac/smusat.c optional powermac smu powerpc/powermac/uninorth.c optional powermac powerpc/powermac/uninorthpci.c optional powermac pci powerpc/powermac/vcoregpio.c optional powermac -powerpc/powermac/windtunnel.c optional powermac windtunnel powerpc/powerpc/altivec.c standard powerpc/powerpc/autoconf.c standard powerpc/powerpc/bcopy.c standard diff --git a/sys/conf/kmod.mk b/sys/conf/kmod.mk index 090031c..838b830 100644 --- a/sys/conf/kmod.mk +++ b/sys/conf/kmod.mk @@ -476,7 +476,7 @@ assym.s: genassym.o genassym.o: opt_global.h .endif .if !exists(@) -assym.s: @ +assym.s: .else assym.s: @/kern/genassym.sh .endif @@ -484,7 +484,7 @@ assym.s: @/kern/genassym.sh .if exists(@) genassym.o: @/${MACHINE_CPUARCH}/${MACHINE_CPUARCH}/genassym.c .endif -genassym.o: @ machine ${SRCS:Mopt_*.h} +genassym.o: ${SRCS:Mopt_*.h} ${CC} -c ${CFLAGS:N-fno-common} \ @/${MACHINE_CPUARCH}/${MACHINE_CPUARCH}/genassym.c .endif diff --git a/sys/contrib/rdma/krping/krping.c b/sys/contrib/rdma/krping/krping.c index 733dd8a..2280636 100644 --- a/sys/contrib/rdma/krping/krping.c +++ b/sys/contrib/rdma/krping/krping.c @@ -39,7 +39,6 @@ __FBSDID("$FreeBSD$"); #include <linux/slab.h> #include <linux/err.h> #include <linux/string.h> -#include <linux/inet.h> #include <linux/list.h> #include <linux/in.h> #include <linux/device.h> diff --git a/sys/dev/acpica/acpi.c b/sys/dev/acpica/acpi.c index abbc9b5..1389bad 100644 --- a/sys/dev/acpica/acpi.c +++ b/sys/dev/acpica/acpi.c @@ -594,7 +594,7 @@ acpi_attach(device_t dev) sc->acpi_sleep_delay = 1; if (bootverbose) sc->acpi_verbose = 1; - if ((env = getenv("hw.acpi.verbose")) != NULL) { + if ((env = kern_getenv("hw.acpi.verbose")) != NULL) { if (strcmp(env, "0") != 0) sc->acpi_verbose = 1; freeenv(env); @@ -3337,7 +3337,7 @@ acpi_avoid(ACPI_HANDLE handle) np = acpi_name(handle); if (*np == '\\') np++; - if ((env = getenv("debug.acpi.avoid")) == NULL) + if ((env = kern_getenv("debug.acpi.avoid")) == NULL) return (0); /* Scan the avoid list checking for a match */ @@ -3370,7 +3370,7 @@ acpi_disabled(char *subsys) char *cp, *env; int len; - if ((env = getenv("debug.acpi.disabled")) == NULL) + if ((env = kern_getenv("debug.acpi.disabled")) == NULL) return (0); if (strcmp(env, "all") == 0) { freeenv(env); @@ -3753,8 +3753,8 @@ acpi_set_debugging(void *junk) AcpiDbgLevel = 0; } - layer = getenv("debug.acpi.layer"); - level = getenv("debug.acpi.level"); + layer = kern_getenv("debug.acpi.layer"); + level = kern_getenv("debug.acpi.level"); if (layer == NULL && level == NULL) return; @@ -3813,9 +3813,9 @@ acpi_debug_sysctl(SYSCTL_HANDLER_ARGS) /* If the user is setting a string, parse it. */ if (error == 0 && req->newptr != NULL) { - *dbg = 0; - setenv((char *)oidp->oid_arg1, (char *)req->newptr); - acpi_set_debugging(NULL); + *dbg = 0; + kern_setenv((char *)oidp->oid_arg1, (char *)req->newptr); + acpi_set_debugging(NULL); } ACPI_SERIAL_END(acpi); diff --git a/sys/dev/asmc/asmc.c b/sys/dev/asmc/asmc.c index 5933307..b61dedb 100644 --- a/sys/dev/asmc/asmc.c +++ b/sys/dev/asmc/asmc.c @@ -310,7 +310,7 @@ asmc_match(device_t dev) int i; char *model; - model = getenv("smbios.system.product"); + model = kern_getenv("smbios.system.product"); if (model == NULL) return (NULL); diff --git a/sys/dev/cfi/cfi_core.c b/sys/dev/cfi/cfi_core.c index 3393ca6..5150b77 100644 --- a/sys/dev/cfi/cfi_core.c +++ b/sys/dev/cfi/cfi_core.c @@ -410,7 +410,7 @@ cfi_attach(device_t dev) device_get_nameunit(dev)) < (sizeof(name) - 1) && snprintf(value, sizeof(value), "0x%016jx", ppr) < (sizeof(value) - 1)) - (void) setenv(name, value); + (void) kern_setenv(name, value); } #endif diff --git a/sys/dev/cxgbe/iw_cxgbe/iw_cxgbe.h b/sys/dev/cxgbe/iw_cxgbe/iw_cxgbe.h index 0201a79..245e045 100644 --- a/sys/dev/cxgbe/iw_cxgbe/iw_cxgbe.h +++ b/sys/dev/cxgbe/iw_cxgbe/iw_cxgbe.h @@ -41,7 +41,6 @@ #include <linux/sched.h> #include <linux/pci.h> #include <linux/dma-mapping.h> -#include <linux/inet.h> #include <linux/wait.h> #include <linux/kref.h> #include <linux/timer.h> diff --git a/sys/dev/drm2/drm_crtc_helper.c b/sys/dev/drm2/drm_crtc_helper.c index b798a57..77e1346 100644 --- a/sys/dev/drm2/drm_crtc_helper.c +++ b/sys/dev/drm2/drm_crtc_helper.c @@ -53,7 +53,7 @@ drm_fetch_cmdline_mode_from_kenv(struct drm_connector *connector, strlen(drm_get_connector_name(connector)), M_TEMP, M_WAITOK); strcpy(tun_var_name, tun_prefix); strcat(tun_var_name, drm_get_connector_name(connector)); - tun_mode = getenv(tun_var_name); + tun_mode = kern_getenv(tun_var_name); if (tun_mode != NULL) { res = drm_mode_parse_command_line_for_connector(tun_mode, connector, cmdline_mode); diff --git a/sys/dev/hatm/if_hatm.c b/sys/dev/hatm/if_hatm.c index c022724..0be8a3d 100644 --- a/sys/dev/hatm/if_hatm.c +++ b/sys/dev/hatm/if_hatm.c @@ -1319,7 +1319,7 @@ kenv_getuint(struct hatm_softc *sc, const char *var, snprintf(full, sizeof(full), "hw.%s.%s", device_get_nameunit(sc->dev), var); - if ((val = getenv(full)) == NULL) + if ((val = kern_getenv(full)) == NULL) return (0); u = strtoul(val, &end, 0); if (end == val || *end != '\0') { diff --git a/sys/powerpc/powermac/windtunnel.c b/sys/dev/iicbus/adm1030.c index 6a28a73..6a28a73 100644 --- a/sys/powerpc/powermac/windtunnel.c +++ b/sys/dev/iicbus/adm1030.c diff --git a/sys/dev/iscsi/iscsi.c b/sys/dev/iscsi/iscsi.c index 1576f7d..c36c010 100644 --- a/sys/dev/iscsi/iscsi.c +++ b/sys/dev/iscsi/iscsi.c @@ -1752,18 +1752,16 @@ static bool iscsi_session_conf_matches(unsigned int id1, const struct iscsi_session_conf *c1, unsigned int id2, const struct iscsi_session_conf *c2) { - if (id2 == 0 && c2->isc_target[0] == '\0' && - c2->isc_target_addr[0] == '\0') - return (true); - if (id2 != 0 && id2 == id1) - return (true); + + if (id2 != 0 && id2 != id1) + return (false); if (c2->isc_target[0] != '\0' && - strcmp(c1->isc_target, c2->isc_target) == 0) - return (true); + strcmp(c1->isc_target, c2->isc_target) != 0) + return (false); if (c2->isc_target_addr[0] != '\0' && - strcmp(c1->isc_target_addr, c2->isc_target_addr) == 0) - return (true); - return (false); + strcmp(c1->isc_target_addr, c2->isc_target_addr) != 0) + return (false); + return (true); } static int diff --git a/sys/dev/ixgbe/ixgbe.c b/sys/dev/ixgbe/ixgbe.c index d7371a8..b711b47 100644 --- a/sys/dev/ixgbe/ixgbe.c +++ b/sys/dev/ixgbe/ixgbe.c @@ -4377,6 +4377,20 @@ ixgbe_initialize_receive_units(struct adapter *adapter) srrctl &= ~IXGBE_SRRCTL_BSIZEPKT_MASK; srrctl |= bufsz; srrctl |= IXGBE_SRRCTL_DESCTYPE_ADV_ONEBUF; + + /* + * Set DROP_EN iff we have no flow control and >1 queue. + * Note that srrctl was cleared shortly before during reset, + * so we do not need to clear the bit, but do it just in case + * this code is moved elsewhere. + */ + if (adapter->num_queues > 1 && + adapter->hw.fc.requested_mode == ixgbe_fc_none) { + srrctl |= IXGBE_SRRCTL_DROP_EN; + } else { + srrctl &= ~IXGBE_SRRCTL_DROP_EN; + } + IXGBE_WRITE_REG(hw, IXGBE_SRRCTL(i), srrctl); /* Setup the HW Rx Head and Tail Descriptor Pointers */ diff --git a/sys/dev/mii/brgphy.c b/sys/dev/mii/brgphy.c index b8ec89c..dba35a0 100644 --- a/sys/dev/mii/brgphy.c +++ b/sys/dev/mii/brgphy.c @@ -171,7 +171,7 @@ detect_hs21(struct bce_softc *bce_sc) found = 0; if (bce_sc->bce_chipid == HS21_BCM_CHIPID) { - sysenv = getenv("smbios.system.product"); + sysenv = kern_getenv("smbios.system.product"); if (sysenv != NULL) { if (strncmp(sysenv, HS21_PRODUCT_ID, strlen(HS21_PRODUCT_ID)) == 0) diff --git a/sys/dev/mmc/mmcsd.c b/sys/dev/mmc/mmcsd.c index 5b2bc2c..75fd36c 100644 --- a/sys/dev/mmc/mmcsd.c +++ b/sys/dev/mmc/mmcsd.c @@ -155,14 +155,36 @@ mmcsd_attach(device_t dev) d->d_dump = mmcsd_dump; d->d_name = "mmcsd"; d->d_drv1 = sc; - d->d_maxsize = 4*1024*1024; /* Maximum defined SD card AU size. */ d->d_sectorsize = mmc_get_sector_size(dev); + d->d_maxsize = mmc_get_max_data(dev) * d->d_sectorsize; d->d_mediasize = (off_t)mmc_get_media_size(dev) * d->d_sectorsize; d->d_stripeoffset = 0; d->d_stripesize = mmc_get_erase_sector(dev) * d->d_sectorsize; d->d_unit = device_get_unit(dev); d->d_flags = DISKFLAG_CANDELETE; d->d_delmaxsize = mmc_get_erase_sector(dev) * d->d_sectorsize * 1; /* conservative */ + /* + * The d_fw* values are fake. However, layout is aided by making the + * number of fwsectors equal to the erase sectors from the drive since + * we set the stripe size equal to that. We set fwheads such that there + * are ~20 cylinder groups since all values are somewhat arbitrary here + * and this gives good behavior with ffs without wasting too much + * space. Sadly, geom_part wants to round partitions to these + * values. While not bad, in and of itself, the values we present here + * will almost certainly be different then the values that USB SD + * adapters use and there's too much variation between brands to just + * use those values here. Also SD to ATA adapters favor traditional + * ata sizes, which are different again from the USB adapters (which + * favor SCSI values). This rounding leads to a loss of up to 5% of the + * usable space (usually much less, but that's why 20 was selected: to + * limit this effect at a few percent). gpart needs a way to override + * this behavior for situations like this, but doesn't provide + * one. Perhaps this behavior should be tunable as well, but maybe that + * belongs in the disk layer. These values will be much better than + * the default ones. + */ + d->d_fwsectors = mmc_get_erase_sector(dev); + d->d_fwheads = mmc_get_media_size(dev) / (d->d_fwsectors * 20); strlcpy(d->d_ident, mmc_get_card_sn_string(dev), sizeof(d->d_ident)); strlcpy(d->d_descr, mmc_get_card_id_string(dev), sizeof(d->d_descr)); diff --git a/sys/dev/nfe/if_nfe.c b/sys/dev/nfe/if_nfe.c index 4c7ccb1..e9952a0 100644 --- a/sys/dev/nfe/if_nfe.c +++ b/sys/dev/nfe/if_nfe.c @@ -345,8 +345,8 @@ nfe_detect_msik9(struct nfe_softc *sc) int found; found = 0; - m = getenv("smbios.planar.maker"); - p = getenv("smbios.planar.product"); + m = kern_getenv("smbios.planar.maker"); + p = kern_getenv("smbios.planar.product"); if (m != NULL && p != NULL) { if (strcmp(m, maker) == 0 && strcmp(p, product) == 0) found = 1; @@ -839,8 +839,8 @@ nfe_can_use_msix(struct nfe_softc *sc) * Search base board manufacturer and product name table * to see this system has a known MSI/MSI-X issue. */ - maker = getenv("smbios.planar.maker"); - product = getenv("smbios.planar.product"); + maker = kern_getenv("smbios.planar.maker"); + product = kern_getenv("smbios.planar.product"); use_msix = 1; if (maker != NULL && product != NULL) { count = sizeof(msix_blacklists) / sizeof(msix_blacklists[0]); diff --git a/sys/dev/patm/if_patm_attach.c b/sys/dev/patm/if_patm_attach.c index d93fd00..f4b8c4e 100644 --- a/sys/dev/patm/if_patm_attach.c +++ b/sys/dev/patm/if_patm_attach.c @@ -579,7 +579,7 @@ patm_env_getuint(struct patm_softc *sc, u_int *var, const char *name) snprintf(full, sizeof(full), "hw.%s.%s", device_get_nameunit(sc->dev), name); - if ((val = getenv(full)) != NULL) { + if ((val = kern_getenv(full)) != NULL) { u = strtoul(val, &end, 0); if (end > val && *end == '\0') { if (bootverbose) diff --git a/sys/dev/pci/pci.c b/sys/dev/pci/pci.c index 2666d7f..485f728 100644 --- a/sys/dev/pci/pci.c +++ b/sys/dev/pci/pci.c @@ -3270,14 +3270,14 @@ pci_reserve_secbus(device_t bus, device_t dev, pcicfgregs *cfg, case 0x00dd10de: /* Compaq R3000 BIOS sets wrong subordinate bus number. */ - if ((cp = getenv("smbios.planar.maker")) == NULL) + if ((cp = kern_getenv("smbios.planar.maker")) == NULL) break; if (strncmp(cp, "Compal", 6) != 0) { freeenv(cp); break; } freeenv(cp); - if ((cp = getenv("smbios.planar.product")) == NULL) + if ((cp = kern_getenv("smbios.planar.product")) == NULL) break; if (strncmp(cp, "08A0", 4) != 0) { freeenv(cp); diff --git a/sys/dev/pci/pci_pci.c b/sys/dev/pci/pci_pci.c index 3c5842b..f35b481 100644 --- a/sys/dev/pci/pci_pci.c +++ b/sys/dev/pci/pci_pci.c @@ -977,14 +977,14 @@ pcib_attach_common(device_t dev) { char *cp; - if ((cp = getenv("smbios.planar.maker")) == NULL) + if ((cp = kern_getenv("smbios.planar.maker")) == NULL) break; if (strncmp(cp, "Compal", 6) != 0) { freeenv(cp); break; } freeenv(cp); - if ((cp = getenv("smbios.planar.product")) == NULL) + if ((cp = kern_getenv("smbios.planar.product")) == NULL) break; if (strncmp(cp, "08A0", 4) != 0) { freeenv(cp); diff --git a/sys/dev/rt/if_rt.c b/sys/dev/rt/if_rt.c index 910276f..f89f6dc 100644 --- a/sys/dev/rt/if_rt.c +++ b/sys/dev/rt/if_rt.c @@ -241,8 +241,8 @@ ether_request_mac(device_t dev, uint8_t *mac) * "kmac" is passed via argv on RouterBOOT platforms */ #if defined(__U_BOOT__) || defined(__REDBOOT__) || defined(__ROUTERBOOT__) - if ((var = getenv("ethaddr")) != NULL || - (var = getenv("kmac")) != NULL ) { + if ((var = kern_getenv("ethaddr")) != NULL || + (var = kern_getenv("kmac")) != NULL ) { if(!macaddr_atoi(var, mac)) { printf("%s: use %s macaddr from KENV\n", diff --git a/sys/dev/uart/uart_subr.c b/sys/dev/uart/uart_subr.c index 0277b21..d1e408c 100644 --- a/sys/dev/uart/uart_subr.c +++ b/sys/dev/uart/uart_subr.c @@ -214,9 +214,9 @@ uart_getenv(int devtype, struct uart_devinfo *di, struct uart_class *class) * port (resp). */ if (devtype == UART_DEV_CONSOLE) - spec = getenv("hw.uart.console"); + spec = kern_getenv("hw.uart.console"); else if (devtype == UART_DEV_DBGPORT) - spec = getenv("hw.uart.dbgport"); + spec = kern_getenv("hw.uart.dbgport"); else spec = NULL; if (spec == NULL) diff --git a/sys/dev/usb/serial/uftdi.c b/sys/dev/usb/serial/uftdi.c index 9624825..9390d5e 100644 --- a/sys/dev/usb/serial/uftdi.c +++ b/sys/dev/usb/serial/uftdi.c @@ -298,6 +298,7 @@ static const STRUCT_USB_HOST_ID uftdi_devs[] = { UFTDI_DEV(CONTEC, COM1USBH, 0), UFTDI_DEV(DRESDENELEKTRONIK, SENSORTERMINALBOARD, 0), UFTDI_DEV(DRESDENELEKTRONIK, WIRELESSHANDHELDTERMINAL, 0), + UFTDI_DEV(DRESDENELEKTRONIK, DE_RFNODE, 0), UFTDI_DEV(DRESDENELEKTRONIK, LEVELSHIFTERSTICKLOWCOST, 0), UFTDI_DEV(ELEKTOR, FT323R, 0), UFTDI_DEV(EVOLUTION, ER1, 0), diff --git a/sys/dev/usb/usbdevs b/sys/dev/usb/usbdevs index a5273ac..fcf16d0 100644 --- a/sys/dev/usb/usbdevs +++ b/sys/dev/usb/usbdevs @@ -1664,6 +1664,7 @@ product DREAMLINK DL100B 0x0004 USB Webmail Notifier /* dresden elektronik products */ product DRESDENELEKTRONIK SENSORTERMINALBOARD 0x0001 SensorTerminalBoard product DRESDENELEKTRONIK WIRELESSHANDHELDTERMINAL 0x0004 Wireless Handheld Terminal +product DRESDENELEKTRONIK DE_RFNODE 0x001c deRFnode product DRESDENELEKTRONIK LEVELSHIFTERSTICKLOWCOST 0x0022 Levelshifter Stick Low Cost /* Dynastream Innovations */ diff --git a/sys/fs/autofs/autofs.c b/sys/fs/autofs/autofs.c index a2aa6c1..029d254 100644 --- a/sys/fs/autofs/autofs.c +++ b/sys/fs/autofs/autofs.c @@ -274,6 +274,7 @@ autofs_task(void *context, int pending) * XXX: EIO perhaps? */ ar->ar_error = ETIMEDOUT; + ar->ar_wildcards = true; ar->ar_done = true; ar->ar_in_progress = false; cv_broadcast(&autofs_softc->sc_cv); @@ -291,12 +292,13 @@ autofs_cached(struct autofs_node *anp, const char *component, int componentlen) AUTOFS_ASSERT_UNLOCKED(amp); /* - * For top-level nodes we need to request automountd(8) - * assistance even if the node is marked as cached, - * but the requested subdirectory does not exist. This - * is necessary for wildcard indirect map keys to work. + * For root node we need to request automountd(8) assistance even + * if the node is marked as cached, but the requested top-level + * directory does not exist. This is necessary for wildcard indirect + * map keys to work. We don't do this if we know that there are + * no wildcards. */ - if (anp->an_parent == NULL && componentlen != 0) { + if (anp->an_parent == NULL && componentlen != 0 && anp->an_wildcards) { AUTOFS_SLOCK(amp); error = autofs_node_find(anp, component, componentlen, NULL); AUTOFS_SUNLOCK(amp); @@ -366,6 +368,7 @@ autofs_trigger_one(struct autofs_node *anp, struct autofs_request *ar; char *key, *path; int error = 0, request_error, last; + bool wildcards; amp = anp->an_mount; @@ -450,6 +453,8 @@ autofs_trigger_one(struct autofs_node *anp, ar->ar_path, request_error); } + wildcards = ar->ar_wildcards; + last = refcount_release(&ar->ar_refcount); if (last) { TAILQ_REMOVE(&autofs_softc->sc_requests, ar, ar_next); @@ -470,6 +475,7 @@ autofs_trigger_one(struct autofs_node *anp, */ if (error == 0 && request_error == 0 && autofs_cache > 0) { anp->an_cached = true; + anp->an_wildcards = wildcards; callout_reset(&anp->an_callout, autofs_cache * hz, autofs_cache_callout, anp); } @@ -584,6 +590,7 @@ autofs_ioctl_done(struct autofs_daemon_done *add) } ar->ar_error = add->add_error; + ar->ar_wildcards = add->add_wildcards; ar->ar_done = true; ar->ar_in_progress = false; cv_broadcast(&autofs_softc->sc_cv); diff --git a/sys/fs/autofs/autofs.h b/sys/fs/autofs/autofs.h index dc33eef..6ea198c 100644 --- a/sys/fs/autofs/autofs.h +++ b/sys/fs/autofs/autofs.h @@ -74,6 +74,7 @@ struct autofs_node { struct vnode *an_vnode; struct sx an_vnode_lock; bool an_cached; + bool an_wildcards; struct callout an_callout; int an_retries; struct timespec an_ctime; @@ -97,6 +98,7 @@ struct autofs_request { int ar_id; bool ar_done; int ar_error; + bool ar_wildcards; bool ar_in_progress; char ar_from[MAXPATHLEN]; char ar_path[MAXPATHLEN]; diff --git a/sys/fs/autofs/autofs_ioctl.h b/sys/fs/autofs/autofs_ioctl.h index 8d03ef7..328dd9c 100644 --- a/sys/fs/autofs/autofs_ioctl.h +++ b/sys/fs/autofs/autofs_ioctl.h @@ -78,6 +78,12 @@ struct autofs_daemon_done { int add_id; /* + * Set to 1 if the map may contain wildcard entries; + * otherwise autofs will do negative caching. + */ + int add_wildcards; + + /* * Error number, possibly returned to userland. */ int add_error; diff --git a/sys/fs/deadfs/dead_vnops.c b/sys/fs/deadfs/dead_vnops.c index 9a107dd..c7de6af 100644 --- a/sys/fs/deadfs/dead_vnops.c +++ b/sys/fs/deadfs/dead_vnops.c @@ -43,9 +43,6 @@ */ static vop_lookup_t dead_lookup; static vop_open_t dead_open; -static vop_poll_t dead_poll; -static vop_read_t dead_read; -static vop_write_t dead_write; static vop_getwritemount_t dead_getwritemount; static vop_rename_t dead_rename; @@ -80,14 +77,10 @@ struct vop_vector dead_vnodeops = { .vop_write = dead_write, }; -/* ARGSUSED */ static int -dead_getwritemount(ap) - struct vop_getwritemount_args /* { - struct vnode *a_vp; - struct mount **a_mpp; - } */ *ap; +dead_getwritemount(struct vop_getwritemount_args *ap) { + *(ap->a_mpp) = NULL; return (0); } @@ -95,14 +88,8 @@ dead_getwritemount(ap) /* * Trivial lookup routine that always fails. */ -/* ARGSUSED */ static int -dead_lookup(ap) - struct vop_lookup_args /* { - struct vnode * a_dvp; - struct vnode ** a_vpp; - struct componentname * a_cnp; - } */ *ap; +dead_lookup(struct vop_lookup_args *ap) { *ap->a_vpp = NULL; @@ -112,33 +99,17 @@ dead_lookup(ap) /* * Open always fails as if device did not exist. */ -/* ARGSUSED */ static int -dead_open(ap) - struct vop_open_args /* { - struct vnode *a_vp; - int a_mode; - struct ucred *a_cred; - struct proc *a_p; - } */ *ap; +dead_open(struct vop_open_args *ap) { return (ENXIO); } -/* - * Vnode op for read - */ -/* ARGSUSED */ -static int -dead_read(ap) - struct vop_read_args /* { - struct vnode *a_vp; - struct uio *a_uio; - int a_ioflag; - struct ucred *a_cred; - } */ *ap; +int +dead_read(struct vop_read_args *ap) { + /* * Return EOF for tty devices, EIO for others */ @@ -147,44 +118,29 @@ dead_read(ap) return (0); } -/* - * Vnode op for write - */ -/* ARGSUSED */ -static int -dead_write(ap) - struct vop_write_args /* { - struct vnode *a_vp; - struct uio *a_uio; - int a_ioflag; - struct ucred *a_cred; - } */ *ap; +int +dead_write(struct vop_write_args *ap) { + return (EIO); } -/* - * Trivial poll routine that always returns POLLHUP. - * This is necessary so that a process which is polling a file - * gets notified when that file is revoke()d. - */ -static int -dead_poll(ap) - struct vop_poll_args *ap; +int +dead_poll(struct vop_poll_args *ap) { - return (POLLHUP); + + if (ap->a_events & ~POLLSTANDARD) + return (POLLNVAL); + + /* + * Let the user find out that the descriptor is gone. + */ + return (POLLHUP | ((POLLIN | POLLRDNORM) & ap->a_events)); + } static int -dead_rename(ap) - struct vop_rename_args /* { - struct vnode *a_fdvp; - struct vnode *a_fvp; - struct componentname *a_fcnp; - struct vnode *a_tdvp; - struct vnode *a_tvp; - struct componentname *a_tcnp; - } */ *ap; +dead_rename(struct vop_rename_args *ap) { vop_rename_fail(ap); diff --git a/sys/fs/devfs/devfs_vnops.c b/sys/fs/devfs/devfs_vnops.c index d7009a4..07b1803 100644 --- a/sys/fs/devfs/devfs_vnops.c +++ b/sys/fs/devfs/devfs_vnops.c @@ -737,8 +737,10 @@ devfs_ioctl_f(struct file *fp, u_long com, void *data, struct ucred *cred, struc fpop = td->td_fpop; error = devfs_fp_check(fp, &dev, &dsw, &ref); - if (error) + if (error != 0) { + error = vnops.fo_ioctl(fp, com, data, cred, td); return (error); + } if (com == FIODTYPE) { *(int *)data = dsw->d_flags & D_TYPEMASK; @@ -1152,8 +1154,10 @@ devfs_poll_f(struct file *fp, int events, struct ucred *cred, struct thread *td) fpop = td->td_fpop; error = devfs_fp_check(fp, &dev, &dsw, &ref); - if (error) - return (poll_no_poll(events)); + if (error != 0) { + error = vnops.fo_poll(fp, events, cred, td); + return (error); + } error = dsw->d_poll(dev, events, td); td->td_fpop = fpop; dev_relthread(dev, ref); @@ -1185,8 +1189,10 @@ devfs_read_f(struct file *fp, struct uio *uio, struct ucred *cred, return (EINVAL); fpop = td->td_fpop; error = devfs_fp_check(fp, &dev, &dsw, &ref); - if (error) + if (error != 0) { + error = vnops.fo_read(fp, uio, cred, flags, td); return (error); + } resid = uio->uio_resid; ioflag = fp->f_flag & (O_NONBLOCK | O_DIRECT); if (ioflag & O_DIRECT) @@ -1660,8 +1666,10 @@ devfs_write_f(struct file *fp, struct uio *uio, struct ucred *cred, return (EINVAL); fpop = td->td_fpop; error = devfs_fp_check(fp, &dev, &dsw, &ref); - if (error) + if (error != 0) { + error = vnops.fo_write(fp, uio, cred, flags, td); return (error); + } KASSERT(uio->uio_td == td, ("uio_td %p is not td %p", uio->uio_td, td)); ioflag = fp->f_flag & (O_NONBLOCK | O_DIRECT | O_FSYNC); if (ioflag & O_DIRECT) @@ -1744,8 +1752,9 @@ static struct vop_vector devfs_specops = { .vop_mknod = VOP_PANIC, .vop_open = devfs_open, .vop_pathconf = devfs_pathconf, + .vop_poll = dead_poll, .vop_print = devfs_print, - .vop_read = VOP_PANIC, + .vop_read = dead_read, .vop_readdir = VOP_PANIC, .vop_readlink = VOP_PANIC, .vop_reallocblks = VOP_PANIC, @@ -1761,7 +1770,7 @@ static struct vop_vector devfs_specops = { .vop_strategy = VOP_PANIC, .vop_symlink = VOP_PANIC, .vop_vptocnp = devfs_vptocnp, - .vop_write = VOP_PANIC, + .vop_write = dead_write, }; /* diff --git a/sys/fs/nfsclient/nfs_clvfsops.c b/sys/fs/nfsclient/nfs_clvfsops.c index 6b09356..49047f6 100644 --- a/sys/fs/nfsclient/nfs_clvfsops.c +++ b/sys/fs/nfsclient/nfs_clvfsops.c @@ -442,7 +442,7 @@ nfs_mountroot(struct mount *mp) error = ifioctl(so, SIOCAIFADDR, (caddr_t)&nd->myif, td); if (error) panic("nfs_mountroot: SIOCAIFADDR: %d", error); - if ((cp = getenv("boot.netif.mtu")) != NULL) { + if ((cp = kern_getenv("boot.netif.mtu")) != NULL) { ir.ifr_mtu = strtol(cp, NULL, 10); bcopy(nd->myif.ifra_name, ir.ifr_name, IFNAMSIZ); freeenv(cp); diff --git a/sys/fs/nfsserver/nfs_nfsdsubs.c b/sys/fs/nfsserver/nfs_nfsdsubs.c index de496db..6bd1412 100644 --- a/sys/fs/nfsserver/nfs_nfsdsubs.c +++ b/sys/fs/nfsserver/nfs_nfsdsubs.c @@ -61,10 +61,20 @@ static u_int32_t nfsrv_isannfserr(u_int32_t); SYSCTL_DECL(_vfs_nfsd); -static int disable_checkutf8 = 0; -SYSCTL_INT(_vfs_nfsd, OID_AUTO, disable_checkutf8, CTLFLAG_RW, - &disable_checkutf8, 0, - "Disable the NFSv4 check for a UTF8 compliant name"); +static int enable_checkutf8 = 1; +SYSCTL_INT(_vfs_nfsd, OID_AUTO, enable_checkutf8, CTLFLAG_RW, + &enable_checkutf8, 0, + "Enable the NFSv4 check for the UTF8 compliant name required by rfc3530"); + +static int enable_nobodycheck = 1; +SYSCTL_INT(_vfs_nfsd, OID_AUTO, enable_nobodycheck, CTLFLAG_RW, + &enable_nobodycheck, 0, + "Enable the NFSv4 check when setting user nobody as owner"); + +static int enable_nogroupcheck = 1; +SYSCTL_INT(_vfs_nfsd, OID_AUTO, enable_nogroupcheck, CTLFLAG_RW, + &enable_nogroupcheck, 0, + "Enable the NFSv4 check when setting group nogroup as owner"); static char nfsrv_hexdigit(char, int *); @@ -1543,8 +1553,10 @@ nfsrv_checkuidgid(struct nfsrv_descript *nd, struct nfsvattr *nvap) */ if (NFSVNO_NOTSETUID(nvap) && NFSVNO_NOTSETGID(nvap)) goto out; - if ((NFSVNO_ISSETUID(nvap) && nvap->na_uid == nfsrv_defaultuid) - || (NFSVNO_ISSETGID(nvap) && nvap->na_gid == nfsrv_defaultgid)) { + if ((NFSVNO_ISSETUID(nvap) && nvap->na_uid == nfsrv_defaultuid && + enable_nobodycheck == 1) + || (NFSVNO_ISSETGID(nvap) && nvap->na_gid == nfsrv_defaultgid && + enable_nogroupcheck == 1)) { error = NFSERR_BADOWNER; goto out; } @@ -1993,7 +2005,7 @@ nfsrv_parsename(struct nfsrv_descript *nd, char *bufp, u_long *hashp, error = 0; goto nfsmout; } - if (disable_checkutf8 == 0 && + if (enable_checkutf8 == 1 && nfsrv_checkutf8((u_int8_t *)bufp, outlen)) { nd->nd_repstat = NFSERR_INVAL; error = 0; diff --git a/sys/geom/geom_dev.c b/sys/geom/geom_dev.c index e6213ee..faad3e6 100644 --- a/sys/geom/geom_dev.c +++ b/sys/geom/geom_dev.c @@ -116,7 +116,7 @@ static void g_dev_init(struct g_class *mp) { - dumpdev = getenv("dumpdev"); + dumpdev = kern_getenv("dumpdev"); } static void @@ -302,7 +302,7 @@ g_dev_taste(struct g_class *mp, struct g_provider *pp, int insist __unused) for (len = MIN(strlen(gp->name), sizeof(buf) - 15); len > 0; len--) { snprintf(buf, sizeof(buf), "kern.devalias.%s", gp->name); buf[14 + len] = 0; - val = getenv(buf); + val = kern_getenv(buf); if (val != NULL) { snprintf(buf, sizeof(buf), "%s%s", val, gp->name + len); diff --git a/sys/geom/raid/g_raid.c b/sys/geom/raid/g_raid.c index db9cf44..546bd20 100644 --- a/sys/geom/raid/g_raid.c +++ b/sys/geom/raid/g_raid.c @@ -1656,7 +1656,7 @@ g_raid_launch_provider(struct g_raid_volume *vol) "kern.devalias.%s", name); snprintf(buf1, sizeof(buf1), "ar%d", vol->v_global_id); - setenv(announce_buf, buf1); + kern_setenv(announce_buf, buf1); } pp = g_new_providerf(sc->sc_geom, "%s", name); diff --git a/sys/geom/sched/g_sched.c b/sys/geom/sched/g_sched.c index 12a0461..009a58c 100644 --- a/sys/geom/sched/g_sched.c +++ b/sys/geom/sched/g_sched.c @@ -1661,7 +1661,7 @@ g_sched_taste(struct g_class *mp, struct g_provider *pp, if (pp->geom->class == mp) break; - taste_names = getenv("geom.sched.taste"); + taste_names = kern_getenv("geom.sched.taste"); if (taste_names == NULL) break; @@ -1679,7 +1679,7 @@ g_sched_taste(struct g_class *mp, struct g_provider *pp, pp->name, s); /* look up the provider name in the list */ - s = getenv("geom.sched.algo"); + s = kern_getenv("geom.sched.algo"); if (s == NULL) s = "rr"; diff --git a/sys/i386/i386/bios.c b/sys/i386/i386/bios.c index ffe42ba..1bce11c 100644 --- a/sys/i386/i386/bios.c +++ b/sys/i386/i386/bios.c @@ -106,7 +106,7 @@ bios32_init(void *junk) } /* Allow user override of PCI BIOS search */ - if (((p = getenv("machdep.bios.pci")) == NULL) || strcmp(p, "disable")) { + if (((p = kern_getenv("machdep.bios.pci")) == NULL) || strcmp(p, "disable")) { /* See if there's a PCI BIOS entrypoint here */ PCIbios.ident.id = 0x49435024; /* PCI systems should have this */ @@ -125,7 +125,7 @@ bios32_init(void *junk) * * Allow user override of PnP BIOS search */ - if ((((p = getenv("machdep.bios.pnp")) == NULL) || strcmp(p, "disable")) && + if ((((p = kern_getenv("machdep.bios.pnp")) == NULL) || strcmp(p, "disable")) && ((sigaddr = bios_sigsearch(0, "$PnP", 4, 16, 0)) != 0)) { /* get a virtual pointer to the structure */ diff --git a/sys/i386/i386/machdep.c b/sys/i386/i386/machdep.c index 9d98f0e..5ed5c54 100644 --- a/sys/i386/i386/machdep.c +++ b/sys/i386/i386/machdep.c @@ -281,7 +281,7 @@ cpu_startup(dummy) * We do this by disabling a bit in the SMI_EN (SMI Control and * Enable register) of the Intel ICH LPC Interface Bridge. */ - sysenv = getenv("smbios.system.product"); + sysenv = kern_getenv("smbios.system.product"); if (sysenv != NULL) { if (strncmp(sysenv, "MacBook1,1", 10) == 0 || strncmp(sysenv, "MacBook3,1", 10) == 0 || @@ -314,7 +314,7 @@ cpu_startup(dummy) * Display physical memory if SMBIOS reports reasonable amount. */ memsize = 0; - sysenv = getenv("smbios.memory.enabled"); + sysenv = kern_getenv("smbios.memory.enabled"); if (sysenv != NULL) { memsize = (uintmax_t)strtoul(sysenv, (char **)NULL, 10) << 10; freeenv(sysenv); diff --git a/sys/i386/xen/xen_machdep.c b/sys/i386/xen/xen_machdep.c index 46409a5..dbaa7ad 100644 --- a/sys/i386/xen/xen_machdep.c +++ b/sys/i386/xen/xen_machdep.c @@ -165,7 +165,7 @@ xen_boothowto(char *envp) /* get equivalents from the environment */ for (i = 0; howto_names[i].ev != NULL; i++) - if (getenv(howto_names[i].ev) != NULL) + if (kern_getenv(howto_names[i].ev) != NULL) howto |= howto_names[i].mask; return howto; } diff --git a/sys/kern/init_main.c b/sys/kern/init_main.c index 141d438..9faea00 100644 --- a/sys/kern/init_main.c +++ b/sys/kern/init_main.c @@ -716,7 +716,7 @@ start_init(void *dummy) p->p_vmspace->vm_maxsaddr = (caddr_t)addr; p->p_vmspace->vm_ssize = 1; - if ((var = getenv("init_path")) != NULL) { + if ((var = kern_getenv("init_path")) != NULL) { strlcpy(init_path, var, sizeof(init_path)); freeenv(var); } diff --git a/sys/kern/kern_descrip.c b/sys/kern/kern_descrip.c index c51a876..bba7d31 100644 --- a/sys/kern/kern_descrip.c +++ b/sys/kern/kern_descrip.c @@ -1740,8 +1740,6 @@ falloc_noinstall(struct thread *td, struct file **resultfp) refcount_init(&fp->f_count, 1); fp->f_cred = crhold(td->td_ucred); fp->f_ops = &badfileops; - fp->f_data = NULL; - fp->f_vnode = NULL; *resultfp = fp; return (0); } diff --git a/sys/kern/kern_environment.c b/sys/kern/kern_environment.c index ff453cb..d58fefe 100644 --- a/sys/kern/kern_environment.c +++ b/sys/kern/kern_environment.c @@ -30,7 +30,7 @@ * dynamic array of strings later when the VM subsystem is up. * * We make these available through the kenv(2) syscall for userland - * and through getenv()/freeenv() setenv() unsetenv() testenv() for + * and through kern_getenv()/freeenv() kern_setenv() kern_unsetenv() testenv() for * the kernel. */ @@ -156,7 +156,7 @@ sys_kenv(td, uap) if (error) goto done; #endif - value = getenv(name); + value = kern_getenv(name); if (value == NULL) { error = ENOENT; goto done; @@ -188,7 +188,7 @@ sys_kenv(td, uap) error = mac_kenv_check_set(td->td_ucred, name, value); if (error == 0) #endif - setenv(name, value); + kern_setenv(name, value); free(value, M_TEMP); break; case KENV_UNSET: @@ -197,7 +197,7 @@ sys_kenv(td, uap) if (error) goto done; #endif - error = unsetenv(name); + error = kern_unsetenv(name); if (error) error = ENOENT; break; @@ -312,7 +312,7 @@ _getenv_static(const char *name) * after use. */ char * -getenv(const char *name) +kern_getenv(const char *name) { char buf[KENV_MNAMELEN + 1 + KENV_MVALLEN + 1]; char *ret; @@ -373,7 +373,7 @@ setenv_static(const char *name, const char *value) * Set an environment variable by name. */ int -setenv(const char *name, const char *value) +kern_setenv(const char *name, const char *value) { char *buf, *cp, *oldenv; int namelen, vallen, i; @@ -422,7 +422,7 @@ setenv(const char *name, const char *value) * Unset an environment variable string. */ int -unsetenv(const char *name) +kern_unsetenv(const char *name) { char *cp, *oldenv; int i, j; diff --git a/sys/kern/kern_sysctl.c b/sys/kern/kern_sysctl.c index 5e74d87..3c618ec 100644 --- a/sys/kern/kern_sysctl.c +++ b/sys/kern/kern_sysctl.c @@ -241,7 +241,7 @@ sysctl_load_tunable_by_oid_locked(struct sysctl_oid *oidp) req.newptr = &val_64; break; case CTLTYPE_STRING: - penv = getenv(path + rem); + penv = kern_getenv(path + rem); if (penv == NULL) return; req.newlen = strlen(penv); diff --git a/sys/kern/subr_hints.c b/sys/kern/subr_hints.c index f9085b2..25838ee 100644 --- a/sys/kern/subr_hints.c +++ b/sys/kern/subr_hints.c @@ -109,7 +109,7 @@ sysctl_hintmode(SYSCTL_HANDLER_ARGS) line = malloc(i+1, M_TEMP, M_WAITOK); strcpy(line, cp); line[eqidx] = '\0'; - setenv(line, line + eqidx + 1); + kern_setenv(line, line + eqidx + 1); free(line, M_TEMP); cp += i + 1; } diff --git a/sys/kern/subr_param.c b/sys/kern/subr_param.c index f589097..d16f2dc 100644 --- a/sys/kern/subr_param.c +++ b/sys/kern/subr_param.c @@ -188,7 +188,7 @@ detect_virtual(void) char *sysenv; int i; - sysenv = getenv("smbios.bios.vendor"); + sysenv = kern_getenv("smbios.bios.vendor"); if (sysenv != NULL) { for (i = 0; vm_bnames[i] != NULL; i++) if (strcmp(sysenv, vm_bnames[i]) == 0) { @@ -197,7 +197,7 @@ detect_virtual(void) } freeenv(sysenv); } - sysenv = getenv("smbios.system.product"); + sysenv = kern_getenv("smbios.system.product"); if (sysenv != NULL) { for (i = 0; vm_pnames[i] != NULL; i++) if (strcmp(sysenv, vm_pnames[i]) == 0) { diff --git a/sys/kern/tty_pts.c b/sys/kern/tty_pts.c index 58cbc52..0833362 100644 --- a/sys/kern/tty_pts.c +++ b/sys/kern/tty_pts.c @@ -262,6 +262,9 @@ ptsdev_ioctl(struct file *fp, u_long cmd, void *data, int error = 0, sig; switch (cmd) { + case FIODTYPE: + *(int *)data = D_TTY; + return (0); case FIONBIO: /* This device supports non-blocking operation. */ return (0); diff --git a/sys/kern/vfs_bio.c b/sys/kern/vfs_bio.c index 19feecd..995ab5b 100644 --- a/sys/kern/vfs_bio.c +++ b/sys/kern/vfs_bio.c @@ -3618,10 +3618,8 @@ biodone(struct bio *bp) bp->bio_flags |= BIO_DONE; wakeup(bp); mtx_unlock(mtxp); - } else { - bp->bio_flags |= BIO_DONE; + } else done(bp); - } } /* diff --git a/sys/kern/vfs_mountroot.c b/sys/kern/vfs_mountroot.c index 9ec7340..2816e1b 100644 --- a/sys/kern/vfs_mountroot.c +++ b/sys/kern/vfs_mountroot.c @@ -445,7 +445,7 @@ parse_dir_ask_printenv(const char *var) { char *val; - val = getenv(var); + val = kern_getenv(var); if (val != NULL) { printf(" %s=%s\n", var, val); freeenv(val); @@ -836,9 +836,9 @@ vfs_mountroot_conf0(struct sbuf *sb) sbuf_printf(sb, "cd9660:/dev/acd0 ro\n"); sbuf_printf(sb, ".timeout %d\n", root_mount_timeout); } - s = getenv("vfs.root.mountfrom"); + s = kern_getenv("vfs.root.mountfrom"); if (s != NULL) { - opt = getenv("vfs.root.mountfrom.options"); + opt = kern_getenv("vfs.root.mountfrom.options"); tok = s; error = parse_token(&tok, &mnt); while (!error) { diff --git a/sys/kern/vfs_subr.c b/sys/kern/vfs_subr.c index 8d2e07e..345aad6 100644 --- a/sys/kern/vfs_subr.c +++ b/sys/kern/vfs_subr.c @@ -3775,17 +3775,20 @@ vn_isdisk(struct vnode *vp, int *errp) { int error; + if (vp->v_type != VCHR) { + error = ENOTBLK; + goto out; + } error = 0; dev_lock(); - if (vp->v_type != VCHR) - error = ENOTBLK; - else if (vp->v_rdev == NULL) + if (vp->v_rdev == NULL) error = ENXIO; else if (vp->v_rdev->si_devsw == NULL) error = ENXIO; else if (!(vp->v_rdev->si_devsw->d_flags & D_DISK)) error = ENOTBLK; dev_unlock(); +out: if (errp != NULL) *errp = error; return (error == 0); diff --git a/sys/libkern/explicit_bzero.c b/sys/libkern/explicit_bzero.c index 2468c55..dc3cbd6 100644 --- a/sys/libkern/explicit_bzero.c +++ b/sys/libkern/explicit_bzero.c @@ -7,7 +7,11 @@ #include <sys/cdefs.h> __FBSDID("$FreeBSD$"); +#ifdef _KERNEL #include <sys/libkern.h> +#else +#include <string.h> +#endif /* _KERNEL */ __attribute__((weak)) void __explicit_bzero_hook(void *, size_t); diff --git a/sys/mips/atheros/ar71xx_machdep.c b/sys/mips/atheros/ar71xx_machdep.c index 22d089d..d2175f9 100644 --- a/sys/mips/atheros/ar71xx_machdep.c +++ b/sys/mips/atheros/ar71xx_machdep.c @@ -92,9 +92,9 @@ parse_argv(char *str) } else { n = strsep(&v, "="); if (v == NULL) - setenv(n, "1"); + kern_setenv(n, "1"); else - setenv(n, v); + kern_setenv(n, v); } } } @@ -127,8 +127,8 @@ ar71xx_redboot_get_macaddr(void) * "ethaddr" is passed via envp on RedBoot platforms * "kmac" is passed via argv on RouterBOOT platforms */ - if ((var = getenv("ethaddr")) != NULL || - (var = getenv("kmac")) != NULL) { + if ((var = kern_getenv("ethaddr")) != NULL || + (var = kern_getenv("kmac")) != NULL) { count = sscanf(var, "%x%*c%x%*c%x%*c%x%*c%x%*c%x", &ar711_base_mac[0], &ar711_base_mac[1], &ar711_base_mac[2], &ar711_base_mac[3], @@ -296,7 +296,7 @@ platform_start(__register_t a0 __unused, __register_t a1 __unused, if (MIPS_IS_VALID_PTR(envp)) { for (i = 0; envp[i]; i+=2) { printf(" %s = %s\n", envp[i], envp[i+1]); - setenv(envp[i], envp[i+1]); + kern_setenv(envp[i], envp[i+1]); } } else diff --git a/sys/mips/nlm/xlp_machdep.c b/sys/mips/nlm/xlp_machdep.c index 6a5dcb8..78fcc72 100644 --- a/sys/mips/nlm/xlp_machdep.c +++ b/sys/mips/nlm/xlp_machdep.c @@ -282,9 +282,9 @@ xlp_parse_bootargs(char *cmdline) } else { n = strsep(&v, "="); if (v == NULL) - setenv(n, "1"); + kern_setenv(n, "1"); else - setenv(n, v); + kern_setenv(n, v); } } } @@ -349,9 +349,9 @@ xlp_bootargs_init(__register_t arg) v = buf; n = strsep(&v, "="); if (v == NULL) - setenv(n, "1"); + kern_setenv(n, "1"); else - setenv(n, v); + kern_setenv(n, v); p += strlen(p) + 1; } @@ -360,7 +360,7 @@ xlp_bootargs_init(__register_t arg) xlp_hw_thread_mask = mask; /* command line argument */ - v = getenv("bootargs"); + v = kern_getenv("bootargs"); if (v != NULL) { strlcpy(buf, v, sizeof(buf)); xlp_parse_bootargs(buf); diff --git a/sys/mips/rmi/xlr_machdep.c b/sys/mips/rmi/xlr_machdep.c index d6fdf43..8eaf97e 100644 --- a/sys/mips/rmi/xlr_machdep.c +++ b/sys/mips/rmi/xlr_machdep.c @@ -148,7 +148,7 @@ xlr_parse_mmu_options(void) * We don't support sharing TLB per core - TODO */ xlr_shtlb_enabled = 0; - if ((hw_env = getenv("xlr.shtlb")) != NULL) { + if ((hw_env = kern_getenv("xlr.shtlb")) != NULL) { start = hw_env; tmp = strtoul(start, &end, 0); if (start != end) @@ -230,9 +230,9 @@ xlr_set_boot_flags(void) { char *p; - p = getenv("bootflags"); + p = kern_getenv("bootflags"); if (p == NULL) - p = getenv("boot_flags"); /* old style */ + p = kern_getenv("boot_flags"); /* old style */ if (p == NULL) return; diff --git a/sys/modules/if_gif/Makefile b/sys/modules/if_gif/Makefile index 9e2ae97..af8c3c7 100644 --- a/sys/modules/if_gif/Makefile +++ b/sys/modules/if_gif/Makefile @@ -6,7 +6,7 @@ SYSDIR?=${.CURDIR}/../.. .PATH: ${SYSDIR}/net ${SYSDIR}/netinet ${SYSDIR}/netinet6 KMOD= if_gif -SRCS= if_gif.c in_gif.c opt_inet.h opt_inet6.h opt_mrouting.h +SRCS= if_gif.c in_gif.c opt_inet.h opt_inet6.h .if defined(KERNBUILDDIR) OPT_INET6!= cat ${KERNBUILDDIR}/opt_inet6.h; echo diff --git a/sys/modules/linux/Makefile b/sys/modules/linux/Makefile index e02ac88..d83a044 100644 --- a/sys/modules/linux/Makefile +++ b/sys/modules/linux/Makefile @@ -15,7 +15,8 @@ SRCS= linux_fork.c linux${SFX}_dummy.c linux_emul.c linux_file.c \ linux${SFX}_sysvec.c linux_uid16.c linux_util.c linux_time.c \ linux_timer.c \ opt_inet6.h opt_compat.h opt_posix.h opt_usb.h vnode_if.h \ - device_if.h bus_if.h assym.s + device_if.h bus_if.h assym.s \ + linux${SFX}_locore.s linux${SFX}_support.s # XXX: for assym.s SRCS+= opt_kstack_pages.h opt_nfs.h opt_compat.h opt_hwpmc_hooks.h @@ -23,8 +24,6 @@ SRCS+= opt_kstack_pages.h opt_nfs.h opt_compat.h opt_hwpmc_hooks.h SRCS+= opt_apic.h .endif -OBJS= linux${SFX}_locore.o linux${SFX}_support.o - .if ${MACHINE_CPUARCH} == "i386" SRCS+= linux_ptrace.c imgact_linux.c opt_cpu.h .endif @@ -45,15 +44,15 @@ linux${SFX}_assym.h: @/kern/genassym.sh .endif sh @/kern/genassym.sh linux${SFX}_genassym.o > ${.TARGET} -linux${SFX}_locore.o: linux${SFX}_locore.s linux${SFX}_assym.h +linux${SFX}_locore.o: linux${SFX}_assym.h assym.s ${CC} -c -x assembler-with-cpp -DLOCORE ${CFLAGS} \ ${.IMPSRC} -o ${.TARGET} -linux${SFX}_support.o: linux${SFX}_support.s assym.s linux${SFX}_assym.h +linux${SFX}_support.o: linux${SFX}_assym.h assym.s ${CC} -c -x assembler-with-cpp -DLOCORE ${CFLAGS} \ ${.IMPSRC} -o ${.TARGET} -linux${SFX}_genassym.o: linux${SFX}_genassym.c linux.h @ machine x86 +linux${SFX}_genassym.o: ${CC} -c ${CFLAGS:N-fno-common} ${.IMPSRC} .if !defined(KERNBUILDDIR) diff --git a/sys/modules/qlxgb/Makefile b/sys/modules/qlxgb/Makefile index 330cef9..caea34a 100644 --- a/sys/modules/qlxgb/Makefile +++ b/sys/modules/qlxgb/Makefile @@ -35,9 +35,4 @@ KMOD= if_qlxgb SRCS= qla_os.c qla_dbg.c qla_hw.c qla_misc.c qla_isr.c qla_ioctl.c SRCS+= device_if.h bus_if.h pci_if.h -clean: - rm -f opt_bdg.h device_if.h bus_if.h pci_if.h export_syms - rm -f *.o *.kld *.ko - rm -f @ machine - .include <bsd.kmod.mk> diff --git a/sys/modules/qlxgbe/Makefile b/sys/modules/qlxgbe/Makefile index 2cf7d9d..2c6d743 100644 --- a/sys/modules/qlxgbe/Makefile +++ b/sys/modules/qlxgbe/Makefile @@ -41,10 +41,4 @@ SRCS+= device_if.h bus_if.h pci_if.h #CFLAGS += -DQL_DBG -clean: - rm -f opt_bdg.h device_if.h bus_if.h pci_if.h export_syms - rm -f *.o *.kld *.ko - rm -f @ machine x86 - .include <bsd.kmod.mk> - diff --git a/sys/modules/qlxge/Makefile b/sys/modules/qlxge/Makefile index 98b40fd..b34488a 100644 --- a/sys/modules/qlxge/Makefile +++ b/sys/modules/qlxge/Makefile @@ -41,10 +41,5 @@ SRCS+= device_if.h bus_if.h pci_if.h CFLAGS += -DQL_DBG -clean: - rm -f opt_bdg.h device_if.h bus_if.h pci_if.h export_syms - rm -f *.o *.kld *.ko - rm -f @ machine x86 - .include <bsd.kmod.mk> diff --git a/sys/net/if_gif.c b/sys/net/if_gif.c index 5ae9ed3..94ecdab 100644 --- a/sys/net/if_gif.c +++ b/sys/net/if_gif.c @@ -1,6 +1,3 @@ -/* $FreeBSD$ */ -/* $KAME: if_gif.c,v 1.87 2001/10/19 08:50:27 itojun Exp $ */ - /*- * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. * All rights reserved. @@ -28,8 +25,13 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. + * + * $KAME: if_gif.c,v 1.87 2001/10/19 08:50:27 itojun Exp $ */ +#include <sys/cdefs.h> +__FBSDID("$FreeBSD$"); + #include "opt_inet.h" #include "opt_inet6.h" @@ -37,11 +39,14 @@ #include <sys/systm.h> #include <sys/jail.h> #include <sys/kernel.h> +#include <sys/lock.h> #include <sys/malloc.h> #include <sys/mbuf.h> #include <sys/module.h> +#include <sys/rmlock.h> #include <sys/socket.h> #include <sys/sockio.h> +#include <sys/sx.h> #include <sys/errno.h> #include <sys/time.h> #include <sys/sysctl.h> @@ -64,6 +69,7 @@ #include <netinet/in.h> #include <netinet/in_systm.h> #include <netinet/ip.h> +#include <netinet/ip_ecn.h> #ifdef INET #include <netinet/in_var.h> #include <netinet/in_gif.h> @@ -76,6 +82,7 @@ #endif #include <netinet6/in6_var.h> #include <netinet/ip6.h> +#include <netinet6/ip6_ecn.h> #include <netinet6/ip6_var.h> #include <netinet6/scope6_var.h> #include <netinet6/in6_gif.h> @@ -99,6 +106,8 @@ static VNET_DEFINE(struct mtx, gif_mtx); static MALLOC_DEFINE(M_GIF, "gif", "Generic Tunnel Interface"); static VNET_DEFINE(LIST_HEAD(, gif_softc), gif_softc_list); #define V_gif_softc_list VNET(gif_softc_list) +static struct sx gif_ioctl_sx; +SX_SYSINIT(gif_ioctl_sx, &gif_ioctl_sx, "gif_ioctl"); #define GIF_LIST_LOCK_INIT(x) mtx_init(&V_gif_mtx, "gif_mtx", \ NULL, MTX_DEF) @@ -111,7 +120,12 @@ void (*ng_gif_input_orphan_p)(struct ifnet *ifp, struct mbuf *m, int af); void (*ng_gif_attach_p)(struct ifnet *ifp); void (*ng_gif_detach_p)(struct ifnet *ifp); -static void gif_start(struct ifnet *); +static int gif_set_tunnel(struct ifnet *, struct sockaddr *, + struct sockaddr *); +static void gif_delete_tunnel(struct ifnet *); +static int gif_ioctl(struct ifnet *, u_long, caddr_t); +static int gif_transmit(struct ifnet *, struct mbuf *); +static void gif_qflush(struct ifnet *); static int gif_clone_create(struct if_clone *, int, caddr_t); static void gif_clone_destroy(struct ifnet *); static VNET_DEFINE(struct if_clone *, gif_cloner); @@ -168,19 +182,10 @@ gif_clone_create(struct if_clone *ifc, int unit, caddr_t params) sc = malloc(sizeof(struct gif_softc), M_GIF, M_WAITOK | M_ZERO); sc->gif_fibnum = curthread->td_proc->p_fibnum; GIF2IFP(sc) = if_alloc(IFT_GIF); - if (GIF2IFP(sc) == NULL) { - free(sc, M_GIF); - return (ENOSPC); - } - GIF_LOCK_INIT(sc); - GIF2IFP(sc)->if_softc = sc; if_initname(GIF2IFP(sc), gifname, unit); - sc->encap_cookie4 = sc->encap_cookie6 = NULL; - sc->gif_options = 0; - GIF2IFP(sc)->if_addrlen = 0; GIF2IFP(sc)->if_mtu = GIF_MTU; GIF2IFP(sc)->if_flags = IFF_POINTOPOINT | IFF_MULTICAST; @@ -189,9 +194,9 @@ gif_clone_create(struct if_clone *ifc, int unit, caddr_t params) GIF2IFP(sc)->if_flags |= IFF_LINK2; #endif GIF2IFP(sc)->if_ioctl = gif_ioctl; - GIF2IFP(sc)->if_start = gif_start; + GIF2IFP(sc)->if_transmit = gif_transmit; + GIF2IFP(sc)->if_qflush = gif_qflush; GIF2IFP(sc)->if_output = gif_output; - GIF2IFP(sc)->if_snd.ifq_maxlen = ifqmaxlen; if_attach(GIF2IFP(sc)); bpfattach(GIF2IFP(sc), DLT_NULL, sizeof(u_int32_t)); if (ng_gif_attach_p != NULL) @@ -200,44 +205,29 @@ gif_clone_create(struct if_clone *ifc, int unit, caddr_t params) GIF_LIST_LOCK(); LIST_INSERT_HEAD(&V_gif_softc_list, sc, gif_list); GIF_LIST_UNLOCK(); - return (0); } static void gif_clone_destroy(struct ifnet *ifp) { -#if defined(INET) || defined(INET6) - int err; -#endif - struct gif_softc *sc = ifp->if_softc; + struct gif_softc *sc; + sx_xlock(&gif_ioctl_sx); + sc = ifp->if_softc; + gif_delete_tunnel(ifp); GIF_LIST_LOCK(); LIST_REMOVE(sc, gif_list); GIF_LIST_UNLOCK(); - - gif_delete_tunnel(ifp); -#ifdef INET6 - if (sc->encap_cookie6 != NULL) { - err = encap_detach(sc->encap_cookie6); - KASSERT(err == 0, ("Unexpected error detaching encap_cookie6")); - } -#endif -#ifdef INET - if (sc->encap_cookie4 != NULL) { - err = encap_detach(sc->encap_cookie4); - KASSERT(err == 0, ("Unexpected error detaching encap_cookie4")); - } -#endif - if (ng_gif_detach_p != NULL) (*ng_gif_detach_p)(ifp); bpfdetach(ifp); if_detach(ifp); - if_free(ifp); + ifp->if_softc = NULL; + sx_xunlock(&gif_ioctl_sx); + if_free(ifp); GIF_LOCK_DESTROY(sc); - free(sc, M_GIF); } @@ -289,162 +279,193 @@ MODULE_VERSION(if_gif, 1); int gif_encapcheck(const struct mbuf *m, int off, int proto, void *arg) { - struct ip ip; + GIF_RLOCK_TRACKER; struct gif_softc *sc; + int ret; + uint8_t ver; sc = (struct gif_softc *)arg; - if (sc == NULL) - return 0; + if (sc == NULL || (GIF2IFP(sc)->if_flags & IFF_UP) == 0) + return (0); - if ((GIF2IFP(sc)->if_flags & IFF_UP) == 0) - return 0; + ret = 0; + GIF_RLOCK(sc); /* no physical address */ - if (!sc->gif_psrc || !sc->gif_pdst) - return 0; + if (sc->gif_family == 0) + goto done; switch (proto) { #ifdef INET case IPPROTO_IPV4: - break; #endif #ifdef INET6 case IPPROTO_IPV6: - break; #endif case IPPROTO_ETHERIP: break; - default: - return 0; + goto done; } /* Bail on short packets */ - if (m->m_pkthdr.len < sizeof(ip)) - return 0; - - m_copydata(m, 0, sizeof(ip), (caddr_t)&ip); + if (m->m_pkthdr.len < sizeof(struct ip)) + goto done; - switch (ip.ip_v) { + m_copydata(m, 0, 1, &ver); + switch (ver >> 4) { #ifdef INET case 4: - if (sc->gif_psrc->sa_family != AF_INET || - sc->gif_pdst->sa_family != AF_INET) - return 0; - return gif_encapcheck4(m, off, proto, arg); + if (sc->gif_family != AF_INET) + goto done; + ret = in_gif_encapcheck(m, off, proto, arg); + break; #endif #ifdef INET6 case 6: if (m->m_pkthdr.len < sizeof(struct ip6_hdr)) - return 0; - if (sc->gif_psrc->sa_family != AF_INET6 || - sc->gif_pdst->sa_family != AF_INET6) - return 0; - return gif_encapcheck6(m, off, proto, arg); + goto done; + if (sc->gif_family != AF_INET6) + goto done; + ret = in6_gif_encapcheck(m, off, proto, arg); + break; #endif - default: - return 0; } +done: + GIF_RUNLOCK(sc); + return (ret); } + +static int +gif_transmit(struct ifnet *ifp, struct mbuf *m) +{ + struct gif_softc *sc; + struct etherip_header *eth; #ifdef INET -#define GIF_HDR_LEN (ETHER_HDR_LEN + sizeof (struct ip)) + struct ip *ip; #endif #ifdef INET6 -#define GIF_HDR_LEN6 (ETHER_HDR_LEN + sizeof (struct ip6_hdr)) + struct ip6_hdr *ip6; + uint32_t t; #endif - -static void -gif_start(struct ifnet *ifp) -{ - struct gif_softc *sc; - struct mbuf *m; uint32_t af; - int error = 0; + uint8_t proto, ecn; + int error; + error = ENETDOWN; sc = ifp->if_softc; - GIF_LOCK(sc); - ifp->if_drv_flags |= IFF_DRV_OACTIVE; - while (!IFQ_DRV_IS_EMPTY(&ifp->if_snd)) { - - IFQ_DRV_DEQUEUE(&ifp->if_snd, m); - if (m == 0) - break; - -#ifdef ALTQ - /* Take out those altq bytes we add in gif_output */ + if (sc->gif_family == 0) { + m_freem(m); + goto err; + } + /* Now pull back the af that we stashed in the csum_data. */ + af = m->m_pkthdr.csum_data; + BPF_MTAP2(ifp, &af, sizeof(af), m); + if_inc_counter(ifp, IFCOUNTER_OPACKETS, 1); + if_inc_counter(ifp, IFCOUNTER_OBYTES, m->m_pkthdr.len); + M_SETFIB(m, sc->gif_fibnum); + /* inner AF-specific encapsulation */ + ecn = 0; + switch (af) { #ifdef INET - if (sc->gif_psrc->sa_family == AF_INET) - m->m_pkthdr.len -= GIF_HDR_LEN; + case AF_INET: + proto = IPPROTO_IPV4; + if (m->m_len < sizeof(struct ip)) + m = m_pullup(m, sizeof(struct ip)); + if (m == NULL) { + error = ENOBUFS; + goto err; + } + ip = mtod(m, struct ip *); + ip_ecn_ingress((ifp->if_flags & IFF_LINK1) ? ECN_ALLOWED: + ECN_NOCARE, &ecn, &ip->ip_tos); + break; #endif #ifdef INET6 - if (sc->gif_psrc->sa_family == AF_INET6) - m->m_pkthdr.len -= GIF_HDR_LEN6; -#endif + case AF_INET6: + proto = IPPROTO_IPV6; + if (m->m_len < sizeof(struct ip6_hdr)) + m = m_pullup(m, sizeof(struct ip6_hdr)); + if (m == NULL) { + error = ENOBUFS; + goto err; + } + t = 0; + ip6 = mtod(m, struct ip6_hdr *); + ip6_ecn_ingress((ifp->if_flags & IFF_LINK1) ? ECN_ALLOWED: + ECN_NOCARE, &t, &ip6->ip6_flow); + ecn = (ntohl(t) >> 20) & 0xff; + break; #endif - /* - * Now pull back the af that we - * stashed in the csum_data. - */ - af = m->m_pkthdr.csum_data; - - /* override to IPPROTO_ETHERIP for bridged traffic */ - if (ifp->if_bridge) - af = AF_LINK; - - BPF_MTAP2(ifp, &af, sizeof(af), m); - if_inc_counter(ifp, IFCOUNTER_OPACKETS, 1); - -/* Done by IFQ_HANDOFF */ -/* if_inc_counter(ifp, IFCOUNTER_OBYTES, m->m_pkthdr.len);*/ - - M_SETFIB(m, sc->gif_fibnum); - /* inner AF-specific encapsulation */ - /* XXX should we check if our outer source is legal? */ - /* dispatch to output logic based on outer AF */ - switch (sc->gif_psrc->sa_family) { + case AF_LINK: + proto = IPPROTO_ETHERIP; + M_PREPEND(m, sizeof(struct etherip_header), M_NOWAIT); + if (m != NULL && m->m_len < sizeof(struct etherip_header)) + m = m_pullup(m, sizeof(struct etherip_header)); + if (m == NULL) { + error = ENOBUFS; + goto err; + } + eth = mtod(m, struct etherip_header *); + eth->eip_resvh = 0; + if ((sc->gif_options & GIF_SEND_REVETHIP) != 0) { + eth->eip_ver = 0; + eth->eip_resvl = ETHERIP_VERSION; + } else { + eth->eip_ver = ETHERIP_VERSION; + eth->eip_resvl = 0; + } + break; + default: + error = EAFNOSUPPORT; + m_freem(m); + goto err; + } + /* XXX should we check if our outer source is legal? */ + /* dispatch to output logic based on outer AF */ + switch (sc->gif_family) { #ifdef INET - case AF_INET: - error = in_gif_output(ifp, af, m); - break; + case AF_INET: + error = in_gif_output(ifp, m, proto, ecn); + break; #endif #ifdef INET6 - case AF_INET6: - error = in6_gif_output(ifp, af, m); - break; + case AF_INET6: + error = in6_gif_output(ifp, m, proto, ecn); + break; #endif - default: - m_freem(m); - error = ENETDOWN; - } - if (error) - if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); - + default: + m_freem(m); } - ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; - GIF_UNLOCK(sc); - return; +err: + if (error) + if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); + return (error); +} + +static void +gif_qflush(struct ifnet *ifp __unused) +{ + } int gif_output(struct ifnet *ifp, struct mbuf *m, const struct sockaddr *dst, struct route *ro) { - struct gif_softc *sc = ifp->if_softc; struct m_tag *mtag; - int error = 0; - int gif_called; uint32_t af; + int gif_called; + int error = 0; #ifdef MAC error = mac_ifnet_check_transmit(ifp, m); - if (error) { - m_freem(m); - goto end; - } + if (error) + goto err; #endif - if ((ifp->if_flags & IFF_MONITOR) != 0) { + if ((ifp->if_flags & IFF_MONITOR) != 0 || + (ifp->if_flags & IFF_UP) == 0) { error = ENETDOWN; - m_freem(m); - goto end; + goto err; } /* @@ -461,9 +482,8 @@ gif_output(struct ifnet *ifp, struct mbuf *m, const struct sockaddr *dst, log(LOG_NOTICE, "gif_output: loop detected on %s\n", (*(struct ifnet **)(mtag + 1))->if_xname); - m_freem(m); error = EIO; /* is there better errno? */ - goto end; + goto err; } mtag = m_tag_locate(m, MTAG_GIF, MTAG_GIF_CALLED, mtag); gif_called++; @@ -472,73 +492,54 @@ gif_output(struct ifnet *ifp, struct mbuf *m, const struct sockaddr *dst, log(LOG_NOTICE, "gif_output: recursively called too many times(%d)\n", gif_called); - m_freem(m); error = EIO; /* is there better errno? */ - goto end; + goto err; } mtag = m_tag_alloc(MTAG_GIF, MTAG_GIF_CALLED, sizeof(struct ifnet *), M_NOWAIT); if (mtag == NULL) { - m_freem(m); error = ENOMEM; - goto end; + goto err; } *(struct ifnet **)(mtag + 1) = ifp; m_tag_prepend(m, mtag); m->m_flags &= ~(M_BCAST|M_MCAST); - /* BPF writes need to be handled specially. */ if (dst->sa_family == AF_UNSPEC) bcopy(dst->sa_data, &af, sizeof(af)); else af = dst->sa_family; - /* - * Now save the af in the inbound pkt csum - * data, this is a cheat since we are using - * the inbound csum_data field to carry the - * af over to the gif_start() routine, avoiding - * using yet another mtag. - */ - m->m_pkthdr.csum_data = af; - if (!(ifp->if_flags & IFF_UP) || - sc->gif_psrc == NULL || sc->gif_pdst == NULL) { - m_freem(m); - error = ENETDOWN; - goto end; - } -#ifdef ALTQ + if (ifp->if_bridge) + af = AF_LINK; /* - * Make altq aware of the bytes we will add - * when we actually send it. + * Now save the af in the inbound pkt csum data, this is a cheat since + * we are using the inbound csum_data field to carry the af over to + * the gif_transmit() routine, avoiding using yet another mtag. */ -#ifdef INET - if (sc->gif_psrc->sa_family == AF_INET) - m->m_pkthdr.len += GIF_HDR_LEN; -#endif -#ifdef INET6 - if (sc->gif_psrc->sa_family == AF_INET6) - m->m_pkthdr.len += GIF_HDR_LEN6; -#endif -#endif - /* - * Queue message on interface, update output statistics if - * successful, and start output if interface not yet active. - */ - IFQ_HANDOFF(ifp, m, error); - end: - if (error) - if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); + m->m_pkthdr.csum_data = af; + return (ifp->if_transmit(ifp, m)); +err: + if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); + m_freem(m); return (error); } void -gif_input(struct mbuf *m, int af, struct ifnet *ifp) +gif_input(struct mbuf *m, struct ifnet *ifp, int proto, uint8_t ecn) { - int isr, n; - struct gif_softc *sc; struct etherip_header *eip; +#ifdef INET + struct ip *ip; +#endif +#ifdef INET6 + struct ip6_hdr *ip6; + uint32_t t; +#endif + struct gif_softc *sc; struct ether_header *eh; struct ifnet *oldifp; + uint32_t gif_options; + int isr, n, af; if (ifp == NULL) { /* just in case */ @@ -546,15 +547,55 @@ gif_input(struct mbuf *m, int af, struct ifnet *ifp) return; } sc = ifp->if_softc; + gif_options = sc->gif_options; m->m_pkthdr.rcvif = ifp; m_clrprotoflags(m); + switch (proto) { +#ifdef INET + case IPPROTO_IPV4: + af = AF_INET; + if (m->m_len < sizeof(struct ip)) + m = m_pullup(m, sizeof(struct ip)); + if (m == NULL) + goto drop; + ip = mtod(m, struct ip *); + if (ip_ecn_egress((ifp->if_flags & IFF_LINK1) ? ECN_ALLOWED: + ECN_NOCARE, &ecn, &ip->ip_tos) == 0) { + m_freem(m); + goto drop; + } + break; +#endif +#ifdef INET6 + case IPPROTO_IPV6: + af = AF_INET6; + if (m->m_len < sizeof(struct ip6_hdr)) + m = m_pullup(m, sizeof(struct ip6_hdr)); + if (m == NULL) + goto drop; + t = htonl((uint32_t)ecn << 20); + ip6 = mtod(m, struct ip6_hdr *); + if (ip6_ecn_egress((ifp->if_flags & IFF_LINK1) ? ECN_ALLOWED: + ECN_NOCARE, &t, &ip6->ip6_flow) == 0) { + m_freem(m); + goto drop; + } + break; +#endif + case IPPROTO_ETHERIP: + af = AF_LINK; + break; + default: + m_freem(m); + goto drop; + } #ifdef MAC mac_ifnet_create_mbuf(ifp, m); #endif if (bpf_peers_present(ifp->if_bpf)) { - u_int32_t af1 = af; + uint32_t af1 = af; bpf_mtap2(ifp->if_bpf, &af1, sizeof(af1), m); } @@ -568,7 +609,7 @@ gif_input(struct mbuf *m, int af, struct ifnet *ifp) if (ng_gif_input_p != NULL) { (*ng_gif_input_p)(ifp, &m, af); if (m == NULL) - return; + goto drop; } /* @@ -595,33 +636,23 @@ gif_input(struct mbuf *m, int af, struct ifnet *ifp) #endif case AF_LINK: n = sizeof(struct etherip_header) + sizeof(struct ether_header); - if (n > m->m_len) { + if (n > m->m_len) m = m_pullup(m, n); - if (m == NULL) { - if_inc_counter(ifp, IFCOUNTER_IERRORS, 1); - return; - } - } - + if (m == NULL) + goto drop; eip = mtod(m, struct etherip_header *); - /* + /* * GIF_ACCEPT_REVETHIP (enabled by default) intentionally * accepts an EtherIP packet with revered version field in * the header. This is a knob for backward compatibility * with FreeBSD 7.2R or prior. */ - if (sc->gif_options & GIF_ACCEPT_REVETHIP) { - if (eip->eip_resvl != ETHERIP_VERSION - && eip->eip_ver != ETHERIP_VERSION) { - /* discard unknown versions */ - m_freem(m); - return; - } - } else { - if (eip->eip_ver != ETHERIP_VERSION) { + if (eip->eip_ver != ETHERIP_VERSION) { + if ((gif_options & GIF_ACCEPT_REVETHIP) == 0 || + eip->eip_resvl != ETHERIP_VERSION) { /* discard unknown versions */ m_freem(m); - return; + goto drop; } } m_adj(m, sizeof(struct etherip_header)); @@ -666,48 +697,57 @@ gif_input(struct mbuf *m, int af, struct ifnet *ifp) if_inc_counter(ifp, IFCOUNTER_IBYTES, m->m_pkthdr.len); M_SETFIB(m, ifp->if_fib); netisr_dispatch(isr, m); + return; +drop: + if_inc_counter(ifp, IFCOUNTER_IERRORS, 1); } /* XXX how should we handle IPv6 scope on SIOC[GS]IFPHYADDR? */ int gif_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) { - struct gif_softc *sc = ifp->if_softc; - struct ifreq *ifr = (struct ifreq*)data; - int error = 0, size; - u_int options; + GIF_RLOCK_TRACKER; + struct ifreq *ifr = (struct ifreq*)data; struct sockaddr *dst, *src; -#ifdef SIOCSIFMTU /* xxx */ - u_long mtu; + struct gif_softc *sc; +#ifdef INET + struct sockaddr_in *sin = NULL; +#endif +#ifdef INET6 + struct sockaddr_in6 *sin6 = NULL; #endif + u_int options; + int error; switch (cmd) { case SIOCSIFADDR: ifp->if_flags |= IFF_UP; - break; - case SIOCADDMULTI: case SIOCDELMULTI: - break; - -#ifdef SIOCSIFMTU /* xxx */ case SIOCGIFMTU: - break; - + case SIOCSIFFLAGS: + return (0); case SIOCSIFMTU: - mtu = ifr->ifr_mtu; - if (mtu < GIF_MTU_MIN || mtu > GIF_MTU_MAX) + if (ifr->ifr_mtu < GIF_MTU_MIN || + ifr->ifr_mtu > GIF_MTU_MAX) return (EINVAL); - ifp->if_mtu = mtu; - break; -#endif /* SIOCSIFMTU */ - -#ifdef INET + else + ifp->if_mtu = ifr->ifr_mtu; + return (0); + } + sx_xlock(&gif_ioctl_sx); + sc = ifp->if_softc; + if (sc == NULL) { + error = ENXIO; + goto bad; + } + error = 0; + switch (cmd) { case SIOCSIFPHYADDR: -#endif #ifdef INET6 case SIOCSIFPHYADDR_IN6: -#endif /* INET6 */ +#endif + error = EINVAL; switch (cmd) { #ifdef INET case SIOCSIFPHYADDR: @@ -726,164 +766,171 @@ gif_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) break; #endif default: - return EINVAL; + goto bad; } - /* sa_family must be equal */ - if (src->sa_family != dst->sa_family) - return EINVAL; + if (src->sa_family != dst->sa_family || + src->sa_len != dst->sa_len) + goto bad; /* validate sa_len */ switch (src->sa_family) { #ifdef INET case AF_INET: if (src->sa_len != sizeof(struct sockaddr_in)) - return EINVAL; + goto bad; break; #endif #ifdef INET6 case AF_INET6: if (src->sa_len != sizeof(struct sockaddr_in6)) - return EINVAL; - break; -#endif - default: - return EAFNOSUPPORT; - } - switch (dst->sa_family) { -#ifdef INET - case AF_INET: - if (dst->sa_len != sizeof(struct sockaddr_in)) - return EINVAL; - break; -#endif -#ifdef INET6 - case AF_INET6: - if (dst->sa_len != sizeof(struct sockaddr_in6)) - return EINVAL; + goto bad; break; #endif default: - return EAFNOSUPPORT; + error = EAFNOSUPPORT; + goto bad; } - /* check sa_family looks sane for the cmd */ + error = EAFNOSUPPORT; switch (cmd) { +#ifdef INET case SIOCSIFPHYADDR: if (src->sa_family == AF_INET) break; - return EAFNOSUPPORT; + goto bad; +#endif #ifdef INET6 case SIOCSIFPHYADDR_IN6: if (src->sa_family == AF_INET6) break; - return EAFNOSUPPORT; -#endif /* INET6 */ + goto bad; +#endif } - - error = gif_set_tunnel(GIF2IFP(sc), src, dst); + error = EADDRNOTAVAIL; + switch (src->sa_family) { +#ifdef INET + case AF_INET: + if (satosin(src)->sin_addr.s_addr == INADDR_ANY || + satosin(dst)->sin_addr.s_addr == INADDR_ANY) + goto bad; + break; +#endif +#ifdef INET6 + case AF_INET6: + if (IN6_IS_ADDR_UNSPECIFIED(&satosin6(src)->sin6_addr) + || + IN6_IS_ADDR_UNSPECIFIED(&satosin6(dst)->sin6_addr)) + goto bad; + /* + * Check validity of the scope zone ID of the + * addresses, and convert it into the kernel + * internal form if necessary. + */ + error = sa6_embedscope(satosin6(src), 0); + if (error != 0) + goto bad; + error = sa6_embedscope(satosin6(dst), 0); + if (error != 0) + goto bad; +#endif + }; + error = gif_set_tunnel(ifp, src, dst); break; - -#ifdef SIOCDIFPHYADDR case SIOCDIFPHYADDR: - gif_delete_tunnel(GIF2IFP(sc)); + gif_delete_tunnel(ifp); break; -#endif - case SIOCGIFPSRCADDR: + case SIOCGIFPDSTADDR: #ifdef INET6 case SIOCGIFPSRCADDR_IN6: -#endif /* INET6 */ - if (sc->gif_psrc == NULL) { + case SIOCGIFPDSTADDR_IN6: +#endif + if (sc->gif_family == 0) { error = EADDRNOTAVAIL; - goto bad; + break; } - src = sc->gif_psrc; + GIF_RLOCK(sc); switch (cmd) { #ifdef INET case SIOCGIFPSRCADDR: - dst = &ifr->ifr_addr; - size = sizeof(ifr->ifr_addr); + case SIOCGIFPDSTADDR: + if (sc->gif_family != AF_INET) { + error = EADDRNOTAVAIL; + break; + } + sin = (struct sockaddr_in *)&ifr->ifr_addr; + memset(sin, 0, sizeof(*sin)); + sin->sin_family = AF_INET; + sin->sin_len = sizeof(*sin); break; -#endif /* INET */ +#endif #ifdef INET6 case SIOCGIFPSRCADDR_IN6: - dst = (struct sockaddr *) + case SIOCGIFPDSTADDR_IN6: + if (sc->gif_family != AF_INET6) { + error = EADDRNOTAVAIL; + break; + } + sin6 = (struct sockaddr_in6 *) &(((struct in6_ifreq *)data)->ifr_addr); - size = sizeof(((struct in6_ifreq *)data)->ifr_addr); + memset(sin6, 0, sizeof(*sin6)); + sin6->sin6_family = AF_INET6; + sin6->sin6_len = sizeof(*sin6); break; -#endif /* INET6 */ +#endif default: - error = EADDRNOTAVAIL; - goto bad; - } - if (src->sa_len > size) - return EINVAL; - bcopy((caddr_t)src, (caddr_t)dst, src->sa_len); -#ifdef INET6 - if (dst->sa_family == AF_INET6) { - error = sa6_recoverscope((struct sockaddr_in6 *)dst); - if (error != 0) - return (error); + error = EAFNOSUPPORT; } + if (error == 0) { + switch (cmd) { +#ifdef INET + case SIOCGIFPSRCADDR: + sin->sin_addr = sc->gif_iphdr->ip_src; + break; + case SIOCGIFPDSTADDR: + sin->sin_addr = sc->gif_iphdr->ip_dst; + break; #endif - break; - - case SIOCGIFPDSTADDR: #ifdef INET6 - case SIOCGIFPDSTADDR_IN6: -#endif /* INET6 */ - if (sc->gif_pdst == NULL) { - error = EADDRNOTAVAIL; - goto bad; + case SIOCGIFPSRCADDR_IN6: + sin6->sin6_addr = sc->gif_ip6hdr->ip6_src; + break; + case SIOCGIFPDSTADDR_IN6: + sin6->sin6_addr = sc->gif_ip6hdr->ip6_dst; + break; +#endif + } } - src = sc->gif_pdst; + GIF_RUNLOCK(sc); + if (error != 0) + break; switch (cmd) { #ifdef INET + case SIOCGIFPSRCADDR: case SIOCGIFPDSTADDR: - dst = &ifr->ifr_addr; - size = sizeof(ifr->ifr_addr); + error = prison_if(curthread->td_ucred, + (struct sockaddr *)sin); + if (error != 0) + memset(sin, 0, sizeof(*sin)); break; -#endif /* INET */ +#endif #ifdef INET6 + case SIOCGIFPSRCADDR_IN6: case SIOCGIFPDSTADDR_IN6: - dst = (struct sockaddr *) - &(((struct in6_ifreq *)data)->ifr_addr); - size = sizeof(((struct in6_ifreq *)data)->ifr_addr); - break; -#endif /* INET6 */ - default: - error = EADDRNOTAVAIL; - goto bad; - } - if (src->sa_len > size) - return EINVAL; - error = prison_if(curthread->td_ucred, src); - if (error != 0) - return (error); - error = prison_if(curthread->td_ucred, dst); - if (error != 0) - return (error); - bcopy((caddr_t)src, (caddr_t)dst, src->sa_len); -#ifdef INET6 - if (dst->sa_family == AF_INET6) { - error = sa6_recoverscope((struct sockaddr_in6 *)dst); + error = prison_if(curthread->td_ucred, + (struct sockaddr *)sin6); + if (error == 0) + error = sa6_recoverscope(sin6); if (error != 0) - return (error); - } + memset(sin6, 0, sizeof(*sin6)); #endif + } break; - - case SIOCSIFFLAGS: - /* if_ioctl() takes care of it */ - break; - case GIFGOPTS: options = sc->gif_options; - error = copyout(&options, ifr->ifr_data, - sizeof(options)); + error = copyout(&options, ifr->ifr_data, sizeof(options)); break; - case GIFSOPTS: if ((error = priv_check(curthread, PRIV_NET_GIF)) != 0) break; @@ -900,142 +947,146 @@ gif_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) error = EINVAL; break; } - bad: - return error; +bad: + sx_xunlock(&gif_ioctl_sx); + return (error); } -/* - * XXXRW: There's a general event-ordering issue here: the code to check - * if a given tunnel is already present happens before we perform a - * potentially blocking setup of the tunnel. This code needs to be - * re-ordered so that the check and replacement can be atomic using - * a mutex. - */ -int -gif_set_tunnel(struct ifnet *ifp, struct sockaddr *src, struct sockaddr *dst) +static void +gif_detach(struct gif_softc *sc) { - struct gif_softc *sc = ifp->if_softc; - struct gif_softc *sc2; - struct sockaddr *osrc, *odst, *sa; - int error = 0; - GIF_LIST_LOCK(); - LIST_FOREACH(sc2, &V_gif_softc_list, gif_list) { - if (sc2 == sc) - continue; - if (!sc2->gif_pdst || !sc2->gif_psrc) - continue; - if (sc2->gif_pdst->sa_family != dst->sa_family || - sc2->gif_pdst->sa_len != dst->sa_len || - sc2->gif_psrc->sa_family != src->sa_family || - sc2->gif_psrc->sa_len != src->sa_len) - continue; + sx_assert(&gif_ioctl_sx, SA_XLOCKED); + if (sc->gif_ecookie != NULL) + encap_detach(sc->gif_ecookie); + sc->gif_ecookie = NULL; +} - /* - * Disallow parallel tunnels unless instructed - * otherwise. - */ - if (!V_parallel_tunnels && - bcmp(sc2->gif_pdst, dst, dst->sa_len) == 0 && - bcmp(sc2->gif_psrc, src, src->sa_len) == 0) { - error = EADDRNOTAVAIL; - GIF_LIST_UNLOCK(); - goto bad; - } +static int +gif_attach(struct gif_softc *sc, int af) +{ - /* XXX both end must be valid? (I mean, not 0.0.0.0) */ + sx_assert(&gif_ioctl_sx, SA_XLOCKED); + switch (af) { +#ifdef INET + case AF_INET: + return (in_gif_attach(sc)); +#endif +#ifdef INET6 + case AF_INET6: + return (in6_gif_attach(sc)); +#endif } - GIF_LIST_UNLOCK(); + return (EAFNOSUPPORT); +} - /* XXX we can detach from both, but be polite just in case */ - if (sc->gif_psrc) - switch (sc->gif_psrc->sa_family) { +static int +gif_set_tunnel(struct ifnet *ifp, struct sockaddr *src, struct sockaddr *dst) +{ + struct gif_softc *sc = ifp->if_softc; + struct gif_softc *tsc; #ifdef INET - case AF_INET: - (void)in_gif_detach(sc); - break; + struct ip *ip; #endif #ifdef INET6 - case AF_INET6: - (void)in6_gif_detach(sc); - break; + struct ip6_hdr *ip6; #endif - } - - osrc = sc->gif_psrc; - sa = (struct sockaddr *)malloc(src->sa_len, M_IFADDR, M_WAITOK); - bcopy((caddr_t)src, (caddr_t)sa, src->sa_len); - sc->gif_psrc = sa; - - odst = sc->gif_pdst; - sa = (struct sockaddr *)malloc(dst->sa_len, M_IFADDR, M_WAITOK); - bcopy((caddr_t)dst, (caddr_t)sa, dst->sa_len); - sc->gif_pdst = sa; + void *hdr; + int error = 0; - switch (sc->gif_psrc->sa_family) { + if (sc == NULL) + return (ENXIO); + /* Disallow parallel tunnels unless instructed otherwise. */ + if (V_parallel_tunnels == 0) { + GIF_LIST_LOCK(); + LIST_FOREACH(tsc, &V_gif_softc_list, gif_list) { + if (tsc == sc || tsc->gif_family != src->sa_family) + continue; +#ifdef INET + if (tsc->gif_family == AF_INET && + tsc->gif_iphdr->ip_src.s_addr == + satosin(src)->sin_addr.s_addr && + tsc->gif_iphdr->ip_dst.s_addr == + satosin(dst)->sin_addr.s_addr) { + error = EADDRNOTAVAIL; + GIF_LIST_UNLOCK(); + goto bad; + } +#endif +#ifdef INET6 + if (tsc->gif_family == AF_INET6 && + IN6_ARE_ADDR_EQUAL(&tsc->gif_ip6hdr->ip6_src, + &satosin6(src)->sin6_addr) && + IN6_ARE_ADDR_EQUAL(&tsc->gif_ip6hdr->ip6_dst, + &satosin6(dst)->sin6_addr)) { + error = EADDRNOTAVAIL; + GIF_LIST_UNLOCK(); + goto bad; + } +#endif + } + GIF_LIST_UNLOCK(); + } + switch (src->sa_family) { #ifdef INET case AF_INET: - error = in_gif_attach(sc); + hdr = ip = malloc(sizeof(struct ip), M_GIF, + M_WAITOK | M_ZERO); + ip->ip_src.s_addr = satosin(src)->sin_addr.s_addr; + ip->ip_dst.s_addr = satosin(dst)->sin_addr.s_addr; break; #endif #ifdef INET6 case AF_INET6: - /* - * Check validity of the scope zone ID of the addresses, and - * convert it into the kernel internal form if necessary. - */ - error = sa6_embedscope((struct sockaddr_in6 *)sc->gif_psrc, 0); - if (error != 0) - break; - error = sa6_embedscope((struct sockaddr_in6 *)sc->gif_pdst, 0); - if (error != 0) - break; - error = in6_gif_attach(sc); + hdr = ip6 = malloc(sizeof(struct ip6_hdr), M_GIF, + M_WAITOK | M_ZERO); + ip6->ip6_src = satosin6(src)->sin6_addr; + ip6->ip6_dst = satosin6(dst)->sin6_addr; + ip6->ip6_vfc = IPV6_VERSION; break; #endif - } - if (error) { - /* rollback */ - free((caddr_t)sc->gif_psrc, M_IFADDR); - free((caddr_t)sc->gif_pdst, M_IFADDR); - sc->gif_psrc = osrc; - sc->gif_pdst = odst; - goto bad; - } - - if (osrc) - free((caddr_t)osrc, M_IFADDR); - if (odst) - free((caddr_t)odst, M_IFADDR); - - bad: - if (sc->gif_psrc && sc->gif_pdst) + default: + return (EAFNOSUPPORT); + }; + + if (sc->gif_family != src->sa_family) + gif_detach(sc); + if (sc->gif_family == 0 || + sc->gif_family != src->sa_family) + error = gif_attach(sc, src->sa_family); + + GIF_WLOCK(sc); + if (sc->gif_family != 0) + free(sc->gif_hdr, M_GIF); + sc->gif_family = src->sa_family; + sc->gif_hdr = hdr; + GIF_WUNLOCK(sc); +#if defined(INET) || defined(INET6) +bad: +#endif + if (error == 0 && sc->gif_family != 0) ifp->if_drv_flags |= IFF_DRV_RUNNING; else ifp->if_drv_flags &= ~IFF_DRV_RUNNING; - - return error; + return (error); } -void +static void gif_delete_tunnel(struct ifnet *ifp) { struct gif_softc *sc = ifp->if_softc; + int family; - if (sc->gif_psrc) { - free((caddr_t)sc->gif_psrc, M_IFADDR); - sc->gif_psrc = NULL; - } - if (sc->gif_pdst) { - free((caddr_t)sc->gif_pdst, M_IFADDR); - sc->gif_pdst = NULL; + if (sc == NULL) + return; + + GIF_WLOCK(sc); + family = sc->gif_family; + sc->gif_family = 0; + GIF_WUNLOCK(sc); + if (family != 0) { + gif_detach(sc); + free(sc->gif_hdr, M_GIF); } - /* it is safe to detach from both */ -#ifdef INET - (void)in_gif_detach(sc); -#endif -#ifdef INET6 - (void)in6_gif_detach(sc); -#endif ifp->if_drv_flags &= ~IFF_DRV_RUNNING; } diff --git a/sys/net/if_gif.h b/sys/net/if_gif.h index d6e58f5..b5ebf15 100644 --- a/sys/net/if_gif.h +++ b/sys/net/if_gif.h @@ -30,21 +30,17 @@ * SUCH DAMAGE. */ -/* - * if_gif.h - */ - #ifndef _NET_IF_GIF_H_ #define _NET_IF_GIF_H_ - #ifdef _KERNEL #include "opt_inet.h" #include "opt_inet6.h" #include <netinet/in.h> -/* xxx sigh, why route have struct route instead of pointer? */ +struct ip; +struct ip6_hdr; struct encaptab; extern void (*ng_gif_input_p)(struct ifnet *ifp, struct mbuf **mp, @@ -56,35 +52,38 @@ extern void (*ng_gif_attach_p)(struct ifnet *ifp); extern void (*ng_gif_detach_p)(struct ifnet *ifp); struct gif_softc { - struct ifnet *gif_ifp; - struct mtx gif_mtx; - struct sockaddr *gif_psrc; /* Physical src addr */ - struct sockaddr *gif_pdst; /* Physical dst addr */ + struct ifnet *gif_ifp; + struct rmlock gif_lock; + const struct encaptab *gif_ecookie; + int gif_family; + int gif_flags; + u_int gif_fibnum; + u_int gif_options; + void *gif_netgraph; /* netgraph node info */ union { - struct route gifscr_ro; /* xxx */ + void *hdr; + struct ip *iphdr; #ifdef INET6 - struct route_in6 gifscr_ro6; /* xxx */ + struct ip6_hdr *ip6hdr; #endif - } gifsc_gifscr; - int gif_flags; - u_int gif_fibnum; - const struct encaptab *encap_cookie4; - const struct encaptab *encap_cookie6; - void *gif_netgraph; /* ng_gif(4) netgraph node info */ - u_int gif_options; - LIST_ENTRY(gif_softc) gif_list; /* all gif's are linked */ + } gif_uhdr; + LIST_ENTRY(gif_softc) gif_list; /* all gif's are linked */ }; #define GIF2IFP(sc) ((sc)->gif_ifp) -#define GIF_LOCK_INIT(sc) mtx_init(&(sc)->gif_mtx, "gif softc", \ - NULL, MTX_DEF) -#define GIF_LOCK_DESTROY(sc) mtx_destroy(&(sc)->gif_mtx) -#define GIF_LOCK(sc) mtx_lock(&(sc)->gif_mtx) -#define GIF_UNLOCK(sc) mtx_unlock(&(sc)->gif_mtx) -#define GIF_LOCK_ASSERT(sc) mtx_assert(&(sc)->gif_mtx, MA_OWNED) - -#define gif_ro gifsc_gifscr.gifscr_ro +#define GIF_LOCK_INIT(sc) rm_init(&(sc)->gif_lock, "gif softc") +#define GIF_LOCK_DESTROY(sc) rm_destroy(&(sc)->gif_lock) +#define GIF_RLOCK_TRACKER struct rm_priotracker gif_tracker +#define GIF_RLOCK(sc) rm_rlock(&(sc)->gif_lock, &gif_tracker) +#define GIF_RUNLOCK(sc) rm_runlock(&(sc)->gif_lock, &gif_tracker) +#define GIF_RLOCK_ASSERT(sc) rm_assert(&(sc)->gif_lock, RA_RLOCKED) +#define GIF_WLOCK(sc) rm_wlock(&(sc)->gif_lock) +#define GIF_WUNLOCK(sc) rm_wunlock(&(sc)->gif_lock) +#define GIF_WLOCK_ASSERT(sc) rm_assert(&(sc)->gif_lock, RA_WLOCKED) + +#define gif_iphdr gif_uhdr.iphdr +#define gif_hdr gif_uhdr.hdr #ifdef INET6 -#define gif_ro6 gifsc_gifscr.gifscr_ro6 +#define gif_ip6hdr gif_uhdr.ip6hdr #endif #define GIF_MTU (1280) /* Default MTU */ @@ -111,12 +110,9 @@ struct etherip_header { #define ETHERIP_ALIGN 2 /* Prototypes */ -void gif_input(struct mbuf *, int, struct ifnet *); +void gif_input(struct mbuf *, struct ifnet *, int, uint8_t); int gif_output(struct ifnet *, struct mbuf *, const struct sockaddr *, struct route *); -int gif_ioctl(struct ifnet *, u_long, caddr_t); -int gif_set_tunnel(struct ifnet *, struct sockaddr *, struct sockaddr *); -void gif_delete_tunnel(struct ifnet *); int gif_encapcheck(const struct mbuf *, int, int, void *); #endif /* _KERNEL */ diff --git a/sys/netinet/in_gif.c b/sys/netinet/in_gif.c index d84066a..3a139f8 100644 --- a/sys/netinet/in_gif.c +++ b/sys/netinet/in_gif.c @@ -1,5 +1,3 @@ -/* $KAME: in_gif.c,v 1.54 2001/05/14 14:02:16 itojun Exp $ */ - /*- * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. * All rights reserved. @@ -27,16 +25,19 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. + * + * $KAME: in_gif.c,v 1.54 2001/05/14 14:02:16 itojun Exp $ */ #include <sys/cdefs.h> __FBSDID("$FreeBSD$"); -#include "opt_mrouting.h" #include "opt_inet.h" #include "opt_inet6.h" #include <sys/param.h> +#include <sys/lock.h> +#include <sys/rmlock.h> #include <sys/systm.h> #include <sys/socket.h> #include <sys/sockio.h> @@ -65,11 +66,7 @@ __FBSDID("$FreeBSD$"); #include <netinet/ip6.h> #endif -#ifdef MROUTING -#include <netinet/ip_mroute.h> -#endif /* MROUTING */ - -#include <net/if_gif.h> +#include <net/if_gif.h> static int gif_validate4(const struct ip *, struct gif_softc *, struct ifnet *); @@ -92,127 +89,26 @@ SYSCTL_VNET_INT(_net_inet_ip, IPCTL_GIF_TTL, gifttl, CTLFLAG_RW, &VNET_NAME(ip_gif_ttl), 0, ""); int -in_gif_output(struct ifnet *ifp, int family, struct mbuf *m) +in_gif_output(struct ifnet *ifp, struct mbuf *m, int proto, uint8_t ecn) { + GIF_RLOCK_TRACKER; struct gif_softc *sc = ifp->if_softc; - struct sockaddr_in *dst = (struct sockaddr_in *)&sc->gif_ro.ro_dst; - struct sockaddr_in *sin_src = (struct sockaddr_in *)sc->gif_psrc; - struct sockaddr_in *sin_dst = (struct sockaddr_in *)sc->gif_pdst; - struct ip iphdr; /* capsule IP header, host byte ordered */ - struct etherip_header eiphdr; - int error, len, proto; - u_int8_t tos; - - GIF_LOCK_ASSERT(sc); - - if (sin_src == NULL || sin_dst == NULL || - sin_src->sin_family != AF_INET || - sin_dst->sin_family != AF_INET) { - m_freem(m); - return EAFNOSUPPORT; - } - - switch (family) { -#ifdef INET - case AF_INET: - { - struct ip *ip; - - proto = IPPROTO_IPV4; - if (m->m_len < sizeof(*ip)) { - m = m_pullup(m, sizeof(*ip)); - if (!m) - return ENOBUFS; - } - ip = mtod(m, struct ip *); - tos = ip->ip_tos; - break; - } -#endif /* INET */ -#ifdef INET6 - case AF_INET6: - { - struct ip6_hdr *ip6; - proto = IPPROTO_IPV6; - if (m->m_len < sizeof(*ip6)) { - m = m_pullup(m, sizeof(*ip6)); - if (!m) - return ENOBUFS; - } - ip6 = mtod(m, struct ip6_hdr *); - tos = (ntohl(ip6->ip6_flow) >> 20) & 0xff; - break; - } -#endif /* INET6 */ - case AF_LINK: - proto = IPPROTO_ETHERIP; - - /* - * GIF_SEND_REVETHIP (disabled by default) intentionally - * sends an EtherIP packet with revered version field in - * the header. This is a knob for backward compatibility - * with FreeBSD 7.2R or prior. - */ - if ((sc->gif_options & GIF_SEND_REVETHIP)) { - eiphdr.eip_ver = 0; - eiphdr.eip_resvl = ETHERIP_VERSION; - eiphdr.eip_resvh = 0; - } else { - eiphdr.eip_ver = ETHERIP_VERSION; - eiphdr.eip_resvl = 0; - eiphdr.eip_resvh = 0; - } - /* prepend Ethernet-in-IP header */ - M_PREPEND(m, sizeof(struct etherip_header), M_NOWAIT); - if (m && m->m_len < sizeof(struct etherip_header)) - m = m_pullup(m, sizeof(struct etherip_header)); - if (m == NULL) - return ENOBUFS; - bcopy(&eiphdr, mtod(m, struct etherip_header *), - sizeof(struct etherip_header)); - tos = 0; - break; - - default: -#ifdef DEBUG - printf("in_gif_output: warning: unknown family %d passed\n", - family); -#endif - m_freem(m); - return EAFNOSUPPORT; - } - - bzero(&iphdr, sizeof(iphdr)); - iphdr.ip_src = sin_src->sin_addr; - /* bidirectional configured tunnel mode */ - if (sin_dst->sin_addr.s_addr != INADDR_ANY) - iphdr.ip_dst = sin_dst->sin_addr; - else { - m_freem(m); - return ENETUNREACH; - } - iphdr.ip_p = proto; - /* version will be set in ip_output() */ - iphdr.ip_ttl = V_ip_gif_ttl; - iphdr.ip_len = htons(m->m_pkthdr.len + sizeof(struct ip)); - ip_ecn_ingress((ifp->if_flags & IFF_LINK1) ? ECN_ALLOWED : ECN_NOCARE, - &iphdr.ip_tos, &tos); + struct ip *ip; + int len; /* prepend new IP header */ len = sizeof(struct ip); #ifndef __NO_STRICT_ALIGNMENT - if (family == AF_LINK) + if (proto == IPPROTO_ETHERIP) len += ETHERIP_ALIGN; #endif M_PREPEND(m, len, M_NOWAIT); if (m != NULL && m->m_len < len) m = m_pullup(m, len); - if (m == NULL) { - printf("ENOBUFS in in_gif_output %d\n", __LINE__); - return ENOBUFS; - } + if (m == NULL) + return (ENOBUFS); #ifndef __NO_STRICT_ALIGNMENT - if (family == AF_LINK) { + if (proto == IPPROTO_ETHERIP) { len = mtod(m, vm_offset_t) & 3; KASSERT(len == 0 || len == ETHERIP_ALIGN, ("in_gif_output: unexpected misalignment")); @@ -220,147 +116,50 @@ in_gif_output(struct ifnet *ifp, int family, struct mbuf *m) m->m_len -= ETHERIP_ALIGN; } #endif - bcopy(&iphdr, mtod(m, struct ip *), sizeof(struct ip)); - - M_SETFIB(m, sc->gif_fibnum); - - if (dst->sin_family != sin_dst->sin_family || - dst->sin_addr.s_addr != sin_dst->sin_addr.s_addr) { - /* cache route doesn't match */ - bzero(dst, sizeof(*dst)); - dst->sin_family = sin_dst->sin_family; - dst->sin_len = sizeof(struct sockaddr_in); - dst->sin_addr = sin_dst->sin_addr; - if (sc->gif_ro.ro_rt) { - RTFREE(sc->gif_ro.ro_rt); - sc->gif_ro.ro_rt = NULL; - } -#if 0 - GIF2IFP(sc)->if_mtu = GIF_MTU; -#endif - } - - if (sc->gif_ro.ro_rt == NULL) { - in_rtalloc_ign(&sc->gif_ro, 0, sc->gif_fibnum); - if (sc->gif_ro.ro_rt == NULL) { - m_freem(m); - return ENETUNREACH; - } - - /* if it constitutes infinite encapsulation, punt. */ - if (sc->gif_ro.ro_rt->rt_ifp == ifp) { - m_freem(m); - return ENETUNREACH; /* XXX */ - } -#if 0 - ifp->if_mtu = sc->gif_ro.ro_rt->rt_ifp->if_mtu - - sizeof(struct ip); -#endif + ip = mtod(m, struct ip *); + GIF_RLOCK(sc); + if (sc->gif_family != AF_INET) { + m_freem(m); + GIF_RUNLOCK(sc); + return (ENETDOWN); } + bcopy(sc->gif_iphdr, ip, sizeof(struct ip)); + GIF_RUNLOCK(sc); - m->m_flags &= ~(M_BCAST|M_MCAST); - error = ip_output(m, NULL, &sc->gif_ro, 0, NULL, NULL); - - if (!(GIF2IFP(sc)->if_flags & IFF_LINK0) && - sc->gif_ro.ro_rt != NULL) { - RTFREE(sc->gif_ro.ro_rt); - sc->gif_ro.ro_rt = NULL; - } + ip->ip_p = proto; + /* version will be set in ip_output() */ + ip->ip_ttl = V_ip_gif_ttl; + ip->ip_len = htons(m->m_pkthdr.len); + ip->ip_tos = ecn; - return (error); + return (ip_output(m, NULL, NULL, 0, NULL, NULL)); } int in_gif_input(struct mbuf **mp, int *offp, int proto) { - struct mbuf *m; - struct ifnet *gifp = NULL; + struct mbuf *m = *mp; struct gif_softc *sc; + struct ifnet *gifp; struct ip *ip; - int af; - int off; - u_int8_t otos; + uint8_t ecn; - m = *mp; - ip = mtod(m, struct ip *); - off = *offp; - *mp = NULL; - - sc = (struct gif_softc *)encap_getarg(m); + sc = encap_getarg(m); if (sc == NULL) { m_freem(m); KMOD_IPSTAT_INC(ips_nogif); return (IPPROTO_DONE); } - gifp = GIF2IFP(sc); - if (gifp == NULL || (gifp->if_flags & IFF_UP) == 0) { - m_freem(m); - KMOD_IPSTAT_INC(ips_nogif); - return (IPPROTO_DONE); - } - - otos = ip->ip_tos; - m_adj(m, off); - - switch (proto) { -#ifdef INET - case IPPROTO_IPV4: - { - struct ip *ip; - af = AF_INET; - if (m->m_len < sizeof(*ip)) { - m = m_pullup(m, sizeof(*ip)); - if (!m) - return (IPPROTO_DONE); - } + if ((gifp->if_flags & IFF_UP) != 0) { ip = mtod(m, struct ip *); - if (ip_ecn_egress((gifp->if_flags & IFF_LINK1) ? - ECN_ALLOWED : ECN_NOCARE, - &otos, &ip->ip_tos) == 0) { - m_freem(m); - return (IPPROTO_DONE); - } - break; - } -#endif -#ifdef INET6 - case IPPROTO_IPV6: - { - struct ip6_hdr *ip6; - u_int8_t itos, oitos; - - af = AF_INET6; - if (m->m_len < sizeof(*ip6)) { - m = m_pullup(m, sizeof(*ip6)); - if (!m) - return (IPPROTO_DONE); - } - ip6 = mtod(m, struct ip6_hdr *); - itos = oitos = (ntohl(ip6->ip6_flow) >> 20) & 0xff; - if (ip_ecn_egress((gifp->if_flags & IFF_LINK1) ? - ECN_ALLOWED : ECN_NOCARE, - &otos, &itos) == 0) { - m_freem(m); - return (IPPROTO_DONE); - } - if (itos != oitos) { - ip6->ip6_flow &= ~htonl(0xff << 20); - ip6->ip6_flow |= htonl((u_int32_t)itos << 20); - } - break; - } -#endif /* INET6 */ - case IPPROTO_ETHERIP: - af = AF_LINK; - break; - - default: - KMOD_IPSTAT_INC(ips_nogif); + ecn = ip->ip_tos; + m_adj(m, *offp); + gif_input(m, gifp, proto, ecn); + } else { m_freem(m); - return (IPPROTO_DONE); + KMOD_IPSTAT_INC(ips_nogif); } - gif_input(m, af, gifp); return (IPPROTO_DONE); } @@ -370,23 +169,23 @@ in_gif_input(struct mbuf **mp, int *offp, int proto) static int gif_validate4(const struct ip *ip, struct gif_softc *sc, struct ifnet *ifp) { - struct sockaddr_in *src, *dst; struct in_ifaddr *ia4; - src = (struct sockaddr_in *)sc->gif_psrc; - dst = (struct sockaddr_in *)sc->gif_pdst; + GIF_RLOCK_ASSERT(sc); /* check for address match */ - if (src->sin_addr.s_addr != ip->ip_dst.s_addr || - dst->sin_addr.s_addr != ip->ip_src.s_addr) - return 0; + if (sc->gif_iphdr->ip_src.s_addr != ip->ip_dst.s_addr || + sc->gif_iphdr->ip_dst.s_addr != ip->ip_src.s_addr) + return (0); /* martian filters on outer source - NOT done in ip_input! */ if (IN_MULTICAST(ntohl(ip->ip_src.s_addr))) - return 0; + return (0); switch ((ntohl(ip->ip_src.s_addr) & 0xff000000) >> 24) { - case 0: case 127: case 255: - return 0; + case 0: + case 127: + case 255: + return (0); } /* reject packets with broadcast on source */ @@ -397,7 +196,7 @@ gif_validate4(const struct ip *ip, struct gif_softc *sc, struct ifnet *ifp) continue; if (ip->ip_src.s_addr == ia4->ia_broadaddr.sin_addr.s_addr) { IN_IFADDR_RUNLOCK(); - return 0; + return (0); } } IN_IFADDR_RUNLOCK(); @@ -415,19 +214,13 @@ gif_validate4(const struct ip *ip, struct gif_softc *sc, struct ifnet *ifp) rt = in_rtalloc1((struct sockaddr *)&sin, 0, 0UL, sc->gif_fibnum); if (!rt || rt->rt_ifp != ifp) { -#if 0 - log(LOG_WARNING, "%s: packet from 0x%x dropped " - "due to ingress filter\n", if_name(GIF2IFP(sc)), - (u_int32_t)ntohl(sin.sin_addr.s_addr)); -#endif if (rt) RTFREE_LOCKED(rt); - return 0; + return (0); } RTFREE_LOCKED(rt); } - - return 32 * 2; + return (32 * 2); } /* @@ -435,7 +228,7 @@ gif_validate4(const struct ip *ip, struct gif_softc *sc, struct ifnet *ifp) * matched the physical addr family. see gif_encapcheck(). */ int -gif_encapcheck4(const struct mbuf *m, int off, int proto, void *arg) +in_gif_encapcheck(const struct mbuf *m, int off, int proto, void *arg) { struct ip ip; struct gif_softc *sc; @@ -443,31 +236,21 @@ gif_encapcheck4(const struct mbuf *m, int off, int proto, void *arg) /* sanity check done in caller */ sc = (struct gif_softc *)arg; + GIF_RLOCK_ASSERT(sc); - /* LINTED const cast */ m_copydata(m, 0, sizeof(ip), (caddr_t)&ip); ifp = ((m->m_flags & M_PKTHDR) != 0) ? m->m_pkthdr.rcvif : NULL; - - return gif_validate4(&ip, sc, ifp); + return (gif_validate4(&ip, sc, ifp)); } int in_gif_attach(struct gif_softc *sc) { - sc->encap_cookie4 = encap_attach_func(AF_INET, -1, gif_encapcheck, - &in_gif_protosw, sc); - if (sc->encap_cookie4 == NULL) - return EEXIST; - return 0; -} - -int -in_gif_detach(struct gif_softc *sc) -{ - int error; - error = encap_detach(sc->encap_cookie4); - if (error == 0) - sc->encap_cookie4 = NULL; - return error; + KASSERT(sc->gif_ecookie == NULL, ("gif_ecookie isn't NULL")); + sc->gif_ecookie = encap_attach_func(AF_INET, -1, gif_encapcheck, + &in_gif_protosw, sc); + if (sc->gif_ecookie == NULL) + return (EEXIST); + return (0); } diff --git a/sys/netinet/in_gif.h b/sys/netinet/in_gif.h index 15cbef1..d48d881 100644 --- a/sys/netinet/in_gif.h +++ b/sys/netinet/in_gif.h @@ -37,9 +37,8 @@ struct gif_softc; int in_gif_input(struct mbuf **, int *, int); -int in_gif_output(struct ifnet *, int, struct mbuf *); -int gif_encapcheck4(const struct mbuf *, int, int, void *); +int in_gif_output(struct ifnet *, struct mbuf *, int, uint8_t); +int in_gif_encapcheck(const struct mbuf *, int, int, void *); int in_gif_attach(struct gif_softc *); -int in_gif_detach(struct gif_softc *); #endif /*_NETINET_IN_GIF_H_*/ diff --git a/sys/netinet/sctp_header.h b/sys/netinet/sctp_header.h index 9e03d78..f322e04 100644 --- a/sys/netinet/sctp_header.h +++ b/sys/netinet/sctp_header.h @@ -450,6 +450,11 @@ struct sctp_pktdrop_chunk { /**********STREAM RESET STUFF ******************/ +struct sctp_stream_reset_request { + struct sctp_paramhdr ph; + uint32_t request_seq; +} SCTP_PACKED; + struct sctp_stream_reset_out_request { struct sctp_paramhdr ph; uint32_t request_seq; /* monotonically increasing seq no */ @@ -464,7 +469,6 @@ struct sctp_stream_reset_in_request { uint16_t list_of_streams[]; /* if not all list of streams */ } SCTP_PACKED; - struct sctp_stream_reset_tsn_request { struct sctp_paramhdr ph; uint32_t request_seq; diff --git a/sys/netinet/sctp_input.c b/sys/netinet/sctp_input.c index d076943..62de260 100644 --- a/sys/netinet/sctp_input.c +++ b/sys/netinet/sctp_input.c @@ -3496,12 +3496,12 @@ sctp_reset_out_streams(struct sctp_tcb *stcb, uint32_t number_entries, uint16_t } -struct sctp_stream_reset_out_request * +struct sctp_stream_reset_request * sctp_find_stream_reset(struct sctp_tcb *stcb, uint32_t seq, struct sctp_tmit_chunk **bchk) { struct sctp_association *asoc; struct sctp_chunkhdr *ch; - struct sctp_stream_reset_out_request *r; + struct sctp_stream_reset_request *r; struct sctp_tmit_chunk *chk; int len, clen; @@ -3524,7 +3524,7 @@ sctp_find_stream_reset(struct sctp_tcb *stcb, uint32_t seq, struct sctp_tmit_chu } clen = chk->send_size; ch = mtod(chk->data, struct sctp_chunkhdr *); - r = (struct sctp_stream_reset_out_request *)(ch + 1); + r = (struct sctp_stream_reset_request *)(ch + 1); if (ntohl(r->request_seq) == seq) { /* found it */ return (r); @@ -3532,7 +3532,7 @@ sctp_find_stream_reset(struct sctp_tcb *stcb, uint32_t seq, struct sctp_tmit_chu len = SCTP_SIZE32(ntohs(r->ph.param_length)); if (clen > (len + (int)sizeof(struct sctp_chunkhdr))) { /* move to the next one, there can only be a max of two */ - r = (struct sctp_stream_reset_out_request *)((caddr_t)r + len); + r = (struct sctp_stream_reset_request *)((caddr_t)r + len); if (ntohl(r->request_seq) == seq) { return (r); } @@ -3576,7 +3576,9 @@ sctp_handle_stream_reset_response(struct sctp_tcb *stcb, int lparm_len; struct sctp_association *asoc = &stcb->asoc; struct sctp_tmit_chunk *chk; - struct sctp_stream_reset_out_request *srparam; + struct sctp_stream_reset_request *req_param; + struct sctp_stream_reset_out_request *req_out_param; + struct sctp_stream_reset_in_request *req_in_param; uint32_t number_entries; if (asoc->stream_reset_outstanding == 0) { @@ -3584,35 +3586,36 @@ sctp_handle_stream_reset_response(struct sctp_tcb *stcb, return (0); } if (seq == stcb->asoc.str_reset_seq_out) { - srparam = sctp_find_stream_reset(stcb, seq, &chk); - if (srparam) { + req_param = sctp_find_stream_reset(stcb, seq, &chk); + if (req_param != NULL) { stcb->asoc.str_reset_seq_out++; - type = ntohs(srparam->ph.param_type); - lparm_len = ntohs(srparam->ph.param_length); + type = ntohs(req_param->ph.param_type); + lparm_len = ntohs(req_param->ph.param_length); if (type == SCTP_STR_RESET_OUT_REQUEST) { + req_out_param = (struct sctp_stream_reset_out_request *)req_param; number_entries = (lparm_len - sizeof(struct sctp_stream_reset_out_request)) / sizeof(uint16_t); asoc->stream_reset_out_is_outstanding = 0; if (asoc->stream_reset_outstanding) asoc->stream_reset_outstanding--; if (action == SCTP_STREAM_RESET_RESULT_PERFORMED) { /* do it */ - sctp_reset_out_streams(stcb, number_entries, srparam->list_of_streams); + sctp_reset_out_streams(stcb, number_entries, req_out_param->list_of_streams); } else if (action == SCTP_STREAM_RESET_RESULT_DENIED) { - sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_DENIED_OUT, stcb, number_entries, srparam->list_of_streams, SCTP_SO_NOT_LOCKED); + sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_DENIED_OUT, stcb, number_entries, req_out_param->list_of_streams, SCTP_SO_NOT_LOCKED); } else { - sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_FAILED_OUT, stcb, number_entries, srparam->list_of_streams, SCTP_SO_NOT_LOCKED); + sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_FAILED_OUT, stcb, number_entries, req_out_param->list_of_streams, SCTP_SO_NOT_LOCKED); } } else if (type == SCTP_STR_RESET_IN_REQUEST) { - /* Answered my request */ + req_in_param = (struct sctp_stream_reset_in_request *)req_param; number_entries = (lparm_len - sizeof(struct sctp_stream_reset_in_request)) / sizeof(uint16_t); if (asoc->stream_reset_outstanding) asoc->stream_reset_outstanding--; if (action == SCTP_STREAM_RESET_RESULT_DENIED) { sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_DENIED_IN, stcb, - number_entries, srparam->list_of_streams, SCTP_SO_NOT_LOCKED); + number_entries, req_in_param->list_of_streams, SCTP_SO_NOT_LOCKED); } else if (action != SCTP_STREAM_RESET_RESULT_PERFORMED) { sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_FAILED_IN, stcb, - number_entries, srparam->list_of_streams, SCTP_SO_NOT_LOCKED); + number_entries, req_in_param->list_of_streams, SCTP_SO_NOT_LOCKED); } } else if (type == SCTP_STR_RESET_ADD_OUT_STREAMS) { /* Ok we now may have more streams */ diff --git a/sys/netinet/sctp_input.h b/sys/netinet/sctp_input.h index 9520803..0c3f8a5 100644 --- a/sys/netinet/sctp_input.h +++ b/sys/netinet/sctp_input.h @@ -48,7 +48,7 @@ sctp_common_input_processing(struct mbuf **, int, int, int, uint8_t, uint32_t, uint32_t, uint16_t); -struct sctp_stream_reset_out_request * +struct sctp_stream_reset_request * sctp_find_stream_reset(struct sctp_tcb *stcb, uint32_t seq, struct sctp_tmit_chunk **bchk); diff --git a/sys/netinet6/in6_gif.c b/sys/netinet6/in6_gif.c index b792ed5..6d48b5d 100644 --- a/sys/netinet6/in6_gif.c +++ b/sys/netinet6/in6_gif.c @@ -36,6 +36,8 @@ __FBSDID("$FreeBSD$"); #include "opt_inet6.h" #include <sys/param.h> +#include <sys/lock.h> +#include <sys/rmlock.h> #include <sys/systm.h> #include <sys/socket.h> #include <sys/sockio.h> @@ -95,113 +97,26 @@ struct protosw in6_gif_protosw = { }; int -in6_gif_output(struct ifnet *ifp, - int family, /* family of the packet to be encapsulate */ - struct mbuf *m) +in6_gif_output(struct ifnet *ifp, struct mbuf *m, int proto, uint8_t ecn) { + GIF_RLOCK_TRACKER; struct gif_softc *sc = ifp->if_softc; - struct sockaddr_in6 *dst = (struct sockaddr_in6 *)&sc->gif_ro6.ro_dst; - struct sockaddr_in6 *sin6_src = (struct sockaddr_in6 *)sc->gif_psrc; - struct sockaddr_in6 *sin6_dst = (struct sockaddr_in6 *)sc->gif_pdst; struct ip6_hdr *ip6; - struct etherip_header eiphdr; - int error, len, proto; - u_int8_t itos, otos; - - GIF_LOCK_ASSERT(sc); - - if (sin6_src == NULL || sin6_dst == NULL || - sin6_src->sin6_family != AF_INET6 || - sin6_dst->sin6_family != AF_INET6) { - m_freem(m); - return EAFNOSUPPORT; - } - - switch (family) { -#ifdef INET - case AF_INET: - { - struct ip *ip; - - proto = IPPROTO_IPV4; - if (m->m_len < sizeof(*ip)) { - m = m_pullup(m, sizeof(*ip)); - if (!m) - return ENOBUFS; - } - ip = mtod(m, struct ip *); - itos = ip->ip_tos; - break; - } -#endif -#ifdef INET6 - case AF_INET6: - { - struct ip6_hdr *ip6; - proto = IPPROTO_IPV6; - if (m->m_len < sizeof(*ip6)) { - m = m_pullup(m, sizeof(*ip6)); - if (!m) - return ENOBUFS; - } - ip6 = mtod(m, struct ip6_hdr *); - itos = (ntohl(ip6->ip6_flow) >> 20) & 0xff; - break; - } -#endif - case AF_LINK: - proto = IPPROTO_ETHERIP; - - /* - * GIF_SEND_REVETHIP (disabled by default) intentionally - * sends an EtherIP packet with revered version field in - * the header. This is a knob for backward compatibility - * with FreeBSD 7.2R or prior. - */ - if ((sc->gif_options & GIF_SEND_REVETHIP)) { - eiphdr.eip_ver = 0; - eiphdr.eip_resvl = ETHERIP_VERSION; - eiphdr.eip_resvh = 0; - } else { - eiphdr.eip_ver = ETHERIP_VERSION; - eiphdr.eip_resvl = 0; - eiphdr.eip_resvh = 0; - } - /* prepend Ethernet-in-IP header */ - M_PREPEND(m, sizeof(struct etherip_header), M_NOWAIT); - if (m && m->m_len < sizeof(struct etherip_header)) - m = m_pullup(m, sizeof(struct etherip_header)); - if (m == NULL) - return ENOBUFS; - bcopy(&eiphdr, mtod(m, struct etherip_header *), - sizeof(struct etherip_header)); - itos = 0; - break; - - default: -#ifdef DEBUG - printf("in6_gif_output: warning: unknown family %d passed\n", - family); -#endif - m_freem(m); - return EAFNOSUPPORT; - } + int len; /* prepend new IP header */ len = sizeof(struct ip6_hdr); #ifndef __NO_STRICT_ALIGNMENT - if (family == AF_LINK) + if (proto == IPPROTO_ETHERIP) len += ETHERIP_ALIGN; #endif M_PREPEND(m, len, M_NOWAIT); if (m != NULL && m->m_len < len) m = m_pullup(m, len); - if (m == NULL) { - printf("ENOBUFS in in6_gif_output %d\n", __LINE__); - return ENOBUFS; - } + if (m == NULL) + return (ENOBUFS); #ifndef __NO_STRICT_ALIGNMENT - if (family == AF_LINK) { + if (proto == IPPROTO_ETHERIP) { len = mtod(m, vm_offset_t) & 3; KASSERT(len == 0 || len == ETHERIP_ALIGN, ("in6_gif_output: unexpected misalignment")); @@ -211,166 +126,52 @@ in6_gif_output(struct ifnet *ifp, #endif ip6 = mtod(m, struct ip6_hdr *); - ip6->ip6_flow = 0; - ip6->ip6_vfc &= ~IPV6_VERSION_MASK; - ip6->ip6_vfc |= IPV6_VERSION; - ip6->ip6_plen = htons((u_short)m->m_pkthdr.len); - ip6->ip6_nxt = proto; - ip6->ip6_hlim = V_ip6_gif_hlim; - ip6->ip6_src = sin6_src->sin6_addr; - /* bidirectional configured tunnel mode */ - if (!IN6_IS_ADDR_UNSPECIFIED(&sin6_dst->sin6_addr)) - ip6->ip6_dst = sin6_dst->sin6_addr; - else { + GIF_RLOCK(sc); + if (sc->gif_family != AF_INET6) { m_freem(m); - return ENETUNREACH; + GIF_RUNLOCK(sc); + return (ENETDOWN); } - ip_ecn_ingress((ifp->if_flags & IFF_LINK1) ? ECN_ALLOWED : ECN_NOCARE, - &otos, &itos); - ip6->ip6_flow &= ~htonl(0xff << 20); - ip6->ip6_flow |= htonl((u_int32_t)otos << 20); + bcopy(sc->gif_ip6hdr, ip6, sizeof(struct ip6_hdr)); + GIF_RUNLOCK(sc); - M_SETFIB(m, sc->gif_fibnum); - - if (dst->sin6_family != sin6_dst->sin6_family || - !IN6_ARE_ADDR_EQUAL(&dst->sin6_addr, &sin6_dst->sin6_addr)) { - /* cache route doesn't match */ - bzero(dst, sizeof(*dst)); - dst->sin6_family = sin6_dst->sin6_family; - dst->sin6_len = sizeof(struct sockaddr_in6); - dst->sin6_addr = sin6_dst->sin6_addr; - if (sc->gif_ro6.ro_rt) { - RTFREE(sc->gif_ro6.ro_rt); - sc->gif_ro6.ro_rt = NULL; - } -#if 0 - GIF2IFP(sc)->if_mtu = GIF_MTU; -#endif - } - - if (sc->gif_ro6.ro_rt == NULL) { - in6_rtalloc(&sc->gif_ro6, sc->gif_fibnum); - if (sc->gif_ro6.ro_rt == NULL) { - m_freem(m); - return ENETUNREACH; - } - - /* if it constitutes infinite encapsulation, punt. */ - if (sc->gif_ro.ro_rt->rt_ifp == ifp) { - m_freem(m); - return ENETUNREACH; /*XXX*/ - } -#if 0 - ifp->if_mtu = sc->gif_ro6.ro_rt->rt_ifp->if_mtu - - sizeof(struct ip6_hdr); -#endif - } - - m->m_flags &= ~(M_BCAST|M_MCAST); -#ifdef IPV6_MINMTU + ip6->ip6_flow |= htonl((uint32_t)ecn << 20); + ip6->ip6_nxt = proto; + ip6->ip6_hlim = V_ip6_gif_hlim; /* * force fragmentation to minimum MTU, to avoid path MTU discovery. * it is too painful to ask for resend of inner packet, to achieve * path MTU discovery for encapsulated packets. */ - error = ip6_output(m, 0, &sc->gif_ro6, IPV6_MINMTU, 0, NULL, NULL); -#else - error = ip6_output(m, 0, &sc->gif_ro6, 0, 0, NULL, NULL); -#endif - - if (!(GIF2IFP(sc)->if_flags & IFF_LINK0) && - sc->gif_ro6.ro_rt != NULL) { - RTFREE(sc->gif_ro6.ro_rt); - sc->gif_ro6.ro_rt = NULL; - } - - return (error); + return (ip6_output(m, 0, NULL, IPV6_MINMTU, 0, NULL, NULL)); } int in6_gif_input(struct mbuf **mp, int *offp, int proto) { struct mbuf *m = *mp; - struct ifnet *gifp = NULL; + struct ifnet *gifp; struct gif_softc *sc; struct ip6_hdr *ip6; - int af = 0; - u_int32_t otos; + uint8_t ecn; - ip6 = mtod(m, struct ip6_hdr *); - - sc = (struct gif_softc *)encap_getarg(m); + sc = encap_getarg(m); if (sc == NULL) { m_freem(m); IP6STAT_INC(ip6s_nogif); - return IPPROTO_DONE; + return (IPPROTO_DONE); } - gifp = GIF2IFP(sc); - if (gifp == NULL || (gifp->if_flags & IFF_UP) == 0) { - m_freem(m); - IP6STAT_INC(ip6s_nogif); - return IPPROTO_DONE; - } - - otos = ip6->ip6_flow; - m_adj(m, *offp); - - switch (proto) { -#ifdef INET - case IPPROTO_IPV4: - { - struct ip *ip; - u_int8_t otos8; - af = AF_INET; - otos8 = (ntohl(otos) >> 20) & 0xff; - if (m->m_len < sizeof(*ip)) { - m = m_pullup(m, sizeof(*ip)); - if (!m) - return IPPROTO_DONE; - } - ip = mtod(m, struct ip *); - if (ip_ecn_egress((gifp->if_flags & IFF_LINK1) ? - ECN_ALLOWED : ECN_NOCARE, - &otos8, &ip->ip_tos) == 0) { - m_freem(m); - return IPPROTO_DONE; - } - break; - } -#endif /* INET */ -#ifdef INET6 - case IPPROTO_IPV6: - { - struct ip6_hdr *ip6; - af = AF_INET6; - if (m->m_len < sizeof(*ip6)) { - m = m_pullup(m, sizeof(*ip6)); - if (!m) - return IPPROTO_DONE; - } + if ((gifp->if_flags & IFF_UP) != 0) { ip6 = mtod(m, struct ip6_hdr *); - if (ip6_ecn_egress((gifp->if_flags & IFF_LINK1) ? - ECN_ALLOWED : ECN_NOCARE, - &otos, &ip6->ip6_flow) == 0) { - m_freem(m); - return IPPROTO_DONE; - } - break; - } -#endif - case IPPROTO_ETHERIP: - af = AF_LINK; - break; - - default: - IP6STAT_INC(ip6s_nogif); + ecn = (ntohl(ip6->ip6_flow) >> 20) & 0xff; + m_adj(m, *offp); + gif_input(m, gifp, proto, ecn); + } else { m_freem(m); - return IPPROTO_DONE; + IP6STAT_INC(ip6s_nogif); } - - gif_input(m, af, gifp); - return IPPROTO_DONE; + return (IPPROTO_DONE); } /* @@ -380,19 +181,16 @@ static int gif_validate6(const struct ip6_hdr *ip6, struct gif_softc *sc, struct ifnet *ifp) { - struct sockaddr_in6 *src, *dst; - - src = (struct sockaddr_in6 *)sc->gif_psrc; - dst = (struct sockaddr_in6 *)sc->gif_pdst; + GIF_RLOCK_ASSERT(sc); /* * Check for address match. Note that the check is for an incoming * packet. We should compare the *source* address in our configuration * and the *destination* address of the packet, and vice versa. */ - if (!IN6_ARE_ADDR_EQUAL(&src->sin6_addr, &ip6->ip6_dst) || - !IN6_ARE_ADDR_EQUAL(&dst->sin6_addr, &ip6->ip6_src)) - return 0; + if (!IN6_ARE_ADDR_EQUAL(&sc->gif_ip6hdr->ip6_src, &ip6->ip6_dst) || + !IN6_ARE_ADDR_EQUAL(&sc->gif_ip6hdr->ip6_dst, &ip6->ip6_src)) + return (0); /* martian filters on outer source - done in ip6_input */ @@ -410,29 +208,22 @@ gif_validate6(const struct ip6_hdr *ip6, struct gif_softc *sc, rt = in6_rtalloc1((struct sockaddr *)&sin6, 0, 0UL, sc->gif_fibnum); if (!rt || rt->rt_ifp != ifp) { -#if 0 - char ip6buf[INET6_ADDRSTRLEN]; - log(LOG_WARNING, "%s: packet from %s dropped " - "due to ingress filter\n", if_name(GIF2IFP(sc)), - ip6_sprintf(ip6buf, &sin6.sin6_addr)); -#endif if (rt) RTFREE_LOCKED(rt); - return 0; + return (0); } RTFREE_LOCKED(rt); } - return 128 * 2; + return (128 * 2); } /* * we know that we are in IFF_UP, outer address available, and outer family * matched the physical addr family. see gif_encapcheck(). - * sanity check for arg should have been done in the caller. */ int -gif_encapcheck6(const struct mbuf *m, int off, int proto, void *arg) +in6_gif_encapcheck(const struct mbuf *m, int off, int proto, void *arg) { struct ip6_hdr ip6; struct gif_softc *sc; @@ -440,31 +231,21 @@ gif_encapcheck6(const struct mbuf *m, int off, int proto, void *arg) /* sanity check done in caller */ sc = (struct gif_softc *)arg; + GIF_RLOCK_ASSERT(sc); - /* LINTED const cast */ m_copydata(m, 0, sizeof(ip6), (caddr_t)&ip6); ifp = ((m->m_flags & M_PKTHDR) != 0) ? m->m_pkthdr.rcvif : NULL; - - return gif_validate6(&ip6, sc, ifp); + return (gif_validate6(&ip6, sc, ifp)); } int in6_gif_attach(struct gif_softc *sc) { - sc->encap_cookie6 = encap_attach_func(AF_INET6, -1, gif_encapcheck, - (void *)&in6_gif_protosw, sc); - if (sc->encap_cookie6 == NULL) - return EEXIST; - return 0; -} - -int -in6_gif_detach(struct gif_softc *sc) -{ - int error; - error = encap_detach(sc->encap_cookie6); - if (error == 0) - sc->encap_cookie6 = NULL; - return error; + KASSERT(sc->gif_ecookie == NULL, ("gif_ecookie isn't NULL")); + sc->gif_ecookie = encap_attach_func(AF_INET6, -1, gif_encapcheck, + (void *)&in6_gif_protosw, sc); + if (sc->gif_ecookie == NULL) + return (EEXIST); + return (0); } diff --git a/sys/netinet6/in6_gif.h b/sys/netinet6/in6_gif.h index e118417..1246171 100644 --- a/sys/netinet6/in6_gif.h +++ b/sys/netinet6/in6_gif.h @@ -37,9 +37,8 @@ struct gif_softc; int in6_gif_input(struct mbuf **, int *, int); -int in6_gif_output(struct ifnet *, int, struct mbuf *); -int gif_encapcheck6(const struct mbuf *, int, int, void *); +int in6_gif_output(struct ifnet *, struct mbuf *, int, uint8_t); +int in6_gif_encapcheck(const struct mbuf *, int, int, void *); int in6_gif_attach(struct gif_softc *); -int in6_gif_detach(struct gif_softc *); #endif /* _NETINET6_IN6_GIF_H_ */ diff --git a/sys/nfs/bootp_subr.c b/sys/nfs/bootp_subr.c index 83a3d07..5e3145e 100644 --- a/sys/nfs/bootp_subr.c +++ b/sys/nfs/bootp_subr.c @@ -1452,7 +1452,7 @@ bootpc_decode_reply(struct nfsv3_diskless *nd, struct bootpc_ifcontext *ifctx, * the server value). */ p = NULL; - if ((s = getenv("vfs.root.mountfrom")) != NULL) { + if ((s = kern_getenv("vfs.root.mountfrom")) != NULL) { if ((p = strstr(s, "nfs:")) != NULL) p = strdup(p + 4, M_TEMP); freeenv(s); @@ -1723,7 +1723,7 @@ retry: if (gctx->gotrootpath != 0) { - setenv("boot.netif.name", ifctx->ifp->if_xname); + kern_setenv("boot.netif.name", ifctx->ifp->if_xname); error = md_mount(&nd->root_saddr, nd->root_hostnam, nd->root_fh, &nd->root_fhsize, diff --git a/sys/nfs/nfs_diskless.c b/sys/nfs/nfs_diskless.c index 26f5036..3882007 100644 --- a/sys/nfs/nfs_diskless.c +++ b/sys/nfs/nfs_diskless.c @@ -175,7 +175,7 @@ nfs_setup_diskless(void) return; /* get handle size. If this succeeds, it's an NFSv3 setup. */ - if ((cp = getenv("boot.nfsroot.nfshandlelen")) != NULL) { + if ((cp = kern_getenv("boot.nfsroot.nfshandlelen")) != NULL) { cnt = sscanf(cp, "%d", &len); freeenv(cp); if (cnt != 1 || len == 0 || len > NFSX_V3FHMAX) { @@ -237,7 +237,7 @@ nfs_setup_diskless(void) printf("nfs_diskless: no interface\n"); return; /* no matching interface */ match_done: - setenv("boot.netif.name", ifp->if_xname); + kern_setenv("boot.netif.name", ifp->if_xname); if (is_nfsv3 != 0) { strlcpy(nd3->myif.ifra_name, ifp->if_xname, sizeof(nd3->myif.ifra_name)); @@ -267,11 +267,11 @@ match_done: printf("nfs_diskless: bad NFS handle len=%d\n", fhlen); return; } - if ((cp = getenv("boot.nfsroot.path")) != NULL) { + if ((cp = kern_getenv("boot.nfsroot.path")) != NULL) { strncpy(nd3->root_hostnam, cp, MNAMELEN - 1); freeenv(cp); } - if ((cp = getenv("boot.nfsroot.options")) != NULL) { + if ((cp = kern_getenv("boot.nfsroot.options")) != NULL) { nfs_parse_options(cp, &nd3->root_args); freeenv(cp); } @@ -301,11 +301,11 @@ match_done: printf("nfs_diskless: no NFS handle\n"); return; } - if ((cp = getenv("boot.nfsroot.path")) != NULL) { + if ((cp = kern_getenv("boot.nfsroot.path")) != NULL) { strncpy(nd->root_hostnam, cp, MNAMELEN - 1); freeenv(cp); } - if ((cp = getenv("boot.nfsroot.options")) != NULL) { + if ((cp = kern_getenv("boot.nfsroot.options")) != NULL) { struct nfs_args args; /* @@ -339,7 +339,7 @@ inaddr_to_sockaddr(char *ev, struct sockaddr_in *sa) sa->sin_len = sizeof(*sa); sa->sin_family = AF_INET; - if ((cp = getenv(ev)) == NULL) + if ((cp = kern_getenv(ev)) == NULL) return (1); count = sscanf(cp, "%d.%d.%d.%d", &a[0], &a[1], &a[2], &a[3]); freeenv(cp); @@ -362,7 +362,7 @@ hwaddr_to_sockaddr(char *ev, struct sockaddr_dl *sa) sa->sdl_family = AF_LINK; sa->sdl_type = IFT_ETHER; sa->sdl_alen = ETHER_ADDR_LEN; - if ((cp = getenv(ev)) == NULL) + if ((cp = kern_getenv(ev)) == NULL) return (1); count = sscanf(cp, "%x:%x:%x:%x:%x:%x", &a[0], &a[1], &a[2], &a[3], &a[4], &a[5]); @@ -384,7 +384,7 @@ decode_nfshandle(char *ev, u_char *fh, int maxfh) u_char *cp, *ep; int len, val; - ep = cp = getenv(ev); + ep = cp = kern_getenv(ev); if (cp == NULL) return (0); if ((strlen(cp) < 2) || (*cp != 'X')) { diff --git a/sys/nfsclient/nfs_vfsops.c b/sys/nfsclient/nfs_vfsops.c index cf63c5e..0c002d2 100644 --- a/sys/nfsclient/nfs_vfsops.c +++ b/sys/nfsclient/nfs_vfsops.c @@ -485,7 +485,7 @@ nfs_mountroot(struct mount *mp) if (error) panic("nfs_mountroot: SIOCAIFADDR: %d", error); - if ((cp = getenv("boot.netif.mtu")) != NULL) { + if ((cp = kern_getenv("boot.netif.mtu")) != NULL) { ir.ifr_mtu = strtol(cp, NULL, 10); bcopy(nd->myif.ifra_name, ir.ifr_name, IFNAMSIZ); freeenv(cp); diff --git a/sys/ofed/drivers/infiniband/core/addr.c b/sys/ofed/drivers/infiniband/core/addr.c index f454ffb..f608244 100644 --- a/sys/ofed/drivers/infiniband/core/addr.c +++ b/sys/ofed/drivers/infiniband/core/addr.c @@ -35,10 +35,15 @@ #include <linux/mutex.h> #include <linux/inetdevice.h> +#include <linux/slab.h> #include <linux/workqueue.h> +#include <linux/module.h> +#include <linux/notifier.h> #include <net/route.h> #include <net/netevent.h> #include <rdma/ib_addr.h> +#include <netinet/if_ether.h> + MODULE_AUTHOR("Sean Hefty"); MODULE_DESCRIPTION("IB Address Translation"); @@ -189,13 +194,11 @@ static void set_timeout(unsigned long time) { unsigned long delay; - cancel_delayed_work(&work); - delay = time - jiffies; if ((long)delay <= 0) delay = 1; - queue_delayed_work(addr_wq, &work, delay); + mod_delayed_work(addr_wq, &work, delay); } static void queue_req(struct addr_req *req) @@ -620,7 +623,7 @@ static struct notifier_block nb = { .notifier_call = netevent_callback }; -static int addr_init(void) +static int __init addr_init(void) { INIT_DELAYED_WORK(&work, process_req); addr_wq = create_singlethread_workqueue("ib_addr"); @@ -631,7 +634,7 @@ static int addr_init(void) return 0; } -static void addr_cleanup(void) +static void __exit addr_cleanup(void) { unregister_netevent_notifier(&nb); destroy_workqueue(addr_wq); diff --git a/sys/ofed/drivers/infiniband/core/agent.c b/sys/ofed/drivers/infiniband/core/agent.c index 91916a8..2bc7f5a 100644 --- a/sys/ofed/drivers/infiniband/core/agent.c +++ b/sys/ofed/drivers/infiniband/core/agent.c @@ -101,7 +101,8 @@ void agent_send_response(struct ib_mad *mad, struct ib_grh *grh, agent = port_priv->agent[qpn]; ah = ib_create_ah_from_wc(agent->qp->pd, wc, grh, port_num); if (IS_ERR(ah)) { - printk(KERN_ERR SPFX "ib_create_ah_from_wc error\n"); + printk(KERN_ERR SPFX "ib_create_ah_from_wc error %ld\n", + PTR_ERR(ah)); return; } diff --git a/sys/ofed/drivers/infiniband/core/ucm.c b/sys/ofed/drivers/infiniband/core/ucm.c index 5494da3..b912ebe 100644 --- a/sys/ofed/drivers/infiniband/core/ucm.c +++ b/sys/ofed/drivers/infiniband/core/ucm.c @@ -38,7 +38,6 @@ #include <linux/err.h> #include <linux/poll.h> #include <linux/file.h> -#include <linux/mount.h> #include <linux/cdev.h> #include <linux/idr.h> #include <linux/mutex.h> diff --git a/sys/ofed/drivers/infiniband/core/uverbs_main.c b/sys/ofed/drivers/infiniband/core/uverbs_main.c index c51b810..30b9259 100644 --- a/sys/ofed/drivers/infiniband/core/uverbs_main.c +++ b/sys/ofed/drivers/infiniband/core/uverbs_main.c @@ -40,7 +40,6 @@ #include <linux/fs.h> #include <linux/poll.h> #include <linux/file.h> -#include <linux/mount.h> #include <linux/cdev.h> #include <asm/uaccess.h> diff --git a/sys/ofed/drivers/infiniband/hw/mlx4/ah.c b/sys/ofed/drivers/infiniband/hw/mlx4/ah.c index 47c9aa0..fe35e62 100644 --- a/sys/ofed/drivers/infiniband/hw/mlx4/ah.c +++ b/sys/ofed/drivers/infiniband/hw/mlx4/ah.c @@ -38,7 +38,6 @@ #include <rdma/ib_cache.h> #include <linux/slab.h> -#include <linux/inet.h> #include <linux/string.h> #include "mlx4_ib.h" diff --git a/sys/ofed/drivers/infiniband/hw/mthca/mthca_config_reg.h b/sys/ofed/drivers/infiniband/hw/mthca/mthca_config_reg.h index 75671f7..43c0894 100644 --- a/sys/ofed/drivers/infiniband/hw/mthca/mthca_config_reg.h +++ b/sys/ofed/drivers/infiniband/hw/mthca/mthca_config_reg.h @@ -34,7 +34,7 @@ #ifndef MTHCA_CONFIG_REG_H #define MTHCA_CONFIG_REG_H -#include <asm/page.h> +#include <linux/page.h> #define MTHCA_HCR_BASE 0x80680 #define MTHCA_HCR_SIZE 0x0001c diff --git a/sys/ofed/drivers/infiniband/hw/mthca/mthca_memfree.c b/sys/ofed/drivers/infiniband/hw/mthca/mthca_memfree.c index cc5c867..0cdebaf 100644 --- a/sys/ofed/drivers/infiniband/hw/mthca/mthca_memfree.c +++ b/sys/ofed/drivers/infiniband/hw/mthca/mthca_memfree.c @@ -36,7 +36,7 @@ #include <linux/scatterlist.h> #include <linux/sched.h> -#include <asm/page.h> +#include <linux/page.h> #include "mthca_memfree.h" #include "mthca_dev.h" diff --git a/sys/ofed/drivers/infiniband/hw/mthca/mthca_uar.c b/sys/ofed/drivers/infiniband/hw/mthca/mthca_uar.c index ca5900c..5c9ad23 100644 --- a/sys/ofed/drivers/infiniband/hw/mthca/mthca_uar.c +++ b/sys/ofed/drivers/infiniband/hw/mthca/mthca_uar.c @@ -30,7 +30,7 @@ * SOFTWARE. */ -#include <asm/page.h> /* PAGE_SHIFT */ +#include <linux/page.h> #include "mthca_dev.h" #include "mthca_memfree.h" diff --git a/sys/ofed/drivers/infiniband/ulp/ipoib/ipoib_ethtool.c b/sys/ofed/drivers/infiniband/ulp/ipoib/ipoib_ethtool.c index ec52712..04819a9 100644 --- a/sys/ofed/drivers/infiniband/ulp/ipoib/ipoib_ethtool.c +++ b/sys/ofed/drivers/infiniband/ulp/ipoib/ipoib_ethtool.c @@ -31,7 +31,6 @@ */ #include <linux/kernel.h> -#include <linux/ethtool.h> #include <linux/netdevice.h> #include "ipoib.h" diff --git a/sys/ofed/drivers/infiniband/ulp/ipoib/ipoib_verbs.c b/sys/ofed/drivers/infiniband/ulp/ipoib/ipoib_verbs.c index fb9a27a..214f81a 100644 --- a/sys/ofed/drivers/infiniband/ulp/ipoib/ipoib_verbs.c +++ b/sys/ofed/drivers/infiniband/ulp/ipoib/ipoib_verbs.c @@ -32,7 +32,6 @@ */ #include "ipoib.h" -#include <linux/ethtool.h> int ipoib_mcast_attach(struct ipoib_dev_priv *priv, u16 mlid, union ib_gid *mgid, int set_qkey) { diff --git a/sys/ofed/drivers/net/mlx4/Makefile b/sys/ofed/drivers/net/mlx4/Makefile index d6fe775..dc0e2a3 100644 --- a/sys/ofed/drivers/net/mlx4/Makefile +++ b/sys/ofed/drivers/net/mlx4/Makefile @@ -31,4 +31,3 @@ opt_inet6.h: .include <bsd.kmod.mk> CFLAGS+= -Wno-cast-qual -Wno-pointer-arith ${GCC_MS_EXTENSIONS} - diff --git a/sys/ofed/drivers/net/mlx4/en_ethtool.c b/sys/ofed/drivers/net/mlx4/en_ethtool.c index 6569a53..3ebeaf4 100644 --- a/sys/ofed/drivers/net/mlx4/en_ethtool.c +++ b/sys/ofed/drivers/net/mlx4/en_ethtool.c @@ -32,7 +32,6 @@ */ #include <linux/kernel.h> -#include <linux/ethtool.h> #include <linux/netdevice.h> #include <linux/mlx4/driver.h> #include <linux/in.h> diff --git a/sys/ofed/drivers/net/mlx4/en_frag.c b/sys/ofed/drivers/net/mlx4/en_frag.c deleted file mode 100644 index c8429e4..0000000 --- a/sys/ofed/drivers/net/mlx4/en_frag.c +++ /dev/null @@ -1,192 +0,0 @@ -/* - * Copyright (c) 2007 Mellanox Technologies. All rights reserved. - * - * This software is available to you under a choice of one of two - * licenses. You may choose to be licensed under the terms of the GNU - * General Public License (GPL) Version 2, available from the file - * COPYING in the main directory of this source tree, or the - * OpenIB.org BSD license below: - * - * Redistribution and use in source and binary forms, with or - * without modification, are permitted provided that the following - * conditions are met: - * - * - Redistributions of source code must retain the above - * copyright notice, this list of conditions and the following - * disclaimer. - * - * - Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials - * provided with the distribution. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - * - */ - -#include "opt_inet.h" -#include "mlx4_en.h" - -#ifdef INET - -#include <net/ethernet.h> -#include <netinet/ip.h> -#include <machine/in_cksum.h> - -static struct mlx4_en_ipfrag *find_session(struct mlx4_en_rx_ring *ring, - struct ip *iph) -{ - struct mlx4_en_ipfrag *session; - int i; - - for (i = 0; i < MLX4_EN_NUM_IPFRAG_SESSIONS; i++) { - session = &ring->ipfrag[i]; - if (session->fragments == NULL) - continue; - if (session->daddr == iph->ip_dst.s_addr && - session->saddr == iph->ip_src.s_addr && - session->id == iph->ip_id && - session->protocol == iph->ip_p) { - return session; - } - } - return NULL; -} - -static struct mlx4_en_ipfrag *start_session(struct mlx4_en_rx_ring *ring, - struct ip *iph) -{ - struct mlx4_en_ipfrag *session; - int index = -1; - int i; - - for (i = 0; i < MLX4_EN_NUM_IPFRAG_SESSIONS; i++) { - if (ring->ipfrag[i].fragments == NULL) { - index = i; - break; - } - } - if (index < 0) - return NULL; - - session = &ring->ipfrag[index]; - - return session; -} - - -static void flush_session(struct mlx4_en_priv *priv, - struct mlx4_en_ipfrag *session, - u16 more) -{ - struct mbuf *mb = session->fragments; - struct ip *iph = mb->m_pkthdr.PH_loc.ptr; - struct net_device *dev = mb->m_pkthdr.rcvif; - - /* Update IP length and checksum */ - iph->ip_len = htons(session->total_len); - iph->ip_off = htons(more | (session->offset >> 3)); - iph->ip_sum = 0; - iph->ip_sum = in_cksum_skip(mb, iph->ip_hl * 4, - (char *)iph - mb->m_data); - - dev->if_input(dev, mb); - session->fragments = NULL; - session->last = NULL; -} - - -static inline void frag_append(struct mlx4_en_priv *priv, - struct mlx4_en_ipfrag *session, - struct mbuf *mb, - unsigned int data_len) -{ - struct mbuf *parent = session->fragments; - - /* Update mb bookkeeping */ - parent->m_pkthdr.len += data_len; - session->total_len += data_len; - - m_adj(mb, mb->m_pkthdr.len - data_len); - - session->last->m_next = mb; - for (; mb->m_next != NULL; mb = mb->m_next); - session->last = mb; -} - -int mlx4_en_rx_frags(struct mlx4_en_priv *priv, struct mlx4_en_rx_ring *ring, - struct mbuf *mb, struct mlx4_cqe *cqe) -{ - struct mlx4_en_ipfrag *session; - struct ip *iph; - u16 ip_len; - u16 ip_hlen; - int data_len; - u16 offset; - - iph = (struct ip *)(mtod(mb, char *) + ETHER_HDR_LEN); - mb->m_pkthdr.PH_loc.ptr = iph; - ip_len = ntohs(iph->ip_len); - ip_hlen = iph->ip_hl * 4; - data_len = ip_len - ip_hlen; - offset = ntohs(iph->ip_off); - offset &= IP_OFFMASK; - offset <<= 3; - - session = find_session(ring, iph); - if (unlikely(in_cksum_skip(mb, ip_hlen, (char *)iph - mb->m_data))) { - if (session) - flush_session(priv, session, IP_MF); - return -EINVAL; - } - if (session) { - if (unlikely(session->offset + session->total_len != - offset + ip_hlen || - session->total_len + mb->m_pkthdr.len > 65536)) { - flush_session(priv, session, IP_MF); - goto new_session; - } - frag_append(priv, session, mb, data_len); - } else { -new_session: - session = start_session(ring, iph); - if (unlikely(!session)) - return -ENOSPC; - - session->fragments = mb; - session->daddr = iph->ip_dst.s_addr; - session->saddr = iph->ip_src.s_addr; - session->id = iph->ip_id; - session->protocol = iph->ip_p; - session->total_len = ip_len; - session->offset = offset; - for (; mb->m_next != NULL; mb = mb->m_next); - session->last = mb; - } - if (!(ntohs(iph->ip_off) & IP_MF)) - flush_session(priv, session, 0); - - return 0; -} - - -void mlx4_en_flush_frags(struct mlx4_en_priv *priv, - struct mlx4_en_rx_ring *ring) -{ - struct mlx4_en_ipfrag *session; - int i; - - for (i = 0; i < MLX4_EN_NUM_IPFRAG_SESSIONS; i++) { - session = &ring->ipfrag[i]; - if (session->fragments) - flush_session(priv, session, IP_MF); - } -} -#endif diff --git a/sys/ofed/drivers/net/mlx4/en_netdev.c b/sys/ofed/drivers/net/mlx4/en_netdev.c index e76da65..d7d63d3 100644 --- a/sys/ofed/drivers/net/mlx4/en_netdev.c +++ b/sys/ofed/drivers/net/mlx4/en_netdev.c @@ -2335,9 +2335,11 @@ static void mlx4_en_sysctl_conf(struct mlx4_en_priv *priv) struct sysctl_oid_list *node_list; struct sysctl_oid *coal; struct sysctl_oid_list *coal_list; + const char *pnameunit; dev = priv->dev; ctx = &priv->conf_ctx; + pnameunit = device_get_nameunit(priv->mdev->pdev->dev.bsddev); sysctl_ctx_init(ctx); priv->sysctl = SYSCTL_ADD_NODE(ctx, SYSCTL_STATIC_CHILDREN(_hw), @@ -2350,10 +2352,10 @@ static void mlx4_en_sysctl_conf(struct mlx4_en_priv *priv) CTLFLAG_RW, &priv->msg_enable, 0, "Driver message enable bitfield"); SYSCTL_ADD_UINT(ctx, node_list, OID_AUTO, "rx_rings", - CTLTYPE_INT | CTLFLAG_RD, &priv->rx_ring_num, 0, + CTLFLAG_RD, &priv->rx_ring_num, 0, "Number of receive rings"); SYSCTL_ADD_UINT(ctx, node_list, OID_AUTO, "tx_rings", - CTLTYPE_INT | CTLFLAG_RD, &priv->tx_ring_num, 0, + CTLFLAG_RD, &priv->tx_ring_num, 0, "Number of transmit rings"); SYSCTL_ADD_PROC(ctx, node_list, OID_AUTO, "rx_size", CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, priv, 0, @@ -2367,6 +2369,12 @@ static void mlx4_en_sysctl_conf(struct mlx4_en_priv *priv) SYSCTL_ADD_PROC(ctx, node_list, OID_AUTO, "rx_ppp", CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, priv, 0, mlx4_en_set_rx_ppp, "I", "RX Per-priority pause"); + SYSCTL_ADD_UINT(ctx, node_list, OID_AUTO, "port_num", + CTLFLAG_RD, &priv->port, 0, + "Port Number"); + SYSCTL_ADD_STRING(ctx, node_list, OID_AUTO, "device_name", + CTLFLAG_RD, __DECONST(void *, pnameunit), 0, + "PCI device name"); /* Add coalescer configuration. */ coal = SYSCTL_ADD_NODE(ctx, node_list, OID_AUTO, diff --git a/sys/ofed/drivers/net/mlx4/en_params.c b/sys/ofed/drivers/net/mlx4/en_params.c deleted file mode 100644 index e69de29..0000000 --- a/sys/ofed/drivers/net/mlx4/en_params.c +++ /dev/null diff --git a/sys/ofed/drivers/net/mlx4/en_selftest.c b/sys/ofed/drivers/net/mlx4/en_selftest.c index 2a28315..fb13bd6 100644 --- a/sys/ofed/drivers/net/mlx4/en_selftest.c +++ b/sys/ofed/drivers/net/mlx4/en_selftest.c @@ -32,7 +32,6 @@ */ #include <linux/kernel.h> -#include <linux/ethtool.h> #include <linux/netdevice.h> #include <linux/delay.h> #include <linux/mlx4/driver.h> diff --git a/sys/ofed/drivers/net/mlx4/en_tx.c b/sys/ofed/drivers/net/mlx4/en_tx.c index 94ac8c5..d193155 100644 --- a/sys/ofed/drivers/net/mlx4/en_tx.c +++ b/sys/ofed/drivers/net/mlx4/en_tx.c @@ -31,7 +31,7 @@ * */ -#include <asm/page.h> +#include <linux/page.h> #include <linux/mlx4/cq.h> #include <linux/slab.h> #include <linux/mlx4/qp.h> diff --git a/sys/ofed/drivers/net/mlx4/pd.c b/sys/ofed/drivers/net/mlx4/pd.c index 5162a47..89a8854 100644 --- a/sys/ofed/drivers/net/mlx4/pd.c +++ b/sys/ofed/drivers/net/mlx4/pd.c @@ -35,7 +35,7 @@ #include <linux/module.h> #include <linux/io-mapping.h> -#include <asm/page.h> +#include <linux/page.h> #include "mlx4.h" #include "icm.h" diff --git a/sys/ofed/drivers/net/mlx4/xrcd.c b/sys/ofed/drivers/net/mlx4/xrcd.c deleted file mode 100644 index 6e3c341..0000000 --- a/sys/ofed/drivers/net/mlx4/xrcd.c +++ /dev/null @@ -1,69 +0,0 @@ -/* - * Copyright (c) 2006, 2007 Cisco Systems, Inc. All rights reserved. - * Copyright (c) 2007 Mellanox Technologies. All rights reserved. - * - * This software is available to you under a choice of one of two - * licenses. You may choose to be licensed under the terms of the GNU - * General Public License (GPL) Version 2, available from the file - * COPYING in the main directory of this source tree, or the - * OpenIB.org BSD license below: - * - * Redistribution and use in source and binary forms, with or - * without modification, are permitted provided that the following - * conditions are met: - * - * - Redistributions of source code must retain the above - * copyright notice, this list of conditions and the following - * disclaimer. - * - * - Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials - * provided with the distribution. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - -#include <linux/errno.h> - -#include "mlx4.h" - -int mlx4_xrcd_alloc(struct mlx4_dev *dev, u32 *xrcdn) -{ - struct mlx4_priv *priv = mlx4_priv(dev); - - *xrcdn = mlx4_bitmap_alloc(&priv->xrcd_bitmap); - if (*xrcdn == -1) - return -ENOMEM; - - return 0; -} -EXPORT_SYMBOL_GPL(mlx4_xrcd_alloc); - -void mlx4_xrcd_free(struct mlx4_dev *dev, u32 xrcdn) -{ - mlx4_bitmap_free(&mlx4_priv(dev)->xrcd_bitmap, xrcdn); -} -EXPORT_SYMBOL_GPL(mlx4_xrcd_free); - -int __devinit mlx4_init_xrcd_table(struct mlx4_dev *dev) -{ - struct mlx4_priv *priv = mlx4_priv(dev); - - return mlx4_bitmap_init(&priv->xrcd_bitmap, (1 << 16), - (1 << 16) - 1, dev->caps.reserved_xrcds + 1, 0); -} - -void mlx4_cleanup_xrcd_table(struct mlx4_dev *dev) -{ - mlx4_bitmap_cleanup(&mlx4_priv(dev)->xrcd_bitmap); -} - - diff --git a/sys/ofed/include/asm/page.h b/sys/ofed/include/asm/page.h deleted file mode 100644 index e93dc96..0000000 --- a/sys/ofed/include/asm/page.h +++ /dev/null @@ -1,35 +0,0 @@ -/*- - * Copyright (c) 2010 Isilon Systems, Inc. - * Copyright (c) 2010 iX Systems, Inc. - * Copyright (c) 2010 Panasas, Inc. - * Copyright (c) 2013, 2014 Mellanox Technologies, Ltd. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice unmodified, this list of conditions, and the following - * disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#ifndef _ASM_PAGE_H_ -#define _ASM_PAGE_H_ - -#include <linux/page.h> - -#endif /*_ASM_PAGE_H_*/ diff --git a/sys/ofed/include/linux/completion.h b/sys/ofed/include/linux/completion.h index 1ef23ea..df4aec3 100644 --- a/sys/ofed/include/linux/completion.h +++ b/sys/ofed/include/linux/completion.h @@ -27,8 +27,8 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -#ifndef _FBSD_COMPLETION_H_ -#define _FBSD_COMPLETION_H_ +#ifndef _LINUX_COMPLETION_H_ +#define _LINUX_COMPLETION_H_ #include <linux/errno.h> diff --git a/sys/ofed/include/linux/etherdevice.h b/sys/ofed/include/linux/etherdevice.h index 43bc1f2..7d11145 100644 --- a/sys/ofed/include/linux/etherdevice.h +++ b/sys/ofed/include/linux/etherdevice.h @@ -1,4 +1,4 @@ -/* +/*- * Copyright (c) 2007 Cisco Systems, Inc. All rights reserved. * Copyright (c) 2014 Mellanox Technologies, Ltd. All rights reserved. * diff --git a/sys/ofed/include/linux/ethtool.h b/sys/ofed/include/linux/ethtool.h deleted file mode 100644 index 016b1a5..0000000 --- a/sys/ofed/include/linux/ethtool.h +++ /dev/null @@ -1,32 +0,0 @@ -/*- - * Copyright (c) 2010 Isilon Systems, Inc. - * Copyright (c) 2010 iX Systems, Inc. - * Copyright (c) 2010 Panasas, Inc. - * Copyright (c) 2013 Mellanox Technologies, Ltd. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice unmodified, this list of conditions, and the following - * disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#ifndef _LINUX_ETHTOOL_H_ -#define _LINUX_ETHTOOL_H_ - -#endif /* _LINUX_ETHTOOL_H_ */ diff --git a/sys/ofed/include/linux/inet.h b/sys/ofed/include/linux/inet.h deleted file mode 100644 index cca8b60..0000000 --- a/sys/ofed/include/linux/inet.h +++ /dev/null @@ -1,32 +0,0 @@ -/*- - * Copyright (c) 2010 Isilon Systems, Inc. - * Copyright (c) 2010 iX Systems, Inc. - * Copyright (c) 2010 Panasas, Inc. - * Copyright (c) 2013, 2014 Mellanox Technologies, Ltd. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice unmodified, this list of conditions, and the following - * disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#ifndef _LINUX_INET_H_ -#define _LINUX_INET_H_ -#endif /* _LINUX_INET_H_ */ diff --git a/sys/ofed/include/linux/linux_compat.c b/sys/ofed/include/linux/linux_compat.c index c2fb4d7..39dfeaf 100644 --- a/sys/ofed/include/linux/linux_compat.c +++ b/sys/ofed/include/linux/linux_compat.c @@ -588,15 +588,15 @@ struct fileops linuxfileops = { .fo_read = linux_file_read, .fo_write = invfo_rdwr, .fo_truncate = invfo_truncate, - .fo_ioctl = linux_file_ioctl, - .fo_poll = linux_file_poll, .fo_kqfilter = invfo_kqfilter, .fo_stat = linux_file_stat, + .fo_fill_kinfo = linux_file_fill_kinfo, + .fo_poll = linux_file_poll, .fo_close = linux_file_close, + .fo_ioctl = linux_file_ioctl, .fo_chmod = invfo_chmod, .fo_chown = invfo_chown, .fo_sendfile = invfo_sendfile, - .fo_fill_kinfo = linux_file_fill_kinfo, }; /* diff --git a/sys/ofed/include/linux/mlx4/device.h b/sys/ofed/include/linux/mlx4/device.h index c1095a5..fa1631e 100644 --- a/sys/ofed/include/linux/mlx4/device.h +++ b/sys/ofed/include/linux/mlx4/device.h @@ -1036,6 +1036,7 @@ enum mlx4_net_trans_rule_id { MLX4_NET_TRANS_RULE_ID_TCP, MLX4_NET_TRANS_RULE_ID_UDP, MLX4_NET_TRANS_RULE_NUM, /* should be last */ + MLX4_NET_TRANS_RULE_DUMMY = -1, /* force enum to be signed */ }; extern const u16 __sw_id_hw[]; @@ -1058,6 +1059,7 @@ enum mlx4_net_trans_promisc_mode { MLX4_FS_UC_SNIFFER, MLX4_FS_MC_SNIFFER, MLX4_FS_MODE_NUM, /* should be last */ + MLX4_FS_MODE_DUMMY = -1, /* force enum to be signed */ }; struct mlx4_spec_eth { diff --git a/sys/ofed/include/linux/mlx4/driver.h b/sys/ofed/include/linux/mlx4/driver.h index 2a7fd21..b090c01 100644 --- a/sys/ofed/include/linux/mlx4/driver.h +++ b/sys/ofed/include/linux/mlx4/driver.h @@ -121,7 +121,7 @@ void *mlx4_get_protocol_dev(struct mlx4_dev *dev, enum mlx4_protocol proto, #ifndef ETH_ALEN #define ETH_ALEN 6 #endif -static inline u64 mlx4_mac_to_u64(u8 *addr) +static inline u64 mlx4_mac_to_u64(const u8 *addr) { u64 mac = 0; int i; diff --git a/sys/ofed/include/linux/mount.h b/sys/ofed/include/linux/mount.h deleted file mode 100644 index a445139..0000000 --- a/sys/ofed/include/linux/mount.h +++ /dev/null @@ -1,34 +0,0 @@ -/*- - * Copyright (c) 2010 Isilon Systems, Inc. - * Copyright (c) 2010 iX Systems, Inc. - * Copyright (c) 2010 Panasas, Inc. - * Copyright (c) 2013, 2014 Mellanox Technologies, Ltd. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice unmodified, this list of conditions, and the following - * disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#ifndef _LINUX_MOUNT_H_ -#define _LINUX_MOUNT_H_ - - -#endif /* _LINUX_MOUNT_H_ */ diff --git a/sys/ofed/include/linux/netdevice.h b/sys/ofed/include/linux/netdevice.h index f6165f5..a18070e 100644 --- a/sys/ofed/include/linux/netdevice.h +++ b/sys/ofed/include/linux/netdevice.h @@ -40,7 +40,6 @@ #include <linux/completion.h> #include <linux/device.h> -#include <linux/ethtool.h> #include <linux/workqueue.h> #include <linux/net.h> #include <linux/notifier.h> diff --git a/sys/ofed/include/linux/scatterlist.h b/sys/ofed/include/linux/scatterlist.h index eada862..595e2e9 100644 --- a/sys/ofed/include/linux/scatterlist.h +++ b/sys/ofed/include/linux/scatterlist.h @@ -31,6 +31,21 @@ #define _LINUX_SCATTERLIST_H_ #include <linux/page.h> +#include <linux/slab.h> + +/* + * SG table design. + * + * If flags bit 0 is set, then the sg field contains a pointer to the next sg + * table list. Otherwise the next entry is at sg + 1, can be determined using + * the sg_is_chain() function. + * + * If flags bit 1 is set, then this sg entry is the last element in a list, + * can be determined using the sg_is_last() function. + * + * See sg_next(). + * + */ struct scatterlist { union { @@ -49,6 +64,12 @@ struct sg_table { unsigned int orig_nents; /* original size of list */ }; +/* + * Maximum number of entries that will be allocated in one piece, if + * a list larger than this is required then chaining will be utilized. + */ +#define SG_MAX_SINGLE_ALLOC (PAGE_SIZE / sizeof(struct scatterlist)) + #define sg_dma_address(sg) (sg)->address #define sg_dma_len(sg) (sg)->length #define sg_page(sg) (sg)->sl_un.page @@ -99,6 +120,212 @@ sg_phys(struct scatterlist *sg) return sg_page(sg)->phys_addr + sg->offset; } +/** + * sg_chain - Chain two sglists together + * @prv: First scatterlist + * @prv_nents: Number of entries in prv + * @sgl: Second scatterlist + * + * Description: + * Links @prv@ and @sgl@ together, to form a longer scatterlist. + * + **/ +static inline void +sg_chain(struct scatterlist *prv, unsigned int prv_nents, + struct scatterlist *sgl) +{ +/* + * offset and length are unused for chain entry. Clear them. + */ + struct scatterlist *sg = &prv[prv_nents - 1]; + + sg->offset = 0; + sg->length = 0; + + /* + * Indicate a link pointer, and set the link to the second list. + */ + sg->flags = SG_CHAIN; + sg->sl_un.sg = sgl; +} + +/** + * sg_mark_end - Mark the end of the scatterlist + * @sg: SG entryScatterlist + * + * Description: + * Marks the passed in sg entry as the termination point for the sg + * table. A call to sg_next() on this entry will return NULL. + * + **/ +static inline void sg_mark_end(struct scatterlist *sg) +{ + sg->flags = SG_END; +} + +/** + * __sg_free_table - Free a previously mapped sg table + * @table: The sg table header to use + * @max_ents: The maximum number of entries per single scatterlist + * + * Description: + * Free an sg table previously allocated and setup with + * __sg_alloc_table(). The @max_ents value must be identical to + * that previously used with __sg_alloc_table(). + * + **/ +static inline void +__sg_free_table(struct sg_table *table, unsigned int max_ents) +{ + struct scatterlist *sgl, *next; + + if (unlikely(!table->sgl)) + return; + + sgl = table->sgl; + while (table->orig_nents) { + unsigned int alloc_size = table->orig_nents; + unsigned int sg_size; + + /* + * If we have more than max_ents segments left, + * then assign 'next' to the sg table after the current one. + * sg_size is then one less than alloc size, since the last + * element is the chain pointer. + */ + if (alloc_size > max_ents) { + next = sgl[max_ents - 1].sl_un.sg; + alloc_size = max_ents; + sg_size = alloc_size - 1; + } else { + sg_size = alloc_size; + next = NULL; + } + + table->orig_nents -= sg_size; + kfree(sgl); + sgl = next; + } + + table->sgl = NULL; +} + +/** + * sg_free_table - Free a previously allocated sg table + * @table: The mapped sg table header + * + **/ +static inline void +sg_free_table(struct sg_table *table) +{ + __sg_free_table(table, SG_MAX_SINGLE_ALLOC); +} + +/** + * __sg_alloc_table - Allocate and initialize an sg table with given allocator + * @table: The sg table header to use + * @nents: Number of entries in sg list + * @max_ents: The maximum number of entries the allocator returns per call + * @gfp_mask: GFP allocation mask + * + * Description: + * This function returns a @table @nents long. The allocator is + * defined to return scatterlist chunks of maximum size @max_ents. + * Thus if @nents is bigger than @max_ents, the scatterlists will be + * chained in units of @max_ents. + * + * Notes: + * If this function returns non-0 (eg failure), the caller must call + * __sg_free_table() to cleanup any leftover allocations. + * + **/ +static inline int +__sg_alloc_table(struct sg_table *table, unsigned int nents, + unsigned int max_ents, gfp_t gfp_mask) +{ + struct scatterlist *sg, *prv; + unsigned int left; + + memset(table, 0, sizeof(*table)); + + if (nents == 0) + return -EINVAL; + left = nents; + prv = NULL; + do { + unsigned int sg_size, alloc_size = left; + + if (alloc_size > max_ents) { + alloc_size = max_ents; + sg_size = alloc_size - 1; + } else + sg_size = alloc_size; + + left -= sg_size; + + sg = kmalloc(alloc_size * sizeof(struct scatterlist), gfp_mask); + if (unlikely(!sg)) { + /* + * Adjust entry count to reflect that the last + * entry of the previous table won't be used for + * linkage. Without this, sg_kfree() may get + * confused. + */ + if (prv) + table->nents = ++table->orig_nents; + + return -ENOMEM; + } + + sg_init_table(sg, alloc_size); + table->nents = table->orig_nents += sg_size; + + /* + * If this is the first mapping, assign the sg table header. + * If this is not the first mapping, chain previous part. + */ + if (prv) + sg_chain(prv, max_ents, sg); + else + table->sgl = sg; + + /* + * If no more entries after this one, mark the end + */ + if (!left) + sg_mark_end(&sg[sg_size - 1]); + + prv = sg; + } while (left); + + return 0; +} + +/** + * sg_alloc_table - Allocate and initialize an sg table + * @table: The sg table header to use + * @nents: Number of entries in sg list + * @gfp_mask: GFP allocation mask + * + * Description: + * Allocate and initialize an sg table. If @nents@ is larger than + * SG_MAX_SINGLE_ALLOC a chained sg table will be setup. + * + **/ + +static inline int +sg_alloc_table(struct sg_table *table, unsigned int nents, gfp_t gfp_mask) +{ + int ret; + + ret = __sg_alloc_table(table, nents, SG_MAX_SINGLE_ALLOC, + gfp_mask); + if (unlikely(ret)) + __sg_free_table(table, SG_MAX_SINGLE_ALLOC); + + return ret; +} + #define for_each_sg(sglist, sg, sgmax, _itr) \ for (_itr = 0, sg = (sglist); _itr < (sgmax); _itr++, sg = sg_next(sg)) diff --git a/sys/ofed/include/linux/vmalloc.h b/sys/ofed/include/linux/vmalloc.h index 1cb208ba..2629d38 100644 --- a/sys/ofed/include/linux/vmalloc.h +++ b/sys/ofed/include/linux/vmalloc.h @@ -30,7 +30,7 @@ #ifndef _LINUX_VMALLOC_H_ #define _LINUX_VMALLOC_H_ -#include <asm/page.h> +#include <linux/page.h> #define VM_MAP 0x0000 #define PAGE_KERNEL 0x0000 diff --git a/sys/ofed/include/rdma/ib_addr.h b/sys/ofed/include/rdma/ib_addr.h index a1f95dd..b711510 100644 --- a/sys/ofed/include/rdma/ib_addr.h +++ b/sys/ofed/include/rdma/ib_addr.h @@ -41,7 +41,6 @@ #include <linux/socket.h> #include <rdma/ib_verbs.h> #include <rdma/ib_pack.h> -#include <linux/ethtool.h> #include <linux/if_vlan.h> struct rdma_addr_client { diff --git a/sys/ofed/include/rdma/ib_smi.h b/sys/ofed/include/rdma/ib_smi.h index 98b9086..973c9a4 100644 --- a/sys/ofed/include/rdma/ib_smi.h +++ b/sys/ofed/include/rdma/ib_smi.h @@ -38,6 +38,7 @@ #define IB_SMI_H #include <rdma/ib_mad.h> +#include <asm/byteorder.h> #define IB_SMP_DATA_SIZE 64 #define IB_SMP_MAX_PATH_HOPS 64 diff --git a/sys/ofed/include/rdma/ib_user_cm.h b/sys/ofed/include/rdma/ib_user_cm.h index bd3d380..f79014a 100644 --- a/sys/ofed/include/rdma/ib_user_cm.h +++ b/sys/ofed/include/rdma/ib_user_cm.h @@ -34,6 +34,7 @@ #ifndef IB_USER_CM_H #define IB_USER_CM_H +#include <linux/types.h> #include <rdma/ib_user_sa.h> #define IB_USER_CM_ABI_VERSION 5 diff --git a/sys/powerpc/aim/machdep.c b/sys/powerpc/aim/machdep.c index 17fc452..5864a02 100644 --- a/sys/powerpc/aim/machdep.c +++ b/sys/powerpc/aim/machdep.c @@ -566,7 +566,7 @@ powerpc_init(vm_offset_t startkernel, vm_offset_t endkernel, /* * Grab booted kernel's name */ - env = getenv("kernelname"); + env = kern_getenv("kernelname"); if (env != NULL) { strlcpy(kernelname, env, sizeof(kernelname)); freeenv(env); diff --git a/sys/powerpc/conf/GENERIC b/sys/powerpc/conf/GENERIC index 15139e9..784297c 100644 --- a/sys/powerpc/conf/GENERIC +++ b/sys/powerpc/conf/GENERIC @@ -196,7 +196,7 @@ device fcu # Apple Fan Control Unit device max6690 # PowerMac7,2 temperature sensor device powermac_nvram # Open Firmware configuration NVRAM device smu # Apple System Management Unit -device windtunnel # Apple G4 MDD fan controller +device adm1030 # Apple G4 MDD fan controller device atibl # ATI-based backlight driver for PowerBooks/iBooks device nvbl # nVidia-based backlight driver for PowerBooks/iBooks diff --git a/sys/powerpc/conf/NOTES b/sys/powerpc/conf/NOTES index a0443c4..d613ec4 100644 --- a/sys/powerpc/conf/NOTES +++ b/sys/powerpc/conf/NOTES @@ -50,7 +50,7 @@ device pmu # Apple Power Management Unit device smu # Apple System Management Unit device snd_ai2s # Apple I2S Audio device snd_davbus # Apple Davbus Audio -device windtunnel # Apple G4 MDD fan controller +device adm1030 # Apple G4 MDD fan controller ##################################################################### diff --git a/sys/powerpc/powermac/pmu.c b/sys/powerpc/powermac/pmu.c index bb31479..938ca74 100644 --- a/sys/powerpc/powermac/pmu.c +++ b/sys/powerpc/powermac/pmu.c @@ -104,6 +104,10 @@ static int pmu_acline_state(SYSCTL_HANDLER_ARGS); static int pmu_query_battery(struct pmu_softc *sc, int batt, struct pmu_battstate *info); static int pmu_battquery_sysctl(SYSCTL_HANDLER_ARGS); +static int pmu_battmon(SYSCTL_HANDLER_ARGS); +static void pmu_battquery_proc(void); +static void pmu_battery_notify(struct pmu_battstate *batt, + struct pmu_battstate *old); /* * List of battery-related sysctls we might ask for @@ -184,9 +188,6 @@ static int pmu_send(void *cookie, int cmd, int length, uint8_t *in_msg, static uint8_t pmu_read_reg(struct pmu_softc *sc, u_int offset); static void pmu_write_reg(struct pmu_softc *sc, u_int offset, uint8_t value); static int pmu_intr_state(struct pmu_softc *); -static void pmu_battquery_proc(void); -static void pmu_battery_notify(struct pmu_battstate *batt, - struct pmu_battstate *old); /* these values shows that number of data returned after 'send' cmd is sent */ static signed char pm_send_cmd_type[] = { @@ -260,6 +261,7 @@ static signed char pm_receive_cmd_type[] = { -1, -1, -1, -1, -1, -1, -1, -1, }; +static int pmu_battmon_enabled = 1; static struct proc *pmubattproc; static struct kproc_desc pmu_batt_kp = { "pmu_batt", @@ -434,6 +436,11 @@ pmu_attach(device_t dev) /* Only start the battery monitor if we have a battery. */ kproc_start(&pmu_batt_kp); SYSCTL_ADD_PROC(ctx, SYSCTL_CHILDREN(tree), OID_AUTO, + "monitor_batteries", CTLTYPE_INT | CTLFLAG_RW, sc, 0, + pmu_battmon, "I", "Post battery events to devd"); + + + SYSCTL_ADD_PROC(ctx, SYSCTL_CHILDREN(tree), OID_AUTO, "acline", CTLTYPE_INT | CTLFLAG_RD, sc, 0, pmu_acline_state, "I", "AC Line Status"); @@ -931,12 +938,14 @@ static void pmu_battery_notify(struct pmu_battstate *batt, struct pmu_battstate *old) { char notify_buf[16]; - int acline; + int new_acline, old_acline; - acline = (batt->state & PMU_PWR_AC_PRESENT) ? 1 : 0; - if (acline != (old->state & PMU_PWR_AC_PRESENT)) { + new_acline = (batt->state & PMU_PWR_AC_PRESENT) ? 1 : 0; + old_acline = (old->state & PMU_PWR_AC_PRESENT) ? 1 : 0; + + if (new_acline != old_acline) { snprintf(notify_buf, sizeof(notify_buf), - "notify=0x%02x", acline); + "notify=0x%02x", new_acline); devctl_notify("PMU", "POWER", "ACLINE", notify_buf); } } @@ -951,8 +960,9 @@ pmu_battquery_proc() sc = device_get_softc(pmu); - error = pmu_query_battery(sc, 0, &cur_batt); + bzero(&cur_batt, sizeof(cur_batt)); while (1) { + kproc_suspend_check(curproc); error = pmu_query_battery(sc, 0, &batt); pmu_battery_notify(&batt, &cur_batt); cur_batt = batt; @@ -961,6 +971,29 @@ pmu_battquery_proc() } static int +pmu_battmon(SYSCTL_HANDLER_ARGS) +{ + struct pmu_softc *sc; + int error, result; + + sc = arg1; + result = pmu_battmon_enabled; + + error = sysctl_handle_int(oidp, &result, 0, req); + + if (error || !req->newptr) + return (error); + + if (!result && pmu_battmon_enabled) + error = kproc_suspend(pmubattproc, hz); + else if (result && pmu_battmon_enabled == 0) + error = kproc_resume(pmubattproc); + pmu_battmon_enabled = (result != 0); + + return (error); +} + +static int pmu_acline_state(SYSCTL_HANDLER_ARGS) { struct pmu_softc *sc; diff --git a/sys/sparc64/sparc64/machdep.c b/sys/sparc64/sparc64/machdep.c index 0ee6de3..57d7a66 100644 --- a/sys/sparc64/sparc64/machdep.c +++ b/sys/sparc64/sparc64/machdep.c @@ -511,7 +511,7 @@ sparc64_init(caddr_t mdp, u_long o1, u_long o2, u_long o3, ofw_vec_t *vec) * Initialize tunables. */ init_param2(physmem); - env = getenv("kernelname"); + env = kern_getenv("kernelname"); if (env != NULL) { strlcpy(kernelname, env, sizeof(kernelname)); freeenv(env); diff --git a/sys/sys/systm.h b/sys/sys/systm.h index eae7272..f4eae57 100644 --- a/sys/sys/systm.h +++ b/sys/sys/systm.h @@ -296,7 +296,7 @@ int cr_cansee(struct ucred *u1, struct ucred *u2); int cr_canseesocket(struct ucred *cred, struct socket *so); int cr_canseeinpcb(struct ucred *cred, struct inpcb *inp); -char *getenv(const char *name); +char *kern_getenv(const char *name); void freeenv(char *env); int getenv_int(const char *name, int *data); int getenv_uint(const char *name, unsigned int *data); @@ -304,8 +304,8 @@ int getenv_long(const char *name, long *data); int getenv_ulong(const char *name, unsigned long *data); int getenv_string(const char *name, char *data, int size); int getenv_quad(const char *name, quad_t *data); -int setenv(const char *name, const char *value); -int unsetenv(const char *name); +int kern_setenv(const char *name, const char *value); +int kern_unsetenv(const char *name); int testenv(const char *name); typedef uint64_t (cpu_tick_f)(void); diff --git a/sys/sys/vnode.h b/sys/sys/vnode.h index 8610aca..c78b9d1 100644 --- a/sys/sys/vnode.h +++ b/sys/sys/vnode.h @@ -758,6 +758,9 @@ int vop_enoent(struct vop_generic_args *ap); int vop_enotty(struct vop_generic_args *ap); int vop_null(struct vop_generic_args *ap); int vop_panic(struct vop_generic_args *ap); +int dead_poll(struct vop_poll_args *ap); +int dead_read(struct vop_read_args *ap); +int dead_write(struct vop_write_args *ap); /* These are called from within the actual VOPS. */ void vop_create_post(void *a, int rc); diff --git a/sys/ufs/ufs/ufs_quota.c b/sys/ufs/ufs/ufs_quota.c index a6e139a..132fab2 100644 --- a/sys/ufs/ufs/ufs_quota.c +++ b/sys/ufs/ufs/ufs_quota.c @@ -1035,11 +1035,9 @@ qsync(struct mount *mp) * Check if the mount point has any quotas. * If not, simply return. */ - UFS_LOCK(ump); for (i = 0; i < MAXQUOTAS; i++) if (ump->um_quotas[i] != NULLVP) break; - UFS_UNLOCK(ump); if (i == MAXQUOTAS) return (0); /* @@ -1084,11 +1082,9 @@ qsyncvp(struct vnode *vp) * Check if the mount point has any quotas. * If not, simply return. */ - UFS_LOCK(ump); for (i = 0; i < MAXQUOTAS; i++) if (ump->um_quotas[i] != NULLVP) break; - UFS_UNLOCK(ump); if (i == MAXQUOTAS) return (0); /* diff --git a/sys/vm/vm_page.c b/sys/vm/vm_page.c index 28dd645..a885f1b 100644 --- a/sys/vm/vm_page.c +++ b/sys/vm/vm_page.c @@ -453,7 +453,7 @@ vm_page_startup(vm_offset_t vaddr) */ vm_cnt.v_page_count = 0; vm_cnt.v_free_count = 0; - list = getenv("vm.blacklist"); + list = kern_getenv("vm.blacklist"); for (i = 0; phys_avail[i + 1] != 0; i += 2) { pa = phys_avail[i]; last_pa = phys_avail[i + 1]; diff --git a/sys/x86/iommu/busdma_dmar.c b/sys/x86/iommu/busdma_dmar.c index a397f42..4f00bdd 100644 --- a/sys/x86/iommu/busdma_dmar.c +++ b/sys/x86/iommu/busdma_dmar.c @@ -76,7 +76,7 @@ dmar_bus_dma_is_dev_disabled(int domain, int bus, int slot, int func) snprintf(str, sizeof(str), "hw.busdma.pci%d.%d.%d.%d.bounce", domain, bus, slot, func); - env = getenv(str); + env = kern_getenv(str); if (env == NULL) return (false); freeenv(env); diff --git a/sys/x86/x86/tsc.c b/sys/x86/x86/tsc.c index 31d6715..b78e3c9 100644 --- a/sys/x86/x86/tsc.c +++ b/sys/x86/x86/tsc.c @@ -155,7 +155,7 @@ tsc_freq_vmware(void) if (strncmp(hv_sig, "VMwareVMware", 12) != 0) return (0); } else { - p = getenv("smbios.system.serial"); + p = kern_getenv("smbios.system.serial"); if (p == NULL) return (0); if (strncmp(p, "VMware-", 7) != 0 && diff --git a/sys/x86/xen/pv.c b/sys/x86/xen/pv.c index 140d13f..cd944a1 100644 --- a/sys/x86/xen/pv.c +++ b/sys/x86/xen/pv.c @@ -309,7 +309,7 @@ xen_pv_set_boothowto(void) /* get equivalents from the environment */ for (i = 0; howto_names[i].ev != NULL; i++) { - if (getenv(howto_names[i].ev) != NULL) + if (kern_getenv(howto_names[i].ev) != NULL) boothowto |= howto_names[i].mask; } } diff --git a/tools/build/options/WITHOUT_ARM_EABI b/tools/build/options/WITHOUT_ARM_EABI deleted file mode 100644 index 58e8348..0000000 --- a/tools/build/options/WITHOUT_ARM_EABI +++ /dev/null @@ -1,2 +0,0 @@ -.\" $FreeBSD$ -Set the ARM ABI to OABI. diff --git a/tools/build/options/WITHOUT_CLANG_BOOTSTRAP b/tools/build/options/WITHOUT_CLANG_BOOTSTRAP index a22046d..4a86791 100644 --- a/tools/build/options/WITHOUT_CLANG_BOOTSTRAP +++ b/tools/build/options/WITHOUT_CLANG_BOOTSTRAP @@ -1,5 +1,5 @@ .\" $FreeBSD$ Set to not build the Clang C/C++ compiler during the bootstrap phase of the build. -You must enable wither gcc or clang bootstrap to be able to build the system, -unless an alternative compiiler is provided via +You must enable either gcc or clang bootstrap to be able to build the system, +unless an alternative compiler is provided via XCC. diff --git a/tools/build/options/WITHOUT_GCC_BOOTSTRAP b/tools/build/options/WITHOUT_GCC_BOOTSTRAP index 668ff14..67a8969 100644 --- a/tools/build/options/WITHOUT_GCC_BOOTSTRAP +++ b/tools/build/options/WITHOUT_GCC_BOOTSTRAP @@ -1,5 +1,5 @@ .\" $FreeBSD$ Set to not build gcc and g++ as part of the bootstrap process. -You must enable wither gcc or clang bootstrap to be able to build the system, -unless an alternative compiiler is provided via +You must enable either gcc or clang bootstrap to be able to build the system, +unless an alternative compiler is provided via XCC. diff --git a/tools/build/options/WITHOUT_TOOLCHAIN b/tools/build/options/WITHOUT_TOOLCHAIN index 4ffc5b3..2aa4217 100644 --- a/tools/build/options/WITHOUT_TOOLCHAIN +++ b/tools/build/options/WITHOUT_TOOLCHAIN @@ -1,5 +1,5 @@ .\" $FreeBSD$ -Set to not install +Set to not install header or programs used for program development, compilers, debuggers etc. .Bf -symbolic diff --git a/tools/build/options/WITH_HYPERV b/tools/build/options/WITH_HYPERV deleted file mode 100644 index a6bdf72..0000000 --- a/tools/build/options/WITH_HYPERV +++ /dev/null @@ -1,2 +0,0 @@ -.\" $FreeBSD$ -Set to build and install HyperV utilities. diff --git a/usr.sbin/autofs/automountd.c b/usr.sbin/autofs/automountd.c index b511103..44143e5 100644 --- a/usr.sbin/autofs/automountd.c +++ b/usr.sbin/autofs/automountd.c @@ -68,13 +68,14 @@ static int autofs_fd; static int request_id; static void -done(int request_error) +done(int request_error, bool wildcards) { struct autofs_daemon_done add; int error; memset(&add, 0, sizeof(add)); add.add_id = request_id; + add.add_wildcards = wildcards; add.add_error = request_error; log_debugx("completing request %d with error %d", @@ -172,7 +173,7 @@ static void exit_callback(void) { - done(EIO); + done(EIO, true); } static void @@ -184,6 +185,7 @@ handle_request(const struct autofs_daemon_request *adr, char *cmdline_options, FILE *f; char *options, *fstype, *nobrowse, *retrycnt, *tmp; int error; + bool wildcards; log_debugx("got request %d: from %s, path %s, prefix \"%s\", " "key \"%s\", options \"%s\"", adr->adr_id, adr->adr_from, @@ -209,9 +211,26 @@ handle_request(const struct autofs_daemon_request *adr, char *cmdline_options, checked_strdup(adr->adr_options), checked_strdup(map), checked_strdup("[kernel request]"), lineno); } - parse_map(parent, map, adr->adr_key[0] != '\0' ? adr->adr_key : NULL); + + /* + * "Wildcards" here actually means "make autofs(4) request + * automountd(8) action if the node being looked up does not + * exist, even though the parent is marked as cached". This + * needs to be done for maps with wildcard entries, but also + * for special and executable maps. + */ + parse_map(parent, map, adr->adr_key[0] != '\0' ? adr->adr_key : NULL, + &wildcards); + if (!wildcards) + wildcards = node_has_wildcards(parent); + if (wildcards) + log_debugx("map may contain wildcard entries"); + else + log_debugx("map does not contain wildcard entries"); + if (adr->adr_key[0] != '\0') node_expand_wildcard(root, adr->adr_key); + node = node_find(root, adr->adr_path); if (node == NULL) { log_errx(1, "map %s does not contain key for \"%s\"; " @@ -236,7 +255,7 @@ handle_request(const struct autofs_daemon_request *adr, char *cmdline_options, if (nobrowse != NULL && adr->adr_key[0] == '\0') { log_debugx("skipping map %s due to \"nobrowse\" " "option; exiting", map); - done(0); + done(0, true); /* * Exit without calling exit_callback(). @@ -263,7 +282,7 @@ handle_request(const struct autofs_daemon_request *adr, char *cmdline_options, } log_debugx("nothing to mount; exiting"); - done(0); + done(0, wildcards); /* * Exit without calling exit_callback(). @@ -337,7 +356,7 @@ handle_request(const struct autofs_daemon_request *adr, char *cmdline_options, log_errx(1, "mount failed"); log_debugx("mount done; exiting"); - done(0); + done(0, wildcards); /* * Exit without calling exit_callback(). @@ -345,6 +364,33 @@ handle_request(const struct autofs_daemon_request *adr, char *cmdline_options, quick_exit(0); } +static void +sigchld_handler(int dummy __unused) +{ + + /* + * The only purpose of this handler is to make SIGCHLD + * interrupt the AUTOFSREQUEST ioctl(2), so we can call + * wait_for_children(). + */ +} + +static void +register_sigchld(void) +{ + struct sigaction sa; + int error; + + bzero(&sa, sizeof(sa)); + sa.sa_handler = sigchld_handler; + sigfillset(&sa.sa_mask); + error = sigaction(SIGCHLD, &sa, NULL); + if (error != 0) + log_err(1, "sigaction"); + +} + + static int wait_for_children(bool block) { @@ -366,7 +412,7 @@ wait_for_children(bool block) log_warnx("child process %d terminated with signal %d", pid, WTERMSIG(status)); } else if (WEXITSTATUS(status) != 0) { - log_warnx("child process %d terminated with exit status %d", + log_debugx("child process %d terminated with exit status %d", pid, WEXITSTATUS(status)); } else { log_debugx("child process %d terminated gracefully", pid); @@ -477,6 +523,8 @@ main_automountd(int argc, char **argv) pidfile_write(pidfh); + register_sigchld(); + for (;;) { log_debugx("waiting for request from the kernel"); diff --git a/usr.sbin/autofs/common.c b/usr.sbin/autofs/common.c index e6db682..6fd8a05 100644 --- a/usr.sbin/autofs/common.c +++ b/usr.sbin/autofs/common.c @@ -498,6 +498,19 @@ node_is_direct_map(const struct node *n) return (true); } +bool +node_has_wildcards(const struct node *n) +{ + const struct node *child; + + TAILQ_FOREACH(child, &n->n_children, n_next) { + if (strcmp(child->n_key, "*") == 0) + return (true); + } + + return (false); +} + static void node_expand_maps(struct node *n, bool indirect) { @@ -526,7 +539,7 @@ node_expand_maps(struct node *n, bool indirect) log_debugx("map \"%s\" is a direct map, parsing", child->n_map); } - parse_map(child, child->n_map, NULL); + parse_map(child, child->n_map, NULL, NULL); } } @@ -996,7 +1009,8 @@ parse_included_map(struct node *parent, const char *map) } void -parse_map(struct node *parent, const char *map, const char *key) +parse_map(struct node *parent, const char *map, const char *key, + bool *wildcards) { char *path = NULL; int error, ret; @@ -1007,8 +1021,14 @@ parse_map(struct node *parent, const char *map, const char *key) log_debugx("parsing map \"%s\"", map); - if (map[0] == '-') + if (wildcards != NULL) + *wildcards = false; + + if (map[0] == '-') { + if (wildcards != NULL) + *wildcards = true; return (parse_special_map(parent, map, key)); + } if (map[0] == '/') { path = checked_strdup(map); @@ -1035,6 +1055,9 @@ parse_map(struct node *parent, const char *map, const char *key) if (executable) { log_debugx("map \"%s\" is executable", map); + if (wildcards != NULL) + *wildcards = true; + if (key != NULL) { yyin = auto_popen(path, key, NULL); } else { diff --git a/usr.sbin/autofs/common.h b/usr.sbin/autofs/common.h index bc0b6f6..16a8d73 100644 --- a/usr.sbin/autofs/common.h +++ b/usr.sbin/autofs/common.h @@ -80,6 +80,7 @@ struct node *node_new_map(struct node *parent, char *key, char *options, char *map, const char *config_file, int config_line); struct node *node_find(struct node *root, const char *mountpoint); bool node_is_direct_map(const struct node *n); +bool node_has_wildcards(const struct node *n); char *node_path(const struct node *n); char *node_options(const struct node *n); void node_expand_ampersand(struct node *root, const char *key); @@ -88,7 +89,8 @@ int node_expand_defined(struct node *root); void node_expand_indirect_maps(struct node *n); void node_print(const struct node *n); void parse_master(struct node *root, const char *path); -void parse_map(struct node *parent, const char *map, const char *args); +void parse_map(struct node *parent, const char *map, const char *args, + bool *wildcards); char *defined_expand(const char *string); void defined_init(void); void defined_parse_and_add(char *def); diff --git a/usr.sbin/autofs/token.l b/usr.sbin/autofs/token.l index 5062a13..6a92b7f 100644 --- a/usr.sbin/autofs/token.l +++ b/usr.sbin/autofs/token.l @@ -49,7 +49,7 @@ extern int yylex(void); %% \"[^"]+\" { yytext++; yytext[strlen(yytext) - 1] = '\0'; return STR; }; -[a-zA-Z0-9\.\+-_/\:\[\]$&{}]+ { return STR; } +[a-zA-Z0-9\.\+-_/\:\[\]$&%{}]+ { return STR; } #.*\n { lineno++; return NEWLINE; }; \\\n { lineno++; }; \n { lineno++; return NEWLINE; } diff --git a/usr.sbin/bsdconfig/includes/includes b/usr.sbin/bsdconfig/includes/includes index d831649..6e9906f 100755 --- a/usr.sbin/bsdconfig/includes/includes +++ b/usr.sbin/bsdconfig/includes/includes @@ -69,10 +69,12 @@ show_include() -v use_color=${USE_COLOR:-0} \ -v re="$pattern" \ -v show_desc=${SHOW_DESC:-0} ' - function asorti(src, dest) + function _asorti(src, dest) { + k = nitems = 0; + # Copy src indices to dest and calculate array length - nitems = 0; for (i in src) dest[++nitems] = i + for (i in src) dest[++nitems] = i # Sort the array of indices (dest) using insertion sort method for (i = 1; i <= nitems; k = i++) @@ -118,7 +120,7 @@ show_include() } } END { - n = asorti(syntax, sorted_indices) + n = _asorti(syntax, sorted_indices) for (i = 1; i <= n; i++) printf "%s", syntax[sorted_indices[i]] }' "$file" ) diff --git a/usr.sbin/bsdconfig/share/device.subr b/usr.sbin/bsdconfig/share/device.subr index d93cd9b..d95684d 100644 --- a/usr.sbin/bsdconfig/share/device.subr +++ b/usr.sbin/bsdconfig/share/device.subr @@ -1116,8 +1116,9 @@ f_device_shutdown() f_device_sort_by_awk=' # Variables that should be defined on the invocation line: # -v prop="property" -function asorti(src, dest) +function _asorti(src, dest) { + k = nitems = 0 for (i in src) dest[++nitems] = i for (i = 1; i <= nitems; k = i++) { idx = dest[i] @@ -1136,7 +1137,7 @@ function asorti(src, dest) } } END { - nitems = asorti(devices, devices_sorted) + nitems = _asorti(devices, devices_sorted) for (i = 1; i <= nitems; i++) print devices[devices_sorted[i]] } ' diff --git a/usr.sbin/bsdconfig/share/packages/index.subr b/usr.sbin/bsdconfig/share/packages/index.subr index 35ef0da..f3c1713 100644 --- a/usr.sbin/bsdconfig/share/packages/index.subr +++ b/usr.sbin/bsdconfig/share/packages/index.subr @@ -241,10 +241,12 @@ f_index_read() export msg_packages eval "$( debug= f_getvar "$var_to_get" | awk -F'|' ' - function asorti(src, dest) + function _asorti(src, dest) { + k = nitems = 0 + # Copy src indices to dest and calculate array length - nitems = 0; for (i in src) dest[++nitems] = i + for (i in src) dest[++nitems] = i # Sort the array of indices (dest) using insertion sort method for (i = 1; i <= nitems; k = i++) @@ -290,7 +292,7 @@ f_index_read() END { print "_npkgs=" tpkgs # For convenience, total package count - n = asorti(categories, categories_sorted) + n = _asorti(categories, categories_sorted) # Produce package counts for each category for (i = 1; i <= n; i++) |
