diff options
817 files changed, 8158 insertions, 5384 deletions
@@ -252,7 +252,7 @@ ${TGTS}: .MAKE tinderbox toolchains kernel-toolchains: .MAKE .endif -${TGTS}: +${TGTS}: .PHONY ${_+_}@cd ${.CURDIR}; ${_MAKE} ${.TARGET} # The historic default "all" target creates files which may cause stale @@ -366,21 +366,21 @@ make bmake: .PHONY @echo ">>> Building an up-to-date make(1)" @echo "--------------------------------------------------------------" ${_+_}@cd ${.CURDIR}/usr.bin/${.TARGET}; \ - ${MMAKE} obj && \ - ${MMAKE} depend && \ - ${MMAKE} all && \ + ${MMAKE} obj; \ + ${MMAKE} depend; \ + ${MMAKE} all; \ ${MMAKE} install DESTDIR=${MYMAKE:H} BINDIR= tinderbox toolchains kernel-toolchains: upgrade_checks tinderbox: - @cd ${.CURDIR} && ${SUB_MAKE} DOING_TINDERBOX=YES universe + @cd ${.CURDIR}; ${SUB_MAKE} DOING_TINDERBOX=YES universe toolchains: - @cd ${.CURDIR} && ${SUB_MAKE} UNIVERSE_TARGET=toolchain universe + @cd ${.CURDIR}; ${SUB_MAKE} UNIVERSE_TARGET=toolchain universe kernel-toolchains: - @cd ${.CURDIR} && ${SUB_MAKE} UNIVERSE_TARGET=kernel-toolchain universe + @cd ${.CURDIR}; ${SUB_MAKE} UNIVERSE_TARGET=kernel-toolchain universe # # universe @@ -467,7 +467,7 @@ universe_${target}_kernels: universe_${target}_prologue .MAKE (echo "${target} 'make LINT' failed," \ "check _.${target}.makeLINT for details"| ${MAKEFAIL})) .endif - @cd ${.CURDIR} && ${SUB_MAKE} ${.MAKEFLAGS} TARGET=${target} \ + @cd ${.CURDIR}; ${SUB_MAKE} ${.MAKEFLAGS} TARGET=${target} \ universe_kernels .endif @echo ">> ${target} completed on `LC_ALL=C date`" diff --git a/Makefile.inc1 b/Makefile.inc1 index ff4bd5a..f9bc84c 100644 --- a/Makefile.inc1 +++ b/Makefile.inc1 @@ -468,7 +468,7 @@ KMAKE= ${KMAKEENV} ${MAKE} ${.MAKEFLAGS} ${KERNEL_FLAGS} KERNEL=${INSTKERNNAME} # Attempt to rebuild the entire system, with reasonable chance of # success, regardless of how old your existing system is. # -_worldtmp: +_worldtmp: .PHONY .if ${.CURDIR:C/[^,]//g} != "" # The m4 build of sendmail files doesn't like it if ',' is used # anywhere in the path of it's files. @@ -592,7 +592,7 @@ everything: @echo "--------------------------------------------------------------" ${_+_}cd ${.CURDIR}; ${WMAKE} par-all .if defined(LIB32TMP) -build32: +build32: .PHONY @echo @echo "--------------------------------------------------------------" @echo ">>> stage 5.1: building 32 bit shim libraries" @@ -609,54 +609,55 @@ build32: mkdir -p ${WORLDTMP} ln -sf ${.CURDIR}/sys ${WORLDTMP} .for _t in obj includes - cd ${.CURDIR}/include; ${LIB32WMAKE} DIRPRFX=include/ ${_t} - cd ${.CURDIR}/lib; ${LIB32WMAKE} DIRPRFX=lib/ ${_t} + ${_+_}cd ${.CURDIR}/include; ${LIB32WMAKE} DIRPRFX=include/ ${_t} + ${_+_}cd ${.CURDIR}/lib; ${LIB32WMAKE} DIRPRFX=lib/ ${_t} .if ${MK_CDDL} != "no" - cd ${.CURDIR}/cddl/lib; ${LIB32WMAKE} DIRPRFX=cddl/lib/ ${_t} + ${_+_}cd ${.CURDIR}/cddl/lib; ${LIB32WMAKE} DIRPRFX=cddl/lib/ ${_t} .endif - cd ${.CURDIR}/gnu/lib; ${LIB32WMAKE} DIRPRFX=gnu/lib/ ${_t} + ${_+_}cd ${.CURDIR}/gnu/lib; ${LIB32WMAKE} DIRPRFX=gnu/lib/ ${_t} .if ${MK_CRYPT} != "no" - cd ${.CURDIR}/secure/lib; ${LIB32WMAKE} DIRPRFX=secure/lib/ ${_t} + ${_+_}cd ${.CURDIR}/secure/lib; ${LIB32WMAKE} DIRPRFX=secure/lib/ ${_t} .endif .if ${MK_KERBEROS} != "no" - cd ${.CURDIR}/kerberos5/lib; ${LIB32WMAKE} DIRPRFX=kerberos5/lib ${_t} + ${_+_}cd ${.CURDIR}/kerberos5/lib; ${LIB32WMAKE} DIRPRFX=kerberos5/lib ${_t} .endif .endfor .for _dir in usr.bin/lex/lib - cd ${.CURDIR}/${_dir}; ${LIB32WMAKE} DIRPRFX=${_dir}/ obj + ${_+_}cd ${.CURDIR}/${_dir}; ${LIB32WMAKE} DIRPRFX=${_dir}/ obj .endfor .for _dir in lib/ncurses/ncurses lib/ncurses/ncursesw lib/libmagic - cd ${.CURDIR}/${_dir}; \ + ${_+_}cd ${.CURDIR}/${_dir}; \ WORLDTMP=${WORLDTMP} \ MAKEFLAGS="-m ${.CURDIR}/tools/build/mk ${.MAKEFLAGS}" \ MAKEOBJDIRPREFIX=${OBJTREE}/lib32 ${MAKE} SSP_CFLAGS= DESTDIR= \ DIRPRFX=${_dir}/ -DNO_LINT -DNO_CPU_CFLAGS -DNO_WARNS -DNO_CTF \ -DEARLY_BUILD build-tools .endfor - cd ${.CURDIR}; \ - ${LIB32WMAKE} -f Makefile.inc1 libraries + ${_+_}cd ${.CURDIR}; \ + ${LIB32WMAKE} -f Makefile.inc1 -DNO_FSCHG libraries .for _t in obj depend all - cd ${.CURDIR}/libexec/rtld-elf; PROG=ld-elf32.so.1 ${LIB32WMAKE} \ - DIRPRFX=libexec/rtld-elf/ ${_t} - cd ${.CURDIR}/usr.bin/ldd; PROG=ldd32 ${LIB32WMAKE} \ + ${_+_}cd ${.CURDIR}/libexec/rtld-elf; PROG=ld-elf32.so.1 ${LIB32WMAKE} \ + -DNO_FSCHG DIRPRFX=libexec/rtld-elf/ ${_t} + ${_+_}cd ${.CURDIR}/usr.bin/ldd; PROG=ldd32 ${LIB32WMAKE} \ DIRPRFX=usr.bin/ldd ${_t} .endfor -distribute32 install32: - cd ${.CURDIR}/lib; ${LIB32IMAKE} ${.TARGET:S/32$//} +distribute32 install32: .MAKE .PHONY + ${_+_}cd ${.CURDIR}/lib; ${LIB32IMAKE} ${.TARGET:S/32$//} .if ${MK_CDDL} != "no" - cd ${.CURDIR}/cddl/lib; ${LIB32IMAKE} ${.TARGET:S/32$//} + ${_+_}cd ${.CURDIR}/cddl/lib; ${LIB32IMAKE} ${.TARGET:S/32$//} .endif - cd ${.CURDIR}/gnu/lib; ${LIB32IMAKE} ${.TARGET:S/32$//} + ${_+_}cd ${.CURDIR}/gnu/lib; ${LIB32IMAKE} ${.TARGET:S/32$//} .if ${MK_CRYPT} != "no" - cd ${.CURDIR}/secure/lib; ${LIB32IMAKE} ${.TARGET:S/32$//} + ${_+_}cd ${.CURDIR}/secure/lib; ${LIB32IMAKE} ${.TARGET:S/32$//} .endif .if ${MK_KERBEROS} != "no" - cd ${.CURDIR}/kerberos5/lib; ${LIB32IMAKE} ${.TARGET:S/32$//} + ${_+_}cd ${.CURDIR}/kerberos5/lib; ${LIB32IMAKE} ${.TARGET:S/32$//} .endif - cd ${.CURDIR}/libexec/rtld-elf; \ + ${_+_}cd ${.CURDIR}/libexec/rtld-elf; \ PROG=ld-elf32.so.1 ${LIB32IMAKE} ${.TARGET:S/32$//} - cd ${.CURDIR}/usr.bin/ldd; PROG=ldd32 ${LIB32IMAKE} ${.TARGET:S/32$//} + ${_+_}cd ${.CURDIR}/usr.bin/ldd; PROG=ldd32 ${LIB32IMAKE} \ + ${.TARGET:S/32$//} .endif WMAKE_TGTS= @@ -871,7 +872,7 @@ distributeworld installworld: _installcheck_world .endif .endfor -mkdir ${DESTDIR}/${DISTDIR}/base - cd ${.CURDIR}/etc; ${CROSSENV} PATH=${TMPPATH} ${MAKE} \ + ${_+_}cd ${.CURDIR}/etc; ${CROSSENV} PATH=${TMPPATH} ${MAKE} \ METALOG=${METALOG} ${IMAKE_INSTALL} ${IMAKE_MTREE} \ DISTBASE=/base DESTDIR=${DESTDIR}/${DISTDIR}/base \ LOCAL_MTREE=${LOCAL_MTREE:Q} distrib-dirs @@ -943,7 +944,7 @@ packageworld: # and do a 'make reinstall' on the *client* to install new binaries from the # most recent server build. # -reinstall: .MAKE +reinstall: .MAKE .PHONY @echo "--------------------------------------------------------------" @echo ">>> Making hierarchy" @echo "--------------------------------------------------------------" @@ -958,7 +959,7 @@ reinstall: .MAKE ${_+_}cd ${.CURDIR}; ${MAKE} -f Makefile.inc1 install32 .endif -redistribute: .MAKE +redistribute: .MAKE .PHONY @echo "--------------------------------------------------------------" @echo ">>> Distributing everything" @echo "--------------------------------------------------------------" @@ -968,7 +969,7 @@ redistribute: .MAKE DISTRIBUTION=lib32 .endif -distrib-dirs distribution: .MAKE +distrib-dirs distribution: .MAKE .PHONY cd ${.CURDIR}/etc; ${CROSSENV} PATH=${TMPPATH} ${MAKE} \ ${IMAKE_INSTALL} ${IMAKE_MTREE} METALOG=${METALOG} ${.TARGET} @@ -1019,14 +1020,14 @@ INSTALLKERNEL= ${_kernel} .endif .endfor -buildkernel ${WMAKE_TGTS} ${.ALLTARGETS:M_*}: .MAKE +${WMAKE_TGTS:N_worldtmp:Nbuild32} ${.ALLTARGETS:M_*:N_worldtmp}: .MAKE .PHONY # # buildkernel # # Builds all kernels defined by BUILDKERNELS. # -buildkernel: +buildkernel: .MAKE .PHONY .if empty(BUILDKERNELS) @echo "ERROR: Missing kernel configuration file(s) (${KERNCONF})."; \ false @@ -1053,14 +1054,14 @@ buildkernel: @echo "--------------------------------------------------------------" @echo ">>> stage 2.1: cleaning up the object tree" @echo "--------------------------------------------------------------" - cd ${KRNLOBJDIR}/${_kernel}; ${KMAKE} ${CLEANDIR} + ${_+_}cd ${KRNLOBJDIR}/${_kernel}; ${KMAKE} ${CLEANDIR} .endif .if !defined(NO_KERNELOBJ) @echo @echo "--------------------------------------------------------------" @echo ">>> stage 2.2: rebuilding the object tree" @echo "--------------------------------------------------------------" - cd ${KRNLOBJDIR}/${_kernel}; ${KMAKE} obj + ${_+_}cd ${KRNLOBJDIR}/${_kernel}; ${KMAKE} obj .endif @echo @echo "--------------------------------------------------------------" @@ -1072,13 +1073,13 @@ buildkernel: @echo "--------------------------------------------------------------" @echo ">>> stage 3.1: making dependencies" @echo "--------------------------------------------------------------" - cd ${KRNLOBJDIR}/${_kernel}; ${KMAKE} depend -DNO_MODULES_OBJ + ${_+_}cd ${KRNLOBJDIR}/${_kernel}; ${KMAKE} depend -DNO_MODULES_OBJ .endif @echo @echo "--------------------------------------------------------------" @echo ">>> stage 3.2: building everything" @echo "--------------------------------------------------------------" - cd ${KRNLOBJDIR}/${_kernel}; ${KMAKE} all -DNO_MODULES_OBJ + ${_+_}cd ${KRNLOBJDIR}/${_kernel}; ${KMAKE} all -DNO_MODULES_OBJ @echo "--------------------------------------------------------------" @echo ">>> Kernel build for ${_kernel} completed on `LC_ALL=C date`" @echo "--------------------------------------------------------------" @@ -1161,12 +1162,12 @@ packagekernel: # # Build the API documentation with doxygen # -doxygen: +doxygen: .PHONY @if [ ! -x `/usr/bin/which doxygen` ]; then \ echo "You need doxygen (devel/doxygen) to generate the API documentation of the kernel." | /usr/bin/fmt; \ exit 1; \ fi - cd ${.CURDIR}/tools/kerneldoc/subsys && ${MAKE} obj all + ${_+_}cd ${.CURDIR}/tools/kerneldoc/subsys; ${MAKE} obj all # # update @@ -1186,7 +1187,7 @@ update: @echo "--------------------------------------------------------------" @echo ">>> Updating ${.CURDIR} using Subversion" @echo "--------------------------------------------------------------" - @(cd ${.CURDIR} && ${SVN} update ${SVNFLAGS}) + @(cd ${.CURDIR}; ${SVN} update ${SVNFLAGS}) .endif # @@ -1210,11 +1211,11 @@ legacy: .endif .for _tool in tools/build ${_+_}@${ECHODIR} "===> ${_tool} (obj,includes,depend,all,install)"; \ - cd ${.CURDIR}/${_tool} && \ - ${MAKE} DIRPRFX=${_tool}/ obj && \ - ${MAKE} DIRPRFX=${_tool}/ DESTDIR=${MAKEOBJDIRPREFIX}/legacy includes && \ - ${MAKE} DIRPRFX=${_tool}/ depend && \ - ${MAKE} DIRPRFX=${_tool}/ all && \ + cd ${.CURDIR}/${_tool}; \ + ${MAKE} DIRPRFX=${_tool}/ obj; \ + ${MAKE} DIRPRFX=${_tool}/ DESTDIR=${MAKEOBJDIRPREFIX}/legacy includes; \ + ${MAKE} DIRPRFX=${_tool}/ depend; \ + ${MAKE} DIRPRFX=${_tool}/ all; \ ${MAKE} DIRPRFX=${_tool}/ DESTDIR=${MAKEOBJDIRPREFIX}/legacy install .endfor @@ -1373,7 +1374,6 @@ bootstrap-tools: .PHONY ${_yacc} \ ${_m4} \ ${_lex} \ - lib/libmd \ usr.bin/xinstall \ ${_gensnmptree} \ usr.sbin/config \ @@ -1383,10 +1383,10 @@ bootstrap-tools: .PHONY ${_vtfontcvt} ${_bt}-${_tool}: .PHONY .MAKE ${_+_}@${ECHODIR} "===> ${_tool} (obj,depend,all,install)"; \ - cd ${.CURDIR}/${_tool} && \ - ${MAKE} DIRPRFX=${_tool}/ obj && \ - ${MAKE} DIRPRFX=${_tool}/ depend && \ - ${MAKE} DIRPRFX=${_tool}/ all && \ + cd ${.CURDIR}/${_tool}; \ + ${MAKE} DIRPRFX=${_tool}/ obj; \ + ${MAKE} DIRPRFX=${_tool}/ depend; \ + ${MAKE} DIRPRFX=${_tool}/ all; \ ${MAKE} DIRPRFX=${_tool}/ DESTDIR=${MAKEOBJDIRPREFIX}/legacy install bootstrap-tools: ${_bt}-${_tool} @@ -1422,16 +1422,16 @@ build-tools: .MAKE usr.bin/mkcsmapper_static \ usr.bin/vi/catalog ${_+_}@${ECHODIR} "===> ${_tool} (obj,build-tools)"; \ - cd ${.CURDIR}/${_tool} && \ - ${MAKE} DIRPRFX=${_tool}/ obj && \ + cd ${.CURDIR}/${_tool}; \ + ${MAKE} DIRPRFX=${_tool}/ obj; \ ${MAKE} DIRPRFX=${_tool}/ build-tools .endfor .for _tool in \ ${_gcc_tools} ${_+_}@${ECHODIR} "===> ${_tool} (obj,depend,all)"; \ - cd ${.CURDIR}/${_tool} && \ - ${MAKE} DIRPRFX=${_tool}/ obj && \ - ${MAKE} DIRPRFX=${_tool}/ depend && \ + cd ${.CURDIR}/${_tool}; \ + ${MAKE} DIRPRFX=${_tool}/ obj; \ + ${MAKE} DIRPRFX=${_tool}/ depend; \ ${MAKE} DIRPRFX=${_tool}/ all .endfor @@ -1439,7 +1439,7 @@ build-tools: .MAKE # # kernel-tools: Build kernel-building tools # -kernel-tools: .MAKE +kernel-tools: mkdir -p ${MAKEOBJDIRPREFIX}/usr mtree -deU -f ${.CURDIR}/etc/mtree/BSD.usr.dist \ -p ${MAKEOBJDIRPREFIX}/usr >/dev/null @@ -1484,7 +1484,7 @@ _cc= gnu/usr.bin/cc .endif .endif -cross-tools: .MAKE +cross-tools: .MAKE .PHONY .for _tool in \ ${_clang_libs} \ ${_clang} \ @@ -1495,10 +1495,10 @@ cross-tools: .MAKE ${_crunchide} \ ${_kgzip} ${_+_}@${ECHODIR} "===> ${_tool} (obj,depend,all,install)"; \ - cd ${.CURDIR}/${_tool} && \ - ${MAKE} DIRPRFX=${_tool}/ obj && \ - ${MAKE} DIRPRFX=${_tool}/ depend && \ - ${MAKE} DIRPRFX=${_tool}/ all && \ + cd ${.CURDIR}/${_tool}; \ + ${MAKE} DIRPRFX=${_tool}/ obj; \ + ${MAKE} DIRPRFX=${_tool}/ depend; \ + ${MAKE} DIRPRFX=${_tool}/ all; \ ${MAKE} DIRPRFX=${_tool}/ DESTDIR=${MAKEOBJDIRPREFIX} install .endfor @@ -1516,7 +1516,7 @@ NXBMAKE= ${NXBENV} ${MAKE} \ -DNO_CPU_CFLAGS -DNO_WARNS -DNO_CTF \ -DWITHOUT_CLANG_FULL -DWITHOUT_LLDB -native-xtools: .MAKE +native-xtools: .PHONY mkdir -p ${OBJTREE}/nxb-bin/bin mkdir -p ${OBJTREE}/nxb-bin/sbin mkdir -p ${OBJTREE}/nxb-bin/usr @@ -1580,18 +1580,18 @@ native-xtools: .MAKE usr.bin/yacc \ usr.sbin/chown ${_+_}@${ECHODIR} "===> ${_tool} (obj,depend,all,install)"; \ - cd ${.CURDIR}/${_tool} && \ - ${NXBMAKE} DIRPRFX=${_tool}/ obj && \ - ${NXBMAKE} DIRPRFX=${_tool}/ depend && \ - ${NXBMAKE} DIRPRFX=${_tool}/ all && \ + cd ${.CURDIR}/${_tool}; \ + ${NXBMAKE} DIRPRFX=${_tool}/ obj; \ + ${NXBMAKE} DIRPRFX=${_tool}/ depend; \ + ${NXBMAKE} DIRPRFX=${_tool}/ all; \ ${NXBMAKE} DIRPRFX=${_tool}/ DESTDIR=${OBJTREE}/nxb-bin install .endfor # # hierarchy - ensure that all the needed directories are present # -hierarchy hier: .MAKE - cd ${.CURDIR}/etc && ${HMAKE} distrib-dirs +hierarchy hier: .MAKE .PHONY + ${_+_}cd ${.CURDIR}/etc; ${HMAKE} distrib-dirs # # libraries - build all libraries, and install them under ${DESTDIR}. @@ -1600,11 +1600,11 @@ hierarchy hier: .MAKE # interdependencies (__L) are built automatically by the # ${.CURDIR}/tools/make_libdeps.sh script. # -libraries: .MAKE - cd ${.CURDIR} && \ - ${MAKE} -f Makefile.inc1 _prereq_libs && \ - ${MAKE} -f Makefile.inc1 _startup_libs && \ - ${MAKE} -f Makefile.inc1 _prebuild_libs && \ +libraries: .MAKE .PHONY + ${_+_}cd ${.CURDIR}; \ + ${MAKE} -f Makefile.inc1 _prereq_libs; \ + ${MAKE} -f Makefile.inc1 _startup_libs; \ + ${MAKE} -f Makefile.inc1 _prebuild_libs; \ ${MAKE} -f Makefile.inc1 _generic_libs # @@ -1806,11 +1806,11 @@ gnu/lib/libdialog__L: lib/msun__L lib/ncurses/ncursesw__L ${_lib}__PL: .PHONY .MAKE .if exists(${.CURDIR}/${_lib}) ${_+_}@${ECHODIR} "===> ${_lib} (obj,depend,all,install)"; \ - cd ${.CURDIR}/${_lib} && \ - ${MAKE} -DNO_TESTS DIRPRFX=${_lib}/ obj && \ - ${MAKE} -DNO_TESTS DIRPRFX=${_lib}/ depend && \ + cd ${.CURDIR}/${_lib}; \ + ${MAKE} -DNO_TESTS DIRPRFX=${_lib}/ obj; \ + ${MAKE} -DNO_TESTS DIRPRFX=${_lib}/ depend; \ ${MAKE} -DNO_TESTS -DNO_PROFILE -DNO_PIC \ - DIRPRFX=${_lib}/ all && \ + DIRPRFX=${_lib}/ all; \ ${MAKE} -DNO_TESTS -DNO_PROFILE -DNO_PIC \ DIRPRFX=${_lib}/ install .endif @@ -1820,10 +1820,10 @@ ${_lib}__PL: .PHONY .MAKE ${_lib}__L: .PHONY .MAKE .if exists(${.CURDIR}/${_lib}) ${_+_}@${ECHODIR} "===> ${_lib} (obj,depend,all,install)"; \ - cd ${.CURDIR}/${_lib} && \ - ${MAKE} -DNO_TESTS DIRPRFX=${_lib}/ obj && \ - ${MAKE} -DNO_TESTS DIRPRFX=${_lib}/ depend && \ - ${MAKE} -DNO_TESTS DIRPRFX=${_lib}/ all && \ + cd ${.CURDIR}/${_lib}; \ + ${MAKE} -DNO_TESTS DIRPRFX=${_lib}/ obj; \ + ${MAKE} -DNO_TESTS DIRPRFX=${_lib}/ depend; \ + ${MAKE} -DNO_TESTS DIRPRFX=${_lib}/ all; \ ${MAKE} -DNO_TESTS DIRPRFX=${_lib}/ install .endif .endfor @@ -1833,11 +1833,11 @@ ${_lib}__L: .PHONY .MAKE # modules. lib/libpam__L: .PHONY .MAKE ${_+_}@${ECHODIR} "===> lib/libpam (obj,depend,all,install)"; \ - cd ${.CURDIR}/lib/libpam && \ - ${MAKE} -DNO_TESTS DIRPRFX=lib/libpam/ obj && \ - ${MAKE} -DNO_TESTS DIRPRFX=lib/libpam/ depend && \ + cd ${.CURDIR}/lib/libpam; \ + ${MAKE} -DNO_TESTS DIRPRFX=lib/libpam/ obj; \ + ${MAKE} -DNO_TESTS DIRPRFX=lib/libpam/ depend; \ ${MAKE} -DNO_TESTS DIRPRFX=lib/libpam/ \ - -D_NO_LIBPAM_SO_YET all && \ + -D_NO_LIBPAM_SO_YET all; \ ${MAKE} -DNO_TESTS DIRPRFX=lib/libpam/ \ -D_NO_LIBPAM_SO_YET install @@ -2100,27 +2100,27 @@ xdev: xdev-build xdev-install .ORDER: _xb-worldtmp _xb-bootstrap-tools _xb-build-tools _xb-cross-tools xdev-build: _xb-worldtmp _xb-bootstrap-tools _xb-build-tools _xb-cross-tools -_xb-worldtmp: +_xb-worldtmp: .PHONY mkdir -p ${CDTMP}/usr mtree -deU -f ${.CURDIR}/etc/mtree/BSD.usr.dist \ -p ${CDTMP}/usr >/dev/null -_xb-bootstrap-tools: +_xb-bootstrap-tools: .PHONY .for _tool in \ ${_clang_tblgen} ${_+_}@${ECHODIR} "===> ${_tool} (obj,depend,all,install)"; \ - cd ${.CURDIR}/${_tool} && \ - ${CDMAKE} DIRPRFX=${_tool}/ obj && \ - ${CDMAKE} DIRPRFX=${_tool}/ depend && \ - ${CDMAKE} DIRPRFX=${_tool}/ all && \ + cd ${.CURDIR}/${_tool}; \ + ${CDMAKE} DIRPRFX=${_tool}/ obj; \ + ${CDMAKE} DIRPRFX=${_tool}/ depend; \ + ${CDMAKE} DIRPRFX=${_tool}/ all; \ ${CDMAKE} DIRPRFX=${_tool}/ DESTDIR=${CDTMP} install .endfor -_xb-build-tools: +_xb-build-tools: .PHONY ${_+_}@cd ${.CURDIR}; \ ${CDBENV} ${MAKE} -f Makefile.inc1 ${NOFUN} build-tools -_xb-cross-tools: +_xb-cross-tools: .PHONY .for _tool in \ ${_binutils} \ usr.bin/ar \ @@ -2128,13 +2128,13 @@ _xb-cross-tools: ${_clang} \ ${_cc} ${_+_}@${ECHODIR} "===> xdev ${_tool} (obj,depend,all)"; \ - cd ${.CURDIR}/${_tool} && \ - ${CDMAKE} DIRPRFX=${_tool}/ obj && \ - ${CDMAKE} DIRPRFX=${_tool}/ depend && \ + cd ${.CURDIR}/${_tool}; \ + ${CDMAKE} DIRPRFX=${_tool}/ obj; \ + ${CDMAKE} DIRPRFX=${_tool}/ depend; \ ${CDMAKE} DIRPRFX=${_tool}/ all .endfor -_xi-mtree: +_xi-mtree: .PHONY ${_+_}@${ECHODIR} "mtree populating ${XDDESTDIR}" mkdir -p ${XDDESTDIR} mtree -deU -f ${.CURDIR}/etc/mtree/BSD.root.dist \ @@ -2152,7 +2152,7 @@ _xi-mtree: .ORDER: xdev-build _xi-mtree _xi-cross-tools _xi-includes _xi-libraries _xi-links xdev-install: xdev-build _xi-mtree _xi-cross-tools _xi-includes _xi-libraries _xi-links -_xi-cross-tools: +_xi-cross-tools: .PHONY @echo "_xi-cross-tools" .for _tool in \ ${_binutils} \ @@ -2165,15 +2165,15 @@ _xi-cross-tools: ${CDMAKE} DIRPRFX=${_tool}/ install DESTDIR=${XDDESTDIR} .endfor -_xi-includes: +_xi-includes: .PHONY ${_+_}cd ${.CURDIR}; ${CD2MAKE} -f Makefile.inc1 par-includes \ DESTDIR=${XDDESTDIR} -_xi-libraries: +_xi-libraries: .PHONY ${_+_}cd ${.CURDIR}; ${CD2MAKE} -f Makefile.inc1 libraries \ DESTDIR=${XDDESTDIR} -_xi-links: +_xi-links: .PHONY ${_+_}cd ${XDDESTDIR}/usr/bin; \ mkdir -p ../../../../usr/bin; \ for i in *; do \ @@ -400,14 +400,6 @@ older version of current is a bit fragile. keep 64-bits counters. Thus all tools, that work with networking statistics, must be rebuilt (netstat(1), bsnmpd(1), etc.) -20130629: - Fix targets that run multiple make's to use && rather than ; - so that subsequent steps depend on success of previous. - - NOTE: if building 'universe' with -j* on stable/8 or stable/9 - it would be better to start the build using bmake, to avoid - overloading the machine. - 20130618: Fix a bug that allowed a tracing process (e.g. gdb) to write to a memory-mapped file in the traced process's address space diff --git a/bin/cp/cp.1 b/bin/cp/cp.1 index 169f350..9bbd9d6 100644 --- a/bin/cp/cp.1 +++ b/bin/cp/cp.1 @@ -32,7 +32,7 @@ .\" @(#)cp.1 8.3 (Berkeley) 4/18/94 .\" $FreeBSD$ .\" -.Dd March 15, 2013 +.Dd June 6, 2015 .Dt CP 1 .Os .Sh NAME @@ -45,7 +45,7 @@ .Op Fl H | Fl L | Fl P .Oc .Op Fl f | i | n -.Op Fl alpvx +.Op Fl alpsvx .Ar source_file target_file .Nm .Oo @@ -53,7 +53,7 @@ .Op Fl H | Fl L | Fl P .Oc .Op Fl f | i | n -.Op Fl alpvx +.Op Fl alpsvx .Ar source_file ... target_directory .Sh DESCRIPTION In the first synopsis form, the @@ -179,6 +179,8 @@ If the source file has both its set-user-ID and set-group-ID bits on, and either the user ID or group ID cannot be preserved, neither the set-user-ID nor set-group-ID bits are preserved in the copy's permissions. +.It Fl s +Create symbolic links to regular files in a hierarchy instead of copying. .It Fl v Cause .Nm @@ -298,7 +300,10 @@ differ as they copy special files as normal files while recreating a hierarchy. .Pp The -.Fl v +.Fl l, +.Fl s, +.Fl v, +.Fl x and .Fl n options are non-standard and their use in scripts is not recommended. diff --git a/bin/cp/cp.c b/bin/cp/cp.c index 2ad5f4a..11e3633 100644 --- a/bin/cp/cp.c +++ b/bin/cp/cp.c @@ -75,15 +75,15 @@ __FBSDID("$FreeBSD$"); #include "extern.h" #define STRIP_TRAILING_SLASH(p) { \ - while ((p).p_end > (p).p_path + 1 && (p).p_end[-1] == '/') \ - *--(p).p_end = 0; \ + while ((p).p_end > (p).p_path + 1 && (p).p_end[-1] == '/') \ + *--(p).p_end = 0; \ } static char emptystring[] = ""; PATH_T to = { to.p_path, emptystring, "" }; -int fflag, iflag, lflag, nflag, pflag, vflag; +int fflag, iflag, lflag, nflag, pflag, sflag, vflag; static int Rflag, rflag; volatile sig_atomic_t info; @@ -102,7 +102,7 @@ main(int argc, char *argv[]) fts_options = FTS_NOCHDIR | FTS_PHYSICAL; Hflag = Lflag = 0; - while ((ch = getopt(argc, argv, "HLPRafilnprvx")) != -1) + while ((ch = getopt(argc, argv, "HLPRafilnprsvx")) != -1) switch (ch) { case 'H': Hflag = 1; @@ -145,6 +145,9 @@ main(int argc, char *argv[]) rflag = Lflag = 1; Hflag = 0; break; + case 's': + sflag = 1; + break; case 'v': vflag = 1; break; @@ -163,6 +166,8 @@ main(int argc, char *argv[]) if (Rflag && rflag) errx(1, "the -R and -r options may not be specified together"); + if (lflag && sflag) + errx(1, "the -l and -s options may not be specified together"); if (rflag) Rflag = 1; if (Rflag) { @@ -183,7 +188,7 @@ main(int argc, char *argv[]) if (strlcpy(to.p_path, target, sizeof(to.p_path)) >= sizeof(to.p_path)) errx(1, "%s: name too long", target); to.p_end = to.p_path + strlen(to.p_path); - if (to.p_path == to.p_end) { + if (to.p_path == to.p_end) { *to.p_end++ = '.'; *to.p_end = 0; } @@ -240,10 +245,10 @@ main(int argc, char *argv[]) type = FILE_TO_FILE; if (have_trailing_slash && type == FILE_TO_FILE) { - if (r == -1) + if (r == -1) { errx(1, "directory %s does not exist", - to.p_path); - else + to.p_path); + } else errx(1, "%s is not a directory", to.p_path); } } else @@ -294,8 +299,8 @@ copy(char *argv[], enum op type, int fts_options) /* * If we are in case (2) or (3) above, we need to append the - * source name to the target name. - */ + * source name to the target name. + */ if (type != FILE_TO_FILE) { /* * Need to remember the roots of traversals to create @@ -374,7 +379,8 @@ copy(char *argv[], enum op type, int fts_options) mode = curr->fts_statp->st_mode; if ((mode & (S_ISUID | S_ISGID | S_ISTXT)) || ((mode | S_IRWXU) & mask) != (mode & mask)) - if (chmod(to.p_path, mode & mask) != 0){ + if (chmod(to.p_path, mode & mask) != + 0) { warn("chmod: %s", to.p_path); rval = 1; } @@ -382,7 +388,7 @@ copy(char *argv[], enum op type, int fts_options) continue; } - /* Not an error but need to remember it happened */ + /* Not an error but need to remember it happened. */ if (stat(to.p_path, &to_stat) == -1) dne = 1; else { @@ -408,7 +414,7 @@ copy(char *argv[], enum op type, int fts_options) switch (curr->fts_statp->st_mode & S_IFMT) { case S_IFLNK: - /* Catch special case of a non-dangling symlink */ + /* Catch special case of a non-dangling symlink. */ if ((fts_options & FTS_LOGICAL) || ((fts_options & FTS_COMFOLLOW) && curr->fts_level == 0)) { @@ -433,7 +439,7 @@ copy(char *argv[], enum op type, int fts_options) * modified by the umask. Trade-off between being * able to write the directory (if from directory is * 555) and not causing a permissions race. If the - * umask blocks owner writes, we fail.. + * umask blocks owner writes, we fail. */ if (dne) { if (mkdir(to.p_path, @@ -452,7 +458,7 @@ copy(char *argv[], enum op type, int fts_options) break; case S_IFBLK: case S_IFCHR: - if (Rflag) { + if (Rflag && !sflag) { if (copy_special(curr->fts_statp, !dne)) badcp = rval = 1; } else { @@ -462,10 +468,10 @@ copy(char *argv[], enum op type, int fts_options) break; case S_IFSOCK: warnx("%s is a socket (not copied).", - curr->fts_path); + curr->fts_path); break; case S_IFIFO: - if (Rflag) { + if (Rflag && !sflag) { if (copy_fifo(curr->fts_statp, !dne)) badcp = rval = 1; } else { diff --git a/bin/cp/extern.h b/bin/cp/extern.h index 94c416b..f8c20da 100644 --- a/bin/cp/extern.h +++ b/bin/cp/extern.h @@ -37,7 +37,7 @@ typedef struct { } PATH_T; extern PATH_T to; -extern int fflag, iflag, lflag, nflag, pflag, vflag; +extern int fflag, iflag, lflag, nflag, pflag, sflag, vflag; extern volatile sig_atomic_t info; __BEGIN_DECLS diff --git a/bin/cp/utils.c b/bin/cp/utils.c index ad9695c..0b5202e 100644 --- a/bin/cp/utils.c +++ b/bin/cp/utils.c @@ -57,15 +57,19 @@ __FBSDID("$FreeBSD$"); #define cp_pct(x, y) ((y == 0) ? 0 : (int)(100.0 * (x) / (y))) -/* Memory strategy threshold, in pages: if physmem is larger then this, use a - * large buffer */ +/* + * Memory strategy threshold, in pages: if physmem is larger then this, use a + * large buffer. + */ #define PHYSPAGES_THRESHOLD (32*1024) -/* Maximum buffer size in bytes - do not allow it to grow larger than this */ +/* Maximum buffer size in bytes - do not allow it to grow larger than this. */ #define BUFSIZE_MAX (2*1024*1024) -/* Small (default) buffer size in bytes. It's inefficient for this to be - * smaller than MAXPHYS */ +/* + * Small (default) buffer size in bytes. It's inefficient for this to be + * smaller than MAXPHYS. + */ #define BUFSIZE_SMALL (MAXPHYS) int @@ -77,13 +81,15 @@ copy_file(const FTSENT *entp, int dne) ssize_t wcount; size_t wresid; off_t wtotal; - int ch, checkch, from_fd = 0, rcount, rval, to_fd = 0; + int ch, checkch, from_fd, rcount, rval, to_fd; char *bufp; #ifdef VM_AND_BUFFER_CACHE_SYNCHRONIZED char *p; #endif - if ((from_fd = open(entp->fts_path, O_RDONLY, 0)) == -1) { + from_fd = to_fd = -1; + if (!lflag && !sflag && + (from_fd = open(entp->fts_path, O_RDONLY, 0)) == -1) { warn("%s", entp->fts_path); return (1); } @@ -103,63 +109,65 @@ copy_file(const FTSENT *entp, int dne) if (nflag) { if (vflag) printf("%s not overwritten\n", to.p_path); - (void)close(from_fd); - return (1); + rval = 1; + goto done; } else if (iflag) { (void)fprintf(stderr, "overwrite %s? %s", - to.p_path, YESNO); + to.p_path, YESNO); checkch = ch = getchar(); while (ch != '\n' && ch != EOF) ch = getchar(); if (checkch != 'y' && checkch != 'Y') { - (void)close(from_fd); (void)fprintf(stderr, "not overwritten\n"); - return (1); + rval = 1; + goto done; } } - + if (fflag) { - /* remove existing destination file name, - * create a new file */ - (void)unlink(to.p_path); - if (!lflag) - to_fd = open(to.p_path, O_WRONLY | O_TRUNC | O_CREAT, - fs->st_mode & ~(S_ISUID | S_ISGID)); - } else { - if (!lflag) - /* overwrite existing destination file name */ - to_fd = open(to.p_path, O_WRONLY | O_TRUNC, 0); + /* + * Remove existing destination file name create a new + * file. + */ + (void)unlink(to.p_path); + if (!lflag && !sflag) { + to_fd = open(to.p_path, + O_WRONLY | O_TRUNC | O_CREAT, + fs->st_mode & ~(S_ISUID | S_ISGID)); + } + } else if (!lflag && !sflag) { + /* Overwrite existing destination file name. */ + to_fd = open(to.p_path, O_WRONLY | O_TRUNC, 0); } - } else { - if (!lflag) - to_fd = open(to.p_path, O_WRONLY | O_TRUNC | O_CREAT, - fs->st_mode & ~(S_ISUID | S_ISGID)); + } else if (!lflag && !sflag) { + to_fd = open(to.p_path, O_WRONLY | O_TRUNC | O_CREAT, + fs->st_mode & ~(S_ISUID | S_ISGID)); } - - if (to_fd == -1) { + + if (!lflag && !sflag && to_fd == -1) { warn("%s", to.p_path); - (void)close(from_fd); - return (1); + rval = 1; + goto done; } rval = 0; - if (!lflag) { + if (!lflag && !sflag) { /* - * Mmap and write if less than 8M (the limit is so we don't totally - * trash memory on big files. This is really a minor hack, but it - * wins some CPU back. + * Mmap and write if less than 8M (the limit is so we don't + * totally trash memory on big files. This is really a minor + * hack, but it wins some CPU back. * Some filesystems, such as smbnetfs, don't support mmap, * so this is a best-effort attempt. */ #ifdef VM_AND_BUFFER_CACHE_SYNCHRONIZED if (S_ISREG(fs->st_mode) && fs->st_size > 0 && - fs->st_size <= 8 * 1024 * 1024 && + fs->st_size <= 8 * 1024 * 1024 && (p = mmap(NULL, (size_t)fs->st_size, PROT_READ, MAP_SHARED, from_fd, (off_t)0)) != MAP_FAILED) { wtotal = 0; for (bufp = p, wresid = fs->st_size; ; - bufp += wcount, wresid -= (size_t)wcount) { + bufp += wcount, wresid -= (size_t)wcount) { wcount = write(to_fd, bufp, wresid); if (wcount <= 0) break; @@ -204,7 +212,7 @@ copy_file(const FTSENT *entp, int dne) wtotal = 0; while ((rcount = read(from_fd, buf, bufsize)) > 0) { for (bufp = buf, wresid = rcount; ; - bufp += wcount, wresid -= wcount) { + bufp += wcount, wresid -= wcount) { wcount = write(to_fd, bufp, wresid); if (wcount <= 0) break; @@ -230,13 +238,18 @@ copy_file(const FTSENT *entp, int dne) rval = 1; } } - } else { + } else if (lflag) { if (link(entp->fts_path, to.p_path)) { warn("%s", to.p_path); rval = 1; } + } else if (sflag) { + if (symlink(entp->fts_path, to.p_path)) { + warn("%s", to.p_path); + rval = 1; + } } - + /* * Don't remove the target even after an error. The target might * not be a regular file, or its attributes might be important, @@ -244,7 +257,7 @@ copy_file(const FTSENT *entp, int dne) * to remove it if we created it and its length is 0. */ - if (!lflag) { + if (!lflag && !sflag) { if (pflag && setfile(fs, to_fd)) rval = 1; if (pflag && preserve_fd_acls(from_fd, to_fd) != 0) @@ -255,8 +268,9 @@ copy_file(const FTSENT *entp, int dne) } } - (void)close(from_fd); - +done: + if (from_fd != -1) + (void)close(from_fd); return (rval); } @@ -338,7 +352,7 @@ setfile(struct stat *fs, int fd) fdval = fd != -1; islink = !fdval && S_ISLNK(fs->st_mode); fs->st_mode &= S_ISUID | S_ISGID | S_ISVTX | - S_IRWXU | S_IRWXG | S_IRWXO; + S_IRWXU | S_IRWXG | S_IRWXO; TIMESPEC_TO_TIMEVAL(&tv[0], &fs->st_atim); TIMESPEC_TO_TIMEVAL(&tv[1], &fs->st_mtim); @@ -352,7 +366,7 @@ setfile(struct stat *fs, int fd) else { gotstat = 1; ts.st_mode &= S_ISUID | S_ISGID | S_ISVTX | - S_IRWXU | S_IRWXG | S_IRWXO; + S_IRWXU | S_IRWXG | S_IRWXO; } /* * Changing the ownership probably won't succeed, unless we're root @@ -476,7 +490,7 @@ preserve_dir_acls(struct stat *fs, char *source_dir, char *dest_dir) return (0); /* - * If the file is a link we will not follow it + * If the file is a link we will not follow it. */ if (S_ISLNK(fs->st_mode)) { aclgetf = acl_get_link_np; @@ -535,8 +549,10 @@ usage(void) { (void)fprintf(stderr, "%s\n%s\n", -"usage: cp [-R [-H | -L | -P]] [-f | -i | -n] [-alpvx] source_file target_file", -" cp [-R [-H | -L | -P]] [-f | -i | -n] [-alpvx] source_file ... " -"target_directory"); + "usage: cp [-R [-H | -L | -P]] [-f | -i | -n] [-alpsvx] " + "source_file target_file", + " cp [-R [-H | -L | -P]] [-f | -i | -n] [-alpsvx] " + "source_file ... " + "target_directory"); exit(EX_USAGE); } diff --git a/bin/ls/tests/ls_tests.sh b/bin/ls/tests/ls_tests.sh index 39c8569..44878223 100755 --- a/bin/ls/tests/ls_tests.sh +++ b/bin/ls/tests/ls_tests.sh @@ -170,8 +170,6 @@ B_flag_head() B_flag_body() { - atf_skip "kyua report-jenkins doesn't properly escape non-printable chars: https://github.com/jmmv/kyua/issues/136" - atf_check -e empty -o empty -s exit:0 touch "$(printf "y\013z")" atf_check -e empty -o match:'y\\013z' -s exit:0 ls -B } @@ -467,8 +465,6 @@ b_flag_head() b_flag_body() { - atf_skip "kyua report-jenkins doesn't properly escape non-printable chars: https://github.com/jmmv/kyua/issues/136" - atf_check -e empty -o empty -s exit:0 touch "$(printf "y\013z")" atf_check -e empty -o match:'y\\vz' -s exit:0 ls -b } @@ -747,8 +743,6 @@ q_flag_and_w_flag_head() q_flag_and_w_flag_body() { - atf_skip "kyua report-jenkins doesn't properly escape non-printable chars: https://github.com/jmmv/kyua/issues/136" - create_test_dir test_file="$(printf "y\01z")" diff --git a/bin/sh/tests/Makefile b/bin/sh/tests/Makefile index c092962..d10156c 100644 --- a/bin/sh/tests/Makefile +++ b/bin/sh/tests/Makefile @@ -12,4 +12,6 @@ TESTS_SUBDIRS+= parameters TESTS_SUBDIRS+= parser TESTS_SUBDIRS+= set-e +SUBDIR_PARALLEL= + .include <bsd.test.mk> diff --git a/cddl/Makefile b/cddl/Makefile index 2a9b6f8..c134b63 100644 --- a/cddl/Makefile +++ b/cddl/Makefile @@ -2,10 +2,13 @@ .include <bsd.own.mk> -SUBDIR= lib sbin usr.bin usr.sbin +SUBDIR= lib .WAIT \ + sbin usr.bin usr.sbin .if ${MK_TESTS} != "no" SUBDIR+=tests .endif +SUBDIR_PARALLEL= + .include <bsd.subdir.mk> diff --git a/contrib/netbsd-tests/kernel/t_mqueue.c b/contrib/netbsd-tests/kernel/t_mqueue.c index 2a03101..aa98d91 100644 --- a/contrib/netbsd-tests/kernel/t_mqueue.c +++ b/contrib/netbsd-tests/kernel/t_mqueue.c @@ -6,6 +6,13 @@ * This file is in the Public Domain. */ +#ifdef __FreeBSD__ +#include <sys/stat.h> +#include <fcntl.h> + +#include "freebsd_test_suite/macros.h" +#endif + #include <atf-c.h> #include <stdio.h> @@ -111,16 +118,28 @@ ATF_TC_BODY(mqueue, tc) char template[32]; char mq_name[64]; +#ifdef __FreeBSD__ + ATF_REQUIRE_KERNEL_MODULE("mqueuefs"); +#endif + strlcpy(template, "./t_mqueue.XXXXXX", sizeof(template)); tmpdir = mkdtemp(template); ATF_REQUIRE_MSG(tmpdir != NULL, "mkdtemp failed: %d", errno); +#ifdef __FreeBSD__ + snprintf(mq_name, sizeof(mq_name), "/t_mqueue"); +#else snprintf(mq_name, sizeof(mq_name), "%s/mq", tmpdir); +#endif mqd_t mqfd; mqfd = mq_open(mq_name, O_RDWR | O_CREAT, S_IRUSR | S_IRWXG | S_IROTH, NULL); +#ifdef __FreeBSD__ + ATF_REQUIRE_MSG(mqfd != (mqd_t)-1, "mq_open failed: %d", errno); +#else ATF_REQUIRE_MSG(mqfd != -1, "mq_open failed: %d", errno); +#endif send_msgs(mqfd); receive_msgs(mqfd); diff --git a/contrib/netbsd-tests/lib/libc/c063/t_faccessat.c b/contrib/netbsd-tests/lib/libc/c063/t_faccessat.c index 5afdee9..99235ea 100644 --- a/contrib/netbsd-tests/lib/libc/c063/t_faccessat.c +++ b/contrib/netbsd-tests/lib/libc/c063/t_faccessat.c @@ -40,6 +40,9 @@ __RCSID("$NetBSD: t_faccessat.c,v 1.2 2013/03/17 04:46:06 jmmv Exp $"); #include <string.h> #include <unistd.h> #include <sys/param.h> +#ifdef __FreeBSD__ +#include <sys/stat.h> +#endif #define DIR "dir" #define FILE "dir/faccessat" diff --git a/contrib/netbsd-tests/lib/libc/c063/t_openat.c b/contrib/netbsd-tests/lib/libc/c063/t_openat.c index 79b5f38..5112efc 100644 --- a/contrib/netbsd-tests/lib/libc/c063/t_openat.c +++ b/contrib/netbsd-tests/lib/libc/c063/t_openat.c @@ -40,6 +40,9 @@ __RCSID("$NetBSD: t_openat.c,v 1.2 2013/03/17 04:46:06 jmmv Exp $"); #include <string.h> #include <unistd.h> #include <sys/param.h> +#ifdef __FreeBSD__ +#include <sys/stat.h> +#endif #define DIR "dir" #define FILE "dir/openat" diff --git a/contrib/netbsd-tests/lib/libc/c063/t_readlinkat.c b/contrib/netbsd-tests/lib/libc/c063/t_readlinkat.c index d354ff5..c9bc267 100644 --- a/contrib/netbsd-tests/lib/libc/c063/t_readlinkat.c +++ b/contrib/netbsd-tests/lib/libc/c063/t_readlinkat.c @@ -40,6 +40,9 @@ __RCSID("$NetBSD: t_readlinkat.c,v 1.3 2013/03/17 04:46:06 jmmv Exp $"); #include <string.h> #include <unistd.h> #include <sys/param.h> +#ifdef __FreeBSD__ +#include <sys/stat.h> +#endif #define DIR "dir" #define FILE "dir/readlinkat" diff --git a/contrib/netbsd-tests/lib/libc/c063/t_unlinkat.c b/contrib/netbsd-tests/lib/libc/c063/t_unlinkat.c index 79aa7aa..220c4b2 100644 --- a/contrib/netbsd-tests/lib/libc/c063/t_unlinkat.c +++ b/contrib/netbsd-tests/lib/libc/c063/t_unlinkat.c @@ -40,6 +40,9 @@ __RCSID("$NetBSD: t_unlinkat.c,v 1.2 2013/03/17 04:46:06 jmmv Exp $"); #include <string.h> #include <unistd.h> #include <sys/param.h> +#ifdef __FreeBSD__ +#include <sys/stat.h> +#endif #define DIR "dir" #define FILE "dir/unlinkat" diff --git a/contrib/netbsd-tests/lib/libcrypt/t_crypt.c b/contrib/netbsd-tests/lib/libcrypt/t_crypt.c index a5a4dcb..9b47692 100644 --- a/contrib/netbsd-tests/lib/libcrypt/t_crypt.c +++ b/contrib/netbsd-tests/lib/libcrypt/t_crypt.c @@ -124,11 +124,13 @@ ATF_TC_HEAD(crypt_salts, tc) ATF_TC_BODY(crypt_salts, tc) { for (size_t i = 0; tests[i].hash; i++) { + char *hash = crypt(tests[i].pw, tests[i].hash); #if defined(__FreeBSD__) - if (22 <= i) + if (i >= 22 && i != 24 && i != 25) atf_tc_expect_fail("Old-style/bad inputs fail on FreeBSD"); + else + atf_tc_expect_pass(); #endif - char *hash = crypt(tests[i].pw, tests[i].hash); if (!hash) { ATF_CHECK_MSG(0, "Test %zu NULL\n", i); continue; diff --git a/contrib/unbound/Makefile.in b/contrib/unbound/Makefile.in index 0c7e0c6..20829d8 100644 --- a/contrib/unbound/Makefile.in +++ b/contrib/unbound/Makefile.in @@ -25,6 +25,7 @@ DNSTAP_SRC=@DNSTAP_SRC@ DNSTAP_OBJ=@DNSTAP_OBJ@ WITH_PYTHONMODULE=@WITH_PYTHONMODULE@ WITH_PYUNBOUND=@WITH_PYUNBOUND@ +PY_MAJOR_VERSION=@PY_MAJOR_VERSION@ PYTHON_SITE_PKG=@PYTHON_SITE_PKG@ PYTHONMOD_INSTALL=@PYTHONMOD_INSTALL@ PYTHONMOD_UNINSTALL=@PYTHONMOD_UNINSTALL@ @@ -131,12 +132,12 @@ compat/memcmp.c compat/memmove.c compat/snprintf.c compat/strlcat.c \ compat/strlcpy.c compat/strptime.c compat/getentropy_linux.c \ compat/getentropy_osx.c compat/getentropy_solaris.c compat/getentropy_win.c \ compat/explicit_bzero.c compat/arc4random.c compat/arc4random_uniform.c \ -compat/arc4_lock.c compat/sha512.c +compat/arc4_lock.c compat/sha512.c compat/reallocarray.c COMPAT_OBJ=$(LIBOBJS:.o=.lo) COMPAT_OBJ_WITHOUT_CTIME=$(LIBOBJ_WITHOUT_CTIME:.o=.lo) COMPAT_OBJ_WITHOUT_CTIMEARC4=$(LIBOBJ_WITHOUT_CTIMEARC4:.o=.lo) -SLDNS_SRC=ldns/keyraw.c ldns/sbuffer.c ldns/wire2str.c ldns/parse.c \ -ldns/parseutil.c ldns/rrdef.c ldns/str2wire.c +SLDNS_SRC=sldns/keyraw.c sldns/sbuffer.c sldns/wire2str.c sldns/parse.c \ +sldns/parseutil.c sldns/rrdef.c sldns/str2wire.c SLDNS_OBJ=keyraw.lo sbuffer.lo wire2str.lo parse.lo parseutil.lo rrdef.lo \ str2wire.lo UNITTEST_SRC=testcode/unitanchor.c testcode/unitdname.c \ @@ -167,7 +168,7 @@ HOST_OBJ=unbound-host.lo HOST_OBJ_LINK=$(HOST_OBJ) $(SLDNS_OBJ) $(COMPAT_OBJ_WITHOUT_CTIMEARC4) @WIN_HOST_OBJ_LINK@ UBANCHOR_SRC=smallapp/unbound-anchor.c UBANCHOR_OBJ=unbound-anchor.lo -UBANCHOR_OBJ_LINK=$(UBANCHOR_OBJ) \ +UBANCHOR_OBJ_LINK=$(UBANCHOR_OBJ) parseutil.lo \ $(COMPAT_OBJ_WITHOUT_CTIME) @WIN_UBANCHOR_OBJ_LINK@ TESTBOUND_SRC=testcode/testbound.c testcode/testpkts.c \ daemon/worker.c daemon/acl_list.c daemon/daemon.c daemon/stats.c \ @@ -393,7 +394,7 @@ libunbound_wrap.lo libunbound_wrap.o: libunbound/python/libunbound_wrap.c \ unbound.h libunbound/python/libunbound_wrap.c: $(srcdir)/libunbound/python/libunbound.i unbound.h @-if test ! -d libunbound/python; then $(INSTALL) -d libunbound/python; fi - $(SWIG) -python -o $@ $(CPPFLAGS) $(srcdir)/libunbound/python/libunbound.i + $(SWIG) -python -o $@ $(CPPFLAGS) -DPY_MAJOR_VERSION=$(PY_MAJOR_VERSION) $(srcdir)/libunbound/python/libunbound.i # Pyunbound python unbound wrapper _unbound.la: libunbound_wrap.lo libunbound.la @@ -597,146 +598,151 @@ dns.lo dns.o: $(srcdir)/services/cache/dns.c config.h $(srcdir)/iterator/iter_de $(srcdir)/validator/val_nsec.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/locks.h $(srcdir)/services/cache/dns.h $(srcdir)/util/data/msgreply.h \ $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/data/dname.h \ - $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/ldns/sbuffer.h -infra.lo infra.o: $(srcdir)/services/cache/infra.c config.h $(srcdir)/ldns/rrdef.h \ + $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h +infra.lo infra.o: $(srcdir)/services/cache/infra.c config.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/str2wire.h \ $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/util/rtt.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lookup3.h \ - $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h $(srcdir)/iterator/iterator.h \ - $(srcdir)/services/outbound_list.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h + $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/storage/slabhash.h \ + $(srcdir)/util/storage/lookup3.h $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h \ + $(srcdir)/util/config_file.h $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/module.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h rrset.lo rrset.o: $(srcdir)/services/cache/rrset.c config.h $(srcdir)/services/cache/rrset.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/slabhash.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/config_file.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/config_file.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/regional.h $(srcdir)/util/alloc.h dname.lo dname.o: $(srcdir)/util/data/dname.c config.h $(srcdir)/util/data/dname.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/storage/lookup3.h $(srcdir)/ldns/sbuffer.h + $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/storage/lookup3.h $(srcdir)/sldns/sbuffer.h msgencode.lo msgencode.o: $(srcdir)/util/data/msgencode.c config.h $(srcdir)/util/data/msgencode.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h \ - $(srcdir)/util/data/dname.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/ldns/sbuffer.h + $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/dname.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \ + $(srcdir)/sldns/sbuffer.h msgparse.lo msgparse.o: $(srcdir)/util/data/msgparse.c config.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/ldns/pkthdr.h \ - $(srcdir)/ldns/rrdef.h $(srcdir)/util/data/dname.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/storage/lookup3.h $(srcdir)/util/regional.h $(srcdir)/ldns/sbuffer.h $(srcdir)/ldns/parseutil.h \ - $(srcdir)/ldns/wire2str.h + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/dname.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/util/storage/lookup3.h $(srcdir)/util/regional.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/parseutil.h \ + $(srcdir)/sldns/wire2str.h msgreply.lo msgreply.o: $(srcdir)/util/data/msgreply.c config.h $(srcdir)/util/data/msgreply.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h \ $(srcdir)/util/storage/lookup3.h $(srcdir)/util/alloc.h $(srcdir)/util/netevent.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/data/dname.h $(srcdir)/util/regional.h $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h \ - $(srcdir)/ldns/rrdef.h $(srcdir)/util/data/msgencode.h $(srcdir)/ldns/sbuffer.h $(srcdir)/ldns/wire2str.h + $(srcdir)/util/data/dname.h $(srcdir)/util/regional.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgencode.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h packed_rrset.lo packed_rrset.o: $(srcdir)/util/data/packed_rrset.c config.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/alloc.h $(srcdir)/util/regional.h \ - $(srcdir)/util/net_help.h $(srcdir)/ldns/rrdef.h $(srcdir)/ldns/sbuffer.h $(srcdir)/ldns/wire2str.h + $(srcdir)/util/net_help.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h iterator.lo iterator.o: $(srcdir)/iterator/iterator.c config.h $(srcdir)/iterator/iterator.h \ $(srcdir)/services/outbound_list.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/module.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/iterator/iter_utils.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/iterator/iter_utils.h \ $(srcdir)/iterator/iter_resptype.h $(srcdir)/iterator/iter_hints.h $(srcdir)/util/storage/dnstree.h \ $(srcdir)/util/rbtree.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_donotq.h \ $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_scrub.h $(srcdir)/iterator/iter_priv.h \ $(srcdir)/validator/val_neg.h $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/infra.h \ $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h \ $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \ - $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/util/config_file.h $(srcdir)/ldns/wire2str.h \ - $(srcdir)/ldns/parseutil.h $(srcdir)/ldns/sbuffer.h + $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/util/config_file.h $(srcdir)/util/random.h \ + $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/sbuffer.h iter_delegpt.lo iter_delegpt.o: $(srcdir)/iterator/iter_delegpt.c config.h $(srcdir)/iterator/iter_delegpt.h \ $(srcdir)/util/log.h $(srcdir)/services/cache/dns.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/regional.h \ - $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/ldns/rrdef.h $(srcdir)/ldns/sbuffer.h + $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h iter_donotq.lo iter_donotq.o: $(srcdir)/iterator/iter_donotq.c config.h $(srcdir)/iterator/iter_donotq.h \ $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/regional.h $(srcdir)/util/log.h \ $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h iter_fwd.lo iter_fwd.o: $(srcdir)/iterator/iter_fwd.c config.h $(srcdir)/iterator/iter_fwd.h \ $(srcdir)/util/rbtree.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/util/log.h $(srcdir)/util/config_file.h \ $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ - $(srcdir)/ldns/rrdef.h $(srcdir)/ldns/str2wire.h + $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/str2wire.h iter_hints.lo iter_hints.o: $(srcdir)/iterator/iter_hints.c config.h $(srcdir)/iterator/iter_hints.h \ $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/util/log.h \ $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/ldns/rrdef.h $(srcdir)/ldns/str2wire.h \ - $(srcdir)/ldns/wire2str.h + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/str2wire.h \ + $(srcdir)/sldns/wire2str.h iter_priv.lo iter_priv.o: $(srcdir)/iterator/iter_priv.c config.h $(srcdir)/iterator/iter_priv.h \ $(srcdir)/util/rbtree.h $(srcdir)/util/regional.h $(srcdir)/util/log.h $(srcdir)/util/config_file.h \ $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/ldns/str2wire.h $(srcdir)/ldns/sbuffer.h + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/net_help.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/sbuffer.h iter_resptype.lo iter_resptype.o: $(srcdir)/iterator/iter_resptype.c config.h \ $(srcdir)/iterator/iter_resptype.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/util/log.h \ $(srcdir)/services/cache/dns.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/data/dname.h $(srcdir)/ldns/rrdef.h $(srcdir)/ldns/pkthdr.h + $(srcdir)/util/data/dname.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h iter_scrub.lo iter_scrub.o: $(srcdir)/iterator/iter_scrub.c config.h $(srcdir)/iterator/iter_scrub.h \ $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/util/data/msgreply.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h \ + $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ $(srcdir)/iterator/iter_priv.h $(srcdir)/util/rbtree.h $(srcdir)/services/cache/rrset.h \ $(srcdir)/util/storage/slabhash.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h $(srcdir)/util/alloc.h $(srcdir)/ldns/sbuffer.h + $(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h $(srcdir)/util/alloc.h $(srcdir)/sldns/sbuffer.h iter_utils.lo iter_utils.o: $(srcdir)/iterator/iter_utils.c config.h $(srcdir)/iterator/iter_utils.h \ $(srcdir)/iterator/iter_resptype.h $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/iterator/iter_hints.h $(srcdir)/util/storage/dnstree.h \ - $(srcdir)/util/rbtree.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_donotq.h \ - $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_priv.h $(srcdir)/services/cache/infra.h \ - $(srcdir)/util/rtt.h $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/rrset.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h \ - $(srcdir)/util/regional.h $(srcdir)/util/data/dname.h $(srcdir)/util/random.h $(srcdir)/util/fptr_wlist.h \ - $(srcdir)/util/netevent.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h \ - $(srcdir)/validator/val_anchor.h $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_kentry.h \ - $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_sigcrypt.h $(srcdir)/ldns/sbuffer.h + $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/iterator/iter_hints.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/iterator/iter_fwd.h \ + $(srcdir)/iterator/iter_donotq.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_priv.h \ + $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/services/cache/dns.h \ + $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/net_help.h \ + $(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/data/dname.h $(srcdir)/util/random.h \ + $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \ + $(srcdir)/services/modstack.h $(srcdir)/validator/val_anchor.h $(srcdir)/validator/val_kcache.h \ + $(srcdir)/validator/val_kentry.h $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_sigcrypt.h \ + $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h listen_dnsport.lo listen_dnsport.o: $(srcdir)/services/listen_dnsport.c config.h \ $(srcdir)/services/listen_dnsport.h $(srcdir)/util/netevent.h $(srcdir)/services/outside_network.h \ $(srcdir)/util/rbtree.h $(srcdir)/util/log.h $(srcdir)/util/config_file.h \ - $(srcdir)/util/net_help.h $(srcdir)/ldns/sbuffer.h + $(srcdir)/util/net_help.h $(srcdir)/sldns/sbuffer.h localzone.lo localzone.o: $(srcdir)/services/localzone.c config.h $(srcdir)/services/localzone.h \ - $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/ldns/str2wire.h $(srcdir)/ldns/rrdef.h \ - $(srcdir)/ldns/sbuffer.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h \ + $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/sldns/sbuffer.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgencode.h \ $(srcdir)/util/net_help.h $(srcdir)/util/netevent.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h mesh.lo mesh.o: $(srcdir)/services/mesh.c config.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ $(srcdir)/util/netevent.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ - $(srcdir)/util/log.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/modstack.h $(srcdir)/services/outbound_list.h \ - $(srcdir)/services/cache/dns.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h \ - $(srcdir)/util/data/msgencode.h $(srcdir)/util/timehist.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \ - $(srcdir)/util/alloc.h $(srcdir)/util/config_file.h $(srcdir)/ldns/sbuffer.h + $(srcdir)/util/log.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/modstack.h \ + $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/dns.h $(srcdir)/util/net_help.h \ + $(srcdir)/util/regional.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/timehist.h $(srcdir)/util/fptr_wlist.h \ + $(srcdir)/util/tube.h $(srcdir)/util/alloc.h $(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h modstack.lo modstack.o: $(srcdir)/services/modstack.c config.h $(srcdir)/services/modstack.h \ $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/util/tube.h \ - $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/dns64/dns64.h $(srcdir)/iterator/iterator.h \ - $(srcdir)/services/outbound_list.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h + $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h \ + $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/dns64/dns64.h \ + $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/validator/validator.h \ + $(srcdir)/validator/val_utils.h outbound_list.lo outbound_list.o: $(srcdir)/services/outbound_list.c config.h \ $(srcdir)/services/outbound_list.h $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h \ $(srcdir)/util/netevent.h outside_network.lo outside_network.o: $(srcdir)/services/outside_network.c config.h \ $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h $(srcdir)/util/netevent.h \ $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/infra.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/rtt.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h \ - $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/ldns/sbuffer.h \ - $(srcdir)/dnstap/dnstap.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/dnstree.h \ + $(srcdir)/util/rtt.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgencode.h \ + $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/fptr_wlist.h \ + $(srcdir)/util/module.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h \ + $(srcdir)/sldns/sbuffer.h $(srcdir)/dnstap/dnstap.h \ alloc.lo alloc.o: $(srcdir)/util/alloc.c config.h $(srcdir)/util/alloc.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/util/regional.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/tube.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h config_file.lo config_file.o: $(srcdir)/util/config_file.c config.h $(srcdir)/util/log.h \ $(srcdir)/util/configyyrename.h $(srcdir)/util/config_file.h util/configparser.h \ $(srcdir)/util/net_help.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ - $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/regional.h $(srcdir)/util/fptr_wlist.h \ $(srcdir)/util/netevent.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ - $(srcdir)/services/modstack.h $(srcdir)/util/data/dname.h $(srcdir)/util/rtt.h $(srcdir)/ldns/wire2str.h \ - $(srcdir)/ldns/parseutil.h $(srcdir)/util/iana_ports.inc + $(srcdir)/services/modstack.h $(srcdir)/util/data/dname.h $(srcdir)/util/rtt.h $(srcdir)/services/cache/infra.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/parseutil.h \ + $(srcdir)/util/iana_ports.inc configlexer.lo configlexer.o: util/configlexer.c config.h $(srcdir)/util/configyyrename.h \ $(srcdir)/util/config_file.h util/configparser.h configparser.lo configparser.o: util/configparser.c config.h $(srcdir)/util/configyyrename.h \ @@ -744,46 +750,45 @@ configparser.lo configparser.o: util/configparser.c config.h $(srcdir)/util/conf fptr_wlist.lo fptr_wlist.o: $(srcdir)/util/fptr_wlist.c config.h $(srcdir)/util/fptr_wlist.h \ $(srcdir)/util/netevent.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/tube.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/util/mini_event.h \ $(srcdir)/util/rbtree.h $(srcdir)/services/outside_network.h \ - $(srcdir)/services/localzone.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \ - $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/dns64/dns64.h \ + $(srcdir)/services/localzone.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ + $(srcdir)/util/rtt.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/dns64/dns64.h \ $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_fwd.h \ $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_anchor.h \ $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_sigcrypt.h $(srcdir)/validator/val_kentry.h \ - $(srcdir)/validator/val_neg.h $(srcdir)/validator/autotrust.h $(srcdir)/util/storage/dnstree.h \ - $(srcdir)/libunbound/libworker.h $(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h \ - $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/worker.h $(srcdir)/ldns/sbuffer.h \ - $(srcdir)/util/config_file.h + $(srcdir)/validator/val_neg.h $(srcdir)/validator/autotrust.h $(srcdir)/libunbound/libworker.h \ + $(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h $(srcdir)/libunbound/unbound.h \ + $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h locks.lo locks.o: $(srcdir)/util/locks.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h -log.lo log.o: $(srcdir)/util/log.c config.h $(srcdir)/util/log.h $(srcdir)/util/locks.h $(srcdir)/ldns/sbuffer.h +log.lo log.o: $(srcdir)/util/log.c config.h $(srcdir)/util/log.h $(srcdir)/util/locks.h $(srcdir)/sldns/sbuffer.h mini_event.lo mini_event.o: $(srcdir)/util/mini_event.c config.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h \ $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ $(srcdir)/util/log.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/tube.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h module.lo module.o: $(srcdir)/util/module.c config.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h netevent.lo netevent.o: $(srcdir)/util/netevent.c config.h $(srcdir)/util/netevent.h $(srcdir)/util/log.h \ $(srcdir)/util/net_help.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/tube.h \ - $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/ldns/sbuffer.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ + $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/dnstap/dnstap.h \ $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h net_help.lo net_help.o: $(srcdir)/util/net_help.c config.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \ $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/module.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/regional.h $(srcdir)/ldns/parseutil.h \ - $(srcdir)/ldns/wire2str.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/regional.h $(srcdir)/sldns/parseutil.h \ + $(srcdir)/sldns/wire2str.h \ random.lo random.o: $(srcdir)/util/random.c config.h $(srcdir)/util/random.h $(srcdir)/util/log.h rbtree.lo rbtree.o: $(srcdir)/util/rbtree.c config.h $(srcdir)/util/log.h $(srcdir)/util/fptr_wlist.h \ $(srcdir)/util/netevent.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/tube.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h regional.lo regional.o: $(srcdir)/util/regional.c config.h $(srcdir)/util/log.h $(srcdir)/util/regional.h rtt.lo rtt.o: $(srcdir)/util/rtt.c config.h $(srcdir)/util/rtt.h @@ -794,7 +799,7 @@ lookup3.lo lookup3.o: $(srcdir)/util/storage/lookup3.c config.h $(srcdir)/util/s lruhash.lo lruhash.o: $(srcdir)/util/storage/lruhash.c config.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/util/module.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ $(srcdir)/services/modstack.h slabhash.lo slabhash.o: $(srcdir)/util/storage/slabhash.c config.h $(srcdir)/util/storage/slabhash.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h @@ -802,43 +807,44 @@ timehist.lo timehist.o: $(srcdir)/util/timehist.c config.h $(srcdir)/util/timehi tube.lo tube.o: $(srcdir)/util/tube.c config.h $(srcdir)/util/tube.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \ $(srcdir)/util/netevent.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/services/mesh.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/services/mesh.h \ $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h winsock_event.lo winsock_event.o: $(srcdir)/util/winsock_event.c config.h autotrust.lo autotrust.o: $(srcdir)/validator/autotrust.c config.h $(srcdir)/validator/autotrust.h \ $(srcdir)/util/rbtree.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_anchor.h $(srcdir)/validator/val_utils.h \ $(srcdir)/validator/val_sigcrypt.h $(srcdir)/util/data/dname.h $(srcdir)/util/module.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/random.h \ $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h $(srcdir)/services/modstack.h \ $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/validator/val_kcache.h \ - $(srcdir)/ldns/sbuffer.h $(srcdir)/ldns/wire2str.h $(srcdir)/ldns/str2wire.h $(srcdir)/ldns/keyraw.h \ + $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/keyraw.h \ val_anchor.lo val_anchor.o: $(srcdir)/validator/val_anchor.c config.h $(srcdir)/validator/val_anchor.h \ $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_sigcrypt.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/validator/autotrust.h \ - $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h $(srcdir)/ldns/sbuffer.h \ - $(srcdir)/ldns/rrdef.h $(srcdir)/ldns/str2wire.h + $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/str2wire.h validator.lo validator.o: $(srcdir)/validator/validator.c config.h $(srcdir)/validator/validator.h \ $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_anchor.h \ - $(srcdir)/util/rbtree.h $(srcdir)/validator/val_kcache.h $(srcdir)/util/storage/slabhash.h \ - $(srcdir)/validator/val_kentry.h $(srcdir)/validator/val_nsec.h $(srcdir)/validator/val_nsec3.h \ - $(srcdir)/validator/val_neg.h $(srcdir)/validator/val_sigcrypt.h $(srcdir)/validator/autotrust.h \ - $(srcdir)/services/cache/dns.h $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/util/tube.h \ - $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/ldns/wire2str.h + $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/validator/val_utils.h \ + $(srcdir)/validator/val_anchor.h $(srcdir)/util/rbtree.h $(srcdir)/validator/val_kcache.h \ + $(srcdir)/util/storage/slabhash.h $(srcdir)/validator/val_kentry.h $(srcdir)/validator/val_nsec.h \ + $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_neg.h $(srcdir)/validator/val_sigcrypt.h \ + $(srcdir)/validator/autotrust.h $(srcdir)/services/cache/dns.h $(srcdir)/util/data/dname.h \ + $(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/fptr_wlist.h \ + $(srcdir)/util/netevent.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h \ + $(srcdir)/sldns/wire2str.h val_kcache.lo val_kcache.o: $(srcdir)/validator/val_kcache.c config.h $(srcdir)/validator/val_kcache.h \ $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/validator/val_kentry.h $(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h \ $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h val_kentry.lo val_kentry.o: $(srcdir)/validator/val_kentry.c config.h $(srcdir)/validator/val_kentry.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h \ $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \ - $(srcdir)/ldns/rrdef.h $(srcdir)/ldns/keyraw.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \ val_neg.lo val_neg.o: $(srcdir)/validator/val_neg.c config.h \ $(srcdir)/validator/val_neg.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/rbtree.h \ @@ -846,78 +852,78 @@ val_neg.lo val_neg.o: $(srcdir)/validator/val_neg.c config.h \ $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_utils.h $(srcdir)/util/data/dname.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h \ $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/dns.h \ - $(srcdir)/ldns/rrdef.h $(srcdir)/ldns/sbuffer.h + $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h val_nsec3.lo val_nsec3.o: $(srcdir)/validator/val_nsec3.c config.h \ $(srcdir)/validator/val_nsec3.h $(srcdir)/util/rbtree.h $(srcdir)/util/data/packed_rrset.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/validator.h \ - $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h \ - $(srcdir)/ldns/rrdef.h $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_kentry.h \ + $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_kentry.h \ $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/regional.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h $(srcdir)/validator/val_nsec.h $(srcdir)/ldns/sbuffer.h + $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h $(srcdir)/validator/val_nsec.h $(srcdir)/sldns/sbuffer.h val_nsec.lo val_nsec.o: $(srcdir)/validator/val_nsec.c config.h $(srcdir)/validator/val_nsec.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/validator/val_utils.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/dname.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h \ - $(srcdir)/ldns/rrdef.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h + $(srcdir)/util/net_help.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h val_secalgo.lo val_secalgo.o: $(srcdir)/validator/val_secalgo.c config.h $(srcdir)/util/data/packed_rrset.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_secalgo.h \ - $(srcdir)/ldns/rrdef.h $(srcdir)/ldns/keyraw.h \ - $(srcdir)/ldns/sbuffer.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \ + $(srcdir)/sldns/sbuffer.h \ val_sigcrypt.lo val_sigcrypt.o: $(srcdir)/validator/val_sigcrypt.c config.h \ $(srcdir)/validator/val_sigcrypt.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_secalgo.h $(srcdir)/validator/validator.h \ - $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h \ - $(srcdir)/ldns/rrdef.h $(srcdir)/validator/val_utils.h $(srcdir)/util/data/dname.h $(srcdir)/util/rbtree.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/ldns/keyraw.h \ - $(srcdir)/ldns/sbuffer.h $(srcdir)/ldns/parseutil.h $(srcdir)/ldns/wire2str.h \ + $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/validator/val_utils.h $(srcdir)/util/data/dname.h $(srcdir)/util/rbtree.h \ + $(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/sldns/keyraw.h \ + $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h \ val_utils.lo val_utils.o: $(srcdir)/validator/val_utils.c config.h $(srcdir)/validator/val_utils.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/validator/validator.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/validator/val_kentry.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/validator/val_kentry.h \ $(srcdir)/validator/val_sigcrypt.h $(srcdir)/validator/val_anchor.h $(srcdir)/util/rbtree.h \ $(srcdir)/validator/val_nsec.h $(srcdir)/validator/val_neg.h $(srcdir)/services/cache/rrset.h \ $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/dns.h $(srcdir)/util/data/dname.h \ $(srcdir)/util/net_help.h $(srcdir)/util/regional.h dns64.lo dns64.o: $(srcdir)/dns64/dns64.c config.h $(srcdir)/dns64/dns64.h $(srcdir)/util/module.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h \ - $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/util/tube.h \ - $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/regional.h + $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/rrset.h \ + $(srcdir)/util/storage/slabhash.h $(srcdir)/util/config_file.h $(srcdir)/util/fptr_wlist.h \ + $(srcdir)/util/netevent.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ + $(srcdir)/services/modstack.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h checklocks.lo checklocks.o: $(srcdir)/testcode/checklocks.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/testcode/checklocks.h -dnstap.lo dnstap.o: $(srcdir)/dnstap/dnstap.c config.h $(srcdir)/ldns/sbuffer.h \ +dnstap.lo dnstap.o: $(srcdir)/dnstap/dnstap.c config.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/util/netevent.h \ $(srcdir)/dnstap/dnstap.h \ $(srcdir)/dnstap/dnstap.pb-c.h dnstap.pb-c.lo dnstap.pb-c.o: $(srcdir)/dnstap/dnstap.pb-c.c $(srcdir)/dnstap/dnstap.pb-c.h unitanchor.lo unitanchor.o: $(srcdir)/testcode/unitanchor.c config.h $(srcdir)/util/log.h $(srcdir)/util/data/dname.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/testcode/unitmain.h \ - $(srcdir)/validator/val_anchor.h $(srcdir)/util/rbtree.h $(srcdir)/ldns/sbuffer.h $(srcdir)/ldns/rrdef.h + $(srcdir)/validator/val_anchor.h $(srcdir)/util/rbtree.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/rrdef.h unitdname.lo unitdname.o: $(srcdir)/testcode/unitdname.c config.h $(srcdir)/util/log.h $(srcdir)/testcode/unitmain.h \ - $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/ldns/sbuffer.h \ - $(srcdir)/ldns/str2wire.h $(srcdir)/ldns/rrdef.h + $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/sldns/sbuffer.h \ + $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h unitlruhash.lo unitlruhash.o: $(srcdir)/testcode/unitlruhash.c config.h $(srcdir)/testcode/unitmain.h \ $(srcdir)/util/log.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/storage/slabhash.h unitmain.lo unitmain.o: $(srcdir)/testcode/unitmain.c config.h \ - $(srcdir)/ldns/rrdef.h $(srcdir)/ldns/keyraw.h \ - $(srcdir)/util/log.h \ - $(srcdir)/testcode/unitmain.h $(srcdir)/util/alloc.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \ + $(srcdir)/util/log.h $(srcdir)/testcode/unitmain.h $(srcdir)/util/alloc.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h \ $(srcdir)/util/config_file.h $(srcdir)/util/rtt.h $(srcdir)/services/cache/infra.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/random.h + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \ + $(srcdir)/util/random.h unitmsgparse.lo unitmsgparse.o: $(srcdir)/testcode/unitmsgparse.c config.h $(srcdir)/util/log.h \ $(srcdir)/testcode/unitmain.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/locks.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/locks.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h \ $(srcdir)/util/alloc.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/testcode/readhex.h \ - $(srcdir)/testcode/testpkts.h $(srcdir)/ldns/sbuffer.h $(srcdir)/ldns/str2wire.h $(srcdir)/ldns/wire2str.h + $(srcdir)/testcode/testpkts.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h unitneg.lo unitneg.o: $(srcdir)/testcode/unitneg.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ $(srcdir)/util/data/dname.h $(srcdir)/testcode/unitmain.h $(srcdir)/validator/val_neg.h $(srcdir)/util/rbtree.h \ - $(srcdir)/ldns/rrdef.h + $(srcdir)/sldns/rrdef.h unitregional.lo unitregional.o: $(srcdir)/testcode/unitregional.c config.h $(srcdir)/testcode/unitmain.h \ $(srcdir)/util/log.h $(srcdir)/util/regional.h unitslabhash.lo unitslabhash.o: $(srcdir)/testcode/unitslabhash.c config.h $(srcdir)/testcode/unitmain.h \ @@ -927,88 +933,89 @@ unitverify.lo unitverify.o: $(srcdir)/testcode/unitverify.c config.h $(srcdir)/u $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/validator/val_secalgo.h \ $(srcdir)/validator/val_nsec.h $(srcdir)/validator/val_nsec3.h $(srcdir)/util/rbtree.h \ $(srcdir)/validator/validator.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/validator/val_utils.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/validator/val_utils.h \ $(srcdir)/testcode/testpkts.h $(srcdir)/util/data/dname.h $(srcdir)/util/regional.h $(srcdir)/util/alloc.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h $(srcdir)/ldns/sbuffer.h $(srcdir)/ldns/keyraw.h \ - $(srcdir)/ldns/str2wire.h $(srcdir)/ldns/wire2str.h + $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/keyraw.h \ + $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h readhex.lo readhex.o: $(srcdir)/testcode/readhex.c config.h $(srcdir)/testcode/readhex.h $(srcdir)/util/log.h \ - $(srcdir)/ldns/sbuffer.h $(srcdir)/ldns/parseutil.h + $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/parseutil.h testpkts.lo testpkts.o: $(srcdir)/testcode/testpkts.c config.h $(srcdir)/testcode/testpkts.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/ldns/sbuffer.h $(srcdir)/ldns/rrdef.h $(srcdir)/ldns/pkthdr.h \ - $(srcdir)/ldns/str2wire.h $(srcdir)/ldns/wire2str.h + $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h unitldns.lo unitldns.o: $(srcdir)/testcode/unitldns.c config.h $(srcdir)/util/log.h $(srcdir)/testcode/unitmain.h \ - $(srcdir)/ldns/sbuffer.h $(srcdir)/ldns/str2wire.h $(srcdir)/ldns/rrdef.h $(srcdir)/ldns/wire2str.h + $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h acl_list.lo acl_list.o: $(srcdir)/daemon/acl_list.c config.h $(srcdir)/daemon/acl_list.h \ $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/regional.h $(srcdir)/util/log.h \ $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h cachedump.lo cachedump.o: $(srcdir)/daemon/cachedump.c config.h \ $(srcdir)/daemon/cachedump.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \ - $(srcdir)/ldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ + $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/netevent.h $(srcdir)/util/alloc.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ - $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/util/regional.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h $(srcdir)/iterator/iterator.h \ - $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_utils.h \ - $(srcdir)/iterator/iter_resptype.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/util/rbtree.h \ - $(srcdir)/iterator/iter_hints.h $(srcdir)/util/storage/dnstree.h $(srcdir)/ldns/wire2str.h \ - $(srcdir)/ldns/str2wire.h + $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ + $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \ + $(srcdir)/util/data/dname.h $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h \ + $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_utils.h $(srcdir)/iterator/iter_resptype.h \ + $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/sldns/wire2str.h \ + $(srcdir)/sldns/str2wire.h daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h \ $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \ - $(srcdir)/ldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/netevent.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h \ - $(srcdir)/ldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h \ + $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ + $(srcdir)/util/netevent.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h \ $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h \ $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \ $(srcdir)/util/config_file.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/storage/slabhash.h \ $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h \ $(srcdir)/util/rtt.h $(srcdir)/services/localzone.h $(srcdir)/util/random.h $(srcdir)/util/tube.h \ - $(srcdir)/util/net_help.h $(srcdir)/ldns/keyraw.h + $(srcdir)/util/net_help.h $(srcdir)/sldns/keyraw.h remote.lo remote.o: $(srcdir)/daemon/remote.c config.h \ $(srcdir)/daemon/remote.h \ - $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/ldns/sbuffer.h \ + $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/util/netevent.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h \ - $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ + $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \ $(srcdir)/services/modstack.h $(srcdir)/daemon/cachedump.h $(srcdir)/util/config_file.h \ $(srcdir)/util/net_help.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \ - $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/localzone.h $(srcdir)/util/fptr_wlist.h \ - $(srcdir)/util/tube.h $(srcdir)/util/data/dname.h $(srcdir)/validator/validator.h \ + $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ + $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/services/mesh.h $(srcdir)/services/localzone.h \ + $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/data/dname.h $(srcdir)/validator/validator.h \ $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_kentry.h \ $(srcdir)/validator/val_anchor.h $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h \ - $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/util/storage/dnstree.h \ - $(srcdir)/iterator/iter_delegpt.h $(srcdir)/services/outside_network.h $(srcdir)/ldns/str2wire.h \ - $(srcdir)/ldns/parseutil.h $(srcdir)/ldns/wire2str.h + $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/iterator/iter_delegpt.h \ + $(srcdir)/services/outside_network.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/parseutil.h \ + $(srcdir)/sldns/wire2str.h stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ - $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/ldns/sbuffer.h \ + $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/util/netevent.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ $(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h \ $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/outside_network.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/validator/validator.h \ - $(srcdir)/validator/val_utils.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ - $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/validator/val_kcache.h + $(srcdir)/services/listen_dnsport.h $(srcdir)/util/config_file.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h \ + $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/services/cache/rrset.h \ + $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ + $(srcdir)/util/rtt.h $(srcdir)/validator/val_kcache.h unbound.lo unbound.o: $(srcdir)/daemon/unbound.c config.h $(srcdir)/util/log.h $(srcdir)/daemon/daemon.h \ $(srcdir)/util/locks.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ $(srcdir)/daemon/remote.h \ $(srcdir)/util/config_file.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/services/listen_dnsport.h $(srcdir)/util/netevent.h $(srcdir)/services/cache/rrset.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \ - $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/tube.h \ - $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/util/net_help.h $(srcdir)/util/mini_event.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ + $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/net_help.h $(srcdir)/util/mini_event.h \ $(srcdir)/util/rbtree.h worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/random.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/ldns/sbuffer.h \ + $(srcdir)/util/random.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ $(srcdir)/util/netevent.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h \ - $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ + $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \ $(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h \ $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \ $(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h \ @@ -1022,23 +1029,23 @@ worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(sr testbound.lo testbound.o: $(srcdir)/testcode/testbound.c config.h $(srcdir)/testcode/testpkts.h \ $(srcdir)/testcode/replay.h $(srcdir)/util/netevent.h $(srcdir)/util/rbtree.h $(srcdir)/testcode/fake_event.h \ $(srcdir)/daemon/remote.h \ - $(srcdir)/util/config_file.h $(srcdir)/ldns/keyraw.h $(srcdir)/daemon/unbound.c $(srcdir)/util/log.h \ + $(srcdir)/util/config_file.h $(srcdir)/sldns/keyraw.h $(srcdir)/daemon/unbound.c $(srcdir)/util/log.h \ $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \ - $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/tube.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ + $(srcdir)/util/rtt.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ $(srcdir)/services/mesh.h $(srcdir)/util/net_help.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h testpkts.lo testpkts.o: $(srcdir)/testcode/testpkts.c config.h $(srcdir)/testcode/testpkts.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/ldns/sbuffer.h $(srcdir)/ldns/rrdef.h $(srcdir)/ldns/pkthdr.h \ - $(srcdir)/ldns/str2wire.h $(srcdir)/ldns/wire2str.h + $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/random.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/ldns/sbuffer.h \ + $(srcdir)/util/random.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ $(srcdir)/util/netevent.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h \ - $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ + $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \ $(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h \ $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \ $(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h \ @@ -1055,134 +1062,135 @@ acl_list.lo acl_list.o: $(srcdir)/daemon/acl_list.c config.h $(srcdir)/daemon/ac daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h \ $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \ - $(srcdir)/ldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/netevent.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h \ - $(srcdir)/ldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h \ + $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ + $(srcdir)/util/netevent.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h \ $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h \ $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \ $(srcdir)/util/config_file.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/storage/slabhash.h \ $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h \ $(srcdir)/util/rtt.h $(srcdir)/services/localzone.h $(srcdir)/util/random.h $(srcdir)/util/tube.h \ - $(srcdir)/util/net_help.h $(srcdir)/ldns/keyraw.h + $(srcdir)/util/net_help.h $(srcdir)/sldns/keyraw.h stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ - $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/ldns/sbuffer.h \ + $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/util/netevent.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ $(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h \ $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/outside_network.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/validator/validator.h \ - $(srcdir)/validator/val_utils.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ - $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/validator/val_kcache.h + $(srcdir)/services/listen_dnsport.h $(srcdir)/util/config_file.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h \ + $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/services/cache/rrset.h \ + $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ + $(srcdir)/util/rtt.h $(srcdir)/validator/val_kcache.h replay.lo replay.o: $(srcdir)/testcode/replay.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \ $(srcdir)/util/config_file.h $(srcdir)/testcode/replay.h $(srcdir)/util/netevent.h $(srcdir)/testcode/testpkts.h \ - $(srcdir)/util/rbtree.h $(srcdir)/testcode/fake_event.h $(srcdir)/ldns/str2wire.h $(srcdir)/ldns/rrdef.h + $(srcdir)/util/rbtree.h $(srcdir)/testcode/fake_event.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h fake_event.lo fake_event.o: $(srcdir)/testcode/fake_event.c config.h $(srcdir)/testcode/fake_event.h \ $(srcdir)/util/netevent.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgencode.h \ $(srcdir)/util/data/dname.h $(srcdir)/util/config_file.h $(srcdir)/services/listen_dnsport.h \ $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h \ - $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/testcode/replay.h $(srcdir)/testcode/testpkts.h \ - $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \ - $(srcdir)/services/modstack.h $(srcdir)/ldns/sbuffer.h $(srcdir)/ldns/wire2str.h $(srcdir)/ldns/str2wire.h + $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rtt.h \ + $(srcdir)/testcode/replay.h $(srcdir)/testcode/testpkts.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h \ + $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/sldns/sbuffer.h \ + $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h lock_verify.lo lock_verify.o: $(srcdir)/testcode/lock_verify.c config.h $(srcdir)/util/log.h $(srcdir)/util/rbtree.h \ $(srcdir)/util/locks.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/tube.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h pktview.lo pktview.o: $(srcdir)/testcode/pktview.c config.h $(srcdir)/util/log.h $(srcdir)/util/data/dname.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h \ - $(srcdir)/ldns/rrdef.h $(srcdir)/testcode/unitmain.h $(srcdir)/testcode/readhex.h $(srcdir)/ldns/sbuffer.h \ - $(srcdir)/ldns/parseutil.h + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/testcode/unitmain.h $(srcdir)/testcode/readhex.h $(srcdir)/sldns/sbuffer.h \ + $(srcdir)/sldns/parseutil.h readhex.lo readhex.o: $(srcdir)/testcode/readhex.c config.h $(srcdir)/testcode/readhex.h $(srcdir)/util/log.h \ - $(srcdir)/ldns/sbuffer.h $(srcdir)/ldns/parseutil.h + $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/parseutil.h memstats.lo memstats.o: $(srcdir)/testcode/memstats.c config.h $(srcdir)/util/log.h $(srcdir)/util/rbtree.h \ $(srcdir)/util/locks.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/tube.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h unbound-checkconf.lo unbound-checkconf.o: $(srcdir)/smallapp/unbound-checkconf.c config.h $(srcdir)/util/log.h \ $(srcdir)/util/config_file.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h \ $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_fwd.h \ $(srcdir)/util/rbtree.h $(srcdir)/iterator/iter_hints.h $(srcdir)/util/storage/dnstree.h \ $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/services/localzone.h \ - $(srcdir)/ldns/sbuffer.h + $(srcdir)/sldns/sbuffer.h worker_cb.lo worker_cb.o: $(srcdir)/smallapp/worker_cb.c config.h $(srcdir)/libunbound/context.h \ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \ $(srcdir)/libunbound/unbound.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/libunbound/worker.h $(srcdir)/ldns/sbuffer.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h \ - $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h \ - $(srcdir)/ldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h + $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h \ + $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h context.lo context.o: $(srcdir)/libunbound/context.c config.h $(srcdir)/libunbound/context.h \ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \ $(srcdir)/libunbound/unbound.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h \ - $(srcdir)/ldns/rrdef.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/services/localzone.h \ + $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/services/localzone.h \ $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h \ - $(srcdir)/util/rtt.h $(srcdir)/ldns/sbuffer.h + $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rtt.h $(srcdir)/sldns/sbuffer.h libunbound.lo libunbound.o: $(srcdir)/libunbound/libunbound.c $(srcdir)/libunbound/unbound.h \ $(srcdir)/libunbound/unbound-event.h config.h $(srcdir)/libunbound/context.h $(srcdir)/util/locks.h \ $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/libunbound/libworker.h \ $(srcdir)/util/config_file.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/regional.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/regional.h \ $(srcdir)/util/random.h $(srcdir)/util/net_help.h $(srcdir)/util/tube.h $(srcdir)/services/localzone.h \ - $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/services/cache/rrset.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/ldns/sbuffer.h + $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rtt.h \ + $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/sldns/sbuffer.h libworker.lo libworker.o: $(srcdir)/libunbound/libworker.c config.h \ $(srcdir)/libunbound/libworker.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h \ $(srcdir)/services/modstack.h $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/worker.h \ - $(srcdir)/ldns/sbuffer.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/services/outside_network.h \ + $(srcdir)/sldns/sbuffer.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/services/outside_network.h \ $(srcdir)/util/netevent.h $(srcdir)/services/mesh.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/module.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/services/localzone.h $(srcdir)/services/cache/rrset.h \ $(srcdir)/util/storage/slabhash.h $(srcdir)/services/outbound_list.h $(srcdir)/util/fptr_wlist.h \ $(srcdir)/util/tube.h $(srcdir)/util/regional.h $(srcdir)/util/random.h $(srcdir)/util/config_file.h \ $(srcdir)/util/storage/lookup3.h $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h \ $(srcdir)/util/data/msgencode.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/ldns/str2wire.h + $(srcdir)/util/storage/dnstree.h $(srcdir)/sldns/str2wire.h unbound-host.lo unbound-host.o: $(srcdir)/smallapp/unbound-host.c config.h $(srcdir)/libunbound/unbound.h \ - $(srcdir)/ldns/rrdef.h $(srcdir)/ldns/wire2str.h + $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h asynclook.lo asynclook.o: $(srcdir)/testcode/asynclook.c config.h $(srcdir)/libunbound/unbound.h \ $(srcdir)/libunbound/context.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h \ $(srcdir)/services/modstack.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/ldns/rrdef.h + $(srcdir)/sldns/rrdef.h streamtcp.lo streamtcp.o: $(srcdir)/testcode/streamtcp.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/util/net_help.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/dname.h $(srcdir)/ldns/sbuffer.h \ - $(srcdir)/ldns/str2wire.h $(srcdir)/ldns/wire2str.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/dname.h $(srcdir)/sldns/sbuffer.h \ + $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h \ perf.lo perf.o: $(srcdir)/testcode/perf.c config.h $(srcdir)/util/log.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h \ $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h \ - $(srcdir)/ldns/sbuffer.h $(srcdir)/ldns/wire2str.h $(srcdir)/ldns/str2wire.h + $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h delayer.lo delayer.o: $(srcdir)/testcode/delayer.c config.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \ - $(srcdir)/util/config_file.h $(srcdir)/ldns/sbuffer.h + $(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h unbound-control.lo unbound-control.o: $(srcdir)/smallapp/unbound-control.c config.h \ - $(srcdir)/util/log.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h + $(srcdir)/util/log.h $(srcdir)/util/config_file.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h unbound-anchor.lo unbound-anchor.o: $(srcdir)/smallapp/unbound-anchor.c config.h $(srcdir)/libunbound/unbound.h \ - $(srcdir)/ldns/rrdef.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/parseutil.h \ petal.lo petal.o: $(srcdir)/testcode/petal.c config.h \ pythonmod_utils.lo pythonmod_utils.o: $(srcdir)/pythonmod/pythonmod_utils.c config.h $(srcdir)/util/module.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h \ - $(srcdir)/util/netevent.h $(srcdir)/util/net_help.h $(srcdir)/services/cache/dns.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/util/netevent.h $(srcdir)/util/net_help.h $(srcdir)/services/cache/dns.h \ $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/regional.h \ - $(srcdir)/iterator/iter_delegpt.h $(srcdir)/ldns/sbuffer.h + $(srcdir)/iterator/iter_delegpt.h $(srcdir)/sldns/sbuffer.h win_svc.lo win_svc.o: $(srcdir)/winrc/win_svc.c config.h $(srcdir)/winrc/win_svc.h $(srcdir)/winrc/w_inst.h \ $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \ - $(srcdir)/ldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/netevent.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h \ - $(srcdir)/ldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h \ + $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ + $(srcdir)/util/netevent.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h \ $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h \ $(srcdir)/util/config_file.h $(srcdir)/util/winsock_event.h w_inst.lo w_inst.o: $(srcdir)/winrc/w_inst.c config.h $(srcdir)/winrc/w_inst.h $(srcdir)/winrc/win_svc.h @@ -1191,20 +1199,21 @@ unbound-service-install.lo unbound-service-install.o: $(srcdir)/winrc/unbound-se unbound-service-remove.lo unbound-service-remove.o: $(srcdir)/winrc/unbound-service-remove.c config.h \ $(srcdir)/winrc/w_inst.h anchor-update.lo anchor-update.o: $(srcdir)/winrc/anchor-update.c config.h $(srcdir)/libunbound/unbound.h \ - $(srcdir)/ldns/rrdef.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/wire2str.h -keyraw.lo keyraw.o: $(srcdir)/ldns/keyraw.c config.h $(srcdir)/ldns/keyraw.h \ - $(srcdir)/ldns/rrdef.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/wire2str.h +keyraw.lo keyraw.o: $(srcdir)/sldns/keyraw.c config.h $(srcdir)/sldns/keyraw.h \ + $(srcdir)/sldns/rrdef.h \ -sbuffer.lo sbuffer.o: $(srcdir)/ldns/sbuffer.c config.h $(srcdir)/ldns/sbuffer.h -wire2str.lo wire2str.o: $(srcdir)/ldns/wire2str.c config.h $(srcdir)/ldns/wire2str.h $(srcdir)/ldns/str2wire.h \ - $(srcdir)/ldns/rrdef.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/parseutil.h $(srcdir)/ldns/sbuffer.h $(srcdir)/ldns/keyraw.h \ +sbuffer.lo sbuffer.o: $(srcdir)/sldns/sbuffer.c config.h $(srcdir)/sldns/sbuffer.h +wire2str.lo wire2str.o: $(srcdir)/sldns/wire2str.c config.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/sbuffer.h \ + $(srcdir)/sldns/keyraw.h \ -parse.lo parse.o: $(srcdir)/ldns/parse.c config.h $(srcdir)/ldns/parse.h $(srcdir)/ldns/parseutil.h \ - $(srcdir)/ldns/sbuffer.h -parseutil.lo parseutil.o: $(srcdir)/ldns/parseutil.c config.h $(srcdir)/ldns/parseutil.h -rrdef.lo rrdef.o: $(srcdir)/ldns/rrdef.c config.h $(srcdir)/ldns/rrdef.h $(srcdir)/ldns/parseutil.h -str2wire.lo str2wire.o: $(srcdir)/ldns/str2wire.c config.h $(srcdir)/ldns/str2wire.h $(srcdir)/ldns/rrdef.h \ - $(srcdir)/ldns/wire2str.h $(srcdir)/ldns/sbuffer.h $(srcdir)/ldns/parse.h $(srcdir)/ldns/parseutil.h +parse.lo parse.o: $(srcdir)/sldns/parse.c config.h $(srcdir)/sldns/parse.h $(srcdir)/sldns/parseutil.h \ + $(srcdir)/sldns/sbuffer.h +parseutil.lo parseutil.o: $(srcdir)/sldns/parseutil.c config.h $(srcdir)/sldns/parseutil.h +rrdef.lo rrdef.o: $(srcdir)/sldns/rrdef.c config.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/parseutil.h +str2wire.lo str2wire.o: $(srcdir)/sldns/str2wire.c config.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/parse.h $(srcdir)/sldns/parseutil.h ctime_r.lo ctime_r.o: $(srcdir)/compat/ctime_r.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h fake-rfc2553.lo fake-rfc2553.o: $(srcdir)/compat/fake-rfc2553.c $(srcdir)/compat/fake-rfc2553.h config.h gmtime_r.lo gmtime_r.o: $(srcdir)/compat/gmtime_r.c config.h @@ -1228,3 +1237,4 @@ arc4random.lo arc4random.o: $(srcdir)/compat/arc4random.c config.h $(srcdir)/com arc4random_uniform.lo arc4random_uniform.o: $(srcdir)/compat/arc4random_uniform.c config.h arc4_lock.lo arc4_lock.o: $(srcdir)/compat/arc4_lock.c config.h $(srcdir)/util/locks.h sha512.lo sha512.o: $(srcdir)/compat/sha512.c config.h +reallocarray.lo reallocarray.o: $(srcdir)/compat/reallocarray.c config.h diff --git a/contrib/unbound/acx_nlnetlabs.m4 b/contrib/unbound/acx_nlnetlabs.m4 index e1cf83a..c9ca755 100644 --- a/contrib/unbound/acx_nlnetlabs.m4 +++ b/contrib/unbound/acx_nlnetlabs.m4 @@ -2,7 +2,9 @@ # Copyright 2009, Wouter Wijngaards, NLnet Labs. # BSD licensed. # -# Version 26 +# Version 28 +# 2015-08-28 ACX_CHECK_PIE and ACX_CHECK_RELRO_NOW added. +# 2015-03-17 AHX_CONFIG_REALLOCARRAY added # 2013-09-19 FLTO help text improved. # 2013-07-18 Enable ACX_CHECK_COMPILER_FLAG to test for -Wstrict-prototypes # 2013-06-25 FLTO has --disable-flto option. @@ -93,6 +95,8 @@ # ACX_CHECK_MEMCMP_SIGNED - check if memcmp uses signed characters. # AHX_MEMCMP_BROKEN - replace memcmp func for CHECK_MEMCMP_SIGNED. # ACX_CHECK_SS_FAMILY - check for sockaddr_storage.ss_family +# ACX_CHECK_PIE - add --enable-pie option and check if works +# ACX_CHECK_RELRO_NOW - add --enable-relro-now option and check it # dnl Escape backslashes as \\, for C:\ paths, for the C preprocessor defines. @@ -1213,6 +1217,16 @@ struct tm *gmtime_r(const time_t *timep, struct tm *result); #endif ]) +dnl provide reallocarray compat prototype. +dnl $1: unique name for compat code +AC_DEFUN([AHX_CONFIG_REALLOCARRAY], +[ +#ifndef HAVE_REALLOCARRAY +#define reallocarray reallocarray$1 +void* reallocarray(void *ptr, size_t nmemb, size_t size); +#endif +]) + dnl provide w32 compat definition for sleep AC_DEFUN([AHX_CONFIG_W32_SLEEP], [ @@ -1375,4 +1389,46 @@ AC_DEFUN([ACX_CHECK_SS_FAMILY], #endif ]) ]) +dnl Check if CC and linker support -fPIE and -pie. +dnl If so, sets them in CFLAGS / LDFLAGS. +AC_DEFUN([ACX_CHECK_PIE], [ + AC_ARG_ENABLE([pie], AS_HELP_STRING([--enable-pie], [Enable Position-Independent Executable (eg. to fully benefit from ASLR, small performance penalty)])) + AS_IF([test "x$enable_pie" = "xyes"], [ + AC_MSG_CHECKING([if $CC supports PIE]) + BAKLDFLAGS="$LDFLAGS" + BAKCFLAGS="$CFLAGS" + LDFLAGS="$LDFLAGS -pie" + CFLAGS="$CFLAGS -fPIE" + AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])], [ + if $CC $CFLAGS $LDFLAGS -o conftest conftest.c 2>&1 | grep "warning: no debug symbols in executable" >/dev/null; then + LDFLAGS="$BAKLDFLAGS" + AC_MSG_RESULT(no) + else + AC_MSG_RESULT(yes) + fi + rm -f conftest conftest.c conftest.o + ], [LDFLAGS="$BAKLDFLAGS" ; CFLAGS="$BAKCFLAGS" ; AC_MSG_RESULT(no)]) + ]) +]) + +dnl Check if linker supports -Wl,-z,relro,-z,now. +dnl If so, adds it to LDFLAGS. +AC_DEFUN([ACX_CHECK_RELRO_NOW], [ + AC_ARG_ENABLE([relro_now], AS_HELP_STRING([--enable-relro-now], [Enable full relocation binding at load-time (RELRO NOW, to protect GOT and .dtor areas)])) + AS_IF([test "x$enable_relro_now" = "xyes"], [ + AC_MSG_CHECKING([if $CC supports -Wl,-z,relro,-z,now]) + BAKLDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS -Wl,-z,relro,-z,now" + AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])], [ + if $CC $CFLAGS $LDFLAGS -o conftest conftest.c 2>&1 | grep "warning: no debug symbols in executable" >/dev/null; then + LDFLAGS="$BAKLDFLAGS" + AC_MSG_RESULT(no) + else + AC_MSG_RESULT(yes) + fi + rm -f conftest conftest.c conftest.o + ], [LDFLAGS="$BAKLDFLAGS" ; AC_MSG_RESULT(no)]) + ]) +]) + dnl End of file diff --git a/contrib/unbound/compat/getentropy_linux.c b/contrib/unbound/compat/getentropy_linux.c index d4adab2..76f0f9d 100644 --- a/contrib/unbound/compat/getentropy_linux.c +++ b/contrib/unbound/compat/getentropy_linux.c @@ -77,6 +77,9 @@ int getentropy(void *buf, size_t len); extern int main(int, char *argv[]); #endif static int gotdata(char *buf, size_t len); +#ifdef SYS_getrandom +static int getentropy_getrandom(void *buf, size_t len); +#endif static int getentropy_urandom(void *buf, size_t len); #ifdef SYS__sysctl static int getentropy_sysctl(void *buf, size_t len); @@ -94,11 +97,15 @@ getentropy(void *buf, size_t len) } #ifdef SYS_getrandom - /* try to use getrandom syscall introduced with kernel 3.17 */ - ret = syscall(SYS_getrandom, buf, len, 0); + /* + * Try descriptor-less getrandom() + */ + ret = getentropy_getrandom(buf, len); if (ret != -1) return (ret); -#endif /* SYS_getrandom */ + if (errno != ENOSYS) + return (-1); +#endif /* * Try to get entropy with /dev/urandom @@ -185,6 +192,25 @@ gotdata(char *buf, size_t len) return 0; } +#ifdef SYS_getrandom +static int +getentropy_getrandom(void *buf, size_t len) +{ + int pre_errno = errno; + int ret; + if (len > 256) + return (-1); + do { + ret = syscall(SYS_getrandom, buf, len, 0); + } while (ret == -1 && errno == EINTR); + + if (ret != (int)len) + return (-1); + errno = pre_errno; + return (0); +} +#endif + static int getentropy_urandom(void *buf, size_t len) { @@ -258,7 +284,7 @@ getentropy_sysctl(void *buf, size_t len) struct __sysctl_args args = { .name = mib, .nlen = 3, - .oldval = buf + i, + .oldval = (char *)buf + i, .oldlenp = &chunk, }; if (syscall(SYS__sysctl, &args) != 0) diff --git a/contrib/unbound/compat/reallocarray.c b/contrib/unbound/compat/reallocarray.c new file mode 100644 index 0000000..04d5d71 --- /dev/null +++ b/contrib/unbound/compat/reallocarray.c @@ -0,0 +1,39 @@ +/* $OpenBSD: reallocarray.c,v 1.1 2014/05/08 21:43:49 deraadt Exp $ */ +/* + * Copyright (c) 2008 Otto Moerbeek <otto@drijf.net> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "config.h" +#include <sys/types.h> +#include <errno.h> +#include <stdint.h> +#include <stdlib.h> + +/* + * This is sqrt(SIZE_MAX+1), as s1*s2 <= SIZE_MAX + * if both s1 < MUL_NO_OVERFLOW and s2 < MUL_NO_OVERFLOW + */ +#define MUL_NO_OVERFLOW ((size_t)1 << (sizeof(size_t) * 4)) + +void * +reallocarray(void *optr, size_t nmemb, size_t size) +{ + if ((nmemb >= MUL_NO_OVERFLOW || size >= MUL_NO_OVERFLOW) && + nmemb > 0 && SIZE_MAX / nmemb < size) { + errno = ENOMEM; + return NULL; + } + return realloc(optr, size * nmemb); +} diff --git a/contrib/unbound/config.h b/contrib/unbound/config.h index 641ddd3..6e322ea 100644 --- a/contrib/unbound/config.h +++ b/contrib/unbound/config.h @@ -71,6 +71,10 @@ if you don't. */ #define HAVE_DECL_NID_X9_62_PRIME256V1 1 +/* Define to 1 if you have the declaration of `reallocarray', and to 0 if you + don't. */ +/* #undef HAVE_DECL_REALLOCARRAY */ + /* Define to 1 if you have the declaration of `sk_SSL_COMP_pop_free', and to 0 if you don't. */ #define HAVE_DECL_SK_SSL_COMP_POP_FREE 1 @@ -79,6 +83,10 @@ `SSL_COMP_get_compression_methods', and to 0 if you don't. */ #define HAVE_DECL_SSL_COMP_GET_COMPRESSION_METHODS 1 +/* Define to 1 if you have the declaration of `SSL_CTX_set_ecdh_auto', and to + 0 if you don't. */ +#define HAVE_DECL_SSL_CTX_SET_ECDH_AUTO 0 + /* Define to 1 if you have the declaration of `strlcat', and to 0 if you don't. */ /* #undef HAVE_DECL_STRLCAT */ @@ -267,6 +275,9 @@ /* Define to 1 if you have the `random' function. */ #define HAVE_RANDOM 1 +/* Define to 1 if you have the `reallocarray' function. */ +/* #undef HAVE_REALLOCARRAY */ + /* Define to 1 if you have the `recvmsg' function. */ #define HAVE_RECVMSG 1 @@ -486,7 +497,7 @@ #define PACKAGE_NAME "unbound" /* Define to the full name and version of this package. */ -#define PACKAGE_STRING "unbound 1.5.3" +#define PACKAGE_STRING "unbound 1.5.5" /* Define to the one symbol short name of this package. */ #define PACKAGE_TARNAME "unbound" @@ -495,7 +506,7 @@ #define PACKAGE_URL "" /* Define to the version of this package. */ -#define PACKAGE_VERSION "1.5.3" +#define PACKAGE_VERSION "1.5.5" /* default pidfile location */ #define PIDFILE "/var/unbound/unbound.pid" @@ -514,7 +525,7 @@ #define ROOT_CERT_FILE "/var/unbound/icannbundle.pem" /* version number for resource files */ -#define RSRC_PACKAGE_VERSION 1,5,3,0 +#define RSRC_PACKAGE_VERSION 1,5,5,0 /* Directory to chdir to */ #define RUN_DIR "/var/unbound" @@ -890,6 +901,12 @@ struct tm *gmtime_r(const time_t *timep, struct tm *result); #endif +#ifndef HAVE_REALLOCARRAY +#define reallocarray reallocarrayunbound +void* reallocarray(void *ptr, size_t nmemb, size_t size); +#endif + + #if !defined(HAVE_SLEEP) || defined(HAVE_WINDOWS_H) #define sleep(x) Sleep((x)*1000) /* on win32 */ #endif /* HAVE_SLEEP */ @@ -955,6 +972,9 @@ uint32_t arc4random(void); # if !HAVE_DECL_ARC4RANDOM_UNIFORM && defined(HAVE_ARC4RANDOM_UNIFORM) uint32_t arc4random_uniform(uint32_t upper_bound); # endif +# if !HAVE_DECL_REALLOCARRAY +void *reallocarray(void *ptr, size_t nmemb, size_t size); +# endif #endif /* HAVE_LIBRESSL */ #ifndef HAVE_ARC4RANDOM void explicit_bzero(void* buf, size_t len); diff --git a/contrib/unbound/config.h.in b/contrib/unbound/config.h.in index c36d4b9..7576e15 100644 --- a/contrib/unbound/config.h.in +++ b/contrib/unbound/config.h.in @@ -70,6 +70,10 @@ if you don't. */ #undef HAVE_DECL_NID_X9_62_PRIME256V1 +/* Define to 1 if you have the declaration of `reallocarray', and to 0 if you + don't. */ +#undef HAVE_DECL_REALLOCARRAY + /* Define to 1 if you have the declaration of `sk_SSL_COMP_pop_free', and to 0 if you don't. */ #undef HAVE_DECL_SK_SSL_COMP_POP_FREE @@ -78,6 +82,10 @@ `SSL_COMP_get_compression_methods', and to 0 if you don't. */ #undef HAVE_DECL_SSL_COMP_GET_COMPRESSION_METHODS +/* Define to 1 if you have the declaration of `SSL_CTX_set_ecdh_auto', and to + 0 if you don't. */ +#undef HAVE_DECL_SSL_CTX_SET_ECDH_AUTO + /* Define to 1 if you have the declaration of `strlcat', and to 0 if you don't. */ #undef HAVE_DECL_STRLCAT @@ -266,6 +274,9 @@ /* Define to 1 if you have the `random' function. */ #undef HAVE_RANDOM +/* Define to 1 if you have the `reallocarray' function. */ +#undef HAVE_REALLOCARRAY + /* Define to 1 if you have the `recvmsg' function. */ #undef HAVE_RECVMSG @@ -889,6 +900,12 @@ struct tm *gmtime_r(const time_t *timep, struct tm *result); #endif +#ifndef HAVE_REALLOCARRAY +#define reallocarray reallocarrayunbound +void* reallocarray(void *ptr, size_t nmemb, size_t size); +#endif + + #if !defined(HAVE_SLEEP) || defined(HAVE_WINDOWS_H) #define sleep(x) Sleep((x)*1000) /* on win32 */ #endif /* HAVE_SLEEP */ @@ -954,6 +971,9 @@ uint32_t arc4random(void); # if !HAVE_DECL_ARC4RANDOM_UNIFORM && defined(HAVE_ARC4RANDOM_UNIFORM) uint32_t arc4random_uniform(uint32_t upper_bound); # endif +# if !HAVE_DECL_REALLOCARRAY +void *reallocarray(void *ptr, size_t nmemb, size_t size); +# endif #endif /* HAVE_LIBRESSL */ #ifndef HAVE_ARC4RANDOM void explicit_bzero(void* buf, size_t len); diff --git a/contrib/unbound/configure b/contrib/unbound/configure index 20ff33d..7b0a7e6 100755 --- a/contrib/unbound/configure +++ b/contrib/unbound/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for unbound 1.5.3. +# Generated by GNU Autoconf 2.69 for unbound 1.5.5. # # Report bugs to <unbound-bugs@nlnetlabs.nl>. # @@ -590,8 +590,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='unbound' PACKAGE_TARNAME='unbound' -PACKAGE_VERSION='1.5.3' -PACKAGE_STRING='unbound 1.5.3' +PACKAGE_VERSION='1.5.5' +PACKAGE_STRING='unbound 1.5.5' PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl' PACKAGE_URL='' @@ -677,6 +677,7 @@ WITH_PYTHONMODULE swig SWIG_LIB SWIG +PY_MAJOR_VERSION PYTHON_SITE_PKG PYTHON_LDFLAGS PYTHON_CPPFLAGS @@ -803,6 +804,8 @@ with_username enable_checking enable_debug enable_flto +enable_pie +enable_relro_now enable_shared enable_static with_pic @@ -1388,7 +1391,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures unbound 1.5.3 to adapt to many kinds of systems. +\`configure' configures unbound 1.5.5 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1453,7 +1456,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of unbound 1.5.3:";; + short | recursive ) echo "Configuration of unbound 1.5.5:";; esac cat <<\_ACEOF @@ -1464,6 +1467,10 @@ Optional Features: --enable-checking Enable warnings, asserts, makefile-dependencies --enable-debug same as enable-checking --disable-flto Disable link-time optimization (gcc specific option) + --enable-pie Enable Position-Independent Executable (eg. to fully + benefit from ASLR, small performance penalty) + --enable-relro-now Enable full relocation binding at load-time (RELRO + NOW, to protect GOT and .dtor areas) --enable-shared[=PKGS] build shared libraries [default=yes] --enable-static[=PKGS] build static libraries [default=yes] --enable-fast-install[=PKGS] @@ -1628,7 +1635,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -unbound configure 1.5.3 +unbound configure 1.5.5 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2337,7 +2344,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by unbound $as_me 1.5.3, which was +It was created by unbound $as_me 1.5.5, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2689,11 +2696,11 @@ UNBOUND_VERSION_MAJOR=1 UNBOUND_VERSION_MINOR=5 -UNBOUND_VERSION_MICRO=3 +UNBOUND_VERSION_MICRO=5 LIBUNBOUND_CURRENT=5 -LIBUNBOUND_REVISION=6 +LIBUNBOUND_REVISION=8 LIBUNBOUND_AGE=3 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 @@ -2736,6 +2743,8 @@ LIBUNBOUND_AGE=3 # 1.5.1 had 5:3:3 # 1.5.2 had 5:5:3 # 1.5.3 had 5:6:3 +# 1.5.4 had 5:7:3 +# 1.5.5 had 5:8:3 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary @@ -5877,6 +5886,96 @@ rm -f core conftest.err conftest.$ac_objext \ fi + # Check whether --enable-pie was given. +if test "${enable_pie+set}" = set; then : + enableval=$enable_pie; +fi + + if test "x$enable_pie" = "xyes"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports PIE" >&5 +$as_echo_n "checking if $CC supports PIE... " >&6; } + BAKLDFLAGS="$LDFLAGS" + BAKCFLAGS="$CFLAGS" + LDFLAGS="$LDFLAGS -pie" + CFLAGS="$CFLAGS -fPIE" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + if $CC $CFLAGS $LDFLAGS -o conftest conftest.c 2>&1 | grep "warning: no debug symbols in executable" >/dev/null; then + LDFLAGS="$BAKLDFLAGS" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + fi + rm -f conftest conftest.c conftest.o + +else + LDFLAGS="$BAKLDFLAGS" ; CFLAGS="$BAKCFLAGS" ; { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + +fi + + + # Check whether --enable-relro_now was given. +if test "${enable_relro_now+set}" = set; then : + enableval=$enable_relro_now; +fi + + if test "x$enable_relro_now" = "xyes"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wl,-z,relro,-z,now" >&5 +$as_echo_n "checking if $CC supports -Wl,-z,relro,-z,now... " >&6; } + BAKLDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS -Wl,-z,relro,-z,now" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + if $CC $CFLAGS $LDFLAGS -o conftest conftest.c 2>&1 | grep "warning: no debug symbols in executable" >/dev/null; then + LDFLAGS="$BAKLDFLAGS" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + fi + rm -f conftest conftest.c conftest.o + +else + LDFLAGS="$BAKLDFLAGS" ; { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for inline" >&5 $as_echo_n "checking for inline... " >&6; } if ${ac_cv_c_inline+:} false; then : @@ -16099,6 +16198,8 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu as_fn_error $? "Python version >= 2.4.0 is required" "$LINENO" 5 fi + PY_MAJOR_VERSION="`$PYTHON -c \"import sys; print(sys.version_info[0])\"`" + # Have Python $as_echo "#define HAVE_PYTHON 1" >>confdefs.h @@ -16680,7 +16781,7 @@ rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext { $as_echo "$as_me:${as_lineno-$LINENO}: checking for LibreSSL" >&5 $as_echo_n "checking for LibreSSL... " >&6; } -if grep OPENSSL_VERSION_TEXT $ssldir/include/openssl/opensslv.h | grep "LibreSSL" >/dev/null; then +if grep VERSION_TEXT $ssldir/include/openssl/opensslv.h | grep "LibreSSL" >/dev/null; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } @@ -16728,6 +16829,16 @@ fi cat >>confdefs.h <<_ACEOF #define HAVE_DECL_ARC4RANDOM_UNIFORM $ac_have_decl _ACEOF +ac_fn_c_check_decl "$LINENO" "reallocarray" "ac_cv_have_decl_reallocarray" "$ac_includes_default" +if test "x$ac_cv_have_decl_reallocarray" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_REALLOCARRAY $ac_have_decl +_ACEOF else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 @@ -16831,6 +16942,36 @@ fi cat >>confdefs.h <<_ACEOF #define HAVE_DECL_SK_SSL_COMP_POP_FREE $ac_have_decl _ACEOF +ac_fn_c_check_decl "$LINENO" "SSL_CTX_set_ecdh_auto" "ac_cv_have_decl_SSL_CTX_set_ecdh_auto" " +$ac_includes_default +#ifdef HAVE_OPENSSL_ERR_H +#include <openssl/err.h> +#endif + +#ifdef HAVE_OPENSSL_RAND_H +#include <openssl/rand.h> +#endif + +#ifdef HAVE_OPENSSL_CONF_H +#include <openssl/conf.h> +#endif + +#ifdef HAVE_OPENSSL_ENGINE_H +#include <openssl/engine.h> +#endif +#include <openssl/ssl.h> +#include <openssl/evp.h> + +" +if test "x$ac_cv_have_decl_SSL_CTX_set_ecdh_auto" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_SSL_CTX_SET_ECDH_AUTO $ac_have_decl +_ACEOF fi @@ -18138,6 +18279,20 @@ fi LIBOBJ_WITHOUT_CTIMEARC4="$LIBOBJS" +ac_fn_c_check_func "$LINENO" "reallocarray" "ac_cv_func_reallocarray" +if test "x$ac_cv_func_reallocarray" = xyes; then : + $as_echo "#define HAVE_REALLOCARRAY 1" >>confdefs.h + +else + case " $LIBOBJS " in + *" reallocarray.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS reallocarray.$ac_objext" + ;; +esac + +fi + + if test "$USE_NSS" = "no"; then ac_fn_c_check_func "$LINENO" "arc4random" "ac_cv_func_arc4random" if test "x$ac_cv_func_arc4random" = xyes; then : @@ -18862,7 +19017,7 @@ _ACEOF -version=1.5.3 +version=1.5.5 date=`date +'%b %e, %Y'` @@ -19377,7 +19532,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by unbound $as_me 1.5.3, which was +This file was extended by unbound $as_me 1.5.5, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -19443,7 +19598,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -unbound config.status 1.5.3 +unbound config.status 1.5.5 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff --git a/contrib/unbound/configure.ac b/contrib/unbound/configure.ac index ae0525b..871ea7c 100644 --- a/contrib/unbound/configure.ac +++ b/contrib/unbound/configure.ac @@ -10,14 +10,14 @@ sinclude(dnstap/dnstap.m4) # must be numbers. ac_defun because of later processing m4_define([VERSION_MAJOR],[1]) m4_define([VERSION_MINOR],[5]) -m4_define([VERSION_MICRO],[3]) +m4_define([VERSION_MICRO],[5]) AC_INIT(unbound, m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]), unbound-bugs@nlnetlabs.nl, unbound) AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR]) AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR]) AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO]) LIBUNBOUND_CURRENT=5 -LIBUNBOUND_REVISION=6 +LIBUNBOUND_REVISION=8 LIBUNBOUND_AGE=3 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 @@ -60,6 +60,8 @@ LIBUNBOUND_AGE=3 # 1.5.1 had 5:3:3 # 1.5.2 had 5:5:3 # 1.5.3 had 5:6:3 +# 1.5.4 had 5:7:3 +# 1.5.5 had 5:8:3 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary @@ -245,6 +247,8 @@ case "$debug_enabled" in ;; esac ACX_CHECK_FLTO +ACX_CHECK_PIE +ACX_CHECK_RELRO_NOW AC_C_INLINE ACX_CHECK_FORMAT_ATTRIBUTE @@ -474,6 +478,8 @@ if test x_$ub_test_python != x_no; then AC_ERROR([Python version >= 2.4.0 is required]) fi + [PY_MAJOR_VERSION="`$PYTHON -c \"import sys; print(sys.version_info[0])\"`"] + AC_SUBST(PY_MAJOR_VERSION) # Have Python AC_DEFINE(HAVE_PYTHON,1,[Define if you have Python libraries and header files.]) LIBS="$PYTHON_LDFLAGS $LIBS" @@ -563,19 +569,19 @@ if test $USE_NSS = "no"; then ACX_WITH_SSL ACX_LIB_SSL AC_MSG_CHECKING([for LibreSSL]) -if grep OPENSSL_VERSION_TEXT $ssldir/include/openssl/opensslv.h | grep "LibreSSL" >/dev/null; then +if grep VERSION_TEXT $ssldir/include/openssl/opensslv.h | grep "LibreSSL" >/dev/null; then AC_MSG_RESULT([yes]) AC_DEFINE([HAVE_LIBRESSL], [1], [Define if we have LibreSSL]) # libressl provides these compat functions, but they may also be # declared by the OS in libc. See if they have been declared. - AC_CHECK_DECLS([strlcpy,strlcat,arc4random,arc4random_uniform]) + AC_CHECK_DECLS([strlcpy,strlcat,arc4random,arc4random_uniform,reallocarray]) else AC_MSG_RESULT([no]) fi AC_CHECK_HEADERS([openssl/conf.h],,, [AC_INCLUDES_DEFAULT]) AC_CHECK_HEADERS([openssl/engine.h],,, [AC_INCLUDES_DEFAULT]) AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode]) -AC_CHECK_DECLS([SSL_COMP_get_compression_methods,sk_SSL_COMP_pop_free], [], [], [ +AC_CHECK_DECLS([SSL_COMP_get_compression_methods,sk_SSL_COMP_pop_free,SSL_CTX_set_ecdh_auto], [], [], [ AC_INCLUDES_DEFAULT #ifdef HAVE_OPENSSL_ERR_H #include <openssl/err.h> @@ -995,8 +1001,10 @@ AC_REPLACE_FUNCS(strlcat) AC_REPLACE_FUNCS(strlcpy) AC_REPLACE_FUNCS(memmove) AC_REPLACE_FUNCS(gmtime_r) +dnl without CTIME, ARC4-functions and without reallocarray. LIBOBJ_WITHOUT_CTIMEARC4="$LIBOBJS" AC_SUBST(LIBOBJ_WITHOUT_CTIMEARC4) +AC_REPLACE_FUNCS(reallocarray) if test "$USE_NSS" = "no"; then AC_REPLACE_FUNCS(arc4random) AC_REPLACE_FUNCS(arc4random_uniform) @@ -1235,6 +1243,7 @@ AHX_CONFIG_MEMMOVE(unbound) AHX_CONFIG_STRLCAT(unbound) AHX_CONFIG_STRLCPY(unbound) AHX_CONFIG_GMTIME_R(unbound) +AHX_CONFIG_REALLOCARRAY(unbound) AHX_CONFIG_W32_SLEEP AHX_CONFIG_W32_USLEEP AHX_CONFIG_W32_RANDOM @@ -1268,6 +1277,9 @@ uint32_t arc4random(void); # if !HAVE_DECL_ARC4RANDOM_UNIFORM && defined(HAVE_ARC4RANDOM_UNIFORM) uint32_t arc4random_uniform(uint32_t upper_bound); # endif +# if !HAVE_DECL_REALLOCARRAY +void *reallocarray(void *ptr, size_t nmemb, size_t size); +# endif #endif /* HAVE_LIBRESSL */ #ifndef HAVE_ARC4RANDOM void explicit_bzero(void* buf, size_t len); diff --git a/contrib/unbound/daemon/cachedump.c b/contrib/unbound/daemon/cachedump.c index 20a46ae..4b0a583 100644 --- a/contrib/unbound/daemon/cachedump.c +++ b/contrib/unbound/daemon/cachedump.c @@ -56,9 +56,9 @@ #include "iterator/iter_utils.h" #include "iterator/iter_fwd.h" #include "iterator/iter_hints.h" -#include "ldns/sbuffer.h" -#include "ldns/wire2str.h" -#include "ldns/str2wire.h" +#include "sldns/sbuffer.h" +#include "sldns/wire2str.h" +#include "sldns/str2wire.h" /** dump one rrset zonefile line */ static int @@ -223,6 +223,8 @@ copy_msg(struct regional* region, struct lruhash_entry* e, struct query_info** k, struct reply_info** d) { struct reply_info* rep = (struct reply_info*)e->data; + if(rep->rrset_count > RR_COUNT_MAX) + return 0; /* to protect against integer overflow */ *d = (struct reply_info*)regional_alloc_init(region, e->data, sizeof(struct reply_info) + sizeof(struct rrset_ref) * (rep->rrset_count-1) + @@ -470,6 +472,10 @@ load_rrset(SSL* ssl, sldns_buffer* buf, struct worker* worker) log_warn("bad rrset without contents"); return 0; } + if(rr_count > RR_COUNT_MAX || rrsig_count > RR_COUNT_MAX) { + log_warn("bad rrset with too many rrs"); + return 0; + } d->count = (size_t)rr_count; d->rrsig_count = (size_t)rrsig_count; d->security = (enum sec_status)security; @@ -646,6 +652,10 @@ load_msg(SSL* ssl, sldns_buffer* buf, struct worker* worker) rep.ttl = (time_t)ttl; rep.prefetch_ttl = PREFETCH_TTL_CALC(rep.ttl); rep.security = (enum sec_status)security; + if(an > RR_COUNT_MAX || ns > RR_COUNT_MAX || ar > RR_COUNT_MAX) { + log_warn("error too many rrsets"); + return 0; /* protect against integer overflow in alloc */ + } rep.an_numrrsets = (size_t)an; rep.ns_numrrsets = (size_t)ns; rep.ar_numrrsets = (size_t)ar; diff --git a/contrib/unbound/daemon/daemon.c b/contrib/unbound/daemon/daemon.c index f693a02..e763f72 100644 --- a/contrib/unbound/daemon/daemon.c +++ b/contrib/unbound/daemon/daemon.c @@ -84,7 +84,7 @@ #include "util/random.h" #include "util/tube.h" #include "util/net_help.h" -#include "ldns/keyraw.h" +#include "sldns/keyraw.h" #include <signal.h> /** How many quit requests happened. */ @@ -399,6 +399,12 @@ daemon_create_workers(struct daemon* daemon) verbose(VERB_ALGO, "total of %d outgoing ports available", numport); daemon->num = (daemon->cfg->num_threads?daemon->cfg->num_threads:1); + if(daemon->reuseport && (int)daemon->num < (int)daemon->num_ports) { + log_warn("cannot reduce num-threads to %d because so-reuseport " + "so continuing with %d threads.", (int)daemon->num, + (int)daemon->num_ports); + daemon->num = (int)daemon->num_ports; + } daemon->workers = (struct worker**)calloc((size_t)daemon->num, sizeof(struct worker*)); if(daemon->cfg->dnstap) { @@ -464,7 +470,7 @@ thread_start(void* arg) #endif #ifdef SO_REUSEPORT if(worker->daemon->cfg->so_reuseport) - port_num = worker->thread_num; + port_num = worker->thread_num % worker->daemon->num_ports; else port_num = 0; #endif diff --git a/contrib/unbound/daemon/remote.c b/contrib/unbound/daemon/remote.c index 3ce55ee..c16e4e5 100644 --- a/contrib/unbound/daemon/remote.c +++ b/contrib/unbound/daemon/remote.c @@ -78,10 +78,10 @@ #include "iterator/iter_delegpt.h" #include "services/outbound_list.h" #include "services/outside_network.h" -#include "ldns/str2wire.h" -#include "ldns/parseutil.h" -#include "ldns/wire2str.h" -#include "ldns/sbuffer.h" +#include "sldns/str2wire.h" +#include "sldns/parseutil.h" +#include "sldns/wire2str.h" +#include "sldns/sbuffer.h" #ifdef HAVE_SYS_TYPES_H # include <sys/types.h> @@ -140,34 +140,45 @@ timeval_divide(struct timeval* avg, const struct timeval* sum, size_t d) /* * The following function was generated using the openssl utility, using - * the command : "openssl dhparam -dsaparam -C 512" + * the command : "openssl dhparam -dsaparam -C 1024" + * (some openssl versions reject DH that is 'too small', eg. 512). */ #ifndef S_SPLINT_S -DH *get_dh512() -{ - static unsigned char dh512_p[]={ - 0xC9,0xD7,0x05,0xDA,0x5F,0xAB,0x14,0xE8,0x11,0x56,0x77,0x85, - 0xB1,0x24,0x2C,0x95,0x60,0xEA,0xE2,0x10,0x6F,0x0F,0x84,0xEC, - 0xF4,0x45,0xE8,0x90,0x7A,0xA7,0x03,0xFF,0x5B,0x88,0x53,0xDE, - 0xC4,0xDE,0xBC,0x42,0x78,0x71,0x23,0x7E,0x24,0xA5,0x5E,0x4E, - 0xEF,0x6F,0xFF,0x5F,0xAF,0xBE,0x8A,0x77,0x62,0xB4,0x65,0x82, - 0x7E,0xC9,0xED,0x2F, - }; - static unsigned char dh512_g[]={ - 0x8D,0x3A,0x52,0xBC,0x8A,0x71,0x94,0x33,0x2F,0xE1,0xE8,0x4C, - 0x73,0x47,0x03,0x4E,0x7D,0x40,0xE5,0x84,0xA0,0xB5,0x6D,0x10, - 0x6F,0x90,0x43,0x05,0x1A,0xF9,0x0B,0x6A,0xD1,0x2A,0x9C,0x25, - 0x0A,0xB9,0xD1,0x14,0xDC,0x35,0x1C,0x48,0x7C,0xC6,0x0C,0x6D, - 0x32,0x1D,0xD3,0xC8,0x10,0xA8,0x82,0x14,0xA2,0x1C,0xF4,0x53, - 0x23,0x3B,0x1C,0xB9, - }; +DH *get_dh1024() +{ + static unsigned char dh1024_p[]={ + 0xB3,0x67,0x2E,0x3B,0x68,0xC5,0xDA,0x58,0x46,0xD6,0x2B,0xD3, + 0x41,0x78,0x97,0xE4,0xE1,0x61,0x71,0x68,0xE6,0x0F,0x1D,0x78, + 0x05,0xAA,0xF0,0xFF,0x30,0xDF,0xAC,0x49,0x7F,0xE0,0x90,0xFE, + 0xB9,0x56,0x4E,0x3F,0xE2,0x98,0x8A,0xED,0xF5,0x28,0x39,0xEF, + 0x2E,0xA6,0xB7,0x67,0xB2,0x43,0xE4,0x53,0xF8,0xEB,0x2C,0x1F, + 0x06,0x77,0x3A,0x6F,0x62,0x98,0xC1,0x3B,0xF7,0xBA,0x4D,0x93, + 0xF7,0xEB,0x5A,0xAD,0xC5,0x5F,0xF0,0xB7,0x24,0x35,0x81,0xF7, + 0x7F,0x1F,0x24,0xC0,0xDF,0xD3,0xD8,0x40,0x72,0x7E,0xF3,0x19, + 0x2B,0x26,0x27,0xF4,0xB6,0xB3,0xD4,0x7D,0x08,0x23,0xBE,0x68, + 0x2B,0xCA,0xB4,0x46,0xA8,0x9E,0xDD,0x6C,0x3D,0x75,0xA6,0x48, + 0xF7,0x44,0x43,0xBF,0x91,0xC2,0xB4,0x49, + }; + static unsigned char dh1024_g[]={ + 0x5F,0x37,0xB5,0x80,0x4D,0xB4,0xC4,0xB2,0x37,0x12,0xD5,0x2F, + 0x56,0x81,0xB0,0xDF,0x3D,0x27,0xA2,0x54,0xE7,0x14,0x65,0x2D, + 0x72,0xA8,0x97,0xE0,0xA9,0x4A,0x09,0x5E,0x89,0xBE,0x34,0x9A, + 0x90,0x98,0xC1,0xE8,0xBB,0x01,0x2B,0xC2,0x74,0x74,0x90,0x59, + 0x0B,0x72,0x62,0x5C,0xFD,0x49,0x63,0x4B,0x38,0x91,0xF1,0x7F, + 0x13,0x25,0xEB,0x52,0x50,0x47,0xA2,0x8C,0x32,0x28,0x42,0xAC, + 0xBD,0x7A,0xCC,0x58,0xBE,0x36,0xDA,0x6A,0x24,0x06,0xC7,0xF1, + 0xDA,0x8D,0x8A,0x3B,0x03,0xFA,0x6F,0x25,0xE5,0x20,0xA7,0xD6, + 0x6F,0x74,0x61,0x53,0x14,0x81,0x29,0x04,0xB5,0x61,0x12,0x53, + 0xA3,0xD6,0x09,0x98,0x0C,0x8F,0x1C,0xBB,0xD7,0x1C,0x2C,0xEE, + 0x56,0x4B,0x74,0x8F,0x4A,0xF8,0xA9,0xD5, + }; DH *dh; if ((dh=DH_new()) == NULL) return(NULL); - dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL); - dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL); + dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL); + dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL); if ((dh->p == NULL) || (dh->g == NULL)) - { DH_free(dh); return(NULL); } + { DH_free(dh); return(NULL); } dh->length = 160; return(dh); } @@ -218,7 +229,7 @@ daemon_remote_create(struct config_file* cfg) /* Since we have no certificates and hence no source of * DH params, let's generate and set them */ - if(!SSL_CTX_set_tmp_dh(rc->ctx,get_dh512())) { + if(!SSL_CTX_set_tmp_dh(rc->ctx,get_dh1024())) { log_crypto_err("Wanted to set DH param, but failed"); return NULL; } @@ -232,9 +243,9 @@ daemon_remote_create(struct config_file* cfg) goto setup_error; } verbose(VERB_ALGO, "setup SSL certificates"); - if (!SSL_CTX_use_certificate_file(rc->ctx,s_cert,SSL_FILETYPE_PEM)) { + if (!SSL_CTX_use_certificate_chain_file(rc->ctx,s_cert)) { log_err("Error for server-cert-file: %s", s_cert); - log_crypto_err("Error in SSL_CTX use_certificate_file"); + log_crypto_err("Error in SSL_CTX use_certificate_chain_file"); goto setup_error; } if(!SSL_CTX_use_PrivateKey_file(rc->ctx,s_key,SSL_FILETYPE_PEM)) { @@ -247,6 +258,23 @@ daemon_remote_create(struct config_file* cfg) log_crypto_err("Error in SSL_CTX check_private_key"); goto setup_error; } +#if HAVE_DECL_SSL_CTX_SET_ECDH_AUTO + if(!SSL_CTX_set_ecdh_auto(rc->ctx,1)) { + log_crypto_err("Error in SSL_CTX_ecdh_auto, not enabling ECDHE"); + } +#elif defined(USE_ECDSA) + if(1) { + EC_KEY *ecdh = EC_KEY_new_by_curve_name (NID_X9_62_prime256v1); + if (!ecdh) { + log_crypto_err("could not find p256, not enabling ECDHE"); + } else { + if (1 != SSL_CTX_set_tmp_ecdh (rc->ctx, ecdh)) { + log_crypto_err("Error in SSL_CTX_set_tmp_ecdh, not enabling ECDHE"); + } + EC_KEY_free (ecdh); + } + } +#endif if(!SSL_CTX_load_verify_locations(rc->ctx, s_cert, NULL)) { log_crypto_err("Error setting up SSL_CTX verify locations"); setup_error: @@ -358,7 +386,8 @@ add_open(const char* ip, int nr, struct listen_port** list, int noproto_is_err, } /* open fd */ - fd = create_tcp_accept_sock(res, 1, &noproto, 0); + fd = create_tcp_accept_sock(res, 1, &noproto, 0, + cfg->ip_transparent); freeaddrinfo(res); } @@ -725,6 +754,8 @@ print_stats(SSL* ssl, const char* nm, struct stats_info* s) (long long)avg.tv_sec, (int)avg.tv_usec)) return 0; if(!ssl_printf(ssl, "%s.recursion.time.median"SQ"%g\n", nm, s->mesh_time_median)) return 0; + if(!ssl_printf(ssl, "%s.tcpusage"SQ"%lu\n", nm, + (unsigned long)s->svr.tcp_accept_usage)) return 0; return 1; } @@ -1228,8 +1259,6 @@ struct del_info { size_t len; /** labels */ int labs; - /** now */ - time_t now; /** time to invalidate to */ time_t expired; /** number of rrsets removed */ @@ -1258,7 +1287,7 @@ infra_del_host(struct lruhash_entry* e, void* arg) d->timeout_AAAA = 0; d->timeout_other = 0; rtt_init(&d->rtt); - if(d->ttl >= inf->now) { + if(d->ttl > inf->expired) { d->ttl = inf->expired; inf->num_keys++; } @@ -1287,7 +1316,6 @@ do_flush_infra(SSL* ssl, struct worker* worker, char* arg) inf.name = 0; inf.len = 0; inf.labs = 0; - inf.now = *worker->env.now; inf.expired = *worker->env.now; inf.expired -= 3; /* handle 3 seconds skew between threads */ inf.num_rrsets = 0; @@ -1318,7 +1346,7 @@ zone_del_rrset(struct lruhash_entry* e, void* arg) if(dname_subdomain_c(k->rk.dname, inf->name)) { struct packed_rrset_data* d = (struct packed_rrset_data*)e->data; - if(d->ttl >= inf->now) { + if(d->ttl > inf->expired) { d->ttl = inf->expired; inf->num_rrsets++; } @@ -1334,7 +1362,7 @@ zone_del_msg(struct lruhash_entry* e, void* arg) struct msgreply_entry* k = (struct msgreply_entry*)e->key; if(dname_subdomain_c(k->key.qname, inf->name)) { struct reply_info* d = (struct reply_info*)e->data; - if(d->ttl >= inf->now) { + if(d->ttl > inf->expired) { d->ttl = inf->expired; inf->num_msgs++; } @@ -1350,7 +1378,7 @@ zone_del_kcache(struct lruhash_entry* e, void* arg) struct key_entry_key* k = (struct key_entry_key*)e->key; if(dname_subdomain_c(k->name, inf->name)) { struct key_entry_data* d = (struct key_entry_data*)e->data; - if(d->ttl >= inf->now) { + if(d->ttl > inf->expired) { d->ttl = inf->expired; inf->num_keys++; } @@ -1373,7 +1401,6 @@ do_flush_zone(SSL* ssl, struct worker* worker, char* arg) inf.name = nm; inf.len = nmlen; inf.labs = nmlabs; - inf.now = *worker->env.now; inf.expired = *worker->env.now; inf.expired -= 3; /* handle 3 seconds skew between threads */ inf.num_rrsets = 0; @@ -1443,7 +1470,6 @@ do_flush_bogus(SSL* ssl, struct worker* worker) struct del_info inf; /* what we do is to set them all expired */ inf.worker = worker; - inf.now = *worker->env.now; inf.expired = *worker->env.now; inf.expired -= 3; /* handle 3 seconds skew between threads */ inf.num_rrsets = 0; @@ -1519,7 +1545,6 @@ do_flush_negative(SSL* ssl, struct worker* worker) struct del_info inf; /* what we do is to set them all expired */ inf.worker = worker; - inf.now = *worker->env.now; inf.expired = *worker->env.now; inf.expired -= 3; /* handle 3 seconds skew between threads */ inf.num_rrsets = 0; @@ -1669,6 +1694,7 @@ parse_delegpt(SSL* ssl, char* args, uint8_t* nm, int allow_names) } } } + dp->has_parent_side_NS = 1; return dp; } @@ -1889,6 +1915,21 @@ do_insecure_remove(SSL* ssl, struct worker* worker, char* arg) send_ok(ssl); } +static void +do_insecure_list(SSL* ssl, struct worker* worker) +{ + char buf[257]; + struct trust_anchor* a; + if(worker->env.anchors) { + RBTREE_FOR(a, struct trust_anchor*, worker->env.anchors->tree) { + if(a->numDS == 0 && a->numDNSKEY == 0) { + dname_str(a->name, buf); + ssl_printf(ssl, "%s\n", buf); + } + } + } +} + /** do the status command */ static void do_status(SSL* ssl, struct worker* worker) @@ -2074,7 +2115,7 @@ dump_infra_host(struct lruhash_entry* e, void* arg) d->rtt.srtt, d->rtt.rttvar, rtt_notimeout(&d->rtt), d->rtt.rto, d->timeout_A, d->timeout_AAAA, d->timeout_other, (int)d->edns_lame_known, (int)d->edns_version, - (int)(a->now<d->probedelay?d->probedelay-a->now:0), + (int)(a->now<d->probedelay?(d->probedelay - a->now):0), (int)d->isdnsseclame, (int)d->rec_lame, (int)d->lame_type_A, (int)d->lame_other)) { a->ssl_failed = 1; @@ -2236,11 +2277,17 @@ do_list_local_data(SSL* ssl, struct worker* worker) for(i=0; i<d->count + d->rrsig_count; i++) { if(!packed_rr_to_string(p->rrset, i, 0, s, slen)) { - if(!ssl_printf(ssl, "BADRR\n")) + if(!ssl_printf(ssl, "BADRR\n")) { + lock_rw_unlock(&z->lock); + lock_rw_unlock(&zones->lock); return; + } } - if(!ssl_printf(ssl, "%s\n", s)) + if(!ssl_printf(ssl, "%s\n", s)) { + lock_rw_unlock(&z->lock); + lock_rw_unlock(&zones->lock); return; + } } } } @@ -2249,6 +2296,54 @@ do_list_local_data(SSL* ssl, struct worker* worker) lock_rw_unlock(&zones->lock); } +/** struct for user arg ratelimit list */ +struct ratelimit_list_arg { + /** the infra cache */ + struct infra_cache* infra; + /** the SSL to print to */ + SSL* ssl; + /** all or only ratelimited */ + int all; + /** current time */ + time_t now; +}; + +/** list items in the ratelimit table */ +static void +rate_list(struct lruhash_entry* e, void* arg) +{ + struct ratelimit_list_arg* a = (struct ratelimit_list_arg*)arg; + struct rate_key* k = (struct rate_key*)e->key; + struct rate_data* d = (struct rate_data*)e->data; + char buf[257]; + int lim = infra_find_ratelimit(a->infra, k->name, k->namelen); + int max = infra_rate_max(d, a->now); + if(a->all == 0) { + if(max < lim) + return; + } + dname_str(k->name, buf); + ssl_printf(a->ssl, "%s %d limit %d\n", buf, max, lim); +} + +/** do the ratelimit_list command */ +static void +do_ratelimit_list(SSL* ssl, struct worker* worker, char* arg) +{ + struct ratelimit_list_arg a; + a.all = 0; + a.infra = worker->env.infra_cache; + a.now = *worker->env.now; + a.ssl = ssl; + arg = skipwhite(arg); + if(strcmp(arg, "+a") == 0) + a.all = 1; + if(a.infra->domain_rates==NULL || + (a.all == 0 && infra_dp_ratelimit == 0)) + return; + slabhash_traverse(a.infra->domain_rates, 0, rate_list, &a); +} + /** tell other processes to execute the command */ static void distribute_cmd(struct daemon_remote* rc, SSL* ssl, char* cmd) @@ -2309,12 +2404,18 @@ execute_cmd(struct daemon_remote* rc, SSL* ssl, char* cmd, } else if(cmdcmp(p, "list_stubs", 10)) { do_list_stubs(ssl, worker); return; + } else if(cmdcmp(p, "list_insecure", 13)) { + do_insecure_list(ssl, worker); + return; } else if(cmdcmp(p, "list_local_zones", 16)) { do_list_local_zones(ssl, worker); return; } else if(cmdcmp(p, "list_local_data", 15)) { do_list_local_data(ssl, worker); return; + } else if(cmdcmp(p, "ratelimit_list", 14)) { + do_ratelimit_list(ssl, worker, p+14); + return; } else if(cmdcmp(p, "stub_add", 8)) { /* must always distribute this cmd */ if(rc) distribute_cmd(rc, ssl, cmd); diff --git a/contrib/unbound/daemon/stats.c b/contrib/unbound/daemon/stats.c index d3f41de..838cf05 100644 --- a/contrib/unbound/daemon/stats.c +++ b/contrib/unbound/daemon/stats.c @@ -50,12 +50,13 @@ #include "daemon/daemon.h" #include "services/mesh.h" #include "services/outside_network.h" +#include "services/listen_dnsport.h" #include "util/config_file.h" #include "util/tube.h" #include "util/timehist.h" #include "util/net_help.h" #include "validator/validator.h" -#include "ldns/sbuffer.h" +#include "sldns/sbuffer.h" #include "services/cache/rrset.h" #include "services/cache/infra.h" #include "validator/val_kcache.h" @@ -140,6 +141,7 @@ void server_stats_compile(struct worker* worker, struct stats_info* s, int reset) { int i; + struct listen_list* lp; s->svr = worker->stats; s->mesh_num_states = worker->env.mesh->all.count; @@ -174,6 +176,13 @@ server_stats_compile(struct worker* worker, struct stats_info* s, int reset) s->svr.key_cache_count = count_slabhash_entries(worker->env.key_cache->slab); else s->svr.key_cache_count = 0; + /* get tcp accept usage */ + s->svr.tcp_accept_usage = 0; + for(lp = worker->front->cps; lp; lp = lp->next) { + if(lp->com->type == comm_tcp_accept) + s->svr.tcp_accept_usage += lp->com->cur_tcp_count; + } + if(reset && !worker->env.cfg->stat_cumulative) { worker_stats_clear(worker); } @@ -247,6 +256,7 @@ void server_stats_add(struct stats_info* total, struct stats_info* a) total->svr.rrset_bogus += a->svr.rrset_bogus; total->svr.unwanted_replies += a->svr.unwanted_replies; total->svr.unwanted_queries += a->svr.unwanted_queries; + total->svr.tcp_accept_usage += a->svr.tcp_accept_usage; for(i=0; i<STATS_QTYPE_NUM; i++) total->svr.qtype[i] += a->svr.qtype[i]; for(i=0; i<STATS_QCLASS_NUM; i++) diff --git a/contrib/unbound/daemon/stats.h b/contrib/unbound/daemon/stats.h index 5ea00a0..6985446 100644 --- a/contrib/unbound/daemon/stats.h +++ b/contrib/unbound/daemon/stats.h @@ -129,6 +129,8 @@ struct server_stats { size_t unwanted_replies; /** unwanted traffic received on client-facing ports */ size_t unwanted_queries; + /** usage of tcp accept list */ + size_t tcp_accept_usage; /** histogram data exported to array * if the array is the same size, no data is lost, and diff --git a/contrib/unbound/daemon/worker.c b/contrib/unbound/daemon/worker.c index 5edc21d..79aec4d 100644 --- a/contrib/unbound/daemon/worker.c +++ b/contrib/unbound/daemon/worker.c @@ -71,7 +71,7 @@ #include "validator/val_anchor.h" #include "libunbound/context.h" #include "libunbound/libworker.h" -#include "ldns/sbuffer.h" +#include "sldns/sbuffer.h" #ifdef HAVE_SYS_TYPES_H # include <sys/types.h> @@ -86,6 +86,8 @@ /** Size of an UDP datagram */ #define NORMAL_UDP_SIZE 512 /* bytes */ +/** ratelimit for error responses */ +#define ERROR_RATELIMIT 100 /* qps */ /** * seconds to add to prefetch leeway. This is a TTL that expires old rrsets @@ -291,6 +293,26 @@ worker_handle_service_reply(struct comm_point* c, void* arg, int error, return 0; } +/** ratelimit error replies + * @param worker: the worker struct with ratelimit counter + * @param err: error code that would be wanted. + * @return value of err if okay, or -1 if it should be discarded instead. + */ +static int +worker_err_ratelimit(struct worker* worker, int err) +{ + if(worker->err_limit_time == *worker->env.now) { + /* see if limit is exceeded for this second */ + if(worker->err_limit_count++ > ERROR_RATELIMIT) + return -1; + } else { + /* new second, new limits */ + worker->err_limit_time = *worker->env.now; + worker->err_limit_count = 1; + } + return err; +} + /** check request sanity. * @param pkt: the wire packet to examine for sanity. * @param worker: parameters for checking. @@ -315,32 +337,32 @@ worker_check_request(sldns_buffer* pkt, struct worker* worker) if(LDNS_TC_WIRE(sldns_buffer_begin(pkt))) { LDNS_TC_CLR(sldns_buffer_begin(pkt)); verbose(VERB_QUERY, "request bad, has TC bit on"); - return LDNS_RCODE_FORMERR; + return worker_err_ratelimit(worker, LDNS_RCODE_FORMERR); } if(LDNS_OPCODE_WIRE(sldns_buffer_begin(pkt)) != LDNS_PACKET_QUERY) { verbose(VERB_QUERY, "request unknown opcode %d", LDNS_OPCODE_WIRE(sldns_buffer_begin(pkt))); - return LDNS_RCODE_NOTIMPL; + return worker_err_ratelimit(worker, LDNS_RCODE_NOTIMPL); } if(LDNS_QDCOUNT(sldns_buffer_begin(pkt)) != 1) { verbose(VERB_QUERY, "request wrong nr qd=%d", LDNS_QDCOUNT(sldns_buffer_begin(pkt))); - return LDNS_RCODE_FORMERR; + return worker_err_ratelimit(worker, LDNS_RCODE_FORMERR); } if(LDNS_ANCOUNT(sldns_buffer_begin(pkt)) != 0) { verbose(VERB_QUERY, "request wrong nr an=%d", LDNS_ANCOUNT(sldns_buffer_begin(pkt))); - return LDNS_RCODE_FORMERR; + return worker_err_ratelimit(worker, LDNS_RCODE_FORMERR); } if(LDNS_NSCOUNT(sldns_buffer_begin(pkt)) != 0) { verbose(VERB_QUERY, "request wrong nr ns=%d", LDNS_NSCOUNT(sldns_buffer_begin(pkt))); - return LDNS_RCODE_FORMERR; + return worker_err_ratelimit(worker, LDNS_RCODE_FORMERR); } if(LDNS_ARCOUNT(sldns_buffer_begin(pkt)) > 1) { verbose(VERB_QUERY, "request wrong nr ar=%d", LDNS_ARCOUNT(sldns_buffer_begin(pkt))); - return LDNS_RCODE_FORMERR; + return worker_err_ratelimit(worker, LDNS_RCODE_FORMERR); } return 0; } @@ -546,7 +568,7 @@ answer_from_cache(struct worker* worker, struct query_info* qinfo, if(rep->an_numrrsets > 0 && (rep->rrsets[0]->rk.type == htons(LDNS_RR_TYPE_CNAME) || rep->rrsets[0]->rk.type == htons(LDNS_RR_TYPE_DNAME))) { - if(!reply_check_cname_chain(rep)) { + if(!reply_check_cname_chain(qinfo, rep)) { /* cname chain invalid, redo iterator steps */ verbose(VERB_ALGO, "Cache reply: cname chain broken"); bail_out: @@ -813,6 +835,10 @@ worker_handle_request(struct comm_point* c, void* arg, int error, if(!query_info_parse(&qinfo, c->buffer)) { verbose(VERB_ALGO, "worker parse request: formerror."); log_addr(VERB_CLIENT,"from",&repinfo->addr, repinfo->addrlen); + if(worker_err_ratelimit(worker, LDNS_RCODE_FORMERR) == -1) { + comm_point_drop_reply(repinfo); + return 0; + } sldns_buffer_rewind(c->buffer); LDNS_QR_SET(sldns_buffer_begin(c->buffer)); LDNS_RCODE_SET(sldns_buffer_begin(c->buffer), diff --git a/contrib/unbound/daemon/worker.h b/contrib/unbound/daemon/worker.h index ff69bc1..6361343 100644 --- a/contrib/unbound/daemon/worker.h +++ b/contrib/unbound/daemon/worker.h @@ -103,6 +103,10 @@ struct worker { struct comm_point* cmd_com; /** timer for statistics */ struct comm_timer* stat_timer; + /** ratelimit for errors, time value */ + time_t err_limit_time; + /** ratelimit for errors, packet count */ + unsigned int err_limit_count; /** random() table for this worker. */ struct ub_randstate* rndstate; diff --git a/contrib/unbound/dns64/dns64.c b/contrib/unbound/dns64/dns64.c index eaaa26f..63cc808 100644 --- a/contrib/unbound/dns64/dns64.c +++ b/contrib/unbound/dns64/dns64.c @@ -590,6 +590,10 @@ dns64_synth_aaaa_data(const struct ub_packed_rrset_key* fk, * for the RRs themselves. Each RR has a length, TTL, pointer to wireformat * data, 2 bytes of data length, and 16 bytes of IPv6 address. */ + if(fd->count > RR_COUNT_MAX) { + *dd_out = NULL; + return; /* integer overflow protection in alloc */ + } if (!(dd = *dd_out = regional_alloc(region, sizeof(struct packed_rrset_data) + fd->count * (sizeof(size_t) + sizeof(time_t) + @@ -713,6 +717,8 @@ dns64_adjust_a(int id, struct module_qstate* super, struct module_qstate* qstate if(i<rep->an_numrrsets && fk->rk.type == htons(LDNS_RR_TYPE_A)) { /* also sets dk->entry.hash */ dns64_synth_aaaa_data(fk, fd, dk, &dd, super->region, dns64_env); + if(!dd) + return; /* Delete negative AAAA record from cache stored by * the iterator module */ rrset_cache_remove(super->env->rrset_cache, dk->rk.dname, diff --git a/contrib/unbound/dnstap/dnstap.c b/contrib/unbound/dnstap/dnstap.c index b2dc053..b62dc5b 100644 --- a/contrib/unbound/dnstap/dnstap.c +++ b/contrib/unbound/dnstap/dnstap.c @@ -39,7 +39,7 @@ #include "config.h" #include <string.h> #include <sys/time.h> -#include "ldns/sbuffer.h" +#include "sldns/sbuffer.h" #include "util/config_file.h" #include "util/net_help.h" #include "util/netevent.h" diff --git a/contrib/unbound/doc/Changelog b/contrib/unbound/doc/Changelog index a1c2f76..3f3b245 100644 --- a/contrib/unbound/doc/Changelog +++ b/contrib/unbound/doc/Changelog @@ -1,6 +1,253 @@ +28 September 2015: Wouter + - MAX_TARGET_COUNT increased to 64, to fix up sporadic resolution + failures. + - tag for 1.5.5rc1 release. + - makedist.sh: pgp sig echo commands. + +25 September 2015: Wouter + - Fix unbound-control flush that does not succeed in removing data. + +22 September 2015: Wouter + - Fix config globbed include chroot treatment, this fixes reload of + globs (patch from Dag-Erling Smørgrav). + - iana portlist update. + - Fix #702: New IPs for for h.root-servers.net. + - Remove confusion comment from canonical_compare() function. + - Fix #705: ub_ctx_set_fwd() return value mishandled on windows. + - testbound selftest also works in non-debug mode. + - Fix minor error in unbound.conf.5.in + - Fix unbound.conf(5) access-control description for precedence + and default. + +31 August 2015: Wouter + - changed windows setup compression to be more transparent. + +28 August 2015: Wouter + - Fix #697: Get PY_MAJOR_VERSION failure at configure for python + 2.4 to 2.6. + - Feature #699: --enable-pie option to that builds PIE binary. + - Feature #700: --enable-relro-now option that enables full read-only + relocation. + +24 August 2015: Wouter + - Fix deadlock for local data add and zone add when unbound-control + list_local_data printout is interrupted. + - iana portlist update. + - Change default of harden-algo-downgrade to off. This is lenient + for algorithm rollover. + +13 August 2015: Wouter + - 5011 implementation does not insist on all algorithms, when + harden-algo-downgrade is turned off. + - Reap the child process that libunbound spawns. + +11 August 2015: Wouter + - Fix #694: configure script does not detect LibreSSL 2.2.2 + +4 August 2015: Wouter + - Document that local-zone nodefault matches exactly and transparent + can be used to release a subzone. + +3 August 2015: Wouter + - Document in the manual more text about configuring locally served + zones. + - Fix 5011 anchor update timer after reload. + - Fix mktime in unbound-anchor not using UTC. + +30 July 2015: Wouter + - please afl-gcc (llvm) for uninitialised variable warning. + - Added permit-small-holddown config to debug fast 5011 rollover. + +24 July 2015: Wouter + - Fix #690: Reload fails when so-reuseport is yes after changing + num-threads. + - iana portlist update. + +21 July 2015: Wouter + - Fix configure to detect SSL_CTX_set_ecdh_auto. + - iana portlist update. + +20 July 2015: Wouter + - Enable ECDHE for servers. Where available, use + SSL_CTX_set_ecdh_auto() for TLS-wrapped server configurations to + enable ECDHE. Otherwise, manually offer curve p256. + Client connections should automatically use ECDHE when available. + (thanks Daniel Kahn Gillmor) + +18 July 2015: Willem + - Allow certificate chain files to allow for intermediate certificates. + (thanks Daniel Kahn Gillmor) + +13 July 2015: Wouter + - makedist produces sha1 and sha256 files for created binaries too. + +9 July 2015: Wouter + - 1.5.4 release tag + - trunk has 1.5.5 in development. + - Fix #681: Setting forwarders with unbound-control forward + implicitly turns on forward-first. + +29 June 2015: Wouter + - iana portlist update. + - Fix alloc with log for allocation size checks. + +26 June 2015: Wouter + - Fix #677 Fix DNAME responses from cache that failed internal chain + test. + - iana portlist update. + +22 June 2015: Wouter + - Fix #677 Fix CNAME corresponding to a DNAME was checked incorrectly + and was therefore always synthesized (thanks to Valentin Dietrich). + +4 June 2015: Wouter + - RFC 7553 RR type URI support, is now enabled by default. + +2 June 2015: Wouter + - Fix #674: Do not free pointers given by getenv. + +29 May 2015: Wouter + - Fix that unparseable error responses are ratelimited. + - SOA negative TTL is capped at minimumttl in its rdata section. + - cache-max-negative-ttl config option, default 3600. + +26 May 2015: Wouter + - Document that ratelimit works with unbound-control set_option. + +21 May 2015: Wouter + - iana portlist update. + - documentation proposes ratelimit of 1000 (closer to what upstream + servers expect from us). + +20 May 2015: Wouter + - DLV is going to be decommissioned. Advice to stop using it, and + put text in the example configuration and man page to that effect. + +10 May 2015: Wouter + - Change syntax of particular validator error to be easier for + machine parse, swap rrset and ip adres info so it looks like: + validation failure <www.example.nl. TXT IN>: signature crypto + failed from 2001:DB8:7:bba4::53 for <*.example.nl. NSEC IN> + +1 May 2015: Wouter + - caps-whitelist in unbound.conf allows whitelist of loadbalancers + that cannot work with caps-for-id or its fallback. + +30 April 2015: Wouter + - Unit test for type ANY synthesis. + +22 April 2015: Wouter + - Removed contrib/unbound_unixsock.diff, because it has been + integrated, use control-interface: /path in unbound.conf. + - iana portlist update. + +17 April 2015: Wouter + - Synthesize ANY responses from cache. Does not search exhaustively, + but MX,A,AAAA,SOA,NS also CNAME. + - Fix leaked dns64prefix configuration string. + +16 April 2015: Wouter + - Add local-zone type inform_deny, that logs query and drops answer. + - Ratelimit does not apply to prefetched queries, and ratelimit-factor + is default 10. Repeated normal queries get resolved and with + prefetch stay in the cache. + - Fix bug#664: libunbound python3 related fixes (from Tomas Hozza) + Use print_function also for Python2. + libunbound examples: produce sorted output. + libunbound-Python: libldns is not used anymore. + Fix issue with Python 3 mapping of FILE* using file_py3.i from ldns. + +10 April 2015: Wouter + - unbound-control ratelimit_list lists high rate domains. + - ratelimit feature, ratelimit: 100, or some sensible qps, can be + used to turn it on. It ratelimits recursion effort per zone. + For particular names you can configure exceptions in unbound.conf. + - Fix that get_option for cache-sizes does not print double newline. + - Fix#663: ssl handshake fails when using unix socket because dh size + is too small. + +8 April 2015: Wouter + - Fix crash in dnstap: Do not try to log TCP responses after timeout. + +7 April 2015: Wouter + - Libunbound skips dos-line-endings from etc/hosts. + - Unbound exits with a fatal error when the auto-trust-anchor-file + fails to be writable. This is seconds after startup. You can + load a readonly auto-trust-anchor-file with trust-anchor-file. + The file has to be writable to notice the trust anchor change, + without it, a trust anchor change will be unnoticed and the system + will then become inoperable. + - unbound-control list_insecure command shows the negative trust + anchors currently configured, patch from Jelte Jansen. + +2 April 2015: Wouter + - Fix #660: Fix interface-automatic broken in the presence of + asymmetric routing. + +26 March 2015: Wouter + - remote.c probedelay line is easier to read. + - rename ldns subdirectory to sldns to avoid name collision. + +25 March 2015: Wouter + - Fix #657: libunbound(3) recommends deprecated + CRYPTO_set_id_callback. + - If unknown trust anchor algorithm, and libressl is used, error + message encourages upgrade of the libressl package. + 23 March 2015: Wouter - Fix segfault on user not found at startup (from Maciej Soltysiak). +20 March 2015: Wouter + - Fixed to add integer overflow checks on allocation (defense in depth). + +19 March 2015: Wouter + - Add ip-transparent config option for bind to non-local addresses. + +17 March 2015: Wouter + - Use reallocarray for integer overflow protection, patch submitted + by Loganaden Velvindron. + +16 March 2015: Wouter + - Fixup compile on cygwin, more portable openssl thread id. + +12 March 2015: Wouter + - Updated default keylength in unbound-control-setup to 3k. + +10 March 2015: Wouter + - Fix lintian warning in unbound-checkconf man page (from Andreas + Schulze). + - print svnroot when building windows dist. + - iana portlist update. + - Fix warning on sign compare in getentropy_linux. + +9 March 2015: Wouter + - Fix #644: harden-algo-downgrade option, if turned off, fixes the + reported excessive validation failure when multiple algorithms + are present. It allows the weakest algorithm to validate the zone. + - iana portlist update. + +5 March 2015: Wouter + - contrib/unbound_smf22.tar.gz: Solaris SMF installation/removal + scripts. Contributed by Yuri Voinov. + - Document that incoming-num-tcp increase is good for large servers. + - stats reports tcp usage, of incoming-num-tcp buffers. + +4 March 2015: Wouter + - Patch from Brad Smith that syncs compat/getentropy_linux with + OpenBSD's version (2015-03-04). + - 0x20 fallback improved: servfail responses do not count as missing + comparisons (except if all responses are errors), + inability to find nameservers does not fail equality comparisons, + many nameservers does not try to compare more than max-sent-count, + parse failures start 0x20 fallback procedure. + - store caps_response with best response in case downgrade response + happens to be the last one. + - Document windows 8 tests. + +3 March 2015: Wouter + - tag 1.5.3rc1 + [ This became 1.5.3 on 10 March, trunk is 1.5.4 in development ] + 2 March 2015: Wouter - iana portlist update. diff --git a/contrib/unbound/doc/README b/contrib/unbound/doc/README index f3530d6..c8bddcc 100644 --- a/contrib/unbound/doc/README +++ b/contrib/unbound/doc/README @@ -1,4 +1,4 @@ -README for Unbound 1.5.3 +README for Unbound 1.5.5 Copyright 2007 NLnet Labs http://unbound.net diff --git a/contrib/unbound/doc/example.conf b/contrib/unbound/doc/example.conf index acb553b..87bbebe 100644 --- a/contrib/unbound/doc/example.conf +++ b/contrib/unbound/doc/example.conf @@ -1,7 +1,7 @@ # # Example configuration file. # -# See unbound.conf(5) man page, version 1.5.3. +# See unbound.conf(5) man page, version 1.5.5. # # this is a comment. @@ -87,6 +87,10 @@ server: # use SO_REUSEPORT to distribute queries over threads. # so-reuseport: no + + # use IP_TRANSPARENT so the interface: addresses can be non-local + # and you can config non-existing IPs that are going to work later on + # ip-transparent: no # EDNS reassembly buffer to advertise to UDP peers (the actual buffer # is set with msg-buffer-size). 1480 can solve fragmentation (timeouts). @@ -135,6 +139,9 @@ server: # cache. Items are not cached for longer. In seconds. # cache-max-ttl: 86400 + # the time to live (TTL) value cap for negative responses in the cache + # cache-max-negative-ttl: 3600 + # the time to live (TTL) value for cached roundtrip times, lameness and # EDNS version information for hosts. In seconds. # infra-host-ttl: 900 @@ -284,9 +291,18 @@ server: # implementation of draft-wijngaards-dnsext-resolver-side-mitigation. # harden-referral-path: no + # Harden against algorithm downgrade when multiple algorithms are + # advertised in the DS record. If no, allows the weakest algorithm + # to validate the zone. + # harden-algo-downgrade: no + # Use 0x20-encoded random bits in the query to foil spoof attempts. # This feature is an experimental implementation of draft dns-0x20. # use-caps-for-id: no + + # Domains (and domains in them) without support for dns-0x20 and + # the fallback fails because they keep sending different answers. + # caps-whitelist: "licdn.com" # Enforce privacy of these addresses. Strips them away from answers. # It may cause DNSSEC validation to additionally mark it as bogus. @@ -349,7 +365,7 @@ server: # File with DLV trusted keys. Same format as trust-anchor-file. # There can be only one DLV configured, it is trusted from root down. - # Download http://ftp.isc.org/www/dlv/dlv.isc.org.key + # DLV is going to be decommissioned. Please do not use it any more. # dlv-anchor-file: "dlv.isc.org.key" # File with trusted keys for validation. Specify more than one file @@ -428,6 +444,9 @@ server: # If the value 0 is given, missing anchors are not removed. # keep-missing: 31622400 # 366 days + # debug option that allows very small holddown times for key rollover + # permit-small-holddown: no + # the amount of memory to use for the key cache. # plain value in bytes or you can append k, m or G. default is "4Mb". # key-cache-size: 4m @@ -501,6 +520,7 @@ server: # o nodefault can be used to normally resolve AS112 zones. # o typetransparent resolves normally for other types and other names # o inform resolves normally, but logs client IP address + # o inform_deny drops queries and logs client IP address # # defaults are localhost address, reverse for 127.0.0.1 and ::1 # and nxdomain for AS112 zones. If you configure one of these zones @@ -542,6 +562,26 @@ server: # Enable dns64 in module-config. Used to synthesize IPv6 from IPv4. # dns64-prefix: 64:ff9b::0/96 + # ratelimit for uncached, new queries, this limits recursion effort. + # ratelimiting is experimental, and may help against randomqueryflood. + # if 0(default) it is disabled, otherwise state qps allowed per zone. + # ratelimit: 0 + + # ratelimits are tracked in a cache, size in bytes of cache (or k,m). + # ratelimit-size: 4m + # ratelimit cache slabs, reduces lock contention if equal to cpucount. + # ratelimit-slabs: 4 + + # 0 blocks when ratelimited, otherwise let 1/xth traffic through + # ratelimit-factor: 10 + + # override the ratelimit for a specific domain name. + # give this setting multiple times to have multiple overrides. + # ratelimit-for-domain: example.com 1000 + # override the ratelimits for all domains below a domain name + # can give this multiple times, the name closest to the zone is used. + # ratelimit-below-domain: example 1000 + # Python config section. To enable: # o use --with-pythonmodule to configure before compiling. # o list python in the module-config string (above) to enable. @@ -586,6 +626,8 @@ remote-control: # nameservers by hostname or by ipaddress. If you set stub-prime to yes, # the list is treated as priming hints (default is no). # With stub-first yes, it attempts without the stub if it fails. +# Consider adding domain-insecure: name and local-zone: name nodefault +# to the server: section if the stub is a locally served zone. # stub-zone: # name: "example.com" # stub-addr: 192.0.2.68 diff --git a/contrib/unbound/doc/example.conf.in b/contrib/unbound/doc/example.conf.in index 60ed5c8..399aa80 100644 --- a/contrib/unbound/doc/example.conf.in +++ b/contrib/unbound/doc/example.conf.in @@ -1,7 +1,7 @@ # # Example configuration file. # -# See unbound.conf(5) man page, version 1.5.3. +# See unbound.conf(5) man page, version 1.5.5. # # this is a comment. @@ -87,6 +87,10 @@ server: # use SO_REUSEPORT to distribute queries over threads. # so-reuseport: no + + # use IP_TRANSPARENT so the interface: addresses can be non-local + # and you can config non-existing IPs that are going to work later on + # ip-transparent: no # EDNS reassembly buffer to advertise to UDP peers (the actual buffer # is set with msg-buffer-size). 1480 can solve fragmentation (timeouts). @@ -135,6 +139,9 @@ server: # cache. Items are not cached for longer. In seconds. # cache-max-ttl: 86400 + # the time to live (TTL) value cap for negative responses in the cache + # cache-max-negative-ttl: 3600 + # the time to live (TTL) value for cached roundtrip times, lameness and # EDNS version information for hosts. In seconds. # infra-host-ttl: 900 @@ -284,9 +291,18 @@ server: # implementation of draft-wijngaards-dnsext-resolver-side-mitigation. # harden-referral-path: no + # Harden against algorithm downgrade when multiple algorithms are + # advertised in the DS record. If no, allows the weakest algorithm + # to validate the zone. + # harden-algo-downgrade: no + # Use 0x20-encoded random bits in the query to foil spoof attempts. # This feature is an experimental implementation of draft dns-0x20. # use-caps-for-id: no + + # Domains (and domains in them) without support for dns-0x20 and + # the fallback fails because they keep sending different answers. + # caps-whitelist: "licdn.com" # Enforce privacy of these addresses. Strips them away from answers. # It may cause DNSSEC validation to additionally mark it as bogus. @@ -349,7 +365,7 @@ server: # File with DLV trusted keys. Same format as trust-anchor-file. # There can be only one DLV configured, it is trusted from root down. - # Download http://ftp.isc.org/www/dlv/dlv.isc.org.key + # DLV is going to be decommissioned. Please do not use it any more. # dlv-anchor-file: "dlv.isc.org.key" # File with trusted keys for validation. Specify more than one file @@ -428,6 +444,9 @@ server: # If the value 0 is given, missing anchors are not removed. # keep-missing: 31622400 # 366 days + # debug option that allows very small holddown times for key rollover + # permit-small-holddown: no + # the amount of memory to use for the key cache. # plain value in bytes or you can append k, m or G. default is "4Mb". # key-cache-size: 4m @@ -501,6 +520,7 @@ server: # o nodefault can be used to normally resolve AS112 zones. # o typetransparent resolves normally for other types and other names # o inform resolves normally, but logs client IP address + # o inform_deny drops queries and logs client IP address # # defaults are localhost address, reverse for 127.0.0.1 and ::1 # and nxdomain for AS112 zones. If you configure one of these zones @@ -542,6 +562,26 @@ server: # Enable dns64 in module-config. Used to synthesize IPv6 from IPv4. # dns64-prefix: 64:ff9b::0/96 + # ratelimit for uncached, new queries, this limits recursion effort. + # ratelimiting is experimental, and may help against randomqueryflood. + # if 0(default) it is disabled, otherwise state qps allowed per zone. + # ratelimit: 0 + + # ratelimits are tracked in a cache, size in bytes of cache (or k,m). + # ratelimit-size: 4m + # ratelimit cache slabs, reduces lock contention if equal to cpucount. + # ratelimit-slabs: 4 + + # 0 blocks when ratelimited, otherwise let 1/xth traffic through + # ratelimit-factor: 10 + + # override the ratelimit for a specific domain name. + # give this setting multiple times to have multiple overrides. + # ratelimit-for-domain: example.com 1000 + # override the ratelimits for all domains below a domain name + # can give this multiple times, the name closest to the zone is used. + # ratelimit-below-domain: example 1000 + # Python config section. To enable: # o use --with-pythonmodule to configure before compiling. # o list python in the module-config string (above) to enable. @@ -586,6 +626,8 @@ remote-control: # nameservers by hostname or by ipaddress. If you set stub-prime to yes, # the list is treated as priming hints (default is no). # With stub-first yes, it attempts without the stub if it fails. +# Consider adding domain-insecure: name and local-zone: name nodefault +# to the server: section if the stub is a locally served zone. # stub-zone: # name: "example.com" # stub-addr: 192.0.2.68 diff --git a/contrib/unbound/doc/libunbound.3 b/contrib/unbound/doc/libunbound.3 index a4c7945..9ef367f 100644 --- a/contrib/unbound/doc/libunbound.3 +++ b/contrib/unbound/doc/libunbound.3 @@ -1,4 +1,4 @@ -.TH "libunbound" "3" "Mar 10, 2015" "NLnet Labs" "unbound 1.5.3" +.TH "libunbound" "3" "Oct 6, 2015" "NLnet Labs" "unbound 1.5.5" .\" .\" libunbound.3 -- unbound library functions manual .\" @@ -42,7 +42,7 @@ .B ub_ctx_zone_remove, .B ub_ctx_data_add, .B ub_ctx_data_remove -\- Unbound DNS validating resolver 1.5.3 functions. +\- Unbound DNS validating resolver 1.5.5 functions. .SH "SYNOPSIS" .B #include <unbound.h> .LP @@ -175,6 +175,7 @@ to read them. Before you call this, use the openssl functions CRYPTO_set_id_callback and CRYPTO_set_locking_callback to set up asyncronous operation if you use lib openssl (the application calls these functions once for initialisation). +Openssl 1.0.0 or later uses the CRYPTO_THREADID_set_callback function. .TP .B ub_ctx_delete Delete validation context and free associated resources. diff --git a/contrib/unbound/doc/libunbound.3.in b/contrib/unbound/doc/libunbound.3.in index a4c7945..9ef367f 100644 --- a/contrib/unbound/doc/libunbound.3.in +++ b/contrib/unbound/doc/libunbound.3.in @@ -1,4 +1,4 @@ -.TH "libunbound" "3" "Mar 10, 2015" "NLnet Labs" "unbound 1.5.3" +.TH "libunbound" "3" "Oct 6, 2015" "NLnet Labs" "unbound 1.5.5" .\" .\" libunbound.3 -- unbound library functions manual .\" @@ -42,7 +42,7 @@ .B ub_ctx_zone_remove, .B ub_ctx_data_add, .B ub_ctx_data_remove -\- Unbound DNS validating resolver 1.5.3 functions. +\- Unbound DNS validating resolver 1.5.5 functions. .SH "SYNOPSIS" .B #include <unbound.h> .LP @@ -175,6 +175,7 @@ to read them. Before you call this, use the openssl functions CRYPTO_set_id_callback and CRYPTO_set_locking_callback to set up asyncronous operation if you use lib openssl (the application calls these functions once for initialisation). +Openssl 1.0.0 or later uses the CRYPTO_THREADID_set_callback function. .TP .B ub_ctx_delete Delete validation context and free associated resources. diff --git a/contrib/unbound/doc/unbound-anchor.8 b/contrib/unbound/doc/unbound-anchor.8 index 3682d8f..7fbb0a7 100644 --- a/contrib/unbound/doc/unbound-anchor.8 +++ b/contrib/unbound/doc/unbound-anchor.8 @@ -1,4 +1,4 @@ -.TH "unbound-anchor" "8" "Mar 10, 2015" "NLnet Labs" "unbound 1.5.3" +.TH "unbound-anchor" "8" "Oct 6, 2015" "NLnet Labs" "unbound 1.5.5" .\" .\" unbound-anchor.8 -- unbound anchor maintenance utility manual .\" diff --git a/contrib/unbound/doc/unbound-anchor.8.in b/contrib/unbound/doc/unbound-anchor.8.in index fb2136f..e89be5b 100644 --- a/contrib/unbound/doc/unbound-anchor.8.in +++ b/contrib/unbound/doc/unbound-anchor.8.in @@ -1,4 +1,4 @@ -.TH "unbound-anchor" "8" "Mar 10, 2015" "NLnet Labs" "unbound 1.5.3" +.TH "unbound-anchor" "8" "Oct 6, 2015" "NLnet Labs" "unbound 1.5.5" .\" .\" unbound-anchor.8 -- unbound anchor maintenance utility manual .\" diff --git a/contrib/unbound/doc/unbound-checkconf.8 b/contrib/unbound/doc/unbound-checkconf.8 index d2b659e..eaa406b 100644 --- a/contrib/unbound/doc/unbound-checkconf.8 +++ b/contrib/unbound/doc/unbound-checkconf.8 @@ -1,4 +1,4 @@ -.TH "unbound-checkconf" "8" "Mar 10, 2015" "NLnet Labs" "unbound 1.5.3" +.TH "unbound-checkconf" "8" "Oct 6, 2015" "NLnet Labs" "unbound 1.5.5" .\" .\" unbound-checkconf.8 -- unbound configuration checker manual .\" @@ -31,7 +31,7 @@ The available options are: Show the version and commandline option help. .TP .B \-f -Print full pathname, with chroot applied to it. Use with the -o option. +Print full pathname, with chroot applied to it. Use with the \-o option. .TP .B \-o\fI option If given, after checking the config file the value of this option is diff --git a/contrib/unbound/doc/unbound-checkconf.8.in b/contrib/unbound/doc/unbound-checkconf.8.in index e7db810..234a04a 100644 --- a/contrib/unbound/doc/unbound-checkconf.8.in +++ b/contrib/unbound/doc/unbound-checkconf.8.in @@ -1,4 +1,4 @@ -.TH "unbound-checkconf" "8" "Mar 10, 2015" "NLnet Labs" "unbound 1.5.3" +.TH "unbound-checkconf" "8" "Oct 6, 2015" "NLnet Labs" "unbound 1.5.5" .\" .\" unbound-checkconf.8 -- unbound configuration checker manual .\" @@ -31,7 +31,7 @@ The available options are: Show the version and commandline option help. .TP .B \-f -Print full pathname, with chroot applied to it. Use with the -o option. +Print full pathname, with chroot applied to it. Use with the \-o option. .TP .B \-o\fI option If given, after checking the config file the value of this option is diff --git a/contrib/unbound/doc/unbound-control.8 b/contrib/unbound/doc/unbound-control.8 index e6228b7..5de37cf 100644 --- a/contrib/unbound/doc/unbound-control.8 +++ b/contrib/unbound/doc/unbound-control.8 @@ -1,4 +1,4 @@ -.TH "unbound-control" "8" "Mar 10, 2015" "NLnet Labs" "unbound 1.5.3" +.TH "unbound-control" "8" "Oct 6, 2015" "NLnet Labs" "unbound 1.5.5" .\" .\" unbound-control.8 -- unbound remote control manual .\" @@ -177,7 +177,8 @@ harden\-glue, harden\-dnssec\-stripped, harden\-below\-nxdomain, harden\-referral\-path, prefetch, prefetch\-key, log\-queries, hide\-identity, hide\-version, identity, version, val\-log\-level, val\-log\-squelch, ignore\-cd\-flag, add\-holddown, del\-holddown, -keep\-missing, tcp\-upstream, ssl\-upstream, max\-udp\-size. +keep\-missing, tcp\-upstream, ssl\-upstream, max\-udp\-size, ratelimit, +cache\-max\-ttl, cache\-min\-ttl, cache\-max\-negative\-ttl. .TP .B get_option \fIopt Get the value of the option. Give the option name without a trailing ':'. @@ -197,6 +198,9 @@ This includes the root hints in use. .B list_forwards List the forward zones in use. These are printed zone by zone to the output. .TP +.B list_insecure +List the zones with domain\-insecure. +.TP .B list_local_zones List the local zones in use. These are printed one per line with zone type. .TP @@ -252,6 +256,13 @@ port number can be set explicitly (default port is 53 (DNS)). By default the forwarder information from the config file for the root "." is used. The config file is not changed, so after a reload these changes are gone. Other forward zones from the config file are not affected by this command. +.TP +.B ratelimit_list \fR[\fI+a\fR] +List the domains that are ratelimited. Printed one per line with current +estimated qps and qps limit from config. With +a it prints all domains, not +just the ratelimited domains, with their estimated qps. The ratelimited +domains return an error for uncached (new) queries, but cached queries work +as normal. .SH "EXIT CODE" The unbound\-control program exits with status code 1 on error, 0 on success. .SH "SET UP" @@ -322,6 +333,11 @@ less than this time. Because of big outliers (usually queries to non responsive servers), the average can be bigger than the median. This median has been calculated by interpolation from a histogram. .TP +.I threadX.tcpusage +The currently held tcp buffers for incoming connections. A spot value on +the time of the request. This helps you spot if the incoming\-num\-tcp +buffers are full. +.TP .I total.num.queries summed over threads. .TP @@ -355,6 +371,9 @@ summed over threads. .I total.recursion.time.median averaged over threads. .TP +.I total.tcpusage +summed over threads. +.TP .I time.now current time in seconds since 1970. .TP diff --git a/contrib/unbound/doc/unbound-control.8.in b/contrib/unbound/doc/unbound-control.8.in index f6eae24..eefd207 100644 --- a/contrib/unbound/doc/unbound-control.8.in +++ b/contrib/unbound/doc/unbound-control.8.in @@ -1,4 +1,4 @@ -.TH "unbound-control" "8" "Mar 10, 2015" "NLnet Labs" "unbound 1.5.3" +.TH "unbound-control" "8" "Oct 6, 2015" "NLnet Labs" "unbound 1.5.5" .\" .\" unbound-control.8 -- unbound remote control manual .\" @@ -177,7 +177,8 @@ harden\-glue, harden\-dnssec\-stripped, harden\-below\-nxdomain, harden\-referral\-path, prefetch, prefetch\-key, log\-queries, hide\-identity, hide\-version, identity, version, val\-log\-level, val\-log\-squelch, ignore\-cd\-flag, add\-holddown, del\-holddown, -keep\-missing, tcp\-upstream, ssl\-upstream, max\-udp\-size. +keep\-missing, tcp\-upstream, ssl\-upstream, max\-udp\-size, ratelimit, +cache\-max\-ttl, cache\-min\-ttl, cache\-max\-negative\-ttl. .TP .B get_option \fIopt Get the value of the option. Give the option name without a trailing ':'. @@ -197,6 +198,9 @@ This includes the root hints in use. .B list_forwards List the forward zones in use. These are printed zone by zone to the output. .TP +.B list_insecure +List the zones with domain\-insecure. +.TP .B list_local_zones List the local zones in use. These are printed one per line with zone type. .TP @@ -252,6 +256,13 @@ port number can be set explicitly (default port is 53 (DNS)). By default the forwarder information from the config file for the root "." is used. The config file is not changed, so after a reload these changes are gone. Other forward zones from the config file are not affected by this command. +.TP +.B ratelimit_list \fR[\fI+a\fR] +List the domains that are ratelimited. Printed one per line with current +estimated qps and qps limit from config. With +a it prints all domains, not +just the ratelimited domains, with their estimated qps. The ratelimited +domains return an error for uncached (new) queries, but cached queries work +as normal. .SH "EXIT CODE" The unbound\-control program exits with status code 1 on error, 0 on success. .SH "SET UP" @@ -322,6 +333,11 @@ less than this time. Because of big outliers (usually queries to non responsive servers), the average can be bigger than the median. This median has been calculated by interpolation from a histogram. .TP +.I threadX.tcpusage +The currently held tcp buffers for incoming connections. A spot value on +the time of the request. This helps you spot if the incoming\-num\-tcp +buffers are full. +.TP .I total.num.queries summed over threads. .TP @@ -355,6 +371,9 @@ summed over threads. .I total.recursion.time.median averaged over threads. .TP +.I total.tcpusage +summed over threads. +.TP .I time.now current time in seconds since 1970. .TP diff --git a/contrib/unbound/doc/unbound-host.1 b/contrib/unbound/doc/unbound-host.1 index bda99ce..d600ee6 100644 --- a/contrib/unbound/doc/unbound-host.1 +++ b/contrib/unbound/doc/unbound-host.1 @@ -1,4 +1,4 @@ -.TH "unbound\-host" "1" "Mar 10, 2015" "NLnet Labs" "unbound 1.5.3" +.TH "unbound\-host" "1" "Oct 6, 2015" "NLnet Labs" "unbound 1.5.5" .\" .\" unbound-host.1 -- unbound DNS lookup utility .\" diff --git a/contrib/unbound/doc/unbound-host.1.in b/contrib/unbound/doc/unbound-host.1.in index 9129bea..a4742d7 100644 --- a/contrib/unbound/doc/unbound-host.1.in +++ b/contrib/unbound/doc/unbound-host.1.in @@ -1,4 +1,4 @@ -.TH "unbound\-host" "1" "Mar 10, 2015" "NLnet Labs" "unbound 1.5.3" +.TH "unbound\-host" "1" "Oct 6, 2015" "NLnet Labs" "unbound 1.5.5" .\" .\" unbound-host.1 -- unbound DNS lookup utility .\" diff --git a/contrib/unbound/doc/unbound.8 b/contrib/unbound/doc/unbound.8 index 8609a0a..3935e61 100644 --- a/contrib/unbound/doc/unbound.8 +++ b/contrib/unbound/doc/unbound.8 @@ -1,4 +1,4 @@ -.TH "unbound" "8" "Mar 10, 2015" "NLnet Labs" "unbound 1.5.3" +.TH "unbound" "8" "Oct 6, 2015" "NLnet Labs" "unbound 1.5.5" .\" .\" unbound.8 -- unbound manual .\" @@ -9,7 +9,7 @@ .\" .SH "NAME" .B unbound -\- Unbound DNS validating resolver 1.5.3. +\- Unbound DNS validating resolver 1.5.5. .SH "SYNOPSIS" .B unbound .RB [ \-h ] diff --git a/contrib/unbound/doc/unbound.8.in b/contrib/unbound/doc/unbound.8.in index 7242469..df9baa0 100644 --- a/contrib/unbound/doc/unbound.8.in +++ b/contrib/unbound/doc/unbound.8.in @@ -1,4 +1,4 @@ -.TH "unbound" "8" "Mar 10, 2015" "NLnet Labs" "unbound 1.5.3" +.TH "unbound" "8" "Oct 6, 2015" "NLnet Labs" "unbound 1.5.5" .\" .\" unbound.8 -- unbound manual .\" @@ -9,7 +9,7 @@ .\" .SH "NAME" .B unbound -\- Unbound DNS validating resolver 1.5.3. +\- Unbound DNS validating resolver 1.5.5. .SH "SYNOPSIS" .B unbound .RB [ \-h ] diff --git a/contrib/unbound/doc/unbound.conf.5 b/contrib/unbound/doc/unbound.conf.5 index c2637aa..990a0a6 100644 --- a/contrib/unbound/doc/unbound.conf.5 +++ b/contrib/unbound/doc/unbound.conf.5 @@ -1,4 +1,4 @@ -.TH "unbound.conf" "5" "Mar 10, 2015" "NLnet Labs" "unbound 1.5.3" +.TH "unbound.conf" "5" "Oct 6, 2015" "NLnet Labs" "unbound 1.5.5" .\" .\" unbound.conf.5 -- unbound.conf manual .\" @@ -164,12 +164,14 @@ By default only ports above 1024 that have not been assigned by IANA are used. Give a port number or a range of the form "low\-high", without spaces. .TP .B outgoing\-num\-tcp: \fI<number> -Number of outgoing TCP buffers to allocate per thread. Default is 10. If set -to 0, or if do\-tcp is "no", no TCP queries to authoritative servers are done. +Number of outgoing TCP buffers to allocate per thread. Default is 10. If +set to 0, or if do\-tcp is "no", no TCP queries to authoritative servers +are done. For larger installations increasing this value is a good idea. .TP .B incoming\-num\-tcp: \fI<number> -Number of incoming TCP buffers to allocate per thread. Default is 10. If set -to 0, or if do\-tcp is "no", no TCP queries from clients are accepted. +Number of incoming TCP buffers to allocate per thread. Default is +10. If set to 0, or if do\-tcp is "no", no TCP queries from clients are +accepted. For larger installations increasing this value is a good idea. .TP .B edns\-buffer\-size: \fI<number> Number of bytes size to advertise as the EDNS reassembly buffer size. @@ -265,6 +267,16 @@ it then attempts to open the port and passes the option if it was available at compile time, if that works it is used, if it fails, it continues silently (unless verbosity 3) without the option. .TP +.B ip\-transparent: \fI<yes or no> +If yes, then use IP_TRANSPARENT socket option on sockets where unbound +is listening for incoming traffic. Default no. Allows you to bind to +non\-local interfaces. For example for non\-existant IP addresses that +are going to exist later on, with host failover configuration. This is +a lot like interface\-automatic, but that one services all interfaces +and with this option you can select which (future) interfaces unbound +provides service on. This option needs unbound to be started with root +permissions on some systems. +.TP .B rrset\-cache\-size: \fI<number> Number of bytes size of the RRset cache. Default is 4 megabytes. A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes, megabytes @@ -284,12 +296,16 @@ trust (very large) TTL values. .TP .B cache\-min\-ttl: \fI<seconds> Time to live minimum for RRsets and messages in the cache. Default is 0. -If the the minimum kicks in, the data is cached for longer than the domain +If the minimum kicks in, the data is cached for longer than the domain owner intended, and thus less queries are made to look up the data. Zero makes sure the data in the cache is as the domain owner intended, higher values, especially more than an hour or so, can lead to trouble as the data in the cache does not match up with the actual data any more. .TP +.B cache\-max\-negative\-ttl: \fI<seconds> +Time to live maximum for negative responses, these have a SOA in the +authority section that is limited in time. Default is 3600. +.TP .B infra\-host\-ttl: \fI<seconds> Time to live for entries in the host cache. The host cache contains roundtrip timing, lameness and EDNS support information. Default is 900. @@ -357,6 +373,7 @@ a daemon. Default is yes. The netblock is given as an IP4 or IP6 address with /size appended for a classless network block. The action can be \fIdeny\fR, \fIrefuse\fR, \fIallow\fR, \fIallow_snoop\fR, \fIdeny_non_local\fR or \fIrefuse_non_local\fR. +The most specific netblock match is used, if none match \fIdeny\fR is used. .IP The action \fIdeny\fR stops queries from hosts from that netblock. .IP @@ -464,7 +481,7 @@ kill \-HUP `cat /var/unbound/unbound.pid` .fi triggers a reload, .nf -kill \-QUIT `cat /var/unbound/unbound.pid` +kill \-TERM `cat /var/unbound/unbound.pid` .fi gracefully terminates. .TP @@ -548,6 +565,13 @@ extra query load that is generated. Experimental option. If you enable it consider adding more numbers after the target\-fetch\-policy to increase the max depth that is checked to. .TP +.B harden\-algo\-downgrade: \fI<yes or no> +Harden against algorithm downgrade when multiple algorithms are +advertised in the DS record. If no, allows the weakest algorithm to +validate the zone. Default is no. Zone signers must produce zones +that allow this feature to work, but sometimes they do not, and turning +this option off avoids that validation failure. +.TP .B use\-caps\-for\-id: \fI<yes or no> Use 0x20\-encoded random bits in the query to foil spoof attempts. This perturbs the lowercase and uppercase of query names sent to @@ -555,6 +579,12 @@ authority servers and checks if the reply still has the correct casing. Disabled by default. This feature is an experimental implementation of draft dns\-0x20. .TP +.B caps\-whitelist: \fI<domain> +Whitelist the domain so that it does not receive caps\-for\-id perturbed +queries. For domains that do not support 0x20 and also fail with fallback +because they keep sending different answers, like some load balancers. +Can be given multiple times, for different domains. +.TP .B private\-address: \fI<IP address or subnet> Give IPv4 of IPv6 addresses or classless subnets. These are addresses on your private network, and are not allowed to be returned for public @@ -655,14 +685,19 @@ It is possible to use wildcards with this statement, the wildcard is expanded on start and on reload. .TP .B dlv\-anchor\-file: \fI<filename> +This option was used during early days DNSSEC deployment when no parent-side +DS record registrations were easily available. Nowadays, it is best to have +DS records registered with the parent zone (many top level zones are signed). File with trusted keys for DLV (DNSSEC Lookaside Validation). Both DS and DNSKEY entries can be used in the file, in the same format as for \fItrust\-anchor\-file:\fR statements. Only one DLV can be configured, more would be slow. The DLV configured is used as a root trusted DLV, this means that it is a lookaside for the root. Default is "", or no dlv anchor file. +DLV is going to be decommissioned. Please do not use it any more. .TP .B dlv\-anchor: \fI<"Resource Record"> Much like trust\-anchor, this is a DLV anchor with the DS or DNSKEY inline. +DLV is going to be decommissioned. Please do not use it any more. .TP .B domain\-insecure: \fI<domain name> Sets domain name to be insecure, DNSSEC chain of trust is ignored towards @@ -767,6 +802,10 @@ mechanism work with zones that perform regular (non\-5011) rollovers. The default is 366 days. The value 0 does not remove missing anchors, as per the RFC. .TP +.B permit\-small\-holddown: \fI<yes or no> +Debug option that allows the autotrust 5011 rollover timers to assume +very small values. Default is no. +.TP .B key\-cache\-size: \fI<number> Number of bytes size of the key cache. Default is 4 megabytes. A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes, megabytes @@ -796,10 +835,10 @@ data leakage about the local network to the upstream DNS servers. .B local\-zone: \fI<zone> <type> Configure a local zone. The type determines the answer to give if there is no match from local\-data. The types are deny, refuse, static, -transparent, redirect, nodefault, typetransparent, inform, and are explained -below. After that the default settings are listed. Use local\-data: to -enter data into the local zone. Answers for local zones are authoritative -DNS answers. By default the zones are class IN. +transparent, redirect, nodefault, typetransparent, inform, inform_deny, +and are explained below. After that the default settings are listed. Use +local\-data: to enter data into the local zone. Answers for local zones +are authoritative DNS answers. By default the zones are class IN. .IP If you need more complicated authoritative data, with referrals, wildcards, CNAME/DNAME support, or DNSSEC authoritative service, setup a stub\-zone for @@ -853,11 +892,16 @@ info: zonename inform IP@port queryname type class. This option can be used for normal resolution, but machines looking up infected names are logged, eg. to run antivirus on them. .TP 10 +\h'5'\fIinform_deny\fR +The query is dropped, like 'deny', and logged, like 'inform'. Ie. find +infected machines without answering the queries. +.TP 10 \h'5'\fInodefault\fR Used to turn off default contents for AS112 zones. The other types also turn off default contents for the zone. The 'nodefault' option has no other effect than turning off default contents for the -given zone. +given zone. Use \fInodefault\fR if you use exactly that zone, if you want to +use a subzone, use \fItransparent\fR. .P The default zones are localhost, reverse 127.0.0.1 and ::1, and the AS112 zones. The AS112 zones are reverse DNS zones for private use and reserved @@ -959,6 +1003,51 @@ it as detailed in the stub zone section below. Configure local data shorthand for a PTR record with the reversed IPv4 or IPv6 address and the host name. For example "192.0.2.4 www.example.com". TTL can be inserted like this: "2001:DB8::4 7200 www.example.com" +.TP 5 +.B ratelimit: \fI<number or 0> +Enable ratelimiting of queries sent to nameserver for performing recursion. +If 0, the default, it is disabled. This option is experimental at this time. +The ratelimit is in queries per second that are allowed. More queries are +turned away with an error (servfail). This stops recursive floods, eg. random +query names, but not spoofed reflection floods. Cached responses are not +ratelimited by this setting. The zone of the query is determined by examining +the nameservers for it, the zone name is used to keep track of the rate. +For example, 1000 may be a suitable value to stop the server from being +overloaded with random names, and keeps unbound from sending traffic to the +nameservers for those zones. +.TP 5 +.B ratelimit\-size: \fI<memory size> +Give the size of the data structure in which the current ongoing rates are +kept track in. Default 4m. In bytes or use m(mega), k(kilo), g(giga). +The ratelimit structure is small, so this data structure likely does +not need to be large. +.TP 5 +.B ratelimit\-slabs: \fI<number> +Give power of 2 number of slabs, this is used to reduce lock contention +in the ratelimit tracking data structure. Close to the number of cpus is +a fairly good setting. +.TP 5 +.B ratelimit\-factor: \fI<number> +Set the amount of queries to rate limit when the limit is exceeded. +If set to 0, all queries are dropped for domains where the limit is +exceeded. If set to another value, 1 in that number is allowed through +to complete. Default is 10, allowing 1/10 traffic to flow normally. +This can make ordinary queries complete (if repeatedly queried for), +and enter the cache, whilst also mitigiting the traffic flow by the +factor given. +.TP 5 +.B ratelimit\-for\-domain: \fI<domain> <number qps> +Override the global ratelimit for an exact match domain name with the listed +number. You can give this for any number of names. For example, for +a top\-level\-domain you may want to have a higher limit than other names. +.TP 5 +.B ratelimit\-below\-domain: \fI<domain> <number qps> +Override the global ratelimit for a domain name that ends in this name. +You can give this multiple times, it then describes different settings +in different parts of the namespace. The closest matching suffix is used +to determine the qps limit. The rate for the exact matching domain name +is not changed, use ratelimit\-for\-domain to set that, you might want +to use different settings for a top\-level\-domain and subdomains. .SS "Remote Control Options" In the .B remote\-control: @@ -1041,6 +1130,12 @@ bit on replies for the private zone (authoritative servers do not set the AD bit). This setup makes unbound capable of answering queries for the private zone, and can even set the AD bit ('authentic'), but the AA ('authoritative') bit is not set on these replies. +.P +Consider adding \fBserver:\fR statements for \fBdomain\-insecure:\fR and +for \fBlocal\-zone:\fI name nodefault\fR for the zone if it is a locally +served zone. The insecure clause stops DNSSEC from invalidating the +zone. The local zone nodefault (or \fItransparent\fR) clause makes the +(reverse\-) zone bypass unbound's filtering of RFC1918 zones. .TP .B name: \fI<domain name> Name of the stub zone. diff --git a/contrib/unbound/doc/unbound.conf.5.in b/contrib/unbound/doc/unbound.conf.5.in index 9b088f3..42653a5 100644 --- a/contrib/unbound/doc/unbound.conf.5.in +++ b/contrib/unbound/doc/unbound.conf.5.in @@ -1,4 +1,4 @@ -.TH "unbound.conf" "5" "Mar 10, 2015" "NLnet Labs" "unbound 1.5.3" +.TH "unbound.conf" "5" "Oct 6, 2015" "NLnet Labs" "unbound 1.5.5" .\" .\" unbound.conf.5 -- unbound.conf manual .\" @@ -164,12 +164,14 @@ By default only ports above 1024 that have not been assigned by IANA are used. Give a port number or a range of the form "low\-high", without spaces. .TP .B outgoing\-num\-tcp: \fI<number> -Number of outgoing TCP buffers to allocate per thread. Default is 10. If set -to 0, or if do\-tcp is "no", no TCP queries to authoritative servers are done. +Number of outgoing TCP buffers to allocate per thread. Default is 10. If +set to 0, or if do\-tcp is "no", no TCP queries to authoritative servers +are done. For larger installations increasing this value is a good idea. .TP .B incoming\-num\-tcp: \fI<number> -Number of incoming TCP buffers to allocate per thread. Default is 10. If set -to 0, or if do\-tcp is "no", no TCP queries from clients are accepted. +Number of incoming TCP buffers to allocate per thread. Default is +10. If set to 0, or if do\-tcp is "no", no TCP queries from clients are +accepted. For larger installations increasing this value is a good idea. .TP .B edns\-buffer\-size: \fI<number> Number of bytes size to advertise as the EDNS reassembly buffer size. @@ -265,6 +267,16 @@ it then attempts to open the port and passes the option if it was available at compile time, if that works it is used, if it fails, it continues silently (unless verbosity 3) without the option. .TP +.B ip\-transparent: \fI<yes or no> +If yes, then use IP_TRANSPARENT socket option on sockets where unbound +is listening for incoming traffic. Default no. Allows you to bind to +non\-local interfaces. For example for non\-existant IP addresses that +are going to exist later on, with host failover configuration. This is +a lot like interface\-automatic, but that one services all interfaces +and with this option you can select which (future) interfaces unbound +provides service on. This option needs unbound to be started with root +permissions on some systems. +.TP .B rrset\-cache\-size: \fI<number> Number of bytes size of the RRset cache. Default is 4 megabytes. A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes, megabytes @@ -284,12 +296,16 @@ trust (very large) TTL values. .TP .B cache\-min\-ttl: \fI<seconds> Time to live minimum for RRsets and messages in the cache. Default is 0. -If the the minimum kicks in, the data is cached for longer than the domain +If the minimum kicks in, the data is cached for longer than the domain owner intended, and thus less queries are made to look up the data. Zero makes sure the data in the cache is as the domain owner intended, higher values, especially more than an hour or so, can lead to trouble as the data in the cache does not match up with the actual data any more. .TP +.B cache\-max\-negative\-ttl: \fI<seconds> +Time to live maximum for negative responses, these have a SOA in the +authority section that is limited in time. Default is 3600. +.TP .B infra\-host\-ttl: \fI<seconds> Time to live for entries in the host cache. The host cache contains roundtrip timing, lameness and EDNS support information. Default is 900. @@ -357,6 +373,7 @@ a daemon. Default is yes. The netblock is given as an IP4 or IP6 address with /size appended for a classless network block. The action can be \fIdeny\fR, \fIrefuse\fR, \fIallow\fR, \fIallow_snoop\fR, \fIdeny_non_local\fR or \fIrefuse_non_local\fR. +The most specific netblock match is used, if none match \fIdeny\fR is used. .IP The action \fIdeny\fR stops queries from hosts from that netblock. .IP @@ -464,7 +481,7 @@ kill \-HUP `cat @UNBOUND_PIDFILE@` .fi triggers a reload, .nf -kill \-QUIT `cat @UNBOUND_PIDFILE@` +kill \-TERM `cat @UNBOUND_PIDFILE@` .fi gracefully terminates. .TP @@ -548,6 +565,13 @@ extra query load that is generated. Experimental option. If you enable it consider adding more numbers after the target\-fetch\-policy to increase the max depth that is checked to. .TP +.B harden\-algo\-downgrade: \fI<yes or no> +Harden against algorithm downgrade when multiple algorithms are +advertised in the DS record. If no, allows the weakest algorithm to +validate the zone. Default is no. Zone signers must produce zones +that allow this feature to work, but sometimes they do not, and turning +this option off avoids that validation failure. +.TP .B use\-caps\-for\-id: \fI<yes or no> Use 0x20\-encoded random bits in the query to foil spoof attempts. This perturbs the lowercase and uppercase of query names sent to @@ -555,6 +579,12 @@ authority servers and checks if the reply still has the correct casing. Disabled by default. This feature is an experimental implementation of draft dns\-0x20. .TP +.B caps\-whitelist: \fI<domain> +Whitelist the domain so that it does not receive caps\-for\-id perturbed +queries. For domains that do not support 0x20 and also fail with fallback +because they keep sending different answers, like some load balancers. +Can be given multiple times, for different domains. +.TP .B private\-address: \fI<IP address or subnet> Give IPv4 of IPv6 addresses or classless subnets. These are addresses on your private network, and are not allowed to be returned for public @@ -655,14 +685,19 @@ It is possible to use wildcards with this statement, the wildcard is expanded on start and on reload. .TP .B dlv\-anchor\-file: \fI<filename> +This option was used during early days DNSSEC deployment when no parent-side +DS record registrations were easily available. Nowadays, it is best to have +DS records registered with the parent zone (many top level zones are signed). File with trusted keys for DLV (DNSSEC Lookaside Validation). Both DS and DNSKEY entries can be used in the file, in the same format as for \fItrust\-anchor\-file:\fR statements. Only one DLV can be configured, more would be slow. The DLV configured is used as a root trusted DLV, this means that it is a lookaside for the root. Default is "", or no dlv anchor file. +DLV is going to be decommissioned. Please do not use it any more. .TP .B dlv\-anchor: \fI<"Resource Record"> Much like trust\-anchor, this is a DLV anchor with the DS or DNSKEY inline. +DLV is going to be decommissioned. Please do not use it any more. .TP .B domain\-insecure: \fI<domain name> Sets domain name to be insecure, DNSSEC chain of trust is ignored towards @@ -767,6 +802,10 @@ mechanism work with zones that perform regular (non\-5011) rollovers. The default is 366 days. The value 0 does not remove missing anchors, as per the RFC. .TP +.B permit\-small\-holddown: \fI<yes or no> +Debug option that allows the autotrust 5011 rollover timers to assume +very small values. Default is no. +.TP .B key\-cache\-size: \fI<number> Number of bytes size of the key cache. Default is 4 megabytes. A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes, megabytes @@ -796,10 +835,10 @@ data leakage about the local network to the upstream DNS servers. .B local\-zone: \fI<zone> <type> Configure a local zone. The type determines the answer to give if there is no match from local\-data. The types are deny, refuse, static, -transparent, redirect, nodefault, typetransparent, inform, and are explained -below. After that the default settings are listed. Use local\-data: to -enter data into the local zone. Answers for local zones are authoritative -DNS answers. By default the zones are class IN. +transparent, redirect, nodefault, typetransparent, inform, inform_deny, +and are explained below. After that the default settings are listed. Use +local\-data: to enter data into the local zone. Answers for local zones +are authoritative DNS answers. By default the zones are class IN. .IP If you need more complicated authoritative data, with referrals, wildcards, CNAME/DNAME support, or DNSSEC authoritative service, setup a stub\-zone for @@ -853,11 +892,16 @@ info: zonename inform IP@port queryname type class. This option can be used for normal resolution, but machines looking up infected names are logged, eg. to run antivirus on them. .TP 10 +\h'5'\fIinform_deny\fR +The query is dropped, like 'deny', and logged, like 'inform'. Ie. find +infected machines without answering the queries. +.TP 10 \h'5'\fInodefault\fR Used to turn off default contents for AS112 zones. The other types also turn off default contents for the zone. The 'nodefault' option has no other effect than turning off default contents for the -given zone. +given zone. Use \fInodefault\fR if you use exactly that zone, if you want to +use a subzone, use \fItransparent\fR. .P The default zones are localhost, reverse 127.0.0.1 and ::1, and the AS112 zones. The AS112 zones are reverse DNS zones for private use and reserved @@ -959,6 +1003,51 @@ it as detailed in the stub zone section below. Configure local data shorthand for a PTR record with the reversed IPv4 or IPv6 address and the host name. For example "192.0.2.4 www.example.com". TTL can be inserted like this: "2001:DB8::4 7200 www.example.com" +.TP 5 +.B ratelimit: \fI<number or 0> +Enable ratelimiting of queries sent to nameserver for performing recursion. +If 0, the default, it is disabled. This option is experimental at this time. +The ratelimit is in queries per second that are allowed. More queries are +turned away with an error (servfail). This stops recursive floods, eg. random +query names, but not spoofed reflection floods. Cached responses are not +ratelimited by this setting. The zone of the query is determined by examining +the nameservers for it, the zone name is used to keep track of the rate. +For example, 1000 may be a suitable value to stop the server from being +overloaded with random names, and keeps unbound from sending traffic to the +nameservers for those zones. +.TP 5 +.B ratelimit\-size: \fI<memory size> +Give the size of the data structure in which the current ongoing rates are +kept track in. Default 4m. In bytes or use m(mega), k(kilo), g(giga). +The ratelimit structure is small, so this data structure likely does +not need to be large. +.TP 5 +.B ratelimit\-slabs: \fI<number> +Give power of 2 number of slabs, this is used to reduce lock contention +in the ratelimit tracking data structure. Close to the number of cpus is +a fairly good setting. +.TP 5 +.B ratelimit\-factor: \fI<number> +Set the amount of queries to rate limit when the limit is exceeded. +If set to 0, all queries are dropped for domains where the limit is +exceeded. If set to another value, 1 in that number is allowed through +to complete. Default is 10, allowing 1/10 traffic to flow normally. +This can make ordinary queries complete (if repeatedly queried for), +and enter the cache, whilst also mitigiting the traffic flow by the +factor given. +.TP 5 +.B ratelimit\-for\-domain: \fI<domain> <number qps> +Override the global ratelimit for an exact match domain name with the listed +number. You can give this for any number of names. For example, for +a top\-level\-domain you may want to have a higher limit than other names. +.TP 5 +.B ratelimit\-below\-domain: \fI<domain> <number qps> +Override the global ratelimit for a domain name that ends in this name. +You can give this multiple times, it then describes different settings +in different parts of the namespace. The closest matching suffix is used +to determine the qps limit. The rate for the exact matching domain name +is not changed, use ratelimit\-for\-domain to set that, you might want +to use different settings for a top\-level\-domain and subdomains. .SS "Remote Control Options" In the .B remote\-control: @@ -1041,6 +1130,12 @@ bit on replies for the private zone (authoritative servers do not set the AD bit). This setup makes unbound capable of answering queries for the private zone, and can even set the AD bit ('authentic'), but the AA ('authoritative') bit is not set on these replies. +.P +Consider adding \fBserver:\fR statements for \fBdomain\-insecure:\fR and +for \fBlocal\-zone:\fI name nodefault\fR for the zone if it is a locally +served zone. The insecure clause stops DNSSEC from invalidating the +zone. The local zone nodefault (or \fItransparent\fR) clause makes the +(reverse\-) zone bypass unbound's filtering of RFC1918 zones. .TP .B name: \fI<domain name> Name of the stub zone. diff --git a/contrib/unbound/iterator/iter_delegpt.c b/contrib/unbound/iterator/iter_delegpt.c index b212ec0..0e251ff 100644 --- a/contrib/unbound/iterator/iter_delegpt.c +++ b/contrib/unbound/iterator/iter_delegpt.c @@ -47,8 +47,8 @@ #include "util/data/packed_rrset.h" #include "util/data/msgreply.h" #include "util/net_help.h" -#include "ldns/rrdef.h" -#include "ldns/sbuffer.h" +#include "sldns/rrdef.h" +#include "sldns/sbuffer.h" struct delegpt* delegpt_create(struct regional* region) diff --git a/contrib/unbound/iterator/iter_fwd.c b/contrib/unbound/iterator/iter_fwd.c index 0121212..0feee03 100644 --- a/contrib/unbound/iterator/iter_fwd.c +++ b/contrib/unbound/iterator/iter_fwd.c @@ -46,8 +46,8 @@ #include "util/config_file.h" #include "util/net_help.h" #include "util/data/dname.h" -#include "ldns/rrdef.h" -#include "ldns/str2wire.h" +#include "sldns/rrdef.h" +#include "sldns/str2wire.h" int fwd_cmp(const void* k1, const void* k2) diff --git a/contrib/unbound/iterator/iter_hints.c b/contrib/unbound/iterator/iter_hints.c index 57b57c2..d7f8158 100644 --- a/contrib/unbound/iterator/iter_hints.c +++ b/contrib/unbound/iterator/iter_hints.c @@ -46,9 +46,9 @@ #include "util/config_file.h" #include "util/net_help.h" #include "util/data/dname.h" -#include "ldns/rrdef.h" -#include "ldns/str2wire.h" -#include "ldns/wire2str.h" +#include "sldns/rrdef.h" +#include "sldns/str2wire.h" +#include "sldns/wire2str.h" struct iter_hints* hints_create(void) @@ -135,7 +135,7 @@ compile_time_root_prime(int do_ip4, int do_ip6) if(!ah(dp, "E.ROOT-SERVERS.NET.", "192.203.230.10")) goto failed; if(!ah(dp, "F.ROOT-SERVERS.NET.", "192.5.5.241")) goto failed; if(!ah(dp, "G.ROOT-SERVERS.NET.", "192.112.36.4")) goto failed; - if(!ah(dp, "H.ROOT-SERVERS.NET.", "128.63.2.53")) goto failed; + if(!ah(dp, "H.ROOT-SERVERS.NET.", "198.97.190.53")) goto failed; if(!ah(dp, "I.ROOT-SERVERS.NET.", "192.36.148.17")) goto failed; if(!ah(dp, "J.ROOT-SERVERS.NET.", "192.58.128.30")) goto failed; if(!ah(dp, "K.ROOT-SERVERS.NET.", "193.0.14.129")) goto failed; @@ -148,7 +148,7 @@ compile_time_root_prime(int do_ip4, int do_ip6) if(!ah(dp, "C.ROOT-SERVERS.NET.", "2001:500:2::c")) goto failed; if(!ah(dp, "D.ROOT-SERVERS.NET.", "2001:500:2d::d")) goto failed; if(!ah(dp, "F.ROOT-SERVERS.NET.", "2001:500:2f::f")) goto failed; - if(!ah(dp, "H.ROOT-SERVERS.NET.", "2001:500:1::803f:235")) goto failed; + if(!ah(dp, "H.ROOT-SERVERS.NET.", "2001:500:1::53")) goto failed; if(!ah(dp, "I.ROOT-SERVERS.NET.", "2001:7fe::53")) goto failed; if(!ah(dp, "J.ROOT-SERVERS.NET.", "2001:503:c27::2:30")) goto failed; if(!ah(dp, "K.ROOT-SERVERS.NET.", "2001:7fd::1")) goto failed; diff --git a/contrib/unbound/iterator/iter_priv.c b/contrib/unbound/iterator/iter_priv.c index 9e09a84..90bea17 100644 --- a/contrib/unbound/iterator/iter_priv.c +++ b/contrib/unbound/iterator/iter_priv.c @@ -49,8 +49,8 @@ #include "util/data/msgparse.h" #include "util/net_help.h" #include "util/storage/dnstree.h" -#include "ldns/str2wire.h" -#include "ldns/sbuffer.h" +#include "sldns/str2wire.h" +#include "sldns/sbuffer.h" struct iter_priv* priv_create(void) { diff --git a/contrib/unbound/iterator/iter_resptype.c b/contrib/unbound/iterator/iter_resptype.c index 45f9193..f146a2b 100644 --- a/contrib/unbound/iterator/iter_resptype.c +++ b/contrib/unbound/iterator/iter_resptype.c @@ -45,8 +45,8 @@ #include "services/cache/dns.h" #include "util/net_help.h" #include "util/data/dname.h" -#include "ldns/rrdef.h" -#include "ldns/pkthdr.h" +#include "sldns/rrdef.h" +#include "sldns/pkthdr.h" enum response_type response_type_from_cache(struct dns_msg* msg, diff --git a/contrib/unbound/iterator/iter_scrub.c b/contrib/unbound/iterator/iter_scrub.c index 1c81975..cc05867 100644 --- a/contrib/unbound/iterator/iter_scrub.c +++ b/contrib/unbound/iterator/iter_scrub.c @@ -53,7 +53,7 @@ #include "util/data/dname.h" #include "util/data/msgreply.h" #include "util/alloc.h" -#include "ldns/sbuffer.h" +#include "sldns/sbuffer.h" /** RRset flag used during scrubbing. The RRset is OK. */ #define RRSET_SCRUB_OK 0x80 @@ -372,7 +372,7 @@ scrub_normalize(sldns_buffer* pkt, struct msg_parse* msg, /* check next cname */ uint8_t* t = NULL; size_t tlen = 0; - if(!parse_get_cname_target(rrset, &t, &tlen)) + if(!parse_get_cname_target(nx, &t, &tlen)) return 0; if(dname_pkt_compare(pkt, alias, t) == 0) { /* it's OK and better capitalized */ diff --git a/contrib/unbound/iterator/iter_utils.c b/contrib/unbound/iterator/iter_utils.c index 10ae12f..bc94ef6 100644 --- a/contrib/unbound/iterator/iter_utils.c +++ b/contrib/unbound/iterator/iter_utils.c @@ -64,7 +64,8 @@ #include "validator/val_kentry.h" #include "validator/val_utils.h" #include "validator/val_sigcrypt.h" -#include "ldns/sbuffer.h" +#include "sldns/sbuffer.h" +#include "sldns/str2wire.h" /** time when nameserver glue is said to be 'recent' */ #define SUSPICION_RECENT_EXPIRY 86400 @@ -105,6 +106,40 @@ read_fetch_policy(struct iter_env* ie, const char* str) return 1; } +/** apply config caps whitelist items to name tree */ +static int +caps_white_apply_cfg(rbtree_t* ntree, struct config_file* cfg) +{ + struct config_strlist* p; + for(p=cfg->caps_whitelist; p; p=p->next) { + struct name_tree_node* n; + size_t len; + uint8_t* nm = sldns_str2wire_dname(p->str, &len); + if(!nm) { + log_err("could not parse %s", p->str); + return 0; + } + n = (struct name_tree_node*)calloc(1, sizeof(*n)); + if(!n) { + log_err("out of memory"); + free(nm); + return 0; + } + n->node.key = n; + n->name = nm; + n->len = len; + n->labs = dname_count_labels(nm); + n->dclass = LDNS_RR_CLASS_IN; + if(!name_tree_insert(ntree, n, nm, len, n->labs, n->dclass)) { + /* duplicate element ignored, idempotent */ + free(n->name); + free(n); + } + } + name_tree_init_parents(ntree); + return 1; +} + int iter_apply_cfg(struct iter_env* iter_env, struct config_file* cfg) { @@ -128,6 +163,16 @@ iter_apply_cfg(struct iter_env* iter_env, struct config_file* cfg) log_err("Could not set private addresses"); return 0; } + if(cfg->caps_whitelist) { + if(!iter_env->caps_white) + iter_env->caps_white = rbtree_create(name_tree_compare); + if(!iter_env->caps_white || !caps_white_apply_cfg( + iter_env->caps_white, cfg)) { + log_err("Could not set capsforid whitelist"); + return 0; + } + + } iter_env->supports_ipv6 = cfg->do_ip6; iter_env->supports_ipv4 = cfg->do_ip4; return 1; @@ -750,6 +795,12 @@ caps_strip_reply(struct reply_info* rep) } } +int caps_failed_rcode(struct reply_info* rep) +{ + return !(FLAGS_GET_RCODE(rep->flags) == LDNS_RCODE_NOERROR || + FLAGS_GET_RCODE(rep->flags) == LDNS_RCODE_NXDOMAIN); +} + void iter_store_parentside_rrset(struct module_env* env, struct ub_packed_rrset_key* rrset) diff --git a/contrib/unbound/iterator/iter_utils.h b/contrib/unbound/iterator/iter_utils.h index 9373487..3a4df3e 100644 --- a/contrib/unbound/iterator/iter_utils.h +++ b/contrib/unbound/iterator/iter_utils.h @@ -232,6 +232,14 @@ int reply_equal(struct reply_info* p, struct reply_info* q, struct regional* reg void caps_strip_reply(struct reply_info* rep); /** + * see if reply has a 'useful' rcode for capsforid comparison, so + * not SERVFAIL or REFUSED, and thus NOERROR or NXDOMAIN. + * @param rep: reply to check. + * @return true if the rcode is a bad type of message. + */ +int caps_failed_rcode(struct reply_info* rep); + +/** * Store parent-side rrset in seperate rrset cache entries for later * last-resort * lookups in case the child-side versions of this information * fails. diff --git a/contrib/unbound/iterator/iterator.c b/contrib/unbound/iterator/iterator.c index 2037cc8..96918fa 100644 --- a/contrib/unbound/iterator/iterator.c +++ b/contrib/unbound/iterator/iterator.c @@ -61,10 +61,11 @@ #include "util/data/msgencode.h" #include "util/fptr_wlist.h" #include "util/config_file.h" -#include "ldns/rrdef.h" -#include "ldns/wire2str.h" -#include "ldns/parseutil.h" -#include "ldns/sbuffer.h" +#include "util/random.h" +#include "sldns/rrdef.h" +#include "sldns/wire2str.h" +#include "sldns/parseutil.h" +#include "sldns/sbuffer.h" int iter_init(struct module_env* env, int id) @@ -83,6 +84,16 @@ iter_init(struct module_env* env, int id) return 1; } +/** delete caps_whitelist element */ +static void +caps_free(struct rbnode_t* n, void* ATTR_UNUSED(d)) +{ + if(n) { + free(((struct name_tree_node*)n)->name); + free(n); + } +} + void iter_deinit(struct module_env* env, int id) { @@ -93,6 +104,10 @@ iter_deinit(struct module_env* env, int id) free(iter_env->target_fetch_policy); priv_delete(iter_env->priv); donotq_delete(iter_env->donotq); + if(iter_env->caps_white) { + traverse_postorder(iter_env->caps_white, caps_free, NULL); + free(iter_env->caps_white); + } free(iter_env); env->modinfo[id] = NULL; } @@ -120,6 +135,7 @@ iter_new(struct module_qstate* qstate, int id) iq->query_restart_count = 0; iq->referral_count = 0; iq->sent_count = 0; + iq->ratelimit_ok = 0; iq->target_count = NULL; iq->wait_priming_stub = 0; iq->refetch_glue = 0; @@ -308,6 +324,8 @@ iter_prepend(struct iter_qstate* iq, struct dns_msg* msg, if(num_an + num_ns == 0) return 1; verbose(VERB_ALGO, "prepending %d rrsets", (int)num_an + (int)num_ns); + if(num_an > RR_COUNT_MAX || num_ns > RR_COUNT_MAX || + msg->rep->rrset_count > RR_COUNT_MAX) return 0; /* overflow */ sets = regional_alloc(region, (num_an+num_ns+msg->rep->rrset_count) * sizeof(struct ub_packed_rrset_key*)); if(!sets) @@ -455,6 +473,16 @@ handle_cname_response(struct module_qstate* qstate, struct iter_qstate* iq, return 1; } +/** see if target name is caps-for-id whitelisted */ +static int +is_caps_whitelisted(struct iter_env* ie, struct iter_qstate* iq) +{ + if(!ie->caps_white) return 0; /* no whitelist, or no capsforid */ + return name_tree_lookup(ie->caps_white, iq->qchase.qname, + iq->qchase.qname_len, dname_count_labels(iq->qchase.qname), + iq->qchase.qclass) != NULL; +} + /** create target count structure for this query */ static void target_count_create(struct iter_qstate* iq) @@ -1123,6 +1151,32 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, * results of priming. */ return 0; } + if(!iq->ratelimit_ok && qstate->prefetch_leeway) + iq->ratelimit_ok = 1; /* allow prefetches, this keeps + otherwise valid data in the cache */ + if(!iq->ratelimit_ok && infra_ratelimit_exceeded( + qstate->env->infra_cache, iq->dp->name, + iq->dp->namelen, *qstate->env->now)) { + /* and increment the rate, so that the rate for time + * now will also exceed the rate, keeping cache fresh */ + (void)infra_ratelimit_inc(qstate->env->infra_cache, + iq->dp->name, iq->dp->namelen, + *qstate->env->now); + /* see if we are passed through with slip factor */ + if(qstate->env->cfg->ratelimit_factor != 0 && + ub_random_max(qstate->env->rnd, + qstate->env->cfg->ratelimit_factor) == 1) { + iq->ratelimit_ok = 1; + log_nametypeclass(VERB_ALGO, "ratelimit allowed through for " + "delegation point", iq->dp->name, + LDNS_RR_TYPE_NS, LDNS_RR_CLASS_IN); + } else { + log_nametypeclass(VERB_ALGO, "ratelimit exceeded with " + "delegation point", iq->dp->name, + LDNS_RR_TYPE_NS, LDNS_RR_CLASS_IN); + return error_response(qstate, id, LDNS_RCODE_SERVFAIL); + } + } /* see if this dp not useless. * It is useless if: @@ -1787,11 +1841,13 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, * the original query is one that matched too, so we have * caps_server+1 number of matching queries now */ if(iq->caps_server+1 >= naddr*3 || - iq->caps_server+1 >= MAX_SENT_COUNT) { + iq->caps_server*2+2 >= MAX_SENT_COUNT) { + /* *2 on sentcount check because ipv6 may fail */ /* we're done, process the response */ verbose(VERB_ALGO, "0x20 fallback had %d responses " "match for %d wanted, done.", (int)iq->caps_server+1, (int)naddr*3); + iq->response = iq->caps_response; iq->caps_fallback = 0; iter_dec_attempts(iq->dp, 3); /* space for fallback */ iq->num_current_queries++; /* RespState decrements it*/ @@ -1866,6 +1922,24 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, /* Since a target query might have been made, we * need to check again. */ if(iq->num_target_queries == 0) { + /* if in capsforid fallback, instead of last + * resort, we agree with the current reply + * we have (if any) (our count of addrs bad)*/ + if(iq->caps_fallback && iq->caps_reply) { + /* we're done, process the response */ + verbose(VERB_ALGO, "0x20 fallback had %d responses, " + "but no more servers except " + "last resort, done.", + (int)iq->caps_server+1); + iq->response = iq->caps_response; + iq->caps_fallback = 0; + iter_dec_attempts(iq->dp, 3); /* space for fallback */ + iq->num_current_queries++; /* RespState decrements it*/ + iq->referral_count++; /* make sure we don't loop */ + iq->sent_count = 0; + iq->state = QUERY_RESP_STATE; + return 1; + } return processLastResort(qstate, iq, ie, id); } } @@ -1892,6 +1966,15 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, return 0; } + /* if not forwarding, check ratelimits per delegationpoint name */ + if(!(iq->chase_flags & BIT_RD) && !iq->ratelimit_ok) { + if(!infra_ratelimit_inc(qstate->env->infra_cache, iq->dp->name, + iq->dp->namelen, *qstate->env->now)) { + verbose(VERB_ALGO, "query exceeded ratelimits"); + return error_response(qstate, id, LDNS_RCODE_SERVFAIL); + } + } + /* We have a valid target. */ if(verbosity >= VERB_QUERY) { log_query_info(VERB_QUERY, "sending query:", &iq->qchase); @@ -1906,11 +1989,15 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, iq->qchase.qname, iq->qchase.qname_len, iq->qchase.qtype, iq->qchase.qclass, iq->chase_flags | (iq->chase_to_rd?BIT_RD:0), EDNS_DO|BIT_CD, - iq->dnssec_expected, iq->caps_fallback, &target->addr, - target->addrlen, iq->dp->name, iq->dp->namelen, qstate); + iq->dnssec_expected, iq->caps_fallback || is_caps_whitelisted( + ie, iq), &target->addr, target->addrlen, iq->dp->name, + iq->dp->namelen, qstate); if(!outq) { log_addr(VERB_DETAIL, "error sending query to auth server", &target->addr, target->addrlen); + if(!(iq->chase_flags & BIT_RD) && !iq->ratelimit_ok) + infra_ratelimit_dec(qstate->env->infra_cache, iq->dp->name, + iq->dp->namelen, *qstate->env->now); return next_state(iq, QUERYTARGETS_STATE); } outbound_list_insert(&iq->outlist, outq); @@ -2061,6 +2148,14 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq, * delegation point, and back to the QUERYTARGETS_STATE. */ verbose(VERB_DETAIL, "query response was REFERRAL"); + if(!(iq->chase_flags & BIT_RD) && !iq->ratelimit_ok) { + /* we have a referral, no ratelimit, we can send + * our queries to the given name */ + infra_ratelimit_dec(qstate->env->infra_cache, + iq->dp->name, iq->dp->namelen, + *qstate->env->now); + } + /* if hardened, only store referral if we asked for it */ if(!qstate->env->cfg->harden_referral_path || ( qstate->qinfo.qtype == LDNS_RR_TYPE_NS @@ -2529,6 +2624,12 @@ processClassResponse(struct module_qstate* qstate, int id, /* copy appropriate rcode */ to->rep->flags = from->rep->flags; /* copy rrsets */ + if(from->rep->rrset_count > RR_COUNT_MAX || + to->rep->rrset_count > RR_COUNT_MAX) { + log_err("malloc failed (too many rrsets) in collect ANY"); + foriq->state = FINISHED_STATE; + return; /* integer overflow protection */ + } dest = regional_alloc(forq->region, sizeof(dest[0])*n); if(!dest) { log_err("malloc failed in collect ANY"); @@ -2825,6 +2926,7 @@ process_response(struct module_qstate* qstate, struct iter_qstate* iq, iq->caps_fallback = 1; iq->caps_server = 0; iq->caps_reply = NULL; + iq->caps_response = NULL; iq->state = QUERYTARGETS_STATE; iq->num_current_queries--; /* need fresh attempts for the 0x20 fallback, if @@ -2867,8 +2969,19 @@ process_response(struct module_qstate* qstate, struct iter_qstate* iq, /* normalize and sanitize: easy to delete items from linked lists */ if(!scrub_message(pkt, prs, &iq->qchase, iq->dp->name, - qstate->env->scratch, qstate->env, ie)) + qstate->env->scratch, qstate->env, ie)) { + /* if 0x20 enabled, start fallback, but we have no message */ + if(event == module_event_capsfail && !iq->caps_fallback) { + iq->caps_fallback = 1; + iq->caps_server = 0; + iq->caps_reply = NULL; + iq->caps_response = NULL; + iq->state = QUERYTARGETS_STATE; + iq->num_current_queries--; + verbose(VERB_DETAIL, "Capsforid: scrub failed, starting fallback with no response"); + } goto handle_it; + } /* allocate response dns_msg in region */ iq->response = dns_alloc_msg(pkt, prs, qstate->region); @@ -2890,6 +3003,7 @@ process_response(struct module_qstate* qstate, struct iter_qstate* iq, iq->caps_fallback = 1; iq->caps_server = 0; iq->caps_reply = iq->response->rep; + iq->caps_response = iq->response; iq->state = QUERYTARGETS_STATE; iq->num_current_queries--; verbose(VERB_DETAIL, "Capsforid: starting fallback"); @@ -2898,8 +3012,24 @@ process_response(struct module_qstate* qstate, struct iter_qstate* iq, /* check if reply is the same, otherwise, fail */ if(!iq->caps_reply) { iq->caps_reply = iq->response->rep; + iq->caps_response = iq->response; iq->caps_server = -1; /*become zero at ++, so that we start the full set of trials */ + } else if(caps_failed_rcode(iq->caps_reply) && + !caps_failed_rcode(iq->response->rep)) { + /* prefer to upgrade to non-SERVFAIL */ + iq->caps_reply = iq->response->rep; + iq->caps_response = iq->response; + } else if(!caps_failed_rcode(iq->caps_reply) && + caps_failed_rcode(iq->response->rep)) { + /* if we have non-SERVFAIL as answer then + * we can ignore SERVFAILs for the equality + * comparison */ + /* no instructions here, skip other else */ + } else if(caps_failed_rcode(iq->caps_reply) && + caps_failed_rcode(iq->response->rep)) { + /* failure is same as other failure in fallbk*/ + /* no instructions here, skip other else */ } else if(!reply_equal(iq->response->rep, iq->caps_reply, qstate->env->scratch)) { verbose(VERB_DETAIL, "Capsforid fallback: " diff --git a/contrib/unbound/iterator/iterator.h b/contrib/unbound/iterator/iterator.h index 1364b86..9cf53b2 100644 --- a/contrib/unbound/iterator/iterator.h +++ b/contrib/unbound/iterator/iterator.h @@ -51,9 +51,10 @@ struct iter_forwards; struct iter_donotq; struct iter_prep_list; struct iter_priv; +struct rbtree_t; /** max number of targets spawned for a query and its subqueries */ -#define MAX_TARGET_COUNT 32 +#define MAX_TARGET_COUNT 64 /** max number of query restarts. Determines max number of CNAME chain. */ #define MAX_RESTART_COUNT 8 /** max number of referrals. Makes sure resolver does not run away */ @@ -96,6 +97,9 @@ struct iter_env { /** private address space and private domains */ struct iter_priv* priv; + /** whitelist for capsforid names */ + struct rbtree_t* caps_white; + /** The maximum dependency depth that this resolver will pursue. */ int max_dependency_depth; @@ -235,6 +239,7 @@ struct iter_qstate { /** state for capsfail: stored query for comparisons. Can be NULL if * no response had been seen prior to starting the fallback. */ struct reply_info* caps_reply; + struct dns_msg* caps_response; /** Current delegation message - returned for non-RD queries */ struct dns_msg* deleg_msg; @@ -258,6 +263,9 @@ struct iter_qstate { * subqueries, the malloced-array is shared, [0] refcount. */ int* target_count; + /** if true, already tested for ratelimiting and passed the test */ + int ratelimit_ok; + /** * The query must store NS records from referrals as parentside RRs * Enabled once it hits resolution problems, to throttle retries. diff --git a/contrib/unbound/libunbound/context.c b/contrib/unbound/libunbound/context.c index c21f941..4469b5b 100644 --- a/contrib/unbound/libunbound/context.c +++ b/contrib/unbound/libunbound/context.c @@ -49,7 +49,7 @@ #include "services/cache/infra.h" #include "util/data/msgreply.h" #include "util/storage/slabhash.h" -#include "ldns/sbuffer.h" +#include "sldns/sbuffer.h" int context_finalize(struct ub_ctx* ctx) @@ -360,7 +360,7 @@ context_serialize_cancel(struct ctx_query* q, uint32_t* len) /* format of cancel: * o uint32 cmd * o uint32 async-id */ - uint8_t* p = (uint8_t*)malloc(2*sizeof(uint32_t)); + uint8_t* p = (uint8_t*)reallocarray(NULL, sizeof(uint32_t), 2); if(!p) return NULL; *len = 2*sizeof(uint32_t); sldns_write_uint32(p, UB_LIBCMD_CANCEL); diff --git a/contrib/unbound/libunbound/libunbound.c b/contrib/unbound/libunbound/libunbound.c index 91a663a..7c2509b 100644 --- a/contrib/unbound/libunbound/libunbound.c +++ b/contrib/unbound/libunbound/libunbound.c @@ -61,10 +61,13 @@ #include "services/localzone.h" #include "services/cache/infra.h" #include "services/cache/rrset.h" -#include "ldns/sbuffer.h" +#include "sldns/sbuffer.h" #ifdef HAVE_PTHREAD #include <signal.h> #endif +#ifdef HAVE_SYS_WAIT_H +#include <sys/wait.h> +#endif #if defined(UB_ON_WINDOWS) && defined (HAVE_WINDOWS_H) #include <windows.h> @@ -218,6 +221,12 @@ static void ub_stop_bg(struct ub_ctx* ctx) ub_thread_join(ctx->bg_tid); } else { lock_basic_unlock(&ctx->cfglock); +#ifndef UB_ON_WINDOWS + if(waitpid(ctx->bg_pid, NULL, 0) == -1) { + if(verbosity > 2) + log_err("waitpid: %s", strerror(errno)); + } +#endif } } else { @@ -946,7 +955,7 @@ ub_ctx_resolvconf(struct ub_ctx* ctx, const char* fname) while (ptr) { numserv++; if((retval=ub_ctx_set_fwd(ctx, - ptr->IpAddress.String)!=0)) { + ptr->IpAddress.String))!=0) { free(info); return retval; } @@ -1028,7 +1037,6 @@ ub_ctx_hosts(struct ub_ctx* ctx, const char* fname) "\\hosts"); retval=ub_ctx_hosts(ctx, buf); } - free(name); return retval; } return UB_READFILE; @@ -1053,6 +1061,8 @@ ub_ctx_hosts(struct ub_ctx* ctx, const char* fname) /* skip addr */ while(isxdigit((unsigned char)*parse) || *parse == '.' || *parse == ':') parse++; + if(*parse == '\r') + parse++; if(*parse == '\n' || *parse == 0) continue; if(*parse == '%') @@ -1066,7 +1076,8 @@ ub_ctx_hosts(struct ub_ctx* ctx, const char* fname) *parse++ = 0; /* end delimiter for addr ... */ /* go to names and add them */ while(*parse) { - while(*parse == ' ' || *parse == '\t' || *parse=='\n') + while(*parse == ' ' || *parse == '\t' || *parse=='\n' + || *parse=='\r') parse++; if(*parse == 0 || *parse == '#') break; diff --git a/contrib/unbound/libunbound/libworker.c b/contrib/unbound/libunbound/libworker.c index c72b586..72b6153 100644 --- a/contrib/unbound/libunbound/libworker.c +++ b/contrib/unbound/libunbound/libworker.c @@ -70,8 +70,8 @@ #include "util/tube.h" #include "iterator/iter_fwd.h" #include "iterator/iter_hints.h" -#include "ldns/sbuffer.h" -#include "ldns/str2wire.h" +#include "sldns/sbuffer.h" +#include "sldns/str2wire.h" /** handle new query command for bg worker */ static void handle_newq(struct libworker* w, uint8_t* buf, uint32_t len); diff --git a/contrib/unbound/libunbound/python/Makefile b/contrib/unbound/libunbound/python/Makefile index 86ba177..01b0577 100644 --- a/contrib/unbound/libunbound/python/Makefile +++ b/contrib/unbound/libunbound/python/Makefile @@ -48,17 +48,14 @@ help: #../../.libs/libunbound.so.0: ../../Makefile #$(MAKE) -C ../.. -#../../ldns-src/lib/libldns.so: ../../ldns-src/Makefile - #$(MAKE) -C ../../ldns-src - clean: rm -rdf examples/unbound rm -f _unbound.so libunbound_wrap.o $(MAKE) -C ../.. clean -testenv: ../../.libs/libunbound.so.2 ../../ldns-src/lib/libldns.so ../../.libs/_unbound.so +testenv: ../../.libs/libunbound.so.2 ../../.libs/_unbound.so rm -rdf examples/unbound - cd examples && mkdir unbound && ln -s ../../unbound.py unbound/__init__.py && ln -s ../../_unbound.so unbound/_unbound.so && ln -s ../../../../.libs/libunbound.so.2 unbound/libunbound.so.2 && ln -s ../../../../ldns-src/lib/libldns.so.1 unbound/libldns.so.1 && ls -la + cd examples && mkdir unbound && ln -s ../../unbound.py unbound/__init__.py && ln -s ../../_unbound.so unbound/_unbound.so && ln -s ../../../../.libs/libunbound.so.2 unbound/libunbound.so.2 && ls -la cd examples && if test -f ../../../.libs/_unbound.so; then cp ../../../.libs/_unbound.so . ; fi @echo "Run a script by typing ./script_name.py" cd examples && LD_LIBRARY_PATH=unbound bash diff --git a/contrib/unbound/libunbound/python/examples/async-lookup.py b/contrib/unbound/libunbound/python/examples/async-lookup.py index cbb8ea0..936be32 100644 --- a/contrib/unbound/libunbound/python/examples/async-lookup.py +++ b/contrib/unbound/libunbound/python/examples/async-lookup.py @@ -32,6 +32,7 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ''' +from __future__ import print_function import unbound import time @@ -39,9 +40,9 @@ ctx = unbound.ub_ctx() ctx.resolvconf("/etc/resolv.conf") def call_back(my_data,status,result): - print("Call_back:", my_data) + print("Call_back:", sorted(my_data)) if status == 0 and result.havedata: - print("Result:", result.data.address_list) + print("Result:", sorted(result.data.address_list)) my_data['done_flag'] = True diff --git a/contrib/unbound/libunbound/python/examples/dns-lookup.py b/contrib/unbound/libunbound/python/examples/dns-lookup.py index b3f4008..a175dfb 100644 --- a/contrib/unbound/libunbound/python/examples/dns-lookup.py +++ b/contrib/unbound/libunbound/python/examples/dns-lookup.py @@ -32,6 +32,7 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ''' +from __future__ import print_function import unbound ctx = unbound.ub_ctx() @@ -39,6 +40,6 @@ ctx.resolvconf("/etc/resolv.conf") status, result = ctx.resolve("www.nic.cz", unbound.RR_TYPE_A, unbound.RR_CLASS_IN) if status == 0 and result.havedata: - print("Result:", result.data.address_list) + print("Result:", sorted(result.data.address_list)) elif status != 0: print("Error:", unbound.ub_strerror(status)) diff --git a/contrib/unbound/libunbound/python/examples/dnssec-valid.py b/contrib/unbound/libunbound/python/examples/dnssec-valid.py index 5c3cad9..386f4c2 100644 --- a/contrib/unbound/libunbound/python/examples/dnssec-valid.py +++ b/contrib/unbound/libunbound/python/examples/dnssec-valid.py @@ -32,6 +32,7 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ''' +from __future__ import print_function import os from unbound import ub_ctx,RR_TYPE_A,RR_CLASS_IN @@ -48,7 +49,7 @@ if os.path.isfile("keys"): status, result = ctx.resolve("www.nic.cz", RR_TYPE_A, RR_CLASS_IN) if status == 0 and result.havedata: - print("Result:", result.data.address_list) + print("Result:", sorted(result.data.address_list)) if result.secure: print("Result is secure") diff --git a/contrib/unbound/libunbound/python/examples/dnssec_test.py b/contrib/unbound/libunbound/python/examples/dnssec_test.py index 0d62b9f..430e51a 100644 --- a/contrib/unbound/libunbound/python/examples/dnssec_test.py +++ b/contrib/unbound/libunbound/python/examples/dnssec_test.py @@ -1,4 +1,5 @@ #!/usr/bin/env python +from __future__ import print_function from unbound import ub_ctx, RR_TYPE_A, RR_TYPE_RRSIG, RR_TYPE_NSEC, RR_TYPE_NSEC3 import ldns @@ -12,16 +13,16 @@ def dnssecParse(domain, rrType=RR_TYPE_A): raise RuntimeError("Error parsing DNS packet") rrsigs = pkt.rr_list_by_type(RR_TYPE_RRSIG, ldns.LDNS_SECTION_ANSWER) - print("RRSIGs from answer:", rrsigs) + print("RRSIGs from answer:", sorted(rrsigs)) rrsigs = pkt.rr_list_by_type(RR_TYPE_RRSIG, ldns.LDNS_SECTION_AUTHORITY) - print("RRSIGs from authority:", rrsigs) + print("RRSIGs from authority:", sorted(rrsigs)) nsecs = pkt.rr_list_by_type(RR_TYPE_NSEC, ldns.LDNS_SECTION_AUTHORITY) - print("NSECs:", nsecs) + print("NSECs:", sorted(nsecs)) nsec3s = pkt.rr_list_by_type(RR_TYPE_NSEC3, ldns.LDNS_SECTION_AUTHORITY) - print("NSEC3s:", nsec3s) + print("NSEC3s:", sorted(nsec3s)) print("---") diff --git a/contrib/unbound/libunbound/python/examples/example8-1.py b/contrib/unbound/libunbound/python/examples/example8-1.py index ca868e5..723c406 100644 --- a/contrib/unbound/libunbound/python/examples/example8-1.py +++ b/contrib/unbound/libunbound/python/examples/example8-1.py @@ -33,6 +33,7 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ''' +from __future__ import print_function import unbound ctx = unbound.ub_ctx() @@ -42,20 +43,20 @@ status, result = ctx.resolve("nic.cz", unbound.RR_TYPE_MX, unbound.RR_CLASS_IN) if status == 0 and result.havedata: print("Result:") print(" raw data:", result.data) - for k in result.data.mx_list: + for k in sorted(result.data.mx_list): print(" priority:%d address:%s" % k) status, result = ctx.resolve("nic.cz", unbound.RR_TYPE_A, unbound.RR_CLASS_IN) if status == 0 and result.havedata: print("Result:") print(" raw data:", result.data) - for k in result.data.address_list: + for k in sorted(result.data.address_list): print(" address:%s" % k) status, result = ctx.resolve("nic.cz", unbound.RR_TYPE_NS, unbound.RR_CLASS_IN) if status == 0 and result.havedata: print("Result:") print(" raw data:", result.data) - for k in result.data.domain_list: + for k in sorted(result.data.domain_list): print(" host: %s" % k) diff --git a/contrib/unbound/libunbound/python/examples/idn-lookup.py b/contrib/unbound/libunbound/python/examples/idn-lookup.py index 2170637..f283150 100644 --- a/contrib/unbound/libunbound/python/examples/idn-lookup.py +++ b/contrib/unbound/libunbound/python/examples/idn-lookup.py @@ -33,6 +33,7 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ''' +from __future__ import print_function import unbound import locale @@ -45,18 +46,18 @@ status, result = ctx.resolve(u"www.háÄkyÄárky.cz", unbound.RR_TYPE_A, unboun if status == 0 and result.havedata: print("Result:") print(" raw data:", result.data) - for k in result.data.address_list: + for k in sorted(result.data.address_list): print(" address:%s" % k) status, result = ctx.resolve(u"háÄkyÄárky.cz", unbound.RR_TYPE_MX, unbound.RR_CLASS_IN) if status == 0 and result.havedata: print("Result:") print(" raw data:", result.data) - for k in result.data.mx_list_idn: + for k in sorted(result.data.mx_list_idn): print(" priority:%d address:%s" % k) status, result = ctx.resolve(unbound.reverse('217.31.204.66')+'.in-addr.arpa', unbound.RR_TYPE_PTR, unbound.RR_CLASS_IN) if status == 0 and result.havedata: print("Result.data:", result.data) - for k in result.data.domain_list_idn: + for k in sorted(result.data.domain_list_idn): print(" dname:%s" % k) diff --git a/contrib/unbound/libunbound/python/examples/mx-lookup.py b/contrib/unbound/libunbound/python/examples/mx-lookup.py index f83f690..e9394b3 100644 --- a/contrib/unbound/libunbound/python/examples/mx-lookup.py +++ b/contrib/unbound/libunbound/python/examples/mx-lookup.py @@ -33,6 +33,7 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ''' +from __future__ import print_function import unbound ctx = unbound.ub_ctx() @@ -42,12 +43,12 @@ status, result = ctx.resolve("nic.cz", unbound.RR_TYPE_MX, unbound.RR_CLASS_IN) if status == 0 and result.havedata: print("Result:") print(" raw data:", result.data) - for k in result.data.mx_list: + for k in sorted(result.data.mx_list): print(" priority:%d address:%s" % k) status, result = ctx.resolve("nic.cz", unbound.RR_TYPE_A, unbound.RR_CLASS_IN) if status == 0 and result.havedata: print("Result:") print(" raw data:", result.data) - for k in result.data.address_list: + for k in sorted(result.data.address_list): print(" address:%s" % k) diff --git a/contrib/unbound/libunbound/python/examples/ns-lookup.py b/contrib/unbound/libunbound/python/examples/ns-lookup.py index bcd51de..49f5672 100644 --- a/contrib/unbound/libunbound/python/examples/ns-lookup.py +++ b/contrib/unbound/libunbound/python/examples/ns-lookup.py @@ -33,6 +33,7 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ''' +from __future__ import print_function import unbound ctx = unbound.ub_ctx() @@ -42,6 +43,6 @@ status, result = ctx.resolve("vutbr.cz", unbound.RR_TYPE_NS, unbound.RR_CLASS_IN if status == 0 and result.havedata: print("Result:") print(" raw data:", result.data) - for k in result.data.domain_list: + for k in sorted(result.data.domain_list): print(" host: %s" % k) diff --git a/contrib/unbound/libunbound/python/examples/reverse-lookup.py b/contrib/unbound/libunbound/python/examples/reverse-lookup.py index 7e06844e..c9a13fe 100644 --- a/contrib/unbound/libunbound/python/examples/reverse-lookup.py +++ b/contrib/unbound/libunbound/python/examples/reverse-lookup.py @@ -32,6 +32,7 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ''' +from __future__ import print_function import unbound ctx = unbound.ub_ctx() @@ -39,5 +40,5 @@ ctx.resolvconf("/etc/resolv.conf") status, result = ctx.resolve(unbound.reverse("74.125.43.147") + ".in-addr.arpa.", unbound.RR_TYPE_PTR, unbound.RR_CLASS_IN) if status == 0 and result.havedata: - print("Result.data:", result.data, result.data.domain_list) + print("Result.data:", result.data, sorted(result.data.domain_list)) diff --git a/contrib/unbound/libunbound/python/file_py3.i b/contrib/unbound/libunbound/python/file_py3.i new file mode 100644 index 0000000..5d8b5a2 --- /dev/null +++ b/contrib/unbound/libunbound/python/file_py3.i @@ -0,0 +1,155 @@ +/* + * file_py3.i: Typemaps for FILE* for Python 3 + * + * Copyright (c) 2011, Karel Slany (karel.slany AT nic.cz) + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * * Neither the name of the organization nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +%{ +#include <unistd.h> +#include <fcntl.h> +%} + +%types(FILE *); + +//#define SWIG_FILE3_DEBUG + +/* converts basic file descriptor flags onto a string */ +%fragment("fdfl_to_str", "header") { +const char * +fdfl_to_str(int fdfl) { + + static const char * const file_mode[] = {"w+", "w", "r"}; + + if (fdfl & O_RDWR) { + return file_mode[0]; + } else if (fdfl & O_WRONLY) { + return file_mode[1]; + } else { + return file_mode[2]; + } +} +} + +%fragment("is_obj_file", "header") { +int +is_obj_file(PyObject *obj) { + int fd, fdfl; + if (!PyLong_Check(obj) && /* is not an integer */ + PyObject_HasAttrString(obj, "fileno") && /* has fileno method */ + (PyObject_CallMethod(obj, "flush", NULL) != NULL) && /* flush() succeeded */ + ((fd = PyObject_AsFileDescriptor(obj)) != -1) && /* got file descriptor */ + ((fdfl = fcntl(fd, F_GETFL)) != -1) /* got descriptor flags */ + ) { + return 1; + } + else { + return 0; + } +} +} + +%fragment("obj_to_file","header", fragment="fdfl_to_str,is_obj_file") { +FILE * +obj_to_file(PyObject *obj) { + int fd, fdfl; + FILE *fp; + if (is_obj_file(obj)) { + fd = PyObject_AsFileDescriptor(obj); + fdfl = fcntl(fd, F_GETFL); + fp = fdopen(dup(fd), fdfl_to_str(fdfl)); /* the FILE* must be flushed + and closed after being used */ +#ifdef SWIG_FILE3_DEBUG + fprintf(stderr, "opening fd %d (fl %d \"%s\") as FILE %p\n", + fd, fdfl, fdfl_to_str(fdfl), (void *)fp); +#endif + return fp; + } + return NULL; +} +} + +/* returns -1 if error occurred */ +/* caused magic SWIG Syntax errors when was commented out */ +#if 0 +%fragment("dispose_file", "header") { +int +dispose_file(FILE **fp) { +#ifdef SWIG_FILE3_DEBUG + fprintf(stderr, "flushing FILE %p\n", (void *)fp); +#endif + if (*fp == NULL) { + return 0; + } + if ((fflush(*fp) == 0) && /* flush file */ + (fclose(*fp) == 0)) { /* close file */ + *fp = NULL; + return 0; + } + return -1; +} +} +#endif + +%typemap(arginit, noblock = 1) FILE* { + $1 = NULL; +} + +/* + * added due to ub_ctx_debugout since since it is overloaded: + * takes void* and FILE*. In reality only FILE* but the wrapper + * and the function is declared in such way. + */ +%typemap(typecheck, noblock = 1, fragment = "is_obj_file", precedence = SWIG_TYPECHECK_POINTER) FILE* { + $1 = is_obj_file($input); +} + +%typemap(check, noblock = 1) FILE* { + if ($1 == NULL) { + /* The generated wrapper function raises TypeError on mismatching types. */ + SWIG_exception_fail(SWIG_TypeError, "in method '" "$symname" "', argument " + "$argnum"" of type '" "$type""'"); + } +} + +%typemap(in, noblock = 1, fragment = "obj_to_file") FILE* { + $1 = obj_to_file($input); +} + +/* + * Commented out due the way how ub_ctx_debugout() uses the parameter. + * This typemap would cause the FILE* to be closed after return from + * the function. This caused Python interpreter to crash, since the + * function just stores the FILE* internally in ctx and use it for + * logging. So we'll leave the closing of the file on the OS. + */ +/*%typemap(freearg, noblock = 1, fragment = "dispose_file") FILE* { + if (dispose_file(&$1) == -1) { + SWIG_exception_fail(SWIG_IOError, "closing file in method '" "$symname" "', argument " + "$argnum"" of type '" "$type""'"); + } +}*/ diff --git a/contrib/unbound/libunbound/python/libunbound.i b/contrib/unbound/libunbound/python/libunbound.i index 1bef79f..3c0e45b 100644 --- a/contrib/unbound/libunbound/python/libunbound.i +++ b/contrib/unbound/libunbound/python/libunbound.i @@ -60,7 +60,11 @@ %} //%include "doc.i" +#if PY_MAJOR_VERSION >= 3 +%include "file_py3.i" // python 3 FILE * +#else %include "file.i" +#endif %feature("docstring") strerror "Convert error value to a human readable string." diff --git a/contrib/unbound/libunbound/worker.h b/contrib/unbound/libunbound/worker.h index 824012a..a531501 100644 --- a/contrib/unbound/libunbound/worker.h +++ b/contrib/unbound/libunbound/worker.h @@ -42,7 +42,7 @@ #ifndef LIBUNBOUND_WORKER_H #define LIBUNBOUND_WORKER_H -#include "ldns/sbuffer.h" +#include "sldns/sbuffer.h" #include "util/data/packed_rrset.h" /* for enum sec_status */ struct comm_reply; struct comm_point; diff --git a/contrib/unbound/services/cache/dns.c b/contrib/unbound/services/cache/dns.c index 4692744..ba81afd 100644 --- a/contrib/unbound/services/cache/dns.c +++ b/contrib/unbound/services/cache/dns.c @@ -50,7 +50,7 @@ #include "util/net_help.h" #include "util/regional.h" #include "util/config_file.h" -#include "ldns/sbuffer.h" +#include "sldns/sbuffer.h" /** store rrsets in the rrset cache. * @param env: module environment with caches. @@ -366,6 +366,8 @@ dns_msg_create(uint8_t* qname, size_t qnamelen, uint16_t qtype, sizeof(struct reply_info)-sizeof(struct rrset_ref)); if(!msg->rep) return NULL; + if(capacity > RR_COUNT_MAX) + return NULL; /* integer overflow protection */ msg->rep->flags = BIT_QR; /* with QR, no AA */ msg->rep->qdcount = 1; msg->rep->rrsets = (struct ub_packed_rrset_key**) @@ -387,6 +389,18 @@ dns_msg_authadd(struct dns_msg* msg, struct regional* region, return 1; } +/** add rrset to answer section */ +static int +dns_msg_ansadd(struct dns_msg* msg, struct regional* region, + struct ub_packed_rrset_key* rrset, time_t now) +{ + if(!(msg->rep->rrsets[msg->rep->rrset_count++] = + packed_rrset_copy_region(rrset, region, now))) + return 0; + msg->rep->an_numrrsets++; + return 1; +} + struct delegpt* dns_cache_find_delegation(struct module_env* env, uint8_t* qname, size_t qnamelen, uint16_t qtype, uint16_t qclass, @@ -453,6 +467,8 @@ gen_dns_msg(struct regional* region, struct query_info* q, size_t num) sizeof(struct reply_info) - sizeof(struct rrset_ref)); if(!msg->rep) return NULL; + if(num > RR_COUNT_MAX) + return NULL; /* integer overflow protection */ msg->rep->rrsets = (struct ub_packed_rrset_key**) regional_alloc(region, num * sizeof(struct ub_packed_rrset_key*)); @@ -489,7 +505,7 @@ tomsg(struct module_env* env, struct query_info* q, struct reply_info* r, return NULL; if(r->an_numrrsets > 0 && (r->rrsets[0]->rk.type == htons( LDNS_RR_TYPE_CNAME) || r->rrsets[0]->rk.type == htons( - LDNS_RR_TYPE_DNAME)) && !reply_check_cname_chain(r)) { + LDNS_RR_TYPE_DNAME)) && !reply_check_cname_chain(q, r)) { /* cname chain is now invalid, reconstruct msg */ rrset_array_unlock(r->ref, r->rrset_count); return NULL; @@ -631,6 +647,58 @@ synth_dname_msg(struct ub_packed_rrset_key* rrset, struct regional* region, return msg; } +/** Fill TYPE_ANY response with some data from cache */ +static struct dns_msg* +fill_any(struct module_env* env, + uint8_t* qname, size_t qnamelen, uint16_t qtype, uint16_t qclass, + struct regional* region) +{ + time_t now = *env->now; + struct dns_msg* msg = NULL; + uint16_t lookup[] = {LDNS_RR_TYPE_A, LDNS_RR_TYPE_AAAA, + LDNS_RR_TYPE_MX, LDNS_RR_TYPE_SOA, LDNS_RR_TYPE_NS, 0}; + int i, num=5; /* number of RR types to look up */ + log_assert(lookup[num] == 0); + + for(i=0; i<num; i++) { + /* look up this RR for inclusion in type ANY response */ + struct ub_packed_rrset_key* rrset = rrset_cache_lookup( + env->rrset_cache, qname, qnamelen, lookup[i], + qclass, 0, now, 0); + struct packed_rrset_data *d; + if(!rrset) + continue; + + /* only if rrset from answer section */ + d = (struct packed_rrset_data*)rrset->entry.data; + if(d->trust == rrset_trust_add_noAA || + d->trust == rrset_trust_auth_noAA || + d->trust == rrset_trust_add_AA || + d->trust == rrset_trust_auth_AA) { + lock_rw_unlock(&rrset->entry.lock); + continue; + } + + /* create msg if none */ + if(!msg) { + msg = dns_msg_create(qname, qnamelen, qtype, qclass, + region, (size_t)(num-i)); + if(!msg) { + lock_rw_unlock(&rrset->entry.lock); + return NULL; + } + } + + /* add RRset to response */ + if(!dns_msg_ansadd(msg, region, rrset, now)) { + lock_rw_unlock(&rrset->entry.lock); + return NULL; + } + lock_rw_unlock(&rrset->entry.lock); + } + return msg; +} + struct dns_msg* dns_cache_lookup(struct module_env* env, uint8_t* qname, size_t qnamelen, uint16_t qtype, uint16_t qclass, @@ -743,6 +811,11 @@ dns_cache_lookup(struct module_env* env, } } + /* fill common RR types for ANY response to avoid requery */ + if(qtype == LDNS_RR_TYPE_ANY) { + return fill_any(env, qname, qnamelen, qtype, qclass, region); + } + return NULL; } diff --git a/contrib/unbound/services/cache/infra.c b/contrib/unbound/services/cache/infra.c index 07f2103..c0049d8 100644 --- a/contrib/unbound/services/cache/infra.c +++ b/contrib/unbound/services/cache/infra.c @@ -39,7 +39,8 @@ * This file contains the infrastructure cache. */ #include "config.h" -#include "ldns/rrdef.h" +#include "sldns/rrdef.h" +#include "sldns/str2wire.h" #include "services/cache/infra.h" #include "util/storage/slabhash.h" #include "util/storage/lookup3.h" @@ -57,6 +58,9 @@ * can do this number of packets (until those all timeout too) */ #define TIMEOUT_COUNT_MAX 3 +/** ratelimit value for delegation point */ +int infra_dp_ratelimit = 0; + size_t infra_sizefunc(void* k, void* ATTR_UNUSED(d)) { @@ -99,6 +103,114 @@ infra_deldatafunc(void* d, void* ATTR_UNUSED(arg)) free(data); } +size_t +rate_sizefunc(void* k, void* ATTR_UNUSED(d)) +{ + struct rate_key* key = (struct rate_key*)k; + return sizeof(*key) + sizeof(struct rate_data) + key->namelen + + lock_get_mem(&key->entry.lock); +} + +int +rate_compfunc(void* key1, void* key2) +{ + struct rate_key* k1 = (struct rate_key*)key1; + struct rate_key* k2 = (struct rate_key*)key2; + if(k1->namelen != k2->namelen) { + if(k1->namelen < k2->namelen) + return -1; + return 1; + } + return query_dname_compare(k1->name, k2->name); +} + +void +rate_delkeyfunc(void* k, void* ATTR_UNUSED(arg)) +{ + struct rate_key* key = (struct rate_key*)k; + if(!key) + return; + lock_rw_destroy(&key->entry.lock); + free(key->name); + free(key); +} + +void +rate_deldatafunc(void* d, void* ATTR_UNUSED(arg)) +{ + struct rate_data* data = (struct rate_data*)d; + free(data); +} + +/** find or create element in domainlimit tree */ +static struct domain_limit_data* domain_limit_findcreate( + struct infra_cache* infra, char* name) +{ + uint8_t* nm; + int labs; + size_t nmlen; + struct domain_limit_data* d; + + /* parse name */ + nm = sldns_str2wire_dname(name, &nmlen); + if(!nm) { + log_err("could not parse %s", name); + return NULL; + } + labs = dname_count_labels(nm); + + /* can we find it? */ + d = (struct domain_limit_data*)name_tree_find(&infra->domain_limits, + nm, nmlen, labs, LDNS_RR_CLASS_IN); + if(d) { + free(nm); + return d; + } + + /* create it */ + d = (struct domain_limit_data*)calloc(1, sizeof(*d)); + if(!d) { + free(nm); + return NULL; + } + d->node.node.key = &d->node; + d->node.name = nm; + d->node.len = nmlen; + d->node.labs = labs; + d->node.dclass = LDNS_RR_CLASS_IN; + d->lim = -1; + d->below = -1; + if(!name_tree_insert(&infra->domain_limits, &d->node, nm, nmlen, + labs, LDNS_RR_CLASS_IN)) { + log_err("duplicate element in domainlimit tree"); + free(nm); + free(d); + return NULL; + } + return d; +} + +/** insert rate limit configuration into lookup tree */ +static int infra_ratelimit_cfg_insert(struct infra_cache* infra, + struct config_file* cfg) +{ + struct config_str2list* p; + struct domain_limit_data* d; + for(p = cfg->ratelimit_for_domain; p; p = p->next) { + d = domain_limit_findcreate(infra, p->str); + if(!d) + return 0; + d->lim = atoi(p->str2); + } + for(p = cfg->ratelimit_below_domain; p; p = p->next) { + d = domain_limit_findcreate(infra, p->str); + if(!d) + return 0; + d->below = atoi(p->str2); + } + return 1; +} + struct infra_cache* infra_create(struct config_file* cfg) { @@ -114,15 +226,44 @@ infra_create(struct config_file* cfg) return NULL; } infra->host_ttl = cfg->host_ttl; + name_tree_init(&infra->domain_limits); + infra_dp_ratelimit = cfg->ratelimit; + if(cfg->ratelimit != 0) { + infra->domain_rates = slabhash_create(cfg->ratelimit_slabs, + INFRA_HOST_STARTSIZE, cfg->ratelimit_size, + &rate_sizefunc, &rate_compfunc, &rate_delkeyfunc, + &rate_deldatafunc, NULL); + if(!infra->domain_rates) { + infra_delete(infra); + return NULL; + } + /* insert config data into ratelimits */ + if(!infra_ratelimit_cfg_insert(infra, cfg)) { + infra_delete(infra); + return NULL; + } + name_tree_init_parents(&infra->domain_limits); + } return infra; } +/** delete domain_limit entries */ +static void domain_limit_free(rbnode_t* n, void* ATTR_UNUSED(arg)) +{ + if(n) { + free(((struct domain_limit_data*)n)->node.name); + free(n); + } +} + void infra_delete(struct infra_cache* infra) { if(!infra) return; slabhash_delete(infra->hosts); + slabhash_delete(infra->domain_rates); + traverse_postorder(&infra->domain_limits, domain_limit_free, NULL); free(infra); } @@ -562,8 +703,178 @@ infra_get_lame_rtt(struct infra_cache* infra, return 1; } +int infra_find_ratelimit(struct infra_cache* infra, uint8_t* name, + size_t namelen) +{ + int labs = dname_count_labels(name); + struct domain_limit_data* d = (struct domain_limit_data*) + name_tree_lookup(&infra->domain_limits, name, namelen, labs, + LDNS_RR_CLASS_IN); + if(!d) return infra_dp_ratelimit; + + if(d->node.labs == labs && d->lim != -1) + return d->lim; /* exact match */ + + /* find 'below match' */ + if(d->node.labs == labs) + d = (struct domain_limit_data*)d->node.parent; + while(d) { + if(d->below != -1) + return d->below; + d = (struct domain_limit_data*)d->node.parent; + } + return infra_dp_ratelimit; +} + +/** find data item in array, for write access, caller unlocks */ +static struct lruhash_entry* infra_find_ratedata(struct infra_cache* infra, + uint8_t* name, size_t namelen, int wr) +{ + struct rate_key key; + hashvalue_t h = dname_query_hash(name, 0xab); + memset(&key, 0, sizeof(key)); + key.name = name; + key.namelen = namelen; + key.entry.hash = h; + return slabhash_lookup(infra->domain_rates, h, &key, wr); +} + +/** create rate data item for name, number 1 in now */ +static void infra_create_ratedata(struct infra_cache* infra, + uint8_t* name, size_t namelen, time_t timenow) +{ + hashvalue_t h = dname_query_hash(name, 0xab); + struct rate_key* k = (struct rate_key*)calloc(1, sizeof(*k)); + struct rate_data* d = (struct rate_data*)calloc(1, sizeof(*d)); + if(!k || !d) { + free(k); + free(d); + return; /* alloc failure */ + } + k->namelen = namelen; + k->name = memdup(name, namelen); + if(!k->name) { + free(k); + free(d); + return; /* alloc failure */ + } + lock_rw_init(&k->entry.lock); + k->entry.hash = h; + k->entry.key = k; + k->entry.data = d; + d->qps[0] = 1; + d->timestamp[0] = timenow; + slabhash_insert(infra->domain_rates, h, &k->entry, d, NULL); +} + +/** find the second and return its rate counter, if none, remove oldest */ +static int* infra_rate_find_second(void* data, time_t t) +{ + struct rate_data* d = (struct rate_data*)data; + int i, oldest; + for(i=0; i<RATE_WINDOW; i++) { + if(d->timestamp[i] == t) + return &(d->qps[i]); + } + /* remove oldest timestamp, and insert it at t with 0 qps */ + oldest = 0; + for(i=0; i<RATE_WINDOW; i++) { + if(d->timestamp[i] < d->timestamp[oldest]) + oldest = i; + } + d->timestamp[oldest] = t; + d->qps[oldest] = 0; + return &(d->qps[oldest]); +} + +int infra_rate_max(void* data, time_t now) +{ + struct rate_data* d = (struct rate_data*)data; + int i, max = 0; + for(i=0; i<RATE_WINDOW; i++) { + if(now-d->timestamp[i] <= RATE_WINDOW) { + if(d->qps[i] > max) + max = d->qps[i]; + } + } + return max; +} + +int infra_ratelimit_inc(struct infra_cache* infra, uint8_t* name, + size_t namelen, time_t timenow) +{ + int lim, max; + struct lruhash_entry* entry; + + if(!infra_dp_ratelimit) + return 1; /* not enabled */ + + /* find ratelimit */ + lim = infra_find_ratelimit(infra, name, namelen); + + /* find or insert ratedata */ + entry = infra_find_ratedata(infra, name, namelen, 1); + if(entry) { + int premax = infra_rate_max(entry->data, timenow); + int* cur = infra_rate_find_second(entry->data, timenow); + (*cur)++; + max = infra_rate_max(entry->data, timenow); + lock_rw_unlock(&entry->lock); + + if(premax < lim && max >= lim) { + char buf[257]; + dname_str(name, buf); + verbose(VERB_OPS, "ratelimit exceeded %s %d", buf, lim); + } + return (max < lim); + } + + /* create */ + infra_create_ratedata(infra, name, namelen, timenow); + return (1 < lim); +} + +void infra_ratelimit_dec(struct infra_cache* infra, uint8_t* name, + size_t namelen, time_t timenow) +{ + struct lruhash_entry* entry; + int* cur; + if(!infra_dp_ratelimit) + return; /* not enabled */ + entry = infra_find_ratedata(infra, name, namelen, 1); + if(!entry) return; /* not cached */ + cur = infra_rate_find_second(entry->data, timenow); + if((*cur) > 0) + (*cur)--; + lock_rw_unlock(&entry->lock); +} + +int infra_ratelimit_exceeded(struct infra_cache* infra, uint8_t* name, + size_t namelen, time_t timenow) +{ + struct lruhash_entry* entry; + int lim, max; + if(!infra_dp_ratelimit) + return 0; /* not enabled */ + + /* find ratelimit */ + lim = infra_find_ratelimit(infra, name, namelen); + + /* find current rate */ + entry = infra_find_ratedata(infra, name, namelen, 0); + if(!entry) + return 0; /* not cached */ + max = infra_rate_max(entry->data, timenow); + lock_rw_unlock(&entry->lock); + + return (max >= lim); +} + size_t infra_get_mem(struct infra_cache* infra) { - return sizeof(*infra) + slabhash_get_mem(infra->hosts); + size_t s = sizeof(*infra) + slabhash_get_mem(infra->hosts); + if(infra->domain_rates) s += slabhash_get_mem(infra->domain_rates); + /* ignore domain_limits because walk through tree is big */ + return s; } diff --git a/contrib/unbound/services/cache/infra.h b/contrib/unbound/services/cache/infra.h index fc54f7f..fc7abb7 100644 --- a/contrib/unbound/services/cache/infra.h +++ b/contrib/unbound/services/cache/infra.h @@ -42,6 +42,7 @@ #ifndef SERVICES_CACHE_INFRA_H #define SERVICES_CACHE_INFRA_H #include "util/storage/lruhash.h" +#include "util/storage/dnstree.h" #include "util/rtt.h" struct slabhash; struct config_file; @@ -108,6 +109,55 @@ struct infra_cache { struct slabhash* hosts; /** TTL value for host information, in seconds */ int host_ttl; + /** hash table with query rates per name: rate_key, rate_data */ + struct slabhash* domain_rates; + /** ratelimit settings for domains, struct domain_limit_data */ + rbtree_t domain_limits; +}; + +/** ratelimit, unless overridden by domain_limits, 0 is off */ +extern int infra_dp_ratelimit; + +/** + * ratelimit settings for domains + */ +struct domain_limit_data { + /** key for rbtree, must be first in struct, name of domain */ + struct name_tree_node node; + /** ratelimit for exact match with this name, -1 if not set */ + int lim; + /** ratelimit for names below this name, -1 if not set */ + int below; +}; + +/** + * key for ratelimit lookups, a domain name + */ +struct rate_key { + /** lruhash key entry */ + struct lruhash_entry entry; + /** domain name in uncompressed wireformat */ + uint8_t* name; + /** length of name */ + size_t namelen; +}; + +/** number of seconds to track qps rate */ +#define RATE_WINDOW 2 + +/** + * Data for ratelimits per domain name + * It is incremented when a non-cache-lookup happens for that domain name. + * The name is the delegation point we have for the name. + * If a new delegation point is found (a referral reply), the previous + * delegation point is decremented, and the new one is charged with the query. + */ +struct rate_data { + /** queries counted, for that second. 0 if not in use. */ + int qps[RATE_WINDOW]; + /** what the timestamp is of the qps array members, counter is + * valid for that timestamp. Usually now and now-1. */ + time_t timestamp[RATE_WINDOW]; }; /** infra host cache default hash lookup size */ @@ -287,6 +337,51 @@ long long infra_get_host_rto(struct infra_cache* infra, int* tA, int* tAAAA, int* tother); /** + * Increment the query rate counter for a delegation point. + * @param infra: infra cache. + * @param name: zone name + * @param namelen: zone name length + * @param timenow: what time it is now. + * @return 1 if it could be incremented. 0 if the increment overshot the + * ratelimit or if in the previous second the ratelimit was exceeded. + * Failures like alloc failures are not returned (probably as 1). + */ +int infra_ratelimit_inc(struct infra_cache* infra, uint8_t* name, + size_t namelen, time_t timenow); + +/** + * Decrement the query rate counter for a delegation point. + * Because the reply received for the delegation point was pleasant, + * we do not charge this delegation point with it (i.e. it was a referral). + * Should call it with same second as when inc() was called. + * @param infra: infra cache. + * @param name: zone name + * @param namelen: zone name length + * @param timenow: what time it is now. + */ +void infra_ratelimit_dec(struct infra_cache* infra, uint8_t* name, + size_t namelen, time_t timenow); + +/** + * See if the query rate counter for a delegation point is exceeded. + * So, no queries are going to be allowed. + * @param infra: infra cache. + * @param name: zone name + * @param namelen: zone name length + * @param timenow: what time it is now. + * @return true if exceeded. + */ +int infra_ratelimit_exceeded(struct infra_cache* infra, uint8_t* name, + size_t namelen, time_t timenow); + +/** find the maximum rate stored, not too old. 0 if no information. */ +int infra_rate_max(void* data, time_t now); + +/** find the ratelimit in qps for a domain */ +int infra_find_ratelimit(struct infra_cache* infra, uint8_t* name, + size_t namelen); + +/** * Get memory used by the infra cache. * @param infra: infrastructure cache. * @return memory in use in bytes. @@ -306,4 +401,16 @@ void infra_delkeyfunc(void* k, void* arg); /** delete data and destroy the lameness hashtable */ void infra_deldatafunc(void* d, void* arg); +/** calculate size for the hashtable */ +size_t rate_sizefunc(void* k, void* d); + +/** compare two names, returns -1, 0, or +1 */ +int rate_compfunc(void* key1, void* key2); + +/** delete key, and destroy the lock */ +void rate_delkeyfunc(void* k, void* arg); + +/** delete data */ +void rate_deldatafunc(void* d, void* arg); + #endif /* SERVICES_CACHE_INFRA_H */ diff --git a/contrib/unbound/services/cache/rrset.c b/contrib/unbound/services/cache/rrset.c index 5f52dbc..2c85529 100644 --- a/contrib/unbound/services/cache/rrset.c +++ b/contrib/unbound/services/cache/rrset.c @@ -40,7 +40,7 @@ */ #include "config.h" #include "services/cache/rrset.h" -#include "ldns/rrdef.h" +#include "sldns/rrdef.h" #include "util/storage/slabhash.h" #include "util/config_file.h" #include "util/data/packed_rrset.h" @@ -304,10 +304,11 @@ rrset_array_unlock_touch(struct rrset_cache* r, struct regional* scratch, { hashvalue_t* h; size_t i; - if(!(h = (hashvalue_t*)regional_alloc(scratch, - sizeof(hashvalue_t)*count))) + if(count > RR_COUNT_MAX || !(h = (hashvalue_t*)regional_alloc(scratch, + sizeof(hashvalue_t)*count))) { log_warn("rrset LRU: memory allocation failed"); - else /* store hash values */ + h = NULL; + } else /* store hash values */ for(i=0; i<count; i++) h[i] = ref[i].key->entry.hash; /* unlock */ diff --git a/contrib/unbound/services/listen_dnsport.c b/contrib/unbound/services/listen_dnsport.c index 3e5bf40..276c0fb 100644 --- a/contrib/unbound/services/listen_dnsport.c +++ b/contrib/unbound/services/listen_dnsport.c @@ -49,7 +49,7 @@ #include "util/log.h" #include "util/config_file.h" #include "util/net_help.h" -#include "ldns/sbuffer.h" +#include "sldns/sbuffer.h" #ifdef HAVE_NETDB_H #include <netdb.h> @@ -96,10 +96,10 @@ verbose_print_addr(struct addrinfo *addr) int create_udp_sock(int family, int socktype, struct sockaddr* addr, socklen_t addrlen, int v6only, int* inuse, int* noproto, - int rcv, int snd, int listen, int* reuseport) + int rcv, int snd, int listen, int* reuseport, int transparent) { int s; -#if defined(SO_REUSEADDR) || defined(SO_REUSEPORT) || defined(IPV6_USE_MIN_MTU) +#if defined(SO_REUSEADDR) || defined(SO_REUSEPORT) || defined(IPV6_USE_MIN_MTU) || defined(IP_TRANSPARENT) int on=1; #endif #ifdef IPV6_MTU @@ -114,6 +114,9 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, #ifndef IPV6_V6ONLY (void)v6only; #endif +#ifndef IP_TRANSPARENT + (void)transparent; +#endif if((s = socket(family, socktype, 0)) == -1) { *inuse = 0; #ifndef USE_WINSOCK @@ -177,6 +180,14 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, #else (void)reuseport; #endif /* defined(SO_REUSEPORT) */ +#ifdef IP_TRANSPARENT + if (transparent && + setsockopt(s, IPPROTO_IP, IP_TRANSPARENT, (void*)&on, + (socklen_t)sizeof(on)) < 0) { + log_warn("setsockopt(.. IP_TRANSPARENT ..) failed: %s", + strerror(errno)); + } +#endif /* IP_TRANSPARENT */ } if(rcv) { #ifdef SO_RCVBUF @@ -472,12 +483,15 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, int create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto, - int* reuseport) + int* reuseport, int transparent) { int s; -#if defined(SO_REUSEADDR) || defined(SO_REUSEPORT) || defined(IPV6_V6ONLY) +#if defined(SO_REUSEADDR) || defined(SO_REUSEPORT) || defined(IPV6_V6ONLY) || defined(IP_TRANSPARENT) int on = 1; -#endif /* SO_REUSEADDR || IPV6_V6ONLY */ +#endif +#ifndef IP_TRANSPARENT + (void)transparent; +#endif verbose_print_addr(addr); *noproto = 0; if((s = socket(addr->ai_family, addr->ai_socktype, 0)) == -1) { @@ -552,6 +566,14 @@ create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto, #else (void)v6only; #endif /* IPV6_V6ONLY */ +#ifdef IP_TRANSPARENT + if (transparent && + setsockopt(s, IPPROTO_IP, IP_TRANSPARENT, (void*)&on, + (socklen_t)sizeof(on)) < 0) { + log_warn("setsockopt(.. IP_TRANSPARENT ..) failed: %s", + strerror(errno)); + } +#endif /* IP_TRANSPARENT */ if(bind(s, addr->ai_addr, addr->ai_addrlen) != 0) { #ifndef USE_WINSOCK /* detect freebsd jail with no ipv6 permission */ @@ -656,7 +678,7 @@ create_local_accept_sock(const char *path, int* noproto) static int make_sock(int stype, const char* ifname, const char* port, struct addrinfo *hints, int v6only, int* noip6, size_t rcv, size_t snd, - int* reuseport) + int* reuseport, int transparent) { struct addrinfo *res = NULL; int r, s, inuse, noproto; @@ -684,14 +706,15 @@ make_sock(int stype, const char* ifname, const char* port, s = create_udp_sock(res->ai_family, res->ai_socktype, (struct sockaddr*)res->ai_addr, res->ai_addrlen, v6only, &inuse, &noproto, (int)rcv, (int)snd, 1, - reuseport); + reuseport, transparent); if(s == -1 && inuse) { log_err("bind: address already in use"); } else if(s == -1 && noproto && hints->ai_family == AF_INET6){ *noip6 = 1; } } else { - s = create_tcp_accept_sock(res, v6only, &noproto, reuseport); + s = create_tcp_accept_sock(res, v6only, &noproto, reuseport, + transparent); if(s == -1 && noproto && hints->ai_family == AF_INET6){ *noip6 = 1; } @@ -704,7 +727,7 @@ make_sock(int stype, const char* ifname, const char* port, static int make_sock_port(int stype, const char* ifname, const char* port, struct addrinfo *hints, int v6only, int* noip6, size_t rcv, size_t snd, - int* reuseport) + int* reuseport, int transparent) { char* s = strchr(ifname, '@'); if(s) { @@ -726,10 +749,10 @@ make_sock_port(int stype, const char* ifname, const char* port, (void)strlcpy(p, s+1, sizeof(p)); p[strlen(s+1)]=0; return make_sock(stype, newif, p, hints, v6only, noip6, - rcv, snd, reuseport); + rcv, snd, reuseport, transparent); } return make_sock(stype, ifname, port, hints, v6only, noip6, rcv, snd, - reuseport); + reuseport, transparent); } /** @@ -823,19 +846,20 @@ set_recvpktinfo(int s, int family) * @param ssl_port: ssl service port number * @param reuseport: try to set SO_REUSEPORT if nonNULL and true. * set to false on exit if reuseport failed due to no kernel support. + * @param transparent: set IP_TRANSPARENT socket option. * @return: returns false on error. */ static int ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, struct addrinfo *hints, const char* port, struct listen_port** list, - size_t rcv, size_t snd, int ssl_port, int* reuseport) + size_t rcv, size_t snd, int ssl_port, int* reuseport, int transparent) { int s, noip6=0; if(!do_udp && !do_tcp) return 0; if(do_auto) { if((s = make_sock_port(SOCK_DGRAM, ifname, port, hints, 1, - &noip6, rcv, snd, reuseport)) == -1) { + &noip6, rcv, snd, reuseport, transparent)) == -1) { if(noip6) { log_warn("IPv6 protocol not available"); return 1; @@ -862,7 +886,7 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, } else if(do_udp) { /* regular udp socket */ if((s = make_sock_port(SOCK_DGRAM, ifname, port, hints, 1, - &noip6, rcv, snd, reuseport)) == -1) { + &noip6, rcv, snd, reuseport, transparent)) == -1) { if(noip6) { log_warn("IPv6 protocol not available"); return 1; @@ -883,7 +907,7 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, atoi(strchr(ifname, '@')+1) == ssl_port) || (!strchr(ifname, '@') && atoi(port) == ssl_port)); if((s = make_sock_port(SOCK_STREAM, ifname, port, hints, 1, - &noip6, 0, 0, reuseport)) == -1) { + &noip6, 0, 0, reuseport, transparent)) == -1) { if(noip6) { /*log_warn("IPv6 protocol not available");*/ return 1; @@ -1039,7 +1063,8 @@ listening_ports_open(struct config_file* cfg, int* reuseport) do_auto, cfg->do_udp, do_tcp, &hints, portbuf, &list, cfg->so_rcvbuf, cfg->so_sndbuf, - cfg->ssl_port, reuseport)) { + cfg->ssl_port, reuseport, + cfg->ip_transparent)) { listening_ports_free(list); return NULL; } @@ -1050,7 +1075,8 @@ listening_ports_open(struct config_file* cfg, int* reuseport) do_auto, cfg->do_udp, do_tcp, &hints, portbuf, &list, cfg->so_rcvbuf, cfg->so_sndbuf, - cfg->ssl_port, reuseport)) { + cfg->ssl_port, reuseport, + cfg->ip_transparent)) { listening_ports_free(list); return NULL; } @@ -1063,7 +1089,8 @@ listening_ports_open(struct config_file* cfg, int* reuseport) if(!ports_create_if(cfg->ifs[i], 0, cfg->do_udp, do_tcp, &hints, portbuf, &list, cfg->so_rcvbuf, cfg->so_sndbuf, - cfg->ssl_port, reuseport)) { + cfg->ssl_port, reuseport, + cfg->ip_transparent)) { listening_ports_free(list); return NULL; } @@ -1074,7 +1101,8 @@ listening_ports_open(struct config_file* cfg, int* reuseport) if(!ports_create_if(cfg->ifs[i], 0, cfg->do_udp, do_tcp, &hints, portbuf, &list, cfg->so_rcvbuf, cfg->so_sndbuf, - cfg->ssl_port, reuseport)) { + cfg->ssl_port, reuseport, + cfg->ip_transparent)) { listening_ports_free(list); return NULL; } diff --git a/contrib/unbound/services/listen_dnsport.h b/contrib/unbound/services/listen_dnsport.h index e9883a8..676f0c6 100644 --- a/contrib/unbound/services/listen_dnsport.h +++ b/contrib/unbound/services/listen_dnsport.h @@ -189,11 +189,12 @@ void listen_start_accept(struct listen_dnsport* listen); * set SO_REUSEADDR on it. * @param reuseport: if nonNULL and true, try to set SO_REUSEPORT on * listening UDP port. Set to false on return if it failed to do so. + * @param transparent: set IP_TRANSPARENT socket option. * @return: the socket. -1 on error. */ int create_udp_sock(int family, int socktype, struct sockaddr* addr, socklen_t addrlen, int v6only, int* inuse, int* noproto, int rcv, - int snd, int listen, int* reuseport); + int snd, int listen, int* reuseport, int transparent); /** * Create and bind TCP listening socket @@ -202,10 +203,11 @@ int create_udp_sock(int family, int socktype, struct sockaddr* addr, * @param noproto: if error caused by lack of protocol support. * @param reuseport: if nonNULL and true, try to set SO_REUSEPORT on * listening UDP port. Set to false on return if it failed to do so. + * @param transparent: set IP_TRANSPARENT socket option. * @return: the socket. -1 on error. */ int create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto, - int* reuseport); + int* reuseport, int transparent); /** * Create and bind local listening socket diff --git a/contrib/unbound/services/localzone.c b/contrib/unbound/services/localzone.c index 57510bd..c50ad0f 100644 --- a/contrib/unbound/services/localzone.c +++ b/contrib/unbound/services/localzone.c @@ -40,8 +40,8 @@ */ #include "config.h" #include "services/localzone.h" -#include "ldns/str2wire.h" -#include "ldns/sbuffer.h" +#include "sldns/str2wire.h" +#include "sldns/sbuffer.h" #include "util/regional.h" #include "util/config_file.h" #include "util/data/dname.h" @@ -1027,6 +1027,10 @@ void local_zones_print(struct local_zones* zones) log_nametypeclass(0, "inform zone", z->name, 0, z->dclass); break; + case local_zone_inform_deny: + log_nametypeclass(0, "inform_deny zone", + z->name, 0, z->dclass); + break; default: log_nametypeclass(0, "badtyped zone", z->name, 0, z->dclass); @@ -1124,7 +1128,7 @@ lz_zone_answer(struct local_zone* z, struct query_info* qinfo, struct edns_data* edns, sldns_buffer* buf, struct regional* temp, struct local_data* ld) { - if(z->type == local_zone_deny) { + if(z->type == local_zone_deny || z->type == local_zone_inform_deny) { /** no reply at all, signal caller by clearing buffer. */ sldns_buffer_clear(buf); sldns_buffer_flip(buf); @@ -1211,7 +1215,8 @@ local_zones_answer(struct local_zones* zones, struct query_info* qinfo, lock_rw_rdlock(&z->lock); lock_rw_unlock(&zones->lock); - if(z->type == local_zone_inform && repinfo) + if((z->type == local_zone_inform || z->type == local_zone_inform_deny) + && repinfo) lz_inform_print(z, qinfo, repinfo); if(local_data_answer(z, qinfo, edns, buf, temp, labs, &ld)) { @@ -1234,6 +1239,7 @@ const char* local_zone_type2str(enum localzone_type t) case local_zone_static: return "static"; case local_zone_nodefault: return "nodefault"; case local_zone_inform: return "inform"; + case local_zone_inform_deny: return "inform_deny"; } return "badtyped"; } @@ -1254,6 +1260,8 @@ int local_zone_str2type(const char* type, enum localzone_type* t) *t = local_zone_redirect; else if(strcmp(type, "inform") == 0) *t = local_zone_inform; + else if(strcmp(type, "inform_deny") == 0) + *t = local_zone_inform_deny; else return 0; return 1; } diff --git a/contrib/unbound/services/localzone.h b/contrib/unbound/services/localzone.h index 29ba866..3d62a69 100644 --- a/contrib/unbound/services/localzone.h +++ b/contrib/unbound/services/localzone.h @@ -73,7 +73,9 @@ enum localzone_type { * nodefault is used in config not during service. */ local_zone_nodefault, /** log client address, but no block (transparent) */ - local_zone_inform + local_zone_inform, + /** log client address, and block (drop) */ + local_zone_inform_deny }; /** diff --git a/contrib/unbound/services/mesh.c b/contrib/unbound/services/mesh.c index a69aced..8076874 100644 --- a/contrib/unbound/services/mesh.c +++ b/contrib/unbound/services/mesh.c @@ -55,7 +55,7 @@ #include "util/fptr_wlist.h" #include "util/alloc.h" #include "util/config_file.h" -#include "ldns/sbuffer.h" +#include "sldns/sbuffer.h" /** subtract timers and the values do not overflow or become negative */ static void diff --git a/contrib/unbound/services/outside_network.c b/contrib/unbound/services/outside_network.c index 5bb52ff..f105bc0 100644 --- a/contrib/unbound/services/outside_network.c +++ b/contrib/unbound/services/outside_network.c @@ -57,7 +57,7 @@ #include "util/net_help.h" #include "util/random.h" #include "util/fptr_wlist.h" -#include "ldns/sbuffer.h" +#include "sldns/sbuffer.h" #include "dnstap/dnstap.h" #ifdef HAVE_OPENSSL_SSL_H #include <openssl/ssl.h> @@ -893,13 +893,13 @@ udp_sockport(struct sockaddr_storage* addr, socklen_t addrlen, int port, sa->sin6_port = (in_port_t)htons((uint16_t)port); fd = create_udp_sock(AF_INET6, SOCK_DGRAM, (struct sockaddr*)addr, addrlen, 1, inuse, &noproto, - 0, 0, 0, NULL); + 0, 0, 0, NULL, 0); } else { struct sockaddr_in* sa = (struct sockaddr_in*)addr; sa->sin_port = (in_port_t)htons((uint16_t)port); fd = create_udp_sock(AF_INET, SOCK_DGRAM, (struct sockaddr*)addr, addrlen, 1, inuse, &noproto, - 0, 0, 0, NULL); + 0, 0, 0, NULL, 0); } return fd; } @@ -1510,7 +1510,8 @@ serviced_callbacks(struct serviced_query* sq, int error, struct comm_point* c, log_assert(rem); /* should have been present */ sq->to_be_deleted = 1; verbose(VERB_ALGO, "svcd callbacks start"); - if(sq->outnet->use_caps_for_id && error == NETEVENT_NOERROR && c) { + if(sq->outnet->use_caps_for_id && error == NETEVENT_NOERROR && c && + !sq->nocaps) { /* noerror and nxdomain must have a qname in reply */ if(sldns_buffer_read_u16_at(c->buffer, 4) == 0 && (LDNS_RCODE_WIRE(sldns_buffer_begin(c->buffer)) @@ -1590,7 +1591,7 @@ serviced_tcp_callback(struct comm_point* c, void* arg, int error, infra_update_tcp_works(sq->outnet->infra, &sq->addr, sq->addrlen, sq->zone, sq->zonelen); #ifdef USE_DNSTAP - if(sq->outnet->dtenv && + if(error==NETEVENT_NOERROR && sq->outnet->dtenv && (sq->outnet->dtenv->log_resolver_response_messages || sq->outnet->dtenv->log_forwarder_response_messages)) dt_msg_send_outside_response(sq->outnet->dtenv, &sq->addr, diff --git a/contrib/unbound/ldns/keyraw.c b/contrib/unbound/sldns/keyraw.c index 1ff0774..59e8000 100644 --- a/contrib/unbound/ldns/keyraw.c +++ b/contrib/unbound/sldns/keyraw.c @@ -11,8 +11,8 @@ */ #include "config.h" -#include "ldns/keyraw.h" -#include "ldns/rrdef.h" +#include "sldns/keyraw.h" +#include "sldns/rrdef.h" #ifdef HAVE_SSL #include <openssl/ssl.h> diff --git a/contrib/unbound/ldns/keyraw.h b/contrib/unbound/sldns/keyraw.h index 8abe235..8abe235 100644 --- a/contrib/unbound/ldns/keyraw.h +++ b/contrib/unbound/sldns/keyraw.h diff --git a/contrib/unbound/ldns/parse.c b/contrib/unbound/sldns/parse.c index a605e54..35dee71 100644 --- a/contrib/unbound/ldns/parse.c +++ b/contrib/unbound/sldns/parse.c @@ -8,9 +8,9 @@ * See the file LICENSE for the license */ #include "config.h" -#include "ldns/parse.h" -#include "ldns/parseutil.h" -#include "ldns/sbuffer.h" +#include "sldns/parse.h" +#include "sldns/parseutil.h" +#include "sldns/sbuffer.h" #include <limits.h> #include <strings.h> diff --git a/contrib/unbound/ldns/parse.h b/contrib/unbound/sldns/parse.h index 7b7456d..7b7456d 100644 --- a/contrib/unbound/ldns/parse.h +++ b/contrib/unbound/sldns/parse.h diff --git a/contrib/unbound/ldns/parseutil.c b/contrib/unbound/sldns/parseutil.c index 28b344e..2a2ebbb 100644 --- a/contrib/unbound/ldns/parseutil.c +++ b/contrib/unbound/sldns/parseutil.c @@ -13,7 +13,7 @@ */ #include "config.h" -#include "ldns/parseutil.h" +#include "sldns/parseutil.h" #include <sys/time.h> #include <time.h> #include <ctype.h> diff --git a/contrib/unbound/ldns/parseutil.h b/contrib/unbound/sldns/parseutil.h index dfa1c2a..dfa1c2a 100644 --- a/contrib/unbound/ldns/parseutil.h +++ b/contrib/unbound/sldns/parseutil.h diff --git a/contrib/unbound/ldns/pkthdr.h b/contrib/unbound/sldns/pkthdr.h index de9952e..de9952e 100644 --- a/contrib/unbound/ldns/pkthdr.h +++ b/contrib/unbound/sldns/pkthdr.h diff --git a/contrib/unbound/ldns/rrdef.c b/contrib/unbound/sldns/rrdef.c index 9b4bf7c..a8c6229 100644 --- a/contrib/unbound/ldns/rrdef.c +++ b/contrib/unbound/sldns/rrdef.c @@ -13,8 +13,8 @@ * Defines resource record types and constants. */ #include "config.h" -#include "ldns/rrdef.h" -#include "ldns/parseutil.h" +#include "sldns/rrdef.h" +#include "sldns/parseutil.h" /* classes */ static sldns_lookup_table sldns_rr_classes_data[] = { @@ -213,13 +213,11 @@ static const sldns_rdf_type type_eui48_wireformat[] = { static const sldns_rdf_type type_eui64_wireformat[] = { LDNS_RDF_TYPE_EUI64 }; -#ifdef DRAFT_RRTYPES static const sldns_rdf_type type_uri_wireformat[] = { LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_LONG_STR }; -#endif static const sldns_rdf_type type_caa_wireformat[] = { LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_TAG, @@ -590,12 +588,8 @@ static sldns_rr_descriptor rdata_field_descriptors[] = { /* ANY: A request for all (available) records */ {LDNS_RR_TYPE_ANY, "ANY", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -#ifdef DRAFT_RRTYPES /* 256 */ {LDNS_RR_TYPE_URI, "URI", 3, 3, type_uri_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -#else -{LDNS_RR_TYPE_NULL, "TYPE256", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -#endif /* 257 */ {LDNS_RR_TYPE_CAA, "CAA", 3, 3, type_caa_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, diff --git a/contrib/unbound/ldns/rrdef.h b/contrib/unbound/sldns/rrdef.h index 933bcdf..ab65943 100644 --- a/contrib/unbound/ldns/rrdef.h +++ b/contrib/unbound/sldns/rrdef.h @@ -220,8 +220,7 @@ enum sldns_enum_rr_type LDNS_RR_TYPE_MAILA = 254, /** any type (wildcard) */ LDNS_RR_TYPE_ANY = 255, - /** draft-faltstrom-uri-06 */ - LDNS_RR_TYPE_URI = 256, + LDNS_RR_TYPE_URI = 256, /* RFC 7553 */ LDNS_RR_TYPE_CAA = 257, /* RFC 6844 */ /** DNSSEC Trust Authorities */ @@ -343,7 +342,7 @@ enum sldns_enum_rdf_type /** A <character-string> encoding of the value field as specified * [RFC1035], Section 5.1., encoded as remaining rdata. - * For CAA. + * For CAA, URI. */ LDNS_RDF_TYPE_LONG_STR, diff --git a/contrib/unbound/ldns/sbuffer.c b/contrib/unbound/sldns/sbuffer.c index 3d087bf..a7fe53a 100644 --- a/contrib/unbound/ldns/sbuffer.c +++ b/contrib/unbound/sldns/sbuffer.c @@ -12,7 +12,7 @@ * This file contains the definition of sldns_buffer, and functions to manipulate those. */ #include "config.h" -#include "ldns/sbuffer.h" +#include "sldns/sbuffer.h" #include <stdarg.h> sldns_buffer * diff --git a/contrib/unbound/ldns/sbuffer.h b/contrib/unbound/sldns/sbuffer.h index 3ce874f..3ce874f 100644 --- a/contrib/unbound/ldns/sbuffer.h +++ b/contrib/unbound/sldns/sbuffer.h diff --git a/contrib/unbound/ldns/str2wire.c b/contrib/unbound/sldns/str2wire.c index 931e28f..8cda8c7 100644 --- a/contrib/unbound/ldns/str2wire.c +++ b/contrib/unbound/sldns/str2wire.c @@ -12,11 +12,11 @@ * Parses text to wireformat. */ #include "config.h" -#include "ldns/str2wire.h" -#include "ldns/wire2str.h" -#include "ldns/sbuffer.h" -#include "ldns/parse.h" -#include "ldns/parseutil.h" +#include "sldns/str2wire.h" +#include "sldns/wire2str.h" +#include "sldns/sbuffer.h" +#include "sldns/parse.h" +#include "sldns/parseutil.h" #include <ctype.h> #ifdef HAVE_TIME_H #include <time.h> diff --git a/contrib/unbound/ldns/str2wire.h b/contrib/unbound/sldns/str2wire.h index 94c8933..527074a 100644 --- a/contrib/unbound/ldns/str2wire.h +++ b/contrib/unbound/sldns/str2wire.h @@ -16,7 +16,7 @@ #define LDNS_STR2WIRE_H /* include rrdef for MAX_DOMAINLEN constant */ -#include <ldns/rrdef.h> +#include <sldns/rrdef.h> #ifdef __cplusplus extern "C" { diff --git a/contrib/unbound/ldns/wire2str.c b/contrib/unbound/sldns/wire2str.c index 81e173c..cec3bc7 100644 --- a/contrib/unbound/ldns/wire2str.c +++ b/contrib/unbound/sldns/wire2str.c @@ -15,13 +15,13 @@ * representation, as well as functions to print them. */ #include "config.h" -#include "ldns/wire2str.h" -#include "ldns/str2wire.h" -#include "ldns/rrdef.h" -#include "ldns/pkthdr.h" -#include "ldns/parseutil.h" -#include "ldns/sbuffer.h" -#include "ldns/keyraw.h" +#include "sldns/wire2str.h" +#include "sldns/str2wire.h" +#include "sldns/rrdef.h" +#include "sldns/pkthdr.h" +#include "sldns/parseutil.h" +#include "sldns/sbuffer.h" +#include "sldns/keyraw.h" #ifdef HAVE_TIME_H #include <time.h> #endif diff --git a/contrib/unbound/ldns/wire2str.h b/contrib/unbound/sldns/wire2str.h index 67f5435..67f5435 100644 --- a/contrib/unbound/ldns/wire2str.h +++ b/contrib/unbound/sldns/wire2str.h diff --git a/contrib/unbound/smallapp/unbound-anchor.c b/contrib/unbound/smallapp/unbound-anchor.c index 9df0d95..92bfa84 100644 --- a/contrib/unbound/smallapp/unbound-anchor.c +++ b/contrib/unbound/smallapp/unbound-anchor.c @@ -116,7 +116,8 @@ #include "config.h" #include "libunbound/unbound.h" -#include "ldns/rrdef.h" +#include "sldns/rrdef.h" +#include "sldns/parseutil.h" #include <expat.h> #ifndef HAVE_EXPAT_H #error "need libexpat to parse root-anchors.xml file." @@ -915,7 +916,10 @@ read_data_chunk(SSL* ssl, size_t len) { size_t got = 0; int r; - char* data = malloc(len+1); + char* data; + if(len >= 0xfffffff0) + return NULL; /* to protect against integer overflow in malloc*/ + data = malloc(len+1); if(!data) { if(verb) printf("out of memory\n"); return NULL; @@ -1325,7 +1329,7 @@ xml_convertdate(const char* str) /* but ignore, (lenient) */ } - t = mktime(&tm); + t = sldns_mktime_from_utc(&tm); if(t == (time_t)-1) { if(verb) printf("xml_convertdate mktime failure\n"); return 0; diff --git a/contrib/unbound/smallapp/unbound-checkconf.c b/contrib/unbound/smallapp/unbound-checkconf.c index b5d7b9f..0524ede 100644 --- a/contrib/unbound/smallapp/unbound-checkconf.c +++ b/contrib/unbound/smallapp/unbound-checkconf.c @@ -53,7 +53,7 @@ #include "iterator/iter_hints.h" #include "validator/validator.h" #include "services/localzone.h" -#include "ldns/sbuffer.h" +#include "sldns/sbuffer.h" #ifdef HAVE_GETOPT_H #include <getopt.h> #endif diff --git a/contrib/unbound/smallapp/unbound-control-setup.sh b/contrib/unbound/smallapp/unbound-control-setup.sh index 010bfd4..816b4f5 100755 --- a/contrib/unbound/smallapp/unbound-control-setup.sh +++ b/contrib/unbound/smallapp/unbound-control-setup.sh @@ -46,7 +46,7 @@ CLIENTNAME=unbound-control DAYS=7200 # size of keys in bits -BITS=1536 +BITS=3072 # hash algorithm HASH=sha256 diff --git a/contrib/unbound/smallapp/unbound-control-setup.sh.in b/contrib/unbound/smallapp/unbound-control-setup.sh.in index 75e76e2..682ab26 100755 --- a/contrib/unbound/smallapp/unbound-control-setup.sh.in +++ b/contrib/unbound/smallapp/unbound-control-setup.sh.in @@ -46,7 +46,7 @@ CLIENTNAME=unbound-control DAYS=7200 # size of keys in bits -BITS=1536 +BITS=3072 # hash algorithm HASH=sha256 diff --git a/contrib/unbound/smallapp/unbound-control.c b/contrib/unbound/smallapp/unbound-control.c index 3b47d3b..571b4d0 100644 --- a/contrib/unbound/smallapp/unbound-control.c +++ b/contrib/unbound/smallapp/unbound-control.c @@ -109,6 +109,7 @@ usage() printf(" get_option opt get option value\n"); printf(" list_stubs list stub-zones and root hints in use\n"); printf(" list_forwards list forward-zones in use\n"); + printf(" list_insecure list domain-insecure zones\n"); printf(" list_local_zones list local-zones in use\n"); printf(" list_local_data list local-data RRs in use\n"); printf(" insecure_add zone add domain-insecure zone\n"); @@ -122,6 +123,8 @@ usage() printf(" forward [off | addr ...] without arg show forward setup\n"); printf(" or off to turn off root forwarding\n"); printf(" or give list of ip addresses\n"); + printf(" ratelimit_list [+a] list ratelimited domains\n"); + printf(" +a list all, also not ratelimited\n"); printf("Version %s\n", PACKAGE_VERSION); printf("BSD licensed, see LICENSE in source package for details.\n"); printf("Report bugs to %s\n", PACKAGE_BUGREPORT); @@ -158,7 +161,7 @@ setup_ctx(struct config_file* cfg) if(cfg->remote_control_use_cert) { if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3)) ssl_err("could not set SSL_OP_NO_SSLv3"); - if(!SSL_CTX_use_certificate_file(ctx,c_cert,SSL_FILETYPE_PEM) || + if(!SSL_CTX_use_certificate_chain_file(ctx,c_cert) || !SSL_CTX_use_PrivateKey_file(ctx,c_key,SSL_FILETYPE_PEM) || !SSL_CTX_check_private_key(ctx)) ssl_err("Error setting up SSL_CTX client key and cert"); diff --git a/contrib/unbound/smallapp/unbound-host.c b/contrib/unbound/smallapp/unbound-host.c index 9597341..30fef51 100644 --- a/contrib/unbound/smallapp/unbound-host.c +++ b/contrib/unbound/smallapp/unbound-host.c @@ -60,8 +60,8 @@ #define unbound_lite_wrapstr(s) s #endif #include "libunbound/unbound.h" -#include "ldns/rrdef.h" -#include "ldns/wire2str.h" +#include "sldns/rrdef.h" +#include "sldns/wire2str.h" #ifdef HAVE_NSS /* nss3 */ #include "nss.h" diff --git a/contrib/unbound/util/alloc.c b/contrib/unbound/util/alloc.c index 4b81beb..05d2fa3 100644 --- a/contrib/unbound/util/alloc.c +++ b/contrib/unbound/util/alloc.c @@ -364,11 +364,18 @@ void *unbound_stat_malloc(size_t size) #ifdef calloc #undef calloc #endif +#ifndef INT_MAX +#define INT_MAX (((int)-1)>>1) +#endif /** calloc with stats */ void *unbound_stat_calloc(size_t nmemb, size_t size) { - size_t s = (nmemb*size==0)?(size_t)1:nmemb*size; - void* res = calloc(1, s+16); + size_t s; + void* res; + if(nmemb != 0 && INT_MAX/nmemb < size) + return NULL; /* integer overflow check */ + s = (nmemb*size==0)?(size_t)1:nmemb*size; + res = calloc(1, s+16); if(!res) return NULL; log_info("stat %p=calloc(%u, %u)", res+16, (unsigned)nmemb, (unsigned)size); unbound_mem_alloc += s; @@ -503,8 +510,12 @@ void *unbound_stat_malloc_lite(size_t size, const char* file, int line, void *unbound_stat_calloc_lite(size_t nmemb, size_t size, const char* file, int line, const char* func) { - size_t req = nmemb * size; - void* res = malloc(req+lite_pad*2+sizeof(size_t)); + size_t req; + void* res; + if(nmemb != 0 && INT_MAX/nmemb < size) + return NULL; /* integer overflow check */ + req = nmemb * size; + res = malloc(req+lite_pad*2+sizeof(size_t)); if(!res) return NULL; memmove(res, lite_pre, lite_pad); memmove(res+lite_pad, &req, sizeof(size_t)); diff --git a/contrib/unbound/util/alloc.h b/contrib/unbound/util/alloc.h index ffd605c..43fc30f 100644 --- a/contrib/unbound/util/alloc.h +++ b/contrib/unbound/util/alloc.h @@ -177,8 +177,8 @@ void alloc_set_id_cleanup(struct alloc_cache* alloc, void (*cleanup)(void*), void* arg); #ifdef UNBOUND_ALLOC_LITE -# include <ldns/ldns.h> -# include <ldns/packet.h> +# include <sldns/ldns.h> +# include <sldns/packet.h> # ifdef HAVE_OPENSSL_SSL_H # include <openssl/ssl.h> # endif diff --git a/contrib/unbound/util/config_file.c b/contrib/unbound/util/config_file.c index cdb2b33..062d12d 100644 --- a/contrib/unbound/util/config_file.c +++ b/contrib/unbound/util/config_file.c @@ -56,8 +56,9 @@ #include "util/fptr_wlist.h" #include "util/data/dname.h" #include "util/rtt.h" -#include "ldns/wire2str.h" -#include "ldns/parseutil.h" +#include "services/cache/infra.h" +#include "sldns/wire2str.h" +#include "sldns/parseutil.h" #ifdef HAVE_GLOB_H # include <glob.h> #endif @@ -69,6 +70,8 @@ uid_t cfg_uid = (uid_t)-1; /** from cfg username, after daemonise setup performed */ gid_t cfg_gid = (gid_t)-1; +/** for debug allow small timeout values for fast rollovers */ +int autr_permit_small_holddown = 0; /** global config during parsing */ struct config_parser_state* cfg_parser = 0; @@ -131,6 +134,7 @@ config_create(void) cfg->bogus_ttl = 60; cfg->min_ttl = 0; cfg->max_ttl = 3600 * 24; + cfg->max_negative_ttl = 3600; cfg->prefetch = 0; cfg->prefetch_key = 0; cfg->infra_cache_slabs = 4; @@ -156,6 +160,7 @@ config_create(void) cfg->so_rcvbuf = 0; cfg->so_sndbuf = 0; cfg->so_reuseport = 0; + cfg->ip_transparent = 0; cfg->num_ifs = 0; cfg->ifs = NULL; cfg->num_out_ifs = 0; @@ -169,7 +174,9 @@ config_create(void) cfg->harden_dnssec_stripped = 1; cfg->harden_below_nxdomain = 0; cfg->harden_referral_path = 0; + cfg->harden_algo_downgrade = 0; cfg->use_caps_bits_for_id = 0; + cfg->caps_whitelist = NULL; cfg->private_address = NULL; cfg->private_domain = NULL; cfg->unwanted_threshold = 0; @@ -195,6 +202,7 @@ config_create(void) cfg->add_holddown = 30*24*3600; cfg->del_holddown = 30*24*3600; cfg->keep_missing = 366*24*3600; /* one year plus a little leeway */ + cfg->permit_small_holddown = 0; cfg->key_cache_size = 4 * 1024 * 1024; cfg->key_cache_slabs = 4; cfg->neg_cache_size = 1 * 1024 * 1024; @@ -226,6 +234,12 @@ config_create(void) if(!(cfg->dnstap_socket_path = strdup(DNSTAP_SOCKET_PATH))) goto error_exit; #endif + cfg->ratelimit = 0; + cfg->ratelimit_slabs = 4; + cfg->ratelimit_size = 4*1024*1024; + cfg->ratelimit_for_domain = NULL; + cfg->ratelimit_below_domain = NULL; + cfg->ratelimit_factor = 10; return cfg; error_exit: config_delete(cfg); @@ -372,12 +386,15 @@ int config_set_option(struct config_file* cfg, const char* opt, else S_MEMSIZE("so-rcvbuf:", so_rcvbuf) else S_MEMSIZE("so-sndbuf:", so_sndbuf) else S_YNO("so-reuseport:", so_reuseport) + else S_YNO("ip-transparent:", ip_transparent) else S_MEMSIZE("rrset-cache-size:", rrset_cache_size) else S_POW2("rrset-cache-slabs:", rrset_cache_slabs) else S_YNO("prefetch:", prefetch) else S_YNO("prefetch-key:", prefetch_key) else if(strcmp(opt, "cache-max-ttl:") == 0) { IS_NUMBER_OR_ZERO; cfg->max_ttl = atoi(val); MAX_TTL=(time_t)cfg->max_ttl;} + else if(strcmp(opt, "cache-max-negative-ttl:") == 0) + { IS_NUMBER_OR_ZERO; cfg->max_negative_ttl = atoi(val); MAX_NEG_TTL=(time_t)cfg->max_negative_ttl;} else if(strcmp(opt, "cache-min-ttl:") == 0) { IS_NUMBER_OR_ZERO; cfg->min_ttl = atoi(val); MIN_TTL=(time_t)cfg->min_ttl;} else if(strcmp(opt, "infra-cache-min-rtt:") == 0) { @@ -404,7 +421,9 @@ int config_set_option(struct config_file* cfg, const char* opt, else S_YNO("harden-dnssec-stripped:", harden_dnssec_stripped) else S_YNO("harden-below-nxdomain:", harden_below_nxdomain) else S_YNO("harden-referral-path:", harden_referral_path) + else S_YNO("harden-algo-downgrade:", harden_algo_downgrade) else S_YNO("use-caps-for-id", use_caps_bits_for_id) + else S_STRLIST("caps-whitelist:", caps_whitelist) else S_SIZET_OR_ZERO("unwanted-reply-threshold:", unwanted_threshold) else S_STRLIST("private-address:", private_address) else S_STRLIST("private-domain:", private_domain) @@ -428,6 +447,9 @@ int config_set_option(struct config_file* cfg, const char* opt, else S_UNSIGNED_OR_ZERO("add-holddown:", add_holddown) else S_UNSIGNED_OR_ZERO("del-holddown:", del_holddown) else S_UNSIGNED_OR_ZERO("keep-missing:", keep_missing) + else if(strcmp(opt, "permit-small-holddown:") == 0) + { IS_YES_OR_NO; cfg->permit_small_holddown = (strcmp(val, "yes") == 0); + autr_permit_small_holddown = cfg->permit_small_holddown; } else S_MEMSIZE("key-cache-size:", key_cache_size) else S_POW2("key-cache-slabs:", key_cache_slabs) else S_MEMSIZE("neg-cache-size:", neg_cache_size) @@ -444,6 +466,13 @@ int config_set_option(struct config_file* cfg, const char* opt, else S_STR("control-cert-file:", control_cert_file) else S_STR("module-config:", module_conf) else S_STR("python-script:", python_script) + else if(strcmp(opt, "ratelimit:") == 0) { + IS_NUMBER_OR_ZERO; cfg->ratelimit = atoi(val); + infra_dp_ratelimit=cfg->ratelimit; + } + else S_MEMSIZE("ratelimit-size:", ratelimit_size) + else S_POW2("ratelimit-slabs:", ratelimit_slabs) + else S_NUMBER_OR_ZERO("ratelimit-factor:", ratelimit_factor) /* val_sig_skew_min and max are copied into val_env during init, * so this does not update val_env with set_option */ else if(strcmp(opt, "val-sig-skew-min:") == 0) @@ -452,7 +481,8 @@ int config_set_option(struct config_file* cfg, const char* opt, { IS_NUMBER_OR_ZERO; cfg->val_sig_skew_max = (int32_t)atoi(val); } else if (strcmp(opt, "outgoing-interface:") == 0) { char* d = strdup(val); - char** oi = (char**)malloc((cfg->num_out_ifs+1)*sizeof(char*)); + char** oi = + (char**)reallocarray(NULL, (size_t)cfg->num_out_ifs+1, sizeof(char*)); if(!d || !oi) { free(d); free(oi); return -1; } if(cfg->out_ifs && cfg->num_out_ifs) { memmove(oi, cfg->out_ifs, cfg->num_out_ifs*sizeof(char*)); @@ -465,7 +495,8 @@ int config_set_option(struct config_file* cfg, const char* opt, * interface, outgoing-interface, access-control, * stub-zone, name, stub-addr, stub-host, stub-prime * forward-first, stub-first, - * forward-zone, name, forward-addr, forward-host */ + * forward-zone, name, forward-addr, forward-host, + * ratelimit-for-domain, ratelimit-below-domain */ return 0; } return 1; @@ -577,8 +608,8 @@ config_collate_cat(struct config_strlist* list) #define O_MEM(opt, str, var) if(strcmp(opt, str)==0) { \ if(cfg->var > 1024*1024*1024) { \ size_t f=cfg->var/(size_t)1000000, b=cfg->var%(size_t)1000000; \ - snprintf(buf, len, "%u%6.6u\n", (unsigned)f, (unsigned)b); \ - } else snprintf(buf, len, "%u\n", (unsigned)cfg->var); \ + snprintf(buf, len, "%u%6.6u", (unsigned)f, (unsigned)b); \ + } else snprintf(buf, len, "%u", (unsigned)cfg->var); \ func(buf, arg);} /** compare and print list option */ #define O_LST(opt, name, lst) if(strcmp(opt, name)==0) { \ @@ -624,11 +655,13 @@ config_get_option(struct config_file* cfg, const char* opt, else O_MEM(opt, "so-rcvbuf", so_rcvbuf) else O_MEM(opt, "so-sndbuf", so_sndbuf) else O_YNO(opt, "so-reuseport", so_reuseport) + else O_YNO(opt, "ip-transparent", ip_transparent) else O_MEM(opt, "rrset-cache-size", rrset_cache_size) else O_DEC(opt, "rrset-cache-slabs", rrset_cache_slabs) else O_YNO(opt, "prefetch-key", prefetch_key) else O_YNO(opt, "prefetch", prefetch) else O_DEC(opt, "cache-max-ttl", max_ttl) + else O_DEC(opt, "cache-max-negative-ttl", max_negative_ttl) else O_DEC(opt, "cache-min-ttl", min_ttl) else O_DEC(opt, "infra-host-ttl", host_ttl) else O_DEC(opt, "infra-cache-slabs", infra_cache_slabs) @@ -662,7 +695,9 @@ config_get_option(struct config_file* cfg, const char* opt, else O_YNO(opt, "harden-dnssec-stripped", harden_dnssec_stripped) else O_YNO(opt, "harden-below-nxdomain", harden_below_nxdomain) else O_YNO(opt, "harden-referral-path", harden_referral_path) + else O_YNO(opt, "harden-algo-downgrade", harden_algo_downgrade) else O_YNO(opt, "use-caps-for-id", use_caps_bits_for_id) + else O_LST(opt, "caps-whitelist", caps_whitelist) else O_DEC(opt, "unwanted-reply-threshold", unwanted_threshold) else O_YNO(opt, "do-not-query-localhost", donotquery_localhost) else O_STR(opt, "module-config", module_conf) @@ -676,6 +711,7 @@ config_get_option(struct config_file* cfg, const char* opt, else O_UNS(opt, "add-holddown", add_holddown) else O_UNS(opt, "del-holddown", del_holddown) else O_UNS(opt, "keep-missing", keep_missing) + else O_YNO(opt, "permit-small-holddown", permit_small_holddown) else O_MEM(opt, "key-cache-size", key_cache_size) else O_DEC(opt, "key-cache-slabs", key_cache_slabs) else O_MEM(opt, "neg-cache-size", neg_cache_size) @@ -703,6 +739,12 @@ config_get_option(struct config_file* cfg, const char* opt, else O_YNO(opt, "unblock-lan-zones", unblock_lan_zones) else O_DEC(opt, "max-udp-size", max_udp_size) else O_STR(opt, "python-script", python_script) + else O_DEC(opt, "ratelimit", ratelimit) + else O_MEM(opt, "ratelimit-size", ratelimit_size) + else O_DEC(opt, "ratelimit-slabs", ratelimit_slabs) + else O_LS2(opt, "ratelimit-for-domain", ratelimit_for_domain) + else O_LS2(opt, "ratelimit-below-domain", ratelimit_below_domain) + else O_DEC(opt, "ratelimit-factor", ratelimit_factor) else O_DEC(opt, "val-sig-skew-min", val_sig_skew_min) else O_DEC(opt, "val-sig-skew-max", val_sig_skew_max) /* not here: @@ -890,6 +932,7 @@ config_delete(struct config_file* cfg) free(cfg->version); free(cfg->module_conf); free(cfg->outgoing_avail_ports); + config_delstrlist(cfg->caps_whitelist); config_delstrlist(cfg->private_address); config_delstrlist(cfg->private_domain); config_delstrlist(cfg->auto_trust_anchor_file_list); @@ -909,9 +952,12 @@ config_delete(struct config_file* cfg) free(cfg->server_cert_file); free(cfg->control_key_file); free(cfg->control_cert_file); + free(cfg->dns64_prefix); free(cfg->dnstap_socket_path); free(cfg->dnstap_identity); free(cfg->dnstap_version); + config_deldblstrlist(cfg->ratelimit_for_domain); + config_deldblstrlist(cfg->ratelimit_below_domain); free(cfg); } @@ -998,7 +1044,7 @@ int cfg_condense_ports(struct config_file* cfg, int** avail) *avail = NULL; if(num == 0) return 0; - *avail = (int*)malloc(sizeof(int)*num); + *avail = (int*)reallocarray(NULL, (size_t)num, sizeof(int)); if(!*avail) return 0; for(i=0; i<65536; i++) { @@ -1198,11 +1244,13 @@ config_apply(struct config_file* config) { MAX_TTL = (time_t)config->max_ttl; MIN_TTL = (time_t)config->min_ttl; + MAX_NEG_TTL = (time_t)config->max_negative_ttl; RTT_MIN_TIMEOUT = config->infra_cache_min_rtt; EDNS_ADVERTISED_SIZE = (uint16_t)config->edns_buffer_size; MINIMAL_RESPONSES = config->minimal_responses; RRSET_ROUNDROBIN = config->rrset_roundrobin; log_set_time_asc(config->log_time_ascii); + autr_permit_small_holddown = config->permit_small_holddown; } void config_lookup_uid(struct config_file* cfg) diff --git a/contrib/unbound/util/config_file.h b/contrib/unbound/util/config_file.h index ca512d7..99b15e0 100644 --- a/contrib/unbound/util/config_file.h +++ b/contrib/unbound/util/config_file.h @@ -136,6 +136,8 @@ struct config_file { size_t so_sndbuf; /** SO_REUSEPORT requested on port 53 sockets */ int so_reuseport; + /** IP_TRANSPARENT socket option requested on port 53 sockets */ + int ip_transparent; /** number of interfaces to open. If 0 default all interfaces. */ int num_ifs; @@ -173,8 +175,12 @@ struct config_file { int harden_below_nxdomain; /** harden the referral path, query for NS,A,AAAA and validate */ int harden_referral_path; + /** harden against algorithm downgrade */ + int harden_algo_downgrade; /** use 0x20 bits in query as random ID bits */ int use_caps_bits_for_id; + /** 0x20 whitelist, domains that do not use capsforid */ + struct config_strlist* caps_whitelist; /** strip away these private addrs from answers, no DNS Rebinding */ struct config_strlist* private_address; /** allow domain (and subdomains) to use private address space */ @@ -185,6 +191,8 @@ struct config_file { int max_ttl; /** the number of seconds minimum TTL used for RRsets and messages */ int min_ttl; + /** the number of seconds maximal negative TTL for SOA in auth */ + int max_negative_ttl; /** if prefetching of messages should be performed. */ int prefetch; /** if prefetching of DNSKEYs should be performed. */ @@ -261,6 +269,8 @@ struct config_file { unsigned int del_holddown; /** autotrust keep_missing time, in seconds. 0 is forever. */ unsigned int keep_missing; + /** permit small holddown values, allowing 5011 rollover very fast */ + int permit_small_holddown; /** size of the key cache */ size_t key_cache_size; @@ -341,12 +351,27 @@ struct config_file { int dnstap_log_forwarder_query_messages; /** true to log dnstap FORWARDER_RESPONSE message events */ int dnstap_log_forwarder_response_messages; + + /** ratelimit 0 is off, otherwise qps (unless overridden) */ + int ratelimit; + /** number of slabs for ratelimit cache */ + size_t ratelimit_slabs; + /** memory size in bytes for ratelimit cache */ + size_t ratelimit_size; + /** ratelimits for domain (exact match) */ + struct config_str2list* ratelimit_for_domain; + /** ratelimits below domain */ + struct config_str2list* ratelimit_below_domain; + /** ratelimit factor, 0 blocks all, 10 allows 1/10 of traffic */ + int ratelimit_factor; }; /** from cfg username, after daemonise setup performed */ extern uid_t cfg_uid; /** from cfg username, after daemonise setup performed */ extern gid_t cfg_gid; +/** debug and enable small timeouts */ +extern int autr_permit_small_holddown; /** * Stub config options diff --git a/contrib/unbound/util/configlexer.lex b/contrib/unbound/util/configlexer.lex index 0e22946..1aea22e 100644 --- a/contrib/unbound/util/configlexer.lex +++ b/contrib/unbound/util/configlexer.lex @@ -128,6 +128,10 @@ static void config_start_include_glob(const char* filename) #endif ; memset(&g, 0, sizeof(g)); + if(cfg_parser->chroot && strncmp(filename, cfg_parser->chroot, + strlen(cfg_parser->chroot)) == 0) { + filename += strlen(cfg_parser->chroot); + } r = glob(filename, flags, NULL, &g); if(r) { /* some error */ @@ -228,6 +232,7 @@ interface-automatic{COLON} { YDVAR(1, VAR_INTERFACE_AUTOMATIC) } so-rcvbuf{COLON} { YDVAR(1, VAR_SO_RCVBUF) } so-sndbuf{COLON} { YDVAR(1, VAR_SO_SNDBUF) } so-reuseport{COLON} { YDVAR(1, VAR_SO_REUSEPORT) } +ip-transparent{COLON} { YDVAR(1, VAR_IP_TRANSPARENT) } chroot{COLON} { YDVAR(1, VAR_CHROOT) } username{COLON} { YDVAR(1, VAR_USERNAME) } directory{COLON} { YDVAR(1, VAR_DIRECTORY) } @@ -241,6 +246,7 @@ msg-cache-slabs{COLON} { YDVAR(1, VAR_MSG_CACHE_SLABS) } rrset-cache-size{COLON} { YDVAR(1, VAR_RRSET_CACHE_SIZE) } rrset-cache-slabs{COLON} { YDVAR(1, VAR_RRSET_CACHE_SLABS) } cache-max-ttl{COLON} { YDVAR(1, VAR_CACHE_MAX_TTL) } +cache-max-negative-ttl{COLON} { YDVAR(1, VAR_CACHE_MAX_NEGATIVE_TTL) } cache-min-ttl{COLON} { YDVAR(1, VAR_CACHE_MIN_TTL) } infra-host-ttl{COLON} { YDVAR(1, VAR_INFRA_HOST_TTL) } infra-lame-ttl{COLON} { YDVAR(1, VAR_INFRA_LAME_TTL) } @@ -258,7 +264,9 @@ harden-glue{COLON} { YDVAR(1, VAR_HARDEN_GLUE) } harden-dnssec-stripped{COLON} { YDVAR(1, VAR_HARDEN_DNSSEC_STRIPPED) } harden-below-nxdomain{COLON} { YDVAR(1, VAR_HARDEN_BELOW_NXDOMAIN) } harden-referral-path{COLON} { YDVAR(1, VAR_HARDEN_REFERRAL_PATH) } +harden-algo-downgrade{COLON} { YDVAR(1, VAR_HARDEN_ALGO_DOWNGRADE) } use-caps-for-id{COLON} { YDVAR(1, VAR_USE_CAPS_FOR_ID) } +caps-whitelist{COLON} { YDVAR(1, VAR_CAPS_WHITELIST) } unwanted-reply-threshold{COLON} { YDVAR(1, VAR_UNWANTED_REPLY_THRESHOLD) } private-address{COLON} { YDVAR(1, VAR_PRIVATE_ADDRESS) } private-domain{COLON} { YDVAR(1, VAR_PRIVATE_DOMAIN) } @@ -304,6 +312,7 @@ val-nsec3-keysize-iterations{COLON} { add-holddown{COLON} { YDVAR(1, VAR_ADD_HOLDDOWN) } del-holddown{COLON} { YDVAR(1, VAR_DEL_HOLDDOWN) } keep-missing{COLON} { YDVAR(1, VAR_KEEP_MISSING) } +permit-small-holddown{COLON} { YDVAR(1, VAR_PERMIT_SMALL_HOLDDOWN) } use-syslog{COLON} { YDVAR(1, VAR_USE_SYSLOG) } log-time-ascii{COLON} { YDVAR(1, VAR_LOG_TIME_ASCII) } log-queries{COLON} { YDVAR(1, VAR_LOG_QUERIES) } @@ -350,6 +359,12 @@ dnstap-log-forwarder-query-messages{COLON} { YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES) } dnstap-log-forwarder-response-messages{COLON} { YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES) } +ratelimit{COLON} { YDVAR(1, VAR_RATELIMIT) } +ratelimit-slabs{COLON} { YDVAR(1, VAR_RATELIMIT_SLABS) } +ratelimit-size{COLON} { YDVAR(1, VAR_RATELIMIT_SIZE) } +ratelimit-for-domain{COLON} { YDVAR(2, VAR_RATELIMIT_FOR_DOMAIN) } +ratelimit-below-domain{COLON} { YDVAR(2, VAR_RATELIMIT_BELOW_DOMAIN) } +ratelimit-factor{COLON} { YDVAR(1, VAR_RATELIMIT_FACTOR) } <INITIAL,val>{NEWLINE} { LEXOUT(("NL\n")); cfg_parser->line++; } /* Quoted strings. Strip leading and ending quotes */ diff --git a/contrib/unbound/util/configparser.y b/contrib/unbound/util/configparser.y index 396ea3c..d6db3c8 100644 --- a/contrib/unbound/util/configparser.y +++ b/contrib/unbound/util/configparser.y @@ -118,6 +118,10 @@ extern struct config_parser_state* cfg_parser; %token VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES %token VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES %token VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES +%token VAR_HARDEN_ALGO_DOWNGRADE VAR_IP_TRANSPARENT +%token VAR_RATELIMIT VAR_RATELIMIT_SLABS VAR_RATELIMIT_SIZE +%token VAR_RATELIMIT_FOR_DOMAIN VAR_RATELIMIT_BELOW_DOMAIN VAR_RATELIMIT_FACTOR +%token VAR_CAPS_WHITELIST VAR_CACHE_MAX_NEGATIVE_TTL VAR_PERMIT_SMALL_HOLDDOWN %% toplevelvars: /* empty */ | toplevelvars toplevelvar ; @@ -177,7 +181,12 @@ content_server: server_num_threads | server_verbosity | server_port | server_minimal_responses | server_rrset_roundrobin | server_max_udp_size | server_so_reuseport | server_delay_close | server_unblock_lan_zones | server_dns64_prefix | server_dns64_synthall | - server_infra_cache_min_rtt + server_infra_cache_min_rtt | server_harden_algo_downgrade | + server_ip_transparent | server_ratelimit | server_ratelimit_slabs | + server_ratelimit_size | server_ratelimit_for_domain | + server_ratelimit_below_domain | server_ratelimit_factor | + server_caps_whitelist | server_cache_max_negative_ttl | + server_permit_small_holddown ; stubstart: VAR_STUB_ZONE { @@ -620,6 +629,16 @@ server_so_reuseport: VAR_SO_REUSEPORT STRING_ARG free($2); } ; +server_ip_transparent: VAR_IP_TRANSPARENT STRING_ARG + { + OUTYY(("P(server_ip_transparent:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->ip_transparent = + (strcmp($2, "yes")==0); + free($2); + } + ; server_edns_buffer_size: VAR_EDNS_BUFFER_SIZE STRING_ARG { OUTYY(("P(server_edns_buffer_size:%s)\n", $2)); @@ -846,6 +865,16 @@ server_harden_referral_path: VAR_HARDEN_REFERRAL_PATH STRING_ARG free($2); } ; +server_harden_algo_downgrade: VAR_HARDEN_ALGO_DOWNGRADE STRING_ARG + { + OUTYY(("P(server_harden_algo_downgrade:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->harden_algo_downgrade = + (strcmp($2, "yes")==0); + free($2); + } + ; server_use_caps_for_id: VAR_USE_CAPS_FOR_ID STRING_ARG { OUTYY(("P(server_use_caps_for_id:%s)\n", $2)); @@ -856,6 +885,13 @@ server_use_caps_for_id: VAR_USE_CAPS_FOR_ID STRING_ARG free($2); } ; +server_caps_whitelist: VAR_CAPS_WHITELIST STRING_ARG + { + OUTYY(("P(server_caps_whitelist:%s)\n", $2)); + if(!cfg_strlist_insert(&cfg_parser->cfg->caps_whitelist, $2)) + yyerror("out of memory"); + } + ; server_private_address: VAR_PRIVATE_ADDRESS STRING_ARG { OUTYY(("P(server_private_address:%s)\n", $2)); @@ -991,6 +1027,15 @@ server_cache_max_ttl: VAR_CACHE_MAX_TTL STRING_ARG free($2); } ; +server_cache_max_negative_ttl: VAR_CACHE_MAX_NEGATIVE_TTL STRING_ARG + { + OUTYY(("P(server_cache_max_negative_ttl:%s)\n", $2)); + if(atoi($2) == 0 && strcmp($2, "0") != 0) + yyerror("number expected"); + else cfg_parser->cfg->max_negative_ttl = atoi($2); + free($2); + } + ; server_cache_min_ttl: VAR_CACHE_MIN_TTL STRING_ARG { OUTYY(("P(server_cache_min_ttl:%s)\n", $2)); @@ -1081,6 +1126,15 @@ server_keep_missing: VAR_KEEP_MISSING STRING_ARG free($2); } ; +server_permit_small_holddown: VAR_PERMIT_SMALL_HOLDDOWN STRING_ARG + { + OUTYY(("P(server_permit_small_holddown:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->permit_small_holddown = + (strcmp($2, "yes")==0); + free($2); + } server_key_cache_size: VAR_KEY_CACHE_SIZE STRING_ARG { OUTYY(("P(server_key_cache_size:%s)\n", $2)); @@ -1117,10 +1171,11 @@ server_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG strcmp($3, "refuse")!=0 && strcmp($3, "redirect")!=0 && strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0 && strcmp($3, "typetransparent")!=0 && - strcmp($3, "inform")!=0) + strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0) yyerror("local-zone type: expected static, deny, " "refuse, redirect, transparent, " - "typetransparent, inform or nodefault"); + "typetransparent, inform, inform_deny " + "or nodefault"); else if(strcmp($3, "nodefault")==0) { if(!cfg_strlist_insert(&cfg_parser->cfg-> local_zones_nodefault, $2)) @@ -1198,6 +1253,71 @@ server_dns64_synthall: VAR_DNS64_SYNTHALL STRING_ARG free($2); } ; +server_ratelimit: VAR_RATELIMIT STRING_ARG + { + OUTYY(("P(server_ratelimit:%s)\n", $2)); + if(atoi($2) == 0 && strcmp($2, "0") != 0) + yyerror("number expected"); + else cfg_parser->cfg->ratelimit = atoi($2); + free($2); + } + ; +server_ratelimit_size: VAR_RATELIMIT_SIZE STRING_ARG + { + OUTYY(("P(server_ratelimit_size:%s)\n", $2)); + if(!cfg_parse_memsize($2, &cfg_parser->cfg->ratelimit_size)) + yyerror("memory size expected"); + free($2); + } + ; +server_ratelimit_slabs: VAR_RATELIMIT_SLABS STRING_ARG + { + OUTYY(("P(server_ratelimit_slabs:%s)\n", $2)); + if(atoi($2) == 0) + yyerror("number expected"); + else { + cfg_parser->cfg->ratelimit_slabs = atoi($2); + if(!is_pow2(cfg_parser->cfg->ratelimit_slabs)) + yyerror("must be a power of 2"); + } + free($2); + } + ; +server_ratelimit_for_domain: VAR_RATELIMIT_FOR_DOMAIN STRING_ARG STRING_ARG + { + OUTYY(("P(server_ratelimit_for_domain:%s %s)\n", $2, $3)); + if(atoi($3) == 0 && strcmp($3, "0") != 0) { + yyerror("number expected"); + } else { + if(!cfg_str2list_insert(&cfg_parser->cfg-> + ratelimit_for_domain, $2, $3)) + fatal_exit("out of memory adding " + "ratelimit-for-domain"); + } + } + ; +server_ratelimit_below_domain: VAR_RATELIMIT_BELOW_DOMAIN STRING_ARG STRING_ARG + { + OUTYY(("P(server_ratelimit_below_domain:%s %s)\n", $2, $3)); + if(atoi($3) == 0 && strcmp($3, "0") != 0) { + yyerror("number expected"); + } else { + if(!cfg_str2list_insert(&cfg_parser->cfg-> + ratelimit_below_domain, $2, $3)) + fatal_exit("out of memory adding " + "ratelimit-below-domain"); + } + } + ; +server_ratelimit_factor: VAR_RATELIMIT_FACTOR STRING_ARG + { + OUTYY(("P(server_ratelimit_factor:%s)\n", $2)); + if(atoi($2) == 0 && strcmp($2, "0") != 0) + yyerror("number expected"); + else cfg_parser->cfg->ratelimit_factor = atoi($2); + free($2); + } + ; stub_name: VAR_NAME STRING_ARG { OUTYY(("P(name:%s)\n", $2)); diff --git a/contrib/unbound/util/data/dname.c b/contrib/unbound/util/data/dname.c index d43bbf6..79bf52a 100644 --- a/contrib/unbound/util/data/dname.c +++ b/contrib/unbound/util/data/dname.c @@ -45,7 +45,7 @@ #include "util/data/msgparse.h" #include "util/log.h" #include "util/storage/lookup3.h" -#include "ldns/sbuffer.h" +#include "sldns/sbuffer.h" /* determine length of a dname in buffer, no compression pointers allowed */ size_t diff --git a/contrib/unbound/util/data/msgencode.c b/contrib/unbound/util/data/msgencode.c index 26b5dea..43464e9 100644 --- a/contrib/unbound/util/data/msgencode.c +++ b/contrib/unbound/util/data/msgencode.c @@ -47,7 +47,7 @@ #include "util/log.h" #include "util/regional.h" #include "util/net_help.h" -#include "ldns/sbuffer.h" +#include "sldns/sbuffer.h" /** return code that means the function ran out of memory. negative so it does * not conflict with DNS rcodes. */ @@ -283,7 +283,7 @@ compress_owner(struct ub_packed_rrset_key* key, sldns_buffer* pkt, size_t owner_pos, uint16_t* owner_ptr, int owner_labs) { struct compress_tree_node* p; - struct compress_tree_node** insertpt; + struct compress_tree_node** insertpt = NULL; if(!*owner_ptr) { /* compress first time dname */ if((p = compress_tree_lookup(tree, key->rk.dname, diff --git a/contrib/unbound/util/data/msgparse.c b/contrib/unbound/util/data/msgparse.c index abe778a..108c9da 100644 --- a/contrib/unbound/util/data/msgparse.c +++ b/contrib/unbound/util/data/msgparse.c @@ -42,10 +42,10 @@ #include "util/data/packed_rrset.h" #include "util/storage/lookup3.h" #include "util/regional.h" -#include "ldns/rrdef.h" -#include "ldns/sbuffer.h" -#include "ldns/parseutil.h" -#include "ldns/wire2str.h" +#include "sldns/rrdef.h" +#include "sldns/sbuffer.h" +#include "sldns/parseutil.h" +#include "sldns/wire2str.h" /** smart comparison of (compressed, valid) dnames from packet */ static int diff --git a/contrib/unbound/util/data/msgparse.h b/contrib/unbound/util/data/msgparse.h index 221a45a..44497c8 100644 --- a/contrib/unbound/util/data/msgparse.h +++ b/contrib/unbound/util/data/msgparse.h @@ -63,8 +63,8 @@ #ifndef UTIL_DATA_MSGPARSE_H #define UTIL_DATA_MSGPARSE_H #include "util/storage/lruhash.h" -#include "ldns/pkthdr.h" -#include "ldns/rrdef.h" +#include "sldns/pkthdr.h" +#include "sldns/rrdef.h" struct sldns_buffer; struct rrset_parse; struct rr_parse; @@ -76,6 +76,8 @@ struct regional; extern time_t MAX_TTL; /** Minimum TTL that is allowed. */ extern time_t MIN_TTL; +/** Maximum Negative TTL that is allowed */ +extern time_t MAX_NEG_TTL; /** Negative cache time (for entries without any RRs.) */ #define NORR_TTL 5 /* seconds */ diff --git a/contrib/unbound/util/data/msgreply.c b/contrib/unbound/util/data/msgreply.c index 68bcfd0..06593ff 100644 --- a/contrib/unbound/util/data/msgreply.c +++ b/contrib/unbound/util/data/msgreply.c @@ -50,13 +50,15 @@ #include "util/regional.h" #include "util/data/msgparse.h" #include "util/data/msgencode.h" -#include "ldns/sbuffer.h" -#include "ldns/wire2str.h" +#include "sldns/sbuffer.h" +#include "sldns/wire2str.h" /** MAX TTL default for messages and rrsets */ time_t MAX_TTL = 3600 * 24 * 10; /* ten days */ /** MIN TTL default for messages and rrsets */ time_t MIN_TTL = 0; +/** MAX Negative TTL, for SOA records in authority section */ +time_t MAX_NEG_TTL = 3600; /* one hour */ /** allocate qinfo, return 0 on error */ static int @@ -87,6 +89,7 @@ construct_reply_info_base(struct regional* region, uint16_t flags, size_t qd, /* rrset_count-1 because the first ref is part of the struct. */ size_t s = sizeof(struct reply_info) - sizeof(struct rrset_ref) + sizeof(struct ub_packed_rrset_key*) * total; + if(total >= RR_COUNT_MAX) return NULL; /* sanity check on numRRS*/ if(region) rep = (struct reply_info*)regional_alloc(region, s); else rep = (struct reply_info*)malloc(s + @@ -152,10 +155,23 @@ repinfo_alloc_rrset_keys(struct reply_info* rep, struct alloc_cache* alloc, return 1; } +/** find the minimumttl in the rdata of SOA record */ +static time_t +soa_find_minttl(struct rr_parse* rr) +{ + uint16_t rlen = sldns_read_uint16(rr->ttl_data+4); + if(rlen < 20) + return 0; /* rdata too small for SOA (dname, dname, 5*32bit) */ + /* minimum TTL is the last 32bit value in the rdata of the record */ + /* at position ttl_data + 4(ttl) + 2(rdatalen) + rdatalen - 4(timeval)*/ + return (time_t)sldns_read_uint32(rr->ttl_data+6+rlen-4); +} + /** do the rdata copy */ static int rdata_copy(sldns_buffer* pkt, struct packed_rrset_data* data, uint8_t* to, - struct rr_parse* rr, time_t* rr_ttl, uint16_t type) + struct rr_parse* rr, time_t* rr_ttl, uint16_t type, + sldns_pkt_section section) { uint16_t pkt_len; const sldns_rr_descriptor* desc; @@ -164,6 +180,14 @@ rdata_copy(sldns_buffer* pkt, struct packed_rrset_data* data, uint8_t* to, /* RFC 2181 Section 8. if msb of ttl is set treat as if zero. */ if(*rr_ttl & 0x80000000U) *rr_ttl = 0; + if(type == LDNS_RR_TYPE_SOA && section == LDNS_SECTION_AUTHORITY) { + /* negative response. see if TTL of SOA record larger than the + * minimum-ttl in the rdata of the SOA record */ + if(*rr_ttl > soa_find_minttl(rr)) + *rr_ttl = soa_find_minttl(rr); + if(*rr_ttl > MAX_NEG_TTL) + *rr_ttl = MAX_NEG_TTL; + } if(*rr_ttl < MIN_TTL) *rr_ttl = MIN_TTL; if(*rr_ttl < data->ttl) @@ -253,7 +277,7 @@ parse_rr_copy(sldns_buffer* pkt, struct rrset_parse* pset, data->rr_data[i] = nextrdata; nextrdata += rr->size; if(!rdata_copy(pkt, data, data->rr_data[i], rr, - &data->rr_ttl[i], pset->type)) + &data->rr_ttl[i], pset->type, pset->section)) return 0; rr = rr->next; } @@ -264,7 +288,7 @@ parse_rr_copy(sldns_buffer* pkt, struct rrset_parse* pset, data->rr_data[i] = nextrdata; nextrdata += rr->size; if(!rdata_copy(pkt, data, data->rr_data[i], rr, - &data->rr_ttl[i], LDNS_RR_TYPE_RRSIG)) + &data->rr_ttl[i], LDNS_RR_TYPE_RRSIG, pset->section)) return 0; rr = rr->next; } @@ -277,7 +301,11 @@ parse_create_rrset(sldns_buffer* pkt, struct rrset_parse* pset, struct packed_rrset_data** data, struct regional* region) { /* allocate */ - size_t s = sizeof(struct packed_rrset_data) + + size_t s; + if(pset->rr_count > RR_COUNT_MAX || pset->rrsig_count > RR_COUNT_MAX || + pset->size > RR_COUNT_MAX) + return 0; /* protect against integer overflow */ + s = sizeof(struct packed_rrset_data) + (pset->rr_count + pset->rrsig_count) * (sizeof(size_t)+sizeof(uint8_t*)+sizeof(time_t)) + pset->size; @@ -794,13 +822,13 @@ log_query_info(enum verbosity_value v, const char* str, } int -reply_check_cname_chain(struct reply_info* rep) +reply_check_cname_chain(struct query_info* qinfo, struct reply_info* rep) { /* check only answer section rrs for matching cname chain. * the cache may return changed rdata, but owner names are untouched.*/ size_t i; - uint8_t* sname = rep->rrsets[0]->rk.dname; - size_t snamelen = rep->rrsets[0]->rk.dname_len; + uint8_t* sname = qinfo->qname; + size_t snamelen = qinfo->qname_len; for(i=0; i<rep->an_numrrsets; i++) { uint16_t t = ntohs(rep->rrsets[i]->rk.type); if(t == LDNS_RR_TYPE_DNAME) diff --git a/contrib/unbound/util/data/msgreply.h b/contrib/unbound/util/data/msgreply.h index e8d6d76..7088979 100644 --- a/contrib/unbound/util/data/msgreply.h +++ b/contrib/unbound/util/data/msgreply.h @@ -359,10 +359,11 @@ uint8_t* reply_find_final_cname_target(struct query_info* qinfo, /** * Check if cname chain in cached reply is still valid. + * @param qinfo: query info with query name. * @param rep: reply to check. * @return: true if valid, false if invalid. */ -int reply_check_cname_chain(struct reply_info* rep); +int reply_check_cname_chain(struct query_info* qinfo, struct reply_info* rep); /** * Check security status of all RRs in the message. diff --git a/contrib/unbound/util/data/packed_rrset.c b/contrib/unbound/util/data/packed_rrset.c index 8074685..0a5c9d3 100644 --- a/contrib/unbound/util/data/packed_rrset.c +++ b/contrib/unbound/util/data/packed_rrset.c @@ -47,9 +47,9 @@ #include "util/alloc.h" #include "util/regional.h" #include "util/net_help.h" -#include "ldns/rrdef.h" -#include "ldns/sbuffer.h" -#include "ldns/wire2str.h" +#include "sldns/rrdef.h" +#include "sldns/sbuffer.h" +#include "sldns/wire2str.h" void ub_packed_rrset_parsedelete(struct ub_packed_rrset_key* pkey, diff --git a/contrib/unbound/util/data/packed_rrset.h b/contrib/unbound/util/data/packed_rrset.h index 5d7990a..6039aef 100644 --- a/contrib/unbound/util/data/packed_rrset.h +++ b/contrib/unbound/util/data/packed_rrset.h @@ -58,6 +58,12 @@ typedef uint64_t rrset_id_t; * from the SOA in the answer section from a direct SOA query or ANY query. */ #define PACKED_RRSET_SOA_NEG 0x4 +/** number of rrs and rrsets for integer overflow protection. More than + * this is not really possible (64K packet has much less RRs and RRsets) in + * a message. And this is small enough that also multiplied there is no + * integer overflow. */ +#define RR_COUNT_MAX 0xffffff + /** * The identifying information for an RRset. */ diff --git a/contrib/unbound/util/fptr_wlist.c b/contrib/unbound/util/fptr_wlist.c index 5a77432..1397e9c 100644 --- a/contrib/unbound/util/fptr_wlist.c +++ b/contrib/unbound/util/fptr_wlist.c @@ -210,6 +210,7 @@ fptr_whitelist_hash_sizefunc(lruhash_sizefunc_t fptr) else if(fptr == &ub_rrset_sizefunc) return 1; else if(fptr == &infra_sizefunc) return 1; else if(fptr == &key_entry_sizefunc) return 1; + else if(fptr == &rate_sizefunc) return 1; else if(fptr == &test_slabhash_sizefunc) return 1; return 0; } @@ -221,6 +222,7 @@ fptr_whitelist_hash_compfunc(lruhash_compfunc_t fptr) else if(fptr == &ub_rrset_compare) return 1; else if(fptr == &infra_compfunc) return 1; else if(fptr == &key_entry_compfunc) return 1; + else if(fptr == &rate_compfunc) return 1; else if(fptr == &test_slabhash_compfunc) return 1; return 0; } @@ -232,6 +234,7 @@ fptr_whitelist_hash_delkeyfunc(lruhash_delkeyfunc_t fptr) else if(fptr == &ub_rrset_key_delete) return 1; else if(fptr == &infra_delkeyfunc) return 1; else if(fptr == &key_entry_delkeyfunc) return 1; + else if(fptr == &rate_delkeyfunc) return 1; else if(fptr == &test_slabhash_delkey) return 1; return 0; } @@ -243,6 +246,7 @@ fptr_whitelist_hash_deldatafunc(lruhash_deldatafunc_t fptr) else if(fptr == &rrset_data_delete) return 1; else if(fptr == &infra_deldatafunc) return 1; else if(fptr == &key_entry_deldatafunc) return 1; + else if(fptr == &rate_deldatafunc) return 1; else if(fptr == &test_slabhash_deldata) return 1; return 0; } diff --git a/contrib/unbound/util/iana_ports.inc b/contrib/unbound/util/iana_ports.inc index ce939d5..64edf0b 100644 --- a/contrib/unbound/util/iana_ports.inc +++ b/contrib/unbound/util/iana_ports.inc @@ -1066,7 +1066,6 @@ 1404, 1405, 1406, -1407, 1408, 1409, 1410, @@ -3791,7 +3790,6 @@ 4321, 4322, 4323, -4324, 4325, 4326, 4327, @@ -3842,6 +3840,8 @@ 4404, 4405, 4406, +4412, +4413, 4425, 4426, 4430, @@ -4015,6 +4015,7 @@ 4952, 4969, 4970, +4980, 4986, 4987, 4988, @@ -4359,6 +4360,7 @@ 6072, 6073, 6074, +6080, 6081, 6082, 6083, @@ -4433,6 +4435,7 @@ 6389, 6390, 6417, +6419, 6420, 6421, 6443, @@ -4665,6 +4668,7 @@ 7725, 7726, 7727, +7728, 7734, 7738, 7741, @@ -4779,6 +4783,7 @@ 8301, 8320, 8321, +8322, 8351, 8376, 8377, @@ -4786,6 +4791,7 @@ 8379, 8380, 8383, +8384, 8400, 8401, 8402, @@ -4802,6 +4808,7 @@ 8474, 8500, 8501, +8503, 8554, 8555, 8567, @@ -4853,6 +4860,7 @@ 9000, 9001, 9002, +9006, 9007, 9009, 9020, @@ -5031,6 +5039,7 @@ 10200, 10201, 10252, +10253, 10260, 10288, 10439, @@ -5165,6 +5174,8 @@ 17220, 17221, 17222, +17224, +17225, 17234, 17235, 17500, @@ -5237,6 +5248,7 @@ 22005, 22273, 22305, +22335, 22343, 22347, 22350, @@ -5376,6 +5388,7 @@ 40843, 40853, 41111, +41230, 41794, 41795, 42508, diff --git a/contrib/unbound/util/log.c b/contrib/unbound/util/log.c index f90efa7..3ebd120 100644 --- a/contrib/unbound/util/log.c +++ b/contrib/unbound/util/log.c @@ -40,7 +40,7 @@ #include "config.h" #include "util/log.h" #include "util/locks.h" -#include "ldns/sbuffer.h" +#include "sldns/sbuffer.h" #include <stdarg.h> #ifdef HAVE_TIME_H #include <time.h> @@ -164,6 +164,14 @@ void log_thread_set(int* num) ub_thread_key_set(logkey, num); } +int log_thread_get(void) +{ + unsigned int* tid; + if(!key_created) return 0; + tid = (unsigned int*)ub_thread_key_get(logkey); + return (int)(tid?*tid:0); +} + void log_ident_set(const char* id) { ident = id; diff --git a/contrib/unbound/util/log.h b/contrib/unbound/util/log.h index ea283da..8e85ee6 100644 --- a/contrib/unbound/util/log.h +++ b/contrib/unbound/util/log.h @@ -98,6 +98,15 @@ void log_file(FILE *f); void log_thread_set(int* num); /** + * Get the thread id from logging system. Set after log_init is + * initialised, or log_thread_set for newly created threads. + * This initialisation happens in unbound as a daemon, in daemon + * startup code, when that spawns threads. + * @return thread number, from 0 and up. Before initialised, returns 0. + */ +int log_thread_get(void); + +/** * Set identity to print, default is 'unbound'. * @param id: string to print. Name of executable. */ diff --git a/contrib/unbound/util/net_help.c b/contrib/unbound/util/net_help.c index e2b7c38..07605b1 100644 --- a/contrib/unbound/util/net_help.c +++ b/contrib/unbound/util/net_help.c @@ -43,8 +43,8 @@ #include "util/data/dname.h" #include "util/module.h" #include "util/regional.h" -#include "ldns/parseutil.h" -#include "ldns/wire2str.h" +#include "sldns/parseutil.h" +#include "sldns/wire2str.h" #include <fcntl.h> #ifdef HAVE_OPENSSL_SSL_H #include <openssl/ssl.h> @@ -629,9 +629,9 @@ void* listen_sslctx_create(char* key, char* pem, char* verifypem) SSL_CTX_free(ctx); return NULL; } - if(!SSL_CTX_use_certificate_file(ctx, pem, SSL_FILETYPE_PEM)) { + if(!SSL_CTX_use_certificate_chain_file(ctx, pem)) { log_err("error for cert file: %s", pem); - log_crypto_err("error in SSL_CTX use_certificate_file"); + log_crypto_err("error in SSL_CTX use_certificate_chain_file"); SSL_CTX_free(ctx); return NULL; } @@ -647,6 +647,23 @@ void* listen_sslctx_create(char* key, char* pem, char* verifypem) SSL_CTX_free(ctx); return NULL; } +#if HAVE_DECL_SSL_CTX_SET_ECDH_AUTO + if(!SSL_CTX_set_ecdh_auto(ctx,1)) { + log_crypto_err("Error in SSL_CTX_ecdh_auto, not enabling ECDHE"); + } +#elif defined(USE_ECDSA) + if(1) { + EC_KEY *ecdh = EC_KEY_new_by_curve_name (NID_X9_62_prime256v1); + if (!ecdh) { + log_crypto_err("could not find p256, not enabling ECDHE"); + } else { + if (1 != SSL_CTX_set_tmp_ecdh (ctx, ecdh)) { + log_crypto_err("Error in SSL_CTX_set_tmp_ecdh, not enabling ECDHE"); + } + EC_KEY_free (ecdh); + } + } +#endif if(verifypem && verifypem[0]) { if(!SSL_CTX_load_verify_locations(ctx, verifypem, NULL)) { @@ -684,7 +701,7 @@ void* connect_sslctx_create(char* key, char* pem, char* verifypem) return NULL; } if(key && key[0]) { - if(!SSL_CTX_use_certificate_file(ctx, pem, SSL_FILETYPE_PEM)) { + if(!SSL_CTX_use_certificate_chain_file(ctx, pem)) { log_err("error in client certificate %s", pem); log_crypto_err("error in certificate file"); SSL_CTX_free(ctx); @@ -770,7 +787,7 @@ static lock_basic_t *ub_openssl_locks = NULL; static unsigned long ub_crypto_id_cb(void) { - return (unsigned long)ub_thread_self(); + return (unsigned long)log_thread_get(); } static void @@ -789,8 +806,8 @@ int ub_openssl_lock_init(void) { #if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED) int i; - ub_openssl_locks = (lock_basic_t*)malloc( - sizeof(lock_basic_t)*CRYPTO_num_locks()); + ub_openssl_locks = (lock_basic_t*)reallocarray( + NULL, (size_t)CRYPTO_num_locks(), sizeof(lock_basic_t)); if(!ub_openssl_locks) return 0; for(i=0; i<CRYPTO_num_locks(); i++) { diff --git a/contrib/unbound/util/netevent.c b/contrib/unbound/util/netevent.c index c7ed30e..3bb8948 100644 --- a/contrib/unbound/util/netevent.c +++ b/contrib/unbound/util/netevent.c @@ -43,8 +43,8 @@ #include "util/log.h" #include "util/net_help.h" #include "util/fptr_wlist.h" -#include "ldns/pkthdr.h" -#include "ldns/sbuffer.h" +#include "sldns/pkthdr.h" +#include "sldns/sbuffer.h" #include "dnstap/dnstap.h" #ifdef HAVE_OPENSSL_SSL_H #include <openssl/ssl.h> @@ -498,12 +498,16 @@ comm_point_send_udp_msg_if(struct comm_point *c, sldns_buffer* packet, cmsg = CMSG_FIRSTHDR(&msg); if(r->srctype == 4) { #ifdef IP_PKTINFO + void* cmsg_data; msg.msg_controllen = CMSG_SPACE(sizeof(struct in_pktinfo)); log_assert(msg.msg_controllen <= sizeof(control)); cmsg->cmsg_level = IPPROTO_IP; cmsg->cmsg_type = IP_PKTINFO; memmove(CMSG_DATA(cmsg), &r->pktinfo.v4info, sizeof(struct in_pktinfo)); + /* unset the ifindex to not bypass the routing tables */ + cmsg_data = CMSG_DATA(cmsg); + ((struct in_pktinfo *) cmsg_data)->ipi_ifindex = 0; cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo)); #elif defined(IP_SENDSRCADDR) msg.msg_controllen = CMSG_SPACE(sizeof(struct in_addr)); @@ -518,12 +522,16 @@ comm_point_send_udp_msg_if(struct comm_point *c, sldns_buffer* packet, msg.msg_control = NULL; #endif /* IP_PKTINFO or IP_SENDSRCADDR */ } else if(r->srctype == 6) { + void* cmsg_data; msg.msg_controllen = CMSG_SPACE(sizeof(struct in6_pktinfo)); log_assert(msg.msg_controllen <= sizeof(control)); cmsg->cmsg_level = IPPROTO_IPV6; cmsg->cmsg_type = IPV6_PKTINFO; memmove(CMSG_DATA(cmsg), &r->pktinfo.v6info, sizeof(struct in6_pktinfo)); + /* unset the ifindex to not bypass the routing tables */ + cmsg_data = CMSG_DATA(cmsg); + ((struct in6_pktinfo *) cmsg_data)->ipi6_ifindex = 0; cmsg->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo)); } else { /* try to pass all 0 to use default route */ @@ -879,12 +887,12 @@ comm_point_tcp_accept_callback(int fd, short event, void* arg) } /* grab the tcp handler buffers */ + c->cur_tcp_count++; c->tcp_free = c_hdl->tcp_free; if(!c->tcp_free) { /* stop accepting incoming queries for now. */ comm_point_stop_listening(c); } - /* addr is dropped. Not needed for tcp reply. */ setup_tcp_handler(c_hdl, new_fd); } @@ -902,6 +910,7 @@ reclaim_tcp_handler(struct comm_point* c) } comm_point_close(c); if(c->tcp_parent) { + c->tcp_parent->cur_tcp_count--; c->tcp_free = c->tcp_parent->tcp_free; c->tcp_parent->tcp_free = c; if(!c->tcp_free) { @@ -1528,6 +1537,7 @@ comm_point_create_udp(struct comm_base *base, int fd, sldns_buffer* buffer, c->tcp_byte_count = 0; c->tcp_parent = NULL; c->max_tcp_count = 0; + c->cur_tcp_count = 0; c->tcp_handlers = NULL; c->tcp_free = NULL; c->type = comm_udp; @@ -1578,6 +1588,7 @@ comm_point_create_udp_ancil(struct comm_base *base, int fd, c->tcp_byte_count = 0; c->tcp_parent = NULL; c->max_tcp_count = 0; + c->cur_tcp_count = 0; c->tcp_handlers = NULL; c->tcp_free = NULL; c->type = comm_udp; @@ -1639,6 +1650,7 @@ comm_point_create_tcp_handler(struct comm_base *base, c->tcp_byte_count = 0; c->tcp_parent = parent; c->max_tcp_count = 0; + c->cur_tcp_count = 0; c->tcp_handlers = NULL; c->tcp_free = NULL; c->type = comm_tcp; @@ -1691,6 +1703,7 @@ comm_point_create_tcp(struct comm_base *base, int fd, int num, size_t bufsize, c->tcp_byte_count = 0; c->tcp_parent = NULL; c->max_tcp_count = num; + c->cur_tcp_count = 0; c->tcp_handlers = (struct comm_point**)calloc((size_t)num, sizeof(struct comm_point*)); if(!c->tcp_handlers) { @@ -1758,6 +1771,7 @@ comm_point_create_tcp_out(struct comm_base *base, size_t bufsize, c->tcp_byte_count = 0; c->tcp_parent = NULL; c->max_tcp_count = 0; + c->cur_tcp_count = 0; c->tcp_handlers = NULL; c->tcp_free = NULL; c->type = comm_tcp; @@ -1810,6 +1824,7 @@ comm_point_create_local(struct comm_base *base, int fd, size_t bufsize, c->tcp_byte_count = 0; c->tcp_parent = NULL; c->max_tcp_count = 0; + c->cur_tcp_count = 0; c->tcp_handlers = NULL; c->tcp_free = NULL; c->type = comm_local; @@ -1857,6 +1872,7 @@ comm_point_create_raw(struct comm_base* base, int fd, int writing, c->tcp_byte_count = 0; c->tcp_parent = NULL; c->max_tcp_count = 0; + c->cur_tcp_count = 0; c->tcp_handlers = NULL; c->tcp_free = NULL; c->type = comm_raw; diff --git a/contrib/unbound/util/netevent.h b/contrib/unbound/util/netevent.h index 37322ab..4b87cdb 100644 --- a/contrib/unbound/util/netevent.h +++ b/contrib/unbound/util/netevent.h @@ -164,6 +164,8 @@ struct comm_point { /* -------- TCP Accept -------- */ /** the number of TCP handlers for this tcp-accept socket */ int max_tcp_count; + /** current number of tcp handler in-use for this accept socket */ + int cur_tcp_count; /** malloced array of tcp handlers for a tcp-accept, of size max_tcp_count. */ struct comm_point** tcp_handlers; diff --git a/contrib/unbound/validator/autotrust.c b/contrib/unbound/validator/autotrust.c index 5e1dc4e..e63b086 100644 --- a/contrib/unbound/validator/autotrust.c +++ b/contrib/unbound/validator/autotrust.c @@ -57,11 +57,11 @@ #include "services/mesh.h" #include "services/cache/rrset.h" #include "validator/val_kcache.h" -#include "ldns/sbuffer.h" -#include "ldns/wire2str.h" -#include "ldns/str2wire.h" -#include "ldns/keyraw.h" -#include "ldns/rrdef.h" +#include "sldns/sbuffer.h" +#include "sldns/wire2str.h" +#include "sldns/str2wire.h" +#include "sldns/keyraw.h" +#include "sldns/rrdef.h" #include <stdarg.h> #include <ctype.h> @@ -1184,7 +1184,7 @@ void autr_write_file(struct module_env* env, struct trust_anchor* tp) verbose(VERB_ALGO, "autotrust: write to disk: %s", tempf); out = fopen(tempf, "w"); if(!out) { - log_err("could not open autotrust file for writing, %s: %s", + fatal_exit("could not open autotrust file for writing, %s: %s", tempf, strerror(errno)); return; } @@ -1192,11 +1192,11 @@ void autr_write_file(struct module_env* env, struct trust_anchor* tp) /* failed to write contents (completely) */ fclose(out); unlink(tempf); - log_err("could not completely write: %s", fname); + fatal_exit("could not completely write: %s", fname); return; } if(fclose(out) != 0) { - log_err("could not complete write: %s: %s", + fatal_exit("could not complete write: %s: %s", fname, strerror(errno)); unlink(tempf); return; @@ -1207,7 +1207,7 @@ void autr_write_file(struct module_env* env, struct trust_anchor* tp) (void)unlink(fname); /* windows does not replace file with rename() */ #endif if(rename(tempf, fname) < 0) { - log_err("rename(%s to %s): %s", tempf, fname, strerror(errno)); + fatal_exit("rename(%s to %s): %s", tempf, fname, strerror(errno)); } } @@ -1225,7 +1225,7 @@ verify_dnskey(struct module_env* env, struct val_env* ve, { char* reason = NULL; uint8_t sigalg[ALGO_NEEDS_MAX+1]; - int downprot = 1; + int downprot = env->cfg->harden_algo_downgrade; enum sec_status sec = val_verify_DNSKEY_with_TA(env, ve, rrset, tp->ds_rrset, tp->dnskey_rrset, downprot?sigalg:NULL, &reason); /* sigalg is ignored, it returns algorithms signalled to exist, but @@ -1447,9 +1447,11 @@ set_tp_times(struct trust_anchor* tp, time_t rrsig_exp_interval, if(rrsig_exp_interval/2 < x) x = rrsig_exp_interval/2; /* MAX(1hr, x) */ - if(x < 3600) - tp->autr->query_interval = 3600; - else tp->autr->query_interval = x; + if(!autr_permit_small_holddown) { + if(x < 3600) + tp->autr->query_interval = 3600; + else tp->autr->query_interval = x; + } else tp->autr->query_interval = x; /* x= MIN(1day, ttl/10, expire/10) */ x = 24 * 3600; @@ -1458,9 +1460,11 @@ set_tp_times(struct trust_anchor* tp, time_t rrsig_exp_interval, if(rrsig_exp_interval/10 < x) x = rrsig_exp_interval/10; /* MAX(1hr, x) */ - if(x < 3600) - tp->autr->retry_time = 3600; - else tp->autr->retry_time = x; + if(!autr_permit_small_holddown) { + if(x < 3600) + tp->autr->retry_time = 3600; + else tp->autr->retry_time = x; + } else tp->autr->retry_time = x; if(qi != tp->autr->query_interval || rt != tp->autr->retry_time) { *changed = 1; @@ -1959,8 +1963,12 @@ calc_next_probe(struct module_env* env, time_t wait) { /* make it random, 90-100% */ time_t rnd, rest; - if(wait < 3600) - wait = 3600; + if(!autr_permit_small_holddown) { + if(wait < 3600) + wait = 3600; + } else { + if(wait == 0) wait = 1; + } rnd = wait/10; rest = wait-rnd; rnd = (time_t)ub_random_max(env->rnd, (long int)rnd); @@ -2349,6 +2357,8 @@ todo_probe(struct module_env* env, time_t* next) if( (el=rbtree_first(&env->anchors->autr->probe)) == RBTREE_NULL) { /* in case of revoked anchors */ lock_basic_unlock(&env->anchors->lock); + /* signal that there are no anchors to probe */ + *next = 0; return NULL; } tp = (struct trust_anchor*)el->key; @@ -2378,6 +2388,7 @@ autr_probe_timer(struct module_env* env) struct trust_anchor* tp; time_t next_probe = 3600; int num = 0; + if(autr_permit_small_holddown) next_probe = 1; verbose(VERB_ALGO, "autotrust probe timer callback"); /* while there are still anchors to probe */ while( (tp = todo_probe(env, &next_probe)) ) { @@ -2386,7 +2397,7 @@ autr_probe_timer(struct module_env* env) num++; } regional_free_all(env->scratch); - if(num == 0) + if(next_probe == 0) return 0; /* no trust points to probe */ verbose(VERB_ALGO, "autotrust probe timer %d callbacks done", num); return next_probe; diff --git a/contrib/unbound/validator/val_anchor.c b/contrib/unbound/validator/val_anchor.c index 3a67fff..845b54a 100644 --- a/contrib/unbound/validator/val_anchor.c +++ b/contrib/unbound/validator/val_anchor.c @@ -48,9 +48,9 @@ #include "util/log.h" #include "util/net_help.h" #include "util/config_file.h" -#include "ldns/sbuffer.h" -#include "ldns/rrdef.h" -#include "ldns/str2wire.h" +#include "sldns/sbuffer.h" +#include "sldns/rrdef.h" +#include "sldns/str2wire.h" #ifdef HAVE_GLOB_H #include <glob.h> #endif @@ -882,14 +882,14 @@ assemble_it(struct trust_anchor* ta, size_t num, uint16_t type) memset(pd, 0, sizeof(*pd)); pd->count = num; pd->trust = rrset_trust_ultimate; - pd->rr_len = (size_t*)malloc(num*sizeof(size_t)); + pd->rr_len = (size_t*)reallocarray(NULL, num, sizeof(size_t)); if(!pd->rr_len) { free(pd); free(pkey->rk.dname); free(pkey); return NULL; } - pd->rr_ttl = (time_t*)malloc(num*sizeof(time_t)); + pd->rr_ttl = (time_t*)reallocarray(NULL, num, sizeof(time_t)); if(!pd->rr_ttl) { free(pd->rr_len); free(pd); @@ -897,7 +897,7 @@ assemble_it(struct trust_anchor* ta, size_t num, uint16_t type) free(pkey); return NULL; } - pd->rr_data = (uint8_t**)malloc(num*sizeof(uint8_t*)); + pd->rr_data = (uint8_t**)reallocarray(NULL, num, sizeof(uint8_t*)); if(!pd->rr_data) { free(pd->rr_ttl); free(pd->rr_len); @@ -1020,7 +1020,13 @@ anchors_assemble_rrsets(struct val_anchors* anchors) dname_str(ta->name, b); log_warn("trust anchor %s has no supported algorithms," " the anchor is ignored (check if you need to" - " upgrade unbound and openssl)", b); + " upgrade unbound and " +#ifdef HAVE_LIBRESSL + "libressl" +#else + "openssl" +#endif + ")", b); (void)rbtree_delete(anchors->tree, &ta->node); lock_basic_unlock(&ta->lock); anchors_delfunc(&ta->node, NULL); diff --git a/contrib/unbound/validator/val_kentry.c b/contrib/unbound/validator/val_kentry.c index f99f18e..93fe214 100644 --- a/contrib/unbound/validator/val_kentry.c +++ b/contrib/unbound/validator/val_kentry.c @@ -45,8 +45,8 @@ #include "util/storage/lookup3.h" #include "util/regional.h" #include "util/net_help.h" -#include "ldns/rrdef.h" -#include "ldns/keyraw.h" +#include "sldns/rrdef.h" +#include "sldns/keyraw.h" size_t key_entry_sizefunc(void* key, void* data) diff --git a/contrib/unbound/validator/val_neg.c b/contrib/unbound/validator/val_neg.c index 1d7a5c5..b1ff8d9 100644 --- a/contrib/unbound/validator/val_neg.c +++ b/contrib/unbound/validator/val_neg.c @@ -59,8 +59,8 @@ #include "util/config_file.h" #include "services/cache/rrset.h" #include "services/cache/dns.h" -#include "ldns/rrdef.h" -#include "ldns/sbuffer.h" +#include "sldns/rrdef.h" +#include "sldns/sbuffer.h" int val_neg_data_compare(const void* a, const void* b) { diff --git a/contrib/unbound/validator/val_nsec3.c b/contrib/unbound/validator/val_nsec3.c index 548daf2..80ca4d0 100644 --- a/contrib/unbound/validator/val_nsec3.c +++ b/contrib/unbound/validator/val_nsec3.c @@ -62,7 +62,7 @@ #include "util/data/msgreply.h" /* we include nsec.h for the bitmap_has_type function */ #include "validator/val_nsec.h" -#include "ldns/sbuffer.h" +#include "sldns/sbuffer.h" /** * This function we get from ldns-compat or from base system diff --git a/contrib/unbound/validator/val_secalgo.c b/contrib/unbound/validator/val_secalgo.c index 3437c8d..8ed403d 100644 --- a/contrib/unbound/validator/val_secalgo.c +++ b/contrib/unbound/validator/val_secalgo.c @@ -45,9 +45,9 @@ #include "util/data/packed_rrset.h" #include "validator/val_secalgo.h" #include "util/log.h" -#include "ldns/rrdef.h" -#include "ldns/keyraw.h" -#include "ldns/sbuffer.h" +#include "sldns/rrdef.h" +#include "sldns/keyraw.h" +#include "sldns/sbuffer.h" #if !defined(HAVE_SSL) && !defined(HAVE_NSS) #error "Need crypto library to do digital signature cryptography" diff --git a/contrib/unbound/validator/val_sigcrypt.c b/contrib/unbound/validator/val_sigcrypt.c index 5a4d0f4..a2f1265 100644 --- a/contrib/unbound/validator/val_sigcrypt.c +++ b/contrib/unbound/validator/val_sigcrypt.c @@ -51,10 +51,10 @@ #include "util/module.h" #include "util/net_help.h" #include "util/regional.h" -#include "ldns/keyraw.h" -#include "ldns/sbuffer.h" -#include "ldns/parseutil.h" -#include "ldns/wire2str.h" +#include "sldns/keyraw.h" +#include "sldns/sbuffer.h" +#include "sldns/parseutil.h" +#include "sldns/wire2str.h" #include <ctype.h> #if !defined(HAVE_SSL) && !defined(HAVE_NSS) @@ -795,10 +795,6 @@ canonical_compare(struct ub_packed_rrset_key* rrset, size_t i, size_t j) if(i==j) return 0; - /* in case rdata-len is to be compared for canonical order - c = memcmp(d->rr_data[i], d->rr_data[j], 2); - if(c != 0) - return c; */ switch(type) { /* These RR types have only a name as RDATA. @@ -1079,6 +1075,8 @@ int rrset_canonical_equal(struct regional* region, fd.rr_data = fdata; rbtree_init(&sortree1, &canonical_tree_compare); rbtree_init(&sortree2, &canonical_tree_compare); + if(d1->count > RR_COUNT_MAX || d2->count > RR_COUNT_MAX) + return 1; /* protection against integer overflow */ rrs1 = regional_alloc(region, sizeof(struct canon_rr)*d1->count); rrs2 = regional_alloc(region, sizeof(struct canon_rr)*d2->count); if(!rrs1 || !rrs2) return 1; /* alloc failure */ @@ -1135,6 +1133,8 @@ rrset_canonical(struct regional* region, sldns_buffer* buf, sizeof(rbtree_t)); if(!*sortree) return 0; + if(d->count > RR_COUNT_MAX) + return 0; /* integer overflow protection */ rrs = regional_alloc(region, sizeof(struct canon_rr)*d->count); if(!rrs) { *sortree = NULL; diff --git a/contrib/unbound/validator/validator.c b/contrib/unbound/validator/validator.c index cc07cc2..f8b429e 100644 --- a/contrib/unbound/validator/validator.c +++ b/contrib/unbound/validator/validator.c @@ -58,8 +58,8 @@ #include "util/regional.h" #include "util/config_file.h" #include "util/fptr_wlist.h" -#include "ldns/rrdef.h" -#include "ldns/wire2str.h" +#include "sldns/rrdef.h" +#include "sldns/wire2str.h" /* forward decl for cache response and normal super inform calls of a DS */ static void process_ds_response(struct module_qstate* qstate, @@ -226,6 +226,8 @@ val_new_getmsg(struct module_qstate* qstate, struct val_qstate* vq) sizeof(struct reply_info) - sizeof(struct rrset_ref)); if(!vq->chase_reply) return NULL; + if(vq->orig_msg->rep->rrset_count > RR_COUNT_MAX) + return NULL; /* protect against integer overflow */ vq->chase_reply->rrsets = regional_alloc_init(qstate->region, vq->orig_msg->rep->rrsets, sizeof(struct ub_packed_rrset_key*) * vq->orig_msg->rep->rrset_count); @@ -517,8 +519,8 @@ validate_msg_signatures(struct module_qstate* qstate, struct module_env* env, "has failed AUTHORITY rrset:", s->rk.dname, ntohs(s->rk.type), ntohs(s->rk.rrset_class)); errinf(qstate, reason); - errinf_rrset(qstate, s); errinf_origin(qstate, qstate->reply_origin); + errinf_rrset(qstate, s); chase_reply->security = sec_status_bogus; return 0; } @@ -1813,6 +1815,8 @@ processValidate(struct module_qstate* qstate, struct val_qstate* vq, /** * Init DLV check. + * DLV is going to be decommissioned, but the code is still here for some time. + * * Called when a query is determined by other trust anchors to be insecure * (or indeterminate). Then we look if there is a key in the DLV. * Performs aggressive negative cache check to see if there is no key. @@ -2352,7 +2356,7 @@ primeResponseToKE(struct ub_packed_rrset_key* dnskey_rrset, struct key_entry_key* kkey = NULL; enum sec_status sec = sec_status_unchecked; char* reason = NULL; - int downprot = 1; + int downprot = qstate->env->cfg->harden_algo_downgrade; if(!dnskey_rrset) { log_nametypeclass(VERB_OPS, "failed to prime trust anchor -- " @@ -2765,7 +2769,7 @@ process_dnskey_response(struct module_qstate* qstate, struct val_qstate* vq, vq->state = VAL_VALIDATE_STATE; return; } - downprot = 1; + downprot = qstate->env->cfg->harden_algo_downgrade; vq->key_entry = val_verify_new_DNSKEYs(qstate->region, qstate->env, ve, dnskey, vq->ds_rrset, downprot, &reason); diff --git a/crypto/openssl/CHANGES b/crypto/openssl/CHANGES index 2e888f7..d920954 100644 --- a/crypto/openssl/CHANGES +++ b/crypto/openssl/CHANGES @@ -2,6 +2,45 @@ OpenSSL CHANGES _______________ + Changes between 1.0.1p and 1.0.1q [3 Dec 2015] + + *) Certificate verify crash with missing PSS parameter + + The signature verification routines will crash with a NULL pointer + dereference if presented with an ASN.1 signature using the RSA PSS + algorithm and absent mask generation function parameter. Since these + routines are used to verify certificate signature algorithms this can be + used to crash any certificate verification operation and exploited in a + DoS attack. Any application which performs certificate verification is + vulnerable including OpenSSL clients and servers which enable client + authentication. + + This issue was reported to OpenSSL by Loïc Jonas Etienne (Qnective AG). + (CVE-2015-3194) + [Stephen Henson] + + *) X509_ATTRIBUTE memory leak + + When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak + memory. This structure is used by the PKCS#7 and CMS routines so any + application which reads PKCS#7 or CMS data from untrusted sources is + affected. SSL/TLS is not affected. + + This issue was reported to OpenSSL by Adam Langley (Google/BoringSSL) using + libFuzzer. + (CVE-2015-3195) + [Stephen Henson] + + *) Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs. + This changes the decoding behaviour for some invalid messages, + though the change is mostly in the more lenient direction, and + legacy behaviour is preserved as much as possible. + [Emilia Käsper] + + *) In DSA_generate_parameters_ex, if the provided seed is too short, + return an error + [Rich Salz and Ismo Puustinen <ismo.puustinen@intel.com>] + Changes between 1.0.1o and 1.0.1p [9 Jul 2015] *) Alternate chains certificate forgery @@ -15,10 +54,19 @@ This issue was reported to OpenSSL by Adam Langley/David Benjamin (Google/BoringSSL). + (CVE-2015-1793) [Matt Caswell] - Changes between 1.0.1n and 1.0.1o [12 Jun 2015] + *) Race condition handling PSK identify hint + + If PSK identity hints are received by a multi-threaded client then + the values are wrongly updated in the parent SSL_CTX structure. This can + result in a race condition potentially leading to a double free of the + identify hint data. + (CVE-2015-3196) + [Stephen Henson] + Changes between 1.0.1n and 1.0.1o [12 Jun 2015] *) Fix HMAC ABI incompatibility. The previous version introduced an ABI incompatibility in the handling of HMAC. The previous ABI has now been restored. @@ -55,9 +103,9 @@ callbacks. This issue was reported to OpenSSL by Robert Swiecki (Google), and - independently by Hanno Böck. + independently by Hanno Böck. (CVE-2015-1789) - [Emilia Käsper] + [Emilia Käsper] *) PKCS7 crash with missing EnvelopedContent @@ -71,7 +119,7 @@ This issue was reported to OpenSSL by Michal Zalewski (Google). (CVE-2015-1790) - [Emilia Käsper] + [Emilia Käsper] *) CMS verify infinite loop with unknown hash function @@ -94,6 +142,9 @@ *) Reject DH handshakes with parameters shorter than 768 bits. [Kurt Roeckx and Emilia Kasper] + *) dhparam: generate 2048-bit parameters by default. + [Kurt Roeckx and Emilia Kasper] + Changes between 1.0.1l and 1.0.1m [19 Mar 2015] *) Segmentation fault in ASN1_TYPE_cmp fix @@ -132,7 +183,7 @@ This issue was reported to OpenSSL by Michal Zalewski (Google). (CVE-2015-0289) - [Emilia Käsper] + [Emilia Käsper] *) DoS via reachable assert in SSLv2 servers fix @@ -140,10 +191,10 @@ servers that both support SSLv2 and enable export cipher suites by sending a specially crafted SSLv2 CLIENT-MASTER-KEY message. - This issue was discovered by Sean Burford (Google) and Emilia Käsper + This issue was discovered by Sean Burford (Google) and Emilia Käsper (OpenSSL development team). (CVE-2015-0293) - [Emilia Käsper] + [Emilia Käsper] *) Use After Free following d2i_ECPrivatekey error fix @@ -288,12 +339,12 @@ version does not match the session's version. Resuming with a different version, while not strictly forbidden by the RFC, is of questionable sanity and breaks all known clients. - [David Benjamin, Emilia Käsper] + [David Benjamin, Emilia Käsper] *) Tighten handling of the ChangeCipherSpec (CCS) message: reject early CCS messages during renegotiation. (Note that because renegotiation is encrypted, this early CCS was not exploitable.) - [Emilia Käsper] + [Emilia Käsper] *) Tighten client-side session ticket handling during renegotiation: ensure that the client only accepts a session ticket if the server sends @@ -304,7 +355,7 @@ Similarly, ensure that the client requires a session ticket if one was advertised in the ServerHello. Previously, a TLS client would ignore a missing NewSessionTicket message. - [Emilia Käsper] + [Emilia Käsper] Changes between 1.0.1i and 1.0.1j [15 Oct 2014] @@ -384,10 +435,10 @@ with a null pointer dereference (read) by specifying an anonymous (EC)DH ciphersuite and sending carefully crafted handshake messages. - Thanks to Felix Gröbert (Google) for discovering and researching this + Thanks to Felix Gröbert (Google) for discovering and researching this issue. (CVE-2014-3510) - [Emilia Käsper] + [Emilia Käsper] *) By sending carefully crafted DTLS packets an attacker could cause openssl to leak memory. This can be exploited through a Denial of Service attack. @@ -424,7 +475,7 @@ properly negotiated with the client. This can be exploited through a Denial of Service attack. - Thanks to Joonas Kuorilehto and Riku Hietamäki (Codenomicon) for + Thanks to Joonas Kuorilehto and Riku Hietamäki (Codenomicon) for discovering and researching this issue. (CVE-2014-5139) [Steve Henson] @@ -436,7 +487,7 @@ Thanks to Ivan Fratric (Google) for discovering this issue. (CVE-2014-3508) - [Emilia Käsper, and Steve Henson] + [Emilia Käsper, and Steve Henson] *) Fix ec_GFp_simple_points_make_affine (thus, EC_POINTs_mul etc.) for corner cases. (Certain input points at infinity could lead to @@ -466,15 +517,15 @@ client or server. This is potentially exploitable to run arbitrary code on a vulnerable client or server. - Thanks to Jüri Aedla for reporting this issue. (CVE-2014-0195) - [Jüri Aedla, Steve Henson] + Thanks to Jüri Aedla for reporting this issue. (CVE-2014-0195) + [Jüri Aedla, Steve Henson] *) Fix bug in TLS code where clients enable anonymous ECDH ciphersuites are subject to a denial of service attack. - Thanks to Felix Gröbert and Ivan Fratric at Google for discovering + Thanks to Felix Gröbert and Ivan Fratric at Google for discovering this issue. (CVE-2014-3470) - [Felix Gröbert, Ivan Fratric, Steve Henson] + [Felix Gröbert, Ivan Fratric, Steve Henson] *) Harmonize version and its documentation. -f flag is used to display compilation flags. @@ -553,9 +604,9 @@ Thanks go to Nadhem Alfardan and Kenny Paterson of the Information Security Group at Royal Holloway, University of London (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and - Emilia Käsper for the initial patch. + Emilia Käsper for the initial patch. (CVE-2013-0169) - [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson] + [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson] *) Fix flaw in AESNI handling of TLS 1.2 and 1.1 records for CBC mode ciphersuites which can be exploited in a denial of service attack. @@ -730,7 +781,7 @@ EC_GROUP_new_by_curve_name() will automatically use these (while EC_GROUP_new_curve_GFp() currently prefers the more flexible implementations). - [Emilia Käsper, Adam Langley, Bodo Moeller (Google)] + [Emilia Käsper, Adam Langley, Bodo Moeller (Google)] *) Use type ossl_ssize_t instad of ssize_t which isn't available on all platforms. Move ssize_t definition from e_os.h to the public @@ -1006,7 +1057,7 @@ [Adam Langley (Google)] *) Fix spurious failures in ecdsatest.c. - [Emilia Käsper (Google)] + [Emilia Käsper (Google)] *) Fix the BIO_f_buffer() implementation (which was mixing different interpretations of the '..._len' fields). @@ -1020,7 +1071,7 @@ lock to call BN_BLINDING_invert_ex, and avoids one use of BN_BLINDING_update for each BN_BLINDING structure (previously, the last update always remained unused). - [Emilia Käsper (Google)] + [Emilia Käsper (Google)] *) In ssl3_clear, preserve s3->init_extra along with s3->rbuf. [Bob Buckholz (Google)] @@ -1829,7 +1880,7 @@ *) Add RFC 3161 compliant time stamp request creation, response generation and response verification functionality. - [Zoltán Glózik <zglozik@opentsa.org>, The OpenTSA Project] + [Zoltán Glózik <zglozik@opentsa.org>, The OpenTSA Project] *) Add initial support for TLS extensions, specifically for the server_name extension so far. The SSL_SESSION, SSL_CTX, and SSL data structures now @@ -2997,7 +3048,7 @@ *) BN_CTX_get() should return zero-valued bignums, providing the same initialised value as BN_new(). - [Geoff Thorpe, suggested by Ulf Möller] + [Geoff Thorpe, suggested by Ulf Möller] *) Support for inhibitAnyPolicy certificate extension. [Steve Henson] @@ -3016,7 +3067,7 @@ some point, these tighter rules will become openssl's default to improve maintainability, though the assert()s and other overheads will remain only in debugging configurations. See bn.h for more details. - [Geoff Thorpe, Nils Larsch, Ulf Möller] + [Geoff Thorpe, Nils Larsch, Ulf Möller] *) BN_CTX_init() has been deprecated, as BN_CTX is an opaque structure that can only be obtained through BN_CTX_new() (which implicitly @@ -3083,7 +3134,7 @@ [Douglas Stebila (Sun Microsystems Laboratories)] *) Add the possibility to load symbols globally with DSO. - [Götz Babin-Ebell <babin-ebell@trustcenter.de> via Richard Levitte] + [Götz Babin-Ebell <babin-ebell@trustcenter.de> via Richard Levitte] *) Add the functions ERR_set_mark() and ERR_pop_to_mark() for better control of the error stack. @@ -3798,7 +3849,7 @@ [Steve Henson] *) Undo Cygwin change. - [Ulf Möller] + [Ulf Möller] *) Added support for proxy certificates according to RFC 3820. Because they may be a security thread to unaware applications, @@ -3831,11 +3882,11 @@ [Stephen Henson, reported by UK NISCC] *) Use Windows randomness collection on Cygwin. - [Ulf Möller] + [Ulf Möller] *) Fix hang in EGD/PRNGD query when communication socket is closed prematurely by EGD/PRNGD. - [Darren Tucker <dtucker@zip.com.au> via Lutz Jänicke, resolves #1014] + [Darren Tucker <dtucker@zip.com.au> via Lutz Jänicke, resolves #1014] *) Prompt for pass phrases when appropriate for PKCS12 input format. [Steve Henson] @@ -4297,7 +4348,7 @@ pointers passed to them whenever necessary. Otherwise it is possible the caller may have overwritten (or deallocated) the original string data when a later ENGINE operation tries to use the stored values. - [Götz Babin-Ebell <babinebell@trustcenter.de>] + [Götz Babin-Ebell <babinebell@trustcenter.de>] *) Improve diagnostics in file reading and command-line digests. [Ben Laurie aided and abetted by Solar Designer <solar@openwall.com>] @@ -6402,7 +6453,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Bodo Moeller] *) BN_sqr() bug fix. - [Ulf Möller, reported by Jim Ellis <jim.ellis@cavium.com>] + [Ulf Möller, reported by Jim Ellis <jim.ellis@cavium.com>] *) Rabin-Miller test analyses assume uniformly distributed witnesses, so use BN_pseudo_rand_range() instead of using BN_pseudo_rand() @@ -6562,7 +6613,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Bodo Moeller] *) Fix OAEP check. - [Ulf Möller, Bodo Möller] + [Ulf Möller, Bodo Möller] *) The countermeasure against Bleichbacher's attack on PKCS #1 v1.5 RSA encryption was accidentally removed in s3_srvr.c in OpenSSL 0.9.5 @@ -6824,10 +6875,10 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Bodo Moeller] *) Use better test patterns in bntest. - [Ulf Möller] + [Ulf Möller] *) rand_win.c fix for Borland C. - [Ulf Möller] + [Ulf Möller] *) BN_rshift bugfix for n == 0. [Bodo Moeller] @@ -6972,14 +7023,14 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) New BIO_shutdown_wr macro, which invokes the BIO_C_SHUTDOWN_WR BIO_ctrl (for BIO pairs). - [Bodo Möller] + [Bodo Möller] *) Add DSO method for VMS. [Richard Levitte] *) Bug fix: Montgomery multiplication could produce results with the wrong sign. - [Ulf Möller] + [Ulf Möller] *) Add RPM specification openssl.spec and modify it to build three packages. The default package contains applications, application @@ -6997,7 +7048,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Don't set the two most significant bits to one when generating a random number < q in the DSA library. - [Ulf Möller] + [Ulf Möller] *) New SSL API mode 'SSL_MODE_AUTO_RETRY'. This disables the default behaviour that SSL_read may result in SSL_ERROR_WANT_READ (even if @@ -7263,7 +7314,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Randomness polling function for Win9x, as described in: Peter Gutmann, Software Generation of Practically Strong Random Numbers. - [Ulf Möller] + [Ulf Möller] *) Fix so PRNG is seeded in req if using an already existing DSA key. @@ -7483,7 +7534,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Steve Henson] *) Eliminate non-ANSI declarations in crypto.h and stack.h. - [Ulf Möller] + [Ulf Möller] *) Fix for SSL server purpose checking. Server checking was rejecting certificates which had extended key usage present @@ -7515,7 +7566,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Bodo Moeller] *) Bugfix for linux-elf makefile.one. - [Ulf Möller] + [Ulf Möller] *) RSA_get_default_method() will now cause a default RSA_METHOD to be chosen if one doesn't exist already. @@ -7604,7 +7655,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Steve Henson] *) des_quad_cksum() byte order bug fix. - [Ulf Möller, using the problem description in krb4-0.9.7, where + [Ulf Möller, using the problem description in krb4-0.9.7, where the solution is attributed to Derrick J Brashear <shadow@DEMENTIA.ORG>] *) Fix so V_ASN1_APP_CHOOSE works again: however its use is strongly @@ -7705,7 +7756,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Rolf Haberrecker <rolf@suse.de>] *) Assembler module support for Mingw32. - [Ulf Möller] + [Ulf Möller] *) Shared library support for HPUX (in shlib/). [Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE> and Anonymous] @@ -7724,7 +7775,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) BN_mul bugfix: In bn_mul_part_recursion() only the a>a[n] && b>b[n] case was implemented. This caused BN_div_recp() to fail occasionally. - [Ulf Möller] + [Ulf Möller] *) Add an optional second argument to the set_label() in the perl assembly language builder. If this argument exists and is set @@ -7754,14 +7805,14 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Steve Henson] *) Fix potential buffer overrun problem in BIO_printf(). - [Ulf Möller, using public domain code by Patrick Powell; problem + [Ulf Möller, using public domain code by Patrick Powell; problem pointed out by David Sacerdote <das33@cornell.edu>] *) Support EGD <http://www.lothar.com/tech/crypto/>. New functions RAND_egd() and RAND_status(). In the command line application, the EGD socket can be specified like a seed file using RANDFILE or -rand. - [Ulf Möller] + [Ulf Möller] *) Allow the string CERTIFICATE to be tolerated in PKCS#7 structures. Some CAs (e.g. Verisign) distribute certificates in this form. @@ -7794,7 +7845,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k #define OPENSSL_ALGORITHM_DEFINES #include <openssl/opensslconf.h> defines all pertinent NO_<algo> symbols, such as NO_IDEA, NO_RSA, etc. - [Richard Levitte, Ulf and Bodo Möller] + [Richard Levitte, Ulf and Bodo Möller] *) Bugfix: Tolerate fragmentation and interleaving in the SSL 3/TLS record layer. @@ -7845,17 +7896,17 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Bug fix for BN_div_recp() for numerators with an even number of bits. - [Ulf Möller] + [Ulf Möller] *) More tests in bntest.c, and changed test_bn output. - [Ulf Möller] + [Ulf Möller] *) ./config recognizes MacOS X now. [Andy Polyakov] *) Bug fix for BN_div() when the first words of num and divsor are equal (it gave wrong results if (rem=(n1-q*d0)&BN_MASK2) < d0). - [Ulf Möller] + [Ulf Möller] *) Add support for various broken PKCS#8 formats, and command line options to produce them. @@ -7863,11 +7914,11 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) New functions BN_CTX_start(), BN_CTX_get() and BT_CTX_end() to get temporary BIGNUMs from a BN_CTX. - [Ulf Möller] + [Ulf Möller] *) Correct return values in BN_mod_exp_mont() and BN_mod_exp2_mont() for p == 0. - [Ulf Möller] + [Ulf Möller] *) Change the SSLeay_add_all_*() functions to OpenSSL_add_all_*() and include a #define from the old name to the new. The original intent @@ -7891,7 +7942,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Source code cleanups: use const where appropriate, eliminate casts, use void * instead of char * in lhash. - [Ulf Möller] + [Ulf Möller] *) Bugfix: ssl3_send_server_key_exchange was not restartable (the state was not changed to SSL3_ST_SW_KEY_EXCH_B, and because of @@ -7936,13 +7987,13 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Steve Henson] *) New function BN_pseudo_rand(). - [Ulf Möller] + [Ulf Möller] *) Clean up BN_mod_mul_montgomery(): replace the broken (and unreadable) bignum version of BN_from_montgomery() with the working code from SSLeay 0.9.0 (the word based version is faster anyway), and clean up the comments. - [Ulf Möller] + [Ulf Möller] *) Avoid a race condition in s2_clnt.c (function get_server_hello) that made it impossible to use the same SSL_SESSION data structure in @@ -7952,25 +8003,25 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) The return value of RAND_load_file() no longer counts bytes obtained by stat(). RAND_load_file(..., -1) is new and uses the complete file to seed the PRNG (previously an explicit byte count was required). - [Ulf Möller, Bodo Möller] + [Ulf Möller, Bodo Möller] *) Clean up CRYPTO_EX_DATA functions, some of these didn't have prototypes used (char *) instead of (void *) and had casts all over the place. [Steve Henson] *) Make BN_generate_prime() return NULL on error if ret!=NULL. - [Ulf Möller] + [Ulf Möller] *) Retain source code compatibility for BN_prime_checks macro: BN_is_prime(..., BN_prime_checks, ...) now uses BN_prime_checks_for_size to determine the appropriate number of Rabin-Miller iterations. - [Ulf Möller] + [Ulf Möller] *) Diffie-Hellman uses "safe" primes: DH_check() return code renamed to DH_CHECK_P_NOT_SAFE_PRIME. (Check if this is true? OpenPGP calls them "strong".) - [Ulf Möller] + [Ulf Möller] *) Merge the functionality of "dh" and "gendh" programs into a new program "dhparam". The old programs are retained for now but will handle DH keys @@ -8026,7 +8077,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Add missing #ifndefs that caused missing symbols when building libssl as a shared library without RSA. Use #ifndef NO_SSL2 instead of NO_RSA in ssl/s2*.c. - [Kris Kennaway <kris@hub.freebsd.org>, modified by Ulf Möller] + [Kris Kennaway <kris@hub.freebsd.org>, modified by Ulf Möller] *) Precautions against using the PRNG uninitialized: RAND_bytes() now has a return value which indicates the quality of the random data @@ -8035,7 +8086,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k guaranteed to be unique but not unpredictable. RAND_add is like RAND_seed, but takes an extra argument for an entropy estimate (RAND_seed always assumes full entropy). - [Ulf Möller] + [Ulf Möller] *) Do more iterations of Rabin-Miller probable prime test (specifically, 3 for 1024-bit primes, 6 for 512-bit primes, 12 for 256-bit primes @@ -8065,7 +8116,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Steve Henson] *) Honor the no-xxx Configure options when creating .DEF files. - [Ulf Möller] + [Ulf Möller] *) Add PKCS#10 attributes to field table: challengePassword, unstructuredName and unstructuredAddress. These are taken from @@ -8899,7 +8950,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) More DES library cleanups: remove references to srand/rand and delete an unused file. - [Ulf Möller] + [Ulf Möller] *) Add support for the the free Netwide assembler (NASM) under Win32, since not many people have MASM (ml) and it can be hard to obtain. @@ -8988,7 +9039,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k worked. *) Fix problems with no-hmac etc. - [Ulf Möller, pointed out by Brian Wellington <bwelling@tislabs.com>] + [Ulf Möller, pointed out by Brian Wellington <bwelling@tislabs.com>] *) New functions RSA_get_default_method(), RSA_set_method() and RSA_get_method(). These allows replacement of RSA_METHODs without having @@ -9105,7 +9156,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Ben Laurie] *) DES library cleanups. - [Ulf Möller] + [Ulf Möller] *) Add support for PKCS#5 v2.0 PBE algorithms. This will permit PKCS#8 to be used with any cipher unlike PKCS#5 v1.5 which can at most handle 64 bit @@ -9148,7 +9199,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Christian Forster <fo@hawo.stw.uni-erlangen.de>] *) config now generates no-xxx options for missing ciphers. - [Ulf Möller] + [Ulf Möller] *) Support the EBCDIC character set (work in progress). File ebcdic.c not yet included because it has a different license. @@ -9261,7 +9312,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Bodo Moeller] *) Move openssl.cnf out of lib/. - [Ulf Möller] + [Ulf Möller] *) Fix various things to let OpenSSL even pass ``egcc -pipe -O2 -Wall -Wshadow -Wpointer-arith -Wcast-align -Wmissing-prototypes @@ -9318,10 +9369,10 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Ben Laurie] *) Support Borland C++ builder. - [Janez Jere <jj@void.si>, modified by Ulf Möller] + [Janez Jere <jj@void.si>, modified by Ulf Möller] *) Support Mingw32. - [Ulf Möller] + [Ulf Möller] *) SHA-1 cleanups and performance enhancements. [Andy Polyakov <appro@fy.chalmers.se>] @@ -9330,7 +9381,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Andy Polyakov <appro@fy.chalmers.se>] *) Accept any -xxx and +xxx compiler options in Configure. - [Ulf Möller] + [Ulf Möller] *) Update HPUX configuration. [Anonymous] @@ -9363,7 +9414,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Bodo Moeller] *) OAEP decoding bug fix. - [Ulf Möller] + [Ulf Möller] *) Support INSTALL_PREFIX for package builders, as proposed by David Harris. @@ -9386,21 +9437,21 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Niels Poppe <niels@netbox.org>] *) New Configure option no-<cipher> (rsa, idea, rc5, ...). - [Ulf Möller] + [Ulf Möller] *) Add the PKCS#12 API documentation to openssl.txt. Preliminary support for extension adding in x509 utility. [Steve Henson] *) Remove NOPROTO sections and error code comments. - [Ulf Möller] + [Ulf Möller] *) Partial rewrite of the DEF file generator to now parse the ANSI prototypes. [Steve Henson] *) New Configure options --prefix=DIR and --openssldir=DIR. - [Ulf Möller] + [Ulf Möller] *) Complete rewrite of the error code script(s). It is all now handled by one script at the top level which handles error code gathering, @@ -9429,7 +9480,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Steve Henson] *) Move the autogenerated header file parts to crypto/opensslconf.h. - [Ulf Möller] + [Ulf Möller] *) Fix new 56-bit DES export ciphersuites: they were using 7 bytes instead of 8 of keying material. Merlin has also confirmed interop with this fix @@ -9447,13 +9498,13 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Andy Polyakov <appro@fy.chalmers.se>] *) Change functions to ANSI C. - [Ulf Möller] + [Ulf Möller] *) Fix typos in error codes. - [Martin Kraemer <Martin.Kraemer@MchP.Siemens.De>, Ulf Möller] + [Martin Kraemer <Martin.Kraemer@MchP.Siemens.De>, Ulf Möller] *) Remove defunct assembler files from Configure. - [Ulf Möller] + [Ulf Möller] *) SPARC v8 assembler BIGNUM implementation. [Andy Polyakov <appro@fy.chalmers.se>] @@ -9490,7 +9541,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Steve Henson] *) New Configure option "rsaref". - [Ulf Möller] + [Ulf Möller] *) Don't auto-generate pem.h. [Bodo Moeller] @@ -9538,7 +9589,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) New functions DSA_do_sign and DSA_do_verify to provide access to the raw DSA values prior to ASN.1 encoding. - [Ulf Möller] + [Ulf Möller] *) Tweaks to Configure [Niels Poppe <niels@netbox.org>] @@ -9548,11 +9599,11 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Steve Henson] *) New variables $(RANLIB) and $(PERL) in the Makefiles. - [Ulf Möller] + [Ulf Möller] *) New config option to avoid instructions that are illegal on the 80386. The default code is faster, but requires at least a 486. - [Ulf Möller] + [Ulf Möller] *) Got rid of old SSL2_CLIENT_VERSION (inconsistently used) and SSL2_SERVER_VERSION (not used at all) macros, which are now the @@ -10091,7 +10142,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k Hagino <itojun@kame.net>] *) File was opened incorrectly in randfile.c. - [Ulf Möller <ulf@fitug.de>] + [Ulf Möller <ulf@fitug.de>] *) Beginning of support for GeneralizedTime. d2i, i2d, check and print functions. Also ASN1_TIME suite which is a CHOICE of UTCTime or @@ -10101,7 +10152,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Steve Henson] *) Correct Linux 1 recognition in config. - [Ulf Möller <ulf@fitug.de>] + [Ulf Möller <ulf@fitug.de>] *) Remove pointless MD5 hash when using DSA keys in ca. [Anonymous <nobody@replay.com>] @@ -10248,7 +10299,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Fix the RSA header declarations that hid a bug I fixed in 0.9.0b but was already fixed by Eric for 0.9.1 it seems. - [Ben Laurie - pointed out by Ulf Möller <ulf@fitug.de>] + [Ben Laurie - pointed out by Ulf Möller <ulf@fitug.de>] *) Autodetect FreeBSD3. [Ben Laurie] diff --git a/crypto/openssl/CONTRIBUTING b/crypto/openssl/CONTRIBUTING new file mode 100644 index 0000000..9d63d8a --- /dev/null +++ b/crypto/openssl/CONTRIBUTING @@ -0,0 +1,38 @@ +HOW TO CONTRIBUTE TO OpenSSL +---------------------------- + +Development is coordinated on the openssl-dev mailing list (see +http://www.openssl.org for information on subscribing). If you +would like to submit a patch, send it to rt@openssl.org with +the string "[PATCH]" in the subject. Please be sure to include a +textual explanation of what your patch does. + +You can also make GitHub pull requests. If you do this, please also send +mail to rt@openssl.org with a brief description and a link to the PR so +that we can more easily keep track of it. + +If you are unsure as to whether a feature will be useful for the general +OpenSSL community please discuss it on the openssl-dev mailing list first. +Someone may be already working on the same thing or there may be a good +reason as to why that feature isn't implemented. + +Patches should be as up to date as possible, preferably relative to the +current Git or the last snapshot. They should follow our coding style +(see https://www.openssl.org/policies/codingstyle.html) and compile without +warnings using the --strict-warnings flag. OpenSSL compiles on many varied +platforms: try to ensure you only use portable features. + +Our preferred format for patch files is "git format-patch" output. For example +to provide a patch file containing the last commit in your local git repository +use the following command: + +# git format-patch --stdout HEAD^ >mydiffs.patch + +Another method of creating an acceptable patch file without using git is as +follows: + +# cd openssl-work +# [your changes] +# ./Configure dist; make clean +# cd .. +# diff -ur openssl-orig openssl-work > mydiffs.patch diff --git a/crypto/openssl/Configure b/crypto/openssl/Configure index 60ec378..fdf8d9a 100755 --- a/crypto/openssl/Configure +++ b/crypto/openssl/Configure @@ -105,6 +105,8 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimenta my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED"; +my $clang_devteam_warn = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Qunused-arguments"; + my $strict_warnings = 0; my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL"; @@ -197,6 +199,7 @@ my %table=( "debug-linux-generic32","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-linux-generic64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-linux-x86_64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"debug-linux-x86_64-clang","clang: -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", "dist", "cc:-O::(unknown)::::::", # Basic configs that should work on any (32 and less bit) box @@ -361,6 +364,7 @@ my %table=( "linux-ia64-ecc","ecc:-DL_ENDIAN -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "linux-ia64-icc","icc:-DL_ENDIAN -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "linux-x86_64", "gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"linux-x86_64-clang","clang: -m64 -DL_ENDIAN -O3 -Wall -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", "linux64-s390x", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", #### So called "highgprs" target for z/Architecture CPUs # "Highgprs" is kernel feature first implemented in Linux 2.6.32, see @@ -1574,11 +1578,20 @@ if ($shlib_version_number =~ /(^[0-9]*)\.([0-9\.]*)/) if ($strict_warnings) { + my $ecc = $cc; + $ecc = "clang" if `$cc --version 2>&1` =~ /clang/; my $wopt; - die "ERROR --strict-warnings requires gcc" unless ($cc =~ /gcc$/); + die "ERROR --strict-warnings requires gcc or clang" unless ($ecc =~ /gcc$/ or $ecc =~ /clang$/); foreach $wopt (split /\s+/, $gcc_devteam_warn) { - $cflags .= " $wopt" unless ($cflags =~ /$wopt/) + $cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/) + } + if ($ecc eq "clang") + { + foreach $wopt (split /\s+/, $clang_devteam_warn) + { + $cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/) + } } } diff --git a/crypto/openssl/FAQ b/crypto/openssl/FAQ index f8ea604..22c5cf7 100644 --- a/crypto/openssl/FAQ +++ b/crypto/openssl/FAQ @@ -1,1039 +1,2 @@ -OpenSSL - Frequently Asked Questions --------------------------------------- - -[MISC] Miscellaneous questions - -* Which is the current version of OpenSSL? -* Where is the documentation? -* How can I contact the OpenSSL developers? -* Where can I get a compiled version of OpenSSL? -* Why aren't tools like 'autoconf' and 'libtool' used? -* What is an 'engine' version? -* How do I check the authenticity of the OpenSSL distribution? -* How does the versioning scheme work? - -[LEGAL] Legal questions - -* Do I need patent licenses to use OpenSSL? -* Can I use OpenSSL with GPL software? - -[USER] Questions on using the OpenSSL applications - -* Why do I get a "PRNG not seeded" error message? -* Why do I get an "unable to write 'random state'" error message? -* How do I create certificates or certificate requests? -* Why can't I create certificate requests? -* Why does <SSL program> fail with a certificate verify error? -* Why can I only use weak ciphers when I connect to a server using OpenSSL? -* How can I create DSA certificates? -* Why can't I make an SSL connection using a DSA certificate? -* How can I remove the passphrase on a private key? -* Why can't I use OpenSSL certificates with SSL client authentication? -* Why does my browser give a warning about a mismatched hostname? -* How do I install a CA certificate into a browser? -* Why is OpenSSL x509 DN output not conformant to RFC2253? -* What is a "128 bit certificate"? Can I create one with OpenSSL? -* Why does OpenSSL set the authority key identifier extension incorrectly? -* How can I set up a bundle of commercial root CA certificates? - -[BUILD] Questions about building and testing OpenSSL - -* Why does the linker complain about undefined symbols? -* Why does the OpenSSL test fail with "bc: command not found"? -* Why does the OpenSSL test fail with "bc: 1 no implemented"? -* Why does the OpenSSL test fail with "bc: stack empty"? -* Why does the OpenSSL compilation fail on Alpha Tru64 Unix? -* Why does the OpenSSL compilation fail with "ar: command not found"? -* Why does the OpenSSL compilation fail on Win32 with VC++? -* What is special about OpenSSL on Redhat? -* Why does the OpenSSL compilation fail on MacOS X? -* Why does the OpenSSL test suite fail on MacOS X? -* Why does the OpenSSL test suite fail in BN_sqr test [on a 64-bit platform]? -* Why does OpenBSD-i386 build fail on des-586.s with "Unimplemented segment type"? -* Why does the OpenSSL test suite fail in sha512t on x86 CPU? -* Why does compiler fail to compile sha512.c? -* Test suite still fails, what to do? -* I think I've found a bug, what should I do? -* I'm SURE I've found a bug, how do I report it? -* I've found a security issue, how do I report it? - -[PROG] Questions about programming with OpenSSL - -* Is OpenSSL thread-safe? -* I've compiled a program under Windows and it crashes: why? -* How do I read or write a DER encoded buffer using the ASN1 functions? -* OpenSSL uses DER but I need BER format: does OpenSSL support BER? -* I've tried using <M_some_evil_pkcs12_macro> and I get errors why? -* I've called <some function> and it fails, why? -* I just get a load of numbers for the error output, what do they mean? -* Why do I get errors about unknown algorithms? -* Why can't the OpenSSH configure script detect OpenSSL? -* Can I use OpenSSL's SSL library with non-blocking I/O? -* Why doesn't my server application receive a client certificate? -* Why does compilation fail due to an undefined symbol NID_uniqueIdentifier? -* I think I've detected a memory leak, is this a bug? -* Why does Valgrind complain about the use of uninitialized data? -* Why doesn't a memory BIO work when a file does? -* Where are the declarations and implementations of d2i_X509() etc? - -=============================================================================== - -[MISC] ======================================================================== - -* Which is the current version of OpenSSL? - -The current version is available from <URL: http://www.openssl.org>. -OpenSSL 1.0.1e was released on Feb 11th, 2013. - -In addition to the current stable release, you can also access daily -snapshots of the OpenSSL development version at <URL: -ftp://ftp.openssl.org/snapshot/>, or get it by anonymous Git access. - - -* Where is the documentation? - -OpenSSL is a library that provides cryptographic functionality to -applications such as secure web servers. Be sure to read the -documentation of the application you want to use. The INSTALL file -explains how to install this library. - -OpenSSL includes a command line utility that can be used to perform a -variety of cryptographic functions. It is described in the openssl(1) -manpage. Documentation for developers is currently being written. Many -manual pages are available; overviews over libcrypto and -libssl are given in the crypto(3) and ssl(3) manpages. - -The OpenSSL manpages are installed in /usr/local/ssl/man/ (or a -different directory if you specified one as described in INSTALL). -In addition, you can read the most current versions at -<URL: http://www.openssl.org/docs/>. Note that the online documents refer -to the very latest development versions of OpenSSL and may include features -not present in released versions. If in doubt refer to the documentation -that came with the version of OpenSSL you are using. The pod format -documentation is included in each OpenSSL distribution under the docs -directory. - -There is some documentation about certificate extensions and PKCS#12 -in doc/openssl.txt - -The original SSLeay documentation is included in OpenSSL as -doc/ssleay.txt. It may be useful when none of the other resources -help, but please note that it reflects the obsolete version SSLeay -0.6.6. - - -* How can I contact the OpenSSL developers? - -The README file describes how to submit bug reports and patches to -OpenSSL. Information on the OpenSSL mailing lists is available from -<URL: http://www.openssl.org>. - - -* Where can I get a compiled version of OpenSSL? - -You can finder pointers to binary distributions in -<URL: http://www.openssl.org/related/binaries.html> . - -Some applications that use OpenSSL are distributed in binary form. -When using such an application, you don't need to install OpenSSL -yourself; the application will include the required parts (e.g. DLLs). - -If you want to build OpenSSL on a Windows system and you don't have -a C compiler, read the "Mingw32" section of INSTALL.W32 for information -on how to obtain and install the free GNU C compiler. - -A number of Linux and *BSD distributions include OpenSSL. - - -* Why aren't tools like 'autoconf' and 'libtool' used? - -autoconf will probably be used in future OpenSSL versions. If it was -less Unix-centric, it might have been used much earlier. - -* What is an 'engine' version? - -With version 0.9.6 OpenSSL was extended to interface to external crypto -hardware. This was realized in a special release '0.9.6-engine'. With -version 0.9.7 the changes were merged into the main development line, -so that the special release is no longer necessary. - -* How do I check the authenticity of the OpenSSL distribution? - -We provide MD5 digests and ASC signatures of each tarball. -Use MD5 to check that a tarball from a mirror site is identical: - - md5sum TARBALL | awk '{print $1;}' | cmp - TARBALL.md5 - -You can check authenticity using pgp or gpg. You need the OpenSSL team -member public key used to sign it (download it from a key server, see a -list of keys at <URL: http://www.openssl.org/about/>). Then -just do: - - pgp TARBALL.asc - -* How does the versioning scheme work? - -After the release of OpenSSL 1.0.0 the versioning scheme changed. Letter -releases (e.g. 1.0.1a) can only contain bug and security fixes and no -new features. Minor releases change the last number (e.g. 1.0.2) and -can contain new features that retain binary compatibility. Changes to -the middle number are considered major releases and neither source nor -binary compatibility is guaranteed. - -Therefore the answer to the common question "when will feature X be -backported to OpenSSL 1.0.0/0.9.8?" is "never" but it could appear -in the next minor release. - -[LEGAL] ======================================================================= - -* Do I need patent licenses to use OpenSSL? - -The patents section of the README file lists patents that may apply to -you if you want to use OpenSSL. For information on intellectual -property rights, please consult a lawyer. The OpenSSL team does not -offer legal advice. - -You can configure OpenSSL so as not to use IDEA, MDC2 and RC5 by using - ./config no-idea no-mdc2 no-rc5 - - -* Can I use OpenSSL with GPL software? - -On many systems including the major Linux and BSD distributions, yes (the -GPL does not place restrictions on using libraries that are part of the -normal operating system distribution). - -On other systems, the situation is less clear. Some GPL software copyright -holders claim that you infringe on their rights if you use OpenSSL with -their software on operating systems that don't normally include OpenSSL. - -If you develop open source software that uses OpenSSL, you may find it -useful to choose an other license than the GPL, or state explicitly that -"This program is released under the GPL with the additional exemption that -compiling, linking, and/or using OpenSSL is allowed." If you are using -GPL software developed by others, you may want to ask the copyright holder -for permission to use their software with OpenSSL. - - -[USER] ======================================================================== - -* Why do I get a "PRNG not seeded" error message? - -Cryptographic software needs a source of unpredictable data to work -correctly. Many open source operating systems provide a "randomness -device" (/dev/urandom or /dev/random) that serves this purpose. -All OpenSSL versions try to use /dev/urandom by default; starting with -version 0.9.7, OpenSSL also tries /dev/random if /dev/urandom is not -available. - -On other systems, applications have to call the RAND_add() or -RAND_seed() function with appropriate data before generating keys or -performing public key encryption. (These functions initialize the -pseudo-random number generator, PRNG.) Some broken applications do -not do this. As of version 0.9.5, the OpenSSL functions that need -randomness report an error if the random number generator has not been -seeded with at least 128 bits of randomness. If this error occurs and -is not discussed in the documentation of the application you are -using, please contact the author of that application; it is likely -that it never worked correctly. OpenSSL 0.9.5 and later make the -error visible by refusing to perform potentially insecure encryption. - -If you are using Solaris 8, you can add /dev/urandom and /dev/random -devices by installing patch 112438 (Sparc) or 112439 (x86), which are -available via the Patchfinder at <URL: http://sunsolve.sun.com> -(Solaris 9 includes these devices by default). For /dev/random support -for earlier Solaris versions, see Sun's statement at -<URL: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski> -(the SUNWski package is available in patch 105710). - -On systems without /dev/urandom and /dev/random, it is a good idea to -use the Entropy Gathering Demon (EGD); see the RAND_egd() manpage for -details. Starting with version 0.9.7, OpenSSL will automatically look -for an EGD socket at /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool and -/etc/entropy. - -Most components of the openssl command line utility automatically try -to seed the random number generator from a file. The name of the -default seeding file is determined as follows: If environment variable -RANDFILE is set, then it names the seeding file. Otherwise if -environment variable HOME is set, then the seeding file is $HOME/.rnd. -If neither RANDFILE nor HOME is set, versions up to OpenSSL 0.9.6 will -use file .rnd in the current directory while OpenSSL 0.9.6a uses no -default seeding file at all. OpenSSL 0.9.6b and later will behave -similarly to 0.9.6a, but will use a default of "C:\" for HOME on -Windows systems if the environment variable has not been set. - -If the default seeding file does not exist or is too short, the "PRNG -not seeded" error message may occur. - -The openssl command line utility will write back a new state to the -default seeding file (and create this file if necessary) unless -there was no sufficient seeding. - -Pointing $RANDFILE to an Entropy Gathering Daemon socket does not work. -Use the "-rand" option of the OpenSSL command line tools instead. -The $RANDFILE environment variable and $HOME/.rnd are only used by the -OpenSSL command line tools. Applications using the OpenSSL library -provide their own configuration options to specify the entropy source, -please check out the documentation coming the with application. - - -* Why do I get an "unable to write 'random state'" error message? - - -Sometimes the openssl command line utility does not abort with -a "PRNG not seeded" error message, but complains that it is -"unable to write 'random state'". This message refers to the -default seeding file (see previous answer). A possible reason -is that no default filename is known because neither RANDFILE -nor HOME is set. (Versions up to 0.9.6 used file ".rnd" in the -current directory in this case, but this has changed with 0.9.6a.) - - -* How do I create certificates or certificate requests? - -Check out the CA.pl(1) manual page. This provides a simple wrapper round -the 'req', 'verify', 'ca' and 'pkcs12' utilities. For finer control check -out the manual pages for the individual utilities and the certificate -extensions documentation (in ca(1), req(1), x509v3_config(5) ) - - -* Why can't I create certificate requests? - -You typically get the error: - - unable to find 'distinguished_name' in config - problems making Certificate Request - -This is because it can't find the configuration file. Check out the -DIAGNOSTICS section of req(1) for more information. - - -* Why does <SSL program> fail with a certificate verify error? - -This problem is usually indicated by log messages saying something like -"unable to get local issuer certificate" or "self signed certificate". -When a certificate is verified its root CA must be "trusted" by OpenSSL -this typically means that the CA certificate must be placed in a directory -or file and the relevant program configured to read it. The OpenSSL program -'verify' behaves in a similar way and issues similar error messages: check -the verify(1) program manual page for more information. - - -* Why can I only use weak ciphers when I connect to a server using OpenSSL? - -This is almost certainly because you are using an old "export grade" browser -which only supports weak encryption. Upgrade your browser to support 128 bit -ciphers. - - -* How can I create DSA certificates? - -Check the CA.pl(1) manual page for a DSA certificate example. - - -* Why can't I make an SSL connection to a server using a DSA certificate? - -Typically you'll see a message saying there are no shared ciphers when -the same setup works fine with an RSA certificate. There are two possible -causes. The client may not support connections to DSA servers most web -browsers (including Netscape and MSIE) only support connections to servers -supporting RSA cipher suites. The other cause is that a set of DH parameters -has not been supplied to the server. DH parameters can be created with the -dhparam(1) command and loaded using the SSL_CTX_set_tmp_dh() for example: -check the source to s_server in apps/s_server.c for an example. - - -* How can I remove the passphrase on a private key? - -Firstly you should be really *really* sure you want to do this. Leaving -a private key unencrypted is a major security risk. If you decide that -you do have to do this check the EXAMPLES sections of the rsa(1) and -dsa(1) manual pages. - - -* Why can't I use OpenSSL certificates with SSL client authentication? - -What will typically happen is that when a server requests authentication -it will either not include your certificate or tell you that you have -no client certificates (Netscape) or present you with an empty list box -(MSIE). The reason for this is that when a server requests a client -certificate it includes a list of CAs names which it will accept. Browsers -will only let you select certificates from the list on the grounds that -there is little point presenting a certificate which the server will -reject. - -The solution is to add the relevant CA certificate to your servers "trusted -CA list". How you do this depends on the server software in uses. You can -print out the servers list of acceptable CAs using the OpenSSL s_client tool: - -openssl s_client -connect www.some.host:443 -prexit - -If your server only requests certificates on certain URLs then you may need -to manually issue an HTTP GET command to get the list when s_client connects: - -GET /some/page/needing/a/certificate.html - -If your CA does not appear in the list then this confirms the problem. - - -* Why does my browser give a warning about a mismatched hostname? - -Browsers expect the server's hostname to match the value in the commonName -(CN) field of the certificate. If it does not then you get a warning. - - -* How do I install a CA certificate into a browser? - -The usual way is to send the DER encoded certificate to the browser as -MIME type application/x-x509-ca-cert, for example by clicking on an appropriate -link. On MSIE certain extensions such as .der or .cacert may also work, or you -can import the certificate using the certificate import wizard. - -You can convert a certificate to DER form using the command: - -openssl x509 -in ca.pem -outform DER -out ca.der - -Occasionally someone suggests using a command such as: - -openssl pkcs12 -export -out cacert.p12 -in cacert.pem -inkey cakey.pem - -DO NOT DO THIS! This command will give away your CAs private key and -reduces its security to zero: allowing anyone to forge certificates in -whatever name they choose. - -* Why is OpenSSL x509 DN output not conformant to RFC2253? - -The ways to print out the oneline format of the DN (Distinguished Name) have -been extended in version 0.9.7 of OpenSSL. Using the new X509_NAME_print_ex() -interface, the "-nameopt" option could be introduded. See the manual -page of the "openssl x509" commandline tool for details. The old behaviour -has however been left as default for the sake of compatibility. - -* What is a "128 bit certificate"? Can I create one with OpenSSL? - -The term "128 bit certificate" is a highly misleading marketing term. It does -*not* refer to the size of the public key in the certificate! A certificate -containing a 128 bit RSA key would have negligible security. - -There were various other names such as "magic certificates", "SGC -certificates", "step up certificates" etc. - -You can't generally create such a certificate using OpenSSL but there is no -need to any more. Nowadays web browsers using unrestricted strong encryption -are generally available. - -When there were tight restrictions on the export of strong encryption -software from the US only weak encryption algorithms could be freely exported -(initially 40 bit and then 56 bit). It was widely recognised that this was -inadequate. A relaxation of the rules allowed the use of strong encryption but -only to an authorised server. - -Two slighly different techniques were developed to support this, one used by -Netscape was called "step up", the other used by MSIE was called "Server Gated -Cryptography" (SGC). When a browser initially connected to a server it would -check to see if the certificate contained certain extensions and was issued by -an authorised authority. If these test succeeded it would reconnect using -strong encryption. - -Only certain (initially one) certificate authorities could issue the -certificates and they generally cost more than ordinary certificates. - -Although OpenSSL can create certificates containing the appropriate extensions -the certificate would not come from a permitted authority and so would not -be recognized. - -The export laws were later changed to allow almost unrestricted use of strong -encryption so these certificates are now obsolete. - - -* Why does OpenSSL set the authority key identifier (AKID) extension incorrectly? - -It doesn't: this extension is often the cause of confusion. - -Consider a certificate chain A->B->C so that A signs B and B signs C. Suppose -certificate C contains AKID. - -The purpose of this extension is to identify the authority certificate B. This -can be done either by including the subject key identifier of B or its issuer -name and serial number. - -In this latter case because it is identifying certifcate B it must contain the -issuer name and serial number of B. - -It is often wrongly assumed that it should contain the subject name of B. If it -did this would be redundant information because it would duplicate the issuer -name of C. - - -* How can I set up a bundle of commercial root CA certificates? - -The OpenSSL software is shipped without any root CA certificate as the -OpenSSL project does not have any policy on including or excluding -any specific CA and does not intend to set up such a policy. Deciding -about which CAs to support is up to application developers or -administrators. - -Other projects do have other policies so you can for example extract the CA -bundle used by Mozilla and/or modssl as described in this article: - - <URL: http://www.mail-archive.com/modssl-users@modssl.org/msg16980.html> - - -[BUILD] ======================================================================= - -* Why does the linker complain about undefined symbols? - -Maybe the compilation was interrupted, and make doesn't notice that -something is missing. Run "make clean; make". - -If you used ./Configure instead of ./config, make sure that you -selected the right target. File formats may differ slightly between -OS versions (for example sparcv8/sparcv9, or a.out/elf). - -In case you get errors about the following symbols, use the config -option "no-asm", as described in INSTALL: - - BF_cbc_encrypt, BF_decrypt, BF_encrypt, CAST_cbc_encrypt, - CAST_decrypt, CAST_encrypt, RC4, RC5_32_cbc_encrypt, RC5_32_decrypt, - RC5_32_encrypt, bn_add_words, bn_div_words, bn_mul_add_words, - bn_mul_comba4, bn_mul_comba8, bn_mul_words, bn_sqr_comba4, - bn_sqr_comba8, bn_sqr_words, bn_sub_words, des_decrypt3, - des_ede3_cbc_encrypt, des_encrypt, des_encrypt2, des_encrypt3, - des_ncbc_encrypt, md5_block_asm_host_order, sha1_block_asm_data_order - -If none of these helps, you may want to try using the current snapshot. -If the problem persists, please submit a bug report. - - -* Why does the OpenSSL test fail with "bc: command not found"? - -You didn't install "bc", the Unix calculator. If you want to run the -tests, get GNU bc from ftp://ftp.gnu.org or from your OS distributor. - - -* Why does the OpenSSL test fail with "bc: 1 no implemented"? - -On some SCO installations or versions, bc has a bug that gets triggered -when you run the test suite (using "make test"). The message returned is -"bc: 1 not implemented". - -The best way to deal with this is to find another implementation of bc -and compile/install it. GNU bc (see <URL: http://www.gnu.org/software/software.html> -for download instructions) can be safely used, for example. - - -* Why does the OpenSSL test fail with "bc: stack empty"? - -On some DG/ux versions, bc seems to have a too small stack for calculations -that the OpenSSL bntest throws at it. This gets triggered when you run the -test suite (using "make test"). The message returned is "bc: stack empty". - -The best way to deal with this is to find another implementation of bc -and compile/install it. GNU bc (see <URL: http://www.gnu.org/software/software.html> -for download instructions) can be safely used, for example. - - -* Why does the OpenSSL compilation fail on Alpha Tru64 Unix? - -On some Alpha installations running Tru64 Unix and Compaq C, the compilation -of crypto/sha/sha_dgst.c fails with the message 'Fatal: Insufficient virtual -memory to continue compilation.' As far as the tests have shown, this may be -a compiler bug. What happens is that it eats up a lot of resident memory -to build something, probably a table. The problem is clearly in the -optimization code, because if one eliminates optimization completely (-O0), -the compilation goes through (and the compiler consumes about 2MB of resident -memory instead of 240MB or whatever one's limit is currently). - -There are three options to solve this problem: - -1. set your current data segment size soft limit higher. Experience shows -that about 241000 kbytes seems to be enough on an AlphaServer DS10. You do -this with the command 'ulimit -Sd nnnnnn', where 'nnnnnn' is the number of -kbytes to set the limit to. - -2. If you have a hard limit that is lower than what you need and you can't -get it changed, you can compile all of OpenSSL with -O0 as optimization -level. This is however not a very nice thing to do for those who expect to -get the best result from OpenSSL. A bit more complicated solution is the -following: - ------ snip:start ----- - make DIRS=crypto SDIRS=sha "`grep '^CFLAG=' Makefile.ssl | \ - sed -e 's/ -O[0-9] / -O0 /'`" - rm `ls crypto/*.o crypto/sha/*.o | grep -v 'sha_dgst\.o'` - make ------ snip:end ----- - -This will only compile sha_dgst.c with -O0, the rest with the optimization -level chosen by the configuration process. When the above is done, do the -test and installation and you're set. - -3. Reconfigure the toolkit with no-sha0 option to leave out SHA0. It -should not be used and is not used in SSL/TLS nor any other recognized -protocol in either case. - - -* Why does the OpenSSL compilation fail with "ar: command not found"? - -Getting this message is quite usual on Solaris 2, because Sun has hidden -away 'ar' and other development commands in directories that aren't in -$PATH by default. One of those directories is '/usr/ccs/bin'. The -quickest way to fix this is to do the following (it assumes you use sh -or any sh-compatible shell): - ------ snip:start ----- - PATH=${PATH}:/usr/ccs/bin; export PATH ------ snip:end ----- - -and then redo the compilation. What you should really do is make sure -'/usr/ccs/bin' is permanently in your $PATH, for example through your -'.profile' (again, assuming you use a sh-compatible shell). - - -* Why does the OpenSSL compilation fail on Win32 with VC++? - -Sometimes, you may get reports from VC++ command line (cl) that it -can't find standard include files like stdio.h and other weirdnesses. -One possible cause is that the environment isn't correctly set up. -To solve that problem for VC++ versions up to 6, one should run -VCVARS32.BAT which is found in the 'bin' subdirectory of the VC++ -installation directory (somewhere under 'Program Files'). For VC++ -version 7 (and up?), which is also called VS.NET, the file is called -VSVARS32.BAT instead. -This needs to be done prior to running NMAKE, and the changes are only -valid for the current DOS session. - - -* What is special about OpenSSL on Redhat? - -Red Hat Linux (release 7.0 and later) include a preinstalled limited -version of OpenSSL. For patent reasons, support for IDEA, RC5 and MDC2 -is disabled in this version. The same may apply to other Linux distributions. -Users may therefore wish to install more or all of the features left out. - -To do this you MUST ensure that you do not overwrite the openssl that is in -/usr/bin on your Red Hat machine. Several packages depend on this file, -including sendmail and ssh. /usr/local/bin is a good alternative choice. The -libraries that come with Red Hat 7.0 onwards have different names and so are -not affected. (eg For Red Hat 7.2 they are /lib/libssl.so.0.9.6b and -/lib/libcrypto.so.0.9.6b with symlinks /lib/libssl.so.2 and -/lib/libcrypto.so.2 respectively). - -Please note that we have been advised by Red Hat attempting to recompile the -openssl rpm with all the cryptography enabled will not work. All other -packages depend on the original Red Hat supplied openssl package. It is also -worth noting that due to the way Red Hat supplies its packages, updates to -openssl on each distribution never change the package version, only the -build number. For example, on Red Hat 7.1, the latest openssl package has -version number 0.9.6 and build number 9 even though it contains all the -relevant updates in packages up to and including 0.9.6b. - -A possible way around this is to persuade Red Hat to produce a non-US -version of Red Hat Linux. - -FYI: Patent numbers and expiry dates of US patents: -MDC-2: 4,908,861 13/03/2007 -IDEA: 5,214,703 25/05/2010 -RC5: 5,724,428 03/03/2015 - - -* Why does the OpenSSL compilation fail on MacOS X? - -If the failure happens when trying to build the "openssl" binary, with -a large number of undefined symbols, it's very probable that you have -OpenSSL 0.9.6b delivered with the operating system (you can find out by -running '/usr/bin/openssl version') and that you were trying to build -OpenSSL 0.9.7 or newer. The problem is that the loader ('ld') in -MacOS X has a misfeature that's quite difficult to go around. -Look in the file PROBLEMS for a more detailed explanation and for possible -solutions. - - -* Why does the OpenSSL test suite fail on MacOS X? - -If the failure happens when running 'make test' and the RC4 test fails, -it's very probable that you have OpenSSL 0.9.6b delivered with the -operating system (you can find out by running '/usr/bin/openssl version') -and that you were trying to build OpenSSL 0.9.6d. The problem is that -the loader ('ld') in MacOS X has a misfeature that's quite difficult to -go around and has linked the programs "openssl" and the test programs -with /usr/lib/libcrypto.dylib and /usr/lib/libssl.dylib instead of the -libraries you just built. -Look in the file PROBLEMS for a more detailed explanation and for possible -solutions. - -* Why does the OpenSSL test suite fail in BN_sqr test [on a 64-bit platform]? - -Failure in BN_sqr test is most likely caused by a failure to configure the -toolkit for current platform or lack of support for the platform in question. -Run './config -t' and './apps/openssl version -p'. Do these platform -identifiers match? If they don't, then you most likely failed to run -./config and you're hereby advised to do so before filing a bug report. -If ./config itself fails to run, then it's most likely problem with your -local environment and you should turn to your system administrator (or -similar). If identifiers match (and/or no alternative identifier is -suggested by ./config script), then the platform is unsupported. There might -or might not be a workaround. Most notably on SPARC64 platforms with GNU -C compiler you should be able to produce a working build by running -'./config -m32'. I understand that -m32 might not be what you want/need, -but the build should be operational. For further details turn to -<openssl-dev@openssl.org>. - -* Why does OpenBSD-i386 build fail on des-586.s with "Unimplemented segment type"? - -As of 0.9.7 assembler routines were overhauled for position independence -of the machine code, which is essential for shared library support. For -some reason OpenBSD is equipped with an out-of-date GNU assembler which -finds the new code offensive. To work around the problem, configure with -no-asm (and sacrifice a great deal of performance) or patch your assembler -according to <URL: http://www.openssl.org/~appro/gas-1.92.3.OpenBSD.patch>. -For your convenience a pre-compiled replacement binary is provided at -<URL: http://www.openssl.org/~appro/gas-1.92.3.static.aout.bin>. -Reportedly elder *BSD a.out platforms also suffer from this problem and -remedy should be same. Provided binary is statically linked and should be -working across wider range of *BSD branches, not just OpenBSD. - -* Why does the OpenSSL test suite fail in sha512t on x86 CPU? - -If the test program in question fails withs SIGILL, Illegal Instruction -exception, then you more than likely to run SSE2-capable CPU, such as -Intel P4, under control of kernel which does not support SSE2 -instruction extentions. See accompanying INSTALL file and -OPENSSL_ia32cap(3) documentation page for further information. - -* Why does compiler fail to compile sha512.c? - -OpenSSL SHA-512 implementation depends on compiler support for 64-bit -integer type. Few elder compilers [ULTRIX cc, SCO compiler to mention a -couple] lack support for this and therefore are incapable of compiling -the module in question. The recommendation is to disable SHA-512 by -adding no-sha512 to ./config [or ./Configure] command line. Another -possible alternative might be to switch to GCC. - -* Test suite still fails, what to do? - -Another common reason for failure to complete some particular test is -simply bad code generated by a buggy component in toolchain or deficiency -in run-time environment. There are few cases documented in PROBLEMS file, -consult it for possible workaround before you beat the drum. Even if you -don't find solution or even mention there, do reserve for possibility of -a compiler bug. Compiler bugs might appear in rather bizarre ways, they -never make sense, and tend to emerge when you least expect them. In order -to identify one, drop optimization level, e.g. by editing CFLAG line in -top-level Makefile, recompile and re-run the test. - -* I think I've found a bug, what should I do? - -If you are a new user then it is quite likely you haven't found a bug and -something is happening you aren't familiar with. Check this FAQ, the associated -documentation and the mailing lists for similar queries. If you are still -unsure whether it is a bug or not submit a query to the openssl-users mailing -list. - - -* I'm SURE I've found a bug, how do I report it? - -Bug reports with no security implications should be sent to the request -tracker. This can be done by mailing the report to <rt@openssl.org> (or its -alias <openssl-bugs@openssl.org>), please note that messages sent to the -request tracker also appear in the public openssl-dev mailing list. - -The report should be in plain text. Any patches should be sent as -plain text attachments because some mailers corrupt patches sent inline. -If your issue affects multiple versions of OpenSSL check any patches apply -cleanly and, if possible include patches to each affected version. - -The report should be given a meaningful subject line briefly summarising the -issue. Just "bug in OpenSSL" or "bug in OpenSSL 0.9.8n" is not very helpful. - -By sending reports to the request tracker the bug can then be given a priority -and assigned to the appropriate maintainer. The history of discussions can be -accessed and if the issue has been addressed or a reason why not. If patches -are only sent to openssl-dev they can be mislaid if a team member has to -wade through months of old messages to review the discussion. - -See also <URL: http://www.openssl.org/support/rt.html> - - -* I've found a security issue, how do I report it? - -If you think your bug has security implications then please send it to -openssl-security@openssl.org if you don't get a prompt reply at least -acknowledging receipt then resend or mail it directly to one of the -more active team members (e.g. Steve). - -Note that bugs only present in the openssl utility are not in general -considered to be security issues. - -[PROG] ======================================================================== - -* Is OpenSSL thread-safe? - -Yes (with limitations: an SSL connection may not concurrently be used -by multiple threads). On Windows and many Unix systems, OpenSSL -automatically uses the multi-threaded versions of the standard -libraries. If your platform is not one of these, consult the INSTALL -file. - -Multi-threaded applications must provide two callback functions to -OpenSSL by calling CRYPTO_set_locking_callback() and -CRYPTO_set_id_callback(), for all versions of OpenSSL up to and -including 0.9.8[abc...]. As of version 1.0.0, CRYPTO_set_id_callback() -and associated APIs are deprecated by CRYPTO_THREADID_set_callback() -and friends. This is described in the threads(3) manpage. - -* I've compiled a program under Windows and it crashes: why? - -This is usually because you've missed the comment in INSTALL.W32. -Your application must link against the same version of the Win32 -C-Runtime against which your openssl libraries were linked. The -default version for OpenSSL is /MD - "Multithreaded DLL". - -If you are using Microsoft Visual C++'s IDE (Visual Studio), in -many cases, your new project most likely defaulted to "Debug -Singlethreaded" - /ML. This is NOT interchangeable with /MD and your -program will crash, typically on the first BIO related read or write -operation. - -For each of the six possible link stage configurations within Win32, -your application must link against the same by which OpenSSL was -built. If you are using MS Visual C++ (Studio) this can be changed -by: - - 1. Select Settings... from the Project Menu. - 2. Select the C/C++ Tab. - 3. Select "Code Generation from the "Category" drop down list box - 4. Select the Appropriate library (see table below) from the "Use - run-time library" drop down list box. Perform this step for both - your debug and release versions of your application (look at the - top left of the settings panel to change between the two) - - Single Threaded /ML - MS VC++ often defaults to - this for the release - version of a new project. - Debug Single Threaded /MLd - MS VC++ often defaults to - this for the debug version - of a new project. - Multithreaded /MT - Debug Multithreaded /MTd - Multithreaded DLL /MD - OpenSSL defaults to this. - Debug Multithreaded DLL /MDd - -Note that debug and release libraries are NOT interchangeable. If you -built OpenSSL with /MD your application must use /MD and cannot use /MDd. - -As per 0.9.8 the above limitation is eliminated for .DLLs. OpenSSL -.DLLs compiled with some specific run-time option [we insist on the -default /MD] can be deployed with application compiled with different -option or even different compiler. But there is a catch! Instead of -re-compiling OpenSSL toolkit, as you would have to with prior versions, -you have to compile small C snippet with compiler and/or options of -your choice. The snippet gets installed as -<install-root>/include/openssl/applink.c and should be either added to -your application project or simply #include-d in one [and only one] -of your application source files. Failure to link this shim module -into your application manifests itself as fatal "no OPENSSL_Applink" -run-time error. An explicit reminder is due that in this situation -[mixing compiler options] it is as important to add CRYPTO_malloc_init -prior first call to OpenSSL. - -* How do I read or write a DER encoded buffer using the ASN1 functions? - -You have two options. You can either use a memory BIO in conjunction -with the i2d_*_bio() or d2i_*_bio() functions or you can use the -i2d_*(), d2i_*() functions directly. Since these are often the -cause of grief here are some code fragments using PKCS7 as an example: - - unsigned char *buf, *p; - int len; - - len = i2d_PKCS7(p7, NULL); - buf = OPENSSL_malloc(len); /* or Malloc, error checking omitted */ - p = buf; - i2d_PKCS7(p7, &p); - -At this point buf contains the len bytes of the DER encoding of -p7. - -The opposite assumes we already have len bytes in buf: - - unsigned char *p; - p = buf; - p7 = d2i_PKCS7(NULL, &p, len); - -At this point p7 contains a valid PKCS7 structure of NULL if an error -occurred. If an error occurred ERR_print_errors(bio) should give more -information. - -The reason for the temporary variable 'p' is that the ASN1 functions -increment the passed pointer so it is ready to read or write the next -structure. This is often a cause of problems: without the temporary -variable the buffer pointer is changed to point just after the data -that has been read or written. This may well be uninitialized data -and attempts to free the buffer will have unpredictable results -because it no longer points to the same address. - - -* OpenSSL uses DER but I need BER format: does OpenSSL support BER? - -The short answer is yes, because DER is a special case of BER and OpenSSL -ASN1 decoders can process BER. - -The longer answer is that ASN1 structures can be encoded in a number of -different ways. One set of ways is the Basic Encoding Rules (BER) with various -permissible encodings. A restriction of BER is the Distinguished Encoding -Rules (DER): these uniquely specify how a given structure is encoded. - -Therefore, because DER is a special case of BER, DER is an acceptable encoding -for BER. - - -* I've tried using <M_some_evil_pkcs12_macro> and I get errors why? - -This usually happens when you try compiling something using the PKCS#12 -macros with a C++ compiler. There is hardly ever any need to use the -PKCS#12 macros in a program, it is much easier to parse and create -PKCS#12 files using the PKCS12_parse() and PKCS12_create() functions -documented in doc/openssl.txt and with examples in demos/pkcs12. The -'pkcs12' application has to use the macros because it prints out -debugging information. - - -* I've called <some function> and it fails, why? - -Before submitting a report or asking in one of the mailing lists, you -should try to determine the cause. In particular, you should call -ERR_print_errors() or ERR_print_errors_fp() after the failed call -and see if the message helps. Note that the problem may occur earlier -than you think -- you should check for errors after every call where -it is possible, otherwise the actual problem may be hidden because -some OpenSSL functions clear the error state. - - -* I just get a load of numbers for the error output, what do they mean? - -The actual format is described in the ERR_print_errors() manual page. -You should call the function ERR_load_crypto_strings() before hand and -the message will be output in text form. If you can't do this (for example -it is a pre-compiled binary) you can use the errstr utility on the error -code itself (the hex digits after the second colon). - - -* Why do I get errors about unknown algorithms? - -The cause is forgetting to load OpenSSL's table of algorithms with -OpenSSL_add_all_algorithms(). See the manual page for more information. This -can cause several problems such as being unable to read in an encrypted -PEM file, unable to decrypt a PKCS#12 file or signature failure when -verifying certificates. - -* Why can't the OpenSSH configure script detect OpenSSL? - -Several reasons for problems with the automatic detection exist. -OpenSSH requires at least version 0.9.5a of the OpenSSL libraries. -Sometimes the distribution has installed an older version in the system -locations that is detected instead of a new one installed. The OpenSSL -library might have been compiled for another CPU or another mode (32/64 bits). -Permissions might be wrong. - -The general answer is to check the config.log file generated when running -the OpenSSH configure script. It should contain the detailed information -on why the OpenSSL library was not detected or considered incompatible. - - -* Can I use OpenSSL's SSL library with non-blocking I/O? - -Yes; make sure to read the SSL_get_error(3) manual page! - -A pitfall to avoid: Don't assume that SSL_read() will just read from -the underlying transport or that SSL_write() will just write to it -- -it is also possible that SSL_write() cannot do any useful work until -there is data to read, or that SSL_read() cannot do anything until it -is possible to send data. One reason for this is that the peer may -request a new TLS/SSL handshake at any time during the protocol, -requiring a bi-directional message exchange; both SSL_read() and -SSL_write() will try to continue any pending handshake. - - -* Why doesn't my server application receive a client certificate? - -Due to the TLS protocol definition, a client will only send a certificate, -if explicitly asked by the server. Use the SSL_VERIFY_PEER flag of the -SSL_CTX_set_verify() function to enable the use of client certificates. - - -* Why does compilation fail due to an undefined symbol NID_uniqueIdentifier? - -For OpenSSL 0.9.7 the OID table was extended and corrected. In earlier -versions, uniqueIdentifier was incorrectly used for X.509 certificates. -The correct name according to RFC2256 (LDAP) is x500UniqueIdentifier. -Change your code to use the new name when compiling against OpenSSL 0.9.7. - - -* I think I've detected a memory leak, is this a bug? - -In most cases the cause of an apparent memory leak is an OpenSSL internal table -that is allocated when an application starts up. Since such tables do not grow -in size over time they are harmless. - -These internal tables can be freed up when an application closes using various -functions. Currently these include following: - -Thread-local cleanup functions: - - ERR_remove_state() - -Application-global cleanup functions that are aware of usage (and therefore -thread-safe): - - ENGINE_cleanup() and CONF_modules_unload() - -"Brutal" (thread-unsafe) Application-global cleanup functions: - - ERR_free_strings(), EVP_cleanup() and CRYPTO_cleanup_all_ex_data(). - - -* Why does Valgrind complain about the use of uninitialized data? - -When OpenSSL's PRNG routines are called to generate random numbers the supplied -buffer contents are mixed into the entropy pool: so it technically does not -matter whether the buffer is initialized at this point or not. Valgrind (and -other test tools) will complain about this. When using Valgrind, make sure the -OpenSSL library has been compiled with the PURIFY macro defined (-DPURIFY) -to get rid of these warnings. - - -* Why doesn't a memory BIO work when a file does? - -This can occur in several cases for example reading an S/MIME email message. -The reason is that a memory BIO can do one of two things when all the data -has been read from it. - -The default behaviour is to indicate that no more data is available and that -the call should be retried, this is to allow the application to fill up the BIO -again if necessary. - -Alternatively it can indicate that no more data is available and that EOF has -been reached. - -If a memory BIO is to behave in the same way as a file this second behaviour -is needed. This must be done by calling: - - BIO_set_mem_eof_return(bio, 0); - -See the manual pages for more details. - - -* Where are the declarations and implementations of d2i_X509() etc? - -These are defined and implemented by macros of the form: - - - DECLARE_ASN1_FUNCTIONS(X509) and IMPLEMENT_ASN1_FUNCTIONS(X509) - -The implementation passes an ASN1 "template" defining the structure into an -ASN1 interpreter using generalised functions such as ASN1_item_d2i(). - - -=============================================================================== +The FAQ is now maintained on the web: + https://www.openssl.org/docs/faq.html diff --git a/crypto/openssl/Makefile b/crypto/openssl/Makefile index cd1c08c..18bc72a 100644 --- a/crypto/openssl/Makefile +++ b/crypto/openssl/Makefile @@ -4,7 +4,7 @@ ## Makefile for OpenSSL ## -VERSION=1.0.1p +VERSION=1.0.1q MAJOR=1 MINOR=0.1 SHLIB_VERSION_NUMBER=1.0.0 @@ -501,25 +501,28 @@ TABLE: Configure # would occur. Therefore the list of files is temporarily stored into a file # and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal # tar does not support the --files-from option. -tar: +TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list \ + --owner openssl:0 --group openssl:0 \ + --transform 's|^|openssl-$(VERSION)/|' \ + -cvf - + +../$(TARFILE).list: + find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \ + \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \ + \! -name '*test' \! -name '.#*' \! -name '*~' \ + | sort > ../$(TARFILE).list + +tar: ../$(TARFILE).list find . -type d -print | xargs chmod 755 find . -type f -print | xargs chmod a+r find . -type f -perm -0100 -print | xargs chmod a+x - find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \ - $(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \ - tardy --user_number=0 --user_name=openssl \ - --group_number=0 --group_name=openssl \ - --prefix=openssl-$(VERSION) - |\ - gzip --best >../$(TARFILE).gz; \ - rm -f ../$(TARFILE).list; \ + $(TAR_COMMAND) | gzip --best >../$(TARFILE).gz + rm -f ../$(TARFILE).list ls -l ../$(TARFILE).gz -tar-snap: - @$(TAR) $(TARFLAGS) -cvf - \ - `find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \! -name '*test' \! -name '.#*' \! -name '*~' | sort` |\ - tardy --user_number=0 --user_name=openssl \ - --group_number=0 --group_name=openssl \ - --prefix=openssl-$(VERSION) - > ../$(TARFILE);\ +tar-snap: ../$(TARFILE).list + $(TAR_COMMAND) > ../$(TARFILE) + rm -f ../$(TARFILE).list ls -l ../$(TARFILE) dist: diff --git a/crypto/openssl/Makefile.org b/crypto/openssl/Makefile.org index 742431d..248d859 100644 --- a/crypto/openssl/Makefile.org +++ b/crypto/openssl/Makefile.org @@ -499,25 +499,28 @@ TABLE: Configure # would occur. Therefore the list of files is temporarily stored into a file # and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal # tar does not support the --files-from option. -tar: +TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list \ + --owner openssl:0 --group openssl:0 \ + --transform 's|^|openssl-$(VERSION)/|' \ + -cvf - + +../$(TARFILE).list: + find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \ + \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \ + \! -name '*test' \! -name '.#*' \! -name '*~' \ + | sort > ../$(TARFILE).list + +tar: ../$(TARFILE).list find . -type d -print | xargs chmod 755 find . -type f -print | xargs chmod a+r find . -type f -perm -0100 -print | xargs chmod a+x - find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \ - $(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \ - tardy --user_number=0 --user_name=openssl \ - --group_number=0 --group_name=openssl \ - --prefix=openssl-$(VERSION) - |\ - gzip --best >../$(TARFILE).gz; \ - rm -f ../$(TARFILE).list; \ + $(TAR_COMMAND) | gzip --best >../$(TARFILE).gz + rm -f ../$(TARFILE).list ls -l ../$(TARFILE).gz -tar-snap: - @$(TAR) $(TARFLAGS) -cvf - \ - `find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \! -name '*test' \! -name '.#*' \! -name '*~' | sort` |\ - tardy --user_number=0 --user_name=openssl \ - --group_number=0 --group_name=openssl \ - --prefix=openssl-$(VERSION) - > ../$(TARFILE);\ +tar-snap: ../$(TARFILE).list + $(TAR_COMMAND) > ../$(TARFILE) + rm -f ../$(TARFILE).list ls -l ../$(TARFILE) dist: diff --git a/crypto/openssl/NEWS b/crypto/openssl/NEWS index 5e76d3f..40d1284 100644 --- a/crypto/openssl/NEWS +++ b/crypto/openssl/NEWS @@ -5,9 +5,18 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 1.0.1p and OpenSSL 1.0.1q [3 Dec 2015] + + o Certificate verify crash with missing PSS parameter (CVE-2015-3194) + o X509_ATTRIBUTE memory leak (CVE-2015-3195) + o Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs + o In DSA_generate_parameters_ex, if the provided seed is too short, + return an error + Major changes between OpenSSL 1.0.1o and OpenSSL 1.0.1p [9 Jul 2015] o Alternate chains certificate forgery (CVE-2015-1793) + o Race condition handling PSK identify hint (CVE-2015-3196) Major changes between OpenSSL 1.0.1n and OpenSSL 1.0.1o [12 Jun 2015] diff --git a/crypto/openssl/README b/crypto/openssl/README index bf03f30..7239452 100644 --- a/crypto/openssl/README +++ b/crypto/openssl/README @@ -1,7 +1,7 @@ - OpenSSL 1.0.1p 9 Jul 2015 + OpenSSL 1.0.1q 3 Dec 2015 - Copyright (c) 1998-2011 The OpenSSL Project + Copyright (c) 1998-2015 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson All rights reserved. @@ -10,17 +10,17 @@ The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, fully featured, and Open Source toolkit implementing the - Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) - protocols as well as a full-strength general purpose cryptography library. - The project is managed by a worldwide community of volunteers that use the - Internet to communicate, plan, and develop the OpenSSL toolkit and its - related documentation. + Secure Sockets Layer (SSLv3) and Transport Layer Security (TLS) protocols as + well as a full-strength general purpose cryptograpic library. The project is + managed by a worldwide community of volunteers that use the Internet to + communicate, plan, and develop the OpenSSL toolkit and its related + documentation. - OpenSSL is based on the excellent SSLeay library developed from Eric A. Young + OpenSSL is descended from the SSLeay library developed by Eric A. Young and Tim J. Hudson. The OpenSSL toolkit is licensed under a dual-license (the - OpenSSL license plus the SSLeay license) situation, which basically means - that you are free to get and use it for commercial and non-commercial - purposes as long as you fulfill the conditions of both licenses. + OpenSSL license plus the SSLeay license), which means that you are free to + get and use it for commercial and non-commercial purposes as long as you + fulfill the conditions of both licenses. OVERVIEW -------- @@ -28,116 +28,39 @@ The OpenSSL toolkit includes: libssl.a: - Implementation of SSLv2, SSLv3, TLSv1 and the required code to support - both SSLv2, SSLv3 and TLSv1 in the one server and client. + Provides the client and server-side implementations for SSLv3 and TLS. libcrypto.a: - General encryption and X.509 v1/v3 stuff needed by SSL/TLS but not - actually logically part of it. It includes routines for the following: - - Ciphers - libdes - EAY's libdes DES encryption package which was floating - around the net for a few years, and was then relicensed by - him as part of SSLeay. It includes 15 'modes/variations' - of DES (1, 2 and 3 key versions of ecb, cbc, cfb and ofb; - pcbc and a more general form of cfb and ofb) including desx - in cbc mode, a fast crypt(3), and routines to read - passwords from the keyboard. - RC4 encryption, - RC2 encryption - 4 different modes, ecb, cbc, cfb and ofb. - Blowfish encryption - 4 different modes, ecb, cbc, cfb and ofb. - IDEA encryption - 4 different modes, ecb, cbc, cfb and ofb. - - Digests - MD5 and MD2 message digest algorithms, fast implementations, - SHA (SHA-0) and SHA-1 message digest algorithms, - MDC2 message digest. A DES based hash that is popular on smart cards. - - Public Key - RSA encryption/decryption/generation. - There is no limit on the number of bits. - DSA encryption/decryption/generation. - There is no limit on the number of bits. - Diffie-Hellman key-exchange/key generation. - There is no limit on the number of bits. - - X.509v3 certificates - X509 encoding/decoding into/from binary ASN1 and a PEM - based ASCII-binary encoding which supports encryption with a - private key. Program to generate RSA and DSA certificate - requests and to generate RSA and DSA certificates. - - Systems - The normal digital envelope routines and base64 encoding. Higher - level access to ciphers and digests by name. New ciphers can be - loaded at run time. The BIO io system which is a simple non-blocking - IO abstraction. Current methods supported are file descriptors, - sockets, socket accept, socket connect, memory buffer, buffering, SSL - client/server, file pointer, encryption, digest, non-blocking testing - and null. - - Data structures - A dynamically growing hashing system - A simple stack. - A Configuration loader that uses a format similar to MS .ini files. + Provides general cryptographic and X.509 support needed by SSL/TLS but + not logically part of it. openssl: A command line tool that can be used for: - Creation of RSA, DH and DSA key parameters + Creation of key parameters Creation of X.509 certificates, CSRs and CRLs - Calculation of Message Digests - Encryption and Decryption with Ciphers - SSL/TLS Client and Server Tests + Calculation of message digests + Encryption and decryption + SSL/TLS client and server tests Handling of S/MIME signed or encrypted mail - - - PATENTS - ------- - - Various companies hold various patents for various algorithms in various - locations around the world. _YOU_ are responsible for ensuring that your use - of any algorithms is legal by checking if there are any patents in your - country. The file contains some of the patents that we know about or are - rumored to exist. This is not a definitive list. - - RSA Security holds software patents on the RC5 algorithm. If you - intend to use this cipher, you must contact RSA Security for - licensing conditions. Their web page is http://www.rsasecurity.com/. - - RC4 is a trademark of RSA Security, so use of this label should perhaps - only be used with RSA Security's permission. - - The IDEA algorithm is patented by Ascom in Austria, France, Germany, Italy, - Japan, the Netherlands, Spain, Sweden, Switzerland, UK and the USA. They - should be contacted if that algorithm is to be used; their web page is - http://www.ascom.ch/. - - NTT and Mitsubishi have patents and pending patents on the Camellia - algorithm, but allow use at no charge without requiring an explicit - licensing agreement: http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html + And more... INSTALLATION ------------ - To install this package under a Unix derivative, read the INSTALL file. For - a Win32 platform, read the INSTALL.W32 file. For OpenVMS systems, read - INSTALL.VMS. - - Read the documentation in the doc/ directory. It is quite rough, but it - lists the functions; you will probably have to look at the code to work out - how to use them. Look at the example programs. - - PROBLEMS - -------- - - For some platforms, there are some known problems that may affect the user - or application author. We try to collect those in doc/PROBLEMS, with current - thoughts on how they should be solved in a future of OpenSSL. + See the appropriate file: + INSTALL Linux, Unix, etc. + INSTALL.DJGPP DOS platform with DJGPP + INSTALL.NW Netware + INSTALL.OS2 OS/2 + INSTALL.VMS VMS + INSTALL.W32 Windows (32bit) + INSTALL.W64 Windows (64bit) + INSTALL.WCE Windows CE SUPPORT ------- - See the OpenSSL website www.openssl.org for details of how to obtain + See the OpenSSL website www.openssl.org for details on how to obtain commercial technical support. If you have any problems with OpenSSL then please take the following steps @@ -161,58 +84,35 @@ - Problem Description (steps that will reproduce the problem, if known) - Stack Traceback (if the application dumps core) - Report the bug to the OpenSSL project via the Request Tracker - (http://www.openssl.org/support/rt.html) by mail to: + Email the report to: + + rt@openssl.org - openssl-bugs@openssl.org + In order to avoid spam, this is a moderated mailing list, and it might + take a day for the ticket to show up. (We also scan posts to make sure + that security disclosures aren't publically posted by mistake.) Mail to + this address is recorded in the public RT (request tracker) database (see + https://www.openssl.org/support/rt.html for details) and also forwarded + the public openssl-dev mailing list. Confidential mail may be sent to + openssl-security@openssl.org (PGP key available from the key servers). - Note that the request tracker should NOT be used for general assistance - or support queries. Just because something doesn't work the way you expect - does not mean it is necessarily a bug in OpenSSL. + Please do NOT use this for general assistance or support queries. + Just because something doesn't work the way you expect does not mean it + is necessarily a bug in OpenSSL. - Note that mail to openssl-bugs@openssl.org is recorded in the publicly - readable request tracker database and is forwarded to a public - mailing list. Confidential mail may be sent to openssl-security@openssl.org - (PGP key available from the key servers). + You can also make GitHub pull requests. If you do this, please also send + mail to rt@openssl.org with a link to the PR so that we can more easily + keep track of it. HOW TO CONTRIBUTE TO OpenSSL ---------------------------- - Development is coordinated on the openssl-dev mailing list (see - http://www.openssl.org for information on subscribing). If you - would like to submit a patch, send it to openssl-bugs@openssl.org with - the string "[PATCH]" in the subject. Please be sure to include a - textual explanation of what your patch does. - - If you are unsure as to whether a feature will be useful for the general - OpenSSL community please discuss it on the openssl-dev mailing list first. - Someone may be already working on the same thing or there may be a good - reason as to why that feature isn't implemented. - - Patches should be as up to date as possible, preferably relative to the - current Git or the last snapshot. They should follow the coding style of - OpenSSL and compile without warnings. Some of the core team developer targets - can be used for testing purposes, (debug-steve64, debug-geoff etc). OpenSSL - compiles on many varied platforms: try to ensure you only use portable - features. - - Note: For legal reasons, contributions from the US can be accepted only - if a TSU notification and a copy of the patch are sent to crypt@bis.doc.gov - (formerly BXA) with a copy to the ENC Encryption Request Coordinator; - please take some time to look at - http://www.bis.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html [sic] - and - http://w3.access.gpo.gov/bis/ear/pdf/740.pdf (EAR Section 740.13(e)) - for the details. If "your encryption source code is too large to serve as - an email attachment", they are glad to receive it by fax instead; hope you - have a cheap long-distance plan. - - Our preferred format for changes is "diff -u" output. You might - generate it like this: - - # cd openssl-work - # [your changes] - # ./Configure dist; make clean - # cd .. - # diff -ur openssl-orig openssl-work > mydiffs.patch + See CONTRIBUTING + + LEGALITIES + ---------- + A number of nations, in particular the U.S., restrict the use or export + of cryptography. If you are potentially subject to such restrictions + you should seek competent professional legal advice before attempting to + develop or distribute cryptographic code. diff --git a/crypto/openssl/apps/Makefile b/crypto/openssl/apps/Makefile index cafe554..8c3297e 100644 --- a/crypto/openssl/apps/Makefile +++ b/crypto/openssl/apps/Makefile @@ -135,7 +135,7 @@ update: openssl-vms.cnf local_depend depend: local_depend @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi local_depend: - @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \ + @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --git a/crypto/openssl/apps/apps.c b/crypto/openssl/apps/apps.c index 6801238..8ab4833 100644 --- a/crypto/openssl/apps/apps.c +++ b/crypto/openssl/apps/apps.c @@ -119,9 +119,6 @@ #include <stdio.h> #include <stdlib.h> #include <string.h> -#if !defined(OPENSSL_SYSNAME_WIN32) && !defined(NETWARE_CLIB) -# include <strings.h> -#endif #include <sys/types.h> #include <ctype.h> #include <errno.h> @@ -1247,7 +1244,11 @@ int set_name_ex(unsigned long *flags, const char *arg) {"ca_default", XN_FLAG_MULTILINE, 0xffffffffL}, {NULL, 0, 0} }; - return set_multi_opts(flags, arg, ex_tbl); + if (set_multi_opts(flags, arg, ex_tbl) == 0) + return 0; + if ((*flags & XN_FLAG_SEP_MASK) == 0) + *flags |= XN_FLAG_SEP_CPLUS_SPC; + return 1; } int set_ext_copy(int *copy_type, const char *arg) diff --git a/crypto/openssl/apps/asn1pars.c b/crypto/openssl/apps/asn1pars.c index 11b0787..0a6b990 100644 --- a/crypto/openssl/apps/asn1pars.c +++ b/crypto/openssl/apps/asn1pars.c @@ -313,9 +313,9 @@ int MAIN(int argc, char **argv) } typ = ASN1_TYPE_get(at); if ((typ == V_ASN1_OBJECT) + || (typ == V_ASN1_BOOLEAN) || (typ == V_ASN1_NULL)) { - BIO_printf(bio_err, "Can't parse %s type\n", - typ == V_ASN1_NULL ? "NULL" : "OBJECT"); + BIO_printf(bio_err, "Can't parse %s type\n", ASN1_tag2str(typ)); ERR_print_errors(bio_err); goto end; } diff --git a/crypto/openssl/apps/ca.c b/crypto/openssl/apps/ca.c index 97ad0c1..4d64eb2 100644 --- a/crypto/openssl/apps/ca.c +++ b/crypto/openssl/apps/ca.c @@ -99,25 +99,19 @@ #undef PROG #define PROG ca_main -#define BASE_SECTION "ca" -#define CONFIG_FILE "openssl.cnf" +#define BASE_SECTION "ca" +#define CONFIG_FILE "openssl.cnf" #define ENV_DEFAULT_CA "default_ca" -#define STRING_MASK "string_mask" +#define STRING_MASK "string_mask" #define UTF8_IN "utf8" -#define ENV_DIR "dir" -#define ENV_CERTS "certs" -#define ENV_CRL_DIR "crl_dir" -#define ENV_CA_DB "CA_DB" #define ENV_NEW_CERTS_DIR "new_certs_dir" #define ENV_CERTIFICATE "certificate" #define ENV_SERIAL "serial" #define ENV_CRLNUMBER "crlnumber" -#define ENV_CRL "crl" #define ENV_PRIVATE_KEY "private_key" -#define ENV_RANDFILE "RANDFILE" #define ENV_DEFAULT_DAYS "default_days" #define ENV_DEFAULT_STARTDATE "default_startdate" #define ENV_DEFAULT_ENDDATE "default_enddate" @@ -2520,6 +2514,8 @@ static int do_updatedb(CA_DB *db) char **rrow, *a_tm_s; a_tm = ASN1_UTCTIME_new(); + if (a_tm == NULL) + return -1; /* get actual time and make a string */ a_tm = X509_gmtime_adj(a_tm, 0); diff --git a/crypto/openssl/apps/ecparam.c b/crypto/openssl/apps/ecparam.c index 1f340a9..402fb31 100644 --- a/crypto/openssl/apps/ecparam.c +++ b/crypto/openssl/apps/ecparam.c @@ -413,14 +413,13 @@ int MAIN(int argc, char **argv) } if (check) { - if (group == NULL) - BIO_printf(bio_err, "no elliptic curve parameters\n"); BIO_printf(bio_err, "checking elliptic curve parameters: "); if (!EC_GROUP_check(group, NULL)) { BIO_printf(bio_err, "failed\n"); ERR_print_errors(bio_err); - } else - BIO_printf(bio_err, "ok\n"); + goto end; + } + BIO_printf(bio_err, "ok\n"); } diff --git a/crypto/openssl/apps/engine.c b/crypto/openssl/apps/engine.c index 3d70cac..460ec60 100644 --- a/crypto/openssl/apps/engine.c +++ b/crypto/openssl/apps/engine.c @@ -99,8 +99,6 @@ static void identity(char *ptr) static int append_buf(char **buf, const char *s, int *size, int step) { - int l = strlen(s); - if (*buf == NULL) { *size = step; *buf = OPENSSL_malloc(*size); @@ -109,9 +107,6 @@ static int append_buf(char **buf, const char *s, int *size, int step) **buf = '\0'; } - if (**buf != '\0') - l += 2; /* ", " */ - if (strlen(*buf) + strlen(s) >= (unsigned int)*size) { *size += step; *buf = OPENSSL_realloc(*buf, *size); diff --git a/crypto/openssl/apps/ocsp.c b/crypto/openssl/apps/ocsp.c index 572f064..9fd9568 100644 --- a/crypto/openssl/apps/ocsp.c +++ b/crypto/openssl/apps/ocsp.c @@ -1220,8 +1220,8 @@ static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path, return NULL; } - if (BIO_get_fd(cbio, &fd) <= 0) { - BIO_puts(err, "Can't get connection fd\n"); + if (BIO_get_fd(cbio, &fd) < 0) { + BIO_puts(bio_err, "Can't get connection fd\n"); goto err; } diff --git a/crypto/openssl/apps/pkcs12.c b/crypto/openssl/apps/pkcs12.c index 4ff6449..e41b445 100644 --- a/crypto/openssl/apps/pkcs12.c +++ b/crypto/openssl/apps/pkcs12.c @@ -134,13 +134,6 @@ int MAIN(int argc, char **argv) apps_startup(); -# ifdef OPENSSL_FIPS - if (FIPS_mode()) - cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; - else -# endif - cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC; - enc = EVP_des_ede3_cbc(); if (bio_err == NULL) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); @@ -148,6 +141,13 @@ int MAIN(int argc, char **argv) if (!load_config(bio_err, NULL)) goto end; +# ifdef OPENSSL_FIPS + if (FIPS_mode()) + cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; + else +# endif + cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC; + args = argv + 1; while (*args) { diff --git a/crypto/openssl/apps/s_client.c b/crypto/openssl/apps/s_client.c index 28737b6..16833ac 100644 --- a/crypto/openssl/apps/s_client.c +++ b/crypto/openssl/apps/s_client.c @@ -1884,6 +1884,9 @@ int MAIN(int argc, char **argv) EVP_PKEY_free(key); if (pass) OPENSSL_free(pass); +#ifndef OPENSSL_NO_SRP + OPENSSL_free(srp_arg.srppassin); +#endif if (vpm) X509_VERIFY_PARAM_free(vpm); if (cbuf != NULL) { diff --git a/crypto/openssl/apps/s_server.c b/crypto/openssl/apps/s_server.c index b58e5e0..a8aee77 100644 --- a/crypto/openssl/apps/s_server.c +++ b/crypto/openssl/apps/s_server.c @@ -2654,6 +2654,21 @@ static int www_body(char *hostname, int s, unsigned char *context) goto err; } else { BIO_printf(bio_s_out, "read R BLOCK\n"); +#ifndef OPENSSL_NO_SRP + if (BIO_should_io_special(io) + && BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) { + BIO_printf(bio_s_out, "LOOKUP renego during read\n"); + srp_callback_parm.user = + SRP_VBASE_get_by_user(srp_callback_parm.vb, + srp_callback_parm.login); + if (srp_callback_parm.user) + BIO_printf(bio_s_out, "LOOKUP done %s\n", + srp_callback_parm.user->info); + else + BIO_printf(bio_s_out, "LOOKUP not successful\n"); + continue; + } +#endif #if defined(OPENSSL_SYS_NETWARE) delay(1000); #elif !defined(OPENSSL_SYS_MSDOS) && !defined(__DJGPP__) diff --git a/crypto/openssl/appveyor.yml b/crypto/openssl/appveyor.yml new file mode 100644 index 0000000..8695359 --- /dev/null +++ b/crypto/openssl/appveyor.yml @@ -0,0 +1,60 @@ +platform: + - x86 + - x64 + +environment: + matrix: + - VSVER: 9 + - VSVER: 10 + - VSVER: 11 + - VSVER: 12 + - VSVER: 14 + +configuration: + - plain + - shared + +matrix: + allow_failures: + - platform: x64 + VSVER: 9 + - platform: x64 + VSVER: 10 + - platform: x64 + VSVER: 11 + +before_build: + - ps: >- + If ($env:Platform -Match "x86") { + $env:VCVARS_PLATFORM="x86" + $env:TARGET="VC-WIN32" + $env:DO="do_ms" + } Else { + $env:VCVARS_PLATFORM="amd64" + $env:TARGET="VC-WIN64A" + $env:DO="do_win64a" + } + - ps: >- + If ($env:Configuration -Like "*shared*") { + $env:MAK="ntdll.mak" + } Else { + $env:MAK="nt.mak" + } + - ps: $env:VSCOMNTOOLS=(Get-Content ("env:VS" + "$env:VSVER" + "0COMNTOOLS")) + - call "%VSCOMNTOOLS%\..\..\VC\vcvarsall.bat" %VCVARS_PLATFORM% + - perl Configure %TARGET% no-asm + - call ms\%DO% + +build_script: + - nmake /f ms\%MAK% + +test_script: + - nmake /f ms\%MAK% test + +notifications: + - provider: Email + to: + - openssl-commits@openssl.org + on_build_success: false + on_build_failure: true + on_build_status_changed: true diff --git a/crypto/openssl/crypto/aes/asm/aes-586.pl b/crypto/openssl/crypto/aes/asm/aes-586.pl index 687ed81..51b500d 100755 --- a/crypto/openssl/crypto/aes/asm/aes-586.pl +++ b/crypto/openssl/crypto/aes/asm/aes-586.pl @@ -45,7 +45,7 @@ # the undertaken effort was that it appeared that in tight IA-32 # register window little-endian flavor could achieve slightly higher # Instruction Level Parallelism, and it indeed resulted in up to 15% -# better performance on most recent µ-archs... +# better performance on most recent µ-archs... # # Third version adds AES_cbc_encrypt implementation, which resulted in # up to 40% performance imrovement of CBC benchmark results. 40% was @@ -223,7 +223,7 @@ sub _data_word() { my $i; while(defined($i=shift)) { &data_word($i,$i); } } $speed_limit=512; # chunks smaller than $speed_limit are # processed with compact routine in CBC mode $small_footprint=1; # $small_footprint=1 code is ~5% slower [on - # recent µ-archs], but ~5 times smaller! + # recent µ-archs], but ~5 times smaller! # I favor compact code to minimize cache # contention and in hope to "collect" 5% back # in real-life applications... @@ -562,7 +562,7 @@ sub enctransform() # Performance is not actually extraordinary in comparison to pure # x86 code. In particular encrypt performance is virtually the same. # Decrypt performance on the other hand is 15-20% better on newer -# µ-archs [but we're thankful for *any* improvement here], and ~50% +# µ-archs [but we're thankful for *any* improvement here], and ~50% # better on PIII:-) And additionally on the pros side this code # eliminates redundant references to stack and thus relieves/ # minimizes the pressure on the memory bus. diff --git a/crypto/openssl/crypto/aes/asm/aesni-x86.pl b/crypto/openssl/crypto/aes/asm/aesni-x86.pl index 3dc345b..8c1d0b5 100755 --- a/crypto/openssl/crypto/aes/asm/aesni-x86.pl +++ b/crypto/openssl/crypto/aes/asm/aesni-x86.pl @@ -74,7 +74,7 @@ $inout3="xmm5"; $in1="xmm5"; $inout4="xmm6"; $in0="xmm6"; $inout5="xmm7"; $ivec="xmm7"; -# AESNI extenstion +# AESNI extension sub aeskeygenassist { my($dst,$src,$imm)=@_; if ("$dst:$src" =~ /xmm([0-7]):xmm([0-7])/) diff --git a/crypto/openssl/crypto/asn1/asn1_par.c b/crypto/openssl/crypto/asn1/asn1_par.c index a5d2da1..0ca985a 100644 --- a/crypto/openssl/crypto/asn1/asn1_par.c +++ b/crypto/openssl/crypto/asn1/asn1_par.c @@ -62,6 +62,10 @@ #include <openssl/objects.h> #include <openssl/asn1.h> +#ifndef ASN1_PARSE_MAXDEPTH +#define ASN1_PARSE_MAXDEPTH 128 +#endif + static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed, int indent); static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, @@ -128,6 +132,12 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, #else dump_indent = 6; /* Because we know BIO_dump_indent() */ #endif + + if (depth > ASN1_PARSE_MAXDEPTH) { + BIO_puts(bp, "BAD RECURSION DEPTH\n"); + return 0; + } + p = *pp; tot = p + length; op = p - 1; diff --git a/crypto/openssl/crypto/asn1/d2i_pr.c b/crypto/openssl/crypto/asn1/d2i_pr.c index c96da09..d21829a 100644 --- a/crypto/openssl/crypto/asn1/d2i_pr.c +++ b/crypto/openssl/crypto/asn1/d2i_pr.c @@ -72,6 +72,7 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, long length) { EVP_PKEY *ret; + const unsigned char *p = *pp; if ((a == NULL) || (*a == NULL)) { if ((ret = EVP_PKEY_new()) == NULL) { @@ -94,21 +95,23 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, } if (!ret->ameth->old_priv_decode || - !ret->ameth->old_priv_decode(ret, pp, length)) { + !ret->ameth->old_priv_decode(ret, &p, length)) { if (ret->ameth->priv_decode) { PKCS8_PRIV_KEY_INFO *p8 = NULL; - p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, pp, length); + p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length); if (!p8) goto err; EVP_PKEY_free(ret); ret = EVP_PKCS82PKEY(p8); PKCS8_PRIV_KEY_INFO_free(p8); - + if (ret == NULL) + goto err; } else { ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB); goto err; } } + *pp = p; if (a != NULL) (*a) = ret; return (ret); @@ -136,6 +139,7 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, * input is surrounded by an ASN1 SEQUENCE. */ inkey = d2i_ASN1_SEQUENCE_ANY(NULL, &p, length); + p = *pp; /* * Since we only need to discern "traditional format" RSA and DSA keys we * can just count the elements. @@ -146,7 +150,7 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, keytype = EVP_PKEY_EC; else if (sk_ASN1_TYPE_num(inkey) == 3) { /* This seems to be PKCS8, not * traditional format */ - PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, pp, length); + PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length); EVP_PKEY *ret; sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free); @@ -157,6 +161,9 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, } ret = EVP_PKCS82PKEY(p8); PKCS8_PRIV_KEY_INFO_free(p8); + if (ret == NULL) + return NULL; + *pp = p; if (a) { *a = ret; } diff --git a/crypto/openssl/crypto/asn1/tasn_dec.c b/crypto/openssl/crypto/asn1/tasn_dec.c index 7fd336a..9256049 100644 --- a/crypto/openssl/crypto/asn1/tasn_dec.c +++ b/crypto/openssl/crypto/asn1/tasn_dec.c @@ -180,6 +180,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, int otag; int ret = 0; ASN1_VALUE **pchptr, *ptmpval; + int combine = aclass & ASN1_TFLG_COMBINE; + aclass &= ~ASN1_TFLG_COMBINE; if (!pval) return 0; if (aux && aux->asn1_cb) @@ -350,9 +352,9 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, } asn1_set_choice_selector(pval, i, it); - *in = p; if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL)) goto auxerr; + *in = p; return 1; case ASN1_ITYPE_NDEF_SEQUENCE: @@ -489,9 +491,9 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, /* Save encoding */ if (!asn1_enc_save(pval, *in, p - *in, it)) goto auxerr; - *in = p; if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL)) goto auxerr; + *in = p; return 1; default: @@ -500,7 +502,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, auxerr: ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR); err: - ASN1_item_ex_free(pval, it); + if (combine == 0) + ASN1_item_ex_free(pval, it); if (errtt) ERR_add_error_data(4, "Field=", errtt->field_name, ", Type=", it->sname); @@ -689,7 +692,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, } else { /* Nothing special */ ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), - -1, 0, opt, ctx); + -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx); if (!ret) { ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR); goto err; diff --git a/crypto/openssl/crypto/asn1/x_bignum.c b/crypto/openssl/crypto/asn1/x_bignum.c index a5a403c..eaf0466 100644 --- a/crypto/openssl/crypto/asn1/x_bignum.c +++ b/crypto/openssl/crypto/asn1/x_bignum.c @@ -141,8 +141,9 @@ static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it) { BIGNUM *bn; - if (!*pval) - bn_new(pval, it); + + if (*pval == NULL && !bn_new(pval, it)) + return 0; bn = (BIGNUM *)*pval; if (!BN_bin2bn(cont, len, bn)) { bn_free(pval, it); diff --git a/crypto/openssl/crypto/asn1/x_pubkey.c b/crypto/openssl/crypto/asn1/x_pubkey.c index 4b68201..6c57a79 100644 --- a/crypto/openssl/crypto/asn1/x_pubkey.c +++ b/crypto/openssl/crypto/asn1/x_pubkey.c @@ -188,13 +188,16 @@ EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length) { X509_PUBKEY *xpk; EVP_PKEY *pktmp; - xpk = d2i_X509_PUBKEY(NULL, pp, length); + const unsigned char *q; + q = *pp; + xpk = d2i_X509_PUBKEY(NULL, &q, length); if (!xpk) return NULL; pktmp = X509_PUBKEY_get(xpk); X509_PUBKEY_free(xpk); if (!pktmp) return NULL; + *pp = q; if (a) { EVP_PKEY_free(*a); *a = pktmp; diff --git a/crypto/openssl/crypto/asn1/x_x509.c b/crypto/openssl/crypto/asn1/x_x509.c index f56e837..bcd9166 100644 --- a/crypto/openssl/crypto/asn1/x_x509.c +++ b/crypto/openssl/crypto/asn1/x_x509.c @@ -180,16 +180,15 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length) if (!a || *a == NULL) { freeret = 1; } - ret = d2i_X509(a, pp, length); + ret = d2i_X509(a, &q, length); /* If certificate unreadable then forget it */ if (!ret) return NULL; /* update length */ - length -= *pp - q; - if (!length) - return ret; - if (!d2i_X509_CERT_AUX(&ret->aux, pp, length)) + length -= q - *pp; + if (length > 0 && !d2i_X509_CERT_AUX(&ret->aux, &q, length)) goto err; + *pp = q; return ret; err: if (freeret) { diff --git a/crypto/openssl/crypto/bio/b_dump.c b/crypto/openssl/crypto/bio/b_dump.c index 3293c72..87c8162 100644 --- a/crypto/openssl/crypto/bio/b_dump.c +++ b/crypto/openssl/crypto/bio/b_dump.c @@ -104,7 +104,6 @@ int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u), if ((rows * dump_width) < len) rows++; for (i = 0; i < rows; i++) { - buf[0] = '\0'; /* start with empty string */ BUF_strlcpy(buf, str, sizeof buf); BIO_snprintf(tmp, sizeof tmp, "%04x - ", i * dump_width); BUF_strlcat(buf, tmp, sizeof buf); diff --git a/crypto/openssl/crypto/bio/bss_file.c b/crypto/openssl/crypto/bio/bss_file.c index d7f15b0..bfba93e 100644 --- a/crypto/openssl/crypto/bio/bss_file.c +++ b/crypto/openssl/crypto/bio/bss_file.c @@ -115,9 +115,8 @@ static BIO_METHOD methods_filep = { NULL, }; -BIO *BIO_new_file(const char *filename, const char *mode) +static FILE *file_fopen(const char *filename, const char *mode) { - BIO *ret; FILE *file = NULL; # if defined(_WIN32) && defined(CP_UTF8) @@ -164,6 +163,14 @@ BIO *BIO_new_file(const char *filename, const char *mode) # else file = fopen(filename, mode); # endif + return (file); +} + +BIO *BIO_new_file(const char *filename, const char *mode) +{ + BIO *ret; + FILE *file = file_fopen(filename, mode); + if (file == NULL) { SYSerr(SYS_F_FOPEN, get_last_sys_error()); ERR_add_error_data(5, "fopen('", filename, "','", mode, "')"); @@ -386,7 +393,7 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr) else strcat(p, "t"); # endif - fp = fopen(ptr, p); + fp = file_fopen(ptr, p); if (fp == NULL) { SYSerr(SYS_F_FOPEN, get_last_sys_error()); ERR_add_error_data(5, "fopen('", ptr, "','", p, "')"); diff --git a/crypto/openssl/crypto/bn/asm/armv4-gf2m.pl b/crypto/openssl/crypto/bn/asm/armv4-gf2m.pl index c52e0b7..22ad1f8 100755 --- a/crypto/openssl/crypto/bn/asm/armv4-gf2m.pl +++ b/crypto/openssl/crypto/bn/asm/armv4-gf2m.pl @@ -41,13 +41,13 @@ $code=<<___; .align 5 mul_1x1_neon: vshl.u64 `&Dlo("q1")`,d16,#8 @ q1-q3 are slided $a - vmull.p8 `&Q("d0")`,d16,d17 @ a·bb + vmull.p8 `&Q("d0")`,d16,d17 @ a·bb vshl.u64 `&Dlo("q2")`,d16,#16 - vmull.p8 q1,`&Dlo("q1")`,d17 @ a<<8·bb + vmull.p8 q1,`&Dlo("q1")`,d17 @ a<<8·bb vshl.u64 `&Dlo("q3")`,d16,#24 - vmull.p8 q2,`&Dlo("q2")`,d17 @ a<<16·bb + vmull.p8 q2,`&Dlo("q2")`,d17 @ a<<16·bb vshr.u64 `&Dlo("q1")`,#8 - vmull.p8 q3,`&Dlo("q3")`,d17 @ a<<24·bb + vmull.p8 q3,`&Dlo("q3")`,d17 @ a<<24·bb vshl.u64 `&Dhi("q1")`,#24 veor d0,`&Dlo("q1")` vshr.u64 `&Dlo("q2")`,#16 @@ -158,7 +158,7 @@ ___ ################ # void bn_GF2m_mul_2x2(BN_ULONG *r, # BN_ULONG a1,BN_ULONG a0, -# BN_ULONG b1,BN_ULONG b0); # r[3..0]=a1a0·b1b0 +# BN_ULONG b1,BN_ULONG b0); # r[3..0]=a1a0·b1b0 ($A1,$B1,$A0,$B0,$A1B1,$A0B0)=map("d$_",(18..23)); @@ -184,20 +184,20 @@ bn_GF2m_mul_2x2: vmov d16,$A1 vmov d17,$B1 - bl mul_1x1_neon @ a1·b1 + bl mul_1x1_neon @ a1·b1 vmov $A1B1,d0 vmov d16,$A0 vmov d17,$B0 - bl mul_1x1_neon @ a0·b0 + bl mul_1x1_neon @ a0·b0 vmov $A0B0,d0 veor d16,$A0,$A1 veor d17,$B0,$B1 veor $A0,$A0B0,$A1B1 - bl mul_1x1_neon @ (a0+a1)·(b0+b1) + bl mul_1x1_neon @ (a0+a1)·(b0+b1) - veor d0,$A0 @ (a0+a1)·(b0+b1)-a0·b0-a1·b1 + veor d0,$A0 @ (a0+a1)·(b0+b1)-a0·b0-a1·b1 vshl.u64 d1,d0,#32 vshr.u64 d0,d0,#32 veor $A0B0,d1 @@ -220,7 +220,7 @@ $code.=<<___; mov $mask,#7<<2 sub sp,sp,#32 @ allocate tab[8] - bl mul_1x1_ialu @ a1·b1 + bl mul_1x1_ialu @ a1·b1 str $lo,[$ret,#8] str $hi,[$ret,#12] @@ -230,13 +230,13 @@ $code.=<<___; eor r2,r2,$a eor $b,$b,r3 eor $a,$a,r2 - bl mul_1x1_ialu @ a0·b0 + bl mul_1x1_ialu @ a0·b0 str $lo,[$ret] str $hi,[$ret,#4] eor $a,$a,r2 eor $b,$b,r3 - bl mul_1x1_ialu @ (a1+a0)·(b1+b0) + bl mul_1x1_ialu @ (a1+a0)·(b1+b0) ___ @r=map("r$_",(6..9)); $code.=<<___; diff --git a/crypto/openssl/crypto/bn/asm/ia64.S b/crypto/openssl/crypto/bn/asm/ia64.S index 951abc5..a9a42ab 100644 --- a/crypto/openssl/crypto/bn/asm/ia64.S +++ b/crypto/openssl/crypto/bn/asm/ia64.S @@ -422,7 +422,7 @@ bn_mul_add_words: // This loop spins in 3*(n+10) ticks on Itanium and in 2*(n+10) on // Itanium 2. Yes, unlike previous versions it scales:-) Previous -// version was peforming *all* additions in IALU and was starving +// version was performing *all* additions in IALU and was starving // for those even on Itanium 2. In this version one addition is // moved to FPU and is folded with multiplication. This is at cost // of propogating the result from previous call to this subroutine @@ -568,7 +568,7 @@ bn_sqr_comba8: // I've estimated this routine to run in ~120 ticks, but in reality // (i.e. according to ar.itc) it takes ~160 ticks. Are those extra // cycles consumed for instructions fetch? Or did I misinterpret some -// clause in Itanium µ-architecture manual? Comments are welcomed and +// clause in Itanium µ-architecture manual? Comments are welcomed and // highly appreciated. // // On Itanium 2 it takes ~190 ticks. This is because of stalls on diff --git a/crypto/openssl/crypto/bn/asm/s390x-gf2m.pl b/crypto/openssl/crypto/bn/asm/s390x-gf2m.pl index cd9f13e..9d18d40 100755 --- a/crypto/openssl/crypto/bn/asm/s390x-gf2m.pl +++ b/crypto/openssl/crypto/bn/asm/s390x-gf2m.pl @@ -172,19 +172,19 @@ ___ if ($SIZE_T==8) { my @r=map("%r$_",(6..9)); $code.=<<___; - bras $ra,_mul_1x1 # a1·b1 + bras $ra,_mul_1x1 # a1·b1 stmg $lo,$hi,16($rp) lg $a,`$stdframe+128+4*$SIZE_T`($sp) lg $b,`$stdframe+128+6*$SIZE_T`($sp) - bras $ra,_mul_1x1 # a0·b0 + bras $ra,_mul_1x1 # a0·b0 stmg $lo,$hi,0($rp) lg $a,`$stdframe+128+3*$SIZE_T`($sp) lg $b,`$stdframe+128+5*$SIZE_T`($sp) xg $a,`$stdframe+128+4*$SIZE_T`($sp) xg $b,`$stdframe+128+6*$SIZE_T`($sp) - bras $ra,_mul_1x1 # (a0+a1)·(b0+b1) + bras $ra,_mul_1x1 # (a0+a1)·(b0+b1) lmg @r[0],@r[3],0($rp) xgr $lo,$hi diff --git a/crypto/openssl/crypto/bn/asm/x86-gf2m.pl b/crypto/openssl/crypto/bn/asm/x86-gf2m.pl index 808a1e5..b579530 100755 --- a/crypto/openssl/crypto/bn/asm/x86-gf2m.pl +++ b/crypto/openssl/crypto/bn/asm/x86-gf2m.pl @@ -14,7 +14,7 @@ # the time being... Except that it has three code paths: pure integer # code suitable for any x86 CPU, MMX code suitable for PIII and later # and PCLMULQDQ suitable for Westmere and later. Improvement varies -# from one benchmark and µ-arch to another. Below are interval values +# from one benchmark and µ-arch to another. Below are interval values # for 163- and 571-bit ECDH benchmarks relative to compiler-generated # code: # @@ -226,22 +226,22 @@ if ($sse2) { &push ("edi"); &mov ($a,&wparam(1)); &mov ($b,&wparam(3)); - &call ("_mul_1x1_mmx"); # a1·b1 + &call ("_mul_1x1_mmx"); # a1·b1 &movq ("mm7",$R); &mov ($a,&wparam(2)); &mov ($b,&wparam(4)); - &call ("_mul_1x1_mmx"); # a0·b0 + &call ("_mul_1x1_mmx"); # a0·b0 &movq ("mm6",$R); &mov ($a,&wparam(1)); &mov ($b,&wparam(3)); &xor ($a,&wparam(2)); &xor ($b,&wparam(4)); - &call ("_mul_1x1_mmx"); # (a0+a1)·(b0+b1) + &call ("_mul_1x1_mmx"); # (a0+a1)·(b0+b1) &pxor ($R,"mm7"); &mov ($a,&wparam(0)); - &pxor ($R,"mm6"); # (a0+a1)·(b0+b1)-a1·b1-a0·b0 + &pxor ($R,"mm6"); # (a0+a1)·(b0+b1)-a1·b1-a0·b0 &movq ($A,$R); &psllq ($R,32); @@ -266,13 +266,13 @@ if ($sse2) { &mov ($a,&wparam(1)); &mov ($b,&wparam(3)); - &call ("_mul_1x1_ialu"); # a1·b1 + &call ("_mul_1x1_ialu"); # a1·b1 &mov (&DWP(8,"esp"),$lo); &mov (&DWP(12,"esp"),$hi); &mov ($a,&wparam(2)); &mov ($b,&wparam(4)); - &call ("_mul_1x1_ialu"); # a0·b0 + &call ("_mul_1x1_ialu"); # a0·b0 &mov (&DWP(0,"esp"),$lo); &mov (&DWP(4,"esp"),$hi); @@ -280,7 +280,7 @@ if ($sse2) { &mov ($b,&wparam(3)); &xor ($a,&wparam(2)); &xor ($b,&wparam(4)); - &call ("_mul_1x1_ialu"); # (a0+a1)·(b0+b1) + &call ("_mul_1x1_ialu"); # (a0+a1)·(b0+b1) &mov ("ebp",&wparam(0)); @r=("ebx","ecx","edi","esi"); diff --git a/crypto/openssl/crypto/bn/asm/x86_64-gcc.c b/crypto/openssl/crypto/bn/asm/x86_64-gcc.c index 9c5074b..0a5bb28 100644 --- a/crypto/openssl/crypto/bn/asm/x86_64-gcc.c +++ b/crypto/openssl/crypto/bn/asm/x86_64-gcc.c @@ -66,7 +66,7 @@ # undef sqr /*- - * "m"(a), "+m"(r) is the way to favor DirectPath µ-code; + * "m"(a), "+m"(r) is the way to favor DirectPath µ-code; * "g"(0) let the compiler to decide where does it * want to keep the value of zero; */ diff --git a/crypto/openssl/crypto/bn/asm/x86_64-gf2m.pl b/crypto/openssl/crypto/bn/asm/x86_64-gf2m.pl index 226c66c..42bbec2 100755 --- a/crypto/openssl/crypto/bn/asm/x86_64-gf2m.pl +++ b/crypto/openssl/crypto/bn/asm/x86_64-gf2m.pl @@ -13,7 +13,7 @@ # in bn_gf2m.c. It's kind of low-hanging mechanical port from C for # the time being... Except that it has two code paths: code suitable # for any x86_64 CPU and PCLMULQDQ one suitable for Westmere and -# later. Improvement varies from one benchmark and µ-arch to another. +# later. Improvement varies from one benchmark and µ-arch to another. # Vanilla code path is at most 20% faster than compiler-generated code # [not very impressive], while PCLMULQDQ - whole 85%-160% better on # 163- and 571-bit ECDH benchmarks on Intel CPUs. Keep in mind that @@ -184,13 +184,13 @@ ___ $code.=<<___; movdqa %xmm0,%xmm4 movdqa %xmm1,%xmm5 - pclmulqdq \$0,%xmm1,%xmm0 # a1·b1 + pclmulqdq \$0,%xmm1,%xmm0 # a1·b1 pxor %xmm2,%xmm4 pxor %xmm3,%xmm5 - pclmulqdq \$0,%xmm3,%xmm2 # a0·b0 - pclmulqdq \$0,%xmm5,%xmm4 # (a0+a1)·(b0+b1) + pclmulqdq \$0,%xmm3,%xmm2 # a0·b0 + pclmulqdq \$0,%xmm5,%xmm4 # (a0+a1)·(b0+b1) xorps %xmm0,%xmm4 - xorps %xmm2,%xmm4 # (a0+a1)·(b0+b1)-a0·b0-a1·b1 + xorps %xmm2,%xmm4 # (a0+a1)·(b0+b1)-a0·b0-a1·b1 movdqa %xmm4,%xmm5 pslldq \$8,%xmm4 psrldq \$8,%xmm5 @@ -225,13 +225,13 @@ $code.=<<___; mov \$0xf,$mask mov $a1,$a mov $b1,$b - call _mul_1x1 # a1·b1 + call _mul_1x1 # a1·b1 mov $lo,16(%rsp) mov $hi,24(%rsp) mov 48(%rsp),$a mov 64(%rsp),$b - call _mul_1x1 # a0·b0 + call _mul_1x1 # a0·b0 mov $lo,0(%rsp) mov $hi,8(%rsp) @@ -239,7 +239,7 @@ $code.=<<___; mov 56(%rsp),$b xor 48(%rsp),$a xor 64(%rsp),$b - call _mul_1x1 # (a0+a1)·(b0+b1) + call _mul_1x1 # (a0+a1)·(b0+b1) ___ @r=("%rbx","%rcx","%rdi","%rsi"); $code.=<<___; diff --git a/crypto/openssl/crypto/bn/bn_exp.c b/crypto/openssl/crypto/bn/bn_exp.c index 27146c8..7e33ba9 100644 --- a/crypto/openssl/crypto/bn/bn_exp.c +++ b/crypto/openssl/crypto/bn/bn_exp.c @@ -599,12 +599,13 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, bn_check_top(p); bn_check_top(m); - top = m->top; - - if (!(m->d[0] & 1)) { + if (!BN_is_odd(m)) { BNerr(BN_F_BN_MOD_EXP_MONT_CONSTTIME, BN_R_CALLED_WITH_EVEN_MODULUS); return (0); } + + top = m->top; + bits = BN_num_bits(p); if (bits == 0) { ret = BN_one(rr); diff --git a/crypto/openssl/crypto/bn/bn_gcd.c b/crypto/openssl/crypto/bn/bn_gcd.c index 97c55ab..ce59fe7 100644 --- a/crypto/openssl/crypto/bn/bn_gcd.c +++ b/crypto/openssl/crypto/bn/bn_gcd.c @@ -583,6 +583,7 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, * BN_div_no_branch will be called eventually. */ pB = &local_B; + local_B.flags = 0; BN_with_flags(pB, B, BN_FLG_CONSTTIME); if (!BN_nnmod(B, pB, A, ctx)) goto err; @@ -610,6 +611,7 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, * BN_div_no_branch will be called eventually. */ pA = &local_A; + local_A.flags = 0; BN_with_flags(pA, A, BN_FLG_CONSTTIME); /* (D, M) := (A/B, A%B) ... */ diff --git a/crypto/openssl/crypto/bn/bn_gf2m.c b/crypto/openssl/crypto/bn/bn_gf2m.c index a0ba8de..8ad44b4 100644 --- a/crypto/openssl/crypto/bn/bn_gf2m.c +++ b/crypto/openssl/crypto/bn/bn_gf2m.c @@ -576,7 +576,7 @@ int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[], bn_check_top(a); BN_CTX_start(ctx); if ((s = BN_CTX_get(ctx)) == NULL) - return 0; + goto err; if (!bn_wexpand(s, 2 * a->top)) goto err; @@ -700,18 +700,21 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) int top = p->top; BN_ULONG *udp, *bdp, *vdp, *cdp; - bn_wexpand(u, top); + if (!bn_wexpand(u, top)) + goto err; udp = u->d; for (i = u->top; i < top; i++) udp[i] = 0; u->top = top; - bn_wexpand(b, top); + if (!bn_wexpand(b, top)) + goto err; bdp = b->d; bdp[0] = 1; for (i = 1; i < top; i++) bdp[i] = 0; b->top = top; - bn_wexpand(c, top); + if (!bn_wexpand(c, top)) + goto err; cdp = c->d; for (i = 0; i < top; i++) cdp[i] = 0; diff --git a/crypto/openssl/crypto/bn/bn_mont.c b/crypto/openssl/crypto/bn/bn_mont.c index aadd5db..be95bd55 100644 --- a/crypto/openssl/crypto/bn/bn_mont.c +++ b/crypto/openssl/crypto/bn/bn_mont.c @@ -361,9 +361,9 @@ void BN_MONT_CTX_free(BN_MONT_CTX *mont) if (mont == NULL) return; - BN_free(&(mont->RR)); - BN_free(&(mont->N)); - BN_free(&(mont->Ni)); + BN_clear_free(&(mont->RR)); + BN_clear_free(&(mont->N)); + BN_clear_free(&(mont->Ni)); if (mont->flags & BN_FLG_MALLOCED) OPENSSL_free(mont); } @@ -373,6 +373,9 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) int ret = 0; BIGNUM *Ri, *R; + if (BN_is_zero(mod)) + return 0; + BN_CTX_start(ctx); if ((Ri = BN_CTX_get(ctx)) == NULL) goto err; diff --git a/crypto/openssl/crypto/bn/bn_recp.c b/crypto/openssl/crypto/bn/bn_recp.c index 6826f93..7497ac6 100644 --- a/crypto/openssl/crypto/bn/bn_recp.c +++ b/crypto/openssl/crypto/bn/bn_recp.c @@ -152,8 +152,10 @@ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, if (BN_ucmp(m, &(recp->N)) < 0) { BN_zero(d); - if (!BN_copy(r, m)) + if (!BN_copy(r, m)) { + BN_CTX_end(ctx); return 0; + } BN_CTX_end(ctx); return (1); } diff --git a/crypto/openssl/crypto/bn/bn_x931p.c b/crypto/openssl/crypto/bn/bn_x931p.c index 6d76b12..efa48bd 100644 --- a/crypto/openssl/crypto/bn/bn_x931p.c +++ b/crypto/openssl/crypto/bn/bn_x931p.c @@ -213,14 +213,14 @@ int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx) * exceeded. */ if (!BN_rand(Xp, nbits, 1, 0)) - return 0; + goto err; BN_CTX_start(ctx); t = BN_CTX_get(ctx); for (i = 0; i < 1000; i++) { if (!BN_rand(Xq, nbits, 1, 0)) - return 0; + goto err; /* Check that |Xp - Xq| > 2^(nbits - 100) */ BN_sub(t, Xp, Xq); if (BN_num_bits(t) > (nbits - 100)) @@ -234,6 +234,9 @@ int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx) return 0; + err: + BN_CTX_end(ctx); + return 0; } /* diff --git a/crypto/openssl/crypto/bn/bntest.c b/crypto/openssl/crypto/bn/bntest.c index 06662c5..6d55049 100644 --- a/crypto/openssl/crypto/bn/bntest.c +++ b/crypto/openssl/crypto/bn/bntest.c @@ -441,6 +441,14 @@ int test_div(BIO *bp, BN_CTX *ctx) BN_init(&d); BN_init(&e); + BN_one(&a); + BN_zero(&b); + + if (BN_div(&d, &c, &a, &b, ctx)) { + fprintf(stderr, "Division by zero succeeded!\n"); + return 0; + } + for (i = 0; i < num0 + num1; i++) { if (i < num1) { BN_bntest_rand(&a, 400, 0, 0); @@ -516,9 +524,9 @@ int test_div_word(BIO *bp) do { BN_bntest_rand(&a, 512, -1, 0); BN_bntest_rand(&b, BN_BITS2, -1, 0); - s = b.d[0]; - } while (!s); + } while (BN_is_zero(&b)); + s = b.d[0]; BN_copy(&b, &a); r = BN_div_word(&b, s); @@ -781,6 +789,18 @@ int test_mont(BIO *bp, BN_CTX *ctx) if (mont == NULL) return 0; + BN_zero(&n); + if (BN_MONT_CTX_set(mont, &n, ctx)) { + fprintf(stderr, "BN_MONT_CTX_set succeeded for zero modulus!\n"); + return 0; + } + + BN_set_word(&n, 16); + if (BN_MONT_CTX_set(mont, &n, ctx)) { + fprintf(stderr, "BN_MONT_CTX_set succeeded for even modulus!\n"); + return 0; + } + BN_bntest_rand(&a, 100, 0, 0); BN_bntest_rand(&b, 100, 0, 0); for (i = 0; i < num2; i++) { @@ -887,6 +907,14 @@ int test_mod_mul(BIO *bp, BN_CTX *ctx) d = BN_new(); e = BN_new(); + BN_one(a); + BN_one(b); + BN_zero(c); + if (BN_mod_mul(e, a, b, c, ctx)) { + fprintf(stderr, "BN_mod_mul with zero modulus succeeded!\n"); + return 0; + } + for (j = 0; j < 3; j++) { BN_bntest_rand(c, 1024, 0, 0); for (i = 0; i < num0; i++) { @@ -952,6 +980,14 @@ int test_mod_exp(BIO *bp, BN_CTX *ctx) d = BN_new(); e = BN_new(); + BN_one(a); + BN_one(b); + BN_zero(c); + if (BN_mod_exp(d, a, b, c, ctx)) { + fprintf(stderr, "BN_mod_exp with zero modulus succeeded!\n"); + return 0; + } + BN_bntest_rand(c, 30, 0, 1); /* must be odd for montgomery */ for (i = 0; i < num2; i++) { BN_bntest_rand(a, 20 + i * 5, 0, 0); @@ -999,6 +1035,22 @@ int test_mod_exp_mont_consttime(BIO *bp, BN_CTX *ctx) d = BN_new(); e = BN_new(); + BN_one(a); + BN_one(b); + BN_zero(c); + if (BN_mod_exp_mont_consttime(d, a, b, c, ctx, NULL)) { + fprintf(stderr, "BN_mod_exp_mont_consttime with zero modulus " + "succeeded\n"); + return 0; + } + + BN_set_word(c, 16); + if (BN_mod_exp_mont_consttime(d, a, b, c, ctx, NULL)) { + fprintf(stderr, "BN_mod_exp_mont_consttime with even modulus " + "succeeded\n"); + return 0; + } + BN_bntest_rand(c, 30, 0, 1); /* must be odd for montgomery */ for (i = 0; i < num2; i++) { BN_bntest_rand(a, 20 + i * 5, 0, 0); diff --git a/crypto/openssl/crypto/buffer/buf_str.c b/crypto/openssl/crypto/buffer/buf_str.c index fdde3d7..233af24 100644 --- a/crypto/openssl/crypto/buffer/buf_str.c +++ b/crypto/openssl/crypto/buffer/buf_str.c @@ -58,12 +58,13 @@ #include <stdio.h> #include "cryptlib.h" +#include <limits.h> #include <openssl/buffer.h> char *BUF_strdup(const char *str) { if (str == NULL) - return (NULL); + return NULL; return BUF_strndup(str, strlen(str)); } @@ -72,14 +73,20 @@ char *BUF_strndup(const char *str, size_t siz) char *ret; if (str == NULL) - return (NULL); + return NULL; + + if (siz >= INT_MAX) + return NULL; ret = OPENSSL_malloc(siz + 1); if (ret == NULL) { BUFerr(BUF_F_BUF_STRNDUP, ERR_R_MALLOC_FAILURE); - return (NULL); + return NULL; } - BUF_strlcpy(ret, str, siz + 1); + + memcpy(ret, str, siz); + ret[siz] = '\0'; + return (ret); } @@ -87,13 +94,13 @@ void *BUF_memdup(const void *data, size_t siz) { void *ret; - if (data == NULL) - return (NULL); + if (data == NULL || siz >= INT_MAX) + return NULL; ret = OPENSSL_malloc(siz); if (ret == NULL) { BUFerr(BUF_F_BUF_MEMDUP, ERR_R_MALLOC_FAILURE); - return (NULL); + return NULL; } return memcpy(ret, data, siz); } diff --git a/crypto/openssl/crypto/buffer/buffer.h b/crypto/openssl/crypto/buffer/buffer.h index 632df93..89183ad 100644 --- a/crypto/openssl/crypto/buffer/buffer.h +++ b/crypto/openssl/crypto/buffer/buffer.h @@ -85,7 +85,13 @@ void BUF_MEM_free(BUF_MEM *a); int BUF_MEM_grow(BUF_MEM *str, size_t len); int BUF_MEM_grow_clean(BUF_MEM *str, size_t len); char *BUF_strdup(const char *str); + +/* + * Like strndup, but in addition, explicitly guarantees to never read past the + * first |siz| bytes of |str|. + */ char *BUF_strndup(const char *str, size_t siz); + void *BUF_memdup(const void *data, size_t siz); void BUF_reverse(unsigned char *out, const unsigned char *in, size_t siz); diff --git a/crypto/openssl/crypto/cms/cms_enc.c b/crypto/openssl/crypto/cms/cms_enc.c index 85ae928..b14b4b6 100644 --- a/crypto/openssl/crypto/cms/cms_enc.c +++ b/crypto/openssl/crypto/cms/cms_enc.c @@ -195,7 +195,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec) ok = 1; err: - if (ec->key && !keep_key) { + if (ec->key && (!keep_key || !ok)) { OPENSSL_cleanse(ec->key, ec->keylen); OPENSSL_free(ec->key); ec->key = NULL; diff --git a/crypto/openssl/crypto/cms/cms_pwri.c b/crypto/openssl/crypto/cms/cms_pwri.c index a8322dc..b91c016 100644 --- a/crypto/openssl/crypto/cms/cms_pwri.c +++ b/crypto/openssl/crypto/cms/cms_pwri.c @@ -121,6 +121,9 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, /* Setup algorithm identifier for cipher */ encalg = X509_ALGOR_new(); + if (encalg == NULL) { + goto merr; + } EVP_CIPHER_CTX_init(&ctx); if (EVP_EncryptInit_ex(&ctx, kekciph, NULL, NULL, NULL) <= 0) { diff --git a/crypto/openssl/crypto/cms/cms_smime.c b/crypto/openssl/crypto/cms/cms_smime.c index 8b37560..f45693a 100644 --- a/crypto/openssl/crypto/cms/cms_smime.c +++ b/crypto/openssl/crypto/cms/cms_smime.c @@ -714,7 +714,7 @@ int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags) BIO *cmsbio; int ret = 0; if (!(cmsbio = CMS_dataInit(cms, dcont))) { - CMSerr(CMS_F_CMS_FINAL, ERR_R_MALLOC_FAILURE); + CMSerr(CMS_F_CMS_FINAL, CMS_R_CMS_LIB); return 0; } diff --git a/crypto/openssl/crypto/comp/c_zlib.c b/crypto/openssl/crypto/comp/c_zlib.c index 6731af8..9c32614 100644 --- a/crypto/openssl/crypto/comp/c_zlib.c +++ b/crypto/openssl/crypto/comp/c_zlib.c @@ -404,8 +404,9 @@ COMP_METHOD *COMP_zlib(void) void COMP_zlib_cleanup(void) { #ifdef ZLIB_SHARED - if (zlib_dso) + if (zlib_dso != NULL) DSO_free(zlib_dso); + zlib_dso = NULL; #endif } diff --git a/crypto/openssl/crypto/conf/conf_def.c b/crypto/openssl/crypto/conf/conf_def.c index faca9ae..68c77ce 100644 --- a/crypto/openssl/crypto/conf/conf_def.c +++ b/crypto/openssl/crypto/conf/conf_def.c @@ -225,12 +225,11 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) goto err; } - section = (char *)OPENSSL_malloc(10); + section = BUF_strdup("default"); if (section == NULL) { CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); goto err; } - BUF_strlcpy(section, "default", 10); if (_CONF_new_data(conf) == 0) { CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); diff --git a/crypto/openssl/crypto/conf/conf_sap.c b/crypto/openssl/crypto/conf/conf_sap.c index 544fe97..c042cf2 100644 --- a/crypto/openssl/crypto/conf/conf_sap.c +++ b/crypto/openssl/crypto/conf/conf_sap.c @@ -90,6 +90,7 @@ void OPENSSL_config(const char *config_name) CONF_modules_load_file(NULL, config_name, CONF_MFLAGS_DEFAULT_SECTION | CONF_MFLAGS_IGNORE_MISSING_FILE); + openssl_configured = 1; } void OPENSSL_no_config() diff --git a/crypto/openssl/crypto/cryptlib.c b/crypto/openssl/crypto/cryptlib.c index c654a5c..eccee72 100644 --- a/crypto/openssl/crypto/cryptlib.c +++ b/crypto/openssl/crypto/cryptlib.c @@ -930,13 +930,29 @@ void OPENSSL_showfatal(const char *fmta, ...) # if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333 /* this -------------v--- guards NT-specific calls */ if (check_winnt() && OPENSSL_isservice() > 0) { - HANDLE h = RegisterEventSource(0, _T("OPENSSL")); - const TCHAR *pmsg = buf; - ReportEvent(h, EVENTLOG_ERROR_TYPE, 0, 0, 0, 1, 0, &pmsg, 0); - DeregisterEventSource(h); + HANDLE hEventLog = RegisterEventSource(NULL, _T("OpenSSL")); + + if (hEventLog != NULL) { + const TCHAR *pmsg = buf; + + if (!ReportEvent(hEventLog, EVENTLOG_ERROR_TYPE, 0, 0, NULL, + 1, 0, &pmsg, NULL)) { +#if defined(DEBUG) + /* + * We are in a situation where we tried to report a critical + * error and this failed for some reason. As a last resort, + * in debug builds, send output to the debugger or any other + * tool like DebugView which can monitor the output. + */ + OutputDebugString(pmsg); +#endif + } + + (void)DeregisterEventSource(hEventLog); + } } else # endif - MessageBox(NULL, buf, _T("OpenSSL: FATAL"), MB_OK | MB_ICONSTOP); + MessageBox(NULL, buf, _T("OpenSSL: FATAL"), MB_OK | MB_ICONERROR); } #else void OPENSSL_showfatal(const char *fmta, ...) diff --git a/crypto/openssl/crypto/dsa/dsa_ameth.c b/crypto/openssl/crypto/dsa/dsa_ameth.c index a2840ea..6ddef45 100644 --- a/crypto/openssl/crypto/dsa/dsa_ameth.c +++ b/crypto/openssl/crypto/dsa/dsa_ameth.c @@ -318,6 +318,7 @@ static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) dplen = i2d_ASN1_INTEGER(prkey, &dp); ASN1_STRING_clear_free(prkey); + prkey = NULL; if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dsa), 0, V_ASN1_SEQUENCE, params, dp, dplen)) diff --git a/crypto/openssl/crypto/dsa/dsa_gen.c b/crypto/openssl/crypto/dsa/dsa_gen.c index d686ab0..34c6113 100644 --- a/crypto/openssl/crypto/dsa/dsa_gen.c +++ b/crypto/openssl/crypto/dsa/dsa_gen.c @@ -112,16 +112,8 @@ int DSA_generate_parameters_ex(DSA *ret, int bits, } # endif else { - const EVP_MD *evpmd; - size_t qbits = bits >= 2048 ? 256 : 160; - - if (bits >= 2048) { - qbits = 256; - evpmd = EVP_sha256(); - } else { - qbits = 160; - evpmd = EVP_sha1(); - } + const EVP_MD *evpmd = bits >= 2048 ? EVP_sha256() : EVP_sha1(); + size_t qbits = EVP_MD_size(evpmd) * 8; return dsa_builtin_paramgen(ret, bits, qbits, evpmd, seed_in, seed_len, NULL, counter_ret, @@ -174,13 +166,14 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, if (seed_in != NULL) memcpy(seed, seed_in, seed_len); - if ((ctx = BN_CTX_new()) == NULL) + if ((mont = BN_MONT_CTX_new()) == NULL) goto err; - if ((mont = BN_MONT_CTX_new()) == NULL) + if ((ctx = BN_CTX_new()) == NULL) goto err; BN_CTX_start(ctx); + r0 = BN_CTX_get(ctx); g = BN_CTX_get(ctx); W = BN_CTX_get(ctx); @@ -201,7 +194,7 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, if (!BN_GENCB_call(cb, 0, m++)) goto err; - if (!seed_len) { + if (!seed_len || !seed_in) { if (RAND_pseudo_bytes(seed, qsize) < 0) goto err; seed_is_random = 1; diff --git a/crypto/openssl/crypto/ec/ec.h b/crypto/openssl/crypto/ec/ec.h index c4e7aea..2a935fd 100644 --- a/crypto/openssl/crypto/ec/ec.h +++ b/crypto/openssl/crypto/ec/ec.h @@ -106,7 +106,7 @@ typedef enum { /** the point is encoded as z||x, where the octet z specifies * which solution of the quadratic equation y is */ POINT_CONVERSION_COMPRESSED = 2, - /** the point is encoded as z||x||y, where z is the octet 0x02 */ + /** the point is encoded as z||x||y, where z is the octet 0x04 */ POINT_CONVERSION_UNCOMPRESSED = 4, /** the point is encoded as z||x||y, where the octet z specifies * which solution of the quadratic equation y is */ diff --git a/crypto/openssl/crypto/ec/ec_asn1.c b/crypto/openssl/crypto/ec/ec_asn1.c index 4ad8494..33abf61 100644 --- a/crypto/openssl/crypto/ec/ec_asn1.c +++ b/crypto/openssl/crypto/ec/ec_asn1.c @@ -970,8 +970,9 @@ EC_GROUP *d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len) { EC_GROUP *group = NULL; ECPKPARAMETERS *params = NULL; + const unsigned char *p = *in; - if ((params = d2i_ECPKPARAMETERS(NULL, in, len)) == NULL) { + if ((params = d2i_ECPKPARAMETERS(NULL, &p, len)) == NULL) { ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_D2I_ECPKPARAMETERS_FAILURE); ECPKPARAMETERS_free(params); return NULL; @@ -989,6 +990,7 @@ EC_GROUP *d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len) *a = group; ECPKPARAMETERS_free(params); + *in = p; return (group); } @@ -1016,8 +1018,9 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) int ok = 0; EC_KEY *ret = NULL; EC_PRIVATEKEY *priv_key = NULL; + const unsigned char *p = *in; - if ((priv_key = d2i_EC_PRIVATEKEY(NULL, in, len)) == NULL) { + if ((priv_key = d2i_EC_PRIVATEKEY(NULL, &p, len)) == NULL) { ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); return NULL; } @@ -1096,6 +1099,7 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) if (a) *a = ret; + *in = p; ok = 1; err: if (!ok) { diff --git a/crypto/openssl/crypto/ec/ec_key.c b/crypto/openssl/crypto/ec/ec_key.c index 55ce3fe..c784b6f 100644 --- a/crypto/openssl/crypto/ec/ec_key.c +++ b/crypto/openssl/crypto/ec/ec_key.c @@ -366,7 +366,10 @@ int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, BN_CTX *ctx = NULL; BIGNUM *tx, *ty; EC_POINT *point = NULL; - int ok = 0, tmp_nid, is_char_two = 0; + int ok = 0; +#ifndef OPENSSL_NO_EC2M + int tmp_nid, is_char_two = 0; +#endif if (!key || !key->group || !x || !y) { ECerr(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES, @@ -382,14 +385,15 @@ int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, if (!point) goto err; + tx = BN_CTX_get(ctx); + ty = BN_CTX_get(ctx); + +#ifndef OPENSSL_NO_EC2M tmp_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(key->group)); if (tmp_nid == NID_X9_62_characteristic_two_field) is_char_two = 1; - tx = BN_CTX_get(ctx); - ty = BN_CTX_get(ctx); -#ifndef OPENSSL_NO_EC2M if (is_char_two) { if (!EC_POINT_set_affine_coordinates_GF2m(key->group, point, x, y, ctx)) diff --git a/crypto/openssl/crypto/engine/eng_cryptodev.c b/crypto/openssl/crypto/engine/eng_cryptodev.c index bcb936d..a8a24d0 100644 --- a/crypto/openssl/crypto/engine/eng_cryptodev.c +++ b/crypto/openssl/crypto/engine/eng_cryptodev.c @@ -1230,15 +1230,18 @@ static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r, BN_num_bytes(dsa->q), s) == 0) { dsaret = DSA_SIG_new(); + if (dsaret == NULL) + goto err; dsaret->r = r; dsaret->s = s; + r = s = NULL; } else { const DSA_METHOD *meth = DSA_OpenSSL(); - BN_free(r); - BN_free(s); dsaret = (meth->dsa_do_sign) (dgst, dlen, dsa); } err: + BN_free(r); + BN_free(s); kop.crk_param[0].crp_p = NULL; zapparams(&kop); return (dsaret); diff --git a/crypto/openssl/crypto/engine/eng_list.c b/crypto/openssl/crypto/engine/eng_list.c index 3384e31..83c95d5 100644 --- a/crypto/openssl/crypto/engine/eng_list.c +++ b/crypto/openssl/crypto/engine/eng_list.c @@ -260,6 +260,7 @@ int ENGINE_add(ENGINE *e) } if ((e->id == NULL) || (e->name == NULL)) { ENGINEerr(ENGINE_F_ENGINE_ADD, ENGINE_R_ID_OR_NAME_MISSING); + return 0; } CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); if (!engine_list_add(e)) { diff --git a/crypto/openssl/crypto/evp/e_des3.c b/crypto/openssl/crypto/evp/e_des3.c index 07a5aca..1272305 100644 --- a/crypto/openssl/crypto/evp/e_des3.c +++ b/crypto/openssl/crypto/evp/e_des3.c @@ -241,7 +241,7 @@ static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, DES_cblock *deskey = (DES_cblock *)key; # ifdef EVP_CHECK_DES_KEY if (DES_set_key_checked(&deskey[0], &data(ctx)->ks1) - ! !DES_set_key_checked(&deskey[1], &data(ctx)->ks2)) + || DES_set_key_checked(&deskey[1], &data(ctx)->ks2)) return 0; # else DES_set_key_unchecked(&deskey[0], &data(ctx)->ks1); diff --git a/crypto/openssl/crypto/evp/encode.c b/crypto/openssl/crypto/evp/encode.c index 5c5988f..c6abc4a 100644 --- a/crypto/openssl/crypto/evp/encode.c +++ b/crypto/openssl/crypto/evp/encode.c @@ -60,9 +60,9 @@ #include "cryptlib.h" #include <openssl/evp.h> +static unsigned char conv_ascii2bin(unsigned char a); #ifndef CHARSET_EBCDIC # define conv_bin2ascii(a) (data_bin2ascii[(a)&0x3f]) -# define conv_ascii2bin(a) (data_ascii2bin[(a)&0x7f]) #else /* * We assume that PEM encoded files are EBCDIC files (i.e., printable text @@ -71,7 +71,6 @@ * as the underlying textstring data_bin2ascii[] is already EBCDIC) */ # define conv_bin2ascii(a) (data_bin2ascii[(a)&0x3f]) -# define conv_ascii2bin(a) (data_ascii2bin[os_toascii[a]&0x7f]) #endif /*- @@ -103,6 +102,7 @@ abcdefghijklmnopqrstuvwxyz0123456789+/"; #define B64_WS 0xE0 #define B64_ERROR 0xFF #define B64_NOT_BASE64(a) (((a)|0x13) == 0xF3) +#define B64_BASE64(a) !B64_NOT_BASE64(a) static const unsigned char data_ascii2bin[128] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, @@ -123,6 +123,23 @@ static const unsigned char data_ascii2bin[128] = { 0x31, 0x32, 0x33, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, }; +#ifndef CHARSET_EBCDIC +static unsigned char conv_ascii2bin(unsigned char a) +{ + if (a & 0x80) + return B64_ERROR; + return data_ascii2bin[a]; +} +#else +static unsigned char conv_ascii2bin(unsigned char a) +{ + a = os_toascii[a]; + if (a & 0x80) + return B64_ERROR; + return data_ascii2bin[a]; +} +#endif + void EVP_EncodeInit(EVP_ENCODE_CTX *ctx) { ctx->length = 48; @@ -218,8 +235,9 @@ int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int dlen) void EVP_DecodeInit(EVP_ENCODE_CTX *ctx) { - ctx->length = 30; + /* Only ctx->num is used during decoding. */ ctx->num = 0; + ctx->length = 0; ctx->line_num = 0; ctx->expect_nl = 0; } @@ -228,139 +246,123 @@ void EVP_DecodeInit(EVP_ENCODE_CTX *ctx) * -1 for error * 0 for last line * 1 for full line + * + * Note: even though EVP_DecodeUpdate attempts to detect and report end of + * content, the context doesn't currently remember it and will accept more data + * in the next call. Therefore, the caller is responsible for checking and + * rejecting a 0 return value in the middle of content. + * + * Note: even though EVP_DecodeUpdate has historically tried to detect end of + * content based on line length, this has never worked properly. Therefore, + * we now return 0 when one of the following is true: + * - Padding or B64_EOF was detected and the last block is complete. + * - Input has zero-length. + * -1 is returned if: + * - Invalid characters are detected. + * - There is extra trailing padding, or data after padding. + * - B64_EOF is detected after an incomplete base64 block. */ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl) { - int seof = -1, eof = 0, rv = -1, ret = 0, i, v, tmp, n, ln, exp_nl; + int seof = 0, eof = 0, rv = -1, ret = 0, i, v, tmp, n, decoded_len; unsigned char *d; n = ctx->num; d = ctx->enc_data; - ln = ctx->line_num; - exp_nl = ctx->expect_nl; - /* last line of input. */ - if ((inl == 0) || ((n == 0) && (conv_ascii2bin(in[0]) == B64_EOF))) { + if (n > 0 && d[n - 1] == '=') { + eof++; + if (n > 1 && d[n - 2] == '=') + eof++; + } + + /* Legacy behaviour: an empty input chunk signals end of input. */ + if (inl == 0) { rv = 0; goto end; } - /* We parse the input data */ for (i = 0; i < inl; i++) { - /* If the current line is > 80 characters, scream alot */ - if (ln >= 80) { - rv = -1; - goto end; - } - - /* Get char and put it into the buffer */ tmp = *(in++); v = conv_ascii2bin(tmp); - /* only save the good data :-) */ - if (!B64_NOT_BASE64(v)) { - OPENSSL_assert(n < (int)sizeof(ctx->enc_data)); - d[n++] = tmp; - ln++; - } else if (v == B64_ERROR) { + if (v == B64_ERROR) { rv = -1; goto end; } - /* - * have we seen a '=' which is 'definitly' the last input line. seof - * will point to the character that holds it. and eof will hold how - * many characters to chop off. - */ if (tmp == '=') { - if (seof == -1) - seof = n; eof++; + } else if (eof > 0 && B64_BASE64(v)) { + /* More data after padding. */ + rv = -1; + goto end; } - if (v == B64_CR) { - ln = 0; - if (exp_nl) - continue; + if (eof > 2) { + rv = -1; + goto end; } - /* eoln */ - if (v == B64_EOLN) { - ln = 0; - if (exp_nl) { - exp_nl = 0; - continue; - } - } - exp_nl = 0; - - /* - * If we are at the end of input and it looks like a line, process - * it. - */ - if (((i + 1) == inl) && (((n & 3) == 0) || eof)) { - v = B64_EOF; - /* - * In case things were given us in really small records (so two - * '=' were given in separate updates), eof may contain the - * incorrect number of ending bytes to skip, so let's redo the - * count - */ - eof = 0; - if (d[n - 1] == '=') - eof++; - if (d[n - 2] == '=') - eof++; - /* There will never be more than two '=' */ + if (v == B64_EOF) { + seof = 1; + goto tail; } - if ((v == B64_EOF && (n & 3) == 0) || (n >= 64)) { - /* - * This is needed to work correctly on 64 byte input lines. We - * process the line and then need to accept the '\n' - */ - if ((v != B64_EOF) && (n >= 64)) - exp_nl = 1; - if (n > 0) { - v = EVP_DecodeBlock(out, d, n); - n = 0; - if (v < 0) { - rv = 0; - goto end; - } - if (eof > v) { - rv = -1; - goto end; - } - ret += (v - eof); - } else { - eof = 1; - v = 0; + /* Only save valid base64 characters. */ + if (B64_BASE64(v)) { + if (n >= 64) { + /* + * We increment n once per loop, and empty the buffer as soon as + * we reach 64 characters, so this can only happen if someone's + * manually messed with the ctx. Refuse to write any more data. + */ + rv = -1; + goto end; } + OPENSSL_assert(n < (int)sizeof(ctx->enc_data)); + d[n++] = tmp; + } - /* - * This is the case where we have had a short but valid input - * line - */ - if ((v < ctx->length) && eof) { - rv = 0; + if (n == 64) { + decoded_len = EVP_DecodeBlock(out, d, n); + n = 0; + if (decoded_len < 0 || eof > decoded_len) { + rv = -1; goto end; - } else - ctx->length = v; + } + ret += decoded_len - eof; + out += decoded_len - eof; + } + } - if (seof >= 0) { - rv = 0; + /* + * Legacy behaviour: if the current line is a full base64-block (i.e., has + * 0 mod 4 base64 characters), it is processed immediately. We keep this + * behaviour as applications may not be calling EVP_DecodeFinal properly. + */ +tail: + if (n > 0) { + if ((n & 3) == 0) { + decoded_len = EVP_DecodeBlock(out, d, n); + n = 0; + if (decoded_len < 0 || eof > decoded_len) { + rv = -1; goto end; } - out += v; + ret += (decoded_len - eof); + } else if (seof) { + /* EOF in the middle of a base64 block. */ + rv = -1; + goto end; } } - rv = 1; - end: + + rv = seof || (n == 0 && eof) ? 0 : 1; +end: + /* Legacy behaviour. This should probably rather be zeroed on error. */ *outl = ret; ctx->num = n; - ctx->line_num = ln; - ctx->expect_nl = exp_nl; return (rv); } diff --git a/crypto/openssl/crypto/evp/evp_key.c b/crypto/openssl/crypto/evp/evp_key.c index 71fa627..5be9e33 100644 --- a/crypto/openssl/crypto/evp/evp_key.c +++ b/crypto/openssl/crypto/evp/evp_key.c @@ -104,6 +104,8 @@ int EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt, if ((prompt == NULL) && (prompt_string[0] != '\0')) prompt = prompt_string; ui = UI_new(); + if (ui == NULL) + return -1; UI_add_input_string(ui, prompt, 0, buf, min, (len >= BUFSIZ) ? BUFSIZ - 1 : len); if (verify) @@ -137,7 +139,7 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, EVP_MD_CTX_init(&c); for (;;) { if (!EVP_DigestInit_ex(&c, md, NULL)) - return 0; + goto err; if (addmd++) if (!EVP_DigestUpdate(&c, &(md_buf[0]), mds)) goto err; @@ -188,6 +190,6 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, rv = type->key_len; err: EVP_MD_CTX_cleanup(&c); - OPENSSL_cleanse(&(md_buf[0]), EVP_MAX_MD_SIZE); + OPENSSL_cleanse(md_buf, sizeof(md_buf)); return rv; } diff --git a/crypto/openssl/crypto/evp/evp_lib.c b/crypto/openssl/crypto/evp/evp_lib.c index d4d2b4b..b16d623 100644 --- a/crypto/openssl/crypto/evp/evp_lib.c +++ b/crypto/openssl/crypto/evp/evp_lib.c @@ -67,9 +67,19 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) if (c->cipher->set_asn1_parameters != NULL) ret = c->cipher->set_asn1_parameters(c, type); - else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) - ret = EVP_CIPHER_set_asn1_iv(c, type); - else + else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) { + switch (EVP_CIPHER_CTX_mode(c)) { + + case EVP_CIPH_GCM_MODE: + case EVP_CIPH_CCM_MODE: + case EVP_CIPH_XTS_MODE: + ret = -1; + break; + + default: + ret = EVP_CIPHER_set_asn1_iv(c, type); + } + } else ret = -1; return (ret); } @@ -80,9 +90,20 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type) if (c->cipher->get_asn1_parameters != NULL) ret = c->cipher->get_asn1_parameters(c, type); - else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) - ret = EVP_CIPHER_get_asn1_iv(c, type); - else + else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) { + switch (EVP_CIPHER_CTX_mode(c)) { + + case EVP_CIPH_GCM_MODE: + case EVP_CIPH_CCM_MODE: + case EVP_CIPH_XTS_MODE: + ret = -1; + break; + + default: + ret = EVP_CIPHER_get_asn1_iv(c, type); + break; + } + } else ret = -1; return (ret); } diff --git a/crypto/openssl/crypto/evp/evp_pbe.c b/crypto/openssl/crypto/evp/evp_pbe.c index e3fa95d..7934c95 100644 --- a/crypto/openssl/crypto/evp/evp_pbe.c +++ b/crypto/openssl/crypto/evp/evp_pbe.c @@ -228,12 +228,16 @@ int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, int md_nid, EVP_PBE_KEYGEN *keygen) { EVP_PBE_CTL *pbe_tmp; - if (!pbe_algs) + + if (pbe_algs == NULL) { pbe_algs = sk_EVP_PBE_CTL_new(pbe_cmp); - if (!(pbe_tmp = (EVP_PBE_CTL *)OPENSSL_malloc(sizeof(EVP_PBE_CTL)))) { - EVPerr(EVP_F_EVP_PBE_ALG_ADD_TYPE, ERR_R_MALLOC_FAILURE); - return 0; + if (pbe_algs == NULL) + goto err; } + + if ((pbe_tmp = OPENSSL_malloc(sizeof(*pbe_tmp))) == NULL) + goto err; + pbe_tmp->pbe_type = pbe_type; pbe_tmp->pbe_nid = pbe_nid; pbe_tmp->cipher_nid = cipher_nid; @@ -242,6 +246,10 @@ int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, sk_EVP_PBE_CTL_push(pbe_algs, pbe_tmp); return 1; + + err: + EVPerr(EVP_F_EVP_PBE_ALG_ADD_TYPE, ERR_R_MALLOC_FAILURE); + return 0; } int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, diff --git a/crypto/openssl/crypto/evp/p_lib.c b/crypto/openssl/crypto/evp/p_lib.c index 2b84dc7..375f561 100644 --- a/crypto/openssl/crypto/evp/p_lib.c +++ b/crypto/openssl/crypto/evp/p_lib.c @@ -253,7 +253,7 @@ int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len) int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key) { - if (!EVP_PKEY_set_type(pkey, type)) + if (pkey == NULL || !EVP_PKEY_set_type(pkey, type)) return 0; pkey->pkey.ptr = key; return (key != NULL); diff --git a/crypto/openssl/crypto/evp/pmeth_gn.c b/crypto/openssl/crypto/evp/pmeth_gn.c index 59f8134..6435f1b 100644 --- a/crypto/openssl/crypto/evp/pmeth_gn.c +++ b/crypto/openssl/crypto/evp/pmeth_gn.c @@ -96,12 +96,17 @@ int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey) return -1; } - if (!ppkey) + if (ppkey == NULL) return -1; - if (!*ppkey) + if (*ppkey == NULL) *ppkey = EVP_PKEY_new(); + if (*ppkey == NULL) { + EVPerr(EVP_F_EVP_PKEY_PARAMGEN, ERR_R_MALLOC_FAILURE); + return -1; + } + ret = ctx->pmeth->paramgen(ctx, *ppkey); if (ret <= 0) { EVP_PKEY_free(*ppkey); diff --git a/crypto/openssl/crypto/hmac/hm_ameth.c b/crypto/openssl/crypto/hmac/hm_ameth.c index 641c797..cf14743 100644 --- a/crypto/openssl/crypto/hmac/hm_ameth.c +++ b/crypto/openssl/crypto/hmac/hm_ameth.c @@ -108,9 +108,14 @@ static int old_hmac_decode(EVP_PKEY *pkey, ASN1_OCTET_STRING *os; os = ASN1_OCTET_STRING_new(); if (!os || !ASN1_OCTET_STRING_set(os, *pder, derlen)) - return 0; - EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, os); + goto err; + if (!EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, os)) + goto err; return 1; + + err: + ASN1_OCTET_STRING_free(os); + return 0; } static int old_hmac_encode(const EVP_PKEY *pkey, unsigned char **pder) diff --git a/crypto/openssl/crypto/jpake/jpake.c b/crypto/openssl/crypto/jpake/jpake.c index ed2e888..ac853d4 100644 --- a/crypto/openssl/crypto/jpake/jpake.c +++ b/crypto/openssl/crypto/jpake/jpake.c @@ -218,6 +218,9 @@ static int verify_zkp(const JPAKE_STEP_PART *p, const BIGNUM *zkpg, BIGNUM *t3 = BN_new(); int ret = 0; + if (h == NULL || t1 == NULL || t2 == NULL || t3 == NULL) + goto end; + zkp_hash(h, zkpg, p, ctx->p.peer_name); /* t1 = g^b */ @@ -233,6 +236,7 @@ static int verify_zkp(const JPAKE_STEP_PART *p, const BIGNUM *zkpg, else JPAKEerr(JPAKE_F_VERIFY_ZKP, JPAKE_R_ZKP_VERIFY_FAILED); +end: /* cleanup */ BN_free(t3); BN_free(t2); diff --git a/crypto/openssl/crypto/mem_clr.c b/crypto/openssl/crypto/mem_clr.c index 3df1f39..1a06636 100644 --- a/crypto/openssl/crypto/mem_clr.c +++ b/crypto/openssl/crypto/mem_clr.c @@ -66,6 +66,10 @@ void OPENSSL_cleanse(void *ptr, size_t len) { unsigned char *p = ptr; size_t loop = len, ctr = cleanse_ctr; + + if (ptr == NULL) + return; + while (loop--) { *(p++) = (unsigned char)ctr; ctr += (17 + ((size_t)p & 0xF)); diff --git a/crypto/openssl/crypto/modes/asm/ghash-armv4.pl b/crypto/openssl/crypto/modes/asm/ghash-armv4.pl index d91586e..e46f8e3 100755 --- a/crypto/openssl/crypto/modes/asm/ghash-armv4.pl +++ b/crypto/openssl/crypto/modes/asm/ghash-armv4.pl @@ -374,8 +374,8 @@ gcm_ghash_neon: vdup.8 $xi,`&Dlo("$IN")`[0] @ broadcast lowest byte .Linner_neon: subs $cnt,$cnt,#1 - vmull.p8 $Qlo,$Hlo,$xi @ H.lo·Xi[i] - vmull.p8 $Qhi,$Hhi,$xi @ H.hi·Xi[i] + vmull.p8 $Qlo,$Hlo,$xi @ H.lo·Xi[i] + vmull.p8 $Qhi,$Hhi,$xi @ H.hi·Xi[i] vext.8 $IN,$zero,#1 @ IN>>=8 veor $Z,$Qpost @ modulo-scheduled part @@ -388,7 +388,7 @@ gcm_ghash_neon: vsli.8 $Zo,$T,#1 @ compose the "carry" byte vext.8 $Z,$zero,#1 @ Z>>=8 - vmull.p8 $R,$Zo,$mod @ "carry"·0xe1 + vmull.p8 $R,$Zo,$mod @ "carry"·0xe1 vshr.u8 $Zo,$T,#7 @ save Z's bottom bit vext.8 $Qpost,$Qlo,$zero,#1 @ Qlo>>=8 veor $Z,$Qhi diff --git a/crypto/openssl/crypto/modes/asm/ghash-x86.pl b/crypto/openssl/crypto/modes/asm/ghash-x86.pl index 83c727e..2426cd0 100755 --- a/crypto/openssl/crypto/modes/asm/ghash-x86.pl +++ b/crypto/openssl/crypto/modes/asm/ghash-x86.pl @@ -346,7 +346,7 @@ $S=12; # shift factor for rem_4bit # effective address calculation and finally merge of value to Z.hi. # Reference to rem_4bit is scheduled so late that I had to >>4 # rem_4bit elements. This resulted in 20-45% procent improvement -# on contemporary µ-archs. +# on contemporary µ-archs. { my $cnt; my $rem_4bit = "eax"; diff --git a/crypto/openssl/crypto/ocsp/ocsp_lib.c b/crypto/openssl/crypto/ocsp/ocsp_lib.c index d28d6b5..8db62ba 100644 --- a/crypto/openssl/crypto/ocsp/ocsp_lib.c +++ b/crypto/openssl/crypto/ocsp/ocsp_lib.c @@ -246,12 +246,6 @@ int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, if ((p = strchr(p, ':'))) { *p = 0; port = p + 1; - } else { - /* Not found: set default port */ - if (*pssl) - port = "443"; - else - port = "80"; } *pport = BUF_strdup(port); diff --git a/crypto/openssl/crypto/ocsp/ocsp_prn.c b/crypto/openssl/crypto/ocsp/ocsp_prn.c index 1834256..47d5f83 100644 --- a/crypto/openssl/crypto/ocsp/ocsp_prn.c +++ b/crypto/openssl/crypto/ocsp/ocsp_prn.c @@ -212,8 +212,7 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE *o, unsigned long flags) return 1; } - i = ASN1_STRING_length(rb->response); - if (!(br = OCSP_response_get1_basic(o))) + if ((br = OCSP_response_get1_basic(o)) == NULL) goto err; rd = br->tbsResponseData; l = ASN1_INTEGER_get(rd->version); diff --git a/crypto/openssl/crypto/opensslconf.h b/crypto/openssl/crypto/opensslconf.h index 4a6e276..f2fbba1 100644 --- a/crypto/openssl/crypto/opensslconf.h +++ b/crypto/openssl/crypto/opensslconf.h @@ -204,7 +204,7 @@ extern "C" { optimization options. Older Sparc's work better with only UNROLL, but there's no way to tell at compile time what it is you're running on */ -#if defined( sun ) /* Newer Sparc's */ +#if defined( __sun ) || defined ( sun ) /* Newer Sparc's */ # define DES_PTR # define DES_RISC1 # define DES_UNROLL diff --git a/crypto/openssl/crypto/opensslconf.h.in b/crypto/openssl/crypto/opensslconf.h.in index 814309b..7a1c85d 100644 --- a/crypto/openssl/crypto/opensslconf.h.in +++ b/crypto/openssl/crypto/opensslconf.h.in @@ -120,7 +120,7 @@ optimization options. Older Sparc's work better with only UNROLL, but there's no way to tell at compile time what it is you're running on */ -#if defined( sun ) /* Newer Sparc's */ +#if defined( __sun ) || defined ( sun ) /* Newer Sparc's */ # define DES_PTR # define DES_RISC1 # define DES_UNROLL diff --git a/crypto/openssl/crypto/opensslv.h b/crypto/openssl/crypto/opensslv.h index b02adfa..6dd2ffe 100644 --- a/crypto/openssl/crypto/opensslv.h +++ b/crypto/openssl/crypto/opensslv.h @@ -30,11 +30,11 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x1000110fL +# define OPENSSL_VERSION_NUMBER 0x1000111fL # ifdef OPENSSL_FIPS -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1p-fips 9 Jul 2015" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1q-fips 3 Dec 2015" # else -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1p-freebsd 9 Jul 2015" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1q-freebsd 3 Dec 2015" # endif # define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/crypto/openssl/crypto/pem/pem_info.c b/crypto/openssl/crypto/pem/pem_info.c index 68747d1..4d736a1 100644 --- a/crypto/openssl/crypto/pem/pem_info.c +++ b/crypto/openssl/crypto/pem/pem_info.c @@ -172,6 +172,8 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, xi->enc_len = 0; xi->x_pkey = X509_PKEY_new(); + if (xi->x_pkey == NULL) + goto err; ptype = EVP_PKEY_RSA; pp = &xi->x_pkey->dec_pkey; if ((int)strlen(header) > 10) /* assume encrypted */ @@ -193,6 +195,8 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, xi->enc_len = 0; xi->x_pkey = X509_PKEY_new(); + if (xi->x_pkey == NULL) + goto err; ptype = EVP_PKEY_DSA; pp = &xi->x_pkey->dec_pkey; if ((int)strlen(header) > 10) /* assume encrypted */ @@ -214,6 +218,8 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, xi->enc_len = 0; xi->x_pkey = X509_PKEY_new(); + if (xi->x_pkey == NULL) + goto err; ptype = EVP_PKEY_EC; pp = &xi->x_pkey->dec_pkey; if ((int)strlen(header) > 10) /* assume encrypted */ diff --git a/crypto/openssl/crypto/pem/pvkfmt.c b/crypto/openssl/crypto/pem/pvkfmt.c index ee4b6a8..82d4527 100644 --- a/crypto/openssl/crypto/pem/pvkfmt.c +++ b/crypto/openssl/crypto/pem/pvkfmt.c @@ -624,13 +624,11 @@ static int do_PVK_header(const unsigned char **in, unsigned int length, PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_PVK_TOO_SHORT); return 0; } - length -= 20; } else { if (length < 24) { PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_PVK_TOO_SHORT); return 0; } - length -= 24; pvk_magic = read_ledword(&p); if (pvk_magic != MS_PVKMAGIC) { PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_BAD_MAGIC_NUMBER); @@ -692,23 +690,23 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in, inlen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u); if (inlen <= 0) { PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_PASSWORD_READ); - return NULL; + goto err; } enctmp = OPENSSL_malloc(keylen + 8); if (!enctmp) { PEMerr(PEM_F_DO_PVK_BODY, ERR_R_MALLOC_FAILURE); - return NULL; + goto err; } if (!derive_pvk_key(keybuf, p, saltlen, (unsigned char *)psbuf, inlen)) - return NULL; + goto err; p += saltlen; /* Copy BLOBHEADER across, decrypt rest */ memcpy(enctmp, p, 8); p += 8; if (keylen < 8) { PEMerr(PEM_F_DO_PVK_BODY, PEM_R_PVK_TOO_SHORT); - return NULL; + goto err; } inlen = keylen - 8; q = enctmp + 8; diff --git a/crypto/openssl/crypto/pkcs12/p12_add.c b/crypto/openssl/crypto/pkcs12/p12_add.c index 982805d..d9f03a3 100644 --- a/crypto/openssl/crypto/pkcs12/p12_add.c +++ b/crypto/openssl/crypto/pkcs12/p12_add.c @@ -75,15 +75,19 @@ PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, bag->type = OBJ_nid2obj(nid1); if (!ASN1_item_pack(obj, it, &bag->value.octet)) { PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); - return NULL; + goto err; } if (!(safebag = PKCS12_SAFEBAG_new())) { PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); - return NULL; + goto err; } safebag->value.bag = bag; safebag->type = OBJ_nid2obj(nid2); return safebag; + + err: + PKCS12_BAGS_free(bag); + return NULL; } /* Turn PKCS8 object into a keybag */ @@ -127,6 +131,7 @@ PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass, PKCS8_encrypt(pbe_nid, pbe_ciph, pass, passlen, salt, saltlen, iter, p8))) { PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE); + PKCS12_SAFEBAG_free(bag); return NULL; } @@ -144,14 +149,18 @@ PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk) p7->type = OBJ_nid2obj(NID_pkcs7_data); if (!(p7->d.data = M_ASN1_OCTET_STRING_new())) { PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE); - return NULL; + goto err; } if (!ASN1_item_pack(sk, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), &p7->d.data)) { PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, PKCS12_R_CANT_PACK_STRUCTURE); - return NULL; + goto err; } return p7; + + err: + PKCS7_free(p7); + return NULL; } /* Unpack SAFEBAGS from PKCS#7 data ContentInfo */ @@ -181,7 +190,7 @@ PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, if (!PKCS7_set_type(p7, NID_pkcs7_encrypted)) { PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE); - return NULL; + goto err; } pbe_ciph = EVP_get_cipherbynid(pbe_nid); @@ -193,7 +202,7 @@ PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, if (!pbe) { PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE); - return NULL; + goto err; } X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm); p7->d.encrypted->enc_data->algorithm = pbe; @@ -202,10 +211,14 @@ PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), pass, passlen, bags, 1))) { PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, PKCS12_R_ENCRYPT_ERROR); - return NULL; + goto err; } return p7; + + err: + PKCS7_free(p7); + return NULL; } STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, diff --git a/crypto/openssl/crypto/pkcs12/p12_crpt.c b/crypto/openssl/crypto/pkcs12/p12_crpt.c index 3a166e6..9c2dcab 100644 --- a/crypto/openssl/crypto/pkcs12/p12_crpt.c +++ b/crypto/openssl/crypto/pkcs12/p12_crpt.c @@ -77,6 +77,9 @@ int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, const unsigned char *pbuf; unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; + if (cipher == NULL) + return 0; + /* Extract useful info from parameter */ if (param == NULL || param->type != V_ASN1_SEQUENCE || param->value.sequence == NULL) { diff --git a/crypto/openssl/crypto/pkcs12/p12_mutl.c b/crypto/openssl/crypto/pkcs12/p12_mutl.c index 5ab4bf2..a927782 100644 --- a/crypto/openssl/crypto/pkcs12/p12_mutl.c +++ b/crypto/openssl/crypto/pkcs12/p12_mutl.c @@ -173,11 +173,11 @@ int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen, } if (!saltlen) saltlen = PKCS12_SALT_LEN; - p12->mac->salt->length = saltlen; - if (!(p12->mac->salt->data = OPENSSL_malloc(saltlen))) { + if ((p12->mac->salt->data = OPENSSL_malloc(saltlen)) == NULL) { PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); return 0; } + p12->mac->salt->length = saltlen; if (!salt) { if (RAND_pseudo_bytes(p12->mac->salt->data, saltlen) < 0) return 0; diff --git a/crypto/openssl/crypto/pkcs7/pk7_doit.c b/crypto/openssl/crypto/pkcs7/pk7_doit.c index c8d7db0..946aaa6 100644 --- a/crypto/openssl/crypto/pkcs7/pk7_doit.c +++ b/crypto/openssl/crypto/pkcs7/pk7_doit.c @@ -656,6 +656,8 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) bio = BIO_new_mem_buf(data_body->data, data_body->length); else { bio = BIO_new(BIO_s_mem()); + if (bio == NULL) + goto err; BIO_set_mem_eof_return(bio, 0); } if (bio == NULL) @@ -1156,7 +1158,6 @@ PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx) rsk = p7->d.signed_and_enveloped->recipientinfo; if (rsk == NULL) return NULL; - ri = sk_PKCS7_RECIP_INFO_value(rsk, 0); if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx) return (NULL); ri = sk_PKCS7_RECIP_INFO_value(rsk, idx); diff --git a/crypto/openssl/crypto/rc4/asm/rc4-x86_64.pl b/crypto/openssl/crypto/rc4/asm/rc4-x86_64.pl index 75750db..20722d3 100755 --- a/crypto/openssl/crypto/rc4/asm/rc4-x86_64.pl +++ b/crypto/openssl/crypto/rc4/asm/rc4-x86_64.pl @@ -56,7 +56,7 @@ # achieves respectful 432MBps on 2.8GHz processor now. For reference. # If executed on Xeon, current RC4_CHAR code-path is 2.7x faster than # RC4_INT code-path. While if executed on Opteron, it's only 25% -# slower than the RC4_INT one [meaning that if CPU µ-arch detection +# slower than the RC4_INT one [meaning that if CPU µ-arch detection # is not implemented, then this final RC4_CHAR code-path should be # preferred, as it provides better *all-round* performance]. diff --git a/crypto/openssl/crypto/rsa/rsa_ameth.c b/crypto/openssl/crypto/rsa/rsa_ameth.c index 93e071d..c7f1148 100644 --- a/crypto/openssl/crypto/rsa/rsa_ameth.c +++ b/crypto/openssl/crypto/rsa/rsa_ameth.c @@ -279,7 +279,7 @@ static RSA_PSS_PARAMS *rsa_pss_decode(const X509_ALGOR *alg, if (pss->maskGenAlgorithm) { ASN1_TYPE *param = pss->maskGenAlgorithm->parameter; if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) == NID_mgf1 - && param->type == V_ASN1_SEQUENCE) { + && param && param->type == V_ASN1_SEQUENCE) { p = param->value.sequence->data; plen = param->value.sequence->length; *pmaskHash = d2i_X509_ALGOR(NULL, &p, plen); diff --git a/crypto/openssl/crypto/rsa/rsa_gen.c b/crypto/openssl/crypto/rsa/rsa_gen.c index 2465fbd..7f7dca3 100644 --- a/crypto/openssl/crypto/rsa/rsa_gen.c +++ b/crypto/openssl/crypto/rsa/rsa_gen.c @@ -69,6 +69,8 @@ #include <openssl/rsa.h> #ifdef OPENSSL_FIPS # include <openssl/fips.h> +extern int FIPS_rsa_x931_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, + BN_GENCB *cb); #endif static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, @@ -94,7 +96,7 @@ int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) return rsa->meth->rsa_keygen(rsa, bits, e_value, cb); #ifdef OPENSSL_FIPS if (FIPS_mode()) - return FIPS_rsa_generate_key_ex(rsa, bits, e_value, cb); + return FIPS_rsa_x931_generate_key_ex(rsa, bits, e_value, cb); #endif return rsa_builtin_keygen(rsa, bits, e_value, cb); } diff --git a/crypto/openssl/crypto/rsa/rsa_sign.c b/crypto/openssl/crypto/rsa/rsa_sign.c index bc91da2..41c827f 100644 --- a/crypto/openssl/crypto/rsa/rsa_sign.c +++ b/crypto/openssl/crypto/rsa/rsa_sign.c @@ -218,14 +218,13 @@ int int_rsa_verify(int dtype, const unsigned char *m, memcpy(rm, s + 2, 16); *prm_len = 16; ret = 1; - } else if (memcmp(m, s + 2, 16)) + } else if (memcmp(m, s + 2, 16)) { RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE); - else + } else { ret = 1; - } - - /* Special case: SSL signature */ - if (dtype == NID_md5_sha1) { + } + } else if (dtype == NID_md5_sha1) { + /* Special case: SSL signature */ if ((i != SSL_SIG_LENGTH) || memcmp(s, m, SSL_SIG_LENGTH)) RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE); else diff --git a/crypto/openssl/crypto/rsa/rsa_test.c b/crypto/openssl/crypto/rsa/rsa_test.c index e971295..85c7440 100644 --- a/crypto/openssl/crypto/rsa/rsa_test.c +++ b/crypto/openssl/crypto/rsa/rsa_test.c @@ -297,22 +297,30 @@ int main(int argc, char *argv[]) } else printf("OAEP encryption/decryption ok\n"); - /* Try decrypting corrupted ciphertexts */ + /* Try decrypting corrupted ciphertexts. */ for (n = 0; n < clen; ++n) { - int b; - unsigned char saved = ctext[n]; - for (b = 0; b < 256; ++b) { - if (b == saved) - continue; - ctext[n] = b; - num = RSA_private_decrypt(num, ctext, ptext, key, + ctext[n] ^= 1; + num = RSA_private_decrypt(clen, ctext, ptext, key, RSA_PKCS1_OAEP_PADDING); - if (num > 0) { - printf("Corrupt data decrypted!\n"); - err = 1; - } + if (num > 0) { + printf("Corrupt data decrypted!\n"); + err = 1; + break; } + ctext[n] ^= 1; } + + /* Test truncated ciphertexts, as well as negative length. */ + for (n = -1; n < clen; ++n) { + num = RSA_private_decrypt(n, ctext, ptext, key, + RSA_PKCS1_OAEP_PADDING); + if (num > 0) { + printf("Truncated data decrypted!\n"); + err = 1; + break; + } + } + next: RSA_free(key); } diff --git a/crypto/openssl/crypto/sha/asm/sha1-586.pl b/crypto/openssl/crypto/sha/asm/sha1-586.pl index 1084d22..2b119ff 100644 --- a/crypto/openssl/crypto/sha/asm/sha1-586.pl +++ b/crypto/openssl/crypto/sha/asm/sha1-586.pl @@ -66,9 +66,9 @@ # switch to AVX alone improves performance by as little as 4% in # comparison to SSSE3 code path. But below result doesn't look like # 4% improvement... Trouble is that Sandy Bridge decodes 'ro[rl]' as -# pair of µ-ops, and it's the additional µ-ops, two per round, that +# pair of µ-ops, and it's the additional µ-ops, two per round, that # make it run slower than Core2 and Westmere. But 'sh[rl]d' is decoded -# as single µ-op by Sandy Bridge and it's replacing 'ro[rl]' with +# as single µ-op by Sandy Bridge and it's replacing 'ro[rl]' with # equivalent 'sh[rl]d' that is responsible for the impressive 5.1 # cycles per processed byte. But 'sh[rl]d' is not something that used # to be fast, nor does it appear to be fast in upcoming Bulldozer diff --git a/crypto/openssl/crypto/sha/asm/sha256-586.pl b/crypto/openssl/crypto/sha/asm/sha256-586.pl index 928ec53..52a7c7f 100755 --- a/crypto/openssl/crypto/sha/asm/sha256-586.pl +++ b/crypto/openssl/crypto/sha/asm/sha256-586.pl @@ -21,7 +21,7 @@ # purposes. # # Performance improvement over compiler generated code varies from -# 10% to 40% [see above]. Not very impressive on some µ-archs, but +# 10% to 40% [see above]. Not very impressive on some µ-archs, but # it's 5 times smaller and optimizies amount of writes. $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; diff --git a/crypto/openssl/crypto/sha/asm/sha512-586.pl b/crypto/openssl/crypto/sha/asm/sha512-586.pl index 7eab6a5..9f8c51e 100755 --- a/crypto/openssl/crypto/sha/asm/sha512-586.pl +++ b/crypto/openssl/crypto/sha/asm/sha512-586.pl @@ -23,7 +23,7 @@ # # IALU code-path is optimized for elder Pentiums. On vanilla Pentium # performance improvement over compiler generated code reaches ~60%, -# while on PIII - ~35%. On newer µ-archs improvement varies from 15% +# while on PIII - ~35%. On newer µ-archs improvement varies from 15% # to 50%, but it's less important as they are expected to execute SSE2 # code-path, which is commonly ~2-3x faster [than compiler generated # code]. SSE2 code-path is as fast as original sha512-sse2.pl, even diff --git a/crypto/openssl/crypto/sha/asm/sha512-parisc.pl b/crypto/openssl/crypto/sha/asm/sha512-parisc.pl index fc0e15b..6cad72e 100755 --- a/crypto/openssl/crypto/sha/asm/sha512-parisc.pl +++ b/crypto/openssl/crypto/sha/asm/sha512-parisc.pl @@ -19,7 +19,7 @@ # SHA512 performance is >2.9x better than gcc 3.2 generated code on # PA-7100LC, PA-RISC 1.1 processor. Then implementation detects if the # code is executed on PA-RISC 2.0 processor and switches to 64-bit -# code path delivering adequate peformance even in "blended" 32-bit +# code path delivering adequate performance even in "blended" 32-bit # build. Though 64-bit code is not any faster than code generated by # vendor compiler on PA-8600... # diff --git a/crypto/openssl/crypto/sparccpuid.S b/crypto/openssl/crypto/sparccpuid.S index 0cc247e..c63d5da 100644 --- a/crypto/openssl/crypto/sparccpuid.S +++ b/crypto/openssl/crypto/sparccpuid.S @@ -123,7 +123,7 @@ OPENSSL_wipe_cpu: fmovs %f1,%f3 fmovs %f0,%f2 - add %fp,BIAS,%i0 ! return pointer to caller´s top of stack + add %fp,BIAS,%i0 ! return pointer to caller´s top of stack ret restore diff --git a/crypto/openssl/crypto/srp/srp_vfy.c b/crypto/openssl/crypto/srp/srp_vfy.c index 50f75d7..a3f1a8a 100644 --- a/crypto/openssl/crypto/srp/srp_vfy.c +++ b/crypto/openssl/crypto/srp/srp_vfy.c @@ -521,12 +521,12 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt, char **verifier, const char *N, const char *g) { int len; - char *result = NULL; - char *vf; + char *result = NULL, *vf = NULL; BIGNUM *N_bn = NULL, *g_bn = NULL, *s = NULL, *v = NULL; unsigned char tmp[MAX_LEN]; unsigned char tmp2[MAX_LEN]; char *defgNid = NULL; + int vfsize = 0; if ((user == NULL) || (pass == NULL) || (salt == NULL) || (verifier == NULL)) @@ -564,22 +564,23 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt, goto err; BN_bn2bin(v, tmp); - if (((vf = OPENSSL_malloc(BN_num_bytes(v) * 2)) == NULL)) + vfsize = BN_num_bytes(v) * 2; + if (((vf = OPENSSL_malloc(vfsize)) == NULL)) goto err; t_tob64(vf, tmp, BN_num_bytes(v)); - *verifier = vf; if (*salt == NULL) { char *tmp_salt; if ((tmp_salt = OPENSSL_malloc(SRP_RANDOM_SALT_LEN * 2)) == NULL) { - OPENSSL_free(vf); goto err; } t_tob64(tmp_salt, tmp2, SRP_RANDOM_SALT_LEN); *salt = tmp_salt; } + *verifier = vf; + vf = NULL; result = defgNid; err: @@ -587,11 +588,21 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt, BN_free(N_bn); BN_free(g_bn); } + OPENSSL_cleanse(vf, vfsize); + OPENSSL_free(vf); + BN_clear_free(s); + BN_clear_free(v); return result; } /* - * create a verifier (*salt,*verifier,g and N are BIGNUMs) + * create a verifier (*salt,*verifier,g and N are BIGNUMs). If *salt != NULL + * then the provided salt will be used. On successful exit *verifier will point + * to a newly allocated BIGNUM containing the verifier and (if a salt was not + * provided) *salt will be populated with a newly allocated BIGNUM containing a + * random salt. + * The caller is responsible for freeing the allocated *salt and *verifier + * BIGNUMS. */ int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, BIGNUM **verifier, BIGNUM *N, BIGNUM *g) @@ -600,6 +611,7 @@ int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, BIGNUM *x = NULL; BN_CTX *bn_ctx = BN_CTX_new(); unsigned char tmp2[MAX_LEN]; + BIGNUM *salttmp = NULL; if ((user == NULL) || (pass == NULL) || @@ -614,10 +626,12 @@ int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, if (RAND_pseudo_bytes(tmp2, SRP_RANDOM_SALT_LEN) < 0) goto err; - *salt = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL); + salttmp = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL); + } else { + salttmp = *salt; } - x = SRP_Calc_x(*salt, user, pass); + x = SRP_Calc_x(salttmp, user, pass); *verifier = BN_new(); if (*verifier == NULL) @@ -631,9 +645,11 @@ int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, srp_bn_print(*verifier); result = 1; + *salt = salttmp; err: - + if (*salt != salttmp) + BN_clear_free(salttmp); BN_clear_free(x); BN_CTX_free(bn_ctx); return result; diff --git a/crypto/openssl/crypto/ts/ts_rsp_verify.c b/crypto/openssl/crypto/ts/ts_rsp_verify.c index 32b4d99..1a3a7c5 100644 --- a/crypto/openssl/crypto/ts/ts_rsp_verify.c +++ b/crypto/openssl/crypto/ts/ts_rsp_verify.c @@ -522,7 +522,7 @@ static int TS_check_status_info(TS_RESP *response) if (ASN1_BIT_STRING_get_bit(info->failure_info, TS_failure_info[i].code)) { if (!first) - strcpy(failure_text, ","); + strcat(failure_text, ","); else first = 0; strcat(failure_text, TS_failure_info[i].text); diff --git a/crypto/openssl/crypto/whrlpool/asm/wp-mmx.pl b/crypto/openssl/crypto/whrlpool/asm/wp-mmx.pl index cb2381c..90c2eca5 100755 --- a/crypto/openssl/crypto/whrlpool/asm/wp-mmx.pl +++ b/crypto/openssl/crypto/whrlpool/asm/wp-mmx.pl @@ -16,7 +16,7 @@ # table]. I stick to value of 2 for two reasons: 1. smaller table # minimizes cache trashing and thus mitigates the hazard of side- # channel leakage similar to AES cache-timing one; 2. performance -# gap among different µ-archs is smaller. +# gap among different µ-archs is smaller. # # Performance table lists rounded amounts of CPU cycles spent by # whirlpool_block_mmx routine on single 64 byte input block, i.e. diff --git a/crypto/openssl/crypto/x509/x509_cmp.c b/crypto/openssl/crypto/x509/x509_cmp.c index 3c5b717..5792e7f 100644 --- a/crypto/openssl/crypto/x509/x509_cmp.c +++ b/crypto/openssl/crypto/x509/x509_cmp.c @@ -179,11 +179,24 @@ unsigned long X509_subject_name_hash_old(X509 *x) */ int X509_cmp(const X509 *a, const X509 *b) { + int rv; + /* ensure hash is valid */ X509_check_purpose((X509 *)a, -1, 0); X509_check_purpose((X509 *)b, -1, 0); - return memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH); + rv = memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH); + if (rv) + return rv; + /* Check for match against stored encoding too */ + if (!a->cert_info->enc.modified && !b->cert_info->enc.modified) { + rv = (int)(a->cert_info->enc.len - b->cert_info->enc.len); + if (rv) + return rv; + return memcmp(a->cert_info->enc.enc, b->cert_info->enc.enc, + a->cert_info->enc.len); + } + return rv; } #endif diff --git a/crypto/openssl/crypto/x509/x509_lu.c b/crypto/openssl/crypto/x509/x509_lu.c index 8415d1d..8084c4a 100644 --- a/crypto/openssl/crypto/x509/x509_lu.c +++ b/crypto/openssl/crypto/x509/x509_lu.c @@ -523,8 +523,6 @@ STACK_OF(X509_CRL) *X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm) X509_OBJECT *obj, xobj; sk = sk_X509_CRL_new_null(); CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); - /* Check cache first */ - idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_CRL, nm, &cnt); /* * Always do lookup to possibly add new CRLs to cache diff --git a/crypto/openssl/crypto/x509v3/v3_cpols.c b/crypto/openssl/crypto/x509v3/v3_cpols.c index 0febc1b..d97f622 100644 --- a/crypto/openssl/crypto/x509v3/v3_cpols.c +++ b/crypto/openssl/crypto/x509v3/v3_cpols.c @@ -186,6 +186,10 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, goto err; } pol = POLICYINFO_new(); + if (pol == NULL) { + X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE); + goto err; + } pol->policyid = pobj; } if (!sk_POLICYINFO_push(pols, pol)) { diff --git a/crypto/openssl/crypto/x509v3/v3_ncons.c b/crypto/openssl/crypto/x509v3/v3_ncons.c index b97ed27..2855269 100644 --- a/crypto/openssl/crypto/x509v3/v3_ncons.c +++ b/crypto/openssl/crypto/x509v3/v3_ncons.c @@ -132,6 +132,8 @@ static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, } tval.value = val->value; sub = GENERAL_SUBTREE_new(); + if (sub == NULL) + goto memerr; if (!v2i_GENERAL_NAME_ex(sub->base, method, ctx, &tval, 1)) goto err; if (!*ptree) diff --git a/crypto/openssl/crypto/x509v3/v3_pci.c b/crypto/openssl/crypto/x509v3/v3_pci.c index fe0d806..48ac095 100644 --- a/crypto/openssl/crypto/x509v3/v3_pci.c +++ b/crypto/openssl/crypto/x509v3/v3_pci.c @@ -3,7 +3,7 @@ * Contributed to the OpenSSL Project 2004 by Richard Levitte * (richard@levitte.org) */ -/* Copyright (c) 2004 Kungliga Tekniska Högskolan +/* Copyright (c) 2004 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * diff --git a/crypto/openssl/crypto/x509v3/v3_pcia.c b/crypto/openssl/crypto/x509v3/v3_pcia.c index 350b398..43fd362 100644 --- a/crypto/openssl/crypto/x509v3/v3_pcia.c +++ b/crypto/openssl/crypto/x509v3/v3_pcia.c @@ -3,7 +3,7 @@ * Contributed to the OpenSSL Project 2004 by Richard Levitte * (richard@levitte.org) */ -/* Copyright (c) 2004 Kungliga Tekniska Högskolan +/* Copyright (c) 2004 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * diff --git a/crypto/openssl/doc/apps/ciphers.pod b/crypto/openssl/doc/apps/ciphers.pod index 0aa1bad..0afe80d 100644 --- a/crypto/openssl/doc/apps/ciphers.pod +++ b/crypto/openssl/doc/apps/ciphers.pod @@ -205,7 +205,7 @@ keys or either respectively. cipher suites using ephemeral ECDH key agreement, including anonymous cipher suites. -=item B<EECDHE> +=item B<EECDH> cipher suites using authenticated ephemeral ECDH key agreement. diff --git a/crypto/openssl/doc/apps/dgst.pod b/crypto/openssl/doc/apps/dgst.pod index 405847a..9d2bf21 100644 --- a/crypto/openssl/doc/apps/dgst.pod +++ b/crypto/openssl/doc/apps/dgst.pod @@ -13,7 +13,6 @@ B<openssl> B<dgst> [B<-hex>] [B<-binary>] [B<-r>] -[B<-hmac arg>] [B<-non-fips-allow>] [B<-out filename>] [B<-sign filename>] @@ -64,10 +63,6 @@ output the digest or signature in binary form. output the digest in the "coreutils" format used by programs like B<sha1sum>. -=item B<-hmac arg> - -set the HMAC key to "arg". - =item B<-non-fips-allow> Allow use of non FIPS digest when in FIPS mode. This has no effect when not in diff --git a/crypto/openssl/doc/apps/genrsa.pod b/crypto/openssl/doc/apps/genrsa.pod index cb03d09..3dc9870 100644 --- a/crypto/openssl/doc/apps/genrsa.pod +++ b/crypto/openssl/doc/apps/genrsa.pod @@ -10,12 +10,6 @@ B<openssl> B<genrsa> [B<-out filename>] [B<-passout arg>] [B<-aes128>] -[B<-aes128>] -[B<-aes192>] -[B<-aes256>] -[B<-camellia128>] -[B<-camellia192>] -[B<-camellia256>] [B<-aes192>] [B<-aes256>] [B<-camellia128>] diff --git a/crypto/openssl/doc/apps/req.pod b/crypto/openssl/doc/apps/req.pod index 0730d11..37ed377 100644 --- a/crypto/openssl/doc/apps/req.pod +++ b/crypto/openssl/doc/apps/req.pod @@ -490,7 +490,7 @@ be input by calling it "1.organizationName". The actual permitted field names are any object identifier short or long names. These are compiled into OpenSSL and include the usual values such as commonName, countryName, localityName, organizationName, -organizationUnitName, stateOrProvinceName. Additionally emailAddress +organizationalUnitName, stateOrProvinceName. Additionally emailAddress is include as well as name, surname, givenName initials and dnQualifier. Additional object identifiers can be defined with the B<oid_file> or diff --git a/crypto/openssl/doc/apps/x509.pod b/crypto/openssl/doc/apps/x509.pod index 878a7c3..e0abdae 100644 --- a/crypto/openssl/doc/apps/x509.pod +++ b/crypto/openssl/doc/apps/x509.pod @@ -529,7 +529,8 @@ very rare and their use is discouraged). The options ending in "space" additionally place a space after the separator to make it more readable. The B<sep_multiline> uses a linefeed character for the RDN separator and a spaced B<+> for the AVA separator. It also -indents the fields by four characters. +indents the fields by four characters. If no field separator is specified +then B<sep_comma_plus_space> is used by default. =item B<dn_rev> diff --git a/crypto/openssl/doc/crypto/BIO_read.pod b/crypto/openssl/doc/crypto/BIO_read.pod index b345281..2c177f0 100644 --- a/crypto/openssl/doc/crypto/BIO_read.pod +++ b/crypto/openssl/doc/crypto/BIO_read.pod @@ -9,9 +9,9 @@ BIO_read, BIO_write, BIO_gets, BIO_puts - BIO I/O functions #include <openssl/bio.h> int BIO_read(BIO *b, void *buf, int len); - int BIO_gets(BIO *b,char *buf, int size); + int BIO_gets(BIO *b, char *buf, int size); int BIO_write(BIO *b, const void *buf, int len); - int BIO_puts(BIO *b,const char *buf); + int BIO_puts(BIO *b, const char *buf); =head1 DESCRIPTION @@ -26,7 +26,7 @@ return the digest and other BIOs may not support BIO_gets() at all. BIO_write() attempts to write B<len> bytes from B<buf> to BIO B<b>. -BIO_puts() attempts to write a null terminated string B<buf> to BIO B<b> +BIO_puts() attempts to write a null terminated string B<buf> to BIO B<b>. =head1 RETURN VALUES diff --git a/crypto/openssl/doc/crypto/BN_rand.pod b/crypto/openssl/doc/crypto/BN_rand.pod index 3b2796c..fde5f72 100644 --- a/crypto/openssl/doc/crypto/BN_rand.pod +++ b/crypto/openssl/doc/crypto/BN_rand.pod @@ -19,7 +19,7 @@ BN_rand, BN_pseudo_rand - generate pseudo-random number =head1 DESCRIPTION BN_rand() generates a cryptographically strong pseudo-random number of -B<bits> bits in length and stores it in B<rnd>. If B<top> is -1, the +B<bits> in length and stores it in B<rnd>. If B<top> is -1, the most significant bit of the random number can be zero. If B<top> is 0, it is set to 1, and if B<top> is 1, the two most significant bits of the number will be set to 1, so that the product of two such random @@ -33,7 +33,7 @@ non-cryptographic purposes and for certain purposes in cryptographic protocols, but usually not for key generation etc. BN_rand_range() generates a cryptographically strong pseudo-random -number B<rnd> in the range 0 <lt>= B<rnd> E<lt> B<range>. +number B<rnd> in the range 0 E<lt>= B<rnd> E<lt> B<range>. BN_pseudo_rand_range() does the same, but is based on BN_pseudo_rand(), and hence numbers generated by it are not necessarily unpredictable. diff --git a/crypto/openssl/doc/crypto/DSA_generate_parameters.pod b/crypto/openssl/doc/crypto/DSA_generate_parameters.pod index be7c924..f24c9c7 100644 --- a/crypto/openssl/doc/crypto/DSA_generate_parameters.pod +++ b/crypto/openssl/doc/crypto/DSA_generate_parameters.pod @@ -23,7 +23,7 @@ maximum of 1024 bits. If B<seed> is B<NULL> or B<seed_len> E<lt> 20, the primes will be generated at random. Otherwise, the seed is used to generate them. If the given seed does not yield a prime q, a new random -seed is chosen and placed at B<seed>. +seed is chosen. DSA_generate_parameters() places the iteration count in *B<counter_ret> and a counter used for finding a generator in diff --git a/crypto/openssl/doc/crypto/EVP_DigestVerifyInit.pod b/crypto/openssl/doc/crypto/EVP_DigestVerifyInit.pod index cfeccd9..54cad92 100644 --- a/crypto/openssl/doc/crypto/EVP_DigestVerifyInit.pod +++ b/crypto/openssl/doc/crypto/EVP_DigestVerifyInit.pod @@ -37,10 +37,11 @@ EVP_DigestVerifyInit() and EVP_DigestVerifyUpdate() return 1 for success and 0 or a negative value for failure. In particular a return value of -2 indicates the operation is not supported by the public key algorithm. -Unlike other functions the return value 0 from EVP_DigestVerifyFinal() only -indicates that the signature did not verify successfully (that is tbs did -not match the original data or the signature was of invalid form) it is not an -indication of a more serious error. +EVP_DigestVerifyFinal() returns 1 for success; any other value indicates +failure. A return value of zero indicates that the signature did not verify +successfully (that is, tbs did not match the original data or the signature had +an invalid form), while other values indicate a more serious error (and +sometimes also indicate an invalid signature form). The error codes can be obtained from L<ERR_get_error(3)|ERR_get_error(3)>. diff --git a/crypto/openssl/doc/crypto/EVP_SignInit.pod b/crypto/openssl/doc/crypto/EVP_SignInit.pod index 14ecc77..c63d6b3 100644 --- a/crypto/openssl/doc/crypto/EVP_SignInit.pod +++ b/crypto/openssl/doc/crypto/EVP_SignInit.pod @@ -2,7 +2,8 @@ =head1 NAME -EVP_SignInit, EVP_SignUpdate, EVP_SignFinal - EVP signing functions +EVP_SignInit, EVP_SignInit_ex, EVP_SignUpdate, EVP_SignFinal - EVP signing +functions =head1 SYNOPSIS diff --git a/crypto/openssl/doc/crypto/buffer.pod b/crypto/openssl/doc/crypto/buffer.pod index 781f5b1..9d6de53 100644 --- a/crypto/openssl/doc/crypto/buffer.pod +++ b/crypto/openssl/doc/crypto/buffer.pod @@ -2,8 +2,11 @@ =head1 NAME -BUF_MEM_new, BUF_MEM_free, BUF_MEM_grow, BUF_strdup - simple -character arrays structure +BUF_MEM_new, BUF_MEM_new_ex, BUF_MEM_free, BUF_MEM_grow - simple +character array structure + +BUF_strdup, BUF_strndup, BUF_memdup, BUF_strlcpy, BUF_strlcat - +standard C library equivalents =head1 SYNOPSIS @@ -15,25 +18,20 @@ character arrays structure int BUF_MEM_grow(BUF_MEM *str, int len); - char * BUF_strdup(const char *str); + char *BUF_strdup(const char *str); -=head1 DESCRIPTION + char *BUF_strndup(const char *str, size_t siz); -The buffer library handles simple character arrays. Buffers are used for -various purposes in the library, most notably memory BIOs. + void *BUF_memdup(const void *data, size_t siz); -The library uses the BUF_MEM structure defined in buffer.h: + size_t BUF_strlcpy(char *dst, const char *src, size_t size); - typedef struct buf_mem_st - { - int length; /* current number of bytes */ - char *data; - int max; /* size of buffer */ - } BUF_MEM; + size_t BUF_strlcat(char *dst, const char *src, size_t size); -B<length> is the current size of the buffer in bytes, B<max> is the amount of -memory allocated to the buffer. There are three functions which handle these -and one "miscellaneous" function. +=head1 DESCRIPTION + +The buffer library handles simple character arrays. Buffers are used for +various purposes in the library, most notably memory BIOs. BUF_MEM_new() allocates a new buffer of zero size. @@ -44,14 +42,17 @@ BUF_MEM_grow() changes the size of an already existing buffer to B<len>. Any data already in the buffer is preserved if it increases in size. -BUF_strdup() copies a null terminated string into a block of allocated -memory and returns a pointer to the allocated block. -Unlike the standard C library strdup() this function uses OPENSSL_malloc() and so -should be used in preference to the standard library strdup() because it can -be used for memory leak checking or replacing the malloc() function. +BUF_strdup(), BUF_strndup(), BUF_memdup(), BUF_strlcpy() and +BUF_strlcat() are equivalents of the standard C library functions. The +dup() functions use OPENSSL_malloc() underneath and so should be used +in preference to the standard library for memory leak checking or +replacing the malloc() function. + +Memory allocated from these functions should be freed up using the +OPENSSL_free() function. -The memory allocated from BUF_strdup() should be freed up using the OPENSSL_free() -function. +BUF_strndup makes the explicit guarantee that it will never read past +the first B<siz> bytes of B<str>. =head1 RETURN VALUES diff --git a/crypto/openssl/doc/crypto/d2i_X509_NAME.pod b/crypto/openssl/doc/crypto/d2i_X509_NAME.pod index 343ffe1..b025de7 100644 --- a/crypto/openssl/doc/crypto/d2i_X509_NAME.pod +++ b/crypto/openssl/doc/crypto/d2i_X509_NAME.pod @@ -14,7 +14,7 @@ d2i_X509_NAME, i2d_X509_NAME - X509_NAME encoding functions =head1 DESCRIPTION These functions decode and encode an B<X509_NAME> structure which is the -the same as the B<Name> type defined in RFC2459 (and elsewhere) and used +same as the B<Name> type defined in RFC2459 (and elsewhere) and used for example in certificate subject and issuer names. Othewise the functions behave in a similar way to d2i_X509() and i2d_X509() diff --git a/crypto/openssl/doc/dir-locals.example.el b/crypto/openssl/doc/dir-locals.example.el new file mode 100644 index 0000000..79d0b011 --- /dev/null +++ b/crypto/openssl/doc/dir-locals.example.el @@ -0,0 +1,15 @@ +;;; This is an example of what a .dir-locals.el suitable for OpenSSL +;;; development could look like. +;;; +;;; Apart from setting the CC mode style to "OpenSSL-II", it also +;;; makes sure that tabs are never used for indentation in any file, +;;; and that the fill column is 78. +;;; +;;; For more information see (info "(emacs) Directory Variables") + +((nil + (indent-tabs-mode . nil) + (fill-column . 78) + ) + (c-mode + (c-file-style . "OpenSSL-II"))) diff --git a/crypto/openssl/doc/openssl-c-indent.el b/crypto/openssl/doc/openssl-c-indent.el new file mode 100644 index 0000000..144a915 --- /dev/null +++ b/crypto/openssl/doc/openssl-c-indent.el @@ -0,0 +1,62 @@ +;;; This Emacs Lisp file defines a C indentation style for OpenSSL. +;;; +;;; This definition is for the "CC mode" package, which is the default +;;; mode for editing C source files in Emacs 20, not for the older +;;; c-mode.el (which was the default in less recent releaes of Emacs 19). +;;; +;;; Recommended use is to add this line in your .emacs: +;;; +;;; (load (expand-file-name "~/PATH/TO/openssl-c-indent.el")) +;;; +;;; To activate this indentation style, visit a C file, type +;;; M-x c-set-style <RET> (or C-c . for short), and enter "eay". +;;; To toggle the auto-newline feature of CC mode, type C-c C-a. +;;; +;;; If you're a OpenSSL developer, you might find it more comfortable +;;; to have this style be permanent in your OpenSSL development +;;; directory. To have that, please perform this: +;;; +;;; M-x add-dir-local-variable <RET> c-mode <RET> c-file-style <RET> +;;; "OpenSSL-II" <RET> +;;; +;;; A new buffer with .dir-locals.el will appear. Save it (C-x C-s). +;;; +;;; Alternatively, have a look at dir-locals.example.el + +;;; For suggesting improvements, please send e-mail to levitte@openssl.org. + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; Note, it could be easy to inherit from the "gnu" style... however, +;; one never knows if that style will change somewhere in the future, +;; so I've chosen to copy the "gnu" style values explicitely instead +;; and mark them with a comment. // RLevitte 2015-08-31 +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +(c-add-style "OpenSSL-II" + '((c-basic-offset . 4) + (indent-tabs-mode . nil) + (fill-column . 78) + (comment-column . 33) + (c-comment-only-line-offset 0 . 0) ; From "gnu" style + (c-hanging-braces-alist ; From "gnu" style + (substatement-open before after) ; From "gnu" style + (arglist-cont-nonempty)) ; From "gnu" style + (c-offsets-alist + (statement-block-intro . +) ; From "gnu" style + (knr-argdecl-intro . 0) + (knr-argdecl . 0) + (substatement-open . +) ; From "gnu" style + (substatement-label . 0) ; From "gnu" style + (label . 1) + (statement-case-open . +) ; From "gnu" style + (statement-cont . +) ; From "gnu" style + (arglist-intro . c-lineup-arglist-intro-after-paren) ; From "gnu" style + (arglist-close . c-lineup-arglist) ; From "gnu" style + (inline-open . 0) ; From "gnu" style + (brace-list-open . +) ; From "gnu" style + (topmost-intro-cont first c-lineup-topmost-intro-cont + c-lineup-gnu-DEFUN-intro-cont) ; From "gnu" style + ) + (c-special-indent-hook . c-gnu-impose-minimum) ; From "gnu" style + (c-block-comment-prefix . "* ") + )) diff --git a/crypto/openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod b/crypto/openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod index 5955ee1..18fb2e2 100644 --- a/crypto/openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod +++ b/crypto/openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod @@ -2,29 +2,39 @@ =head1 NAME -SSL_CTX_add_extra_chain_cert - add certificate to chain +SSL_CTX_add_extra_chain_cert, SSL_CTX_clear_extra_chain_certs - add or clear +extra chain certificates =head1 SYNOPSIS #include <openssl/ssl.h> - long SSL_CTX_add_extra_chain_cert(SSL_CTX ctx, X509 *x509) + long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509); + long SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx); =head1 DESCRIPTION -SSL_CTX_add_extra_chain_cert() adds the certificate B<x509> to the certificate -chain presented together with the certificate. Several certificates -can be added one after the other. +SSL_CTX_add_extra_chain_cert() adds the certificate B<x509> to the extra chain +certificates associated with B<ctx>. Several certificates can be added one +after another. + +SSL_CTX_clear_extra_chain_certs() clears all extra chain certificates +associated with B<ctx>. + +These functions are implemented as macros. =head1 NOTES -When constructing the certificate chain, the chain will be formed from -these certificates explicitly specified. If no chain is specified, -the library will try to complete the chain from the available CA -certificates in the trusted CA storage, see +When sending a certificate chain, extra chain certificates are sent in order +following the end entity certificate. + +If no chain is specified, the library will try to complete the chain from the +available CA certificates in the trusted CA storage, see L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>. -The B<x509> certificate provided to SSL_CTX_add_extra_chain_cert() will be freed by the library when the B<SSL_CTX> is destroyed. An application B<should not> free the B<x509> object. +The B<x509> certificate provided to SSL_CTX_add_extra_chain_cert() will be +freed by the library when the B<SSL_CTX> is destroyed. An application +B<should not> free the B<x509> object. =head1 RESTRICTIONS @@ -36,8 +46,9 @@ function. =head1 RETURN VALUES -SSL_CTX_add_extra_chain_cert() returns 1 on success. Check out the -error stack to find out the reason for failure otherwise. +SSL_CTX_add_extra_chain_cert() and SSL_CTX_clear_extra_chain_certs() return +1 on success and 0 for failure. Check out the error stack to find out the +reason for failure. =head1 SEE ALSO diff --git a/crypto/openssl/e_os.h b/crypto/openssl/e_os.h index 7584485..76c471e 100644 --- a/crypto/openssl/e_os.h +++ b/crypto/openssl/e_os.h @@ -315,7 +315,7 @@ static __inline unsigned int _strlen31(const char *str) # undef isxdigit # endif # if defined(_MSC_VER) && !defined(_DLL) && defined(stdin) -# if _MSC_VER>=1300 +# if _MSC_VER>=1300 && _MSC_VER<1600 # undef stdin # undef stdout # undef stderr @@ -323,7 +323,7 @@ FILE *__iob_func(); # define stdin (&__iob_func()[0]) # define stdout (&__iob_func()[1]) # define stderr (&__iob_func()[2]) -# elif defined(I_CAN_LIVE_WITH_LNK4049) +# elif _MSC_VER<1300 && defined(I_CAN_LIVE_WITH_LNK4049) # undef stdin # undef stdout # undef stderr @@ -612,7 +612,7 @@ struct servent *PASCAL getservbyname(const char *, const char *); # include <sys/select.h> # endif -# if defined(sun) +# if defined(__sun) || defined(sun) # include <sys/filio.h> # else # ifndef VMS @@ -654,7 +654,7 @@ struct servent *PASCAL getservbyname(const char *, const char *); # endif -# if defined(sun) && !defined(__svr4__) && !defined(__SVR4) +# if (defined(__sun) || defined(sun)) && !defined(__svr4__) && !defined(__SVR4) /* include headers first, so our defines don't break it */ # include <stdlib.h> # include <string.h> diff --git a/crypto/openssl/engines/e_chil.c b/crypto/openssl/engines/e_chil.c index 69d49d7..72d14fe 100644 --- a/crypto/openssl/engines/e_chil.c +++ b/crypto/openssl/engines/e_chil.c @@ -839,6 +839,10 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id, bn_fix_top(rtmp->n); res = EVP_PKEY_new(); + if (res == NULL) { + HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, HWCRHK_R_CHIL_ERROR); + goto err; + } EVP_PKEY_assign_RSA(res, rtmp); # endif diff --git a/crypto/openssl/ssl/Makefile b/crypto/openssl/ssl/Makefile index 29d9e45..ad14abb 100644 --- a/crypto/openssl/ssl/Makefile +++ b/crypto/openssl/ssl/Makefile @@ -15,7 +15,7 @@ KRB5_INCLUDES= CFLAGS= $(INCLUDES) $(CFLAG) GENERAL=Makefile README ssl-lib.com install.com -TEST=ssltest.c heartbeat_test.c +TEST=ssltest.c heartbeat_test.c clienthellotest.c APPS= LIB=$(TOP)/libssl.a diff --git a/crypto/openssl/ssl/bio_ssl.c b/crypto/openssl/ssl/bio_ssl.c index a0c583e..d2d4d2e 100644 --- a/crypto/openssl/ssl/bio_ssl.c +++ b/crypto/openssl/ssl/bio_ssl.c @@ -419,6 +419,10 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr) BIO_set_flags(b, BIO_FLAGS_IO_SPECIAL | BIO_FLAGS_SHOULD_RETRY); b->retry_reason = b->next_bio->retry_reason; break; + case SSL_ERROR_WANT_X509_LOOKUP: + BIO_set_retry_special(b); + b->retry_reason = BIO_RR_SSL_X509_LOOKUP; + break; default: break; } diff --git a/crypto/openssl/ssl/clienthellotest.c b/crypto/openssl/ssl/clienthellotest.c new file mode 100644 index 0000000..a00a7ea --- /dev/null +++ b/crypto/openssl/ssl/clienthellotest.c @@ -0,0 +1,218 @@ +/* Written by Matt Caswell for the OpenSSL Project */ +/* ==================================================================== + * Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <string.h> + +#include <openssl/bio.h> +#include <openssl/crypto.h> +#include <openssl/evp.h> +#include <openssl/ssl.h> +#include <openssl/err.h> + + +#define CLIENT_VERSION_LEN 2 +#define SESSION_ID_LEN_LEN 1 +#define CIPHERS_LEN_LEN 2 +#define COMPRESSION_LEN_LEN 1 +#define EXTENSIONS_LEN_LEN 2 +#define EXTENSION_TYPE_LEN 2 +#define EXTENSION_SIZE_LEN 2 + + +#define TOTAL_NUM_TESTS 2 + +/* + * Test that explicitly setting ticket data results in it appearing in the + * ClientHello for TLS1.2 + */ +#define TEST_SET_SESSION_TICK_DATA_TLS_1_2 0 + +/* + * Test that explicitly setting ticket data results in it appearing in the + * ClientHello for a negotiated SSL/TLS version + */ +#define TEST_SET_SESSION_TICK_DATA_VER_NEG 1 + +int main(int argc, char *argv[]) +{ + SSL_CTX *ctx; + SSL *con; + BIO *rbio; + BIO *wbio; + BIO *err; + long len; + unsigned char *data; + unsigned char *dataend; + char *dummytick = "Hello World!"; + unsigned int tmplen; + unsigned int type; + unsigned int size; + int testresult = 0; + int currtest = 0; + + SSL_library_init(); + SSL_load_error_strings(); + + err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); + + CRYPTO_malloc_debug_init(); + CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + + /* + * For each test set up an SSL_CTX and SSL and see what ClientHello gets + * produced when we try to connect + */ + for (; currtest < TOTAL_NUM_TESTS; currtest++) { + testresult = 0; + if (currtest == TEST_SET_SESSION_TICK_DATA_TLS_1_2) { + ctx = SSL_CTX_new(TLSv1_2_method()); + } else { + ctx = SSL_CTX_new(SSLv23_method()); + } + con = SSL_new(ctx); + + rbio = BIO_new(BIO_s_mem()); + wbio = BIO_new(BIO_s_mem()); + SSL_set_bio(con, rbio, wbio); + SSL_set_connect_state(con); + + if (currtest == TEST_SET_SESSION_TICK_DATA_TLS_1_2 + || currtest == TEST_SET_SESSION_TICK_DATA_VER_NEG) { + if (!SSL_set_session_ticket_ext(con, dummytick, strlen(dummytick))) + goto end; + } + + if (SSL_connect(con) > 0) { + /* This shouldn't succeed because we don't have a server! */ + goto end; + } + + len = BIO_get_mem_data(wbio, (char **)&data); + dataend = data + len; + + /* Skip the record header */ + data += SSL3_RT_HEADER_LENGTH; + /* Skip the handshake message header */ + data += SSL3_HM_HEADER_LENGTH; + /* Skip client version and random */ + data += CLIENT_VERSION_LEN + SSL3_RANDOM_SIZE; + if (data + SESSION_ID_LEN_LEN > dataend) + goto end; + /* Skip session id */ + tmplen = *data; + data += SESSION_ID_LEN_LEN + tmplen; + if (data + CIPHERS_LEN_LEN > dataend) + goto end; + /* Skip ciphers */ + tmplen = ((*data) << 8) | *(data + 1); + data += CIPHERS_LEN_LEN + tmplen; + if (data + COMPRESSION_LEN_LEN > dataend) + goto end; + /* Skip compression */ + tmplen = *data; + data += COMPRESSION_LEN_LEN + tmplen; + if (data + EXTENSIONS_LEN_LEN > dataend) + goto end; + /* Extensions len */ + tmplen = ((*data) << 8) | *(data + 1); + data += EXTENSIONS_LEN_LEN; + if (data + tmplen > dataend) + goto end; + + /* Loop through all extensions */ + while (tmplen > EXTENSION_TYPE_LEN + EXTENSION_SIZE_LEN) { + type = ((*data) << 8) | *(data + 1); + data += EXTENSION_TYPE_LEN; + size = ((*data) << 8) | *(data + 1); + data += EXTENSION_SIZE_LEN; + if (data + size > dataend) + goto end; + + if (type == TLSEXT_TYPE_session_ticket) { + if (currtest == TEST_SET_SESSION_TICK_DATA_TLS_1_2 + || currtest == TEST_SET_SESSION_TICK_DATA_VER_NEG) { + if (size == strlen(dummytick) + && memcmp(data, dummytick, size) == 0) { + /* Ticket data is as we expected */ + testresult = 1; + } else { + printf("Received session ticket is not as expected\n"); + } + break; + } + } + + tmplen -= EXTENSION_TYPE_LEN + EXTENSION_SIZE_LEN + size; + data += size; + } + + end: + SSL_free(con); + SSL_CTX_free(ctx); + if (!testresult) { + printf("ClientHello test: FAILED (Test %d)\n", currtest); + break; + } + } + + ERR_free_strings(); + ERR_remove_thread_state(NULL); + EVP_cleanup(); + CRYPTO_cleanup_all_ex_data(); + CRYPTO_mem_leaks(err); + + return testresult?0:1; +} diff --git a/crypto/openssl/ssl/d1_both.c b/crypto/openssl/ssl/d1_both.c index 8dd8ea3..d453c07 100644 --- a/crypto/openssl/ssl/d1_both.c +++ b/crypto/openssl/ssl/d1_both.c @@ -1490,9 +1490,12 @@ int dtls1_shutdown(SSL *s) { int ret; #ifndef OPENSSL_NO_SCTP - if (BIO_dgram_is_sctp(SSL_get_wbio(s)) && + BIO *wbio; + + wbio = SSL_get_wbio(s); + if (wbio != NULL && BIO_dgram_is_sctp(wbio) && !(s->shutdown & SSL_SENT_SHUTDOWN)) { - ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s)); + ret = BIO_dgram_sctp_wait_for_dry(wbio); if (ret < 0) return -1; diff --git a/crypto/openssl/ssl/d1_clnt.c b/crypto/openssl/ssl/d1_clnt.c index 377c1e6..eb371a2 100644 --- a/crypto/openssl/ssl/d1_clnt.c +++ b/crypto/openssl/ssl/d1_clnt.c @@ -299,13 +299,12 @@ int dtls1_connect(SSL *s) #endif case SSL3_ST_CW_CLNT_HELLO_A: - case SSL3_ST_CW_CLNT_HELLO_B: - s->shutdown = 0; /* every DTLS ClientHello resets Finished MAC */ ssl3_init_finished_mac(s); + case SSL3_ST_CW_CLNT_HELLO_B: dtls1_start_timer(s); ret = dtls1_client_hello(s); if (ret <= 0) @@ -350,11 +349,15 @@ int dtls1_connect(SSL *s) sizeof(DTLS1_SCTP_AUTH_LABEL), DTLS1_SCTP_AUTH_LABEL); - SSL_export_keying_material(s, sctpauthkey, + if (SSL_export_keying_material(s, sctpauthkey, sizeof(sctpauthkey), labelbuffer, sizeof(labelbuffer), NULL, 0, - 0); + 0) <= 0) { + ret = -1; + s->state = SSL_ST_ERR; + goto end; + } BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, @@ -362,6 +365,10 @@ int dtls1_connect(SSL *s) #endif s->state = SSL3_ST_CR_FINISHED_A; + if (s->tlsext_ticket_expected) { + /* receive renewed session ticket */ + s->state = SSL3_ST_CR_SESSION_TICKET_A; + } } else s->state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A; } @@ -484,9 +491,13 @@ int dtls1_connect(SSL *s) snprintf((char *)labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL), DTLS1_SCTP_AUTH_LABEL); - SSL_export_keying_material(s, sctpauthkey, + if (SSL_export_keying_material(s, sctpauthkey, sizeof(sctpauthkey), labelbuffer, - sizeof(labelbuffer), NULL, 0, 0); + sizeof(labelbuffer), NULL, 0, 0) <= 0) { + ret = -1; + s->state = SSL_ST_ERR; + goto end; + } BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, sizeof(sctpauthkey), sctpauthkey); diff --git a/crypto/openssl/ssl/d1_srvr.c b/crypto/openssl/ssl/d1_srvr.c index 41c7dc5..f01b8a6 100644 --- a/crypto/openssl/ssl/d1_srvr.c +++ b/crypto/openssl/ssl/d1_srvr.c @@ -267,6 +267,19 @@ int dtls1_accept(SSL *s) ssl3_init_finished_mac(s); s->state = SSL3_ST_SR_CLNT_HELLO_A; s->ctx->stats.sess_accept++; + } else if (!s->s3->send_connection_binding && + !(s->options & + SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) { + /* + * Server attempting to renegotiate with client that doesn't + * support secure renegotiation. + */ + SSLerr(SSL_F_DTLS1_ACCEPT, + SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); + ret = -1; + s->state = SSL_ST_ERR; + goto end; } else { /* * s->state == SSL_ST_RENEGOTIATE, we will just send a @@ -405,9 +418,13 @@ int dtls1_accept(SSL *s) snprintf((char *)labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL), DTLS1_SCTP_AUTH_LABEL); - SSL_export_keying_material(s, sctpauthkey, - sizeof(sctpauthkey), labelbuffer, - sizeof(labelbuffer), NULL, 0, 0); + if (SSL_export_keying_material(s, sctpauthkey, + sizeof(sctpauthkey), labelbuffer, + sizeof(labelbuffer), NULL, 0, 0) <= 0) { + ret = -1; + s->state = SSL_ST_ERR; + goto end; + } BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, sizeof(sctpauthkey), sctpauthkey); @@ -628,9 +645,13 @@ int dtls1_accept(SSL *s) snprintf((char *)labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL), DTLS1_SCTP_AUTH_LABEL); - SSL_export_keying_material(s, sctpauthkey, + if (SSL_export_keying_material(s, sctpauthkey, sizeof(sctpauthkey), labelbuffer, - sizeof(labelbuffer), NULL, 0, 0); + sizeof(labelbuffer), NULL, 0, 0) <= 0) { + ret = -1; + s->state = SSL_ST_ERR; + goto end; + } BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, sizeof(sctpauthkey), sctpauthkey); diff --git a/crypto/openssl/ssl/s23_clnt.c b/crypto/openssl/ssl/s23_clnt.c index 3766567..2b2855d 100644 --- a/crypto/openssl/ssl/s23_clnt.c +++ b/crypto/openssl/ssl/s23_clnt.c @@ -373,12 +373,13 @@ static int ssl23_client_hello(SSL *s) buf = (unsigned char *)s->init_buf->data; if (s->state == SSL23_ST_CW_CLNT_HELLO_A) { -#if 0 - /* don't reuse session-id's */ + /* + * Since we're sending s23 client hello, we're not reusing a session, as + * we'd be using the method from the saved session instead + */ if (!ssl_get_new_session(s, 0)) { - return (-1); + return -1; } -#endif p = s->s3->client_random; if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0) @@ -439,9 +440,6 @@ static int ssl23_client_hello(SSL *s) /* * put in the session-id length (zero since there is no reuse) */ -#if 0 - s->session->session_id_length = 0; -#endif s2n(0, d); if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG) @@ -729,6 +727,8 @@ static int ssl23_get_server_hello(SSL *s) goto err; } + s->session->ssl_version = s->version; + /* ensure that TLS_MAX_VERSION is up-to-date */ OPENSSL_assert(s->version <= TLS_MAX_VERSION); @@ -784,13 +784,6 @@ static int ssl23_get_server_hello(SSL *s) } s->init_num = 0; - /* - * Since, if we are sending a ssl23 client hello, we are not reusing a - * session-id - */ - if (!ssl_get_new_session(s, 0)) - goto err; - return (SSL_connect(s)); err: return (-1); diff --git a/crypto/openssl/ssl/s3_cbc.c b/crypto/openssl/ssl/s3_cbc.c index 2fb71f2..b3bff74 100644 --- a/crypto/openssl/ssl/s3_cbc.c +++ b/crypto/openssl/ssl/s3_cbc.c @@ -411,8 +411,9 @@ char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx) * functions, above, we know that data_plus_mac_size is large enough to contain * a padding byte and MAC. (If the padding was invalid, it might contain the * padding too. ) + * Returns 1 on success or 0 on error */ -void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, +int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char *md_out, size_t *md_out_size, const unsigned char header[13], @@ -455,7 +456,8 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, switch (EVP_MD_CTX_type(ctx)) { case NID_md5: - MD5_Init((MD5_CTX *)md_state.c); + if (MD5_Init((MD5_CTX *)md_state.c) <= 0) + return 0; md_final_raw = tls1_md5_final_raw; md_transform = (void (*)(void *ctx, const unsigned char *block))MD5_Transform; @@ -464,7 +466,8 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, length_is_big_endian = 0; break; case NID_sha1: - SHA1_Init((SHA_CTX *)md_state.c); + if (SHA1_Init((SHA_CTX *)md_state.c) <= 0) + return 0; md_final_raw = tls1_sha1_final_raw; md_transform = (void (*)(void *ctx, const unsigned char *block))SHA1_Transform; @@ -472,14 +475,16 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, break; #ifndef OPENSSL_NO_SHA256 case NID_sha224: - SHA224_Init((SHA256_CTX *)md_state.c); + if (SHA224_Init((SHA256_CTX *)md_state.c) <= 0) + return 0; md_final_raw = tls1_sha256_final_raw; md_transform = (void (*)(void *ctx, const unsigned char *block))SHA256_Transform; md_size = 224 / 8; break; case NID_sha256: - SHA256_Init((SHA256_CTX *)md_state.c); + if (SHA256_Init((SHA256_CTX *)md_state.c) <= 0) + return 0; md_final_raw = tls1_sha256_final_raw; md_transform = (void (*)(void *ctx, const unsigned char *block))SHA256_Transform; @@ -488,7 +493,8 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, #endif #ifndef OPENSSL_NO_SHA512 case NID_sha384: - SHA384_Init((SHA512_CTX *)md_state.c); + if (SHA384_Init((SHA512_CTX *)md_state.c) <= 0) + return 0; md_final_raw = tls1_sha512_final_raw; md_transform = (void (*)(void *ctx, const unsigned char *block))SHA512_Transform; @@ -497,7 +503,8 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, md_length_size = 16; break; case NID_sha512: - SHA512_Init((SHA512_CTX *)md_state.c); + if (SHA512_Init((SHA512_CTX *)md_state.c) <= 0) + return 0; md_final_raw = tls1_sha512_final_raw; md_transform = (void (*)(void *ctx, const unsigned char *block))SHA512_Transform; @@ -514,7 +521,7 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, OPENSSL_assert(0); if (md_out_size) *md_out_size = -1; - return; + return 0; } OPENSSL_assert(md_length_size <= MAX_HASH_BIT_COUNT_BYTES); @@ -652,7 +659,7 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, */ if (header_length <= md_block_size) { /* Should never happen */ - return; + return 0; } overhang = header_length - md_block_size; md_transform(md_state.c, header); @@ -733,26 +740,34 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, } EVP_MD_CTX_init(&md_ctx); - EVP_DigestInit_ex(&md_ctx, ctx->digest, NULL /* engine */ ); + if (EVP_DigestInit_ex(&md_ctx, ctx->digest, NULL /* engine */ ) <= 0) + goto err; if (is_sslv3) { /* We repurpose |hmac_pad| to contain the SSLv3 pad2 block. */ memset(hmac_pad, 0x5c, sslv3_pad_length); - EVP_DigestUpdate(&md_ctx, mac_secret, mac_secret_length); - EVP_DigestUpdate(&md_ctx, hmac_pad, sslv3_pad_length); - EVP_DigestUpdate(&md_ctx, mac_out, md_size); + if (EVP_DigestUpdate(&md_ctx, mac_secret, mac_secret_length) <= 0 + || EVP_DigestUpdate(&md_ctx, hmac_pad, sslv3_pad_length) <= 0 + || EVP_DigestUpdate(&md_ctx, mac_out, md_size) <= 0) + goto err; } else { /* Complete the HMAC in the standard manner. */ for (i = 0; i < md_block_size; i++) hmac_pad[i] ^= 0x6a; - EVP_DigestUpdate(&md_ctx, hmac_pad, md_block_size); - EVP_DigestUpdate(&md_ctx, mac_out, md_size); + if (EVP_DigestUpdate(&md_ctx, hmac_pad, md_block_size) <= 0 + || EVP_DigestUpdate(&md_ctx, mac_out, md_size) <= 0) + goto err; } EVP_DigestFinal(&md_ctx, md_out, &md_out_size_u); if (md_out_size) *md_out_size = md_out_size_u; EVP_MD_CTX_cleanup(&md_ctx); + + return 1; +err: + EVP_MD_CTX_cleanup(&md_ctx); + return 0; } #ifdef OPENSSL_FIPS diff --git a/crypto/openssl/ssl/s3_clnt.c b/crypto/openssl/ssl/s3_clnt.c index 35ad121..0578a9c 100644 --- a/crypto/openssl/ssl/s3_clnt.c +++ b/crypto/openssl/ssl/s3_clnt.c @@ -1624,6 +1624,12 @@ int ssl3_get_key_exchange(SSL *s) } p += i; + if (BN_is_zero(dh->p)) { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_P_VALUE); + goto f_err; + } + + if (2 > n - param_len) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT); goto f_err; @@ -1644,6 +1650,11 @@ int ssl3_get_key_exchange(SSL *s) } p += i; + if (BN_is_zero(dh->g)) { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_G_VALUE); + goto f_err; + } + if (2 > n - param_len) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT); goto f_err; @@ -1665,6 +1676,11 @@ int ssl3_get_key_exchange(SSL *s) p += i; n -= param_len; + if (BN_is_zero(dh->pub_key)) { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_PUB_KEY_VALUE); + goto f_err; + } + # ifndef OPENSSL_NO_RSA if (alg_a & SSL_aRSA) pkey = @@ -1867,14 +1883,20 @@ int ssl3_get_key_exchange(SSL *s) q = md_buf; for (num = 2; num > 0; num--) { EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); - EVP_DigestInit_ex(&md_ctx, (num == 2) - ? s->ctx->md5 : s->ctx->sha1, NULL); - EVP_DigestUpdate(&md_ctx, &(s->s3->client_random[0]), - SSL3_RANDOM_SIZE); - EVP_DigestUpdate(&md_ctx, &(s->s3->server_random[0]), - SSL3_RANDOM_SIZE); - EVP_DigestUpdate(&md_ctx, param, param_len); - EVP_DigestFinal_ex(&md_ctx, q, &size); + if (EVP_DigestInit_ex(&md_ctx, + (num == 2) ? s->ctx->md5 : s->ctx->sha1, + NULL) <= 0 + || EVP_DigestUpdate(&md_ctx, &(s->s3->client_random[0]), + SSL3_RANDOM_SIZE) <= 0 + || EVP_DigestUpdate(&md_ctx, &(s->s3->server_random[0]), + SSL3_RANDOM_SIZE) <= 0 + || EVP_DigestUpdate(&md_ctx, param, param_len) <= 0 + || EVP_DigestFinal_ex(&md_ctx, q, &size) <= 0) { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); + al = SSL_AD_INTERNAL_ERROR; + goto f_err; + } q += size; j += size; } @@ -1893,12 +1915,16 @@ int ssl3_get_key_exchange(SSL *s) } else #endif { - EVP_VerifyInit_ex(&md_ctx, md, NULL); - EVP_VerifyUpdate(&md_ctx, &(s->s3->client_random[0]), - SSL3_RANDOM_SIZE); - EVP_VerifyUpdate(&md_ctx, &(s->s3->server_random[0]), - SSL3_RANDOM_SIZE); - EVP_VerifyUpdate(&md_ctx, param, param_len); + if (EVP_VerifyInit_ex(&md_ctx, md, NULL) <= 0 + || EVP_VerifyUpdate(&md_ctx, &(s->s3->client_random[0]), + SSL3_RANDOM_SIZE) <= 0 + || EVP_VerifyUpdate(&md_ctx, &(s->s3->server_random[0]), + SSL3_RANDOM_SIZE) <= 0 + || EVP_VerifyUpdate(&md_ctx, param, param_len) <= 0) { + al = SSL_AD_INTERNAL_ERROR; + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_EVP_LIB); + goto f_err; + } if (EVP_VerifyFinal(&md_ctx, p, (int)n, pkey) <= 0) { /* bad signature */ al = SSL_AD_DECRYPT_ERROR; @@ -2118,6 +2144,7 @@ int ssl3_get_new_session_ticket(SSL *s) long n; const unsigned char *p; unsigned char *d; + unsigned long ticket_lifetime_hint; n = s->method->ssl_get_message(s, SSL3_ST_CR_SESSION_TICKET_A, @@ -2136,6 +2163,19 @@ int ssl3_get_new_session_ticket(SSL *s) p = d = (unsigned char *)s->init_msg; + n2l(p, ticket_lifetime_hint); + n2s(p, ticklen); + /* ticket_lifetime_hint + ticket_length + ticket */ + if (ticklen + 6 != n) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, SSL_R_LENGTH_MISMATCH); + goto f_err; + } + + /* Server is allowed to change its mind and send an empty ticket. */ + if (ticklen == 0) + return 1; + if (s->session->session_id_length > 0) { int i = s->session_ctx->session_cache_mode; SSL_SESSION *new_sess; @@ -2167,14 +2207,6 @@ int ssl3_get_new_session_ticket(SSL *s) s->session = new_sess; } - n2l(p, s->session->tlsext_tick_lifetime_hint); - n2s(p, ticklen); - /* ticket_lifetime_hint + ticket_length + ticket */ - if (ticklen + 6 != n) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, SSL_R_LENGTH_MISMATCH); - goto f_err; - } if (s->session->tlsext_tick) { OPENSSL_free(s->session->tlsext_tick); s->session->tlsext_ticklen = 0; @@ -2185,6 +2217,7 @@ int ssl3_get_new_session_ticket(SSL *s) goto err; } memcpy(s->session->tlsext_tick, p, ticklen); + s->session->tlsext_tick_lifetime_hint = ticket_lifetime_hint; s->session->tlsext_ticklen = ticklen; /* * There are two ways to detect a resumed ticket session. One is to set @@ -2354,6 +2387,7 @@ int ssl3_send_client_key_exchange(SSL *s) || (pkey->pkey.rsa == NULL)) { SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); + EVP_PKEY_free(pkey); goto err; } rsa = pkey->pkey.rsa; @@ -2801,6 +2835,11 @@ int ssl3_send_client_key_exchange(SSL *s) pkey_ctx = EVP_PKEY_CTX_new(pub_key = X509_get_pubkey(peer_cert), NULL); + if (pkey_ctx == NULL) { + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + ERR_R_MALLOC_FAILURE); + goto err; + } /* * If we have send a certificate, and certificate key * @@ -2810,10 +2849,13 @@ int ssl3_send_client_key_exchange(SSL *s) /* Otherwise, generate ephemeral key pair */ - EVP_PKEY_encrypt_init(pkey_ctx); - /* Generate session key */ - if (RAND_bytes(premaster_secret, 32) <= 0) { + if (pkey_ctx == NULL + || EVP_PKEY_encrypt_init(pkey_ctx) <= 0 + /* Generate session key */ + || RAND_bytes(premaster_secret, 32) <= 0) { EVP_PKEY_CTX_free(pkey_ctx); + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); goto err; } /* @@ -2834,13 +2876,18 @@ int ssl3_send_client_key_exchange(SSL *s) * data */ ukm_hash = EVP_MD_CTX_create(); - EVP_DigestInit(ukm_hash, - EVP_get_digestbynid(NID_id_GostR3411_94)); - EVP_DigestUpdate(ukm_hash, s->s3->client_random, - SSL3_RANDOM_SIZE); - EVP_DigestUpdate(ukm_hash, s->s3->server_random, - SSL3_RANDOM_SIZE); - EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len); + if (EVP_DigestInit(ukm_hash, + EVP_get_digestbynid(NID_id_GostR3411_94)) <= 0 + || EVP_DigestUpdate(ukm_hash, s->s3->client_random, + SSL3_RANDOM_SIZE) <= 0 + || EVP_DigestUpdate(ukm_hash, s->s3->server_random, + SSL3_RANDOM_SIZE) <= 0 + || EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len) <= 0) { + EVP_MD_CTX_destroy(ukm_hash); + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); + goto err; + } EVP_MD_CTX_destroy(ukm_hash); if (EVP_PKEY_CTX_ctrl (pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT, EVP_PKEY_CTRL_SET_IV, 8, @@ -2856,7 +2903,7 @@ int ssl3_send_client_key_exchange(SSL *s) *(p++) = V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED; msglen = 255; if (EVP_PKEY_encrypt(pkey_ctx, tmp, &msglen, premaster_secret, 32) - < 0) { + <= 0) { SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, SSL_R_LIBRARY_BUG); goto err; @@ -3057,7 +3104,10 @@ int ssl3_send_client_verify(SSL *s) pkey = s->cert->key->privatekey; /* Create context from key and test if sha1 is allowed as digest */ pctx = EVP_PKEY_CTX_new(pkey, NULL); - EVP_PKEY_sign_init(pctx); + if (pctx == NULL || EVP_PKEY_sign_init(pctx) <= 0) { + SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR); + goto err; + } if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1()) > 0) { if (TLS1_get_version(s) < TLS1_2_VERSION) s->method->ssl3_enc->cert_verify_mac(s, @@ -3194,7 +3244,6 @@ int ssl3_send_client_certificate(SSL *s) * If we get an error, we need to ssl->rwstate=SSL_X509_LOOKUP; * return(-1); We then get retied later */ - i = 0; i = ssl_do_client_cert_cb(s, &x509, &pkey); if (i < 0) { s->rwstate = SSL_X509_LOOKUP; diff --git a/crypto/openssl/ssl/s3_enc.c b/crypto/openssl/ssl/s3_enc.c index 152f40d..85ebac8 100644 --- a/crypto/openssl/ssl/s3_enc.c +++ b/crypto/openssl/ssl/s3_enc.c @@ -253,7 +253,10 @@ int ssl3_change_cipher_state(SSL *s, int which) EVP_CIPHER_CTX_init(s->enc_read_ctx); dd = s->enc_read_ctx; - ssl_replace_hash(&s->read_hash, m); + if (ssl_replace_hash(&s->read_hash, m) == NULL) { + SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); + goto err2; + } #ifndef OPENSSL_NO_COMP /* COMPRESS */ if (s->expand != NULL) { @@ -288,7 +291,10 @@ int ssl3_change_cipher_state(SSL *s, int which) */ EVP_CIPHER_CTX_init(s->enc_write_ctx); dd = s->enc_write_ctx; - ssl_replace_hash(&s->write_hash, m); + if (ssl_replace_hash(&s->write_hash, m) == NULL) { + SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); + goto err2; + } #ifndef OPENSSL_NO_COMP /* COMPRESS */ if (s->compress != NULL) { @@ -674,19 +680,21 @@ static int ssl3_handshake_mac(SSL *s, int md_nid, return 0; npad = (48 / n) * n; - if (sender != NULL) - EVP_DigestUpdate(&ctx, sender, len); - EVP_DigestUpdate(&ctx, s->session->master_key, - s->session->master_key_length); - EVP_DigestUpdate(&ctx, ssl3_pad_1, npad); - EVP_DigestFinal_ex(&ctx, md_buf, &i); - - EVP_DigestInit_ex(&ctx, EVP_MD_CTX_md(&ctx), NULL); - EVP_DigestUpdate(&ctx, s->session->master_key, - s->session->master_key_length); - EVP_DigestUpdate(&ctx, ssl3_pad_2, npad); - EVP_DigestUpdate(&ctx, md_buf, i); - EVP_DigestFinal_ex(&ctx, p, &ret); + if ((sender != NULL && EVP_DigestUpdate(&ctx, sender, len) <= 0) + || EVP_DigestUpdate(&ctx, s->session->master_key, + s->session->master_key_length) <= 0 + || EVP_DigestUpdate(&ctx, ssl3_pad_1, npad) <= 0 + || EVP_DigestFinal_ex(&ctx, md_buf, &i) <= 0 + + || EVP_DigestInit_ex(&ctx, EVP_MD_CTX_md(&ctx), NULL) <= 0 + || EVP_DigestUpdate(&ctx, s->session->master_key, + s->session->master_key_length) <= 0 + || EVP_DigestUpdate(&ctx, ssl3_pad_2, npad) <= 0 + || EVP_DigestUpdate(&ctx, md_buf, i) <= 0 + || EVP_DigestFinal_ex(&ctx, p, &ret) <= 0) { + SSLerr(SSL_F_SSL3_HANDSHAKE_MAC, ERR_R_INTERNAL_ERROR); + ret = 0; + } EVP_MD_CTX_cleanup(&ctx); @@ -758,33 +766,36 @@ int n_ssl3_mac(SSL *ssl, unsigned char *md, int send) header[j++] = rec->length & 0xff; /* Final param == is SSLv3 */ - ssl3_cbc_digest_record(hash, - md, &md_size, - header, rec->input, - rec->length + md_size, orig_len, - mac_sec, md_size, 1); + if (ssl3_cbc_digest_record(hash, + md, &md_size, + header, rec->input, + rec->length + md_size, orig_len, + mac_sec, md_size, 1) <= 0) + return -1; } else { unsigned int md_size_u; /* Chop the digest off the end :-) */ EVP_MD_CTX_init(&md_ctx); - EVP_MD_CTX_copy_ex(&md_ctx, hash); - EVP_DigestUpdate(&md_ctx, mac_sec, md_size); - EVP_DigestUpdate(&md_ctx, ssl3_pad_1, npad); - EVP_DigestUpdate(&md_ctx, seq, 8); rec_char = rec->type; - EVP_DigestUpdate(&md_ctx, &rec_char, 1); p = md; s2n(rec->length, p); - EVP_DigestUpdate(&md_ctx, md, 2); - EVP_DigestUpdate(&md_ctx, rec->input, rec->length); - EVP_DigestFinal_ex(&md_ctx, md, NULL); - - EVP_MD_CTX_copy_ex(&md_ctx, hash); - EVP_DigestUpdate(&md_ctx, mac_sec, md_size); - EVP_DigestUpdate(&md_ctx, ssl3_pad_2, npad); - EVP_DigestUpdate(&md_ctx, md, md_size); - EVP_DigestFinal_ex(&md_ctx, md, &md_size_u); + if (EVP_MD_CTX_copy_ex(&md_ctx, hash) <= 0 + || EVP_DigestUpdate(&md_ctx, mac_sec, md_size) <= 0 + || EVP_DigestUpdate(&md_ctx, ssl3_pad_1, npad) <= 0 + || EVP_DigestUpdate(&md_ctx, seq, 8) <= 0 + || EVP_DigestUpdate(&md_ctx, &rec_char, 1) <= 0 + || EVP_DigestUpdate(&md_ctx, md, 2) <= 0 + || EVP_DigestUpdate(&md_ctx, rec->input, rec->length) <= 0 + || EVP_DigestFinal_ex(&md_ctx, md, NULL) <= 0 + || EVP_MD_CTX_copy_ex(&md_ctx, hash) <= 0 + || EVP_DigestUpdate(&md_ctx, mac_sec, md_size) <= 0 + || EVP_DigestUpdate(&md_ctx, ssl3_pad_2, npad) <= 0 + || EVP_DigestUpdate(&md_ctx, md, md_size) <= 0 + || EVP_DigestFinal_ex(&md_ctx, md, &md_size_u) <= 0) { + EVP_MD_CTX_cleanup(&md_ctx); + return -1; + } md_size = md_size_u; EVP_MD_CTX_cleanup(&md_ctx); @@ -826,17 +837,24 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, EVP_MD_CTX_init(&ctx); for (i = 0; i < 3; i++) { - EVP_DigestInit_ex(&ctx, s->ctx->sha1, NULL); - EVP_DigestUpdate(&ctx, salt[i], strlen((const char *)salt[i])); - EVP_DigestUpdate(&ctx, p, len); - EVP_DigestUpdate(&ctx, &(s->s3->client_random[0]), SSL3_RANDOM_SIZE); - EVP_DigestUpdate(&ctx, &(s->s3->server_random[0]), SSL3_RANDOM_SIZE); - EVP_DigestFinal_ex(&ctx, buf, &n); - - EVP_DigestInit_ex(&ctx, s->ctx->md5, NULL); - EVP_DigestUpdate(&ctx, p, len); - EVP_DigestUpdate(&ctx, buf, n); - EVP_DigestFinal_ex(&ctx, out, &n); + if (EVP_DigestInit_ex(&ctx, s->ctx->sha1, NULL) <= 0 + || EVP_DigestUpdate(&ctx, salt[i], + strlen((const char *)salt[i])) <= 0 + || EVP_DigestUpdate(&ctx, p, len) <= 0 + || EVP_DigestUpdate(&ctx, &(s->s3->client_random[0]), + SSL3_RANDOM_SIZE) <= 0 + || EVP_DigestUpdate(&ctx, &(s->s3->server_random[0]), + SSL3_RANDOM_SIZE) <= 0 + || EVP_DigestFinal_ex(&ctx, buf, &n) <= 0 + + || EVP_DigestInit_ex(&ctx, s->ctx->md5, NULL) <= 0 + || EVP_DigestUpdate(&ctx, p, len) <= 0 + || EVP_DigestUpdate(&ctx, buf, n) <= 0 + || EVP_DigestFinal_ex(&ctx, out, &n) <= 0) { + SSLerr(SSL_F_SSL3_GENERATE_MASTER_SECRET, ERR_R_INTERNAL_ERROR); + ret = 0; + break; + } out += n; ret += n; } diff --git a/crypto/openssl/ssl/s3_lib.c b/crypto/openssl/ssl/s3_lib.c index de917d3..f716d77 100644 --- a/crypto/openssl/ssl/s3_lib.c +++ b/crypto/openssl/ssl/s3_lib.c @@ -2955,7 +2955,7 @@ int ssl3_new(SSL *s) void ssl3_free(SSL *s) { - if (s == NULL) + if (s == NULL || s->s3 == NULL) return; #ifdef TLSEXT_TYPE_opaque_prf_input diff --git a/crypto/openssl/ssl/s3_srvr.c b/crypto/openssl/ssl/s3_srvr.c index 3a5f71d..fcfc2fb 100644 --- a/crypto/openssl/ssl/s3_srvr.c +++ b/crypto/openssl/ssl/s3_srvr.c @@ -383,7 +383,6 @@ int ssl3_accept(SSL *s) */ if (al != TLS1_AD_UNKNOWN_PSK_IDENTITY) SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_CLIENTHELLO_TLSEXT); - ret = SSL_TLSEXT_ERR_ALERT_FATAL; ret = -1; s->state = SSL_ST_ERR; goto end; @@ -967,7 +966,7 @@ int ssl3_check_client_hello(SSL *s) int ssl3_get_client_hello(SSL *s) { - int i, j, ok, al, ret = -1; + int i, j, ok, al, ret = -1, cookie_valid = 0; unsigned int cookie_len; long n; unsigned long id; @@ -1155,8 +1154,7 @@ int ssl3_get_client_hello(SSL *s) SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH); goto f_err; } - - ret = 2; + cookie_valid = 1; } p += cookie_len; @@ -1264,7 +1262,7 @@ int ssl3_get_client_hello(SSL *s) #ifndef OPENSSL_NO_TLSEXT /* TLS extensions */ if (s->version >= SSL3_VERSION) { - if (!ssl_parse_clienthello_tlsext(s, &p, d, n, &al)) { + if (!ssl_parse_clienthello_tlsext(s, &p, d + n, &al)) { /* 'al' set by ssl_parse_clienthello_tlsext */ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_PARSE_TLSEXT); goto f_err; @@ -1492,8 +1490,7 @@ int ssl3_get_client_hello(SSL *s) } } - if (ret < 0) - ret = 1; + ret = cookie_valid ? 2 : 1; if (0) { f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); @@ -1503,7 +1500,7 @@ int ssl3_get_client_hello(SSL *s) if (ciphers != NULL) sk_SSL_CIPHER_free(ciphers); - return (ret); + return ret; } int ssl3_send_server_hello(SSL *s) @@ -1987,14 +1984,22 @@ int ssl3_send_server_key_exchange(SSL *s) for (num = 2; num > 0; num--) { EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); - EVP_DigestInit_ex(&md_ctx, (num == 2) - ? s->ctx->md5 : s->ctx->sha1, NULL); - EVP_DigestUpdate(&md_ctx, &(s->s3->client_random[0]), - SSL3_RANDOM_SIZE); - EVP_DigestUpdate(&md_ctx, &(s->s3->server_random[0]), - SSL3_RANDOM_SIZE); - EVP_DigestUpdate(&md_ctx, &(d[4]), n); - EVP_DigestFinal_ex(&md_ctx, q, (unsigned int *)&i); + if (EVP_DigestInit_ex(&md_ctx, + (num == 2) ? s->ctx->md5 + : s->ctx->sha1, + NULL) <= 0 + || EVP_DigestUpdate(&md_ctx, &(s->s3->client_random[0]), + SSL3_RANDOM_SIZE) <= 0 + || EVP_DigestUpdate(&md_ctx, &(s->s3->server_random[0]), + SSL3_RANDOM_SIZE) <= 0 + || EVP_DigestUpdate(&md_ctx, &(d[4]), n) <= 0 + || EVP_DigestFinal_ex(&md_ctx, q, + (unsigned int *)&i) <= 0) { + SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, + ERR_LIB_EVP); + al = SSL_AD_INTERNAL_ERROR; + goto f_err; + } q += i; j += i; } @@ -2024,16 +2029,17 @@ int ssl3_send_server_key_exchange(SSL *s) #ifdef SSL_DEBUG fprintf(stderr, "Using hash %s\n", EVP_MD_name(md)); #endif - EVP_SignInit_ex(&md_ctx, md, NULL); - EVP_SignUpdate(&md_ctx, &(s->s3->client_random[0]), - SSL3_RANDOM_SIZE); - EVP_SignUpdate(&md_ctx, &(s->s3->server_random[0]), - SSL3_RANDOM_SIZE); - EVP_SignUpdate(&md_ctx, &(d[4]), n); - if (!EVP_SignFinal(&md_ctx, &(p[2]), - (unsigned int *)&i, pkey)) { + if (EVP_SignInit_ex(&md_ctx, md, NULL) <= 0 + || EVP_SignUpdate(&md_ctx, &(s->s3->client_random[0]), + SSL3_RANDOM_SIZE) <= 0 + || EVP_SignUpdate(&md_ctx, &(s->s3->server_random[0]), + SSL3_RANDOM_SIZE) <= 0 + || EVP_SignUpdate(&md_ctx, &(d[4]), n) <= 0 + || EVP_SignFinal(&md_ctx, &(p[2]), + (unsigned int *)&i, pkey) <= 0) { SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_LIB_EVP); - goto err; + al = SSL_AD_INTERNAL_ERROR; + goto f_err; } s2n(i, p); n += i + 2; @@ -2879,7 +2885,15 @@ int ssl3_get_client_key_exchange(SSL *s) pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey; pkey_ctx = EVP_PKEY_CTX_new(pk, NULL); - EVP_PKEY_decrypt_init(pkey_ctx); + if (pkey_ctx == NULL) { + al = SSL_AD_INTERNAL_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); + goto f_err; + } + if (EVP_PKEY_decrypt_init(pkey_ctx) <= 0) { + SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); + goto gerr; + } /* * If client certificate is present and is of the same type, maybe * use it for key exchange. Don't mind errors from @@ -3123,7 +3137,17 @@ int ssl3_get_cert_verify(SSL *s) unsigned char signature[64]; int idx; EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new(pkey, NULL); - EVP_PKEY_verify_init(pctx); + if (pctx == NULL) { + al = SSL_AD_INTERNAL_ERROR; + SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, ERR_R_MALLOC_FAILURE); + goto f_err; + } + if (EVP_PKEY_verify_init(pctx) <= 0) { + EVP_PKEY_CTX_free(pctx); + al = SSL_AD_INTERNAL_ERROR; + SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, ERR_R_INTERNAL_ERROR); + goto f_err; + } if (i != 64) { fprintf(stderr, "GOST signature length is %d", i); } diff --git a/crypto/openssl/ssl/ssl.h b/crypto/openssl/ssl/ssl.h index d2ab0c0..b8456c6 100644 --- a/crypto/openssl/ssl/ssl.h +++ b/crypto/openssl/ssl/ssl.h @@ -2313,6 +2313,7 @@ void ERR_load_SSL_strings(void); # define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 292 # define SSL_F_SSL3_ENC 134 # define SSL_F_SSL3_GENERATE_KEY_BLOCK 238 +# define SSL_F_SSL3_GENERATE_MASTER_SECRET 388 # define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135 # define SSL_F_SSL3_GET_CERT_STATUS 289 # define SSL_F_SSL3_GET_CERT_VERIFY 136 @@ -2465,8 +2466,11 @@ void ERR_load_SSL_strings(void); # define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106 # define SSL_R_BAD_DECOMPRESSION 107 # define SSL_R_BAD_DH_G_LENGTH 108 +# define SSL_R_BAD_DH_G_VALUE 375 # define SSL_R_BAD_DH_PUB_KEY_LENGTH 109 +# define SSL_R_BAD_DH_PUB_KEY_VALUE 393 # define SSL_R_BAD_DH_P_LENGTH 110 +# define SSL_R_BAD_DH_P_VALUE 395 # define SSL_R_BAD_DIGEST_LENGTH 111 # define SSL_R_BAD_DSA_SIGNATURE 112 # define SSL_R_BAD_ECC_CERT 304 diff --git a/crypto/openssl/ssl/ssl3.h b/crypto/openssl/ssl/ssl3.h index 2dd5462..e9b1170 100644 --- a/crypto/openssl/ssl/ssl3.h +++ b/crypto/openssl/ssl/ssl3.h @@ -263,6 +263,8 @@ extern "C" { # define SSL3_SESSION_ID_SIZE 32 # define SSL3_RT_HEADER_LENGTH 5 +# define SSL3_HM_HEADER_LENGTH 4 + # ifndef SSL3_ALIGN_PAYLOAD /* * Some will argue that this increases memory footprint, but it's not diff --git a/crypto/openssl/ssl/ssl_asn1.c b/crypto/openssl/ssl/ssl_asn1.c index 39d48ea..35cc27c 100644 --- a/crypto/openssl/ssl/ssl_asn1.c +++ b/crypto/openssl/ssl/ssl_asn1.c @@ -121,13 +121,16 @@ typedef struct ssl_session_asn1_st { int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) { #define LSIZE2 (sizeof(long)*2) - int v1 = 0, v2 = 0, v3 = 0, v4 = 0, v5 = 0, v7 = 0, v8 = 0; + int v1 = 0, v2 = 0, v3 = 0, v4 = 0, v5 = 0; unsigned char buf[4], ibuf1[LSIZE2], ibuf2[LSIZE2]; unsigned char ibuf3[LSIZE2], ibuf4[LSIZE2], ibuf5[LSIZE2]; #ifndef OPENSSL_NO_TLSEXT int v6 = 0, v9 = 0, v10 = 0; unsigned char ibuf6[LSIZE2]; #endif +#ifndef OPENSSL_NO_PSK + int v7 = 0, v8 = 0; +#endif #ifndef OPENSSL_NO_COMP unsigned char cbuf; int v11 = 0; diff --git a/crypto/openssl/ssl/ssl_cert.c b/crypto/openssl/ssl/ssl_cert.c index 5df2413..9a4e104 100644 --- a/crypto/openssl/ssl/ssl_cert.c +++ b/crypto/openssl/ssl/ssl_cert.c @@ -206,6 +206,7 @@ CERT *ssl_cert_dup(CERT *cert) memset(ret, 0, sizeof(CERT)); + ret->references = 1; ret->key = &ret->pkeys[cert->key - &cert->pkeys[0]]; /* * or ret->key = ret->pkeys + (cert->key - cert->pkeys), if you find that @@ -282,7 +283,6 @@ CERT *ssl_cert_dup(CERT *cert) * chain is held inside SSL_CTX */ - ret->references = 1; /* * Set digests to defaults. NB: we don't copy existing values as they * will be set during handshake. diff --git a/crypto/openssl/ssl/ssl_ciph.c b/crypto/openssl/ssl/ssl_ciph.c index cac525e..cb559d9 100644 --- a/crypto/openssl/ssl/ssl_ciph.c +++ b/crypto/openssl/ssl/ssl_ciph.c @@ -356,10 +356,11 @@ static int get_optional_pkey_id(const char *pkey_name) const EVP_PKEY_ASN1_METHOD *ameth; int pkey_id = 0; ameth = EVP_PKEY_asn1_find_str(NULL, pkey_name, -1); - if (ameth) { - EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth); + if (ameth && EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, + ameth) > 0) { + return pkey_id; } - return pkey_id; + return 0; } #else @@ -371,7 +372,9 @@ static int get_optional_pkey_id(const char *pkey_name) int pkey_id = 0; ameth = EVP_PKEY_asn1_find_str(&tmpeng, pkey_name, -1); if (ameth) { - EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth); + if (EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, + ameth) <= 0) + pkey_id = 0; } if (tmpeng) ENGINE_finish(tmpeng); diff --git a/crypto/openssl/ssl/ssl_err.c b/crypto/openssl/ssl/ssl_err.c index 88621b7..caa671a 100644 --- a/crypto/openssl/ssl/ssl_err.c +++ b/crypto/openssl/ssl/ssl_err.c @@ -162,6 +162,8 @@ static ERR_STRING_DATA SSL_str_functs[] = { {ERR_FUNC(SSL_F_SSL3_ENC), "SSL3_ENC"}, {ERR_FUNC(SSL_F_SSL3_CHECK_FINISHED), "SSL3_CHECK_FINISHED"}, {ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK), "SSL3_GENERATE_KEY_BLOCK"}, + {ERR_FUNC(SSL_F_SSL3_GENERATE_MASTER_SECRET), + "ssl3_generate_master_secret"}, {ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST), "SSL3_GET_CERTIFICATE_REQUEST"}, {ERR_FUNC(SSL_F_SSL3_GET_CERT_STATUS), "SSL3_GET_CERT_STATUS"}, @@ -369,8 +371,11 @@ static ERR_STRING_DATA SSL_str_reasons[] = { "bad data returned by callback"}, {ERR_REASON(SSL_R_BAD_DECOMPRESSION), "bad decompression"}, {ERR_REASON(SSL_R_BAD_DH_G_LENGTH), "bad dh g length"}, + {ERR_REASON(SSL_R_BAD_DH_G_VALUE), "bad dh g value"}, {ERR_REASON(SSL_R_BAD_DH_PUB_KEY_LENGTH), "bad dh pub key length"}, + {ERR_REASON(SSL_R_BAD_DH_PUB_KEY_VALUE), "bad dh pub key value"}, {ERR_REASON(SSL_R_BAD_DH_P_LENGTH), "bad dh p length"}, + {ERR_REASON(SSL_R_BAD_DH_P_VALUE), "bad dh p value"}, {ERR_REASON(SSL_R_BAD_DIGEST_LENGTH), "bad digest length"}, {ERR_REASON(SSL_R_BAD_DSA_SIGNATURE), "bad dsa signature"}, {ERR_REASON(SSL_R_BAD_ECC_CERT), "bad ecc cert"}, diff --git a/crypto/openssl/ssl/ssl_lib.c b/crypto/openssl/ssl/ssl_lib.c index e11746a..93d1cbe 100644 --- a/crypto/openssl/ssl/ssl_lib.c +++ b/crypto/openssl/ssl/ssl_lib.c @@ -307,6 +307,7 @@ SSL *SSL_new(SSL_CTX *ctx) s->options = ctx->options; s->mode = ctx->mode; s->max_cert_list = ctx->max_cert_list; + s->references = 1; if (ctx->cert != NULL) { /* @@ -375,7 +376,6 @@ SSL *SSL_new(SSL_CTX *ctx) if (!s->method->ssl_new(s)) goto err; - s->references = 1; s->server = (ctx->method->ssl_accept == ssl_undefined_function) ? 0 : 1; SSL_clear(s); @@ -3283,8 +3283,11 @@ EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md) { ssl_clear_hash_ctx(hash); *hash = EVP_MD_CTX_create(); - if (md) - EVP_DigestInit_ex(*hash, md, NULL); + if (*hash == NULL || (md && EVP_DigestInit_ex(*hash, md, NULL) <= 0)) { + EVP_MD_CTX_destroy(*hash); + *hash = NULL; + return NULL; + } return *hash; } diff --git a/crypto/openssl/ssl/ssl_locl.h b/crypto/openssl/ssl/ssl_locl.h index a7f3f8d..f5d9df6 100644 --- a/crypto/openssl/ssl/ssl_locl.h +++ b/crypto/openssl/ssl/ssl_locl.h @@ -1154,7 +1154,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned char *limit); int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data, - unsigned char *d, int n, int *al); + unsigned char *limit, int *al); int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al); int ssl_prepare_clienthello_tlsext(SSL *s); @@ -1218,15 +1218,15 @@ int tls1_cbc_remove_padding(const SSL *s, SSL3_RECORD *rec, unsigned block_size, unsigned mac_size); char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx); -void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, - unsigned char *md_out, - size_t *md_out_size, - const unsigned char header[13], - const unsigned char *data, - size_t data_plus_mac_size, - size_t data_plus_mac_plus_padding_size, - const unsigned char *mac_secret, - unsigned mac_secret_length, char is_sslv3); +int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, + unsigned char *md_out, + size_t *md_out_size, + const unsigned char header[13], + const unsigned char *data, + size_t data_plus_mac_size, + size_t data_plus_mac_plus_padding_size, + const unsigned char *mac_secret, + unsigned mac_secret_length, char is_sslv3); void tls_fips_digest_extra(const EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *mac_ctx, const unsigned char *data, diff --git a/crypto/openssl/ssl/ssl_rsa.c b/crypto/openssl/ssl/ssl_rsa.c index daf15dd..c91a998 100644 --- a/crypto/openssl/ssl/ssl_rsa.c +++ b/crypto/openssl/ssl/ssl_rsa.c @@ -160,7 +160,10 @@ int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) } RSA_up_ref(rsa); - EVP_PKEY_assign_RSA(pkey, rsa); + if (EVP_PKEY_assign_RSA(pkey, rsa) <= 0) { + RSA_free(rsa); + return 0; + } ret = ssl_set_pkey(ssl->cert, pkey); EVP_PKEY_free(pkey); @@ -181,6 +184,15 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) if (c->pkeys[i].x509 != NULL) { EVP_PKEY *pktmp; pktmp = X509_get_pubkey(c->pkeys[i].x509); + if (pktmp == NULL) { + SSLerr(SSL_F_SSL_SET_PKEY, ERR_R_MALLOC_FAILURE); + EVP_PKEY_free(pktmp); + return 0; + } + /* + * The return code from EVP_PKEY_copy_parameters is deliberately + * ignored. Some EVP_PKEY types cannot do this. + */ EVP_PKEY_copy_parameters(pktmp, pkey); EVP_PKEY_free(pktmp); ERR_clear_error(); @@ -382,6 +394,10 @@ static int ssl_set_cert(CERT *c, X509 *x) } if (c->pkeys[i].privatekey != NULL) { + /* + * The return code from EVP_PKEY_copy_parameters is deliberately + * ignored. Some EVP_PKEY types cannot do this. + */ EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey); ERR_clear_error(); @@ -502,7 +518,10 @@ int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa) } RSA_up_ref(rsa); - EVP_PKEY_assign_RSA(pkey, rsa); + if (EVP_PKEY_assign_RSA(pkey, rsa) <= 0) { + RSA_free(rsa); + return 0; + } ret = ssl_set_pkey(ctx->cert, pkey); EVP_PKEY_free(pkey); diff --git a/crypto/openssl/ssl/ssl_sess.c b/crypto/openssl/ssl/ssl_sess.c index 1ad9dc7..de4c59e 100644 --- a/crypto/openssl/ssl/ssl_sess.c +++ b/crypto/openssl/ssl/ssl_sess.c @@ -256,8 +256,8 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) dest->tlsext_ecpointformatlist = NULL; dest->tlsext_ellipticcurvelist = NULL; # endif -#endif dest->tlsext_tick = NULL; +#endif #ifndef OPENSSL_NO_SRP dest->srp_username = NULL; #endif @@ -324,7 +324,6 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) goto err; } # endif -#endif if (ticket != 0) { dest->tlsext_tick = BUF_memdup(src->tlsext_tick, src->tlsext_ticklen); @@ -334,6 +333,7 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) dest->tlsext_tick_lifetime_hint = 0; dest->tlsext_ticklen = 0; } +#endif #ifndef OPENSSL_NO_SRP if (src->srp_username) { diff --git a/crypto/openssl/ssl/ssltest.c b/crypto/openssl/ssl/ssltest.c index 6a0c293..349ee1e 100644 --- a/crypto/openssl/ssl/ssltest.c +++ b/crypto/openssl/ssl/ssltest.c @@ -142,6 +142,7 @@ /* Or gethostname won't be declared properly on Linux and GNU platforms. */ #define _BSD_SOURCE 1 +#define _DEFAULT_SOURCE 1 #include <assert.h> #include <errno.h> diff --git a/crypto/openssl/ssl/t1_enc.c b/crypto/openssl/ssl/t1_enc.c index 8f45294..985356d 100644 --- a/crypto/openssl/ssl/t1_enc.c +++ b/crypto/openssl/ssl/t1_enc.c @@ -385,6 +385,8 @@ int tls1_change_cipher_state(SSL *s, int which) EVP_CIPHER_CTX_init(s->enc_read_ctx); dd = s->enc_read_ctx; mac_ctx = ssl_replace_hash(&s->read_hash, NULL); + if (mac_ctx == NULL) + goto err; #ifndef OPENSSL_NO_COMP if (s->expand != NULL) { COMP_CTX_free(s->expand); @@ -423,11 +425,14 @@ int tls1_change_cipher_state(SSL *s, int which) dd = s->enc_write_ctx; if (SSL_IS_DTLS(s)) { mac_ctx = EVP_MD_CTX_create(); - if (!mac_ctx) + if (mac_ctx == NULL) goto err; s->write_hash = mac_ctx; - } else + } else { mac_ctx = ssl_replace_hash(&s->write_hash, NULL); + if (mac_ctx == NULL) + goto err; + } #ifndef OPENSSL_NO_COMP if (s->compress != NULL) { COMP_CTX_free(s->compress); @@ -500,7 +505,12 @@ int tls1_change_cipher_state(SSL *s, int which) if (!(EVP_CIPHER_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER)) { mac_key = EVP_PKEY_new_mac_key(mac_type, NULL, mac_secret, *mac_secret_size); - EVP_DigestSignInit(mac_ctx, NULL, m, NULL, mac_key); + if (mac_key == NULL + || EVP_DigestSignInit(mac_ctx, NULL, m, NULL, mac_key) <= 0) { + EVP_PKEY_free(mac_key); + SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); + goto err2; + } EVP_PKEY_free(mac_key); } #ifdef TLS_DEBUG @@ -913,8 +923,9 @@ int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out) } EVP_MD_CTX_init(&ctx); - EVP_MD_CTX_copy_ex(&ctx, d); - EVP_DigestFinal_ex(&ctx, out, &ret); + if (EVP_MD_CTX_copy_ex(&ctx, d) <=0 + || EVP_DigestFinal_ex(&ctx, out, &ret) <= 0) + ret = 0; EVP_MD_CTX_cleanup(&ctx); return ((int)ret); } @@ -1041,17 +1052,24 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send) * are hashing because that gives an attacker a timing-oracle. */ /* Final param == not SSLv3 */ - ssl3_cbc_digest_record(mac_ctx, - md, &md_size, - header, rec->input, - rec->length + md_size, orig_len, - ssl->s3->read_mac_secret, - ssl->s3->read_mac_secret_size, 0); + if (ssl3_cbc_digest_record(mac_ctx, + md, &md_size, + header, rec->input, + rec->length + md_size, orig_len, + ssl->s3->read_mac_secret, + ssl->s3->read_mac_secret_size, 0) <= 0) { + if (!stream_mac) + EVP_MD_CTX_cleanup(&hmac); + return -1; + } } else { - EVP_DigestSignUpdate(mac_ctx, header, sizeof(header)); - EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length); - t = EVP_DigestSignFinal(mac_ctx, md, &md_size); - OPENSSL_assert(t > 0); + if (EVP_DigestSignUpdate(mac_ctx, header, sizeof(header)) <= 0 + || EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length) <= 0 + || EVP_DigestSignFinal(mac_ctx, md, &md_size) <= 0) { + if (!stream_mac) + EVP_MD_CTX_cleanup(&hmac); + return -1; + } #ifdef OPENSSL_FIPS if (!send && FIPS_mode()) tls_fips_digest_extra(ssl->enc_read_ctx, diff --git a/crypto/openssl/ssl/t1_lib.c b/crypto/openssl/ssl/t1_lib.c index d70b93f..27f1216 100644 --- a/crypto/openssl/ssl/t1_lib.c +++ b/crypto/openssl/ssl/t1_lib.c @@ -913,7 +913,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, * 10.8..10.8.3 (which don't work). */ static void ssl_check_for_safari(SSL *s, const unsigned char *data, - const unsigned char *d, int n) + const unsigned char *limit) { unsigned short type, size; static const unsigned char kSafariExtensionsBlock[] = { @@ -942,11 +942,11 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data, 0x02, 0x03, /* SHA-1/ECDSA */ }; - if (data >= (d + n - 2)) + if (data >= (limit - 2)) return; data += 2; - if (data > (d + n - 4)) + if (data > (limit - 4)) return; n2s(data, type); n2s(data, size); @@ -954,7 +954,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data, if (type != TLSEXT_TYPE_server_name) return; - if (data + size > d + n) + if (data + size > limit) return; data += size; @@ -962,7 +962,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data, const size_t len1 = sizeof(kSafariExtensionsBlock); const size_t len2 = sizeof(kSafariTLS12ExtensionsBlock); - if (data + len1 + len2 != d + n) + if (data + len1 + len2 != limit) return; if (memcmp(data, kSafariExtensionsBlock, len1) != 0) return; @@ -971,7 +971,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data, } else { const size_t len = sizeof(kSafariExtensionsBlock); - if (data + len != d + n) + if (data + len != limit) return; if (memcmp(data, kSafariExtensionsBlock, len) != 0) return; @@ -981,8 +981,8 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data, } # endif /* !OPENSSL_NO_EC */ -int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, - int n, int *al) +int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, + unsigned char *limit, int *al) { unsigned short type; unsigned short size; @@ -1004,7 +1004,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, # ifndef OPENSSL_NO_EC if (s->options & SSL_OP_SAFARI_ECDHE_ECDSA_BUG) - ssl_check_for_safari(s, data, d, n); + ssl_check_for_safari(s, data, limit); # endif /* !OPENSSL_NO_EC */ # ifndef OPENSSL_NO_SRP @@ -1016,22 +1016,22 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, s->srtp_profile = NULL; - if (data == d + n) + if (data == limit) goto ri_check; - if (data > (d + n - 2)) + if (data > (limit - 2)) goto err; n2s(data, len); - if (data > (d + n - len)) + if (data + len != limit) goto err; - while (data <= (d + n - 4)) { + while (data <= (limit - 4)) { n2s(data, type); n2s(data, size); - if (data + size > (d + n)) + if (data + size > (limit)) goto err; # if 0 fprintf(stderr, "Received extension type %d size %d\n", type, size); @@ -1396,7 +1396,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, } /* Spurious data on the end */ - if (data != d + n) + if (data != limit) goto err; *p = data; @@ -2291,10 +2291,13 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, /* Check key name matches */ if (memcmp(etick, tctx->tlsext_tick_key_name, 16)) return 2; - HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, - tlsext_tick_md(), NULL); - EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, - tctx->tlsext_tick_aes_key, etick + 16); + if (HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, + tlsext_tick_md(), NULL) <= 0 + || EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, + tctx->tlsext_tick_aes_key, + etick + 16) <= 0) { + goto err; + } } /* * Attempt to process session ticket, first conduct sanity and integrity @@ -2302,13 +2305,14 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, */ mlen = HMAC_size(&hctx); if (mlen < 0) { - EVP_CIPHER_CTX_cleanup(&ctx); - return -1; + goto err; } eticklen -= mlen; /* Check HMAC of encrypted ticket */ - HMAC_Update(&hctx, etick, eticklen); - HMAC_Final(&hctx, tick_hmac, NULL); + if (HMAC_Update(&hctx, etick, eticklen) <= 0 + || HMAC_Final(&hctx, tick_hmac, NULL) <= 0) { + goto err; + } HMAC_CTX_cleanup(&hctx); if (CRYPTO_memcmp(tick_hmac, etick + eticklen, mlen)) { EVP_CIPHER_CTX_cleanup(&ctx); @@ -2319,11 +2323,10 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx); eticklen -= 16 + EVP_CIPHER_CTX_iv_length(&ctx); sdec = OPENSSL_malloc(eticklen); - if (!sdec) { + if (!sdec || EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen) <= 0) { EVP_CIPHER_CTX_cleanup(&ctx); return -1; } - EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen); if (EVP_DecryptFinal(&ctx, sdec + slen, &mlen) <= 0) { EVP_CIPHER_CTX_cleanup(&ctx); OPENSSL_free(sdec); @@ -2356,6 +2359,10 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, * For session parse failure, indicate that we need to send a new ticket. */ return 2; +err: + EVP_CIPHER_CTX_cleanup(&ctx); + HMAC_CTX_cleanup(&hctx); + return -1; } /* Tables to translate from NIDs to TLS v1.2 ids */ diff --git a/crypto/openssl/ssl/tls1.h b/crypto/openssl/ssl/tls1.h index 69d8186..91504b1 100644 --- a/crypto/openssl/ssl/tls1.h +++ b/crypto/openssl/ssl/tls1.h @@ -235,8 +235,7 @@ extern "C" { /* * ExtensionType value for TLS padding extension. - * http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml - * http://tools.ietf.org/html/draft-agl-tls-padding-03 + * http://tools.ietf.org/html/draft-agl-tls-padding */ # define TLSEXT_TYPE_padding 21 @@ -261,20 +260,19 @@ extern "C" { # define TLSEXT_TYPE_next_proto_neg 13172 # endif -/* NameType value from RFC 3546 */ +/* NameType value from RFC3546 */ # define TLSEXT_NAMETYPE_host_name 0 -/* status request value from RFC 3546 */ +/* status request value from RFC3546 */ # define TLSEXT_STATUSTYPE_ocsp 1 -/* ECPointFormat values from draft-ietf-tls-ecc-12 */ +/* ECPointFormat values from RFC4492 */ # define TLSEXT_ECPOINTFORMAT_first 0 # define TLSEXT_ECPOINTFORMAT_uncompressed 0 # define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime 1 # define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 2 # define TLSEXT_ECPOINTFORMAT_last 2 -/* Signature and hash algorithms from RFC 5246 */ - +/* Signature and hash algorithms from RFC5246 */ # define TLSEXT_signature_anonymous 0 # define TLSEXT_signature_rsa 1 # define TLSEXT_signature_dsa 2 @@ -404,7 +402,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA 0x03000066 /* AES ciphersuites from RFC3268 */ - # define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F # define TLS1_CK_DH_DSS_WITH_AES_128_SHA 0x03000030 # define TLS1_CK_DH_RSA_WITH_AES_128_SHA 0x03000031 @@ -570,7 +567,7 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA "DHE-RSA-AES256-SHA" # define TLS1_TXT_ADH_WITH_AES_256_SHA "ADH-AES256-SHA" -/* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */ +/* ECC ciphersuites from RFC4492 */ # define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA "ECDH-ECDSA-NULL-SHA" # define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA "ECDH-ECDSA-RC4-SHA" # define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA "ECDH-ECDSA-DES-CBC3-SHA" diff --git a/crypto/openssl/util/indent.pro b/crypto/openssl/util/indent.pro index e871431..4dcda5d 100644 --- a/crypto/openssl/util/indent.pro +++ b/crypto/openssl/util/indent.pro @@ -749,3 +749,19 @@ -T ssl_trace_tbl -T _stdcall -T tls12_lookup +-T OPTIONS +-T OPT_PAIR +-T uint64_t +-T int64_t +-T uint32_t +-T int32_t +-T uint16_t +-T int16_t +-T uint8_t +-T int8_t +-T STRINT_PAIR +-T felem +-T felem_bytearray +-T SH_LIST +-T PACKET +-T RECORD_LAYER diff --git a/crypto/openssl/util/mk1mf.pl b/crypto/openssl/util/mk1mf.pl index 1eee7aa..5b86aa7 100755 --- a/crypto/openssl/util/mk1mf.pl +++ b/crypto/openssl/util/mk1mf.pl @@ -424,7 +424,7 @@ EOF $defs= <<"EOF"; # This makefile has been automatically generated from the OpenSSL distribution. # This single makefile will build the complete OpenSSL distribution and -# by default leave the 'intertesting' output files in .${o}out and the stuff +# by default leave the 'interesting' output files in .${o}out and the stuff # that needs deleting in .${o}tmp. # The file was generated by running 'make makefile.one', which # does a 'make files', which writes all the environment variables from all diff --git a/crypto/openssl/util/mkrc.pl b/crypto/openssl/util/mkrc.pl index 0ceadcf..83ee6a4 100755 --- a/crypto/openssl/util/mkrc.pl +++ b/crypto/openssl/util/mkrc.pl @@ -57,7 +57,7 @@ BEGIN VALUE "ProductVersion", "$version\\0" // Optional: //VALUE "Comments", "\\0" - VALUE "LegalCopyright", "Copyright © 1998-2006 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.\\0" + VALUE "LegalCopyright", "Copyright © 1998-2006 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.\\0" //VALUE "LegalTrademarks", "\\0" //VALUE "PrivateBuild", "\\0" //VALUE "SpecialBuild", "\\0" diff --git a/crypto/openssl/util/mkstack.pl b/crypto/openssl/util/mkstack.pl index f708610..a86d91f 100755 --- a/crypto/openssl/util/mkstack.pl +++ b/crypto/openssl/util/mkstack.pl @@ -97,7 +97,7 @@ while(<IN>) { EOF } - foreach $type_thing (sort @sstacklst) { + foreach $type_thing (sort { $a->[0] cmp $b->[0]} @sstacklst) { my $t1 = $type_thing->[0]; my $t2 = $type_thing->[1]; $new_stackfile .= <<EOF; diff --git a/crypto/openssl/util/pl/VC-32.pl b/crypto/openssl/util/pl/VC-32.pl index b597998..e5abb97 100644 --- a/crypto/openssl/util/pl/VC-32.pl +++ b/crypto/openssl/util/pl/VC-32.pl @@ -342,15 +342,17 @@ sub do_link_rule local($ret,$_); $file =~ s/\//$o/g if $o ne '/'; $n=&bname($target); - $ret.="$target: $files $dep_libs\n"; + $ret.="$target: $files $dep_libs"; if ($standalone == 1) { + $ret.=" \$(OBJ_D)${o}applink.obj\n"; $ret.=" \$(LINK) \$(LFLAGS) $efile$target @<<\n\t"; - $ret.= "\$(EX_LIBS) " if ($files =~ /O_FIPSCANISTER/ && !$fipscanisterbuild); + $ret.= "\$(EX_LIBS) \$(OBJ_D)${o}applink.obj " if ($files =~ /O_FIPSCANISTER/ && !$fipscanisterbuild); $ret.="$files $libs\n<<\n"; } elsif ($standalone == 2) { + $ret.="\n"; $ret.="\tSET FIPS_LINK=\$(LINK)\n"; $ret.="\tSET FIPS_CC=\$(CC)\n"; $ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\n"; @@ -363,6 +365,7 @@ sub do_link_rule } else { + $ret.="\n"; $ret.="\t\$(LINK) \$(LFLAGS) $efile$target @<<\n"; $ret.="\t\$(APP_EX_OBJ) $files $libs\n<<\n"; } diff --git a/crypto/openssl/util/pod2mantest b/crypto/openssl/util/pod2mantest deleted file mode 100755 index 384e683..0000000 --- a/crypto/openssl/util/pod2mantest +++ /dev/null @@ -1,58 +0,0 @@ -#!/bin/sh - -# This script is used by test/Makefile to check whether a sane 'pod2man' -# is installed. -# ('make install' should not try to run 'pod2man' if it does not exist or if -# it is a broken 'pod2man' version that is known to cause trouble. if we find -# the system 'pod2man' to be broken, we use our own copy instead) -# -# In any case, output an appropriate command line for running (or not -# running) pod2man. - - -IFS=: -if test "$OSTYPE" = "msdosdjgpp"; then IFS=";"; fi - -try_without_dir=true -# First we try "pod2man", then "$dir/pod2man" for each item in $PATH. -for dir in dummy${IFS}$PATH; do - if [ "$try_without_dir" = true ]; then - # first iteration - pod2man=pod2man - try_without_dir=false - else - # second and later iterations - pod2man="$dir/pod2man" - if [ ! -f "$pod2man" ]; then # '-x' is not available on Ultrix - pod2man='' - fi - fi - - if [ ! "$pod2man" = '' ]; then - failure=none - - if "$pod2man" --section=1 --center=OpenSSL --release=dev pod2mantest.pod | fgrep OpenSSL >/dev/null; then - : - else - failure=BasicTest - fi - - if [ "$failure" = none ]; then - if "$pod2man" --section=1 --center=OpenSSL --release=dev pod2mantest.pod | grep '^MARKER - ' >/dev/null; then - failure=MultilineTest - fi - fi - - - if [ "$failure" = none ]; then - echo "$pod2man" - exit 0 - fi - - echo "$pod2man does not work properly ('$failure' failed). Looking for another pod2man ..." >&2 - fi -done - -echo "No working pod2man found. Consider installing a new version." >&2 -echo "As a workaround, we'll use a bundled old copy of pod2man.pl." >&2 -echo "$1 ../../util/pod2man.pl" diff --git a/crypto/openssl/util/selftest.pl b/crypto/openssl/util/selftest.pl index 7b32e9f..59842ef 100644 --- a/crypto/openssl/util/selftest.pl +++ b/crypto/openssl/util/selftest.pl @@ -199,3 +199,4 @@ while (<IN>) { } print "\nTest report in file $report\n"; +die if $ok != 2; diff --git a/crypto/openssl/util/toutf8.sh b/crypto/openssl/util/toutf8.sh new file mode 100755 index 0000000..8a4254b --- /dev/null +++ b/crypto/openssl/util/toutf8.sh @@ -0,0 +1,17 @@ +#! /bin/sh +# +# Very simple script to detect and convert files that we want to re-encode to UTF8 + +git ls-tree -r --name-only HEAD | \ + while read F; do + charset=`file -bi "$F" | sed -e 's|.*charset=||'` + if [ "$charset" != "utf-8" -a "$charset" != "binary" -a "$charset" != "us-ascii" ]; then + iconv -f ISO-8859-1 -t UTF8 < "$F" > "$F.utf8" && \ + ( cmp -s "$F" "$F.utf8" || \ + ( echo "$F" + mv "$F" "$F.iso-8859-1" + mv "$F.utf8" "$F" + ) + ) + fi + done diff --git a/etc/Makefile b/etc/Makefile index 1927580..c50014d 100644 --- a/etc/Makefile +++ b/etc/Makefile @@ -378,26 +378,26 @@ distrib-dirs: ${MTREES:N/*} .endif ${INSTALL_SYMLINK} usr/src/sys ${DESTDIR}/sys .if ${MK_MAN} != "no" - cd ${DESTDIR}/usr/share/man; \ + cd ${DESTDIR}${SHAREDIR}/man; \ for mandir in man*; do \ ${INSTALL_SYMLINK} ../$$mandir \ - ${DESTDIR}/usr/share/man/en.ISO8859-1/; \ + ${DESTDIR}${SHAREDIR}/man/en.ISO8859-1/; \ ${INSTALL_SYMLINK} ../$$mandir \ - ${DESTDIR}/usr/share/man/en.UTF-8/; \ + ${DESTDIR}${SHAREDIR}/man/en.UTF-8/; \ done .if ${MK_OPENSSL} != "no" - cd ${DESTDIR}/usr/share/openssl/man; \ + cd ${DESTDIR}${SHAREDIR}/openssl/man; \ for mandir in man*; do \ ${INSTALL_SYMLINK} ../$$mandir \ - ${DESTDIR}/usr/share/openssl/man/en.ISO8859-1/; \ + ${DESTDIR}${SHAREDIR}/openssl/man/en.ISO8859-1/; \ done .endif set - `grep "^[a-zA-Z]" ${.CURDIR}/man.alias`; \ while [ $$# -gt 0 ] ; do \ - ${INSTALL_SYMLINK} "$$2" "${DESTDIR}/usr/share/man/$$1"; \ + ${INSTALL_SYMLINK} "$$2" "${DESTDIR}${SHAREDIR}/man/$$1"; \ if [ "${MK_OPENSSL}" != "no" ]; then \ ${INSTALL_SYMLINK} "$$2" \ - "${DESTDIR}/usr/share/openssl/man/$$1"; \ + "${DESTDIR}${SHAREDIR}/openssl/man/$$1"; \ fi; \ shift; shift; \ done @@ -405,7 +405,7 @@ distrib-dirs: ${MTREES:N/*} .if ${MK_NLS} != "no" set - `grep "^[a-zA-Z]" ${.CURDIR}/nls.alias`; \ while [ $$# -gt 0 ] ; do \ - ${INSTALL_SYMLINK} "$$2" "${DESTDIR}/usr/share/nls/$$1"; \ + ${INSTALL_SYMLINK} "$$2" "${DESTDIR}${SHAREDIR}/nls/$$1"; \ shift; shift; \ done .endif @@ -413,8 +413,8 @@ distrib-dirs: ${MTREES:N/*} etc-examples: cd ${.CURDIR}; ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 444 \ ${BIN1} ${BIN2} nsmb.conf opieaccess \ - ${DESTDIR}/usr/share/examples/etc + ${DESTDIR}${SHAREDIR}/examples/etc ${_+_}cd ${.CURDIR}/defaults; ${MAKE} install \ - DESTDIR=${DESTDIR}/usr/share/examples + DESTDIR=${DESTDIR}${SHAREDIR}/examples .include <bsd.prog.mk> diff --git a/etc/periodic/Makefile b/etc/periodic/Makefile index 8fb56df..a2d9902 100644 --- a/etc/periodic/Makefile +++ b/etc/periodic/Makefile @@ -1,5 +1,6 @@ # $FreeBSD$ SUBDIR= daily security weekly monthly +SUBDIR_PARALLEL= .include <bsd.subdir.mk> diff --git a/etc/rc.d/local_unbound b/etc/rc.d/local_unbound index b826025..0a81e2c 100755 --- a/etc/rc.d/local_unbound +++ b/etc/rc.d/local_unbound @@ -17,21 +17,22 @@ rcvar="local_unbound_enable" command="/usr/sbin/unbound" extra_commands="anchor configtest reload setup" start_precmd="local_unbound_prestart" +start_postcmd="local_unbound_poststart" reload_precmd="local_unbound_configtest" anchor_cmd="local_unbound_anchor" configtest_cmd="local_unbound_configtest" setup_cmd="local_unbound_setup" pidfile="/var/run/${name}.pid" +load_rc_config $name + : ${local_unbound_workdir:=/var/unbound} : ${local_unbound_config:=${local_unbound_workdir}/unbound.conf} -: ${local_unbound_flags:=-c${local_unbound_config}} +: ${local_unbound_flags:="-c ${local_unbound_config}"} : ${local_unbound_forwardconf:=${local_unbound_workdir}/forward.conf} : ${local_unbound_anchor:=${local_unbound_workdir}/root.key} : ${local_unbound_forwarders:=} -load_rc_config $name - do_as_unbound() { echo "$@" | su -m unbound @@ -88,5 +89,25 @@ local_unbound_prestart() fi } +# +# After starting, wait for Unbound to report that it is ready to avoid +# race conditions with services which require functioning DNS. +# +local_unbound_poststart() +{ + local retry=5 + + echo -n "Waiting for nameserver to start..." + until "${command}-control" status | grep -q "is running" ; do + if [ $((retry -= 1)) -eq 0 ] ; then + echo " giving up" + return 1 + fi + echo -n "." + sleep 1 + done + echo " good" +} + load_rc_config $name run_rc_command "$1" diff --git a/gnu/Makefile b/gnu/Makefile index b460590..4eb1745 100644 --- a/gnu/Makefile +++ b/gnu/Makefile @@ -3,10 +3,13 @@ .include <bsd.own.mk> -SUBDIR= lib ${_tests} usr.bin +SUBDIR= lib .WAIT \ + ${_tests} usr.bin .if ${MK_TESTS} != "no" _tests= tests .endif +SUBDIR_PARALLEL= + .include <bsd.subdir.mk> diff --git a/gnu/lib/Makefile b/gnu/lib/Makefile index 70e6811..4a07370 100644 --- a/gnu/lib/Makefile +++ b/gnu/lib/Makefile @@ -16,6 +16,9 @@ SUBDIR+= tests # have taken care of that already. .if ${MK_GNUCXX} != "no" SUBDIR+= libstdc++ libsupc++ +SUBDIR_DEPENDS_libsupc++:= libstdc++ .endif +SUBDIR_PARALLEL= + .include <bsd.subdir.mk> diff --git a/gnu/usr.bin/binutils/ld/Makefile b/gnu/usr.bin/binutils/ld/Makefile index 2af5e29..9e2acd8 100644 --- a/gnu/usr.bin/binutils/ld/Makefile +++ b/gnu/usr.bin/binutils/ld/Makefile @@ -54,7 +54,7 @@ FILES= ${LDSCRIPTS:S|^|ldscripts/|} FILESDIR= ${SCRIPTDIR} HOST= ${TARGET_TUPLE} -LIBSEARCHPATH= \"${TOOLS_PREFIX}/lib\":\"${TOOLS_PREFIX}/usr/lib\" +LIBSEARCHPATH= \"=/lib\":\"=/usr/lib\" .for ext in ${ELF_SCR_EXT} LDSCRIPTS+= ${NATIVE_EMULATION}.${ext} ldscripts/${NATIVE_EMULATION}.${ext}: e${NATIVE_EMULATION}.c diff --git a/gnu/usr.bin/cc/Makefile b/gnu/usr.bin/cc/Makefile index bf6d20c..1801979 100644 --- a/gnu/usr.bin/cc/Makefile +++ b/gnu/usr.bin/cc/Makefile @@ -5,7 +5,8 @@ # The order of some of these are rather important. Some depend on previous # subdirs. -SUBDIR= cc_tools libiberty libcpp libdecnumber cc_int cc cc1 include doc +SUBDIR= cc_tools .WAIT \ + libiberty libcpp libdecnumber cc_int cc cc1 include doc .if ${MK_CPP} != "no" SUBDIR+= cpp @@ -24,4 +25,14 @@ SUBDIR+= c++filt SUBDIR+= gcov .endif +SUBDIR_DEPEND_c++:= libcpp libiberty +SUBDIR_DEPEND_c++filt= libiberty +SUBDIR_DEPEND_cc= libcpp libiberty +SUBDIR_DEPEND_cpp= libcpp libiberty +SUBDIR_DEPEND_cc1plus= cc_int libcpp libdecnumber libiberty +SUBDIR_DEPEND_cc1= cc_int libcpp libdecnumber libiberty +SUBDIR_DEPEND_gcov= libiberty + +SUBDIR_PARALLEL= + .include <bsd.subdir.mk> diff --git a/gnu/usr.bin/cc/cc1/Makefile b/gnu/usr.bin/cc/cc1/Makefile index e73b2c9..2d2c818 100644 --- a/gnu/usr.bin/cc/cc1/Makefile +++ b/gnu/usr.bin/cc/cc1/Makefile @@ -9,7 +9,7 @@ MAN= PROG= cc1 SRCS= main.c c-parser.c c-lang.c -BINDIR= /usr/libexec +BINDIR= ${LIBEXECDIR} .if ${MK_SHARED_TOOLCHAIN} == "no" NO_SHARED?=yes .endif diff --git a/gnu/usr.bin/cc/cc1plus/Makefile b/gnu/usr.bin/cc/cc1plus/Makefile index 742d7c6..2f55659 100644 --- a/gnu/usr.bin/cc/cc1plus/Makefile +++ b/gnu/usr.bin/cc/cc1plus/Makefile @@ -15,7 +15,7 @@ SRCS+= main.c cp-lang.c c-opts.c call.c class.c cvt.c cxx-pretty-print.c \ search.c semantics.c tree.c typeck.c typeck2.c optimize.c \ cp-objcp-common.c cp-gimplify.c tree-mudflap.c -BINDIR= /usr/libexec +BINDIR= ${LIBEXECDIR} .if ${MK_SHARED_TOOLCHAIN} == "no" NO_SHARED?=yes .endif diff --git a/gnu/usr.bin/cc/cc_tools/Makefile b/gnu/usr.bin/cc/cc_tools/Makefile index 8f75f43..31f6a85 100644 --- a/gnu/usr.bin/cc/cc_tools/Makefile +++ b/gnu/usr.bin/cc/cc_tools/Makefile @@ -217,6 +217,7 @@ tconfig.h: GENSRCS+= tconfig.h CLEANFILES+= cs-tconfig.h + # Options optionlist: ${OPT_FILES} LC_ALL=C awk -f ${GCCDIR}/opt-gather.awk ${.ALLSRC} > ${.TARGET} diff --git a/gnu/usr.bin/cc/collect2/Makefile b/gnu/usr.bin/cc/collect2/Makefile deleted file mode 100644 index 0b07b85..0000000 --- a/gnu/usr.bin/cc/collect2/Makefile +++ /dev/null @@ -1,11 +0,0 @@ -# $FreeBSD$ - -.include "../Makefile.inc" - -.PATH: ${GCCDIR} - -PROG= collect2 -SRCS= collect2.c tlink.c version.c -MAN= - -.include <bsd.prog.mk> diff --git a/gnu/usr.bin/cc/protoize/Makefile b/gnu/usr.bin/cc/protoize/Makefile deleted file mode 100644 index b851bed..0000000 --- a/gnu/usr.bin/cc/protoize/Makefile +++ /dev/null @@ -1,21 +0,0 @@ -# $FreeBSD$ - -.include "../Makefile.inc" - -.PATH: ${.CURDIR}/../cc_tools ${GCCDIR} - -PROG= protoize -MAN= - -# things are rather hard-coded, we work around that here -CFLAGS+= -DDEFAULT_TARGET_VERSION=\"\" -CFLAGS+= -DDEFAULT_TARGET_MACHINE=\"../libdata/gcc\" - -DPADD= ${LIBCC_INT} -LDADD= ${LIBCC_INT} - -CLEANFILES= config.h -config.h: auto-host.h freebsd-native.h - cat ${.ALLSRC} >${.TARGET} - -.include <bsd.prog.mk> diff --git a/gnu/usr.bin/groff/Makefile b/gnu/usr.bin/groff/Makefile index 2db554f..9733e19 100644 --- a/gnu/usr.bin/groff/Makefile +++ b/gnu/usr.bin/groff/Makefile @@ -6,4 +6,6 @@ SUBDIR= contrib doc font man src tmac SUBDIR_DEPEND_${subdir}= src .endfor +SUBDIR_PARALLEL= + .include <bsd.subdir.mk> diff --git a/gnu/usr.bin/groff/Makefile.inc b/gnu/usr.bin/groff/Makefile.inc index 053f385..67b61a8 100644 --- a/gnu/usr.bin/groff/Makefile.inc +++ b/gnu/usr.bin/groff/Makefile.inc @@ -127,6 +127,7 @@ revision=`sed -e 's/^0$$//' -e 's/^[1-9].*$$/.&/' $(GROFF_DIST)/REVISION` .sh .pl: @${ECHO} Making ${.TARGET} from ${.IMPSRC} + @rm -f ${.TARGET} @sed -e "s|@BINDIR@|${BINDIR}|g" \ -e 's|@GROFF_BIN_PATH_SETUP@|GROFF_RUNTIME="$${GROFF_BIN_PATH=${BINDIR}}:"|g' \ -e "s;@FONTDIR@;$(fontdir);g" \ diff --git a/gnu/usr.bin/rcs/Makefile b/gnu/usr.bin/rcs/Makefile index 4a9fd08..8b04270 100644 --- a/gnu/usr.bin/rcs/Makefile +++ b/gnu/usr.bin/rcs/Makefile @@ -1,3 +1,7 @@ -SUBDIR= lib ci co ident merge rcs rcsclean rcsdiff rcsmerge rlog rcsfreeze +# $FreeBSD$ + +SUBDIR= lib .WAIT \ + ci co ident merge rcs rcsclean rcsdiff rcsmerge rlog rcsfreeze +SUBDIR_PARALLEL= .include <bsd.subdir.mk> diff --git a/include/Makefile b/include/Makefile index 09b4080..1c2bf39 100644 --- a/include/Makefile +++ b/include/Makefile @@ -7,6 +7,7 @@ CLEANFILES= osreldate.h version vers.c SUBDIR= arpa protocols rpcsvc rpc xlocale +SUBDIR_PARALLEL= INCS= a.out.h ar.h assert.h bitstring.h complex.h cpio.h _ctype.h ctype.h \ db.h \ dirent.h dlfcn.h elf.h elf-hints.h err.h fmtmsg.h fnmatch.h fstab.h \ diff --git a/include/mk-osreldate.sh b/include/mk-osreldate.sh index 239a661..ed8311c 100755 --- a/include/mk-osreldate.sh +++ b/include/mk-osreldate.sh @@ -49,4 +49,4 @@ $COPYRIGHT #endif EOF chmod 644 $tmpfile -mv $tmpfile osreldate.h +mv -f $tmpfile osreldate.h diff --git a/kerberos5/Makefile.inc b/kerberos5/Makefile.inc index c59c332..5667599 100644 --- a/kerberos5/Makefile.inc +++ b/kerberos5/Makefile.inc @@ -35,7 +35,7 @@ ETSRCS= \ .for ET in ${ETSRCS} .for _ET in ${ET:T:R} .if ${SRCS:M${_ET}.[ch]} != "" -.ORDER: ${_ET}.c ${_ET}.h +.ORDER: ${_ET}.h ${_ET}.c ${_ET}.c ${_ET}.h: ${ET} compile_et ${.ALLSRC} CLEANFILES+= ${_ET}.h ${_ET}.c diff --git a/kerberos5/lib/libheimipcc/Makefile b/kerberos5/lib/libheimipcc/Makefile index eaab2d2..2dca400 100644 --- a/kerberos5/lib/libheimipcc/Makefile +++ b/kerberos5/lib/libheimipcc/Makefile @@ -11,7 +11,8 @@ SRCS= \ CFLAGS+= -I${KRB5DIR}/lib/roken \ -I${KRB5DIR}/base \ - -I${KRB5DIR}/lib/ipc + -I${KRB5DIR}/lib/ipc \ + -I${KRB5DIR}/include .include <bsd.lib.mk> diff --git a/lib/clang/clang.build.mk b/lib/clang/clang.build.mk index e13a38b..e29efc8 100644 --- a/lib/clang/clang.build.mk +++ b/lib/clang/clang.build.mk @@ -233,5 +233,4 @@ Checkers.inc.h: ${CLANG_SRCS}/lib/StaticAnalyzer/Checkers/Checkers.td .endfor SRCS+= ${TGHDRS:C/$/.inc.h/} -DPSRCS+= ${TGHDRS:C/$/.inc.h/} CLEANFILES+= ${TGHDRS:C/$/.inc.h/} ${TGHDRS:C/$/.inc.d/} diff --git a/lib/libarchive/tests/Makefile b/lib/libarchive/tests/Makefile index 3cd85f7..ddb36fa 100644 --- a/lib/libarchive/tests/Makefile +++ b/lib/libarchive/tests/Makefile @@ -247,9 +247,7 @@ BROKEN_TESTS+= test_fuzz_rar SRCS.libarchive_test= \ ${TESTS_SRCS} \ main.c \ - read_open_memory.c - -DPSRCS.libarchive_test= \ + read_open_memory.c \ list.h DPADD.libarchive_test= ${LIBARCHIVE} diff --git a/lib/libc/iconv/citrus_esdb.c b/lib/libc/iconv/citrus_esdb.c index 578cbc1..ed404a6 100644 --- a/lib/libc/iconv/citrus_esdb.c +++ b/lib/libc/iconv/citrus_esdb.c @@ -328,7 +328,7 @@ _citrus_esdb_get_list(char ***rlist, size_t *rnum, bool sorted) (int)_region_size(&data), (const char *)_region_head(&data)); if ((p = strchr(buf1, '/')) != NULL) - memcpy(buf1, p + 1, strlen(p) - 1); + memmove(buf1, p + 1, strlen(p) - 1); if ((p = strstr(buf1, ".esdb")) != NULL) *p = '\0'; snprintf(buf, sizeof(buf), "%s/%.*s", buf1, diff --git a/lib/libc/locale/Makefile.inc b/lib/libc/locale/Makefile.inc index c2f2f4e..d91d74a 100644 --- a/lib/libc/locale/Makefile.inc +++ b/lib/libc/locale/Makefile.inc @@ -78,6 +78,7 @@ MLINKS+=iswalnum_l.3 iswalpha_l.3 iswalnum_l.3 iswcntrl_l.3 \ iswalnum_l.3 iswspecial_l.3 iswalnum_l.3 nextwctype_l.3 \ iswalnum_l.3 towctrans_l.3 iswalnum_l.3 wctrans_l.3 MLINKS+=isxdigit.3 ishexnumber.3 +MLINKS+=localeconv.3 localeconv_l.3 MLINKS+=mbrtowc.3 mbrtoc16.3 mbrtowc.3 mbrtoc32.3 MLINKS+=mbsrtowcs.3 mbsnrtowcs.3 MLINKS+=wcrtomb.3 c16rtomb.3 wcrtomb.3 c32rtomb.3 diff --git a/lib/libc/tests/Makefile.netbsd-tests b/lib/libc/tests/Makefile.netbsd-tests index f364b1c..56472fb 100644 --- a/lib/libc/tests/Makefile.netbsd-tests +++ b/lib/libc/tests/Makefile.netbsd-tests @@ -4,4 +4,6 @@ OBJTOP?= ${.OBJDIR:H:H:H:H} SRCTOP?= ${.CURDIR:H:H:H:H} TESTSRC?= ${SRCTOP}/contrib/netbsd-tests/lib/libc/${.CURDIR:T} +WARNS?= 2 + .include <netbsd-tests.test.mk> diff --git a/lib/libc/tests/rpc/Makefile b/lib/libc/tests/rpc/Makefile index 0380294..153626b 100644 --- a/lib/libc/tests/rpc/Makefile +++ b/lib/libc/tests/rpc/Makefile @@ -1,7 +1,8 @@ # $FreeBSD$ TESTSDIR= ${TESTSBASE}/lib/libc/rpc -SRCS.xdr_test= ${RPCSRC:.x=_xdr.c} t_xdr.c ${RPCSRC:.x=.h} +SRCS.xdr_test= ${RPCSRC:.x=_xdr.c} t_xdr.c ${RPCSRC:.x=.h} \ + h_testbits.h NETBSD_ATF_TESTS_C= rpc_test NETBSD_ATF_TESTS_C+= xdr_test @@ -17,7 +18,6 @@ h_testbits_xdr.c: ${RPCSRC} h_testbits.h CLEANFILES+= ${RPCSRC:.x=.h} ${RPCSRC:.x=.c} h_testbits_xdr.c CFLAGS+= -I${.OBJDIR} -DPSRCS+= h_testbits.h LDADD+= -lrpcsvc -lutil DPADD+= ${LIBRPCSVC} ${LIBUTIL} diff --git a/lib/libc/tests/stdio/Makefile b/lib/libc/tests/stdio/Makefile index 23d5c1e..06ceb46 100644 --- a/lib/libc/tests/stdio/Makefile +++ b/lib/libc/tests/stdio/Makefile @@ -1,8 +1,24 @@ # $FreeBSD$ +.include <bsd.own.mk> + TESTSDIR= ${TESTSBASE}/lib/libc/stdio -ATF_TESTS_C= fmemopen2_test +ATF_TESTS_C+= fdopen_test +ATF_TESTS_C+= fmemopen2_test +ATF_TESTS_C+= fopen2_test +ATF_TESTS_C+= freopen_test +ATF_TESTS_C+= getdelim_test +ATF_TESTS_C+= mkostemp_test +ATF_TESTS_C+= open_memstream_test +ATF_TESTS_C+= open_wmemstream_test +ATF_TESTS_C+= perror_test +ATF_TESTS_C+= print_positional_test +ATF_TESTS_C+= printbasic_test +ATF_TESTS_C+= printfloat_test +ATF_TESTS_C+= scanfloat_test + +SRCS.fopen2_test= fopen_test.c NETBSD_ATF_TESTS_C= clearerr_test NETBSD_ATF_TESTS_C+= fflush_test @@ -14,6 +30,18 @@ NETBSD_ATF_TESTS_C+= popen_test NETBSD_ATF_TESTS_C+= printf_test NETBSD_ATF_TESTS_C+= scanf_test +DPADD.printfloat_test+= ${LIBM} +LDADD.printfloat_test+= -lm + +DPADD.scanfloat_test+= ${LIBM} +LDADD.scanfloat_test+= -lm + +.if ${COMPILER_TYPE} == "gcc" +# 90: use of assignment suppression and length modifier together in scanf format +PROG_OVERRIDE_VARS+= NO_WFORMAT +NO_WFORMAT.scanfloat_test= +.endif + .include "../Makefile.netbsd-tests" .include <bsd.test.mk> diff --git a/lib/libc/tests/stdio/fdopen_test.c b/lib/libc/tests/stdio/fdopen_test.c new file mode 100644 index 0000000..060635a --- /dev/null +++ b/lib/libc/tests/stdio/fdopen_test.c @@ -0,0 +1,225 @@ +/*- + * Copyright (c) 2014 Jilles Tjoelker + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include <sys/cdefs.h> +__FBSDID("$FreeBSD$"); + +#include <errno.h> +#include <fcntl.h> +#include <paths.h> +#include <stdbool.h> +#include <stdio.h> +#include <string.h> +#include <unistd.h> + +#include <atf-c.h> + +static void +runtest(const char *fname, int intmode, const char *strmode, bool success) +{ + FILE *fp; + int fd; + + fd = open(fname, intmode); + ATF_REQUIRE_MSG(fd != -1, + "open(\"%s\", %#x) failed; errno=%d", fname, intmode, errno); + + fp = fdopen(fd, strmode); + if (fp == NULL) { + close(fd); + ATF_REQUIRE_MSG(success == false, + "fdopen(open(\"%s\", %#x), \"%s\") succeeded unexpectedly", + fname, intmode, strmode); + return; + } + ATF_REQUIRE_MSG(success == true, + "fdopen(open(\"%s\", %#x), \"%s\") failed; errno=%d", + fname, intmode, strmode, errno); + fclose(fp); +} + +ATF_TC_WITHOUT_HEAD(null__O_RDONLY__r_test); +ATF_TC_BODY(null__O_RDONLY__r_test, tc) +{ + + runtest(_PATH_DEVNULL, O_RDONLY, "r", true); +} + +ATF_TC_WITHOUT_HEAD(null__O_WRONLY__r_test); +ATF_TC_BODY(null__O_WRONLY__r_test, tc) +{ + + runtest(_PATH_DEVNULL, O_WRONLY, "r", false); +} + +ATF_TC_WITHOUT_HEAD(null__O_RDWR__r_test); +ATF_TC_BODY(null__O_RDWR__r_test, tc) +{ + + runtest(_PATH_DEVNULL, O_RDWR, "r", true); +} + +ATF_TC_WITHOUT_HEAD(null__O_RDONLY__w_test); +ATF_TC_BODY(null__O_RDONLY__w_test, tc) +{ + + runtest(_PATH_DEVNULL, O_RDONLY, "w", false); +} + +ATF_TC_WITHOUT_HEAD(null__O_WRONLY__w_test); +ATF_TC_BODY(null__O_WRONLY__w_test, tc) +{ + + runtest(_PATH_DEVNULL, O_WRONLY, "w", true); +} + +ATF_TC_WITHOUT_HEAD(null__O_RDWR__w_test); +ATF_TC_BODY(null__O_RDWR__w_test, tc) +{ + + runtest(_PATH_DEVNULL, O_RDWR, "w", true); +} + +ATF_TC_WITHOUT_HEAD(null__O_RDONLY__a_test); +ATF_TC_BODY(null__O_RDONLY__a_test, tc) +{ + + runtest(_PATH_DEVNULL, O_RDONLY, "a", false); +} + +ATF_TC_WITHOUT_HEAD(null__O_WRONLY__a_test); +ATF_TC_BODY(null__O_WRONLY__a_test, tc) +{ + + runtest(_PATH_DEVNULL, O_WRONLY, "a", true); +} + +ATF_TC_WITHOUT_HEAD(null__O_RDWR__test); +ATF_TC_BODY(null__O_RDWR__test, tc) +{ + + runtest(_PATH_DEVNULL, O_RDWR, "a", true); +} + +ATF_TC_WITHOUT_HEAD(null__O_RDONLY__r_append); +ATF_TC_BODY(null__O_RDONLY__r_append, tc) +{ + + runtest(_PATH_DEVNULL, O_RDONLY, "r+", false); +} + +ATF_TC_WITHOUT_HEAD(null__O_WRONLY__r_append); +ATF_TC_BODY(null__O_WRONLY__r_append, tc) +{ + + runtest(_PATH_DEVNULL, O_WRONLY, "r+", false); +} + +ATF_TC_WITHOUT_HEAD(null__O_RDWR__r_append); +ATF_TC_BODY(null__O_RDWR__r_append, tc) +{ + + runtest(_PATH_DEVNULL, O_RDWR, "r+", true); +} + +ATF_TC_WITHOUT_HEAD(null__O_RDONLY__w_append); +ATF_TC_BODY(null__O_RDONLY__w_append, tc) +{ + + runtest(_PATH_DEVNULL, O_RDONLY, "w+", false); +} + +ATF_TC_WITHOUT_HEAD(null__O_WRONLY__w_append); +ATF_TC_BODY(null__O_WRONLY__w_append, tc) +{ + + runtest(_PATH_DEVNULL, O_WRONLY, "w+", false); +} + +ATF_TC_WITHOUT_HEAD(null__O_RDWR__w_append); +ATF_TC_BODY(null__O_RDWR__w_append, tc) +{ + + runtest(_PATH_DEVNULL, O_RDWR, "w+", true); +} + +ATF_TC_WITHOUT_HEAD(sh__O_EXEC__r); +ATF_TC_BODY(sh__O_EXEC__r, tc) +{ + + runtest("/bin/sh", O_EXEC, "r", false); +} + +ATF_TC_WITHOUT_HEAD(sh__O_EXEC__w); +ATF_TC_BODY(sh__O_EXEC__w, tc) +{ + + runtest("/bin/sh", O_EXEC, "w", false); +} + +ATF_TC_WITHOUT_HEAD(sh__O_EXEC__r_append); +ATF_TC_BODY(sh__O_EXEC__r_append, tc) +{ + + runtest("/bin/sh", O_EXEC, "r+", false); +} + +ATF_TC_WITHOUT_HEAD(sh__O_EXEC__w_append); +ATF_TC_BODY(sh__O_EXEC__w_append, tc) +{ + + runtest("/bin/sh", O_EXEC, "w+", false); +} + +ATF_TP_ADD_TCS(tp) +{ + + ATF_TP_ADD_TC(tp, null__O_RDONLY__r_test); + ATF_TP_ADD_TC(tp, null__O_WRONLY__r_test); + ATF_TP_ADD_TC(tp, null__O_RDWR__r_test); + ATF_TP_ADD_TC(tp, null__O_RDONLY__w_test); + ATF_TP_ADD_TC(tp, null__O_WRONLY__w_test); + ATF_TP_ADD_TC(tp, null__O_RDWR__w_test); + ATF_TP_ADD_TC(tp, null__O_RDONLY__a_test); + ATF_TP_ADD_TC(tp, null__O_WRONLY__a_test); + ATF_TP_ADD_TC(tp, null__O_RDWR__test); + ATF_TP_ADD_TC(tp, null__O_RDONLY__r_append); + ATF_TP_ADD_TC(tp, null__O_WRONLY__r_append); + ATF_TP_ADD_TC(tp, null__O_RDWR__r_append); + ATF_TP_ADD_TC(tp, null__O_RDONLY__w_append); + ATF_TP_ADD_TC(tp, null__O_WRONLY__w_append); + ATF_TP_ADD_TC(tp, null__O_RDWR__w_append); + ATF_TP_ADD_TC(tp, sh__O_EXEC__r); + ATF_TP_ADD_TC(tp, sh__O_EXEC__w); + ATF_TP_ADD_TC(tp, sh__O_EXEC__r_append); + ATF_TP_ADD_TC(tp, sh__O_EXEC__w_append); + + return (atf_no_error()); +} + +/* + vim:ts=8:cin:sw=8 + */ diff --git a/lib/libc/tests/stdio/fmemopen2_test.c b/lib/libc/tests/stdio/fmemopen2_test.c index d137780..62831fb 100644 --- a/lib/libc/tests/stdio/fmemopen2_test.c +++ b/lib/libc/tests/stdio/fmemopen2_test.c @@ -35,15 +35,13 @@ __FBSDID("$FreeBSD$"); #include <stdio.h> #include <string.h> #include <strings.h> + #include <atf-c.h> ATF_TC_WITHOUT_HEAD(test_preexisting); ATF_TC_BODY(test_preexisting, tc) { - /* - * Use a pre-existing buffer. - */ - + /* Use a pre-existing buffer. */ char buf[512]; char buf2[512]; char str[] = "Test writing some stuff"; @@ -74,7 +72,7 @@ ATF_TC_BODY(test_preexisting, tc) nofr = fread(buf2, 1, sizeof(buf2), fp); ATF_REQUIRE(nofr == sizeof(buf2)); - /* + /* * Since a write on a FILE * retrieved by fmemopen * will add a '\0' (if there's space), we can check * the strings for equality. @@ -105,14 +103,10 @@ ATF_TC_BODY(test_preexisting, tc) ATF_TC_WITHOUT_HEAD(test_autoalloc); ATF_TC_BODY(test_autoalloc, tc) { - /* - * Let fmemopen allocate the buffer. - */ - - char str[] = "A quick test"; + /* Let fmemopen allocate the buffer. */ FILE *fp; long pos; - size_t nofw, nofr, i; + size_t nofw, i; int rc; /* Open a FILE * using fmemopen. */ @@ -129,9 +123,7 @@ ATF_TC_BODY(test_autoalloc, tc) pos = ftell(fp); ATF_REQUIRE(pos == 512); - /* - * Try to write past the end, we should get a short object count (0) - */ + /* Try to write past the end, we should get a short object count (0) */ nofw = fwrite("a", 1, 1, fp); ATF_REQUIRE(nofw == 0); @@ -172,10 +164,7 @@ ATF_TC_BODY(test_data_length, tc) nofw = fwrite(str, 1, sizeof(str), fp); ATF_REQUIRE(nofw == sizeof(str)); - /* - * Now seek to the end and check that ftell - * gives us sizeof(str). - */ + /* Now seek to the end and check that ftell gives us sizeof(str). */ rc = fseek(fp, 0, SEEK_END); ATF_REQUIRE(rc == 0); pos = ftell(fp); @@ -263,9 +252,7 @@ ATF_TC_BODY(test_append_binary_pos, tc) ATF_REQUIRE(ftell(fp) == 0L); fclose(fp); - /* - * Make sure that a pre-allocated buffer behaves correctly. - */ + /* Make sure that a pre-allocated buffer behaves correctly. */ char buf[] = "Hello"; fp = fmemopen(buf, sizeof(buf), "ab+"); ATF_REQUIRE(ftell(fp) == strlen(buf)); @@ -275,9 +262,7 @@ ATF_TC_BODY(test_append_binary_pos, tc) ATF_TC_WITHOUT_HEAD(test_size_0); ATF_TC_BODY(test_size_0, tc) { - /* - * POSIX mandates that we return EINVAL if size is 0. - */ + /* POSIX mandates that we return EINVAL if size is 0. */ FILE *fp; diff --git a/lib/libc/tests/stdio/fopen_test.c b/lib/libc/tests/stdio/fopen_test.c new file mode 100644 index 0000000..962e7fd --- /dev/null +++ b/lib/libc/tests/stdio/fopen_test.c @@ -0,0 +1,205 @@ +/*- + * Copyright (c) 2013 Jilles Tjoelker + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include <sys/cdefs.h> +__FBSDID("$FreeBSD$"); + +#include <fcntl.h> +#include <paths.h> +#include <stdio.h> +#include <string.h> + +#include <atf-c.h> + +/* + * O_ACCMODE is currently defined incorrectly. This is what it should be. + * Various code depends on the incorrect value. + */ +#define CORRECT_O_ACCMODE (O_ACCMODE | O_EXEC) + +static void +runtest(const char *fname, const char *mode) +{ + FILE *fp; + int exp_fget_ret, fget_ret, fd, flags, wantedflags; + + fp = fopen(fname, mode); + ATF_REQUIRE_MSG(fp != NULL, + "fopen(\"%s\", \"%s\") failed", fname, mode); + fd = fileno(fp); + ATF_REQUIRE_MSG(fd >= 0, "fileno() failed for fopen"); + exp_fget_ret = strchr(mode, 'e') != NULL ? FD_CLOEXEC : 0; + ATF_REQUIRE_MSG((fget_ret = fcntl(fd, F_GETFD)) == exp_fget_ret, + "fcntl(.., F_GETFD) didn't FD_CLOEXEC as expected %d != %d", + exp_fget_ret, fget_ret); + flags = fcntl(fd, F_GETFL); + if (strchr(mode, '+')) + wantedflags = O_RDWR | (*mode == 'a' ? O_APPEND : 0); + else if (*mode == 'r') + wantedflags = O_RDONLY; + else if (*mode == 'w') + wantedflags = O_WRONLY; + else if (*mode == 'a') + wantedflags = O_WRONLY | O_APPEND; + else + wantedflags = -1; + fclose(fp); + if (wantedflags == -1) + atf_tc_fail("unrecognized mode: %s", mode); + else if ((flags & (CORRECT_O_ACCMODE | O_APPEND)) != wantedflags) + atf_tc_fail("incorrect access mode: %s", mode); +} + +ATF_TC_WITHOUT_HEAD(fopen_r_test); +ATF_TC_BODY(fopen_r_test, tc) +{ + + runtest(_PATH_DEVNULL, "r"); +} + +ATF_TC_WITHOUT_HEAD(fopen_r_append_test); +ATF_TC_BODY(fopen_r_append_test, tc) +{ + + runtest(_PATH_DEVNULL, "r+"); +} + +ATF_TC_WITHOUT_HEAD(fopen_w_test); +ATF_TC_BODY(fopen_w_test, tc) +{ + + runtest(_PATH_DEVNULL, "w"); +} + +ATF_TC_WITHOUT_HEAD(fopen_w_append_test); +ATF_TC_BODY(fopen_w_append_test, tc) +{ + + runtest(_PATH_DEVNULL, "w+"); +} + +ATF_TC_WITHOUT_HEAD(fopen_a_test); +ATF_TC_BODY(fopen_a_test, tc) +{ + + runtest(_PATH_DEVNULL, "a"); +} + +ATF_TC_WITHOUT_HEAD(fopen_a_append_test); +ATF_TC_BODY(fopen_a_append_test, tc) +{ + + runtest(_PATH_DEVNULL, "a+"); +} + +ATF_TC_WITHOUT_HEAD(fopen_re_test); +ATF_TC_BODY(fopen_re_test, tc) +{ + + runtest(_PATH_DEVNULL, "re"); +} + +ATF_TC_WITHOUT_HEAD(fopen_r_append_e_test); +ATF_TC_BODY(fopen_r_append_e_test, tc) +{ + + runtest(_PATH_DEVNULL, "r+e"); +} + +ATF_TC_WITHOUT_HEAD(fopen_we_test); +ATF_TC_BODY(fopen_we_test, tc) +{ + + runtest(_PATH_DEVNULL, "we"); +} + +ATF_TC_WITHOUT_HEAD(fopen_w_append_e_test); +ATF_TC_BODY(fopen_w_append_e_test, tc) +{ + + runtest(_PATH_DEVNULL, "w+e"); +} + +ATF_TC_WITHOUT_HEAD(fopen_ae_test); +ATF_TC_BODY(fopen_ae_test, tc) +{ + + runtest(_PATH_DEVNULL, "ae"); +} + +ATF_TC_WITHOUT_HEAD(fopen_a_append_e_test); +ATF_TC_BODY(fopen_a_append_e_test, tc) +{ + + runtest(_PATH_DEVNULL, "a+e"); +} + +ATF_TC_WITHOUT_HEAD(fopen_re_append_test); +ATF_TC_BODY(fopen_re_append_test, tc) +{ + + runtest(_PATH_DEVNULL, "re+"); +} + +ATF_TC_WITHOUT_HEAD(fopen_we_append_test); +ATF_TC_BODY(fopen_we_append_test, tc) +{ + + runtest(_PATH_DEVNULL, "we+"); +} + +ATF_TC_WITHOUT_HEAD(fopen_ae_append_test); +ATF_TC_BODY(fopen_ae_append_test, tc) +{ + + runtest(_PATH_DEVNULL, "ae+"); +} + +ATF_TP_ADD_TCS(tp) +{ + + ATF_TP_ADD_TC(tp, fopen_r_test); + ATF_TP_ADD_TC(tp, fopen_r_append_test); + ATF_TP_ADD_TC(tp, fopen_w_test); + ATF_TP_ADD_TC(tp, fopen_w_append_test); + ATF_TP_ADD_TC(tp, fopen_a_test); + ATF_TP_ADD_TC(tp, fopen_a_append_test); + ATF_TP_ADD_TC(tp, fopen_re_test); + ATF_TP_ADD_TC(tp, fopen_r_append_e_test); + ATF_TP_ADD_TC(tp, fopen_we_test); + ATF_TP_ADD_TC(tp, fopen_w_append_e_test); + ATF_TP_ADD_TC(tp, fopen_ae_test); + ATF_TP_ADD_TC(tp, fopen_a_append_e_test); + ATF_TP_ADD_TC(tp, fopen_re_append_test); + ATF_TP_ADD_TC(tp, fopen_we_append_test); + ATF_TP_ADD_TC(tp, fopen_ae_append_test); + + return (atf_no_error()); +} + +/* + vim:ts=8:cin:sw=8 + */ diff --git a/lib/libc/tests/stdio/freopen_test.c b/lib/libc/tests/stdio/freopen_test.c new file mode 100644 index 0000000..1719927 --- /dev/null +++ b/lib/libc/tests/stdio/freopen_test.c @@ -0,0 +1,224 @@ +/*- + * Copyright (c) 2014 Jilles Tjoelker + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include <sys/cdefs.h> +__FBSDID("$FreeBSD$"); + +#include <errno.h> +#include <paths.h> +#include <stdbool.h> +#include <stdio.h> +#include <string.h> + +#include <atf-c.h> + +static void +runtest(const char *fname1, const char *mode1, const char *fname2, + const char *mode2, bool success) +{ + FILE *fp1, *fp2; + const char *fname2_print; + + fname2_print = fname2 != NULL ? fname2 : "<NULL>"; + fp1 = fopen(fname1, mode1); + ATF_REQUIRE_MSG(fp1 != NULL, + "fopen(\"%s\", \"%s\") failed; errno=%d", fname1, mode1, errno); + fp2 = freopen(fname2, mode2, fp1); + if (fp2 == NULL) { + fclose(fp1); + ATF_REQUIRE_MSG(success == false, + "freopen(\"%s\", \"%s\", fopen(\"%s\", \"%s\")) succeeded " + "unexpectedly", fname2_print, mode2, fname1, mode1); + return; + } + ATF_REQUIRE_MSG(success == true, + "freopen(\"%s\", \"%s\", fopen(\"%s\", \"%s\")) failed: %d", + fname2_print, mode2, fname1, mode1, errno); + fclose(fp2); +} + +ATF_TC_WITHOUT_HEAD(null__r__r__test); +ATF_TC_BODY(null__r__r__test, tc) +{ + + runtest(_PATH_DEVNULL, "r", NULL, "r", true); +} + +ATF_TC_WITHOUT_HEAD(null__w__r__test); +ATF_TC_BODY(null__w__r__test, tc) +{ + + runtest(_PATH_DEVNULL, "w", NULL, "r", false); +} + +ATF_TC_WITHOUT_HEAD(null__r_append__r__test); +ATF_TC_BODY(null__r_append__r__test, tc) +{ + + runtest(_PATH_DEVNULL, "r+", NULL, "r", true); +} + +ATF_TC_WITHOUT_HEAD(null__r__w__test); +ATF_TC_BODY(null__r__w__test, tc) +{ + + runtest(_PATH_DEVNULL, "r", NULL, "w", false); +} + +ATF_TC_WITHOUT_HEAD(null__w__w__test); +ATF_TC_BODY(null__w__w__test, tc) +{ + + runtest(_PATH_DEVNULL, "w", NULL, "w", true); +} + +ATF_TC_WITHOUT_HEAD(null__r_append__w__test); +ATF_TC_BODY(null__r_append__w__test, tc) +{ + + runtest(_PATH_DEVNULL, "r+", NULL, "w", true); +} + +ATF_TC_WITHOUT_HEAD(null__r__a__test); +ATF_TC_BODY(null__r__a__test, tc) +{ + + runtest(_PATH_DEVNULL, "r", NULL, "a", false); +} + +ATF_TC_WITHOUT_HEAD(null__w__a__test); +ATF_TC_BODY(null__w__a__test, tc) +{ + + runtest(_PATH_DEVNULL, "w", NULL, "a", true); +} + +ATF_TC_WITHOUT_HEAD(null__r_append__a__test); +ATF_TC_BODY(null__r_append__a__test, tc) +{ + + runtest(_PATH_DEVNULL, "r+", NULL, "a", true); +} + +ATF_TC_WITHOUT_HEAD(null__r__r_append__test); +ATF_TC_BODY(null__r__r_append__test, tc) +{ + + runtest(_PATH_DEVNULL, "r", NULL, "r+", false); +} + +ATF_TC_WITHOUT_HEAD(null__w__r_append__test); +ATF_TC_BODY(null__w__r_append__test, tc) +{ + + runtest(_PATH_DEVNULL, "w", NULL, "r+", false); +} + +ATF_TC_WITHOUT_HEAD(null__r_append__r_append__test); +ATF_TC_BODY(null__r_append__r_append__test, tc) +{ + + runtest(_PATH_DEVNULL, "r+", NULL, "r+", true); +} + +ATF_TC_WITHOUT_HEAD(null__r__w_append__test); +ATF_TC_BODY(null__r__w_append__test, tc) +{ + + runtest(_PATH_DEVNULL, "r", NULL, "w+", false); +} + +ATF_TC_WITHOUT_HEAD(null__w__w_append__test); +ATF_TC_BODY(null__w__w_append__test, tc) +{ + + runtest(_PATH_DEVNULL, "w", NULL, "w+", false); +} + +ATF_TC_WITHOUT_HEAD(null__r_append__w_append__test); +ATF_TC_BODY(null__r_append__w_append__test, tc) +{ + + runtest(_PATH_DEVNULL, "r+", NULL, "w+", true); +} + +ATF_TC_WITHOUT_HEAD(sh__r__r__test); +ATF_TC_BODY(sh__r__r__test, tc) +{ + + runtest("/bin/sh", "r", NULL, "r", true); +} + +ATF_TC_WITHOUT_HEAD(sh__sh__r__r__test); +ATF_TC_BODY(sh__sh__r__r__test, tc) +{ + + runtest("/bin/sh", "r", "/bin/sh", "r", true); +} + +ATF_TC_WITHOUT_HEAD(sh__null__r__r__test); +ATF_TC_BODY(sh__null__r__r__test, tc) +{ + + runtest("/bin/sh", "r", _PATH_DEVNULL, "r", true); +} + +ATF_TC_WITHOUT_HEAD(sh__null__r__w__test); +ATF_TC_BODY(sh__null__r__w__test, tc) +{ + + runtest("/bin/sh", "r", _PATH_DEVNULL, "w", true); +} + +ATF_TP_ADD_TCS(tp) +{ + + ATF_TP_ADD_TC(tp, null__r__r__test); + ATF_TP_ADD_TC(tp, null__w__r__test); + ATF_TP_ADD_TC(tp, null__r_append__r__test); + ATF_TP_ADD_TC(tp, null__r__w__test); + ATF_TP_ADD_TC(tp, null__w__w__test); + ATF_TP_ADD_TC(tp, null__r_append__w__test); + ATF_TP_ADD_TC(tp, null__r__a__test); + ATF_TP_ADD_TC(tp, null__w__a__test); + ATF_TP_ADD_TC(tp, null__r_append__a__test); + ATF_TP_ADD_TC(tp, null__r__r_append__test); + ATF_TP_ADD_TC(tp, null__w__r_append__test); + ATF_TP_ADD_TC(tp, null__r_append__r_append__test); + ATF_TP_ADD_TC(tp, null__r__w_append__test); + ATF_TP_ADD_TC(tp, null__w__w_append__test); + ATF_TP_ADD_TC(tp, null__r_append__w_append__test); + ATF_TP_ADD_TC(tp, sh__r__r__test); + ATF_TP_ADD_TC(tp, sh__sh__r__r__test); + ATF_TP_ADD_TC(tp, sh__null__r__r__test); + ATF_TP_ADD_TC(tp, sh__null__r__w__test); + + return (atf_no_error()); +} + +/* + vim:ts=8:cin:sw=8 + */ diff --git a/tools/regression/lib/libc/stdio/test-getdelim.c b/lib/libc/tests/stdio/getdelim_test.c index c68c21e..5ef589a 100644 --- a/tools/regression/lib/libc/stdio/test-getdelim.c +++ b/lib/libc/tests/stdio/getdelim_test.c @@ -28,12 +28,13 @@ __FBSDID("$FreeBSD$"); #define _WITH_GETLINE -#include <assert.h> #include <errno.h> #include <stdio.h> #include <stdlib.h> #include <string.h> +#include <atf-c.h> + #define CHUNK_MAX 10 /* The assertions depend on this string. */ @@ -70,18 +71,16 @@ mkfilebuf(void) return (fropen(offp, _reader)); } -int -main(int argc, char *argv[]) +ATF_TC_WITHOUT_HEAD(getline_basic); +ATF_TC_BODY(getline_basic, tc) { FILE *fp; char *line; size_t linecap; - int i, n; + int i; srandom(0); - printf("1..6\n"); - /* * Test multiple times with different buffer sizes * and different _reader() return values. @@ -92,96 +91,148 @@ main(int argc, char *argv[]) linecap = i; line = malloc(i); /* First line: the full apothegm */ - assert(getline(&line, &linecap, fp) == sizeof(apothegm) - 1); - assert(memcmp(line, apothegm, sizeof(apothegm)) == 0); - assert(linecap >= sizeof(apothegm)); + ATF_REQUIRE(getline(&line, &linecap, fp) == sizeof(apothegm) - 1); + ATF_REQUIRE(memcmp(line, apothegm, sizeof(apothegm)) == 0); + ATF_REQUIRE(linecap >= sizeof(apothegm)); /* Second line: the NUL terminator following the newline */ - assert(getline(&line, &linecap, fp) == 1); - assert(line[0] == '\0' && line[1] == '\0'); + ATF_REQUIRE(getline(&line, &linecap, fp) == 1); + ATF_REQUIRE(line[0] == '\0' && line[1] == '\0'); /* Third line: EOF */ line[0] = 'X'; - assert(getline(&line, &linecap, fp) == -1); - assert(line[0] == '\0'); + ATF_REQUIRE(getline(&line, &linecap, fp) == -1); + ATF_REQUIRE(line[0] == '\0'); free(line); line = NULL; - assert(feof(fp)); - assert(!ferror(fp)); + ATF_REQUIRE(feof(fp)); + ATF_REQUIRE(!ferror(fp)); fclose(fp); } - assert(errno == 0); - printf("ok 1 - getline basic\n"); + ATF_REQUIRE(errno == 0); +} + +ATF_TC_WITHOUT_HEAD(stream_error); +ATF_TC_BODY(stream_error, tc) +{ + char *line; + size_t linecap; /* Make sure read errors are handled properly. */ + line = NULL; linecap = 0; errno = 0; - assert(getline(&line, &linecap, stdout) == -1); - assert(errno == EBADF); + ATF_REQUIRE(getline(&line, &linecap, stdout) == -1); + ATF_REQUIRE(errno == EBADF); errno = 0; - assert(getdelim(&line, &linecap, 'X', stdout) == -1); - assert(errno == EBADF); - assert(ferror(stdout)); - printf("ok 2 - stream error\n"); + ATF_REQUIRE(getdelim(&line, &linecap, 'X', stdout) == -1); + ATF_REQUIRE(errno == EBADF); + ATF_REQUIRE(ferror(stdout)); +} + +ATF_TC_WITHOUT_HEAD(invalid_params); +ATF_TC_BODY(invalid_params, tc) +{ + FILE *fp; + char *line; + size_t linecap; /* Make sure NULL linep or linecapp pointers are handled. */ fp = mkfilebuf(); - assert(getline(NULL, &linecap, fp) == -1); - assert(errno == EINVAL); - assert(getline(&line, NULL, fp) == -1); - assert(errno == EINVAL); - assert(ferror(fp)); + ATF_REQUIRE(getline(NULL, &linecap, fp) == -1); + ATF_REQUIRE(errno == EINVAL); + ATF_REQUIRE(getline(&line, NULL, fp) == -1); + ATF_REQUIRE(errno == EINVAL); + ATF_REQUIRE(ferror(fp)); fclose(fp); - printf("ok 3 - invalid params\n"); +} + +ATF_TC_WITHOUT_HEAD(eof); +ATF_TC_BODY(eof, tc) +{ + FILE *fp; + char *line; + size_t linecap; /* Make sure getline() allocates memory as needed if fp is at EOF. */ errno = 0; fp = mkfilebuf(); while (!feof(fp)) /* advance to EOF; can't fseek this stream */ getc(fp); - free(line); line = NULL; linecap = 0; - assert(getline(&line, &linecap, fp) == -1); - assert(line[0] == '\0'); - assert(linecap > 0); - assert(errno == 0); - assert(feof(fp)); - assert(!ferror(fp)); + printf("getline\n"); + ATF_REQUIRE(getline(&line, &linecap, fp) == -1); + ATF_REQUIRE(line[0] == '\0'); + ATF_REQUIRE(linecap > 0); + ATF_REQUIRE(errno == 0); + printf("feof\n"); + errno = 0; + ATF_REQUIRE(feof(fp)); + ATF_REQUIRE(!ferror(fp)); fclose(fp); - printf("ok 4 - eof\n"); +} + +ATF_TC_WITHOUT_HEAD(nul); +ATF_TC_BODY(nul, tc) +{ + FILE *fp; + char *line; + size_t linecap, n; + errno = 0; + line = NULL; + linecap = 0; /* Make sure a NUL delimiter works. */ fp = mkfilebuf(); n = strlen(apothegm); - assert(getdelim(&line, &linecap, '\0', fp) == n + 1); - assert(strcmp(line, apothegm) == 0); - assert(line[n + 1] == '\0'); - assert(linecap > n + 1); + printf("getdelim\n"); + ATF_REQUIRE(getdelim(&line, &linecap, '\0', fp) == n + 1); + ATF_REQUIRE(strcmp(line, apothegm) == 0); + ATF_REQUIRE(line[n + 1] == '\0'); + ATF_REQUIRE(linecap > n + 1); n = strlen(apothegm + n + 1); - assert(getdelim(&line, &linecap, '\0', fp) == n + 1); - assert(line[n + 1] == '\0'); - assert(linecap > n + 1); - assert(errno == 0); - assert(!ferror(fp)); + printf("getdelim 2\n"); + ATF_REQUIRE(getdelim(&line, &linecap, '\0', fp) == n + 1); + ATF_REQUIRE(line[n + 1] == '\0'); + ATF_REQUIRE(linecap > n + 1); + ATF_REQUIRE(errno == 0); + ATF_REQUIRE(!ferror(fp)); fclose(fp); - printf("ok 5 - nul\n"); +} + +ATF_TC_WITHOUT_HEAD(empty_NULL_buffer); +ATF_TC_BODY(empty_NULL_buffer, tc) +{ + FILE *fp; + char *line; + size_t linecap; /* Make sure NULL *linep and zero *linecapp are handled. */ fp = mkfilebuf(); free(line); line = NULL; linecap = 42; - assert(getline(&line, &linecap, fp) == sizeof(apothegm) - 1); - assert(memcmp(line, apothegm, sizeof(apothegm)) == 0); + ATF_REQUIRE(getline(&line, &linecap, fp) == sizeof(apothegm) - 1); + ATF_REQUIRE(memcmp(line, apothegm, sizeof(apothegm)) == 0); fp = mkfilebuf(); free(line); line = malloc(100); linecap = 0; - assert(getline(&line, &linecap, fp) == sizeof(apothegm) - 1); - assert(memcmp(line, apothegm, sizeof(apothegm)) == 0); + ATF_REQUIRE(getline(&line, &linecap, fp) == sizeof(apothegm) - 1); + ATF_REQUIRE(memcmp(line, apothegm, sizeof(apothegm)) == 0); free(line); - assert(!ferror(fp)); + ATF_REQUIRE(!ferror(fp)); fclose(fp); - printf("ok 6 - empty/NULL initial buffer\n"); +} + +ATF_TP_ADD_TCS(tp) +{ + + ATF_TP_ADD_TC(tp, getline_basic); + ATF_TP_ADD_TC(tp, stream_error); + ATF_TP_ADD_TC(tp, eof); + ATF_TP_ADD_TC(tp, invalid_params); + ATF_TP_ADD_TC(tp, nul); + ATF_TP_ADD_TC(tp, empty_NULL_buffer); - exit(0); + return (atf_no_error()); } diff --git a/tools/regression/lib/libc/stdio/test-mkostemp.c b/lib/libc/tests/stdio/mkostemp_test.c index 5f67c72..0dd475b 100644 --- a/tools/regression/lib/libc/stdio/test-mkostemp.c +++ b/lib/libc/tests/stdio/mkostemp_test.c @@ -41,7 +41,9 @@ __FBSDID("$FreeBSD$"); #include <string.h> #include <unistd.h> -static const char template[] = _PATH_TMP "mkostemp.XXXXXXXX"; +#include <atf-c.h> + +static const char template[] = "mkostemp.XXXXXXXX"; static int testnum; #define MISCFLAGS (O_APPEND | O_DIRECT | O_SHLOCK | O_EXLOCK | O_SYNC) @@ -131,34 +133,53 @@ test_one(int oflags) (void)unlink(tmpf); } -static void -test_badflags(void) +ATF_TC_WITHOUT_HEAD(zero); +ATF_TC_BODY(zero, tc) { - char tmpf[sizeof(template)]; - memcpy(tmpf, template, sizeof(tmpf)); - if (mkostemp(tmpf, O_CREAT) == -1) - printf("ok %d - mkostemp(O_CREAT) correctly failed\n", - testnum++); - else - printf("not ok %d - mkostemp(O_CREAT) wrongly succeeded\n", - testnum++); + test_one(0); } -int -main(int argc, char *argv[]) +ATF_TC_WITHOUT_HEAD(O_CLOEXEC); +ATF_TC_BODY(O_CLOEXEC, tc) { - int i; - const char *e; - - printf("1..5\n"); - testnum = 1; - test_one(0); test_one(O_CLOEXEC); +} + +ATF_TC_WITHOUT_HEAD(O_APPEND); +ATF_TC_BODY(O_APPEND, tc) +{ + test_one(O_APPEND); - test_one(O_APPEND | O_CLOEXEC); - test_badflags(); +} + +ATF_TC_WITHOUT_HEAD(O_APPEND__O_CLOEXEC); +ATF_TC_BODY(O_APPEND__O_CLOEXEC, tc) +{ + + test_one(O_APPEND|O_CLOEXEC); +} + +ATF_TC_WITHOUT_HEAD(bad_flags); +ATF_TC_BODY(bad_flags, tc) +{ + + char tmpf[sizeof(template)]; + + memcpy(tmpf, template, sizeof(tmpf)); + ATF_REQUIRE_MSG(mkostemp(tmpf, O_CREAT) == -1, + "mkostemp(O_CREAT) succeeded unexpectedly"); +} + +ATF_TP_ADD_TCS(tp) +{ + + ATF_TP_ADD_TC(tp, zero); + ATF_TP_ADD_TC(tp, O_CLOEXEC); + ATF_TP_ADD_TC(tp, O_APPEND); + ATF_TP_ADD_TC(tp, O_APPEND__O_CLOEXEC); + ATF_TP_ADD_TC(tp, bad_flags); - return (0); + return (atf_no_error()); } diff --git a/tools/regression/lib/libc/stdio/test-open_memstream.c b/lib/libc/tests/stdio/open_memstream_test.c index fdbda30..3c9e3ec 100644 --- a/tools/regression/lib/libc/stdio/test-open_memstream.c +++ b/lib/libc/tests/stdio/open_memstream_test.c @@ -37,6 +37,8 @@ __FBSDID("$FreeBSD$"); #include <string.h> #include <wchar.h> +#include <atf-c.h> + static char *buf; static size_t len; @@ -49,15 +51,14 @@ assert_stream(const char *contents) printf("bad buffer \"%s\" for \"%s\"\n", buf, contents); } -static void -open_group_test(void) +ATF_TC_WITHOUT_HEAD(open_group_test); +ATF_TC_BODY(open_group_test, tc) { FILE *fp; off_t eob; fp = open_memstream(&buf, &len); - if (fp == NULL) - err(1, "failed to open stream"); + ATF_REQUIRE_MSG(fp != NULL, "open_memstream failed"); fprintf(fp, "hello my world"); fflush(fp); @@ -71,8 +72,8 @@ open_group_test(void) free(buf); } -static void -simple_tests(void) +ATF_TC_WITHOUT_HEAD(simple_tests); +ATF_TC_BODY(simple_tests, tc) { static const char zerobuf[] = { 'f', 'o', 'o', 0, 0, 0, 0, 'b', 'a', 'r', 0 }; @@ -80,18 +81,15 @@ simple_tests(void) FILE *fp; fp = open_memstream(&buf, NULL); - if (fp != NULL) - errx(1, "did not fail to open stream"); - else if (errno != EINVAL) - err(1, "incorrect error for bad length pointer"); + ATF_REQUIRE_MSG(fp == NULL, "open_memstream did not fail"); + ATF_REQUIRE_MSG(errno == EINVAL, + "open_memstream didn't fail with EINVAL"); fp = open_memstream(NULL, &len); - if (fp != NULL) - errx(1, "did not fail to open stream"); - else if (errno != EINVAL) - err(1, "incorrect error for bad buffer pointer"); + ATF_REQUIRE_MSG(fp == NULL, "open_memstream did not fail"); + ATF_REQUIRE_MSG(errno == EINVAL, + "open_memstream didn't fail with EINVAL"); fp = open_memstream(&buf, &len); - if (fp == NULL) - err(1, "failed to open stream"); + ATF_REQUIRE_MSG(fp != NULL, "open_memstream failed; errno=%d", errno); fflush(fp); assert_stream(""); if (fwide(fp, 0) >= 0) @@ -150,34 +148,34 @@ simple_tests(void) free(buf); } -static void -seek_tests(void) +ATF_TC_WITHOUT_HEAD(seek_tests); +ATF_TC_BODY(seek_tests, tc) { FILE *fp; fp = open_memstream(&buf, &len); - if (fp == NULL) - err(1, "failed to open stream"); -#define SEEK_FAIL(offset, whence, error) do { \ - errno = 0; \ - if (fseeko(fp, (offset), (whence)) == 0) \ - printf("fseeko(%s, %s) did not fail, set pos to %jd\n", \ - __STRING(offset), __STRING(whence), \ - (intmax_t)ftello(fp)); \ - else if (errno != (error)) \ - printf("fseeko(%s, %s) failed with %d rather than %s\n",\ - __STRING(offset), __STRING(whence), errno, \ - __STRING(error)); \ + ATF_REQUIRE_MSG(fp != NULL, "open_memstream failed: %d", errno); + +#define SEEK_FAIL(offset, whence, error) do { \ + errno = 0; \ + ATF_REQUIRE_MSG(fseeko(fp, (offset), (whence)) != 0, \ + "fseeko(%s, %s) did not fail, set pos to %jd\n", \ + __STRING(offset), __STRING(whence), \ + (intmax_t)ftello(fp)); \ + ATF_REQUIRE_MSG(errno == (error), \ + "fseeko(%s, %s) failed with %d rather than %s\n", \ + __STRING(offset), __STRING(whence), errno, \ + __STRING(error)); \ } while (0) -#define SEEK_OK(offset, whence, result) do { \ - if (fseeko(fp, (offset), (whence)) != 0) \ - printf("fseeko(%s, %s) failed: %s\n", \ - __STRING(offset), __STRING(whence), strerror(errno)); \ - else if (ftello(fp) != (result)) \ - printf("fseeko(%s, %s) seeked to %jd rather than %s\n", \ - __STRING(offset), __STRING(whence), \ - (intmax_t)ftello(fp), __STRING(result)); \ +#define SEEK_OK(offset, whence, result) do { \ + ATF_REQUIRE_MSG(fseeko(fp, (offset), (whence)) == 0, \ + "fseeko(%s, %s) failed: %s", \ + __STRING(offset), __STRING(whence), strerror(errno)); \ + ATF_REQUIRE_MSG(ftello(fp) == (result), \ + "fseeko(%s, %s) seeked to %jd rather than %s\n", \ + __STRING(offset), __STRING(whence), \ + (intmax_t)ftello(fp), __STRING(result)); \ } while (0) SEEK_FAIL(-1, SEEK_SET, EINVAL); @@ -192,12 +190,12 @@ seek_tests(void) fclose(fp); } -int -main(int ac, char **av) +ATF_TP_ADD_TCS(tp) { - open_group_test(); - simple_tests(); - seek_tests(); - return (0); + ATF_TP_ADD_TC(tp, open_group_test); + ATF_TP_ADD_TC(tp, simple_tests); + ATF_TP_ADD_TC(tp, seek_tests); + + return (atf_no_error()); } diff --git a/tools/regression/lib/libc/stdio/test-open_wmemstream.c b/lib/libc/tests/stdio/open_wmemstream_test.c index 2a90fcd..d6ae2ea 100644 --- a/tools/regression/lib/libc/stdio/test-open_wmemstream.c +++ b/lib/libc/tests/stdio/open_wmemstream_test.c @@ -37,6 +37,8 @@ __FBSDID("$FreeBSD$"); #include <string.h> #include <wchar.h> +#include <atf-c.h> + static wchar_t *buf; static size_t len; @@ -49,15 +51,14 @@ assert_stream(const wchar_t *contents) printf("bad buffer \"%ls\" for \"%ls\"\n", buf, contents); } -static void -open_group_test(void) +ATF_TC_WITHOUT_HEAD(open_group_test); +ATF_TC_BODY(open_group_test, tc) { FILE *fp; off_t eob; fp = open_wmemstream(&buf, &len); - if (fp == NULL) - err(1, "failed to open stream"); + ATF_REQUIRE_MSG(fp != NULL, "open_wmemstream failed"); fwprintf(fp, L"hello my world"); fflush(fp); @@ -71,8 +72,8 @@ open_group_test(void) free(buf); } -static void -simple_tests(void) +ATF_TC_WITHOUT_HEAD(simple_tests); +ATF_TC_BODY(simple_tests, tc) { static const wchar_t zerobuf[] = { L'f', L'o', L'o', 0, 0, 0, 0, L'b', L'a', L'r', 0 }; @@ -80,18 +81,15 @@ simple_tests(void) FILE *fp; fp = open_wmemstream(&buf, NULL); - if (fp != NULL) - errx(1, "did not fail to open stream"); - else if (errno != EINVAL) - err(1, "incorrect error for bad length pointer"); + ATF_REQUIRE_MSG(fp == NULL, "open_wmemstream did not fail"); + ATF_REQUIRE_MSG(errno == EINVAL, + "open_wmemstream didn't fail with EINVAL"); fp = open_wmemstream(NULL, &len); - if (fp != NULL) - errx(1, "did not fail to open stream"); - else if (errno != EINVAL) - err(1, "incorrect error for bad buffer pointer"); + ATF_REQUIRE_MSG(fp == NULL, "open_wmemstream did not fail"); + ATF_REQUIRE_MSG(errno == EINVAL, + "open_wmemstream didn't fail with EINVAL"); fp = open_wmemstream(&buf, &len); - if (fp == NULL) - err(1, "failed to open stream"); + ATF_REQUIRE_MSG(fp != NULL, "open_memstream failed; errno=%d", errno); fflush(fp); assert_stream(L""); if (fwide(fp, 0) <= 0) @@ -150,34 +148,34 @@ simple_tests(void) free(buf); } -static void -seek_tests(void) +ATF_TC_WITHOUT_HEAD(seek_tests); +ATF_TC_BODY(seek_tests, tc) { FILE *fp; fp = open_wmemstream(&buf, &len); - if (fp == NULL) - err(1, "failed to open stream"); -#define SEEK_FAIL(offset, whence, error) do { \ - errno = 0; \ - if (fseeko(fp, (offset), (whence)) == 0) \ - printf("fseeko(%s, %s) did not fail, set pos to %jd\n", \ - __STRING(offset), __STRING(whence), \ - (intmax_t)ftello(fp)); \ - else if (errno != (error)) \ - printf("fseeko(%s, %s) failed with %d rather than %s\n",\ - __STRING(offset), __STRING(whence), errno, \ - __STRING(error)); \ + ATF_REQUIRE_MSG(fp != NULL, "open_wmemstream failed; errno=%d", errno); + +#define SEEK_FAIL(offset, whence, error) do { \ + errno = 0; \ + ATF_REQUIRE_MSG(fseeko(fp, (offset), (whence)) != 0, \ + "fseeko(%s, %s) did not fail, set pos to %jd\n", \ + __STRING(offset), __STRING(whence), \ + (intmax_t)ftello(fp)); \ + ATF_REQUIRE_MSG(errno == (error), \ + "fseeko(%s, %s) failed with %d rather than %s\n", \ + __STRING(offset), __STRING(whence), errno, \ + __STRING(error)); \ } while (0) -#define SEEK_OK(offset, whence, result) do { \ - if (fseeko(fp, (offset), (whence)) != 0) \ - printf("fseeko(%s, %s) failed: %s\n", \ - __STRING(offset), __STRING(whence), strerror(errno)); \ - else if (ftello(fp) != (result)) \ - printf("fseeko(%s, %s) seeked to %jd rather than %s\n", \ - __STRING(offset), __STRING(whence), \ - (intmax_t)ftello(fp), __STRING(result)); \ +#define SEEK_OK(offset, whence, result) do { \ + ATF_REQUIRE_MSG(fseeko(fp, (offset), (whence)) == 0, \ + "fseeko(%s, %s) failed: %s", \ + __STRING(offset), __STRING(whence), strerror(errno)); \ + ATF_REQUIRE_MSG(ftello(fp) == (result), \ + "fseeko(%s, %s) seeked to %jd rather than %s\n", \ + __STRING(offset), __STRING(whence), \ + (intmax_t)ftello(fp), __STRING(result)); \ } while (0) SEEK_FAIL(-1, SEEK_SET, EINVAL); @@ -192,12 +190,12 @@ seek_tests(void) fclose(fp); } -int -main(int ac, char **av) +ATF_TP_ADD_TCS(tp) { - open_group_test(); - simple_tests(); - seek_tests(); - return (0); + ATF_TP_ADD_TC(tp, open_group_test); + ATF_TP_ADD_TC(tp, simple_tests); + ATF_TP_ADD_TC(tp, seek_tests); + + return (atf_no_error()); } diff --git a/tools/regression/lib/libc/stdio/test-perror.c b/lib/libc/tests/stdio/perror_test.c index 24aca89..989f1ff 100644 --- a/tools/regression/lib/libc/stdio/test-perror.c +++ b/lib/libc/tests/stdio/perror_test.c @@ -32,7 +32,6 @@ #include <sys/cdefs.h> __FBSDID("$FreeBSD$"); -#include <assert.h> #include <err.h> #include <errno.h> #include <limits.h> @@ -42,28 +41,24 @@ __FBSDID("$FreeBSD$"); #include <string.h> #include <unistd.h> -static void cleanup(void); +#include <atf-c.h> + static char tmpfil[PATH_MAX]; -int -main(int argc, char *argv[]) +ATF_TC_WITHOUT_HEAD(perror_test); +ATF_TC_BODY(perror_test, tc) { char lbuf[512]; int i; char *s; - printf("1..1\n"); - - strcpy(tmpfil, _PATH_TMP "perror.XXXXXXXX"); - if (mkstemp(tmpfil) < 0) - err(1, "mkstemp"); - atexit(cleanup); + strcpy(tmpfil, "perror.XXXXXXXX"); + ATF_REQUIRE(mkstemp(tmpfil) >= 0); /* Reopen stderr on a file descriptor other than 2. */ fclose(stderr); for (i = 0; i < 3; i++) dup(0); - if (freopen(tmpfil, "r+", stderr) == NULL) - err(1, "%s", tmpfil); + ATF_REQUIRE(freopen(tmpfil, "r+", stderr) != NULL); /* * Test that perror() doesn't call strerror() (4.4BSD bug), @@ -71,38 +66,42 @@ main(int argc, char *argv[]) * a program name is specified. */ s = strerror(ENOENT); - assert(strcmp(s, "No such file or directory") == 0); + ATF_REQUIRE_MSG(strcmp(s, "No such file or directory") == 0, + "message obtained was: %s", s); errno = EPERM; perror(NULL); perror(""); - perror("test-perror"); - assert(strcmp(s, "No such file or directory") == 0); + perror("perror_test"); + ATF_REQUIRE_MSG(strcmp(s, "No such file or directory") == 0, + "message obtained was: %s", s); /* * Read it back to check... */ rewind(stderr); s = fgets(lbuf, sizeof(lbuf), stderr); - assert(s != NULL); - assert(strcmp(s, "Operation not permitted\n") == 0); + ATF_REQUIRE(s != NULL); + ATF_REQUIRE_MSG(strcmp(s, "Operation not permitted\n") == 0, + "message obtained was: %s", s); s = fgets(lbuf, sizeof(lbuf), stderr); - assert(s != NULL); - assert(strcmp(s, "Operation not permitted\n") == 0); + ATF_REQUIRE(s != NULL); + ATF_REQUIRE_MSG(strcmp(s, "Operation not permitted\n") == 0, + "message obtained was: %s", s); s = fgets(lbuf, sizeof(lbuf), stderr); - assert(s != NULL); - assert(strcmp(s, "test-perror: Operation not permitted\n") == 0); + ATF_REQUIRE(s != NULL); + ATF_REQUIRE_MSG( + strcmp(s, "perror_test: Operation not permitted\n") == 0, + "message obtained was: %s", s); s = fgets(lbuf, sizeof(lbuf), stderr); - assert(s == NULL); + ATF_REQUIRE(s == NULL); fclose(stderr); - printf("ok 1 - perror()\n"); - - return (0); } -static void -cleanup(void) +ATF_TP_ADD_TCS(tp) { - unlink(tmpfil); + ATF_TP_ADD_TC(tp, perror_test); + + return (atf_no_error()); } diff --git a/tools/regression/lib/libc/stdio/test-print-positional.c b/lib/libc/tests/stdio/print_positional_test.c index 6eeb8f1..1de43a1 100644 --- a/tools/regression/lib/libc/stdio/test-print-positional.c +++ b/lib/libc/tests/stdio/print_positional_test.c @@ -37,6 +37,8 @@ __FBSDID("$FreeBSD$"); #include <string.h> #include <wchar.h> +#include <atf-c.h> + const char correct[] = "|xx 01 02 03 04\n" "|xx 05 06 07 08\n" @@ -53,15 +55,13 @@ const char correct[] = const char correct2[] = "b bs BSD"; +static char buf[1024]; +static wchar_t wbuf1[1024], wbuf2[1024]; +static const char *temp; -int -main(int argc, char *argv[]) +ATF_TC_WITHOUT_HEAD(positional_normal); +ATF_TC_BODY(positional_normal, tc) { - char buf[1024]; - wchar_t wbuf1[1024], wbuf2[1024]; - const char *temp; - - printf("1..4\n"); /* Test positional arguments */ snprintf(buf, sizeof buf, @@ -86,8 +86,13 @@ main(int argc, char *argv[]) "37", "38", "39", "40", "41", "42", "43", "44", 45, -1L, 1LL, -1, 1LL ); - printf("%sok 1 - print-positional normal\n", - strcmp(buf, correct) == 0 ? "" : "not "); + ATF_REQUIRE_MSG(wcscmp(wbuf1, wbuf2) == 0, + "buffers didn't match"); +} + +ATF_TC_WITHOUT_HEAD(positional_wide); +ATF_TC_BODY(positional_wide, tc) +{ swprintf(wbuf1, sizeof wbuf1, L"|xx %1$s %2$s %3$s %4$s\n" @@ -113,20 +118,39 @@ main(int argc, char *argv[]) ); temp = correct; mbsrtowcs(wbuf2, &temp, sizeof wbuf2, NULL); - printf("%sok 2 - print-positional wide\n", - wcscmp(wbuf1, wbuf2) == 0 ? "" : "not "); + ATF_REQUIRE_MSG(wcscmp(wbuf1, wbuf2) == 0, + "buffers didn't match"); +} + +ATF_TC_WITHOUT_HEAD(positional_precision); +ATF_TC_BODY(positional_precision, tc) +{ snprintf(buf, sizeof buf, "%2$.*4$s %2$.*3$s %1$s", "BSD", "bsd", 2, 1); - printf("%sok 3 - print-positional precision\n", - strcmp(buf, correct2) == 0 ? "" : "not "); + ATF_REQUIRE_MSG(strcmp(buf, correct2) == 0, + "buffers didn't match"); +} + +ATF_TC_WITHOUT_HEAD(positional_precision_wide); +ATF_TC_BODY(positional_precision_wide, tc) +{ swprintf(wbuf1, sizeof buf, L"%2$.*4$s %2$.*3$s %1$s", "BSD", "bsd", 2, 1); temp = correct2; mbsrtowcs(wbuf2, &temp, sizeof wbuf2, NULL); - printf("%sok 4 - print-positional precision wide\n", - wcscmp(wbuf1, wbuf2) == 0 ? "" : "not "); + ATF_REQUIRE_MSG(wcscmp(wbuf1, wbuf2) == 0, + "buffers didn't match"); +} + +ATF_TP_ADD_TCS(tp) +{ + + ATF_TP_ADD_TC(tp, positional_normal); + ATF_TP_ADD_TC(tp, positional_wide); + ATF_TP_ADD_TC(tp, positional_precision); + ATF_TP_ADD_TC(tp, positional_precision_wide); - exit(0); + return (atf_no_error()); } diff --git a/tools/regression/lib/libc/stdio/test-printbasic.c b/lib/libc/tests/stdio/printbasic_test.c index 2e143d7..d1fab29 100644 --- a/tools/regression/lib/libc/stdio/test-printbasic.c +++ b/lib/libc/tests/stdio/printbasic_test.c @@ -31,7 +31,6 @@ #include <sys/cdefs.h> __FBSDID("$FreeBSD$"); -#include <assert.h> #include <err.h> #include <limits.h> #include <locale.h> @@ -43,10 +42,7 @@ __FBSDID("$FreeBSD$"); #include <string.h> #include <wchar.h> -#define testfmt(result, fmt, ...) \ - _testfmt((result), __LINE__, #__VA_ARGS__, fmt, __VA_ARGS__) -void _testfmt(const char *, int, const char *, const char *, ...); -void smash_stack(void); +#include <atf-c.h> #define S_UINT64MAX "18446744073709551615" #define S_UINT32MAX "4294967295" @@ -57,22 +53,62 @@ void smash_stack(void); #define S_ULONGMAX (ULONG_MAX == UINT64_MAX ? S_UINT64MAX : S_UINT32MAX) #define S_ULLONGMAX (ULLONG_MAX == UINT64_MAX ? S_UINT64MAX : S_UINT32MAX) -int -main(int argc, char *argv[]) +static void +smash_stack(void) { + static uint32_t junk = 0xdeadbeef; + uint32_t buf[512]; + int i; - printf("1..2\n"); - assert(setlocale(LC_NUMERIC, "C")); + for (i = 0; i < sizeof(buf) / sizeof(buf[0]); i++) + buf[i] = junk; +} + +#define testfmt(result, fmt, ...) \ + _testfmt((result), #__VA_ARGS__, fmt, __VA_ARGS__) +static void +_testfmt(const char *result, const char *argstr, const char *fmt,...) +{ +#define BUF 100 + wchar_t ws[BUF], wfmt[BUF], wresult[BUF]; + char s[BUF]; + va_list ap, ap2; + + va_start(ap, fmt); + va_copy(ap2, ap); + smash_stack(); + vsnprintf(s, sizeof(s), fmt, ap); + if (strcmp(result, s) != 0) { + atf_tc_fail( + "printf(\"%s\", %s) ==> [%s], expected [%s]\n", + fmt, argstr, s, result); + } + + smash_stack(); + mbstowcs(ws, s, BUF - 1); + mbstowcs(wfmt, fmt, BUF - 1); + mbstowcs(wresult, result, BUF - 1); + vswprintf(ws, sizeof(ws) / sizeof(ws[0]), wfmt, ap2); + if (wcscmp(wresult, ws) != 0) { + atf_tc_fail( + "wprintf(\"%ls\", %s) ==> [%ls], expected [%ls]\n", + wfmt, argstr, ws, wresult); + } +} + +ATF_TC_WITHOUT_HEAD(int_within_limits); +ATF_TC_BODY(int_within_limits, tc) +{ + + ATF_REQUIRE(setlocale(LC_NUMERIC, "C")); /* The test requires these to be true. */ - assert(UINTMAX_MAX == UINT64_MAX); - assert(UINT_MAX == UINT32_MAX); - assert(USHRT_MAX == 0xffff); - assert(UCHAR_MAX == 0xff); + ATF_REQUIRE(UINTMAX_MAX == UINT64_MAX); + ATF_REQUIRE(UINT_MAX == UINT32_MAX); + ATF_REQUIRE(USHRT_MAX == 0xffff); + ATF_REQUIRE(UCHAR_MAX == 0xff); - /* - * Make sure we handle signed vs. unsigned args correctly. - */ + /* Make sure we handle signed vs. unsigned args correctly. */ testfmt("-1", "%jd", (intmax_t)-1); testfmt(S_UINT64MAX, "%ju", UINT64_MAX); @@ -96,8 +132,13 @@ main(int argc, char *argv[]) testfmt("-1", "%hhd", -1); testfmt("255", "%hhu", UCHAR_MAX); +} - printf("ok 1 - printbasic signed/unsigned\n"); +ATF_TC_WITHOUT_HEAD(int_limits); +ATF_TC_BODY(int_limits, tc) +{ + + ATF_REQUIRE(setlocale(LC_NUMERIC, "C")); /* * Check that printing the largest negative number does not cause @@ -105,52 +146,13 @@ main(int argc, char *argv[]) */ testfmt(S_INT32MIN, "%d", INT_MIN); testfmt(S_INT64MIN, "%jd", INTMAX_MIN); - - printf("ok 2 - printbasic INT_MIN\n"); - - - return (0); } -void -smash_stack(void) +ATF_TP_ADD_TCS(tp) { - static uint32_t junk = 0xdeadbeef; - uint32_t buf[512]; - int i; - for (i = 0; i < sizeof(buf) / sizeof(buf[0]); i++) - buf[i] = junk; -} + ATF_TP_ADD_TC(tp, int_within_limits); + ATF_TP_ADD_TC(tp, int_limits); -void -_testfmt(const char *result, int line, const char *argstr, const char *fmt,...) -{ -#define BUF 100 - wchar_t ws[BUF], wfmt[BUF], wresult[BUF]; - char s[BUF]; - va_list ap, ap2; - - va_start(ap, fmt); - va_copy(ap2, ap); - smash_stack(); - vsnprintf(s, sizeof(s), fmt, ap); - if (strcmp(result, s) != 0) { - fprintf(stderr, - "%d: printf(\"%s\", %s) ==> [%s], expected [%s]\n", - line, fmt, argstr, s, result); - abort(); - } - - smash_stack(); - mbstowcs(ws, s, BUF - 1); - mbstowcs(wfmt, fmt, BUF - 1); - mbstowcs(wresult, result, BUF - 1); - vswprintf(ws, sizeof(ws) / sizeof(ws[0]), wfmt, ap2); - if (wcscmp(wresult, ws) != 0) { - fprintf(stderr, - "%d: wprintf(\"%ls\", %s) ==> [%ls], expected [%ls]\n", - line, wfmt, argstr, ws, wresult); - abort(); - } + return (atf_no_error()); } diff --git a/tools/regression/lib/libc/stdio/test-printfloat.c b/lib/libc/tests/stdio/printfloat_test.c index 806a85e..a588c6b 100644 --- a/tools/regression/lib/libc/stdio/test-printfloat.c +++ b/lib/libc/tests/stdio/printfloat_test.c @@ -31,7 +31,6 @@ #include <sys/cdefs.h> __FBSDID("$FreeBSD$"); -#include <assert.h> #include <err.h> #include <fenv.h> #include <float.h> @@ -44,21 +43,58 @@ __FBSDID("$FreeBSD$"); #include <string.h> #include <wchar.h> -#define testfmt(result, fmt, ...) \ - _testfmt((result), __LINE__, #__VA_ARGS__, fmt, __VA_ARGS__) -void _testfmt(const char *, int, const char *, const char *, ...); -void smash_stack(void); +#include <atf-c.h> -int -main(int argc, char *argv[]) +static void +smash_stack(void) { + static uint32_t junk = 0xdeadbeef; + uint32_t buf[512]; + int i; - printf("1..11\n"); - assert(setlocale(LC_NUMERIC, "C")); + for (i = 0; i < sizeof(buf) / sizeof(buf[0]); i++) + buf[i] = junk; +} - /* - * Basic tests of decimal output functionality. - */ +#define testfmt(result, fmt, ...) \ + _testfmt((result), #__VA_ARGS__, fmt, __VA_ARGS__) +static void +_testfmt(const char *result, const char *argstr, const char *fmt,...) +{ +#define BUF 100 + wchar_t ws[BUF], wfmt[BUF], wresult[BUF]; + char s[BUF]; + va_list ap, ap2; + + va_start(ap, fmt); + va_copy(ap2, ap); + smash_stack(); + vsnprintf(s, sizeof(s), fmt, ap); + if (strcmp(result, s) != 0) { + atf_tc_fail( + "printf(\"%s\", %s) ==> [%s], expected [%s]\n", + fmt, argstr, s, result); + } + + smash_stack(); + mbstowcs(ws, s, BUF - 1); + mbstowcs(wfmt, fmt, BUF - 1); + mbstowcs(wresult, result, BUF - 1); + vswprintf(ws, sizeof(ws) / sizeof(ws[0]), wfmt, ap2); + if (wcscmp(wresult, ws) != 0) { + atf_tc_fail( + "wprintf(\"%ls\", %s) ==> [%ls], expected [%ls]\n", + wfmt, argstr, ws, wresult); + } +} + +ATF_TC_WITHOUT_HEAD(float_within_limits); +ATF_TC_BODY(float_within_limits, tc) +{ + + ATF_REQUIRE(setlocale(LC_NUMERIC, "C")); + + /* Basic tests of decimal output functionality. */ testfmt(" 1.000000E+00", "%13E", 1.0); testfmt(" 1.000000", "%13f", 1.0); testfmt(" 1", "%13G", 1.0); @@ -82,12 +118,14 @@ main(int argc, char *argv[]) testfmt(" 3.141592653589793238e-4000", "%L27.18Le", 3.14159265358979323846e-4000L); #endif +} + +ATF_TC_WITHOUT_HEAD(infinities_and_nans); +ATF_TC_BODY(infinities_and_nans, tc) +{ - printf("ok 1 - printfloat\n"); + ATF_REQUIRE(setlocale(LC_NUMERIC, "C")); - /* - * Infinities and NaNs - */ testfmt("nan", "%e", NAN); testfmt("NAN", "%F", NAN); testfmt("nan", "%g", NAN); @@ -101,59 +139,69 @@ main(int argc, char *argv[]) testfmt("-inf", "%Lf", -HUGE_VALL); testfmt(" inf", "%05e", HUGE_VAL); testfmt(" -inf", "%05e", -HUGE_VAL); +} - printf("ok 2 - printfloat\n"); +ATF_TC_WITHOUT_HEAD(padding); +ATF_TC_BODY(padding, tc) +{ + + ATF_REQUIRE(setlocale(LC_NUMERIC, "C")); - /* - * Padding - */ testfmt("0.000000e+00", "%e", 0.0); testfmt("0.000000", "%F", (double)0.0); testfmt("0", "%G", 0.0); testfmt(" 0", "%3.0Lg", 0.0L); testfmt(" 0", "%5.0f", 0.001); - printf("ok 3 - printfloat\n"); +} + +ATF_TC_WITHOUT_HEAD(precision_specifiers); +ATF_TC_BODY(precision_specifiers, tc) +{ + + ATF_REQUIRE(setlocale(LC_NUMERIC, "C")); - /* - * Precision specifiers - */ testfmt("1.0123e+00", "%.4e", 1.0123456789); testfmt("1.0123", "%.4f", 1.0123456789); testfmt("1.012", "%.4g", 1.0123456789); testfmt("1.2346e-02", "%.4e", 0.0123456789); testfmt("0.0123", "%.4f", 0.0123456789); testfmt("0.01235", "%.4g", 0.0123456789); - printf("ok 4 - printfloat\n"); +} + +ATF_TC_WITHOUT_HEAD(thousands_separator_and_other_locale_tests); +ATF_TC_BODY(thousands_separator_and_other_locale_tests, tc) +{ + + ATF_REQUIRE(setlocale(LC_NUMERIC, "C")); - /* - * Thousands' separators and other locale fun - */ testfmt("12345678.0625", "%'.04f", 12345678.0625); testfmt("0012345678.0625", "%'015.4F", 12345678.0625); - assert(setlocale(LC_NUMERIC, "hi_IN.ISCII-DEV")); /* grouping == 2;3 */ + ATF_REQUIRE(setlocale(LC_NUMERIC, "hi_IN.ISCII-DEV")); /* grouping == 2;3 */ testfmt("123,456,78.0625", "%'.4f", 12345678.0625); testfmt("00123,456,78.0625", "%'017.4F", 12345678.0625); testfmt(" 90,00", "%'6.0f", 9000.0); testfmt("90,00.0", "%'.1f", 9000.0); - assert(setlocale(LC_NUMERIC, "ru_RU.ISO8859-5")); /* decimalpoint==, */ + ATF_REQUIRE(setlocale(LC_NUMERIC, "ru_RU.ISO8859-5")); /* decimalpoint==, */ testfmt("3,1415", "%g", 3.1415); /* thousands=. decimalpoint=, grouping=3;3 */ - assert(setlocale(LC_NUMERIC, "el_GR.ISO8859-7")); /* decimalpoint==, */ + ATF_REQUIRE(setlocale(LC_NUMERIC, "el_GR.ISO8859-7")); /* decimalpoint==, */ testfmt("1.234,00", "%'.2f", 1234.00); testfmt("123.456,789", "%'.3f", 123456.789); - assert(setlocale(LC_NUMERIC, "C")); + ATF_REQUIRE(setlocale(LC_NUMERIC, "C")); testfmt("12345678.062500", "%'f", 12345678.0625); testfmt("9000.000000", "%'f", 9000.0); +} - printf("ok 5 - printfloat\n"); +ATF_TC_WITHOUT_HEAD(signed_conversions); +ATF_TC_BODY(signed_conversions, tc) +{ + + ATF_REQUIRE(setlocale(LC_NUMERIC, "C")); - /* - * Signed conversions - */ testfmt("+2.500000e-01", "%+e", 0.25); testfmt("+0.000000", "%+F", 0.0); testfmt("-1", "%+g", -1.0); @@ -162,22 +210,27 @@ main(int argc, char *argv[]) testfmt("+1.000000", "% +f", 1.0); testfmt(" 1", "% g", 1.0); testfmt(" 0", "% g", 0.0); +} - printf("ok 6 - printfloat\n"); +ATF_TC_WITHOUT_HEAD(alternate_form); +ATF_TC_BODY(alternate_form, tc) +{ + + ATF_REQUIRE(setlocale(LC_NUMERIC, "C")); - /* - * ``Alternate form'' - */ testfmt("1.250e+00", "%#.3e", 1.25); testfmt("123.000000", "%#f", 123.0); testfmt(" 12345.", "%#7.5g", 12345.0); testfmt(" 1.00000", "%#8g", 1.0); testfmt("0.0", "%#.2g", 0.0); - printf("ok 7 - printfloat\n"); +} + +ATF_TC_WITHOUT_HEAD(padding_and_decimal_point_placement); +ATF_TC_BODY(padding_and_decimal_point_placement, tc) +{ + + ATF_REQUIRE(setlocale(LC_NUMERIC, "C")); - /* - * Padding and decimal point placement - */ testfmt("03.2E+00", "%08.1E", 3.25); testfmt("003.25", "%06.2F", 3.25); testfmt("0003.25", "%07.4G", 3.25); @@ -205,12 +258,14 @@ main(int argc, char *argv[]) testfmt(" 100", "%4.0f", 100.0); testfmt("9.0e+01", "%4.1e", 90.0); testfmt("1e+02", "%4.0e", 100.0); +} - printf("ok 8 - printfloat\n"); +ATF_TC_WITHOUT_HEAD(decimal_rounding); +ATF_TC_BODY(decimal_rounding, tc) +{ + + ATF_REQUIRE(setlocale(LC_NUMERIC, "C")); - /* - * Decimal rounding - */ fesetround(FE_DOWNWARD); testfmt("4.437", "%.3f", 4.4375); testfmt("-4.438", "%.3f", -4.4375); @@ -234,8 +289,13 @@ main(int argc, char *argv[]) testfmt("-4.438", "%.3f", -4.4375); testfmt("4.438", "%.3Lf", 4.4375L); testfmt("-4.438", "%.3Lf", -4.4375L); +} + +ATF_TC_WITHOUT_HEAD(hexadecimal_floating_point); +ATF_TC_BODY(hexadecimal_floating_point, tc) +{ - printf("ok 9 - printfloat\n"); + ATF_REQUIRE(setlocale(LC_NUMERIC, "C")); /* * Hexadecimal floating point (%a, %A) tests. Some of these @@ -270,12 +330,14 @@ main(int argc, char *argv[]) testfmt("0x1p-1074", "%La", 0x1p-1074L); testfmt("0x1.30ecap-1021", "%La", 0x9.8765p-1024L); #endif +} - printf("ok 10 - printfloat\n"); +ATF_TC_WITHOUT_HEAD(hexadecimal_rounding); +ATF_TC_BODY(hexadecimal_rounding, tc) +{ + + ATF_REQUIRE(setlocale(LC_NUMERIC, "C")); - /* - * Hexadecimal rounding - */ fesetround(FE_TOWARDZERO); testfmt("0X1.23456789ABCP+0", "%.11A", 0x1.23456789abcdep0); testfmt("-0x1.23456p+0", "%.5a", -0x1.23456789abcdep0); @@ -307,51 +369,22 @@ main(int argc, char *argv[]) testfmt("0x1.00p-1029", "%.2a", 0x1.fffp-1030); testfmt("0x1.00p-1026", "%.2a", 0xf.fffp-1030); testfmt("0x1.83p+0", "%.2a", 1.51); - - printf("ok 11 - printfloat\n"); - - return (0); -} - -void -smash_stack(void) -{ - static uint32_t junk = 0xdeadbeef; - uint32_t buf[512]; - int i; - - for (i = 0; i < sizeof(buf) / sizeof(buf[0]); i++) - buf[i] = junk; } -void -_testfmt(const char *result, int line, const char *argstr, const char *fmt,...) +ATF_TP_ADD_TCS(tp) { -#define BUF 100 - wchar_t ws[BUF], wfmt[BUF], wresult[BUF]; - char s[BUF]; - va_list ap, ap2; - - va_start(ap, fmt); - va_copy(ap2, ap); - smash_stack(); - vsnprintf(s, sizeof(s), fmt, ap); - if (strcmp(result, s) != 0) { - fprintf(stderr, - "%d: printf(\"%s\", %s) ==> [%s], expected [%s]\n", - line, fmt, argstr, s, result); - abort(); - } - smash_stack(); - mbstowcs(ws, s, BUF - 1); - mbstowcs(wfmt, fmt, BUF - 1); - mbstowcs(wresult, result, BUF - 1); - vswprintf(ws, sizeof(ws) / sizeof(ws[0]), wfmt, ap2); - if (wcscmp(wresult, ws) != 0) { - fprintf(stderr, - "%d: wprintf(\"%ls\", %s) ==> [%ls], expected [%ls]\n", - line, wfmt, argstr, ws, wresult); - abort(); - } + ATF_TP_ADD_TC(tp, float_within_limits); + ATF_TP_ADD_TC(tp, infinities_and_nans); + ATF_TP_ADD_TC(tp, padding); + ATF_TP_ADD_TC(tp, precision_specifiers); + ATF_TP_ADD_TC(tp, thousands_separator_and_other_locale_tests); + ATF_TP_ADD_TC(tp, signed_conversions); + ATF_TP_ADD_TC(tp, alternate_form); + ATF_TP_ADD_TC(tp, padding_and_decimal_point_placement); + ATF_TP_ADD_TC(tp, decimal_rounding); + ATF_TP_ADD_TC(tp, hexadecimal_floating_point); + ATF_TP_ADD_TC(tp, hexadecimal_rounding); + + return (atf_no_error()); } diff --git a/tools/regression/lib/libc/stdio/test-scanfloat.c b/lib/libc/tests/stdio/scanfloat_test.c index 7e1a550..7e27e69 100644 --- a/tools/regression/lib/libc/stdio/test-scanfloat.c +++ b/lib/libc/tests/stdio/scanfloat_test.c @@ -31,7 +31,6 @@ #include <sys/cdefs.h> __FBSDID("$FreeBSD$"); -#include <assert.h> #include <fenv.h> #include <float.h> #include <locale.h> @@ -40,266 +39,278 @@ __FBSDID("$FreeBSD$"); #include <stdlib.h> #include <string.h> +#include <atf-c.h> + #define eq(type, a, b) _eq(type##_EPSILON, (a), (b)) -static int _eq(long double epsilon, long double a, long double b); +static int +_eq(long double epsilon, long double a, long double b) +{ + long double delta; + + delta = fabsl(a - b); + return (delta <= epsilon); +} -int -main(int argc, char *argv[]) +ATF_TC_WITHOUT_HEAD(normalized_numbers); +ATF_TC_BODY(normalized_numbers, tc) { char buf[128]; long double ld = 0.0; double d = 0.0; float f = 0.0; - char *endp; - - printf("1..4\n"); buf[0] = '\0'; - assert(setlocale(LC_NUMERIC, "")); + ATF_REQUIRE(setlocale(LC_NUMERIC, "")); - /* - * Various tests for normalized numbers - */ sscanf("3.141592", "%e", &f); - assert(eq(FLT, f, 3.141592)); + ATF_REQUIRE(eq(FLT, f, 3.141592)); sscanf("3.141592653589793", "%lf", &d); - assert(eq(DBL, d, 3.141592653589793)); + ATF_REQUIRE(eq(DBL, d, 3.141592653589793)); sscanf("1.234568e+06", "%E", &f); - assert(eq(FLT, f, 1.234568e+06)); + ATF_REQUIRE(eq(FLT, f, 1.234568e+06)); sscanf("-1.234568e6", "%lF", &d); - assert(eq(DBL, d, -1.234568e6)); + ATF_REQUIRE(eq(DBL, d, -1.234568e6)); sscanf("+1.234568e-52", "%LG", &ld); - assert(eq(LDBL, ld, 1.234568e-52L)); + ATF_REQUIRE(eq(LDBL, ld, 1.234568e-52L)); sscanf("0.1", "%la", &d); - assert(eq(DBL, d, 0.1)); + ATF_REQUIRE(eq(DBL, d, 0.1)); sscanf("00.2", "%lA", &d); - assert(eq(DBL, d, 0.2)); + ATF_REQUIRE(eq(DBL, d, 0.2)); sscanf("123456", "%5le%s", &d, buf); - assert(eq(DBL, d, 12345.)); - assert(strcmp(buf, "6") == 0); + ATF_REQUIRE(eq(DBL, d, 12345.)); + ATF_REQUIRE(strcmp(buf, "6") == 0); sscanf("1.0Q", "%*5le%s", buf); - assert(strcmp(buf, "Q") == 0); + ATF_REQUIRE(strcmp(buf, "Q") == 0); sscanf("-1.23e", "%e%s", &f, buf); - assert(eq(FLT, f, -1.23)); - assert(strcmp(buf, "e") == 0); + ATF_REQUIRE(eq(FLT, f, -1.23)); + ATF_REQUIRE(strcmp(buf, "e") == 0); sscanf("1.25e+", "%le%s", &d, buf); - assert(eq(DBL, d, 1.25)); - assert(strcmp(buf, "e+") == 0); + ATF_REQUIRE(eq(DBL, d, 1.25)); + ATF_REQUIRE(strcmp(buf, "e+") == 0); sscanf("1.23E4E5", "%le%s", &d, buf); - assert(eq(DBL, d, 1.23e4)); - assert(strcmp(buf, "E5") == 0); + ATF_REQUIRE(eq(DBL, d, 1.23e4)); + ATF_REQUIRE(strcmp(buf, "E5") == 0); sscanf("12e6", "%le", &d); - assert(eq(DBL, d, 12e6)); + ATF_REQUIRE(eq(DBL, d, 12e6)); sscanf("1.a", "%le%s", &d, buf); - assert(eq(DBL, d, 1.0)); - assert(strcmp(buf, "a") == 0); + ATF_REQUIRE(eq(DBL, d, 1.0)); + ATF_REQUIRE(strcmp(buf, "a") == 0); sscanf(".0p4", "%le%s", &d, buf); - assert(eq(DBL, d, 0.0)); - assert(strcmp(buf, "p4") == 0); + ATF_REQUIRE(eq(DBL, d, 0.0)); + ATF_REQUIRE(strcmp(buf, "p4") == 0); d = 0.25; - assert(sscanf(".", "%le", &d) == 0); - assert(d == 0.25); + ATF_REQUIRE(sscanf(".", "%le", &d) == 0); + ATF_REQUIRE(d == 0.25); sscanf("0x08", "%le", &d); - assert(d == 0x8p0); + ATF_REQUIRE(d == 0x8p0); sscanf("0x90a.bcdefP+09a", "%le%s", &d, buf); - assert(d == 0x90a.bcdefp+09); - assert(strcmp(buf, "a") == 0); + ATF_REQUIRE(d == 0x90a.bcdefp+09); + ATF_REQUIRE(strcmp(buf, "a") == 0); #if (LDBL_MANT_DIG > DBL_MANT_DIG) && !defined(__i386__) sscanf("3.14159265358979323846", "%Lg", &ld); - assert(eq(LDBL, ld, 3.14159265358979323846L)); + ATF_REQUIRE(eq(LDBL, ld, 3.14159265358979323846L)); sscanf(" 0X.0123456789abcdefffp-3g", "%Le%s", &ld, buf); - assert(ld == 0x0.0123456789abcdefffp-3L); - assert(strcmp(buf, "g") == 0); + ATF_REQUIRE(ld == 0x0.0123456789abcdefffp-3L); + ATF_REQUIRE(strcmp(buf, "g") == 0); #endif sscanf("0xg", "%le%s", &d, buf); - assert(d == 0.0); - assert(strcmp(buf, "xg") == 0); + ATF_REQUIRE(d == 0.0); + ATF_REQUIRE(strcmp(buf, "xg") == 0); - assert(setlocale(LC_NUMERIC, "ru_RU.ISO8859-5")); /* decimalpoint==, */ + ATF_REQUIRE(setlocale(LC_NUMERIC, "ru_RU.ISO8859-5")); /* decimalpoint==, */ sscanf("1.23", "%le%s", &d, buf); - assert(d == 1.0); - assert(strcmp(buf, ".23") == 0); + ATF_REQUIRE(d == 1.0); + ATF_REQUIRE(strcmp(buf, ".23") == 0); sscanf("1,23", "%le", &d); - assert(d == 1.23); + ATF_REQUIRE(d == 1.23); - assert(setlocale(LC_NUMERIC, "")); + ATF_REQUIRE(setlocale(LC_NUMERIC, "")); +} - printf("ok 1 - scanfloat\n"); +ATF_TC_WITHOUT_HEAD(infinities_and_nans); +ATF_TC_BODY(infinities_and_nans, tc) +{ + char buf[128]; + long double ld = 0.0; + double d = 0.0; + float f = 0.0; + + ATF_REQUIRE(setlocale(LC_NUMERIC, "C")); - /* - * Infinity and NaN tests - */ sscanf("-Inf", "%le", &d); - assert(d < 0.0 && isinf(d)); + ATF_REQUIRE(d < 0.0 && isinf(d)); sscanf("iNfInItY and beyond", "%le%s", &d, buf); - assert(d > 0.0 && isinf(d)); - assert(strcmp(buf, " and beyond")); + ATF_REQUIRE(d > 0.0 && isinf(d)); + ATF_REQUIRE(strcmp(buf, " and beyond")); sscanf("NaN", "%le", &d); - assert(isnan(d)); + ATF_REQUIRE(isnan(d)); sscanf("NAN(123Y", "%le%s", &d, buf); - assert(isnan(d)); - assert(strcmp(buf, "(123Y") == 0); + ATF_REQUIRE(isnan(d)); + ATF_REQUIRE(strcmp(buf, "(123Y") == 0); sscanf("nan(f00f)plugh", "%le%s", &d, buf); - assert(isnan(d)); - assert(strcmp(buf, "plugh") == 0); + ATF_REQUIRE(isnan(d)); + ATF_REQUIRE(strcmp(buf, "plugh") == 0); sscanf("-nan", "%le", &d); - assert(isnan(d)); + ATF_REQUIRE(isnan(d)); /* Only quiet NaNs should be returned. */ sscanf("NaN", "%e", &f); sscanf("nan", "%le", &d); sscanf("nan", "%Le", &ld); feclearexcept(FE_ALL_EXCEPT); - assert(f != f); - assert(d != d); - assert(ld != ld); - assert(fetestexcept(FE_INVALID) == 0); + ATF_REQUIRE(f != f); + ATF_REQUIRE(d != d); + ATF_REQUIRE(ld != ld); + ATF_REQUIRE(fetestexcept(FE_INVALID) == 0); sscanf("nan(1234)", "%e", &f); sscanf("nan(1234)", "%le", &d); sscanf("nan(1234)", "%Le", &ld); feclearexcept(FE_ALL_EXCEPT); - assert(f != f); - assert(d != d); - assert(ld != ld); + ATF_REQUIRE(f != f); + ATF_REQUIRE(d != d); + ATF_REQUIRE(ld != ld); /* POSIX says we should only generate quiet NaNs. */ - assert(fetestexcept(FE_INVALID) == 0); + ATF_REQUIRE(fetestexcept(FE_INVALID) == 0); +} - printf("ok 2 - scanfloat\n"); +ATF_TC_WITHOUT_HEAD(rounding_tests); +ATF_TC_BODY(rounding_tests, tc) +{ + long double ld = 0.0; + double d = 0.0; - /* - * Rounding tests - */ + ATF_REQUIRE(setlocale(LC_NUMERIC, "C")); fesetround(FE_DOWNWARD); sscanf("1.999999999999999999999999999999999", "%le", &d); - assert(d < 2.0); + ATF_REQUIRE(d < 2.0); sscanf("0x1.ffffffffffffffp0", "%le", &d); - assert(d < 2.0); + ATF_REQUIRE(d < 2.0); sscanf("1.999999999999999999999999999999999", "%Le", &ld); - assert(ld < 2.0); + ATF_REQUIRE(ld < 2.0); sscanf("1.0571892669084007", "%le", &d); - assert(d == 0x1.0ea3f4af0dc59p0); + ATF_REQUIRE(d == 0x1.0ea3f4af0dc59p0); sscanf("-1.0571892669084007", "%le", &d); - assert(d == -0x1.0ea3f4af0dc5ap0); + ATF_REQUIRE(d == -0x1.0ea3f4af0dc5ap0); sscanf("1.0571892669084010", "%le", &d); - assert(d == 0x1.0ea3f4af0dc5ap0); + ATF_REQUIRE(d == 0x1.0ea3f4af0dc5ap0); sscanf("0x1.23p-5000", "%le", &d); - assert(d == 0.0); + ATF_REQUIRE(d == 0.0); sscanf("0x1.2345678p-1050", "%le", &d); - assert(d == 0x1.234567p-1050); + ATF_REQUIRE(d == 0x1.234567p-1050); fesetround(FE_UPWARD); sscanf("1.0571892669084007", "%le", &d); - assert(d == 0x1.0ea3f4af0dc5ap0); + ATF_REQUIRE(d == 0x1.0ea3f4af0dc5ap0); sscanf("-1.0571892669084007", "%le", &d); - assert(d == -0x1.0ea3f4af0dc59p0); + ATF_REQUIRE(d == -0x1.0ea3f4af0dc59p0); sscanf("1.0571892669084010", "%le", &d); - assert(d == 0x1.0ea3f4af0dc5bp0); + ATF_REQUIRE(d == 0x1.0ea3f4af0dc5bp0); sscanf("0x1.23p-5000", "%le", &d); - assert(d == 0x1p-1074); + ATF_REQUIRE(d == 0x1p-1074); sscanf("0x1.2345678p-1050", "%le", &d); - assert(d == 0x1.234568p-1050); + ATF_REQUIRE(d == 0x1.234568p-1050); fesetround(FE_TOWARDZERO); sscanf("1.0571892669084007", "%le", &d); - assert(d == 0x1.0ea3f4af0dc59p0); + ATF_REQUIRE(d == 0x1.0ea3f4af0dc59p0); sscanf("-1.0571892669084007", "%le", &d); - assert(d == -0x1.0ea3f4af0dc59p0); + ATF_REQUIRE(d == -0x1.0ea3f4af0dc59p0); sscanf("1.0571892669084010", "%le", &d); - assert(d == 0x1.0ea3f4af0dc5ap0); + ATF_REQUIRE(d == 0x1.0ea3f4af0dc5ap0); sscanf("0x1.23p-5000", "%le", &d); - assert(d == 0.0); + ATF_REQUIRE(d == 0.0); sscanf("0x1.2345678p-1050", "%le", &d); - assert(d == 0x1.234567p-1050); + ATF_REQUIRE(d == 0x1.234567p-1050); fesetround(FE_TONEAREST); /* 1.0571892669084007 is slightly closer to 0x1.0ea3f4af0dc59p0 */ sscanf("1.0571892669084007", "%le", &d); - assert(d == 0x1.0ea3f4af0dc59p0); + ATF_REQUIRE(d == 0x1.0ea3f4af0dc59p0); sscanf("-1.0571892669084007", "%le", &d); - assert(d == -0x1.0ea3f4af0dc59p0); + ATF_REQUIRE(d == -0x1.0ea3f4af0dc59p0); sscanf("1.0571892669084010", "%le", &d); - assert(d == 0x1.0ea3f4af0dc5bp0); + ATF_REQUIRE(d == 0x1.0ea3f4af0dc5bp0); /* strtod() should round small numbers to 0. */ sscanf("0x1.23p-5000", "%le", &d); - assert(d == 0.0); + ATF_REQUIRE(d == 0.0); /* Extra digits in a denormal shouldn't break anything. */ sscanf("0x1.2345678p-1050", "%le", &d); - assert(d == 0x1.234568p-1050); + ATF_REQUIRE(d == 0x1.234568p-1050); +} - printf("ok 3 - scanfloat\n"); +ATF_TC_WITHOUT_HEAD(strtod); +ATF_TC_BODY(strtod, tc) +{ + char *endp; - /* - * Tests specific to strtod(). - */ + ATF_REQUIRE(setlocale(LC_NUMERIC, "C")); - assert(strtod("0xy", &endp) == 0); - assert(strcmp("xy", endp) == 0); + ATF_REQUIRE(strtod("0xy", &endp) == 0); + ATF_REQUIRE(strcmp("xy", endp) == 0); /* This used to cause an infinite loop and round the wrong way. */ fesetround(FE_DOWNWARD); - assert(strtof("3.5e38", &endp) == FLT_MAX); - assert(strtod("2e308", &endp) == DBL_MAX); + ATF_REQUIRE(strtof("3.5e38", &endp) == FLT_MAX); + ATF_REQUIRE(strtod("2e308", &endp) == DBL_MAX); fesetround(FE_UPWARD); - assert(strtof("3.5e38", &endp) == INFINITY); - assert(strtod("2e308", &endp) == INFINITY); + ATF_REQUIRE(strtof("3.5e38", &endp) == INFINITY); + ATF_REQUIRE(strtod("2e308", &endp) == INFINITY); fesetround(FE_TOWARDZERO); - assert(strtof("3.5e38", &endp) == FLT_MAX); - assert(strtod("2e308", &endp) == DBL_MAX); + ATF_REQUIRE(strtof("3.5e38", &endp) == FLT_MAX); + ATF_REQUIRE(strtod("2e308", &endp) == DBL_MAX); fesetround(FE_TONEAREST); - assert(strtof("3.5e38", &endp) == INFINITY); - assert(strtod("2e308", &endp) == INFINITY); - - printf("ok 4 - scanfloat\n"); - - return (0); + ATF_REQUIRE(strtof("3.5e38", &endp) == INFINITY); + ATF_REQUIRE(strtod("2e308", &endp) == INFINITY); } -static int -_eq(long double epsilon, long double a, long double b) +ATF_TP_ADD_TCS(tp) { - long double delta; - delta = fabsl(a - b); - return (delta <= epsilon); + ATF_TP_ADD_TC(tp, normalized_numbers); + ATF_TP_ADD_TC(tp, infinities_and_nans); + ATF_TP_ADD_TC(tp, rounding_tests); + ATF_TP_ADD_TC(tp, strtod); + + return (atf_no_error()); } diff --git a/lib/libcrypt/tests/Makefile b/lib/libcrypt/tests/Makefile index 20993e2..65ebd66 100644 --- a/lib/libcrypt/tests/Makefile +++ b/lib/libcrypt/tests/Makefile @@ -1,13 +1,17 @@ # $FreeBSD$ -# exercise libcrypt +SRCTOP= ${.CURDIR:H:H:H} +OBJTOP= ${.OBJDIR:H:H:H} +TESTSRC= ${SRCTOP}/contrib/netbsd-tests/lib/libcrypt TESTSDIR= ${TESTSBASE}/lib/libcrypt -ATF_TESTS_C= crypt_tests +NETBSD_ATF_TESTS_C+= crypt_test CFLAGS+= -I${.CURDIR:H} DPADD+= ${LIBCRYPT} LDADD+= -lcrypt +.include <netbsd-tests.test.mk> + .include <bsd.test.mk> diff --git a/lib/libiconv_modules/Makefile b/lib/libiconv_modules/Makefile index 1a72136..3af91c7 100644 --- a/lib/libiconv_modules/Makefile +++ b/lib/libiconv_modules/Makefile @@ -5,5 +5,6 @@ SUBDIR= BIG5 DECHanyu EUC EUCTW GBK2K HZ ISO2022 JOHAB MSKanji UES UTF1632 \ UTF7 UTF8 VIQR ZW iconv_none iconv_std mapper_646 mapper_none \ mapper_parallel mapper_serial mapper_std mapper_zone +SUBDIR_PARALLEL= .include <bsd.subdir.mk> diff --git a/lib/libunbound/Makefile b/lib/libunbound/Makefile index 67195ce..8519b77 100644 --- a/lib/libunbound/Makefile +++ b/lib/libunbound/Makefile @@ -5,7 +5,7 @@ LDNSDIR= ${.CURDIR}/../../contrib/ldns UNBOUNDDIR= ${.CURDIR}/../../contrib/unbound # Hold my beer and watch this -.PATH: ${UNBOUNDDIR} ${UNBOUNDDIR}/dns64 ${UNBOUNDDIR}/iterator ${UNBOUNDDIR}/ldns ${UNBOUNDDIR}/libunbound ${UNBOUNDDIR}/services ${UNBOUNDDIR}/services/cache ${UNBOUNDDIR}/util ${UNBOUNDDIR}/util/data ${UNBOUNDDIR}/util/storage ${UNBOUNDDIR}/validator +.PATH: ${UNBOUNDDIR} ${UNBOUNDDIR}/compat ${UNBOUNDDIR}/dns64 ${UNBOUNDDIR}/iterator ${UNBOUNDDIR}/sldns ${UNBOUNDDIR}/libunbound ${UNBOUNDDIR}/services ${UNBOUNDDIR}/services/cache ${UNBOUNDDIR}/util ${UNBOUNDDIR}/util/data ${UNBOUNDDIR}/util/storage ${UNBOUNDDIR}/validator LIB= unbound PRIVATELIB= @@ -20,10 +20,10 @@ SRCS= alloc.c autotrust.c config_file.c configlexer.l configparser.y \ lookup3.c lruhash.c mesh.c mini_event.c modstack.c module.c \ msgencode.c msgparse.c msgreply.c net_help.c netevent.c \ outbound_list.c outside_network.c packed_rrset.c parse.c \ - parseutil.c random.c rbtree.c regional.c rrdef.c rrset.c rtt.c \ - sbuffer.c slabhash.c str2wire.c timehist.c tube.c val_anchor.c \ - val_kcache.c val_kentry.c val_neg.c val_nsec.c val_nsec3.c \ - val_secalgo.c val_sigcrypt.c val_utils.c validator.c \ + parseutil.c random.c rbtree.c reallocarray.c regional.c rrdef.c \ + rrset.c rtt.c sbuffer.c slabhash.c str2wire.c timehist.c tube.c \ + val_anchor.c val_kcache.c val_kentry.c val_neg.c val_nsec.c \ + val_nsec3.c val_secalgo.c val_sigcrypt.c val_utils.c validator.c \ winsock_event.c wire2str.c WARNS?= 3 diff --git a/lib/libwrap/Makefile b/lib/libwrap/Makefile index 2ae6821..0e3490c 100644 --- a/lib/libwrap/Makefile +++ b/lib/libwrap/Makefile @@ -17,7 +17,7 @@ MLINKS= hosts_access.3 hosts_ctl.3 \ .PATH: ${.CURDIR}/../../contrib/tcp_wrappers CFLAGS+=-DFACILITY=LOG_AUTH -DHOSTS_ACCESS -DNETGROUP -DDAEMON_UMASK=022 \ - -DREAL_DAEMON_DIR=\"/usr/libexec\" -DPROCESS_OPTIONS \ + -DREAL_DAEMON_DIR=\"${LIBEXECDIR}\" -DPROCESS_OPTIONS \ -DSEVERITY=LOG_INFO -DRFC931_TIMEOUT=10 \ -DHOSTS_DENY=\"/etc/hosts.deny\" -DHOSTS_ALLOW=\"/etc/hosts.allow\" \ -DSYS_ERRLIST_DEFINED -DALWAYS_HOSTNAME -DUSE_STRSEP -DPROCESS_OPTIONS diff --git a/lib/msun/Makefile b/lib/msun/Makefile index f34255f..f22f5dc 100644 --- a/lib/msun/Makefile +++ b/lib/msun/Makefile @@ -35,6 +35,8 @@ CFLAGS+= -I${.CURDIR}/ld80 CFLAGS+= -I${.CURDIR}/ld128 .endif +CFLAGS+= -I${.CURDIR}/${ARCH_SUBDIR} + .PATH: ${.CURDIR}/bsdsrc .PATH: ${.CURDIR}/src .PATH: ${.CURDIR}/man diff --git a/libexec/hyperv/Makefile b/libexec/hyperv/Makefile index 37abdf5..cea28f4 100644 --- a/libexec/hyperv/Makefile +++ b/libexec/hyperv/Makefile @@ -2,7 +2,7 @@ .PATH: ${.CURDIR}/../../contrib/hyperv/tools/scripts -BINDIR= /usr/libexec/hyperv +BINDIR= ${LIBEXECDIR}/hyperv SCRIPTS= hv_set_ifconfig hv_get_dns_info hv_get_dhcp_info NO_OBJ= diff --git a/libexec/rtld-elf/Makefile b/libexec/rtld-elf/Makefile index 8359d36..a6ab013 100644 --- a/libexec/rtld-elf/Makefile +++ b/libexec/rtld-elf/Makefile @@ -32,7 +32,7 @@ WARNS?= 2 INSTALLFLAGS= -C -b PRECIOUSPROG= BINDIR= /libexec -SYMLINKS= ${BINDIR}/${PROG} /usr/libexec/${PROG} +SYMLINKS= ${BINDIR}/${PROG} ${LIBEXECDIR}/${PROG} MLINKS= rtld.1 ld-elf.so.1.1 \ rtld.1 ld.so.1 diff --git a/libexec/tcpd/Makefile b/libexec/tcpd/Makefile index e707a4e..a2d1cbe 100644 --- a/libexec/tcpd/Makefile +++ b/libexec/tcpd/Makefile @@ -7,7 +7,7 @@ PROG= tcpd MAN= tcpd.8 CSTD?= c89 -CFLAGS+=-DREAL_DAEMON_DIR=\"/usr/libexec\" \ +CFLAGS+=-DREAL_DAEMON_DIR=\"${LIBEXECDIR}\" \ -DSEVERITY=LOG_INFO -DRFC931_TIMEOUT=10 \ -DHOSTS_DENY=\"/etc/hosts.deny\" -DHOSTS_ALLOW=\"/etc/hosts.allow\" \ -DFACILITY=LOG_DAEMON diff --git a/release/doc/share/xml/security.xml b/release/doc/share/xml/security.xml index e83dfb0..660e434 100644 --- a/release/doc/share/xml/security.xml +++ b/release/doc/share/xml/security.xml @@ -46,6 +46,13 @@ <entry>26 October 2015</entry> <entry><para>Multiple vulnerabilities</para></entry> </row> + + <row> + <entry><link + xlink:href="&security.url;/FreeBSD-SA-15:26.openssl.asc">FreeBSD-SA-15:26.openssl</link></entry> + <entry>5 December 2015</entry> + <entry><para>Multiple vulnerabilities</para></entry> + </row> </tbody> </tgroup> </informaltable> diff --git a/rescue/rescue/Makefile b/rescue/rescue/Makefile index a72e69f..9b99141 100644 --- a/rescue/rescue/Makefile +++ b/rescue/rescue/Makefile @@ -224,5 +224,10 @@ CRUNCH_ALIAS_chown= chgrp ################################################################## CRUNCH_LIBS+= -lm +.if ${MK_ISCSI} != "no" +CRUNCH_PROGS_usr.bin+= iscsictl +CRUNCH_PROGS_usr.sbin+= iscsid +.endif + .include <bsd.crunchgen.mk> .include <bsd.prog.mk> diff --git a/sbin/atm/atmconfig/Makefile b/sbin/atm/atmconfig/Makefile index be1adda..5d5b534 100644 --- a/sbin/atm/atmconfig/Makefile +++ b/sbin/atm/atmconfig/Makefile @@ -10,7 +10,7 @@ PROG= atmconfig SRCS= main.c diag.c natm.c MAN= atmconfig.8 -# CFLAGS+= -DPATH_HELP='".:/usr/share/doc/atm:/usr/local/share/doc/atm"' +# CFLAGS+= -DPATH_HELP='".:${SHAREDIR}/doc/atm:/usr/local/share/doc/atm"' CFLAGS+= -I${.OBJDIR} @@ -33,7 +33,7 @@ WARNS?= 3 .endif FILES= atmconfig.help atmconfig_device.help -FILESDIR= /usr/share/doc/atm +FILESDIR= ${SHAREDIR}/doc/atm SNMP_ATM_DEF= ${.CURDIR}/../../../contrib/ngatm/snmp_atm/atm_tree.def \ ${.CURDIR}/../../../usr.sbin/bsnmpd/modules/snmp_atm/atm_freebsd.def diff --git a/sbin/ipf/ipf/Makefile b/sbin/ipf/ipf/Makefile index c3938c6..cc604a3 100644 --- a/sbin/ipf/ipf/Makefile +++ b/sbin/ipf/ipf/Makefile @@ -7,8 +7,6 @@ MLINKS= ipf.5 ipf.conf.5 ipf.5 ipf6.conf.5 CFLAGS+= -I. -DIPFILTER_BPF -DHAS_SYS_MD5_H GENHDRS= ipf_l.h ipf_y.h -DPSRCS+= ${GENHDRS} - CLEANFILES+= ${GENHDRS} ipf_y.c ipf_l.c ipf_y.c: ipf_y.y diff --git a/sbin/ipf/ipftest/Makefile b/sbin/ipf/ipftest/Makefile index 7d8260a..a74599f 100644 --- a/sbin/ipf/ipftest/Makefile +++ b/sbin/ipf/ipftest/Makefile @@ -22,7 +22,6 @@ CFLAGS+= -DIPFILTER_LOG -DIPFILTER_COMPILED -DIPFILTER_LOOKUP \ .PATH: ${.CURDIR}/../../../sys/contrib/ipfilter/netinet GENHDRS= ipnat_l.h ipnat_y.h ippool_l.h ippool_y.h ipf_l.h ipf_y.h -DPSRCS+= ${GENHDRS} CLEANFILES+= ${GENHDRS} CLEANFILES+= ipf_y.c ipf_l.c diff --git a/sbin/ipf/ipmon/Makefile b/sbin/ipf/ipmon/Makefile index 3639f87..031f929 100644 --- a/sbin/ipf/ipmon/Makefile +++ b/sbin/ipf/ipmon/Makefile @@ -7,8 +7,6 @@ MAN= ipmon.8 CFLAGS+= -DLOGFAC=LOG_LOCAL0 -I. GENHDRS+= ipmon_l.h ipmon_y.h -DPSRCS+= ${GENHDRS} - CLEANFILES+= ${GENHDRS} ipmon_y.c ipmon_l.c ipmon_y.c: ipmon_y.y diff --git a/sbin/ipf/ipnat/Makefile b/sbin/ipf/ipnat/Makefile index 1c017e1..74be486 100644 --- a/sbin/ipf/ipnat/Makefile +++ b/sbin/ipf/ipnat/Makefile @@ -7,8 +7,6 @@ MLINKS= ipnat.5 ipnat.conf.5 CFLAGS+= -I. GENHDRS= ipnat_l.h ipnat_y.h -DPSRCS+= ${GENHDRS} - CLEANFILES+= ${GENHDRS} ipnat_y.c ipnat_l.c ipnat_y.c: ipnat_y.y diff --git a/sbin/ipf/ippool/Makefile b/sbin/ipf/ippool/Makefile index 6e3f85d..eedebef 100644 --- a/sbin/ipf/ippool/Makefile +++ b/sbin/ipf/ippool/Makefile @@ -6,8 +6,6 @@ MAN= ippool.5 ippool.8 CFLAGS+= -I. GENHDRS= ippool_l.h ippool_y.h -DPSRCS+= ${GENHDRS} - CLEANFILES+= ${GENHDRS} ippool_y.c ippool_l.c ippool_y.c: ippool_y.y diff --git a/secure/Makefile b/secure/Makefile index 21b05f2..0794db6 100644 --- a/secure/Makefile +++ b/secure/Makefile @@ -2,7 +2,9 @@ .include <bsd.own.mk> -SUBDIR= lib libexec ${_tests} usr.bin usr.sbin +SUBDIR= lib .WAIT \ + libexec ${_tests} usr.bin usr.sbin +SUBDIR_PARALLEL= .if ${MK_TESTS} != "no" _tests= tests @@ -17,7 +19,7 @@ SPROGS+=usr.sbin/sendmail .endif # This target is used to rebuild these programs with crypto. -secure: +secure: .MAKE .PHONY .for entry in ${SPROGS} cd ${.CURDIR}/../${entry}; \ ${MAKE} cleandir; \ @@ -28,7 +30,7 @@ secure: .endfor # This target is used to rebuild these programs without crypto. -insecure: +insecure: .MAKE .PHONY .for entry in ${SPROGS} cd ${.CURDIR}/../${entry}; \ ${MAKE} -DWITHOUT_CRYPT cleandir; \ diff --git a/secure/lib/libcrypto/Makefile.inc b/secure/lib/libcrypto/Makefile.inc index 29d563f..9a6b2f8 100644 --- a/secure/lib/libcrypto/Makefile.inc +++ b/secure/lib/libcrypto/Makefile.inc @@ -3,8 +3,8 @@ .include <bsd.own.mk> # OpenSSL version used for manual page generation -OPENSSL_VER= 1.0.1p -OPENSSL_DATE= 2015-07-09 +OPENSSL_VER= 1.0.1q +OPENSSL_DATE= 2015-12-03 LCRYPTO_SRC= ${.CURDIR}/../../../crypto/openssl LCRYPTO_DOC= ${.CURDIR}/../../../crypto/openssl/doc diff --git a/secure/lib/libcrypto/Makefile.man b/secure/lib/libcrypto/Makefile.man index 11c2cc9..74576a6 100644 --- a/secure/lib/libcrypto/Makefile.man +++ b/secure/lib/libcrypto/Makefile.man @@ -584,6 +584,7 @@ MLINKS+= EVP_PKEY_verify.3 EVP_PKEY_verify_init.3 MLINKS+= EVP_PKEY_verify_recover.3 EVP_PKEY_verify_recover_init.3 MLINKS+= EVP_SealInit.3 EVP_SealUpdate.3 MLINKS+= EVP_SealInit.3 EVP_SealFinal.3 +MLINKS+= EVP_SignInit.3 EVP_SignInit_ex.3 MLINKS+= EVP_SignInit.3 EVP_SignUpdate.3 MLINKS+= EVP_SignInit.3 EVP_SignFinal.3 MLINKS+= EVP_VerifyInit.3 EVP_VerifyUpdate.3 @@ -729,9 +730,14 @@ MLINKS+= bn_internal.3 bn_set_max.3 MLINKS+= bn_internal.3 bn_set_high.3 MLINKS+= bn_internal.3 bn_set_low.3 MLINKS+= buffer.3 BUF_MEM_new.3 +MLINKS+= buffer.3 BUF_MEM_new_ex.3 MLINKS+= buffer.3 BUF_MEM_free.3 MLINKS+= buffer.3 BUF_MEM_grow.3 MLINKS+= buffer.3 BUF_strdup.3 +MLINKS+= buffer.3 BUF_strndup.3 +MLINKS+= buffer.3 BUF_memdup.3 +MLINKS+= buffer.3 BUF_strlcpy.3 +MLINKS+= buffer.3 BUF_strlcat.3 MLINKS+= d2i_ASN1_OBJECT.3 i2d_ASN1_OBJECT.3 MLINKS+= d2i_CMS_ContentInfo.3 i2d_CMS_ContentInfo.3 MLINKS+= d2i_DHparams.3 i2d_DHparams.3 diff --git a/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 b/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 index 927b28b..7aa4a60 100644 --- a/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 +++ b/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_OBJECT_new 3" -.TH ASN1_OBJECT_new 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH ASN1_OBJECT_new 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ASN1_STRING_length.3 b/secure/lib/libcrypto/man/ASN1_STRING_length.3 index dd9bc74..c077ea6 100644 --- a/secure/lib/libcrypto/man/ASN1_STRING_length.3 +++ b/secure/lib/libcrypto/man/ASN1_STRING_length.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_STRING_length 3" -.TH ASN1_STRING_length 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH ASN1_STRING_length 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ASN1_STRING_new.3 b/secure/lib/libcrypto/man/ASN1_STRING_new.3 index 52203a3..61c8421 100644 --- a/secure/lib/libcrypto/man/ASN1_STRING_new.3 +++ b/secure/lib/libcrypto/man/ASN1_STRING_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_STRING_new 3" -.TH ASN1_STRING_new 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH ASN1_STRING_new 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 b/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 index b5e0c23..370c739 100644 --- a/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 +++ b/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_STRING_print_ex 3" -.TH ASN1_STRING_print_ex 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH ASN1_STRING_print_ex 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ASN1_generate_nconf.3 b/secure/lib/libcrypto/man/ASN1_generate_nconf.3 index af892e2..e317beb 100644 --- a/secure/lib/libcrypto/man/ASN1_generate_nconf.3 +++ b/secure/lib/libcrypto/man/ASN1_generate_nconf.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_generate_nconf 3" -.TH ASN1_generate_nconf 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH ASN1_generate_nconf 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_ctrl.3 b/secure/lib/libcrypto/man/BIO_ctrl.3 index b191ed2..3fc4daf 100644 --- a/secure/lib/libcrypto/man/BIO_ctrl.3 +++ b/secure/lib/libcrypto/man/BIO_ctrl.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_ctrl 3" -.TH BIO_ctrl 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH BIO_ctrl 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_f_base64.3 b/secure/lib/libcrypto/man/BIO_f_base64.3 index db4a753..38336d1 100644 --- a/secure/lib/libcrypto/man/BIO_f_base64.3 +++ b/secure/lib/libcrypto/man/BIO_f_base64.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_f_base64 3" -.TH BIO_f_base64 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH BIO_f_base64 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_f_buffer.3 b/secure/lib/libcrypto/man/BIO_f_buffer.3 index 8a7e7a2..dc373cd 100644 --- a/secure/lib/libcrypto/man/BIO_f_buffer.3 +++ b/secure/lib/libcrypto/man/BIO_f_buffer.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_f_buffer 3" -.TH BIO_f_buffer 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH BIO_f_buffer 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_f_cipher.3 b/secure/lib/libcrypto/man/BIO_f_cipher.3 index f751a5c..2f6c4bd 100644 --- a/secure/lib/libcrypto/man/BIO_f_cipher.3 +++ b/secure/lib/libcrypto/man/BIO_f_cipher.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_f_cipher 3" -.TH BIO_f_cipher 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH BIO_f_cipher 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_f_md.3 b/secure/lib/libcrypto/man/BIO_f_md.3 index 0217508..c209788 100644 --- a/secure/lib/libcrypto/man/BIO_f_md.3 +++ b/secure/lib/libcrypto/man/BIO_f_md.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_f_md 3" -.TH BIO_f_md 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH BIO_f_md 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_f_null.3 b/secure/lib/libcrypto/man/BIO_f_null.3 index 9b4f647..4eaac47 100644 --- a/secure/lib/libcrypto/man/BIO_f_null.3 +++ b/secure/lib/libcrypto/man/BIO_f_null.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_f_null 3" -.TH BIO_f_null 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH BIO_f_null 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_f_ssl.3 b/secure/lib/libcrypto/man/BIO_f_ssl.3 index 8ccb59a..866a3a6 100644 --- a/secure/lib/libcrypto/man/BIO_f_ssl.3 +++ b/secure/lib/libcrypto/man/BIO_f_ssl.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_f_ssl 3" -.TH BIO_f_ssl 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH BIO_f_ssl 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_find_type.3 b/secure/lib/libcrypto/man/BIO_find_type.3 index 3fdfa1e..bcfa4eb 100644 --- a/secure/lib/libcrypto/man/BIO_find_type.3 +++ b/secure/lib/libcrypto/man/BIO_find_type.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_find_type 3" -.TH BIO_find_type 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH BIO_find_type 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_new.3 b/secure/lib/libcrypto/man/BIO_new.3 index b51eb3c..1100964 100644 --- a/secure/lib/libcrypto/man/BIO_new.3 +++ b/secure/lib/libcrypto/man/BIO_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_new 3" -.TH BIO_new 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH BIO_new 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_new_CMS.3 b/secure/lib/libcrypto/man/BIO_new_CMS.3 index 87fb129..23e0141 100644 --- a/secure/lib/libcrypto/man/BIO_new_CMS.3 +++ b/secure/lib/libcrypto/man/BIO_new_CMS.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_new_CMS 3" -.TH BIO_new_CMS 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH BIO_new_CMS 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_push.3 b/secure/lib/libcrypto/man/BIO_push.3 index 3a45766..0626175 100644 --- a/secure/lib/libcrypto/man/BIO_push.3 +++ b/secure/lib/libcrypto/man/BIO_push.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_push 3" -.TH BIO_push 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH BIO_push 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_read.3 b/secure/lib/libcrypto/man/BIO_read.3 index 495d84e..ff25e24 100644 --- a/secure/lib/libcrypto/man/BIO_read.3 +++ b/secure/lib/libcrypto/man/BIO_read.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_read 3" -.TH BIO_read 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH BIO_read 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,9 +146,9 @@ BIO_read, BIO_write, BIO_gets, BIO_puts \- BIO I/O functions \& #include <openssl/bio.h> \& \& int BIO_read(BIO *b, void *buf, int len); -\& int BIO_gets(BIO *b,char *buf, int size); +\& int BIO_gets(BIO *b, char *buf, int size); \& int BIO_write(BIO *b, const void *buf, int len); -\& int BIO_puts(BIO *b,const char *buf); +\& int BIO_puts(BIO *b, const char *buf); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -163,7 +163,7 @@ return the digest and other BIOs may not support \fIBIO_gets()\fR at all. .PP \&\fIBIO_write()\fR attempts to write \fBlen\fR bytes from \fBbuf\fR to \s-1BIO \s0\fBb\fR. .PP -\&\fIBIO_puts()\fR attempts to write a null terminated string \fBbuf\fR to \s-1BIO \s0\fBb\fR +\&\fIBIO_puts()\fR attempts to write a null terminated string \fBbuf\fR to \s-1BIO \s0\fBb\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" All these functions return either the amount of data successfully read or diff --git a/secure/lib/libcrypto/man/BIO_s_accept.3 b/secure/lib/libcrypto/man/BIO_s_accept.3 index eddc678..e24e8b2 100644 --- a/secure/lib/libcrypto/man/BIO_s_accept.3 +++ b/secure/lib/libcrypto/man/BIO_s_accept.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_accept 3" -.TH BIO_s_accept 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH BIO_s_accept 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_s_bio.3 b/secure/lib/libcrypto/man/BIO_s_bio.3 index 98692ac..034a82a 100644 --- a/secure/lib/libcrypto/man/BIO_s_bio.3 +++ b/secure/lib/libcrypto/man/BIO_s_bio.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_bio 3" -.TH BIO_s_bio 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH BIO_s_bio 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_s_connect.3 b/secure/lib/libcrypto/man/BIO_s_connect.3 index e3482df..7113cea 100644 --- a/secure/lib/libcrypto/man/BIO_s_connect.3 +++ b/secure/lib/libcrypto/man/BIO_s_connect.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_connect 3" -.TH BIO_s_connect 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH BIO_s_connect 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_s_fd.3 b/secure/lib/libcrypto/man/BIO_s_fd.3 index 06a20a8..fd95c7d 100644 --- a/secure/lib/libcrypto/man/BIO_s_fd.3 +++ b/secure/lib/libcrypto/man/BIO_s_fd.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_fd 3" -.TH BIO_s_fd 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH BIO_s_fd 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_s_file.3 b/secure/lib/libcrypto/man/BIO_s_file.3 index b14c86f..5706946 100644 --- a/secure/lib/libcrypto/man/BIO_s_file.3 +++ b/secure/lib/libcrypto/man/BIO_s_file.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_file 3" -.TH BIO_s_file 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH BIO_s_file 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_s_mem.3 b/secure/lib/libcrypto/man/BIO_s_mem.3 index ec74f15..845dafb 100644 --- a/secure/lib/libcrypto/man/BIO_s_mem.3 +++ b/secure/lib/libcrypto/man/BIO_s_mem.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_mem 3" -.TH BIO_s_mem 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH BIO_s_mem 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_s_null.3 b/secure/lib/libcrypto/man/BIO_s_null.3 index 077723e..c98c0d0 100644 --- a/secure/lib/libcrypto/man/BIO_s_null.3 +++ b/secure/lib/libcrypto/man/BIO_s_null.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_null 3" -.TH BIO_s_null 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH BIO_s_null 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_s_socket.3 b/secure/lib/libcrypto/man/BIO_s_socket.3 index 0afadac..6357401 100644 --- a/secure/lib/libcrypto/man/BIO_s_socket.3 +++ b/secure/lib/libcrypto/man/BIO_s_socket.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_socket 3" -.TH BIO_s_socket 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH BIO_s_socket 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_set_callback.3 b/secure/lib/libcrypto/man/BIO_set_callback.3 index b355f65..da1a849 100644 --- a/secure/lib/libcrypto/man/BIO_set_callback.3 +++ b/secure/lib/libcrypto/man/BIO_set_callback.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_set_callback 3" -.TH BIO_set_callback 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH BIO_set_callback 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_should_retry.3 b/secure/lib/libcrypto/man/BIO_should_retry.3 index 980952a..807a72a 100644 --- a/secure/lib/libcrypto/man/BIO_should_retry.3 +++ b/secure/lib/libcrypto/man/BIO_should_retry.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_should_retry 3" -.TH BIO_should_retry 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH BIO_should_retry 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_BLINDING_new.3 b/secure/lib/libcrypto/man/BN_BLINDING_new.3 index 3266d01..88c2706 100644 --- a/secure/lib/libcrypto/man/BN_BLINDING_new.3 +++ b/secure/lib/libcrypto/man/BN_BLINDING_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_BLINDING_new 3" -.TH BN_BLINDING_new 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH BN_BLINDING_new 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_CTX_new.3 b/secure/lib/libcrypto/man/BN_CTX_new.3 index 340197f..fde570a 100644 --- a/secure/lib/libcrypto/man/BN_CTX_new.3 +++ b/secure/lib/libcrypto/man/BN_CTX_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_CTX_new 3" -.TH BN_CTX_new 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH BN_CTX_new 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_CTX_start.3 b/secure/lib/libcrypto/man/BN_CTX_start.3 index 60f0c50..5791ef3 100644 --- a/secure/lib/libcrypto/man/BN_CTX_start.3 +++ b/secure/lib/libcrypto/man/BN_CTX_start.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_CTX_start 3" -.TH BN_CTX_start 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH BN_CTX_start 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_add.3 b/secure/lib/libcrypto/man/BN_add.3 index 5689dc6..0d65ec4 100644 --- a/secure/lib/libcrypto/man/BN_add.3 +++ b/secure/lib/libcrypto/man/BN_add.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_add 3" -.TH BN_add 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH BN_add 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_add_word.3 b/secure/lib/libcrypto/man/BN_add_word.3 index f42d70e..19679aa 100644 --- a/secure/lib/libcrypto/man/BN_add_word.3 +++ b/secure/lib/libcrypto/man/BN_add_word.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_add_word 3" -.TH BN_add_word 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH BN_add_word 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_bn2bin.3 b/secure/lib/libcrypto/man/BN_bn2bin.3 index 3f7f574..25c92a3 100644 --- a/secure/lib/libcrypto/man/BN_bn2bin.3 +++ b/secure/lib/libcrypto/man/BN_bn2bin.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_bn2bin 3" -.TH BN_bn2bin 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH BN_bn2bin 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_cmp.3 b/secure/lib/libcrypto/man/BN_cmp.3 index 57d3ae9..04cb060 100644 --- a/secure/lib/libcrypto/man/BN_cmp.3 +++ b/secure/lib/libcrypto/man/BN_cmp.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_cmp 3" -.TH BN_cmp 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH BN_cmp 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_copy.3 b/secure/lib/libcrypto/man/BN_copy.3 index a671762..939179f 100644 --- a/secure/lib/libcrypto/man/BN_copy.3 +++ b/secure/lib/libcrypto/man/BN_copy.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_copy 3" -.TH BN_copy 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH BN_copy 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_generate_prime.3 b/secure/lib/libcrypto/man/BN_generate_prime.3 index dd69285..8602103 100644 --- a/secure/lib/libcrypto/man/BN_generate_prime.3 +++ b/secure/lib/libcrypto/man/BN_generate_prime.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_generate_prime 3" -.TH BN_generate_prime 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH BN_generate_prime 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_mod_inverse.3 b/secure/lib/libcrypto/man/BN_mod_inverse.3 index 47e4a73..11bf369 100644 --- a/secure/lib/libcrypto/man/BN_mod_inverse.3 +++ b/secure/lib/libcrypto/man/BN_mod_inverse.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_mod_inverse 3" -.TH BN_mod_inverse 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH BN_mod_inverse 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 b/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 index 5319570..6220893 100644 --- a/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 +++ b/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_mod_mul_montgomery 3" -.TH BN_mod_mul_montgomery 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH BN_mod_mul_montgomery 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 b/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 index 1589115..b39d0f8 100644 --- a/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 +++ b/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_mod_mul_reciprocal 3" -.TH BN_mod_mul_reciprocal 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH BN_mod_mul_reciprocal 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_new.3 b/secure/lib/libcrypto/man/BN_new.3 index b150cda..3babb59 100644 --- a/secure/lib/libcrypto/man/BN_new.3 +++ b/secure/lib/libcrypto/man/BN_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_new 3" -.TH BN_new 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH BN_new 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_num_bytes.3 b/secure/lib/libcrypto/man/BN_num_bytes.3 index ce7487a..c6f2079 100644 --- a/secure/lib/libcrypto/man/BN_num_bytes.3 +++ b/secure/lib/libcrypto/man/BN_num_bytes.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_num_bytes 3" -.TH BN_num_bytes 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH BN_num_bytes 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_rand.3 b/secure/lib/libcrypto/man/BN_rand.3 index 8297eac..680cbfc 100644 --- a/secure/lib/libcrypto/man/BN_rand.3 +++ b/secure/lib/libcrypto/man/BN_rand.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_rand 3" -.TH BN_rand 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH BN_rand 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -156,7 +156,7 @@ BN_rand, BN_pseudo_rand \- generate pseudo\-random number .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fIBN_rand()\fR generates a cryptographically strong pseudo-random number of -\&\fBbits\fR bits in length and stores it in \fBrnd\fR. If \fBtop\fR is \-1, the +\&\fBbits\fR in length and stores it in \fBrnd\fR. If \fBtop\fR is \-1, the most significant bit of the random number can be zero. If \fBtop\fR is 0, it is set to 1, and if \fBtop\fR is 1, the two most significant bits of the number will be set to 1, so that the product of two such random @@ -170,7 +170,7 @@ non-cryptographic purposes and for certain purposes in cryptographic protocols, but usually not for key generation etc. .PP \&\fIBN_rand_range()\fR generates a cryptographically strong pseudo-random -number \fBrnd\fR in the range 0 <lt>= \fBrnd\fR < \fBrange\fR. +number \fBrnd\fR in the range 0 <= \fBrnd\fR < \fBrange\fR. \&\fIBN_pseudo_rand_range()\fR does the same, but is based on \fIBN_pseudo_rand()\fR, and hence numbers generated by it are not necessarily unpredictable. .PP diff --git a/secure/lib/libcrypto/man/BN_set_bit.3 b/secure/lib/libcrypto/man/BN_set_bit.3 index 7e20ebe..766be46 100644 --- a/secure/lib/libcrypto/man/BN_set_bit.3 +++ b/secure/lib/libcrypto/man/BN_set_bit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_set_bit 3" -.TH BN_set_bit 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH BN_set_bit 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_swap.3 b/secure/lib/libcrypto/man/BN_swap.3 index d4a4511..04e60d5 100644 --- a/secure/lib/libcrypto/man/BN_swap.3 +++ b/secure/lib/libcrypto/man/BN_swap.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_swap 3" -.TH BN_swap 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH BN_swap 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_zero.3 b/secure/lib/libcrypto/man/BN_zero.3 index ab6e8ea..feedb87 100644 --- a/secure/lib/libcrypto/man/BN_zero.3 +++ b/secure/lib/libcrypto/man/BN_zero.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_zero 3" -.TH BN_zero 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH BN_zero 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_add0_cert.3 b/secure/lib/libcrypto/man/CMS_add0_cert.3 index 1553be8..6aa8a7c 100644 --- a/secure/lib/libcrypto/man/CMS_add0_cert.3 +++ b/secure/lib/libcrypto/man/CMS_add0_cert.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_add0_cert 3" -.TH CMS_add0_cert 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH CMS_add0_cert 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3 b/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3 index 505f4ec..f53d28d 100644 --- a/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3 +++ b/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_add1_recipient_cert 3" -.TH CMS_add1_recipient_cert 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH CMS_add1_recipient_cert 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_add1_signer.3 b/secure/lib/libcrypto/man/CMS_add1_signer.3 index ddaecfc..cd92c9d 100644 --- a/secure/lib/libcrypto/man/CMS_add1_signer.3 +++ b/secure/lib/libcrypto/man/CMS_add1_signer.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_add1_signer 3" -.TH CMS_add1_signer 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH CMS_add1_signer 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_compress.3 b/secure/lib/libcrypto/man/CMS_compress.3 index ecd4611..c30f9da 100644 --- a/secure/lib/libcrypto/man/CMS_compress.3 +++ b/secure/lib/libcrypto/man/CMS_compress.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_compress 3" -.TH CMS_compress 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH CMS_compress 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_decrypt.3 b/secure/lib/libcrypto/man/CMS_decrypt.3 index fd3fa72..87d32cc 100644 --- a/secure/lib/libcrypto/man/CMS_decrypt.3 +++ b/secure/lib/libcrypto/man/CMS_decrypt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_decrypt 3" -.TH CMS_decrypt 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH CMS_decrypt 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_encrypt.3 b/secure/lib/libcrypto/man/CMS_encrypt.3 index 32398ae..b0c99b2 100644 --- a/secure/lib/libcrypto/man/CMS_encrypt.3 +++ b/secure/lib/libcrypto/man/CMS_encrypt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_encrypt 3" -.TH CMS_encrypt 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH CMS_encrypt 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_final.3 b/secure/lib/libcrypto/man/CMS_final.3 index cd043ae..f211f85 100644 --- a/secure/lib/libcrypto/man/CMS_final.3 +++ b/secure/lib/libcrypto/man/CMS_final.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_final 3" -.TH CMS_final 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH CMS_final 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3 b/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3 index ff2cb31..775f27a 100644 --- a/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3 +++ b/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_get0_RecipientInfos 3" -.TH CMS_get0_RecipientInfos 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH CMS_get0_RecipientInfos 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3 b/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3 index 2b9265f..31b256a 100644 --- a/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3 +++ b/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_get0_SignerInfos 3" -.TH CMS_get0_SignerInfos 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH CMS_get0_SignerInfos 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_get0_type.3 b/secure/lib/libcrypto/man/CMS_get0_type.3 index a977393..79927a8 100644 --- a/secure/lib/libcrypto/man/CMS_get0_type.3 +++ b/secure/lib/libcrypto/man/CMS_get0_type.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_get0_type 3" -.TH CMS_get0_type 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH CMS_get0_type 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 b/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 index 52ffa53..198834e 100644 --- a/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 +++ b/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_get1_ReceiptRequest 3" -.TH CMS_get1_ReceiptRequest 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH CMS_get1_ReceiptRequest 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_sign.3 b/secure/lib/libcrypto/man/CMS_sign.3 index 1b1fdfe..94a1288 100644 --- a/secure/lib/libcrypto/man/CMS_sign.3 +++ b/secure/lib/libcrypto/man/CMS_sign.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_sign 3" -.TH CMS_sign 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH CMS_sign 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_sign_receipt.3 b/secure/lib/libcrypto/man/CMS_sign_receipt.3 index 98372e0..e8404ab 100644 --- a/secure/lib/libcrypto/man/CMS_sign_receipt.3 +++ b/secure/lib/libcrypto/man/CMS_sign_receipt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_sign_receipt 3" -.TH CMS_sign_receipt 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH CMS_sign_receipt 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_uncompress.3 b/secure/lib/libcrypto/man/CMS_uncompress.3 index 5fd9e70..8926024 100644 --- a/secure/lib/libcrypto/man/CMS_uncompress.3 +++ b/secure/lib/libcrypto/man/CMS_uncompress.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_uncompress 3" -.TH CMS_uncompress 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH CMS_uncompress 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_verify.3 b/secure/lib/libcrypto/man/CMS_verify.3 index 088ee45..a4cff14 100644 --- a/secure/lib/libcrypto/man/CMS_verify.3 +++ b/secure/lib/libcrypto/man/CMS_verify.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_verify 3" -.TH CMS_verify 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH CMS_verify 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_verify_receipt.3 b/secure/lib/libcrypto/man/CMS_verify_receipt.3 index d618959..cfe8568 100644 --- a/secure/lib/libcrypto/man/CMS_verify_receipt.3 +++ b/secure/lib/libcrypto/man/CMS_verify_receipt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_verify_receipt 3" -.TH CMS_verify_receipt 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH CMS_verify_receipt 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CONF_modules_free.3 b/secure/lib/libcrypto/man/CONF_modules_free.3 index 5e99d8e..a1a3306 100644 --- a/secure/lib/libcrypto/man/CONF_modules_free.3 +++ b/secure/lib/libcrypto/man/CONF_modules_free.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CONF_modules_free 3" -.TH CONF_modules_free 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH CONF_modules_free 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CONF_modules_load_file.3 b/secure/lib/libcrypto/man/CONF_modules_load_file.3 index 222d832..5fd7318 100644 --- a/secure/lib/libcrypto/man/CONF_modules_load_file.3 +++ b/secure/lib/libcrypto/man/CONF_modules_load_file.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CONF_modules_load_file 3" -.TH CONF_modules_load_file 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH CONF_modules_load_file 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 b/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 index 1abdb16..f4ad02d 100644 --- a/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 +++ b/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CRYPTO_set_ex_data 3" -.TH CRYPTO_set_ex_data 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH CRYPTO_set_ex_data 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DH_generate_key.3 b/secure/lib/libcrypto/man/DH_generate_key.3 index dd63e80..8457a56 100644 --- a/secure/lib/libcrypto/man/DH_generate_key.3 +++ b/secure/lib/libcrypto/man/DH_generate_key.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DH_generate_key 3" -.TH DH_generate_key 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH DH_generate_key 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DH_generate_parameters.3 b/secure/lib/libcrypto/man/DH_generate_parameters.3 index d217bb0..07b9e12 100644 --- a/secure/lib/libcrypto/man/DH_generate_parameters.3 +++ b/secure/lib/libcrypto/man/DH_generate_parameters.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DH_generate_parameters 3" -.TH DH_generate_parameters 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH DH_generate_parameters 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DH_get_ex_new_index.3 b/secure/lib/libcrypto/man/DH_get_ex_new_index.3 index e145ff3..bb4917e 100644 --- a/secure/lib/libcrypto/man/DH_get_ex_new_index.3 +++ b/secure/lib/libcrypto/man/DH_get_ex_new_index.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DH_get_ex_new_index 3" -.TH DH_get_ex_new_index 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH DH_get_ex_new_index 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DH_new.3 b/secure/lib/libcrypto/man/DH_new.3 index ba35c41..cfef3e8 100644 --- a/secure/lib/libcrypto/man/DH_new.3 +++ b/secure/lib/libcrypto/man/DH_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DH_new 3" -.TH DH_new 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH DH_new 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DH_set_method.3 b/secure/lib/libcrypto/man/DH_set_method.3 index 327ad6b..659e679 100644 --- a/secure/lib/libcrypto/man/DH_set_method.3 +++ b/secure/lib/libcrypto/man/DH_set_method.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DH_set_method 3" -.TH DH_set_method 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH DH_set_method 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DH_size.3 b/secure/lib/libcrypto/man/DH_size.3 index 610af44..3eda617 100644 --- a/secure/lib/libcrypto/man/DH_size.3 +++ b/secure/lib/libcrypto/man/DH_size.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DH_size 3" -.TH DH_size 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH DH_size 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DSA_SIG_new.3 b/secure/lib/libcrypto/man/DSA_SIG_new.3 index 707f760..a771b98 100644 --- a/secure/lib/libcrypto/man/DSA_SIG_new.3 +++ b/secure/lib/libcrypto/man/DSA_SIG_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA_SIG_new 3" -.TH DSA_SIG_new 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH DSA_SIG_new 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DSA_do_sign.3 b/secure/lib/libcrypto/man/DSA_do_sign.3 index bf54098..e3fc524 100644 --- a/secure/lib/libcrypto/man/DSA_do_sign.3 +++ b/secure/lib/libcrypto/man/DSA_do_sign.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA_do_sign 3" -.TH DSA_do_sign 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH DSA_do_sign 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DSA_dup_DH.3 b/secure/lib/libcrypto/man/DSA_dup_DH.3 index bce717f..18f164e 100644 --- a/secure/lib/libcrypto/man/DSA_dup_DH.3 +++ b/secure/lib/libcrypto/man/DSA_dup_DH.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA_dup_DH 3" -.TH DSA_dup_DH 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH DSA_dup_DH 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DSA_generate_key.3 b/secure/lib/libcrypto/man/DSA_generate_key.3 index 9e2ac1c..4024edf 100644 --- a/secure/lib/libcrypto/man/DSA_generate_key.3 +++ b/secure/lib/libcrypto/man/DSA_generate_key.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA_generate_key 3" -.TH DSA_generate_key 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH DSA_generate_key 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DSA_generate_parameters.3 b/secure/lib/libcrypto/man/DSA_generate_parameters.3 index 6ffe950..6676285 100644 --- a/secure/lib/libcrypto/man/DSA_generate_parameters.3 +++ b/secure/lib/libcrypto/man/DSA_generate_parameters.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA_generate_parameters 3" -.TH DSA_generate_parameters 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH DSA_generate_parameters 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -160,7 +160,7 @@ maximum of 1024 bits. If \fBseed\fR is \fB\s-1NULL\s0\fR or \fBseed_len\fR < 20, the primes will be generated at random. Otherwise, the seed is used to generate them. If the given seed does not yield a prime q, a new random -seed is chosen and placed at \fBseed\fR. +seed is chosen. .PP \&\fIDSA_generate_parameters()\fR places the iteration count in *\fBcounter_ret\fR and a counter used for finding a generator in diff --git a/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 b/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 index 69cc05d..9b2389b 100644 --- a/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 +++ b/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA_get_ex_new_index 3" -.TH DSA_get_ex_new_index 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH DSA_get_ex_new_index 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DSA_new.3 b/secure/lib/libcrypto/man/DSA_new.3 index 9d91fb2..4b3c630 100644 --- a/secure/lib/libcrypto/man/DSA_new.3 +++ b/secure/lib/libcrypto/man/DSA_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA_new 3" -.TH DSA_new 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH DSA_new 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DSA_set_method.3 b/secure/lib/libcrypto/man/DSA_set_method.3 index 706ecf1..c1bb4f8 100644 --- a/secure/lib/libcrypto/man/DSA_set_method.3 +++ b/secure/lib/libcrypto/man/DSA_set_method.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA_set_method 3" -.TH DSA_set_method 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH DSA_set_method 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DSA_sign.3 b/secure/lib/libcrypto/man/DSA_sign.3 index 636dc2e..4f6a8b0 100644 --- a/secure/lib/libcrypto/man/DSA_sign.3 +++ b/secure/lib/libcrypto/man/DSA_sign.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA_sign 3" -.TH DSA_sign 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH DSA_sign 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DSA_size.3 b/secure/lib/libcrypto/man/DSA_size.3 index 485cc77..a1b7a82 100644 --- a/secure/lib/libcrypto/man/DSA_size.3 +++ b/secure/lib/libcrypto/man/DSA_size.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA_size 3" -.TH DSA_size 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH DSA_size 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ERR_GET_LIB.3 b/secure/lib/libcrypto/man/ERR_GET_LIB.3 index 9b5ac95..9e330fe 100644 --- a/secure/lib/libcrypto/man/ERR_GET_LIB.3 +++ b/secure/lib/libcrypto/man/ERR_GET_LIB.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERR_GET_LIB 3" -.TH ERR_GET_LIB 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH ERR_GET_LIB 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ERR_clear_error.3 b/secure/lib/libcrypto/man/ERR_clear_error.3 index 914086d..ed366ac 100644 --- a/secure/lib/libcrypto/man/ERR_clear_error.3 +++ b/secure/lib/libcrypto/man/ERR_clear_error.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERR_clear_error 3" -.TH ERR_clear_error 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH ERR_clear_error 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ERR_error_string.3 b/secure/lib/libcrypto/man/ERR_error_string.3 index 2899929..1b58c2b 100644 --- a/secure/lib/libcrypto/man/ERR_error_string.3 +++ b/secure/lib/libcrypto/man/ERR_error_string.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERR_error_string 3" -.TH ERR_error_string 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH ERR_error_string 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ERR_get_error.3 b/secure/lib/libcrypto/man/ERR_get_error.3 index f6f85d7..30c3b38 100644 --- a/secure/lib/libcrypto/man/ERR_get_error.3 +++ b/secure/lib/libcrypto/man/ERR_get_error.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERR_get_error 3" -.TH ERR_get_error 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH ERR_get_error 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 b/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 index 4918d0c..534b27f 100644 --- a/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 +++ b/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERR_load_crypto_strings 3" -.TH ERR_load_crypto_strings 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH ERR_load_crypto_strings 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ERR_load_strings.3 b/secure/lib/libcrypto/man/ERR_load_strings.3 index 08af931..4bf69de 100644 --- a/secure/lib/libcrypto/man/ERR_load_strings.3 +++ b/secure/lib/libcrypto/man/ERR_load_strings.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERR_load_strings 3" -.TH ERR_load_strings 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH ERR_load_strings 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ERR_print_errors.3 b/secure/lib/libcrypto/man/ERR_print_errors.3 index d54345a..211d254 100644 --- a/secure/lib/libcrypto/man/ERR_print_errors.3 +++ b/secure/lib/libcrypto/man/ERR_print_errors.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERR_print_errors 3" -.TH ERR_print_errors 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH ERR_print_errors 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ERR_put_error.3 b/secure/lib/libcrypto/man/ERR_put_error.3 index 37cc32f..fae5722 100644 --- a/secure/lib/libcrypto/man/ERR_put_error.3 +++ b/secure/lib/libcrypto/man/ERR_put_error.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERR_put_error 3" -.TH ERR_put_error 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH ERR_put_error 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ERR_remove_state.3 b/secure/lib/libcrypto/man/ERR_remove_state.3 index a0ece2b..040fdc6 100644 --- a/secure/lib/libcrypto/man/ERR_remove_state.3 +++ b/secure/lib/libcrypto/man/ERR_remove_state.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERR_remove_state 3" -.TH ERR_remove_state 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH ERR_remove_state 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ERR_set_mark.3 b/secure/lib/libcrypto/man/ERR_set_mark.3 index fada986..f90b5d2 100644 --- a/secure/lib/libcrypto/man/ERR_set_mark.3 +++ b/secure/lib/libcrypto/man/ERR_set_mark.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERR_set_mark 3" -.TH ERR_set_mark 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH ERR_set_mark 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_BytesToKey.3 b/secure/lib/libcrypto/man/EVP_BytesToKey.3 index 20c608f..8689003 100644 --- a/secure/lib/libcrypto/man/EVP_BytesToKey.3 +++ b/secure/lib/libcrypto/man/EVP_BytesToKey.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_BytesToKey 3" -.TH EVP_BytesToKey 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH EVP_BytesToKey 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_DigestInit.3 b/secure/lib/libcrypto/man/EVP_DigestInit.3 index 5df74cb..db5d601 100644 --- a/secure/lib/libcrypto/man/EVP_DigestInit.3 +++ b/secure/lib/libcrypto/man/EVP_DigestInit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_DigestInit 3" -.TH EVP_DigestInit 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH EVP_DigestInit 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_DigestSignInit.3 b/secure/lib/libcrypto/man/EVP_DigestSignInit.3 index 4cf71d5..1eba97d 100644 --- a/secure/lib/libcrypto/man/EVP_DigestSignInit.3 +++ b/secure/lib/libcrypto/man/EVP_DigestSignInit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_DigestSignInit 3" -.TH EVP_DigestSignInit 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH EVP_DigestSignInit 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3 b/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3 index dfae90f..e329f9c 100644 --- a/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3 +++ b/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_DigestVerifyInit 3" -.TH EVP_DigestVerifyInit 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH EVP_DigestVerifyInit 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -173,10 +173,11 @@ using a macro. or a negative value for failure. In particular a return value of \-2 indicates the operation is not supported by the public key algorithm. .PP -Unlike other functions the return value 0 from \fIEVP_DigestVerifyFinal()\fR only -indicates that the signature did not verify successfully (that is tbs did -not match the original data or the signature was of invalid form) it is not an -indication of a more serious error. +\&\fIEVP_DigestVerifyFinal()\fR returns 1 for success; any other value indicates +failure. A return value of zero indicates that the signature did not verify +successfully (that is, tbs did not match the original data or the signature had +an invalid form), while other values indicate a more serious error (and +sometimes also indicate an invalid signature form). .PP The error codes can be obtained from \fIERR_get_error\fR\|(3). .SH "NOTES" diff --git a/secure/lib/libcrypto/man/EVP_EncryptInit.3 b/secure/lib/libcrypto/man/EVP_EncryptInit.3 index e8826f5..aa8514f 100644 --- a/secure/lib/libcrypto/man/EVP_EncryptInit.3 +++ b/secure/lib/libcrypto/man/EVP_EncryptInit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_EncryptInit 3" -.TH EVP_EncryptInit 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH EVP_EncryptInit 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_OpenInit.3 b/secure/lib/libcrypto/man/EVP_OpenInit.3 index 1e2695e..21329d3 100644 --- a/secure/lib/libcrypto/man/EVP_OpenInit.3 +++ b/secure/lib/libcrypto/man/EVP_OpenInit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_OpenInit 3" -.TH EVP_OpenInit 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH EVP_OpenInit 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 b/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 index aaf6c8e..1dfeeef 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_CTX_ctrl 3" -.TH EVP_PKEY_CTX_ctrl 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH EVP_PKEY_CTX_ctrl 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3 b/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3 index 639ed76..ca4bd99 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_CTX_new 3" -.TH EVP_PKEY_CTX_new 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH EVP_PKEY_CTX_new 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_cmp.3 b/secure/lib/libcrypto/man/EVP_PKEY_cmp.3 index 958a3d8..84be92a 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_cmp.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_cmp.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_cmp 3" -.TH EVP_PKEY_cmp 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH EVP_PKEY_cmp 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3 b/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3 index bf3d420..1bae273 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_decrypt 3" -.TH EVP_PKEY_decrypt 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH EVP_PKEY_decrypt 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_derive.3 b/secure/lib/libcrypto/man/EVP_PKEY_derive.3 index 68ddbbb..bca39d1 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_derive.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_derive.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_derive 3" -.TH EVP_PKEY_derive 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH EVP_PKEY_derive 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3 b/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3 index be44f10..c22a5f2 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_encrypt 3" -.TH EVP_PKEY_encrypt 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH EVP_PKEY_encrypt 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3 b/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3 index 33be108..edacceb 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_get_default_digest 3" -.TH EVP_PKEY_get_default_digest 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH EVP_PKEY_get_default_digest 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_keygen.3 b/secure/lib/libcrypto/man/EVP_PKEY_keygen.3 index 1c4daf9..c95e0fc 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_keygen.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_keygen.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_keygen 3" -.TH EVP_PKEY_keygen 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH EVP_PKEY_keygen 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_new.3 b/secure/lib/libcrypto/man/EVP_PKEY_new.3 index ab0c7d9..c6a054c 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_new.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_new 3" -.TH EVP_PKEY_new 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH EVP_PKEY_new 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_print_private.3 b/secure/lib/libcrypto/man/EVP_PKEY_print_private.3 index 4adde36..e653d36 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_print_private.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_print_private.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_print_private 3" -.TH EVP_PKEY_print_private 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH EVP_PKEY_print_private 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 b/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 index 890d124..cde41fe 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_set1_RSA 3" -.TH EVP_PKEY_set1_RSA 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH EVP_PKEY_set1_RSA 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_sign.3 b/secure/lib/libcrypto/man/EVP_PKEY_sign.3 index d3611e0..7d2ebb5 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_sign.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_sign.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_sign 3" -.TH EVP_PKEY_sign 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH EVP_PKEY_sign 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_verify.3 b/secure/lib/libcrypto/man/EVP_PKEY_verify.3 index 09c8d6a..4a3504a 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_verify.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_verify.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_verify 3" -.TH EVP_PKEY_verify 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH EVP_PKEY_verify 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3 b/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3 index 940d0a2..059590e 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_verify_recover 3" -.TH EVP_PKEY_verify_recover 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH EVP_PKEY_verify_recover 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_SealInit.3 b/secure/lib/libcrypto/man/EVP_SealInit.3 index e57d788..09a0dde 100644 --- a/secure/lib/libcrypto/man/EVP_SealInit.3 +++ b/secure/lib/libcrypto/man/EVP_SealInit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_SealInit 3" -.TH EVP_SealInit 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH EVP_SealInit 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_SignInit.3 b/secure/lib/libcrypto/man/EVP_SignInit.3 index 7aed114..735c0e3 100644 --- a/secure/lib/libcrypto/man/EVP_SignInit.3 +++ b/secure/lib/libcrypto/man/EVP_SignInit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,13 +133,14 @@ .\" ======================================================================== .\" .IX Title "EVP_SignInit 3" -.TH EVP_SignInit 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH EVP_SignInit 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_SignInit, EVP_SignUpdate, EVP_SignFinal \- EVP signing functions +EVP_SignInit, EVP_SignInit_ex, EVP_SignUpdate, EVP_SignFinal \- EVP signing +functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 diff --git a/secure/lib/libcrypto/man/EVP_VerifyInit.3 b/secure/lib/libcrypto/man/EVP_VerifyInit.3 index b9ce446..a26cd6a 100644 --- a/secure/lib/libcrypto/man/EVP_VerifyInit.3 +++ b/secure/lib/libcrypto/man/EVP_VerifyInit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_VerifyInit 3" -.TH EVP_VerifyInit 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH EVP_VerifyInit 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/OBJ_nid2obj.3 b/secure/lib/libcrypto/man/OBJ_nid2obj.3 index 31fe94d..fddd646 100644 --- a/secure/lib/libcrypto/man/OBJ_nid2obj.3 +++ b/secure/lib/libcrypto/man/OBJ_nid2obj.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OBJ_nid2obj 3" -.TH OBJ_nid2obj 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH OBJ_nid2obj 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/OPENSSL_Applink.3 b/secure/lib/libcrypto/man/OPENSSL_Applink.3 index 78f7f38..8c21120 100644 --- a/secure/lib/libcrypto/man/OPENSSL_Applink.3 +++ b/secure/lib/libcrypto/man/OPENSSL_Applink.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_Applink 3" -.TH OPENSSL_Applink 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH OPENSSL_Applink 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 b/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 index 7db1044..7d3524b 100644 --- a/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 +++ b/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_VERSION_NUMBER 3" -.TH OPENSSL_VERSION_NUMBER 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH OPENSSL_VERSION_NUMBER 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/OPENSSL_config.3 b/secure/lib/libcrypto/man/OPENSSL_config.3 index f34f3e8..09ee402 100644 --- a/secure/lib/libcrypto/man/OPENSSL_config.3 +++ b/secure/lib/libcrypto/man/OPENSSL_config.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_config 3" -.TH OPENSSL_config 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH OPENSSL_config 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 b/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 index 0e8972d..fc65fef 100644 --- a/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 +++ b/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_ia32cap 3" -.TH OPENSSL_ia32cap 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH OPENSSL_ia32cap 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 b/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 index fa0a058..32b8b49 100644 --- a/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 +++ b/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_load_builtin_modules 3" -.TH OPENSSL_load_builtin_modules 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH OPENSSL_load_builtin_modules 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 b/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 index 9e88ee9..7231330 100644 --- a/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 +++ b/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OpenSSL_add_all_algorithms 3" -.TH OpenSSL_add_all_algorithms 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH OpenSSL_add_all_algorithms 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 b/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 index abc2345..8dee8c1 100644 --- a/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 +++ b/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PEM_write_bio_CMS_stream 3" -.TH PEM_write_bio_CMS_stream 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH PEM_write_bio_CMS_stream 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 b/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 index f186dba..f623263 100644 --- a/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 +++ b/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PEM_write_bio_PKCS7_stream 3" -.TH PEM_write_bio_PKCS7_stream 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH PEM_write_bio_PKCS7_stream 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/PKCS12_create.3 b/secure/lib/libcrypto/man/PKCS12_create.3 index 5b45b6e..1f06c7e 100644 --- a/secure/lib/libcrypto/man/PKCS12_create.3 +++ b/secure/lib/libcrypto/man/PKCS12_create.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS12_create 3" -.TH PKCS12_create 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH PKCS12_create 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/PKCS12_parse.3 b/secure/lib/libcrypto/man/PKCS12_parse.3 index 4ce2f26..fcbeaaa 100644 --- a/secure/lib/libcrypto/man/PKCS12_parse.3 +++ b/secure/lib/libcrypto/man/PKCS12_parse.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS12_parse 3" -.TH PKCS12_parse 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH PKCS12_parse 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/PKCS7_decrypt.3 b/secure/lib/libcrypto/man/PKCS7_decrypt.3 index 479feb3..600fe7f 100644 --- a/secure/lib/libcrypto/man/PKCS7_decrypt.3 +++ b/secure/lib/libcrypto/man/PKCS7_decrypt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7_decrypt 3" -.TH PKCS7_decrypt 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH PKCS7_decrypt 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/PKCS7_encrypt.3 b/secure/lib/libcrypto/man/PKCS7_encrypt.3 index 24b0089..4bb62ca 100644 --- a/secure/lib/libcrypto/man/PKCS7_encrypt.3 +++ b/secure/lib/libcrypto/man/PKCS7_encrypt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7_encrypt 3" -.TH PKCS7_encrypt 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH PKCS7_encrypt 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/PKCS7_sign.3 b/secure/lib/libcrypto/man/PKCS7_sign.3 index 4a2b7ce..7889fc6 100644 --- a/secure/lib/libcrypto/man/PKCS7_sign.3 +++ b/secure/lib/libcrypto/man/PKCS7_sign.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7_sign 3" -.TH PKCS7_sign 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH PKCS7_sign 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3 b/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3 index 80205d5..327245e 100644 --- a/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3 +++ b/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7_sign_add_signer 3" -.TH PKCS7_sign_add_signer 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH PKCS7_sign_add_signer 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/PKCS7_verify.3 b/secure/lib/libcrypto/man/PKCS7_verify.3 index 1bb8146..7f298c0 100644 --- a/secure/lib/libcrypto/man/PKCS7_verify.3 +++ b/secure/lib/libcrypto/man/PKCS7_verify.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7_verify 3" -.TH PKCS7_verify 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH PKCS7_verify 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RAND_add.3 b/secure/lib/libcrypto/man/RAND_add.3 index 21c5869..1d20429 100644 --- a/secure/lib/libcrypto/man/RAND_add.3 +++ b/secure/lib/libcrypto/man/RAND_add.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RAND_add 3" -.TH RAND_add 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH RAND_add 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RAND_bytes.3 b/secure/lib/libcrypto/man/RAND_bytes.3 index de043c1..ebb5d01 100644 --- a/secure/lib/libcrypto/man/RAND_bytes.3 +++ b/secure/lib/libcrypto/man/RAND_bytes.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RAND_bytes 3" -.TH RAND_bytes 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH RAND_bytes 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RAND_cleanup.3 b/secure/lib/libcrypto/man/RAND_cleanup.3 index d562b9d..b7eeffd 100644 --- a/secure/lib/libcrypto/man/RAND_cleanup.3 +++ b/secure/lib/libcrypto/man/RAND_cleanup.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RAND_cleanup 3" -.TH RAND_cleanup 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH RAND_cleanup 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RAND_egd.3 b/secure/lib/libcrypto/man/RAND_egd.3 index b6e027c..1b62746 100644 --- a/secure/lib/libcrypto/man/RAND_egd.3 +++ b/secure/lib/libcrypto/man/RAND_egd.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RAND_egd 3" -.TH RAND_egd 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH RAND_egd 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RAND_load_file.3 b/secure/lib/libcrypto/man/RAND_load_file.3 index 6d55b96..966838e 100644 --- a/secure/lib/libcrypto/man/RAND_load_file.3 +++ b/secure/lib/libcrypto/man/RAND_load_file.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RAND_load_file 3" -.TH RAND_load_file 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH RAND_load_file 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RAND_set_rand_method.3 b/secure/lib/libcrypto/man/RAND_set_rand_method.3 index df6118b..b8550b6 100644 --- a/secure/lib/libcrypto/man/RAND_set_rand_method.3 +++ b/secure/lib/libcrypto/man/RAND_set_rand_method.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RAND_set_rand_method 3" -.TH RAND_set_rand_method 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH RAND_set_rand_method 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_blinding_on.3 b/secure/lib/libcrypto/man/RSA_blinding_on.3 index 3d65308..9535f54 100644 --- a/secure/lib/libcrypto/man/RSA_blinding_on.3 +++ b/secure/lib/libcrypto/man/RSA_blinding_on.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_blinding_on 3" -.TH RSA_blinding_on 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH RSA_blinding_on 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_check_key.3 b/secure/lib/libcrypto/man/RSA_check_key.3 index 2e36c74..dc87a9a 100644 --- a/secure/lib/libcrypto/man/RSA_check_key.3 +++ b/secure/lib/libcrypto/man/RSA_check_key.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_check_key 3" -.TH RSA_check_key 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH RSA_check_key 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_generate_key.3 b/secure/lib/libcrypto/man/RSA_generate_key.3 index 0425128..cdc4b9f 100644 --- a/secure/lib/libcrypto/man/RSA_generate_key.3 +++ b/secure/lib/libcrypto/man/RSA_generate_key.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_generate_key 3" -.TH RSA_generate_key 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH RSA_generate_key 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 b/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 index 954791d..3c2c330 100644 --- a/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 +++ b/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_get_ex_new_index 3" -.TH RSA_get_ex_new_index 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH RSA_get_ex_new_index 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_new.3 b/secure/lib/libcrypto/man/RSA_new.3 index 550f94c..e2eb566 100644 --- a/secure/lib/libcrypto/man/RSA_new.3 +++ b/secure/lib/libcrypto/man/RSA_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_new 3" -.TH RSA_new 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH RSA_new 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 b/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 index c273008..3005982 100644 --- a/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 +++ b/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_padding_add_PKCS1_type_1 3" -.TH RSA_padding_add_PKCS1_type_1 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH RSA_padding_add_PKCS1_type_1 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_print.3 b/secure/lib/libcrypto/man/RSA_print.3 index d6a198c..6deee92 100644 --- a/secure/lib/libcrypto/man/RSA_print.3 +++ b/secure/lib/libcrypto/man/RSA_print.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_print 3" -.TH RSA_print 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH RSA_print 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_private_encrypt.3 b/secure/lib/libcrypto/man/RSA_private_encrypt.3 index f2f2989..1f7a24f 100644 --- a/secure/lib/libcrypto/man/RSA_private_encrypt.3 +++ b/secure/lib/libcrypto/man/RSA_private_encrypt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_private_encrypt 3" -.TH RSA_private_encrypt 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH RSA_private_encrypt 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_public_encrypt.3 b/secure/lib/libcrypto/man/RSA_public_encrypt.3 index 864ecd5..cbb8cb1 100644 --- a/secure/lib/libcrypto/man/RSA_public_encrypt.3 +++ b/secure/lib/libcrypto/man/RSA_public_encrypt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_public_encrypt 3" -.TH RSA_public_encrypt 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH RSA_public_encrypt 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_set_method.3 b/secure/lib/libcrypto/man/RSA_set_method.3 index c2e11c4..42d9027 100644 --- a/secure/lib/libcrypto/man/RSA_set_method.3 +++ b/secure/lib/libcrypto/man/RSA_set_method.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_set_method 3" -.TH RSA_set_method 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH RSA_set_method 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_sign.3 b/secure/lib/libcrypto/man/RSA_sign.3 index 2f0c11a..cc611da 100644 --- a/secure/lib/libcrypto/man/RSA_sign.3 +++ b/secure/lib/libcrypto/man/RSA_sign.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_sign 3" -.TH RSA_sign 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH RSA_sign 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 b/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 index d175c0f..42bbbc3 100644 --- a/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 +++ b/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_sign_ASN1_OCTET_STRING 3" -.TH RSA_sign_ASN1_OCTET_STRING 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH RSA_sign_ASN1_OCTET_STRING 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_size.3 b/secure/lib/libcrypto/man/RSA_size.3 index 6085268..eb0a0e1 100644 --- a/secure/lib/libcrypto/man/RSA_size.3 +++ b/secure/lib/libcrypto/man/RSA_size.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_size 3" -.TH RSA_size 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH RSA_size 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SMIME_read_CMS.3 b/secure/lib/libcrypto/man/SMIME_read_CMS.3 index fa5c996..f7d6a61 100644 --- a/secure/lib/libcrypto/man/SMIME_read_CMS.3 +++ b/secure/lib/libcrypto/man/SMIME_read_CMS.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SMIME_read_CMS 3" -.TH SMIME_read_CMS 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SMIME_read_CMS 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 b/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 index 420a504..a36326f 100644 --- a/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 +++ b/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SMIME_read_PKCS7 3" -.TH SMIME_read_PKCS7 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SMIME_read_PKCS7 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SMIME_write_CMS.3 b/secure/lib/libcrypto/man/SMIME_write_CMS.3 index da2c50d..26ac00a 100644 --- a/secure/lib/libcrypto/man/SMIME_write_CMS.3 +++ b/secure/lib/libcrypto/man/SMIME_write_CMS.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SMIME_write_CMS 3" -.TH SMIME_write_CMS 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SMIME_write_CMS 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 b/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 index 20b0716..0e408444 100644 --- a/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 +++ b/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SMIME_write_PKCS7 3" -.TH SMIME_write_PKCS7 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SMIME_write_PKCS7 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 b/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 index 6ebeaf2..bc708bf 100644 --- a/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 +++ b/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_NAME_ENTRY_get_object 3" -.TH X509_NAME_ENTRY_get_object 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH X509_NAME_ENTRY_get_object 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 b/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 index 208b598..144f7fa 100644 --- a/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 +++ b/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_NAME_add_entry_by_txt 3" -.TH X509_NAME_add_entry_by_txt 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH X509_NAME_add_entry_by_txt 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 b/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 index 5c598f8..4253951 100644 --- a/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 +++ b/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_NAME_get_index_by_NID 3" -.TH X509_NAME_get_index_by_NID 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH X509_NAME_get_index_by_NID 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_NAME_print_ex.3 b/secure/lib/libcrypto/man/X509_NAME_print_ex.3 index 10fdfb6..dd14402 100644 --- a/secure/lib/libcrypto/man/X509_NAME_print_ex.3 +++ b/secure/lib/libcrypto/man/X509_NAME_print_ex.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_NAME_print_ex 3" -.TH X509_NAME_print_ex 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH X509_NAME_print_ex 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3 b/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3 index cd437af..c7d81c3 100644 --- a/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3 +++ b/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_STORE_CTX_get_error 3" -.TH X509_STORE_CTX_get_error 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH X509_STORE_CTX_get_error 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3 b/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3 index dbfc8f6..3104e3f 100644 --- a/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3 +++ b/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_STORE_CTX_get_ex_new_index 3" -.TH X509_STORE_CTX_get_ex_new_index 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH X509_STORE_CTX_get_ex_new_index 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_STORE_CTX_new.3 b/secure/lib/libcrypto/man/X509_STORE_CTX_new.3 index 25cedf2..0bbe36c 100644 --- a/secure/lib/libcrypto/man/X509_STORE_CTX_new.3 +++ b/secure/lib/libcrypto/man/X509_STORE_CTX_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_STORE_CTX_new 3" -.TH X509_STORE_CTX_new 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH X509_STORE_CTX_new 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 b/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 index 54e9db6..bc7e907 100644 --- a/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 +++ b/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_STORE_CTX_set_verify_cb 3" -.TH X509_STORE_CTX_set_verify_cb 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH X509_STORE_CTX_set_verify_cb 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 b/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 index 9586a18..0c77458f 100644 --- a/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 +++ b/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_STORE_set_verify_cb_func 3" -.TH X509_STORE_set_verify_cb_func 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH X509_STORE_set_verify_cb_func 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 b/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 index f08c9bc..bfbbd56 100644 --- a/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 +++ b/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_VERIFY_PARAM_set_flags 3" -.TH X509_VERIFY_PARAM_set_flags 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH X509_VERIFY_PARAM_set_flags 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_new.3 b/secure/lib/libcrypto/man/X509_new.3 index 587b861..c7c04dea 100644 --- a/secure/lib/libcrypto/man/X509_new.3 +++ b/secure/lib/libcrypto/man/X509_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_new 3" -.TH X509_new 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH X509_new 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_verify_cert.3 b/secure/lib/libcrypto/man/X509_verify_cert.3 index 6250339..dcaf97e 100644 --- a/secure/lib/libcrypto/man/X509_verify_cert.3 +++ b/secure/lib/libcrypto/man/X509_verify_cert.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_verify_cert 3" -.TH X509_verify_cert 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH X509_verify_cert 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/bio.3 b/secure/lib/libcrypto/man/bio.3 index 18288c4..d64076b 100644 --- a/secure/lib/libcrypto/man/bio.3 +++ b/secure/lib/libcrypto/man/bio.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "bio 3" -.TH bio 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH bio 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/blowfish.3 b/secure/lib/libcrypto/man/blowfish.3 index 738c2b8..94d47d3 100644 --- a/secure/lib/libcrypto/man/blowfish.3 +++ b/secure/lib/libcrypto/man/blowfish.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "blowfish 3" -.TH blowfish 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH blowfish 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/bn.3 b/secure/lib/libcrypto/man/bn.3 index 441b944..0d590a6 100644 --- a/secure/lib/libcrypto/man/bn.3 +++ b/secure/lib/libcrypto/man/bn.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "bn 3" -.TH bn 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH bn 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/bn_internal.3 b/secure/lib/libcrypto/man/bn_internal.3 index 83afdda..f3526d9 100644 --- a/secure/lib/libcrypto/man/bn_internal.3 +++ b/secure/lib/libcrypto/man/bn_internal.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "bn_internal 3" -.TH bn_internal 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH bn_internal 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/buffer.3 b/secure/lib/libcrypto/man/buffer.3 index 8cd00a8..726ac04 100644 --- a/secure/lib/libcrypto/man/buffer.3 +++ b/secure/lib/libcrypto/man/buffer.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,14 +133,17 @@ .\" ======================================================================== .\" .IX Title "buffer 3" -.TH buffer 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH buffer 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -BUF_MEM_new, BUF_MEM_free, BUF_MEM_grow, BUF_strdup \- simple -character arrays structure +BUF_MEM_new, BUF_MEM_new_ex, BUF_MEM_free, BUF_MEM_grow \- simple +character array structure +.PP +BUF_strdup, BUF_strndup, BUF_memdup, BUF_strlcpy, BUF_strlcat \- +standard C library equivalents .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -152,28 +155,21 @@ character arrays structure \& \& int BUF_MEM_grow(BUF_MEM *str, int len); \& -\& char * BUF_strdup(const char *str); +\& char *BUF_strdup(const char *str); +\& +\& char *BUF_strndup(const char *str, size_t siz); +\& +\& void *BUF_memdup(const void *data, size_t siz); +\& +\& size_t BUF_strlcpy(char *dst, const char *src, size_t size); +\& +\& size_t BUF_strlcat(char *dst, const char *src, size_t size); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The buffer library handles simple character arrays. Buffers are used for various purposes in the library, most notably memory BIOs. .PP -The library uses the \s-1BUF_MEM\s0 structure defined in buffer.h: -.PP -.Vb 6 -\& typedef struct buf_mem_st -\& { -\& int length; /* current number of bytes */ -\& char *data; -\& int max; /* size of buffer */ -\& } BUF_MEM; -.Ve -.PP -\&\fBlength\fR is the current size of the buffer in bytes, \fBmax\fR is the amount of -memory allocated to the buffer. There are three functions which handle these -and one \*(L"miscellaneous\*(R" function. -.PP \&\fIBUF_MEM_new()\fR allocates a new buffer of zero size. .PP \&\fIBUF_MEM_free()\fR frees up an already existing buffer. The data is zeroed @@ -183,14 +179,17 @@ before freeing up in case the buffer contains sensitive data. \&\fBlen\fR. Any data already in the buffer is preserved if it increases in size. .PP -\&\fIBUF_strdup()\fR copies a null terminated string into a block of allocated -memory and returns a pointer to the allocated block. -Unlike the standard C library \fIstrdup()\fR this function uses \fIOPENSSL_malloc()\fR and so -should be used in preference to the standard library \fIstrdup()\fR because it can -be used for memory leak checking or replacing the \fImalloc()\fR function. +\&\fIBUF_strdup()\fR, \fIBUF_strndup()\fR, \fIBUF_memdup()\fR, \fIBUF_strlcpy()\fR and +\&\fIBUF_strlcat()\fR are equivalents of the standard C library functions. The +\&\fIdup()\fR functions use \fIOPENSSL_malloc()\fR underneath and so should be used +in preference to the standard library for memory leak checking or +replacing the \fImalloc()\fR function. +.PP +Memory allocated from these functions should be freed up using the +\&\fIOPENSSL_free()\fR function. .PP -The memory allocated from \fIBUF_strdup()\fR should be freed up using the \fIOPENSSL_free()\fR -function. +BUF_strndup makes the explicit guarantee that it will never read past +the first \fBsiz\fR bytes of \fBstr\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fIBUF_MEM_new()\fR returns the buffer or \s-1NULL\s0 on error. diff --git a/secure/lib/libcrypto/man/crypto.3 b/secure/lib/libcrypto/man/crypto.3 index 53e9f5b..5c41c2d 100644 --- a/secure/lib/libcrypto/man/crypto.3 +++ b/secure/lib/libcrypto/man/crypto.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "crypto 3" -.TH crypto 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH crypto 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 b/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 index aaf5154..ffe58e5 100644 --- a/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 +++ b/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "d2i_ASN1_OBJECT 3" -.TH d2i_ASN1_OBJECT 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH d2i_ASN1_OBJECT 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/d2i_CMS_ContentInfo.3 b/secure/lib/libcrypto/man/d2i_CMS_ContentInfo.3 index d2b17cf..21dce6f 100644 --- a/secure/lib/libcrypto/man/d2i_CMS_ContentInfo.3 +++ b/secure/lib/libcrypto/man/d2i_CMS_ContentInfo.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "d2i_CMS_ContentInfo 3" -.TH d2i_CMS_ContentInfo 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH d2i_CMS_ContentInfo 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/d2i_DHparams.3 b/secure/lib/libcrypto/man/d2i_DHparams.3 index 67e8d7b..d702aa6 100644 --- a/secure/lib/libcrypto/man/d2i_DHparams.3 +++ b/secure/lib/libcrypto/man/d2i_DHparams.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "d2i_DHparams 3" -.TH d2i_DHparams 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH d2i_DHparams 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 b/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 index 0455f59..a4e9a86 100644 --- a/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 +++ b/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "d2i_DSAPublicKey 3" -.TH d2i_DSAPublicKey 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH d2i_DSAPublicKey 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/d2i_ECPrivateKey.3 b/secure/lib/libcrypto/man/d2i_ECPrivateKey.3 index f6161ef..34dd5d2 100644 --- a/secure/lib/libcrypto/man/d2i_ECPrivateKey.3 +++ b/secure/lib/libcrypto/man/d2i_ECPrivateKey.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "d2i_ECPrivateKey 3" -.TH d2i_ECPrivateKey 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH d2i_ECPrivateKey 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 b/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 index 91eb895..349561b 100644 --- a/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 +++ b/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "d2i_PKCS8PrivateKey 3" -.TH d2i_PKCS8PrivateKey 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH d2i_PKCS8PrivateKey 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 b/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 index 839512a..6ad92485 100644 --- a/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 +++ b/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "d2i_RSAPublicKey 3" -.TH d2i_RSAPublicKey 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH d2i_RSAPublicKey 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/d2i_X509.3 b/secure/lib/libcrypto/man/d2i_X509.3 index fc2a852..ae067fd 100644 --- a/secure/lib/libcrypto/man/d2i_X509.3 +++ b/secure/lib/libcrypto/man/d2i_X509.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "d2i_X509 3" -.TH d2i_X509 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH d2i_X509 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 b/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 index d369ab3..c017493 100644 --- a/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 +++ b/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "d2i_X509_ALGOR 3" -.TH d2i_X509_ALGOR 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH d2i_X509_ALGOR 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/d2i_X509_CRL.3 b/secure/lib/libcrypto/man/d2i_X509_CRL.3 index f30cdda..02f28d6 100644 --- a/secure/lib/libcrypto/man/d2i_X509_CRL.3 +++ b/secure/lib/libcrypto/man/d2i_X509_CRL.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "d2i_X509_CRL 3" -.TH d2i_X509_CRL 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH d2i_X509_CRL 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/d2i_X509_NAME.3 b/secure/lib/libcrypto/man/d2i_X509_NAME.3 index 87e1348..524bad6 100644 --- a/secure/lib/libcrypto/man/d2i_X509_NAME.3 +++ b/secure/lib/libcrypto/man/d2i_X509_NAME.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "d2i_X509_NAME 3" -.TH d2i_X509_NAME 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH d2i_X509_NAME 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -151,7 +151,7 @@ d2i_X509_NAME, i2d_X509_NAME \- X509_NAME encoding functions .SH "DESCRIPTION" .IX Header "DESCRIPTION" These functions decode and encode an \fBX509_NAME\fR structure which is the -the same as the \fBName\fR type defined in \s-1RFC2459 \s0(and elsewhere) and used +same as the \fBName\fR type defined in \s-1RFC2459 \s0(and elsewhere) and used for example in certificate subject and issuer names. .PP Othewise the functions behave in a similar way to \fId2i_X509()\fR and \fIi2d_X509()\fR diff --git a/secure/lib/libcrypto/man/d2i_X509_REQ.3 b/secure/lib/libcrypto/man/d2i_X509_REQ.3 index e2ac57f..221dc1f 100644 --- a/secure/lib/libcrypto/man/d2i_X509_REQ.3 +++ b/secure/lib/libcrypto/man/d2i_X509_REQ.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "d2i_X509_REQ 3" -.TH d2i_X509_REQ 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH d2i_X509_REQ 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/d2i_X509_SIG.3 b/secure/lib/libcrypto/man/d2i_X509_SIG.3 index 026826e..688eab9 100644 --- a/secure/lib/libcrypto/man/d2i_X509_SIG.3 +++ b/secure/lib/libcrypto/man/d2i_X509_SIG.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "d2i_X509_SIG 3" -.TH d2i_X509_SIG 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH d2i_X509_SIG 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/des.3 b/secure/lib/libcrypto/man/des.3 index 35d8d29..574b3c6 100644 --- a/secure/lib/libcrypto/man/des.3 +++ b/secure/lib/libcrypto/man/des.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "des 3" -.TH des 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH des 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/dh.3 b/secure/lib/libcrypto/man/dh.3 index 4d3dcbd..0aea060 100644 --- a/secure/lib/libcrypto/man/dh.3 +++ b/secure/lib/libcrypto/man/dh.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "dh 3" -.TH dh 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH dh 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/dsa.3 b/secure/lib/libcrypto/man/dsa.3 index d7e540d..a0e6906 100644 --- a/secure/lib/libcrypto/man/dsa.3 +++ b/secure/lib/libcrypto/man/dsa.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "dsa 3" -.TH dsa 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH dsa 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ecdsa.3 b/secure/lib/libcrypto/man/ecdsa.3 index 7594d5f..d80d41a 100644 --- a/secure/lib/libcrypto/man/ecdsa.3 +++ b/secure/lib/libcrypto/man/ecdsa.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ecdsa 3" -.TH ecdsa 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH ecdsa 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/engine.3 b/secure/lib/libcrypto/man/engine.3 index 9896b6c..da1a21d 100644 --- a/secure/lib/libcrypto/man/engine.3 +++ b/secure/lib/libcrypto/man/engine.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "engine 3" -.TH engine 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH engine 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/err.3 b/secure/lib/libcrypto/man/err.3 index 66210ae..ed56a1b 100644 --- a/secure/lib/libcrypto/man/err.3 +++ b/secure/lib/libcrypto/man/err.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "err 3" -.TH err 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH err 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/evp.3 b/secure/lib/libcrypto/man/evp.3 index a7cb86a..996fd07 100644 --- a/secure/lib/libcrypto/man/evp.3 +++ b/secure/lib/libcrypto/man/evp.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "evp 3" -.TH evp 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH evp 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/hmac.3 b/secure/lib/libcrypto/man/hmac.3 index 8f5c458..5ff2869 100644 --- a/secure/lib/libcrypto/man/hmac.3 +++ b/secure/lib/libcrypto/man/hmac.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "hmac 3" -.TH hmac 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH hmac 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3 b/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3 index 93b49c1..e1332e7 100644 --- a/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3 +++ b/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "i2d_CMS_bio_stream 3" -.TH i2d_CMS_bio_stream 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH i2d_CMS_bio_stream 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 b/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 index fd07c3b..87184d5 100644 --- a/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 +++ b/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "i2d_PKCS7_bio_stream 3" -.TH i2d_PKCS7_bio_stream 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH i2d_PKCS7_bio_stream 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/lh_stats.3 b/secure/lib/libcrypto/man/lh_stats.3 index cf28f33..fb6dd99 100644 --- a/secure/lib/libcrypto/man/lh_stats.3 +++ b/secure/lib/libcrypto/man/lh_stats.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "lh_stats 3" -.TH lh_stats 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH lh_stats 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/lhash.3 b/secure/lib/libcrypto/man/lhash.3 index 055a248..5e255d1 100644 --- a/secure/lib/libcrypto/man/lhash.3 +++ b/secure/lib/libcrypto/man/lhash.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "lhash 3" -.TH lhash 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH lhash 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/md5.3 b/secure/lib/libcrypto/man/md5.3 index 3c43627..f8f95fe 100644 --- a/secure/lib/libcrypto/man/md5.3 +++ b/secure/lib/libcrypto/man/md5.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "md5 3" -.TH md5 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH md5 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/mdc2.3 b/secure/lib/libcrypto/man/mdc2.3 index 183793a..e0c2482 100644 --- a/secure/lib/libcrypto/man/mdc2.3 +++ b/secure/lib/libcrypto/man/mdc2.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "mdc2 3" -.TH mdc2 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH mdc2 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/pem.3 b/secure/lib/libcrypto/man/pem.3 index 2e03f31..57ed05b 100644 --- a/secure/lib/libcrypto/man/pem.3 +++ b/secure/lib/libcrypto/man/pem.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "pem 3" -.TH pem 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH pem 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/rand.3 b/secure/lib/libcrypto/man/rand.3 index 9445f4b..78fa71d 100644 --- a/secure/lib/libcrypto/man/rand.3 +++ b/secure/lib/libcrypto/man/rand.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "rand 3" -.TH rand 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH rand 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/rc4.3 b/secure/lib/libcrypto/man/rc4.3 index c9987df..dc90b17 100644 --- a/secure/lib/libcrypto/man/rc4.3 +++ b/secure/lib/libcrypto/man/rc4.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "rc4 3" -.TH rc4 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH rc4 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ripemd.3 b/secure/lib/libcrypto/man/ripemd.3 index b2c6443..f352254 100644 --- a/secure/lib/libcrypto/man/ripemd.3 +++ b/secure/lib/libcrypto/man/ripemd.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ripemd 3" -.TH ripemd 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH ripemd 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/rsa.3 b/secure/lib/libcrypto/man/rsa.3 index 11a364c..744cda4 100644 --- a/secure/lib/libcrypto/man/rsa.3 +++ b/secure/lib/libcrypto/man/rsa.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "rsa 3" -.TH rsa 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH rsa 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/sha.3 b/secure/lib/libcrypto/man/sha.3 index dbaf4e8..622af42 100644 --- a/secure/lib/libcrypto/man/sha.3 +++ b/secure/lib/libcrypto/man/sha.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "sha 3" -.TH sha 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH sha 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/threads.3 b/secure/lib/libcrypto/man/threads.3 index 07e763e..0a661cf 100644 --- a/secure/lib/libcrypto/man/threads.3 +++ b/secure/lib/libcrypto/man/threads.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "threads 3" -.TH threads 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH threads 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ui.3 b/secure/lib/libcrypto/man/ui.3 index 5d98570..448c761 100644 --- a/secure/lib/libcrypto/man/ui.3 +++ b/secure/lib/libcrypto/man/ui.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ui 3" -.TH ui 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH ui 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ui_compat.3 b/secure/lib/libcrypto/man/ui_compat.3 index 15894d5..07dc4ee 100644 --- a/secure/lib/libcrypto/man/ui_compat.3 +++ b/secure/lib/libcrypto/man/ui_compat.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ui_compat 3" -.TH ui_compat 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH ui_compat 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/x509.3 b/secure/lib/libcrypto/man/x509.3 index 7cbfada..e5c41b9 100644 --- a/secure/lib/libcrypto/man/x509.3 +++ b/secure/lib/libcrypto/man/x509.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "x509 3" -.TH x509 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH x509 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/Makefile.man b/secure/lib/libssl/Makefile.man index 5302f4f..51fe6fd 100644 --- a/secure/lib/libssl/Makefile.man +++ b/secure/lib/libssl/Makefile.man @@ -87,6 +87,7 @@ MAN+= ssl.3 MLINKS+= SSL_CIPHER_get_name.3 SSL_CIPHER_get_bits.3 MLINKS+= SSL_CIPHER_get_name.3 SSL_CIPHER_get_version.3 MLINKS+= SSL_CIPHER_get_name.3 SSL_CIPHER_description.3 +MLINKS+= SSL_CTX_add_extra_chain_cert.3 SSL_CTX_clear_extra_chain_certs.3 MLINKS+= SSL_CTX_add_session.3 SSL_add_session.3 MLINKS+= SSL_CTX_add_session.3 SSL_CTX_remove_session.3 MLINKS+= SSL_CTX_add_session.3 SSL_remove_session.3 diff --git a/secure/lib/libssl/man/SSL_CIPHER_get_name.3 b/secure/lib/libssl/man/SSL_CIPHER_get_name.3 index db90114..b30d37e 100644 --- a/secure/lib/libssl/man/SSL_CIPHER_get_name.3 +++ b/secure/lib/libssl/man/SSL_CIPHER_get_name.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CIPHER_get_name 3" -.TH SSL_CIPHER_get_name 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CIPHER_get_name 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 b/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 index d8b4a76..5bb99e3 100644 --- a/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 +++ b/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_COMP_add_compression_method 3" -.TH SSL_COMP_add_compression_method 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_COMP_add_compression_method 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 b/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 index aba4756..aa18597 100644 --- a/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 +++ b/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,34 +133,44 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_add_extra_chain_cert 3" -.TH SSL_CTX_add_extra_chain_cert 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_add_extra_chain_cert 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_CTX_add_extra_chain_cert \- add certificate to chain +SSL_CTX_add_extra_chain_cert, SSL_CTX_clear_extra_chain_certs \- add or clear +extra chain certificates .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> \& -\& long SSL_CTX_add_extra_chain_cert(SSL_CTX ctx, X509 *x509) +\& long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509); +\& long SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_add_extra_chain_cert()\fR adds the certificate \fBx509\fR to the certificate -chain presented together with the certificate. Several certificates -can be added one after the other. +\&\fISSL_CTX_add_extra_chain_cert()\fR adds the certificate \fBx509\fR to the extra chain +certificates associated with \fBctx\fR. Several certificates can be added one +after another. +.PP +\&\fISSL_CTX_clear_extra_chain_certs()\fR clears all extra chain certificates +associated with \fBctx\fR. +.PP +These functions are implemented as macros. .SH "NOTES" .IX Header "NOTES" -When constructing the certificate chain, the chain will be formed from -these certificates explicitly specified. If no chain is specified, -the library will try to complete the chain from the available \s-1CA\s0 -certificates in the trusted \s-1CA\s0 storage, see +When sending a certificate chain, extra chain certificates are sent in order +following the end entity certificate. +.PP +If no chain is specified, the library will try to complete the chain from the +available \s-1CA\s0 certificates in the trusted \s-1CA\s0 storage, see \&\fISSL_CTX_load_verify_locations\fR\|(3). .PP -The \fBx509\fR certificate provided to \fISSL_CTX_add_extra_chain_cert()\fR will be freed by the library when the \fB\s-1SSL_CTX\s0\fR is destroyed. An application \fBshould not\fR free the \fBx509\fR object. +The \fBx509\fR certificate provided to \fISSL_CTX_add_extra_chain_cert()\fR will be +freed by the library when the \fB\s-1SSL_CTX\s0\fR is destroyed. An application +\&\fBshould not\fR free the \fBx509\fR object. .SH "RESTRICTIONS" .IX Header "RESTRICTIONS" Only one set of extra chain certificates can be specified per \s-1SSL_CTX\s0 @@ -170,8 +180,9 @@ structures with the same parent \s-1SSL_CTX\s0 cannot be specified using this function. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_add_extra_chain_cert()\fR returns 1 on success. Check out the -error stack to find out the reason for failure otherwise. +\&\fISSL_CTX_add_extra_chain_cert()\fR and \fISSL_CTX_clear_extra_chain_certs()\fR return +1 on success and 0 for failure. Check out the error stack to find out the +reason for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIssl\fR\|(3), diff --git a/secure/lib/libssl/man/SSL_CTX_add_session.3 b/secure/lib/libssl/man/SSL_CTX_add_session.3 index 5215c74..91c5c7a 100644 --- a/secure/lib/libssl/man/SSL_CTX_add_session.3 +++ b/secure/lib/libssl/man/SSL_CTX_add_session.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_add_session 3" -.TH SSL_CTX_add_session 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_add_session 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_ctrl.3 b/secure/lib/libssl/man/SSL_CTX_ctrl.3 index b74fd36..5816f94 100644 --- a/secure/lib/libssl/man/SSL_CTX_ctrl.3 +++ b/secure/lib/libssl/man/SSL_CTX_ctrl.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_ctrl 3" -.TH SSL_CTX_ctrl 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_ctrl 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 b/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 index 671ad58..ec0c325 100644 --- a/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 +++ b/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_flush_sessions 3" -.TH SSL_CTX_flush_sessions 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_flush_sessions 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_free.3 b/secure/lib/libssl/man/SSL_CTX_free.3 index b627fc9..09fca80 100644 --- a/secure/lib/libssl/man/SSL_CTX_free.3 +++ b/secure/lib/libssl/man/SSL_CTX_free.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_free 3" -.TH SSL_CTX_free 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_free 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 b/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 index f8ebb59..b5c5e94 100644 --- a/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 +++ b/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_get_ex_new_index 3" -.TH SSL_CTX_get_ex_new_index 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_get_ex_new_index 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 b/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 index 0169da7..7f16b3a 100644 --- a/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 +++ b/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_get_verify_mode 3" -.TH SSL_CTX_get_verify_mode 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_get_verify_mode 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 b/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 index ac1ebcf..c797806 100644 --- a/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 +++ b/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_load_verify_locations 3" -.TH SSL_CTX_load_verify_locations 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_load_verify_locations 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_new.3 b/secure/lib/libssl/man/SSL_CTX_new.3 index 1395429..16599ad 100644 --- a/secure/lib/libssl/man/SSL_CTX_new.3 +++ b/secure/lib/libssl/man/SSL_CTX_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_new 3" -.TH SSL_CTX_new 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_new 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_sess_number.3 b/secure/lib/libssl/man/SSL_CTX_sess_number.3 index d980b8b..7915bba 100644 --- a/secure/lib/libssl/man/SSL_CTX_sess_number.3 +++ b/secure/lib/libssl/man/SSL_CTX_sess_number.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_sess_number 3" -.TH SSL_CTX_sess_number 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_sess_number 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 b/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 index 8bf5a0f..766a2a4 100644 --- a/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 +++ b/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_sess_set_cache_size 3" -.TH SSL_CTX_sess_set_cache_size 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_sess_set_cache_size 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 b/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 index 370c2e4..7035e8d 100644 --- a/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 +++ b/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_sess_set_get_cb 3" -.TH SSL_CTX_sess_set_get_cb 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_sess_set_get_cb 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_sessions.3 b/secure/lib/libssl/man/SSL_CTX_sessions.3 index 36dbf68..e1652b5 100644 --- a/secure/lib/libssl/man/SSL_CTX_sessions.3 +++ b/secure/lib/libssl/man/SSL_CTX_sessions.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_sessions 3" -.TH SSL_CTX_sessions 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_sessions 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 b/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 index 5d17a91..f6bb86d 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_cert_store 3" -.TH SSL_CTX_set_cert_store 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_set_cert_store 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 index 5d86dc3..24fb1ed 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_cert_verify_callback 3" -.TH SSL_CTX_set_cert_verify_callback 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_set_cert_verify_callback 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 b/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 index e0243d6..56cd50c 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_cipher_list 3" -.TH SSL_CTX_set_cipher_list 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_set_cipher_list 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 b/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 index 3746b3b..6a885db 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_client_CA_list 3" -.TH SSL_CTX_set_client_CA_list 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_set_client_CA_list 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 b/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 index ef24866..1007c63 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_client_cert_cb 3" -.TH SSL_CTX_set_client_cert_cb 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_set_client_cert_cb 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 b/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 index 9dab343..a5332a6 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_default_passwd_cb 3" -.TH SSL_CTX_set_default_passwd_cb 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_set_default_passwd_cb 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 b/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 index cd51338..2b0fb90 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_generate_session_id 3" -.TH SSL_CTX_set_generate_session_id 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_set_generate_session_id 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 index 58ee7a2..4f51d2c 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_info_callback 3" -.TH SSL_CTX_set_info_callback 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_set_info_callback 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 b/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 index 265cc55..ce3d04d 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_max_cert_list 3" -.TH SSL_CTX_set_max_cert_list 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_set_max_cert_list 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_mode.3 b/secure/lib/libssl/man/SSL_CTX_set_mode.3 index b1502ff..eff8561 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_mode.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_mode.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_mode 3" -.TH SSL_CTX_set_mode 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_set_mode 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 index 3bfa3d5..88fe01f 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_msg_callback 3" -.TH SSL_CTX_set_msg_callback 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_set_msg_callback 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_options.3 b/secure/lib/libssl/man/SSL_CTX_set_options.3 index 3747de6..a30e59d 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_options.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_options.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_options 3" -.TH SSL_CTX_set_options 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_set_options 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3 index 54bbe43..3a7ce04 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_psk_client_callback 3" -.TH SSL_CTX_set_psk_client_callback 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_set_psk_client_callback 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 b/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 index 9520211..1161d81 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_quiet_shutdown 3" -.TH SSL_CTX_set_quiet_shutdown 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_set_quiet_shutdown 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_read_ahead.3 b/secure/lib/libssl/man/SSL_CTX_set_read_ahead.3 index d72eb46..f69aef3 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_read_ahead.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_read_ahead.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_read_ahead 3" -.TH SSL_CTX_set_read_ahead 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_set_read_ahead 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 b/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 index dac4b7d..8844780 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_session_cache_mode 3" -.TH SSL_CTX_set_session_cache_mode 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_set_session_cache_mode 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 b/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 index 31dea8b..ddd0774 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_session_id_context 3" -.TH SSL_CTX_set_session_id_context 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_set_session_id_context 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 b/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 index ebce586..dceba0e 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_ssl_version 3" -.TH SSL_CTX_set_ssl_version 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_set_ssl_version 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_timeout.3 b/secure/lib/libssl/man/SSL_CTX_set_timeout.3 index e9471a0..faf9560 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_timeout.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_timeout.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_timeout 3" -.TH SSL_CTX_set_timeout 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_set_timeout 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 b/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 index 0e442ea..acc0910 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_tlsext_ticket_key_cb 3" -.TH SSL_CTX_set_tlsext_ticket_key_cb 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_set_tlsext_ticket_key_cb 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 index d58f518..a88137c 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_tmp_dh_callback 3" -.TH SSL_CTX_set_tmp_dh_callback 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_set_tmp_dh_callback 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 index 2338021..ea1846a 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_tmp_rsa_callback 3" -.TH SSL_CTX_set_tmp_rsa_callback 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_set_tmp_rsa_callback 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_verify.3 b/secure/lib/libssl/man/SSL_CTX_set_verify.3 index 1e4b37d..89d4435 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_verify.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_verify.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_verify 3" -.TH SSL_CTX_set_verify 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_set_verify 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_use_certificate.3 b/secure/lib/libssl/man/SSL_CTX_use_certificate.3 index 293b584..5266305 100644 --- a/secure/lib/libssl/man/SSL_CTX_use_certificate.3 +++ b/secure/lib/libssl/man/SSL_CTX_use_certificate.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_use_certificate 3" -.TH SSL_CTX_use_certificate 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_use_certificate 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3 b/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3 index 04ea12a..a4a3000 100644 --- a/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3 +++ b/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_use_psk_identity_hint 3" -.TH SSL_CTX_use_psk_identity_hint 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_use_psk_identity_hint 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_SESSION_free.3 b/secure/lib/libssl/man/SSL_SESSION_free.3 index 52a5490..af060c8 100644 --- a/secure/lib/libssl/man/SSL_SESSION_free.3 +++ b/secure/lib/libssl/man/SSL_SESSION_free.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_free 3" -.TH SSL_SESSION_free 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_SESSION_free 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 b/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 index b861fe3..5885405 100644 --- a/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 +++ b/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_get_ex_new_index 3" -.TH SSL_SESSION_get_ex_new_index 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_SESSION_get_ex_new_index 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_SESSION_get_time.3 b/secure/lib/libssl/man/SSL_SESSION_get_time.3 index 669901e..0e5b6de 100644 --- a/secure/lib/libssl/man/SSL_SESSION_get_time.3 +++ b/secure/lib/libssl/man/SSL_SESSION_get_time.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_get_time 3" -.TH SSL_SESSION_get_time 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_SESSION_get_time 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_accept.3 b/secure/lib/libssl/man/SSL_accept.3 index 0636013..b34042a 100644 --- a/secure/lib/libssl/man/SSL_accept.3 +++ b/secure/lib/libssl/man/SSL_accept.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_accept 3" -.TH SSL_accept 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_accept 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_alert_type_string.3 b/secure/lib/libssl/man/SSL_alert_type_string.3 index 476983d..27ca8e3 100644 --- a/secure/lib/libssl/man/SSL_alert_type_string.3 +++ b/secure/lib/libssl/man/SSL_alert_type_string.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_alert_type_string 3" -.TH SSL_alert_type_string 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_alert_type_string 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_clear.3 b/secure/lib/libssl/man/SSL_clear.3 index 1226faa..7da1d75 100644 --- a/secure/lib/libssl/man/SSL_clear.3 +++ b/secure/lib/libssl/man/SSL_clear.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_clear 3" -.TH SSL_clear 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_clear 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_connect.3 b/secure/lib/libssl/man/SSL_connect.3 index b82e103..f5911b2 100644 --- a/secure/lib/libssl/man/SSL_connect.3 +++ b/secure/lib/libssl/man/SSL_connect.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_connect 3" -.TH SSL_connect 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_connect 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_do_handshake.3 b/secure/lib/libssl/man/SSL_do_handshake.3 index 3d62274..62f1060 100644 --- a/secure/lib/libssl/man/SSL_do_handshake.3 +++ b/secure/lib/libssl/man/SSL_do_handshake.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_do_handshake 3" -.TH SSL_do_handshake 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_do_handshake 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_free.3 b/secure/lib/libssl/man/SSL_free.3 index f2dc9d8..753c627 100644 --- a/secure/lib/libssl/man/SSL_free.3 +++ b/secure/lib/libssl/man/SSL_free.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_free 3" -.TH SSL_free 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_free 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_SSL_CTX.3 b/secure/lib/libssl/man/SSL_get_SSL_CTX.3 index e33e11e..1d09f07 100644 --- a/secure/lib/libssl/man/SSL_get_SSL_CTX.3 +++ b/secure/lib/libssl/man/SSL_get_SSL_CTX.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_SSL_CTX 3" -.TH SSL_get_SSL_CTX 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_get_SSL_CTX 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_ciphers.3 b/secure/lib/libssl/man/SSL_get_ciphers.3 index e31ba68..498269d 100644 --- a/secure/lib/libssl/man/SSL_get_ciphers.3 +++ b/secure/lib/libssl/man/SSL_get_ciphers.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_ciphers 3" -.TH SSL_get_ciphers 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_get_ciphers 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_client_CA_list.3 b/secure/lib/libssl/man/SSL_get_client_CA_list.3 index 47a8ba5..bf6dcf4 100644 --- a/secure/lib/libssl/man/SSL_get_client_CA_list.3 +++ b/secure/lib/libssl/man/SSL_get_client_CA_list.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_client_CA_list 3" -.TH SSL_get_client_CA_list 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_get_client_CA_list 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_current_cipher.3 b/secure/lib/libssl/man/SSL_get_current_cipher.3 index 041ec39..4c21256 100644 --- a/secure/lib/libssl/man/SSL_get_current_cipher.3 +++ b/secure/lib/libssl/man/SSL_get_current_cipher.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_current_cipher 3" -.TH SSL_get_current_cipher 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_get_current_cipher 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_default_timeout.3 b/secure/lib/libssl/man/SSL_get_default_timeout.3 index fd3298a..7c377fd 100644 --- a/secure/lib/libssl/man/SSL_get_default_timeout.3 +++ b/secure/lib/libssl/man/SSL_get_default_timeout.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_default_timeout 3" -.TH SSL_get_default_timeout 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_get_default_timeout 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_error.3 b/secure/lib/libssl/man/SSL_get_error.3 index ce9d766..77463ac 100644 --- a/secure/lib/libssl/man/SSL_get_error.3 +++ b/secure/lib/libssl/man/SSL_get_error.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_error 3" -.TH SSL_get_error 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_get_error 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 b/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 index 0758afa..c8f15cd 100644 --- a/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 +++ b/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_ex_data_X509_STORE_CTX_idx 3" -.TH SSL_get_ex_data_X509_STORE_CTX_idx 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_get_ex_data_X509_STORE_CTX_idx 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_ex_new_index.3 b/secure/lib/libssl/man/SSL_get_ex_new_index.3 index 8343610..7616324 100644 --- a/secure/lib/libssl/man/SSL_get_ex_new_index.3 +++ b/secure/lib/libssl/man/SSL_get_ex_new_index.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_ex_new_index 3" -.TH SSL_get_ex_new_index 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_get_ex_new_index 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_fd.3 b/secure/lib/libssl/man/SSL_get_fd.3 index 610e409..a27e005 100644 --- a/secure/lib/libssl/man/SSL_get_fd.3 +++ b/secure/lib/libssl/man/SSL_get_fd.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_fd 3" -.TH SSL_get_fd 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_get_fd 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 b/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 index e63045b..4e77651 100644 --- a/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 +++ b/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_peer_cert_chain 3" -.TH SSL_get_peer_cert_chain 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_get_peer_cert_chain 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_peer_certificate.3 b/secure/lib/libssl/man/SSL_get_peer_certificate.3 index b908dd7..d238a62 100644 --- a/secure/lib/libssl/man/SSL_get_peer_certificate.3 +++ b/secure/lib/libssl/man/SSL_get_peer_certificate.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_peer_certificate 3" -.TH SSL_get_peer_certificate 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_get_peer_certificate 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_psk_identity.3 b/secure/lib/libssl/man/SSL_get_psk_identity.3 index 7849428..1ccf30a 100644 --- a/secure/lib/libssl/man/SSL_get_psk_identity.3 +++ b/secure/lib/libssl/man/SSL_get_psk_identity.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_psk_identity 3" -.TH SSL_get_psk_identity 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_get_psk_identity 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_rbio.3 b/secure/lib/libssl/man/SSL_get_rbio.3 index b4f6682..22335ae 100644 --- a/secure/lib/libssl/man/SSL_get_rbio.3 +++ b/secure/lib/libssl/man/SSL_get_rbio.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_rbio 3" -.TH SSL_get_rbio 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_get_rbio 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_session.3 b/secure/lib/libssl/man/SSL_get_session.3 index 58ccee0..7cbf7a4 100644 --- a/secure/lib/libssl/man/SSL_get_session.3 +++ b/secure/lib/libssl/man/SSL_get_session.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_session 3" -.TH SSL_get_session 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_get_session 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_verify_result.3 b/secure/lib/libssl/man/SSL_get_verify_result.3 index 898c0a0..7ca74cf 100644 --- a/secure/lib/libssl/man/SSL_get_verify_result.3 +++ b/secure/lib/libssl/man/SSL_get_verify_result.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_verify_result 3" -.TH SSL_get_verify_result 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_get_verify_result 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_version.3 b/secure/lib/libssl/man/SSL_get_version.3 index 672e51f..bd561d1 100644 --- a/secure/lib/libssl/man/SSL_get_version.3 +++ b/secure/lib/libssl/man/SSL_get_version.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_version 3" -.TH SSL_get_version 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_get_version 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_library_init.3 b/secure/lib/libssl/man/SSL_library_init.3 index 41c9a78..b5e311a 100644 --- a/secure/lib/libssl/man/SSL_library_init.3 +++ b/secure/lib/libssl/man/SSL_library_init.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_library_init 3" -.TH SSL_library_init 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_library_init 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_load_client_CA_file.3 b/secure/lib/libssl/man/SSL_load_client_CA_file.3 index 2fadca2..8c030e1 100644 --- a/secure/lib/libssl/man/SSL_load_client_CA_file.3 +++ b/secure/lib/libssl/man/SSL_load_client_CA_file.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_load_client_CA_file 3" -.TH SSL_load_client_CA_file 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_load_client_CA_file 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_new.3 b/secure/lib/libssl/man/SSL_new.3 index dd76ac5..0bb927e 100644 --- a/secure/lib/libssl/man/SSL_new.3 +++ b/secure/lib/libssl/man/SSL_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_new 3" -.TH SSL_new 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_new 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_pending.3 b/secure/lib/libssl/man/SSL_pending.3 index 975f6e1..0bb05a8 100644 --- a/secure/lib/libssl/man/SSL_pending.3 +++ b/secure/lib/libssl/man/SSL_pending.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_pending 3" -.TH SSL_pending 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_pending 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_read.3 b/secure/lib/libssl/man/SSL_read.3 index 5cb35f8..59f96df 100644 --- a/secure/lib/libssl/man/SSL_read.3 +++ b/secure/lib/libssl/man/SSL_read.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_read 3" -.TH SSL_read 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_read 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_rstate_string.3 b/secure/lib/libssl/man/SSL_rstate_string.3 index 6c83879..b98d8ba 100644 --- a/secure/lib/libssl/man/SSL_rstate_string.3 +++ b/secure/lib/libssl/man/SSL_rstate_string.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_rstate_string 3" -.TH SSL_rstate_string 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_rstate_string 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_session_reused.3 b/secure/lib/libssl/man/SSL_session_reused.3 index 278e81a..6d2db09 100644 --- a/secure/lib/libssl/man/SSL_session_reused.3 +++ b/secure/lib/libssl/man/SSL_session_reused.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_session_reused 3" -.TH SSL_session_reused 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_session_reused 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_set_bio.3 b/secure/lib/libssl/man/SSL_set_bio.3 index c7c3bf9..461d3fa 100644 --- a/secure/lib/libssl/man/SSL_set_bio.3 +++ b/secure/lib/libssl/man/SSL_set_bio.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_set_bio 3" -.TH SSL_set_bio 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_set_bio 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_set_connect_state.3 b/secure/lib/libssl/man/SSL_set_connect_state.3 index b937dc1..f56d614 100644 --- a/secure/lib/libssl/man/SSL_set_connect_state.3 +++ b/secure/lib/libssl/man/SSL_set_connect_state.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_set_connect_state 3" -.TH SSL_set_connect_state 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_set_connect_state 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_set_fd.3 b/secure/lib/libssl/man/SSL_set_fd.3 index 2cb4fdc..035877f 100644 --- a/secure/lib/libssl/man/SSL_set_fd.3 +++ b/secure/lib/libssl/man/SSL_set_fd.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_set_fd 3" -.TH SSL_set_fd 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_set_fd 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_set_session.3 b/secure/lib/libssl/man/SSL_set_session.3 index 42c6eb0..fbe2d10 100644 --- a/secure/lib/libssl/man/SSL_set_session.3 +++ b/secure/lib/libssl/man/SSL_set_session.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_set_session 3" -.TH SSL_set_session 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_set_session 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_set_shutdown.3 b/secure/lib/libssl/man/SSL_set_shutdown.3 index ec6b0ba..8957c36 100644 --- a/secure/lib/libssl/man/SSL_set_shutdown.3 +++ b/secure/lib/libssl/man/SSL_set_shutdown.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_set_shutdown 3" -.TH SSL_set_shutdown 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_set_shutdown 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_set_verify_result.3 b/secure/lib/libssl/man/SSL_set_verify_result.3 index 3e00707..0159565 100644 --- a/secure/lib/libssl/man/SSL_set_verify_result.3 +++ b/secure/lib/libssl/man/SSL_set_verify_result.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_set_verify_result 3" -.TH SSL_set_verify_result 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_set_verify_result 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_shutdown.3 b/secure/lib/libssl/man/SSL_shutdown.3 index 24b81bc..35607aa 100644 --- a/secure/lib/libssl/man/SSL_shutdown.3 +++ b/secure/lib/libssl/man/SSL_shutdown.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_shutdown 3" -.TH SSL_shutdown 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_shutdown 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_state_string.3 b/secure/lib/libssl/man/SSL_state_string.3 index 5c44d91..46aeed3 100644 --- a/secure/lib/libssl/man/SSL_state_string.3 +++ b/secure/lib/libssl/man/SSL_state_string.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_state_string 3" -.TH SSL_state_string 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_state_string 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_want.3 b/secure/lib/libssl/man/SSL_want.3 index 87b19d8..da6e323 100644 --- a/secure/lib/libssl/man/SSL_want.3 +++ b/secure/lib/libssl/man/SSL_want.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_want 3" -.TH SSL_want 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_want 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_write.3 b/secure/lib/libssl/man/SSL_write.3 index c66c99d..500e8d4 100644 --- a/secure/lib/libssl/man/SSL_write.3 +++ b/secure/lib/libssl/man/SSL_write.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_write 3" -.TH SSL_write 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_write 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/d2i_SSL_SESSION.3 b/secure/lib/libssl/man/d2i_SSL_SESSION.3 index fc6269a..561e7f6 100644 --- a/secure/lib/libssl/man/d2i_SSL_SESSION.3 +++ b/secure/lib/libssl/man/d2i_SSL_SESSION.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "d2i_SSL_SESSION 3" -.TH d2i_SSL_SESSION 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH d2i_SSL_SESSION 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/ssl.3 b/secure/lib/libssl/man/ssl.3 index b4c2649..79065cd 100644 --- a/secure/lib/libssl/man/ssl.3 +++ b/secure/lib/libssl/man/ssl.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ssl 3" -.TH ssl 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH ssl 3 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/libexec/Makefile b/secure/libexec/Makefile index 9edc8e6..484bad8 100644 --- a/secure/libexec/Makefile +++ b/secure/libexec/Makefile @@ -11,4 +11,6 @@ SUBDIR+=sftp-server ssh-keysign ssh-pkcs11-helper SUBDIR+=tests .endif +SUBDIR_PARALLEL= + .include <bsd.subdir.mk> diff --git a/secure/usr.bin/Makefile b/secure/usr.bin/Makefile index e819ba7..8de53e2 100644 --- a/secure/usr.bin/Makefile +++ b/secure/usr.bin/Makefile @@ -14,4 +14,6 @@ SUBDIR+=scp sftp ssh ssh-add ssh-agent ssh-keygen ssh-keyscan SUBDIR+=tests .endif +SUBDIR_PARALLEL= + .include <bsd.subdir.mk> diff --git a/secure/usr.bin/openssl/man/CA.pl.1 b/secure/usr.bin/openssl/man/CA.pl.1 index feb02cf..30ba763 100644 --- a/secure/usr.bin/openssl/man/CA.pl.1 +++ b/secure/usr.bin/openssl/man/CA.pl.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CA.PL 1" -.TH CA.PL 1 "2015-07-09" "1.0.1p" "OpenSSL" +.TH CA.PL 1 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/asn1parse.1 b/secure/usr.bin/openssl/man/asn1parse.1 index 5cdea68..932fb60 100644 --- a/secure/usr.bin/openssl/man/asn1parse.1 +++ b/secure/usr.bin/openssl/man/asn1parse.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ASN1PARSE 1" -.TH ASN1PARSE 1 "2015-07-09" "1.0.1p" "OpenSSL" +.TH ASN1PARSE 1 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/c_rehash.1 b/secure/usr.bin/openssl/man/c_rehash.1 index 3b0365b..0121772 100644 --- a/secure/usr.bin/openssl/man/c_rehash.1 +++ b/secure/usr.bin/openssl/man/c_rehash.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "C_REHASH 1" -.TH C_REHASH 1 "2015-07-09" "1.0.1p" "OpenSSL" +.TH C_REHASH 1 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/ca.1 b/secure/usr.bin/openssl/man/ca.1 index 76df602..540a067 100644 --- a/secure/usr.bin/openssl/man/ca.1 +++ b/secure/usr.bin/openssl/man/ca.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CA 1" -.TH CA 1 "2015-07-09" "1.0.1p" "OpenSSL" +.TH CA 1 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/ciphers.1 b/secure/usr.bin/openssl/man/ciphers.1 index a79ee7a..da24511 100644 --- a/secure/usr.bin/openssl/man/ciphers.1 +++ b/secure/usr.bin/openssl/man/ciphers.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CIPHERS 1" -.TH CIPHERS 1 "2015-07-09" "1.0.1p" "OpenSSL" +.TH CIPHERS 1 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -304,8 +304,8 @@ keys or either respectively. .IX Item "kEECDH" cipher suites using ephemeral \s-1ECDH\s0 key agreement, including anonymous cipher suites. -.IP "\fB\s-1EECDHE\s0\fR" 4 -.IX Item "EECDHE" +.IP "\fB\s-1EECDH\s0\fR" 4 +.IX Item "EECDH" cipher suites using authenticated ephemeral \s-1ECDH\s0 key agreement. .IP "\fB\s-1AECDH\s0\fR" 4 .IX Item "AECDH" diff --git a/secure/usr.bin/openssl/man/cms.1 b/secure/usr.bin/openssl/man/cms.1 index 106bb70..9b2542c 100644 --- a/secure/usr.bin/openssl/man/cms.1 +++ b/secure/usr.bin/openssl/man/cms.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS 1" -.TH CMS 1 "2015-07-09" "1.0.1p" "OpenSSL" +.TH CMS 1 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/crl.1 b/secure/usr.bin/openssl/man/crl.1 index 564fce0..2bead51 100644 --- a/secure/usr.bin/openssl/man/crl.1 +++ b/secure/usr.bin/openssl/man/crl.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CRL 1" -.TH CRL 1 "2015-07-09" "1.0.1p" "OpenSSL" +.TH CRL 1 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/crl2pkcs7.1 b/secure/usr.bin/openssl/man/crl2pkcs7.1 index 8c41ff9..c655135 100644 --- a/secure/usr.bin/openssl/man/crl2pkcs7.1 +++ b/secure/usr.bin/openssl/man/crl2pkcs7.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CRL2PKCS7 1" -.TH CRL2PKCS7 1 "2015-07-09" "1.0.1p" "OpenSSL" +.TH CRL2PKCS7 1 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/dgst.1 b/secure/usr.bin/openssl/man/dgst.1 index c2ec0a8..a26fe3b 100644 --- a/secure/usr.bin/openssl/man/dgst.1 +++ b/secure/usr.bin/openssl/man/dgst.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DGST 1" -.TH DGST 1 "2015-07-09" "1.0.1p" "OpenSSL" +.TH DGST 1 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,7 +149,6 @@ dgst, sha, sha1, mdc2, ripemd160, sha224, sha256, sha384, sha512, md2, md4, md5, [\fB\-hex\fR] [\fB\-binary\fR] [\fB\-r\fR] -[\fB\-hmac arg\fR] [\fB\-non\-fips\-allow\fR] [\fB\-out filename\fR] [\fB\-sign filename\fR] @@ -191,9 +190,6 @@ output the digest or signature in binary form. .IP "\fB\-r\fR" 4 .IX Item "-r" output the digest in the \*(L"coreutils\*(R" format used by programs like \fBsha1sum\fR. -.IP "\fB\-hmac arg\fR" 4 -.IX Item "-hmac arg" -set the \s-1HMAC\s0 key to \*(L"arg\*(R". .IP "\fB\-non\-fips\-allow\fR" 4 .IX Item "-non-fips-allow" Allow use of non \s-1FIPS\s0 digest when in \s-1FIPS\s0 mode. This has no effect when not in diff --git a/secure/usr.bin/openssl/man/dhparam.1 b/secure/usr.bin/openssl/man/dhparam.1 index ba49bd4..2dcb38d 100644 --- a/secure/usr.bin/openssl/man/dhparam.1 +++ b/secure/usr.bin/openssl/man/dhparam.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DHPARAM 1" -.TH DHPARAM 1 "2015-07-09" "1.0.1p" "OpenSSL" +.TH DHPARAM 1 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/dsa.1 b/secure/usr.bin/openssl/man/dsa.1 index 213c803..4eaaef3 100644 --- a/secure/usr.bin/openssl/man/dsa.1 +++ b/secure/usr.bin/openssl/man/dsa.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA 1" -.TH DSA 1 "2015-07-09" "1.0.1p" "OpenSSL" +.TH DSA 1 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/dsaparam.1 b/secure/usr.bin/openssl/man/dsaparam.1 index 2f76249..43c98b7 100644 --- a/secure/usr.bin/openssl/man/dsaparam.1 +++ b/secure/usr.bin/openssl/man/dsaparam.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSAPARAM 1" -.TH DSAPARAM 1 "2015-07-09" "1.0.1p" "OpenSSL" +.TH DSAPARAM 1 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/ec.1 b/secure/usr.bin/openssl/man/ec.1 index 99533b9..c9935dd 100644 --- a/secure/usr.bin/openssl/man/ec.1 +++ b/secure/usr.bin/openssl/man/ec.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EC 1" -.TH EC 1 "2015-07-09" "1.0.1p" "OpenSSL" +.TH EC 1 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/ecparam.1 b/secure/usr.bin/openssl/man/ecparam.1 index b03dad4..acf55a9 100644 --- a/secure/usr.bin/openssl/man/ecparam.1 +++ b/secure/usr.bin/openssl/man/ecparam.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ECPARAM 1" -.TH ECPARAM 1 "2015-07-09" "1.0.1p" "OpenSSL" +.TH ECPARAM 1 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/enc.1 b/secure/usr.bin/openssl/man/enc.1 index 6a7103f..ae50594 100644 --- a/secure/usr.bin/openssl/man/enc.1 +++ b/secure/usr.bin/openssl/man/enc.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ENC 1" -.TH ENC 1 "2015-07-09" "1.0.1p" "OpenSSL" +.TH ENC 1 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/errstr.1 b/secure/usr.bin/openssl/man/errstr.1 index 29b48ee..2fa1be9 100644 --- a/secure/usr.bin/openssl/man/errstr.1 +++ b/secure/usr.bin/openssl/man/errstr.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERRSTR 1" -.TH ERRSTR 1 "2015-07-09" "1.0.1p" "OpenSSL" +.TH ERRSTR 1 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/gendsa.1 b/secure/usr.bin/openssl/man/gendsa.1 index 70df180..84c2769 100644 --- a/secure/usr.bin/openssl/man/gendsa.1 +++ b/secure/usr.bin/openssl/man/gendsa.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "GENDSA 1" -.TH GENDSA 1 "2015-07-09" "1.0.1p" "OpenSSL" +.TH GENDSA 1 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/genpkey.1 b/secure/usr.bin/openssl/man/genpkey.1 index 0a40a3f..b5e9b69 100644 --- a/secure/usr.bin/openssl/man/genpkey.1 +++ b/secure/usr.bin/openssl/man/genpkey.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "GENPKEY 1" -.TH GENPKEY 1 "2015-07-09" "1.0.1p" "OpenSSL" +.TH GENPKEY 1 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/genrsa.1 b/secure/usr.bin/openssl/man/genrsa.1 index babce6d..526bac4 100644 --- a/secure/usr.bin/openssl/man/genrsa.1 +++ b/secure/usr.bin/openssl/man/genrsa.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "GENRSA 1" -.TH GENRSA 1 "2015-07-09" "1.0.1p" "OpenSSL" +.TH GENRSA 1 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,12 +146,6 @@ genrsa \- generate an RSA private key [\fB\-out filename\fR] [\fB\-passout arg\fR] [\fB\-aes128\fR] -[\fB\-aes128\fR] -[\fB\-aes192\fR] -[\fB\-aes256\fR] -[\fB\-camellia128\fR] -[\fB\-camellia192\fR] -[\fB\-camellia256\fR] [\fB\-aes192\fR] [\fB\-aes256\fR] [\fB\-camellia128\fR] diff --git a/secure/usr.bin/openssl/man/nseq.1 b/secure/usr.bin/openssl/man/nseq.1 index 796efa4..09754df 100644 --- a/secure/usr.bin/openssl/man/nseq.1 +++ b/secure/usr.bin/openssl/man/nseq.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "NSEQ 1" -.TH NSEQ 1 "2015-07-09" "1.0.1p" "OpenSSL" +.TH NSEQ 1 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/ocsp.1 b/secure/usr.bin/openssl/man/ocsp.1 index d45193d..b633f32 100644 --- a/secure/usr.bin/openssl/man/ocsp.1 +++ b/secure/usr.bin/openssl/man/ocsp.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OCSP 1" -.TH OCSP 1 "2015-07-09" "1.0.1p" "OpenSSL" +.TH OCSP 1 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/openssl.1 b/secure/usr.bin/openssl/man/openssl.1 index b2ae545..c3e5f69 100644 --- a/secure/usr.bin/openssl/man/openssl.1 +++ b/secure/usr.bin/openssl/man/openssl.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL 1" -.TH OPENSSL 1 "2015-07-09" "1.0.1p" "OpenSSL" +.TH OPENSSL 1 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/passwd.1 b/secure/usr.bin/openssl/man/passwd.1 index 705a8e3..98518b8 100644 --- a/secure/usr.bin/openssl/man/passwd.1 +++ b/secure/usr.bin/openssl/man/passwd.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PASSWD 1" -.TH PASSWD 1 "2015-07-09" "1.0.1p" "OpenSSL" +.TH PASSWD 1 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/pkcs12.1 b/secure/usr.bin/openssl/man/pkcs12.1 index ac98964..429cadd 100644 --- a/secure/usr.bin/openssl/man/pkcs12.1 +++ b/secure/usr.bin/openssl/man/pkcs12.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS12 1" -.TH PKCS12 1 "2015-07-09" "1.0.1p" "OpenSSL" +.TH PKCS12 1 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/pkcs7.1 b/secure/usr.bin/openssl/man/pkcs7.1 index deee40d..e3d3198 100644 --- a/secure/usr.bin/openssl/man/pkcs7.1 +++ b/secure/usr.bin/openssl/man/pkcs7.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7 1" -.TH PKCS7 1 "2015-07-09" "1.0.1p" "OpenSSL" +.TH PKCS7 1 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/pkcs8.1 b/secure/usr.bin/openssl/man/pkcs8.1 index 5824bd7..aaba3c2 100644 --- a/secure/usr.bin/openssl/man/pkcs8.1 +++ b/secure/usr.bin/openssl/man/pkcs8.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS8 1" -.TH PKCS8 1 "2015-07-09" "1.0.1p" "OpenSSL" +.TH PKCS8 1 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/pkey.1 b/secure/usr.bin/openssl/man/pkey.1 index f270aeb..42ba308 100644 --- a/secure/usr.bin/openssl/man/pkey.1 +++ b/secure/usr.bin/openssl/man/pkey.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKEY 1" -.TH PKEY 1 "2015-07-09" "1.0.1p" "OpenSSL" +.TH PKEY 1 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/pkeyparam.1 b/secure/usr.bin/openssl/man/pkeyparam.1 index 8b7d5bc..9d5de05 100644 --- a/secure/usr.bin/openssl/man/pkeyparam.1 +++ b/secure/usr.bin/openssl/man/pkeyparam.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKEYPARAM 1" -.TH PKEYPARAM 1 "2015-07-09" "1.0.1p" "OpenSSL" +.TH PKEYPARAM 1 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/pkeyutl.1 b/secure/usr.bin/openssl/man/pkeyutl.1 index 058292b..8da6bf2 100644 --- a/secure/usr.bin/openssl/man/pkeyutl.1 +++ b/secure/usr.bin/openssl/man/pkeyutl.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKEYUTL 1" -.TH PKEYUTL 1 "2015-07-09" "1.0.1p" "OpenSSL" +.TH PKEYUTL 1 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/rand.1 b/secure/usr.bin/openssl/man/rand.1 index 6161b76..d22f814 100644 --- a/secure/usr.bin/openssl/man/rand.1 +++ b/secure/usr.bin/openssl/man/rand.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RAND 1" -.TH RAND 1 "2015-07-09" "1.0.1p" "OpenSSL" +.TH RAND 1 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/req.1 b/secure/usr.bin/openssl/man/req.1 index 38d9849..c803c4e 100644 --- a/secure/usr.bin/openssl/man/req.1 +++ b/secure/usr.bin/openssl/man/req.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "REQ 1" -.TH REQ 1 "2015-07-09" "1.0.1p" "OpenSSL" +.TH REQ 1 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -564,7 +564,7 @@ be input by calling it \*(L"1.organizationName\*(R". The actual permitted field names are any object identifier short or long names. These are compiled into OpenSSL and include the usual values such as commonName, countryName, localityName, organizationName, -organizationUnitName, stateOrProvinceName. Additionally emailAddress +organizationalUnitName, stateOrProvinceName. Additionally emailAddress is include as well as name, surname, givenName initials and dnQualifier. .PP Additional object identifiers can be defined with the \fBoid_file\fR or diff --git a/secure/usr.bin/openssl/man/rsa.1 b/secure/usr.bin/openssl/man/rsa.1 index b240fb7..4bc57ee 100644 --- a/secure/usr.bin/openssl/man/rsa.1 +++ b/secure/usr.bin/openssl/man/rsa.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA 1" -.TH RSA 1 "2015-07-09" "1.0.1p" "OpenSSL" +.TH RSA 1 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/rsautl.1 b/secure/usr.bin/openssl/man/rsautl.1 index 368ba02..33c98be 100644 --- a/secure/usr.bin/openssl/man/rsautl.1 +++ b/secure/usr.bin/openssl/man/rsautl.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSAUTL 1" -.TH RSAUTL 1 "2015-07-09" "1.0.1p" "OpenSSL" +.TH RSAUTL 1 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/s_client.1 b/secure/usr.bin/openssl/man/s_client.1 index 266d567..0b84a7e 100644 --- a/secure/usr.bin/openssl/man/s_client.1 +++ b/secure/usr.bin/openssl/man/s_client.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "S_CLIENT 1" -.TH S_CLIENT 1 "2015-07-09" "1.0.1p" "OpenSSL" +.TH S_CLIENT 1 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/s_server.1 b/secure/usr.bin/openssl/man/s_server.1 index e2c2c39..a83480f 100644 --- a/secure/usr.bin/openssl/man/s_server.1 +++ b/secure/usr.bin/openssl/man/s_server.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "S_SERVER 1" -.TH S_SERVER 1 "2015-07-09" "1.0.1p" "OpenSSL" +.TH S_SERVER 1 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/s_time.1 b/secure/usr.bin/openssl/man/s_time.1 index 109df0f..84b2d8a 100644 --- a/secure/usr.bin/openssl/man/s_time.1 +++ b/secure/usr.bin/openssl/man/s_time.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "S_TIME 1" -.TH S_TIME 1 "2015-07-09" "1.0.1p" "OpenSSL" +.TH S_TIME 1 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/sess_id.1 b/secure/usr.bin/openssl/man/sess_id.1 index 1e25ad2..4db842c 100644 --- a/secure/usr.bin/openssl/man/sess_id.1 +++ b/secure/usr.bin/openssl/man/sess_id.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SESS_ID 1" -.TH SESS_ID 1 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SESS_ID 1 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/smime.1 b/secure/usr.bin/openssl/man/smime.1 index 86c0230..4296905 100644 --- a/secure/usr.bin/openssl/man/smime.1 +++ b/secure/usr.bin/openssl/man/smime.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SMIME 1" -.TH SMIME 1 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SMIME 1 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/speed.1 b/secure/usr.bin/openssl/man/speed.1 index 874e4f2..fd24af0 100644 --- a/secure/usr.bin/openssl/man/speed.1 +++ b/secure/usr.bin/openssl/man/speed.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SPEED 1" -.TH SPEED 1 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SPEED 1 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/spkac.1 b/secure/usr.bin/openssl/man/spkac.1 index f466ab5..4a76eae 100644 --- a/secure/usr.bin/openssl/man/spkac.1 +++ b/secure/usr.bin/openssl/man/spkac.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SPKAC 1" -.TH SPKAC 1 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SPKAC 1 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/ts.1 b/secure/usr.bin/openssl/man/ts.1 index fcc6d22..c5cd55d 100644 --- a/secure/usr.bin/openssl/man/ts.1 +++ b/secure/usr.bin/openssl/man/ts.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "TS 1" -.TH TS 1 "2015-07-09" "1.0.1p" "OpenSSL" +.TH TS 1 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/tsget.1 b/secure/usr.bin/openssl/man/tsget.1 index 597a74d..b1ec609 100644 --- a/secure/usr.bin/openssl/man/tsget.1 +++ b/secure/usr.bin/openssl/man/tsget.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "TSGET 1" -.TH TSGET 1 "2015-07-09" "1.0.1p" "OpenSSL" +.TH TSGET 1 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/verify.1 b/secure/usr.bin/openssl/man/verify.1 index dc602b4..ef16f13 100644 --- a/secure/usr.bin/openssl/man/verify.1 +++ b/secure/usr.bin/openssl/man/verify.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "VERIFY 1" -.TH VERIFY 1 "2015-07-09" "1.0.1p" "OpenSSL" +.TH VERIFY 1 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/version.1 b/secure/usr.bin/openssl/man/version.1 index 79305bb..907e116 100644 --- a/secure/usr.bin/openssl/man/version.1 +++ b/secure/usr.bin/openssl/man/version.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "VERSION 1" -.TH VERSION 1 "2015-07-09" "1.0.1p" "OpenSSL" +.TH VERSION 1 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/x509.1 b/secure/usr.bin/openssl/man/x509.1 index 9306e41..0039ce7 100644 --- a/secure/usr.bin/openssl/man/x509.1 +++ b/secure/usr.bin/openssl/man/x509.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509 1" -.TH X509 1 "2015-07-09" "1.0.1p" "OpenSSL" +.TH X509 1 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -572,7 +572,8 @@ very rare and their use is discouraged). The options ending in \&\*(L"space\*(R" additionally place a space after the separator to make it more readable. The \fBsep_multiline\fR uses a linefeed character for the \s-1RDN\s0 separator and a spaced \fB+\fR for the \s-1AVA\s0 separator. It also -indents the fields by four characters. +indents the fields by four characters. If no field separator is specified +then \fBsep_comma_plus_space\fR is used by default. .IP "\fBdn_rev\fR" 4 .IX Item "dn_rev" reverse the fields of the \s-1DN.\s0 This is required by \s-1RFC2253.\s0 As a side diff --git a/secure/usr.bin/openssl/man/x509v3_config.1 b/secure/usr.bin/openssl/man/x509v3_config.1 index 9e149f5..ce39278 100644 --- a/secure/usr.bin/openssl/man/x509v3_config.1 +++ b/secure/usr.bin/openssl/man/x509v3_config.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509V3_CONFIG 1" -.TH X509V3_CONFIG 1 "2015-07-09" "1.0.1p" "OpenSSL" +.TH X509V3_CONFIG 1 "2015-12-03" "1.0.1q" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.sbin/Makefile b/secure/usr.sbin/Makefile index 33d945c..37d8282 100644 --- a/secure/usr.sbin/Makefile +++ b/secure/usr.sbin/Makefile @@ -11,4 +11,6 @@ SUBDIR+=sshd SUBDIR+=tests .endif +SUBDIR_PARALLEL= + .include <bsd.subdir.mk> diff --git a/share/Makefile b/share/Makefile index 72b1b2e..078ee1d 100644 --- a/share/Makefile +++ b/share/Makefile @@ -98,4 +98,6 @@ _vt= vt _zoneinfo= zoneinfo .endif +SUBDIR_PARALLEL= + .include <bsd.subdir.mk> diff --git a/share/colldef/Makefile b/share/colldef/Makefile index 4b68f1e..b593894 100644 --- a/share/colldef/Makefile +++ b/share/colldef/Makefile @@ -42,7 +42,7 @@ LOCALES= bg_BG.CP1251 \ uk_UA.ISO8859-5 \ uk_UA.KOI8-U -LOCALEDIR= /usr/share/locale +LOCALEDIR= ${SHAREDIR}/locale .SUFFIXES: .src .out diff --git a/share/doc/Makefile b/share/doc/Makefile index d01a2b2..a8726bb 100644 --- a/share/doc/Makefile +++ b/share/doc/Makefile @@ -28,6 +28,8 @@ _IPv6= IPv6 _roffdocs= papers psd smm usd .endif +SUBDIR_PARALLEL= + # Default output format for troff documents is ascii. # To generate postscript versions of troff documents, use: # make PRINTERDEVICE=ps diff --git a/share/doc/legal/Makefile b/share/doc/legal/Makefile index 9590800..345eafc 100644 --- a/share/doc/legal/Makefile +++ b/share/doc/legal/Makefile @@ -6,4 +6,6 @@ SUBDIR= intel_ipw \ intel_wpi \ realtek +SUBDIR_PARALLEL= + .include <bsd.subdir.mk> diff --git a/share/doc/papers/Makefile b/share/doc/papers/Makefile index 866fe20..c126345 100644 --- a/share/doc/papers/Makefile +++ b/share/doc/papers/Makefile @@ -16,4 +16,6 @@ SUBDIR= beyond4.3 \ sysperf \ timecounter +SUBDIR_PARALLEL= + .include <bsd.subdir.mk> diff --git a/share/doc/psd/Makefile b/share/doc/psd/Makefile index 243ba99..6b6d9cd 100644 --- a/share/doc/psd/Makefile +++ b/share/doc/psd/Makefile @@ -37,4 +37,6 @@ SUBDIR+=22.rpcgen \ 26.rpcrfc \ 27.nfsrpc +SUBDIR_PARALLEL= + .include <bsd.subdir.mk> diff --git a/share/doc/smm/Makefile b/share/doc/smm/Makefile index fd42bd4..fd7a23f 100644 --- a/share/doc/smm/Makefile +++ b/share/doc/smm/Makefile @@ -32,4 +32,6 @@ _08.sendmailop= 08.sendmailop _07.lpd= 07.lpd .endif +SUBDIR_PARALLEL= + .include <bsd.subdir.mk> diff --git a/share/doc/usd/Makefile b/share/doc/usd/Makefile index 5fcb6b3..8638158 100644 --- a/share/doc/usd/Makefile +++ b/share/doc/usd/Makefile @@ -19,5 +19,6 @@ SUBDIR= title \ 20.meref \ 21.troff \ 22.trofftut +SUBDIR_PARALLEL= .include <bsd.subdir.mk> diff --git a/share/examples/Makefile b/share/examples/Makefile index 9d71e7a..ad4c40e 100644 --- a/share/examples/Makefile +++ b/share/examples/Makefile @@ -261,4 +261,6 @@ SUBDIR+=pf SUBDIR+=tests .endif +SUBDIR_PARALLEL= + .include <bsd.subdir.mk> diff --git a/share/examples/smbfs/Makefile b/share/examples/smbfs/Makefile index 9e5b99a..3867b80 100644 --- a/share/examples/smbfs/Makefile +++ b/share/examples/smbfs/Makefile @@ -1,7 +1,7 @@ # $FreeBSD$ NO_OBJ= -BINDIR= /usr/share/examples/smbfs +FILESDIR= ${SHAREDIR}/examples/smbfs FILES= dot.nsmbrc .PATH: ${.CURDIR}/../../../contrib/smbfs/examples diff --git a/share/examples/smbfs/print/Makefile b/share/examples/smbfs/print/Makefile index eb66815..67f4823 100644 --- a/share/examples/smbfs/print/Makefile +++ b/share/examples/smbfs/print/Makefile @@ -1,7 +1,7 @@ # $FreeBSD$ NO_OBJ= -BINDIR= /usr/share/examples/smbfs/print +FILESDIR= ${SHAREDIR}/examples/smbfs/print FILES= lj6l ljspool printcap.sample tolj .PATH: ${.CURDIR}/../../../../contrib/smbfs/examples/print diff --git a/share/i18n/Makefile b/share/i18n/Makefile index 1cadd54..b166d94 100644 --- a/share/i18n/Makefile +++ b/share/i18n/Makefile @@ -4,5 +4,6 @@ .include <bsd.own.mk> SUBDIR= csmapper esdb +SUBDIR_PARALLEL= .include <bsd.subdir.mk> diff --git a/share/i18n/csmapper/Makefile b/share/i18n/csmapper/Makefile index 7bca3ab..18ee8fc 100644 --- a/share/i18n/csmapper/Makefile +++ b/share/i18n/csmapper/Makefile @@ -5,6 +5,7 @@ FILESDIR= ${CSMAPPERDIR} SUBDIR= APPLE AST BIG5 CNS CP EBCDIC GB GEORGIAN ISO646 ISO-8859 JIS \ KAZAKH KOI KS MISC TCVN +SUBDIR_PARALLEL= mapper.dir: ${SUBDIR} newfile=$$(for i in ${SUBDIR}; do \ diff --git a/share/i18n/esdb/Makefile b/share/i18n/esdb/Makefile index 2b16d90..69d4445 100644 --- a/share/i18n/esdb/Makefile +++ b/share/i18n/esdb/Makefile @@ -5,6 +5,7 @@ FILESDIR= ${ESDBDIR} SUBDIR= APPLE AST BIG5 CP DEC EUC EBCDIC GB GEORGIAN ISO-2022 ISO-8859 \ ISO646 KAZAKH KOI MISC TCVN UTF +SUBDIR_PARALLEL= FILES+= esdb.dir esdb.dir.db esdb.alias esdb.alias.db CLEANFILES= ${FILES} diff --git a/share/keys/pkg/trusted/Makefile b/share/keys/pkg/trusted/Makefile index ee0d4c9..bc8d13a 100644 --- a/share/keys/pkg/trusted/Makefile +++ b/share/keys/pkg/trusted/Makefile @@ -4,7 +4,7 @@ NO_OBJ= FILES= pkg.freebsd.org.2013102301 -FILESDIR= /usr/share/keys/pkg/trusted +FILESDIR= ${SHAREDIR}/keys/pkg/trusted FILESMODE= 644 .include <bsd.prog.mk> diff --git a/share/man/Makefile b/share/man/Makefile index 524235c..d2638be 100644 --- a/share/man/Makefile +++ b/share/man/Makefile @@ -5,6 +5,7 @@ # XXX MISSING: man3f SUBDIR= man1 man3 man4 man5 man6 man7 man8 man9 +SUBDIR_PARALLEL= MAKEWHATIS?= makewhatis diff --git a/share/man/man4/aue.4 b/share/man/man4/aue.4 index c708c89..7fefa91 100644 --- a/share/man/man4/aue.4 +++ b/share/man/man4/aue.4 @@ -30,7 +30,7 @@ .\" .\" $FreeBSD$ .\" -.Dd October 7, 2006 +.Dd November 24, 2015 .Dt AUE 4 .Os .Sh NAME @@ -45,6 +45,7 @@ kernel configuration file: .Cd "device ohci" .Cd "device usb" .Cd "device miibus" +.Cd "device uether" .Cd "device aue" .Ed .Pp diff --git a/share/man/man4/axe.4 b/share/man/man4/axe.4 index 65e1887..5a26b64 100644 --- a/share/man/man4/axe.4 +++ b/share/man/man4/axe.4 @@ -30,7 +30,7 @@ .\" .\" $FreeBSD$ .\" -.Dd June 25, 2013 +.Dd November 24, 2015 .Dt AXE 4 .Os .Sh NAME @@ -46,6 +46,7 @@ kernel configuration file: .Cd "device ohci" .Cd "device usb" .Cd "device miibus" +.Cd "device uether" .Cd "device axe" .Ed .Pp diff --git a/share/man/man4/axge.4 b/share/man/man4/axge.4 index 33f7db3..4c91fcf 100644 --- a/share/man/man4/axge.4 +++ b/share/man/man4/axge.4 @@ -30,7 +30,7 @@ .\" .\" $FreeBSD$ .\" -.Dd November 22, 2013 +.Dd November 24, 2015 .Dt AXGE 4 .Os .Sh NAME @@ -47,6 +47,7 @@ kernel configuration file: .Cd "device ohci" .Cd "device usb" .Cd "device miibus" +.Cd "device uether" .Cd "device axge" .Ed .Pp diff --git a/share/man/man4/cdce.4 b/share/man/man4/cdce.4 index 9649cab..648f876 100644 --- a/share/man/man4/cdce.4 +++ b/share/man/man4/cdce.4 @@ -28,7 +28,7 @@ .\" $NetBSD: cdce.4,v 1.4 2004/12/08 18:35:56 peter Exp $ .\" $FreeBSD$ .\" -.Dd September 25, 2014 +.Dd November 24, 2015 .Dt CDCE 4 .Os .Sh NAME @@ -42,6 +42,8 @@ kernel configuration file: .Cd "device uhci" .Cd "device ohci" .Cd "device usb" +.Cd "device miibus" +.Cd "device uether" .Cd "device cdce" .Ed .Pp diff --git a/share/man/man4/cue.4 b/share/man/man4/cue.4 index a27653c..ddf8e75 100644 --- a/share/man/man4/cue.4 +++ b/share/man/man4/cue.4 @@ -30,7 +30,7 @@ .\" .\" $FreeBSD$ .\" -.Dd July 16, 2005 +.Dd November 24, 2015 .Dt CUE 4 .Os .Sh NAME @@ -44,6 +44,8 @@ kernel configuration file: .Cd "device uhci" .Cd "device ohci" .Cd "device usb" +.Cd "device miibus" +.Cd "device uether" .Cd "device cue" .Ed .Pp diff --git a/share/man/man4/ipheth.4 b/share/man/man4/ipheth.4 index 85801f2..64e1018 100644 --- a/share/man/man4/ipheth.4 +++ b/share/man/man4/ipheth.4 @@ -27,7 +27,7 @@ .\" .\" $FreeBSD$ .\" -.Dd September 30, 2014 +.Dd November 24, 2015 .Dt IPHETH 4 .Os .Sh NAME @@ -47,6 +47,8 @@ following lines in your kernel configuration file: .Cd "device uhci" .Cd "device ohci" .Cd "device usb" +.Cd "device miibus" +.Cd "device uether" .Cd "device ipheth" .Ed .Sh DESCRIPTION diff --git a/share/man/man4/kue.4 b/share/man/man4/kue.4 index c9a8ad7..718b842 100644 --- a/share/man/man4/kue.4 +++ b/share/man/man4/kue.4 @@ -30,7 +30,7 @@ .\" .\" $FreeBSD$ .\" -.Dd October 7, 2006 +.Dd November 24, 2015 .Dt KUE 4 .Os .Sh NAME @@ -44,6 +44,8 @@ kernel configuration file: .Cd "device uhci" .Cd "device ohci" .Cd "device usb" +.Cd "device miibus" +.Cd "device uether" .Cd "device kue" .Ed .Pp diff --git a/share/man/man4/mos.4 b/share/man/man4/mos.4 index 2656dea..e4ae8c4 100644 --- a/share/man/man4/mos.4 +++ b/share/man/man4/mos.4 @@ -15,7 +15,7 @@ .\" .\" $FreeBSD$ .\" -.Dd February 14, 2011 +.Dd November 24, 2015 .Dt MOS 4 .Os .Sh NAME @@ -31,6 +31,7 @@ kernel configuration file: .Cd "device ehci" .Cd "device usb" .Cd "device miibus" +.Cd "device uether" .Cd "device mos" .Ed .Pp diff --git a/share/man/man4/rue.4 b/share/man/man4/rue.4 index 06f91e8..6b0881f 100644 --- a/share/man/man4/rue.4 +++ b/share/man/man4/rue.4 @@ -25,7 +25,7 @@ .\" .\" $FreeBSD$ .\" -.Dd July 23, 2011 +.Dd November 24, 2015 .Dt RUE 4 .Os .Sh NAME @@ -40,6 +40,7 @@ kernel configuration file: .Cd "device ohci" .Cd "device usb" .Cd "device miibus" +.Cd "device uether" .Cd "device rue" .Ed .Pp diff --git a/share/man/man4/smsc.4 b/share/man/man4/smsc.4 index fb37539..dac2864 100644 --- a/share/man/man4/smsc.4 +++ b/share/man/man4/smsc.4 @@ -27,7 +27,7 @@ .\" .\" $FreeBSD$ .\" -.Dd September 26, 2014 +.Dd November 24, 2015 .Dt SMSC 4 .Os .Sh NAME @@ -48,6 +48,7 @@ following lines in your kernel configuration file: .Cd "device ohci" .Cd "device usb" .Cd "device miibus" +.Cd "device uether" .Cd "device smsc" .Ed .Sh DESCRIPTION diff --git a/share/man/man4/udav.4 b/share/man/man4/udav.4 index 4d90236..818a1f0 100644 --- a/share/man/man4/udav.4 +++ b/share/man/man4/udav.4 @@ -32,7 +32,7 @@ .\" .\" $FreeBSD$ .\" -.Dd July 16, 2005 +.Dd November 24, 2015 .Dt UDAV 4 .Os .Sh NAME @@ -48,6 +48,7 @@ kernel configuration file: .Cd "device ohci" .Cd "device usb" .Cd "device miibus" +.Cd "device uether" .Cd "device udav" .Ed .Pp diff --git a/share/man/man4/urndis.4 b/share/man/man4/urndis.4 index 33acec5..de64313 100644 --- a/share/man/man4/urndis.4 +++ b/share/man/man4/urndis.4 @@ -45,6 +45,8 @@ kernel configuration file: .Cd "device ohci" .Cd "device xhci" .Cd "device usb" +.Cd "device miibus" +.Cd "device uether" .Cd "device urndis" .Ed .Pp diff --git a/share/man/man5/style.Makefile.5 b/share/man/man5/style.Makefile.5 index c3a3288..5e34b96 100644 --- a/share/man/man5/style.Makefile.5 +++ b/share/man/man5/style.Makefile.5 @@ -27,7 +27,7 @@ .\" .\" $FreeBSD$ .\" -.Dd January 8, 2005 +.Dd October 21, 2015 .Dt STYLE.MAKEFILE 5 .Os .Sh NAME @@ -117,6 +117,13 @@ i.e., no space between the variable name and the .Ic = . Keep values sorted alphabetically, if possible. .It +Variables are expanded with +.Sy {} , +not +.Sy () . +Such as +.Va ${VARIABLE} . +.It Do not use .Ic += to set variables that are only set once diff --git a/share/man/man9/style.9 b/share/man/man9/style.9 index ed65ac6..1d0c7b3 100644 --- a/share/man/man9/style.9 +++ b/share/man/man9/style.9 @@ -26,7 +26,7 @@ .\" From: @(#)style 1.14 (Berkeley) 4/28/95 .\" $FreeBSD$ .\" -.Dd January 7, 2010 +.Dd November 22, 2015 .Dt STYLE 9 .Os .Sh NAME @@ -503,13 +503,14 @@ Code which is unreachable for non-obvious reasons may be marked /* .Pp Space after keywords .Pq Ic if , while , for , return , switch . -No braces +Two styles of braces .Ql ( \&{ and .Ql \&} ) -are -used for control statements with zero or only a single statement unless that -statement is more than a single line in which case they are permitted. +are allowed for single line statements. +Either they are used for all single statements, or +they are used only where needed for clarity. +Usage within a function should be consistent. Forever loops are done with .Ic for Ns 's , not @@ -833,7 +834,7 @@ Whenever possible, code should be run through a code checker (e.g., .Xr lint 1 or -.Nm gcc Fl Wall ) +.Nm cc Fl Wall ) and produce minimal warnings. .Sh SEE ALSO .Xr indent 1 , diff --git a/share/mk/bsd.README b/share/mk/bsd.README index 5f0c165..d8a707f 100644 --- a/share/mk/bsd.README +++ b/share/mk/bsd.README @@ -17,6 +17,7 @@ files. In most cases it is only interesting to include bsd.prog.mk or bsd.lib.mk. bsd.cpu.mk - sets CPU/arch-related variables +bsd.crunchgen.mk - building crunched binaries using crunchgen(1) bsd.dep.mk - handle Makefile dependencies bsd.doc.mk - building troff system documents bsd.files.mk - install of general purpose files diff --git a/share/mk/bsd.crunchgen.mk b/share/mk/bsd.crunchgen.mk index cc7f021..ce26dc5 100644 --- a/share/mk/bsd.crunchgen.mk +++ b/share/mk/bsd.crunchgen.mk @@ -1,5 +1,7 @@ ################################################################# # +# Generate crunched binaries using crunchgen(1). +# # General notes: # # A number of Make variables are used to generate the crunchgen config file. diff --git a/share/mk/bsd.doc.mk b/share/mk/bsd.doc.mk index 49b2d9b..b8e6c34 100644 --- a/share/mk/bsd.doc.mk +++ b/share/mk/bsd.doc.mk @@ -133,11 +133,11 @@ CLEANFILES+= ${DOC}.ascii ${DOC}.ascii${DCOMPRESS_EXT} \ ${DOC}.html ${DOC}-*.html realinstall: -.for _dev in ${PRINTERDEVICE:Mhtml} +.if ${PRINTERDEVICE:Mhtml} cd ${SRCDIR}; \ ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m ${BINMODE} \ ${DOC}*.html ${DESTDIR}${BINDIR}/${VOLUME} -.endfor +.endif .for _dev in ${PRINTERDEVICE:Nhtml} ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m ${BINMODE} \ ${DFILE.${_dev}} ${DESTDIR}${BINDIR}/${VOLUME} @@ -184,7 +184,6 @@ ${DFILE.html}: ${SRCS} .else # unroff(1) requires a macro package as an argument cd ${SRCDIR}; ${UNROFF} -ms ${UNROFFFLAGS} \ document=${DOC} ${SRCS} -.else .endif .endif .endfor diff --git a/share/mk/bsd.progs.mk b/share/mk/bsd.progs.mk index 474dd31..2253d8e 100644 --- a/share/mk/bsd.progs.mk +++ b/share/mk/bsd.progs.mk @@ -35,6 +35,9 @@ UPDATE_DEPENDFILE_PROG?= no # They may have asked us to build just one .for t in ${PROGS} .if make($t) +.if ${PROGS_CXX:U:M${t}} +PROG_CXX ?= $t +.endif PROG ?= $t .endif .endfor @@ -67,7 +70,7 @@ UPDATE_DEPENDFILE ?= NO # ensure that we don't clobber each other's dependencies DEPENDFILE?= .depend.${PROG} # prog.mk will do the rest -.else +.else # !defined(PROG) all: ${PROGS} # We cannot capture dependencies for meta mode here @@ -88,10 +91,32 @@ $v = # handle being called [bsd.]progs.mk .include <bsd.prog.mk> -.if !empty(PROGS) && !defined(_RECURSING_PROGS) +.if !empty(PROGS) && !defined(_RECURSING_PROGS) && !defined(PROG) # tell progs.mk we might want to install things PROGS_TARGETS+= checkdpadd clean cleandepend cleandir depend install +# Find common sources among the PROGS and depend on them before building +# anything. This allows parallelization without them each fighting over +# the same objects. +_PROGS_COMMON_SRCS= +_PROGS_ALL_SRCS= +.for p in ${PROGS} +.for s in ${SRCS.${p}} +.if ${_PROGS_ALL_SRCS:M${s}} && !${_PROGS_COMMON_SRCS:M${s}} +_PROGS_COMMON_SRCS+= ${s} +.else +_PROGS_ALL_SRCS+= ${s} +.endif +.endfor +.endfor +.if !empty(_PROGS_COMMON_SRCS) +_PROGS_COMMON_OBJS= ${_PROGS_COMMON_SRCS:M*.[dhly]} +.if !empty(_PROGS_COMMON_SRCS:N*.[dhly]) +_PROGS_COMMON_OBJS+= ${_PROGS_COMMON_SRCS:N*.[dhly]:R:S/$/.o/g} +.endif +${PROGS}: ${_PROGS_COMMON_OBJS} +.endif + .for p in ${PROGS} .if defined(PROGS_CXX) && !empty(PROGS_CXX:M$p) # bsd.prog.mk may need to know this @@ -100,16 +125,18 @@ x.$p= PROG_CXX=$p # Main PROG target $p ${p}_p: .PHONY .MAKE - (cd ${.CURDIR} && ${MAKE} -f ${MAKEFILE} _RECURSING_PROGS= \ - SUBDIR= PROG=$p \ + (cd ${.CURDIR} && \ + NO_SUBDIR=1 ${MAKE} -f ${MAKEFILE} _RECURSING_PROGS= \ + PROG=$p \ DEPENDFILE=.depend.$p .MAKE.DEPENDFILE=.depend.$p \ ${x.$p}) # Pseudo targets for PROG, such as 'install'. .for t in ${PROGS_TARGETS:O:u} $p.$t: .PHONY .MAKE - (cd ${.CURDIR} && ${MAKE} -f ${MAKEFILE} _RECURSING_PROGS= \ - SUBDIR= PROG=$p \ + (cd ${.CURDIR} && \ + NO_SUBDIR=1 ${MAKE} -f ${MAKEFILE} _RECURSING_PROGS= \ + PROG=$p \ DEPENDFILE=.depend.$p .MAKE.DEPENDFILE=.depend.$p \ ${x.$p} ${@:E}) .endfor @@ -119,4 +146,4 @@ $p.$t: .PHONY .MAKE .for t in ${PROGS_TARGETS:O:u} $t: ${PROGS:%=%.$t} .endfor -.endif +.endif # !empty(PROGS) && !defined(_RECURSING_PROGS) && !defined(PROG) diff --git a/share/mk/bsd.subdir.mk b/share/mk/bsd.subdir.mk index f76d5e1..9d2eb17 100644 --- a/share/mk/bsd.subdir.mk +++ b/share/mk/bsd.subdir.mk @@ -84,7 +84,7 @@ __deps= .for __dep in ${SUBDIR_DEPEND_${__dir}} __deps+= ${__target}_subdir_${__dep} .endfor -${__target}_subdir_${__dir}: .MAKE ${__deps} +${__target}_subdir_${__dir}: .PHONY .MAKE ${__deps} .if !defined(NO_SUBDIR) @${_+_}set -e; \ if test -d ${.CURDIR}/${__dir}.${MACHINE_ARCH}; then \ diff --git a/share/mklocale/Makefile b/share/mklocale/Makefile index b7f551e..ec79b5d 100644 --- a/share/mklocale/Makefile +++ b/share/mklocale/Makefile @@ -30,7 +30,7 @@ LOCALES= UTF-8 \ zh_HK.Big5HKSCS \ zh_TW.Big5 -LOCALEDIR= /usr/share/locale +LOCALEDIR= ${SHAREDIR}/locale .SUFFIXES: .src .out diff --git a/share/monetdef/Makefile b/share/monetdef/Makefile index 4385d87..9ee23c1 100644 --- a/share/monetdef/Makefile +++ b/share/monetdef/Makefile @@ -90,7 +90,7 @@ LOCALES= af_ZA.ISO8859-1 \ zh_HK.UTF-8 \ zh_TW.Big5 -LOCALEDIR= /usr/share/locale +LOCALEDIR= ${SHAREDIR}/locale .SUFFIXES: .src .out diff --git a/share/msgdef/Makefile b/share/msgdef/Makefile index 59a5383..ec87eee 100644 --- a/share/msgdef/Makefile +++ b/share/msgdef/Makefile @@ -70,7 +70,7 @@ LOCALES= af_ZA.ISO8859-1 \ zh_TW.Big5 \ zh_TW.UTF-8 -LOCALEDIR= /usr/share/locale +LOCALEDIR= ${SHAREDIR}/locale .SUFFIXES: .src .out diff --git a/share/numericdef/Makefile b/share/numericdef/Makefile index baf99de..5e691fe 100644 --- a/share/numericdef/Makefile +++ b/share/numericdef/Makefile @@ -44,7 +44,7 @@ LOCALES= af_ZA.ISO8859-1 \ uk_UA.KOI8-U \ zh_CN.eucCN -LOCALEDIR= /usr/share/locale +LOCALEDIR= ${SHAREDIR}/locale .SUFFIXES: .src .out diff --git a/share/sendmail/Makefile b/share/sendmail/Makefile index 00427dc..cab9d5e 100644 --- a/share/sendmail/Makefile +++ b/share/sendmail/Makefile @@ -7,7 +7,7 @@ CFDIR= cf CFDIRS!= (cd ${SENDMAIL_DIR}; find -L ${CFDIR} \( \( -name CVS -o -name .svn \) -prune \) -o -type d -print) CFFILES!= (cd ${SENDMAIL_DIR}; find -L ${CFDIR} \( \( -name CVS -o -name .svn \) -prune \) -o -type f -print) -DDIR= ${DESTDIR}/usr/share/sendmail +DDIR= ${DESTDIR}${SHAREDIR}/sendmail NO_OBJ= diff --git a/share/skel/Makefile b/share/skel/Makefile index ffe8015..9f8bf2f 100644 --- a/share/skel/Makefile +++ b/share/skel/Makefile @@ -5,8 +5,8 @@ FILESGROUPS= FILES1 FILES2 FILES1= dot.cshrc dot.login dot.login_conf dot.mailrc dot.profile \ dot.shrc FILES2= dot.mail_aliases dot.rhosts -FILES1DIR= /usr/share/skel -FILES2DIR= /usr/share/skel +FILES1DIR= ${SHAREDIR}/skel +FILES2DIR= ${SHAREDIR}/skel FILES1MODE= 0644 FILES2MODE= 0600 NO_OBJ= diff --git a/share/syscons/Makefile b/share/syscons/Makefile index 9cbf100..c5993a8 100644 --- a/share/syscons/Makefile +++ b/share/syscons/Makefile @@ -1,5 +1,6 @@ # $FreeBSD$ SUBDIR= fonts keymaps scrnmaps +SUBDIR_PARALLEL= .include <bsd.subdir.mk> diff --git a/share/timedef/Makefile b/share/timedef/Makefile index 5a4060d..7269fb4 100644 --- a/share/timedef/Makefile +++ b/share/timedef/Makefile @@ -96,7 +96,7 @@ LOCALES= am_ET.UTF-8 \ zh_TW.Big5 \ zh_TW.UTF-8 -LOCALEDIR= /usr/share/locale +LOCALEDIR= ${SHAREDIR}/locale .SUFFIXES: .src .out diff --git a/sys/conf/NOTES b/sys/conf/NOTES index e05e366..9c8b9c9 100644 --- a/sys/conf/NOTES +++ b/sys/conf/NOTES @@ -2706,6 +2706,8 @@ device uvisor # USB serial support for DDI pocket's PHS device uvscom # +# USB ethernet support +device uether # ADMtek USB ethernet. Supports the LinkSys USB100TX, # the Billionton USB100, the Melco LU-ATX, the D-Link DSB-650TX # and the SMC 2202USB. Also works with the ADMtek AN986 Pegasus diff --git a/sys/conf/files b/sys/conf/files index e124bf4..f6456a7 100644 --- a/sys/conf/files +++ b/sys/conf/files @@ -2529,9 +2529,9 @@ dev/usb/net/if_udav.c optional udav dev/usb/net/if_usie.c optional usie dev/usb/net/if_urndis.c optional urndis dev/usb/net/ruephy.c optional rue -dev/usb/net/usb_ethernet.c optional aue | axe | axge | cdce | cue | kue | \ - mos | rue | smsc | udav | ipheth | \ - urndis +dev/usb/net/usb_ethernet.c optional uether | aue | axe | axge | cdce | \ + cue | ipheth | kue | mos | rue | \ + smsc | udav | urndis dev/usb/net/uhso.c optional uhso # # USB WLAN drivers diff --git a/sys/dev/filemon/filemon.c b/sys/dev/filemon/filemon.c index f8a698f..b302de9 100644 --- a/sys/dev/filemon/filemon.c +++ b/sys/dev/filemon/filemon.c @@ -43,7 +43,6 @@ __FBSDID("$FreeBSD$"); #include <sys/lock.h> #include <sys/malloc.h> #include <sys/module.h> -#include <sys/mutex.h> #include <sys/poll.h> #include <sys/proc.h> #include <sys/queue.h> @@ -195,9 +194,6 @@ filemon_open(struct cdev *dev, int oflags __unused, int devtype __unused, if (filemon == NULL) { filemon = malloc(sizeof(struct filemon), M_FILEMON, M_WAITOK | M_ZERO); - - filemon->fp = NULL; - sx_init(&filemon->lock, "filemon"); } diff --git a/sys/dev/xen/control/control.c b/sys/dev/xen/control/control.c index bc0609d..60e448a 100644 --- a/sys/dev/xen/control/control.c +++ b/sys/dev/xen/control/control.c @@ -127,6 +127,7 @@ __FBSDID("$FreeBSD$"); #include <machine/_inttypes.h> #include <machine/intr_machdep.h> +#include <machine/apicvar.h> #include <vm/vm.h> #include <vm/vm_extern.h> @@ -403,6 +404,8 @@ xctrl_suspend() gnttab_resume(); #ifdef SMP + /* Send an IPI_BITMAP in case there are pending bitmap IPIs. */ + lapic_ipi_vectored(IPI_BITMAP_VECTOR, APIC_IPI_DEST_ALL); if (smp_started && !CPU_EMPTY(&cpu_suspend_map)) { /* * Now that event channels have been initialized, diff --git a/sys/fs/nfs/nfs_var.h b/sys/fs/nfs/nfs_var.h index 2abd7e4..d540dc9 100644 --- a/sys/fs/nfs/nfs_var.h +++ b/sys/fs/nfs/nfs_var.h @@ -135,6 +135,7 @@ int nfsrv_checksequence(struct nfsrv_descript *, uint32_t, uint32_t *, uint32_t *, int, uint32_t *, NFSPROC_T *); int nfsrv_checkreclaimcomplete(struct nfsrv_descript *); void nfsrv_cache_session(uint8_t *, uint32_t, int, struct mbuf **); +void nfsrv_freeallbackchannel_xprts(void); /* nfs_nfsdserv.c */ int nfsrvd_access(struct nfsrv_descript *, int, diff --git a/sys/fs/nfsclient/nfs_clrpcops.c b/sys/fs/nfsclient/nfs_clrpcops.c index bfe6fa3..429cfcc 100644 --- a/sys/fs/nfsclient/nfs_clrpcops.c +++ b/sys/fs/nfsclient/nfs_clrpcops.c @@ -3087,6 +3087,25 @@ nfsrpc_readdir(vnode_t vp, struct uio *uiop, nfsuint64 *cookiep, *eofp = eof; } + /* + * Add extra empty records to any remaining DIRBLKSIZ chunks. + */ + while (uio_uio_resid(uiop) > 0 && ((size_t)(uio_uio_resid(uiop))) != tresid) { + dp = (struct dirent *) CAST_DOWN(caddr_t, uio_iov_base(uiop)); + dp->d_type = DT_UNKNOWN; + dp->d_fileno = 0; + dp->d_namlen = 0; + dp->d_name[0] = '\0'; + tl = (u_int32_t *)&dp->d_name[4]; + *tl++ = cookie.lval[0]; + *tl = cookie.lval[1]; + dp->d_reclen = DIRBLKSIZ; + uio_iov_base_add(uiop, DIRBLKSIZ); + uio_iov_len_add(uiop, -(DIRBLKSIZ)); + uio_uio_resid_add(uiop, -(DIRBLKSIZ)); + uiop->uio_offset += DIRBLKSIZ; + } + nfsmout: if (nd->nd_mrep != NULL) mbuf_freem(nd->nd_mrep); @@ -3561,6 +3580,25 @@ nfsrpc_readdirplus(vnode_t vp, struct uio *uiop, nfsuint64 *cookiep, *eofp = eof; } + /* + * Add extra empty records to any remaining DIRBLKSIZ chunks. + */ + while (uio_uio_resid(uiop) > 0 && uio_uio_resid(uiop) != tresid) { + dp = (struct dirent *)uio_iov_base(uiop); + dp->d_type = DT_UNKNOWN; + dp->d_fileno = 0; + dp->d_namlen = 0; + dp->d_name[0] = '\0'; + tl = (u_int32_t *)&dp->d_name[4]; + *tl++ = cookie.lval[0]; + *tl = cookie.lval[1]; + dp->d_reclen = DIRBLKSIZ; + uio_iov_base_add(uiop, DIRBLKSIZ); + uio_iov_len_add(uiop, -(DIRBLKSIZ)); + uio_uio_resid_add(uiop, -(DIRBLKSIZ)); + uiop->uio_offset += DIRBLKSIZ; + } + nfsmout: if (nd->nd_mrep != NULL) mbuf_freem(nd->nd_mrep); diff --git a/sys/fs/nfsserver/nfs_nfsdkrpc.c b/sys/fs/nfsserver/nfs_nfsdkrpc.c index e68a18b..7326038 100644 --- a/sys/fs/nfsserver/nfs_nfsdkrpc.c +++ b/sys/fs/nfsserver/nfs_nfsdkrpc.c @@ -547,6 +547,7 @@ nfsrvd_init(int terminating) if (terminating) { nfsd_master_proc = NULL; NFSD_UNLOCK(); + nfsrv_freeallbackchannel_xprts(); svcpool_destroy(nfsrvd_pool); nfsrvd_pool = NULL; NFSD_LOCK(); diff --git a/sys/fs/nfsserver/nfs_nfsdstate.c b/sys/fs/nfsserver/nfs_nfsdstate.c index c6d9448..37fb3b6 100644 --- a/sys/fs/nfsserver/nfs_nfsdstate.c +++ b/sys/fs/nfsserver/nfs_nfsdstate.c @@ -4188,10 +4188,23 @@ nfsrv_docallback(struct nfsclient *clp, int procnum, if (!error) { if ((nd->nd_flag & ND_NFSV41) != 0) { KASSERT(sep != NULL, ("sep NULL")); - error = newnfs_request(nd, NULL, clp, &clp->lc_req, - NULL, NULL, cred, clp->lc_program, - clp->lc_req.nr_vers, NULL, 1, NULL, - &sep->sess_cbsess); + if (sep->sess_cbsess.nfsess_xprt != NULL) + error = newnfs_request(nd, NULL, clp, + &clp->lc_req, NULL, NULL, cred, + clp->lc_program, clp->lc_req.nr_vers, NULL, + 1, NULL, &sep->sess_cbsess); + else { + /* + * This should probably never occur, but if a + * client somehow does an RPC without a + * SequenceID Op that causes a callback just + * after the nfsd threads have been terminated + * and restared we could conceivably get here + * without a backchannel xprt. + */ + printf("nfsrv_docallback: no xprt\n"); + error = ECONNREFUSED; + } nfsrv_freesession(sep, NULL); } else error = newnfs_request(nd, NULL, clp, &clp->lc_req, @@ -5776,14 +5789,16 @@ nfsrv_checksequence(struct nfsrv_descript *nd, uint32_t sequenceid, * If this session handles the backchannel, save the nd_xprt for this * RPC, since this is the one being used. */ - if (sep->sess_cbsess.nfsess_xprt != NULL && + if (sep->sess_clp->lc_req.nr_client != NULL && (sep->sess_crflags & NFSV4CRSESS_CONNBACKCHAN) != 0) { savxprt = sep->sess_cbsess.nfsess_xprt; SVC_ACQUIRE(nd->nd_xprt); - nd->nd_xprt->xp_p2 = savxprt->xp_p2; + nd->nd_xprt->xp_p2 = + sep->sess_clp->lc_req.nr_client->cl_private; nd->nd_xprt->xp_idletimeout = 0; /* Disable timeout. */ sep->sess_cbsess.nfsess_xprt = nd->nd_xprt; - SVC_RELEASE(savxprt); + if (savxprt != NULL) + SVC_RELEASE(savxprt); } *sflagsp = 0; @@ -6042,3 +6057,29 @@ nfsv4_getcbsession(struct nfsclient *clp, struct nfsdsession **sepp) return (0); } +/* + * Free up all backchannel xprts. This needs to be done when the nfsd threads + * exit, since those transports will all be going away. + * This is only called after all the nfsd threads are done performing RPCs, + * so locking shouldn't be an issue. + */ +APPLESTATIC void +nfsrv_freeallbackchannel_xprts(void) +{ + struct nfsdsession *sep; + struct nfsclient *clp; + SVCXPRT *xprt; + int i; + + for (i = 0; i < nfsrv_clienthashsize; i++) { + LIST_FOREACH(clp, &nfsclienthash[i], lc_hash) { + LIST_FOREACH(sep, &clp->lc_session, sess_list) { + xprt = sep->sess_cbsess.nfsess_xprt; + sep->sess_cbsess.nfsess_xprt = NULL; + if (xprt != NULL) + SVC_RELEASE(xprt); + } + } + } +} + diff --git a/sys/kern/vfs_subr.c b/sys/kern/vfs_subr.c index b5f5b42..2df1e25 100644 --- a/sys/kern/vfs_subr.c +++ b/sys/kern/vfs_subr.c @@ -2425,6 +2425,10 @@ vdrop(struct vnode *vp) * Drop the hold count of the vnode. If this is the last reference to * the vnode we place it on the free list unless it has been vgone'd * (marked VI_DOOMED) in which case we will free it. + * + * Because the vnode vm object keeps a hold reference on the vnode if + * there is at least one resident non-cached page, the vnode cannot + * leave the active list without the page cleanup done. */ void vdropl(struct vnode *vp) @@ -2540,11 +2544,13 @@ vinactive(struct vnode *vp, struct thread *td) VI_UNLOCK(vp); /* * Before moving off the active list, we must be sure that any - * modified pages are on the vnode's dirty list since these will - * no longer be checked once the vnode is on the inactive list. - * Because the vnode vm object keeps a hold reference on the vnode - * if there is at least one resident non-cached page, the vnode - * cannot leave the active list without the page cleanup done. + * modified pages are converted into the vnode's dirty + * buffers, since these will no longer be checked once the + * vnode is on the inactive list. + * + * The write-out of the dirty pages is asynchronous. At the + * point that VOP_INACTIVE() is called, there could still be + * pending I/O and dirty pages in the object. */ obj = vp->v_object; if (obj != NULL && (obj->flags & OBJ_MIGHTBEDIRTY) != 0) { diff --git a/sys/modules/Makefile.inc b/sys/modules/Makefile.inc index 9dc38af..b20b99b 100644 --- a/sys/modules/Makefile.inc +++ b/sys/modules/Makefile.inc @@ -4,3 +4,4 @@ CFLAGS+= -DPC98 .endif +SUBDIR_PARALLEL= yes diff --git a/sys/modules/drm2/Makefile b/sys/modules/drm2/Makefile index 3671c1a..e4e19fb 100644 --- a/sys/modules/drm2/Makefile +++ b/sys/modules/drm2/Makefile @@ -2,8 +2,6 @@ .include <bsd.own.mk> -SUBDIR_PARALLEL= - .if ${MACHINE_CPUARCH} == "amd64" _i915kms= i915kms _radeonkms= radeonkms diff --git a/sys/modules/drm2/radeonkmsfw/Makefile b/sys/modules/drm2/radeonkmsfw/Makefile index f885da9..167743c 100644 --- a/sys/modules/drm2/radeonkmsfw/Makefile +++ b/sys/modules/drm2/radeonkmsfw/Makefile @@ -1,7 +1,5 @@ # $FreeBSD$ -SUBDIR_PARALLEL= - SUBDIR= \ ARUBA_me \ ARUBA_pfp \ diff --git a/sys/modules/netgraph/Makefile b/sys/modules/netgraph/Makefile index 03873e4..dc44ac7 100644 --- a/sys/modules/netgraph/Makefile +++ b/sys/modules/netgraph/Makefile @@ -62,6 +62,4 @@ _bluetooth= bluetooth _mppc= mppc .endif -SUBDIR_PARALLEL= - .include <bsd.subdir.mk> diff --git a/sys/netinet/igmp.c b/sys/netinet/igmp.c index c138f14..34a60a8 100644 --- a/sys/netinet/igmp.c +++ b/sys/netinet/igmp.c @@ -3327,6 +3327,15 @@ igmp_v3_dispatch_general_query(struct igmp_ifinfo *igi) KASSERT(igi->igi_version == IGMP_VERSION_3, ("%s: called when version %d", __func__, igi->igi_version)); + /* + * Check that there are some packets queued. If so, send them first. + * For large number of groups the reply to general query can take + * many packets, we should finish sending them before starting of + * queuing the new reply. + */ + if (igi->igi_gq.ifq_head != NULL) + goto send; + ifp = igi->igi_ifp; IF_ADDR_RLOCK(ifp); @@ -3362,6 +3371,7 @@ igmp_v3_dispatch_general_query(struct igmp_ifinfo *igi) } IF_ADDR_RUNLOCK(ifp); +send: loop = (igi->igi_flags & IGIF_LOOPBACK) ? 1 : 0; igmp_dispatch_queue(&igi->igi_gq, IGMP_MAX_RESPONSE_BURST, loop); diff --git a/sys/netinet6/mld6.c b/sys/netinet6/mld6.c index 77b19bf..6e0f95d 100644 --- a/sys/netinet6/mld6.c +++ b/sys/netinet6/mld6.c @@ -2989,6 +2989,15 @@ mld_v2_dispatch_general_query(struct mld_ifinfo *mli) KASSERT(mli->mli_version == MLD_VERSION_2, ("%s: called when version %d", __func__, mli->mli_version)); + /* + * Check that there are some packets queued. If so, send them first. + * For large number of groups the reply to general query can take + * many packets, we should finish sending them before starting of + * queuing the new reply. + */ + if (mli->mli_gq.ifq_head != NULL) + goto send; + ifp = mli->mli_ifp; IF_ADDR_RLOCK(ifp); @@ -3024,6 +3033,7 @@ mld_v2_dispatch_general_query(struct mld_ifinfo *mli) } IF_ADDR_RUNLOCK(ifp); +send: mld_dispatch_queue(&mli->mli_gq, MLD_MAX_RESPONSE_BURST); /* diff --git a/sys/netpfil/ipfw/ip_fw_dynamic.c b/sys/netpfil/ipfw/ip_fw_dynamic.c index 694362a..b6cfa62 100644 --- a/sys/netpfil/ipfw/ip_fw_dynamic.c +++ b/sys/netpfil/ipfw/ip_fw_dynamic.c @@ -715,6 +715,9 @@ ipfw_install_state(struct ip_fw *rule, ipfw_insn_limit *cmd, id.fib = M_GETFIB(args->m); if (IS_IP6_FLOW_ID (&(args->f_id))) { + bzero(&id.src_ip6, sizeof(id.src_ip6)); + bzero(&id.dst_ip6, sizeof(id.dst_ip6)); + if (limit_mask & DYN_SRC_ADDR) id.src_ip6 = args->f_id.src_ip6; if (limit_mask & DYN_DST_ADDR) diff --git a/sys/vm/device_pager.c b/sys/vm/device_pager.c index 60c1beb..fd110c7 100644 --- a/sys/vm/device_pager.c +++ b/sys/vm/device_pager.c @@ -60,10 +60,8 @@ static vm_object_t dev_pager_alloc(void *, vm_ooffset_t, vm_prot_t, vm_ooffset_t, struct ucred *); static void dev_pager_dealloc(vm_object_t); static int dev_pager_getpages(vm_object_t, vm_page_t *, int, int); -static void dev_pager_putpages(vm_object_t, vm_page_t *, int, - boolean_t, int *); -static boolean_t dev_pager_haspage(vm_object_t, vm_pindex_t, int *, - int *); +static void dev_pager_putpages(vm_object_t, vm_page_t *, int, int, int *); +static boolean_t dev_pager_haspage(vm_object_t, vm_pindex_t, int *, int *); static void dev_pager_free_page(vm_object_t object, vm_page_t m); /* list of device pager objects */ @@ -101,8 +99,9 @@ static struct cdev_pager_ops old_dev_pager_ops = { }; static void -dev_pager_init() +dev_pager_init(void) { + TAILQ_INIT(&dev_pager_object_list); mtx_init(&dev_pager_mtx, "dev_pager list", NULL, MTX_DEF); } @@ -231,8 +230,7 @@ dev_pager_free_page(vm_object_t object, vm_page_t m) } static void -dev_pager_dealloc(object) - vm_object_t object; +dev_pager_dealloc(vm_object_t object) { vm_page_t m; @@ -362,24 +360,18 @@ old_dev_pager_fault(vm_object_t object, vm_ooffset_t offset, int prot, } static void -dev_pager_putpages(object, m, count, sync, rtvals) - vm_object_t object; - vm_page_t *m; - int count; - boolean_t sync; - int *rtvals; +dev_pager_putpages(vm_object_t object, vm_page_t *m, int count, int flags, + int *rtvals) { panic("dev_pager_putpage called"); } static boolean_t -dev_pager_haspage(object, pindex, before, after) - vm_object_t object; - vm_pindex_t pindex; - int *before; - int *after; +dev_pager_haspage(vm_object_t object, vm_pindex_t pindex, int *before, + int *after) { + if (before != NULL) *before = 0; if (after != NULL) diff --git a/sys/vm/vm_page.h b/sys/vm/vm_page.h index accf517..7ecb6c7 100644 --- a/sys/vm/vm_page.h +++ b/sys/vm/vm_page.h @@ -227,6 +227,7 @@ struct vm_domain { long vmd_segs; /* bitmask of the segments */ boolean_t vmd_oom; int vmd_pass; /* local pagedaemon pass */ + int vmd_oom_seq; int vmd_last_active_scan; struct vm_page vmd_marker; /* marker for pagedaemon private use */ }; diff --git a/sys/vm/vm_pageout.c b/sys/vm/vm_pageout.c index 2cc738d..156d11a 100644 --- a/sys/vm/vm_pageout.c +++ b/sys/vm/vm_pageout.c @@ -121,7 +121,8 @@ static void vm_pageout(void); static void vm_pageout_init(void); static int vm_pageout_clean(vm_page_t); static void vm_pageout_scan(struct vm_domain *vmd, int pass); -static void vm_pageout_mightbe_oom(struct vm_domain *vmd, int pass); +static void vm_pageout_mightbe_oom(struct vm_domain *vmd, int page_shortage, + int starting_page_shortage); SYSINIT(pagedaemon_init, SI_SUB_KTHREAD_PAGE, SI_ORDER_FIRST, vm_pageout_init, NULL); @@ -158,6 +159,7 @@ int vm_pages_needed; /* Event on which pageout daemon sleeps */ int vm_pageout_deficit; /* Estimated number of pages deficit */ int vm_pageout_pages_needed; /* flag saying that the pageout daemon needs pages */ int vm_pageout_wakeup_thresh; +static int vm_pageout_oom_seq = 12; #if !defined(NO_SWAPPING) static int vm_pageout_req_swapout; /* XXX */ @@ -217,6 +219,10 @@ static int pageout_lock_miss; SYSCTL_INT(_vm, OID_AUTO, pageout_lock_miss, CTLFLAG_RD, &pageout_lock_miss, 0, "vget() lock misses during pageout"); +SYSCTL_INT(_vm, OID_AUTO, pageout_oom_seq, + CTLFLAG_RW, &vm_pageout_oom_seq, 0, + "back-to-back calls to oom detector to start OOM"); + #define VM_PAGEOUT_PAGE_COUNT 16 int vm_pageout_page_count = VM_PAGEOUT_PAGE_COUNT; @@ -941,7 +947,7 @@ vm_pageout_scan(struct vm_domain *vmd, int pass) long min_scan; int act_delta, addl_page_shortage, deficit, maxscan, page_shortage; int vnodes_skipped = 0; - int maxlaunder, scan_tick, scanned; + int maxlaunder, scan_tick, scanned, starting_page_shortage; int lockmode; boolean_t queues_locked; @@ -981,6 +987,7 @@ vm_pageout_scan(struct vm_domain *vmd, int pass) page_shortage = vm_paging_target() + deficit; } else page_shortage = deficit = 0; + starting_page_shortage = page_shortage; /* * maxlaunder limits the number of dirty pages we flush per scan. @@ -1358,6 +1365,12 @@ relock_queues: (void)speedup_syncer(); /* + * If the inactive queue scan fails repeatedly to meet its + * target, kill the largest process. + */ + vm_pageout_mightbe_oom(vmd, page_shortage, starting_page_shortage); + + /* * Compute the number of pages we want to try to move from the * active queue to the inactive queue. */ @@ -1469,15 +1482,6 @@ relock_queues: } } #endif - - /* - * If we are critically low on one of RAM or swap and low on - * the other, kill the largest process. However, we avoid - * doing this on the first pass in order to give ourselves a - * chance to flush out dirty vnode-backed pages and to allow - * active pages to be moved to the inactive queue and reclaimed. - */ - vm_pageout_mightbe_oom(vmd, pass); } static int vm_pageout_oom_vote; @@ -1488,12 +1492,17 @@ static int vm_pageout_oom_vote; * failed to reach free target is premature. */ static void -vm_pageout_mightbe_oom(struct vm_domain *vmd, int pass) +vm_pageout_mightbe_oom(struct vm_domain *vmd, int page_shortage, + int starting_page_shortage) { int old_vote; - if (pass <= 1 || !((swap_pager_avail < 64 && vm_page_count_min()) || - (swap_pager_full && vm_paging_target() > 0))) { + if (starting_page_shortage <= 0 || starting_page_shortage != + page_shortage) + vmd->vmd_oom_seq = 0; + else + vmd->vmd_oom_seq++; + if (vmd->vmd_oom_seq < vm_pageout_oom_seq) { if (vmd->vmd_oom) { vmd->vmd_oom = FALSE; atomic_subtract_int(&vm_pageout_oom_vote, 1); @@ -1501,6 +1510,12 @@ vm_pageout_mightbe_oom(struct vm_domain *vmd, int pass) return; } + /* + * Do not follow the call sequence until OOM condition is + * cleared. + */ + vmd->vmd_oom_seq = 0; + if (vmd->vmd_oom) return; @@ -1526,6 +1541,65 @@ vm_pageout_mightbe_oom(struct vm_domain *vmd, int pass) atomic_subtract_int(&vm_pageout_oom_vote, 1); } +/* + * The OOM killer is the page daemon's action of last resort when + * memory allocation requests have been stalled for a prolonged period + * of time because it cannot reclaim memory. This function computes + * the approximate number of physical pages that could be reclaimed if + * the specified address space is destroyed. + * + * Private, anonymous memory owned by the address space is the + * principal resource that we expect to recover after an OOM kill. + * Since the physical pages mapped by the address space's COW entries + * are typically shared pages, they are unlikely to be released and so + * they are not counted. + * + * To get to the point where the page daemon runs the OOM killer, its + * efforts to write-back vnode-backed pages may have stalled. This + * could be caused by a memory allocation deadlock in the write path + * that might be resolved by an OOM kill. Therefore, physical pages + * belonging to vnode-backed objects are counted, because they might + * be freed without being written out first if the address space holds + * the last reference to an unlinked vnode. + * + * Similarly, physical pages belonging to OBJT_PHYS objects are + * counted because the address space might hold the last reference to + * the object. + */ +static long +vm_pageout_oom_pagecount(struct vmspace *vmspace) +{ + vm_map_t map; + vm_map_entry_t entry; + vm_object_t obj; + long res; + + map = &vmspace->vm_map; + KASSERT(!map->system_map, ("system map")); + sx_assert(&map->lock, SA_LOCKED); + res = 0; + for (entry = map->header.next; entry != &map->header; + entry = entry->next) { + if ((entry->eflags & MAP_ENTRY_IS_SUB_MAP) != 0) + continue; + obj = entry->object.vm_object; + if (obj == NULL) + continue; + if ((entry->eflags & MAP_ENTRY_NEEDS_COPY) != 0 && + obj->ref_count != 1) + continue; + switch (obj->type) { + case OBJT_DEFAULT: + case OBJT_SWAP: + case OBJT_PHYS: + case OBJT_VNODE: + res += obj->resident_page_count; + break; + } + } + return (res); +} + void vm_pageout_oom(int shortage) { @@ -1570,7 +1644,8 @@ vm_pageout_oom(int shortage) if (!TD_ON_RUNQ(td) && !TD_IS_RUNNING(td) && !TD_IS_SLEEPING(td) && - !TD_IS_SUSPENDED(td)) { + !TD_IS_SUSPENDED(td) && + !TD_IS_SWAPPED(td)) { thread_unlock(td); breakout = 1; break; @@ -1598,12 +1673,13 @@ vm_pageout_oom(int shortage) } PROC_UNLOCK(p); size = vmspace_swap_count(vm); - vm_map_unlock_read(&vm->vm_map); if (shortage == VM_OOM_MEM) - size += vmspace_resident_count(vm); + size += vm_pageout_oom_pagecount(vm); + vm_map_unlock_read(&vm->vm_map); vmspace_free(vm); + /* - * if the this process is bigger than the biggest one + * If this process is bigger than the biggest one, * remember it. */ if (size > bigsize) { diff --git a/sys/x86/xen/hvm.c b/sys/x86/xen/hvm.c index 1986f6f..6c6f153 100644 --- a/sys/x86/xen/hvm.c +++ b/sys/x86/xen/hvm.c @@ -72,7 +72,6 @@ static driver_filter_t xen_cpustop_handler; static driver_filter_t xen_cpususpend_handler; static driver_filter_t xen_cpustophard_handler; static void xen_ipi_vectored(u_int vector, int dest); -static void xen_hvm_cpu_resume(void); #endif static void xen_hvm_cpu_init(void); @@ -84,9 +83,6 @@ extern void pmap_lazyfix_action(void); extern int pmap_pcid_enabled; #endif -/* Variables used by mp_machdep to perform the bitmap IPI */ -extern volatile u_int cpu_ipi_pending[MAXCPU]; - /*---------------------------------- Macros ----------------------------------*/ #define IPI_TO_IDX(ipi) ((ipi) - APIC_IPI_INTS) @@ -110,7 +106,7 @@ enum xen_domain_type xen_domain_type = XEN_NATIVE; struct cpu_ops xen_hvm_cpu_ops = { .ipi_vectored = lapic_ipi_vectored, .cpu_init = xen_hvm_cpu_init, - .cpu_resume = xen_hvm_cpu_resume + .cpu_resume = xen_hvm_cpu_init }; #endif @@ -312,21 +308,6 @@ xen_ipi_vectored(u_int vector, int dest) /*---------------------- XEN diverged cpu operations -------------------------*/ static void -xen_hvm_cpu_resume(void) -{ - u_int cpuid = PCPU_GET(cpuid); - - /* - * Reset pending bitmap IPIs, because Xen doesn't preserve pending - * event channels on migration. - */ - cpu_ipi_pending[cpuid] = 0; - - /* register vcpu_info area */ - xen_hvm_cpu_init(); -} - -static void xen_cpu_ipi_init(int cpu) { xen_intr_handle_t *ipi_handle; diff --git a/tests/Makefile b/tests/Makefile index 7fdc5d7..8b3ccb1 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -4,6 +4,7 @@ SUBDIR+= etc SUBDIR+= sys +SUBDIR_PARALLEL= TESTSDIR= ${TESTSBASE} KYUAFILE= yes diff --git a/tests/sys/Makefile b/tests/sys/Makefile index f559e20..015040d 100644 --- a/tests/sys/Makefile +++ b/tests/sys/Makefile @@ -20,4 +20,6 @@ TESTS_SUBDIRS+= vm # Items not integrated into kyua runs by default SUBDIR+= pjdfstest +SUBDIR_PARALLEL= + .include <bsd.test.mk> diff --git a/tests/sys/kern/Makefile b/tests/sys/kern/Makefile index 5328b99..03b4a5c 100644 --- a/tests/sys/kern/Makefile +++ b/tests/sys/kern/Makefile @@ -15,6 +15,11 @@ LDADD.ptrace_test+= -lpthread LDADD.unix_seqpacket_test+= -lpthread NETBSD_ATF_TESTS_C+= lockf_test +NETBSD_ATF_TESTS_C+= mqueue_test + +CFLAGS.mqueue_test+= -I${SRCTOP}/tests +DPADD.mqueue_test+= ${LIBRT} +LDADD.mqueue_test+= -lrt WARNS?= 5 diff --git a/tests/sys/kern/acct/Makefile b/tests/sys/kern/acct/Makefile index 966fe9a..89bf3e0 100644 --- a/tests/sys/kern/acct/Makefile +++ b/tests/sys/kern/acct/Makefile @@ -6,12 +6,14 @@ ATF_TESTS_C= acct_test CFLAGS+= -I${.OBJDIR} -CLEANFILES+= convert.c +CLEANFILES+= convert.c convert.c.tmp DPSRCS.acct_test= convert.c +acct_test.o: convert.c -convert.c: ${SRCTOP}/sys/kern/kern_acct.c +convert.c: ${.CURDIR:H:H:H:H}/sys/kern/kern_acct.c sed -n -e 's/log(/syslog(/g' \ - -e '/FLOAT_CONVERSION_START/,/FLOAT_CONVERSION_END/p' ${.ALLSRC} >>${.TARGET} + -e '/FLOAT_CONVERSION_START/,/FLOAT_CONVERSION_END/p' ${.ALLSRC} >${.TARGET}.tmp + mv ${.TARGET}.tmp ${.TARGET} .include <bsd.test.mk> diff --git a/tests/sys/pjdfstest/Makefile b/tests/sys/pjdfstest/Makefile index 7047811..a398d39 100644 --- a/tests/sys/pjdfstest/Makefile +++ b/tests/sys/pjdfstest/Makefile @@ -2,5 +2,6 @@ SUBDIR+= pjdfstest SUBDIR+= tests +SUBDIR_PARALLEL= .include <bsd.subdir.mk> diff --git a/tests/sys/pjdfstest/pjdfstest/Makefile b/tests/sys/pjdfstest/pjdfstest/Makefile index c0e82a4..29bee82 100644 --- a/tests/sys/pjdfstest/pjdfstest/Makefile +++ b/tests/sys/pjdfstest/pjdfstest/Makefile @@ -8,7 +8,7 @@ BINDIR= ${TESTSBASE}/sys/pjdfstest PROG= pjdfstest MAN= -CFLAGS= -D__OS_FreeBSD__ -DHAS_LCHMOD -DHAS_CHFLAGS -DHAS_FCHFLAGS +CFLAGS+= -D__OS_FreeBSD__ -DHAS_LCHMOD -DHAS_CHFLAGS -DHAS_FCHFLAGS CFLAGS+= -DHAS_CHFLAGSAT -DHAS_LCHFLAGS -DHAS_FREEBSD_ACL -DHAS_BINDAT CFLAGS+= -DHAS_CONNECTAT diff --git a/tests/sys/pjdfstest/tests/Makefile b/tests/sys/pjdfstest/tests/Makefile index 248b209..917b01a 100644 --- a/tests/sys/pjdfstest/tests/Makefile +++ b/tests/sys/pjdfstest/tests/Makefile @@ -36,4 +36,6 @@ TESTS_SUBDIRS+= symlink TESTS_SUBDIRS+= truncate TESTS_SUBDIRS+= unlink +SUBDIR_PARALLEL= + .include <bsd.test.mk> diff --git a/tools/build/options/makeman b/tools/build/options/makeman index 0491bed..7168c82 100755 --- a/tools/build/options/makeman +++ b/tools/build/options/makeman @@ -33,7 +33,7 @@ show_options() ALL_TARGETS=$(echo $(${make} targets | tail -n +2)) rm -f $t/settings for target in ${ALL_TARGETS} ; do - ${make} showconfig \ + env -i ${make} showconfig \ SRCCONF=/dev/null __MAKE_CONF=/dev/null \ TARGET_ARCH=${target#*/} TARGET=${target%/*} | while read var _ val ; do @@ -96,7 +96,7 @@ show() exit 1 ;; esac - ${make} "$@" showconfig __MAKE_CONF=/dev/null | + env -i ${make} "$@" showconfig __MAKE_CONF=/dev/null | while read var _ val ; do opt=${var#MK_} case ${val} in diff --git a/tools/regression/lib/libc/nss/mach b/tools/regression/lib/libc/nss/mach index d25d8d6..ab7ce24 100644 --- a/tools/regression/lib/libc/nss/mach +++ b/tools/regression/lib/libc/nss/mach @@ -11,7 +11,6 @@ antioche.antioche.eu.org boulder.tele.dk centaurus.4web.cz chur.math.ntnu.no -cnftp.bjpu.edu.cn console.netbsd.org cvs.fi.netbsd.org cvs.mikrolahti.fi diff --git a/tools/regression/lib/libc/nss/test-getaddr.c b/tools/regression/lib/libc/nss/test-getaddr.c index aae1605..f0729ec 100644 --- a/tools/regression/lib/libc/nss/test-getaddr.c +++ b/tools/regression/lib/libc/nss/test-getaddr.c @@ -67,22 +67,22 @@ IMPLEMENT_TEST_DATA(addrinfo) IMPLEMENT_TEST_FILE_SNAPSHOT(addrinfo) IMPLEMENT_2PASS_TEST(addrinfo) -static void +static void clone_addrinfo(struct addrinfo *dest, struct addrinfo const *src) { assert(dest != NULL); assert(src != NULL); - + memcpy(dest, src, sizeof(struct addrinfo)); if (src->ai_canonname != NULL) dest->ai_canonname = strdup(src->ai_canonname); - + if (src->ai_addr != NULL) { dest->ai_addr = (struct sockaddr *)malloc(src->ai_addrlen); assert(dest->ai_addr != NULL); memcpy(dest->ai_addr, src->ai_addr, src->ai_addrlen); } - + if (src->ai_next != NULL) { dest->ai_next = (struct addrinfo *)malloc( sizeof(struct addrinfo)); @@ -96,7 +96,7 @@ compare_addrinfo_(struct addrinfo *ai1, struct addrinfo *ai2) { if ((ai1 == NULL) || (ai2 == NULL)) return (-1); - + if ((ai1->ai_flags != ai2->ai_flags) || (ai1->ai_family != ai2->ai_family) || (ai1->ai_socktype != ai2->ai_socktype) || @@ -107,11 +107,11 @@ compare_addrinfo_(struct addrinfo *ai1, struct addrinfo *ai2) (((ai1->ai_canonname == NULL) || (ai2->ai_canonname == NULL)) && (ai1->ai_canonname != ai2->ai_canonname))) return (-1); - - if ((ai1->ai_canonname != NULL) && + + if ((ai1->ai_canonname != NULL) && (strcmp(ai1->ai_canonname, ai2->ai_canonname) != 0)) return (-1); - + if ((ai1->ai_addr != NULL) && (memcmp(ai1->ai_addr, ai2->ai_addr, ai1->ai_addrlen) != 0)) return (-1); @@ -122,17 +122,17 @@ compare_addrinfo_(struct addrinfo *ai1, struct addrinfo *ai2) return (compare_addrinfo_(ai1->ai_next, ai2->ai_next)); } -static int +static int compare_addrinfo(struct addrinfo *ai1, struct addrinfo *ai2, void *mdata) { int rv; - + if (debug) { printf("testing equality of 2 addrinfo structures\n"); } rv = compare_addrinfo_(ai1, ai2); - + if (debug) { if (rv == 0) printf("equal\n"); @@ -142,16 +142,16 @@ compare_addrinfo(struct addrinfo *ai1, struct addrinfo *ai2, void *mdata) printf("not equal\n"); } } - + return (rv); } -void +void free_addrinfo(struct addrinfo *ai) { if (ai == NULL) return; - + free(ai->ai_addr); free(ai->ai_canonname); free_addrinfo(ai->ai_next); @@ -159,9 +159,9 @@ free_addrinfo(struct addrinfo *ai) void sdump_addrinfo(struct addrinfo *ai, char *buffer, size_t buflen) -{ +{ int written, i; - + written = snprintf(buffer, buflen, "%d %d %d %d %d ", ai->ai_flags, ai->ai_family, ai->ai_socktype, ai->ai_protocol, ai->ai_addrlen); @@ -169,14 +169,14 @@ sdump_addrinfo(struct addrinfo *ai, char *buffer, size_t buflen) if (written > buflen) return; buflen -= written; - + written = snprintf(buffer, buflen, "%s ", ai->ai_canonname == NULL ? "(null)" : ai->ai_canonname); buffer += written; if (written > buflen) return; buflen -= written; - + if (ai->ai_addr == NULL) { written = snprintf(buffer, buflen, "(null)"); buffer += written; @@ -185,26 +185,26 @@ sdump_addrinfo(struct addrinfo *ai, char *buffer, size_t buflen) buflen -= written; } else { for (i = 0; i < ai->ai_addrlen; ++i ) { - written = snprintf(buffer, buflen, + written = snprintf(buffer, buflen, i + 1 != ai->ai_addrlen ? "%d." : "%d", ((unsigned char *)ai->ai_addr)[i]); buffer += written; if (written > buflen) return; buflen -= written; - + if (buflen == 0) return; - } + } } - + if (ai->ai_next != NULL) { written = snprintf(buffer, buflen, ":"); buffer += written; if (written > buflen) return; buflen -= written; - + sdump_addrinfo(ai->ai_next, buffer, buflen); } } @@ -224,12 +224,12 @@ static int addrinfo_read_snapshot_addr(char *addr, unsigned char *result, size_t len) { char *s, *ps, *ts; - + ps = addr; while ( (s = strsep(&ps, ".")) != NULL) { if (len == 0) return (-1); - + *result = (unsigned char)strtol(s, &ts, 10); ++result; if (*ts != '\0') @@ -265,7 +265,7 @@ addrinfo_read_snapshot_ai(struct addrinfo *ai, char *line) goto fin; break; case 4: - ai->ai_addrlen = (socklen_t)strtol(s, &ts, 10); + ai->ai_addrlen = (socklen_t)strtol(s, &ts, 10); if (*ts != '\0') goto fin; break; @@ -274,7 +274,7 @@ addrinfo_read_snapshot_ai(struct addrinfo *ai, char *line) ai->ai_canonname = strdup(s); assert(ai->ai_canonname != NULL); } - break; + break; case 6: if (strcmp(s, "(null)") != 0) { ai->ai_addr = (struct sockaddr *)malloc( @@ -284,7 +284,7 @@ addrinfo_read_snapshot_ai(struct addrinfo *ai, char *line) rv = addrinfo_read_snapshot_addr(s, (unsigned char *)ai->ai_addr, ai->ai_addrlen); - + if (rv != 0) goto fin; } @@ -294,18 +294,18 @@ addrinfo_read_snapshot_ai(struct addrinfo *ai, char *line) rv = -1; goto fin; }; - + ++i; } fin: - if ((i != 7) || (rv != 0)) { + if ((i != 7) || (rv != 0)) { free_addrinfo(ai); memset(ai, 0, sizeof(struct addrinfo)); return (-1); } - - return (0); + + return (0); } static int @@ -317,33 +317,33 @@ addrinfo_read_snapshot_func(struct addrinfo *ai, char *line) if (debug) printf("1 line read from snapshot:\n%s\n", line); - + rv = 0; i = 0; ps = line; - + s = strsep(&ps, ":"); if (s == NULL) return (-1); - + rv = addrinfo_read_snapshot_ai(ai, s); if (rv != 0) return (-1); - + ai2 = ai; while ( (s = strsep(&ps, ":")) != NULL) { ai2->ai_next = (struct addrinfo *)malloc( sizeof(struct addrinfo)); assert(ai2->ai_next != NULL); memset(ai2->ai_next, 0, sizeof(struct addrinfo)); - + rv = addrinfo_read_snapshot_ai(ai2->ai_next, s); if (rv != 0) { - free_addrinfo(ai); + free_addrinfo(ai); return (-1); } - ai2 = ai2->ai_next; + ai2 = ai2->ai_next; } return (0); @@ -356,36 +356,36 @@ addrinfo_test_correctness(struct addrinfo *ai, void *mdata) printf("testing correctness with the following data:\n"); dump_addrinfo(ai); } - + if (ai == NULL) goto errfin; - + if (!((ai->ai_family >= 0) && (ai->ai_family < AF_MAX))) goto errfin; - + if ((ai->ai_socktype != 0) && (ai->ai_socktype != SOCK_STREAM) && (ai->ai_socktype != SOCK_DGRAM) && (ai->ai_socktype != SOCK_RAW)) goto errfin; - + if ((ai->ai_protocol != 0) && (ai->ai_protocol != IPPROTO_UDP) && (ai->ai_protocol != IPPROTO_TCP)) goto errfin; - + if ((ai->ai_flags & ~(AI_CANONNAME | AI_NUMERICHOST | AI_PASSIVE)) != 0) goto errfin; - if ((ai->ai_addrlen != ai->ai_addr->sa_len) || + if ((ai->ai_addrlen != ai->ai_addr->sa_len) || (ai->ai_family != ai->ai_addr->sa_family)) goto errfin; - + if (debug) printf("correct\n"); - - return (0); + + return (0); errfin: if (debug) printf("incorrect\n"); - + return (-1); } @@ -393,27 +393,27 @@ static int addrinfo_read_hostlist_func(struct addrinfo *ai, char *line) { struct addrinfo *result; - int rv; - + int rv; + if (debug) printf("resolving %s: ", line); rv = getaddrinfo(line, NULL, &hints, &result); if (rv == 0) { if (debug) printf("found\n"); - + rv = addrinfo_test_correctness(result, NULL); if (rv != 0) { freeaddrinfo(result); return (rv); } - + clone_addrinfo(ai, result); freeaddrinfo(result); } else { if (debug) printf("not found\n"); - + memset(ai, 0, sizeof(struct addrinfo)); } return (0); @@ -435,10 +435,10 @@ main(int argc, char **argv) char *snapshot_file, *hostlist_file; int rv; int c; - + if (argc < 2) usage(); - + snapshot_file = NULL; hostlist_file = NULL; memset(&hints, 0, sizeof(struct addrinfo)); @@ -465,38 +465,38 @@ main(int argc, char **argv) default: usage(); } - + TEST_DATA_INIT(addrinfo, &td, clone_addrinfo, free_addrinfo); TEST_DATA_INIT(addrinfo, &td_snap, clone_addrinfo, free_addrinfo); - + if (hostlist_file == NULL) usage(); - + if (access(hostlist_file, R_OK) != 0) { if (debug) printf("can't access the hostlist file %s\n", hostlist_file); - + usage(); } - + if (debug) printf("building host lists from %s\n", hostlist_file); - + rv = TEST_SNAPSHOT_FILE_READ(addrinfo, hostlist_file, &td, addrinfo_read_hostlist_func); if (rv != 0) goto fin; - + if (snapshot_file != NULL) { - if (access(snapshot_file, W_OK | R_OK) != 0) { + if (access(snapshot_file, W_OK | R_OK) != 0) { if (errno == ENOENT) method = TEST_BUILD_SNAPSHOT; else { if (debug) printf("can't access the snapshot file %s\n", snapshot_file); - + rv = -1; goto fin; } @@ -510,7 +510,7 @@ main(int argc, char **argv) } } } - + switch (method) { case TEST_GETADDRINFO: if (snapshot_file != NULL) @@ -519,7 +519,7 @@ main(int argc, char **argv) break; case TEST_BUILD_SNAPSHOT: if (snapshot_file != NULL) { - rv = TEST_SNAPSHOT_FILE_WRITE(addrinfo, snapshot_file, &td, + rv = TEST_SNAPSHOT_FILE_WRITE(addrinfo, snapshot_file, &td, sdump_addrinfo); } break; diff --git a/tools/regression/lib/libc/nss/test-getgr.c b/tools/regression/lib/libc/nss/test-getgr.c index 322c636..0ccebae 100644 --- a/tools/regression/lib/libc/nss/test-getgr.c +++ b/tools/regression/lib/libc/nss/test-getgr.c @@ -63,14 +63,14 @@ static void free_group(struct group *); static void sdump_group(struct group *, char *, size_t); static int group_read_snapshot_func(struct group *, char *); -static int group_check_ambiguity(struct group_test_data *, +static int group_check_ambiguity(struct group_test_data *, struct group *); static int group_fill_test_data(struct group_test_data *); static int group_test_correctness(struct group *, void *); static int group_test_getgrnam(struct group *, void *); static int group_test_getgrgid(struct group *, void *); static int group_test_getgrent(struct group *, void *); - + static void usage(void) __attribute__((__noreturn__)); IMPLEMENT_TEST_DATA(group) @@ -83,33 +83,33 @@ clone_group(struct group *dest, struct group const *src) { assert(dest != NULL); assert(src != NULL); - + char **cp; int members_num; - + memset(dest, 0, sizeof(struct group)); - + if (src->gr_name != NULL) { dest->gr_name = strdup(src->gr_name); assert(dest->gr_name != NULL); } - + if (src->gr_passwd != NULL) { dest->gr_passwd = strdup(src->gr_passwd); assert(dest->gr_passwd != NULL); } dest->gr_gid = src->gr_gid; - + if (src->gr_mem != NULL) { members_num = 0; for (cp = src->gr_mem; *cp; ++cp) ++members_num; - + dest->gr_mem = (char **)malloc( (members_num + 1) * (sizeof(char *))); assert(dest->gr_mem != NULL); memset(dest->gr_mem, 0, (members_num+1) * (sizeof(char *))); - + for (cp = src->gr_mem; *cp; ++cp) { dest->gr_mem[cp - src->gr_mem] = strdup(*cp); assert(dest->gr_mem[cp - src->gr_mem] != NULL); @@ -117,52 +117,52 @@ clone_group(struct group *dest, struct group const *src) } } -static void +static void free_group(struct group *grp) { char **cp; - + assert(grp != NULL); - + free(grp->gr_name); free(grp->gr_passwd); - + for (cp = grp->gr_mem; *cp; ++cp) free(*cp); free(grp->gr_mem); } -static int +static int compare_group(struct group *grp1, struct group *grp2, void *mdata) { char **c1, **c2; - + if (grp1 == grp2) return (0); - + if ((grp1 == NULL) || (grp2 == NULL)) goto errfin; - + if ((strcmp(grp1->gr_name, grp2->gr_name) != 0) || (strcmp(grp1->gr_passwd, grp2->gr_passwd) != 0) || (grp1->gr_gid != grp2->gr_gid)) goto errfin; - + c1 = grp1->gr_mem; c2 = grp2->gr_mem; - + if ((grp1->gr_mem == NULL) || (grp2->gr_mem == NULL)) goto errfin; - + for (;*c1 && *c2; ++c1, ++c2) if (strcmp(*c1, *c2) != 0) goto errfin; - + if ((*c1 != '\0') || (*c2 != '\0')) goto errfin; - + return 0; - + errfin: if ((debug) && (mdata == NULL)) { printf("following structures are not equal:\n"); @@ -178,14 +178,14 @@ sdump_group(struct group *grp, char *buffer, size_t buflen) { char **cp; int written; - + written = snprintf(buffer, buflen, "%s %s %d", - grp->gr_name, grp->gr_passwd, grp->gr_gid); + grp->gr_name, grp->gr_passwd, grp->gr_gid); buffer += written; if (written > buflen) return; buflen -= written; - + if (grp->gr_mem != NULL) { if (*(grp->gr_mem) != '\0') { for (cp = grp->gr_mem; *cp; ++cp) { @@ -194,9 +194,9 @@ sdump_group(struct group *grp, char *buffer, size_t buflen) if (written > buflen) return; buflen -= written; - + if (buflen == 0) - return; + return; } } else snprintf(buffer, buflen, " nomem"); @@ -213,7 +213,7 @@ group_read_snapshot_func(struct group *grp, char *line) if (debug) printf("1 line read from snapshot:\n%s\n", line); - + i = 0; sl = NULL; ps = line; @@ -243,10 +243,10 @@ group_read_snapshot_func(struct group *grp, char *line) if (sl == NULL) { if (strcmp(s, "(null)") == 0) return (0); - + sl = sl_init(); assert(sl != NULL); - + if (strcmp(s, "nomem") != 0) { ts = strdup(s); assert(ts != NULL); @@ -257,7 +257,7 @@ group_read_snapshot_func(struct group *grp, char *line) assert(ts != NULL); sl_add(sl, ts); } - break; + break; }; ++i; } @@ -268,16 +268,16 @@ group_read_snapshot_func(struct group *grp, char *line) memset(grp, 0, sizeof(struct group)); return (-1); } - + sl_add(sl, NULL); grp->gr_mem = sl->sl_str; /* NOTE: is it a dirty hack or not? */ - free(sl); + free(sl); return (0); } -static void +static void dump_group(struct group *result) { if (result != NULL) { @@ -292,7 +292,7 @@ static int group_fill_test_data(struct group_test_data *td) { struct group *grp; - + setgroupent(1); while ((grp = getgrent()) != NULL) { if (group_test_correctness(grp, NULL) == 0) @@ -301,7 +301,7 @@ group_fill_test_data(struct group_test_data *td) return (-1); } endgrent(); - + return (0); } @@ -312,37 +312,37 @@ group_test_correctness(struct group *grp, void *mdata) printf("testing correctness with the following data:\n"); dump_group(grp); } - + if (grp == NULL) goto errfin; - + if (grp->gr_name == NULL) goto errfin; - + if (grp->gr_passwd == NULL) goto errfin; - + if (grp->gr_mem == NULL) goto errfin; - + if (debug) printf("correct\n"); - - return (0); + + return (0); errfin: if (debug) printf("incorrect\n"); - + return (-1); } /* group_check_ambiguity() is needed here because when doing the getgrent() - * calls sequence, records from different nsswitch sources can be different, + * calls sequence, records from different nsswitch sources can be different, * though having the same pw_name/pw_uid */ static int group_check_ambiguity(struct group_test_data *td, struct group *pwd) { - + return (TEST_DATA_FIND(group, td, pwd, compare_group, NULL) != NULL ? 0 : -1); } @@ -351,7 +351,7 @@ static int group_test_getgrnam(struct group *grp_model, void *mdata) { struct group *grp; - + if (debug) { printf("testing getgrnam() with the following data:\n"); dump_group(grp_model); @@ -360,20 +360,20 @@ group_test_getgrnam(struct group *grp_model, void *mdata) grp = getgrnam(grp_model->gr_name); if (group_test_correctness(grp, NULL) != 0) goto errfin; - + if ((compare_group(grp, grp_model, NULL) != 0) && - (group_check_ambiguity((struct group_test_data *)mdata, grp) + (group_check_ambiguity((struct group_test_data *)mdata, grp) !=0)) goto errfin; - + if (debug) printf("ok\n"); return (0); - + errfin: if (debug) printf("not ok\n"); - + return (-1); } @@ -381,14 +381,14 @@ static int group_test_getgrgid(struct group *grp_model, void *mdata) { struct group *grp; - + if (debug) { printf("testing getgrgid() with the following data...\n"); dump_group(grp_model); - } - + } + grp = getgrgid(grp_model->gr_gid); - if ((group_test_correctness(grp, NULL) != 0) || + if ((group_test_correctness(grp, NULL) != 0) || ((compare_group(grp, grp_model, NULL) != 0) && (group_check_ambiguity((struct group_test_data *)mdata, grp) != 0))) { @@ -402,7 +402,7 @@ group_test_getgrgid(struct group *grp_model, void *mdata) } } -static int +static int group_test_getgrent(struct group *grp, void *mdata) { /* Only correctness can be checked when doing 1-pass test for @@ -426,10 +426,10 @@ main(int argc, char **argv) char *snapshot_file; int rv; int c; - + if (argc < 2) usage(); - + snapshot_file = NULL; while ((c = getopt(argc, argv, "nge2ds:")) != -1) switch (c) { @@ -454,18 +454,18 @@ main(int argc, char **argv) default: usage(); } - + TEST_DATA_INIT(group, &td, clone_group, free_group); TEST_DATA_INIT(group, &td_snap, clone_group, free_group); if (snapshot_file != NULL) { - if (access(snapshot_file, W_OK | R_OK) != 0) { + if (access(snapshot_file, W_OK | R_OK) != 0) { if (errno == ENOENT) method = TEST_BUILD_SNAPSHOT; else { if (debug) printf("can't access the file %s\n", snapshot_file); - + rv = -1; goto fin; } @@ -474,12 +474,12 @@ main(int argc, char **argv) rv = 0; goto fin; } - + TEST_SNAPSHOT_FILE_READ(group, snapshot_file, &td_snap, group_read_snapshot_func); } } - + rv = group_fill_test_data(&td); if (rv == -1) return (-1); @@ -489,7 +489,7 @@ main(int argc, char **argv) rv = DO_1PASS_TEST(group, &td, group_test_getgrnam, (void *)&td); else - rv = DO_1PASS_TEST(group, &td_snap, + rv = DO_1PASS_TEST(group, &td_snap, group_test_getgrnam, (void *)&td_snap); break; case TEST_GETGRGID: @@ -497,7 +497,7 @@ main(int argc, char **argv) rv = DO_1PASS_TEST(group, &td, group_test_getgrgid, (void *)&td); else - rv = DO_1PASS_TEST(group, &td_snap, + rv = DO_1PASS_TEST(group, &td_snap, group_test_getgrgid, (void *)&td_snap); break; case TEST_GETGRENT: @@ -510,7 +510,7 @@ main(int argc, char **argv) break; case TEST_GETGRENT_2PASS: TEST_DATA_INIT(group, &td_2pass, clone_group, free_group); - rv = group_fill_test_data(&td_2pass); + rv = group_fill_test_data(&td_2pass); if (rv != -1) rv = DO_2PASS_TEST(group, &td, &td_2pass, compare_group, NULL); @@ -518,7 +518,7 @@ main(int argc, char **argv) break; case TEST_BUILD_SNAPSHOT: if (snapshot_file != NULL) - rv = TEST_SNAPSHOT_FILE_WRITE(group, snapshot_file, &td, + rv = TEST_SNAPSHOT_FILE_WRITE(group, snapshot_file, &td, sdump_group); break; default: @@ -529,6 +529,6 @@ main(int argc, char **argv) fin: TEST_DATA_DESTROY(group, &td_snap); TEST_DATA_DESTROY(group, &td); - free(snapshot_file); + free(snapshot_file); return (rv); } diff --git a/tools/regression/lib/libc/nss/test-gethostby.c b/tools/regression/lib/libc/nss/test-gethostby.c index 77455e7..c6cacc0 100644 --- a/tools/regression/lib/libc/nss/test-gethostby.c +++ b/tools/regression/lib/libc/nss/test-gethostby.c @@ -90,7 +90,7 @@ static int hostent_test_correctness(struct hostent *, void *); static int hostent_test_gethostbyaddr(struct hostent *, void *); static int hostent_test_getaddrinfo_eq(struct hostent *, void *); static int hostent_test_getnameinfo_eq(struct hostent *, void *); - + static void usage(void) __attribute__((__noreturn__)); IMPLEMENT_TEST_DATA(hostent) @@ -103,7 +103,7 @@ __gethostbyname2(const char *name, int af) { struct hostent *he; int error; - + if (use_ipnode_functions == 0) he = gethostbyname2(name, af); else { @@ -112,7 +112,7 @@ __gethostbyname2(const char *name, int af) if (he == NULL); errno = error; } - + return (he); } @@ -121,7 +121,7 @@ __gethostbyaddr(const void *addr, socklen_t len, int af) { struct hostent *he; int error; - + if (use_ipnode_functions == 0) he = gethostbyaddr(addr, len, af); else { @@ -130,8 +130,8 @@ __gethostbyaddr(const void *addr, socklen_t len, int af) if (he == NULL) errno = error; } - - return (he); + + return (he); } static void @@ -147,44 +147,44 @@ clone_hostent(struct hostent *dest, struct hostent const *src) { assert(dest != NULL); assert(src != NULL); - + char **cp; int aliases_num; int addrs_num; size_t offset; - + memset(dest, 0, sizeof(struct hostent)); - + if (src->h_name != NULL) { dest->h_name = strdup(src->h_name); assert(dest->h_name != NULL); } - + dest->h_addrtype = src->h_addrtype; dest->h_length = src->h_length; - + if (src->h_aliases != NULL) { aliases_num = 0; for (cp = src->h_aliases; *cp; ++cp) ++aliases_num; - + dest->h_aliases = (char **)malloc((aliases_num + 1) * (sizeof(char *))); assert(dest->h_aliases != NULL); memset(dest->h_aliases, 0, (aliases_num + 1) * (sizeof(char *))); - + for (cp = src->h_aliases; *cp; ++cp) { dest->h_aliases[cp - src->h_aliases] = strdup(*cp); assert(dest->h_aliases[cp - src->h_aliases] != NULL); } } - + if (src->h_addr_list != NULL) { addrs_num = 0; for (cp = src->h_addr_list; *cp; ++cp) ++addrs_num; - + dest->h_addr_list = (char **)malloc((addrs_num + 1) * (sizeof(char *))); assert(dest->h_addr_list != NULL); @@ -193,7 +193,7 @@ clone_hostent(struct hostent *dest, struct hostent const *src) for (cp = src->h_addr_list; *cp; ++cp) { offset = cp - src->h_addr_list; - dest->h_addr_list[offset] = + dest->h_addr_list[offset] = (char *)malloc(src->h_length); assert(dest->h_addr_list[offset] != NULL); memcpy(dest->h_addr_list[offset], @@ -202,15 +202,15 @@ clone_hostent(struct hostent *dest, struct hostent const *src) } } -static void +static void free_hostent(struct hostent *ht) { char **cp; - + assert(ht != NULL); - + free(ht->h_name); - + if (ht->h_aliases != NULL) { for (cp = ht->h_aliases; *cp; ++cp) free(*cp); @@ -224,33 +224,33 @@ free_hostent(struct hostent *ht) } } -static int +static int compare_hostent(struct hostent *ht1, struct hostent *ht2, void *mdata) { char **c1, **c2, **ct, **cb; int b; - + if (ht1 == ht2) return 0; - + if ((ht1 == NULL) || (ht2 == NULL)) goto errfin; - + if ((ht1->h_name == NULL) || (ht2->h_name == NULL)) goto errfin; - + if ((ht1->h_addrtype != ht2->h_addrtype) || - (ht1->h_length != ht2->h_length) || + (ht1->h_length != ht2->h_length) || (strcmp(ht1->h_name, ht2->h_name) != 0)) goto errfin; - + c1 = ht1->h_aliases; c2 = ht2->h_aliases; - + if (((ht1->h_aliases == NULL) || (ht2->h_aliases == NULL)) && (ht1->h_aliases != ht2->h_aliases)) goto errfin; - + if ((c1 != NULL) && (c2 != NULL)) { cb = c1; for (;*c1; ++c1) { @@ -286,14 +286,14 @@ compare_hostent(struct hostent *ht1, struct hostent *ht2, void *mdata) } } } - + c1 = ht1->h_addr_list; c2 = ht2->h_addr_list; - + if (((ht1->h_addr_list == NULL) || (ht2->h_addr_list== NULL)) && (ht1->h_addr_list != ht2->h_addr_list)) goto errfin; - + if ((c1 != NULL) && (c2 != NULL)) { cb = c1; for (;*c1; ++c1) { @@ -311,7 +311,7 @@ compare_hostent(struct hostent *ht1, struct hostent *ht2, void *mdata) goto errfin; } } - + c1 = cb; for (;*c2; ++c2) { b = 0; @@ -331,7 +331,7 @@ compare_hostent(struct hostent *ht1, struct hostent *ht2, void *mdata) } return 0; - + errfin: if ((debug) && (mdata == NULL)) { printf("following structures are not equal:\n"); @@ -346,28 +346,28 @@ static int check_addrinfo_for_name(struct addrinfo *ai, char const *name) { struct addrinfo *ai2; - + for (ai2 = ai; ai2 != NULL; ai2 = ai2->ai_next) { if (strcmp(ai2->ai_canonname, name) == 0) return (0); } - + return (-1); } static int -check_addrinfo_for_addr(struct addrinfo *ai, char const *addr, +check_addrinfo_for_addr(struct addrinfo *ai, char const *addr, socklen_t addrlen, int af) { struct addrinfo *ai2; - + for (ai2 = ai; ai2 != NULL; ai2 = ai2->ai_next) { if (af != ai2->ai_family) continue; - + switch (af) { case AF_INET: - if (memcmp(addr, + if (memcmp(addr, (void *)&((struct sockaddr_in *)ai2->ai_addr)->sin_addr, min(addrlen, ai2->ai_addrlen)) == 0) return (0); @@ -382,24 +382,24 @@ check_addrinfo_for_addr(struct addrinfo *ai, char const *addr, break; } } - + return (-1); } -static int +static int is_hostent_equal(struct hostent *he, struct addrinfo *ai) { char **cp; int rv; - + if (debug) printf("checking equality of he and ai\n"); - + rv = check_addrinfo_for_name(ai, he->h_name); if (rv != 0) { if (debug) printf("not equal - he->h_name couldn't be found\n"); - + return (rv); } @@ -409,14 +409,14 @@ is_hostent_equal(struct hostent *he, struct addrinfo *ai) if (rv != 0) { if (debug) printf("not equal - one of he->h_addr_list couldn't be found\n"); - + return (rv); } } - + if (debug) printf("equal\n"); - + return (0); } @@ -426,14 +426,14 @@ sdump_hostent(struct hostent *ht, char *buffer, size_t buflen) char **cp; size_t i; int written; - + written = snprintf(buffer, buflen, "%s %d %d", ht->h_name, ht->h_addrtype, ht->h_length); buffer += written; if (written > buflen) return; buflen -= written; - + if (ht->h_aliases != NULL) { if (*(ht->h_aliases) != NULL) { for (cp = ht->h_aliases; *cp; ++cp) { @@ -442,53 +442,53 @@ sdump_hostent(struct hostent *ht, char *buffer, size_t buflen) if (written > buflen) return; buflen -= written; - + if (buflen == 0) - return; + return; } } else { written = snprintf(buffer, buflen, " noaliases"); buffer += written; if (written > buflen) return; - buflen -= written; + buflen -= written; } } else { written = snprintf(buffer, buflen, " (null)"); buffer += written; if (written > buflen) return; - buflen -= written; + buflen -= written; } - + written = snprintf(buffer, buflen, " : "); buffer += written; if (written > buflen) return; - buflen -= written; + buflen -= written; if (ht->h_addr_list != NULL) { if (*(ht->h_addr_list) != NULL) { for (cp = ht->h_addr_list; *cp; ++cp) { for (i = 0; i < ht->h_length; ++i ) { - written = snprintf(buffer, buflen, + written = snprintf(buffer, buflen, i + 1 != ht->h_length ? "%d." : "%d", (unsigned char)(*cp)[i]); buffer += written; if (written > buflen) return; buflen -= written; - + if (buflen == 0) return; } - + if (*(cp + 1) ) { written = snprintf(buffer, buflen, " "); buffer += written; if (written > buflen) return; - buflen -= written; + buflen -= written; } } } else { @@ -496,42 +496,42 @@ sdump_hostent(struct hostent *ht, char *buffer, size_t buflen) buffer += written; if (written > buflen) return; - buflen -= written; + buflen -= written; } } else { written = snprintf(buffer, buflen, " (null)"); buffer += written; if (written > buflen) return; - buflen -= written; - } + buflen -= written; + } } static int hostent_read_hostlist_func(struct hostent *he, char *line) { struct hostent *result; - int rv; - + int rv; + if (debug) printf("resolving %s: ", line); result = __gethostbyname2(line, af_type); if (result != NULL) { if (debug) printf("found\n"); - + rv = hostent_test_correctness(result, NULL); if (rv != 0) { __freehostent(result); return (rv); } - + clone_hostent(he, result); __freehostent(result); } else { if (debug) printf("not found\n"); - + memset(he, 0, sizeof(struct hostent)); he->h_name = strdup(line); assert(he->h_name != NULL); @@ -543,12 +543,12 @@ static int hostent_read_snapshot_addr(char *addr, unsigned char *result, size_t len) { char *s, *ps, *ts; - + ps = addr; while ( (s = strsep(&ps, ".")) != NULL) { if (len == 0) return (-1); - + *result = (unsigned char)strtol(s, &ts, 10); ++result; if (*ts != '\0') @@ -571,7 +571,7 @@ hostent_read_snapshot_func(struct hostent *ht, char *line) if (debug) printf("1 line read from snapshot:\n%s\n", line); - + rv = 0; i = 0; sl1 = sl2 = NULL; @@ -595,15 +595,15 @@ hostent_read_snapshot_func(struct hostent *ht, char *line) if (*ts != '\0') goto fin; break; - + case 3: if (sl1 == NULL) { if (strcmp(s, "(null)") == 0) return (0); - + sl1 = sl_init(); assert(sl1 != NULL); - + if (strcmp(s, "noaliases") != 0) { ts = strdup(s); assert(ts != NULL); @@ -618,16 +618,16 @@ hostent_read_snapshot_func(struct hostent *ht, char *line) sl_add(sl1, ts); } } - break; + break; case 4: if (sl2 == NULL) { if (strcmp(s, "(null)") == 0) return (0); - + sl2 = sl_init(); assert(sl2 != NULL); - + if (strcmp(s, "noaddrs") != 0) { ts = (char *)malloc(ht->h_length); assert(ts != NULL); @@ -650,9 +650,9 @@ hostent_read_snapshot_func(struct hostent *ht, char *line) } break; default: - break; + break; }; - + if ((i != 3) && (i != 4)) ++i; } @@ -667,19 +667,19 @@ fin: ht->h_addr_list = sl2->sl_str; } - if ((i != 4) || (rv != 0)) { + if ((i != 4) || (rv != 0)) { free_hostent(ht); memset(ht, 0, sizeof(struct hostent)); return (-1); } - + /* NOTE: is it a dirty hack or not? */ free(sl1); - free(sl2); + free(sl2); return (0); } -static void +static void dump_hostent(struct hostent *result) { if (result != NULL) { @@ -697,34 +697,34 @@ hostent_test_correctness(struct hostent *ht, void *mdata) printf("testing correctness with the following data:\n"); dump_hostent(ht); } - + if (ht == NULL) goto errfin; - + if (ht->h_name == NULL) goto errfin; if (!((ht->h_addrtype >= 0) && (ht->h_addrtype < AF_MAX))) goto errfin; - - if ((ht->h_length != sizeof(struct in_addr)) && + + if ((ht->h_length != sizeof(struct in_addr)) && (ht->h_length != sizeof(struct in6_addr))) goto errfin; - + if (ht->h_aliases == NULL) goto errfin; - + if (ht->h_addr_list == NULL) goto errfin; - + if (debug) printf("correct\n"); - - return (0); + + return (0); errfin: if (debug) printf("incorrect\n"); - + return (-1); } @@ -733,23 +733,23 @@ hostent_test_gethostbyaddr(struct hostent *he, void *mdata) { struct hostent *result; struct hostent_test_data *addr_test_data; - int rv; - + int rv; + addr_test_data = (struct hostent_test_data *)mdata; - + /* We should omit unresolved hostents */ if (he->h_addr_list != NULL) { char **cp; for (cp = he->h_addr_list; *cp; ++cp) { if (debug) printf("doing reverse lookup for %s\n", he->h_name); - + result = __gethostbyaddr(*cp, he->h_length, he->h_addrtype); if (result == NULL) { if (debug) printf("warning: reverse lookup failed\n"); - + continue; } rv = hostent_test_correctness(result, NULL); @@ -757,14 +757,14 @@ hostent_test_gethostbyaddr(struct hostent *he, void *mdata) __freehostent(result); return (rv); } - + if (addr_test_data != NULL) TEST_DATA_APPEND(hostent, addr_test_data, result); - + __freehostent(result); } } - + return (0); } @@ -772,16 +772,16 @@ static int hostent_test_getaddrinfo_eq(struct hostent *he, void *mdata) { struct addrinfo *ai, hints; - int rv; - + int rv; + ai = NULL; memset(&hints, 0, sizeof(struct addrinfo)); hints.ai_family = af_type; hints.ai_flags = AI_CANONNAME; - + if (debug) printf("using getaddrinfo() to resolve %s\n", he->h_name); - + /* struct hostent *he was not resolved */ if (he->h_addr_list == NULL) { /* We can be sure that he->h_name is not NULL */ @@ -798,20 +798,20 @@ hostent_test_getaddrinfo_eq(struct hostent *he, void *mdata) printf("not ok - should have beed resolved\n"); return (-1); } - + rv = is_hostent_equal(he, ai); if (rv != 0) { if (debug) printf("not ok - addrinfo and hostent are not equal\n"); return (-1); } - + } - + return (0); } -static int +static int hostent_test_getnameinfo_eq(struct hostent *he, void *mdata) { char buffer[NI_MAXHOST]; @@ -820,13 +820,13 @@ hostent_test_getnameinfo_eq(struct hostent *he, void *mdata) struct sockaddr *saddr; struct hostent *result; int rv; - + if (he->h_addr_list != NULL) { char **cp; for (cp = he->h_addr_list; *cp; ++cp) { if (debug) printf("doing reverse lookup for %s\n", he->h_name); - + result = __gethostbyaddr(*cp, he->h_length, he->h_addrtype); if (result != NULL) { @@ -837,16 +837,16 @@ hostent_test_getnameinfo_eq(struct hostent *he, void *mdata) } } else { if (debug) - printf("reverse lookup failed\n"); + printf("reverse lookup failed\n"); } - + switch (he->h_addrtype) { case AF_INET: memset(&sin, 0, sizeof(struct sockaddr_in)); sin.sin_len = sizeof(struct sockaddr_in); sin.sin_family = AF_INET; memcpy(&sin.sin_addr, *cp, he->h_length); - + saddr = (struct sockaddr *)&sin; break; case AF_INET6: @@ -854,7 +854,7 @@ hostent_test_getnameinfo_eq(struct hostent *he, void *mdata) sin6.sin6_len = sizeof(struct sockaddr_in6); sin6.sin6_family = AF_INET6; memcpy(&sin6.sin6_addr, *cp, he->h_length); - + saddr = (struct sockaddr *)&sin6; break; default: @@ -863,38 +863,38 @@ hostent_test_getnameinfo_eq(struct hostent *he, void *mdata) he->h_addrtype); continue; } - + assert(saddr != NULL); - rv = getnameinfo(saddr, saddr->sa_len, buffer, + rv = getnameinfo(saddr, saddr->sa_len, buffer, sizeof(buffer), NULL, 0, NI_NAMEREQD); - + if ((rv != 0) && (result != NULL)) { if (debug) printf("not ok - getnameinfo() didn't make the reverse lookup, when it should have (%s)\n", gai_strerror(rv)); return (rv); } - + if ((rv == 0) && (result == NULL)) { if (debug) - printf("not ok - getnameinfo() made the reverse lookup, when it shouldn't have\n"); + printf("not ok - getnameinfo() made the reverse lookup, when it shouldn't have\n"); return (rv); } - + if ((rv != 0) && (result == NULL)) { if (debug) printf("ok - both getnameinfo() and ***byaddr() failed\n"); - + continue; } - + if (debug) printf("comparing %s with %s\n", result->h_name, - buffer); - + buffer); + rv = strcmp(result->h_name, buffer); __freehostent(result); - + if (rv != 0) { if (debug) printf("not ok - getnameinfo() and ***byaddr() results are not equal\n"); @@ -903,10 +903,10 @@ hostent_test_getnameinfo_eq(struct hostent *he, void *mdata) if (debug) printf("ok - getnameinfo() and ***byaddr() results are equal\n"); } - } + } } - - return (0); + + return (0); } static void @@ -923,13 +923,13 @@ main(int argc, char **argv) { struct hostent_test_data td, td_addr, td_snap; char *snapshot_file, *hostlist_file; - res_state statp; + res_state statp; int rv; int c; - + if (argc < 2) usage(); - + snapshot_file = NULL; hostlist_file = NULL; while ((c = getopt(argc, argv, "nad2iod46mAcMs:f:")) != -1) @@ -986,37 +986,37 @@ main(int argc, char **argv) if (use_ipnode_functions == 0) { statp = __res_state(); - if ((statp == NULL) || ((statp->options & RES_INIT) == 0 && + if ((statp == NULL) || ((statp->options & RES_INIT) == 0 && res_ninit(statp) == -1)) { if (debug) printf("error: can't init res_state\n"); - + free(snapshot_file); free(hostlist_file); return (-1); } - - if (use_ipv6_mapping == 0) + + if (use_ipv6_mapping == 0) statp->options &= ~RES_USE_INET6; else statp->options |= RES_USE_INET6; } - + TEST_DATA_INIT(hostent, &td, clone_hostent, free_hostent); TEST_DATA_INIT(hostent, &td_addr, clone_hostent, free_hostent); TEST_DATA_INIT(hostent, &td_snap, clone_hostent, free_hostent); - + if (hostlist_file == NULL) usage(); - + if (access(hostlist_file, R_OK) != 0) { if (debug) printf("can't access the hostlist file %s\n", hostlist_file); - + usage(); } - + if (debug) printf("building host lists from %s\n", hostlist_file); @@ -1024,9 +1024,9 @@ main(int argc, char **argv) hostent_read_hostlist_func); if (rv != 0) goto fin; - + if (snapshot_file != NULL) { - if (access(snapshot_file, W_OK | R_OK) != 0) { + if (access(snapshot_file, W_OK | R_OK) != 0) { if (errno == ENOENT) { if (method != TEST_GETHOSTBYADDR) method = TEST_BUILD_SNAPSHOT; @@ -1036,7 +1036,7 @@ main(int argc, char **argv) if (debug) printf("can't access the snapshot file %s\n", snapshot_file); - + rv = -1; goto fin; } @@ -1050,7 +1050,7 @@ main(int argc, char **argv) } } } - + switch (method) { case TEST_GETHOSTBYNAME2: if (snapshot_file != NULL) @@ -1062,7 +1062,7 @@ main(int argc, char **argv) hostent_test_gethostbyaddr, (void *)&td_addr); if (snapshot_file != NULL) - rv = DO_2PASS_TEST(hostent, &td_addr, &td_snap, + rv = DO_2PASS_TEST(hostent, &td_addr, &td_snap, compare_hostent, NULL); break; case TEST_GETHOSTBYNAME2_GETADDRINFO: @@ -1075,7 +1075,7 @@ main(int argc, char **argv) break; case TEST_BUILD_SNAPSHOT: if (snapshot_file != NULL) { - rv = TEST_SNAPSHOT_FILE_WRITE(hostent, snapshot_file, &td, + rv = TEST_SNAPSHOT_FILE_WRITE(hostent, snapshot_file, &td, sdump_hostent); } break; @@ -1083,8 +1083,8 @@ main(int argc, char **argv) if (snapshot_file != NULL) { rv = DO_1PASS_TEST(hostent, &td, hostent_test_gethostbyaddr, (void *)&td_addr); - - rv = TEST_SNAPSHOT_FILE_WRITE(hostent, snapshot_file, + + rv = TEST_SNAPSHOT_FILE_WRITE(hostent, snapshot_file, &td_addr, sdump_hostent); } break; diff --git a/tools/regression/lib/libc/nss/test-getproto.c b/tools/regression/lib/libc/nss/test-getproto.c index 89ad087..a3ba271 100644 --- a/tools/regression/lib/libc/nss/test-getproto.c +++ b/tools/regression/lib/libc/nss/test-getproto.c @@ -63,14 +63,14 @@ static void free_protoent(struct protoent *); static void sdump_protoent(struct protoent *, char *, size_t); static int protoent_read_snapshot_func(struct protoent *, char *); -static int protoent_check_ambiguity(struct protoent_test_data *, +static int protoent_check_ambiguity(struct protoent_test_data *, struct protoent *); static int protoent_fill_test_data(struct protoent_test_data *); static int protoent_test_correctness(struct protoent *, void *); static int protoent_test_getprotobyname(struct protoent *, void *); static int protoent_test_getprotobynumber(struct protoent *, void *); static int protoent_test_getprotoent(struct protoent *, void *); - + static void usage(void) __attribute__((__noreturn__)); IMPLEMENT_TEST_DATA(protoent) @@ -83,28 +83,28 @@ clone_protoent(struct protoent *dest, struct protoent const *src) { assert(dest != NULL); assert(src != NULL); - + char **cp; int aliases_num; - + memset(dest, 0, sizeof(struct protoent)); - + if (src->p_name != NULL) { dest->p_name = strdup(src->p_name); assert(dest->p_name != NULL); } - + dest->p_proto = src->p_proto; - + if (src->p_aliases != NULL) { aliases_num = 0; for (cp = src->p_aliases; *cp; ++cp) ++aliases_num; - + dest->p_aliases = (char **)malloc((aliases_num+1) * (sizeof(char *))); assert(dest->p_aliases != NULL); memset(dest->p_aliases, 0, (aliases_num+1) * (sizeof(char *))); - + for (cp = src->p_aliases; *cp; ++cp) { dest->p_aliases[cp - src->p_aliases] = strdup(*cp); assert(dest->p_aliases[cp - src->p_aliases] != NULL); @@ -112,50 +112,50 @@ clone_protoent(struct protoent *dest, struct protoent const *src) } } -static void +static void free_protoent(struct protoent *pe) { char **cp; - + assert(pe != NULL); - + free(pe->p_name); - + for (cp = pe->p_aliases; *cp; ++cp) free(*cp); free(pe->p_aliases); } -static int +static int compare_protoent(struct protoent *pe1, struct protoent *pe2, void *mdata) { char **c1, **c2; - + if (pe1 == pe2) return 0; - + if ((pe1 == NULL) || (pe2 == NULL)) goto errfin; - + if ((strcmp(pe1->p_name, pe2->p_name) != 0) || (pe1->p_proto != pe2->p_proto)) goto errfin; - + c1 = pe1->p_aliases; c2 = pe2->p_aliases; - + if ((pe1->p_aliases == NULL) || (pe2->p_aliases == NULL)) goto errfin; - + for (;*c1 && *c2; ++c1, ++c2) if (strcmp(*c1, *c2) != 0) goto errfin; - + if ((*c1 != '\0') || (*c2 != '\0')) goto errfin; - + return 0; - + errfin: if ((debug) && (mdata == NULL)) { printf("following structures are not equal:\n"); @@ -171,14 +171,14 @@ sdump_protoent(struct protoent *pe, char *buffer, size_t buflen) { char **cp; int written; - + written = snprintf(buffer, buflen, "%s %d", - pe->p_name, pe->p_proto); + pe->p_name, pe->p_proto); buffer += written; if (written > buflen) return; buflen -= written; - + if (pe->p_aliases != NULL) { if (*(pe->p_aliases) != '\0') { for (cp = pe->p_aliases; *cp; ++cp) { @@ -187,9 +187,9 @@ sdump_protoent(struct protoent *pe, char *buffer, size_t buflen) if (written > buflen) return; buflen -= written; - + if (buflen == 0) - return; + return; } } else snprintf(buffer, buflen, " noaliases"); @@ -206,7 +206,7 @@ protoent_read_snapshot_func(struct protoent *pe, char *line) if (debug) printf("1 line read from snapshot:\n%s\n", line); - + i = 0; sl = NULL; ps = line; @@ -230,10 +230,10 @@ protoent_read_snapshot_func(struct protoent *pe, char *line) if (sl == NULL) { if (strcmp(s, "(null)") == 0) return (0); - + sl = sl_init(); assert(sl != NULL); - + if (strcmp(s, "noaliases") != 0) { ts = strdup(s); assert(ts != NULL); @@ -244,7 +244,7 @@ protoent_read_snapshot_func(struct protoent *pe, char *line) assert(ts != NULL); sl_add(sl, ts); } - break; + break; }; ++i; } @@ -254,16 +254,16 @@ protoent_read_snapshot_func(struct protoent *pe, char *line) memset(pe, 0, sizeof(struct protoent)); return (-1); } - + sl_add(sl, NULL); pe->p_aliases = sl->sl_str; /* NOTE: is it a dirty hack or not? */ - free(sl); + free(sl); return (0); } -static void +static void dump_protoent(struct protoent *result) { if (result != NULL) { @@ -278,7 +278,7 @@ static int protoent_fill_test_data(struct protoent_test_data *td) { struct protoent *pe; - + setprotoent(1); while ((pe = getprotoent()) != NULL) { if (protoent_test_correctness(pe, NULL) == 0) @@ -287,7 +287,7 @@ protoent_fill_test_data(struct protoent_test_data *td) return (-1); } endprotoent(); - + return (0); } @@ -298,39 +298,39 @@ protoent_test_correctness(struct protoent *pe, void *mdata) printf("testing correctness with the following data:\n"); dump_protoent(pe); } - + if (pe == NULL) goto errfin; - + if (pe->p_name == NULL) goto errfin; - + if (pe->p_proto < 0) goto errfin; - + if (pe->p_aliases == NULL) goto errfin; - + if (debug) printf("correct\n"); - - return (0); + + return (0); errfin: if (debug) printf("incorrect\n"); - + return (-1); } /* protoent_check_ambiguity() is needed when one port+proto is associated with * more than one peice (these cases are usually marked as PROBLEM in - * /etc/peices. This functions is needed also when one peice+proto is + * /etc/peices. This functions is needed also when one peice+proto is * associated with several ports. We have to check all the protoent structures * to make sure that pe really exists and correct */ static int protoent_check_ambiguity(struct protoent_test_data *td, struct protoent *pe) { - + return (TEST_DATA_FIND(protoent, td, pe, compare_protoent, NULL) != NULL ? 0 : -1); } @@ -340,7 +340,7 @@ protoent_test_getprotobyname(struct protoent *pe_model, void *mdata) { char **alias; struct protoent *pe; - + if (debug) { printf("testing getprotobyname() with the following data:\n"); dump_protoent(pe_model); @@ -349,32 +349,32 @@ protoent_test_getprotobyname(struct protoent *pe_model, void *mdata) pe = getprotobyname(pe_model->p_name); if (protoent_test_correctness(pe, NULL) != 0) goto errfin; - + if ((compare_protoent(pe, pe_model, NULL) != 0) && - (protoent_check_ambiguity((struct protoent_test_data *)mdata, pe) + (protoent_check_ambiguity((struct protoent_test_data *)mdata, pe) !=0)) goto errfin; - + for (alias = pe_model->p_aliases; *alias; ++alias) { pe = getprotobyname(*alias); - + if (protoent_test_correctness(pe, NULL) != 0) goto errfin; - + if ((compare_protoent(pe, pe_model, NULL) != 0) && (protoent_check_ambiguity( (struct protoent_test_data *)mdata, pe) != 0)) goto errfin; } - + if (debug) printf("ok\n"); return (0); - + errfin: if (debug) printf("not ok\n"); - + return (-1); } @@ -382,14 +382,14 @@ static int protoent_test_getprotobynumber(struct protoent *pe_model, void *mdata) { struct protoent *pe; - + if (debug) { printf("testing getprotobyport() with the following data...\n"); dump_protoent(pe_model); - } - + } + pe = getprotobynumber(pe_model->p_proto); - if ((protoent_test_correctness(pe, NULL) != 0) || + if ((protoent_test_correctness(pe, NULL) != 0) || ((compare_protoent(pe, pe_model, NULL) != 0) && (protoent_check_ambiguity((struct protoent_test_data *)mdata, pe) != 0))) { @@ -403,7 +403,7 @@ protoent_test_getprotobynumber(struct protoent *pe_model, void *mdata) } } -static int +static int protoent_test_getprotoent(struct protoent *pe, void *mdata) { /* Only correctness can be checked when doing 1-pass test for @@ -427,10 +427,10 @@ main(int argc, char **argv) char *snapshot_file; int rv; int c; - + if (argc < 2) usage(); - + snapshot_file = NULL; while ((c = getopt(argc, argv, "nve2ds:")) != -1) switch (c) { @@ -455,18 +455,18 @@ main(int argc, char **argv) default: usage(); } - + TEST_DATA_INIT(protoent, &td, clone_protoent, free_protoent); TEST_DATA_INIT(protoent, &td_snap, clone_protoent, free_protoent); if (snapshot_file != NULL) { - if (access(snapshot_file, W_OK | R_OK) != 0) { + if (access(snapshot_file, W_OK | R_OK) != 0) { if (errno == ENOENT) method = TEST_BUILD_SNAPSHOT; else { if (debug) printf("can't access the file %s\n", snapshot_file); - + rv = -1; goto fin; } @@ -475,12 +475,12 @@ main(int argc, char **argv) rv = 0; goto fin; } - + TEST_SNAPSHOT_FILE_READ(protoent, snapshot_file, &td_snap, protoent_read_snapshot_func); } } - + rv = protoent_fill_test_data(&td); if (rv == -1) return (-1); @@ -490,7 +490,7 @@ main(int argc, char **argv) rv = DO_1PASS_TEST(protoent, &td, protoent_test_getprotobyname, (void *)&td); else - rv = DO_1PASS_TEST(protoent, &td_snap, + rv = DO_1PASS_TEST(protoent, &td_snap, protoent_test_getprotobyname, (void *)&td_snap); break; case TEST_GETPROTOBYNUMBER: @@ -498,12 +498,12 @@ main(int argc, char **argv) rv = DO_1PASS_TEST(protoent, &td, protoent_test_getprotobynumber, (void *)&td); else - rv = DO_1PASS_TEST(protoent, &td_snap, + rv = DO_1PASS_TEST(protoent, &td_snap, protoent_test_getprotobynumber, (void *)&td_snap); break; case TEST_GETPROTOENT: if (snapshot_file == NULL) - rv = DO_1PASS_TEST(protoent, &td, + rv = DO_1PASS_TEST(protoent, &td, protoent_test_getprotoent, (void *)&td); else rv = DO_2PASS_TEST(protoent, &td, &td_snap, @@ -520,7 +520,7 @@ main(int argc, char **argv) break; case TEST_BUILD_SNAPSHOT: if (snapshot_file != NULL) - rv = TEST_SNAPSHOT_FILE_WRITE(protoent, snapshot_file, &td, + rv = TEST_SNAPSHOT_FILE_WRITE(protoent, snapshot_file, &td, sdump_protoent); break; default: @@ -531,6 +531,6 @@ main(int argc, char **argv) fin: TEST_DATA_DESTROY(protoent, &td_snap); TEST_DATA_DESTROY(protoent, &td); - free(snapshot_file); + free(snapshot_file); return (rv); } diff --git a/tools/regression/lib/libc/nss/test-getpw.c b/tools/regression/lib/libc/nss/test-getpw.c index bb88f6a..a0b348d 100644 --- a/tools/regression/lib/libc/nss/test-getpw.c +++ b/tools/regression/lib/libc/nss/test-getpw.c @@ -68,7 +68,7 @@ static int passwd_test_correctness(struct passwd *, void *); static int passwd_test_getpwnam(struct passwd *, void *); static int passwd_test_getpwuid(struct passwd *, void *); static int passwd_test_getpwent(struct passwd *, void *); - + static void usage(void) __attribute__((__noreturn__)); IMPLEMENT_TEST_DATA(passwd) @@ -76,12 +76,12 @@ IMPLEMENT_TEST_FILE_SNAPSHOT(passwd) IMPLEMENT_1PASS_TEST(passwd) IMPLEMENT_2PASS_TEST(passwd) -static void +static void clone_passwd(struct passwd *dest, struct passwd const *src) { assert(dest != NULL); assert(src != NULL); - + memcpy(dest, src, sizeof(struct passwd)); if (src->pw_name != NULL) dest->pw_name = strdup(src->pw_name); @@ -97,15 +97,15 @@ clone_passwd(struct passwd *dest, struct passwd const *src) dest->pw_shell = strdup(dest->pw_shell); } -static int +static int compare_passwd(struct passwd *pwd1, struct passwd *pwd2, void *mdata) { assert(pwd1 != NULL); assert(pwd2 != NULL); - + if (pwd1 == pwd2) return (0); - + if ((pwd1->pw_uid != pwd2->pw_uid) || (pwd1->pw_gid != pwd2->pw_gid) || (pwd1->pw_change != pwd2->pw_change) || @@ -116,14 +116,14 @@ compare_passwd(struct passwd *pwd1, struct passwd *pwd2, void *mdata) (strcmp(pwd1->pw_class, pwd2->pw_class) != 0) || (strcmp(pwd1->pw_gecos, pwd2->pw_gecos) != 0) || (strcmp(pwd1->pw_dir, pwd2->pw_dir) != 0) || - (strcmp(pwd1->pw_shell, pwd2->pw_shell) != 0) + (strcmp(pwd1->pw_shell, pwd2->pw_shell) != 0) ) return (-1); else return (0); } -static void +static void free_passwd(struct passwd *pwd) { free(pwd->pw_name); @@ -134,7 +134,7 @@ free_passwd(struct passwd *pwd) free(pwd->pw_shell); } -static void +static void sdump_passwd(struct passwd *pwd, char *buffer, size_t buflen) { snprintf(buffer, buflen, "%s:%s:%d:%d:%d:%s:%s:%s:%s:%d:%d", @@ -154,7 +154,7 @@ dump_passwd(struct passwd *pwd) printf("(null)\n"); } -static int +static int passwd_read_snapshot_func(struct passwd *pwd, char *line) { char *s, *ps, *ts; @@ -162,7 +162,7 @@ passwd_read_snapshot_func(struct passwd *pwd, char *line) if (debug) printf("1 line read from snapshot:\n%s\n", line); - + i = 0; ps = line; memset(pwd, 0, sizeof(struct passwd)); @@ -174,7 +174,7 @@ passwd_read_snapshot_func(struct passwd *pwd, char *line) break; case 1: pwd->pw_passwd = strdup(s); - assert(pwd->pw_passwd != NULL); + assert(pwd->pw_passwd != NULL); break; case 2: pwd->pw_uid = (uid_t)strtol(s, &ts, 10); @@ -218,7 +218,7 @@ passwd_read_snapshot_func(struct passwd *pwd, char *line) goto fin; break; default: - break; + break; }; ++i; } @@ -229,7 +229,7 @@ fin: memset(pwd, 0, sizeof(struct passwd)); return (-1); } - + return (0); } @@ -237,7 +237,7 @@ static int passwd_fill_test_data(struct passwd_test_data *td) { struct passwd *pwd; - + setpassent(1); while ((pwd = getpwent()) != NULL) { if (passwd_test_correctness(pwd, NULL) == 0) @@ -246,7 +246,7 @@ passwd_fill_test_data(struct passwd_test_data *td) return (-1); } endpwent(); - + return (0); } @@ -257,9 +257,9 @@ passwd_test_correctness(struct passwd *pwd, void *mdata) printf("testing correctness with the following data:\n"); dump_passwd(pwd); } - + if (pwd == NULL) - return (-1); + return (-1); if (pwd->pw_name == NULL) goto errfin; @@ -278,25 +278,25 @@ passwd_test_correctness(struct passwd *pwd, void *mdata) if (pwd->pw_shell == NULL) goto errfin; - + if (debug) printf("correct\n"); - - return (0); + + return (0); errfin: if (debug) printf("incorrect\n"); - + return (-1); } /* passwd_check_ambiguity() is needed here because when doing the getpwent() - * calls sequence, records from different nsswitch sources can be different, + * calls sequence, records from different nsswitch sources can be different, * though having the same pw_name/pw_uid */ static int passwd_check_ambiguity(struct passwd_test_data *td, struct passwd *pwd) { - + return (TEST_DATA_FIND(passwd, td, pwd, compare_passwd, NULL) != NULL ? 0 : -1); } @@ -305,7 +305,7 @@ static int passwd_test_getpwnam(struct passwd *pwd_model, void *mdata) { struct passwd *pwd; - + if (debug) { printf("testing getpwnam() with the following data:\n"); dump_passwd(pwd_model); @@ -314,20 +314,20 @@ passwd_test_getpwnam(struct passwd *pwd_model, void *mdata) pwd = getpwnam(pwd_model->pw_name); if (passwd_test_correctness(pwd, NULL) != 0) goto errfin; - + if ((compare_passwd(pwd, pwd_model, NULL) != 0) && - (passwd_check_ambiguity((struct passwd_test_data *)mdata, pwd) + (passwd_check_ambiguity((struct passwd_test_data *)mdata, pwd) !=0)) goto errfin; - + if (debug) printf("ok\n"); return (0); - + errfin: if (debug) printf("not ok\n"); - + return (-1); } @@ -335,14 +335,14 @@ static int passwd_test_getpwuid(struct passwd *pwd_model, void *mdata) { struct passwd *pwd; - + if (debug) { printf("testing getpwuid() with the following data...\n"); dump_passwd(pwd_model); - } - + } + pwd = getpwuid(pwd_model->pw_uid); - if ((passwd_test_correctness(pwd, NULL) != 0) || + if ((passwd_test_correctness(pwd, NULL) != 0) || ((compare_passwd(pwd, pwd_model, NULL) != 0) && (passwd_check_ambiguity((struct passwd_test_data *)mdata, pwd) != 0))) { @@ -356,7 +356,7 @@ passwd_test_getpwuid(struct passwd *pwd_model, void *mdata) } } -static int +static int passwd_test_getpwent(struct passwd *pwd, void *mdata) { /* Only correctness can be checked when doing 1-pass test for @@ -380,10 +380,10 @@ main(int argc, char **argv) char *snapshot_file; int rv; int c; - + if (argc < 2) usage(); - + snapshot_file = NULL; while ((c = getopt(argc, argv, "nue2ds:")) != -1) switch (c) { @@ -408,18 +408,18 @@ main(int argc, char **argv) default: usage(); } - + TEST_DATA_INIT(passwd, &td, clone_passwd, free_passwd); TEST_DATA_INIT(passwd, &td_snap, clone_passwd, free_passwd); if (snapshot_file != NULL) { - if (access(snapshot_file, W_OK | R_OK) != 0) { + if (access(snapshot_file, W_OK | R_OK) != 0) { if (errno == ENOENT) method = TEST_BUILD_SNAPSHOT; else { if (debug) printf("can't access the file %s\n", snapshot_file); - + rv = -1; goto fin; } @@ -428,23 +428,23 @@ main(int argc, char **argv) rv = 0; goto fin; } - + TEST_SNAPSHOT_FILE_READ(passwd, snapshot_file, &td_snap, passwd_read_snapshot_func); } } - + rv = passwd_fill_test_data(&td); if (rv == -1) return (-1); - + switch (method) { case TEST_GETPWNAM: if (snapshot_file == NULL) rv = DO_1PASS_TEST(passwd, &td, passwd_test_getpwnam, (void *)&td); else - rv = DO_1PASS_TEST(passwd, &td_snap, + rv = DO_1PASS_TEST(passwd, &td_snap, passwd_test_getpwnam, (void *)&td_snap); break; case TEST_GETPWUID: @@ -452,7 +452,7 @@ main(int argc, char **argv) rv = DO_1PASS_TEST(passwd, &td, passwd_test_getpwuid, (void *)&td); else - rv = DO_1PASS_TEST(passwd, &td_snap, + rv = DO_1PASS_TEST(passwd, &td_snap, passwd_test_getpwuid, (void *)&td_snap); break; case TEST_GETPWENT: @@ -465,7 +465,7 @@ main(int argc, char **argv) break; case TEST_GETPWENT_2PASS: TEST_DATA_INIT(passwd, &td_2pass, clone_passwd, free_passwd); - rv = passwd_fill_test_data(&td_2pass); + rv = passwd_fill_test_data(&td_2pass); if (rv != -1) rv = DO_2PASS_TEST(passwd, &td, &td_2pass, compare_passwd, NULL); @@ -473,7 +473,7 @@ main(int argc, char **argv) break; case TEST_BUILD_SNAPSHOT: if (snapshot_file != NULL) - rv = TEST_SNAPSHOT_FILE_WRITE(passwd, snapshot_file, &td, + rv = TEST_SNAPSHOT_FILE_WRITE(passwd, snapshot_file, &td, sdump_passwd); break; default: @@ -484,6 +484,6 @@ main(int argc, char **argv) fin: TEST_DATA_DESTROY(passwd, &td_snap); TEST_DATA_DESTROY(passwd, &td); - free(snapshot_file); + free(snapshot_file); return (rv); } diff --git a/tools/regression/lib/libc/nss/test-getrpc.c b/tools/regression/lib/libc/nss/test-getrpc.c index 4041e88..707186e 100644 --- a/tools/regression/lib/libc/nss/test-getrpc.c +++ b/tools/regression/lib/libc/nss/test-getrpc.c @@ -63,14 +63,14 @@ static void free_rpcent(struct rpcent *); static void sdump_rpcent(struct rpcent *, char *, size_t); static int rpcent_read_snapshot_func(struct rpcent *, char *); -static int rpcent_check_ambiguity(struct rpcent_test_data *, +static int rpcent_check_ambiguity(struct rpcent_test_data *, struct rpcent *); static int rpcent_fill_test_data(struct rpcent_test_data *); static int rpcent_test_correctness(struct rpcent *, void *); static int rpcent_test_getrpcbyname(struct rpcent *, void *); static int rpcent_test_getrpcbynumber(struct rpcent *, void *); static int rpcent_test_getrpcent(struct rpcent *, void *); - + static void usage(void) __attribute__((__noreturn__)); IMPLEMENT_TEST_DATA(rpcent) @@ -83,28 +83,28 @@ clone_rpcent(struct rpcent *dest, struct rpcent const *src) { assert(dest != NULL); assert(src != NULL); - + char **cp; int aliases_num; - + memset(dest, 0, sizeof(struct rpcent)); - + if (src->r_name != NULL) { dest->r_name = strdup(src->r_name); assert(dest->r_name != NULL); } - + dest->r_number = src->r_number; - + if (src->r_aliases != NULL) { aliases_num = 0; for (cp = src->r_aliases; *cp; ++cp) ++aliases_num; - + dest->r_aliases = (char **)malloc((aliases_num+1) * (sizeof(char *))); assert(dest->r_aliases != NULL); memset(dest->r_aliases, 0, (aliases_num+1) * (sizeof(char *))); - + for (cp = src->r_aliases; *cp; ++cp) { dest->r_aliases[cp - src->r_aliases] = strdup(*cp); assert(dest->r_aliases[cp - src->r_aliases] != NULL); @@ -112,50 +112,50 @@ clone_rpcent(struct rpcent *dest, struct rpcent const *src) } } -static void +static void free_rpcent(struct rpcent *rpc) { char **cp; - + assert(rpc != NULL); - + free(rpc->r_name); - + for (cp = rpc->r_aliases; *cp; ++cp) free(*cp); free(rpc->r_aliases); } -static int +static int compare_rpcent(struct rpcent *rpc1, struct rpcent *rpc2, void *mdata) { char **c1, **c2; - + if (rpc1 == rpc2) return 0; - + if ((rpc1 == NULL) || (rpc2 == NULL)) goto errfin; - + if ((strcmp(rpc1->r_name, rpc2->r_name) != 0) || (rpc1->r_number != rpc2->r_number)) goto errfin; - + c1 = rpc1->r_aliases; c2 = rpc2->r_aliases; - + if ((rpc1->r_aliases == NULL) || (rpc2->r_aliases == NULL)) goto errfin; - + for (;*c1 && *c2; ++c1, ++c2) if (strcmp(*c1, *c2) != 0) goto errfin; - + if ((*c1 != '\0') || (*c2 != '\0')) goto errfin; - + return 0; - + errfin: if ((debug) && (mdata == NULL)) { printf("following structures are not equal:\n"); @@ -171,14 +171,14 @@ sdump_rpcent(struct rpcent *rpc, char *buffer, size_t buflen) { char **cp; int written; - + written = snprintf(buffer, buflen, "%s %d", - rpc->r_name, rpc->r_number); + rpc->r_name, rpc->r_number); buffer += written; if (written > buflen) return; buflen -= written; - + if (rpc->r_aliases != NULL) { if (*(rpc->r_aliases) != '\0') { for (cp = rpc->r_aliases; *cp; ++cp) { @@ -187,9 +187,9 @@ sdump_rpcent(struct rpcent *rpc, char *buffer, size_t buflen) if (written > buflen) return; buflen -= written; - + if (buflen == 0) - return; + return; } } else snprintf(buffer, buflen, " noaliases"); @@ -206,7 +206,7 @@ rpcent_read_snapshot_func(struct rpcent *rpc, char *line) if (debug) printf("1 line read from snapshot:\n%s\n", line); - + i = 0; sl = NULL; ps = line; @@ -230,10 +230,10 @@ rpcent_read_snapshot_func(struct rpcent *rpc, char *line) if (sl == NULL) { if (strcmp(s, "(null)") == 0) return (0); - + sl = sl_init(); assert(sl != NULL); - + if (strcmp(s, "noaliases") != 0) { ts = strdup(s); assert(ts != NULL); @@ -244,7 +244,7 @@ rpcent_read_snapshot_func(struct rpcent *rpc, char *line) assert(ts != NULL); sl_add(sl, ts); } - break; + break; }; ++i; } @@ -254,16 +254,16 @@ rpcent_read_snapshot_func(struct rpcent *rpc, char *line) memset(rpc, 0, sizeof(struct rpcent)); return (-1); } - + sl_add(sl, NULL); rpc->r_aliases = sl->sl_str; /* NOTE: is it a dirty hack or not? */ - free(sl); + free(sl); return (0); } -static void +static void dump_rpcent(struct rpcent *result) { if (result != NULL) { @@ -278,7 +278,7 @@ static int rpcent_fill_test_data(struct rpcent_test_data *td) { struct rpcent *rpc; - + setrpcent(1); while ((rpc = getrpcent()) != NULL) { if (rpcent_test_correctness(rpc, NULL) == 0) @@ -287,7 +287,7 @@ rpcent_fill_test_data(struct rpcent_test_data *td) return (-1); } endrpcent(); - + return (0); } @@ -298,39 +298,39 @@ rpcent_test_correctness(struct rpcent *rpc, void *mdata) printf("testing correctness with the following data:\n"); dump_rpcent(rpc); } - + if (rpc == NULL) goto errfin; - + if (rpc->r_name == NULL) goto errfin; - + if (rpc->r_number < 0) goto errfin; - + if (rpc->r_aliases == NULL) goto errfin; - + if (debug) printf("correct\n"); - - return (0); + + return (0); errfin: if (debug) printf("incorrect\n"); - + return (-1); } /* rpcent_check_ambiguity() is needed when one port+rpc is associated with * more than one peice (these cases are usually marked as PROBLEM in - * /etc/peices. This functions is needed also when one peice+rpc is + * /etc/peices. This functions is needed also when one peice+rpc is * associated with several ports. We have to check all the rpcent structures * to make sure that rpc really exists and correct */ static int rpcent_check_ambiguity(struct rpcent_test_data *td, struct rpcent *rpc) { - + return (TEST_DATA_FIND(rpcent, td, rpc, compare_rpcent, NULL) != NULL ? 0 : -1); } @@ -340,7 +340,7 @@ rpcent_test_getrpcbyname(struct rpcent *rpc_model, void *mdata) { char **alias; struct rpcent *rpc; - + if (debug) { printf("testing getrpcbyname() with the following data:\n"); dump_rpcent(rpc_model); @@ -349,32 +349,32 @@ rpcent_test_getrpcbyname(struct rpcent *rpc_model, void *mdata) rpc = getrpcbyname(rpc_model->r_name); if (rpcent_test_correctness(rpc, NULL) != 0) goto errfin; - + if ((compare_rpcent(rpc, rpc_model, NULL) != 0) && - (rpcent_check_ambiguity((struct rpcent_test_data *)mdata, rpc) + (rpcent_check_ambiguity((struct rpcent_test_data *)mdata, rpc) !=0)) goto errfin; - + for (alias = rpc_model->r_aliases; *alias; ++alias) { rpc = getrpcbyname(*alias); - + if (rpcent_test_correctness(rpc, NULL) != 0) goto errfin; - + if ((compare_rpcent(rpc, rpc_model, NULL) != 0) && (rpcent_check_ambiguity( (struct rpcent_test_data *)mdata, rpc) != 0)) goto errfin; } - + if (debug) printf("ok\n"); return (0); - + errfin: if (debug) printf("not ok\n"); - + return (-1); } @@ -382,14 +382,14 @@ static int rpcent_test_getrpcbynumber(struct rpcent *rpc_model, void *mdata) { struct rpcent *rpc; - + if (debug) { printf("testing getrpcbyport() with the following data...\n"); dump_rpcent(rpc_model); - } - + } + rpc = getrpcbynumber(rpc_model->r_number); - if ((rpcent_test_correctness(rpc, NULL) != 0) || + if ((rpcent_test_correctness(rpc, NULL) != 0) || ((compare_rpcent(rpc, rpc_model, NULL) != 0) && (rpcent_check_ambiguity((struct rpcent_test_data *)mdata, rpc) != 0))) { @@ -403,7 +403,7 @@ rpcent_test_getrpcbynumber(struct rpcent *rpc_model, void *mdata) } } -static int +static int rpcent_test_getrpcent(struct rpcent *rpc, void *mdata) { /* Only correctness can be checked when doing 1-pass test for @@ -427,10 +427,10 @@ main(int argc, char **argv) char *snapshot_file; int rv; int c; - + if (argc < 2) usage(); - + snapshot_file = NULL; while ((c = getopt(argc, argv, "nve2ds:")) != -1) switch (c) { @@ -455,18 +455,18 @@ main(int argc, char **argv) default: usage(); } - + TEST_DATA_INIT(rpcent, &td, clone_rpcent, free_rpcent); TEST_DATA_INIT(rpcent, &td_snap, clone_rpcent, free_rpcent); if (snapshot_file != NULL) { - if (access(snapshot_file, W_OK | R_OK) != 0) { + if (access(snapshot_file, W_OK | R_OK) != 0) { if (errno == ENOENT) method = TEST_BUILD_SNAPSHOT; else { if (debug) printf("can't access the file %s\n", snapshot_file); - + rv = -1; goto fin; } @@ -475,12 +475,12 @@ main(int argc, char **argv) rv = 0; goto fin; } - + TEST_SNAPSHOT_FILE_READ(rpcent, snapshot_file, &td_snap, rpcent_read_snapshot_func); } } - + rv = rpcent_fill_test_data(&td); if (rv == -1) return (-1); @@ -490,7 +490,7 @@ main(int argc, char **argv) rv = DO_1PASS_TEST(rpcent, &td, rpcent_test_getrpcbyname, (void *)&td); else - rv = DO_1PASS_TEST(rpcent, &td_snap, + rv = DO_1PASS_TEST(rpcent, &td_snap, rpcent_test_getrpcbyname, (void *)&td_snap); break; case TEST_GETRPCBYNUMBER: @@ -498,7 +498,7 @@ main(int argc, char **argv) rv = DO_1PASS_TEST(rpcent, &td, rpcent_test_getrpcbynumber, (void *)&td); else - rv = DO_1PASS_TEST(rpcent, &td_snap, + rv = DO_1PASS_TEST(rpcent, &td_snap, rpcent_test_getrpcbynumber, (void *)&td_snap); break; case TEST_GETRPCENT: @@ -511,7 +511,7 @@ main(int argc, char **argv) break; case TEST_GETRPCENT_2PASS: TEST_DATA_INIT(rpcent, &td_2pass, clone_rpcent, free_rpcent); - rv = rpcent_fill_test_data(&td_2pass); + rv = rpcent_fill_test_data(&td_2pass); if (rv != -1) rv = DO_2PASS_TEST(rpcent, &td, &td_2pass, compare_rpcent, NULL); @@ -519,7 +519,7 @@ main(int argc, char **argv) break; case TEST_BUILD_SNAPSHOT: if (snapshot_file != NULL) - rv = TEST_SNAPSHOT_FILE_WRITE(rpcent, snapshot_file, &td, + rv = TEST_SNAPSHOT_FILE_WRITE(rpcent, snapshot_file, &td, sdump_rpcent); break; default: @@ -530,6 +530,6 @@ main(int argc, char **argv) fin: TEST_DATA_DESTROY(rpcent, &td_snap); TEST_DATA_DESTROY(rpcent, &td); - free(snapshot_file); + free(snapshot_file); return (rv); } diff --git a/tools/regression/lib/libc/nss/test-getserv.c b/tools/regression/lib/libc/nss/test-getserv.c index 79d42f0..31e4700 100644 --- a/tools/regression/lib/libc/nss/test-getserv.c +++ b/tools/regression/lib/libc/nss/test-getserv.c @@ -63,14 +63,14 @@ static void free_servent(struct servent *); static void sdump_servent(struct servent *, char *, size_t); static int servent_read_snapshot_func(struct servent *, char *); -static int servent_check_ambiguity(struct servent_test_data *, +static int servent_check_ambiguity(struct servent_test_data *, struct servent *); static int servent_fill_test_data(struct servent_test_data *); static int servent_test_correctness(struct servent *, void *); static int servent_test_getservbyname(struct servent *, void *); static int servent_test_getservbyport(struct servent *, void *); static int servent_test_getservent(struct servent *, void *); - + static void usage(void) __attribute__((__noreturn__)); IMPLEMENT_TEST_DATA(servent) @@ -83,32 +83,32 @@ clone_servent(struct servent *dest, struct servent const *src) { assert(dest != NULL); assert(src != NULL); - + char **cp; int aliases_num; - + memset(dest, 0, sizeof(struct servent)); - + if (src->s_name != NULL) { dest->s_name = strdup(src->s_name); assert(dest->s_name != NULL); } - + if (src->s_proto != NULL) { dest->s_proto = strdup(src->s_proto); assert(dest->s_proto != NULL); } dest->s_port = src->s_port; - + if (src->s_aliases != NULL) { aliases_num = 0; for (cp = src->s_aliases; *cp; ++cp) ++aliases_num; - + dest->s_aliases = (char **)malloc((aliases_num+1) * (sizeof(char *))); assert(dest->s_aliases != NULL); memset(dest->s_aliases, 0, (aliases_num+1) * (sizeof(char *))); - + for (cp = src->s_aliases; *cp; ++cp) { dest->s_aliases[cp - src->s_aliases] = strdup(*cp); assert(dest->s_aliases[cp - src->s_aliases] != NULL); @@ -116,52 +116,52 @@ clone_servent(struct servent *dest, struct servent const *src) } } -static void +static void free_servent(struct servent *serv) { char **cp; - + assert(serv != NULL); - + free(serv->s_name); free(serv->s_proto); - + for (cp = serv->s_aliases; *cp; ++cp) free(*cp); free(serv->s_aliases); } -static int +static int compare_servent(struct servent *serv1, struct servent *serv2, void *mdata) { char **c1, **c2; - + if (serv1 == serv2) return 0; - + if ((serv1 == NULL) || (serv2 == NULL)) goto errfin; - + if ((strcmp(serv1->s_name, serv2->s_name) != 0) || (strcmp(serv1->s_proto, serv2->s_proto) != 0) || (serv1->s_port != serv2->s_port)) goto errfin; - + c1 = serv1->s_aliases; c2 = serv2->s_aliases; - + if ((serv1->s_aliases == NULL) || (serv2->s_aliases == NULL)) goto errfin; - + for (;*c1 && *c2; ++c1, ++c2) if (strcmp(*c1, *c2) != 0) goto errfin; - + if ((*c1 != '\0') || (*c2 != '\0')) goto errfin; - + return 0; - + errfin: if ((debug) && (mdata == NULL)) { printf("following structures are not equal:\n"); @@ -177,14 +177,14 @@ sdump_servent(struct servent *serv, char *buffer, size_t buflen) { char **cp; int written; - + written = snprintf(buffer, buflen, "%s %d %s", - serv->s_name, ntohs(serv->s_port), serv->s_proto); + serv->s_name, ntohs(serv->s_port), serv->s_proto); buffer += written; if (written > buflen) return; buflen -= written; - + if (serv->s_aliases != NULL) { if (*(serv->s_aliases) != '\0') { for (cp = serv->s_aliases; *cp; ++cp) { @@ -193,9 +193,9 @@ sdump_servent(struct servent *serv, char *buffer, size_t buflen) if (written > buflen) return; buflen -= written; - + if (buflen == 0) - return; + return; } } else snprintf(buffer, buflen, " noaliases"); @@ -212,7 +212,7 @@ servent_read_snapshot_func(struct servent *serv, char *line) if (debug) printf("1 line read from snapshot:\n%s\n", line); - + i = 0; sl = NULL; ps = line; @@ -242,10 +242,10 @@ servent_read_snapshot_func(struct servent *serv, char *line) if (sl == NULL) { if (strcmp(s, "(null)") == 0) return (0); - + sl = sl_init(); assert(sl != NULL); - + if (strcmp(s, "noaliases") != 0) { ts = strdup(s); assert(ts != NULL); @@ -256,7 +256,7 @@ servent_read_snapshot_func(struct servent *serv, char *line) assert(ts != NULL); sl_add(sl, ts); } - break; + break; }; ++i; } @@ -267,16 +267,16 @@ servent_read_snapshot_func(struct servent *serv, char *line) memset(serv, 0, sizeof(struct servent)); return (-1); } - + sl_add(sl, NULL); serv->s_aliases = sl->sl_str; /* NOTE: is it a dirty hack or not? */ - free(sl); + free(sl); return (0); } -static void +static void dump_servent(struct servent *result) { if (result != NULL) { @@ -291,7 +291,7 @@ static int servent_fill_test_data(struct servent_test_data *td) { struct servent *serv; - + setservent(1); while ((serv = getservent()) != NULL) { if (servent_test_correctness(serv, NULL) == 0) @@ -300,7 +300,7 @@ servent_fill_test_data(struct servent_test_data *td) return (-1); } endservent(); - + return (0); } @@ -311,42 +311,42 @@ servent_test_correctness(struct servent *serv, void *mdata) printf("testing correctness with the following data:\n"); dump_servent(serv); } - + if (serv == NULL) goto errfin; - + if (serv->s_name == NULL) goto errfin; - + if (serv->s_proto == NULL) goto errfin; - + if (ntohs(serv->s_port < 0)) goto errfin; - + if (serv->s_aliases == NULL) goto errfin; - + if (debug) printf("correct\n"); - - return (0); + + return (0); errfin: if (debug) printf("incorrect\n"); - + return (-1); } /* servent_check_ambiguity() is needed when one port+proto is associated with * more than one service (these cases are usually marked as PROBLEM in - * /etc/services. This functions is needed also when one service+proto is + * /etc/services. This functions is needed also when one service+proto is * associated with several ports. We have to check all the servent structures * to make sure that serv really exists and correct */ static int servent_check_ambiguity(struct servent_test_data *td, struct servent *serv) { - + return (TEST_DATA_FIND(servent, td, serv, compare_servent, NULL) != NULL ? 0 : -1); } @@ -356,7 +356,7 @@ servent_test_getservbyname(struct servent *serv_model, void *mdata) { char **alias; struct servent *serv; - + if (debug) { printf("testing getservbyname() with the following data:\n"); dump_servent(serv_model); @@ -365,32 +365,32 @@ servent_test_getservbyname(struct servent *serv_model, void *mdata) serv = getservbyname(serv_model->s_name, serv_model->s_proto); if (servent_test_correctness(serv, NULL) != 0) goto errfin; - + if ((compare_servent(serv, serv_model, NULL) != 0) && - (servent_check_ambiguity((struct servent_test_data *)mdata, serv) + (servent_check_ambiguity((struct servent_test_data *)mdata, serv) !=0)) goto errfin; - + for (alias = serv_model->s_aliases; *alias; ++alias) { serv = getservbyname(*alias, serv_model->s_proto); - + if (servent_test_correctness(serv, NULL) != 0) goto errfin; - + if ((compare_servent(serv, serv_model, NULL) != 0) && (servent_check_ambiguity( (struct servent_test_data *)mdata, serv) != 0)) goto errfin; } - + if (debug) printf("ok\n"); return (0); - + errfin: if (debug) printf("not ok\n"); - + return (-1); } @@ -398,14 +398,14 @@ static int servent_test_getservbyport(struct servent *serv_model, void *mdata) { struct servent *serv; - + if (debug) { printf("testing getservbyport() with the following data...\n"); dump_servent(serv_model); - } - + } + serv = getservbyport(serv_model->s_port, serv_model->s_proto); - if ((servent_test_correctness(serv, NULL) != 0) || + if ((servent_test_correctness(serv, NULL) != 0) || ((compare_servent(serv, serv_model, NULL) != 0) && (servent_check_ambiguity((struct servent_test_data *)mdata, serv) != 0))) { @@ -419,7 +419,7 @@ servent_test_getservbyport(struct servent *serv_model, void *mdata) } } -static int +static int servent_test_getservent(struct servent *serv, void *mdata) { /* Only correctness can be checked when doing 1-pass test for @@ -443,10 +443,10 @@ main(int argc, char **argv) char *snapshot_file; int rv; int c; - + if (argc < 2) usage(); - + snapshot_file = NULL; while ((c = getopt(argc, argv, "npe2ds:")) != -1) switch (c) { @@ -471,18 +471,18 @@ main(int argc, char **argv) default: usage(); } - + TEST_DATA_INIT(servent, &td, clone_servent, free_servent); TEST_DATA_INIT(servent, &td_snap, clone_servent, free_servent); if (snapshot_file != NULL) { - if (access(snapshot_file, W_OK | R_OK) != 0) { + if (access(snapshot_file, W_OK | R_OK) != 0) { if (errno == ENOENT) method = TEST_BUILD_SNAPSHOT; else { if (debug) printf("can't access the file %s\n", snapshot_file); - + rv = -1; goto fin; } @@ -491,12 +491,12 @@ main(int argc, char **argv) rv = 0; goto fin; } - + TEST_SNAPSHOT_FILE_READ(servent, snapshot_file, &td_snap, servent_read_snapshot_func); } } - + rv = servent_fill_test_data(&td); if (rv == -1) return (-1); @@ -506,7 +506,7 @@ main(int argc, char **argv) rv = DO_1PASS_TEST(servent, &td, servent_test_getservbyname, (void *)&td); else - rv = DO_1PASS_TEST(servent, &td_snap, + rv = DO_1PASS_TEST(servent, &td_snap, servent_test_getservbyname, (void *)&td_snap); break; case TEST_GETSERVBYPORT: @@ -514,7 +514,7 @@ main(int argc, char **argv) rv = DO_1PASS_TEST(servent, &td, servent_test_getservbyport, (void *)&td); else - rv = DO_1PASS_TEST(servent, &td_snap, + rv = DO_1PASS_TEST(servent, &td_snap, servent_test_getservbyport, (void *)&td_snap); break; case TEST_GETSERVENT: @@ -527,7 +527,7 @@ main(int argc, char **argv) break; case TEST_GETSERVENT_2PASS: TEST_DATA_INIT(servent, &td_2pass, clone_servent, free_servent); - rv = servent_fill_test_data(&td_2pass); + rv = servent_fill_test_data(&td_2pass); if (rv != -1) rv = DO_2PASS_TEST(servent, &td, &td_2pass, compare_servent, NULL); @@ -535,7 +535,7 @@ main(int argc, char **argv) break; case TEST_BUILD_SNAPSHOT: if (snapshot_file != NULL) - rv = TEST_SNAPSHOT_FILE_WRITE(servent, snapshot_file, &td, + rv = TEST_SNAPSHOT_FILE_WRITE(servent, snapshot_file, &td, sdump_servent); break; default: @@ -546,6 +546,6 @@ main(int argc, char **argv) fin: TEST_DATA_DESTROY(servent, &td_snap); TEST_DATA_DESTROY(servent, &td); - free(snapshot_file); + free(snapshot_file); return (rv); } diff --git a/tools/regression/lib/libc/nss/test-getusershell.c b/tools/regression/lib/libc/nss/test-getusershell.c index 8682591..b7b835f 100644 --- a/tools/regression/lib/libc/nss/test-getusershell.c +++ b/tools/regression/lib/libc/nss/test-getusershell.c @@ -67,29 +67,29 @@ IMPLEMENT_TEST_DATA(usershell) IMPLEMENT_TEST_FILE_SNAPSHOT(usershell) IMPLEMENT_2PASS_TEST(usershell) -static void +static void clone_usershell(struct usershell *dest, struct usershell const *src) { assert(dest != NULL); assert(src != NULL); - + if (src->path != NULL) { dest->path = strdup(src->path); assert(dest->path != NULL); } } -static int +static int compare_usershell(struct usershell *us1, struct usershell *us2, void *mdata) { int rv; - + assert(us1 != NULL); assert(us2 != NULL); - + dump_usershell(us1); dump_usershell(us2); - + if (us1 == us2) return (0); @@ -99,17 +99,17 @@ compare_usershell(struct usershell *us1, struct usershell *us2, void *mdata) dump_usershell(us1); dump_usershell(us2); } - + return (rv); } -static void +static void free_usershell(struct usershell *us) { free(us->path); } -static void +static void sdump_usershell(struct usershell *us, char *buffer, size_t buflen) { snprintf(buffer, buflen, "%s", us->path); @@ -126,12 +126,12 @@ dump_usershell(struct usershell *us) printf("(null)\n"); } -static int +static int usershell_read_snapshot_func(struct usershell *us, char *line) { us->path = strdup(line); assert(us->path != NULL); - + return (0); } @@ -152,7 +152,7 @@ main(int argc, char **argv) char *snapshot_file; int rv; int c; - + if (argc < 2) usage(); @@ -170,10 +170,10 @@ main(int argc, char **argv) usage(); } } - + TEST_DATA_INIT(usershell, &td, clone_usershell, free_usershell); TEST_DATA_INIT(usershell, &td_snap, clone_usershell, free_usershell); - + setusershell(); while ((ushell.path = getusershell()) != NULL) { if (debug) { @@ -183,17 +183,17 @@ main(int argc, char **argv) TEST_DATA_APPEND(usershell, &td, &ushell); } endusershell(); - - + + if (snapshot_file != NULL) { - if (access(snapshot_file, W_OK | R_OK) != 0) { + if (access(snapshot_file, W_OK | R_OK) != 0) { if (errno == ENOENT) method = TEST_BUILD_SNAPSHOT; else { if (debug) printf("can't access the snapshot file %s\n", snapshot_file); - + rv = -1; goto fin; } @@ -207,7 +207,7 @@ main(int argc, char **argv) } } } - + switch (method) { case TEST_GETUSERSHELL: if (snapshot_file != NULL) { @@ -217,7 +217,7 @@ main(int argc, char **argv) break; case TEST_BUILD_SNAPSHOT: if (snapshot_file != NULL) { - rv = TEST_SNAPSHOT_FILE_WRITE(usershell, snapshot_file, &td, + rv = TEST_SNAPSHOT_FILE_WRITE(usershell, snapshot_file, &td, sdump_usershell); } break; diff --git a/tools/regression/lib/libc/nss/testutil.h b/tools/regression/lib/libc/nss/testutil.h index acd69ac..711c49f 100644 --- a/tools/regression/lib/libc/nss/testutil.h +++ b/tools/regression/lib/libc/nss/testutil.h @@ -53,8 +53,8 @@ int __##ent##_test_data_compare(struct ent##_test_data *, \ void *), void *); \ struct ent *__##ent##_test_data_find(struct ent##_test_data *, struct ent *,\ int (*)(struct ent *, struct ent *, void *), void *); \ -void __##ent##_test_data_clear(struct ent##_test_data *); - +void __##ent##_test_data_clear(struct ent##_test_data *); + #define TEST_DATA_INIT(ent, td, clonef, freef)\ __##ent##_test_data_init(td, clonef, freef) #define TEST_DATA_DESTROY(ent, td) __##ent##_test_data_destroy(td) @@ -191,9 +191,8 @@ __##ent##_test_data_clear(struct ent##_test_data *td) \ td->free_func(&e->data); \ free(e); \ } \ -} +} - \ #define DECLARE_TEST_FILE_SNAPSHOT(ent) \ struct ent##_snp_param { \ FILE *fp; \ @@ -204,8 +203,8 @@ int __##ent##_snapshot_write_func(struct ent *, void *); \ int __##ent##_snapshot_write(char const *, struct ent##_test_data *, \ void (*)(struct ent *, char *, size_t)); \ int __##ent##_snapshot_read(char const *, struct ent##_test_data *, \ - int (*)(struct ent *, char *)); - + int (*)(struct ent *, char *)); + #define TEST_SNAPSHOT_FILE_WRITE(ent, fname, td, f) \ __##ent##_snapshot_write(fname, td, f) #define TEST_SNAPSHOT_FILE_READ(ent, fname, td, f) \ @@ -294,8 +293,8 @@ fin: \ #define DECLARE_1PASS_TEST(ent) \ int __##ent##_1pass_test(struct ent##_test_data *, \ int (*)(struct ent *, void *), \ - void *); - + void *); + #define DO_1PASS_TEST(ent, td, f, mdata) \ __##ent##_1pass_test(td, f, mdata) @@ -318,7 +317,7 @@ int __##ent##_2pass_test(struct ent##_test_data *, \ #define DO_2PASS_TEST(ent, td1, td2, f, mdata) \ __##ent##_2pass_test(td1, td2, f, mdata) - + #define IMPLEMENT_2PASS_TEST(ent) \ int \ __##ent##_2pass_test(struct ent##_test_data *td1, \ diff --git a/tools/regression/lib/libc/resolv/mach b/tools/regression/lib/libc/resolv/mach index f3c3981..ab7ce24 100644 --- a/tools/regression/lib/libc/resolv/mach +++ b/tools/regression/lib/libc/resolv/mach @@ -1,3 +1,5 @@ +# $FreeBSD$ +localhost above.warped.net anoncvs.cirr.com anoncvs.isc.netbsd.org @@ -9,7 +11,6 @@ antioche.antioche.eu.org boulder.tele.dk centaurus.4web.cz chur.math.ntnu.no -cnftp.bjpu.edu.cn console.netbsd.org cvs.fi.netbsd.org cvs.mikrolahti.fi diff --git a/tools/regression/lib/libc/resolv/resolv.c b/tools/regression/lib/libc/resolv/resolv.c index d481ecf..2ec3eeb 100644 --- a/tools/regression/lib/libc/resolv/resolv.c +++ b/tools/regression/lib/libc/resolv/resolv.c @@ -90,8 +90,11 @@ load(const char *fname) char c = line[len]; char *ptr; line[len] = '\0'; - for (ptr = strtok(line, WS); ptr; ptr = strtok(NULL, WS)) + for (ptr = strtok(line, WS); ptr; ptr = strtok(NULL, WS)) { + if (ptr == '\0' || ptr[0] == '#') + continue; sl_add(hosts, strdup(ptr)); + } line[len] = c; } diff --git a/tools/regression/lib/libc/stdio/Makefile b/tools/regression/lib/libc/stdio/Makefile deleted file mode 100644 index 688ea2a..0000000 --- a/tools/regression/lib/libc/stdio/Makefile +++ /dev/null @@ -1,24 +0,0 @@ -# $FreeBSD$ - -TESTS= test-fdopen \ - test-fopen \ - test-freopen \ - test-getdelim \ - test-mkostemp \ - test-open_memstream \ - test-open_wmemstream \ - test-perror \ - test-print-positional \ - test-printbasic \ - test-printfloat \ - test-scanfloat - -CFLAGS+= -lm - -.PHONY: tests -tests: ${TESTS} - for p in ${TESTS}; do ${.OBJDIR}/$$p; done - -.PHONY: clean -clean: - -rm -f ${TESTS} diff --git a/tools/regression/lib/libc/stdio/test-fdopen.c b/tools/regression/lib/libc/stdio/test-fdopen.c deleted file mode 100644 index 33b33c5..0000000 --- a/tools/regression/lib/libc/stdio/test-fdopen.c +++ /dev/null @@ -1,105 +0,0 @@ -/*- - * Copyright (c) 2014 Jilles Tjoelker - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include <sys/cdefs.h> -__FBSDID("$FreeBSD$"); - -#include <fcntl.h> -#include <stdbool.h> -#include <stdio.h> -#include <string.h> -#include <unistd.h> - -static int testnum = 1; - -static void -runtest(const char *fname, int intmode, const char *strmode, bool success) -{ - FILE *fp; - int fd; - - fd = open(fname, intmode); - if (fd == -1) { - printf("not ok %d - open(\"%s\", %#x) failed\n", - testnum++, fname, intmode); - return; - } - fp = fdopen(fd, strmode); - if (fp == NULL) { - close(fd); - if (success) - printf("not ok %d - " - "fdopen(open(\"%s\", %#x), \"%s\") failed\n", - testnum++, fname, intmode, strmode); - else - printf("ok %d - " - "fdopen(open(\"%s\", %#x), \"%s\") failed\n", - testnum++, fname, intmode, strmode); - return; - } - if (success) - printf("ok %d - " - "fdopen(open(\"%s\", %#x), \"%s\") succeeded\n", - testnum++, fname, intmode, strmode); - else - printf("not ok %d - " - "fdopen(open(\"%s\", %#x), \"%s\") succeeded\n", - testnum++, fname, intmode, strmode); - fclose(fp); -} - -/* - * Test program for fdopen(). - */ -int -main(int argc, char *argv[]) -{ - printf("1..19\n"); - runtest("/dev/null", O_RDONLY, "r", true); - runtest("/dev/null", O_WRONLY, "r", false); - runtest("/dev/null", O_RDWR, "r", true); - runtest("/dev/null", O_RDONLY, "w", false); - runtest("/dev/null", O_WRONLY, "w", true); - runtest("/dev/null", O_RDWR, "w", true); - runtest("/dev/null", O_RDONLY, "a", false); - runtest("/dev/null", O_WRONLY, "a", true); - runtest("/dev/null", O_RDWR, "a", true); - runtest("/dev/null", O_RDONLY, "r+", false); - runtest("/dev/null", O_WRONLY, "r+", false); - runtest("/dev/null", O_RDWR, "r+", true); - runtest("/dev/null", O_RDONLY, "w+", false); - runtest("/dev/null", O_WRONLY, "w+", false); - runtest("/dev/null", O_RDWR, "w+", true); - runtest("/bin/sh", O_EXEC, "r", false); - runtest("/bin/sh", O_EXEC, "w", false); - runtest("/bin/sh", O_EXEC, "r+", false); - runtest("/bin/sh", O_EXEC, "w+", false); - - return 0; -} - -/* vim:ts=8:cin:sw=8 - * */ diff --git a/tools/regression/lib/libc/stdio/test-fdopen.t b/tools/regression/lib/libc/stdio/test-fdopen.t deleted file mode 100644 index 8bdfd03..0000000 --- a/tools/regression/lib/libc/stdio/test-fdopen.t +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/sh -# $FreeBSD$ - -cd `dirname $0` - -executable=`basename $0 .t` - -make $executable 2>&1 > /dev/null - -exec ./$executable diff --git a/tools/regression/lib/libc/stdio/test-fopen.c b/tools/regression/lib/libc/stdio/test-fopen.c deleted file mode 100644 index 8605717..0000000 --- a/tools/regression/lib/libc/stdio/test-fopen.c +++ /dev/null @@ -1,113 +0,0 @@ -/*- - * Copyright (c) 2013 Jilles Tjoelker - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include <sys/cdefs.h> -__FBSDID("$FreeBSD$"); - -#include <fcntl.h> -#include <stdio.h> -#include <string.h> - -/* - * O_ACCMODE is currently defined incorrectly. This is what it should be. - * Various code depends on the incorrect value. - */ -#define CORRECT_O_ACCMODE (O_ACCMODE | O_EXEC) - -static int testnum = 1; - -static void -runtest(const char *fname, const char *mode) -{ - FILE *fp; - int fd, flags, wantedflags; - - fp = fopen(fname, mode); - if (fp == NULL) { - printf("not ok %d - fopen(\"%s\", \"%s\") failed\n", - testnum++, fname, mode); - printf("not ok %d - FD_CLOEXEC # SKIP\n", - testnum++); - return; - } - fd = fileno(fp); - if (fd < 0) - printf("not ok %d - fileno() failed\n", testnum++); - else - printf("ok %d - fopen(\"%s\", \"%s\") and fileno() succeeded\n", - testnum++, fname, mode); - if (fcntl(fd, F_GETFD) == (strchr(mode, 'e') != NULL ? FD_CLOEXEC : 0)) - printf("ok %d - FD_CLOEXEC flag correct\n", testnum++); - else - printf("not ok %d - FD_CLOEXEC flag incorrect\n", testnum++); - flags = fcntl(fd, F_GETFL); - if (strchr(mode, '+')) - wantedflags = O_RDWR | (*mode == 'a' ? O_APPEND : 0); - else if (*mode == 'r') - wantedflags = O_RDONLY; - else if (*mode == 'w') - wantedflags = O_WRONLY; - else if (*mode == 'a') - wantedflags = O_WRONLY | O_APPEND; - else - wantedflags = -1; - if (wantedflags == -1) - printf("not ok %d - unrecognized mode\n", testnum++); - else if ((flags & (CORRECT_O_ACCMODE | O_APPEND)) == wantedflags) - printf("ok %d - correct access mode\n", testnum++); - else - printf("not ok %d - incorrect access mode\n", testnum++); - fclose(fp); -} - -/* - * Test program for fopen(). - */ -int -main(int argc, char *argv[]) -{ - printf("1..45\n"); - runtest("/dev/null", "r"); - runtest("/dev/null", "r+"); - runtest("/dev/null", "w"); - runtest("/dev/null", "w+"); - runtest("/dev/null", "a"); - runtest("/dev/null", "a+"); - runtest("/dev/null", "re"); - runtest("/dev/null", "r+e"); - runtest("/dev/null", "we"); - runtest("/dev/null", "w+e"); - runtest("/dev/null", "ae"); - runtest("/dev/null", "a+e"); - runtest("/dev/null", "re+"); - runtest("/dev/null", "we+"); - runtest("/dev/null", "ae+"); - - return 0; -} - -/* vim:ts=8:cin:sw=8 - * */ diff --git a/tools/regression/lib/libc/stdio/test-fopen.t b/tools/regression/lib/libc/stdio/test-fopen.t deleted file mode 100644 index 8bdfd03..0000000 --- a/tools/regression/lib/libc/stdio/test-fopen.t +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/sh -# $FreeBSD$ - -cd `dirname $0` - -executable=`basename $0 .t` - -make $executable 2>&1 > /dev/null - -exec ./$executable diff --git a/tools/regression/lib/libc/stdio/test-freopen.c b/tools/regression/lib/libc/stdio/test-freopen.c deleted file mode 100644 index 37f3598..0000000 --- a/tools/regression/lib/libc/stdio/test-freopen.c +++ /dev/null @@ -1,109 +0,0 @@ -/*- - * Copyright (c) 2014 Jilles Tjoelker - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include <sys/cdefs.h> -__FBSDID("$FreeBSD$"); - -#include <stdbool.h> -#include <stdio.h> -#include <string.h> - -static int testnum = 1; - -static void -runtest(const char *fname1, const char *mode1, const char *fname2, - const char *mode2, bool success) -{ - FILE *fp1, *fp2; - const char *fname2_print; - - fname2_print = fname2 != NULL ? fname2 : "<NULL>"; - fp1 = fopen(fname1, mode1); - if (fp1 == NULL) { - printf("not ok %d - fopen(\"%s\", \"%s\") failed\n", - testnum++, fname1, mode1); - return; - } - fp2 = freopen(fname2, mode2, fp1); - if (fp2 == NULL) { - fclose(fp1); - if (success) - printf("not ok %d - " - "freopen(\"%s\", \"%s\", fopen(\"%s\", \"%s\")) " - "failed\n", - testnum++, fname2_print, mode2, fname1, mode1); - else - printf("ok %d - " - "freopen(\"%s\", \"%s\", fopen(\"%s\", \"%s\")) " - "failed\n", - testnum++, fname2_print, mode2, fname1, mode1); - return; - } - if (success) - printf("ok %d - " - "freopen(\"%s\", \"%s\", fopen(\"%s\", \"%s\")) " - "succeeded\n", - testnum++, fname2_print, mode2, fname1, mode1); - else - printf("not ok %d - " - "freopen(\"%s\", \"%s\", fopen(\"%s\", \"%s\")) " - "succeeded\n", - testnum++, fname2_print, mode2, fname1, mode1); - fclose(fp2); -} - -/* - * Test program for freopen(). - */ -int -main(int argc, char *argv[]) -{ - printf("1..19\n"); - runtest("/dev/null", "r", NULL, "r", true); - runtest("/dev/null", "w", NULL, "r", false); - runtest("/dev/null", "r+", NULL, "r", true); - runtest("/dev/null", "r", NULL, "w", false); - runtest("/dev/null", "w", NULL, "w", true); - runtest("/dev/null", "r+", NULL, "w", true); - runtest("/dev/null", "r", NULL, "a", false); - runtest("/dev/null", "w", NULL, "a", true); - runtest("/dev/null", "r+", NULL, "a", true); - runtest("/dev/null", "r", NULL, "r+", false); - runtest("/dev/null", "w", NULL, "r+", false); - runtest("/dev/null", "r+", NULL, "r+", true); - runtest("/dev/null", "r", NULL, "w+", false); - runtest("/dev/null", "w", NULL, "w+", false); - runtest("/dev/null", "r+", NULL, "w+", true); - runtest("/bin/sh", "r", NULL, "r", true); - runtest("/bin/sh", "r", "/bin/sh", "r", true); - runtest("/bin/sh", "r", "/dev/null", "r", true); - runtest("/bin/sh", "r", "/dev/null", "w", true); - - return 0; -} - -/* vim:ts=8:cin:sw=8 - * */ diff --git a/tools/regression/lib/libc/stdio/test-freopen.t b/tools/regression/lib/libc/stdio/test-freopen.t deleted file mode 100644 index 8bdfd03..0000000 --- a/tools/regression/lib/libc/stdio/test-freopen.t +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/sh -# $FreeBSD$ - -cd `dirname $0` - -executable=`basename $0 .t` - -make $executable 2>&1 > /dev/null - -exec ./$executable diff --git a/tools/regression/lib/libc/stdio/test-getdelim.t b/tools/regression/lib/libc/stdio/test-getdelim.t deleted file mode 100644 index 8bdfd03..0000000 --- a/tools/regression/lib/libc/stdio/test-getdelim.t +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/sh -# $FreeBSD$ - -cd `dirname $0` - -executable=`basename $0 .t` - -make $executable 2>&1 > /dev/null - -exec ./$executable diff --git a/tools/regression/lib/libc/stdio/test-mkostemp.t b/tools/regression/lib/libc/stdio/test-mkostemp.t deleted file mode 100644 index 8bdfd03..0000000 --- a/tools/regression/lib/libc/stdio/test-mkostemp.t +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/sh -# $FreeBSD$ - -cd `dirname $0` - -executable=`basename $0 .t` - -make $executable 2>&1 > /dev/null - -exec ./$executable diff --git a/tools/regression/lib/libc/stdio/test-open_memstream.t b/tools/regression/lib/libc/stdio/test-open_memstream.t deleted file mode 100644 index bd5157b..0000000 --- a/tools/regression/lib/libc/stdio/test-open_memstream.t +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/sh -# $FreeBSD$ - -cd `dirname $0` - -executable=`basename $0 .t` - -make $executable 2>&1 > /dev/null - -echo 1..1 -if ./$executable; then - echo ok 1 - $executable successful -else - echo not ok 1 - $executable failed -fi diff --git a/tools/regression/lib/libc/stdio/test-open_wmemstream.t b/tools/regression/lib/libc/stdio/test-open_wmemstream.t deleted file mode 100644 index bd5157b..0000000 --- a/tools/regression/lib/libc/stdio/test-open_wmemstream.t +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/sh -# $FreeBSD$ - -cd `dirname $0` - -executable=`basename $0 .t` - -make $executable 2>&1 > /dev/null - -echo 1..1 -if ./$executable; then - echo ok 1 - $executable successful -else - echo not ok 1 - $executable failed -fi diff --git a/tools/regression/lib/libc/stdio/test-perror.t b/tools/regression/lib/libc/stdio/test-perror.t deleted file mode 100644 index 8bdfd03..0000000 --- a/tools/regression/lib/libc/stdio/test-perror.t +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/sh -# $FreeBSD$ - -cd `dirname $0` - -executable=`basename $0 .t` - -make $executable 2>&1 > /dev/null - -exec ./$executable diff --git a/tools/regression/lib/libc/stdio/test-print-positional.t b/tools/regression/lib/libc/stdio/test-print-positional.t deleted file mode 100644 index 8bdfd03..0000000 --- a/tools/regression/lib/libc/stdio/test-print-positional.t +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/sh -# $FreeBSD$ - -cd `dirname $0` - -executable=`basename $0 .t` - -make $executable 2>&1 > /dev/null - -exec ./$executable diff --git a/tools/regression/lib/libc/stdio/test-printbasic.t b/tools/regression/lib/libc/stdio/test-printbasic.t deleted file mode 100644 index 8bdfd03..0000000 --- a/tools/regression/lib/libc/stdio/test-printbasic.t +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/sh -# $FreeBSD$ - -cd `dirname $0` - -executable=`basename $0 .t` - -make $executable 2>&1 > /dev/null - -exec ./$executable diff --git a/tools/regression/lib/libc/stdio/test-printfloat.t b/tools/regression/lib/libc/stdio/test-printfloat.t deleted file mode 100644 index 8bdfd03..0000000 --- a/tools/regression/lib/libc/stdio/test-printfloat.t +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/sh -# $FreeBSD$ - -cd `dirname $0` - -executable=`basename $0 .t` - -make $executable 2>&1 > /dev/null - -exec ./$executable diff --git a/tools/regression/lib/libc/stdio/test-scanfloat.t b/tools/regression/lib/libc/stdio/test-scanfloat.t deleted file mode 100644 index 8bdfd03..0000000 --- a/tools/regression/lib/libc/stdio/test-scanfloat.t +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/sh -# $FreeBSD$ - -cd `dirname $0` - -executable=`basename $0 .t` - -make $executable 2>&1 > /dev/null - -exec ./$executable diff --git a/usr.bin/cpio/tests/Makefile b/usr.bin/cpio/tests/Makefile index 9e0b1eb..3eaa9cf 100644 --- a/usr.bin/cpio/tests/Makefile +++ b/usr.bin/cpio/tests/Makefile @@ -78,9 +78,6 @@ SRCS.bsdcpio_test= list.h \ ${TESTS_SRCS} \ main.c -DPSRCS.bsdcpio_test= \ - list.h - .PATH: ${LIBARCHIVEDIR}/test_utils SRCS.bsdcpio_test+= test_utils.c diff --git a/usr.bin/kdump/Makefile b/usr.bin/kdump/Makefile index e708f3b..d450da5 100644 --- a/usr.bin/kdump/Makefile +++ b/usr.bin/kdump/Makefile @@ -10,8 +10,7 @@ SFX= 32 .PATH: ${.CURDIR}/../ktrace PROG= kdump -SRCS= kdump_subr.c kdump.c ioctl.c subr.c -DPSRCS= kdump_subr.h +SRCS= kdump_subr.c kdump_subr.h kdump.c ioctl.c subr.c CFLAGS+= -I${.CURDIR}/../ktrace -I${.CURDIR} -I${.CURDIR}/../.. -I. .if ${MK_PF} != "no" diff --git a/usr.bin/kdump/mkioctls b/usr.bin/kdump/mkioctls index a9ba860..f9dff50 100644 --- a/usr.bin/kdump/mkioctls +++ b/usr.bin/kdump/mkioctls @@ -39,7 +39,7 @@ case "${MACHINE}" in esac awk -v x="$ioctl_includes" 'BEGIN {print x}' | - $CPP -I$1 -dM -DCOMPAT_43TTY - | + $CPP -nostdinc -I$1 -dM -DCOMPAT_43TTY - | awk -v ioctl_includes="$ioctl_includes" -v style="$style" ' BEGIN { print "/* XXX obnoxious prerequisites. */" diff --git a/usr.bin/makewhatis/Makefile b/usr.bin/makewhatis/Makefile index 4da90ef..209a892 100644 --- a/usr.bin/makewhatis/Makefile +++ b/usr.bin/makewhatis/Makefile @@ -5,7 +5,7 @@ DPADD= ${LIBZ} LDADD= -lz SCRIPTS= makewhatis.local.sh MAN= makewhatis.1 makewhatis.local.8 -SCRIPTSDIR= /usr/libexec +SCRIPTSDIR= ${LIBEXECDIR} LINKS= ${SCRIPTSDIR}/makewhatis.local ${SCRIPTSDIR}/catman.local MLINKS= makewhatis.local.8 catman.local.8 diff --git a/usr.bin/mkdep/mkdep.1 b/usr.bin/mkdep/mkdep.1 index a4be961..9b65a9c 100644 --- a/usr.bin/mkdep/mkdep.1 +++ b/usr.bin/mkdep/mkdep.1 @@ -28,7 +28,7 @@ .\" @(#)mkdep.1 8.1 (Berkeley) 6/6/93 .\" $FreeBSD$ .\" -.Dd June 6, 1993 +.Dd October 23, 2015 .Dt MKDEP 1 .Os .Sh NAME @@ -60,11 +60,13 @@ CFLAGS is the list of flags for the C compiler. .Pp The user has the ability to change the preprocessor and preprocessor options used. -For instance, to use gcc as the preprocessor and to ignore system +For instance, to use +.Sy cc +as the preprocessor and to ignore system headers, one would use .Bd -literal -offset indent depend: - env MKDEP_CPP="gcc -E" MKDEP_CPP_OPTS=-MM mkdep \\ + env MKDEP_CPP="cc -E" MKDEP_CPP_OPTS=-MM mkdep \\ ${CFLAGS} ${SRCS} .Ed .Pp @@ -101,6 +103,8 @@ module. Specifies the C compiler to use. The specified compiler is expected to have options consistent with the GNU C compiler. +The default is +.Sy cc . .It Ev MKDEP_CPP Specifies the preprocessor to use. The default is "${CC} -E". diff --git a/usr.bin/svn/lib/Makefile b/usr.bin/svn/lib/Makefile index 3200625..befbe4a 100644 --- a/usr.bin/svn/lib/Makefile +++ b/usr.bin/svn/lib/Makefile @@ -4,5 +4,6 @@ SUBDIR= libapr libapr_util libserf libsqlite3 \ libsvn_client libsvn_delta libsvn_diff libsvn_fs libsvn_fs_fs \ libsvn_fs_util libsvn_ra libsvn_ra_local libsvn_ra_serf \ libsvn_ra_svn libsvn_repos libsvn_subr libsvn_wc +SUBDIR_PARALLEL= .include <bsd.subdir.mk> diff --git a/usr.bin/svn/svn/Makefile b/usr.bin/svn/svn/Makefile index 0b9cc9b..dcd449c 100644 --- a/usr.bin/svn/svn/Makefile +++ b/usr.bin/svn/svn/Makefile @@ -55,7 +55,7 @@ DPADD= ${LIBSVN_CLIENT} ${LIBSVN_WC} ${LIBSVN_RA} ${LIBSVN_RA_LOCAL} \ CLEANFILES+= svnlite.1 .if(defined(ORGANIZATION) && !empty(ORGANIZATION)) -DPSRCS+= freebsd-organization.h +SRCS+= freebsd-organization.h CLEANFILES+= freebsd-organization.h CFLAGS+= -I. -DHAS_ORGANIZATION_NAME freebsd-organization.h: diff --git a/usr.bin/tar/tests/Makefile b/usr.bin/tar/tests/Makefile index c356009..c078ed9 100644 --- a/usr.bin/tar/tests/Makefile +++ b/usr.bin/tar/tests/Makefile @@ -78,8 +78,6 @@ SRCS.bsdtar_test= \ list.h \ main.c -DPSRCS.bsdtar_test+= list.h - .PATH: ${LIBARCHIVEDIR}/test_utils SRCS.bsdtar_test+= test_utils.c diff --git a/usr.bin/vgrind/Makefile b/usr.bin/vgrind/Makefile index 06d9052..a7dc9a1 100644 --- a/usr.bin/vgrind/Makefile +++ b/usr.bin/vgrind/Makefile @@ -13,7 +13,7 @@ MAN= vgrind.1 vgrindefs.5 WARNS?= 3 -BINDIR= /usr/libexec +BINDIR= ${LIBEXECDIR} SCRIPTSDIR=/usr/bin CLEANFILES= vgrindefs.src.db diff --git a/usr.bin/vi/catalog/Makefile b/usr.bin/vi/catalog/Makefile index bd9db9f..30bc12c 100644 --- a/usr.bin/vi/catalog/Makefile +++ b/usr.bin/vi/catalog/Makefile @@ -115,7 +115,7 @@ SVLINKS= sv_SE PLLINKS= pl_PL FILES= ${CATALOGS} -FILESDIR= /usr/share/vi/catalog +FILESDIR= ${SHAREDIR}/vi/catalog SYMLINKS= .for l in ${NLLINKS} SYMLINKS+= dutch ${FILESDIR}/$l.ISO8859-1 diff --git a/usr.bin/xinstall/Makefile b/usr.bin/xinstall/Makefile index 773dd4e..c505842 100644 --- a/usr.bin/xinstall/Makefile +++ b/usr.bin/xinstall/Makefile @@ -7,10 +7,8 @@ SRCS= xinstall.c getid.c MAN= install.1 .PATH: ${.CURDIR}/../../contrib/mtree -.PATH: ${.CURDIR}/../../lib/libmd CFLAGS+= -I${.CURDIR}/../../contrib/mtree CFLAGS+= -I${.CURDIR}/../../lib/libnetbsd -CFLAGS+= -I${.CURDIR}/../../lib/libmd DPADD+= ${LIBMD} LDADD+= -lmd diff --git a/usr.bin/xinstall/xinstall.c b/usr.bin/xinstall/xinstall.c index 15b115a..ae2ab79 100644 --- a/usr.bin/xinstall/xinstall.c +++ b/usr.bin/xinstall/xinstall.c @@ -748,10 +748,7 @@ install(const char *from_name, const char *to_name, u_long fset, u_int flags) devnull = 1; } - if (!dolink) - target = (stat(to_name, &to_sb) == 0); - else - target = (lstat(to_name, &to_sb) == 0); + target = (lstat(to_name, &to_sb) == 0); if (dolink) { if (target && !safecopy) { @@ -766,8 +763,7 @@ install(const char *from_name, const char *to_name, u_long fset, u_int flags) return; } - /* Only install to regular files. */ - if (target && !S_ISREG(to_sb.st_mode)) { + if (target && !S_ISREG(to_sb.st_mode) && !S_ISLNK(to_sb.st_mode)) { errno = EFTYPE; warn("%s", to_name); return; @@ -780,7 +776,7 @@ install(const char *from_name, const char *to_name, u_long fset, u_int flags) err(EX_OSERR, "%s", from_name); /* If we don't strip, we can compare first. */ - if (docompare && !dostrip && target) { + if (docompare && !dostrip && target && S_ISREG(to_sb.st_mode)) { if ((to_fd = open(to_name, O_RDONLY, 0)) < 0) err(EX_OSERR, "%s", to_name); if (devnull) @@ -832,7 +828,7 @@ install(const char *from_name, const char *to_name, u_long fset, u_int flags) /* * Compare the stripped temp file with the target. */ - if (docompare && dostrip && target) { + if (docompare && dostrip && target && S_ISREG(to_sb.st_mode)) { temp_fd = to_fd; /* Re-open to_fd using the real target name. */ @@ -866,9 +862,7 @@ install(const char *from_name, const char *to_name, u_long fset, u_int flags) } (void) close(temp_fd); } - } - - if (dostrip && (!docompare || !target)) + } else if (dostrip) digestresult = digest_file(tempfile); /* diff --git a/usr.bin/xlint/lint1/Makefile b/usr.bin/xlint/lint1/Makefile index b7f78c5..016423c 100644 --- a/usr.bin/xlint/lint1/Makefile +++ b/usr.bin/xlint/lint1/Makefile @@ -12,7 +12,7 @@ DPADD= ${LIBL} ${LIBM} CFLAGS+= -I. -I${.CURDIR} LINTFLAGS=-aehpz -BINDIR= /usr/libexec +BINDIR= ${LIBEXECDIR} .PATH: ${.CURDIR}/../common diff --git a/usr.bin/xlint/lint2/Makefile b/usr.bin/xlint/lint2/Makefile index 8f4a4ad..ad14d2a 100644 --- a/usr.bin/xlint/lint2/Makefile +++ b/usr.bin/xlint/lint2/Makefile @@ -9,6 +9,6 @@ MAN= CFLAGS+=-I${.CURDIR}/../lint1 LINTFLAGS=-abehrz -BINDIR= /usr/libexec +BINDIR= ${LIBEXECDIR} .include <bsd.prog.mk> diff --git a/usr.sbin/bsdconfig/includes/Makefile b/usr.sbin/bsdconfig/includes/Makefile index 4717d34..c0bd689 100644 --- a/usr.sbin/bsdconfig/includes/Makefile +++ b/usr.sbin/bsdconfig/includes/Makefile @@ -8,6 +8,6 @@ FILESDIR= ${LIBEXECDIR}/bsdconfig/includes FILES= INDEX USAGE SCRIPTSDIR= ${FILESDIR} -SCRIPTS= includes +SCRIPTS= includes.sh .include <bsd.prog.mk> diff --git a/usr.sbin/bsdconfig/includes/includes b/usr.sbin/bsdconfig/includes/includes.sh index 6e9906f..6e9906f 100755 --- a/usr.sbin/bsdconfig/includes/includes +++ b/usr.sbin/bsdconfig/includes/includes.sh diff --git a/usr.sbin/bsdinstall/distextract/Makefile b/usr.sbin/bsdinstall/distextract/Makefile index 751c39d..fb8fa2f 100644 --- a/usr.sbin/bsdinstall/distextract/Makefile +++ b/usr.sbin/bsdinstall/distextract/Makefile @@ -1,6 +1,6 @@ # $FreeBSD$ -BINDIR= /usr/libexec/bsdinstall +BINDIR= ${LIBEXECDIR}/bsdinstall PROG= distextract DPADD= ${LIBARCHIVE} ${LIBDPV} ${LIBFIGPAR} ${LIBDIALOG} ${LIBM} LDADD= -larchive -ldpv -lfigpar -ldialog -lm diff --git a/usr.sbin/bsdinstall/distfetch/Makefile b/usr.sbin/bsdinstall/distfetch/Makefile index 08eb91c..0c46881 100644 --- a/usr.sbin/bsdinstall/distfetch/Makefile +++ b/usr.sbin/bsdinstall/distfetch/Makefile @@ -1,6 +1,6 @@ # $FreeBSD$ -BINDIR= /usr/libexec/bsdinstall +BINDIR= ${LIBEXECDIR}/bsdinstall PROG= distfetch DPADD= ${LIBFETCH} ${LIBDIALOG} ${LIBM} LDADD= -lfetch -ldialog -lm diff --git a/usr.sbin/bsdinstall/partedit/Makefile b/usr.sbin/bsdinstall/partedit/Makefile index 3eb0d3f..71e9028 100644 --- a/usr.sbin/bsdinstall/partedit/Makefile +++ b/usr.sbin/bsdinstall/partedit/Makefile @@ -1,6 +1,6 @@ # $FreeBSD$ -BINDIR= /usr/libexec/bsdinstall +BINDIR= ${LIBEXECDIR}/bsdinstall PROG= partedit LINKS= ${BINDIR}/partedit ${BINDIR}/autopart \ ${BINDIR}/partedit ${BINDIR}/scriptedpart diff --git a/usr.sbin/bsdinstall/scripts/Makefile b/usr.sbin/bsdinstall/scripts/Makefile index efe9700..c0d6ac2 100644 --- a/usr.sbin/bsdinstall/scripts/Makefile +++ b/usr.sbin/bsdinstall/scripts/Makefile @@ -3,7 +3,7 @@ SCRIPTS= auto adduser checksum config docsinstall entropy hostname jail \ keymap mirrorselect mount netconfig netconfig_ipv4 netconfig_ipv6 \ rootpass script services time umount wlanconfig zfsboot -BINDIR= /usr/libexec/bsdinstall +BINDIR= ${LIBEXECDIR}/bsdinstall MAN= diff --git a/usr.sbin/lpr/filters/Makefile b/usr.sbin/lpr/filters/Makefile index f1bc586..7976752 100644 --- a/usr.sbin/lpr/filters/Makefile +++ b/usr.sbin/lpr/filters/Makefile @@ -1,7 +1,7 @@ # @(#)Makefile 8.1 (Berkeley) 6/6/93 # $FreeBSD$ -BINDIR= /usr/libexec/lpr +BINDIR= ${LIBEXECDIR}/lpr PROG= lpf MAN= diff --git a/usr.sbin/ndiscvt/Makefile b/usr.sbin/ndiscvt/Makefile index b11b4b0..d977bd6 100644 --- a/usr.sbin/ndiscvt/Makefile +++ b/usr.sbin/ndiscvt/Makefile @@ -23,8 +23,7 @@ CFLAGS+=-I. -I${.CURDIR} -I${.CURDIR}/../../sys CLEANFILES= y.output FILES= windrv_stub.c -FILESNAME= windrv_stub.c -FILESDIR= /usr/share/misc +FILESDIR= ${SHAREDIR}/misc SCRIPTS= ndisgen.sh diff --git a/usr.sbin/pw/pw_user.c b/usr.sbin/pw/pw_user.c index ed99186..5b422fe 100644 --- a/usr.sbin/pw/pw_user.c +++ b/usr.sbin/pw/pw_user.c @@ -272,7 +272,7 @@ pw_userlock(char *arg1, int mode) char *passtmp = NULL; char *name; bool locked = false; - uid_t id; + uid_t id = (uid_t)-1; if (geteuid() != 0) errx(EX_NOPERM, "you must be root"); @@ -280,16 +280,19 @@ pw_userlock(char *arg1, int mode) if (arg1 == NULL) errx(EX_DATAERR, "username or id required"); - if (arg1[strspn(arg1, "0123456789")] == '\0') { - id = pw_checkid(arg1, UID_MAX); - name = NULL; - } else - name = arg1; + name = arg1; + if (arg1[strspn(name, "0123456789")] == '\0') + id = pw_checkid(name, UID_MAX); - pwd = (name != NULL) ? GETPWNAM(pw_checkname(name, 0)) : GETPWUID(id); + pwd = GETPWNAM(pw_checkname(name, 0)); + if (pwd == NULL && id != (uid_t)-1) { + pwd = GETPWUID(id); + if (pwd != NULL) + name = pwd->pw_name; + } if (pwd == NULL) { - if (name == NULL) - errx(EX_NOUSER, "no such uid `%ju'", (uintmax_t) id); + if (id == (uid_t)-1) + errx(EX_NOUSER, "no such name or uid `%ju'", (uintmax_t) id); errx(EX_NOUSER, "no such user `%s'", name); } @@ -637,7 +640,8 @@ pw_checkname(char *name, int gecos) } if (!reject) { while (*ch) { - if (strchr(badchars, *ch) != NULL || *ch < ' ' || + if (strchr(badchars, *ch) != NULL || + (!gecos && *ch < ' ') || *ch == 127) { reject = 1; break; diff --git a/usr.sbin/pw/tests/pw_lock.sh b/usr.sbin/pw/tests/pw_lock.sh index 9f14e24..5ec1b09 100755 --- a/usr.sbin/pw/tests/pw_lock.sh +++ b/usr.sbin/pw/tests/pw_lock.sh @@ -16,7 +16,27 @@ user_locking_body() { grep "^test:\*:1001:" $HOME/master.passwd } +atf_test_case numeric_locking cleanup +numeric_locking_body() { + populate_etc_skel + ${PW} useradd test || atf_fail "Creating test user" + ${PW} lock 1001 || atf_fail "Locking the user" + atf_check -s exit:0 -o match:"^test:\*LOCKED\*\*:1001:" \ + grep "^test:\*LOCKED\*\*:1001:" $HOME/master.passwd + ${PW} unlock 1001 || atf_fail "Unlocking the user" + atf_check -s exit:0 -o match:"^test:\*:1001:" \ + grep "^test:\*:1001:" $HOME/master.passwd + # Now numeric names + ${PW} useradd -n 1001 || atf_fail "Creating test user" + ${PW} lock 1001 || atf_fail "Locking the user" + atf_check -s exit:0 -o match:"^1001:\*LOCKED\*\*:1002:" \ + grep "^1001:\*LOCKED\*\*:1002:" $HOME/master.passwd + ${PW} unlock 1001 || atf_fail "Unlocking the user" + atf_check -s exit:0 -o match:"^1001:\*:1002:" \ + grep "^1001:\*:1002:" $HOME/master.passwd +} atf_init_test_cases() { atf_add_test_case user_locking + atf_add_test_case numeric_locking } diff --git a/usr.sbin/rpc.yppasswdd/Makefile b/usr.sbin/rpc.yppasswdd/Makefile index a9d3a75..7724cfd 100644 --- a/usr.sbin/rpc.yppasswdd/Makefile +++ b/usr.sbin/rpc.yppasswdd/Makefile @@ -7,7 +7,7 @@ RPCDIR= ${DESTDIR}/usr/include/rpcsvc PROG= rpc.yppasswdd SCRIPTS=yppwupdate -SCRIPTSDIR= /usr/libexec +SCRIPTSDIR= ${LIBEXECDIR} MAN= rpc.yppasswdd.8 SRCS= util.c yp_access.c yp_dblookup.c yp_dbwrite.c \ yp_error.c yppasswdd_main.c yppasswdd_server.c ypxfr_misc.c ${GENSRCS} diff --git a/usr.sbin/sendmail/Makefile b/usr.sbin/sendmail/Makefile index 2215070..5a850bf 100644 --- a/usr.sbin/sendmail/Makefile +++ b/usr.sbin/sendmail/Makefile @@ -7,7 +7,7 @@ SENDMAIL_DIR=${.CURDIR}/../../contrib/sendmail SMDIR= ${SENDMAIL_DIR}/src .PATH: ${SMDIR} -BINDIR= /usr/libexec/sendmail +BINDIR= ${LIBEXECDIR}/sendmail PROG= sendmail MAN= mailq.1 newaliases.1 aliases.5 sendmail.8 diff --git a/usr.sbin/tcpdchk/Makefile b/usr.sbin/tcpdchk/Makefile index a49ffc6..a8eb0d1 100644 --- a/usr.sbin/tcpdchk/Makefile +++ b/usr.sbin/tcpdchk/Makefile @@ -8,7 +8,7 @@ PROG= tcpdchk MAN= tcpdchk.8 SRCS= tcpdchk.c fakelog.c inetcf.c scaffold.c -CFLAGS+=-DREAL_DAEMON_DIR=\"/usr/libexec\" \ +CFLAGS+=-DREAL_DAEMON_DIR=\"${LIBEXECDIR}\" \ -DSEVERITY=LOG_INFO -DRFC931_TIMEOUT=10 -DPROCESS_OPTIONS \ -DHOSTS_DENY=\"/etc/hosts.deny\" -DHOSTS_ALLOW=\"/etc/hosts.allow\" .if ${MK_INET6_SUPPORT} != "no" diff --git a/usr.sbin/tcpdmatch/Makefile b/usr.sbin/tcpdmatch/Makefile index caae746..53e7f56 100644 --- a/usr.sbin/tcpdmatch/Makefile +++ b/usr.sbin/tcpdmatch/Makefile @@ -8,7 +8,7 @@ PROG= tcpdmatch MAN= tcpdmatch.8 SRCS= tcpdmatch.c fakelog.c inetcf.c scaffold.c -CFLAGS+=-DREAL_DAEMON_DIR=\"/usr/libexec\" \ +CFLAGS+=-DREAL_DAEMON_DIR=\"${LIBEXECDIR}\" \ -DSEVERITY=LOG_INFO -DRFC931_TIMEOUT=10 .if ${MK_INET6_SUPPORT} != "no" CFLAGS+=-DINET6 diff --git a/usr.sbin/unbound/local-setup/local-unbound-setup.sh b/usr.sbin/unbound/local-setup/local-unbound-setup.sh index 4c464d1..5df4760 100755 --- a/usr.sbin/unbound/local-setup/local-unbound-setup.sh +++ b/usr.sbin/unbound/local-setup/local-unbound-setup.sh @@ -172,13 +172,18 @@ do_not_edit() { # the libc resolver will try unbound first. # gen_resolvconf_conf() { + local style="$1" do_not_edit echo "resolv_conf=\"/dev/null\" # prevent updating ${resolv_conf}" - echo "unbound_conf=\"${forward_conf}\"" - echo "unbound_pid=\"${pidfile}\"" - echo "unbound_service=\"${service}\"" - # resolvconf(8) likes to restart rather than reload - echo "unbound_restart=\"service ${service} reload\"" + if [ "${style}" = "dynamic" ] ; then + echo "unbound_conf=\"${forward_conf}\"" + echo "unbound_pid=\"${pidfile}\"" + echo "unbound_service=\"${service}\"" + # resolvconf(8) likes to restart rather than reload + echo "unbound_restart=\"service ${service} reload\"" + else + echo "# Static DNS configuration" + fi } # @@ -379,6 +384,9 @@ main() { if [ -z "$forwarders" ] ; then echo "Extracting forwarders from ${resolv_conf}." forwarders=$(get_nameservers <"${resolv_conf}") + style=dynamic + else + style=static fi # @@ -440,7 +448,7 @@ main() { # instead of resolv.conf. # local tmp_resolvconf_conf=$(mktemp -u "${resolvconf_conf}.XXXXX") - gen_resolvconf_conf | unexpand >"${tmp_resolvconf_conf}" + gen_resolvconf_conf "${style}" | unexpand >"${tmp_resolvconf_conf}" replace "${resolvconf_conf}" "${tmp_resolvconf_conf}" # diff --git a/usr.sbin/zic/zdump/Makefile b/usr.sbin/zic/zdump/Makefile index d654dee..2ff7db9 100644 --- a/usr.sbin/zic/zdump/Makefile +++ b/usr.sbin/zic/zdump/Makefile @@ -7,7 +7,7 @@ MAN= zdump.8 SRCS= zdump.c ialloc.c scheck.c CFLAGS+= -DTM_GMTOFF=tm_gmtoff -DTM_ZONE=tm_zone -DSTD_INSPIRED -DPCTS -CFLAGS+= -DHAVE_LONG_DOUBLE -DTZDIR=\"/usr/share/zoneinfo\" -Demkdir=mkdir +CFLAGS+= -DHAVE_LONG_DOUBLE -DTZDIR=\"${SHAREDIR}/zoneinfo\" -Demkdir=mkdir CFLAGS+= -I${.CURDIR}/.. -I${.CURDIR}/../../../contrib/tzcode/stdtime WARNS?= 2 diff --git a/usr.sbin/zic/zic/Makefile b/usr.sbin/zic/zic/Makefile index f473da5..c38e3b8 100644 --- a/usr.sbin/zic/zic/Makefile +++ b/usr.sbin/zic/zic/Makefile @@ -7,7 +7,7 @@ MAN= zic.8 SRCS= zic.c ialloc.c scheck.c CFLAGS+= -DTM_GMTOFF=tm_gmtoff -DTM_ZONE=tm_zone -DSTD_INSPIRED -DPCTS -CFLAGS+= -DHAVE_LONG_DOUBLE -DTZDIR=\"/usr/share/zoneinfo\" -Demkdir=mkdir +CFLAGS+= -DHAVE_LONG_DOUBLE -DTZDIR=\"${SHAREDIR}/zoneinfo\" -Demkdir=mkdir CFLAGS+= -DHAVE_STRERROR -DHAVE_UNISTD_H CFLAGS+= -I${.CURDIR}/.. -I${.CURDIR}/../../../contrib/tzcode/stdtime |
