mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2025-01-11 17:04:19 +01:00
Import of OpenSSL 0.9.6e.
This commit is contained in:
parent
c1803d7836
commit
4f20a5a274
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/vendor-crypto/openssl/dist/; revision=100936
@ -2,6 +2,58 @@
|
||||
OpenSSL CHANGES
|
||||
_______________
|
||||
|
||||
Changes between 0.9.6d and 0.9.6e [30 Jul 2002]
|
||||
|
||||
*) Fix cipher selection routines: ciphers without encryption had no flags
|
||||
for the cipher strength set and where therefore not handled correctly
|
||||
by the selection routines (PR #130).
|
||||
[Lutz Jaenicke]
|
||||
|
||||
*) Fix EVP_dsa_sha macro.
|
||||
[Nils Larsch]
|
||||
|
||||
*) New option
|
||||
SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
|
||||
for disabling the SSL 3.0/TLS 1.0 CBC vulnerability countermeasure
|
||||
that was added in OpenSSL 0.9.6d.
|
||||
|
||||
As the countermeasure turned out to be incompatible with some
|
||||
broken SSL implementations, the new option is part of SSL_OP_ALL.
|
||||
SSL_OP_ALL is usually employed when compatibility with weird SSL
|
||||
implementations is desired (e.g. '-bugs' option to 's_client' and
|
||||
's_server'), so the new option is automatically set in many
|
||||
applications.
|
||||
[Bodo Moeller]
|
||||
|
||||
*) Changes in security patch:
|
||||
|
||||
Changes marked "(CHATS)" were sponsored by the Defense Advanced
|
||||
Research Projects Agency (DARPA) and Air Force Research Laboratory,
|
||||
Air Force Materiel Command, USAF, under agreement number
|
||||
F30602-01-2-0537.
|
||||
|
||||
*) Add various sanity checks to asn1_get_length() to reject
|
||||
the ASN1 length bytes if they exceed sizeof(long), will appear
|
||||
negative or the content length exceeds the length of the
|
||||
supplied buffer.
|
||||
[Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
|
||||
|
||||
*) Assertions for various potential buffer overflows, not known to
|
||||
happen in practice.
|
||||
[Ben Laurie (CHATS)]
|
||||
|
||||
*) Various temporary buffers to hold ASCII versions of integers were
|
||||
too small for 64 bit platforms. (CAN-2002-0655)
|
||||
[Matthew Byng-Maddick <mbm@aldigital.co.uk> and Ben Laurie (CHATS)>
|
||||
|
||||
*) Remote buffer overflow in SSL3 protocol - an attacker could
|
||||
supply an oversized session ID to a client. (CAN-2002-0656)
|
||||
[Ben Laurie (CHATS)]
|
||||
|
||||
*) Remote buffer overflow in SSL2 protocol - an attacker could
|
||||
supply an oversized client master key. (CAN-2002-0656)
|
||||
[Ben Laurie (CHATS)]
|
||||
|
||||
Changes between 0.9.6c and 0.9.6d [9 May 2002]
|
||||
|
||||
*) Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not
|
||||
|
@ -144,6 +144,7 @@ my %table=(
|
||||
"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
"solaris-sparcv9-gcc","gcc:-mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
"solaris64-sparcv9-gcc31","gcc:-mcpu=ultrasparc -m64 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
# gcc pre-2.8 doesn't understand -mcpu=ultrasparc, so fall down to -mv8
|
||||
# but keep the assembler modules.
|
||||
"solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
@ -169,10 +170,10 @@ my %table=(
|
||||
"linux-sparcv7","gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::",
|
||||
# Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
|
||||
# assisted with debugging of following two configs.
|
||||
"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o::::",
|
||||
"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
# it's a real mess with -mcpu=ultrasparc option under Linux, but
|
||||
# -Wa,-Av8plus should do the trick no matter what.
|
||||
"linux-sparcv9","gcc:-mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
"linux-sparcv9","gcc:-mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W::-D_REENTRANT:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
# !!!Folowing can't be even tested yet!!!
|
||||
# We have to wait till 64-bit glibc for SPARC is operational!!!
|
||||
#"linux64-sparcv9","sparc64-linux-gcc:-m64 -mcpu=v9 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::asm/md5-sparcv9.o:",
|
||||
@ -228,6 +229,7 @@ my %table=(
|
||||
"hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
"hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
"hpux64-parisc-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
"hpux64-parisc-gcc","gcc:-DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:-fpic::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
|
||||
# More attempts at unified 10.X and 11.X targets for HP C compiler.
|
||||
#
|
||||
@ -335,7 +337,7 @@ my %table=(
|
||||
# The intel boxes :-), It would be worth seeing if bsdi-gcc can use the
|
||||
# bn86-elf.o file file since it is hand tweaked assembler.
|
||||
"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
|
||||
"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
|
||||
"linux-mipsel", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::",
|
||||
@ -435,7 +437,7 @@ my %table=(
|
||||
"sco5-cc-pentium", "cc:-Kpentium::(unknown):-lsocket:${x86_gcc_des} ${x86_gcc_opts}:::", # des options?
|
||||
"sco5-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown):-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ...
|
||||
"sco5-cc-shared","cc:-belf:::-lsocket -lresolv -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr3-shared:-Kpic",
|
||||
"sco5-gcc-shared","gcc:-O3 -DFILIO_H -fomit-frame-pointer:::-lsocket -lresolv -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:svr3-shared:-fPIC", # the SCO assembler doesn't seem to like our assembler files ...
|
||||
"sco5-gcc-shared","gcc:-O3 -fomit-frame-pointer:::-lsocket -lresolv -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:svr3-shared:-fPIC", # the SCO assembler doesn't seem to like our assembler files ...
|
||||
|
||||
# Sinix/ReliantUNIX RM400
|
||||
# NOTE: The CDS++ Compiler up to V2.0Bsomething has the IRIX_CC_BUG optimizer problem. Better use -g */
|
||||
@ -470,6 +472,9 @@ my %table=(
|
||||
# and its library files in util/pl/*)
|
||||
"Mingw32", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
|
||||
|
||||
# UWIN
|
||||
"UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
|
||||
|
||||
# Cygwin
|
||||
"Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
|
||||
"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -m486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32:cygwin-shared:::.dll",
|
||||
@ -488,7 +493,7 @@ my %table=(
|
||||
|
||||
##### MacOS X (a.k.a. Rhapsody or Darwin) setup
|
||||
"rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
|
||||
"darwin-ppc-cc","cc:-O3 -D_DARWIN -DB_ENDIAN::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::::::::::darwin-shared:-fPIC:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
|
||||
"darwin-ppc-cc","cc:-O3 -D_DARWIN -DB_ENDIAN -fno-common::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::::::::::darwin-shared:-fPIC::.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
|
||||
|
||||
##### Sony NEWS-OS 4.x
|
||||
"newsos4-gcc","gcc:-O -DB_ENDIAN -DNEWS4::(unknown):-lmld -liberty:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::",
|
||||
@ -899,6 +904,10 @@ if ($rmd160_obj =~ /\.o$/)
|
||||
$cflags.=" -DRMD160_ASM";
|
||||
}
|
||||
|
||||
# "Stringify" the C flags string. This permits it to be made part of a string
|
||||
# and works as well on command lines.
|
||||
$cflags =~ s/([\\\"])/\\\1/g;
|
||||
|
||||
my $version = "unknown";
|
||||
my $major = "unknown";
|
||||
my $minor = "unknown";
|
||||
@ -981,13 +990,21 @@ while (<IN>)
|
||||
if ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*$/)
|
||||
{
|
||||
my $sotmp = $1;
|
||||
s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp/
|
||||
s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp/;
|
||||
}
|
||||
elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.dylib$/)
|
||||
{
|
||||
s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.dylib/;
|
||||
}
|
||||
elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/)
|
||||
{
|
||||
my $sotmp = $1;
|
||||
s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/;
|
||||
}
|
||||
elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.[^\.]*\.dylib$/)
|
||||
{
|
||||
s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.\$(SHLIB_MAJOR).dylib .dylib/;
|
||||
}
|
||||
s/^SHARED_LDFLAGS=.*/SHARED_LDFLAGS=$shared_ldflag/;
|
||||
print OUT $_."\n";
|
||||
}
|
||||
|
@ -38,6 +38,8 @@ OpenSSL - Frequently Asked Questions
|
||||
* Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
|
||||
* Why does the OpenSSL compilation fail with "ar: command not found"?
|
||||
* Why does the OpenSSL compilation fail on Win32 with VC++?
|
||||
* What is special about OpenSSL on Redhat?
|
||||
* Why does the OpenSSL test suite fail on MacOS X?
|
||||
|
||||
[PROG] Questions about programming with OpenSSL
|
||||
|
||||
@ -59,7 +61,7 @@ OpenSSL - Frequently Asked Questions
|
||||
* Which is the current version of OpenSSL?
|
||||
|
||||
The current version is available from <URL: http://www.openssl.org>.
|
||||
OpenSSL 0.9.6d was released on 9 May, 2002.
|
||||
OpenSSL 0.9.6e was released on 30 May, 2002.
|
||||
|
||||
In addition to the current stable release, you can also access daily
|
||||
snapshots of the OpenSSL development version at <URL:
|
||||
@ -215,8 +217,11 @@ For Solaris 2.6, Tim Nibbe <tnibbe@sprint.net> and others have suggested
|
||||
installing the SUNski package from Sun patch 105710-01 (Sparc) which
|
||||
adds a /dev/random device and make sure it gets used, usually through
|
||||
$RANDFILE. There are probably similar patches for the other Solaris
|
||||
versions. However, be warned that /dev/random is usually a blocking
|
||||
device, which may have some effects on OpenSSL.
|
||||
versions. An official statement from Sun with respect to /dev/random
|
||||
support can be found at
|
||||
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski
|
||||
However, be warned that /dev/random is usually a blocking device, which
|
||||
may have some effects on OpenSSL.
|
||||
|
||||
|
||||
* Why do I get an "unable to write 'random state'" error message?
|
||||
@ -451,6 +456,52 @@ under 'Program Files'). This needs to be done prior to running NMAKE,
|
||||
and the changes are only valid for the current DOS session.
|
||||
|
||||
|
||||
* What is special about OpenSSL on Redhat?
|
||||
|
||||
Red Hat Linux (release 7.0 and later) include a preinstalled limited
|
||||
version of OpenSSL. For patent reasons, support for IDEA, RC5 and MDC2
|
||||
is disabled in this version. The same may apply to other Linux distributions.
|
||||
Users may therefore wish to install more or all of the features left out.
|
||||
|
||||
To do this you MUST ensure that you do not overwrite the openssl that is in
|
||||
/usr/bin on your Red Hat machine. Several packages depend on this file,
|
||||
including sendmail and ssh. /usr/local/bin is a good alternative choice. The
|
||||
libraries that come with Red Hat 7.0 onwards have different names and so are
|
||||
not affected. (eg For Red Hat 7.2 they are /lib/libssl.so.0.9.6b and
|
||||
/lib/libcrypto.so.0.9.6b with symlinks /lib/libssl.so.2 and
|
||||
/lib/libcrypto.so.2 respectively).
|
||||
|
||||
Please note that we have been advised by Red Hat attempting to recompile the
|
||||
openssl rpm with all the cryptography enabled will not work. All other
|
||||
packages depend on the original Red Hat supplied openssl package. It is also
|
||||
worth noting that due to the way Red Hat supplies its packages, updates to
|
||||
openssl on each distribution never change the package version, only the
|
||||
build number. For example, on Red Hat 7.1, the latest openssl package has
|
||||
version number 0.9.6 and build number 9 even though it contains all the
|
||||
relevant updates in packages up to and including 0.9.6b.
|
||||
|
||||
A possible way around this is to persuade Red Hat to produce a non-US
|
||||
version of Red Hat Linux.
|
||||
|
||||
FYI: Patent numbers and expiry dates of US patents:
|
||||
MDC-2: 4,908,861 13/03/2007
|
||||
IDEA: 5,214,703 25/05/2010
|
||||
RC5: 5,724,428 03/03/2015
|
||||
|
||||
|
||||
* Why does the OpenSSL test suite fail on MacOS X?
|
||||
|
||||
If the failure happens when running 'make test' and the RC4 test fails,
|
||||
it's very probable that you have OpenSSL 0.9.6b delivered with the
|
||||
operating system (you can find out by running '/usr/bin/openssl version')
|
||||
and that you were trying to build OpenSSL 0.9.6d. The problem is that
|
||||
the loader ('ld') in MacOS X has a misfeature that's quite difficult to
|
||||
go around and has linked the programs "openssl" and the test programs
|
||||
with /usr/lib/libcrypto.dylib and /usr/lib/libssl.dylib instead of the
|
||||
libraries you just built.
|
||||
Look in the file PROBLEMS for a more detailed explanation and for possible
|
||||
solutions.
|
||||
|
||||
[PROG] ========================================================================
|
||||
|
||||
* Is OpenSSL thread-safe?
|
||||
|
@ -128,8 +128,11 @@
|
||||
the failure that aren't problems in OpenSSL itself (like missing
|
||||
standard headers). If it is a problem with OpenSSL itself, please
|
||||
report the problem to <openssl-bugs@openssl.org> (note that your
|
||||
message will be forwarded to a public mailing list). Include the
|
||||
output of "make report" in your message.
|
||||
message will be recorded in the request tracker publicly readable
|
||||
via http://www.openssl.org/rt2.html and will be forwarded to a public
|
||||
mailing list). Include the output of "make report" in your message.
|
||||
Please check out the request tracker. Maybe the bug was already
|
||||
reported or has already been fixed.
|
||||
|
||||
[If you encounter assembler error messages, try the "no-asm"
|
||||
configuration option as an immediate fix.]
|
||||
@ -147,7 +150,8 @@
|
||||
try removing any compiler optimization flags from the CFLAGS line
|
||||
in Makefile.ssl and run "make clean; make". Please send a bug
|
||||
report to <openssl-bugs@openssl.org>, including the output of
|
||||
"make report".
|
||||
"make report" in order to be added to the request tracker at
|
||||
http://www.openssl.org/rt2.html.
|
||||
|
||||
4. If everything tests ok, install OpenSSL with
|
||||
|
||||
|
@ -420,6 +420,7 @@ do_hpux-shared:
|
||||
-b -z -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
|
||||
+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
|
||||
-Fl lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
|
||||
chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} ; \
|
||||
libs="$$libs -L. -l$$i"; \
|
||||
done
|
||||
|
||||
@ -430,6 +431,7 @@ do_hpux64-shared:
|
||||
-b -z -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
|
||||
+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
|
||||
+forceload lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
|
||||
chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} ; \
|
||||
libs="$$libs -L. -l$$i"; \
|
||||
done
|
||||
|
||||
@ -545,7 +547,7 @@ test: tests
|
||||
|
||||
tests: rehash
|
||||
@(cd test && echo "testing..." && \
|
||||
$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SDIRS='${SDIRS}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' EXE_EXT='${EXE_EXT}' tests );
|
||||
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' OPENSSL_DEBUG_MEMORY=on tests );
|
||||
@apps/openssl version -a
|
||||
|
||||
report:
|
||||
@ -556,7 +558,7 @@ depend:
|
||||
do \
|
||||
if [ -d "$$i" ]; then \
|
||||
(cd $$i && echo "making dependencies $$i..." && \
|
||||
$(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' depend ) || exit 1; \
|
||||
$(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' PERL='${PERL}' depend ) || exit 1; \
|
||||
fi; \
|
||||
done;
|
||||
|
||||
@ -601,20 +603,26 @@ TABLE: Configure
|
||||
|
||||
update: depend errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h TABLE
|
||||
|
||||
# Build distribution tar-file. As the list of files returned by "find" is
|
||||
# pretty long, on several platforms a "too many arguments" error or similar
|
||||
# would occur. Therefore the list of files is temporarily stored into a file
|
||||
# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
|
||||
# tar does not support the --files-from option.
|
||||
tar:
|
||||
@$(TAR) $(TARFLAGS) -cvf - \
|
||||
`find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort` |\
|
||||
find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \
|
||||
$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \
|
||||
tardy --user_number=0 --user_name=openssl \
|
||||
--group_number=0 --group_name=openssl \
|
||||
--prefix=openssl-$(VERSION) - |\
|
||||
gzip --best >../$(TARFILE).gz; \
|
||||
rm -f ../$(TARFILE).list; \
|
||||
ls -l ../$(TARFILE).gz
|
||||
|
||||
dist:
|
||||
$(PERL) Configure dist
|
||||
@$(MAKE) dist_pem_h
|
||||
@$(MAKE) SDIRS='${SDIRS}' clean
|
||||
@$(MAKE) tar
|
||||
@$(MAKE) TAR='${TAR}' TARFLAGS='${TARFLAGS}' tar
|
||||
|
||||
dist_pem_h:
|
||||
(cd crypto/pem; $(MAKE) CC='${CC}' SDIRS='${SDIRS}' CFLAG='${CFLAG}' pem.h; $(MAKE) clean)
|
||||
@ -656,7 +664,7 @@ install: all install_docs
|
||||
( echo installing $$i; \
|
||||
if [ "$(PLATFORM)" != "Cygwin" ]; then \
|
||||
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
|
||||
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
|
||||
chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
|
||||
else \
|
||||
c=`echo $$i | sed 's/^lib/cyg/'`; \
|
||||
cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
|
||||
@ -681,18 +689,20 @@ install_docs:
|
||||
fn=`basename $$i .pod`; \
|
||||
if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
|
||||
echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
|
||||
(cd `dirname $$i`; \
|
||||
$(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \
|
||||
--release=$(VERSION) `basename $$i`) \
|
||||
(cd `$(PERL) util/dirname.pl $$i`; \
|
||||
sh -c "$(PERL) `cd ../../util; ./pod2mantest ignore` \
|
||||
--section=$$sec --center=OpenSSL \
|
||||
--release=$(VERSION) `basename $$i`") \
|
||||
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
|
||||
done
|
||||
@for i in doc/crypto/*.pod doc/ssl/*.pod; do \
|
||||
fn=`basename $$i .pod`; \
|
||||
if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
|
||||
echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
|
||||
(cd `dirname $$i`; \
|
||||
$(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \
|
||||
--release=$(VERSION) `basename $$i`) \
|
||||
(cd `$(PERL) util/dirname.pl $$i`; \
|
||||
sh -c "$(PERL) `cd ../../util; ./pod2mantest ignore` \
|
||||
--section=$$sec --center=OpenSSL \
|
||||
--release=$(VERSION) `basename $$i`") \
|
||||
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
|
||||
done
|
||||
|
||||
|
@ -4,7 +4,7 @@
|
||||
## Makefile for OpenSSL
|
||||
##
|
||||
|
||||
VERSION=0.9.6d
|
||||
VERSION=0.9.6e
|
||||
MAJOR=0
|
||||
MINOR=9.6
|
||||
SHLIB_VERSION_NUMBER=0.9.6
|
||||
@ -64,7 +64,7 @@ EX_LIBS=
|
||||
EXE_EXT=
|
||||
AR=ar r
|
||||
RANLIB= /usr/bin/ranlib
|
||||
PERL= /usr/local/bin/perl
|
||||
PERL= /usr/local/bin/perl5
|
||||
TAR= tar
|
||||
TARFLAGS= --no-recursion
|
||||
|
||||
@ -422,6 +422,7 @@ do_hpux-shared:
|
||||
-b -z -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
|
||||
+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
|
||||
-Fl lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
|
||||
chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} ; \
|
||||
libs="$$libs -L. -l$$i"; \
|
||||
done
|
||||
|
||||
@ -432,6 +433,7 @@ do_hpux64-shared:
|
||||
-b -z -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
|
||||
+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
|
||||
+forceload lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
|
||||
chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} ; \
|
||||
libs="$$libs -L. -l$$i"; \
|
||||
done
|
||||
|
||||
@ -547,7 +549,7 @@ test: tests
|
||||
|
||||
tests: rehash
|
||||
@(cd test && echo "testing..." && \
|
||||
$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SDIRS='${SDIRS}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' EXE_EXT='${EXE_EXT}' tests );
|
||||
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' OPENSSL_DEBUG_MEMORY=on tests );
|
||||
@apps/openssl version -a
|
||||
|
||||
report:
|
||||
@ -558,7 +560,7 @@ depend:
|
||||
do \
|
||||
if [ -d "$$i" ]; then \
|
||||
(cd $$i && echo "making dependencies $$i..." && \
|
||||
$(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' depend ) || exit 1; \
|
||||
$(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' PERL='${PERL}' depend ) || exit 1; \
|
||||
fi; \
|
||||
done;
|
||||
|
||||
@ -603,20 +605,26 @@ TABLE: Configure
|
||||
|
||||
update: depend errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h TABLE
|
||||
|
||||
# Build distribution tar-file. As the list of files returned by "find" is
|
||||
# pretty long, on several platforms a "too many arguments" error or similar
|
||||
# would occur. Therefore the list of files is temporarily stored into a file
|
||||
# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
|
||||
# tar does not support the --files-from option.
|
||||
tar:
|
||||
@$(TAR) $(TARFLAGS) -cvf - \
|
||||
`find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort` |\
|
||||
find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \
|
||||
$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \
|
||||
tardy --user_number=0 --user_name=openssl \
|
||||
--group_number=0 --group_name=openssl \
|
||||
--prefix=openssl-$(VERSION) - |\
|
||||
gzip --best >../$(TARFILE).gz; \
|
||||
rm -f ../$(TARFILE).list; \
|
||||
ls -l ../$(TARFILE).gz
|
||||
|
||||
dist:
|
||||
$(PERL) Configure dist
|
||||
@$(MAKE) dist_pem_h
|
||||
@$(MAKE) SDIRS='${SDIRS}' clean
|
||||
@$(MAKE) tar
|
||||
@$(MAKE) TAR='${TAR}' TARFLAGS='${TARFLAGS}' tar
|
||||
|
||||
dist_pem_h:
|
||||
(cd crypto/pem; $(MAKE) CC='${CC}' SDIRS='${SDIRS}' CFLAG='${CFLAG}' pem.h; $(MAKE) clean)
|
||||
@ -658,7 +666,7 @@ install: all install_docs
|
||||
( echo installing $$i; \
|
||||
if [ "$(PLATFORM)" != "Cygwin" ]; then \
|
||||
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
|
||||
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
|
||||
chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
|
||||
else \
|
||||
c=`echo $$i | sed 's/^lib/cyg/'`; \
|
||||
cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
|
||||
@ -683,18 +691,20 @@ install_docs:
|
||||
fn=`basename $$i .pod`; \
|
||||
if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
|
||||
echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
|
||||
(cd `dirname $$i`; \
|
||||
$(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \
|
||||
--release=$(VERSION) `basename $$i`) \
|
||||
(cd `$(PERL) util/dirname.pl $$i`; \
|
||||
sh -c "$(PERL) `cd ../../util; ./pod2mantest ignore` \
|
||||
--section=$$sec --center=OpenSSL \
|
||||
--release=$(VERSION) `basename $$i`") \
|
||||
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
|
||||
done
|
||||
@for i in doc/crypto/*.pod doc/ssl/*.pod; do \
|
||||
fn=`basename $$i .pod`; \
|
||||
if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
|
||||
echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
|
||||
(cd `dirname $$i`; \
|
||||
$(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \
|
||||
--release=$(VERSION) `basename $$i`) \
|
||||
(cd `$(PERL) util/dirname.pl $$i`; \
|
||||
sh -c "$(PERL) `cd ../../util; ./pod2mantest ignore` \
|
||||
--section=$$sec --center=OpenSSL \
|
||||
--release=$(VERSION) `basename $$i`") \
|
||||
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
|
||||
done
|
||||
|
||||
|
@ -56,7 +56,7 @@
|
||||
o Bug fixes for Win32, HP/UX and Irix.
|
||||
o Bug fixes in BIGNUM, SSL, PKCS#7, PKCS#12, X.509, CONF and
|
||||
memory checking routines.
|
||||
o Bug fixes for RSA operations in threaded enviroments.
|
||||
o Bug fixes for RSA operations in threaded environments.
|
||||
o Bug fixes in misc. openssl applications.
|
||||
o Remove a few potential memory leaks.
|
||||
o Add tighter checks of BIGNUM routines.
|
||||
|
34
crypto/openssl/PROBLEMS
Normal file
34
crypto/openssl/PROBLEMS
Normal file
@ -0,0 +1,34 @@
|
||||
* System libcrypto.dylib and libssl.dylib are used by system ld on MacOS X.
|
||||
[NOTE: This is currently undergoing tests, and may be removed soon]
|
||||
|
||||
This is really a misfeature in ld, which seems to look for .dylib libraries
|
||||
along the whole library path before it bothers looking for .a libraries. This
|
||||
means that -L switches won't matter unless OpenSSL is built with shared
|
||||
library support.
|
||||
|
||||
The workaround may be to change the following lines in apps/Makefile.ssl and
|
||||
test/Makefile.ssl:
|
||||
|
||||
LIBCRYPTO=-L.. -lcrypto
|
||||
LIBSSL=-L.. -lssl
|
||||
|
||||
to:
|
||||
|
||||
LIBCRYPTO=../libcrypto.a
|
||||
LIBSSL=../libssl.a
|
||||
|
||||
It's possible that something similar is needed for shared library support
|
||||
as well. That hasn't been well tested yet.
|
||||
|
||||
|
||||
Another solution that many seem to recommend is to move the libraries
|
||||
/usr/lib/libcrypto.0.9.dylib, /usr/lib/libssl.0.9.dylib to a different
|
||||
directory, build and install OpenSSL and anything that depends on your
|
||||
build, then move libcrypto.0.9.dylib and libssl.0.9.dylib back to their
|
||||
original places. Note that the version numbers on those two libraries
|
||||
may differ on your machine.
|
||||
|
||||
|
||||
As long as Apple doesn't fix the problem with ld, this problem building
|
||||
OpenSSL will remain as is.
|
||||
|
@ -1,5 +1,5 @@
|
||||
|
||||
OpenSSL 0.9.6d 9 May 2002
|
||||
OpenSSL 0.9.6e 30 July 2002
|
||||
|
||||
Copyright (c) 1998-2002 The OpenSSL Project
|
||||
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
|
||||
@ -122,6 +122,13 @@
|
||||
lists the functions; you will probably have to look at the code to work out
|
||||
how to use them. Look at the example programs.
|
||||
|
||||
PROBLEMS
|
||||
--------
|
||||
|
||||
For some platforms, there are some known problems that may affect the user
|
||||
or application author. We try to collect those in doc/PROBLEMS, with current
|
||||
thoughts on how they should be solved in a future of OpenSSL.
|
||||
|
||||
SUPPORT
|
||||
-------
|
||||
|
||||
@ -146,11 +153,13 @@
|
||||
- Problem Description (steps that will reproduce the problem, if known)
|
||||
- Stack Traceback (if the application dumps core)
|
||||
|
||||
Report the bug to the OpenSSL project at:
|
||||
Report the bug to the OpenSSL project via the Request Tracker
|
||||
(http://www.openssl.org/rt2.html) by mail to:
|
||||
|
||||
openssl-bugs@openssl.org
|
||||
|
||||
Note that mail to openssl-bugs@openssl.org is forwarded to a public
|
||||
Note that mail to openssl-bugs@openssl.org is recorded in the publicly
|
||||
readable request tracker database and is forwarded to a public
|
||||
mailing list. Confidential mail may be sent to openssl-security@openssl.org
|
||||
(PGP key available from the key servers).
|
||||
|
||||
@ -164,7 +173,9 @@
|
||||
textual explanation of what your patch does.
|
||||
|
||||
Note: For legal reasons, contributions from the US can be accepted only
|
||||
if a copy of the patch is sent to crypt@bxa.doc.gov
|
||||
if a TSA notification and a copy of the patch is sent to crypt@bis.doc.gov;
|
||||
see http://www.bis.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html [sic]
|
||||
and http://w3.access.gpo.gov/bis/ear/pdf/740.pdf (EAR Section 740.13(e)).
|
||||
|
||||
The preferred format for changes is "diff -u" output. You might
|
||||
generate it like this:
|
||||
|
@ -1,4 +1,4 @@
|
||||
#!/usr/local/bin/perl
|
||||
#!/usr/local/bin/perl5
|
||||
#
|
||||
# CA - wrapper around ca to make it easier to use ... basically ca requires
|
||||
# some setup stuff to be done before you can use it and this makes
|
||||
|
@ -13,7 +13,7 @@ OPENSSLDIR= /usr/local/ssl
|
||||
MAKE= make -f Makefile.ssl
|
||||
MAKEDEPEND= $(TOP)/util/domd $(TOP)
|
||||
MAKEFILE= Makefile.ssl
|
||||
PERL=/usr/local/bin/perl
|
||||
PERL= perl
|
||||
RM= rm -f
|
||||
|
||||
PEX_LIBS=
|
||||
@ -128,10 +128,10 @@ clean:
|
||||
rm -f req
|
||||
|
||||
$(DLIBSSL):
|
||||
(cd ../ssl; $(MAKE))
|
||||
(cd ../ssl; $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}')
|
||||
|
||||
$(DLIBCRYPTO):
|
||||
(cd ../crypto; $(MAKE))
|
||||
(cd ../crypto; $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}')
|
||||
|
||||
$(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
|
||||
$(RM) $(PROGRAM)
|
||||
|
@ -228,9 +228,16 @@ void program_name(char *in, char *out, int size)
|
||||
|
||||
q=strrchr(p,'.');
|
||||
if (q == NULL)
|
||||
q = in+size;
|
||||
strncpy(out,p,q-p);
|
||||
out[q-p]='\0';
|
||||
q = p + strlen(p);
|
||||
strncpy(out,p,size-1);
|
||||
if (q-p >= size)
|
||||
{
|
||||
out[size-1]='\0';
|
||||
}
|
||||
else
|
||||
{
|
||||
out[q-p]='\0';
|
||||
}
|
||||
}
|
||||
#else
|
||||
void program_name(char *in, char *out, int size)
|
||||
@ -755,7 +762,7 @@ int set_name_ex(unsigned long *flags, const char *arg)
|
||||
|
||||
void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags)
|
||||
{
|
||||
char buf[256];
|
||||
char *buf;
|
||||
char mline = 0;
|
||||
int indent = 0;
|
||||
if(title) BIO_puts(out, title);
|
||||
@ -764,9 +771,10 @@ void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags)
|
||||
indent = 4;
|
||||
}
|
||||
if(lflags == XN_FLAG_COMPAT) {
|
||||
X509_NAME_oneline(nm,buf,256);
|
||||
BIO_puts(out,buf);
|
||||
buf = X509_NAME_oneline(nm, 0, 0);
|
||||
BIO_puts(out, buf);
|
||||
BIO_puts(out, "\n");
|
||||
OPENSSL_free(buf);
|
||||
} else {
|
||||
if(mline) BIO_puts(out, "\n");
|
||||
X509_NAME_print_ex(out, nm, indent, lflags);
|
||||
|
@ -181,7 +181,7 @@ bad:
|
||||
BIO_printf(bio_err,"where options are\n");
|
||||
BIO_printf(bio_err," -inform arg input format - one of DER TXT PEM\n");
|
||||
BIO_printf(bio_err," -in arg input file\n");
|
||||
BIO_printf(bio_err," -out arg output file\n");
|
||||
BIO_printf(bio_err," -out arg output file (output format is always DER\n");
|
||||
BIO_printf(bio_err," -noout arg don't produce any output\n");
|
||||
BIO_printf(bio_err," -offset arg offset into file\n");
|
||||
BIO_printf(bio_err," -length arg length of section in file\n");
|
||||
@ -192,7 +192,6 @@ bad:
|
||||
BIO_printf(bio_err," -strparse offset\n");
|
||||
BIO_printf(bio_err," a series of these can be used to 'dig' into multiple\n");
|
||||
BIO_printf(bio_err," ASN1 blob wrappings\n");
|
||||
BIO_printf(bio_err," -out filename output DER encoding to file\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
|
@ -1108,7 +1108,7 @@ bad:
|
||||
}
|
||||
if ((crldays == 0) && (crlhours == 0))
|
||||
{
|
||||
BIO_printf(bio_err,"cannot lookup how long until the next CRL is issuer\n");
|
||||
BIO_printf(bio_err,"cannot lookup how long until the next CRL is issued\n");
|
||||
goto err;
|
||||
}
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
#!/usr/local/bin/perl
|
||||
#!/usr/local/bin/perl5
|
||||
#
|
||||
# der_chop ... this is one total hack that Eric is really not proud of
|
||||
# so don't look at it and don't ask for support
|
||||
|
@ -88,7 +88,7 @@ int MAIN(int argc, char **argv)
|
||||
int informat,outformat;
|
||||
char *infile,*outfile,*prog;
|
||||
int print_certs=0,text=0,noout=0;
|
||||
int ret=0;
|
||||
int ret=1;
|
||||
|
||||
apps_startup();
|
||||
|
||||
|
@ -233,7 +233,7 @@ int MAIN(int argc, char **argv)
|
||||
else if (strcmp(*argv,"-CAkeyform") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
CAformat=str2fmt(*(++argv));
|
||||
CAkeyformat=str2fmt(*(++argv));
|
||||
}
|
||||
else if (strcmp(*argv,"-days") == 0)
|
||||
{
|
||||
|
@ -381,17 +381,29 @@ done
|
||||
|
||||
# figure out if gcc is available and if so we use it otherwise
|
||||
# we fallback to whatever cc does on the system
|
||||
GCCVER=`(gcc --version) 2>/dev/null`
|
||||
GCCVER=`(gcc -dumpversion) 2>/dev/null`
|
||||
if [ "$GCCVER" != "" ]; then
|
||||
CC=gcc
|
||||
# then strip off whatever prefix Cygnus prepends the number with...
|
||||
GCCVER=`echo $GCCVER | sed 's/^[a-z]*\-//'`
|
||||
# Since gcc 3.1 gcc --version behaviour has changed. gcc -dumpversion
|
||||
# does give us what we want though, so we use that. We just just the
|
||||
# major and minor version numbers.
|
||||
# peak single digit before and after first dot, e.g. 2.95.1 gives 29
|
||||
GCCVER=`echo $GCCVER | sed 's/\([0-9]\)\.\([0-9]\).*/\1\2/'`
|
||||
else
|
||||
CC=cc
|
||||
fi
|
||||
|
||||
if [ "$SYSTEM" = "HP-UX" ];then
|
||||
# By default gcc is a ILP32 compiler (with long long == 64).
|
||||
GCC_BITS="32"
|
||||
if [ $GCCVER -ge 30 ]; then
|
||||
# PA64 support only came in with gcc 3.0.x.
|
||||
# We look for the preprocessor symbol __LP64__ indicating
|
||||
# 64bit bit long and pointer. sizeof(int) == 32 on HPUX64.
|
||||
if gcc -v -E -x c /dev/null 2>&1 | grep __LP64__ > /dev/null; then
|
||||
GCC_BITS="64"
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
if [ "$SYSTEM" = "SunOS" ]; then
|
||||
# check for WorkShop C, expected output is "cc: blah-blah C x.x"
|
||||
CCVER=`(cc -V 2>&1) 2>/dev/null | \
|
||||
@ -497,6 +509,10 @@ EOF
|
||||
${CC} -o dummy dummy.c && OUT=`./dummy ${MACHINE}`
|
||||
rm dummy dummy.c
|
||||
;;
|
||||
ppc64-*-linux2)
|
||||
#Use the standard target for PPC architecture until we create a
|
||||
#special one for the 64bit architecture.
|
||||
OUT="linux-ppc" ;;
|
||||
ppc-*-linux2) OUT="linux-ppc" ;;
|
||||
m68k-*-linux*) OUT="linux-m68k" ;;
|
||||
ia64-*-linux?) OUT="linux-ia64" ;;
|
||||
@ -589,8 +605,18 @@ EOF
|
||||
BS2000-siemens-sysv4) OUT="BS2000-OSD" ;;
|
||||
RM*-siemens-sysv4) OUT="ReliantUNIX" ;;
|
||||
*-siemens-sysv4) OUT="SINIX" ;;
|
||||
*-hpux1*) OUT="hpux-parisc-$CC"
|
||||
options="$options -D_REENTRANT" ;;
|
||||
*-hpux1*)
|
||||
if [ $CC = "gcc" ];
|
||||
then
|
||||
if [ $GCC_BITS = "64" ]; then
|
||||
OUT="hpux64-parisc-gcc"
|
||||
else
|
||||
OUT="hpux-parisc-gcc"
|
||||
fi
|
||||
else
|
||||
OUT="hpux-parisc-$CC"
|
||||
fi
|
||||
options="$options -D_REENTRANT" ;;
|
||||
*-hpux) OUT="hpux-parisc-$CC" ;;
|
||||
# these are all covered by the catchall below
|
||||
# *-aix) OUT="aix-$CC" ;;
|
||||
|
@ -51,11 +51,11 @@ all: buildinf.h lib subdirs
|
||||
|
||||
buildinf.h: ../Makefile.ssl
|
||||
( echo "#ifndef MK1MF_BUILD"; \
|
||||
echo " /* auto-generated by crypto/Makefile.ssl for crypto/cversion.c */"; \
|
||||
echo " #define CFLAGS \"$(CC) $(CFLAG)\""; \
|
||||
echo " #define PLATFORM \"$(PLATFORM)\""; \
|
||||
echo ' /* auto-generated by crypto/Makefile.ssl for crypto/cversion.c */'; \
|
||||
echo ' #define CFLAGS "$(CC) $(CFLAG)"'; \
|
||||
echo ' #define PLATFORM "$(PLATFORM)"'; \
|
||||
echo " #define DATE \"`LC_ALL=C LC_TIME=C date`\""; \
|
||||
echo "#endif" ) >buildinf.h
|
||||
echo '#endif' ) >buildinf.h
|
||||
|
||||
testapps:
|
||||
if echo ${SDIRS} | fgrep ' des '; \
|
||||
@ -134,7 +134,7 @@ depend:
|
||||
@for i in $(SDIRS) ;\
|
||||
do \
|
||||
(cd $$i; echo "making depend in crypto/$$i..."; \
|
||||
$(MAKE) MAKEFILE='${MAKEFILE}' INCLUDES='${INCLUDES}' DEPFLAG='${DEPFLAG}' depend ); \
|
||||
$(MAKE) MAKEFILE='${MAKEFILE}' INCLUDES='${INCLUDES}' DEPFLAG='${DEPFLAG}' PERL='${PERL}' depend ); \
|
||||
done;
|
||||
|
||||
clean:
|
||||
|
@ -89,8 +89,6 @@ int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
|
||||
if (a == NULL) return(0);
|
||||
|
||||
len=a->length;
|
||||
ret=1+len;
|
||||
if (pp == NULL) return(ret);
|
||||
|
||||
if (len > 0)
|
||||
{
|
||||
@ -118,6 +116,10 @@ int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
|
||||
}
|
||||
else
|
||||
bits=0;
|
||||
|
||||
ret=1+len;
|
||||
if (pp == NULL) return(ret);
|
||||
|
||||
p= *pp;
|
||||
|
||||
*(p++)=(unsigned char)bits;
|
||||
|
@ -205,7 +205,18 @@ ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai)
|
||||
else ret->type=V_ASN1_ENUMERATED;
|
||||
j=BN_num_bits(bn);
|
||||
len=((j == 0)?0:((j/8)+1));
|
||||
ret->data=(unsigned char *)OPENSSL_malloc(len+4);
|
||||
if (ret->length < len+4)
|
||||
{
|
||||
unsigned char *new_data=
|
||||
OPENSSL_realloc(ret->data, len+4);
|
||||
if (!new_data)
|
||||
{
|
||||
ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
}
|
||||
ret->data=new_data;
|
||||
}
|
||||
|
||||
ret->length=BN_bn2bin(bn,ret->data);
|
||||
return(ret);
|
||||
err:
|
||||
|
@ -451,7 +451,16 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai)
|
||||
else ret->type=V_ASN1_INTEGER;
|
||||
j=BN_num_bits(bn);
|
||||
len=((j == 0)?0:((j/8)+1));
|
||||
ret->data=(unsigned char *)OPENSSL_malloc(len+4);
|
||||
if (ret->length < len+4)
|
||||
{
|
||||
unsigned char *new_data= OPENSSL_realloc(ret->data, len+4);
|
||||
if (!new_data)
|
||||
{
|
||||
ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
}
|
||||
ret->data=new_data;
|
||||
}
|
||||
ret->length=BN_bn2bin(bn,ret->data);
|
||||
return(ret);
|
||||
err:
|
||||
|
@ -116,7 +116,7 @@ int i2d_ASN1_SET(STACK *a, unsigned char **pp, int (*func)(), int ex_tag,
|
||||
}
|
||||
|
||||
pStart = p; /* Catch the beg of Setblobs*/
|
||||
rgSetBlob = (MYBLOB *)OPENSSL_malloc( sk_num(a) * sizeof(MYBLOB)); /* In this array
|
||||
if (!(rgSetBlob = (MYBLOB *)OPENSSL_malloc( sk_num(a) * sizeof(MYBLOB)))) return 0; /* In this array
|
||||
we will store the SET blobs */
|
||||
|
||||
for (i=0; i<sk_num(a); i++)
|
||||
@ -133,7 +133,7 @@ SetBlob
|
||||
/* Now we have to sort the blobs. I am using a simple algo.
|
||||
*Sort ptrs *Copy to temp-mem *Copy from temp-mem to user-mem*/
|
||||
qsort( rgSetBlob, sk_num(a), sizeof(MYBLOB), SetBlobCmp);
|
||||
pTempMem = OPENSSL_malloc(totSize);
|
||||
if (!(pTempMem = OPENSSL_malloc(totSize))) return 0;
|
||||
|
||||
/* Copy to temp mem */
|
||||
p = pTempMem;
|
||||
|
@ -270,6 +270,9 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
|
||||
int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
|
||||
{
|
||||
struct tm *tm;
|
||||
#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__) && !defined(_DARWIN)
|
||||
struct tm data;
|
||||
#endif
|
||||
int offset;
|
||||
int year;
|
||||
|
||||
@ -287,7 +290,8 @@ int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
|
||||
t -= offset*60; /* FIXME: may overflow in extreme cases */
|
||||
|
||||
#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__) && !defined(_DARWIN)
|
||||
{ struct tm data; gmtime_r(&t, &data); tm = &data; }
|
||||
gmtime_r(&t, &data);
|
||||
tm = &data;
|
||||
#else
|
||||
tm = gmtime(&t);
|
||||
#endif
|
||||
|
@ -124,15 +124,13 @@ int ASN1_get_object(unsigned char **pp, long *plength, int *ptag, int *pclass,
|
||||
(int)(omax+ *pp));
|
||||
|
||||
#endif
|
||||
#if 0
|
||||
if ((p+ *plength) > (omax+ *pp))
|
||||
if (*plength > (omax - (*pp - p)))
|
||||
{
|
||||
ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG);
|
||||
/* Set this so that even if things are not long enough
|
||||
* the values are set correctly */
|
||||
ret|=0x80;
|
||||
}
|
||||
#endif
|
||||
*pp=p;
|
||||
return(ret|inf);
|
||||
err:
|
||||
@ -159,6 +157,8 @@ static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max)
|
||||
i= *p&0x7f;
|
||||
if (*(p++) & 0x80)
|
||||
{
|
||||
if (i > sizeof(long))
|
||||
return 0;
|
||||
if (max-- == 0) return(0);
|
||||
while (i-- > 0)
|
||||
{
|
||||
@ -170,6 +170,8 @@ static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max)
|
||||
else
|
||||
ret=i;
|
||||
}
|
||||
if (ret < 0)
|
||||
return 0;
|
||||
*pp=p;
|
||||
*rl=ret;
|
||||
return(1);
|
||||
@ -407,7 +409,7 @@ int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b)
|
||||
|
||||
void asn1_add_error(unsigned char *address, int offset)
|
||||
{
|
||||
char buf1[16],buf2[16];
|
||||
char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1];
|
||||
|
||||
sprintf(buf1,"%lu",(unsigned long)address);
|
||||
sprintf(buf2,"%d",offset);
|
||||
|
@ -87,6 +87,7 @@ DH *d2i_DHparams(DH **a, unsigned char **pp, long length)
|
||||
}
|
||||
|
||||
M_ASN1_BIT_STRING_free(bs);
|
||||
bs = NULL;
|
||||
|
||||
M_ASN1_D2I_Finish_2(a);
|
||||
|
||||
|
@ -84,6 +84,7 @@ DSA *d2i_DSAparams(DSA **a, unsigned char **pp, long length)
|
||||
if ((ret->g=BN_bin2bn(bs->data,bs->length,ret->g)) == NULL) goto err_bn;
|
||||
|
||||
M_ASN1_BIT_STRING_free(bs);
|
||||
bs = NULL;
|
||||
|
||||
M_ASN1_D2I_Finish_2(a);
|
||||
|
||||
|
@ -108,6 +108,7 @@ RSA *d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length)
|
||||
goto err_bn;
|
||||
|
||||
M_ASN1_INTEGER_free(bs);
|
||||
bs = NULL;
|
||||
|
||||
M_ASN1_D2I_Finish_2(a);
|
||||
err_bn:
|
||||
|
@ -96,10 +96,34 @@ int RSA_print(BIO *bp, RSA *x, int off)
|
||||
char str[128];
|
||||
const char *s;
|
||||
unsigned char *m=NULL;
|
||||
int i,ret=0;
|
||||
int ret=0;
|
||||
size_t buf_len=0, i;
|
||||
|
||||
i=RSA_size(x);
|
||||
m=(unsigned char *)OPENSSL_malloc((unsigned int)i+10);
|
||||
if (x->n)
|
||||
buf_len = (size_t)BN_num_bytes(x->n);
|
||||
if (x->e)
|
||||
if (buf_len < (i = (size_t)BN_num_bytes(x->e)))
|
||||
buf_len = i;
|
||||
if (x->d)
|
||||
if (buf_len < (i = (size_t)BN_num_bytes(x->d)))
|
||||
buf_len = i;
|
||||
if (x->p)
|
||||
if (buf_len < (i = (size_t)BN_num_bytes(x->p)))
|
||||
buf_len = i;
|
||||
if (x->q)
|
||||
if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
|
||||
buf_len = i;
|
||||
if (x->dmp1)
|
||||
if (buf_len < (i = (size_t)BN_num_bytes(x->dmp1)))
|
||||
buf_len = i;
|
||||
if (x->dmq1)
|
||||
if (buf_len < (i = (size_t)BN_num_bytes(x->dmq1)))
|
||||
buf_len = i;
|
||||
if (x->iqmp)
|
||||
if (buf_len < (i = (size_t)BN_num_bytes(x->iqmp)))
|
||||
buf_len = i;
|
||||
|
||||
m=(unsigned char *)OPENSSL_malloc(buf_len+10);
|
||||
if (m == NULL)
|
||||
{
|
||||
RSAerr(RSA_F_RSA_PRINT,ERR_R_MALLOC_FAILURE);
|
||||
@ -161,22 +185,25 @@ int DSA_print(BIO *bp, DSA *x, int off)
|
||||
{
|
||||
char str[128];
|
||||
unsigned char *m=NULL;
|
||||
int i,ret=0;
|
||||
BIGNUM *bn=NULL;
|
||||
int ret=0;
|
||||
size_t buf_len=0,i;
|
||||
|
||||
if (x->p != NULL)
|
||||
bn=x->p;
|
||||
else if (x->priv_key != NULL)
|
||||
bn=x->priv_key;
|
||||
else if (x->pub_key != NULL)
|
||||
bn=x->pub_key;
|
||||
|
||||
/* larger than needed but what the hell :-) */
|
||||
if (bn != NULL)
|
||||
i=BN_num_bytes(bn)*2;
|
||||
else
|
||||
i=256;
|
||||
m=(unsigned char *)OPENSSL_malloc((unsigned int)i+10);
|
||||
if (x->p)
|
||||
buf_len = (size_t)BN_num_bytes(x->p);
|
||||
if (x->q)
|
||||
if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
|
||||
buf_len = i;
|
||||
if (x->g)
|
||||
if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
|
||||
buf_len = i;
|
||||
if (x->priv_key)
|
||||
if (buf_len < (i = (size_t)BN_num_bytes(x->priv_key)))
|
||||
buf_len = i;
|
||||
if (x->pub_key)
|
||||
if (buf_len < (i = (size_t)BN_num_bytes(x->pub_key)))
|
||||
buf_len = i;
|
||||
|
||||
m=(unsigned char *)OPENSSL_malloc(buf_len+10);
|
||||
if (m == NULL)
|
||||
{
|
||||
DSAerr(DSA_F_DSA_PRINT,ERR_R_MALLOC_FAILURE);
|
||||
@ -281,10 +308,15 @@ int DHparams_print_fp(FILE *fp, DH *x)
|
||||
int DHparams_print(BIO *bp, DH *x)
|
||||
{
|
||||
unsigned char *m=NULL;
|
||||
int reason=ERR_R_BUF_LIB,i,ret=0;
|
||||
int reason=ERR_R_BUF_LIB,ret=0;
|
||||
size_t buf_len=0, i;
|
||||
|
||||
i=BN_num_bytes(x->p);
|
||||
m=(unsigned char *)OPENSSL_malloc((unsigned int)i+10);
|
||||
if (x->p)
|
||||
buf_len = (size_t)BN_num_bytes(x->p);
|
||||
if (x->g)
|
||||
if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
|
||||
buf_len = i;
|
||||
m=(unsigned char *)OPENSSL_malloc(buf_len+10);
|
||||
if (m == NULL)
|
||||
{
|
||||
reason=ERR_R_MALLOC_FAILURE;
|
||||
@ -334,10 +366,18 @@ int DSAparams_print_fp(FILE *fp, DSA *x)
|
||||
int DSAparams_print(BIO *bp, DSA *x)
|
||||
{
|
||||
unsigned char *m=NULL;
|
||||
int reason=ERR_R_BUF_LIB,i,ret=0;
|
||||
int reason=ERR_R_BUF_LIB,ret=0;
|
||||
size_t buf_len=0, i;
|
||||
|
||||
i=BN_num_bytes(x->p);
|
||||
m=(unsigned char *)OPENSSL_malloc((unsigned int)i+10);
|
||||
if (x->p)
|
||||
buf_len = (size_t)BN_num_bytes(x->p);
|
||||
if (x->q)
|
||||
if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
|
||||
buf_len = i;
|
||||
if (x->g)
|
||||
if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
|
||||
buf_len = i;
|
||||
m=(unsigned char *)OPENSSL_malloc(buf_len+10);
|
||||
if (m == NULL)
|
||||
{
|
||||
reason=ERR_R_MALLOC_FAILURE;
|
||||
|
@ -156,7 +156,7 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
|
||||
dsa->write_params=0;
|
||||
ASN1_TYPE_free(a->parameter);
|
||||
i=i2d_DSAparams(dsa,NULL);
|
||||
p=(unsigned char *)OPENSSL_malloc(i);
|
||||
if ((p=(unsigned char *)OPENSSL_malloc(i)) == NULL) goto err;
|
||||
pp=p;
|
||||
i2d_DSAparams(dsa,&pp);
|
||||
a->parameter=ASN1_TYPE_new();
|
||||
|
@ -56,6 +56,13 @@
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
|
||||
/* disable assert() unless BIO_DEBUG has been defined */
|
||||
#ifndef BIO_DEBUG
|
||||
# ifndef NDEBUG
|
||||
# define NDEBUG
|
||||
# endif
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Stolen from tjh's ssl/ssl_trc.c stuff.
|
||||
*/
|
||||
|
@ -104,7 +104,7 @@ static int nbiof_new(BIO *bi)
|
||||
{
|
||||
NBIO_TEST *nt;
|
||||
|
||||
nt=(NBIO_TEST *)OPENSSL_malloc(sizeof(NBIO_TEST));
|
||||
if (!(nt=(NBIO_TEST *)OPENSSL_malloc(sizeof(NBIO_TEST)))) return(0);
|
||||
nt->lrn= -1;
|
||||
nt->lwn= -1;
|
||||
bi->ptr=(char *)nt;
|
||||
|
@ -7,9 +7,18 @@
|
||||
* for which no specific BIO method is available.
|
||||
* See ssl/ssltest.c for some hints on how this can be used. */
|
||||
|
||||
/* BIO_DEBUG implies BIO_PAIR_DEBUG */
|
||||
#ifdef BIO_DEBUG
|
||||
# ifndef BIO_PAIR_DEBUG
|
||||
# define BIO_PAIR_DEBUG
|
||||
# endif
|
||||
#endif
|
||||
|
||||
/* disable assert() unless BIO_PAIR_DEBUG has been defined */
|
||||
#ifndef BIO_PAIR_DEBUG
|
||||
# undef NDEBUG /* avoid conflicting definitions */
|
||||
# define NDEBUG
|
||||
# ifndef NDEBUG
|
||||
# define NDEBUG
|
||||
# endif
|
||||
#endif
|
||||
|
||||
#include <assert.h>
|
||||
|
@ -155,7 +155,7 @@ extern "C" {
|
||||
#define BN_BYTES 4
|
||||
#define BN_BITS2 32
|
||||
#define BN_BITS4 16
|
||||
#ifdef WIN32
|
||||
#ifdef _MSC_VER
|
||||
/* VC++ doesn't like the LL suffix */
|
||||
#define BN_MASK (0xffffffffffffffffL)
|
||||
#else
|
||||
|
@ -190,10 +190,10 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
|
||||
|
||||
/* First we normalise the numbers */
|
||||
norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2);
|
||||
BN_lshift(sdiv,divisor,norm_shift);
|
||||
if (!(BN_lshift(sdiv,divisor,norm_shift))) goto err;
|
||||
sdiv->neg=0;
|
||||
norm_shift+=BN_BITS2;
|
||||
BN_lshift(snum,num,norm_shift);
|
||||
if (!(BN_lshift(snum,num,norm_shift))) goto err;
|
||||
snum->neg=0;
|
||||
div_n=sdiv->top;
|
||||
num_n=snum->top;
|
||||
@ -315,7 +315,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
|
||||
tmp->top=j;
|
||||
|
||||
j=wnum.top;
|
||||
BN_sub(&wnum,&wnum,tmp);
|
||||
if (!BN_sub(&wnum,&wnum,tmp)) goto err;
|
||||
|
||||
snum->top=snum->top+wnum.top-j;
|
||||
|
||||
@ -323,7 +323,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
|
||||
{
|
||||
q--;
|
||||
j=wnum.top;
|
||||
BN_add(&wnum,&wnum,sdiv);
|
||||
if (!BN_add(&wnum,&wnum,sdiv)) goto err;
|
||||
snum->top+=wnum.top-j;
|
||||
}
|
||||
*(resp--)=q;
|
||||
|
@ -168,8 +168,8 @@ BIGNUM *BN_mod_inverse(BIGNUM *in, BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
|
||||
R=in;
|
||||
if (R == NULL) goto err;
|
||||
|
||||
BN_zero(X);
|
||||
BN_one(Y);
|
||||
if (!BN_zero(X)) goto err;
|
||||
if (!BN_one(Y)) goto err;
|
||||
if (BN_copy(A,a) == NULL) goto err;
|
||||
if (BN_copy(B,n) == NULL) goto err;
|
||||
sign=1;
|
||||
|
@ -224,7 +224,7 @@ int BN_from_montgomery(BIGNUM *ret, BIGNUM *a, BN_MONT_CTX *mont,
|
||||
|
||||
if (!BN_mul(t1,t2,&mont->N,ctx)) goto err;
|
||||
if (!BN_add(t2,a,t1)) goto err;
|
||||
BN_rshift(ret,t2,mont->ri);
|
||||
if (!BN_rshift(ret,t2,mont->ri)) goto err;
|
||||
#endif /* MONT_WORD */
|
||||
|
||||
if (BN_ucmp(ret, &(mont->N)) >= 0)
|
||||
@ -284,8 +284,8 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
|
||||
BN_ULONG buf[2];
|
||||
|
||||
mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2;
|
||||
BN_zero(R);
|
||||
BN_set_bit(R,BN_BITS2); /* R */
|
||||
if (!(BN_zero(R))) goto err;
|
||||
if (!(BN_set_bit(R,BN_BITS2))) goto err; /* R */
|
||||
|
||||
buf[0]=mod->d[0]; /* tmod = N mod word size */
|
||||
buf[1]=0;
|
||||
@ -296,36 +296,44 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
|
||||
/* Ri = R^-1 mod N*/
|
||||
if ((BN_mod_inverse(&Ri,R,&tmod,ctx)) == NULL)
|
||||
goto err;
|
||||
BN_lshift(&Ri,&Ri,BN_BITS2); /* R*Ri */
|
||||
/* R*Ri */
|
||||
if (!(BN_lshift(&Ri,&Ri,BN_BITS2))) goto err;
|
||||
if (!BN_is_zero(&Ri))
|
||||
BN_sub_word(&Ri,1);
|
||||
{
|
||||
if (!BN_sub_word(&Ri,1)) goto err;
|
||||
}
|
||||
else /* if N mod word size == 1 */
|
||||
BN_set_word(&Ri,BN_MASK2); /* Ri-- (mod word size) */
|
||||
BN_div(&Ri,NULL,&Ri,&tmod,ctx); /* Ni = (R*Ri-1)/N,
|
||||
* keep only least significant word: */
|
||||
/* Ri-- (mod word size) */
|
||||
{
|
||||
if (!BN_set_word(&Ri,BN_MASK2)) goto err;
|
||||
}
|
||||
/* Ni = (R*Ri-1)/N, keep only least significant word: */
|
||||
if (!(BN_div(&Ri,NULL,&Ri,&tmod,ctx))) goto err;
|
||||
mont->n0=Ri.d[0];
|
||||
BN_free(&Ri);
|
||||
}
|
||||
#else /* !MONT_WORD */
|
||||
{ /* bignum version */
|
||||
mont->ri=BN_num_bits(mod);
|
||||
BN_zero(R);
|
||||
BN_set_bit(R,mont->ri); /* R = 2^ri */
|
||||
if (!(BN_zero(R))) goto err;
|
||||
/* R = 2^ri */
|
||||
if (!(BN_set_bit(R,mont->ri))) goto err;
|
||||
/* Ri = R^-1 mod N*/
|
||||
if ((BN_mod_inverse(&Ri,R,mod,ctx)) == NULL)
|
||||
goto err;
|
||||
BN_lshift(&Ri,&Ri,mont->ri); /* R*Ri */
|
||||
BN_sub_word(&Ri,1);
|
||||
/* R*Ri */
|
||||
if (!(BN_lshift(&Ri,&Ri,mont->ri))) goto err;
|
||||
if (!(BN_sub_word(&Ri,1))) goto err;
|
||||
/* Ni = (R*Ri-1) / N */
|
||||
BN_div(&(mont->Ni),NULL,&Ri,mod,ctx);
|
||||
if (!(BN_div(&(mont->Ni),NULL,&Ri,mod,ctx))) goto err;
|
||||
BN_free(&Ri);
|
||||
}
|
||||
#endif
|
||||
|
||||
/* setup RR for conversions */
|
||||
BN_zero(&(mont->RR));
|
||||
BN_set_bit(&(mont->RR),mont->ri*2);
|
||||
BN_mod(&(mont->RR),&(mont->RR),&(mont->N),ctx);
|
||||
if (!(BN_zero(&(mont->RR)))) goto err;
|
||||
if (!(BN_set_bit(&(mont->RR),mont->ri*2))) goto err;
|
||||
if (!(BN_mod(&(mont->RR),&(mont->RR),&(mont->N),ctx))) goto err;
|
||||
|
||||
return(1);
|
||||
err:
|
||||
@ -336,9 +344,9 @@ BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from)
|
||||
{
|
||||
if (to == from) return(to);
|
||||
|
||||
BN_copy(&(to->RR),&(from->RR));
|
||||
BN_copy(&(to->N),&(from->N));
|
||||
BN_copy(&(to->Ni),&(from->Ni));
|
||||
if (!(BN_copy(&(to->RR),&(from->RR)))) return NULL;
|
||||
if (!(BN_copy(&(to->N),&(from->N)))) return NULL;
|
||||
if (!(BN_copy(&(to->Ni),&(from->Ni)))) return NULL;
|
||||
to->ri=from->ri;
|
||||
to->n0=from->n0;
|
||||
return(to);
|
||||
|
@ -634,7 +634,7 @@ int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
|
||||
|
||||
if ((al == 0) || (bl == 0))
|
||||
{
|
||||
BN_zero(r);
|
||||
if (!BN_zero(r)) goto err;
|
||||
return(1);
|
||||
}
|
||||
top=al+bl;
|
||||
@ -677,14 +677,14 @@ int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
|
||||
{
|
||||
if (i == 1 && !BN_get_flags(b,BN_FLG_STATIC_DATA))
|
||||
{
|
||||
bn_wexpand(b,al);
|
||||
if (bn_wexpand(b,al) == NULL) goto err;
|
||||
b->d[bl]=0;
|
||||
bl++;
|
||||
i--;
|
||||
}
|
||||
else if (i == -1 && !BN_get_flags(a,BN_FLG_STATIC_DATA))
|
||||
{
|
||||
bn_wexpand(a,bl);
|
||||
if (bn_wexpand(a,bl) == NULL) goto err;
|
||||
a->d[al]=0;
|
||||
al++;
|
||||
i++;
|
||||
@ -699,16 +699,16 @@ int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
|
||||
t = BN_CTX_get(ctx);
|
||||
if (al == j) /* exact multiple */
|
||||
{
|
||||
bn_wexpand(t,k*2);
|
||||
bn_wexpand(rr,k*2);
|
||||
if (bn_wexpand(t,k*2) == NULL) goto err;
|
||||
if (bn_wexpand(rr,k*2) == NULL) goto err;
|
||||
bn_mul_recursive(rr->d,a->d,b->d,al,t->d);
|
||||
}
|
||||
else
|
||||
{
|
||||
bn_wexpand(a,k);
|
||||
bn_wexpand(b,k);
|
||||
bn_wexpand(t,k*4);
|
||||
bn_wexpand(rr,k*4);
|
||||
if (bn_wexpand(a,k) == NULL ) goto err;
|
||||
if (bn_wexpand(b,k) == NULL ) goto err;
|
||||
if (bn_wexpand(t,k*4) == NULL ) goto err;
|
||||
if (bn_wexpand(rr,k*4) == NULL ) goto err;
|
||||
for (i=a->top; i<k; i++)
|
||||
a->d[i]=0;
|
||||
for (i=b->top; i<k; i++)
|
||||
|
@ -88,10 +88,12 @@ conf_api.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
|
||||
conf_api.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
|
||||
conf_def.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
|
||||
conf_def.o: ../../include/openssl/conf.h ../../include/openssl/conf_api.h
|
||||
conf_def.o: ../../include/openssl/crypto.h ../../include/openssl/err.h
|
||||
conf_def.o: ../../include/openssl/lhash.h ../../include/openssl/opensslv.h
|
||||
conf_def.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
||||
conf_def.o: ../../include/openssl/symhacks.h conf_def.h
|
||||
conf_def.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
|
||||
conf_def.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
|
||||
conf_def.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
|
||||
conf_def.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
|
||||
conf_def.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
|
||||
conf_def.o: ../cryptlib.h conf_def.h
|
||||
conf_err.o: ../../include/openssl/bio.h ../../include/openssl/conf.h
|
||||
conf_err.o: ../../include/openssl/crypto.h ../../include/openssl/err.h
|
||||
conf_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslv.h
|
||||
|
@ -67,6 +67,7 @@
|
||||
#include "conf_def.h"
|
||||
#include <openssl/buffer.h>
|
||||
#include <openssl/err.h>
|
||||
#include "cryptlib.h"
|
||||
|
||||
static char *eat_ws(CONF *conf, char *p);
|
||||
static char *eat_alpha_numeric(CONF *conf, char *p);
|
||||
@ -180,12 +181,12 @@ static int def_destroy_data(CONF *conf)
|
||||
static int def_load(CONF *conf, BIO *in, long *line)
|
||||
{
|
||||
#define BUFSIZE 512
|
||||
char btmp[16];
|
||||
int bufnum=0,i,ii;
|
||||
BUF_MEM *buff=NULL;
|
||||
char *s,*p,*end;
|
||||
int again,n;
|
||||
long eline=0;
|
||||
char btmp[DECIMAL_SIZE(eline)+1];
|
||||
CONF_VALUE *v=NULL,*tv;
|
||||
CONF_VALUE *sv=NULL;
|
||||
char *section=NULL,*buf;
|
||||
|
@ -491,3 +491,11 @@ BOOL WINAPI DLLEntryPoint(HINSTANCE hinstDLL, DWORD fdwReason,
|
||||
#endif
|
||||
|
||||
#endif
|
||||
|
||||
void OpenSSLDie(const char *file,int line,const char *assertion)
|
||||
{
|
||||
fprintf(stderr,"%s(%d): OpenSSL internal error, assertion failed: %s\n",
|
||||
file,line,assertion);
|
||||
abort();
|
||||
}
|
||||
|
||||
|
@ -89,6 +89,14 @@ extern "C" {
|
||||
#define X509_CERT_DIR_EVP "SSL_CERT_DIR"
|
||||
#define X509_CERT_FILE_EVP "SSL_CERT_FILE"
|
||||
|
||||
/* size of string represenations */
|
||||
#define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1)
|
||||
#define HEX_SIZE(type) ((sizeof(type)*2)
|
||||
|
||||
/* die if we have to */
|
||||
void OpenSSLDie(const char *file,int line,const char *assertion);
|
||||
#define die(e) ((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e))
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
@ -189,7 +189,7 @@ int des_enc_write(int fd,const void *buf,int len,des_key_schedule sched,
|
||||
des_cblock *iv);
|
||||
char *des_fcrypt(const char *buf,const char *salt, char *ret);
|
||||
char *des_crypt(const char *buf,const char *salt);
|
||||
#if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT)
|
||||
#if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT) && !defined(_UWIN)
|
||||
char *crypt(const char *buf,const char *salt);
|
||||
#endif
|
||||
void des_ofb_encrypt(const unsigned char *in,unsigned char *out,int numbits,
|
||||
|
@ -84,6 +84,7 @@ DSA_SIG *d2i_DSA_SIG(DSA_SIG **a, unsigned char **pp, long length)
|
||||
if ((ret->s=BN_bin2bn(bs->data,bs->length,ret->s)) == NULL)
|
||||
goto err_bn;
|
||||
M_ASN1_BIT_STRING_free(bs);
|
||||
bs = NULL;
|
||||
M_ASN1_D2I_Finish_2(a);
|
||||
|
||||
err_bn:
|
||||
|
@ -112,7 +112,7 @@ DSO_METHOD *DSO_METHOD_dlfcn(void)
|
||||
* as we don't have autoconf yet, I'm implementing a hack that could
|
||||
* be hacked further relatively easily to deal with cases as we find
|
||||
* them. Initially this is to cope with OpenBSD. */
|
||||
#ifdef __OpenBSD__
|
||||
#if defined(__OpenBSD__) || defined(__NetBSD__)
|
||||
# ifdef DL_LAZY
|
||||
# define DLOPEN_FLAG DL_LAZY
|
||||
# else
|
||||
|
@ -211,7 +211,7 @@ ascii2ebcdic(void *dest, const void *srce, size_t count)
|
||||
}
|
||||
|
||||
#else /*CHARSET_EBCDIC*/
|
||||
#if defined(PEDANTIC) || defined(VMS) || defined(__VMS)
|
||||
#if defined(PEDANTIC) || defined(VMS) || defined(__VMS) || defined(_DARWIN)
|
||||
static void *dummy=&dummy;
|
||||
#endif
|
||||
#endif
|
||||
|
@ -106,8 +106,8 @@ static int enc_new(BIO *bi)
|
||||
BIO_ENC_CTX *ctx;
|
||||
|
||||
ctx=(BIO_ENC_CTX *)OPENSSL_malloc(sizeof(BIO_ENC_CTX));
|
||||
EVP_CIPHER_CTX_init(&ctx->cipher);
|
||||
if (ctx == NULL) return(0);
|
||||
EVP_CIPHER_CTX_init(&ctx->cipher);
|
||||
|
||||
ctx->buf_len=0;
|
||||
ctx->buf_off=0;
|
||||
|
@ -64,6 +64,10 @@
|
||||
|
||||
void OpenSSL_add_all_ciphers(void)
|
||||
{
|
||||
static int done=0;
|
||||
|
||||
if (done) return;
|
||||
done=1;
|
||||
#ifndef NO_DES
|
||||
EVP_add_cipher(EVP_des_cfb());
|
||||
EVP_add_cipher(EVP_des_ede_cfb());
|
||||
|
@ -64,6 +64,10 @@
|
||||
|
||||
void OpenSSL_add_all_digests(void)
|
||||
{
|
||||
static int done=0;
|
||||
|
||||
if (done) return;
|
||||
done=1;
|
||||
#ifndef NO_MD2
|
||||
EVP_add_digest(EVP_md2());
|
||||
#endif
|
||||
|
@ -228,7 +228,7 @@ typedef struct evp_pkey_md_st
|
||||
EVP_rsa_octet_string(),EVP_mdc2())
|
||||
#define EVP_dsa_sha() \
|
||||
EVP_PKEY_MD_add(NID_dsaWithSHA,\
|
||||
EVP_dsa(),EVP_mdc2())
|
||||
EVP_dsa(),EVP_sha())
|
||||
#define EVP_dsa_sha1() \
|
||||
EVP_PKEY_MD_add(NID_dsaWithSHA1,\
|
||||
EVP_dsa(),EVP_sha1())
|
||||
|
@ -61,6 +61,8 @@ int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *),
|
||||
{
|
||||
MemCheck_off();
|
||||
name_funcs = OPENSSL_malloc(sizeof(NAME_FUNCS));
|
||||
MemCheck_on();
|
||||
if (!name_funcs) return(0);
|
||||
name_funcs->hash_func = lh_strhash;
|
||||
name_funcs->cmp_func = (int (*)())strcmp;
|
||||
name_funcs->free_func = 0; /* NULL is often declared to
|
||||
@ -68,6 +70,7 @@ int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *),
|
||||
* to Compaq C is not really
|
||||
* compatible with a function
|
||||
* pointer. -- Richard Levitte*/
|
||||
MemCheck_off();
|
||||
sk_NAME_FUNCS_push(name_funcs_stack,name_funcs);
|
||||
MemCheck_on();
|
||||
}
|
||||
|
@ -228,7 +228,7 @@ int OBJ_add_object(ASN1_OBJECT *obj)
|
||||
if (added == NULL)
|
||||
if (!init_added()) return(0);
|
||||
if ((o=OBJ_dup(obj)) == NULL) goto err;
|
||||
ao[ADDED_NID]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ));
|
||||
if (!(ao[ADDED_NID]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err;
|
||||
if ((o->length != 0) && (obj->data != NULL))
|
||||
ao[ADDED_DATA]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ));
|
||||
if (o->sn != NULL)
|
||||
@ -428,7 +428,7 @@ int OBJ_obj2txt(char *buf, int buf_len, ASN1_OBJECT *a, int no_name)
|
||||
unsigned long l;
|
||||
unsigned char *p;
|
||||
const char *s;
|
||||
char tbuf[32];
|
||||
char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2];
|
||||
|
||||
if (buf_len <= 0) return(0);
|
||||
|
||||
|
@ -25,8 +25,8 @@
|
||||
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
|
||||
* major minor fix final patch/beta)
|
||||
*/
|
||||
#define OPENSSL_VERSION_NUMBER 0x0090604fL
|
||||
#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.6d 9 May 2002"
|
||||
#define OPENSSL_VERSION_NUMBER 0x0090605fL
|
||||
#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.6e 30 Jul 2002"
|
||||
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
|
||||
|
||||
|
||||
|
@ -61,7 +61,9 @@
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#ifndef HEADER_PEM_H
|
||||
void ERR_load_PEM_strings(void);
|
||||
#endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
|
@ -258,6 +258,7 @@ char *PEM_ASN1_read_bio(char *(*d2i)(), const char *name, BIO *bp, char **x,
|
||||
PKCS8_PRIV_KEY_INFO *p8inf;
|
||||
p8inf=d2i_PKCS8_PRIV_KEY_INFO(
|
||||
(PKCS8_PRIV_KEY_INFO **) x, &p, len);
|
||||
if(!p8inf) goto p8err;
|
||||
ret = (char *)EVP_PKCS82PKEY(p8inf);
|
||||
PKCS8_PRIV_KEY_INFO_free(p8inf);
|
||||
} else if (strcmp(nm,PEM_STRING_PKCS8) == 0) {
|
||||
|
@ -209,7 +209,7 @@ sub using486
|
||||
|
||||
sub main'file
|
||||
{
|
||||
push(@out, "segment .text\n");
|
||||
push(@out, "segment .text use32\n");
|
||||
}
|
||||
|
||||
sub main'function_begin
|
||||
|
@ -141,8 +141,8 @@ union {
|
||||
#define PKCS12_ERROR 0
|
||||
#define PKCS12_OK 1
|
||||
|
||||
#define M_PKCS12_bag_type(bag) OBJ_obj2nid(bag->type)
|
||||
#define M_PKCS12_cert_bag_type(bag) OBJ_obj2nid(bag->value.bag->type)
|
||||
#define M_PKCS12_bag_type(bg) OBJ_obj2nid((bg)->type)
|
||||
#define M_PKCS12_cert_bag_type(bg) OBJ_obj2nid((bg)->value.bag->type)
|
||||
#define M_PKCS12_crl_bag_type M_PKCS12_cert_bag_type
|
||||
|
||||
#define M_PKCS12_x5092certbag(x509) \
|
||||
|
@ -621,7 +621,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
|
||||
x=i2d_ASN1_SET_OF_X509_ATTRIBUTE(sk,NULL,
|
||||
i2d_X509_ATTRIBUTE,
|
||||
V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET);
|
||||
pp=(unsigned char *)OPENSSL_malloc(x);
|
||||
if (!(pp=(unsigned char *)OPENSSL_malloc(x))) goto err;
|
||||
p=pp;
|
||||
i2d_ASN1_SET_OF_X509_ATTRIBUTE(sk,&p,
|
||||
i2d_X509_ATTRIBUTE,
|
||||
@ -817,7 +817,7 @@ for (ii=0; ii<md_len; ii++) printf("%02X",md_dat[ii]); printf(" calc\n");
|
||||
*/
|
||||
i=i2d_ASN1_SET_OF_X509_ATTRIBUTE(sk,NULL,i2d_X509_ATTRIBUTE,
|
||||
V_ASN1_SET,V_ASN1_UNIVERSAL, IS_SEQUENCE);
|
||||
pp=OPENSSL_malloc(i);
|
||||
if (!(pp=OPENSSL_malloc(i))) goto err;
|
||||
p=pp;
|
||||
i2d_ASN1_SET_OF_X509_ATTRIBUTE(sk,&p,i2d_X509_ATTRIBUTE,
|
||||
V_ASN1_SET,V_ASN1_UNIVERSAL, IS_SEQUENCE);
|
||||
|
@ -179,10 +179,11 @@ char *argv[];
|
||||
{
|
||||
ASN1_UTCTIME *tm;
|
||||
char *str1,*str2;
|
||||
int rc;
|
||||
|
||||
si=sk_PKCS7_SIGNER_INFO_value(sk,i);
|
||||
i=PKCS7_dataVerify(cert_store,&cert_ctx,p7bio,p7,si);
|
||||
if (i <= 0)
|
||||
rc=PKCS7_dataVerify(cert_store,&cert_ctx,p7bio,p7,si);
|
||||
if (rc <= 0)
|
||||
goto err;
|
||||
printf("signer info\n");
|
||||
if ((tm=get_signed_time(si)) != NULL)
|
||||
|
@ -476,10 +476,10 @@ static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
|
||||
int ret=0;
|
||||
BN_CTX *ctx;
|
||||
|
||||
if ((ctx=BN_CTX_new()) == NULL) goto err;
|
||||
BN_init(&m1);
|
||||
BN_init(&r1);
|
||||
BN_init(&vrfy);
|
||||
if ((ctx=BN_CTX_new()) == NULL) goto err;
|
||||
|
||||
if (rsa->flags & RSA_FLAG_CACHE_PRIVATE)
|
||||
{
|
||||
|
@ -122,7 +122,7 @@ TXT_DB *TXT_DB_read(BIO *in, int num)
|
||||
else
|
||||
{
|
||||
buf->data[offset-1]='\0'; /* blat the '\n' */
|
||||
p=(char *)OPENSSL_malloc(add+offset);
|
||||
if (!(p=(char *)OPENSSL_malloc(add+offset))) goto err;
|
||||
offset=0;
|
||||
}
|
||||
pp=(char **)p;
|
||||
|
@ -82,7 +82,7 @@ static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
|
||||
{
|
||||
char *tmp;
|
||||
if(!ia5 || !ia5->length) return NULL;
|
||||
tmp = OPENSSL_malloc(ia5->length + 1);
|
||||
if (!(tmp = OPENSSL_malloc(ia5->length + 1))) return NULL;
|
||||
memcpy(tmp, ia5->data, ia5->length);
|
||||
tmp[ia5->length] = 0;
|
||||
return tmp;
|
||||
|
@ -33,7 +33,7 @@ EVP_PKEY * ReadPublicKey(const char *certfile)
|
||||
|
||||
x509 = (X509 *)PEM_ASN1_read ((char *(*)())d2i_X509,
|
||||
PEM_STRING_X509,
|
||||
fp, NULL, NULL);
|
||||
fp, NULL, NULL, NULL);
|
||||
|
||||
if (x509 == NULL)
|
||||
{
|
||||
@ -64,7 +64,7 @@ EVP_PKEY *ReadPrivateKey(const char *keyfile)
|
||||
pkey = (EVP_PKEY*)PEM_ASN1_read ((char *(*)())d2i_PrivateKey,
|
||||
PEM_STRING_EVP_PKEY,
|
||||
fp,
|
||||
NULL, NULL);
|
||||
NULL, NULL, NULL);
|
||||
|
||||
fclose (fp);
|
||||
|
||||
|
@ -6,12 +6,13 @@ crl2pkcs7 - Create a PKCS#7 structure from a CRL and certificates.
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
B<openssl> B<pkcs7>
|
||||
B<openssl> B<crl2pkcs7>
|
||||
[B<-inform PEM|DER>]
|
||||
[B<-outform PEM|DER>]
|
||||
[B<-in filename>]
|
||||
[B<-out filename>]
|
||||
[B<-print_certs>]
|
||||
[B<-certfile filename>]
|
||||
[B<-nocrl>]
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
|
@ -21,7 +21,6 @@ B<openssl> B<smime>
|
||||
[B<-certfile file>]
|
||||
[B<-signer file>]
|
||||
[B<-recip file>]
|
||||
[B<-in file>]
|
||||
[B<-inform SMIME|PEM|DER>]
|
||||
[B<-passin arg>]
|
||||
[B<-inkey file>]
|
||||
|
@ -14,7 +14,7 @@ BN_rand, BN_pseudo_rand - generate pseudo-random number
|
||||
|
||||
int BN_rand_range(BIGNUM *rnd, BIGNUM *range);
|
||||
|
||||
int BN_pseudo_rand_range(BIGNUM *rnd, int bits, int top, int bottom);
|
||||
int BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range);
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
|
@ -26,7 +26,7 @@ as described in L<RSA_get_ex_new_index(3)>.
|
||||
|
||||
=head1 SEE ALSO
|
||||
|
||||
L<RSA_get_ex_new_index()|RSA_get_ex_new_index()>, L<dh(3)|dh(3)>
|
||||
L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>, L<dh(3)|dh(3)>
|
||||
|
||||
=head1 HISTORY
|
||||
|
||||
|
@ -192,7 +192,7 @@ in code that must be recompiled if the size of B<EVP_MD_CTX> increases.
|
||||
|
||||
L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
|
||||
L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
|
||||
L<sha(3)|sha(3)>, L<digest(1)|digest(1)>
|
||||
L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
|
||||
|
||||
=head1 HISTORY
|
||||
|
||||
|
@ -75,7 +75,7 @@ L<EVP_VerifyInit(3)|EVP_VerifyInit(3)>,
|
||||
L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>,
|
||||
L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
|
||||
L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
|
||||
L<sha(3)|sha(3)>, L<digest(1)|digest(1)>
|
||||
L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
|
||||
|
||||
=head1 HISTORY
|
||||
|
||||
|
@ -62,7 +62,7 @@ L<EVP_SignInit(3)|EVP_SignInit(3)>,
|
||||
L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>,
|
||||
L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
|
||||
L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
|
||||
L<sha(3)|sha(3)>, L<digest(1)|digest(1)>
|
||||
L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
|
||||
|
||||
=head1 HISTORY
|
||||
|
||||
|
@ -18,7 +18,9 @@ in fact prime, and that B<n = p*q>.
|
||||
It also checks that B<d*e = 1 mod (p-1*q-1)>,
|
||||
and that B<dmp1>, B<dmq1> and B<iqmp> are set correctly or are B<NULL>.
|
||||
|
||||
The key's public components may not be B<NULL>.
|
||||
As such, this function can not be used with any arbitrary RSA key object,
|
||||
even if it is otherwise fit for regular RSA operation. See B<NOTES> for more
|
||||
information.
|
||||
|
||||
=head1 RETURN VALUE
|
||||
|
||||
@ -28,6 +30,13 @@ RSA_check_key() returns 1 if B<rsa> is a valid RSA key, and 0 otherwise.
|
||||
If the key is invalid or an error occurred, the reason code can be
|
||||
obtained using L<ERR_get_error(3)|ERR_get_error(3)>.
|
||||
|
||||
=head1 NOTES
|
||||
|
||||
This function does not work on RSA public keys that have only the modulus
|
||||
and public exponent elements populated. It performs integrity checks on all
|
||||
the RSA key material, so the RSA key structure must contain all the private
|
||||
key data too.
|
||||
|
||||
=head1 SEE ALSO
|
||||
|
||||
L<rsa(3)|rsa(3)>, L<err(3)|err(3)>
|
||||
|
@ -172,7 +172,7 @@ ERR_get_string_table(void) respectively.
|
||||
=head1 SEE ALSO
|
||||
|
||||
L<CRYPTO_set_id_callback(3)|CRYPTO_set_id_callback(3)>,
|
||||
L<CRYPTO_set_locking_callback(3)|<CRYPTO_set_locking_callback(3)>,
|
||||
L<CRYPTO_set_locking_callback(3)|CRYPTO_set_locking_callback(3)>,
|
||||
L<ERR_get_error(3)|ERR_get_error(3)>,
|
||||
L<ERR_GET_LIB(3)|ERR_GET_LIB(3)>,
|
||||
L<ERR_clear_error(3)|ERR_clear_error(3)>,
|
||||
|
@ -110,7 +110,7 @@ L<RSA_blinding_on(3)|RSA_blinding_on(3)>,
|
||||
L<RSA_set_method(3)|RSA_set_method(3)>, L<RSA_print(3)|RSA_print(3)>,
|
||||
L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>,
|
||||
L<RSA_private_encrypt(3)|RSA_private_encrypt(3)>,
|
||||
L<RSA_sign_ASN_OCTET_STRING(3)|RSA_sign_ASN_OCTET_STRING(3)>,
|
||||
L<RSA_sign_ASN1_OCTET_STRING(3)|RSA_sign_ASN1_OCTET_STRING(3)>,
|
||||
L<RSA_padding_add_PKCS1_type_1(3)|RSA_padding_add_PKCS1_type_1(3)>
|
||||
|
||||
=cut
|
||||
|
@ -27,7 +27,7 @@ case is the size 0, which is used for unlimited size.
|
||||
|
||||
When the maximum number of sessions is reached, no more new sessions are
|
||||
added to the cache. New space may be added by calling
|
||||
L<SSL_CTX_flush_sessions(3)|<SSL_CTX_flush_sessions(3)> to remove
|
||||
L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)> to remove
|
||||
expired sessions.
|
||||
|
||||
If the size of the session cache is reduced and more sessions are already
|
||||
@ -46,6 +46,6 @@ SSL_CTX_sess_get_cache_size() returns the currently valid size.
|
||||
L<ssl(3)|ssl(3)>,
|
||||
L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
|
||||
L<SSL_CTX_sess_number(3)|SSL_CTX_sess_number(3)>,
|
||||
L<SSL_CTX_flush_sessions(3)|<SSL_CTX_flush_sessions(3)>
|
||||
L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>
|
||||
|
||||
=cut
|
||||
|
@ -79,7 +79,7 @@ L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>.
|
||||
|
||||
L<ssl(3)|ssl(3)>, L<d2i_SSL_SESSION(3)|d2i_SSL_SESSION(3)>,
|
||||
L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
|
||||
L<SSL_CTX_flush_sessions(3)|<SSL_CTX_flush_sessions(3)>,
|
||||
L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>,
|
||||
L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>
|
||||
|
||||
=cut
|
||||
|
@ -14,7 +14,7 @@ SSL_CTX_set_cert_store, SSL_CTX_get_cert_store - manipulate X509 certificate ver
|
||||
=head1 DESCRIPTION
|
||||
|
||||
SSL_CTX_set_cert_store() sets/replaces the certificate verification storage
|
||||
of B<ctx> to/with B<store>. If another X505_STORE object is currently
|
||||
of B<ctx> to/with B<store>. If another X509_STORE object is currently
|
||||
set in B<ctx>, it will be X509_STORE_free()ed.
|
||||
|
||||
SSL_CTX_get_cert_store() returns a pointer to the current certificate
|
||||
|
@ -15,8 +15,10 @@ SSL_CTX_set_client_cert_cb, SSL_CTX_get_client_cert_cb - handle client certifica
|
||||
=head1 DESCRIPTION
|
||||
|
||||
SSL_CTX_set_client_cert_cb() sets the B<client_cert_cb()> callback, that is
|
||||
called when a client certificate is requested by a server.
|
||||
When B<client_cert_cb()> is NULL, not callback function is used.
|
||||
called when a client certificate is requested by a server and no certificate
|
||||
was yet set for the SSL object.
|
||||
|
||||
When B<client_cert_cb()> is NULL, no callback function is used.
|
||||
|
||||
SSL_CTX_get_client_cert_cb() returns a pointer to the currently set callback
|
||||
function.
|
||||
@ -25,9 +27,13 @@ client_cert_cb() is the application defined callback. If it wants to
|
||||
set a certificate, a certificate/private key combination must be set
|
||||
using the B<x509> and B<pkey> arguments and "1" must be returned. The
|
||||
certificate will be installed into B<ssl>, see the NOTES and BUGS sections.
|
||||
If no certificate should be set, "0" has to be returned and the default
|
||||
certificate will be sent. A fatal error can be indicated by returning
|
||||
a negative value, in which case the handshake will be canceled.
|
||||
If no certificate should be set, "0" has to be returned and no certificate
|
||||
will be sent. A negative return value will suspend the handshake and the
|
||||
handshake function will return immediatly. L<SSL_get_error(3)|SSL_get_error(3)>
|
||||
will return SSL_ERROR_WANT_X509_LOOKUP to indicate, that the handshake was
|
||||
suspended. The next call to the handshake function will again lead to the call
|
||||
of client_cert_cb(). It is the job of the client_cert_cb() to store information
|
||||
about the state of the last call, if required to continue.
|
||||
|
||||
=head1 NOTES
|
||||
|
||||
@ -35,26 +41,24 @@ During a handshake (or renegotiation) a server may request a certificate
|
||||
from the client. A client certificate must only be sent, when the server
|
||||
did send the request.
|
||||
|
||||
When no callback function is set, an OpenSSL client will send the certificate
|
||||
that was set using the
|
||||
L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)> family of functions.
|
||||
The TLS standard requires that only a certificate is sent, if it matches
|
||||
the list of acceptable CAs sent by the server. This constraint is
|
||||
violated by the default behavior of the OpenSSL library. Using the
|
||||
callback function it is possible to implement a proper selection routine
|
||||
or to allow a user interaction to choose the certificate to be sent.
|
||||
The callback function can obtain the list of acceptable CAs using the
|
||||
L<SSL_get_client_CA_list(3)|SSL_get_client_CA_list(3)> function.
|
||||
When a certificate was set using the
|
||||
L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)> family of functions,
|
||||
it will be sent to the server. The TLS standard requires that only a
|
||||
certificate is sent, if it matches the list of acceptable CAs sent by the
|
||||
server. This constraint is violated by the default behavior of the OpenSSL
|
||||
library. Using the callback function it is possible to implement a proper
|
||||
selection routine or to allow a user interaction to choose the certificate to
|
||||
be sent.
|
||||
|
||||
If a callback function is defined, the callback function will be called.
|
||||
If a callback function is defined and no certificate was yet defined for the
|
||||
SSL object, the callback function will be called.
|
||||
If the callback function returns a certificate, the OpenSSL library
|
||||
will try to load the private key and certificate data into the SSL
|
||||
object using SSL_use_certificate() and SSL_use_private_key() functions.
|
||||
Thus it will permanently override the certificate and key previously
|
||||
installed and will not be reset by calling L<SSL_clear(3)|SSL_clear(3)>.
|
||||
If the callback returns no certificate, the OpenSSL library will send
|
||||
the certificate previously installed for the SSL_CTX object or the specific
|
||||
certificate of the SSL object, if available.
|
||||
object using the SSL_use_certificate() and SSL_use_private_key() functions.
|
||||
Thus it will permanently install the certificate and key for this SSL
|
||||
object. It will not be reset by calling L<SSL_clear(3)|SSL_clear(3)>.
|
||||
If the callback returns no certificate, the OpenSSL library will not send
|
||||
a certificate.
|
||||
|
||||
=head1 BUGS
|
||||
|
||||
|
@ -35,7 +35,7 @@ operation (|). Options can only be added but can never be reset.
|
||||
SSL_CTX_set_options() and SSL_set_options() affect the (external)
|
||||
protocol behaviour of the SSL library. The (internal) behaviour of
|
||||
the API can be changed by using the similar
|
||||
L<SSL_CTX_set_modes(3)|SSL_CTX_set_modes(3)> and SSL_set_modes() functions.
|
||||
L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)> and SSL_set_mode() functions.
|
||||
|
||||
During a handshake, the option settings of the SSL object are used. When
|
||||
a new SSL object is created from a context using SSL_new(), the current
|
||||
@ -112,14 +112,22 @@ only understands up to SSLv3. In this case the client must still use the
|
||||
same SSLv3.1=TLSv1 announcement. Some clients step down to SSLv3 with respect
|
||||
to the server's answer and violate the version rollback protection.)
|
||||
|
||||
=item SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
|
||||
|
||||
Disables a countermeasure against a SSL 3.0/TLS 1.0 protocol
|
||||
vulnerability affecting CBC ciphers, which cannot be handled by some
|
||||
broken SSL implementations. This option has no effect for connections
|
||||
using other ciphers.
|
||||
|
||||
=item SSL_OP_ALL
|
||||
|
||||
All of the above bug workarounds.
|
||||
|
||||
=back
|
||||
|
||||
It is save and recommended to use SSL_OP_ALL to enable the bug workaround
|
||||
options.
|
||||
It is usually safe to use B<SSL_OP_ALL> to enable the bug workaround
|
||||
options if compatibility with somewhat broken implementations is
|
||||
desired.
|
||||
|
||||
The following B<modifying> options are available:
|
||||
|
||||
@ -199,4 +207,9 @@ L<dhparam(1)|dhparam(1)>
|
||||
|
||||
SSL_OP_TLS_ROLLBACK_BUG has been added in OpenSSL 0.9.6.
|
||||
|
||||
B<SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS> has been added in OpenSSL 0.9.6e.
|
||||
Versions up to OpenSSL 0.9.6c do not include the countermeasure that
|
||||
can be disabled with this option (in OpenSSL 0.9.6d, it was always
|
||||
enabled).
|
||||
|
||||
=cut
|
||||
|
@ -69,6 +69,7 @@ to find out the reason.
|
||||
L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_connect(3)|SSL_connect(3)>,
|
||||
L<SSL_shutdown(3)|SSL_shutdown(3)>, L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>,
|
||||
L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>,
|
||||
L<SSL_do_handshake(3)|SSL_do_handshake(3)>,
|
||||
L<SSL_CTX_new(3)|SSL_CTX_new(3)>
|
||||
|
||||
=cut
|
||||
|
@ -66,6 +66,7 @@ to find out the reason.
|
||||
L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_accept(3)|SSL_accept(3)>,
|
||||
L<SSL_shutdown(3)|SSL_shutdown(3)>, L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>,
|
||||
L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>,
|
||||
L<SSL_do_handshake(3)|SSL_do_handshake(3)>,
|
||||
L<SSL_CTX_new(3)|SSL_CTX_new(3)>
|
||||
|
||||
=cut
|
||||
|
75
crypto/openssl/doc/ssl/SSL_do_handshake.pod
Normal file
75
crypto/openssl/doc/ssl/SSL_do_handshake.pod
Normal file
@ -0,0 +1,75 @@
|
||||
=pod
|
||||
|
||||
=head1 NAME
|
||||
|
||||
SSL_do_handshake - perform a TLS/SSL handshake
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
#include <openssl/ssl.h>
|
||||
|
||||
int SSL_do_handshake(SSL *ssl);
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
SSL_do_handshake() will wait for a SSL/TLS handshake to take place. If the
|
||||
connection is in client mode, the handshake will be started. The handshake
|
||||
routines may have to be explicitly set in advance using either
|
||||
L<SSL_set_connect_state(3)|SSL_set_connect_state(3)> or
|
||||
L<SSL_set_accept_state(3)|SSL_set_accept_state(3)>.
|
||||
|
||||
=head1 NOTES
|
||||
|
||||
The behaviour of SSL_do_handshake() depends on the underlying BIO.
|
||||
|
||||
If the underlying BIO is B<blocking>, SSL_do_handshake() will only return
|
||||
once the handshake has been finished or an error occurred, except for SGC
|
||||
(Server Gated Cryptography). For SGC, SSL_do_handshake() may return with -1,
|
||||
but SSL_get_error() will yield B<SSL_ERROR_WANT_READ/WRITE> and
|
||||
SSL_do_handshake() should be called again.
|
||||
|
||||
If the underlying BIO is B<non-blocking>, SSL_do_handshake() will also return
|
||||
when the underlying BIO could not satisfy the needs of SSL_do_handshake()
|
||||
to continue the handshake. In this case a call to SSL_get_error() with the
|
||||
return value of SSL_do_handshake() will yield B<SSL_ERROR_WANT_READ> or
|
||||
B<SSL_ERROR_WANT_WRITE>. The calling process then must repeat the call after
|
||||
taking appropriate action to satisfy the needs of SSL_do_handshake().
|
||||
The action depends on the underlying BIO. When using a non-blocking socket,
|
||||
nothing is to be done, but select() can be used to check for the required
|
||||
condition. When using a buffering BIO, like a BIO pair, data must be written
|
||||
into or retrieved out of the BIO before being able to continue.
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
||||
The following return values can occur:
|
||||
|
||||
=over 4
|
||||
|
||||
=item 1
|
||||
|
||||
The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
|
||||
established.
|
||||
|
||||
=item 0
|
||||
|
||||
The TLS/SSL handshake was not successful but was shut down controlled and
|
||||
by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
|
||||
return value B<ret> to find out the reason.
|
||||
|
||||
=item E<lt>0
|
||||
|
||||
The TLS/SSL handshake was not successful because a fatal error occurred either
|
||||
at the protocol level or a connection failure occurred. The shutdown was
|
||||
not clean. It can also occur of action is need to continue the operation
|
||||
for non-blocking BIOs. Call SSL_get_error() with the return value B<ret>
|
||||
to find out the reason.
|
||||
|
||||
=back
|
||||
|
||||
=head1 SEE ALSO
|
||||
|
||||
L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_connect(3)|SSL_connect(3)>,
|
||||
L<SSL_accept(3)|SSL_accept(3)>, L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>,
|
||||
L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>
|
||||
|
||||
=cut
|
@ -13,7 +13,7 @@ SSL_get_error - obtain result code for TLS/SSL I/O operation
|
||||
=head1 DESCRIPTION
|
||||
|
||||
SSL_get_error() returns a result code (suitable for the C "switch"
|
||||
statement) for a preceding call to SSL_connect(), SSL_accept(),
|
||||
statement) for a preceding call to SSL_connect(), SSL_accept(), SSL_do_handshake(),
|
||||
SSL_read(), SSL_peek(), or SSL_write() on B<ssl>. The value returned by
|
||||
that TLS/SSL I/O function must be passed to SSL_get_error() in parameter
|
||||
B<ret>.
|
||||
|
@ -49,6 +49,7 @@ information.
|
||||
L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>, L<SSL_CTX_new(3)|SSL_CTX_new(3)>,
|
||||
L<SSL_connect(3)|SSL_connect(3)>, L<SSL_accept(3)|SSL_accept(3)>,
|
||||
L<SSL_write(3)|SSL_write(3)>, L<SSL_read(3)|SSL_read(3)>,
|
||||
L<SSL_do_handshake(3)|SSL_do_handshake(3)>,
|
||||
L<SSL_CTX_set_ssl_version(3)|SSL_CTX_set_ssl_version(3)>
|
||||
|
||||
=cut
|
||||
|
@ -65,6 +65,9 @@ When an SSL_write() operation has to be repeated because of
|
||||
B<SSL_ERROR_WANT_READ> or B<SSL_ERROR_WANT_WRITE>, it must be repeated
|
||||
with the same arguments.
|
||||
|
||||
When calling SSL_write() with num=0 bytes to be sent the behaviour is
|
||||
undefined.
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
||||
The following return values can occur:
|
||||
|
@ -682,6 +682,7 @@ L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>,
|
||||
L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>,
|
||||
L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>,
|
||||
L<SSL_alert_type_string(3)|SSL_alert_type_string(3)>,
|
||||
L<SSL_do_handshake(3)|SSL_do_handshake(3)>,
|
||||
L<SSL_get_SSL_CTX(3)|SSL_get_SSL_CTX(3)>,
|
||||
L<SSL_get_ciphers(3)|SSL_get_ciphers(3)>,
|
||||
L<SSL_get_client_CA_list(3)|SSL_get_client_CA_list(3)>,
|
||||
|
@ -114,11 +114,11 @@ extern "C" {
|
||||
# define MS_STATIC
|
||||
#endif
|
||||
|
||||
#if defined(_WIN32) && !defined(WIN32) && !defined(__CYGWIN32__)
|
||||
#if defined(_WIN32) && !defined(WIN32) && !defined(__CYGWIN32__) && !defined(_UWIN)
|
||||
# define WIN32
|
||||
#endif
|
||||
|
||||
#if (defined(WIN32) || defined(WIN16)) && !defined(__CYGWIN32__)
|
||||
#if (defined(WIN32) || defined(WIN16)) && !defined(__CYGWIN32__) && !defined(_UWIN)
|
||||
# ifndef WINDOWS
|
||||
# define WINDOWS
|
||||
# endif
|
||||
@ -142,7 +142,8 @@ extern "C" {
|
||||
#define clear_sys_error() errno=0
|
||||
#endif
|
||||
|
||||
#if defined(WINDOWS) && !defined(__CYGWIN32__)
|
||||
#if defined(WINDOWS) && !defined(__CYGWIN32__) && !defined(_UWIN)
|
||||
|
||||
#define get_last_socket_error() WSAGetLastError()
|
||||
#define clear_socket_error() WSASetLastError(0)
|
||||
#define readsocket(s,b,n) recv((s),(b),(n),0)
|
||||
@ -183,7 +184,7 @@ extern "C" {
|
||||
# define NO_FP_API
|
||||
#endif
|
||||
|
||||
#if (defined(WINDOWS) || defined(MSDOS)) && !defined(__CYGWIN32__)
|
||||
#if (defined(WINDOWS) || defined(MSDOS)) && !defined(__CYGWIN32__) && !defined(_UWIN)
|
||||
|
||||
# ifndef S_IFDIR
|
||||
# define S_IFDIR _S_IFDIR
|
||||
|
@ -229,12 +229,13 @@ s23_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
|
||||
s23_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
|
||||
s23_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h
|
||||
s23_srvr.o: ../include/openssl/x509_vfy.h ssl_locl.h
|
||||
s2_clnt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
|
||||
s2_clnt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
|
||||
s2_clnt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
|
||||
s2_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
|
||||
s2_clnt.o: ../include/openssl/des.h ../include/openssl/dh.h
|
||||
s2_clnt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
|
||||
s2_clnt.o: ../crypto/cryptlib.h ../include/openssl/asn1.h
|
||||
s2_clnt.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
|
||||
s2_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
|
||||
s2_clnt.o: ../include/openssl/cast.h ../include/openssl/comp.h
|
||||
s2_clnt.o: ../include/openssl/crypto.h ../include/openssl/des.h
|
||||
s2_clnt.o: ../include/openssl/dh.h ../include/openssl/dsa.h
|
||||
s2_clnt.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
|
||||
s2_clnt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
|
||||
s2_clnt.o: ../include/openssl/evp.h ../include/openssl/idea.h
|
||||
s2_clnt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
|
||||
@ -274,12 +275,13 @@ s2_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
|
||||
s2_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
|
||||
s2_enc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
|
||||
s2_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
|
||||
s2_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h
|
||||
s2_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
|
||||
s2_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h
|
||||
s2_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h
|
||||
s2_lib.o: ../include/openssl/des.h ../include/openssl/dh.h
|
||||
s2_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
|
||||
s2_lib.o: ../crypto/cryptlib.h ../include/openssl/asn1.h
|
||||
s2_lib.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
|
||||
s2_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h
|
||||
s2_lib.o: ../include/openssl/cast.h ../include/openssl/comp.h
|
||||
s2_lib.o: ../include/openssl/crypto.h ../include/openssl/des.h
|
||||
s2_lib.o: ../include/openssl/dh.h ../include/openssl/dsa.h
|
||||
s2_lib.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
|
||||
s2_lib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
|
||||
s2_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h
|
||||
s2_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h
|
||||
@ -340,12 +342,13 @@ s2_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
|
||||
s2_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
|
||||
s2_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
|
||||
s2_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
|
||||
s2_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
|
||||
s2_srvr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
|
||||
s2_srvr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
|
||||
s2_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
|
||||
s2_srvr.o: ../include/openssl/des.h ../include/openssl/dh.h
|
||||
s2_srvr.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
|
||||
s2_srvr.o: ../crypto/cryptlib.h ../include/openssl/asn1.h
|
||||
s2_srvr.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
|
||||
s2_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
|
||||
s2_srvr.o: ../include/openssl/cast.h ../include/openssl/comp.h
|
||||
s2_srvr.o: ../include/openssl/crypto.h ../include/openssl/des.h
|
||||
s2_srvr.o: ../include/openssl/dh.h ../include/openssl/dsa.h
|
||||
s2_srvr.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
|
||||
s2_srvr.o: ../include/openssl/e_os2.h ../include/openssl/err.h
|
||||
s2_srvr.o: ../include/openssl/evp.h ../include/openssl/idea.h
|
||||
s2_srvr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
|
||||
@ -386,12 +389,13 @@ s3_both.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
|
||||
s3_both.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
|
||||
s3_both.o: ../include/openssl/tls1.h ../include/openssl/x509.h
|
||||
s3_both.o: ../include/openssl/x509_vfy.h ssl_locl.h
|
||||
s3_clnt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
|
||||
s3_clnt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
|
||||
s3_clnt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
|
||||
s3_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
|
||||
s3_clnt.o: ../include/openssl/des.h ../include/openssl/dh.h
|
||||
s3_clnt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
|
||||
s3_clnt.o: ../crypto/cryptlib.h ../include/openssl/asn1.h
|
||||
s3_clnt.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
|
||||
s3_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
|
||||
s3_clnt.o: ../include/openssl/cast.h ../include/openssl/comp.h
|
||||
s3_clnt.o: ../include/openssl/crypto.h ../include/openssl/des.h
|
||||
s3_clnt.o: ../include/openssl/dh.h ../include/openssl/dsa.h
|
||||
s3_clnt.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
|
||||
s3_clnt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
|
||||
s3_clnt.o: ../include/openssl/evp.h ../include/openssl/idea.h
|
||||
s3_clnt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
|
||||
@ -497,12 +501,13 @@ s3_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
|
||||
s3_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
|
||||
s3_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
|
||||
s3_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
|
||||
s3_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
|
||||
s3_srvr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
|
||||
s3_srvr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
|
||||
s3_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
|
||||
s3_srvr.o: ../include/openssl/des.h ../include/openssl/dh.h
|
||||
s3_srvr.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
|
||||
s3_srvr.o: ../crypto/cryptlib.h ../include/openssl/asn1.h
|
||||
s3_srvr.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
|
||||
s3_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
|
||||
s3_srvr.o: ../include/openssl/cast.h ../include/openssl/comp.h
|
||||
s3_srvr.o: ../include/openssl/crypto.h ../include/openssl/des.h
|
||||
s3_srvr.o: ../include/openssl/dh.h ../include/openssl/dsa.h
|
||||
s3_srvr.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
|
||||
s3_srvr.o: ../include/openssl/e_os2.h ../include/openssl/err.h
|
||||
s3_srvr.o: ../include/openssl/evp.h ../include/openssl/idea.h
|
||||
s3_srvr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
|
||||
@ -542,12 +547,13 @@ ssl_algs.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
|
||||
ssl_algs.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
|
||||
ssl_algs.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
|
||||
ssl_algs.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
|
||||
ssl_asn1.o: ../include/openssl/asn1.h ../include/openssl/asn1_mac.h
|
||||
ssl_asn1.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
|
||||
ssl_asn1.o: ../include/openssl/bn.h ../include/openssl/buffer.h
|
||||
ssl_asn1.o: ../include/openssl/cast.h ../include/openssl/comp.h
|
||||
ssl_asn1.o: ../include/openssl/crypto.h ../include/openssl/des.h
|
||||
ssl_asn1.o: ../include/openssl/dh.h ../include/openssl/dsa.h
|
||||
ssl_asn1.o: ../crypto/cryptlib.h ../include/openssl/asn1.h
|
||||
ssl_asn1.o: ../include/openssl/asn1_mac.h ../include/openssl/bio.h
|
||||
ssl_asn1.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
|
||||
ssl_asn1.o: ../include/openssl/buffer.h ../include/openssl/cast.h
|
||||
ssl_asn1.o: ../include/openssl/comp.h ../include/openssl/crypto.h
|
||||
ssl_asn1.o: ../include/openssl/des.h ../include/openssl/dh.h
|
||||
ssl_asn1.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
|
||||
ssl_asn1.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
|
||||
ssl_asn1.o: ../include/openssl/err.h ../include/openssl/evp.h
|
||||
ssl_asn1.o: ../include/openssl/idea.h ../include/openssl/lhash.h
|
||||
@ -700,12 +706,13 @@ ssl_rsa.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
|
||||
ssl_rsa.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
|
||||
ssl_rsa.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
|
||||
ssl_rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
|
||||
ssl_sess.o: ../include/openssl/asn1.h ../include/openssl/bio.h
|
||||
ssl_sess.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
|
||||
ssl_sess.o: ../include/openssl/buffer.h ../include/openssl/cast.h
|
||||
ssl_sess.o: ../include/openssl/comp.h ../include/openssl/crypto.h
|
||||
ssl_sess.o: ../include/openssl/des.h ../include/openssl/dh.h
|
||||
ssl_sess.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
|
||||
ssl_sess.o: ../crypto/cryptlib.h ../include/openssl/asn1.h
|
||||
ssl_sess.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
|
||||
ssl_sess.o: ../include/openssl/bn.h ../include/openssl/buffer.h
|
||||
ssl_sess.o: ../include/openssl/cast.h ../include/openssl/comp.h
|
||||
ssl_sess.o: ../include/openssl/crypto.h ../include/openssl/des.h
|
||||
ssl_sess.o: ../include/openssl/dh.h ../include/openssl/dsa.h
|
||||
ssl_sess.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
|
||||
ssl_sess.o: ../include/openssl/e_os2.h ../include/openssl/err.h
|
||||
ssl_sess.o: ../include/openssl/evp.h ../include/openssl/idea.h
|
||||
ssl_sess.o: ../include/openssl/lhash.h ../include/openssl/md2.h
|
||||
|
@ -116,6 +116,7 @@
|
||||
#include <openssl/buffer.h>
|
||||
#include <openssl/objects.h>
|
||||
#include <openssl/evp.h>
|
||||
#include "cryptlib.h"
|
||||
|
||||
static SSL_METHOD *ssl2_get_client_method(int ver);
|
||||
static int get_server_finished(SSL *s);
|
||||
@ -517,6 +518,7 @@ static int get_server_hello(SSL *s)
|
||||
}
|
||||
|
||||
s->s2->conn_id_length=s->s2->tmp.conn_id_length;
|
||||
die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
|
||||
memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length);
|
||||
return(1);
|
||||
}
|
||||
@ -618,6 +620,7 @@ static int client_master_key(SSL *s)
|
||||
/* make key_arg data */
|
||||
i=EVP_CIPHER_iv_length(c);
|
||||
sess->key_arg_length=i;
|
||||
die(i <= SSL_MAX_KEY_ARG_LENGTH);
|
||||
if (i > 0) RAND_pseudo_bytes(sess->key_arg,i);
|
||||
|
||||
/* make a master key */
|
||||
@ -625,6 +628,7 @@ static int client_master_key(SSL *s)
|
||||
sess->master_key_length=i;
|
||||
if (i > 0)
|
||||
{
|
||||
die(i <= sizeof sess->master_key);
|
||||
if (RAND_bytes(sess->master_key,i) <= 0)
|
||||
{
|
||||
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
|
||||
@ -668,6 +672,7 @@ static int client_master_key(SSL *s)
|
||||
d+=enc;
|
||||
karg=sess->key_arg_length;
|
||||
s2n(karg,p); /* key arg size */
|
||||
die(karg <= sizeof sess->key_arg);
|
||||
memcpy(d,sess->key_arg,(unsigned int)karg);
|
||||
d+=karg;
|
||||
|
||||
@ -688,6 +693,7 @@ static int client_finished(SSL *s)
|
||||
{
|
||||
p=(unsigned char *)s->init_buf->data;
|
||||
*(p++)=SSL2_MT_CLIENT_FINISHED;
|
||||
die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
|
||||
memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length);
|
||||
|
||||
s->state=SSL2_ST_SEND_CLIENT_FINISHED_B;
|
||||
@ -944,6 +950,8 @@ static int get_server_finished(SSL *s)
|
||||
{
|
||||
if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
|
||||
{
|
||||
die(s->session->session_id_length
|
||||
<= sizeof s->session->session_id);
|
||||
if (memcmp(buf,s->session->session_id,
|
||||
(unsigned int)s->session->session_id_length) != 0)
|
||||
{
|
||||
|
@ -62,6 +62,7 @@
|
||||
#include <openssl/rsa.h>
|
||||
#include <openssl/objects.h>
|
||||
#include <openssl/md5.h>
|
||||
#include "cryptlib.h"
|
||||
|
||||
static long ssl2_default_timeout(void );
|
||||
const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT;
|
||||
@ -76,7 +77,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
|
||||
SSL2_TXT_NULL_WITH_MD5,
|
||||
SSL2_CK_NULL_WITH_MD5,
|
||||
SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_MD5|SSL_SSLV2,
|
||||
SSL_EXPORT|SSL_EXP40,
|
||||
SSL_EXPORT|SSL_EXP40|SSL_STRONG_NONE,
|
||||
0,
|
||||
0,
|
||||
0,
|
||||
SSL_ALL_CIPHERS,
|
||||
@ -196,6 +198,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
|
||||
SSL2_TXT_NULL,
|
||||
SSL2_CK_NULL,
|
||||
0,
|
||||
SSL_STRONG_NONE,
|
||||
0,
|
||||
0,
|
||||
0,
|
||||
@ -425,10 +428,14 @@ void ssl2_generate_key_material(SSL *s)
|
||||
#endif
|
||||
|
||||
km=s->s2->key_material;
|
||||
die(s->s2->key_material_length <= sizeof s->s2->key_material);
|
||||
for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH)
|
||||
{
|
||||
MD5_Init(&ctx);
|
||||
|
||||
die(s->session->master_key_length >= 0
|
||||
&& s->session->master_key_length
|
||||
< sizeof s->session->master_key);
|
||||
MD5_Update(&ctx,s->session->master_key,s->session->master_key_length);
|
||||
MD5_Update(&ctx,&c,1);
|
||||
c++;
|
||||
@ -463,6 +470,7 @@ void ssl2_write_error(SSL *s)
|
||||
/* state=s->rwstate;*/
|
||||
error=s->error;
|
||||
s->error=0;
|
||||
die(error >= 0 && error <= 3);
|
||||
i=ssl2_write(s,&(buf[3-error]),error);
|
||||
/* if (i == error) s->rwstate=state; */
|
||||
|
||||
|
@ -116,6 +116,7 @@
|
||||
#include <openssl/rand.h>
|
||||
#include <openssl/objects.h>
|
||||
#include <openssl/evp.h>
|
||||
#include "cryptlib.h"
|
||||
|
||||
static SSL_METHOD *ssl2_get_server_method(int ver);
|
||||
static int get_client_master_key(SSL *s);
|
||||
@ -417,11 +418,18 @@ static int get_client_master_key(SSL *s)
|
||||
n2s(p,i); s->s2->tmp.clear=i;
|
||||
n2s(p,i); s->s2->tmp.enc=i;
|
||||
n2s(p,i); s->session->key_arg_length=i;
|
||||
if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH)
|
||||
{
|
||||
SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
|
||||
SSL_R_KEY_ARG_TOO_LONG);
|
||||
return -1;
|
||||
}
|
||||
s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B;
|
||||
}
|
||||
|
||||
/* SSL2_ST_GET_CLIENT_MASTER_KEY_B */
|
||||
p=(unsigned char *)s->init_buf->data;
|
||||
die(s->init_buf->length >= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER);
|
||||
keya=s->session->key_arg_length;
|
||||
len = 10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc + (unsigned long)keya;
|
||||
if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
|
||||
@ -502,6 +510,7 @@ static int get_client_master_key(SSL *s)
|
||||
#endif
|
||||
|
||||
if (is_export) i+=s->s2->tmp.clear;
|
||||
die(i <= SSL_MAX_MASTER_KEY_LENGTH);
|
||||
s->session->master_key_length=i;
|
||||
memcpy(s->session->master_key,p,(unsigned int)i);
|
||||
return(1);
|
||||
@ -649,6 +658,7 @@ static int get_client_hello(SSL *s)
|
||||
p+=s->s2->tmp.session_id_length;
|
||||
|
||||
/* challenge */
|
||||
die(s->s2->challenge_length <= sizeof s->s2->challenge);
|
||||
memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length);
|
||||
return(1);
|
||||
mem_err:
|
||||
@ -800,6 +810,7 @@ static int get_client_finished(SSL *s)
|
||||
}
|
||||
|
||||
/* SSL2_ST_GET_CLIENT_FINISHED_B */
|
||||
die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
|
||||
len = 1 + (unsigned long)s->s2->conn_id_length;
|
||||
n = (int)len - s->init_num;
|
||||
i = ssl2_read(s,(char *)&(p[s->init_num]),n);
|
||||
@ -825,6 +836,7 @@ static int server_verify(SSL *s)
|
||||
{
|
||||
p=(unsigned char *)s->init_buf->data;
|
||||
*(p++)=SSL2_MT_SERVER_VERIFY;
|
||||
die(s->s2->challenge_length <= sizeof s->s2->challenge);
|
||||
memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length);
|
||||
/* p+=s->s2->challenge_length; */
|
||||
|
||||
@ -844,6 +856,8 @@ static int server_finish(SSL *s)
|
||||
p=(unsigned char *)s->init_buf->data;
|
||||
*(p++)=SSL2_MT_SERVER_FINISHED;
|
||||
|
||||
die(s->session->session_id_length
|
||||
<= sizeof s->session->session_id);
|
||||
memcpy(p,s->session->session_id,
|
||||
(unsigned int)s->session->session_id_length);
|
||||
/* p+=s->session->session_id_length; */
|
||||
|
@ -117,6 +117,7 @@
|
||||
#include <openssl/sha.h>
|
||||
#include <openssl/evp.h>
|
||||
#include "ssl_locl.h"
|
||||
#include "cryptlib.h"
|
||||
|
||||
static SSL_METHOD *ssl3_get_client_method(int ver);
|
||||
static int ssl3_client_hello(SSL *s);
|
||||
@ -545,6 +546,7 @@ static int ssl3_client_hello(SSL *s)
|
||||
*(p++)=i;
|
||||
if (i != 0)
|
||||
{
|
||||
die(i <= sizeof s->session->session_id);
|
||||
memcpy(p,s->session->session_id,i);
|
||||
p+=i;
|
||||
}
|
||||
@ -626,6 +628,14 @@ static int ssl3_get_server_hello(SSL *s)
|
||||
/* get the session-id */
|
||||
j= *(p++);
|
||||
|
||||
if(j > sizeof s->session->session_id)
|
||||
{
|
||||
al=SSL_AD_ILLEGAL_PARAMETER;
|
||||
SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
|
||||
SSL_R_SSL3_SESSION_ID_TOO_LONG);
|
||||
goto f_err;
|
||||
}
|
||||
|
||||
if ((j != 0) && (j != SSL3_SESSION_ID_SIZE))
|
||||
{
|
||||
/* SSLref returns 16 :-( */
|
||||
|
@ -361,13 +361,24 @@ int ssl3_setup_key_block(SSL *s)
|
||||
|
||||
ssl3_generate_key_block(s,p,num);
|
||||
|
||||
/* enable vulnerability countermeasure for CBC ciphers with
|
||||
* known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt) */
|
||||
s->s3->need_empty_fragments = 1;
|
||||
if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
|
||||
{
|
||||
/* enable vulnerability countermeasure for CBC ciphers with
|
||||
* known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt)
|
||||
*/
|
||||
s->s3->need_empty_fragments = 1;
|
||||
|
||||
if (s->session->cipher != NULL)
|
||||
{
|
||||
if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_eNULL)
|
||||
s->s3->need_empty_fragments = 0;
|
||||
|
||||
#ifndef NO_RC4
|
||||
if ((s->session->cipher != NULL) && ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4))
|
||||
s->s3->need_empty_fragments = 0;
|
||||
if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4)
|
||||
s->s3->need_empty_fragments = 0;
|
||||
#endif
|
||||
}
|
||||
}
|
||||
|
||||
return(1);
|
||||
err:
|
||||
|
@ -129,7 +129,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||
SSL3_TXT_RSA_NULL_MD5,
|
||||
SSL3_CK_RSA_NULL_MD5,
|
||||
SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_SSLV3,
|
||||
SSL_NOT_EXP,
|
||||
SSL_NOT_EXP|SSL_STRONG_NONE,
|
||||
0,
|
||||
0,
|
||||
0,
|
||||
@ -142,7 +142,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||
SSL3_TXT_RSA_NULL_SHA,
|
||||
SSL3_CK_RSA_NULL_SHA,
|
||||
SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_SSLV3,
|
||||
SSL_NOT_EXP,
|
||||
SSL_NOT_EXP|SSL_STRONG_NONE,
|
||||
0,
|
||||
0,
|
||||
0,
|
||||
@ -490,7 +490,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||
SSL3_TXT_FZA_DMS_NULL_SHA,
|
||||
SSL3_CK_FZA_DMS_NULL_SHA,
|
||||
SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_SSLV3,
|
||||
SSL_NOT_EXP,
|
||||
SSL_NOT_EXP|SSL_STRONG_NONE,
|
||||
0,
|
||||
0,
|
||||
0,
|
||||
@ -504,7 +504,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||
SSL3_TXT_FZA_DMS_FZA_SHA,
|
||||
SSL3_CK_FZA_DMS_FZA_SHA,
|
||||
SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_SSLV3,
|
||||
SSL_NOT_EXP,
|
||||
SSL_NOT_EXP|SSL_STRONG_NONE,
|
||||
0,
|
||||
0,
|
||||
0,
|
||||
|
@ -122,6 +122,7 @@
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/x509.h>
|
||||
#include "ssl_locl.h"
|
||||
#include "cryptlib.h"
|
||||
|
||||
static SSL_METHOD *ssl3_get_server_method(int ver);
|
||||
static int ssl3_get_client_hello(SSL *s);
|
||||
@ -948,6 +949,7 @@ static int ssl3_send_server_hello(SSL *s)
|
||||
s->session->session_id_length=0;
|
||||
|
||||
sl=s->session->session_id_length;
|
||||
die(sl <= sizeof s->session->session_id);
|
||||
*(p++)=sl;
|
||||
memcpy(p,s->session->session_id,sl);
|
||||
p+=sl;
|
||||
|
@ -350,6 +350,7 @@ typedef struct ssl_session_st
|
||||
struct ssl_session_st *prev,*next;
|
||||
} SSL_SESSION;
|
||||
|
||||
|
||||
#define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L
|
||||
#define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L
|
||||
#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L
|
||||
@ -361,11 +362,25 @@ typedef struct ssl_session_st
|
||||
#define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L
|
||||
#define SSL_OP_TLS_ROLLBACK_BUG 0x00000400L
|
||||
|
||||
/* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added
|
||||
* in OpenSSL 0.9.6d. Usually (depending on the application protocol)
|
||||
* the workaround is not needed. Unfortunately some broken SSL/TLS
|
||||
* implementations cannot handle it at all, which is why we include
|
||||
* it in SSL_OP_ALL. */
|
||||
#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800L /* added in 0.9.6e */
|
||||
|
||||
/* SSL_OP_ALL: various bug workarounds that should be rather harmless */
|
||||
#define SSL_OP_ALL 0x000FFFFFL
|
||||
|
||||
/* If set, always create a new key when using tmp_dh parameters */
|
||||
#define SSL_OP_SINGLE_DH_USE 0x00100000L
|
||||
/* Set to also use the tmp_rsa key when doing RSA operations. */
|
||||
#define SSL_OP_EPHEMERAL_RSA 0x00200000L
|
||||
|
||||
#define SSL_OP_NO_SSLv2 0x01000000L
|
||||
#define SSL_OP_NO_SSLv3 0x02000000L
|
||||
#define SSL_OP_NO_TLSv1 0x04000000L
|
||||
|
||||
/* The next flag deliberately changes the ciphertest, this is a check
|
||||
* for the PKCS#1 attack */
|
||||
#define SSL_OP_PKCS1_CHECK_1 0x08000000L
|
||||
@ -374,11 +389,7 @@ typedef struct ssl_session_st
|
||||
/* SSL_OP_NON_EXPORT_FIRST looks utterly broken .. */
|
||||
#define SSL_OP_NON_EXPORT_FIRST 0x40000000L
|
||||
#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x80000000L
|
||||
#define SSL_OP_ALL 0x000FFFFFL
|
||||
|
||||
#define SSL_OP_NO_SSLv2 0x01000000L
|
||||
#define SSL_OP_NO_SSLv3 0x02000000L
|
||||
#define SSL_OP_NO_TLSv1 0x04000000L
|
||||
|
||||
/* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
|
||||
* when just a single record has been written): */
|
||||
@ -392,6 +403,7 @@ typedef struct ssl_session_st
|
||||
* is blocking: */
|
||||
#define SSL_MODE_AUTO_RETRY 0x00000004L
|
||||
|
||||
|
||||
/* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
|
||||
* they cannot be used to clear bits. */
|
||||
|
||||
@ -1478,6 +1490,7 @@ void ERR_load_SSL_strings(void);
|
||||
#define SSL_R_INVALID_COMMAND 280
|
||||
#define SSL_R_INVALID_PURPOSE 278
|
||||
#define SSL_R_INVALID_TRUST 279
|
||||
#define SSL_R_KEY_ARG_TOO_LONG 1112
|
||||
#define SSL_R_LENGTH_MISMATCH 159
|
||||
#define SSL_R_LENGTH_TOO_SHORT 160
|
||||
#define SSL_R_LIBRARY_BUG 274
|
||||
@ -1546,6 +1559,7 @@ void ERR_load_SSL_strings(void);
|
||||
#define SSL_R_SHORT_READ 219
|
||||
#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220
|
||||
#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221
|
||||
#define SSL_R_SSL3_SESSION_ID_TOO_LONG 1113
|
||||
#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222
|
||||
#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
|
||||
#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
|
||||
|
@ -62,6 +62,7 @@
|
||||
#include <openssl/objects.h>
|
||||
#include <openssl/x509.h>
|
||||
#include "ssl_locl.h"
|
||||
#include "cryptlib.h"
|
||||
|
||||
typedef struct ssl_session_asn1_st
|
||||
{
|
||||
@ -275,6 +276,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp,
|
||||
os.length=i;
|
||||
|
||||
ret->session_id_length=os.length;
|
||||
die(os.length <= sizeof ret->session_id);
|
||||
memcpy(ret->session_id,os.data,os.length);
|
||||
|
||||
M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
|
||||
|
@ -1,6 +1,6 @@
|
||||
/* ssl/ssl_err.c */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
|
||||
* Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
@ -275,6 +275,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
|
||||
{SSL_R_INVALID_COMMAND ,"invalid command"},
|
||||
{SSL_R_INVALID_PURPOSE ,"invalid purpose"},
|
||||
{SSL_R_INVALID_TRUST ,"invalid trust"},
|
||||
{SSL_R_KEY_ARG_TOO_LONG ,"key arg too long"},
|
||||
{SSL_R_LENGTH_MISMATCH ,"length mismatch"},
|
||||
{SSL_R_LENGTH_TOO_SHORT ,"length too short"},
|
||||
{SSL_R_LIBRARY_BUG ,"library bug"},
|
||||
@ -343,6 +344,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
|
||||
{SSL_R_SHORT_READ ,"short read"},
|
||||
{SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"},
|
||||
{SSL_R_SSL23_DOING_SESSION_ID_REUSE ,"ssl23 doing session id reuse"},
|
||||
{SSL_R_SSL3_SESSION_ID_TOO_LONG ,"ssl3 session id too long"},
|
||||
{SSL_R_SSL3_SESSION_ID_TOO_SHORT ,"ssl3 session id too short"},
|
||||
{SSL_R_SSLV3_ALERT_BAD_CERTIFICATE ,"sslv3 alert bad certificate"},
|
||||
{SSL_R_SSLV3_ALERT_BAD_RECORD_MAC ,"sslv3 alert bad record mac"},
|
||||
|
@ -283,16 +283,17 @@
|
||||
#define SSL_NOT_EXP 0x00000001L
|
||||
#define SSL_EXPORT 0x00000002L
|
||||
|
||||
#define SSL_STRONG_MASK 0x0000007cL
|
||||
#define SSL_EXP40 0x00000004L
|
||||
#define SSL_STRONG_MASK 0x000000fcL
|
||||
#define SSL_STRONG_NONE 0x00000004L
|
||||
#define SSL_EXP40 0x00000008L
|
||||
#define SSL_MICRO (SSL_EXP40)
|
||||
#define SSL_EXP56 0x00000008L
|
||||
#define SSL_EXP56 0x00000010L
|
||||
#define SSL_MINI (SSL_EXP56)
|
||||
#define SSL_LOW 0x00000010L
|
||||
#define SSL_MEDIUM 0x00000020L
|
||||
#define SSL_HIGH 0x00000040L
|
||||
#define SSL_LOW 0x00000020L
|
||||
#define SSL_MEDIUM 0x00000040L
|
||||
#define SSL_HIGH 0x00000080L
|
||||
|
||||
/* we have used 0000007f - 25 bits left to go */
|
||||
/* we have used 000000ff - 24 bits left to go */
|
||||
|
||||
/*
|
||||
* Macros to check the export status and cipher strength for export ciphers.
|
||||
|
@ -60,6 +60,7 @@
|
||||
#include <openssl/lhash.h>
|
||||
#include <openssl/rand.h>
|
||||
#include "ssl_locl.h"
|
||||
#include "cryptlib.h"
|
||||
|
||||
static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
|
||||
static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);
|
||||
@ -199,6 +200,7 @@ int ssl_get_new_session(SSL *s, int session)
|
||||
ss->session_id_length=0;
|
||||
}
|
||||
|
||||
die(s->sid_ctx_length <= sizeof ss->sid_ctx);
|
||||
memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length);
|
||||
ss->sid_ctx_length=s->sid_ctx_length;
|
||||
s->session=ss;
|
||||
|
@ -433,13 +433,24 @@ printf("\nkey block\n");
|
||||
{ int z; for (z=0; z<num; z++) printf("%02X%c",p1[z],((z+1)%16)?' ':'\n'); }
|
||||
#endif
|
||||
|
||||
/* enable vulnerability countermeasure for CBC ciphers with
|
||||
* known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt) */
|
||||
s->s3->need_empty_fragments = 1;
|
||||
if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
|
||||
{
|
||||
/* enable vulnerability countermeasure for CBC ciphers with
|
||||
* known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt)
|
||||
*/
|
||||
s->s3->need_empty_fragments = 1;
|
||||
|
||||
if (s->session->cipher != NULL)
|
||||
{
|
||||
if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_eNULL)
|
||||
s->s3->need_empty_fragments = 0;
|
||||
|
||||
#ifndef NO_RC4
|
||||
if ((s->session->cipher != NULL) && ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4))
|
||||
s->s3->need_empty_fragments = 0;
|
||||
if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4)
|
||||
s->s3->need_empty_fragments = 0;
|
||||
#endif
|
||||
}
|
||||
}
|
||||
|
||||
return(1);
|
||||
err:
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user