wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

synchronise with main 0.9.6 stable branch

Browse source
This commit is contained in:
Bodo Möller 2001-11-12 22:42:40 +00:00
parent c3970428ac
commit da904c9cef
118 changed files with 2172 additions and 561 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

192
CHANGES
View file

@ -4,18 +4,198 @@
Changes between 0.9.6b and 0.9.6c [XX xxx XXXX]
*) Add support for Broadcom crypto accelerator cards, backported
*) [In 0.9.6c-engine release:]
Add support for Broadcom crypto accelerator cards, backported
from 0.9.7.
[Broadcom, Nalin Dahyabhai <nalin@redhat.com>, Mark Cox]
*) Add support for SureWare crypto accelerator cards from
*) [In 0.9.6c-engine release:]
Add support for SureWare crypto accelerator cards from
Baltimore Technologies. (Use engine 'sureware')
[Baltimore Technologies and Mark Cox]
*) Add support for crypto accelerator cards from Accelerated
*) [In 0.9.6c-engine release:]
Add support for crypto accelerator cards from Accelerated
Encryption Processing, www.aep.ie. (Use engine 'aep')
[AEP Inc. and Mark Cox]
*) Add a configuration entry for gcc on UnixWare.
[Gary Benson <gbenson@redhat.com>]
*) Change ssl/s2_clnt.c and ssl/s2_srvr.c so that received handshake
messages are stored in a single piece (fixed-length part and
variable-length part combined) and fix various bugs found on the way.
[Bodo Moeller]
*) Disable caching in BIO_gethostbyname(), directly use gethostbyname()
instead. BIO_gethostbyname() does not know what timeouts are
appropriate, so entries would stay in cache even when they have
become invalid.
[Bodo Moeller; problem pointed out by Rich Salz <rsalz@zolera.com>
*) Change ssl23_get_client_hello (ssl/s23_srvr.c) behaviour when
faced with a pathologically small ClientHello fragment that does
not contain client_version: Instead of aborting with an error,
simply choose the highest available protocol version (i.e.,
TLS 1.0 unless it is disabled). In practice, ClientHello
messages are never sent like this, but this change gives us
strictly correct behaviour at least for TLS.
[Bodo Moeller]
*) Fix SSL handshake functions and SSL_clear() such that SSL_clear()
never resets s->method to s->ctx->method when called from within
one of the SSL handshake functions.
[Bodo Moeller; problem pointed out by Niko Baric]
*) In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert
(sent using the client's version number) if client_version is
smaller than the protocol version in use. Also change
ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0 if
the client demanded SSL 3.0 but only TLS 1.0 is enabled; then
the client will at least see that alert.
[Bodo Moeller]
*) Fix ssl3_get_message (ssl/s3_both.c) to handle message fragmentation
correctly.
[Bodo Moeller]
*) Avoid infinite loop in ssl3_get_message (ssl/s3_both.c) if a
client receives HelloRequest while in a handshake.
[Bodo Moeller; bug noticed by Andy Schneider <andy.schneider@bjss.co.uk>]
*) Bugfix in ssl3_accept (ssl/s3_srvr.c): Case SSL3_ST_SW_HELLO_REQ_C
should end in 'break', not 'goto end' which circuments various
cleanups done in state SSL_ST_OK. But session related stuff
must be disabled for SSL_ST_OK in the case that we just sent a
HelloRequest.
Also avoid some overhead by not calling ssl_init_wbio_buffer()
before just sending a HelloRequest.
[Bodo Moeller, Eric Rescorla <ekr@rtfm.com>]
*) Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't
reveal whether illegal block cipher padding was found or a MAC
verification error occured. (Neither SSLerr() codes nor alerts
are directly visible to potential attackers, but the information
may leak via logfiles.)
Similar changes are not required for the SSL 2.0 implementation
because the number of padding bytes is sent in clear for SSL 2.0,
and the extra bytes are just ignored. However ssl/s2_pkt.c
failed to verify that the purported number of padding bytes is in
the legal range.
[Bodo Moeller]
*) OpenUNIX-8 support (Boyd Lynn Gerber <gerberb@zenez.com>)
[Lutz Jaenicke]
*) Improve RSA_padding_check_PKCS1_OAEP() check again to avoid
'wristwatch attack' using huge encoding parameters (cf.
James H. Manger's CRYPTO 2001 paper). Note that the
RSA_PKCS1_OAEP_PADDING case of RSA_private_decrypt() does not use
encoding parameters and hence was not vulnerable.
[Bodo Moeller]
*) BN_sqr() bug fix.
[Ulf Möller, reported by Jim Ellis <jim.ellis@cavium.com>]
*) Rabin-Miller test analyses assume uniformly distributed witnesses,
so use BN_pseudo_rand_range() instead of using BN_pseudo_rand()
followed by modular reduction.
[Bodo Moeller; pointed out by Adam Young <AYoung1@NCSUS.JNJ.COM>]
*) Add BN_pseudo_rand_range() with obvious functionality: BN_rand_range()
equivalent based on BN_pseudo_rand() instead of BN_rand().
[Bodo Moeller]
*) s3_srvr.c: allow sending of large client certificate lists (> 16 kB).
This function was broken, as the check for a new client hello message
to handle SGC did not allow these large messages.
(Tracked down by "Douglas E. Engert" <deengert@anl.gov>.)
[Lutz Jaenicke]
*) Add alert descriptions for TLSv1 to SSL_alert_desc_string[_long]().
[Lutz Jaenicke]
*) Fix buggy behaviour of BIO_get_num_renegotiates() and BIO_ctrl()
for BIO_C_GET_WRITE_BUF_SIZE ("Stephen Hinton" <shinton@netopia.com>).
[Lutz Jaenicke]
*) Rework the configuration and shared library support for Tru64 Unix.
The configuration part makes use of modern compiler features and
still retains old compiler behavior for those that run older versions
of the OS. The shared library support part includes a variant that
uses the RPATH feature, and is available through the special
configuration target "alpha-cc-rpath", which will never be selected
automatically.
[Tim Mooney <mooney@dogbert.cc.ndsu.NoDak.edu> via Richard Levitte]
*) In ssl3_get_key_exchange (ssl/s3_clnt.c), call ssl3_get_message()
with the same message size as in ssl3_get_certificate_request().
Otherwise, if no ServerKeyExchange message occurs, CertificateRequest
messages might inadvertently be reject as too long.
[Petr Lampa <lampa@fee.vutbr.cz>]
*) Enhanced support for IA-64 Unix platforms (well, Linux and HP-UX).
[Andy Polyakov]
*) Modified SSL library such that the verify_callback that has been set
specificly for an SSL object with SSL_set_verify() is actually being
used. Before the change, a verify_callback set with this function was
ignored and the verify_callback() set in the SSL_CTX at the time of
the call was used. New function X509_STORE_CTX_set_verify_cb() introduced
to allow the necessary settings.
[Lutz Jaenicke]
*) Initialize static variable in crypto/dsa/dsa_lib.c and crypto/dh/dh_lib.c
explicitly to NULL, as at least on Solaris 8 this seems not always to be
done automatically (in contradiction to the requirements of the C
standard). This made problems when used from OpenSSH.
[Lutz Jaenicke]
*) In OpenSSL 0.9.6a and 0.9.6b, crypto/dh/dh_key.c ignored
dh->length and always used
BN_rand_range(priv_key, dh->p).
BN_rand_range() is not necessary for Diffie-Hellman, and this
specific range makes Diffie-Hellman unnecessarily inefficient if
dh->length (recommended exponent length) is much smaller than the
length of dh->p. We could use BN_rand_range() if the order of
the subgroup was stored in the DH structure, but we only have
dh->length.
So switch back to
BN_rand(priv_key, l, ...)
where 'l' is dh->length if this is defined, or BN_num_bits(dh->p)-1
otherwise.
[Bodo Moeller]
*) In
RSA_eay_public_encrypt
RSA_eay_private_decrypt
RSA_eay_private_encrypt (signing)
RSA_eay_public_decrypt (signature verification)
(default implementations for RSA_public_encrypt,
RSA_private_decrypt, RSA_private_encrypt, RSA_public_decrypt),
always reject numbers >= n.
[Bodo Moeller]
*) In crypto/rand/md_rand.c, use a new short-time lock CRYPTO_LOCK_RAND2
to synchronize access to 'locking_thread'. This is necessary on
systems where access to 'locking_thread' (an 'unsigned long'
variable) is not atomic.
[Bodo Moeller]
*) In crypto/rand/md_rand.c, set 'locking_thread' to current thread's ID
*before* setting the 'crypto_lock_rand' flag. The previous code had
a race condition if 0 is a valid thread ID.
[Travis Vitek <vitek@roguewave.com>]
Changes between 0.9.6a and 0.9.6b [9 Jul 2001]
*) Change ssleay_rand_bytes (crypto/rand/md_rand.c)
@ -70,7 +250,7 @@
[Ulf Möller, Bodo Möller]
*) The countermeasure against Bleichbacher's attack on PKCS #1 v1.5
RSA encryption was accidentily removed in s3_srvr.c in OpenSSL 0.9.5
RSA encryption was accidentally removed in s3_srvr.c in OpenSSL 0.9.5
when fixing the server behaviour for backwards-compatible 'client
hello' messages. (Note that the attack is impractical against
SSL 3.0 and TLS 1.0 anyway because length and version checking
@ -120,7 +300,7 @@
combination of a flag and a thread ID variable.
Otherwise while one thread is in ssleay_rand_bytes (which sets the
flag), *other* threads can enter ssleay_add_bytes without obeying
the CRYPTO_LOCK_RAND lock (and may even illegaly release the lock
the CRYPTO_LOCK_RAND lock (and may even illegally release the lock
that they do not hold after the first thread unsets add_do_not_lock).
[Bodo Moeller]
@ -762,7 +942,7 @@
default is static libraries only, and the OpenSSL programs
are always statically linked for now, but there are
preparations for dynamic linking in place.
This has been tested on Linux and True64.
This has been tested on Linux and Tru64.
[Richard Levitte]
*) Randomness polling function for Win9x, as described in:

55
Configure
View file

@ -125,10 +125,10 @@ my %table=(
"debug-ben-debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::",
"debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown):::::",
"debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
"debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DBIO_PAIR_DEBUG -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
"debug-ulf", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
"debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -DBIO_PAIR_DEBUG -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
"debug-ulf", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
"debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
"debug-levitte-linux-elf","gcc:-DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -pipe::-D_REENTRANT:-ldl:::::::::::dlfcn",
"debug-levitte-linux-elf","gcc:-DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -pipe::-D_REENTRANT:-ldl:::::::::::dlfcn",
"dist", "cc:-O::(unknown):::::",
# Basic configs that should work on any (32 and less bit) box
@ -276,12 +276,39 @@ my %table=(
#### HP MPE/iX http://jazz.external.hp.com/src/openssl/
"MPE/iX-gcc", "gcc:-D_ENDIAN -DBN_DIV2W -O3 -DMPE -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
# Dec Alpha, OSF/1 - the alpha164-cc is the flags for a 21164A with
# the new compiler
# Dec Alpha, OSF/1 - the alpha164-cc is historical, for the conversion
# from the older DEC C Compiler to the newer compiler. It's now the
# same as the preferred entry, alpha-cc. If you are still using the
# older compiler (you're at 3.x or earlier, or perhaps very early 4.x)
# you should use `alphaold-cc'.
#
# "What's in a name? That which we call a rose
# By any other word would smell as sweet."
#
# - William Shakespeare, "Romeo & Juliet", Act II, scene II.
#
# For OSF/1 3.2b and earlier, and Digital UNIX 3.2c - 3.2g, with the
# vendor compiler, use alphaold-cc.
# For Digital UNIX 4.0 - 4.0e, with the vendor compiler, use alpha-cc.
# For Tru64 UNIX 4.f - current, with the vendor compiler, use alpha-cc.
#
# There's also an alternate target available (which `config' will never
# select) called alpha-cc-rpath. This target builds an RPATH into the
# shared libraries, which is very convenient on Tru64 since binaries
# linked against that shared library will automatically inherit that RPATH,
# and hence know where to look for the openssl libraries, even if they're in
# an odd place.
#
# For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version
"alpha-gcc","gcc:-O3::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${alpha_asm}:dlfcn:tru64-shared::.so",
"alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared::.so",
"alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared::.so",
#
"alpha-gcc","gcc:-O3::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${alpha_asm}:dlfcn:alpha-osf1-shared::.so",
"alphaold-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::.so",
"alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared::.so",
"alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared::.so",
"alpha-cc-rpath", "cc:-std1 -tune host -fast -readonly_strings::-pthread::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared-rpath::.so",
#
# This probably belongs in a different section.
#
"FreeBSD-alpha","gcc:-DTERMIOS -O -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#### Alpha Linux with GNU C and Compaq C setups
@ -315,7 +342,7 @@ my %table=(
"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
"linux-m68k", "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
"linux-s390", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::SIXTY_FOUR_BIT_LONG::",
"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o:::::::::dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"NetBSD-sparc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"NetBSD-m68", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"NetBSD-x86", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@ -347,6 +374,16 @@ my %table=(
"unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
"unixware-7-pentium","cc:-O -DFILIO_H -Kalloca -Kpentium::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
"unixware-7-pentium_pro","cc:-O -DFILIO_H -Kalloca -Kpentium_pro::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
"unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT:-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# OpenUNIX 8
"OpenUNIX","cc:-O -DFILIO_H -Kalloca::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
"OpenUNIX-8","cc:-O -DFILIO_H -Kalloca::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
"OpenUNIX-8-gcc","gcc:-O -DFILIO_H -fomit-frame-pointer::-pthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
"OpenUNIX-8-pentium","cc:-O -DFILIO_H -Kalloca -Kpentium::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
"OpenUNIX-8-pentium_pro","cc:-O -DFILIO_H -Kalloca -Kpentium_pro::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
"OpenUNIX-8-shared","cc:-O -DFILIO_H -Kalloca::-Kthread:-lsocket -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic",
"OpenUNIX-8-gcc-shared","gcc:-O3 -DFILIO_H -fomit-frame-pointer::-pthread:-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr5-shared:-fPIC",
# IBM's AIX.
"aix-cc", "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown)::BN_LLONG RC4_CHAR:::",

67
FAQ
View file

@ -8,6 +8,7 @@ OpenSSL - Frequently Asked Questions
* How can I contact the OpenSSL developers?
* Where can I get a compiled version of OpenSSL?
* Why aren't tools like 'autoconf' and 'libtool' used?
* What is an 'engine' version?
[LEGAL] Legal questions
@ -33,7 +34,7 @@ OpenSSL - Frequently Asked Questions
* Why does the linker complain about undefined symbols?
* Why does the OpenSSL test fail with "bc: command not found"?
* Why does the OpenSSL test fail with "bc: 1 no implemented"?
* Why does the OpenSSL compilation fail on Alpha True64 Unix?
* Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
* Why does the OpenSSL compilation fail with "ar: command not found"?
* Why does the OpenSSL compilation fail on Win32 with VC++?
@ -121,6 +122,12 @@ A number of Linux and *BSD distributions include OpenSSL.
autoconf will probably be used in future OpenSSL versions. If it was
less Unix-centric, it might have been used much earlier.
* What is an 'engine' version?
With version 0.9.6 OpenSSL was extended to interface to external crypto
hardware. This was realized in a special release '0.9.6-engine'. With
version 0.9.7 (not yet released) the changes were merged into the main
development line, so that the special release is no longer necessary.
[LEGAL] =======================================================================
@ -146,7 +153,7 @@ holders claim that you infringe on their rights if you use OpenSSL with
their software on operating systems that don't normally include OpenSSL.
If you develop open source software that uses OpenSSL, you may find it
useful to choose an other license than the GPL, or state explicitely that
useful to choose an other license than the GPL, or state explicitly that
"This program is released under the GPL with the additional exemption that
compiling, linking, and/or using OpenSSL is allowed." If you are using
GPL software developed by others, you may want to ask the copyright holder
@ -186,7 +193,7 @@ environment variable HOME is set, then the seeding file is $HOME/.rnd.
If neither RANDFILE nor HOME is set, versions up to OpenSSL 0.9.6 will
use file .rnd in the current directory while OpenSSL 0.9.6a uses no
default seeding file at all. OpenSSL 0.9.6b and later will behave
similarly to 0.9.6a, but will use a default of "C:" for HOME on
similarly to 0.9.6a, but will use a default of "C:\" for HOME on
Windows systems if the environment variable has not been set.
If the default seeding file does not exist or is too short, the "PRNG
@ -297,7 +304,7 @@ there is little point presenting a certificate which the server will
reject.
The solution is to add the relevant CA certificate to your servers "trusted
CA list". How you do this depends on the server sofware in uses. You can
CA list". How you do this depends on the server software in uses. You can
print out the servers list of acceptable CAs using the OpenSSL s_client tool:
openssl s_client -connect www.some.host:443 -prexit
@ -359,9 +366,9 @@ and compile/install it. GNU bc (see http://www.gnu.org/software/software.html
for download instructions) can be safely used, for example.
* Why does the OpenSSL compilation fail on Alpha True64 Unix?
* Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
On some Alpha installations running True64 Unix and Compaq C, the compilation
On some Alpha installations running Tru64 Unix and Compaq C, the compilation
of crypto/sha/sha_dgst.c fails with the message 'Fatal: Insufficient virtual
memory to continue compilation.' As far as the tests have shown, this may be
a compiler bug. What happens is that it eats up a lot of resident memory
@ -523,44 +530,16 @@ OpenSSL_add_all_algorithms(). See the manual page for more information.
* Why can't the OpenSSH configure script detect OpenSSL?
There is a problem with OpenSSH 1.2.2p1, in that the configure script
can't find the installed OpenSSL libraries. The problem is actually
a small glitch that is easily solved with the following patch to be
applied to the OpenSSH distribution:
----- snip:start -----
--- openssh-1.2.2p1/configure.in.orig Thu Mar 23 18:56:58 2000
+++ openssh-1.2.2p1/configure.in Thu Mar 23 18:55:05 2000
@@ -152,10 +152,10 @@
AC_MSG_CHECKING([for OpenSSL/SSLeay directory])
for ssldir in "" $tryssldir /usr /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg /opt /opt/openssl ; do
if test ! -z "$ssldir" ; then
- LIBS="$saved_LIBS -L$ssldir"
+ LIBS="$saved_LIBS -L$ssldir/lib"
CFLAGS="$CFLAGS -I$ssldir/include"
if test "x$need_dash_r" = "x1" ; then
- LIBS="$LIBS -R$ssldir"
+ LIBS="$LIBS -R$ssldir/lib"
fi
fi
LIBS="$LIBS -lcrypto"
--- openssh-1.2.2p1/configure.orig Thu Mar 23 18:55:02 2000
+++ openssh-1.2.2p1/configure Thu Mar 23 18:57:08 2000
@@ -1890,10 +1890,10 @@
echo "configure:1891: checking for OpenSSL/SSLeay directory" >&5
for ssldir in "" $tryssldir /usr /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg /opt /opt/openssl ; do
if test ! -z "$ssldir" ; then
- LIBS="$saved_LIBS -L$ssldir"
+ LIBS="$saved_LIBS -L$ssldir/lib"
CFLAGS="$CFLAGS -I$ssldir/include"
if test "x$need_dash_r" = "x1" ; then
- LIBS="$LIBS -R$ssldir"
+ LIBS="$LIBS -R$ssldir/lib"
fi
fi
LIBS="$LIBS -lcrypto"
----- snip:end -----
Several reasons for problems with the automatic detection exist.
OpenSSH requires at least version 0.9.5a of the OpenSSL libraries.
Sometimes the distribution has installed an older version in the system
locations that is detected instead of a new one installed. The OpenSSL
library might have been compiled for another CPU or another mode (32/64 bits).
Permissions might be wrong.
The general answer is to check the config.log file generated when running
the OpenSSH configure script. It should contain the detailed information
on why the OpenSSL library was not detected or considered incompatible.
* Can I use OpenSSL's SSL library with non-blocking I/O?
@ -579,7 +558,7 @@ SSL_write() will try to continue any pending handshake.
* Why doesn't my server application receive a client certificate?
Due to the TLS protocol definition, a client will only send a certificate,
if explicitely asked by the server. Use the SSL_VERIFY_PEER flag of the
if explicitly asked by the server. Use the SSL_VERIFY_PEER flag of the
SSL_CTX_set_verify() function to enable the use of client certificates.

8
INSTALL.MacOS
View file

@ -1,7 +1,7 @@
OpenSSL - Port To The Macintosh
===============================
OpenSSL - Port To The Macintosh OS 9 or Earlier
===============================================
Thanks to Roy Wood <roy@centricsystems.ca> initial support for MacOS (pre
Thanks to Roy Wood <roy@centricsystems.ca> initial support for Mac OS (pre
X) is now provided. "Initial" means that unlike other platforms where you
get an SDK and a "swiss army" openssl application, on Macintosh you only
get one sample application which fetches a page over HTTPS(*) and dumps it
@ -42,7 +42,7 @@ Installation procedure:
BSD sockets and some other POSIX APIs. The GUSI distribution is
expected to be found in the same directory as openssl source tree,
i.e. in the parent directory to the one where this very file,
namely INSTALL.MacOS. For more informations about GUSI, see
namely INSTALL.MacOS. For more information about GUSI, see
http://www.iis.ee.ethz.ch/~neeri/macintosh/gusi-qa.html
Finally some essential comments from our generous contributor:-)

41
Makefile.org
View file

@ -263,7 +263,7 @@ do_gnu-shared:
done
# This assumes that GNU utilities are *not* used
do_tru64-shared:
do_alpha-osf1-shared:
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
( set -x; ${CC} -shared -no_archive -o lib$$i.so \
-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
@ -271,6 +271,30 @@ do_tru64-shared:
libs="$$libs -l$$i"; \
done
# This assumes that GNU utilities are *not* used
# The difference between alpha-osf1-shared and tru64-shared is the `-msym'
# option passed to the linker.
do_tru64-shared:
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
( set -x; ${CC} -shared -msym -no_archive -o lib$$i.so \
-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
libs="$$libs -l$$i"; \
done
# This assumes that GNU utilities are *not* used
# The difference between tru64-shared and tru64-shared-rpath is the
# -rpath ${INSTALLTOP}/lib passed to the linker.
do_tru64-shared-rpath:
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
( set -x; ${CC} -shared -msym -no_archive -o lib$$i.so \
-rpath ${INSTALLTOP}/lib \
-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
libs="$$libs -l$$i"; \
done
# This assumes that GNU utilities are *not* used
do_solaris-shared:
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
@ -281,6 +305,21 @@ do_solaris-shared:
libs="$$libs -l$$i"; \
done
# UnixWare 7 and OpenUNIX 8 native compilers used
do_svr5-shared:
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
find . -name "*.o" -print > allobjs ; \
OBJS= ; export OBJS ; \
for obj in `ar t lib$$i.a` ; do \
OBJS="$${OBJS} `grep $$obj allobjs`" ; \
done ; \
set -x; ${CC} -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
libs="$$libs -l$$i"; \
done
Makefile.ssl: Makefile.org
@echo "Makefile.ssl is older than Makefile.org."
@echo "Reconfigure the source tree (via './config' or 'perl Configure'), please."

7
NEWS
View file

@ -5,6 +5,13 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
Changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c:
o Various SSL/TLS library bugfixes.
o BIGNUM library fixes.
o Add crypto accelerator support for AEP, Baltimore SureWare,
Broadcom [in 0.9.6c-engine release].
Changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b:
o Security fix: PRNG improvements.

12
README
View file

@ -62,7 +62,7 @@
X.509v3 certificates
X509 encoding/decoding into/from binary ASN1 and a PEM
based ascii-binary encoding which supports encryption with a
based ASCII-binary encoding which supports encryption with a
private key. Program to generate RSA and DSA certificate
requests and to generate RSA and DSA certificates.
@ -97,7 +97,7 @@
locations around the world. _YOU_ are responsible for ensuring that your use
of any algorithms is legal by checking if there are any patents in your
country. The file contains some of the patents that we know about or are
rumoured to exist. This is not a definitive list.
rumored to exist. This is not a definitive list.
RSA Security holds software patents on the RC5 algorithm. If you
intend to use this cipher, you must contact RSA Security for
@ -107,8 +107,8 @@
only be used with RSA Security's permission.
The IDEA algorithm is patented by Ascom in Austria, France, Germany, Italy,
Japan, Netherlands, Spain, Sweden, Switzerland, UK and the USA. They should
be contacted if that algorithm is to be used, their web page is
Japan, the Netherlands, Spain, Sweden, Switzerland, UK and the USA. They
should be contacted if that algorithm is to be used; their web page is
http://www.ascom.ch/.
INSTALLATION
@ -119,8 +119,8 @@
INSTALL.VMS.
Read the documentation in the doc/ directory. It is quite rough, but it
lists the functions, you will probably have to look at the code to work out
how to used them. Look at the example programs.
lists the functions; you will probably have to look at the code to work out
how to use them. Look at the example programs.
SUPPORT
-------

6
README.ENGINE
View file

@ -5,7 +5,7 @@
With OpenSSL 0.9.6, a new component has been added to support external
crypto devices, for example accelerator cards. The component is called
ENGINE, and has still a pretty experimental status and almost no
documentation. It's designed to be faily easily extensible by the
documentation. It's designed to be fairly easily extensible by the
calling programs.
There's currently built-in support for the following crypto devices:
@ -48,7 +48,7 @@
No external crypto device is chosen unless you say so. You have actively
tell the openssl utility commands to use it through a new command line
switch called "-engine". And if you want to use the ENGINE library to
do something similar, you must also explicitely choose an external crypto
do something similar, you must also explicitly choose an external crypto
device, or the built-in crypto routines will be used, just as in the
default OpenSSL distribution.
@ -56,7 +56,7 @@
PROBLEMS
========
It seems like the ENGINE part doesn't work too well with Cryptoswift on
It seems like the ENGINE part doesn't work too well with CryptoSwift on
Win32. A quick test done right before the release showed that trying
"openssl speed -engine cswift" generated errors. If the DSO gets enabled,
an attempt is made to write at memory address 0x00000002.

32
STATUS
View file

@ -1,9 +1,11 @@
OpenSSL STATUS Last modified at
______________ $Date: 2001/04/05 17:48:02 $
______________ $Date: 2001/11/12 22:26:22 $
DEVELOPMENT STATE
o OpenSSL 0.9.7: Under development...
o OpenSSL 0.9.6b: Released on July 9th, 2001
o OpenSSL 0.9.6a: Released on April 5th, 2001
o OpenSSL 0.9.6: Released on September 24th, 2000
o OpenSSL 0.9.5a: Released on April 1st, 2000
@ -18,6 +20,11 @@
AVAILABLE PATCHES
o IA-64 (a.k.a. Intel Itanium) public-key operation performance
patch for Linux is available for download at
http://www.openssl.org/~appro/096b.linux-ia64.diff. As URL
suggests the patch is relative to OpenSSL 0.9.6b.
IN PROGRESS
o Steve is currently working on (in no particular order):
@ -31,12 +38,13 @@
o Geoff and Richard are currently working on:
ENGINE (the new code that gives hardware support among others).
o Richard is currently working on:
UI (User Interface)
UTIL (a new set of library functions to support some higher level
functionality that is currently missing).
Shared library support for VMS.
OCSP
Kerberos 5 authentication
Constification
OCSP
NEEDS PATCH
@ -49,13 +57,9 @@
o Whenever strncpy is used, make sure the resulting string is NULL-terminated
or an error is reported
OPEN ISSUES
o "OpenSSL STATUS" is never up-to-date.
o crypto/ex_data.c is not really thread-safe and so must be used
with care (e.g., extra locking where necessary, or don't call
CRYPTO_get_ex_new_index once multiple threads exist).
The current API is not suitable for everything that it pretends
to offer.
OPEN ISSUES
o The Makefile hierarchy and build mechanism is still not a round thing:
@ -99,4 +103,14 @@
WISHES
o
o SRP in TLS.
[wished by:
Dj <derek@yo.net>, Tom Wu <tom@arcot.com>,
Tom Holroyd <tomh@po.crl.go.jp>]
See http://search.ietf.org/internet-drafts/draft-ietf-tls-srp-00.txt
as well as http://www-cs-students.stanford.edu/~tjw/srp/.
Tom Holroyd tells us there is a SRP patch for OpenSSH at
http://members.tripod.com/professor_tom/archives/, that could
be useful.

250
TABLE
View file

@ -352,6 +352,160 @@ $shared_cflag = -fPIC
$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
$ranlib =
*** OpenUNIX
$cc = cc
$cflags = -O -DFILIO_H -Kalloca
$unistd =
$thread_cflag = -Kthread
$lflags = -lsocket -lnsl
$bn_ops = BN_LLONG MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
$bn_obj =
$des_obj =
$bf_obj =
$md5_obj =
$sha1_obj =
$cast_obj =
$rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
$shared_extension =
$ranlib =
*** OpenUNIX-8
$cc = cc
$cflags = -O -DFILIO_H -Kalloca
$unistd =
$thread_cflag = -Kthread
$lflags = -lsocket -lnsl
$bn_ops = BN_LLONG MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
$bn_obj =
$des_obj =
$bf_obj =
$md5_obj =
$sha1_obj =
$cast_obj =
$rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
$shared_extension =
$ranlib =
*** OpenUNIX-8-gcc
$cc = gcc
$cflags = -O -DFILIO_H -fomit-frame-pointer
$unistd =
$thread_cflag = -pthread
$lflags = -lsocket -lnsl
$bn_ops = BN_LLONG MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
$bn_obj =
$des_obj =
$bf_obj =
$md5_obj =
$sha1_obj =
$cast_obj =
$rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
$shared_extension =
$ranlib =
*** OpenUNIX-8-gcc-shared
$cc = gcc
$cflags = -O3 -DFILIO_H -fomit-frame-pointer
$unistd =
$thread_cflag = -pthread
$lflags = -lsocket -lnsl
$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
$bn_obj = asm/bn86-elf.o asm/co86-elf.o
$des_obj = asm/dx86-elf.o asm/yx86-elf.o
$bf_obj = asm/bx86-elf.o
$md5_obj = asm/mx86-elf.o
$sha1_obj = asm/sx86-elf.o
$cast_obj = asm/cx86-elf.o
$rc4_obj = asm/rx86-elf.o
$rmd160_obj = asm/rm86-elf.o
$rc5_obj = asm/r586-elf.o
$dso_scheme = dlfcn
$shared_target= svr5-shared
$shared_cflag = -fPIC
$shared_extension =
$ranlib =
*** OpenUNIX-8-pentium
$cc = cc
$cflags = -O -DFILIO_H -Kalloca -Kpentium
$unistd =
$thread_cflag = -Kthread
$lflags = -lsocket -lnsl
$bn_ops = BN_LLONG MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
$bn_obj =
$des_obj =
$bf_obj =
$md5_obj =
$sha1_obj =
$cast_obj =
$rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
$shared_extension =
$ranlib =
*** OpenUNIX-8-pentium_pro
$cc = cc
$cflags = -O -DFILIO_H -Kalloca -Kpentium_pro
$unistd =
$thread_cflag = -Kthread
$lflags = -lsocket -lnsl
$bn_ops = BN_LLONG MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
$bn_obj =
$des_obj =
$bf_obj =
$md5_obj =
$sha1_obj =
$cast_obj =
$rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
$shared_extension =
$ranlib =
*** OpenUNIX-8-shared
$cc = cc
$cflags = -O -DFILIO_H -Kalloca
$unistd =
$thread_cflag = -Kthread
$lflags = -lsocket -lnsl
$bn_ops = MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
$bn_obj =
$des_obj =
$bf_obj =
$md5_obj =
$sha1_obj =
$cast_obj =
$rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme = dlfcn
$shared_target= svr5-shared
$shared_cflag = -Kpic
$shared_extension =
$ranlib =
*** ReliantUNIX
$cc = cc
$cflags = -KPIC -g -DSNI -DTERMIOS -DB_ENDIAN
@ -640,9 +794,9 @@ $ranlib =
*** alpha-cc
$cc = cc
$cflags = -std1 -tune host -O4 -readonly_strings
$cflags = -std1 -tune host -fast -readonly_strings
$unistd =
$thread_cflag = (unknown)
$thread_cflag = -pthread
$lflags =
$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK
$bn_obj =
@ -660,6 +814,28 @@ $shared_cflag =
$shared_extension = .so
$ranlib =
*** alpha-cc-rpath
$cc = cc
$cflags = -std1 -tune host -fast -readonly_strings
$unistd =
$thread_cflag = -pthread
$lflags =
$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK
$bn_obj =
$des_obj =
$bf_obj =
$md5_obj =
$sha1_obj =
$cast_obj =
$rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme = dlfcn
$shared_target= tru64-shared-rpath
$shared_cflag =
$shared_extension = .so
$ranlib =
*** alpha-gcc
$cc = gcc
$cflags = -O3
@ -677,7 +853,7 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme = dlfcn
$shared_target= tru64-shared
$shared_target= alpha-osf1-shared
$shared_cflag =
$shared_extension = .so
$ranlib =
@ -686,6 +862,28 @@ $ranlib =
$cc = cc
$cflags = -std1 -tune host -fast -readonly_strings
$unistd =
$thread_cflag = -pthread
$lflags =
$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK
$bn_obj =
$des_obj =
$bf_obj =
$md5_obj =
$sha1_obj =
$cast_obj =
$rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme = dlfcn
$shared_target= tru64-shared
$shared_cflag =
$shared_extension = .so
$ranlib =
*** alphaold-cc
$cc = cc
$cflags = -std1 -tune host -O4 -readonly_strings
$unistd =
$thread_cflag = (unknown)
$lflags =
$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK
@ -699,7 +897,7 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme = dlfcn
$shared_target= tru64-shared
$shared_target= alpha-osf1-shared
$shared_cflag =
$shared_extension = .so
$ranlib =
@ -904,7 +1102,7 @@ $ranlib =
*** debug-bodo
$cc = gcc
$cflags = -DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DBIO_PAIR_DEBUG -g -m486 -pedantic -Wshadow -Wall
$cflags = -DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -DBIO_PAIR_DEBUG -g -m486 -pedantic -Wshadow -Wall
$unistd =
$thread_cflag = -D_REENTRANT
$lflags =
@ -926,7 +1124,7 @@ $ranlib =
*** debug-levitte-linux-elf
$cc = gcc
$cflags = -DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -pipe
$cflags = -DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -pipe
$unistd =
$thread_cflag = -D_REENTRANT
$lflags = -ldl
@ -1124,7 +1322,7 @@ $ranlib =
*** debug-ulf
$cc = gcc
$cflags = -DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe
$cflags = -DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -Wall -Werror -Wshadow -pipe
$unistd =
$thread_cflag = -D_REENTRANT
$lflags =
@ -1874,10 +2072,10 @@ $ranlib =
$cc = gcc
$cflags = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
$unistd =
$thread_cflag = (unknown)
$lflags =
$bn_ops = SIXTY_FOUR_BIT_LONG
$bn_obj =
$thread_cflag = -D_REENTRANT
$lflags = -ldl
$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR
$bn_obj = asm/ia64.o
$des_obj =
$bf_obj =
$md5_obj =
@ -1886,10 +2084,10 @@ $cast_obj =
$rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
$shared_extension =
$dso_scheme = dlfcn
$shared_target= linux-shared
$shared_cflag = -fPIC
$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
$ranlib =
*** linux-m68k
@ -2728,6 +2926,28 @@ $shared_cflag =
$shared_extension =
$ranlib =
*** unixware-7-gcc
$cc = gcc
$cflags = -DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -m486 -Wall
$unistd =
$thread_cflag = -D_REENTRANT
$lflags = -lsocket -lnsl
$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
$bn_obj =
$des_obj =
$bf_obj =
$md5_obj =
$sha1_obj =
$cast_obj =
$rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme = dlfcn
$shared_target= gnu-shared
$shared_cflag = -fPIC
$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
$ranlib =
*** unixware-7-pentium
$cc = cc
$cflags = -O -DFILIO_H -Kalloca -Kpentium

1
apps/makeapps.com
View file

@ -1133,6 +1133,7 @@ $!
$! Save directory information
$!
$ __HERE = F$PARSE(F$PARSE("A.;",F$ENVIRONMENT("PROCEDURE"))-"A.;","[]A.;") - "A.;"
$ __HERE = F$EDIT(__HERE,"UPCASE")
$ __TOP = __HERE - "APPS]"
$ __INCLUDE = __TOP + "INCLUDE.OPENSSL]"
$!

3
apps/req.c
View file

@ -392,8 +392,7 @@ bad:
BIO_printf(bio_err," the random number generator\n");
BIO_printf(bio_err," -newkey rsa:bits generate a new RSA key of 'bits' in size\n");
BIO_printf(bio_err," -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n");
BIO_printf(bio_err," -[digest] Digest to sign with (md5, sha1, md2, mdc2)\n");
BIO_printf(bio_err," -[digest] Digest to sign with (md5, sha1, md2, mdc2, md4)\n");
BIO_printf(bio_err," -config file request template file.\n");
BIO_printf(bio_err," -new new request.\n");
BIO_printf(bio_err," -x509 output a x509 structure instead of a cert. req.\n");

2
apps/s_client.c
View file

@ -928,5 +928,7 @@ static void print_stuff(BIO *bio, SSL *s, int full)
BIO_printf(bio,"---\n");
if (peer != NULL)
X509_free(peer);
/* flush, or debugging output gets mixed with http response */
BIO_flush(bio);
}

34
config
View file

@ -68,6 +68,11 @@ if [ "x$XREL" != "x" ]; then
4.2)
echo "whatever-whatever-unixware1"; exit 0
;;
OpenUNIX)
if [ "`echo x$VERSION | sed -e 's/\..*//'`" = "x8" ]; then
echo "${MACHINE}-unknown-OpenUNIX${VERSION}"; exit 0
fi
;;
5)
if [ "`echo x$VERSION | sed -e 's/\..*//'`" = "x7" ]; then
echo "${MACHINE}-sco-unixware7"; exit 0
@ -195,8 +200,23 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
echo "${MACHINE}-whatever-openbsd"; exit 0
;;
OpenUNIX:*)
echo "${MACHINE}-unknown-OpenUNIX${VERSION}"; exit 0
;;
OSF1:*:*:*alpha*)
echo "${MACHINE}-dec-osf"; exit 0
OSFMAJOR=`echo ${RELEASE}| sed -e 's/^V\([0-9]*\)\..*$/\1/'`
case "$OSFMAJOR" in
4|5)
echo "${MACHINE}-dec-tru64"; exit 0
;;
1|2|3)
echo "${MACHINE}-dec-osf"; exit 0
;;
*)
echo "${MACHINE}-dec-osf"; exit 0
;;
esac
;;
QNX:*)
@ -485,7 +505,15 @@ case "$GUESSOS" in
pmax*-*-openbsd) OUT="OpenBSD-mips" ;;
*-*-openbsd) OUT="OpenBSD" ;;
*86*-*-bsdi4) OUT="bsdi-elf-gcc" ;;
*-*-osf) OUT="alpha-cc" ;;
*-*-osf) OUT="alphaold-cc" ;;
*-*-tru64) OUT="alpha-cc" ;;
*-*-OpenUNIX*)
if [ "$CC" = "gcc" ]; then
OUT="OpenUNIX-8-gcc"
else
OUT="OpenUNIX-8"
fi
;;
*-*-unixware7) OUT="unixware-7" ;;
*-*-UnixWare7) OUT="unixware-7" ;;
*-*-Unixware7) OUT="unixware-7" ;;
@ -549,7 +577,7 @@ case "$GUESSOS" in
i386-*) options="$options 386" ;;
esac
for i in bf cast des dh dsa hmac md2 md5 mdc2 rc2 rc4 rc5 ripemd rsa sha
for i in bf cast des dh dsa hmac idea md2 md5 mdc2 rc2 rc4 rc5 ripemd rsa sha
do
if [ ! -d crypto/$i ]
then

4
crypto/asn1/a_strnid.c
View file

@ -105,9 +105,9 @@ int ASN1_STRING_set_default_mask_asc(char *p)
mask = strtoul(p + 5, &end, 0);
if(*end) return 0;
} else if(!strcmp(p, "nombstr"))
mask = ~(B_ASN1_BMPSTRING|B_ASN1_UTF8STRING);
mask = ~((unsigned long)(B_ASN1_BMPSTRING|B_ASN1_UTF8STRING));
else if(!strcmp(p, "pkix"))
mask = ~B_ASN1_T61STRING;
mask = ~((unsigned long)B_ASN1_T61STRING);
else if(!strcmp(p, "utf8only")) mask = B_ASN1_UTF8STRING;
else if(!strcmp(p, "default"))
mask = 0xFFFFFFFFL;

36
crypto/bio/b_sock.c
View file

@ -345,18 +345,23 @@ static void ghbn_free(struct hostent *a)
struct hostent *BIO_gethostbyname(const char *name)
{
#if 1
/* Caching gethostbyname() results forever is wrong,
* so we have to let the true gethostbyname() worry about this */
return gethostbyname(name);
#else
struct hostent *ret;
int i,lowi=0,j;
unsigned long low= (unsigned long)-1;
/* return(gethostbyname(name)); */
#if 0 /* It doesn't make sense to use locking here: The function interface
* is not thread-safe, because threads can never be sure when
* some other thread destroys the data they were given a pointer to.
*/
# if 0
/* It doesn't make sense to use locking here: The function interface
* is not thread-safe, because threads can never be sure when
* some other thread destroys the data they were given a pointer to.
*/
CRYPTO_w_lock(CRYPTO_LOCK_GETHOSTBYNAME);
#endif
# endif
j=strlen(name);
if (j < 128)
{
@ -384,20 +389,21 @@ struct hostent *BIO_gethostbyname(const char *name)
* parameter is 'char *', instead of 'const char *'
*/
ret=gethostbyname(
#ifndef CONST_STRICT
# ifndef CONST_STRICT
(char *)
#endif
# endif
name);
if (ret == NULL)
goto end;
if (j > 128) /* too big to cache */
{
#if 0 /* If we were trying to make this function thread-safe (which
* is bound to fail), we'd have to give up in this case
* (or allocate more memory). */
# if 0
/* If we were trying to make this function thread-safe (which
* is bound to fail), we'd have to give up in this case
* (or allocate more memory). */
ret = NULL;
#endif
# endif
goto end;
}
@ -421,12 +427,14 @@ struct hostent *BIO_gethostbyname(const char *name)
ghbn_cache[i].order=BIO_ghbn_miss+BIO_ghbn_hits;
}
end:
#if 0
# if 0
CRYPTO_w_unlock(CRYPTO_LOCK_GETHOSTBYNAME);
#endif
# endif
return(ret);
#endif
}
int BIO_sock_init(void)
{
#ifdef WINDOWS

2
crypto/bio/bio.h
View file

@ -431,7 +431,7 @@ int BIO_read_filename(BIO *b,const char *name);
#define BIO_set_ssl_renegotiate_bytes(b,num) \
BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL);
#define BIO_get_num_renegotiates(b) \
BIO_ctrl(b,BIO_C_SET_SSL_NUM_RENEGOTIATES,0,NULL);
BIO_ctrl(b,BIO_C_GET_SSL_NUM_RENEGOTIATES,0,NULL);
#define BIO_set_ssl_renegotiate_timeout(b,seconds) \
BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL);

3
crypto/bio/bss_bio.c
View file

@ -474,7 +474,8 @@ static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr)
break;
case BIO_C_GET_WRITE_BUF_SIZE:
num = (long) b->size;
ret = (long) b->size;
break;
case BIO_C_MAKE_BIO_PAIR:
{

2
crypto/bn/Makefile.ssl
View file

@ -124,6 +124,8 @@ asm/sparcv8plus-gcc27.o: asm/sparcv8plus.S
$(CC) $(ASFLAGS) -E asm/sparcv8plus.S | \
/usr/ccs/bin/as -xarch=v8plus - -o asm/sparcv8plus-gcc27.o
asm/ia64.o: asm/ia64.S
files:
$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO

5
crypto/bn/bn.h
View file

@ -90,7 +90,9 @@ extern "C" {
* be on. Again this in only really a problem on machines
* using "long long's", are 32bit, and are not using my assembler code. */
#if defined(MSDOS) || defined(WINDOWS) || defined(WIN32) || defined(linux)
#define BN_DIV2W
# ifndef BN_DIV2W
# define BN_DIV2W
# endif
#endif
/* assuming long is 64bit - this is the DEC Alpha
@ -329,6 +331,7 @@ void BN_CTX_end(BN_CTX *ctx);
int BN_rand(BIGNUM *rnd, int bits, int top,int bottom);
int BN_pseudo_rand(BIGNUM *rnd, int bits, int top,int bottom);
int BN_rand_range(BIGNUM *rnd, BIGNUM *range);
int BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range);
int BN_num_bits(const BIGNUM *a);
int BN_num_bits_word(BN_ULONG);
BIGNUM *BN_new(void);

2
crypto/bn/bn_div.c
View file

@ -128,7 +128,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
#if !defined(NO_ASM) && !defined(NO_INLINE_ASM) && !defined(PEDANTIC) && !defined(BN_DIV3W)
# if defined(__GNUC__) && __GNUC__>=2
# if defined(__i386)
# if defined(__i386) || defined (__i386__)
/*
* There were two reasons for implementing this template:
* - GNU C generates a call to a function (__udivdi3 to be exact)

10
crypto/bn/bn_prime.c
View file

@ -225,12 +225,15 @@ int BN_is_prime_fasttest(const BIGNUM *a, int checks,
BN_MONT_CTX *mont = NULL;
const BIGNUM *A = NULL;
if (BN_cmp(a, BN_value_one()) <= 0)
return 0;
if (checks == BN_prime_checks)
checks = BN_prime_checks_for_size(BN_num_bits(a));
/* first look for small factors */
if (!BN_is_odd(a))
return(0);
return 0;
if (do_trial_division)
{
for (i = 1; i < NUMPRIMES; i++)
@ -289,11 +292,8 @@ int BN_is_prime_fasttest(const BIGNUM *a, int checks,
for (i = 0; i < checks; i++)
{
if (!BN_pseudo_rand(check, BN_num_bits(A1), 0, 0))
if (!BN_pseudo_rand_range(check, A1))
goto err;
if (BN_cmp(check, A1) >= 0)
if (!BN_sub(check, check, A1))
goto err;
if (!BN_add_word(check, 1))
goto err;
/* now 1 <= check < A */

71
crypto/bn/bn_rand.c
View file

@ -55,6 +55,59 @@
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <time.h>
@ -172,8 +225,9 @@ int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom)
#endif
/* random number r: 0 <= r < range */
int BN_rand_range(BIGNUM *r, BIGNUM *range)
static int bn_rand_range(int pseudo, BIGNUM *r, BIGNUM *range)
{
int (*bn_rand)(BIGNUM *, int, int, int) = pseudo ? BN_pseudo_rand : BN_rand;
int n;
if (range->neg || BN_is_zero(range))
@ -193,7 +247,7 @@ int BN_rand_range(BIGNUM *r, BIGNUM *range)
do
{
/* range = 11..._2, so each iteration succeeds with probability >= .75 */
if (!BN_rand(r, n, -1, 0)) return 0;
if (!bn_rand(r, n, -1, 0)) return 0;
}
while (BN_cmp(r, range) >= 0);
}
@ -203,7 +257,7 @@ int BN_rand_range(BIGNUM *r, BIGNUM *range)
* so 3*range (= 11..._2) is exactly one bit longer than range */
do
{
if (!BN_rand(r, n + 1, -1, 0)) return 0;
if (!bn_rand(r, n + 1, -1, 0)) return 0;
/* If r < 3*range, use r := r MOD range
* (which is either r, r - range, or r - 2*range).
* Otherwise, iterate once more.
@ -221,3 +275,14 @@ int BN_rand_range(BIGNUM *r, BIGNUM *range)
return 1;
}
int BN_rand_range(BIGNUM *r, BIGNUM *range)
{
return bn_rand_range(0, r, range);
}
int BN_pseudo_rand_range(BIGNUM *r, BIGNUM *range)
{
return bn_rand_range(1, r, range);
}

2
crypto/bn/bn_sqr.c
View file

@ -245,7 +245,7 @@ printf(" bn_sqr_recursive %d * %d\n",n2,n2);
if (!zero)
bn_sqr_recursive(&(t[n2]),t,n,p);
else
memset(&(t[n2]),0,n*sizeof(BN_ULONG));
memset(&(t[n2]),0,n2*sizeof(BN_ULONG));
bn_sqr_recursive(r,a,n,p);
bn_sqr_recursive(&(r[n2]),&(a[n]),n,p);

3
crypto/cryptlib.c
View file

@ -90,6 +90,7 @@ static const char* lock_names[CRYPTO_NUM_LOCKS] =
"ssl_sess_cert",
"ssl",
"rand",
"rand2",
"debug_malloc",
"BIO",
"gethostbyname",
@ -101,7 +102,7 @@ static const char* lock_names[CRYPTO_NUM_LOCKS] =
"dso",
"dynlock",
"engine",
#if CRYPTO_NUM_LOCKS != 29
#if CRYPTO_NUM_LOCKS != 30
# error "Inconsistency between crypto.h and cryptlib.c"
#endif
};

1
crypto/crypto-lib.com
View file

@ -1462,6 +1462,7 @@ $!
$! Save directory information
$!
$ __HERE = F$PARSE(F$PARSE("A.;",F$ENVIRONMENT("PROCEDURE"))-"A.;","[]A.;") - "A.;"
$ __HERE = F$EDIT(__HERE,"UPCASE")
$ __TOP = __HERE - "CRYPTO]"
$ __INCLUDE = __TOP + "INCLUDE.OPENSSL]"
$!

37
crypto/crypto.h
View file

@ -112,18 +112,20 @@ extern "C" {
#define CRYPTO_LOCK_SSL_SESS_CERT 15
#define CRYPTO_LOCK_SSL 16
#define CRYPTO_LOCK_RAND 17
#define CRYPTO_LOCK_MALLOC 18
#define CRYPTO_LOCK_BIO 19
#define CRYPTO_LOCK_GETHOSTBYNAME 20
#define CRYPTO_LOCK_GETSERVBYNAME 21
#define CRYPTO_LOCK_READDIR 22
#define CRYPTO_LOCK_RSA_BLINDING 23
#define CRYPTO_LOCK_DH 24
#define CRYPTO_LOCK_MALLOC2 25
#define CRYPTO_LOCK_DSO 26
#define CRYPTO_LOCK_DYNLOCK 27
#define CRYPTO_LOCK_ENGINE 28
#define CRYPTO_LOCK_RAND2 18
#define CRYPTO_LOCK_MALLOC 19
#define CRYPTO_LOCK_BIO 20
#define CRYPTO_LOCK_GETHOSTBYNAME 21
#define CRYPTO_LOCK_GETSERVBYNAME 22
#define CRYPTO_LOCK_READDIR 23
#define CRYPTO_LOCK_RSA_BLINDING 24
#define CRYPTO_LOCK_DH 25
#define CRYPTO_LOCK_MALLOC2 26
#define CRYPTO_LOCK_DSO 27
#define CRYPTO_LOCK_DYNLOCK 28
#define CRYPTO_NUM_LOCKS 29
#define CRYPTO_LOCK_ENGINE 29
#define CRYPTO_NUM_LOCKS 30
#define CRYPTO_LOCK 1
#define CRYPTO_UNLOCK 2
@ -351,6 +353,9 @@ int CRYPTO_push_info_(const char *info, const char *file, int line);
int CRYPTO_pop_info(void);
int CRYPTO_remove_all_info(void);
/* Default debugging functions (enabled by CRYPTO_malloc_debug_init() macro;
* used as default in CRYPTO_MDEBUG compilations): */
/* The last argument has the following significance:
*
* 0: called before the actual memory allocation has taken place
@ -359,18 +364,18 @@ int CRYPTO_remove_all_info(void);
void CRYPTO_dbg_malloc(void *addr,int num,const char *file,int line,int before_p);
void CRYPTO_dbg_realloc(void *addr1,void *addr2,int num,const char *file,int line,int before_p);
void CRYPTO_dbg_free(void *addr,int before_p);
/* Tell the debugging code about options. By default, the following values
* apply:
*
* 0: Clear all options.
* 1: Set the "Show Time" option.
* 2: Set the "Show Thread Number" option.
* 3: 1 + 2
* 0: Clear all options.
* V_CRYPTO_MDEBUG_TIME (1): Set the "Show Time" option.
* V_CRYPTO_MDEBUG_THREAD (2): Set the "Show Thread Number" option.
* V_CRYPTO_MDEBUG_ALL (3): 1 + 2
*/
void CRYPTO_dbg_set_options(long bits);
long CRYPTO_dbg_get_options(void);
#ifndef NO_FP_API
void CRYPTO_mem_leaks_fp(FILE *);
#endif

11
crypto/dh/dh_key.c
View file

@ -100,6 +100,8 @@ DH_METHOD *DH_OpenSSL(void)
static int generate_key(DH *dh)
{
int ok=0;
int generate_new_key=0;
unsigned l;
BN_CTX ctx;
BN_MONT_CTX *mont;
BIGNUM *pub_key=NULL,*priv_key=NULL;
@ -110,9 +112,7 @@ static int generate_key(DH *dh)
{
priv_key=BN_new();
if (priv_key == NULL) goto err;
do
if (!BN_rand_range(priv_key, dh->p)) goto err;
while (BN_is_zero(priv_key));
generate_new_key=1;
}
else
priv_key=dh->priv_key;
@ -133,6 +133,11 @@ static int generate_key(DH *dh)
}
mont=(BN_MONT_CTX *)dh->method_mont_p;
if (generate_new_key)
{
l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */
if (!BN_rand(priv_key, l, 0, 0)) goto err;
}
if (!ENGINE_get_DH(dh->engine)->bn_mod_exp(dh, pub_key, dh->g,
priv_key,dh->p,&ctx,mont))
goto err;

2
crypto/dh/dh_lib.c
View file

@ -64,7 +64,7 @@
const char *DH_version="Diffie-Hellman" OPENSSL_VERSION_PTEXT;
static DH_METHOD *default_DH_method;
static DH_METHOD *default_DH_method = NULL;
static int dh_meth_num = 0;
static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dh_meth = NULL;

2
crypto/dsa/dsa_lib.c
View file

@ -67,7 +67,7 @@
const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT;
static DSA_METHOD *default_DSA_method;
static DSA_METHOD *default_DSA_method = NULL;
static int dsa_meth_num = 0;
static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dsa_meth = NULL;

3
crypto/err/err.c
View file

@ -786,7 +786,7 @@ void ERR_add_error_data(int num, ...)
if (p == NULL)
{
OPENSSL_free(str);
return;
goto err;
}
else
str=p;
@ -796,6 +796,7 @@ void ERR_add_error_data(int num, ...)
}
ERR_set_error_data(str,ERR_TXT_MALLOCED|ERR_TXT_STRING);
err:
va_end(args);
}

5
crypto/evp/bio_b64.c
View file

@ -465,7 +465,8 @@ static long b64_ctrl(BIO *b, int cmd, long num, void *ptr)
break;
case BIO_CTRL_WPENDING: /* More to write in buffer */
ret=ctx->buf_len-ctx->buf_off;
if ((ret == 0) && (ctx->base64.num != 0))
if ((ret == 0) && (ctx->encode != B64_NONE)
&& (ctx->base64.num != 0))
ret=1;
else if (ret <= 0)
ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
@ -500,7 +501,7 @@ again:
goto again;
}
}
else if (ctx->base64.num != 0)
else if (ctx->encode != B64_NONE && ctx->base64.num != 0)
{
ctx->buf_off=0;
EVP_EncodeFinal(&(ctx->base64),

2
crypto/evp/m_md4.c
View file

@ -66,7 +66,7 @@
static EVP_MD md4_md=
{
NID_md4,
0,
NID_md4WithRSAEncryption,
MD4_DIGEST_LENGTH,
MD4_Init,
MD4_Update,

4
crypto/md32_common.h
View file

@ -198,7 +198,7 @@
*
* <appro@fy.chalmers.se>
*/
# if defined(__i386)
# if defined(__i386) || defined(__i386__)
# define ROTATE(a,n) ({ register unsigned int ret; \
asm ( \
"roll %1,%0" \
@ -224,7 +224,7 @@
*/
# if defined(__GNUC__) && __GNUC__>=2 && !defined(NO_ASM) && !defined(NO_INLINE_ASM)
/* some GNU C inline assembler templates by <appro@fy.chalmers.se> */
# if defined(__i386) && !defined(I386_ONLY)
# if (defined(__i386) || defined(__i386__)) && !defined(I386_ONLY)
# define BE_FETCH32(a) ({ register unsigned int l=(a);\
asm ( \
"bswapl %0" \

2
crypto/md4/md4_locl.h
View file

@ -68,7 +68,7 @@
void md4_block_host_order (MD4_CTX *c, const void *p,int num);
void md4_block_data_order (MD4_CTX *c, const void *p,int num);
#if defined(__i386) || defined(_M_IX86) || defined(__INTEL__)
#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
/*
* *_block_host_order is expected to handle aligned data while
* *_block_data_order - unaligned. As algorithm and host (x86)

4
crypto/md5/md5_locl.h
View file

@ -66,7 +66,7 @@
#endif
#ifdef MD5_ASM
# if defined(__i386) || defined(_M_IX86) || defined(__INTEL__)
# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
# define md5_block_host_order md5_block_asm_host_order
# elif defined(__sparc) && defined(ULTRASPARC)
void md5_block_asm_data_order_aligned (MD5_CTX *c, const MD5_LONG *p,int num);
@ -77,7 +77,7 @@
void md5_block_host_order (MD5_CTX *c, const void *p,int num);
void md5_block_data_order (MD5_CTX *c, const void *p,int num);
#if defined(__i386) || defined(_M_IX86) || defined(__INTEL__)
#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
/*
* *_block_host_order is expected to handle aligned data while
* *_block_data_order - unaligned. As algorithm and host (x86)

73
crypto/objects/obj_dat.h
View file

@ -61,12 +61,12 @@
* perl obj_dat.pl objects.h obj_dat.h
*/
#define NUM_NID 393
#define NUM_SN 392
#define NUM_LN 392
#define NUM_OBJ 366
#define NUM_NID 404
#define NUM_SN 403
#define NUM_LN 403
#define NUM_OBJ 377
static unsigned char lvalues[2896]={
static unsigned char lvalues[2949]={
0x00, /* [ 0] OBJ_undef */
0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 1] OBJ_rsadsi */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 7] OBJ_pkcs */
@ -433,6 +433,17 @@ static unsigned char lvalues[2896]={
0xBA,0x82,0x58, /* [2872] OBJ_dcObject */
0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x19,/* [2875] OBJ_domainComponent */
0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0D,/* [2885] OBJ_Domain */
0x50, /* [2895] OBJ_joint_iso_ccitt */
0x55,0x01,0x05, /* [2896] OBJ_selected_attribute_types */
0x55,0x01,0x05,0x37, /* [2899] OBJ_clearance */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x03,/* [2903] OBJ_md4WithRSAEncryption */
0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0A, /* [2912] OBJ_ac_proxying */
0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0B, /* [2920] OBJ_sinfo_access */
0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x06, /* [2928] OBJ_id_aca_encAttrs */
0x55,0x04,0x48, /* [2936] OBJ_role */
0x55,0x1D,0x24, /* [2939] OBJ_policy_constraints */
0x55,0x1D,0x37, /* [2942] OBJ_target_information */
0x55,0x1D,0x38, /* [2945] OBJ_no_rev_avail */
};
static ASN1_OBJECT nid_objs[NUM_NID]={
@ -1045,6 +1056,25 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
{"dcobject","dcObject",NID_dcObject,3,&(lvalues[2872]),0},
{"DC","domainComponent",NID_domainComponent,10,&(lvalues[2875]),0},
{"domain","Domain",NID_Domain,10,&(lvalues[2885]),0},
{"JOINT-ISO-CCITT","joint-iso-ccitt",NID_joint_iso_ccitt,1,
&(lvalues[2895]),0},
{"selected-attribute-types","Selected Attribute Types",
NID_selected_attribute_types,3,&(lvalues[2896]),0},
{"clearance","clearance",NID_clearance,4,&(lvalues[2899]),0},
{"RSA-MD4","md4WithRSAEncryption",NID_md4WithRSAEncryption,9,
&(lvalues[2903]),0},
{"ac-proxying","ac-proxying",NID_ac_proxying,8,&(lvalues[2912]),0},
{"subjectInfoAccess","Subject Information Access",NID_sinfo_access,8,
&(lvalues[2920]),0},
{"id-aca-encAttrs","id-aca-encAttrs",NID_id_aca_encAttrs,8,
&(lvalues[2928]),0},
{"role","role",NID_role,3,&(lvalues[2936]),0},
{"policyConstraints","X509v3 Policy Constraints",
NID_policy_constraints,3,&(lvalues[2939]),0},
{"targetInformation","X509v3 AC Targeting",NID_target_information,3,
&(lvalues[2942]),0},
{"noRevAvail","X509v3 No Revocation Available",NID_no_rev_avail,3,
&(lvalues[2945]),0},
};
static ASN1_OBJECT *sn_objs[NUM_SN]={
@ -1093,6 +1123,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
&(nid_objs[46]),/* "IDEA-OFB" */
&(nid_objs[181]),/* "ISO" */
&(nid_objs[183]),/* "ISO-US" */
&(nid_objs[393]),/* "JOINT-ISO-CCITT" */
&(nid_objs[15]),/* "L" */
&(nid_objs[ 3]),/* "MD2" */
&(nid_objs[257]),/* "MD4" */
@ -1138,6 +1169,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
&(nid_objs[124]),/* "RLE" */
&(nid_objs[19]),/* "RSA" */
&(nid_objs[ 7]),/* "RSA-MD2" */
&(nid_objs[396]),/* "RSA-MD4" */
&(nid_objs[ 8]),/* "RSA-MD5" */
&(nid_objs[96]),/* "RSA-MDC2" */
&(nid_objs[104]),/* "RSA-NP-MD5" */
@ -1164,6 +1196,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
&(nid_objs[125]),/* "ZLIB" */
&(nid_objs[289]),/* "aaControls" */
&(nid_objs[287]),/* "ac-auditEntity" */
&(nid_objs[397]),/* "ac-proxying" */
&(nid_objs[288]),/* "ac-targeting" */
&(nid_objs[368]),/* "acceptableResponses" */
&(nid_objs[363]),/* "ad_timestamping" */
@ -1178,6 +1211,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
&(nid_objs[152]),/* "certBag" */
&(nid_objs[89]),/* "certificatePolicies" */
&(nid_objs[54]),/* "challengePassword" */
&(nid_objs[395]),/* "clearance" */
&(nid_objs[130]),/* "clientAuth" */
&(nid_objs[131]),/* "codeSigning" */
&(nid_objs[50]),/* "contentType" */
@ -1204,6 +1238,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
&(nid_objs[355]),/* "id-aca-accessIdentity" */
&(nid_objs[354]),/* "id-aca-authenticationInfo" */
&(nid_objs[356]),/* "id-aca-chargingIdentity" */
&(nid_objs[399]),/* "id-aca-encAttrs" */
&(nid_objs[357]),/* "id-aca-group" */
&(nid_objs[358]),/* "id-aca-role" */
&(nid_objs[176]),/* "id-ad" */
@ -1386,6 +1421,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
&(nid_objs[137]),/* "msSGC" */
&(nid_objs[173]),/* "name" */
&(nid_objs[369]),/* "noCheck" */
&(nid_objs[403]),/* "noRevAvail" */
&(nid_objs[72]),/* "nsBaseUrl" */
&(nid_objs[76]),/* "nsCaPolicyUrl" */
&(nid_objs[74]),/* "nsCaRevocationUrl" */
@ -1413,9 +1449,11 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
&(nid_objs[22]),/* "pkcs7-signedData" */
&(nid_objs[151]),/* "pkcs8ShroudedKeyBag" */
&(nid_objs[47]),/* "pkcs9" */
&(nid_objs[401]),/* "policyConstraints" */
&(nid_objs[385]),/* "private" */
&(nid_objs[84]),/* "privateKeyUsagePeriod" */
&(nid_objs[286]),/* "qcStatements" */
&(nid_objs[400]),/* "role" */
&(nid_objs[ 6]),/* "rsaEncryption" */
&(nid_objs[377]),/* "rsaSignature" */
&(nid_objs[ 1]),/* "rsadsi" */
@ -1426,12 +1464,15 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
&(nid_objs[159]),/* "sdsiCertificate" */
&(nid_objs[154]),/* "secretBag" */
&(nid_objs[386]),/* "security" */
&(nid_objs[394]),/* "selected-attribute-types" */
&(nid_objs[129]),/* "serverAuth" */
&(nid_objs[371]),/* "serviceLocator" */
&(nid_objs[52]),/* "signingTime" */
&(nid_objs[387]),/* "snmpv2" */
&(nid_objs[85]),/* "subjectAltName" */
&(nid_objs[398]),/* "subjectInfoAccess" */
&(nid_objs[82]),/* "subjectKeyIdentifier" */
&(nid_objs[402]),/* "targetInformation" */
&(nid_objs[293]),/* "textNotice" */
&(nid_objs[133]),/* "timeStamping" */
&(nid_objs[375]),/* "trustRoot" */
@ -1503,12 +1544,15 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
&(nid_objs[167]),/* "S/MIME Capabilities" */
&(nid_objs[387]),/* "SNMPv2" */
&(nid_objs[386]),/* "Security" */
&(nid_objs[394]),/* "Selected Attribute Types" */
&(nid_objs[143]),/* "Strong Extranet ID" */
&(nid_objs[398]),/* "Subject Information Access" */
&(nid_objs[130]),/* "TLS Web Client Authentication" */
&(nid_objs[129]),/* "TLS Web Server Authentication" */
&(nid_objs[133]),/* "Time Stamping" */
&(nid_objs[375]),/* "Trust Root" */
&(nid_objs[12]),/* "X509" */
&(nid_objs[402]),/* "X509v3 AC Targeting" */
&(nid_objs[90]),/* "X509v3 Authority Key Identifier" */
&(nid_objs[87]),/* "X509v3 Basic Constraints" */
&(nid_objs[103]),/* "X509v3 CRL Distribution Points" */
@ -1519,6 +1563,8 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
&(nid_objs[126]),/* "X509v3 Extended Key Usage" */
&(nid_objs[86]),/* "X509v3 Issuer Alternative Name" */
&(nid_objs[83]),/* "X509v3 Key Usage" */
&(nid_objs[403]),/* "X509v3 No Revocation Available" */
&(nid_objs[401]),/* "X509v3 Policy Constraints" */
&(nid_objs[84]),/* "X509v3 Private Key Usage Period" */
&(nid_objs[85]),/* "X509v3 Subject Alternative Name" */
&(nid_objs[82]),/* "X509v3 Subject Key Identifier" */
@ -1526,6 +1572,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
&(nid_objs[185]),/* "X9.57 CM ?" */
&(nid_objs[289]),/* "aaControls" */
&(nid_objs[287]),/* "ac-auditEntity" */
&(nid_objs[397]),/* "ac-proxying" */
&(nid_objs[288]),/* "ac-targeting" */
&(nid_objs[364]),/* "ad dvcs" */
&(nid_objs[376]),/* "algorithm" */
@ -1539,6 +1586,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
&(nid_objs[111]),/* "cast5-ofb" */
&(nid_objs[152]),/* "certBag" */
&(nid_objs[54]),/* "challengePassword" */
&(nid_objs[395]),/* "clearance" */
&(nid_objs[13]),/* "commonName" */
&(nid_objs[50]),/* "contentType" */
&(nid_objs[53]),/* "countersignature" */
@ -1581,6 +1629,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
&(nid_objs[355]),/* "id-aca-accessIdentity" */
&(nid_objs[354]),/* "id-aca-authenticationInfo" */
&(nid_objs[356]),/* "id-aca-chargingIdentity" */
&(nid_objs[399]),/* "id-aca-encAttrs" */
&(nid_objs[357]),/* "id-aca-group" */
&(nid_objs[358]),/* "id-aca-role" */
&(nid_objs[176]),/* "id-ad" */
@ -1747,12 +1796,14 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
&(nid_objs[46]),/* "idea-ofb" */
&(nid_objs[101]),/* "initials" */
&(nid_objs[181]),/* "iso" */
&(nid_objs[393]),/* "joint-iso-ccitt" */
&(nid_objs[150]),/* "keyBag" */
&(nid_objs[157]),/* "localKeyID" */
&(nid_objs[15]),/* "localityName" */
&(nid_objs[ 3]),/* "md2" */
&(nid_objs[ 7]),/* "md2WithRSAEncryption" */
&(nid_objs[257]),/* "md4" */
&(nid_objs[396]),/* "md4WithRSAEncryption" */
&(nid_objs[ 4]),/* "md5" */
&(nid_objs[114]),/* "md5-sha1" */
&(nid_objs[104]),/* "md5WithRSA" */
@ -1806,6 +1857,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
&(nid_objs[123]),/* "rc5-ofb" */
&(nid_objs[117]),/* "ripemd160" */
&(nid_objs[119]),/* "ripemd160WithRSA" */
&(nid_objs[400]),/* "role" */
&(nid_objs[19]),/* "rsa" */
&(nid_objs[ 6]),/* "rsaEncryption" */
&(nid_objs[377]),/* "rsaSignature" */
@ -1843,6 +1895,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
&(nid_objs[181]),/* OBJ_iso 1 */
&(nid_objs[182]),/* OBJ_member_body 1 2 */
&(nid_objs[379]),/* OBJ_org 1 3 */
&(nid_objs[393]),/* OBJ_joint_iso_ccitt 2 */
&(nid_objs[11]),/* OBJ_X500 2 5 */
&(nid_objs[380]),/* OBJ_dod 1 3 6 */
&(nid_objs[12]),/* OBJ_X509 2 5 4 */
@ -1850,6 +1903,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
&(nid_objs[81]),/* OBJ_id_ce 2 5 29 */
&(nid_objs[183]),/* OBJ_ISO_US 1 2 840 */
&(nid_objs[381]),/* OBJ_iana 1 3 6 1 */
&(nid_objs[394]),/* OBJ_selected_attribute_types 2 5 1 5 */
&(nid_objs[13]),/* OBJ_commonName 2 5 4 3 */
&(nid_objs[100]),/* OBJ_surname 2 5 4 4 */
&(nid_objs[105]),/* OBJ_serialNumber 2 5 4 5 */
@ -1865,6 +1919,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
&(nid_objs[101]),/* OBJ_initials 2 5 4 43 */
&(nid_objs[102]),/* OBJ_uniqueIdentifier 2 5 4 45 */
&(nid_objs[174]),/* OBJ_dnQualifier 2 5 4 46 */
&(nid_objs[400]),/* OBJ_role 2 5 4 72 */
&(nid_objs[82]),/* OBJ_subject_key_identifier 2 5 29 14 */
&(nid_objs[83]),/* OBJ_key_usage 2 5 29 15 */
&(nid_objs[84]),/* OBJ_private_key_usage_period 2 5 29 16 */
@ -1878,7 +1933,10 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
&(nid_objs[103]),/* OBJ_crl_distribution_points 2 5 29 31 */
&(nid_objs[89]),/* OBJ_certificate_policies 2 5 29 32 */
&(nid_objs[90]),/* OBJ_authority_key_identifier 2 5 29 35 */
&(nid_objs[401]),/* OBJ_policy_constraints 2 5 29 36 */
&(nid_objs[126]),/* OBJ_ext_key_usage 2 5 29 37 */
&(nid_objs[402]),/* OBJ_target_information 2 5 29 55 */
&(nid_objs[403]),/* OBJ_no_rev_avail 2 5 29 56 */
&(nid_objs[390]),/* OBJ_dcObject 1466 344 */
&(nid_objs[382]),/* OBJ_Directory 1 3 6 1 1 */
&(nid_objs[383]),/* OBJ_Management 1 3 6 1 2 */
@ -1888,6 +1946,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
&(nid_objs[387]),/* OBJ_SNMPv2 1 3 6 1 6 */
&(nid_objs[388]),/* OBJ_Mail 1 3 6 1 7 */
&(nid_objs[376]),/* OBJ_algorithm 1 3 14 3 2 */
&(nid_objs[395]),/* OBJ_clearance 2 5 1 5 55 */
&(nid_objs[19]),/* OBJ_rsa 2 5 8 1 1 */
&(nid_objs[96]),/* OBJ_mdc2WithRSA 2 5 8 3 100 */
&(nid_objs[95]),/* OBJ_mdc2 2 5 8 3 101 */
@ -1970,6 +2029,8 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
&(nid_objs[290]),/* OBJ_sbqp_ipAddrBlock 1 3 6 1 5 5 7 1 7 */
&(nid_objs[291]),/* OBJ_sbqp_autonomousSysNum 1 3 6 1 5 5 7 1 8 */
&(nid_objs[292]),/* OBJ_sbqp_routerIdentifier 1 3 6 1 5 5 7 1 9 */
&(nid_objs[397]),/* OBJ_ac_proxying 1 3 6 1 5 5 7 1 10 */
&(nid_objs[398]),/* OBJ_sinfo_access 1 3 6 1 5 5 7 1 11 */
&(nid_objs[164]),/* OBJ_id_qt_cps 1 3 6 1 5 5 7 2 1 */
&(nid_objs[165]),/* OBJ_id_qt_unotice 1 3 6 1 5 5 7 2 2 */
&(nid_objs[293]),/* OBJ_textNotice 1 3 6 1 5 5 7 2 3 */
@ -2036,6 +2097,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
&(nid_objs[356]),/* OBJ_id_aca_chargingIdentity 1 3 6 1 5 5 7 10 3 */
&(nid_objs[357]),/* OBJ_id_aca_group 1 3 6 1 5 5 7 10 4 */
&(nid_objs[358]),/* OBJ_id_aca_role 1 3 6 1 5 5 7 10 5 */
&(nid_objs[399]),/* OBJ_id_aca_encAttrs 1 3 6 1 5 5 7 10 6 */
&(nid_objs[359]),/* OBJ_id_qcs_pkixQCSyntax_v1 1 3 6 1 5 5 7 11 1 */
&(nid_objs[360]),/* OBJ_id_cct_crs 1 3 6 1 5 5 7 12 1 */
&(nid_objs[361]),/* OBJ_id_cct_PKIData 1 3 6 1 5 5 7 12 2 */
@ -2050,6 +2112,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
&(nid_objs[112]),/* OBJ_pbeWithMD5AndCast5_CBC 1 2 840 113533 7 66 12 */
&(nid_objs[ 6]),/* OBJ_rsaEncryption 1 2 840 113549 1 1 1 */
&(nid_objs[ 7]),/* OBJ_md2WithRSAEncryption 1 2 840 113549 1 1 2 */
&(nid_objs[396]),/* OBJ_md4WithRSAEncryption 1 2 840 113549 1 1 3 */
&(nid_objs[ 8]),/* OBJ_md5WithRSAEncryption 1 2 840 113549 1 1 4 */
&(nid_objs[65]),/* OBJ_sha1WithRSAEncryption 1 2 840 113549 1 1 5 */
&(nid_objs[28]),/* OBJ_dhKeyAgreement 1 2 840 113549 1 3 1 */

52
crypto/objects/obj_mac.h
View file

@ -71,11 +71,25 @@
#define NID_iso 181
#define OBJ_iso 1L
#define SN_joint_iso_ccitt "JOINT-ISO-CCITT"
#define LN_joint_iso_ccitt "joint-iso-ccitt"
#define NID_joint_iso_ccitt 393
#define OBJ_joint_iso_ccitt 2L
#define SN_member_body "member-body"
#define LN_member_body "ISO Member Body"
#define NID_member_body 182
#define OBJ_member_body OBJ_iso,2L
#define SN_selected_attribute_types "selected-attribute-types"
#define LN_selected_attribute_types "Selected Attribute Types"
#define NID_selected_attribute_types 394
#define OBJ_selected_attribute_types OBJ_joint_iso_ccitt,5L,1L,5L
#define SN_clearance "clearance"
#define NID_clearance 395
#define OBJ_clearance OBJ_selected_attribute_types,55L
#define SN_ISO_US "ISO-US"
#define LN_ISO_US "ISO US Member Body"
#define NID_ISO_US 183
@ -145,6 +159,11 @@
#define NID_md2WithRSAEncryption 7
#define OBJ_md2WithRSAEncryption OBJ_pkcs1,2L
#define SN_md4WithRSAEncryption "RSA-MD4"
#define LN_md4WithRSAEncryption "md4WithRSAEncryption"
#define NID_md4WithRSAEncryption 396
#define OBJ_md4WithRSAEncryption OBJ_pkcs1,3L
#define SN_md5WithRSAEncryption "RSA-MD5"
#define LN_md5WithRSAEncryption "md5WithRSAEncryption"
#define NID_md5WithRSAEncryption 8
@ -956,6 +975,15 @@
#define NID_sbqp_routerIdentifier 292
#define OBJ_sbqp_routerIdentifier OBJ_id_pe,9L
#define SN_ac_proxying "ac-proxying"
#define NID_ac_proxying 397
#define OBJ_ac_proxying OBJ_id_pe,10L
#define SN_sinfo_access "subjectInfoAccess"
#define LN_sinfo_access "Subject Information Access"
#define NID_sinfo_access 398
#define OBJ_sinfo_access OBJ_id_pe,11L
#define SN_id_qt_cps "id-qt-cps"
#define LN_id_qt_cps "Policy Qualifier CPS"
#define NID_id_qt_cps 164
@ -1264,6 +1292,10 @@
#define NID_id_aca_role 358
#define OBJ_id_aca_role OBJ_id_aca,5L
#define SN_id_aca_encAttrs "id-aca-encAttrs"
#define NID_id_aca_encAttrs 399
#define OBJ_id_aca_encAttrs OBJ_id_aca,6L
#define SN_id_qcs_pkixQCSyntax_v1 "id-qcs-pkixQCSyntax-v1"
#define NID_id_qcs_pkixQCSyntax_v1 359
#define OBJ_id_qcs_pkixQCSyntax_v1 OBJ_id_qcs,1L
@ -1555,6 +1587,11 @@
#define NID_dnQualifier 174
#define OBJ_dnQualifier OBJ_X509,46L
#define SN_role "role"
#define LN_role "role"
#define NID_role 400
#define OBJ_role OBJ_X509,72L
#define SN_X500algorithms "X500algorithms"
#define LN_X500algorithms "directory services - algorithms"
#define NID_X500algorithms 378
@ -1644,11 +1681,26 @@
#define NID_authority_key_identifier 90
#define OBJ_authority_key_identifier OBJ_id_ce,35L
#define SN_policy_constraints "policyConstraints"
#define LN_policy_constraints "X509v3 Policy Constraints"
#define NID_policy_constraints 401
#define OBJ_policy_constraints OBJ_id_ce,36L
#define SN_ext_key_usage "extendedKeyUsage"
#define LN_ext_key_usage "X509v3 Extended Key Usage"
#define NID_ext_key_usage 126
#define OBJ_ext_key_usage OBJ_id_ce,37L
#define SN_target_information "targetInformation"
#define LN_target_information "X509v3 AC Targeting"
#define NID_target_information 402
#define OBJ_target_information OBJ_id_ce,55L
#define SN_no_rev_avail "noRevAvail"
#define LN_no_rev_avail "X509v3 No Revocation Available"
#define NID_no_rev_avail 403
#define OBJ_no_rev_avail OBJ_id_ce,56L
#define SN_netscape "Netscape"
#define LN_netscape "Netscape Communications Corp."
#define NID_netscape 57

11
crypto/objects/obj_mac.num
View file

@ -390,3 +390,14 @@ Enterprises 389
dcObject 390
domainComponent 391
Domain 392
joint_iso_ccitt 393
selected_attribute_types 394
clearance 395
md4WithRSAEncryption 396
ac_proxying 397
sinfo_access 398
id_aca_encAttrs 399
role 400
policy_constraints 401
target_information 402
no_rev_avail 403

19
crypto/objects/objects.txt
View file

@ -1,7 +1,13 @@
1 : ISO : iso
2 : JOINT-ISO-CCITT : joint-iso-ccitt
iso 2 : member-body : ISO Member Body
joint-iso-ccitt 5 1 5 : selected-attribute-types : Selected Attribute Types
selected-attribute-types 55 : clearance
member-body 840 : ISO-US : ISO US Member Body
ISO-US 10040 : X9-57 : X9.57
X9-57 4 : X9cm : X9.57 CM ?
@ -26,6 +32,7 @@ rsadsi 1 : pkcs : RSA Data Security, Inc. PKCS
pkcs 1 : pkcs1
pkcs1 1 : : rsaEncryption
pkcs1 2 : RSA-MD2 : md2WithRSAEncryption
pkcs1 3 : RSA-MD4 : md4WithRSAEncryption
pkcs1 4 : RSA-MD5 : md5WithRSAEncryption
pkcs1 5 : RSA-SHA1 : sha1WithRSAEncryption
@ -302,6 +309,9 @@ id-pe 6 : aaControls
id-pe 7 : sbqp-ipAddrBlock
id-pe 8 : sbqp-autonomousSysNum
id-pe 9 : sbqp-routerIdentifier
id-pe 10 : ac-proxying
!Cname sinfo-access
id-pe 11 : subjectInfoAccess : Subject Information Access
# PKIX policyQualifiers for Internet policy qualifiers
id-qt 1 : id-qt-cps : Policy Qualifier CPS
@ -406,7 +416,9 @@ id-aca 1 : id-aca-authenticationInfo
id-aca 2 : id-aca-accessIdentity
id-aca 3 : id-aca-chargingIdentity
id-aca 4 : id-aca-group
# attention : the following seems to be obsolete, replace by 'role'
id-aca 5 : id-aca-role
id-aca 6 : id-aca-encAttrs
# qualified certificate statements
id-qcs 1 : id-qcs-pkixQCSyntax-v1
@ -498,6 +510,7 @@ X509 42 : G : givenName
X509 43 : I : initials
X509 45 : UID : uniqueIdentifier
X509 46 : dnQualifier : dnQualifier
X509 72 : role : role
X500 8 : X500algorithms : directory services - algorithms
X500algorithms 1 1 : RSA : rsa
@ -531,8 +544,14 @@ id-ce 31 : crlDistributionPoints : X509v3 CRL Distribution Points
id-ce 32 : certificatePolicies : X509v3 Certificate Policies
!Cname authority-key-identifier
id-ce 35 : authorityKeyIdentifier : X509v3 Authority Key Identifier
!Cname policy-constraints
id-ce 36 : policyConstraints : X509v3 Policy Constraints
!Cname ext-key-usage
id-ce 37 : extendedKeyUsage : X509v3 Extended Key Usage
!Cname target-information
id-ce 55 : targetInformation : X509v3 AC Targeting
!Cname no-rev-avail
id-ce 56 : noRevAvail : X509v3 No Revocation Available
!Cname netscape
2 16 840 1 113730 : Netscape : Netscape Communications Corp.

16
crypto/opensslv.h
View file

@ -44,13 +44,13 @@
*
* libcrypto.so.0
*
* On True64 it works a little bit differently. There, the shared library
* version is stored in the file, and is actually a series of versions,
* separated by colons. The rightmost version present in the library when
* linking an application is stored in the application to be matched at
* run time. When the application is run, a check is done to see if the
* library version stored in the application matches any of the versions
* in the version string of the library itself.
* On Tru64 and IRIX 6.x it works a little bit differently. There, the
* shared library version is stored in the file, and is actually a series
* of versions, separated by colons. The rightmost version present in the
* library when linking an application is stored in the application to be
* matched at run time. When the application is run, a check is done to
* see if the library version stored in the application matches any of the
* versions in the version string of the library itself.
* This version string can be constructed in any way, depending on what
* kind of matching is desired. However, to implement the same scheme as
* the one used in the other unixen, all compatible versions, from lowest
@ -73,7 +73,7 @@
* However, it's nice and more understandable if it actually does.
* The current library version is stored in the macro SHLIB_VERSION_NUMBER,
* which is just a piece of text in the format "M.m.e" (Major, minor, edit).
* For the sake of True64 and any other OS that behaves in similar ways,
* For the sake of Tru64, IRIX, and any other OS that behaves in similar ways,
* we need to keep a history of version numbers, which is done in the
* macro SHLIB_VERSION_HISTORY. The numbers are separated by colons and
* should only keep the versions that are binary compatible with the current.

60
crypto/pkcs7/pk7_attr.c
View file

@ -1,9 +1,59 @@
/* pk7_attr.c */
/* S/MIME code.
* Copyright (C) 1997-8 Dr S N Henson (shenson@bigfoot.com)
* All Rights Reserved.
* Redistribution of this code without the authors permission is expressly
* prohibited.
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
* project 2001.
*/
/* ====================================================================
* Copyright (c) 2001 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>

31
crypto/rand/md_rand.c
View file

@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@ -144,6 +144,7 @@ static int initialized=0;
static unsigned int crypto_lock_rand = 0; /* may be set only when a thread
* holds CRYPTO_LOCK_RAND
* (to prevent double locking) */
/* access to lockin_thread is synchronized by CRYPTO_LOCK_RAND2 */
static unsigned long locking_thread = 0; /* valid iff crypto_lock_rand is set */
@ -210,7 +211,14 @@ static void ssleay_rand_add(const void *buf, int num, double add)
*/
/* check if we already have the lock */
do_not_lock = crypto_lock_rand && (locking_thread == CRYPTO_thread_id());
if (crypto_lock_rand)
{
CRYPTO_r_lock(CRYPTO_LOCK_RAND2);
do_not_lock = (locking_thread == CRYPTO_thread_id());
CRYPTO_r_unlock(CRYPTO_LOCK_RAND2);
}
else
do_not_lock = 0;
if (!do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND);
st_idx=state_index;
@ -361,8 +369,10 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
CRYPTO_w_lock(CRYPTO_LOCK_RAND);
/* prevent ssleay_rand_bytes() from trying to obtain the lock again */
crypto_lock_rand = 1;
CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
locking_thread = CRYPTO_thread_id();
CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
crypto_lock_rand = 1;
if (!initialized)
{
@ -435,7 +445,6 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
/* before unlocking, we must clear 'crypto_lock_rand' */
crypto_lock_rand = 0;
locking_thread = 0;
CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
while (num > 0)
@ -521,15 +530,24 @@ static int ssleay_rand_status(void)
/* check if we already have the lock
* (could happen if a RAND_poll() implementation calls RAND_status()) */
do_not_lock = crypto_lock_rand && (locking_thread == CRYPTO_thread_id());
if (crypto_lock_rand)
{
CRYPTO_r_lock(CRYPTO_LOCK_RAND2);
do_not_lock = (locking_thread == CRYPTO_thread_id());
CRYPTO_r_unlock(CRYPTO_LOCK_RAND2);
}
else
do_not_lock = 0;
if (!do_not_lock)
{
CRYPTO_w_lock(CRYPTO_LOCK_RAND);
/* prevent ssleay_rand_bytes() from trying to obtain the lock again */
crypto_lock_rand = 1;
CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
locking_thread = CRYPTO_thread_id();
CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
crypto_lock_rand = 1;
}
if (!initialized)
@ -544,7 +562,6 @@ static int ssleay_rand_status(void)
{
/* before unlocking, we must clear 'crypto_lock_rand' */
crypto_lock_rand = 0;
locking_thread = 0;
CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
}

4
crypto/ripemd/rmd_locl.h
View file

@ -71,7 +71,7 @@
* <appro@fy.chalmers.se>
*/
#ifdef RMD160_ASM
# if defined(__i386) || defined(_M_IX86) || defined(__INTEL__)
# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
# define ripemd160_block_host_order ripemd160_block_asm_host_order
# endif
#endif
@ -79,7 +79,7 @@
void ripemd160_block_host_order (RIPEMD160_CTX *c, const void *p,int num);
void ripemd160_block_data_order (RIPEMD160_CTX *c, const void *p,int num);
#if defined(__i386) || defined(_M_IX86) || defined(__INTEL__)
#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
#define ripemd160_block_data_order ripemd160_block_host_order
#endif

1
crypto/rsa/rsa.h
View file

@ -328,6 +328,7 @@ void *RSA_get_ex_data(RSA *r, int idx);
#define RSA_R_DATA_GREATER_THAN_MOD_LEN 108
#define RSA_R_DATA_TOO_LARGE 109
#define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 110
#define RSA_R_DATA_TOO_LARGE_FOR_MODULUS 132
#define RSA_R_DATA_TOO_SMALL 111
#define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE 122
#define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 112

33
crypto/rsa/rsa_eay.c
View file

@ -79,8 +79,8 @@ static int RSA_eay_finish(RSA *rsa);
static RSA_METHOD rsa_pkcs1_eay_meth={
"Eric Young's PKCS#1 RSA",
RSA_eay_public_encrypt,
RSA_eay_public_decrypt,
RSA_eay_private_encrypt,
RSA_eay_public_decrypt, /* signature verification */
RSA_eay_private_encrypt, /* signing */
RSA_eay_private_decrypt,
RSA_eay_mod_exp,
BN_mod_exp_mont,
@ -139,6 +139,13 @@ static int RSA_eay_public_encrypt(int flen, unsigned char *from,
if (BN_bin2bn(buf,num,&f) == NULL) goto err;
if (BN_ucmp(&f, rsa->n) >= 0)
{
/* usually the padding functions would catch this */
RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
goto err;
}
if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC))
{
BN_MONT_CTX* bn_mont_ctx;
@ -186,6 +193,7 @@ err:
return(r);
}
/* signing */
static int RSA_eay_private_encrypt(int flen, unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
@ -223,6 +231,13 @@ static int RSA_eay_private_encrypt(int flen, unsigned char *from,
if (i <= 0) goto err;
if (BN_bin2bn(buf,num,&f) == NULL) goto err;
if (BN_ucmp(&f, rsa->n) >= 0)
{
/* usually the padding functions would catch this */
RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
goto err;
}
if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))
RSA_blinding_on(rsa,ctx);
@ -299,6 +314,12 @@ static int RSA_eay_private_decrypt(int flen, unsigned char *from,
/* make data into a big number */
if (BN_bin2bn(from,(int)flen,&f) == NULL) goto err;
if (BN_ucmp(&f, rsa->n) >= 0)
{
RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
goto err;
}
if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))
RSA_blinding_on(rsa,ctx);
if (rsa->flags & RSA_FLAG_BLINDING)
@ -359,6 +380,7 @@ err:
return(r);
}
/* signature verification */
static int RSA_eay_public_decrypt(int flen, unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
@ -392,6 +414,13 @@ static int RSA_eay_public_decrypt(int flen, unsigned char *from,
}
if (BN_bin2bn(from,flen,&f) == NULL) goto err;
if (BN_ucmp(&f, rsa->n) >= 0)
{
RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
goto err;
}
/* do the decrypt */
if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC))
{

1
crypto/rsa/rsa_err.c
View file

@ -106,6 +106,7 @@ static ERR_STRING_DATA RSA_str_reasons[]=
{RSA_R_DATA_GREATER_THAN_MOD_LEN ,"data greater than mod len"},
{RSA_R_DATA_TOO_LARGE ,"data too large"},
{RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE ,"data too large for key size"},
{RSA_R_DATA_TOO_LARGE_FOR_MODULUS ,"data too large for modulus"},
{RSA_R_DATA_TOO_SMALL ,"data too small"},
{RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE ,"data too small for key size"},
{RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY ,"digest too big for rsa key"},

284
crypto/rsa/rsa_oaep.c
View file

@ -2,7 +2,22 @@
/* Written by Ulf Moeller. This software is distributed on an "AS IS"
basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. */
/* EME_OAEP as defined in RFC 2437 (PKCS #1 v2.0) */
/* EME-OAEP as defined in RFC 2437 (PKCS #1 v2.0) */
/* See Victor Shoup, "OAEP reconsidered," Nov. 2000,
* <URL: http://www.shoup.net/papers/oaep.ps.Z>
* for problems with the security proof for the
* original OAEP scheme, which EME-OAEP is based on.
*
* A new proof can be found in E. Fujisaki, T. Okamoto,
* D. Pointcheval, J. Stern, "RSA-OEAP is Still Alive!",
* Dec. 2000, <URL: http://eprint.iacr.org/2000/061/>.
* The new proof has stronger requirements for the
* underlying permutation: "partial-one-wayness" instead
* of one-wayness. For the RSA function, this is
* an equivalent notion.
*/
#if !defined(NO_SHA) && !defined(NO_SHA1)
#include <stdio.h>
@ -12,157 +27,174 @@
#include <openssl/sha.h>
#include <openssl/rand.h>
int MGF1(unsigned char *mask, long len, unsigned char *seed, long seedlen);
int MGF1(unsigned char *mask, long len,
unsigned char *seed, long seedlen);
int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
unsigned char *from, int flen, unsigned char *param, int plen)
{
int i, emlen = tlen - 1;
unsigned char *db, *seed;
unsigned char *dbmask, seedmask[SHA_DIGEST_LENGTH];
if (flen > emlen - 2 * SHA_DIGEST_LENGTH - 1)
unsigned char *from, int flen,
unsigned char *param, int plen)
{
RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP,
RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
return (0);
}
int i, emlen = tlen - 1;
unsigned char *db, *seed;
unsigned char *dbmask, seedmask[SHA_DIGEST_LENGTH];
if (emlen < 2 * SHA_DIGEST_LENGTH + 1)
{
RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, RSA_R_KEY_SIZE_TOO_SMALL);
return (0);
}
dbmask = OPENSSL_malloc(emlen - SHA_DIGEST_LENGTH);
if (dbmask == NULL)
{
RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);
return (0);
}
if (flen > emlen - 2 * SHA_DIGEST_LENGTH - 1)
{
RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP,
RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
return 0;
}
to[0] = 0;
seed = to + 1;
db = to + SHA_DIGEST_LENGTH + 1;
if (emlen < 2 * SHA_DIGEST_LENGTH + 1)
{
RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, RSA_R_KEY_SIZE_TOO_SMALL);
return 0;
}
SHA1(param, plen, db);
memset(db + SHA_DIGEST_LENGTH, 0,
emlen - flen - 2 * SHA_DIGEST_LENGTH - 1);
db[emlen - flen - SHA_DIGEST_LENGTH - 1] = 0x01;
memcpy(db + emlen - flen - SHA_DIGEST_LENGTH, from, (unsigned int) flen);
if (RAND_bytes(seed, SHA_DIGEST_LENGTH) <= 0)
return (0);
dbmask = OPENSSL_malloc(emlen - SHA_DIGEST_LENGTH);
if (dbmask == NULL)
{
RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);
return 0;
}
to[0] = 0;
seed = to + 1;
db = to + SHA_DIGEST_LENGTH + 1;
SHA1(param, plen, db);
memset(db + SHA_DIGEST_LENGTH, 0,
emlen - flen - 2 * SHA_DIGEST_LENGTH - 1);
db[emlen - flen - SHA_DIGEST_LENGTH - 1] = 0x01;
memcpy(db + emlen - flen - SHA_DIGEST_LENGTH, from, (unsigned int) flen);
if (RAND_bytes(seed, SHA_DIGEST_LENGTH) <= 0)
return 0;
#ifdef PKCS_TESTVECT
memcpy(seed,
memcpy(seed,
"\xaa\xfd\x12\xf6\x59\xca\xe6\x34\x89\xb4\x79\xe5\x07\x6d\xde\xc2\xf0\x6c\xb5\x8f",
20);
#endif
MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH);
for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++)
db[i] ^= dbmask[i];
MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH);
for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++)
db[i] ^= dbmask[i];
MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH);
for (i = 0; i < SHA_DIGEST_LENGTH; i++)
seed[i] ^= seedmask[i];
MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH);
for (i = 0; i < SHA_DIGEST_LENGTH; i++)
seed[i] ^= seedmask[i];
OPENSSL_free(dbmask);
return (1);
}
OPENSSL_free(dbmask);
return 1;
}
int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
unsigned char *from, int flen, int num, unsigned char *param,
int plen)
{
int i, dblen, mlen = -1;
unsigned char *maskeddb;
int lzero;
unsigned char *db = NULL, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH];
if (--num < 2 * SHA_DIGEST_LENGTH + 1)
goto decoding_err;
lzero = num - flen;
if (lzero < 0)
goto decoding_err;
maskeddb = from - lzero + SHA_DIGEST_LENGTH;
dblen = num - SHA_DIGEST_LENGTH;
db = OPENSSL_malloc(dblen);
if (db == NULL)
{
RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);
return (-1);
}
int i, dblen, mlen = -1;
unsigned char *maskeddb;
int lzero;
unsigned char *db = NULL, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH];
int bad = 0;
MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen);
for (i = lzero; i < SHA_DIGEST_LENGTH; i++)
seed[i] ^= from[i - lzero];
MGF1(db, dblen, seed, SHA_DIGEST_LENGTH);
for (i = 0; i < dblen; i++)
db[i] ^= maskeddb[i];
if (--num < 2 * SHA_DIGEST_LENGTH + 1)
/* 'num' is the length of the modulus, i.e. does not depend on the
* particular ciphertext. */
goto decoding_err;
SHA1(param, plen, phash);
if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0)
goto decoding_err;
else
{
for (i = SHA_DIGEST_LENGTH; i < dblen; i++)
if (db[i] != 0x00)
break;
if (db[i] != 0x01 || i++ >= dblen)
goto decoding_err;
else
{
mlen = dblen - i;
if (tlen < mlen)
lzero = num - flen;
if (lzero < 0)
{
RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE);
mlen = -1;
/* lzero == -1 */
/* signalling this error immediately after detection might allow
* for side-channel attacks (e.g. timing if 'plen' is huge
* -- cf. James H. Manger, "A Chosen Ciphertext Attack on RSA Optimal
* Asymmetric Encryption Padding (OAEP) [...]", CRYPTO 2001),
* so we use a 'bad' flag */
bad = 1;
lzero = 0;
}
else
memcpy(to, db + i, mlen);
}
}
OPENSSL_free(db);
return (mlen);
maskeddb = from - lzero + SHA_DIGEST_LENGTH;
dblen = num - SHA_DIGEST_LENGTH;
db = OPENSSL_malloc(dblen);
if (db == NULL)
{
RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);
return -1;
}
MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen);
for (i = lzero; i < SHA_DIGEST_LENGTH; i++)
seed[i] ^= from[i - lzero];
MGF1(db, dblen, seed, SHA_DIGEST_LENGTH);
for (i = 0; i < dblen; i++)
db[i] ^= maskeddb[i];
SHA1(param, plen, phash);
if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad)
goto decoding_err;
else
{
for (i = SHA_DIGEST_LENGTH; i < dblen; i++)
if (db[i] != 0x00)
break;
if (db[i] != 0x01 || i++ >= dblen)
goto decoding_err;
else
{
/* everything looks OK */
mlen = dblen - i;
if (tlen < mlen)
{
RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE);
mlen = -1;
}
else
memcpy(to, db + i, mlen);
}
}
OPENSSL_free(db);
return mlen;
decoding_err:
/* to avoid chosen ciphertext attacks, the error message should not reveal
* which kind of decoding error happened */
RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR);
if (db != NULL) OPENSSL_free(db);
return -1;
}
/* to avoid chosen ciphertext attacks, the error message should not reveal
* which kind of decoding error happened */
RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR);
if (db != NULL) OPENSSL_free(db);
return -1;
}
int MGF1(unsigned char *mask, long len, unsigned char *seed, long seedlen)
{
long i, outlen = 0;
unsigned char cnt[4];
SHA_CTX c;
unsigned char md[SHA_DIGEST_LENGTH];
for (i = 0; outlen < len; i++)
{
cnt[0] = (i >> 24) & 255, cnt[1] = (i >> 16) & 255,
cnt[2] = (i >> 8) & 255, cnt[3] = i & 255;
SHA1_Init(&c);
SHA1_Update(&c, seed, seedlen);
SHA1_Update(&c, cnt, 4);
if (outlen + SHA_DIGEST_LENGTH <= len)
{
SHA1_Final(mask + outlen, &c);
outlen += SHA_DIGEST_LENGTH;
}
else
{
SHA1_Final(md, &c);
memcpy(mask + outlen, md, len - outlen);
outlen = len;
}
long i, outlen = 0;
unsigned char cnt[4];
SHA_CTX c;
unsigned char md[SHA_DIGEST_LENGTH];
for (i = 0; outlen < len; i++)
{
cnt[0] = (i >> 24) & 255, cnt[1] = (i >> 16) & 255,
cnt[2] = (i >> 8) & 255, cnt[3] = i & 255;
SHA1_Init(&c);
SHA1_Update(&c, seed, seedlen);
SHA1_Update(&c, cnt, 4);
if (outlen + SHA_DIGEST_LENGTH <= len)
{
SHA1_Final(mask + outlen, &c);
outlen += SHA_DIGEST_LENGTH;
}
else
{
SHA1_Final(md, &c);
memcpy(mask + outlen, md, len - outlen);
outlen = len;
}
}
return 0;
}
return (0);
}
#endif

2
crypto/sha/sha_locl.h
View file

@ -115,7 +115,7 @@
# endif
# ifdef SHA1_ASM
# if defined(__i386) || defined(_M_IX86) || defined(__INTEL__)
# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
# define sha1_block_host_order sha1_block_asm_host_order
# define DONT_IMPLEMENT_BLOCK_HOST_ORDER
# define sha1_block_data_order sha1_block_asm_data_order

2
crypto/x509/x509_trs.c
View file

@ -79,7 +79,7 @@ static int (*default_trust)(int id, X509 *x, int flags) = obj_trust;
static X509_TRUST trstandard[] = {
{X509_TRUST_COMPAT, 0, trust_compat, "compatible", 0, NULL},
{X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, NULL},
{X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Client", NID_server_auth, NULL},
{X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Server", NID_server_auth, NULL},
{X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL},
};

2
crypto/x509/x509_txt.c
View file

@ -95,7 +95,7 @@ const char *X509_verify_cert_error_string(long n)
case X509_V_ERR_CRL_NOT_YET_VALID:
return("CRL is not yet valid");
case X509_V_ERR_CERT_HAS_EXPIRED:
return("Certificate has expired");
return("certificate has expired");
case X509_V_ERR_CRL_HAS_EXPIRED:
return("CRL has expired");
case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:

6
crypto/x509/x509_vfy.c
View file

@ -911,6 +911,12 @@ void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, long flags, time_t t)
ctx->flags |= X509_V_FLAG_USE_CHECK_TIME;
}
void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
int (*verify_cb)(int, X509_STORE_CTX *))
{
ctx->verify_cb=verify_cb;
}
IMPLEMENT_STACK_OF(X509)
IMPLEMENT_ASN1_SET_OF(X509)

2
crypto/x509/x509_vfy.h
View file

@ -382,6 +382,8 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
int purpose, int trust);
void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, long flags);
void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, long flags, time_t t);
void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
int (*verify_cb)(int, X509_STORE_CTX *));
#ifdef __cplusplus
}

4
doc/apps/openssl.pod
View file

@ -125,6 +125,10 @@ Generation of RSA Parameters.
Generation of hashed passwords.
=item L<B<pkcs12>|pkcs12(1)>
PKCS#12 Data Management.
=item L<B<pkcs7>|pkcs7(1)>
PKCS#7 Data Management.

10
doc/apps/verify.pod
View file

@ -200,14 +200,14 @@ the signature of the certificate is invalid. Unused.
the certificate is not yet valid: the notBefore date is after the current time.
=item B<10 X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid>
the CRL is not yet valid. Unused.
=item B<11 X509_V_ERR_CERT_HAS_EXPIRED: Certificate has expired>
=item B<10 X509_V_ERR_CERT_HAS_EXPIRED: certificate has expired>
the certificate has expired: that is the notAfter date is before the current time.
=item B<11 X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid>
the CRL is not yet valid. Unused.
=item B<12 X509_V_ERR_CRL_HAS_EXPIRED: CRL has expired>
the CRL has expired. Unused.

5
doc/crypto/BN_rand.pod
View file

@ -14,6 +14,8 @@ BN_rand, BN_pseudo_rand - generate pseudo-random number
int BN_rand_range(BIGNUM *rnd, BIGNUM *range);
int BN_pseudo_rand_range(BIGNUM *rnd, int bits, int top, int bottom);
=head1 DESCRIPTION
BN_rand() generates a cryptographically strong pseudo-random number of
@ -31,6 +33,8 @@ protocols, but usually not for key generation etc.
BN_rand_range() generates a cryptographically strong pseudo-random
number B<rnd> in the range 0 <lt>= B<rnd> E<lt> B<range>.
BN_pseudo_rand_range() does the same, but is based on BN_pseudo_rand(),
and hence numbers generated by it are not necessarily unpredictable.
The PRNG must be seeded prior to calling BN_rand() or BN_rand_range().
@ -49,5 +53,6 @@ L<RAND_add(3)|RAND_add(3)>, L<RAND_bytes(3)|RAND_bytes(3)>
BN_rand() is available in all versions of SSLeay and OpenSSL.
BN_pseudo_rand() was added in OpenSSL 0.9.5. The B<top> == -1 case
and the function BN_rand_range() were added in OpenSSL 0.9.6a.
BN_pseudo_rand_range() was added in OpenSSL 0.9.6c.
=cut

1
doc/crypto/bn.pod
View file

@ -61,6 +61,7 @@ bn - multiprecision integer arithmetics
int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);
int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
int BN_rand_range(BIGNUM *rnd, BIGNUM *range);
int BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range);
BIGNUM *BN_generate_prime(BIGNUM *ret, int bits,int safe, BIGNUM *add,
BIGNUM *rem, void (*callback)(int, int, void *), void *cb_arg);

6
doc/crypto/threads.pod
View file

@ -53,8 +53,10 @@ OpenSSL can safely be used in multi-threaded applications provided
that at least two callback functions are set.
locking_function(int mode, int n, const char *file, int line) is
needed to perform locking on shared data structures. Multi-threaded
applications will crash at random if it is not set.
needed to perform locking on shared data structures.
(Note that OpenSSL uses a number of global data structures that
will be implicitly shared whenever multiple threads use OpenSSL.)
Multi-threaded applications will crash at random if it is not set.
locking_function() must be able to handle up to CRYPTO_num_locks()
different mutex locks. It sets the B<n>-th lock if B<mode> &

4
doc/ssl/SSL_CTX_ctrl.pod
View file

@ -8,10 +8,10 @@ SSL_CTX_ctrl, SSL_CTX_callback_ctrl, SSL_ctrl, SSL_callback_ctrl - internal hand
#include <openssl/ssl.h>
long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg);
long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg);
long SSL_CTX_callback_ctrl(SSL_CTX *, int cmd, void (*fp)());
long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg);
long SSL_ctrl(SSL *ssl, int cmd, long larg, char *parg);
long SSL_callback_ctrl(SSL *, int cmd, void (*fp)());
=head1 DESCRIPTION

2
doc/ssl/SSL_CTX_free.pod
View file

@ -24,6 +24,8 @@ the certificates and keys.
SSL_CTX_free() does not provide diagnostic information.
=head1 SEE ALSO
L<SSL_CTX_new(3)|SSL_CTX_new(3)>, L<ssl(3)|ssl(3)>
=cut

6
doc/ssl/SSL_CTX_load_verify_locations.pod
View file

@ -58,7 +58,7 @@ failure.
In server mode, when requesting a client certificate, the server must send
the list of CAs of which it will accept client certificates. This list
is not influenced by the contents of B<CAfile> or B<CApath> and must
explicitely be set using the
explicitly be set using the
L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)>
family of functions.
@ -118,7 +118,7 @@ L<ssl(3)|ssl(3)>,
L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)>,
L<SSL_get_client_CA_list(3)|SSL_get_client_CA_list(3)>,
L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>,
L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>
L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>,
L<SSL_CTX_set_cert_store(3)|SSL_CTX_set_cert_store(3)>
=cut

4
doc/ssl/SSL_CTX_new.pod
View file

@ -59,10 +59,6 @@ choice when compatibility is a concern.
=back
If a generic method is used, it is necessary to explicitly set client or
server mode with L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>
or SSL_set_accept_state().
The list of protocols available can later be limited using the SSL_OP_NO_SSLv2,
SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1 options of the B<SSL_CTX_set_options()> or
B<SSL_set_options()> functions. Using these options it is possible to choose

8
doc/ssl/SSL_CTX_sess_set_get_cb.pod
View file

@ -70,12 +70,16 @@ proposed by the client. The get_session_cb() is always called, also when
session caching was disabled. The get_session_cb() is passed the
B<ssl> connection, the session id of length B<length> at the memory location
B<data>. With the parameter B<copy> the callback can require the
SSL engine to increment the reference count of the SSL_SESSION object.
SSL engine to increment the reference count of the SSL_SESSION object,
Normally the reference count is not incremented and therefore the
session must not be explicitly freed with
L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>.
=head1 SEE ALSO
L<ssl(3)|ssl(3)>, L<d2i_SSL_SESSION(3)|d2i_SSL_SESSION(3)>,
L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
L<SSL_CTX_flush_sessions(3)|<SSL_CTX_flush_sessions(3)>
L<SSL_CTX_flush_sessions(3)|<SSL_CTX_flush_sessions(3)>,
L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>
=cut

24
doc/ssl/SSL_CTX_set_cipher_list.pod
View file

@ -34,9 +34,25 @@ a necessary condition. On the client side, the inclusion into the list is
also sufficient. On the server side, additional restrictions apply. All ciphers
have additional requirements. ADH ciphers don't need a certificate, but
DH-parameters must have been set. All other ciphers need a corresponding
certificate and key. A RSA cipher can only be chosen, when a RSA certificate is
available, the respective is valid for DSA ciphers. Ciphers using EDH need
a certificate and key and DH-parameters.
certificate and key.
A RSA cipher can only be chosen, when a RSA certificate is available.
RSA export ciphers with a keylength of 512 bits for the RSA key require
a temporary 512 bit RSA key, as typically the supplied key has a length
of 1024 bit (see
L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>).
RSA ciphers using EDH need a certificate and key and additional DH-parameters
(see L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>).
A DSA cipher can only be chosen, when a DSA certificate is available.
DSA ciphers always use DH key exchange and therefore need DH-parameters
(see L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>).
When these conditions are not met for any cipher in the list (e.g. a
client only supports export RSA ciphers with a asymmetric key length
of 512 bits and the server is not configured to use temporary RSA
keys), the "no shared cipher" (SSL_R_NO_SHARED_CIPHER) error is generated
and the handshake will fail.
=head1 RETURN VALUES
@ -47,6 +63,8 @@ could be selected and 0 on complete failure.
L<ssl(3)|ssl(3)>, L<SSL_get_ciphers(3)|SSL_get_ciphers(3)>,
L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>,
L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>,
L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>,
L<ciphers(1)|ciphers(1)>
=cut

6
doc/ssl/SSL_CTX_set_default_passwd_cb.pod
View file

@ -40,6 +40,12 @@ then keep it in memory and use it several times. In the last case, the
password could be stored into the B<userdata> storage and the
pem_passwd_cb() only returns the password already stored.
When asking for the password interactively, pem_passwd_cb() can use
B<rwflag> to check, whether an item shall be encrypted (rwflag=1).
In this case the password dialog may ask for the same password twice
for comparison in order to catch typos, that would make decryption
impossible.
Other items in PEM formatting (certificates) can also be encrypted, it is
however not usual, as certificate information is considered public.

3
doc/ssl/SSL_CTX_set_mode.pod
View file

@ -37,6 +37,9 @@ The following mode changes are available:
Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
when just a single record has been written). When not set (the default),
SSL_write() will only report success once the complete chunk was written.
Once SSL_write() returns with r, r bytes have been successfully written
and the next call to SSL_write() must only send the n-r bytes left,
imitating the behaviour of write().
=item SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER

41
doc/ssl/SSL_CTX_set_options.pod
View file

@ -17,10 +17,10 @@ SSL_CTX_set_options, SSL_set_options, SSL_CTX_get_options, SSL_get_options - man
=head1 DESCRIPTION
SSL_CTX_set_options() adds the options set via bitmask in B<options> to B<ctx>.
Options already set before are not cleared.
Options already set before are not cleared!
SSL_set_options() adds the options set via bitmask in B<options> to B<ssl>.
Options already set before are not cleared.
Options already set before are not cleared!
SSL_CTX_get_options() returns the options set for B<ctx>.
@ -32,7 +32,12 @@ The behaviour of the SSL library can be changed by setting several options.
The options are coded as bitmasks and can be combined by a logical B<or>
operation (|). Options can only be added but can never be reset.
During a handshake, the option settings of the SSL object used. When
SSL_CTX_set_options() and SSL_set_options() affect the (external)
protocol behaviour of the SSL library. The (internal) behaviour of
the API can be changed by using the similar
L<SSL_CTX_set_modes(3)|SSL_CTX_set_modes(3)> and SSL_set_modes() functions.
During a handshake, the option settings of the SSL object are used. When
a new SSL object is created from a context using SSL_new(), the current
option setting is copied. Changes to B<ctx> do not affect already created
SSL objects. SSL_clear() does not affect the settings.
@ -122,11 +127,27 @@ The following B<modifying> options are available:
=item SSL_OP_SINGLE_DH_USE
Always create a new key when using temporary DH parameters.
Always create a new key when using temporary/ephemeral DH parameters
(see L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>).
This option must be used to prevent small subgroup attacks, when
the DH parameters were not generated using "strong" primes
(e.g. when using DSA-parameters, see L<dhparam(1)|dhparam(1)>).
If "strong" primes were used, it is not strictly necessary to generate
a new DH key during each handshake but it is also recommended.
SSL_OP_SINGLE_DH_USE should therefore be enabled whenever
temporary/ephemeral DH parameters are used.
=item SSL_OP_EPHEMERAL_RSA
Also use the temporary RSA key when doing RSA operations.
Always use ephemeral (temporary) RSA key when doing RSA operations
(see L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>).
According to the specifications this is only done, when a RSA key
can only be used for signature operations (namely under export ciphers
with restricted RSA keylength). By setting this option, ephemeral
RSA keys are always used. This option breaks compatibility with the
SSL/TLS specifications and may lead to interoperability problems with
clients and should therefore never be used. Ciphers with EDH (ephemeral
Diffie-Hellman) key exchange should be used instead.
=item SSL_OP_PKCS1_CHECK_1
@ -142,11 +163,6 @@ If we accept a netscape connection, demand a client cert, have a
non-self-sighed CA which does not have it's CA in netscape, and the
browser has a cert, it will crash/hang. Works for 3.x and 4.xbeta
=item SSL_OP_NON_EXPORT_FIRST
On servers try to use non-export (stronger) ciphers first. This option does
not work under all circumstances (in the code it is declared "broken").
=item SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
...
@ -174,7 +190,10 @@ SSL_CTX_get_options() and SSL_get_options() return the current bitmask.
=head1 SEE ALSO
L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>, L<SSL_clear(3)|SSL_clear(3)>
L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>, L<SSL_clear(3)|SSL_clear(3)>,
L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>,
L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>,
L<dhparam(1)|dhparam(1)>
=head1 HISTORY

1
doc/ssl/SSL_CTX_set_session_cache_mode.pod
View file

@ -97,6 +97,7 @@ SSL_CTX_get_session_cache_mode() returns the currently set cache mode.
=head1 SEE ALSO
L<ssl(3)|ssl(3)>, L<SSL_set_session(3)|SSL_set_session(3)>,
L<SSL_session_reused(3)|SSL_session_reused(3)>,
L<SSL_CTX_sess_number(3)|SSL_CTX_sess_number(3)>,
L<SSL_CTX_sess_set_cache_size(3)|SSL_CTX_sess_set_cache_size(3)>,
L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>,

8
doc/ssl/SSL_CTX_set_timeout.pod
View file

@ -37,7 +37,10 @@ L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)> is called, either
directly by the application or automatically (see
L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>)
The default value for session timeout is 300 seconds.
The default value for session timeout is decided on a per protocol
basis, see L<SSL_get_default_timeout(3)|SSL_get_default_timeout(3)>.
All currently supported protocols have the same default timeout value
of 300 seconds.
=head1 RETURN VALUES
@ -50,6 +53,7 @@ SSL_CTX_get_timeout() returns the currently set timeout value.
L<ssl(3)|ssl(3)>,
L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
L<SSL_SESSION_get_time(3)|SSL_SESSION_get_time(3)>,
L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>
L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>,
L<SSL_get_default_timeout(3)|SSL_get_default_timeout(3)>
=cut

14
doc/ssl/SSL_CTX_set_verify.pod
View file

@ -59,14 +59,14 @@ The handshake will be continued regardless of the verification result.
B<Server mode:> the server sends a client certificate request to the client.
The certificate returned (if any) is checked. If the verification process
fails as indicated by B<verify_callback>, the TLS/SSL handshake is
fails, the TLS/SSL handshake is
immediately terminated with an alert message containing the reason for
the verification failure.
The behaviour can be controlled by the additional
SSL_VERIFY_FAIL_IF_NO_PEER_CERT and SSL_VERIFY_CLIENT_ONCE flags.
B<Client mode:> the server certificate is verified. If the verification process
fails as indicated by B<verify_callback>, the TLS/SSL handshake is
fails, the TLS/SSL handshake is
immediately terminated with an alert message containing the reason for
the verification failure. If no server certificate is sent, because an
anonymous cipher is used, SSL_VERIFY_PEER is ignored.
@ -92,6 +92,15 @@ B<Client mode:> ignored
Exactly one of the B<mode> flags SSL_VERIFY_NONE and SSL_VERIFY_PEER must be
set at any time.
The actual verification procedure is performed either using the built-in
verification procedure or using another application provided verification
function set with
L<SSL_CTX_set_cert_verify_callback(3)|SSL_CTX_set_cert_verify_callback(3)>.
The following descriptions apply in the case of the built-in procedure. An
application provided procedure also has access to the verify depth information
and the verify_callback() function, but the way this information is used
may be different.
SSL_CTX_set_verify_depth() and SSL_set_verify_depth() set the limit up
to which depth certificates in a chain are used during the verification
procedure. If the certificate chain is longer than allowed, the certificates
@ -278,6 +287,7 @@ L<SSL_CTX_get_verify_mode(3)|SSL_CTX_get_verify_mode(3)>,
L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>,
L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>,
L<SSL_get_peer_certificate(3)|SSL_get_peer_certificate(3)>,
L<SSL_CTX_set_cert_verify_callback(3)|SSL_CTX_set_cert_verify_callback(3)>,
L<SSL_get_ex_data_X509_STORE_CTX_idx(3)|SSL_get_ex_data_X509_STORE_CTX_idx(3)>,
L<SSL_get_ex_new_index(3)|SSL_get_ex_new_index(3)>

32
doc/ssl/SSL_SESSION_free.pod
View file

@ -16,10 +16,40 @@ SSL_SESSION_free() decrements the reference count of B<session> and removes
the B<SSL_SESSION> structure pointed to by B<session> and frees up the allocated
memory, if the the reference count has reached 0.
=head1 NOTES
SSL_SESSION objects are allocated, when a TLS/SSL handshake operation
is successfully completed. Depending on the settings, see
L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
the SSL_SESSION objects are internally referenced by the SSL_CTX and
linked into its session cache. SSL objects may be using the SSL_SESSION object;
as a session may be reused, several SSL objects may be using one SSL_SESSION
object at the same time. It is therefore crucial to keep the reference
count (usage information) correct and not delete a SSL_SESSION object
that is still used, as this may lead to program failures due to
dangling pointers. These failures may also appear delayed, e.g.
when an SSL_SESSION object was completely freed as the reference count
incorrectly became 0, but it is still referenced in the internal
session cache and the cache list is processed during a
L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)> operation.
SSL_SESSION_free() must only be called for SSL_SESSION objects, for
which the reference count was explicitly incremented (e.g.
by calling SSL_get1_session(), see L<SSL_get_session(3)|SSL_get_session(3)>)
or when the SSL_SESSION object was generated outside a TLS handshake
operation, e.g. by using L<d2i_SSL_SESSION(3)|d2i_SSL_SESSION(3)>.
It must not be called on other SSL_SESSION objects, as this would cause
incorrect reference counts and therefore program failures.
=head1 RETURN VALUES
SSL_SESSION_free() does not provide diagnostic information.
L<ssl(3)|ssl(3)>, L<SSL_get_session(3)|SSL_get_session(3)>
=head1 SEE ALSO
L<ssl(3)|ssl(3)>, L<SSL_get_session(3)|SSL_get_session(3)>,
L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>,
L<d2i_SSL_SESSION(3)|d2i_SSL_SESSION(3)>
=cut

3
doc/ssl/SSL_SESSION_get_time.pod
View file

@ -58,6 +58,7 @@ If any of the function is passed the NULL pointer for the session B<s>,
=head1 SEE ALSO
L<ssl(3)|ssl(3)>,
L<SSL_CTX_set_timeout(3)|SSL_CTX_set_timeout(3)>
L<SSL_CTX_set_timeout(3)|SSL_CTX_set_timeout(3)>,
L<SSL_get_default_timeout(3)|SSL_get_default_timeout(3)>
=cut

5
doc/ssl/SSL_accept.pod
View file

@ -37,11 +37,6 @@ nothing is to be done, but select() can be used to check for the required
condition. When using a buffering BIO, like a BIO pair, data must be written
into or retrieved out of the BIO before being able to continue.
When using a generic method (see L<SSL_CTX_new(3)|SSL_CTX_new(3)>), it
is necessary to call SSL_set_accept_state()
before calling SSL_accept() to explicitly switch the B<ssl> to server
mode.
=head1 RETURN VALUES
The following return values can occur:

8
doc/ssl/SSL_alert_type_string.pod
View file

@ -8,11 +8,11 @@ SSL_alert_type_string, SSL_alert_type_string_long, SSL_alert_desc_string, SSL_al
#include <openssl/ssl.h>
const char *SSL_alert_type_string(int value);
const char *SSL_alert_type_string_long(int value);
char *SSL_alert_type_string(int value);
char *SSL_alert_type_string_long(int value);
const char *SSL_alert_desc_string(int value);
const char *SSL_alert_desc_string_long(int value);
char *SSL_alert_desc_string(int value);
char *SSL_alert_desc_string_long(int value);
=head1 DESCRIPTION

5
doc/ssl/SSL_connect.pod
View file

@ -34,11 +34,6 @@ nothing is to be done, but select() can be used to check for the required
condition. When using a buffering BIO, like a BIO pair, data must be written
into or retrieved out of the BIO before being able to continue.
When using a generic method (see L<SSL_CTX_new(3)|SSL_CTX_new(3)>), it
is necessary to call L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>
before calling SSL_connect() to explicitly switch the B<ssl> to client
mode.
=head1 RETURN VALUES
The following return values can occur:

8
doc/ssl/SSL_get_error.pod
View file

@ -69,13 +69,13 @@ to read data. This is mainly because TLS/SSL handshakes may occur at any
time during the protocol (initiated by either the client or the server);
SSL_read(), SSL_peek(), and SSL_write() will handle any pending handshakes.
=item SSL_ERROR_WANT_CONNECT
=item SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT
The operation did not complete; the same TLS/SSL I/O function should be
called again later. The underlying BIO was not connected yet to the peer
and the call would block in connect(). The SSL function should be
called again when the connection is established. This messages can only
appear with a BIO_s_connect() BIO.
and the call would block in connect()/accept(). The SSL function should be
called again when the connection is established. These messages can only
appear with a BIO_s_connect() or BIO_s_accept() BIO, respectively.
In order to find out, when the connection has been successfully established,
on many platforms select() or poll() for writing on the socket file descriptor
can be used.

2
doc/ssl/SSL_get_peer_certificate.pod
View file

@ -19,7 +19,7 @@ peer presented. If the peer did not present a certificate, NULL is returned.
Due to the protocol definition, a TLS/SSL server will always send a
certificate, if present. A client will only send a certificate when
explicitely requested to do so by the server (see
explicitly requested to do so by the server (see
L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>). If an anonymous cipher
is used, no certificates are sent.

6
doc/ssl/SSL_get_session.pod
View file

@ -40,6 +40,12 @@ If the data is to be kept, SSL_get1_session() will increment the reference
count and the session will stay in memory until explicitly freed with
L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>, regardless of its state.
SSL_SESSION objects keep internal link information about the session cache
list, when being inserted into one SSL_CTX object's session cache.
One SSL_SESSION object, regardless of its reference count, must therefore
only be used with one SSL_CTX object (and the SSL objects created
from this SSL_CTX object).
=head1 RETURN VALUES
The following return values can occur:

1
doc/ssl/SSL_new.pod
View file

@ -38,6 +38,7 @@ The return value points to an allocated SSL structure.
L<SSL_free(3)|SSL_free(3)>, L<SSL_clear(3)|SSL_clear(3)>,
L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>,
L<SSL_get_SSL_CTX(3)|SSL_get_SSL_CTX(3)>,
L<ssl(3)|ssl(3)>
=cut

25
doc/ssl/SSL_read.pod
View file

@ -25,11 +25,10 @@ the SSL_read() operation. The behaviour of SSL_read() depends on the
underlying BIO.
For the transparent negotiation to succeed, the B<ssl> must have been
initialized to client or server mode. This is not the case if a generic
method is being used (see L<SSL_CTX_new(3)|SSL_CTX_new(3)>, so that
initialized to client or server mode. This is being done by calling
L<SSL_set_connect_state(3)|SSL_set_connect_state(3)> or SSL_set_accept_state()
must be used before the first call to an SSL_read() or
L<SSL_write(3)|SSL_write(3)> function).
before the first call to an SSL_read() or L<SSL_write(3)|SSL_write(3)>
function.
SSL_read() works based on the SSL/TLS records. The data are received in
records (with a maximum record size of 16kB for SSLv3/TLSv1). Only when a
@ -84,9 +83,20 @@ bytes actually read from the TLS/SSL connection.
=item 0
The read operation was not successful, probably because no data was
available. Call SSL_get_error() with the return value B<ret> to find out,
whether an error occurred.
The read operation was not successful. The reason may either be a clean
shutdown due to a "close notify" alert sent by the peer (in which case
the SSL_RECEIVED_SHUTDOWN flag in the ssl shutdown state is set
(see L<SSL_shutdown(3)|SSL_shutdown(3)>,
L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>). It is also possible, that
the peer simply shut down the underlying transport and the shutdown is
incomplete. Call SSL_get_error() with the return value B<ret> to find out,
whether an error occurred or the connection was shut down cleanly
(SSL_ERROR_ZERO_RETURN).
SSLv2 (deprecated) does not support a shutdown alert protocol, so it can
only be detected, whether the underlying connection was closed. It cannot
be checked, whether the closure was initiated by the peer or by something
else.
=item E<lt>0
@ -102,6 +112,7 @@ L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_write(3)|SSL_write(3)>,
L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)>, L<SSL_CTX_new(3)|SSL_CTX_new(3)>,
L<SSL_connect(3)|SSL_connect(3)>, L<SSL_accept(3)|SSL_accept(3)>
L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>,
L<SSL_shutdown(3)|SSL_shutdown(3)>, L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>,
L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>
=cut

4
doc/ssl/SSL_rstate_string.pod
View file

@ -8,8 +8,8 @@ SSL_rstate_string, SSL_rstate_string_long - get textual description of state of
#include <openssl/ssl.h>
const char *SSL_rstate_string(SSL *ssl);
const char *SSL_rstate_string_long(SSL *ssl);
char *SSL_rstate_string(SSL *ssl);
char *SSL_rstate_string_long(SSL *ssl);
=head1 DESCRIPTION

23
doc/ssl/SSL_set_connect_state.pod
View file

@ -14,9 +14,9 @@ SSL_set_connect_state, SSL_get_accept_state - prepare SSL object to work in clie
=head1 DESCRIPTION
SSL_set_connect_state() B<ssl> to work in client mode.
SSL_set_connect_state() sets B<ssl> to work in client mode.
SSL_set_accept_state() B<ssl> to work in server mode.
SSL_set_accept_state() sets B<ssl> to work in server mode.
=head1 NOTES
@ -27,12 +27,17 @@ server connections. (The method might have been changed with
L<SSL_CTX_set_ssl_version(3)|SSL_CTX_set_ssl_version(3)> or
SSL_set_ssl_method().)
In order to successfully accomplish the handshake, the SSL routines need
to know whether they should act in server or client mode. If the generic
method was used, this is not clear from the method itself and must be set
with either SSL_set_connect_state() or SSL_set_accept_state(). If these
routines are not called, the default value set when L<SSL_new(3)|SSL_new(3)>
is called is server mode.
When beginning a new handshake, the SSL engine must know whether it must
call the connect (client) or accept (server) routines. Even though it may
be clear from the method chosen, whether client or server mode was
requested, the handshake routines must be explicitly set.
When using the L<SSL_connect(3)|SSL_connect(3)> or
L<SSL_accept(3)|SSL_accept(3)> routines, the correct handshake
routines are automatically set. When performing a transparent negotiation
using L<SSL_write(3)|SSL_write(3)> or L<SSL_read(3)|SSL_read(3)>, the
handshake routines must be explicitly set in advance using either
SSL_set_connect_state() or SSL_set_accept_state().
=head1 RETURN VALUES
@ -42,6 +47,8 @@ information.
=head1 SEE ALSO
L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>, L<SSL_CTX_new(3)|SSL_CTX_new(3)>,
L<SSL_connect(3)|SSL_connect(3)>, L<SSL_accept(3)|SSL_accept(3)>,
L<SSL_write(3)|SSL_write(3)>, L<SSL_read(3)|SSL_read(3)>,
L<SSL_CTX_set_ssl_version(3)|SSL_CTX_set_ssl_version(3)>
=cut

13
doc/ssl/SSL_set_session.pod
View file

@ -16,12 +16,21 @@ SSL_set_session() sets B<session> to be used when the TLS/SSL connection
is to be established. SSL_set_session() is only useful for TLS/SSL clients.
When the session is set, the reference count of B<session> is incremented
by 1. If the session is not reused, the reference count is decremented
again during SSL_connect().
again during SSL_connect(). Whether the session was reused can be queried
with the L<SSL_session_reused(3)|SSL_session_reused(3)> call.
If there is already a session set inside B<ssl> (because it was set with
SSL_set_session() before or because the same B<ssl> was already used for
a connection), SSL_SESSION_free() will be called for that session.
=head1 NOTES
SSL_SESSION objects keep internal link information about the session cache
list, when being inserted into one SSL_CTX object's session cache.
One SSL_SESSION object, regardless of its reference count, must therefore
only be used with one SSL_CTX object (and the SSL objects created
from this SSL_CTX object).
=head1 RETURN VALUES
The following return values can occur:
@ -41,6 +50,8 @@ The operation succeeded.
=head1 SEE ALSO
L<ssl(3)|ssl(3)>, L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>,
L<SSL_get_session(3)|SSL_get_session(3)>,
L<SSL_session_reused(3)|SSL_session_reused(3)>,
L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>
=cut

6
doc/ssl/SSL_set_shutdown.pod
View file

@ -46,7 +46,10 @@ The shutdown state of the connection is used to determine the state of
the ssl session. If the session is still open, when
L<SSL_clear(3)|SSL_clear(3)> or L<SSL_free(3)|SSL_free(3)> is called,
it is considered bad and removed according to RFC2246.
The actual condition for a correctly closed session is SSL_SENT_SHUTDOWN.
The actual condition for a correctly closed session is SSL_SENT_SHUTDOWN
(according to the TLS RFC, it is acceptable to only send the "close notify"
alert but to not wait for the peer's answer, when the underlying connection
is closed).
SSL_set_shutdown() can be used to set this state without sending a
close alert to the peer (see L<SSL_shutdown(3)|SSL_shutdown(3)>).
@ -63,6 +66,7 @@ SSL_get_shutdown() returns the current setting.
=head1 SEE ALSO
L<ssl(3)|ssl(3)>, L<SSL_shutdown(3)|SSL_shutdown(3)>,
L<SSL_CTX_set_quiet_shutdown(3)|SSL_CTX_set_quiet_shutdown(3)>,
L<SSL_clear(3)|SSL_clear(3)>, L<SSL_free(3)|SSL_free(3)>
=cut

67
doc/ssl/SSL_shutdown.pod
View file

@ -22,10 +22,52 @@ Whether the operation succeeds or not, the SSL_SENT_SHUTDOWN flag is set and
a currently open session is considered closed and good and will be kept in the
session cache for further reuse.
The behaviour of SSL_shutdown() depends on the underlying BIO.
The shutdown procedure consists of 2 steps: the sending of the "close notify"
shutdown alert and the reception of the peer's "close notify" shutdown
alert. According to the TLS standard, it is acceptable for an application
to only send its shutdown alert and then close the underlying connection
without waiting for the peer's response (this way resources can be saved,
as the process can already terminate or serve another connection).
When the underlying connection shall be used for more communications, the
complete shutdown procedure (bidirectional "close notify" alerts) must be
performed, so that the peers stay synchronized.
SSL_shutdown() supports both uni- and bidirectional shutdown by its 2 step
behaviour.
=over 4
=item When the application is the first party to send the "close notify"
alert, SSL_shutdown() will only send the alert and the set the
SSL_SENT_SHUTDOWN flag (so that the session is considered good and will
be kept in cache). SSL_shutdown() will then return with 0. If a unidirectional
shutdown is enough (the underlying connection shall be closed anyway), this
first call to SSL_shutdown() is sufficient. In order to complete the
bidirectional shutdown handshake, SSL_shutdown() must be called again.
The second call will make SSL_shutdown() wait for the peer's "close notify"
shutdown alert. On success, the second call to SSL_shutdown() will return
with 1.
=item If the peer already sent the "close notify" alert B<and> it was
already processed implicitly inside another function
(L<SSL_read(3)|SSL_read(3)>), the SSL_RECEIVED_SHUTDOWN flag is set.
SSL_shutdown() will send the "close notify" alert, set the SSL_SENT_SHUTDOWN
flag and will immediately return with 1.
Whether SSL_RECEIVED_SHUTDOWN is already set can be checked using the
SSL_get_shutdown() (see also L<SSL_set_shutdown(3)|SSL_set_shutdown(3)> call.
=back
It is therefore recommended, to check the return value of SSL_shutdown()
and call SSL_shutdown() again, if the bidirectional shutdown is not yet
complete (return value of the first call is 0). As the shutdown is not
specially handled in the SSLv2 protocol, SSL_shutdown() will succeed on
the first call.
The behaviour of SSL_shutdown() additionally depends on the underlying BIO.
If the underlying BIO is B<blocking>, SSL_shutdown() will only return once the
handshake has been finished or an error occurred.
handshake step has been finished or an error occurred.
If the underlying BIO is B<non-blocking>, SSL_shutdown() will also return
when the underlying BIO could not satisfy the needs of SSL_shutdown()
@ -38,6 +80,12 @@ nothing is to be done, but select() can be used to check for the required
condition. When using a buffering BIO, like a BIO pair, data must be written
into or retrieved out of the BIO before being able to continue.
SSL_shutdown() can be modified to only set the connection to "shutdown"
state but not actually send the "close notify" alert messages,
see L<SSL_CTX_set_quiet_shutdown(3)|SSL_CTX_set_quiet_shutdown(3)>.
When "quiet shutdown" is enabled, SSL_shutdown() will always succeed
and return 1.
=head1 RETURN VALUES
The following return values can occur:
@ -46,19 +94,23 @@ The following return values can occur:
=item 1
The shutdown was successfully completed.
The shutdown was successfully completed. The "close notify" alert was sent
and the peer's "close notify" alert was received.
=item 0
The shutdown was not successful. Call SSL_get_error() with the return
value B<ret> to find out the reason.
The shutdown is not yet finished. Call SSL_shutdown() for a second time,
if a bidirectional shutdown shall be performed.
The output of L<SSL_get_error(3)|SSL_get_error(3)> may be misleading, as an
erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred.
=item -1
The shutdown was not successful because a fatal error occurred either
at the protocol level or a connection failure occurred. It can also occur of
at the protocol level or a connection failure occurred. It can also occur if
action is need to continue the operation for non-blocking BIOs.
Call SSL_get_error() with the return value B<ret> to find out the reason.
Call L<SSL_get_error(3)|SSL_get_error(3)> with the return value B<ret>
to find out the reason.
=back
@ -66,6 +118,7 @@ Call SSL_get_error() with the return value B<ret> to find out the reason.
L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_connect(3)|SSL_connect(3)>,
L<SSL_accept(3)|SSL_accept(3)>, L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>,
L<SSL_CTX_set_quiet_shutdown(3)|SSL_CTX_set_quiet_shutdown(3)>,
L<SSL_clear(3)|SSL_clear(3)>, L<SSL_free(3)|SSL_free(3)>,
L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>

4
doc/ssl/SSL_state_string.pod
View file

@ -8,8 +8,8 @@ SSL_state_string, SSL_state_string_long - get textual description of state of an
#include <openssl/ssl.h>
const char *SSL_state_string(SSL *ssl);
const char *SSL_state_string_long(SSL *ssl);
char *SSL_state_string(SSL *ssl);
char *SSL_state_string_long(SSL *ssl);
=head1 DESCRIPTION

16
doc/ssl/SSL_write.pod
View file

@ -25,11 +25,9 @@ the SSL_write() operation. The behaviour of SSL_write() depends on the
underlying BIO.
For the transparent negotiation to succeed, the B<ssl> must have been
initialized to client or server mode. This is not the case if a generic
method is being used (see L<SSL_CTX_new(3)|SSL_CTX_new(3)>, so that
initialized to client or server mode. This is being done by calling
L<SSL_set_connect_state(3)|SSL_set_connect_state(3)> or SSL_set_accept_state()
must be used before the first call to an L<SSL_read(3)|SSL_read(3)>
or SSL_write() function.
before the first call to an L<SSL_read(3)|SSL_read(3)> or SSL_write() function.
If the underlying BIO is B<blocking>, SSL_write() will only return, once the
write operation has been finished or an error occurred, except when a
@ -80,8 +78,14 @@ bytes actually written to the TLS/SSL connection.
=item 0
The write operation was not successful. Call SSL_get_error() with the return
value B<ret> to find out, whether an error occurred.
The write operation was not successful. Probably the underlying connection
was closed. Call SSL_get_error() with the return value B<ret> to find out,
whether an error occurred or the connection was shut down cleanly
(SSL_ERROR_ZERO_RETURN).
SSLv2 (deprecated) does not support a shutdown alert protocol, so it can
only be detected, whether the underlying connection was closed. It cannot
be checked, why the closure happened.
=item E<lt>0

14
doc/ssl/d2i_SSL_SESSION.pod
View file

@ -30,7 +30,17 @@ session data on disk or into a database, it must be transformed into
a binary ASN1 representation.
When using d2i_SSL_SESSION(), the SSL_SESSION object is automatically
allocated.
allocated. The reference count is 1, so that the session must be
explicitly removed using L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>,
unless the SSL_SESSION object is completely taken over, when being called
inside the get_session_cb() (see
L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>).
SSL_SESSION objects keep internal link information about the session cache
list, when being inserted into one SSL_CTX object's session cache.
One SSL_SESSION object, regardless of its reference count, must therefore
only be used with one SSL_CTX object (and the SSL objects created
from this SSL_CTX object).
When using i2d_SSL_SESSION(), the memory location pointed to by B<pp> must be
large enough to hold the binary representation of the session. There is no
@ -50,7 +60,7 @@ When the session is not valid, B<0> is returned and no operation is performed.
=head1 SEE ALSO
L<ssl(3)|ssl(3)>,
L<ssl(3)|ssl(3)>, L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>,
L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>
=cut

27
doc/ssl/ssl.pod
View file

@ -299,7 +299,7 @@ protocol context defined in the B<SSL_CTX> structure.
=item void B<SSL_CTX_set_cert_store>(SSL_CTX *ctx, X509_STORE *cs);
=item void B<SSL_CTX_set_cert_verify_cb>(SSL_CTX *ctx, int (*cb)(SSL_CTX *), char *arg)
=item void B<SSL_CTX_set_cert_verify_cb>(SSL_CTX *ctx, int (*cb)(), char *arg)
=item int B<SSL_CTX_set_cipher_list>(SSL_CTX *ctx, char *str);
@ -650,8 +650,10 @@ L<openssl(1)|openssl(1)>, L<crypto(3)|crypto(3)>,
L<SSL_accept(3)|SSL_accept(3)>, L<SSL_clear(3)|SSL_clear(3)>,
L<SSL_connect(3)|SSL_connect(3)>,
L<SSL_CIPHER_get_name(3)|SSL_CIPHER_get_name(3)>,
L<SSL_COMP_add_compression_method(3)|SSL_COMP_add_compression_method(3)>,
L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>,
L<SSL_CTX_add_session(3)|SSL_CTX_add_session(3)>,
L<SSL_CTX_ctrl(3)|SSL_CTX_ctrl(3)>,
L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>,
L<SSL_CTX_get_ex_new_index(3)|SSL_CTX_get_ex_new_index(3)>,
L<SSL_CTX_get_verify_mode(3)|SSL_CTX_get_verify_mode(3)>,
@ -661,18 +663,28 @@ L<SSL_CTX_sess_number(3)|SSL_CTX_sess_number(3)>,
L<SSL_CTX_sess_set_cache_size(3)|SSL_CTX_sess_set_cache_size(3)>,
L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>,
L<SSL_CTX_sessions(3)|SSL_CTX_sessions(3)>,
L<SSL_CTX_set_cert_store(3)|SSL_CTX_set_cert_store(3)>,
L<SSL_CTX_set_cert_verify_callback(3)|SSL_CTX_set_cert_verify_callback(3)>,
L<SSL_CTX_set_cipher_list(3)|SSL_CTX_set_cipher_list(3)>,
L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)>,
L<SSL_CTX_set_default_passwd_cb(3)|SSL_CTX_set_default_passwd_cb(3)>,
L<SSL_CTX_set_info_callback(3)|SSL_CTX_set_info_callback(3)>,
L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)>,
L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>,
L<SSL_CTX_set_quiet_shutdown(3)|SSL_CTX_set_quiet_shutdown(3)>,
L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
L<SSL_CTX_set_session_id_context(3)|SSL_CTX_set_session_id_context(3)>,
L<SSL_CTX_set_ssl_version(3)|SSL_CTX_set_ssl_version(3)>,
L<SSL_CTX_set_timeout(3)|SSL_CTX_set_timeout(3)>,
L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>,
L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>,
L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>,
L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>,
L<SSL_alert_type_string(3)|SSL_alert_type_string(3)>,
L<SSL_get_SSL_CTX(3)|SSL_get_SSL_CTX(3)>,
L<SSL_get_ciphers(3)|SSL_get_ciphers(3)>,
L<SSL_get_client_CA_list(3)|SSL_get_client_CA_list(3)>,
L<SSL_get_default_timeout(3)|SSL_get_default_timeout(3)>,
L<SSL_get_error(3)|SSL_get_error(3)>,
L<SSL_get_ex_data_X509_STORE_CTX_idx(3)|SSL_get_ex_data_X509_STORE_CTX_idx(3)>,
L<SSL_get_ex_new_index(3)|SSL_get_ex_new_index(3)>,
@ -685,12 +697,19 @@ L<SSL_get_version(3)|SSL_get_version(3)>,
L<SSL_library_init(3)|SSL_library_init(3)>,
L<SSL_load_client_CA_file(3)|SSL_load_client_CA_file(3)>,
L<SSL_new(3)|SSL_new(3)>,
L<SSL_read(3)|SSL_read(3)>, L<SSL_set_bio(3)|SSL_set_bio(3)>,
L<SSL_pending(3)|SSL_pending(3)>,
L<SSL_read(3)|SSL_read(3)>,
L<SSL_rstate_string(3)|SSL_rstate_string(3)>,
L<SSL_session_reused(3)|SSL_session_reused(3)>,
L<SSL_set_bio(3)|SSL_set_bio(3)>,
L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>,
L<SSL_set_fd(3)|SSL_set_fd(3)>, L<SSL_pending(3)|SSL_pending(3)>,
L<SSL_set_fd(3)|SSL_set_fd(3)>,
L<SSL_set_session(3)|SSL_set_session(3)>,
L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>,
L<SSL_shutdown(3)|SSL_shutdown(3)>, L<SSL_write(3)|SSL_write(3)>,
L<SSL_shutdown(3)|SSL_shutdown(3)>,
L<SSL_state_string(3)|SSL_state_string(3)>,
L<SSL_want(3)|SSL_want(3)>,
L<SSL_write(3)|SSL_write(3)>,
L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>,
L<SSL_SESSION_get_ex_new_index(3)|SSL_SESSION_get_ex_new_index(3)>,
L<SSL_SESSION_get_time(3)|SSL_SESSION_get_time(3)>,

9
e_os.h
View file

@ -413,13 +413,10 @@ extern HINSTANCE _hInstance;
# endif
#endif
#if defined(THREADS) || defined(sun)
#ifndef _REENTRANT
#define _REENTRANT
#endif
#endif
#if defined(sun) && !defined(__svr4__) && !defined(__SVR4)
/* include headers first, so our defines don't break it */
#include <stdlib.h>
#include <string.h>
/* bcopy can handle overlapping moves according to SunOS 4.1.4 manpage */
# define memmove(s1,s2,n) bcopy((s2),(s1),(n))
# define strtoul(s,e,b) ((unsigned long int)strtol((s),(e),(b)))

10
makevms.com
View file

@ -196,8 +196,14 @@ $ IF F$SEARCH("[.CRYPTO]OPENSSLCONF_H.IN") .NES. ""
$ THEN
$ TYPE [.CRYPTO]OPENSSLCONF_H.IN /OUTPUT=H_FILE:
$ ELSE
$ WRITE SYS$ERROR "Couldn't find a [.CRYPTO]OPENSSLCONF.H_IN. Exiting!"
$ EXIT 0
$ ! For ODS-5
$ IF F$SEARCH("[.CRYPTO]OPENSSLCONF.H.IN") .NES. ""
$ THEN
$ TYPE [.CRYPTO]OPENSSLCONF.H.IN /OUTPUT=H_FILE:
$ ELSE
$ WRITE SYS$ERROR "Couldn't find a [.CRYPTO]OPENSSLCONF.H_IN. Exiting!"
$ EXIT 0
$ ENDIF
$ ENDIF
$ ENDIF
$!

2
shlib/svr5-shared-gcc.sh
View file

@ -1,7 +1,7 @@
#!/usr/bin/sh
major="0"
minor="9.7"
minor="9.6b"
slib=libssl
sh_slib=$slib.so.$major.$minor

2
shlib/svr5-shared-installed
View file

@ -1,7 +1,7 @@
#!/usr/bin/sh
major="0"
minor="9.7"
minor="9.6b"
slib=libssl
sh_slib=$slib.so.$major.$minor

2
shlib/svr5-shared.sh
View file

@ -1,7 +1,7 @@
#!/usr/bin/sh
major="0"
minor="9.7"
minor="9.6b"
slib=libssl
sh_slib=$slib.so.$major.$minor

2
ssl/s23_clnt.c
View file

@ -113,8 +113,8 @@ int ssl23_connect(SSL *s)
else if (s->ctx->info_callback != NULL)
cb=s->ctx->info_callback;
if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
s->in_handshake++;
if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
for (;;)
{

53
ssl/s23_pkt.c
View file

@ -55,6 +55,59 @@
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <errno.h>

91
ssl/s23_srvr.c
View file

@ -55,6 +55,59 @@
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <openssl/buffer.h>
@ -112,8 +165,8 @@ int ssl23_accept(SSL *s)
else if (s->ctx->info_callback != NULL)
cb=s->ctx->info_callback;
if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
s->in_handshake++;
if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
for (;;)
{
@ -179,9 +232,9 @@ int ssl23_accept(SSL *s)
}
}
end:
s->in_handshake--;
if (cb != NULL)
cb(s,SSL_CB_ACCEPT_EXIT,ret);
s->in_handshake--;
return(ret);
}
@ -352,17 +405,22 @@ int ssl23_get_client_hello(SSL *s)
/* We must look at client_version inside the Client Hello message
* to get the correct minor version.
* However if we have only a pathologically small fragment of the
* Client Hello message, this would be difficult, we'd have
* to read at least one additional record to find out.
* This doesn't usually happen in real life, so we just complain
* for now.
*/
* Client Hello message, this would be difficult, and we'd have
* to read more records to find out.
* No known SSL 3.0 client fragments ClientHello like this,
* so we simply assume TLS 1.0 to avoid protocol version downgrade
* attacks. */
if (p[3] == 0 && p[4] < 6)
{
#if 0
SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_SMALL);
goto err;
#else
v[1] = TLS1_VERSION_MINOR;
#endif
}
v[1]=p[10]; /* minor version according to client_version */
else
v[1]=p[10]; /* minor version according to client_version */
if (v[1] >= TLS1_VERSION_MINOR)
{
if (!(s->options & SSL_OP_NO_TLSv1))
@ -376,10 +434,21 @@ int ssl23_get_client_hello(SSL *s)
type=3;
}
}
else if (!(s->options & SSL_OP_NO_SSLv3))
else
{
s->version=SSL3_VERSION;
type=3;
/* client requests SSL 3.0 */
if (!(s->options & SSL_OP_NO_SSLv3))
{
s->version=SSL3_VERSION;
type=3;
}
else if (!(s->options & SSL_OP_NO_TLSv1))
{
/* we won't be able to use TLS of course,
* but this will send an appropriate alert */
s->version=TLS1_VERSION;
type=3;
}
}
}
else if ((strncmp("GET ", (char *)p,4) == 0) ||

109
ssl/s2_clnt.c
View file

@ -55,6 +55,59 @@
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include "ssl_locl.h"
#ifndef NO_SSL2
@ -118,8 +171,8 @@ int ssl2_connect(SSL *s)
cb=s->ctx->info_callback;
/* init things to blank */
if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
s->in_handshake++;
if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
for (;;)
{
@ -287,6 +340,7 @@ static int get_server_hello(SSL *s)
unsigned char *buf;
unsigned char *p;
int i,j;
unsigned long len;
STACK_OF(SSL_CIPHER) *sk=NULL,*cl;
buf=(unsigned char *)s->init_buf->data;
@ -296,6 +350,7 @@ static int get_server_hello(SSL *s)
i=ssl2_read(s,(char *)&(buf[s->init_num]),11-s->init_num);
if (i < (11-s->init_num))
return(ssl2_part_read(s,SSL_F_GET_SERVER_HELLO,i));
s->init_num = 11;
if (*(p++) != SSL2_MT_SERVER_HELLO)
{
@ -324,18 +379,22 @@ static int get_server_hello(SSL *s)
n2s(p,i); s->s2->tmp.csl=i;
n2s(p,i); s->s2->tmp.conn_id_length=i;
s->state=SSL2_ST_GET_SERVER_HELLO_B;
s->init_num=0;
}
/* SSL2_ST_GET_SERVER_HELLO_B */
j=s->s2->tmp.cert_length+s->s2->tmp.csl+s->s2->tmp.conn_id_length
- s->init_num;
i=ssl2_read(s,(char *)&(buf[s->init_num]),j);
len = 11 + (unsigned long)s->s2->tmp.cert_length + (unsigned long)s->s2->tmp.csl + (unsigned long)s->s2->tmp.conn_id_length;
if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
{
SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_MESSAGE_TOO_LONG);
return -1;
}
j = (int)len - s->init_num;
i = ssl2_read(s,(char *)&(buf[s->init_num]),j);
if (i != j) return(ssl2_part_read(s,SSL_F_GET_SERVER_HELLO,i));
/* things are looking good */
p=buf;
p = buf + 11;
if (s->hit)
{
if (s->s2->tmp.cert_length != 0)
@ -645,11 +704,10 @@ static int client_certificate(SSL *s)
unsigned char *p,*d;
int i;
unsigned int n;
int cert_ch_len=0;
int cert_ch_len;
unsigned char *cert_ch;
buf=(unsigned char *)s->init_buf->data;
cert_ch= &(buf[2]);
/* We have a cert associated with the SSL, so attach it to
* the session if it does not have one */
@ -660,6 +718,7 @@ static int client_certificate(SSL *s)
SSL2_MAX_CERT_CHALLENGE_LENGTH+1-s->init_num);
if (i<(SSL2_MIN_CERT_CHALLENGE_LENGTH+1-s->init_num))
return(ssl2_part_read(s,SSL_F_CLIENT_CERTIFICATE,i));
s->init_num += i;
/* type=buf[0]; */
/* type eq x509 */
@ -669,7 +728,6 @@ static int client_certificate(SSL *s)
SSLerr(SSL_F_CLIENT_CERTIFICATE,SSL_R_BAD_AUTHENTICATION_TYPE);
return(-1);
}
cert_ch_len=i-1;
if ((s->cert == NULL) ||
(s->cert->key->x509 == NULL) ||
@ -681,6 +739,9 @@ static int client_certificate(SSL *s)
s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_C;
}
cert_ch = buf + 2;
cert_ch_len = s->init_num - 2;
if (s->state == SSL2_ST_X509_GET_CLIENT_CERTIFICATE)
{
X509 *x509=NULL;
@ -786,7 +847,7 @@ static int client_certificate(SSL *s)
static int get_server_verify(SSL *s)
{
unsigned char *p;
int i;
int i, n, len;
p=(unsigned char *)s->init_buf->data;
if (s->state == SSL2_ST_GET_SERVER_VERIFY_A)
@ -794,9 +855,9 @@ static int get_server_verify(SSL *s)
i=ssl2_read(s,(char *)&(p[s->init_num]),1-s->init_num);
if (i < (1-s->init_num))
return(ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i));
s->init_num += i;
s->state= SSL2_ST_GET_SERVER_VERIFY_B;
s->init_num=0;
if (*p != SSL2_MT_SERVER_VERIFY)
{
if (p[0] != SSL2_MT_ERROR)
@ -813,10 +874,13 @@ static int get_server_verify(SSL *s)
}
p=(unsigned char *)s->init_buf->data;
i=ssl2_read(s,(char *)&(p[s->init_num]),
(unsigned int)s->s2->challenge_length-s->init_num);
if (i < ((int)s->s2->challenge_length-s->init_num))
len = 1 + s->s2->challenge_length;
n = len - s->init_num;
i = ssl2_read(s,(char *)&(p[s->init_num]),n);
if (i < n)
return(ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i));
p += 1;
if (memcmp(p,s->s2->challenge,(unsigned int)s->s2->challenge_length) != 0)
{
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
@ -830,7 +894,7 @@ static int get_server_finished(SSL *s)
{
unsigned char *buf;
unsigned char *p;
int i;
int i, n, len;
buf=(unsigned char *)s->init_buf->data;
p=buf;
@ -839,7 +903,8 @@ static int get_server_finished(SSL *s)
i=ssl2_read(s,(char *)&(buf[s->init_num]),1-s->init_num);
if (i < (1-s->init_num))
return(ssl2_part_read(s,SSL_F_GET_SERVER_FINISHED,i));
s->init_num=i;
s->init_num += i;
if (*p == SSL2_MT_REQUEST_CERTIFICATE)
{
s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_A;
@ -856,14 +921,15 @@ static int get_server_finished(SSL *s)
SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_PEER_ERROR);
return(-1);
}
s->state=SSL_ST_OK;
s->init_num=0;
s->state=SSL2_ST_GET_SERVER_FINISHED_B;
}
i=ssl2_read(s,(char *)&(buf[s->init_num]),
SSL2_SSL_SESSION_ID_LENGTH-s->init_num);
if (i < (SSL2_SSL_SESSION_ID_LENGTH-s->init_num))
len = 1 + SSL2_SSL_SESSION_ID_LENGTH;
n = len - s->init_num;
i = ssl2_read(s,(char *)&(buf[s->init_num]), n);
if (i < n) /* XXX could be shorter than SSL2_SSL_SESSION_ID_LENGTH, that's the maximum */
return(ssl2_part_read(s,SSL_F_GET_SERVER_FINISHED,i));
s->init_num += i;
if (!s->hit) /* new session */
{
@ -887,6 +953,7 @@ static int get_server_finished(SSL *s)
}
}
}
s->state = SSL_ST_OK;
return(1);
}

4
ssl/s2_enc.c
View file

@ -111,8 +111,8 @@ err:
}
/* read/writes from s->s2->mac_data using length for encrypt and
* decrypt. It sets the s->s2->padding, s->[rw]length and
* s->s2->pad_data ptr if we are encrypting */
* decrypt. It sets s->s2->padding and s->[rw]length
* if we are encrypting */
void ssl2_enc(SSL *s, int send)
{
EVP_CIPHER_CTX *ds;

57
ssl/s2_pkt.c
View file

@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@ -130,7 +130,7 @@ static int ssl2_read_internal(SSL *s, void *buf, int len, int peek)
unsigned char mac[MAX_MAC_SIZE];
unsigned char *p;
int i;
unsigned int mac_size=0;
unsigned int mac_size;
ssl2_read_again:
if (SSL_in_init(s) && !s->in_handshake)
@ -235,17 +235,25 @@ static int ssl2_read_internal(SSL *s, void *buf, int len, int peek)
/* Data portion */
if (s->s2->clear_text)
{
mac_size = 0;
s->s2->mac_data=p;
s->s2->ract_data=p;
s->s2->pad_data=NULL;
if (s->s2->padding)
{
SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_ILLEGAL_PADDING);
return(-1);
}
}
else
{
mac_size=EVP_MD_size(s->read_hash);
s->s2->mac_data=p;
s->s2->ract_data= &p[mac_size];
s->s2->pad_data= &p[mac_size+
s->s2->rlength-s->s2->padding];
if (s->s2->padding + mac_size > s->s2->rlength)
{
SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_ILLEGAL_PADDING);
return(-1);
}
}
s->s2->ract_data_length=s->s2->rlength;
@ -593,10 +601,8 @@ static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len)
s->s2->wact_data= &(s->s2->wbuf[3+mac_size]);
/* we copy the data into s->s2->wbuf */
memcpy(s->s2->wact_data,buf,len);
#ifdef PURIFY
if (p)
memset(&(s->s2->wact_data[len]),0,p);
#endif
memset(&(s->s2->wact_data[len]),0,p); /* arbitrary padding */
if (!s->s2->clear_text)
{
@ -645,27 +651,36 @@ int ssl2_part_read(SSL *s, unsigned long f, int i)
unsigned char *p;
int j;
/* check for error */
if ((s->init_num == 0) && (i >= 3))
{
p=(unsigned char *)s->init_buf->data;
if (p[0] == SSL2_MT_ERROR)
{
j=(p[1]<<8)|p[2];
SSLerr((int)f,ssl_mt_error(j));
}
}
if (i < 0)
{
/* ssl2_return_error(s); */
/* for non-blocking io,
* this is not fatal */
* this is not necessarily fatal */
return(i);
}
else
{
s->init_num+=i;
/* Check for error. While there are recoverable errors,
* this function is not called when those must be expected;
* any error detected here is fatal. */
if (s->init_num >= 3)
{
p=(unsigned char *)s->init_buf->data;
if (p[0] == SSL2_MT_ERROR)
{
j=(p[1]<<8)|p[2];
SSLerr((int)f,ssl_mt_error(j));
s->init_num -= 3;
if (s->init_num > 0)
memmove(p, p+3, s->init_num);
}
}
/* If it's not an error message, we have some error anyway --
* the message was shorter than expected. This too is treated
* as fatal (at least if SSL_get_error is asked for its opinion). */
return(0);
}
}
@ -676,7 +691,9 @@ int ssl2_do_write(SSL *s)
ret=ssl2_write(s,&s->init_buf->data[s->init_off],s->init_num);
if (ret == s->init_num)
{
return(1);
}
if (ret < 0)
return(-1);
s->init_off+=ret;

Some files were not shown because too many files have changed in this diff Show more