merge conflicts, bump libraries to 11 for consistency.
This commit is contained in:
parent
603f28d89d
commit
338c254400
|
@ -2,6 +2,138 @@
|
||||||
OpenSSL CHANGES
|
OpenSSL CHANGES
|
||||||
_______________
|
_______________
|
||||||
|
|
||||||
|
Changes between 1.0.1r and 1.0.1s [1 Mar 2016]
|
||||||
|
|
||||||
|
* Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.
|
||||||
|
Builds that are not configured with "enable-weak-ssl-ciphers" will not
|
||||||
|
provide any "EXPORT" or "LOW" strength ciphers.
|
||||||
|
[Viktor Dukhovni]
|
||||||
|
|
||||||
|
* Disable SSLv2 default build, default negotiation and weak ciphers. SSLv2
|
||||||
|
is by default disabled at build-time. Builds that are not configured with
|
||||||
|
"enable-ssl2" will not support SSLv2. Even if "enable-ssl2" is used,
|
||||||
|
users who want to negotiate SSLv2 via the version-flexible SSLv23_method()
|
||||||
|
will need to explicitly call either of:
|
||||||
|
|
||||||
|
SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2);
|
||||||
|
or
|
||||||
|
SSL_clear_options(ssl, SSL_OP_NO_SSLv2);
|
||||||
|
|
||||||
|
as appropriate. Even if either of those is used, or the application
|
||||||
|
explicitly uses the version-specific SSLv2_method() or its client and
|
||||||
|
server variants, SSLv2 ciphers vulnerable to exhaustive search key
|
||||||
|
recovery have been removed. Specifically, the SSLv2 40-bit EXPORT
|
||||||
|
ciphers, and SSLv2 56-bit DES are no longer available.
|
||||||
|
(CVE-2016-0800)
|
||||||
|
[Viktor Dukhovni]
|
||||||
|
|
||||||
|
*) Fix a double-free in DSA code
|
||||||
|
|
||||||
|
A double free bug was discovered when OpenSSL parses malformed DSA private
|
||||||
|
keys and could lead to a DoS attack or memory corruption for applications
|
||||||
|
that receive DSA private keys from untrusted sources. This scenario is
|
||||||
|
considered rare.
|
||||||
|
|
||||||
|
This issue was reported to OpenSSL by Adam Langley(Google/BoringSSL) using
|
||||||
|
libFuzzer.
|
||||||
|
(CVE-2016-0705)
|
||||||
|
[Stephen Henson]
|
||||||
|
|
||||||
|
*) Disable SRP fake user seed to address a server memory leak.
|
||||||
|
|
||||||
|
Add a new method SRP_VBASE_get1_by_user that handles the seed properly.
|
||||||
|
|
||||||
|
SRP_VBASE_get_by_user had inconsistent memory management behaviour.
|
||||||
|
In order to fix an unavoidable memory leak, SRP_VBASE_get_by_user
|
||||||
|
was changed to ignore the "fake user" SRP seed, even if the seed
|
||||||
|
is configured.
|
||||||
|
|
||||||
|
Users should use SRP_VBASE_get1_by_user instead. Note that in
|
||||||
|
SRP_VBASE_get1_by_user, caller must free the returned value. Note
|
||||||
|
also that even though configuring the SRP seed attempts to hide
|
||||||
|
invalid usernames by continuing the handshake with fake
|
||||||
|
credentials, this behaviour is not constant time and no strong
|
||||||
|
guarantees are made that the handshake is indistinguishable from
|
||||||
|
that of a valid user.
|
||||||
|
(CVE-2016-0798)
|
||||||
|
[Emilia Käsper]
|
||||||
|
|
||||||
|
*) Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
|
||||||
|
|
||||||
|
In the BN_hex2bn function the number of hex digits is calculated using an
|
||||||
|
int value |i|. Later |bn_expand| is called with a value of |i * 4|. For
|
||||||
|
large values of |i| this can result in |bn_expand| not allocating any
|
||||||
|
memory because |i * 4| is negative. This can leave the internal BIGNUM data
|
||||||
|
field as NULL leading to a subsequent NULL ptr deref. For very large values
|
||||||
|
of |i|, the calculation |i * 4| could be a positive value smaller than |i|.
|
||||||
|
In this case memory is allocated to the internal BIGNUM data field, but it
|
||||||
|
is insufficiently sized leading to heap corruption. A similar issue exists
|
||||||
|
in BN_dec2bn. This could have security consequences if BN_hex2bn/BN_dec2bn
|
||||||
|
is ever called by user applications with very large untrusted hex/dec data.
|
||||||
|
This is anticipated to be a rare occurrence.
|
||||||
|
|
||||||
|
All OpenSSL internal usage of these functions use data that is not expected
|
||||||
|
to be untrusted, e.g. config file data or application command line
|
||||||
|
arguments. If user developed applications generate config file data based
|
||||||
|
on untrusted data then it is possible that this could also lead to security
|
||||||
|
consequences. This is also anticipated to be rare.
|
||||||
|
|
||||||
|
This issue was reported to OpenSSL by Guido Vranken.
|
||||||
|
(CVE-2016-0797)
|
||||||
|
[Matt Caswell]
|
||||||
|
|
||||||
|
*) Fix memory issues in BIO_*printf functions
|
||||||
|
|
||||||
|
The internal |fmtstr| function used in processing a "%s" format string in
|
||||||
|
the BIO_*printf functions could overflow while calculating the length of a
|
||||||
|
string and cause an OOB read when printing very long strings.
|
||||||
|
|
||||||
|
Additionally the internal |doapr_outch| function can attempt to write to an
|
||||||
|
OOB memory location (at an offset from the NULL pointer) in the event of a
|
||||||
|
memory allocation failure. In 1.0.2 and below this could be caused where
|
||||||
|
the size of a buffer to be allocated is greater than INT_MAX. E.g. this
|
||||||
|
could be in processing a very long "%s" format string. Memory leaks can
|
||||||
|
also occur.
|
||||||
|
|
||||||
|
The first issue may mask the second issue dependent on compiler behaviour.
|
||||||
|
These problems could enable attacks where large amounts of untrusted data
|
||||||
|
is passed to the BIO_*printf functions. If applications use these functions
|
||||||
|
in this way then they could be vulnerable. OpenSSL itself uses these
|
||||||
|
functions when printing out human-readable dumps of ASN.1 data. Therefore
|
||||||
|
applications that print this data could be vulnerable if the data is from
|
||||||
|
untrusted sources. OpenSSL command line applications could also be
|
||||||
|
vulnerable where they print out ASN.1 data, or if untrusted data is passed
|
||||||
|
as command line arguments.
|
||||||
|
|
||||||
|
Libssl is not considered directly vulnerable. Additionally certificates etc
|
||||||
|
received via remote connections via libssl are also unlikely to be able to
|
||||||
|
trigger these issues because of message size limits enforced within libssl.
|
||||||
|
|
||||||
|
This issue was reported to OpenSSL Guido Vranken.
|
||||||
|
(CVE-2016-0799)
|
||||||
|
[Matt Caswell]
|
||||||
|
|
||||||
|
*) Side channel attack on modular exponentiation
|
||||||
|
|
||||||
|
A side-channel attack was found which makes use of cache-bank conflicts on
|
||||||
|
the Intel Sandy-Bridge microarchitecture which could lead to the recovery
|
||||||
|
of RSA keys. The ability to exploit this issue is limited as it relies on
|
||||||
|
an attacker who has control of code in a thread running on the same
|
||||||
|
hyper-threaded core as the victim thread which is performing decryptions.
|
||||||
|
|
||||||
|
This issue was reported to OpenSSL by Yuval Yarom, The University of
|
||||||
|
Adelaide and NICTA, Daniel Genkin, Technion and Tel Aviv University, and
|
||||||
|
Nadia Heninger, University of Pennsylvania with more information at
|
||||||
|
http://cachebleed.info.
|
||||||
|
(CVE-2016-0702)
|
||||||
|
[Andy Polyakov]
|
||||||
|
|
||||||
|
*) Change the req app to generate a 2048-bit RSA/DSA key by default,
|
||||||
|
if no keysize is specified with default_bits. This fixes an
|
||||||
|
omission in an earlier change that changed all RSA/DSA key generation
|
||||||
|
apps to use 2048 bits by default.
|
||||||
|
[Emilia Käsper]
|
||||||
|
|
||||||
Changes between 1.0.1q and 1.0.1r [28 Jan 2016]
|
Changes between 1.0.1q and 1.0.1r [28 Jan 2016]
|
||||||
|
|
||||||
*) Protection for DH small subgroup attacks
|
*) Protection for DH small subgroup attacks
|
||||||
|
@ -62,7 +194,7 @@
|
||||||
[Emilia Käsper]
|
[Emilia Käsper]
|
||||||
|
|
||||||
*) In DSA_generate_parameters_ex, if the provided seed is too short,
|
*) In DSA_generate_parameters_ex, if the provided seed is too short,
|
||||||
return an error
|
use a random seed, as already documented.
|
||||||
[Rich Salz and Ismo Puustinen <ismo.puustinen@intel.com>]
|
[Rich Salz and Ismo Puustinen <ismo.puustinen@intel.com>]
|
||||||
|
|
||||||
Changes between 1.0.1o and 1.0.1p [9 Jul 2015]
|
Changes between 1.0.1o and 1.0.1p [9 Jul 2015]
|
||||||
|
|
|
@ -58,6 +58,10 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimenta
|
||||||
# library and will be loaded in run-time by the OpenSSL library.
|
# library and will be loaded in run-time by the OpenSSL library.
|
||||||
# sctp include SCTP support
|
# sctp include SCTP support
|
||||||
# 386 generate 80386 code
|
# 386 generate 80386 code
|
||||||
|
# enable-weak-ssl-ciphers
|
||||||
|
# Enable EXPORT and LOW SSLv3 ciphers that are disabled by
|
||||||
|
# default. Note, weak SSLv2 ciphers are unconditionally
|
||||||
|
# disabled.
|
||||||
# no-sse2 disables IA-32 SSE2 code, above option implies no-sse2
|
# no-sse2 disables IA-32 SSE2 code, above option implies no-sse2
|
||||||
# no-<cipher> build without specified algorithm (rsa, idea, rc5, ...)
|
# no-<cipher> build without specified algorithm (rsa, idea, rc5, ...)
|
||||||
# -<xxx> +<xxx> compiler options are passed through
|
# -<xxx> +<xxx> compiler options are passed through
|
||||||
|
@ -724,10 +728,12 @@ my %disabled = ( # "what" => "comment" [or special keyword "experimental
|
||||||
"md2" => "default",
|
"md2" => "default",
|
||||||
"rc5" => "default",
|
"rc5" => "default",
|
||||||
"rfc3779" => "default",
|
"rfc3779" => "default",
|
||||||
"sctp" => "default",
|
"sctp" => "default",
|
||||||
"shared" => "default",
|
"shared" => "default",
|
||||||
|
"ssl2" => "default",
|
||||||
"store" => "experimental",
|
"store" => "experimental",
|
||||||
"unit-test" => "default",
|
"unit-test" => "default",
|
||||||
|
"weak-ssl-ciphers" => "default",
|
||||||
"zlib" => "default",
|
"zlib" => "default",
|
||||||
"zlib-dynamic" => "default"
|
"zlib-dynamic" => "default"
|
||||||
);
|
);
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
## Makefile for OpenSSL
|
## Makefile for OpenSSL
|
||||||
##
|
##
|
||||||
|
|
||||||
VERSION=1.0.1r
|
VERSION=1.0.1s
|
||||||
MAJOR=1
|
MAJOR=1
|
||||||
MINOR=0.1
|
MINOR=0.1
|
||||||
SHLIB_VERSION_NUMBER=1.0.0
|
SHLIB_VERSION_NUMBER=1.0.0
|
||||||
|
@ -13,7 +13,7 @@ SHLIB_MAJOR=1
|
||||||
SHLIB_MINOR=0.0
|
SHLIB_MINOR=0.0
|
||||||
SHLIB_EXT=
|
SHLIB_EXT=
|
||||||
PLATFORM=dist
|
PLATFORM=dist
|
||||||
OPTIONS= no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-md2 no-rc5 no-rfc3779 no-sctp no-shared no-store no-unit-test no-zlib no-zlib-dynamic static-engine
|
OPTIONS= no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-md2 no-rc5 no-rfc3779 no-sctp no-shared no-ssl2 no-store no-unit-test no-weak-ssl-ciphers no-zlib no-zlib-dynamic static-engine
|
||||||
CONFIGURE_ARGS=dist
|
CONFIGURE_ARGS=dist
|
||||||
SHLIB_TARGET=
|
SHLIB_TARGET=
|
||||||
|
|
||||||
|
@ -61,7 +61,7 @@ OPENSSLDIR=/usr/local/ssl
|
||||||
|
|
||||||
CC= cc
|
CC= cc
|
||||||
CFLAG= -O
|
CFLAG= -O
|
||||||
DEPFLAG= -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST
|
DEPFLAG= -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS
|
||||||
PEX_LIBS=
|
PEX_LIBS=
|
||||||
EX_LIBS=
|
EX_LIBS=
|
||||||
EXE_EXT=
|
EXE_EXT=
|
||||||
|
|
|
@ -5,6 +5,19 @@
|
||||||
This file gives a brief overview of the major changes between each OpenSSL
|
This file gives a brief overview of the major changes between each OpenSSL
|
||||||
release. For more details please read the CHANGES file.
|
release. For more details please read the CHANGES file.
|
||||||
|
|
||||||
|
Major changes between OpenSSL 1.0.1r and OpenSSL 1.0.1s [1 Mar 2016]
|
||||||
|
|
||||||
|
o Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.
|
||||||
|
o Disable SSLv2 default build, default negotiation and weak ciphers
|
||||||
|
(CVE-2016-0800)
|
||||||
|
o Fix a double-free in DSA code (CVE-2016-0705)
|
||||||
|
o Disable SRP fake user seed to address a server memory leak
|
||||||
|
(CVE-2016-0798)
|
||||||
|
o Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
|
||||||
|
(CVE-2016-0797)
|
||||||
|
o Fix memory issues in BIO_*printf functions (CVE-2016-0799)
|
||||||
|
o Fix side channel attack on modular exponentiation (CVE-2016-0702)
|
||||||
|
|
||||||
Major changes between OpenSSL 1.0.1q and OpenSSL 1.0.1r [28 Jan 2016]
|
Major changes between OpenSSL 1.0.1q and OpenSSL 1.0.1r [28 Jan 2016]
|
||||||
|
|
||||||
o Protection for DH small subgroup attacks
|
o Protection for DH small subgroup attacks
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
|
|
||||||
OpenSSL 1.0.1r 28 Jan 2016
|
OpenSSL 1.0.1s 1 Mar 2016
|
||||||
|
|
||||||
Copyright (c) 1998-2015 The OpenSSL Project
|
Copyright (c) 1998-2015 The OpenSSL Project
|
||||||
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
|
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
|
||||||
|
|
|
@ -416,6 +416,8 @@ typedef struct srpsrvparm_st {
|
||||||
static int MS_CALLBACK ssl_srp_server_param_cb(SSL *s, int *ad, void *arg)
|
static int MS_CALLBACK ssl_srp_server_param_cb(SSL *s, int *ad, void *arg)
|
||||||
{
|
{
|
||||||
srpsrvparm *p = (srpsrvparm *) arg;
|
srpsrvparm *p = (srpsrvparm *) arg;
|
||||||
|
int ret = SSL3_AL_FATAL;
|
||||||
|
|
||||||
if (p->login == NULL && p->user == NULL) {
|
if (p->login == NULL && p->user == NULL) {
|
||||||
p->login = SSL_get_srp_username(s);
|
p->login = SSL_get_srp_username(s);
|
||||||
BIO_printf(bio_err, "SRP username = \"%s\"\n", p->login);
|
BIO_printf(bio_err, "SRP username = \"%s\"\n", p->login);
|
||||||
|
@ -424,21 +426,25 @@ static int MS_CALLBACK ssl_srp_server_param_cb(SSL *s, int *ad, void *arg)
|
||||||
|
|
||||||
if (p->user == NULL) {
|
if (p->user == NULL) {
|
||||||
BIO_printf(bio_err, "User %s doesn't exist\n", p->login);
|
BIO_printf(bio_err, "User %s doesn't exist\n", p->login);
|
||||||
return SSL3_AL_FATAL;
|
goto err;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (SSL_set_srp_server_param
|
if (SSL_set_srp_server_param
|
||||||
(s, p->user->N, p->user->g, p->user->s, p->user->v,
|
(s, p->user->N, p->user->g, p->user->s, p->user->v,
|
||||||
p->user->info) < 0) {
|
p->user->info) < 0) {
|
||||||
*ad = SSL_AD_INTERNAL_ERROR;
|
*ad = SSL_AD_INTERNAL_ERROR;
|
||||||
return SSL3_AL_FATAL;
|
goto err;
|
||||||
}
|
}
|
||||||
BIO_printf(bio_err,
|
BIO_printf(bio_err,
|
||||||
"SRP parameters set: username = \"%s\" info=\"%s\" \n",
|
"SRP parameters set: username = \"%s\" info=\"%s\" \n",
|
||||||
p->login, p->user->info);
|
p->login, p->user->info);
|
||||||
/* need to check whether there are memory leaks */
|
ret = SSL_ERROR_NONE;
|
||||||
|
|
||||||
|
err:
|
||||||
|
SRP_user_pwd_free(p->user);
|
||||||
p->user = NULL;
|
p->user = NULL;
|
||||||
p->login = NULL;
|
p->login = NULL;
|
||||||
return SSL_ERROR_NONE;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
@ -2249,9 +2255,10 @@ static int sv_body(char *hostname, int s, unsigned char *context)
|
||||||
#ifndef OPENSSL_NO_SRP
|
#ifndef OPENSSL_NO_SRP
|
||||||
while (SSL_get_error(con, k) == SSL_ERROR_WANT_X509_LOOKUP) {
|
while (SSL_get_error(con, k) == SSL_ERROR_WANT_X509_LOOKUP) {
|
||||||
BIO_printf(bio_s_out, "LOOKUP renego during write\n");
|
BIO_printf(bio_s_out, "LOOKUP renego during write\n");
|
||||||
|
SRP_user_pwd_free(srp_callback_parm.user);
|
||||||
srp_callback_parm.user =
|
srp_callback_parm.user =
|
||||||
SRP_VBASE_get_by_user(srp_callback_parm.vb,
|
SRP_VBASE_get1_by_user(srp_callback_parm.vb,
|
||||||
srp_callback_parm.login);
|
srp_callback_parm.login);
|
||||||
if (srp_callback_parm.user)
|
if (srp_callback_parm.user)
|
||||||
BIO_printf(bio_s_out, "LOOKUP done %s\n",
|
BIO_printf(bio_s_out, "LOOKUP done %s\n",
|
||||||
srp_callback_parm.user->info);
|
srp_callback_parm.user->info);
|
||||||
|
@ -2305,9 +2312,10 @@ static int sv_body(char *hostname, int s, unsigned char *context)
|
||||||
#ifndef OPENSSL_NO_SRP
|
#ifndef OPENSSL_NO_SRP
|
||||||
while (SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
|
while (SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
|
||||||
BIO_printf(bio_s_out, "LOOKUP renego during read\n");
|
BIO_printf(bio_s_out, "LOOKUP renego during read\n");
|
||||||
|
SRP_user_pwd_free(srp_callback_parm.user);
|
||||||
srp_callback_parm.user =
|
srp_callback_parm.user =
|
||||||
SRP_VBASE_get_by_user(srp_callback_parm.vb,
|
SRP_VBASE_get1_by_user(srp_callback_parm.vb,
|
||||||
srp_callback_parm.login);
|
srp_callback_parm.login);
|
||||||
if (srp_callback_parm.user)
|
if (srp_callback_parm.user)
|
||||||
BIO_printf(bio_s_out, "LOOKUP done %s\n",
|
BIO_printf(bio_s_out, "LOOKUP done %s\n",
|
||||||
srp_callback_parm.user->info);
|
srp_callback_parm.user->info);
|
||||||
|
@ -2392,9 +2400,10 @@ static int init_ssl_connection(SSL *con)
|
||||||
while (i <= 0 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
|
while (i <= 0 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
|
||||||
BIO_printf(bio_s_out, "LOOKUP during accept %s\n",
|
BIO_printf(bio_s_out, "LOOKUP during accept %s\n",
|
||||||
srp_callback_parm.login);
|
srp_callback_parm.login);
|
||||||
|
SRP_user_pwd_free(srp_callback_parm.user);
|
||||||
srp_callback_parm.user =
|
srp_callback_parm.user =
|
||||||
SRP_VBASE_get_by_user(srp_callback_parm.vb,
|
SRP_VBASE_get1_by_user(srp_callback_parm.vb,
|
||||||
srp_callback_parm.login);
|
srp_callback_parm.login);
|
||||||
if (srp_callback_parm.user)
|
if (srp_callback_parm.user)
|
||||||
BIO_printf(bio_s_out, "LOOKUP done %s\n",
|
BIO_printf(bio_s_out, "LOOKUP done %s\n",
|
||||||
srp_callback_parm.user->info);
|
srp_callback_parm.user->info);
|
||||||
|
@ -2621,9 +2630,10 @@ static int www_body(char *hostname, int s, unsigned char *context)
|
||||||
&& SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
|
&& SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
|
||||||
BIO_printf(bio_s_out, "LOOKUP during accept %s\n",
|
BIO_printf(bio_s_out, "LOOKUP during accept %s\n",
|
||||||
srp_callback_parm.login);
|
srp_callback_parm.login);
|
||||||
|
SRP_user_pwd_free(srp_callback_parm.user);
|
||||||
srp_callback_parm.user =
|
srp_callback_parm.user =
|
||||||
SRP_VBASE_get_by_user(srp_callback_parm.vb,
|
SRP_VBASE_get1_by_user(srp_callback_parm.vb,
|
||||||
srp_callback_parm.login);
|
srp_callback_parm.login);
|
||||||
if (srp_callback_parm.user)
|
if (srp_callback_parm.user)
|
||||||
BIO_printf(bio_s_out, "LOOKUP done %s\n",
|
BIO_printf(bio_s_out, "LOOKUP done %s\n",
|
||||||
srp_callback_parm.user->info);
|
srp_callback_parm.user->info);
|
||||||
|
@ -2663,9 +2673,10 @@ static int www_body(char *hostname, int s, unsigned char *context)
|
||||||
if (BIO_should_io_special(io)
|
if (BIO_should_io_special(io)
|
||||||
&& BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) {
|
&& BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) {
|
||||||
BIO_printf(bio_s_out, "LOOKUP renego during read\n");
|
BIO_printf(bio_s_out, "LOOKUP renego during read\n");
|
||||||
|
SRP_user_pwd_free(srp_callback_parm.user);
|
||||||
srp_callback_parm.user =
|
srp_callback_parm.user =
|
||||||
SRP_VBASE_get_by_user(srp_callback_parm.vb,
|
SRP_VBASE_get1_by_user(srp_callback_parm.vb,
|
||||||
srp_callback_parm.login);
|
srp_callback_parm.login);
|
||||||
if (srp_callback_parm.user)
|
if (srp_callback_parm.user)
|
||||||
BIO_printf(bio_s_out, "LOOKUP done %s\n",
|
BIO_printf(bio_s_out, "LOOKUP done %s\n",
|
||||||
srp_callback_parm.user->info);
|
srp_callback_parm.user->info);
|
||||||
|
|
|
@ -125,6 +125,7 @@
|
||||||
#ifndef HEADER_BN_H
|
#ifndef HEADER_BN_H
|
||||||
# define HEADER_BN_H
|
# define HEADER_BN_H
|
||||||
|
|
||||||
|
# include <limits.h>
|
||||||
# include <openssl/e_os2.h>
|
# include <openssl/e_os2.h>
|
||||||
# ifndef OPENSSL_NO_FP_API
|
# ifndef OPENSSL_NO_FP_API
|
||||||
# include <stdio.h> /* FILE */
|
# include <stdio.h> /* FILE */
|
||||||
|
@ -739,8 +740,17 @@ const BIGNUM *BN_get0_nist_prime_521(void);
|
||||||
|
|
||||||
/* library internal functions */
|
/* library internal functions */
|
||||||
|
|
||||||
# define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\
|
# define bn_expand(a,bits) \
|
||||||
(a):bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2))
|
( \
|
||||||
|
bits > (INT_MAX - BN_BITS2 + 1) ? \
|
||||||
|
NULL \
|
||||||
|
: \
|
||||||
|
(((bits+BN_BITS2-1)/BN_BITS2) <= (a)->dmax) ? \
|
||||||
|
(a) \
|
||||||
|
: \
|
||||||
|
bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2) \
|
||||||
|
)
|
||||||
|
|
||||||
# define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words)))
|
# define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words)))
|
||||||
BIGNUM *bn_expand2(BIGNUM *a, int words);
|
BIGNUM *bn_expand2(BIGNUM *a, int words);
|
||||||
# ifndef OPENSSL_NO_DEPRECATED
|
# ifndef OPENSSL_NO_DEPRECATED
|
||||||
|
|
|
@ -110,6 +110,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "cryptlib.h"
|
#include "cryptlib.h"
|
||||||
|
#include "constant_time_locl.h"
|
||||||
#include "bn_lcl.h"
|
#include "bn_lcl.h"
|
||||||
|
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
|
@ -550,15 +551,17 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
|
||||||
|
|
||||||
static int MOD_EXP_CTIME_COPY_TO_PREBUF(const BIGNUM *b, int top,
|
static int MOD_EXP_CTIME_COPY_TO_PREBUF(const BIGNUM *b, int top,
|
||||||
unsigned char *buf, int idx,
|
unsigned char *buf, int idx,
|
||||||
int width)
|
int window)
|
||||||
{
|
{
|
||||||
size_t i, j;
|
int i, j;
|
||||||
|
int width = 1 << window;
|
||||||
|
BN_ULONG *table = (BN_ULONG *)buf;
|
||||||
|
|
||||||
if (top > b->top)
|
if (top > b->top)
|
||||||
top = b->top; /* this works because 'buf' is explicitly
|
top = b->top; /* this works because 'buf' is explicitly
|
||||||
* zeroed */
|
* zeroed */
|
||||||
for (i = 0, j = idx; i < top * sizeof b->d[0]; i++, j += width) {
|
for (i = 0, j = idx; i < top; i++, j += width) {
|
||||||
buf[j] = ((unsigned char *)b->d)[i];
|
table[j] = b->d[i];
|
||||||
}
|
}
|
||||||
|
|
||||||
return 1;
|
return 1;
|
||||||
|
@ -566,15 +569,51 @@ static int MOD_EXP_CTIME_COPY_TO_PREBUF(const BIGNUM *b, int top,
|
||||||
|
|
||||||
static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top,
|
static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top,
|
||||||
unsigned char *buf, int idx,
|
unsigned char *buf, int idx,
|
||||||
int width)
|
int window)
|
||||||
{
|
{
|
||||||
size_t i, j;
|
int i, j;
|
||||||
|
int width = 1 << window;
|
||||||
|
volatile BN_ULONG *table = (volatile BN_ULONG *)buf;
|
||||||
|
|
||||||
if (bn_wexpand(b, top) == NULL)
|
if (bn_wexpand(b, top) == NULL)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
for (i = 0, j = idx; i < top * sizeof b->d[0]; i++, j += width) {
|
if (window <= 3) {
|
||||||
((unsigned char *)b->d)[i] = buf[j];
|
for (i = 0; i < top; i++, table += width) {
|
||||||
|
BN_ULONG acc = 0;
|
||||||
|
|
||||||
|
for (j = 0; j < width; j++) {
|
||||||
|
acc |= table[j] &
|
||||||
|
((BN_ULONG)0 - (constant_time_eq_int(j,idx)&1));
|
||||||
|
}
|
||||||
|
|
||||||
|
b->d[i] = acc;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
int xstride = 1 << (window - 2);
|
||||||
|
BN_ULONG y0, y1, y2, y3;
|
||||||
|
|
||||||
|
i = idx >> (window - 2); /* equivalent of idx / xstride */
|
||||||
|
idx &= xstride - 1; /* equivalent of idx % xstride */
|
||||||
|
|
||||||
|
y0 = (BN_ULONG)0 - (constant_time_eq_int(i,0)&1);
|
||||||
|
y1 = (BN_ULONG)0 - (constant_time_eq_int(i,1)&1);
|
||||||
|
y2 = (BN_ULONG)0 - (constant_time_eq_int(i,2)&1);
|
||||||
|
y3 = (BN_ULONG)0 - (constant_time_eq_int(i,3)&1);
|
||||||
|
|
||||||
|
for (i = 0; i < top; i++, table += width) {
|
||||||
|
BN_ULONG acc = 0;
|
||||||
|
|
||||||
|
for (j = 0; j < xstride; j++) {
|
||||||
|
acc |= ( (table[j + 0 * xstride] & y0) |
|
||||||
|
(table[j + 1 * xstride] & y1) |
|
||||||
|
(table[j + 2 * xstride] & y2) |
|
||||||
|
(table[j + 3 * xstride] & y3) )
|
||||||
|
& ((BN_ULONG)0 - (constant_time_eq_int(j,idx)&1));
|
||||||
|
}
|
||||||
|
|
||||||
|
b->d[i] = acc;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
b->top = top;
|
b->top = top;
|
||||||
|
@ -804,9 +843,9 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
|
||||||
} else
|
} else
|
||||||
#endif
|
#endif
|
||||||
{
|
{
|
||||||
if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 0, numPowers))
|
if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 0, window))
|
||||||
goto err;
|
goto err;
|
||||||
if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&am, top, powerbuf, 1, numPowers))
|
if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&am, top, powerbuf, 1, window))
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -818,15 +857,15 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
|
||||||
if (window > 1) {
|
if (window > 1) {
|
||||||
if (!BN_mod_mul_montgomery(&tmp, &am, &am, mont, ctx))
|
if (!BN_mod_mul_montgomery(&tmp, &am, &am, mont, ctx))
|
||||||
goto err;
|
goto err;
|
||||||
if (!MOD_EXP_CTIME_COPY_TO_PREBUF
|
if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 2,
|
||||||
(&tmp, top, powerbuf, 2, numPowers))
|
window))
|
||||||
goto err;
|
goto err;
|
||||||
for (i = 3; i < numPowers; i++) {
|
for (i = 3; i < numPowers; i++) {
|
||||||
/* Calculate a^i = a^(i-1) * a */
|
/* Calculate a^i = a^(i-1) * a */
|
||||||
if (!BN_mod_mul_montgomery(&tmp, &am, &tmp, mont, ctx))
|
if (!BN_mod_mul_montgomery(&tmp, &am, &tmp, mont, ctx))
|
||||||
goto err;
|
goto err;
|
||||||
if (!MOD_EXP_CTIME_COPY_TO_PREBUF
|
if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, i,
|
||||||
(&tmp, top, powerbuf, i, numPowers))
|
window))
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -834,8 +873,8 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
|
||||||
bits--;
|
bits--;
|
||||||
for (wvalue = 0, i = bits % window; i >= 0; i--, bits--)
|
for (wvalue = 0, i = bits % window; i >= 0; i--, bits--)
|
||||||
wvalue = (wvalue << 1) + BN_is_bit_set(p, bits);
|
wvalue = (wvalue << 1) + BN_is_bit_set(p, bits);
|
||||||
if (!MOD_EXP_CTIME_COPY_FROM_PREBUF
|
if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&tmp, top, powerbuf, wvalue,
|
||||||
(&tmp, top, powerbuf, wvalue, numPowers))
|
window))
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -855,8 +894,8 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
|
||||||
/*
|
/*
|
||||||
* Fetch the appropriate pre-computed value from the pre-buf
|
* Fetch the appropriate pre-computed value from the pre-buf
|
||||||
*/
|
*/
|
||||||
if (!MOD_EXP_CTIME_COPY_FROM_PREBUF
|
if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&am, top, powerbuf, wvalue,
|
||||||
(&am, top, powerbuf, wvalue, numPowers))
|
window))
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
/* Multiply the result into the intermediate result */
|
/* Multiply the result into the intermediate result */
|
||||||
|
|
|
@ -191,6 +191,8 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
|
||||||
STACK_OF(ASN1_TYPE) *ndsa = NULL;
|
STACK_OF(ASN1_TYPE) *ndsa = NULL;
|
||||||
DSA *dsa = NULL;
|
DSA *dsa = NULL;
|
||||||
|
|
||||||
|
int ret = 0;
|
||||||
|
|
||||||
if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
|
if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
|
||||||
return 0;
|
return 0;
|
||||||
X509_ALGOR_get0(NULL, &ptype, &pval, palg);
|
X509_ALGOR_get0(NULL, &ptype, &pval, palg);
|
||||||
|
@ -262,23 +264,21 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
|
||||||
}
|
}
|
||||||
|
|
||||||
EVP_PKEY_assign_DSA(pkey, dsa);
|
EVP_PKEY_assign_DSA(pkey, dsa);
|
||||||
|
|
||||||
|
ret = 1;
|
||||||
|
goto done;
|
||||||
|
|
||||||
|
decerr:
|
||||||
|
DSAerr(DSA_F_DSA_PRIV_DECODE, EVP_R_DECODE_ERROR);
|
||||||
|
dsaerr:
|
||||||
|
DSA_free(dsa);
|
||||||
|
done:
|
||||||
BN_CTX_free(ctx);
|
BN_CTX_free(ctx);
|
||||||
if (ndsa)
|
if (ndsa)
|
||||||
sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
|
sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
|
||||||
else
|
else
|
||||||
ASN1_STRING_clear_free(privkey);
|
ASN1_STRING_clear_free(privkey);
|
||||||
|
return ret;
|
||||||
return 1;
|
|
||||||
|
|
||||||
decerr:
|
|
||||||
DSAerr(DSA_F_DSA_PRIV_DECODE, EVP_R_DECODE_ERROR);
|
|
||||||
dsaerr:
|
|
||||||
BN_CTX_free(ctx);
|
|
||||||
if (privkey)
|
|
||||||
ASN1_STRING_clear_free(privkey);
|
|
||||||
sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
|
|
||||||
DSA_free(dsa);
|
|
||||||
return 0;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
|
static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
|
||||||
|
|
|
@ -30,6 +30,12 @@ extern "C" {
|
||||||
#ifndef OPENSSL_NO_RFC3779
|
#ifndef OPENSSL_NO_RFC3779
|
||||||
# define OPENSSL_NO_RFC3779
|
# define OPENSSL_NO_RFC3779
|
||||||
#endif
|
#endif
|
||||||
|
#ifndef OPENSSL_NO_SCTP
|
||||||
|
# define OPENSSL_NO_SCTP
|
||||||
|
#endif
|
||||||
|
#ifndef OPENSSL_NO_SSL2
|
||||||
|
# define OPENSSL_NO_SSL2
|
||||||
|
#endif
|
||||||
#ifndef OPENSSL_NO_STORE
|
#ifndef OPENSSL_NO_STORE
|
||||||
# define OPENSSL_NO_STORE
|
# define OPENSSL_NO_STORE
|
||||||
#endif
|
#endif
|
||||||
|
@ -40,9 +46,15 @@ extern "C" {
|
||||||
#ifndef OPENSSL_NO_SCTP
|
#ifndef OPENSSL_NO_SCTP
|
||||||
# define OPENSSL_NO_SCTP
|
# define OPENSSL_NO_SCTP
|
||||||
#endif
|
#endif
|
||||||
|
#ifndef OPENSSL_NO_SSL2
|
||||||
|
# define OPENSSL_NO_SSL2
|
||||||
|
#endif
|
||||||
#endif /* __NetBSD__ */
|
#endif /* __NetBSD__ */
|
||||||
|
|
||||||
#define OPENSSL_CPUID_OBJ
|
#define OPENSSL_CPUID_OBJ
|
||||||
|
#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
|
||||||
|
# define OPENSSL_NO_WEAK_SSL_CIPHERS
|
||||||
|
#endif
|
||||||
|
|
||||||
#endif /* OPENSSL_DOING_MAKEDEPEND */
|
#endif /* OPENSSL_DOING_MAKEDEPEND */
|
||||||
|
|
||||||
|
@ -82,12 +94,18 @@ extern "C" {
|
||||||
# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
|
# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
|
||||||
# define NO_SCTP
|
# define NO_SCTP
|
||||||
# endif
|
# endif
|
||||||
|
# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2)
|
||||||
|
# define NO_SSL2
|
||||||
|
# endif
|
||||||
# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
|
# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
|
||||||
# define NO_STORE
|
# define NO_STORE
|
||||||
# endif
|
# endif
|
||||||
# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST)
|
# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST)
|
||||||
# define NO_UNIT_TEST
|
# define NO_UNIT_TEST
|
||||||
# endif
|
# endif
|
||||||
|
# if defined(OPENSSL_NO_WEAK_SSL_CIPHERS) && !defined(NO_WEAK_SSL_CIPHERS)
|
||||||
|
# define NO_WEAK_SSL_CIPHERS
|
||||||
|
# endif
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* crypto/opensslconf.h.in */
|
/* crypto/opensslconf.h.in */
|
||||||
|
|
|
@ -30,11 +30,11 @@ extern "C" {
|
||||||
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
|
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
|
||||||
* major minor fix final patch/beta)
|
* major minor fix final patch/beta)
|
||||||
*/
|
*/
|
||||||
# define OPENSSL_VERSION_NUMBER 0x1000112fL
|
# define OPENSSL_VERSION_NUMBER 0x1000113fL
|
||||||
# ifdef OPENSSL_FIPS
|
# ifdef OPENSSL_FIPS
|
||||||
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1r-fips 28 Jan 2016"
|
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1s-fips 1 Mar 2016"
|
||||||
# else
|
# else
|
||||||
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1r 28 Jan 2016"
|
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1s 1 Mar 2016"
|
||||||
# endif
|
# endif
|
||||||
# define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
|
# define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
|
||||||
|
|
||||||
|
|
|
@ -84,7 +84,7 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
if (rsa->meth->rsa_sign) {
|
if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign) {
|
||||||
return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa);
|
return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa);
|
||||||
}
|
}
|
||||||
/* Special case: SSL signature, just check the length */
|
/* Special case: SSL signature, just check the length */
|
||||||
|
@ -304,7 +304,7 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
|
||||||
const unsigned char *sigbuf, unsigned int siglen, RSA *rsa)
|
const unsigned char *sigbuf, unsigned int siglen, RSA *rsa)
|
||||||
{
|
{
|
||||||
|
|
||||||
if (rsa->meth->rsa_verify) {
|
if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify) {
|
||||||
return rsa->meth->rsa_verify(dtype, m, m_len, sigbuf, siglen, rsa);
|
return rsa->meth->rsa_verify(dtype, m, m_len, sigbuf, siglen, rsa);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -211,8 +211,10 @@ int main(int argc, char *argv[])
|
||||||
cache_stats = 1;
|
cache_stats = 1;
|
||||||
else if (strcmp(*argv, "-ssl3") == 0)
|
else if (strcmp(*argv, "-ssl3") == 0)
|
||||||
ssl_method = SSLv3_method();
|
ssl_method = SSLv3_method();
|
||||||
|
#ifndef OPENSSL_NO_SSL2
|
||||||
else if (strcmp(*argv, "-ssl2") == 0)
|
else if (strcmp(*argv, "-ssl2") == 0)
|
||||||
ssl_method = SSLv2_method();
|
ssl_method = SSLv2_method();
|
||||||
|
#endif
|
||||||
else if (strcmp(*argv, "-CApath") == 0) {
|
else if (strcmp(*argv, "-CApath") == 0) {
|
||||||
if (--argc < 1)
|
if (--argc < 1)
|
||||||
goto bad;
|
goto bad;
|
||||||
|
|
|
@ -7,7 +7,7 @@ Release: 1
|
||||||
Summary: Secure Sockets Layer and cryptography libraries and tools
|
Summary: Secure Sockets Layer and cryptography libraries and tools
|
||||||
Name: openssl
|
Name: openssl
|
||||||
#Version: %{libmaj}.%{libmin}.%{librel}
|
#Version: %{libmaj}.%{libmin}.%{librel}
|
||||||
Version: 1.0.1r
|
Version: 1.0.1s
|
||||||
Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
|
Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
|
||||||
License: OpenSSL
|
License: OpenSSL
|
||||||
Group: System Environment/Libraries
|
Group: System Environment/Libraries
|
||||||
|
|
|
@ -420,14 +420,14 @@ s2_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
|
||||||
s2_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
|
s2_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
|
||||||
s2_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
|
s2_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
|
||||||
s2_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
|
s2_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
|
||||||
s2_clnt.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
|
s2_clnt.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
|
||||||
s2_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
|
s2_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
|
||||||
s2_clnt.o: ../include/openssl/sha.h ../include/openssl/srtp.h
|
s2_clnt.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
|
||||||
s2_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
|
s2_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
|
||||||
s2_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
|
s2_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
|
||||||
s2_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
|
s2_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
|
||||||
s2_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
|
s2_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_clnt.c
|
||||||
s2_clnt.o: ../include/openssl/x509_vfy.h s2_clnt.c ssl_locl.h
|
s2_clnt.o: ssl_locl.h
|
||||||
s2_enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
|
s2_enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
|
||||||
s2_enc.o: ../include/openssl/buffer.h ../include/openssl/comp.h
|
s2_enc.o: ../include/openssl/buffer.h ../include/openssl/comp.h
|
||||||
s2_enc.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
|
s2_enc.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
|
||||||
|
@ -456,18 +456,18 @@ s2_lib.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
|
||||||
s2_lib.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
|
s2_lib.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
|
||||||
s2_lib.o: ../include/openssl/evp.h ../include/openssl/hmac.h
|
s2_lib.o: ../include/openssl/evp.h ../include/openssl/hmac.h
|
||||||
s2_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
|
s2_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
|
||||||
s2_lib.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
|
s2_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
|
||||||
s2_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
|
s2_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
|
||||||
s2_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
|
s2_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
|
||||||
s2_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h
|
s2_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
|
||||||
s2_lib.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
|
s2_lib.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
|
||||||
s2_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
|
s2_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h
|
||||||
s2_lib.o: ../include/openssl/sha.h ../include/openssl/srtp.h
|
s2_lib.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
|
||||||
s2_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
|
s2_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
|
||||||
s2_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
|
s2_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
|
||||||
s2_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
|
s2_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
|
||||||
s2_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h
|
s2_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_lib.c
|
||||||
s2_lib.o: ../include/openssl/x509_vfy.h s2_lib.c ssl_locl.h
|
s2_lib.o: ssl_locl.h
|
||||||
s2_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
|
s2_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
|
||||||
s2_meth.o: ../include/openssl/buffer.h ../include/openssl/comp.h
|
s2_meth.o: ../include/openssl/buffer.h ../include/openssl/comp.h
|
||||||
s2_meth.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
|
s2_meth.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
|
||||||
|
@ -508,20 +508,19 @@ s2_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
|
||||||
s2_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
|
s2_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
|
||||||
s2_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_pkt.c
|
s2_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_pkt.c
|
||||||
s2_pkt.o: ssl_locl.h
|
s2_pkt.o: ssl_locl.h
|
||||||
s2_srvr.o: ../crypto/constant_time_locl.h ../e_os.h ../include/openssl/asn1.h
|
s2_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
|
||||||
s2_srvr.o: ../include/openssl/bio.h ../include/openssl/buffer.h
|
s2_srvr.o: ../include/openssl/buffer.h ../include/openssl/comp.h
|
||||||
s2_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
|
s2_srvr.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
|
||||||
s2_srvr.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
|
s2_srvr.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
|
||||||
s2_srvr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
|
s2_srvr.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
|
||||||
s2_srvr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
|
s2_srvr.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
|
||||||
s2_srvr.o: ../include/openssl/err.h ../include/openssl/evp.h
|
s2_srvr.o: ../include/openssl/evp.h ../include/openssl/hmac.h
|
||||||
s2_srvr.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
|
s2_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
|
||||||
s2_srvr.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
|
s2_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
|
||||||
s2_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
|
s2_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
|
||||||
s2_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
|
s2_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
|
||||||
s2_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h
|
s2_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
|
||||||
s2_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
|
s2_srvr.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
|
||||||
s2_srvr.o: ../include/openssl/rand.h ../include/openssl/rsa.h
|
|
||||||
s2_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
|
s2_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
|
||||||
s2_srvr.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
|
s2_srvr.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
|
||||||
s2_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
|
s2_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
|
||||||
|
|
|
@ -156,6 +156,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = {
|
||||||
128,
|
128,
|
||||||
},
|
},
|
||||||
|
|
||||||
|
# if 0
|
||||||
/* RC4_128_EXPORT40_WITH_MD5 */
|
/* RC4_128_EXPORT40_WITH_MD5 */
|
||||||
{
|
{
|
||||||
1,
|
1,
|
||||||
|
@ -171,6 +172,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = {
|
||||||
40,
|
40,
|
||||||
128,
|
128,
|
||||||
},
|
},
|
||||||
|
# endif
|
||||||
|
|
||||||
/* RC2_128_CBC_WITH_MD5 */
|
/* RC2_128_CBC_WITH_MD5 */
|
||||||
{
|
{
|
||||||
|
@ -188,6 +190,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = {
|
||||||
128,
|
128,
|
||||||
},
|
},
|
||||||
|
|
||||||
|
# if 0
|
||||||
/* RC2_128_CBC_EXPORT40_WITH_MD5 */
|
/* RC2_128_CBC_EXPORT40_WITH_MD5 */
|
||||||
{
|
{
|
||||||
1,
|
1,
|
||||||
|
@ -203,6 +206,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = {
|
||||||
40,
|
40,
|
||||||
128,
|
128,
|
||||||
},
|
},
|
||||||
|
# endif
|
||||||
|
|
||||||
# ifndef OPENSSL_NO_IDEA
|
# ifndef OPENSSL_NO_IDEA
|
||||||
/* IDEA_128_CBC_WITH_MD5 */
|
/* IDEA_128_CBC_WITH_MD5 */
|
||||||
|
@ -222,6 +226,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = {
|
||||||
},
|
},
|
||||||
# endif
|
# endif
|
||||||
|
|
||||||
|
# if 0
|
||||||
/* DES_64_CBC_WITH_MD5 */
|
/* DES_64_CBC_WITH_MD5 */
|
||||||
{
|
{
|
||||||
1,
|
1,
|
||||||
|
@ -237,6 +242,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = {
|
||||||
56,
|
56,
|
||||||
56,
|
56,
|
||||||
},
|
},
|
||||||
|
# endif
|
||||||
|
|
||||||
/* DES_192_EDE3_CBC_WITH_MD5 */
|
/* DES_192_EDE3_CBC_WITH_MD5 */
|
||||||
{
|
{
|
||||||
|
|
|
@ -203,6 +203,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||||
},
|
},
|
||||||
|
|
||||||
/* Cipher 03 */
|
/* Cipher 03 */
|
||||||
|
#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
|
||||||
{
|
{
|
||||||
1,
|
1,
|
||||||
SSL3_TXT_RSA_RC4_40_MD5,
|
SSL3_TXT_RSA_RC4_40_MD5,
|
||||||
|
@ -217,6 +218,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||||
40,
|
40,
|
||||||
128,
|
128,
|
||||||
},
|
},
|
||||||
|
#endif
|
||||||
|
|
||||||
/* Cipher 04 */
|
/* Cipher 04 */
|
||||||
{
|
{
|
||||||
|
@ -251,6 +253,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||||
},
|
},
|
||||||
|
|
||||||
/* Cipher 06 */
|
/* Cipher 06 */
|
||||||
|
#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
|
||||||
{
|
{
|
||||||
1,
|
1,
|
||||||
SSL3_TXT_RSA_RC2_40_MD5,
|
SSL3_TXT_RSA_RC2_40_MD5,
|
||||||
|
@ -265,6 +268,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||||
40,
|
40,
|
||||||
128,
|
128,
|
||||||
},
|
},
|
||||||
|
#endif
|
||||||
|
|
||||||
/* Cipher 07 */
|
/* Cipher 07 */
|
||||||
#ifndef OPENSSL_NO_IDEA
|
#ifndef OPENSSL_NO_IDEA
|
||||||
|
@ -285,6 +289,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* Cipher 08 */
|
/* Cipher 08 */
|
||||||
|
#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
|
||||||
{
|
{
|
||||||
1,
|
1,
|
||||||
SSL3_TXT_RSA_DES_40_CBC_SHA,
|
SSL3_TXT_RSA_DES_40_CBC_SHA,
|
||||||
|
@ -299,8 +304,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||||
40,
|
40,
|
||||||
56,
|
56,
|
||||||
},
|
},
|
||||||
|
#endif
|
||||||
|
|
||||||
/* Cipher 09 */
|
/* Cipher 09 */
|
||||||
|
#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
|
||||||
{
|
{
|
||||||
1,
|
1,
|
||||||
SSL3_TXT_RSA_DES_64_CBC_SHA,
|
SSL3_TXT_RSA_DES_64_CBC_SHA,
|
||||||
|
@ -315,6 +322,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||||
56,
|
56,
|
||||||
56,
|
56,
|
||||||
},
|
},
|
||||||
|
#endif
|
||||||
|
|
||||||
/* Cipher 0A */
|
/* Cipher 0A */
|
||||||
{
|
{
|
||||||
|
@ -334,6 +342,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||||
|
|
||||||
/* The DH ciphers */
|
/* The DH ciphers */
|
||||||
/* Cipher 0B */
|
/* Cipher 0B */
|
||||||
|
#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
|
||||||
{
|
{
|
||||||
0,
|
0,
|
||||||
SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
|
SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
|
||||||
|
@ -348,8 +357,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||||
40,
|
40,
|
||||||
56,
|
56,
|
||||||
},
|
},
|
||||||
|
#endif
|
||||||
|
|
||||||
/* Cipher 0C */
|
/* Cipher 0C */
|
||||||
|
#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
|
||||||
{
|
{
|
||||||
0, /* not implemented (non-ephemeral DH) */
|
0, /* not implemented (non-ephemeral DH) */
|
||||||
SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
|
SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
|
||||||
|
@ -364,6 +375,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||||
56,
|
56,
|
||||||
56,
|
56,
|
||||||
},
|
},
|
||||||
|
#endif
|
||||||
|
|
||||||
/* Cipher 0D */
|
/* Cipher 0D */
|
||||||
{
|
{
|
||||||
|
@ -382,6 +394,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||||
},
|
},
|
||||||
|
|
||||||
/* Cipher 0E */
|
/* Cipher 0E */
|
||||||
|
#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
|
||||||
{
|
{
|
||||||
0, /* not implemented (non-ephemeral DH) */
|
0, /* not implemented (non-ephemeral DH) */
|
||||||
SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
|
SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
|
||||||
|
@ -396,8 +409,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||||
40,
|
40,
|
||||||
56,
|
56,
|
||||||
},
|
},
|
||||||
|
#endif
|
||||||
|
|
||||||
/* Cipher 0F */
|
/* Cipher 0F */
|
||||||
|
#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
|
||||||
{
|
{
|
||||||
0, /* not implemented (non-ephemeral DH) */
|
0, /* not implemented (non-ephemeral DH) */
|
||||||
SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
|
SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
|
||||||
|
@ -412,6 +427,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||||
56,
|
56,
|
||||||
56,
|
56,
|
||||||
},
|
},
|
||||||
|
#endif
|
||||||
|
|
||||||
/* Cipher 10 */
|
/* Cipher 10 */
|
||||||
{
|
{
|
||||||
|
@ -431,6 +447,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||||
|
|
||||||
/* The Ephemeral DH ciphers */
|
/* The Ephemeral DH ciphers */
|
||||||
/* Cipher 11 */
|
/* Cipher 11 */
|
||||||
|
#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
|
||||||
{
|
{
|
||||||
1,
|
1,
|
||||||
SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
|
SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
|
||||||
|
@ -445,8 +462,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||||
40,
|
40,
|
||||||
56,
|
56,
|
||||||
},
|
},
|
||||||
|
#endif
|
||||||
|
|
||||||
/* Cipher 12 */
|
/* Cipher 12 */
|
||||||
|
#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
|
||||||
{
|
{
|
||||||
1,
|
1,
|
||||||
SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
|
SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
|
||||||
|
@ -461,6 +480,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||||
56,
|
56,
|
||||||
56,
|
56,
|
||||||
},
|
},
|
||||||
|
#endif
|
||||||
|
|
||||||
/* Cipher 13 */
|
/* Cipher 13 */
|
||||||
{
|
{
|
||||||
|
@ -479,6 +499,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||||
},
|
},
|
||||||
|
|
||||||
/* Cipher 14 */
|
/* Cipher 14 */
|
||||||
|
#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
|
||||||
{
|
{
|
||||||
1,
|
1,
|
||||||
SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
|
SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
|
||||||
|
@ -493,8 +514,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||||
40,
|
40,
|
||||||
56,
|
56,
|
||||||
},
|
},
|
||||||
|
#endif
|
||||||
|
|
||||||
/* Cipher 15 */
|
/* Cipher 15 */
|
||||||
|
#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
|
||||||
{
|
{
|
||||||
1,
|
1,
|
||||||
SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
|
SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
|
||||||
|
@ -509,6 +532,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||||
56,
|
56,
|
||||||
56,
|
56,
|
||||||
},
|
},
|
||||||
|
#endif
|
||||||
|
|
||||||
/* Cipher 16 */
|
/* Cipher 16 */
|
||||||
{
|
{
|
||||||
|
@ -527,6 +551,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||||
},
|
},
|
||||||
|
|
||||||
/* Cipher 17 */
|
/* Cipher 17 */
|
||||||
|
#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
|
||||||
{
|
{
|
||||||
1,
|
1,
|
||||||
SSL3_TXT_ADH_RC4_40_MD5,
|
SSL3_TXT_ADH_RC4_40_MD5,
|
||||||
|
@ -541,6 +566,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||||
40,
|
40,
|
||||||
128,
|
128,
|
||||||
},
|
},
|
||||||
|
#endif
|
||||||
|
|
||||||
/* Cipher 18 */
|
/* Cipher 18 */
|
||||||
{
|
{
|
||||||
|
@ -559,6 +585,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||||
},
|
},
|
||||||
|
|
||||||
/* Cipher 19 */
|
/* Cipher 19 */
|
||||||
|
#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
|
||||||
{
|
{
|
||||||
1,
|
1,
|
||||||
SSL3_TXT_ADH_DES_40_CBC_SHA,
|
SSL3_TXT_ADH_DES_40_CBC_SHA,
|
||||||
|
@ -573,8 +600,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||||
40,
|
40,
|
||||||
128,
|
128,
|
||||||
},
|
},
|
||||||
|
#endif
|
||||||
|
|
||||||
/* Cipher 1A */
|
/* Cipher 1A */
|
||||||
|
#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
|
||||||
{
|
{
|
||||||
1,
|
1,
|
||||||
SSL3_TXT_ADH_DES_64_CBC_SHA,
|
SSL3_TXT_ADH_DES_64_CBC_SHA,
|
||||||
|
@ -589,6 +618,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||||
56,
|
56,
|
||||||
56,
|
56,
|
||||||
},
|
},
|
||||||
|
#endif
|
||||||
|
|
||||||
/* Cipher 1B */
|
/* Cipher 1B */
|
||||||
{
|
{
|
||||||
|
@ -660,6 +690,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||||
#ifndef OPENSSL_NO_KRB5
|
#ifndef OPENSSL_NO_KRB5
|
||||||
/* The Kerberos ciphers*/
|
/* The Kerberos ciphers*/
|
||||||
/* Cipher 1E */
|
/* Cipher 1E */
|
||||||
|
# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
|
||||||
{
|
{
|
||||||
1,
|
1,
|
||||||
SSL3_TXT_KRB5_DES_64_CBC_SHA,
|
SSL3_TXT_KRB5_DES_64_CBC_SHA,
|
||||||
|
@ -674,6 +705,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||||
56,
|
56,
|
||||||
56,
|
56,
|
||||||
},
|
},
|
||||||
|
# endif
|
||||||
|
|
||||||
/* Cipher 1F */
|
/* Cipher 1F */
|
||||||
{
|
{
|
||||||
|
@ -724,6 +756,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||||
},
|
},
|
||||||
|
|
||||||
/* Cipher 22 */
|
/* Cipher 22 */
|
||||||
|
# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
|
||||||
{
|
{
|
||||||
1,
|
1,
|
||||||
SSL3_TXT_KRB5_DES_64_CBC_MD5,
|
SSL3_TXT_KRB5_DES_64_CBC_MD5,
|
||||||
|
@ -738,6 +771,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||||
56,
|
56,
|
||||||
56,
|
56,
|
||||||
},
|
},
|
||||||
|
# endif
|
||||||
|
|
||||||
/* Cipher 23 */
|
/* Cipher 23 */
|
||||||
{
|
{
|
||||||
|
@ -788,6 +822,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||||
},
|
},
|
||||||
|
|
||||||
/* Cipher 26 */
|
/* Cipher 26 */
|
||||||
|
# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
|
||||||
{
|
{
|
||||||
1,
|
1,
|
||||||
SSL3_TXT_KRB5_DES_40_CBC_SHA,
|
SSL3_TXT_KRB5_DES_40_CBC_SHA,
|
||||||
|
@ -802,8 +837,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||||
40,
|
40,
|
||||||
56,
|
56,
|
||||||
},
|
},
|
||||||
|
# endif
|
||||||
|
|
||||||
/* Cipher 27 */
|
/* Cipher 27 */
|
||||||
|
# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
|
||||||
{
|
{
|
||||||
1,
|
1,
|
||||||
SSL3_TXT_KRB5_RC2_40_CBC_SHA,
|
SSL3_TXT_KRB5_RC2_40_CBC_SHA,
|
||||||
|
@ -818,8 +855,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||||
40,
|
40,
|
||||||
128,
|
128,
|
||||||
},
|
},
|
||||||
|
# endif
|
||||||
|
|
||||||
/* Cipher 28 */
|
/* Cipher 28 */
|
||||||
|
# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
|
||||||
{
|
{
|
||||||
1,
|
1,
|
||||||
SSL3_TXT_KRB5_RC4_40_SHA,
|
SSL3_TXT_KRB5_RC4_40_SHA,
|
||||||
|
@ -834,8 +873,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||||
40,
|
40,
|
||||||
128,
|
128,
|
||||||
},
|
},
|
||||||
|
# endif
|
||||||
|
|
||||||
/* Cipher 29 */
|
/* Cipher 29 */
|
||||||
|
# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
|
||||||
{
|
{
|
||||||
1,
|
1,
|
||||||
SSL3_TXT_KRB5_DES_40_CBC_MD5,
|
SSL3_TXT_KRB5_DES_40_CBC_MD5,
|
||||||
|
@ -850,8 +891,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||||
40,
|
40,
|
||||||
56,
|
56,
|
||||||
},
|
},
|
||||||
|
# endif
|
||||||
|
|
||||||
/* Cipher 2A */
|
/* Cipher 2A */
|
||||||
|
# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
|
||||||
{
|
{
|
||||||
1,
|
1,
|
||||||
SSL3_TXT_KRB5_RC2_40_CBC_MD5,
|
SSL3_TXT_KRB5_RC2_40_CBC_MD5,
|
||||||
|
@ -866,8 +909,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||||
40,
|
40,
|
||||||
128,
|
128,
|
||||||
},
|
},
|
||||||
|
# endif
|
||||||
|
|
||||||
/* Cipher 2B */
|
/* Cipher 2B */
|
||||||
|
# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
|
||||||
{
|
{
|
||||||
1,
|
1,
|
||||||
SSL3_TXT_KRB5_RC4_40_MD5,
|
SSL3_TXT_KRB5_RC4_40_MD5,
|
||||||
|
@ -882,6 +927,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||||
40,
|
40,
|
||||||
128,
|
128,
|
||||||
},
|
},
|
||||||
|
# endif
|
||||||
#endif /* OPENSSL_NO_KRB5 */
|
#endif /* OPENSSL_NO_KRB5 */
|
||||||
|
|
||||||
/* New AES ciphersuites */
|
/* New AES ciphersuites */
|
||||||
|
@ -1305,6 +1351,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||||
# endif
|
# endif
|
||||||
|
|
||||||
/* Cipher 62 */
|
/* Cipher 62 */
|
||||||
|
# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
|
||||||
{
|
{
|
||||||
1,
|
1,
|
||||||
TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
|
TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
|
||||||
|
@ -1319,8 +1366,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||||
56,
|
56,
|
||||||
56,
|
56,
|
||||||
},
|
},
|
||||||
|
# endif
|
||||||
|
|
||||||
/* Cipher 63 */
|
/* Cipher 63 */
|
||||||
|
# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
|
||||||
{
|
{
|
||||||
1,
|
1,
|
||||||
TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
|
TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
|
||||||
|
@ -1335,8 +1384,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||||
56,
|
56,
|
||||||
56,
|
56,
|
||||||
},
|
},
|
||||||
|
# endif
|
||||||
|
|
||||||
/* Cipher 64 */
|
/* Cipher 64 */
|
||||||
|
# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
|
||||||
{
|
{
|
||||||
1,
|
1,
|
||||||
TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
|
TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
|
||||||
|
@ -1351,8 +1402,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||||
56,
|
56,
|
||||||
128,
|
128,
|
||||||
},
|
},
|
||||||
|
# endif
|
||||||
|
|
||||||
/* Cipher 65 */
|
/* Cipher 65 */
|
||||||
|
# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
|
||||||
{
|
{
|
||||||
1,
|
1,
|
||||||
TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
|
TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
|
||||||
|
@ -1367,6 +1420,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||||
56,
|
56,
|
||||||
128,
|
128,
|
||||||
},
|
},
|
||||||
|
# endif
|
||||||
|
|
||||||
/* Cipher 66 */
|
/* Cipher 66 */
|
||||||
{
|
{
|
||||||
|
|
|
@ -1896,6 +1896,13 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
|
||||||
*/
|
*/
|
||||||
ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
|
ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Disable SSLv2 by default, callers that want to enable SSLv2 will have to
|
||||||
|
* explicitly clear this option via either of SSL_CTX_clear_options() or
|
||||||
|
* SSL_clear_options().
|
||||||
|
*/
|
||||||
|
ret->options |= SSL_OP_NO_SSLv2;
|
||||||
|
|
||||||
return (ret);
|
return (ret);
|
||||||
err:
|
err:
|
||||||
SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);
|
SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);
|
||||||
|
|
|
@ -281,6 +281,7 @@ $cflags.=" -DOPENSSL_NO_HW" if $no_hw;
|
||||||
$cflags.=" -DOPENSSL_FIPS" if $fips;
|
$cflags.=" -DOPENSSL_FIPS" if $fips;
|
||||||
$cflags.=" -DOPENSSL_NO_JPAKE" if $no_jpake;
|
$cflags.=" -DOPENSSL_NO_JPAKE" if $no_jpake;
|
||||||
$cflags.=" -DOPENSSL_NO_EC2M" if $no_ec2m;
|
$cflags.=" -DOPENSSL_NO_EC2M" if $no_ec2m;
|
||||||
|
$cflags.=" -DOPENSSL_NO_WEAK_SSL_CIPHERS" if $no_weak_ssl;
|
||||||
$cflags.= " -DZLIB" if $zlib_opt;
|
$cflags.= " -DZLIB" if $zlib_opt;
|
||||||
$cflags.= " -DZLIB_SHARED" if $zlib_opt == 2;
|
$cflags.= " -DZLIB_SHARED" if $zlib_opt == 2;
|
||||||
|
|
||||||
|
@ -459,7 +460,7 @@ EX_LIBS=$ex_libs
|
||||||
# The OpenSSL directory
|
# The OpenSSL directory
|
||||||
SRC_D=$src_dir
|
SRC_D=$src_dir
|
||||||
|
|
||||||
LINK=$link
|
LINK_CMD=$link
|
||||||
LFLAGS=$lflags
|
LFLAGS=$lflags
|
||||||
RSC=$rsc
|
RSC=$rsc
|
||||||
|
|
||||||
|
@ -1122,6 +1123,7 @@ sub read_options
|
||||||
"no-ec2m" => \$no_ec2m,
|
"no-ec2m" => \$no_ec2m,
|
||||||
"no-jpake" => \$no_jpake,
|
"no-jpake" => \$no_jpake,
|
||||||
"no-ec_nistp_64_gcc_128" => 0,
|
"no-ec_nistp_64_gcc_128" => 0,
|
||||||
|
"no-weak-ssl-ciphers" => \$no_weak_ssl,
|
||||||
"no-err" => \$no_err,
|
"no-err" => \$no_err,
|
||||||
"no-sock" => \$no_sock,
|
"no-sock" => \$no_sock,
|
||||||
"no-krb5" => \$no_krb5,
|
"no-krb5" => \$no_krb5,
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
# $NetBSD: shlib_version,v 1.10 2015/01/13 09:14:57 spz Exp $
|
# $NetBSD: shlib_version,v 1.11 2016/03/02 01:52:36 christos Exp $
|
||||||
# Remember to update distrib/sets/lists/base/shl.* when changing
|
# Remember to update distrib/sets/lists/base/shl.* when changing
|
||||||
#
|
#
|
||||||
major=8
|
major=11
|
||||||
minor=4
|
minor=0
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
# $NetBSD: shlib_version,v 1.1 2012/07/10 18:59:22 christos Exp $
|
# $NetBSD: shlib_version,v 1.2 2016/03/02 01:52:36 christos Exp $
|
||||||
# Remember to update distrib/sets/lists/base/shl.* when changing
|
# Remember to update distrib/sets/lists/base/shl.* when changing
|
||||||
#
|
#
|
||||||
major=7
|
major=11
|
||||||
minor=0
|
minor=0
|
||||||
|
|
|
@ -1,9 +1,9 @@
|
||||||
# $NetBSD: shlib_version,v 1.2 2014/01/11 18:34:37 christos Exp $
|
# $NetBSD: shlib_version,v 1.3 2016/03/02 01:52:36 christos Exp $
|
||||||
# Remember to update distrib/sets/lists/base/shl.* when changing
|
# Remember to update distrib/sets/lists/base/shl.* when changing
|
||||||
#
|
#
|
||||||
# This library is currently only a symbolic link to libcrypto, so
|
# This library is currently only a symbolic link to libcrypto, so
|
||||||
# make sure you update the version numbers here whenever you
|
# make sure you update the version numbers here whenever you
|
||||||
# change them there.
|
# change them there.
|
||||||
#
|
#
|
||||||
major=8
|
major=11
|
||||||
minor=2
|
minor=0
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
# $NetBSD: shlib_version,v 1.11 2015/01/13 09:14:58 spz Exp $
|
# $NetBSD: shlib_version,v 1.12 2016/03/02 01:52:36 christos Exp $
|
||||||
# Remember to update distrib/sets/lists/base/shl.* when changing
|
# Remember to update distrib/sets/lists/base/shl.* when changing
|
||||||
#
|
#
|
||||||
major=10
|
major=11
|
||||||
minor=5
|
minor=0
|
||||||
|
|
Loading…
Reference in New Issue