merge conflicts.
This commit is contained in:
parent
4a5ea8ca2f
commit
600680c6c3
160
crypto/dist/openssl/CHANGES
vendored
160
crypto/dist/openssl/CHANGES
vendored
@ -2,6 +2,108 @@
|
||||
OpenSSL CHANGES
|
||||
_______________
|
||||
|
||||
Changes between 0.9.8c and 0.9.8d [28 Sep 2006]
|
||||
|
||||
*) Introduce limits to prevent malicious keys being able to
|
||||
cause a denial of service. (CVE-2006-2940)
|
||||
[Steve Henson, Bodo Moeller]
|
||||
|
||||
*) Fix ASN.1 parsing of certain invalid structures that can result
|
||||
in a denial of service. (CVE-2006-2937) [Steve Henson]
|
||||
|
||||
*) Fix buffer overflow in SSL_get_shared_ciphers() function.
|
||||
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]
|
||||
|
||||
*) Fix SSL client code which could crash if connecting to a
|
||||
malicious SSLv2 server. (CVE-2006-4343)
|
||||
[Tavis Ormandy and Will Drewry, Google Security Team]
|
||||
|
||||
*) Since 0.9.8b, ciphersuite strings naming explicit ciphersuites
|
||||
match only those. Before that, "AES256-SHA" would be interpreted
|
||||
as a pattern and match "AES128-SHA" too (since AES128-SHA got
|
||||
the same strength classification in 0.9.7h) as we currently only
|
||||
have a single AES bit in the ciphersuite description bitmap.
|
||||
That change, however, also applied to ciphersuite strings such as
|
||||
"RC4-MD5" that intentionally matched multiple ciphersuites --
|
||||
namely, SSL 2.0 ciphersuites in addition to the more common ones
|
||||
from SSL 3.0/TLS 1.0.
|
||||
|
||||
So we change the selection algorithm again: Naming an explicit
|
||||
ciphersuite selects this one ciphersuite, and any other similar
|
||||
ciphersuite (same bitmap) from *other* protocol versions.
|
||||
Thus, "RC4-MD5" again will properly select both the SSL 2.0
|
||||
ciphersuite and the SSL 3.0/TLS 1.0 ciphersuite.
|
||||
|
||||
Since SSL 2.0 does not have any ciphersuites for which the
|
||||
128/256 bit distinction would be relevant, this works for now.
|
||||
The proper fix will be to use different bits for AES128 and
|
||||
AES256, which would have avoided the problems from the beginning;
|
||||
however, bits are scarce, so we can only do this in a new release
|
||||
(not just a patchlevel) when we can change the SSL_CIPHER
|
||||
definition to split the single 'unsigned long mask' bitmap into
|
||||
multiple values to extend the available space.
|
||||
|
||||
[Bodo Moeller]
|
||||
|
||||
Changes between 0.9.8b and 0.9.8c [05 Sep 2006]
|
||||
|
||||
*) Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
|
||||
(CVE-2006-4339) [Ben Laurie and Google Security Team]
|
||||
|
||||
*) Add AES IGE and biIGE modes.
|
||||
[Ben Laurie]
|
||||
|
||||
*) Change the Unix randomness entropy gathering to use poll() when
|
||||
possible instead of select(), since the latter has some
|
||||
undesirable limitations.
|
||||
[Darryl Miles via Richard Levitte and Bodo Moeller]
|
||||
|
||||
*) Disable "ECCdraft" ciphersuites more thoroughly. Now special
|
||||
treatment in ssl/ssl_ciph.s makes sure that these ciphersuites
|
||||
cannot be implicitly activated as part of, e.g., the "AES" alias.
|
||||
However, please upgrade to OpenSSL 0.9.9[-dev] for
|
||||
non-experimental use of the ECC ciphersuites to get TLS extension
|
||||
support, which is required for curve and point format negotiation
|
||||
to avoid potential handshake problems.
|
||||
[Bodo Moeller]
|
||||
|
||||
*) Disable rogue ciphersuites:
|
||||
|
||||
- SSLv2 0x08 0x00 0x80 ("RC4-64-MD5")
|
||||
- SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5")
|
||||
- SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5")
|
||||
|
||||
The latter two were purportedly from
|
||||
draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really
|
||||
appear there.
|
||||
|
||||
Also deactive the remaining ciphersuites from
|
||||
draft-ietf-tls-56-bit-ciphersuites-01.txt. These are just as
|
||||
unofficial, and the ID has long expired.
|
||||
[Bodo Moeller]
|
||||
|
||||
*) Fix RSA blinding Heisenbug (problems sometimes occured on
|
||||
dual-core machines) and other potential thread-safety issues.
|
||||
[Bodo Moeller]
|
||||
|
||||
*) Add the symmetric cipher Camellia (128-bit, 192-bit, 256-bit key
|
||||
versions), which is now available for royalty-free use
|
||||
(see http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html).
|
||||
Also, add Camellia TLS ciphersuites from RFC 4132.
|
||||
|
||||
To minimize changes between patchlevels in the OpenSSL 0.9.8
|
||||
series, Camellia remains excluded from compilation unless OpenSSL
|
||||
is configured with 'enable-camellia'.
|
||||
[NTT]
|
||||
|
||||
*) Disable the padding bug check when compression is in use. The padding
|
||||
bug check assumes the first packet is of even length, this is not
|
||||
necessarily true if compresssion is enabled and can result in false
|
||||
positives causing handshake failure. The actual bug test is ancient
|
||||
code so it is hoped that implementations will either have fixed it by
|
||||
now or any which still have the bug do not support compression.
|
||||
[Steve Henson]
|
||||
|
||||
Changes between 0.9.8a and 0.9.8b [04 May 2006]
|
||||
|
||||
*) When applying a cipher rule check to see if string match is an explicit
|
||||
@ -84,6 +186,9 @@
|
||||
|
||||
Changes between 0.9.7h and 0.9.8 [05 Jul 2005]
|
||||
|
||||
[NB: OpenSSL 0.9.7i and later 0.9.7 patch levels were released after
|
||||
OpenSSL 0.9.8.]
|
||||
|
||||
*) Add libcrypto.pc and libssl.pc for those who feel they need them.
|
||||
[Richard Levitte]
|
||||
|
||||
@ -901,6 +1006,61 @@
|
||||
differing sizes.
|
||||
[Richard Levitte]
|
||||
|
||||
Changes between 0.9.7k and 0.9.7l [xx XXX xxxx]
|
||||
|
||||
*) Change ciphersuite string processing so that an explicit
|
||||
ciphersuite selects this one ciphersuite (so that "AES256-SHA"
|
||||
will no longer include "AES128-SHA"), and any other similar
|
||||
ciphersuite (same bitmap) from *other* protocol versions (so that
|
||||
"RC4-MD5" will still include both the SSL 2.0 ciphersuite and the
|
||||
SSL 3.0/TLS 1.0 ciphersuite). This is a backport combining
|
||||
changes from 0.9.8b and 0.9.8d.
|
||||
[Bodo Moeller]
|
||||
|
||||
Changes between 0.9.7j and 0.9.7k [05 Sep 2006]
|
||||
|
||||
*) Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
|
||||
(CVE-2006-4339) [Ben Laurie and Google Security Team]
|
||||
|
||||
*) Change the Unix randomness entropy gathering to use poll() when
|
||||
possible instead of select(), since the latter has some
|
||||
undesirable limitations.
|
||||
[Darryl Miles via Richard Levitte and Bodo Moeller]
|
||||
|
||||
*) Disable rogue ciphersuites:
|
||||
|
||||
- SSLv2 0x08 0x00 0x80 ("RC4-64-MD5")
|
||||
- SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5")
|
||||
- SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5")
|
||||
|
||||
The latter two were purportedly from
|
||||
draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really
|
||||
appear there.
|
||||
|
||||
Also deactive the remaining ciphersuites from
|
||||
draft-ietf-tls-56-bit-ciphersuites-01.txt. These are just as
|
||||
unofficial, and the ID has long expired.
|
||||
[Bodo Moeller]
|
||||
|
||||
*) Fix RSA blinding Heisenbug (problems sometimes occured on
|
||||
dual-core machines) and other potential thread-safety issues.
|
||||
[Bodo Moeller]
|
||||
|
||||
Changes between 0.9.7i and 0.9.7j [04 May 2006]
|
||||
|
||||
*) Adapt fipsld and the build system to link against the validated FIPS
|
||||
module in FIPS mode.
|
||||
[Steve Henson]
|
||||
|
||||
*) Fixes for VC++ 2005 build under Windows.
|
||||
[Steve Henson]
|
||||
|
||||
*) Add new Windows build target VC-32-GMAKE for VC++. This uses GNU make
|
||||
from a Windows bash shell such as MSYS. It is autodetected from the
|
||||
"config" script when run from a VC++ environment. Modify standard VC++
|
||||
build to use fipscanister.o from the GNU make build.
|
||||
[Steve Henson]
|
||||
|
||||
Changes between 0.9.7h and 0.9.7i [14 Oct 2005]
|
||||
|
||||
*) Wrapped the definition of EVP_MAX_MD_SIZE in a #ifdef OPENSSL_FIPS.
|
||||
|
7
crypto/dist/openssl/FAQ
vendored
7
crypto/dist/openssl/FAQ
vendored
@ -74,7 +74,7 @@ OpenSSL - Frequently Asked Questions
|
||||
* Which is the current version of OpenSSL?
|
||||
|
||||
The current version is available from <URL: http://www.openssl.org>.
|
||||
OpenSSL 0.9.8b was released on May 4th, 2006.
|
||||
OpenSSL 0.9.8d was released on September 28th, 2006.
|
||||
|
||||
In addition to the current stable release, you can also access daily
|
||||
snapshots of the OpenSSL development version at <URL:
|
||||
@ -679,8 +679,9 @@ libraries. If your platform is not one of these, consult the INSTALL
|
||||
file.
|
||||
|
||||
Multi-threaded applications must provide two callback functions to
|
||||
OpenSSL. This is described in the threads(3) manpage.
|
||||
|
||||
OpenSSL by calling CRYPTO_set_locking_callback() and
|
||||
CRYPTO_set_id_callback(). This is described in the threads(3)
|
||||
manpage.
|
||||
|
||||
* I've compiled a program under Windows and it crashes: why?
|
||||
|
||||
|
8
crypto/dist/openssl/apps/enc.c
vendored
8
crypto/dist/openssl/apps/enc.c
vendored
@ -340,7 +340,7 @@ bad:
|
||||
}
|
||||
|
||||
/* It must be large enough for a base64 encoded line */
|
||||
if (n < 80) n=80;
|
||||
if (base64 && n < 80) n=80;
|
||||
|
||||
bsize=(int)n;
|
||||
if (verbose) BIO_printf(bio_err,"bufsize=%d\n",bsize);
|
||||
@ -370,7 +370,11 @@ bad:
|
||||
}
|
||||
|
||||
if (inf == NULL)
|
||||
{
|
||||
if (bufsize != NULL)
|
||||
setvbuf(stdin, (char *)NULL, _IONBF, 0);
|
||||
BIO_set_fp(in,stdin,BIO_NOCLOSE);
|
||||
}
|
||||
else
|
||||
{
|
||||
if (BIO_read_filename(in,inf) <= 0)
|
||||
@ -421,6 +425,8 @@ bad:
|
||||
if (outf == NULL)
|
||||
{
|
||||
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
||||
if (bufsize != NULL)
|
||||
setvbuf(stdout, (char *)NULL, _IONBF, 0);
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
|
10
crypto/dist/openssl/apps/openssl.c
vendored
10
crypto/dist/openssl/apps/openssl.c
vendored
@ -56,7 +56,7 @@
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
|
||||
* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
@ -445,7 +445,11 @@ static int do_cmd(LHASH *prog, int argc, char *argv[])
|
||||
for (fp=functions; fp->name != NULL; fp++)
|
||||
{
|
||||
nl=0;
|
||||
#ifdef OPENSSL_NO_CAMELLIA
|
||||
if (((i++) % 5) == 0)
|
||||
#else
|
||||
if (((i++) % 4) == 0)
|
||||
#endif
|
||||
{
|
||||
BIO_printf(bio_err,"\n");
|
||||
nl=1;
|
||||
@ -466,7 +470,11 @@ static int do_cmd(LHASH *prog, int argc, char *argv[])
|
||||
BIO_printf(bio_err,"\nCipher commands (see the `enc' command for more details)\n");
|
||||
}
|
||||
}
|
||||
#ifdef OPENSSL_NO_CAMELLIA
|
||||
BIO_printf(bio_err,"%-15s",fp->name);
|
||||
#else
|
||||
BIO_printf(bio_err,"%-18s",fp->name);
|
||||
#endif
|
||||
}
|
||||
BIO_printf(bio_err,"\n\n");
|
||||
ret=0;
|
||||
|
18
crypto/dist/openssl/apps/progs.h
vendored
18
crypto/dist/openssl/apps/progs.h
vendored
@ -165,6 +165,24 @@ FUNCTION functions[] = {
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_AES
|
||||
{FUNC_TYPE_CIPHER,"aes-256-ecb",enc_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_CAMELLIA
|
||||
{FUNC_TYPE_CIPHER,"camellia-128-cbc",enc_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_CAMELLIA
|
||||
{FUNC_TYPE_CIPHER,"camellia-128-ecb",enc_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_CAMELLIA
|
||||
{FUNC_TYPE_CIPHER,"camellia-192-cbc",enc_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_CAMELLIA
|
||||
{FUNC_TYPE_CIPHER,"camellia-192-ecb",enc_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_CAMELLIA
|
||||
{FUNC_TYPE_CIPHER,"camellia-256-cbc",enc_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_CAMELLIA
|
||||
{FUNC_TYPE_CIPHER,"camellia-256-ecb",enc_main},
|
||||
#endif
|
||||
{FUNC_TYPE_CIPHER,"base64",enc_main},
|
||||
#ifndef OPENSSL_NO_DES
|
||||
|
18
crypto/dist/openssl/apps/smime.c
vendored
18
crypto/dist/openssl/apps/smime.c
vendored
@ -160,6 +160,14 @@ int MAIN(int argc, char **argv)
|
||||
cipher = EVP_aes_192_cbc();
|
||||
else if (!strcmp(*args,"-aes256"))
|
||||
cipher = EVP_aes_256_cbc();
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_CAMELLIA
|
||||
else if (!strcmp(*args,"-camellia128"))
|
||||
cipher = EVP_camellia_128_cbc();
|
||||
else if (!strcmp(*args,"-camellia192"))
|
||||
cipher = EVP_camellia_192_cbc();
|
||||
else if (!strcmp(*args,"-camellia256"))
|
||||
cipher = EVP_camellia_256_cbc();
|
||||
#endif
|
||||
else if (!strcmp (*args, "-text"))
|
||||
flags |= PKCS7_TEXT;
|
||||
@ -423,6 +431,10 @@ int MAIN(int argc, char **argv)
|
||||
#ifndef OPENSSL_NO_AES
|
||||
BIO_printf (bio_err, "-aes128, -aes192, -aes256\n");
|
||||
BIO_printf (bio_err, " encrypt PEM output with cbc aes\n");
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_CAMELLIA
|
||||
BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n");
|
||||
BIO_printf (bio_err, " encrypt PEM output with cbc camellia\n");
|
||||
#endif
|
||||
BIO_printf (bio_err, "-nointern don't search certificates in message for signer\n");
|
||||
BIO_printf (bio_err, "-nosigs don't verify message signature\n");
|
||||
@ -638,12 +650,6 @@ int MAIN(int argc, char **argv)
|
||||
if ((flags & PKCS7_DETACHED) && (outformat == FORMAT_SMIME))
|
||||
flags |= PKCS7_STREAM;
|
||||
p7 = PKCS7_sign(signer, key, other, in, flags);
|
||||
/* Don't need to rewind for partial signing */
|
||||
if (!(flags & PKCS7_STREAM) && (BIO_reset(in) != 0))
|
||||
{
|
||||
BIO_printf(bio_err, "Can't rewind input file\n");
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
|
113
crypto/dist/openssl/apps/speed.c
vendored
113
crypto/dist/openssl/apps/speed.c
vendored
@ -164,6 +164,9 @@
|
||||
#ifndef OPENSSL_NO_AES
|
||||
#include <openssl/aes.h>
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_CAMELLIA
|
||||
#include <openssl/camellia.h>
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_MD2
|
||||
#include <openssl/md2.h>
|
||||
#endif
|
||||
@ -269,7 +272,7 @@ static void print_result(int alg,int run_no,int count,double time_used);
|
||||
static int do_multi(int multi);
|
||||
#endif
|
||||
|
||||
#define ALGOR_NUM 21
|
||||
#define ALGOR_NUM 24
|
||||
#define SIZE_NUM 5
|
||||
#define RSA_NUM 4
|
||||
#define DSA_NUM 3
|
||||
@ -281,7 +284,9 @@ static const char *names[ALGOR_NUM]={
|
||||
"md2","mdc2","md4","md5","hmac(md5)","sha1","rmd160","rc4",
|
||||
"des cbc","des ede3","idea cbc",
|
||||
"rc2 cbc","rc5-32/12 cbc","blowfish cbc","cast cbc",
|
||||
"aes-128 cbc","aes-192 cbc","aes-256 cbc","evp","sha256","sha512"};
|
||||
"aes-128 cbc","aes-192 cbc","aes-256 cbc",
|
||||
"camellia-128 cbc","camellia-192 cbc","camellia-256 cbc",
|
||||
"evp","sha256","sha512"};
|
||||
static double results[ALGOR_NUM][SIZE_NUM];
|
||||
static int lengths[SIZE_NUM]={16,64,256,1024,8*1024};
|
||||
static double rsa_results[RSA_NUM][2];
|
||||
@ -548,6 +553,17 @@ int MAIN(int argc, char **argv)
|
||||
0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,
|
||||
0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,0x56};
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_CAMELLIA
|
||||
static const unsigned char ckey24[24]=
|
||||
{0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
|
||||
0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,
|
||||
0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
|
||||
static const unsigned char ckey32[32]=
|
||||
{0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
|
||||
0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,
|
||||
0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,
|
||||
0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,0x56};
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_AES
|
||||
#define MAX_BLOCK_SIZE 128
|
||||
#else
|
||||
@ -567,6 +583,9 @@ int MAIN(int argc, char **argv)
|
||||
#ifndef OPENSSL_NO_AES
|
||||
AES_KEY aes_ks1, aes_ks2, aes_ks3;
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_CAMELLIA
|
||||
CAMELLIA_KEY camellia_ks1, camellia_ks2, camellia_ks3;
|
||||
#endif
|
||||
#define D_MD2 0
|
||||
#define D_MDC2 1
|
||||
#define D_MD4 2
|
||||
@ -585,9 +604,12 @@ int MAIN(int argc, char **argv)
|
||||
#define D_CBC_128_AES 15
|
||||
#define D_CBC_192_AES 16
|
||||
#define D_CBC_256_AES 17
|
||||
#define D_EVP 18
|
||||
#define D_SHA256 19
|
||||
#define D_SHA512 20
|
||||
#define D_CBC_128_CML 18
|
||||
#define D_CBC_192_CML 19
|
||||
#define D_CBC_256_CML 20
|
||||
#define D_EVP 21
|
||||
#define D_SHA256 22
|
||||
#define D_SHA512 23
|
||||
double d=0.0;
|
||||
long c[ALGOR_NUM][SIZE_NUM];
|
||||
#define R_DSA_512 0
|
||||
@ -930,6 +952,12 @@ int MAIN(int argc, char **argv)
|
||||
else if (strcmp(*argv,"aes-256-cbc") == 0) doit[D_CBC_256_AES]=1;
|
||||
else
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_CAMELLIA
|
||||
if (strcmp(*argv,"camellia-128-cbc") == 0) doit[D_CBC_128_CML]=1;
|
||||
else if (strcmp(*argv,"camellia-192-cbc") == 0) doit[D_CBC_192_CML]=1;
|
||||
else if (strcmp(*argv,"camellia-256-cbc") == 0) doit[D_CBC_256_CML]=1;
|
||||
else
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
#if 0 /* was: #ifdef RSAref */
|
||||
if (strcmp(*argv,"rsaref") == 0)
|
||||
@ -1000,6 +1028,15 @@ int MAIN(int argc, char **argv)
|
||||
}
|
||||
else
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_CAMELLIA
|
||||
if (strcmp(*argv,"camellia") == 0)
|
||||
{
|
||||
doit[D_CBC_128_CML]=1;
|
||||
doit[D_CBC_192_CML]=1;
|
||||
doit[D_CBC_256_CML]=1;
|
||||
}
|
||||
else
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
if (strcmp(*argv,"rsa") == 0)
|
||||
{
|
||||
@ -1126,6 +1163,10 @@ int MAIN(int argc, char **argv)
|
||||
#ifndef OPENSSL_NO_AES
|
||||
BIO_printf(bio_err,"aes-128-cbc aes-192-cbc aes-256-cbc ");
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_CAMELLIA
|
||||
BIO_printf(bio_err,"\n");
|
||||
BIO_printf(bio_err,"camellia-128-cbc camellia-192-cbc camellia-256-cbc ");
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_RC4
|
||||
BIO_printf(bio_err,"rc4");
|
||||
#endif
|
||||
@ -1163,6 +1204,9 @@ int MAIN(int argc, char **argv)
|
||||
#ifndef OPENSSL_NO_AES
|
||||
BIO_printf(bio_err,"aes ");
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_CAMELLIA
|
||||
BIO_printf(bio_err,"camellia ");
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
BIO_printf(bio_err,"rsa ");
|
||||
#endif
|
||||
@ -1171,7 +1215,8 @@ int MAIN(int argc, char **argv)
|
||||
#endif
|
||||
#if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_RC2) || \
|
||||
!defined(OPENSSL_NO_DES) || !defined(OPENSSL_NO_RSA) || \
|
||||
!defined(OPENSSL_NO_BF) || !defined(OPENSSL_NO_AES)
|
||||
!defined(OPENSSL_NO_BF) || !defined(OPENSSL_NO_AES) || \
|
||||
!defined(OPENSSL_NO_CAMELLIA)
|
||||
BIO_printf(bio_err,"\n");
|
||||
#endif
|
||||
|
||||
@ -1265,6 +1310,11 @@ int MAIN(int argc, char **argv)
|
||||
AES_set_encrypt_key(key24,192,&aes_ks2);
|
||||
AES_set_encrypt_key(key32,256,&aes_ks3);
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_CAMELLIA
|
||||
Camellia_set_key(key16,128,&camellia_ks1);
|
||||
Camellia_set_key(ckey24,192,&camellia_ks2);
|
||||
Camellia_set_key(ckey32,256,&camellia_ks3);
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_IDEA
|
||||
idea_set_encrypt_key(key16,&idea_ks);
|
||||
#endif
|
||||
@ -1318,6 +1368,9 @@ int MAIN(int argc, char **argv)
|
||||
c[D_CBC_128_AES][0]=count;
|
||||
c[D_CBC_192_AES][0]=count;
|
||||
c[D_CBC_256_AES][0]=count;
|
||||
c[D_CBC_128_CML][0]=count;
|
||||
c[D_CBC_192_CML][0]=count;
|
||||
c[D_CBC_256_CML][0]=count;
|
||||
c[D_SHA256][0]=count;
|
||||
c[D_SHA512][0]=count;
|
||||
|
||||
@ -1350,6 +1403,9 @@ int MAIN(int argc, char **argv)
|
||||
c[D_CBC_128_AES][i]=c[D_CBC_128_AES][i-1]*l0/l1;
|
||||
c[D_CBC_192_AES][i]=c[D_CBC_192_AES][i-1]*l0/l1;
|
||||
c[D_CBC_256_AES][i]=c[D_CBC_256_AES][i-1]*l0/l1;
|
||||
c[D_CBC_128_CML][i]=c[D_CBC_128_CML][i-1]*l0/l1;
|
||||
c[D_CBC_192_CML][i]=c[D_CBC_192_CML][i-1]*l0/l1;
|
||||
c[D_CBC_256_CML][i]=c[D_CBC_256_CML][i-1]*l0/l1;
|
||||
}
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
rsa_c[R_RSA_512][0]=count/2000;
|
||||
@ -1743,6 +1799,51 @@ int MAIN(int argc, char **argv)
|
||||
}
|
||||
}
|
||||
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_CAMELLIA
|
||||
if (doit[D_CBC_128_CML])
|
||||
{
|
||||
for (j=0; j<SIZE_NUM; j++)
|
||||
{
|
||||
print_message(names[D_CBC_128_CML],c[D_CBC_128_CML][j],lengths[j]);
|
||||
Time_F(START);
|
||||
for (count=0,run=1; COND(c[D_CBC_128_CML][j]); count++)
|
||||
Camellia_cbc_encrypt(buf,buf,
|
||||
(unsigned long)lengths[j],&camellia_ks1,
|
||||
iv,CAMELLIA_ENCRYPT);
|
||||
d=Time_F(STOP);
|
||||
print_result(D_CBC_128_CML,j,count,d);
|
||||
}
|
||||
}
|
||||
if (doit[D_CBC_192_CML])
|
||||
{
|
||||
for (j=0; j<SIZE_NUM; j++)
|
||||
{
|
||||
print_message(names[D_CBC_192_CML],c[D_CBC_192_CML][j],lengths[j]);
|
||||
Time_F(START);
|
||||
for (count=0,run=1; COND(c[D_CBC_192_CML][j]); count++)
|
||||
Camellia_cbc_encrypt(buf,buf,
|
||||
(unsigned long)lengths[j],&camellia_ks2,
|
||||
iv,CAMELLIA_ENCRYPT);
|
||||
d=Time_F(STOP);
|
||||
print_result(D_CBC_192_CML,j,count,d);
|
||||
}
|
||||
}
|
||||
if (doit[D_CBC_256_CML])
|
||||
{
|
||||
for (j=0; j<SIZE_NUM; j++)
|
||||
{
|
||||
print_message(names[D_CBC_256_CML],c[D_CBC_256_CML][j],lengths[j]);
|
||||
Time_F(START);
|
||||
for (count=0,run=1; COND(c[D_CBC_256_CML][j]); count++)
|
||||
Camellia_cbc_encrypt(buf,buf,
|
||||
(unsigned long)lengths[j],&camellia_ks3,
|
||||
iv,CAMELLIA_ENCRYPT);
|
||||
d=Time_F(STOP);
|
||||
print_result(D_CBC_256_CML,j,count,d);
|
||||
}
|
||||
}
|
||||
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_IDEA
|
||||
if (doit[D_CBC_IDEA])
|
||||
|
11
crypto/dist/openssl/crypto/aes/aes.h
vendored
11
crypto/dist/openssl/crypto/aes/aes.h
vendored
@ -127,6 +127,17 @@ void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
|
||||
unsigned char ecount_buf[AES_BLOCK_SIZE],
|
||||
unsigned int *num);
|
||||
|
||||
/* For IGE, see also http://www.links.org/files/openssl-ige.pdf */
|
||||
/* NB: the IV is _two_ blocks long */
|
||||
void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
|
||||
const unsigned long length, const AES_KEY *key,
|
||||
unsigned char *ivec, const int enc);
|
||||
/* NB: the IV is _four_ blocks long */
|
||||
void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
|
||||
const unsigned long length, const AES_KEY *key,
|
||||
const AES_KEY *key2, const unsigned char *ivec,
|
||||
const int enc);
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
|
7
crypto/dist/openssl/crypto/asn1/tasn_dec.c
vendored
7
crypto/dist/openssl/crypto/asn1/tasn_dec.c
vendored
@ -832,9 +832,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
|
||||
}
|
||||
else if (ret == -1)
|
||||
return -1;
|
||||
|
||||
ret = 0;
|
||||
|
||||
ret = 0;
|
||||
/* SEQUENCE, SET and "OTHER" are left in encoded form */
|
||||
if ((utype == V_ASN1_SEQUENCE)
|
||||
|| (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER))
|
||||
@ -881,7 +879,10 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
|
||||
* for UNIVERSAL class and ignore the tag.
|
||||
*/
|
||||
if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL))
|
||||
{
|
||||
free_cont = 1;
|
||||
goto err;
|
||||
}
|
||||
len = buf.length;
|
||||
/* Append a final null to string */
|
||||
if (!BUF_MEM_grow_clean(&buf, len + 1))
|
||||
|
3
crypto/dist/openssl/crypto/dh/dh.h
vendored
3
crypto/dist/openssl/crypto/dh/dh.h
vendored
@ -72,7 +72,7 @@
|
||||
#ifndef OPENSSL_NO_DEPRECATED
|
||||
#include <openssl/bn.h>
|
||||
#endif
|
||||
|
||||
|
||||
#ifndef OPENSSL_DH_MAX_MODULUS_BITS
|
||||
# define OPENSSL_DH_MAX_MODULUS_BITS 10000
|
||||
#endif
|
||||
@ -225,6 +225,7 @@ void ERR_load_DH_strings(void);
|
||||
/* Reason codes. */
|
||||
#define DH_R_BAD_GENERATOR 101
|
||||
#define DH_R_INVALID_PUBKEY 102
|
||||
#define DH_R_MODULUS_TOO_LARGE 103
|
||||
#define DH_R_NO_PRIVATE_VALUE 100
|
||||
#define DH_R_MODULUS_TOO_LARGE 103
|
||||
|
||||
|
1
crypto/dist/openssl/crypto/dh/dh_err.c
vendored
1
crypto/dist/openssl/crypto/dh/dh_err.c
vendored
@ -85,6 +85,7 @@ static ERR_STRING_DATA DH_str_reasons[]=
|
||||
{ERR_REASON(DH_R_BAD_GENERATOR) ,"bad generator"},
|
||||
{ERR_REASON(DH_R_MODULUS_TOO_LARGE) ,"modulus too large"},
|
||||
{ERR_REASON(DH_R_INVALID_PUBKEY) ,"invalid public key"},
|
||||
{ERR_REASON(DH_R_MODULUS_TOO_LARGE) ,"modulus too large"},
|
||||
{ERR_REASON(DH_R_NO_PRIVATE_VALUE) ,"no private value"},
|
||||
{0,NULL}
|
||||
};
|
||||
|
2
crypto/dist/openssl/crypto/dh/dh_key.c
vendored
2
crypto/dist/openssl/crypto/dh/dh_key.c
vendored
@ -182,7 +182,7 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
|
||||
if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS)
|
||||
{
|
||||
DHerr(DH_F_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE);
|
||||
return -1;
|
||||
goto err;
|
||||
}
|
||||
|
||||
ctx = BN_CTX_new();
|
||||
|
1
crypto/dist/openssl/crypto/dsa/dsa.h
vendored
1
crypto/dist/openssl/crypto/dsa/dsa.h
vendored
@ -279,7 +279,6 @@ void ERR_load_DSA_strings(void);
|
||||
#define DSA_R_MISSING_PARAMETERS 101
|
||||
#define DSA_R_MODULUS_TOO_LARGE 103
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
6
crypto/dist/openssl/crypto/dsa/dsa_err.c
vendored
6
crypto/dist/openssl/crypto/dsa/dsa_err.c
vendored
@ -89,10 +89,10 @@ static ERR_STRING_DATA DSA_str_functs[]=
|
||||
|
||||
static ERR_STRING_DATA DSA_str_reasons[]=
|
||||
{
|
||||
{ERR_REASON(DSA_R_BAD_Q_VALUE) ,"bad q value"},
|
||||
{ERR_REASON(DSA_R_BAD_Q_VALUE) ,"bad q value"},
|
||||
{ERR_REASON(DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"},
|
||||
{ERR_REASON(DSA_R_MISSING_PARAMETERS) ,"missing parameters"},
|
||||
{ERR_REASON(DSA_R_MODULUS_TOO_LARGE) ,"modulus too large"},
|
||||
{ERR_REASON(DSA_R_MISSING_PARAMETERS) ,"missing parameters"},
|
||||
{ERR_REASON(DSA_R_MODULUS_TOO_LARGE) ,"modulus too large"},
|
||||
{0,NULL}
|
||||
};
|
||||
|
||||
|
7
crypto/dist/openssl/crypto/ec/ec.h
vendored
7
crypto/dist/openssl/crypto/ec/ec.h
vendored
@ -93,6 +93,10 @@ extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
#ifndef OPENSSL_ECC_MAX_FIELD_BITS
|
||||
# define OPENSSL_ECC_MAX_FIELD_BITS 661
|
||||
#endif
|
||||
|
||||
typedef enum {
|
||||
/* values as defined in X9.62 (ECDSA) and elsewhere */
|
||||
POINT_CONVERSION_COMPRESSED = 2,
|
||||
@ -482,6 +486,7 @@ void ERR_load_EC_strings(void);
|
||||
#define EC_R_D2I_ECPKPARAMETERS_FAILURE 117
|
||||
#define EC_R_DISCRIMINANT_IS_ZERO 118
|
||||
#define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE 119
|
||||
#define EC_R_FIELD_TOO_LARGE 138
|
||||
#define EC_R_GROUP2PKPARAMETERS_FAILURE 120
|
||||
#define EC_R_I2D_ECPKPARAMETERS_FAILURE 121
|
||||
#define EC_R_INCOMPATIBLE_OBJECTS 101
|
||||
@ -492,7 +497,9 @@ void ERR_load_EC_strings(void);
|
||||
#define EC_R_INVALID_FIELD 103
|
||||
#define EC_R_INVALID_FORM 104
|
||||
#define EC_R_INVALID_GROUP_ORDER 122
|
||||
#define EC_R_INVALID_PENTANOMIAL_BASIS 132
|
||||
#define EC_R_INVALID_PRIVATE_KEY 123
|
||||
#define EC_R_INVALID_TRINOMIAL_BASIS 137
|
||||
#define EC_R_MISSING_PARAMETERS 124
|
||||
#define EC_R_MISSING_PRIVATE_KEY 125
|
||||
#define EC_R_NOT_A_NIST_PRIME 135
|
||||
|
15
crypto/dist/openssl/crypto/err/err.c
vendored
15
crypto/dist/openssl/crypto/err/err.c
vendored
@ -548,9 +548,20 @@ static void build_SYS_str_reasons(void)
|
||||
int i;
|
||||
static int init = 1;
|
||||
|
||||
if (!init) return;
|
||||
|
||||
CRYPTO_r_lock(CRYPTO_LOCK_ERR);
|
||||
if (!init)
|
||||
{
|
||||
CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
|
||||
return;
|
||||
}
|
||||
|
||||
CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
|
||||
CRYPTO_w_lock(CRYPTO_LOCK_ERR);
|
||||
if (!init)
|
||||
{
|
||||
CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
|
||||
return;
|
||||
}
|
||||
|
||||
for (i = 1; i <= NUM_SYS_STR_REASONS; i++)
|
||||
{
|
||||
|
28
crypto/dist/openssl/crypto/evp/c_allc.c
vendored
28
crypto/dist/openssl/crypto/evp/c_allc.c
vendored
@ -183,6 +183,34 @@ void OpenSSL_add_all_ciphers(void)
|
||||
EVP_add_cipher_alias(SN_aes_256_cbc,"AES256");
|
||||
EVP_add_cipher_alias(SN_aes_256_cbc,"aes256");
|
||||
#endif
|
||||
|
||||
#ifndef OPENSSL_NO_CAMELLIA
|
||||
EVP_add_cipher(EVP_camellia_128_ecb());
|
||||
EVP_add_cipher(EVP_camellia_128_cbc());
|
||||
EVP_add_cipher(EVP_camellia_128_cfb());
|
||||
EVP_add_cipher(EVP_camellia_128_cfb1());
|
||||
EVP_add_cipher(EVP_camellia_128_cfb8());
|
||||
EVP_add_cipher(EVP_camellia_128_ofb());
|
||||
EVP_add_cipher_alias(SN_camellia_128_cbc,"CAMELLIA128");
|
||||
EVP_add_cipher_alias(SN_camellia_128_cbc,"camellia128");
|
||||
EVP_add_cipher(EVP_camellia_192_ecb());
|
||||
EVP_add_cipher(EVP_camellia_192_cbc());
|
||||
EVP_add_cipher(EVP_camellia_192_cfb());
|
||||
EVP_add_cipher(EVP_camellia_192_cfb1());
|
||||
EVP_add_cipher(EVP_camellia_192_cfb8());
|
||||
EVP_add_cipher(EVP_camellia_192_ofb());
|
||||
EVP_add_cipher_alias(SN_camellia_192_cbc,"CAMELLIA192");
|
||||
EVP_add_cipher_alias(SN_camellia_192_cbc,"camellia192");
|
||||
EVP_add_cipher(EVP_camellia_256_ecb());
|
||||
EVP_add_cipher(EVP_camellia_256_cbc());
|
||||
EVP_add_cipher(EVP_camellia_256_cfb());
|
||||
EVP_add_cipher(EVP_camellia_256_cfb1());
|
||||
EVP_add_cipher(EVP_camellia_256_cfb8());
|
||||
EVP_add_cipher(EVP_camellia_256_ofb());
|
||||
EVP_add_cipher_alias(SN_camellia_256_cbc,"CAMELLIA256");
|
||||
EVP_add_cipher_alias(SN_camellia_256_cbc,"camellia256");
|
||||
#endif
|
||||
|
||||
PKCS12_PBE_add();
|
||||
PKCS5_PBE_add();
|
||||
}
|
||||
|
25
crypto/dist/openssl/crypto/evp/evp.h
vendored
25
crypto/dist/openssl/crypto/evp/evp.h
vendored
@ -738,6 +738,29 @@ const EVP_CIPHER *EVP_aes_256_ofb(void);
|
||||
const EVP_CIPHER *EVP_aes_256_ctr(void);
|
||||
#endif
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_CAMELLIA
|
||||
const EVP_CIPHER *EVP_camellia_128_ecb(void);
|
||||
const EVP_CIPHER *EVP_camellia_128_cbc(void);
|
||||
const EVP_CIPHER *EVP_camellia_128_cfb1(void);
|
||||
const EVP_CIPHER *EVP_camellia_128_cfb8(void);
|
||||
const EVP_CIPHER *EVP_camellia_128_cfb128(void);
|
||||
# define EVP_camellia_128_cfb EVP_camellia_128_cfb128
|
||||
const EVP_CIPHER *EVP_camellia_128_ofb(void);
|
||||
const EVP_CIPHER *EVP_camellia_192_ecb(void);
|
||||
const EVP_CIPHER *EVP_camellia_192_cbc(void);
|
||||
const EVP_CIPHER *EVP_camellia_192_cfb1(void);
|
||||
const EVP_CIPHER *EVP_camellia_192_cfb8(void);
|
||||
const EVP_CIPHER *EVP_camellia_192_cfb128(void);
|
||||
# define EVP_camellia_192_cfb EVP_camellia_192_cfb128
|
||||
const EVP_CIPHER *EVP_camellia_192_ofb(void);
|
||||
const EVP_CIPHER *EVP_camellia_256_ecb(void);
|
||||
const EVP_CIPHER *EVP_camellia_256_cbc(void);
|
||||
const EVP_CIPHER *EVP_camellia_256_cfb1(void);
|
||||
const EVP_CIPHER *EVP_camellia_256_cfb8(void);
|
||||
const EVP_CIPHER *EVP_camellia_256_cfb128(void);
|
||||
# define EVP_camellia_256_cfb EVP_camellia_256_cfb128
|
||||
const EVP_CIPHER *EVP_camellia_256_ofb(void);
|
||||
#endif
|
||||
|
||||
void OPENSSL_add_all_algorithms_noconf(void);
|
||||
void OPENSSL_add_all_algorithms_conf(void);
|
||||
@ -854,6 +877,7 @@ void ERR_load_EVP_strings(void);
|
||||
|
||||
/* Function codes. */
|
||||
#define EVP_F_AES_INIT_KEY 133
|
||||
#define EVP_F_CAMELLIA_INIT_KEY 159
|
||||
#define EVP_F_D2I_PKEY 100
|
||||
#define EVP_F_DSAPKEY2PKCS8 134
|
||||
#define EVP_F_DSA_PKEY2PKCS8 135
|
||||
@ -897,6 +921,7 @@ void ERR_load_EVP_strings(void);
|
||||
#define EVP_R_BAD_KEY_LENGTH 137
|
||||
#define EVP_R_BN_DECODE_ERROR 112
|
||||
#define EVP_R_BN_PUBKEY_ERROR 113
|
||||
#define EVP_R_CAMELLIA_KEY_SETUP_FAILED 157
|
||||
#define EVP_R_CIPHER_PARAMETER_ERROR 122
|
||||
#define EVP_R_CTRL_NOT_IMPLEMENTED 132
|
||||
#define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133
|
||||
|
6
crypto/dist/openssl/crypto/opensslconf.h
vendored
6
crypto/dist/openssl/crypto/opensslconf.h
vendored
@ -4,6 +4,9 @@
|
||||
/* OpenSSL was configured with the following options: */
|
||||
#ifndef OPENSSL_DOING_MAKEDEPEND
|
||||
|
||||
#ifndef OPENSSL_NO_CAMELLIA
|
||||
# define OPENSSL_NO_CAMELLIA
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_GMP
|
||||
# define OPENSSL_NO_GMP
|
||||
#endif
|
||||
@ -29,6 +32,9 @@
|
||||
who haven't had the time to do the appropriate changes in their
|
||||
applications. */
|
||||
#ifdef OPENSSL_ALGORITHM_DEFINES
|
||||
# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA)
|
||||
# define NO_CAMELLIA
|
||||
# endif
|
||||
# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
|
||||
# define NO_GMP
|
||||
# endif
|
||||
|
6
crypto/dist/openssl/crypto/opensslv.h
vendored
6
crypto/dist/openssl/crypto/opensslv.h
vendored
@ -25,11 +25,11 @@
|
||||
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
|
||||
* major minor fix final patch/beta)
|
||||
*/
|
||||
#define OPENSSL_VERSION_NUMBER 0x0090802fL
|
||||
#define OPENSSL_VERSION_NUMBER 0x0090804f
|
||||
#ifdef OPENSSL_FIPS
|
||||
#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8b-fips 04 May 2006"
|
||||
#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8d-fips 28 Sep 2006"
|
||||
#else
|
||||
#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8b 04 May 2006"
|
||||
#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8d 28 Sep 2006"
|
||||
#endif
|
||||
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
|
||||
|
||||
|
4
crypto/dist/openssl/crypto/pkcs7/pk7_smime.c
vendored
4
crypto/dist/openssl/crypto/pkcs7/pk7_smime.c
vendored
@ -127,9 +127,12 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
|
||||
}
|
||||
}
|
||||
|
||||
if(flags & PKCS7_DETACHED)PKCS7_set_detached(p7, 1);
|
||||
|
||||
if (flags & PKCS7_STREAM)
|
||||
return p7;
|
||||
|
||||
|
||||
if (!(p7bio = PKCS7_dataInit(p7, NULL))) {
|
||||
PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
|
||||
PKCS7_free(p7);
|
||||
@ -138,7 +141,6 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
|
||||
|
||||
SMIME_crlf_copy(data, p7bio, flags);
|
||||
|
||||
if(flags & PKCS7_DETACHED)PKCS7_set_detached(p7, 1);
|
||||
|
||||
if (!PKCS7_dataFinal(p7,p7bio)) {
|
||||
PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_DATASIGN);
|
||||
|
7
crypto/dist/openssl/crypto/rsa/rsa.h
vendored
7
crypto/dist/openssl/crypto/rsa/rsa.h
vendored
@ -160,14 +160,14 @@ struct rsa_st
|
||||
};
|
||||
|
||||
#ifndef OPENSSL_RSA_MAX_MODULUS_BITS
|
||||
# define OPENSSL_RSA_MAX_MODULUS_BITS 16400
|
||||
# define OPENSSL_RSA_MAX_MODULUS_BITS 16384
|
||||
#endif
|
||||
|
||||
#ifndef OPENSSL_RSA_SMALL_MODULUS_BITS
|
||||
# define OPENSSL_RSA_SMALL_MODULUS_BITS 4112
|
||||
# define OPENSSL_RSA_SMALL_MODULUS_BITS 3072
|
||||
#endif
|
||||
#ifndef OPENSSL_RSA_MAX_PUBEXP_BITS
|
||||
# define OPENSSL_RSA_MAX_PUBEXP_BITS 72 /* exponent limit enforced for "large" modulus only */
|
||||
# define OPENSSL_RSA_MAX_PUBEXP_BITS 64 /* exponent limit enforced for "large" modulus only */
|
||||
#endif
|
||||
|
||||
#define RSA_3 0x3L
|
||||
@ -419,6 +419,7 @@ void ERR_load_RSA_strings(void);
|
||||
#define RSA_R_KEY_SIZE_TOO_SMALL 120
|
||||
#define RSA_R_MODULUS_TOO_LARGE 105
|
||||
#define RSA_R_LAST_OCTET_INVALID 134
|
||||
#define RSA_R_MODULUS_TOO_LARGE 105
|
||||
#define RSA_R_NO_PUBLIC_EXPONENT 140
|
||||
#define RSA_R_NULL_BEFORE_BLOCK_MISSING 113
|
||||
#define RSA_R_N_DOES_NOT_EQUAL_P_Q 127
|
||||
|
81
crypto/dist/openssl/crypto/rsa/rsa_eay.c
vendored
81
crypto/dist/openssl/crypto/rsa/rsa_eay.c
vendored
@ -56,7 +56,7 @@
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
|
||||
* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
@ -168,6 +168,28 @@ static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
|
||||
unsigned char *buf=NULL;
|
||||
BN_CTX *ctx=NULL;
|
||||
|
||||
if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS)
|
||||
{
|
||||
RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE);
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (BN_ucmp(rsa->n, rsa->e) <= 0)
|
||||
{
|
||||
RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* for large moduli, enforce exponent limit */
|
||||
if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS)
|
||||
{
|
||||
if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS)
|
||||
{
|
||||
RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
if ((ctx=BN_CTX_new()) == NULL) goto err;
|
||||
BN_CTX_start(ctx);
|
||||
f = BN_CTX_get(ctx);
|
||||
@ -238,40 +260,63 @@ err:
|
||||
return(r);
|
||||
}
|
||||
|
||||
static BN_BLINDING *rsa_get_blinding(RSA *rsa, BIGNUM **r, int *local, BN_CTX *ctx)
|
||||
static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx)
|
||||
{
|
||||
BN_BLINDING *ret;
|
||||
int got_write_lock = 0;
|
||||
|
||||
CRYPTO_r_lock(CRYPTO_LOCK_RSA);
|
||||
|
||||
if (rsa->blinding == NULL)
|
||||
{
|
||||
CRYPTO_r_unlock(CRYPTO_LOCK_RSA);
|
||||
CRYPTO_w_lock(CRYPTO_LOCK_RSA);
|
||||
got_write_lock = 1;
|
||||
|
||||
if (rsa->blinding == NULL)
|
||||
{
|
||||
CRYPTO_w_lock(CRYPTO_LOCK_RSA);
|
||||
if (rsa->blinding == NULL)
|
||||
rsa->blinding = RSA_setup_blinding(rsa, ctx);
|
||||
CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
|
||||
}
|
||||
rsa->blinding = RSA_setup_blinding(rsa, ctx);
|
||||
}
|
||||
|
||||
ret = rsa->blinding;
|
||||
if (ret == NULL)
|
||||
return NULL;
|
||||
goto err;
|
||||
|
||||
if (BN_BLINDING_get_thread_id(ret) != CRYPTO_thread_id())
|
||||
if (BN_BLINDING_get_thread_id(ret) == CRYPTO_thread_id())
|
||||
{
|
||||
*local = 0;
|
||||
/* rsa->blinding is ours! */
|
||||
|
||||
*local = 1;
|
||||
}
|
||||
else
|
||||
{
|
||||
/* resort to rsa->mt_blinding instead */
|
||||
|
||||
*local = 0; /* instructs rsa_blinding_convert(), rsa_blinding_invert()
|
||||
* that the BN_BLINDING is shared, meaning that accesses
|
||||
* require locks, and that the blinding factor must be
|
||||
* stored outside the BN_BLINDING
|
||||
*/
|
||||
|
||||
if (rsa->mt_blinding == NULL)
|
||||
{
|
||||
CRYPTO_w_lock(CRYPTO_LOCK_RSA);
|
||||
if (!got_write_lock)
|
||||
{
|
||||
CRYPTO_r_unlock(CRYPTO_LOCK_RSA);
|
||||
CRYPTO_w_lock(CRYPTO_LOCK_RSA);
|
||||
got_write_lock = 1;
|
||||
}
|
||||
|
||||
if (rsa->mt_blinding == NULL)
|
||||
rsa->mt_blinding = RSA_setup_blinding(rsa, ctx);
|
||||
CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
|
||||
}
|
||||
ret = rsa->mt_blinding;
|
||||
}
|
||||
else
|
||||
*local = 1;
|
||||
|
||||
err:
|
||||
if (got_write_lock)
|
||||
CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
|
||||
else
|
||||
CRYPTO_r_unlock(CRYPTO_LOCK_RSA);
|
||||
return ret;
|
||||
}
|
||||
|
||||
@ -358,7 +403,7 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
|
||||
|
||||
if (!(rsa->flags & RSA_FLAG_NO_BLINDING))
|
||||
{
|
||||
blinding = rsa_get_blinding(rsa, &br, &local_blinding, ctx);
|
||||
blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
|
||||
if (blinding == NULL)
|
||||
{
|
||||
RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_INTERNAL_ERROR);
|
||||
@ -501,7 +546,7 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
|
||||
|
||||
if (!(rsa->flags & RSA_FLAG_NO_BLINDING))
|
||||
{
|
||||
blinding = rsa_get_blinding(rsa, &br, &local_blinding, ctx);
|
||||
blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
|
||||
if (blinding == NULL)
|
||||
{
|
||||
RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_INTERNAL_ERROR);
|
||||
@ -617,7 +662,7 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
if((ctx = BN_CTX_new()) == NULL) goto err;
|
||||
BN_CTX_start(ctx);
|
||||
f = BN_CTX_get(ctx);
|
||||
|
1
crypto/dist/openssl/crypto/rsa/rsa_err.c
vendored
1
crypto/dist/openssl/crypto/rsa/rsa_err.c
vendored
@ -138,6 +138,7 @@ static ERR_STRING_DATA RSA_str_reasons[]=
|
||||
{ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL) ,"key size too small"},
|
||||
{ERR_REASON(RSA_R_MODULUS_TOO_LARGE) ,"modululs too large"},
|
||||
{ERR_REASON(RSA_R_LAST_OCTET_INVALID) ,"last octet invalid"},
|
||||
{ERR_REASON(RSA_R_MODULUS_TOO_LARGE) ,"modulus too large"},
|
||||
{ERR_REASON(RSA_R_NO_PUBLIC_EXPONENT) ,"no public exponent"},
|
||||
{ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING),"null before block missing"},
|
||||
{ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q) ,"n does not equal p q"},
|
||||
|
2
crypto/dist/openssl/crypto/rsa/rsa_sign.c
vendored
2
crypto/dist/openssl/crypto/rsa/rsa_sign.c
vendored
@ -196,7 +196,7 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
|
||||
/* Parameters to the signature algorithm can also be used to
|
||||
create forgeries */
|
||||
if(sig->algor->parameter
|
||||
&& sig->algor->parameter->type != V_ASN1_NULL)
|
||||
&& ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL)
|
||||
{
|
||||
RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
|
||||
goto err;
|
||||
|
26
crypto/dist/openssl/doc/apps/ciphers.pod
vendored
26
crypto/dist/openssl/doc/apps/ciphers.pod
vendored
@ -125,11 +125,11 @@ the cipher suites not enabled by B<ALL>, currently being B<eNULL>.
|
||||
=item B<HIGH>
|
||||
|
||||
"high" encryption cipher suites. This currently means those with key lengths larger
|
||||
than 128 bits.
|
||||
than 128 bits, and some cipher suites with 128-bit keys.
|
||||
|
||||
=item B<MEDIUM>
|
||||
|
||||
"medium" encryption cipher suites, currently those using 128 bit encryption.
|
||||
"medium" encryption cipher suites, currently some of those using 128 bit encryption.
|
||||
|
||||
=item B<LOW>
|
||||
|
||||
@ -235,6 +235,10 @@ cipher suites using MD5.
|
||||
|
||||
cipher suites using SHA1.
|
||||
|
||||
=item B<Camellia>
|
||||
|
||||
cipher suites using Camellia.
|
||||
|
||||
=back
|
||||
|
||||
=head1 CIPHER SUITE NAMES
|
||||
@ -330,6 +334,24 @@ e.g. DES-CBC3-SHA. In these cases, RSA authentication is used.
|
||||
TLS_DH_anon_WITH_AES_128_CBC_SHA ADH-AES128-SHA
|
||||
TLS_DH_anon_WITH_AES_256_CBC_SHA ADH-AES256-SHA
|
||||
|
||||
=head2 Camellia ciphersuites from RFC4132, extending TLS v1.0
|
||||
|
||||
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA CAMELLIA128-SHA
|
||||
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA CAMELLIA256-SHA
|
||||
|
||||
TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA Not implemented.
|
||||
TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA Not implemented.
|
||||
TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA Not implemented.
|
||||
TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA Not implemented.
|
||||
|
||||
TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA DHE-DSS-CAMELLIA128-SHA
|
||||
TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA DHE-DSS-CAMELLIA256-SHA
|
||||
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA DHE-RSA-CAMELLIA128-SHA
|
||||
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA DHE-RSA-CAMELLIA256-SHA
|
||||
|
||||
TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA ADH-CAMELLIA128-SHA
|
||||
TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA ADH-CAMELLIA256-SHA
|
||||
|
||||
=head2 Additional Export 1024 and other cipher suites
|
||||
|
||||
Note: these ciphers can also be used in SSL v3.
|
||||
|
11
crypto/dist/openssl/doc/apps/smime.pod
vendored
11
crypto/dist/openssl/doc/apps/smime.pod
vendored
@ -20,6 +20,9 @@ B<openssl> B<smime>
|
||||
[B<-aes128>]
|
||||
[B<-aes192>]
|
||||
[B<-aes256>]
|
||||
[B<-camellia128>]
|
||||
[B<-camellia192>]
|
||||
[B<-camellia256>]
|
||||
[B<-in file>]
|
||||
[B<-certfile file>]
|
||||
[B<-signer file>]
|
||||
@ -129,10 +132,10 @@ B<-verify>. This directory must be a standard certificate directory: that
|
||||
is a hash of each subject name (using B<x509 -hash>) should be linked
|
||||
to each certificate.
|
||||
|
||||
=item B<-des -des3 -rc2-40 -rc2-64 -rc2-128 -aes128 -aes192 -aes256>
|
||||
=item B<-des -des3 -rc2-40 -rc2-64 -rc2-128 -aes128 -aes192 -aes256 -camellia128 -camellia192 -camellia256>
|
||||
|
||||
the encryption algorithm to use. DES (56 bits), triple DES (168 bits),
|
||||
40, 64 or 128 bit RC2 or 128, 192 or 256 bit AES respectively. If not
|
||||
40, 64 or 128 bit RC2, 128, 192 or 256 bit AES, or 128, 192 or 256 bit Camellia respectively. If not
|
||||
specified 40 bit RC2 is used. Only used with B<-encrypt>.
|
||||
|
||||
=item B<-nointern>
|
||||
@ -354,6 +357,10 @@ alternatively you can base64 decode the signature and use
|
||||
|
||||
openssl smime -verify -inform DER -in signature.der -content content.txt
|
||||
|
||||
Create an encrypted message using 128 bit Camellia:
|
||||
|
||||
openssl smime -encrypt -in plain.txt -camellia128 -out mail.msg cert.pem
|
||||
|
||||
=head1 BUGS
|
||||
|
||||
The MIME parser isn't very clever: it seems to handle most messages that I've thrown
|
||||
|
184
crypto/dist/openssl/ms/mingw32.bat
vendored
184
crypto/dist/openssl/ms/mingw32.bat
vendored
@ -1,90 +1,94 @@
|
||||
@rem OpenSSL with Mingw32+GNU as
|
||||
@rem ---------------------------
|
||||
|
||||
perl Configure mingw %1 %2 %3 %4 %5 %6 %7 %8
|
||||
|
||||
@echo off
|
||||
|
||||
perl -e "exit 1 if '%1' eq 'no-asm'"
|
||||
if errorlevel 1 goto noasm
|
||||
|
||||
echo Generating x86 for GNU assember
|
||||
|
||||
echo Bignum
|
||||
cd crypto\bn\asm
|
||||
perl bn-586.pl gaswin > bn-win32.s
|
||||
perl co-586.pl gaswin > co-win32.s
|
||||
cd ..\..\..
|
||||
|
||||
echo DES
|
||||
cd crypto\des\asm
|
||||
perl des-586.pl gaswin > d-win32.s
|
||||
cd ..\..\..
|
||||
|
||||
echo crypt
|
||||
cd crypto\des\asm
|
||||
perl crypt586.pl gaswin > y-win32.s
|
||||
cd ..\..\..
|
||||
|
||||
echo Blowfish
|
||||
cd crypto\bf\asm
|
||||
perl bf-586.pl gaswin > b-win32.s
|
||||
cd ..\..\..
|
||||
|
||||
echo CAST5
|
||||
cd crypto\cast\asm
|
||||
perl cast-586.pl gaswin > c-win32.s
|
||||
cd ..\..\..
|
||||
|
||||
echo RC4
|
||||
cd crypto\rc4\asm
|
||||
perl rc4-586.pl gaswin > r4-win32.s
|
||||
cd ..\..\..
|
||||
|
||||
echo MD5
|
||||
cd crypto\md5\asm
|
||||
perl md5-586.pl gaswin > m5-win32.s
|
||||
cd ..\..\..
|
||||
|
||||
echo SHA1
|
||||
cd crypto\sha\asm
|
||||
perl sha1-586.pl gaswin > s1-win32.s
|
||||
cd ..\..\..
|
||||
|
||||
echo RIPEMD160
|
||||
cd crypto\ripemd\asm
|
||||
perl rmd-586.pl gaswin > rm-win32.s
|
||||
cd ..\..\..
|
||||
|
||||
echo RC5\32
|
||||
cd crypto\rc5\asm
|
||||
perl rc5-586.pl gaswin > r5-win32.s
|
||||
cd ..\..\..
|
||||
|
||||
:noasm
|
||||
|
||||
echo Generating makefile
|
||||
perl util\mkfiles.pl >MINFO
|
||||
perl util\mk1mf.pl gaswin Mingw32 >ms\mingw32a.mak
|
||||
echo Generating DLL definition files
|
||||
perl util\mkdef.pl 32 libeay >ms\libeay32.def
|
||||
if errorlevel 1 goto end
|
||||
perl util\mkdef.pl 32 ssleay >ms\ssleay32.def
|
||||
if errorlevel 1 goto end
|
||||
|
||||
rem copy ms\tlhelp32.h outinc
|
||||
|
||||
echo Building the libraries
|
||||
mingw32-make -f ms/mingw32a.mak
|
||||
if errorlevel 1 goto end
|
||||
|
||||
echo Generating the DLLs and input libraries
|
||||
dllwrap --dllname libeay32.dll --output-lib out/libeay32.a --def ms/libeay32.def out/libcrypto.a -lwsock32 -lgdi32
|
||||
if errorlevel 1 goto end
|
||||
dllwrap --dllname libssl32.dll --output-lib out/libssl32.a --def ms/ssleay32.def out/libssl.a out/libeay32.a
|
||||
if errorlevel 1 goto end
|
||||
|
||||
echo Done compiling OpenSSL
|
||||
|
||||
:end
|
||||
|
||||
@rem OpenSSL with Mingw32+GNU as
|
||||
@rem ---------------------------
|
||||
|
||||
perl Configure mingw %1 %2 %3 %4 %5 %6 %7 %8
|
||||
|
||||
@echo off
|
||||
|
||||
perl -e "exit 1 if '%1' eq 'no-asm'"
|
||||
if errorlevel 1 goto noasm
|
||||
|
||||
echo Generating x86 for GNU assember
|
||||
|
||||
echo Bignum
|
||||
cd crypto\bn\asm
|
||||
perl bn-586.pl gaswin > bn-win32.s
|
||||
perl co-586.pl gaswin > co-win32.s
|
||||
cd ..\..\..
|
||||
|
||||
echo DES
|
||||
cd crypto\des\asm
|
||||
perl des-586.pl gaswin > d-win32.s
|
||||
cd ..\..\..
|
||||
|
||||
echo crypt
|
||||
cd crypto\des\asm
|
||||
perl crypt586.pl gaswin > y-win32.s
|
||||
cd ..\..\..
|
||||
|
||||
echo Blowfish
|
||||
cd crypto\bf\asm
|
||||
perl bf-586.pl gaswin > b-win32.s
|
||||
cd ..\..\..
|
||||
|
||||
echo CAST5
|
||||
cd crypto\cast\asm
|
||||
perl cast-586.pl gaswin > c-win32.s
|
||||
cd ..\..\..
|
||||
|
||||
echo RC4
|
||||
cd crypto\rc4\asm
|
||||
perl rc4-586.pl gaswin > r4-win32.s
|
||||
cd ..\..\..
|
||||
|
||||
echo MD5
|
||||
cd crypto\md5\asm
|
||||
perl md5-586.pl gaswin > m5-win32.s
|
||||
cd ..\..\..
|
||||
|
||||
echo SHA1
|
||||
cd crypto\sha\asm
|
||||
perl sha1-586.pl gaswin > s1-win32.s
|
||||
cd ..\..\..
|
||||
|
||||
echo RIPEMD160
|
||||
cd crypto\ripemd\asm
|
||||
perl rmd-586.pl gaswin > rm-win32.s
|
||||
cd ..\..\..
|
||||
|
||||
echo RC5\32
|
||||
cd crypto\rc5\asm
|
||||
perl rc5-586.pl gaswin > r5-win32.s
|
||||
cd ..\..\..
|
||||
echo CPUID
|
||||
cd crypto
|
||||
perl x86cpuid.pl gaswin > cpu-win32.s
|
||||
cd ..
|
||||
|
||||
:noasm
|
||||
|
||||
echo Generating makefile
|
||||
perl util\mkfiles.pl >MINFO
|
||||
perl util\mk1mf.pl gaswin Mingw32 >ms\mingw32a.mak
|
||||
echo Generating DLL definition files
|
||||
perl util\mkdef.pl 32 libeay >ms\libeay32.def
|
||||
if errorlevel 1 goto end
|
||||
perl util\mkdef.pl 32 ssleay >ms\ssleay32.def
|
||||
if errorlevel 1 goto end
|
||||
|
||||
rem copy ms\tlhelp32.h outinc
|
||||
|
||||
echo Building the libraries
|
||||
mingw32-make -f ms/mingw32a.mak
|
||||
if errorlevel 1 goto end
|
||||
|
||||
echo Generating the DLLs and input libraries
|
||||
dllwrap --dllname libeay32.dll --output-lib out/libeay32.a --def ms/libeay32.def out/libcrypto.a -lwsock32 -lgdi32
|
||||
if errorlevel 1 goto end
|
||||
dllwrap --dllname libssl32.dll --output-lib out/libssl32.a --def ms/ssleay32.def out/libssl.a out/libeay32.a
|
||||
if errorlevel 1 goto end
|
||||
|
||||
echo Done compiling OpenSSL
|
||||
|
||||
:end
|
||||
|
||||
|
4
crypto/dist/openssl/ssl/s2_clnt.c
vendored
4
crypto/dist/openssl/ssl/s2_clnt.c
vendored
@ -520,8 +520,8 @@ static int get_server_hello(SSL *s)
|
||||
CRYPTO_add(&s->session->peer->references, 1, CRYPTO_LOCK_X509);
|
||||
}
|
||||
|
||||
if (s->session->sess_cert == NULL
|
||||
|| s->session->peer != s->session->sess_cert->peer_key->x509)
|
||||
if (s->session->sess_cert == NULL
|
||||
|| s->session->peer != s->session->sess_cert->peer_key->x509)
|
||||
/* can't happen */
|
||||
{
|
||||
ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
|
||||
|
2
crypto/dist/openssl/ssl/s2_lib.c
vendored
2
crypto/dist/openssl/ssl/s2_lib.c
vendored
@ -178,7 +178,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
/* RC4_64_WITH_MD5 */
|
||||
#if 1
|
||||
#if 0
|
||||
{
|
||||
1,
|
||||
SSL2_TXT_RC4_64_WITH_MD5,
|
||||
|
174
crypto/dist/openssl/ssl/s3_lib.c
vendored
174
crypto/dist/openssl/ssl/s3_lib.c
vendored
@ -56,7 +56,7 @@
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
|
||||
* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
@ -902,8 +902,92 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
#ifndef OPENSSL_NO_CAMELLIA
|
||||
/* Camellia ciphersuites from RFC4132 (128-bit portion) */
|
||||
|
||||
/* Cipher 41 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
|
||||
TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
|
||||
SSL_kRSA|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP|SSL_HIGH,
|
||||
0,
|
||||
128,
|
||||
128,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS
|
||||
},
|
||||
/* Cipher 42 */
|
||||
{
|
||||
0, /* not implemented (non-ephemeral DH) */
|
||||
TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
|
||||
TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
|
||||
SSL_kDHd|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP|SSL_HIGH,
|
||||
0,
|
||||
128,
|
||||
128,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS
|
||||
},
|
||||
/* Cipher 43 */
|
||||
{
|
||||
0, /* not implemented (non-ephemeral DH) */
|
||||
TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
|
||||
TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
|
||||
SSL_kDHr|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP|SSL_HIGH,
|
||||
0,
|
||||
128,
|
||||
128,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS
|
||||
},
|
||||
/* Cipher 44 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
|
||||
TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
|
||||
SSL_kEDH|SSL_aDSS|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP|SSL_HIGH,
|
||||
0,
|
||||
128,
|
||||
128,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS
|
||||
},
|
||||
/* Cipher 45 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
|
||||
TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
|
||||
SSL_kEDH|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP|SSL_HIGH,
|
||||
0,
|
||||
128,
|
||||
128,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS
|
||||
},
|
||||
/* Cipher 46 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
|
||||
TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
|
||||
SSL_kEDH|SSL_aNULL|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP|SSL_HIGH,
|
||||
0,
|
||||
128,
|
||||
128,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS
|
||||
},
|
||||
#endif /* OPENSSL_NO_CAMELLIA */
|
||||
|
||||
#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
|
||||
/* New TLS Export CipherSuites */
|
||||
/* New TLS Export CipherSuites from expired ID */
|
||||
#if 0
|
||||
/* Cipher 60 */
|
||||
{
|
||||
1,
|
||||
@ -930,6 +1014,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
#endif
|
||||
/* Cipher 62 */
|
||||
{
|
||||
1,
|
||||
@ -996,6 +1081,90 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||
SSL_ALL_STRENGTHS
|
||||
},
|
||||
#endif
|
||||
|
||||
#ifndef OPENSSL_NO_CAMELLIA
|
||||
/* Camellia ciphersuites from RFC4132 (256-bit portion) */
|
||||
|
||||
/* Cipher 84 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
|
||||
TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
|
||||
SSL_kRSA|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP|SSL_HIGH,
|
||||
0,
|
||||
256,
|
||||
256,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS
|
||||
},
|
||||
/* Cipher 85 */
|
||||
{
|
||||
0, /* not implemented (non-ephemeral DH) */
|
||||
TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
|
||||
TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
|
||||
SSL_kDHd|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP|SSL_HIGH,
|
||||
0,
|
||||
256,
|
||||
256,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS
|
||||
},
|
||||
/* Cipher 86 */
|
||||
{
|
||||
0, /* not implemented (non-ephemeral DH) */
|
||||
TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
|
||||
TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
|
||||
SSL_kDHr|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP|SSL_HIGH,
|
||||
0,
|
||||
256,
|
||||
256,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS
|
||||
},
|
||||
/* Cipher 87 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
|
||||
TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
|
||||
SSL_kEDH|SSL_aDSS|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP|SSL_HIGH,
|
||||
0,
|
||||
256,
|
||||
256,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS
|
||||
},
|
||||
/* Cipher 88 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
|
||||
TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
|
||||
SSL_kEDH|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP|SSL_HIGH,
|
||||
0,
|
||||
256,
|
||||
256,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS
|
||||
},
|
||||
/* Cipher 89 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
|
||||
TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
|
||||
SSL_kEDH|SSL_aNULL|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP|SSL_HIGH,
|
||||
0,
|
||||
256,
|
||||
256,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS
|
||||
},
|
||||
#endif /* OPENSSL_NO_CAMELLIA */
|
||||
|
||||
#ifndef OPENSSL_NO_ECDH
|
||||
/* Cipher C001 */
|
||||
{
|
||||
@ -1348,6 +1517,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||
},
|
||||
#endif /* OPENSSL_NO_ECDH */
|
||||
|
||||
|
||||
/* end of list */
|
||||
};
|
||||
|
||||
|
9
crypto/dist/openssl/ssl/ssl.h
vendored
9
crypto/dist/openssl/ssl/ssl.h
vendored
@ -109,7 +109,7 @@
|
||||
*
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
|
||||
* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
@ -282,6 +282,7 @@ extern "C" {
|
||||
#define SSL_TXT_RC2 "RC2"
|
||||
#define SSL_TXT_IDEA "IDEA"
|
||||
#define SSL_TXT_AES "AES"
|
||||
#define SSL_TXT_CAMELLIA "CAMELLIA"
|
||||
#define SSL_TXT_MD5 "MD5"
|
||||
#define SSL_TXT_SHA1 "SHA1"
|
||||
#define SSL_TXT_SHA "SHA"
|
||||
@ -315,7 +316,11 @@ extern "C" {
|
||||
/* The following cipher list is used by default.
|
||||
* It also is substituted when an application-defined cipher list string
|
||||
* starts with 'DEFAULT'. */
|
||||
#define SSL_DEFAULT_CIPHER_LIST "ALL:!ADH:+RC4:@STRENGTH" /* low priority for RC4 */
|
||||
#ifdef OPENSSL_NO_CAMELLIA
|
||||
# define SSL_DEFAULT_CIPHER_LIST "ALL:!ADH:+RC4:@STRENGTH" /* low priority for RC4 */
|
||||
#else
|
||||
# define SSL_DEFAULT_CIPHER_LIST "AES:CAMELLIA:-ECCdraft:ALL:!ADH:+RC4:@STRENGTH" /* low priority for RC4 */
|
||||
#endif
|
||||
|
||||
/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
|
||||
#define SSL_SENT_SHUTDOWN 1
|
||||
|
28
crypto/dist/openssl/ssl/ssl_cert.c
vendored
28
crypto/dist/openssl/ssl/ssl_cert.c
vendored
@ -56,7 +56,7 @@
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
|
||||
* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
@ -73,12 +73,12 @@
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
|
||||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* openssl-core@OpenSSL.org.
|
||||
* openssl-core@openssl.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
@ -87,7 +87,7 @@
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
|
||||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
@ -102,6 +102,11 @@
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
* This product includes cryptographic software written by Eric Young
|
||||
* (eay@cryptsoft.com). This product includes software written by Tim
|
||||
* Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
|
||||
@ -130,21 +135,28 @@
|
||||
int SSL_get_ex_data_X509_STORE_CTX_idx(void)
|
||||
{
|
||||
static volatile int ssl_x509_store_ctx_idx= -1;
|
||||
int got_write_lock = 0;
|
||||
|
||||
CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
|
||||
|
||||
if (ssl_x509_store_ctx_idx < 0)
|
||||
{
|
||||
/* any write lock will do; usually this branch
|
||||
* will only be taken once anyway */
|
||||
CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
|
||||
CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
|
||||
got_write_lock = 1;
|
||||
|
||||
if (ssl_x509_store_ctx_idx < 0)
|
||||
{
|
||||
ssl_x509_store_ctx_idx=X509_STORE_CTX_get_ex_new_index(
|
||||
0,"SSL for verify callback",NULL,NULL,NULL);
|
||||
}
|
||||
|
||||
CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
|
||||
}
|
||||
|
||||
if (got_write_lock)
|
||||
CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
|
||||
else
|
||||
CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
|
||||
|
||||
return ssl_x509_store_ctx_idx;
|
||||
}
|
||||
|
||||
|
178
crypto/dist/openssl/ssl/ssl_ciph.c
vendored
178
crypto/dist/openssl/ssl/ssl_ciph.c
vendored
@ -55,6 +55,59 @@
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* openssl-core@openssl.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
* This product includes cryptographic software written by Eric Young
|
||||
* (eay@cryptsoft.com). This product includes software written by Tim
|
||||
* Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
|
||||
* ECC cipher suite support in OpenSSL originally developed by
|
||||
@ -75,6 +128,11 @@
|
||||
#define SSL_ENC_AES128_IDX 7
|
||||
#define SSL_ENC_AES256_IDX 8
|
||||
#define SSL_ENC_NUM_IDX 9
|
||||
#define SSL_ENC_CAMELLIA128_IDX 9
|
||||
#define SSL_ENC_CAMELLIA256_IDX 10
|
||||
#undef SSL_ENC_NUM_IDX
|
||||
#define SSL_ENC_NUM_IDX 11
|
||||
|
||||
|
||||
static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={
|
||||
NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL
|
||||
@ -141,6 +199,7 @@ static const SSL_CIPHER cipher_aliases[]={
|
||||
{0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0},
|
||||
{0,SSL_TXT_eFZA,0,SSL_eFZA, 0,0,0,0,SSL_ENC_MASK,0},
|
||||
{0,SSL_TXT_AES, 0,SSL_AES, 0,0,0,0,SSL_ENC_MASK,0},
|
||||
{0,SSL_TXT_CAMELLIA, 0,SSL_CAMELLIA, 0,0,0,0,SSL_ENC_MASK,0},
|
||||
|
||||
{0,SSL_TXT_MD5, 0,SSL_MD5, 0,0,0,0,SSL_MAC_MASK,0},
|
||||
{0,SSL_TXT_SHA1,0,SSL_SHA1, 0,0,0,0,SSL_MAC_MASK,0},
|
||||
@ -185,6 +244,10 @@ void ssl_load_ciphers(void)
|
||||
EVP_get_cipherbyname(SN_aes_128_cbc);
|
||||
ssl_cipher_methods[SSL_ENC_AES256_IDX]=
|
||||
EVP_get_cipherbyname(SN_aes_256_cbc);
|
||||
ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX]=
|
||||
EVP_get_cipherbyname(SN_camellia_128_cbc);
|
||||
ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX]=
|
||||
EVP_get_cipherbyname(SN_camellia_256_cbc);
|
||||
|
||||
ssl_digest_methods[SSL_MD_MD5_IDX]=
|
||||
EVP_get_digestbyname(SN_md5);
|
||||
@ -203,36 +266,46 @@ static int sk_comp_cmp(const SSL_COMP * const *a,
|
||||
|
||||
static void load_builtin_compressions(void)
|
||||
{
|
||||
if (ssl_comp_methods != NULL)
|
||||
return;
|
||||
int got_write_lock = 0;
|
||||
|
||||
CRYPTO_w_lock(CRYPTO_LOCK_SSL);
|
||||
CRYPTO_r_lock(CRYPTO_LOCK_SSL);
|
||||
if (ssl_comp_methods == NULL)
|
||||
{
|
||||
SSL_COMP *comp = NULL;
|
||||
|
||||
MemCheck_off();
|
||||
ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp);
|
||||
if (ssl_comp_methods != NULL)
|
||||
CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
|
||||
CRYPTO_w_lock(CRYPTO_LOCK_SSL);
|
||||
got_write_lock = 1;
|
||||
|
||||
if (ssl_comp_methods == NULL)
|
||||
{
|
||||
comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
|
||||
if (comp != NULL)
|
||||
SSL_COMP *comp = NULL;
|
||||
|
||||
MemCheck_off();
|
||||
ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp);
|
||||
if (ssl_comp_methods != NULL)
|
||||
{
|
||||
comp->method=COMP_zlib();
|
||||
if (comp->method
|
||||
&& comp->method->type == NID_undef)
|
||||
OPENSSL_free(comp);
|
||||
else
|
||||
comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
|
||||
if (comp != NULL)
|
||||
{
|
||||
comp->id=SSL_COMP_ZLIB_IDX;
|
||||
comp->name=comp->method->name;
|
||||
sk_SSL_COMP_push(ssl_comp_methods,comp);
|
||||
comp->method=COMP_zlib();
|
||||
if (comp->method
|
||||
&& comp->method->type == NID_undef)
|
||||
OPENSSL_free(comp);
|
||||
else
|
||||
{
|
||||
comp->id=SSL_COMP_ZLIB_IDX;
|
||||
comp->name=comp->method->name;
|
||||
sk_SSL_COMP_push(ssl_comp_methods,comp);
|
||||
}
|
||||
}
|
||||
}
|
||||
MemCheck_on();
|
||||
}
|
||||
MemCheck_on();
|
||||
}
|
||||
CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
|
||||
|
||||
if (got_write_lock)
|
||||
CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
|
||||
else
|
||||
CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
|
||||
}
|
||||
#endif
|
||||
|
||||
@ -293,6 +366,15 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
|
||||
default: i=-1; break;
|
||||
}
|
||||
break;
|
||||
case SSL_CAMELLIA:
|
||||
switch(c->alg_bits)
|
||||
{
|
||||
case 128: i=SSL_ENC_CAMELLIA128_IDX; break;
|
||||
case 256: i=SSL_ENC_CAMELLIA256_IDX; break;
|
||||
default: i=-1; break;
|
||||
}
|
||||
break;
|
||||
|
||||
default:
|
||||
i= -1;
|
||||
break;
|
||||
@ -381,6 +463,7 @@ static unsigned long ssl_cipher_get_disabled(void)
|
||||
mask |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0;
|
||||
mask |= (ssl_cipher_methods[SSL_ENC_eFZA_IDX] == NULL) ? SSL_eFZA:0;
|
||||
mask |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES:0;
|
||||
mask |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA:0;
|
||||
|
||||
mask |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0;
|
||||
mask |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0;
|
||||
@ -482,7 +565,7 @@ static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list,
|
||||
*ca_curr = NULL; /* end of list */
|
||||
}
|
||||
|
||||
static void ssl_cipher_apply_rule(unsigned long cipher_id,
|
||||
static void ssl_cipher_apply_rule(unsigned long cipher_id, unsigned long ssl_version,
|
||||
unsigned long algorithms, unsigned long mask,
|
||||
unsigned long algo_strength, unsigned long mask_strength,
|
||||
int rule, int strength_bits, CIPHER_ORDER *co_list,
|
||||
@ -509,9 +592,10 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
|
||||
|
||||
cp = curr->cipher;
|
||||
|
||||
/* If explicit cipher suite match that one only */
|
||||
/* If explicit cipher suite, match only that one for its own protocol version.
|
||||
* Usual selection criteria will be used for similar ciphersuites from other version! */
|
||||
|
||||
if (cipher_id)
|
||||
if (cipher_id && (cp->algorithms & SSL_SSL_MASK) == ssl_version)
|
||||
{
|
||||
if (cp->id != cipher_id)
|
||||
continue;
|
||||
@ -552,8 +636,22 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
|
||||
{
|
||||
if (!curr->active)
|
||||
{
|
||||
ll_append_tail(&head, curr, &tail);
|
||||
curr->active = 1;
|
||||
int add_this_cipher = 1;
|
||||
|
||||
if (((cp->algorithms & (SSL_kECDHE|SSL_kECDH|SSL_aECDSA)) != 0))
|
||||
{
|
||||
/* Make sure "ECCdraft" ciphersuites are activated only if
|
||||
* *explicitly* requested, but not implicitly (such as
|
||||
* as part of the "AES" alias). */
|
||||
|
||||
add_this_cipher = (mask & (SSL_kECDHE|SSL_kECDH|SSL_aECDSA)) != 0 || cipher_id != 0;
|
||||
}
|
||||
|
||||
if (add_this_cipher)
|
||||
{
|
||||
ll_append_tail(&head, curr, &tail);
|
||||
curr->active = 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
/* Move the added cipher to this location */
|
||||
@ -634,7 +732,7 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER *co_list,
|
||||
*/
|
||||
for (i = max_strength_bits; i >= 0; i--)
|
||||
if (number_uses[i] > 0)
|
||||
ssl_cipher_apply_rule(0, 0, 0, 0, 0, CIPHER_ORD, i,
|
||||
ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, CIPHER_ORD, i,
|
||||
co_list, head_p, tail_p);
|
||||
|
||||
OPENSSL_free(number_uses);
|
||||
@ -648,7 +746,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
|
||||
unsigned long algorithms, mask, algo_strength, mask_strength;
|
||||
const char *l, *start, *buf;
|
||||
int j, multi, found, rule, retval, ok, buflen;
|
||||
unsigned long cipher_id;
|
||||
unsigned long cipher_id = 0, ssl_version = 0;
|
||||
char ch;
|
||||
|
||||
retval = 1;
|
||||
@ -739,6 +837,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
|
||||
*/
|
||||
j = found = 0;
|
||||
cipher_id = 0;
|
||||
ssl_version = 0;
|
||||
while (ca_list[j])
|
||||
{
|
||||
if (!strncmp(buf, ca_list[j]->name, buflen) &&
|
||||
@ -753,12 +852,6 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
|
||||
if (!found)
|
||||
break; /* ignore this entry */
|
||||
|
||||
if (ca_list[j]->valid)
|
||||
{
|
||||
cipher_id = ca_list[j]->id;
|
||||
break;
|
||||
}
|
||||
|
||||
/* New algorithms:
|
||||
* 1 - any old restrictions apply outside new mask
|
||||
* 2 - any new restrictions apply outside old mask
|
||||
@ -773,6 +866,14 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
|
||||
(algo_strength & ca_list[j]->algo_strength);
|
||||
mask_strength |= ca_list[j]->mask_strength;
|
||||
|
||||
/* explicit ciphersuite found */
|
||||
if (ca_list[j]->valid)
|
||||
{
|
||||
cipher_id = ca_list[j]->id;
|
||||
ssl_version = ca_list[j]->algorithms & SSL_SSL_MASK;
|
||||
break;
|
||||
}
|
||||
|
||||
if (!multi) break;
|
||||
}
|
||||
|
||||
@ -802,7 +903,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
|
||||
}
|
||||
else if (found)
|
||||
{
|
||||
ssl_cipher_apply_rule(cipher_id, algorithms, mask,
|
||||
ssl_cipher_apply_rule(cipher_id, ssl_version, algorithms, mask,
|
||||
algo_strength, mask_strength, rule, -1,
|
||||
co_list, head_p, tail_p);
|
||||
}
|
||||
@ -1067,6 +1168,15 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
|
||||
default: enc="AES(?""?""?)"; break;
|
||||
}
|
||||
break;
|
||||
case SSL_CAMELLIA:
|
||||
switch(cipher->strength_bits)
|
||||
{
|
||||
case 128: enc="Camellia(128)"; break;
|
||||
case 256: enc="Camellia(256)"; break;
|
||||
default: enc="Camellia(?""?""?)"; break;
|
||||
}
|
||||
break;
|
||||
|
||||
default:
|
||||
enc="unknown";
|
||||
break;
|
||||
|
5
crypto/dist/openssl/ssl/ssl_locl.h
vendored
5
crypto/dist/openssl/ssl/ssl_locl.h
vendored
@ -278,7 +278,7 @@
|
||||
#define SSL_FZA (SSL_aFZA|SSL_kFZA|SSL_eFZA)
|
||||
#define SSL_KRB5 (SSL_kKRB5|SSL_aKRB5)
|
||||
|
||||
#define SSL_ENC_MASK 0x043F8000L
|
||||
#define SSL_ENC_MASK 0x0C3F8000L
|
||||
#define SSL_DES 0x00008000L
|
||||
#define SSL_3DES 0x00010000L
|
||||
#define SSL_RC4 0x00020000L
|
||||
@ -287,6 +287,7 @@
|
||||
#define SSL_eFZA 0x00100000L
|
||||
#define SSL_eNULL 0x00200000L
|
||||
#define SSL_AES 0x04000000L
|
||||
#define SSL_CAMELLIA 0x08000000L
|
||||
|
||||
#define SSL_MAC_MASK 0x00c00000L
|
||||
#define SSL_MD5 0x00400000L
|
||||
@ -298,7 +299,7 @@
|
||||
#define SSL_SSLV3 0x02000000L
|
||||
#define SSL_TLSV1 SSL_SSLV3 /* for now */
|
||||
|
||||
/* we have used 07ffffff - 5 bits left to go. */
|
||||
/* we have used 0fffffff - 4 bits left to go. */
|
||||
|
||||
/*
|
||||
* Export and cipher strength information. For each cipher we have to decide
|
||||
|
7
crypto/dist/openssl/util/mkdef.pl
vendored
7
crypto/dist/openssl/util/mkdef.pl
vendored
@ -84,7 +84,7 @@ my @known_ossl_platforms = ( "VMS", "WIN16", "WIN32", "WINNT", "OS2" );
|
||||
my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
|
||||
"CAST", "MD2", "MD4", "MD5", "SHA", "SHA0", "SHA1",
|
||||
"SHA256", "SHA512", "RIPEMD",
|
||||
"MDC2", "RSA", "DSA", "DH", "EC", "ECDH", "ECDSA", "HMAC", "AES",
|
||||
"MDC2", "RSA", "DSA", "DH", "EC", "ECDH", "ECDSA", "HMAC", "AES", "CAMELLIA",
|
||||
# Envelope "algorithms"
|
||||
"EVP", "X509", "ASN1_TYPEDEFS",
|
||||
# Helper "algorithms"
|
||||
@ -111,7 +111,7 @@ my $no_rc2; my $no_rc4; my $no_rc5; my $no_idea; my $no_des; my $no_bf;
|
||||
my $no_cast;
|
||||
my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2;
|
||||
my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5;
|
||||
my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw;
|
||||
my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw; my $no_camellia;
|
||||
my $no_fp_api; my $no_static_engine; my $no_gmp; my $no_deprecated;
|
||||
|
||||
|
||||
@ -175,6 +175,7 @@ foreach (@ARGV, split(/ /, $options))
|
||||
elsif (/^no-ecdh$/) { $no_ecdh=1; }
|
||||
elsif (/^no-hmac$/) { $no_hmac=1; }
|
||||
elsif (/^no-aes$/) { $no_aes=1; }
|
||||
elsif (/^no-camellia$/) { $no_camellia=1; }
|
||||
elsif (/^no-evp$/) { $no_evp=1; }
|
||||
elsif (/^no-lhash$/) { $no_lhash=1; }
|
||||
elsif (/^no-stack$/) { $no_stack=1; }
|
||||
@ -240,6 +241,7 @@ $crypto.=" crypto/mdc2/mdc2.h" ; # unless $no_mdc2;
|
||||
$crypto.=" crypto/sha/sha.h" ; # unless $no_sha;
|
||||
$crypto.=" crypto/ripemd/ripemd.h" ; # unless $no_ripemd;
|
||||
$crypto.=" crypto/aes/aes.h" ; # unless $no_aes;
|
||||
$crypto.=" crypto/camellia/camellia.h" ; # unless $no_camellia;
|
||||
|
||||
$crypto.=" crypto/bn/bn.h";
|
||||
$crypto.=" crypto/rsa/rsa.h" ; # unless $no_rsa;
|
||||
@ -1089,6 +1091,7 @@ sub is_valid
|
||||
if ($keyword eq "ECDH" && $no_ecdh) { return 0; }
|
||||
if ($keyword eq "HMAC" && $no_hmac) { return 0; }
|
||||
if ($keyword eq "AES" && $no_aes) { return 0; }
|
||||
if ($keyword eq "CAMELLIA" && $no_camellia) { return 0; }
|
||||
if ($keyword eq "EVP" && $no_evp) { return 0; }
|
||||
if ($keyword eq "LHASH" && $no_lhash) { return 0; }
|
||||
if ($keyword eq "STACK" && $no_stack) { return 0; }
|
||||
|
Loading…
Reference in New Issue
Block a user