openssl 0.9.7c. security changes are already in place
This commit is contained in:
parent
6a3911e9ce
commit
6b4e6697c9
|
@ -560,6 +560,8 @@ my %table=(
|
|||
"vxworks-ppc405","ccppc:-g -msoft-float -mlongcall -DCPU=PPC405 -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::",
|
||||
"vxworks-ppc750","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h \$(DEBUG_FLAG):::VXWORKS:-r:::::",
|
||||
"vxworks-ppc750-debug","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG -g:::VXWORKS:-r:::::",
|
||||
"vxworks-ppc860","ccppc:-nostdinc -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::",
|
||||
"vxworks-mipsle","ccmips:-B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -DL_ENDIAN -EL -Wl,-EL -mips2 -mno-branch-likely -G 0 -fno-builtin -msoft-float -DCPU=MIPS32 -DMIPSEL -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r::::::::::::::::ranlibmips:",
|
||||
|
||||
##### Compaq Non-Stop Kernel (Tandem)
|
||||
"tandem-c89","c89:-Ww -D__TANDEM -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -D_TANDEM_SOURCE -DB_ENDIAN::(unknown):::THIRTY_TWO_BIT:::",
|
||||
|
|
|
@ -225,7 +225,7 @@
|
|||
$ md c:\openssl\lib
|
||||
$ md c:\openssl\include
|
||||
$ md c:\openssl\include\openssl
|
||||
$ copy /b inc32\* c:\openssl\include\openssl
|
||||
$ copy /b inc32\openssl\* c:\openssl\include\openssl
|
||||
$ copy /b out32dll\ssleay32.lib c:\openssl\lib
|
||||
$ copy /b out32dll\libeay32.lib c:\openssl\lib
|
||||
$ copy /b out32dll\ssleay32.dll c:\openssl\bin
|
||||
|
|
|
@ -78,7 +78,7 @@ MAKEDEPPROG=makedepend
|
|||
# gcc, then the driver will automatically translate it to -xarch=v8plus
|
||||
# and pass it down to assembler.
|
||||
AS=$(CC) -c
|
||||
ASFLAGS=$(CFLAG)
|
||||
ASFLAG=$(CFLAG)
|
||||
|
||||
# Set BN_ASM to bn_asm.o if you want to use the C version
|
||||
BN_ASM= bn_asm.o
|
||||
|
@ -194,6 +194,7 @@ MAKE= make -f Makefile.ssl
|
|||
MANDIR=$(OPENSSLDIR)/man
|
||||
MAN1=1
|
||||
MAN3=3
|
||||
MANSUFFIX=
|
||||
SHELL=/bin/sh
|
||||
|
||||
TOP= .
|
||||
|
@ -225,7 +226,7 @@ sub_all:
|
|||
do \
|
||||
if [ -d "$$i" ]; then \
|
||||
(cd $$i && echo "making all in $$i..." && \
|
||||
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAGS='${ASFLAGS}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \
|
||||
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \
|
||||
else \
|
||||
$(MAKE) $$i; \
|
||||
fi; \
|
||||
|
@ -410,7 +411,7 @@ do_svr3-shared:
|
|||
find . -name "*.o" -print > allobjs ; \
|
||||
OBJS= ; export OBJS ; \
|
||||
for obj in `ar t lib$$i.a` ; do \
|
||||
OBJS="$${OBJS} `grep $$obj allobjs`" ; \
|
||||
OBJS="$${OBJS} `grep /$$obj allobjs`" ; \
|
||||
done ; \
|
||||
set -x; ${CC} ${SHARED_LDFLAGS} \
|
||||
-G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
|
||||
|
@ -435,7 +436,7 @@ do_svr5-shared:
|
|||
find . -name "*.o" -print > allobjs ; \
|
||||
OBJS= ; export OBJS ; \
|
||||
for obj in `ar t lib$$i.a` ; do \
|
||||
OBJS="$${OBJS} `grep $$obj allobjs`" ; \
|
||||
OBJS="$${OBJS} `grep /$$obj allobjs`" ; \
|
||||
done ; \
|
||||
set -x; LD_LIBRARY_PATH=.:$$LD_LIBRARY_PATH \
|
||||
${CC} ${SHARED_LDFLAGS} \
|
||||
|
@ -831,6 +832,7 @@ install: all install_docs
|
|||
fi; \
|
||||
fi
|
||||
cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
|
||||
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
|
||||
|
||||
install_docs:
|
||||
@$(PERL) $(TOP)/util/mkdir-p.pl \
|
||||
|
@ -847,33 +849,33 @@ install_docs:
|
|||
for i in doc/apps/*.pod; do \
|
||||
fn=`basename $$i .pod`; \
|
||||
if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
|
||||
echo "installing man$$sec/$$fn.$$sec"; \
|
||||
echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
|
||||
(cd `$(PERL) util/dirname.pl $$i`; \
|
||||
sh -c "$$pod2man \
|
||||
--section=$$sec --center=OpenSSL \
|
||||
--release=$(VERSION) `basename $$i`") \
|
||||
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$$sec; \
|
||||
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
|
||||
$(PERL) util/extract-names.pl < $$i | \
|
||||
grep -v $$filecase "^$$fn\$$" | \
|
||||
(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
|
||||
while read n; do \
|
||||
$$here/util/point.sh $$fn.$$sec $$n.$$sec; \
|
||||
$$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
|
||||
done); \
|
||||
done; \
|
||||
for i in doc/crypto/*.pod doc/ssl/*.pod; do \
|
||||
fn=`basename $$i .pod`; \
|
||||
if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
|
||||
echo "installing man$$sec/$$fn.$$sec"; \
|
||||
echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
|
||||
(cd `$(PERL) util/dirname.pl $$i`; \
|
||||
sh -c "$$pod2man \
|
||||
--section=$$sec --center=OpenSSL \
|
||||
--release=$(VERSION) `basename $$i`") \
|
||||
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$$sec; \
|
||||
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
|
||||
$(PERL) util/extract-names.pl < $$i | \
|
||||
grep -v $$filecase "^$$fn\$$" | \
|
||||
(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
|
||||
while read n; do \
|
||||
$$here/util/point.sh $$fn.$$sec $$n.$$sec; \
|
||||
$$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
|
||||
done); \
|
||||
done
|
||||
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
## Makefile for OpenSSL
|
||||
##
|
||||
|
||||
VERSION=0.9.7b
|
||||
VERSION=0.9.7c
|
||||
MAJOR=0
|
||||
MINOR=9.7
|
||||
SHLIB_VERSION_NUMBER=0.9.7
|
||||
|
@ -69,7 +69,7 @@ EXE_EXT=
|
|||
ARFLAGS=
|
||||
AR=ar $(ARFLAGS) r
|
||||
RANLIB= /usr/bin/ranlib
|
||||
PERL= /usr/local/bin/perl
|
||||
PERL= /usr/bin/perl
|
||||
TAR= tar
|
||||
TARFLAGS= --no-recursion
|
||||
MAKEDEPPROG=makedepend
|
||||
|
@ -80,7 +80,7 @@ MAKEDEPPROG=makedepend
|
|||
# gcc, then the driver will automatically translate it to -xarch=v8plus
|
||||
# and pass it down to assembler.
|
||||
AS=$(CC) -c
|
||||
ASFLAGS=$(CFLAG)
|
||||
ASFLAG=$(CFLAG)
|
||||
|
||||
# Set BN_ASM to bn_asm.o if you want to use the C version
|
||||
BN_ASM= bn_asm.o
|
||||
|
@ -196,6 +196,7 @@ MAKE= make -f Makefile.ssl
|
|||
MANDIR=$(OPENSSLDIR)/man
|
||||
MAN1=1
|
||||
MAN3=3
|
||||
MANSUFFIX=
|
||||
SHELL=/bin/sh
|
||||
|
||||
TOP= .
|
||||
|
@ -227,7 +228,7 @@ sub_all:
|
|||
do \
|
||||
if [ -d "$$i" ]; then \
|
||||
(cd $$i && echo "making all in $$i..." && \
|
||||
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAGS='${ASFLAGS}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \
|
||||
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \
|
||||
else \
|
||||
$(MAKE) $$i; \
|
||||
fi; \
|
||||
|
@ -412,7 +413,7 @@ do_svr3-shared:
|
|||
find . -name "*.o" -print > allobjs ; \
|
||||
OBJS= ; export OBJS ; \
|
||||
for obj in `ar t lib$$i.a` ; do \
|
||||
OBJS="$${OBJS} `grep $$obj allobjs`" ; \
|
||||
OBJS="$${OBJS} `grep /$$obj allobjs`" ; \
|
||||
done ; \
|
||||
set -x; ${CC} ${SHARED_LDFLAGS} \
|
||||
-G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
|
||||
|
@ -437,7 +438,7 @@ do_svr5-shared:
|
|||
find . -name "*.o" -print > allobjs ; \
|
||||
OBJS= ; export OBJS ; \
|
||||
for obj in `ar t lib$$i.a` ; do \
|
||||
OBJS="$${OBJS} `grep $$obj allobjs`" ; \
|
||||
OBJS="$${OBJS} `grep /$$obj allobjs`" ; \
|
||||
done ; \
|
||||
set -x; LD_LIBRARY_PATH=.:$$LD_LIBRARY_PATH \
|
||||
${CC} ${SHARED_LDFLAGS} \
|
||||
|
@ -833,6 +834,7 @@ install: all install_docs
|
|||
fi; \
|
||||
fi
|
||||
cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
|
||||
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
|
||||
|
||||
install_docs:
|
||||
@$(PERL) $(TOP)/util/mkdir-p.pl \
|
||||
|
@ -849,33 +851,33 @@ install_docs:
|
|||
for i in doc/apps/*.pod; do \
|
||||
fn=`basename $$i .pod`; \
|
||||
if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
|
||||
echo "installing man$$sec/$$fn.$$sec"; \
|
||||
echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
|
||||
(cd `$(PERL) util/dirname.pl $$i`; \
|
||||
sh -c "$$pod2man \
|
||||
--section=$$sec --center=OpenSSL \
|
||||
--release=$(VERSION) `basename $$i`") \
|
||||
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$$sec; \
|
||||
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
|
||||
$(PERL) util/extract-names.pl < $$i | \
|
||||
grep -v $$filecase "^$$fn\$$" | \
|
||||
(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
|
||||
while read n; do \
|
||||
$$here/util/point.sh $$fn.$$sec $$n.$$sec; \
|
||||
$$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
|
||||
done); \
|
||||
done; \
|
||||
for i in doc/crypto/*.pod doc/ssl/*.pod; do \
|
||||
fn=`basename $$i .pod`; \
|
||||
if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
|
||||
echo "installing man$$sec/$$fn.$$sec"; \
|
||||
echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
|
||||
(cd `$(PERL) util/dirname.pl $$i`; \
|
||||
sh -c "$$pod2man \
|
||||
--section=$$sec --center=OpenSSL \
|
||||
--release=$(VERSION) `basename $$i`") \
|
||||
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$$sec; \
|
||||
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
|
||||
$(PERL) util/extract-names.pl < $$i | \
|
||||
grep -v $$filecase "^$$fn\$$" | \
|
||||
(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
|
||||
while read n; do \
|
||||
$$here/util/point.sh $$fn.$$sec $$n.$$sec; \
|
||||
$$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
|
||||
done); \
|
||||
done
|
||||
|
||||
|
|
|
@ -5,6 +5,13 @@
|
|||
This file gives a brief overview of the major changes between each OpenSSL
|
||||
release. For more details please read the CHANGES file.
|
||||
|
||||
Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c:
|
||||
|
||||
o Security: fix various ASN1 parsing bugs.
|
||||
o New -ignore_err option to OCSP utility.
|
||||
o Various interop and bug fixes in S/MIME code.
|
||||
o SSL/TLS protocol fix for unrequested client certificates.
|
||||
|
||||
Major changes between OpenSSL 0.9.7a and OpenSSL 0.9.7b:
|
||||
|
||||
o Security: counter the Klima-Pokorny-Rosa extension of
|
||||
|
@ -73,6 +80,11 @@
|
|||
o SSL/TLS: add callback to retrieve SSL/TLS messages.
|
||||
o SSL/TLS: support AES cipher suites (RFC3268).
|
||||
|
||||
Major changes between OpenSSL 0.9.6j and OpenSSL 0.9.6k:
|
||||
|
||||
o Security: fix various ASN1 parsing bugs.
|
||||
o SSL/TLS protocol fix for unrequested client certificates.
|
||||
|
||||
Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j:
|
||||
|
||||
o Security: counter the Klima-Pokorny-Rosa extension of
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
OpenSSL 0.9.7b 10 Apr 2003
|
||||
OpenSSL 0.9.7c 30 Sep 2003
|
||||
|
||||
Copyright (c) 1998-2003 The OpenSSL Project
|
||||
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
#!/usr/local/bin/perl
|
||||
#!/usr/bin/perl
|
||||
#
|
||||
# CA - wrapper around ca to make it easier to use ... basically ca requires
|
||||
# some setup stuff to be done before you can use it and this makes
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
#!/usr/local/bin/perl
|
||||
#!/usr/bin/perl
|
||||
#
|
||||
# der_chop ... this is one total hack that Eric is really not proud of
|
||||
# so don't look at it and don't ask for support
|
||||
|
|
|
@ -136,6 +136,7 @@ int MAIN(int argc, char **argv)
|
|||
int accept_count = -1;
|
||||
int badarg = 0;
|
||||
int i;
|
||||
int ignore_err = 0;
|
||||
STACK *reqnames = NULL;
|
||||
STACK_OF(OCSP_CERTID) *ids = NULL;
|
||||
|
||||
|
@ -195,6 +196,8 @@ int MAIN(int argc, char **argv)
|
|||
}
|
||||
else badarg = 1;
|
||||
}
|
||||
else if (!strcmp(*args, "-ignore_err"))
|
||||
ignore_err = 1;
|
||||
else if (!strcmp(*args, "-noverify"))
|
||||
noverify = 1;
|
||||
else if (!strcmp(*args, "-nonce"))
|
||||
|
@ -809,6 +812,8 @@ int MAIN(int argc, char **argv)
|
|||
{
|
||||
BIO_printf(out, "Responder Error: %s (%ld)\n",
|
||||
OCSP_response_status_str(i), i);
|
||||
if (ignore_err)
|
||||
goto redo_accept;
|
||||
ret = 0;
|
||||
goto end;
|
||||
}
|
||||
|
|
|
@ -235,7 +235,7 @@ int MAIN(int argc, char **argv)
|
|||
return (1);
|
||||
}
|
||||
if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken))) {
|
||||
BIO_printf(bio_err, "Error converting key\n", outfile);
|
||||
BIO_printf(bio_err, "Error converting key\n");
|
||||
ERR_print_errors(bio_err);
|
||||
return (1);
|
||||
}
|
||||
|
@ -259,8 +259,7 @@ int MAIN(int argc, char **argv)
|
|||
if (!(p8 = PKCS8_encrypt(pbe_nid, cipher,
|
||||
p8pass, strlen(p8pass),
|
||||
NULL, 0, iter, p8inf))) {
|
||||
BIO_printf(bio_err, "Error encrypting key\n",
|
||||
outfile);
|
||||
BIO_printf(bio_err, "Error encrypting key\n");
|
||||
ERR_print_errors(bio_err);
|
||||
return (1);
|
||||
}
|
||||
|
@ -303,7 +302,7 @@ int MAIN(int argc, char **argv)
|
|||
}
|
||||
|
||||
if (!p8) {
|
||||
BIO_printf (bio_err, "Error reading key\n", outfile);
|
||||
BIO_printf (bio_err, "Error reading key\n");
|
||||
ERR_print_errors(bio_err);
|
||||
return (1);
|
||||
}
|
||||
|
@ -317,13 +316,13 @@ int MAIN(int argc, char **argv)
|
|||
}
|
||||
|
||||
if (!p8inf) {
|
||||
BIO_printf(bio_err, "Error decrypting key\n", outfile);
|
||||
BIO_printf(bio_err, "Error decrypting key\n");
|
||||
ERR_print_errors(bio_err);
|
||||
return (1);
|
||||
}
|
||||
|
||||
if (!(pkey = EVP_PKCS82PKEY(p8inf))) {
|
||||
BIO_printf(bio_err, "Error converting key\n", outfile);
|
||||
BIO_printf(bio_err, "Error converting key\n");
|
||||
ERR_print_errors(bio_err);
|
||||
return (1);
|
||||
}
|
||||
|
|
|
@ -112,6 +112,14 @@
|
|||
#include <sys/types.h>
|
||||
#include <openssl/opensslconf.h>
|
||||
|
||||
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
|
||||
#include <conio.h>
|
||||
#endif
|
||||
|
||||
#ifdef OPENSSL_SYS_MSDOS
|
||||
#define _kbhit kbhit
|
||||
#endif
|
||||
|
||||
#if defined(OPENSSL_SYS_VMS) && !defined(FD_SET)
|
||||
/* VAX C does not defined fd_set and friends, but it's actually quite simple */
|
||||
/* These definitions are borrowed from SOCKETSHR. /Richard Levitte */
|
||||
|
|
|
@ -136,10 +136,6 @@ typedef unsigned int u_int;
|
|||
#include <openssl/rand.h>
|
||||
#include "s_apps.h"
|
||||
|
||||
#ifdef OPENSSL_SYS_WINDOWS
|
||||
#include <conio.h>
|
||||
#endif
|
||||
|
||||
#ifdef OPENSSL_SYS_WINCE
|
||||
/* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */
|
||||
#ifdef fileno
|
||||
|
@ -221,7 +217,7 @@ static void sc_usage(void)
|
|||
BIO_printf(bio_err," -starttls prot - use the STARTTLS command before starting TLS\n");
|
||||
BIO_printf(bio_err," for those protocols that support it, where\n");
|
||||
BIO_printf(bio_err," 'prot' defines which one to assume. Currently,\n");
|
||||
BIO_printf(bio_err," only \"smtp\" is supported.\n");
|
||||
BIO_printf(bio_err," only \"smtp\" and \"pop3\" are supported.\n");
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n");
|
||||
#endif
|
||||
|
@ -251,7 +247,7 @@ int MAIN(int argc, char **argv)
|
|||
int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending;
|
||||
SSL_CTX *ctx=NULL;
|
||||
int ret=1,in_init=1,i,nbio_test=0;
|
||||
int smtp_starttls = 0;
|
||||
int starttls_proto = 0;
|
||||
int prexit = 0, vflags = 0;
|
||||
SSL_METHOD *meth=NULL;
|
||||
BIO *sbio;
|
||||
|
@ -260,7 +256,7 @@ int MAIN(int argc, char **argv)
|
|||
char *engine_id=NULL;
|
||||
ENGINE *e=NULL;
|
||||
#endif
|
||||
#ifdef OPENSSL_SYS_WINDOWS
|
||||
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
|
||||
struct timeval tv;
|
||||
#endif
|
||||
|
||||
|
@ -415,7 +411,9 @@ int MAIN(int argc, char **argv)
|
|||
if (--argc < 1) goto bad;
|
||||
++argv;
|
||||
if (strcmp(*argv,"smtp") == 0)
|
||||
smtp_starttls = 1;
|
||||
starttls_proto = 1;
|
||||
else if (strcmp(*argv,"pop3") == 0)
|
||||
starttls_proto = 2;
|
||||
else
|
||||
goto bad;
|
||||
}
|
||||
|
@ -587,12 +585,18 @@ re_start:
|
|||
sbuf_off=0;
|
||||
|
||||
/* This is an ugly hack that does a lot of assumptions */
|
||||
if (smtp_starttls)
|
||||
if (starttls_proto == 1)
|
||||
{
|
||||
BIO_read(sbio,mbuf,BUFSIZZ);
|
||||
BIO_printf(sbio,"STARTTLS\r\n");
|
||||
BIO_read(sbio,sbuf,BUFSIZZ);
|
||||
}
|
||||
if (starttls_proto == 2)
|
||||
{
|
||||
BIO_read(sbio,mbuf,BUFSIZZ);
|
||||
BIO_printf(sbio,"STLS\r\n");
|
||||
BIO_read(sbio,sbuf,BUFSIZZ);
|
||||
}
|
||||
|
||||
for (;;)
|
||||
{
|
||||
|
@ -613,11 +617,11 @@ re_start:
|
|||
print_stuff(bio_c_out,con,full_log);
|
||||
if (full_log > 0) full_log--;
|
||||
|
||||
if (smtp_starttls)
|
||||
if (starttls_proto)
|
||||
{
|
||||
BIO_printf(bio_err,"%s",mbuf);
|
||||
/* We don't need to know any more */
|
||||
smtp_starttls = 0;
|
||||
starttls_proto = 0;
|
||||
}
|
||||
|
||||
if (reconnect)
|
||||
|
@ -636,7 +640,7 @@ re_start:
|
|||
|
||||
if (!ssl_pending)
|
||||
{
|
||||
#ifndef OPENSSL_SYS_WINDOWS
|
||||
#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS)
|
||||
if (tty_on)
|
||||
{
|
||||
if (read_tty) FD_SET(fileno(stdin),&readfds);
|
||||
|
@ -663,8 +667,8 @@ re_start:
|
|||
* will choke the compiler: if you do have a cast then
|
||||
* you can either go for (int *) or (void *).
|
||||
*/
|
||||
#ifdef OPENSSL_SYS_WINDOWS
|
||||
/* Under Windows we make the assumption that we can
|
||||
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
|
||||
/* Under Windows/DOS we make the assumption that we can
|
||||
* always write to the tty: therefore if we need to
|
||||
* write to the tty we just fall through. Otherwise
|
||||
* we timeout the select every second and see if there
|
||||
|
@ -678,7 +682,7 @@ re_start:
|
|||
tv.tv_usec = 0;
|
||||
i=select(width,(void *)&readfds,(void *)&writefds,
|
||||
NULL,&tv);
|
||||
#ifdef OPENSSL_SYS_WINCE
|
||||
#if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)
|
||||
if(!i && (!_kbhit() || !read_tty) ) continue;
|
||||
#else
|
||||
if(!i && (!((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) || !read_tty) ) continue;
|
||||
|
@ -847,8 +851,8 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240
|
|||
}
|
||||
}
|
||||
|
||||
#ifdef OPENSSL_SYS_WINDOWS
|
||||
#ifdef OPENSSL_SYS_WINCE
|
||||
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
|
||||
#if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)
|
||||
else if (_kbhit())
|
||||
#else
|
||||
else if ((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0)))
|
||||
|
|
|
@ -140,10 +140,6 @@ typedef unsigned int u_int;
|
|||
#include <openssl/rand.h>
|
||||
#include "s_apps.h"
|
||||
|
||||
#ifdef OPENSSL_SYS_WINDOWS
|
||||
#include <conio.h>
|
||||
#endif
|
||||
|
||||
#ifdef OPENSSL_SYS_WINCE
|
||||
/* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */
|
||||
#ifdef fileno
|
||||
|
@ -917,7 +913,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
|
|||
unsigned long l;
|
||||
SSL *con=NULL;
|
||||
BIO *sbio;
|
||||
#ifdef OPENSSL_SYS_WINDOWS
|
||||
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
|
||||
struct timeval tv;
|
||||
#endif
|
||||
|
||||
|
@ -991,7 +987,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
|
|||
if (!read_from_sslcon)
|
||||
{
|
||||
FD_ZERO(&readfds);
|
||||
#ifndef OPENSSL_SYS_WINDOWS
|
||||
#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS)
|
||||
FD_SET(fileno(stdin),&readfds);
|
||||
#endif
|
||||
FD_SET(s,&readfds);
|
||||
|
@ -1001,8 +997,8 @@ static int sv_body(char *hostname, int s, unsigned char *context)
|
|||
* the compiler: if you do have a cast then you can either
|
||||
* go for (int *) or (void *).
|
||||
*/
|
||||
#ifdef OPENSSL_SYS_WINDOWS
|
||||
/* Under Windows we can't select on stdin: only
|
||||
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
|
||||
/* Under DOS (non-djgpp) and Windows we can't select on stdin: only
|
||||
* on sockets. As a workaround we timeout the select every
|
||||
* second and check for any keypress. In a proper Windows
|
||||
* application we wouldn't do this because it is inefficient.
|
||||
|
@ -1263,7 +1259,13 @@ static int init_ssl_connection(SSL *con)
|
|||
if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) &
|
||||
TLS1_FLAGS_TLS_PADDING_BUG)
|
||||
BIO_printf(bio_s_out,"Peer has incorrect TLSv1 block padding\n");
|
||||
|
||||
#ifndef OPENSSL_NO_KRB5
|
||||
if (con->kssl_ctx->client_princ != NULL)
|
||||
{
|
||||
BIO_printf(bio_s_out,"Kerberos peer principal is %s\n",
|
||||
con->kssl_ctx->client_princ);
|
||||
}
|
||||
#endif /* OPENSSL_NO_KRB5 */
|
||||
return(1);
|
||||
}
|
||||
|
||||
|
|
|
@ -1145,7 +1145,7 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
|
|||
else if (!(bs = load_serial(CAfile, serialfile, create)))
|
||||
goto end;
|
||||
|
||||
if (!X509_STORE_add_cert(ctx,x)) goto end;
|
||||
/* if (!X509_STORE_add_cert(ctx,x)) goto end;*/
|
||||
|
||||
/* NOTE: this certificate can/should be self signed, unless it was
|
||||
* a certificate request in which case it is not. */
|
||||
|
|
|
@ -29,7 +29,7 @@ RC4-MD5, but a re-connect tries to use DES-CBC-SHA. So netscape, when
|
|||
doing a re-connect, always takes the first cipher in the cipher list.
|
||||
|
||||
If we accept a netscape connection, demand a client cert, have a
|
||||
non-self-sighed CA which does not have it's CA in netscape, and the
|
||||
non-self-signed CA which does not have it's CA in netscape, and the
|
||||
browser has a cert, it will crash/hang. Works for 3.x and 4.xbeta
|
||||
|
||||
Netscape browsers do not really notice the server sending a
|
||||
|
|
|
@ -72,7 +72,7 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
|
|||
|
||||
if (AES_ENCRYPT == enc) {
|
||||
while (len >= AES_BLOCK_SIZE) {
|
||||
for(n=0; n < sizeof tmp; ++n)
|
||||
for(n=0; n < AES_BLOCK_SIZE; ++n)
|
||||
tmp[n] = in[n] ^ ivec[n];
|
||||
AES_encrypt(tmp, out, key);
|
||||
memcpy(ivec, out, AES_BLOCK_SIZE);
|
||||
|
@ -86,12 +86,12 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
|
|||
for(n=len; n < AES_BLOCK_SIZE; ++n)
|
||||
tmp[n] = ivec[n];
|
||||
AES_encrypt(tmp, tmp, key);
|
||||
memcpy(out, tmp, len);
|
||||
memcpy(ivec, tmp, sizeof tmp);
|
||||
memcpy(out, tmp, AES_BLOCK_SIZE);
|
||||
memcpy(ivec, tmp, AES_BLOCK_SIZE);
|
||||
}
|
||||
} else {
|
||||
while (len >= AES_BLOCK_SIZE) {
|
||||
memcpy(tmp, in, sizeof tmp);
|
||||
memcpy(tmp, in, AES_BLOCK_SIZE);
|
||||
AES_decrypt(in, out, key);
|
||||
for(n=0; n < AES_BLOCK_SIZE; ++n)
|
||||
out[n] ^= ivec[n];
|
||||
|
@ -101,11 +101,11 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
|
|||
out += AES_BLOCK_SIZE;
|
||||
}
|
||||
if (len) {
|
||||
memcpy(tmp, in, sizeof tmp);
|
||||
memcpy(tmp, in, AES_BLOCK_SIZE);
|
||||
AES_decrypt(tmp, tmp, key);
|
||||
for(n=0; n < len; ++n)
|
||||
out[n] ^= ivec[n];
|
||||
memcpy(ivec, tmp, sizeof tmp);
|
||||
memcpy(ivec, tmp, AES_BLOCK_SIZE);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -62,19 +62,49 @@
|
|||
/* NOTE: CTR mode is big-endian. The rest of the AES code
|
||||
* is endian-neutral. */
|
||||
|
||||
/* increment counter (128-bit int) by 2^64 */
|
||||
/* increment counter (128-bit int) by 1 */
|
||||
static void AES_ctr128_inc(unsigned char *counter) {
|
||||
unsigned long c;
|
||||
|
||||
/* Grab 3rd dword of counter and increment */
|
||||
/* Grab bottom dword of counter and increment */
|
||||
#ifdef L_ENDIAN
|
||||
c = GETU32(counter + 8);
|
||||
c = GETU32(counter + 0);
|
||||
c++;
|
||||
PUTU32(counter + 8, c);
|
||||
PUTU32(counter + 0, c);
|
||||
#else
|
||||
c = GETU32(counter + 4);
|
||||
c = GETU32(counter + 12);
|
||||
c++;
|
||||
PUTU32(counter + 4, c);
|
||||
PUTU32(counter + 12, c);
|
||||
#endif
|
||||
|
||||
/* if no overflow, we're done */
|
||||
if (c)
|
||||
return;
|
||||
|
||||
/* Grab 1st dword of counter and increment */
|
||||
#ifdef L_ENDIAN
|
||||
c = GETU32(counter + 4);
|
||||
c++;
|
||||
PUTU32(counter + 4, c);
|
||||
#else
|
||||
c = GETU32(counter + 8);
|
||||
c++;
|
||||
PUTU32(counter + 8, c);
|
||||
#endif
|
||||
|
||||
/* if no overflow, we're done */
|
||||
if (c)
|
||||
return;
|
||||
|
||||
/* Grab 2nd dword of counter and increment */
|
||||
#ifdef L_ENDIAN
|
||||
c = GETU32(counter + 8);
|
||||
c++;
|
||||
PUTU32(counter + 8, c);
|
||||
#else
|
||||
c = GETU32(counter + 4);
|
||||
c++;
|
||||
PUTU32(counter + 4, c);
|
||||
#endif
|
||||
|
||||
/* if no overflow, we're done */
|
||||
|
@ -100,10 +130,16 @@ static void AES_ctr128_inc(unsigned char *counter) {
|
|||
* encrypted counter is kept in ecount_buf. Both *num and
|
||||
* ecount_buf must be initialised with zeros before the first
|
||||
* call to AES_ctr128_encrypt().
|
||||
*
|
||||
* This algorithm assumes that the counter is in the x lower bits
|
||||
* of the IV (ivec), and that the application has full control over
|
||||
* overflow and the rest of the IV. This implementation takes NO
|
||||
* responsability for checking that the counter doesn't overflow
|
||||
* into the rest of the IV when incremented.
|
||||
*/
|
||||
void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
|
||||
const unsigned long length, const AES_KEY *key,
|
||||
unsigned char counter[AES_BLOCK_SIZE],
|
||||
unsigned char ivec[AES_BLOCK_SIZE],
|
||||
unsigned char ecount_buf[AES_BLOCK_SIZE],
|
||||
unsigned int *num) {
|
||||
|
||||
|
@ -117,8 +153,8 @@ void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
|
|||
|
||||
while (l--) {
|
||||
if (n == 0) {
|
||||
AES_encrypt(counter, ecount_buf, key);
|
||||
AES_ctr128_inc(counter);
|
||||
AES_encrypt(ivec, ecount_buf, key);
|
||||
AES_ctr128_inc(ivec);
|
||||
}
|
||||
*(out++) = *(in++) ^ ecount_buf[n];
|
||||
n = (n+1) % AES_BLOCK_SIZE;
|
||||
|
|
|
@ -279,7 +279,7 @@ static int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING
|
|||
* otherwise it is the number of bytes per character
|
||||
*/
|
||||
|
||||
const static char tag2nbyte[] = {
|
||||
const static signed char tag2nbyte[] = {
|
||||
-1, -1, -1, -1, -1, /* 0-4 */
|
||||
-1, -1, -1, -1, -1, /* 5-9 */
|
||||
-1, -1, 0, -1, /* 10-13 */
|
||||
|
|
|
@ -836,5 +836,5 @@ int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
|
|||
* had the buffer been large enough.) */
|
||||
return -1;
|
||||
else
|
||||
return (retlen <= INT_MAX) ? retlen : -1;
|
||||
return (retlen <= INT_MAX) ? (int)retlen : -1;
|
||||
}
|
||||
|
|
|
@ -494,6 +494,7 @@ static int buffer_gets(BIO *b, char *buf, int size)
|
|||
if (i <= 0)
|
||||
{
|
||||
BIO_copy_next_retry(b);
|
||||
*buf='\0';
|
||||
if (i < 0) return((num > 0)?num:i);
|
||||
if (i == 0) return(num);
|
||||
}
|
||||
|
|
|
@ -22,6 +22,7 @@ BN_ASM= bn_asm.o
|
|||
#BN_ASM= bn86-elf.o
|
||||
|
||||
CFLAGS= $(INCLUDES) $(CFLAG)
|
||||
ASFLAGS= $(INCLUDES) $(ASFLAG)
|
||||
|
||||
GENERAL=Makefile
|
||||
TEST=bntest.c exptest.c
|
||||
|
|
|
@ -224,7 +224,7 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int tn,
|
|||
int n, BN_ULONG *t)
|
||||
{
|
||||
int i,j,n2=n*2;
|
||||
unsigned int c1,c2,neg,zero;
|
||||
int c1,c2,neg,zero;
|
||||
BN_ULONG ln,lo,*p;
|
||||
|
||||
# ifdef BN_COUNT
|
||||
|
@ -376,7 +376,7 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int tn,
|
|||
|
||||
/* The overflow will stop before we over write
|
||||
* words we should not overwrite */
|
||||
if (ln < c1)
|
||||
if (ln < (BN_ULONG)c1)
|
||||
{
|
||||
do {
|
||||
p++;
|
||||
|
|
|
@ -64,32 +64,22 @@
|
|||
* the second. The second 12 bits will come from the 3rd and half the 4th
|
||||
* byte.
|
||||
*/
|
||||
/* WARNING WARNING: this uses in and out in 8-byte chunks regardless of
|
||||
* length */
|
||||
/* Until Aug 1 2003 this function did not correctly implement CFB-r, so it
|
||||
* will not be compatible with any encryption prior to that date. Ben. */
|
||||
void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
|
||||
long length, DES_key_schedule *schedule, DES_cblock *ivec, int enc)
|
||||
long length, DES_key_schedule *schedule, DES_cblock *ivec,
|
||||
int enc)
|
||||
{
|
||||
register DES_LONG d0,d1,v0,v1,n=(numbits+7)/8;
|
||||
register DES_LONG mask0,mask1;
|
||||
register unsigned long l=length;
|
||||
register int num=numbits;
|
||||
DES_LONG ti[2];
|
||||
unsigned char *iv;
|
||||
unsigned char ovec[16];
|
||||
|
||||
if (num > 64) return;
|
||||
if (num > 32)
|
||||
{
|
||||
mask0=0xffffffffL;
|
||||
if (num == 64)
|
||||
mask1=mask0;
|
||||
else mask1=(1L<<(num-32))-1;
|
||||
}
|
||||
else
|
||||
{
|
||||
if (num == 32)
|
||||
mask0=0xffffffffL;
|
||||
else mask0=(1L<<num)-1;
|
||||
mask1=0x00000000L;
|
||||
}
|
||||
|
||||
iv = &(*ivec)[0];
|
||||
c2l(iv,v0);
|
||||
c2l(iv,v1);
|
||||
|
@ -103,8 +93,8 @@ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
|
|||
DES_encrypt1((DES_LONG *)ti,schedule,DES_ENCRYPT);
|
||||
c2ln(in,d0,d1,n);
|
||||
in+=n;
|
||||
d0=(d0^ti[0])&mask0;
|
||||
d1=(d1^ti[1])&mask1;
|
||||
d0^=ti[0];
|
||||
d1^=ti[1];
|
||||
l2cn(d0,d1,out,n);
|
||||
out+=n;
|
||||
/* 30-08-94 - eay - changed because l>>32 and
|
||||
|
@ -113,15 +103,25 @@ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
|
|||
{ v0=v1; v1=d0; }
|
||||
else if (num == 64)
|
||||
{ v0=d0; v1=d1; }
|
||||
else if (num > 32) /* && num != 64 */
|
||||
else
|
||||
{
|
||||
v0=((v1>>(num-32))|(d0<<(64-num)))&0xffffffffL;
|
||||
v1=((d0>>(num-32))|(d1<<(64-num)))&0xffffffffL;
|
||||
}
|
||||
else /* num < 32 */
|
||||
{
|
||||
v0=((v0>>num)|(v1<<(32-num)))&0xffffffffL;
|
||||
v1=((v1>>num)|(d0<<(32-num)))&0xffffffffL;
|
||||
iv=&ovec[0];
|
||||
l2c(v0,iv);
|
||||
l2c(v1,iv);
|
||||
l2c(d0,iv);
|
||||
l2c(d1,iv);
|
||||
/* shift ovec left most of the bits... */
|
||||
memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0));
|
||||
/* now the remaining bits */
|
||||
if(num%8 != 0)
|
||||
for(n=0 ; n < 8 ; ++n)
|
||||
{
|
||||
ovec[n]<<=num%8;
|
||||
ovec[n]|=ovec[n+1]>>(8-num%8);
|
||||
}
|
||||
iv=&ovec[0];
|
||||
c2l(iv,v0);
|
||||
c2l(iv,v1);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -141,18 +141,28 @@ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
|
|||
{ v0=v1; v1=d0; }
|
||||
else if (num == 64)
|
||||
{ v0=d0; v1=d1; }
|
||||
else if (num > 32) /* && num != 64 */
|
||||
else
|
||||
{
|
||||
v0=((v1>>(num-32))|(d0<<(64-num)))&0xffffffffL;
|
||||
v1=((d0>>(num-32))|(d1<<(64-num)))&0xffffffffL;
|
||||
iv=&ovec[0];
|
||||
l2c(v0,iv);
|
||||
l2c(v1,iv);
|
||||
l2c(d0,iv);
|
||||
l2c(d1,iv);
|
||||
/* shift ovec left most of the bits... */
|
||||
memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0));
|
||||
/* now the remaining bits */
|
||||
if(num%8 != 0)
|
||||
for(n=0 ; n < 8 ; ++n)
|
||||
{
|
||||
ovec[n]<<=num%8;
|
||||
ovec[n]|=ovec[n+1]>>(8-num%8);
|
||||
}
|
||||
iv=&ovec[0];
|
||||
c2l(iv,v0);
|
||||
c2l(iv,v1);
|
||||
}
|
||||
else /* num < 32 */
|
||||
{
|
||||
v0=((v0>>num)|(v1<<(32-num)))&0xffffffffL;
|
||||
v1=((v1>>num)|(d0<<(32-num)))&0xffffffffL;
|
||||
}
|
||||
d0=(d0^ti[0])&mask0;
|
||||
d1=(d1^ti[1])&mask1;
|
||||
d0^=ti[0];
|
||||
d1^=ti[1];
|
||||
l2cn(d0,d1,out,n);
|
||||
out+=n;
|
||||
}
|
||||
|
|
|
@ -175,12 +175,13 @@ static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len, B
|
|||
* (thus the boundaries should be increased)
|
||||
*/
|
||||
#define EC_window_bits_for_scalar_size(b) \
|
||||
((b) >= 2000 ? 6 : \
|
||||
(b) >= 800 ? 5 : \
|
||||
(b) >= 300 ? 4 : \
|
||||
(b) >= 70 ? 3 : \
|
||||
(b) >= 20 ? 2 : \
|
||||
1)
|
||||
((size_t) \
|
||||
((b) >= 2000 ? 6 : \
|
||||
(b) >= 800 ? 5 : \
|
||||
(b) >= 300 ? 4 : \
|
||||
(b) >= 70 ? 3 : \
|
||||
(b) >= 20 ? 2 : \
|
||||
1))
|
||||
|
||||
/* Compute
|
||||
* \sum scalars[i]*points[i],
|
||||
|
|
|
@ -561,7 +561,6 @@ static int ubsec_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
|
|||
UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_BN_EXPAND_FAIL);
|
||||
return 0;
|
||||
}
|
||||
memset(r->d, 0, BN_num_bytes(m));
|
||||
|
||||
if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
|
||||
fd = 0;
|
||||
|
|
|
@ -185,13 +185,14 @@ c_all.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
|
|||
c_all.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
|
||||
c_all.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
|
||||
c_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
|
||||
c_all.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
|
||||
c_all.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
|
||||
c_all.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
|
||||
c_all.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
|
||||
c_all.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
|
||||
c_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
|
||||
c_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||
c_all.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
|
||||
c_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h
|
||||
c_all.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
|
||||
c_all.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
|
||||
c_all.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
|
||||
c_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
|
||||
c_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
|
||||
c_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
|
||||
c_all.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
|
||||
c_all.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
|
||||
c_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
|
||||
|
|
|
@ -184,7 +184,9 @@ static int b64_read(BIO *b, char *out, int outl)
|
|||
ret_code=0;
|
||||
while (outl > 0)
|
||||
{
|
||||
if (ctx->cont <= 0) break;
|
||||
|
||||
if (ctx->cont <= 0)
|
||||
break;
|
||||
|
||||
i=BIO_read(b->next_bio,&(ctx->tmp[ctx->tmp_len]),
|
||||
B64_BLOCK_SIZE-ctx->tmp_len);
|
||||
|
@ -195,11 +197,21 @@ static int b64_read(BIO *b, char *out, int outl)
|
|||
|
||||
/* Should be continue next time we are called? */
|
||||
if (!BIO_should_retry(b->next_bio))
|
||||
{
|
||||
ctx->cont=i;
|
||||
/* else we should continue when called again */
|
||||
break;
|
||||
/* If buffer empty break */
|
||||
if(ctx->tmp_len == 0)
|
||||
break;
|
||||
/* Fall through and process what we have */
|
||||
else
|
||||
i = 0;
|
||||
}
|
||||
/* else we retry and add more data to buffer */
|
||||
else
|
||||
break;
|
||||
}
|
||||
i+=ctx->tmp_len;
|
||||
ctx->tmp_len = i;
|
||||
|
||||
/* We need to scan, a line at a time until we
|
||||
* have a valid line if we are starting. */
|
||||
|
@ -255,8 +267,12 @@ static int b64_read(BIO *b, char *out, int outl)
|
|||
* reading until a new line. */
|
||||
if (p == (unsigned char *)&(ctx->tmp[0]))
|
||||
{
|
||||
ctx->tmp_nl=1;
|
||||
ctx->tmp_len=0;
|
||||
/* Check buffer full */
|
||||
if (i == B64_BLOCK_SIZE)
|
||||
{
|
||||
ctx->tmp_nl=1;
|
||||
ctx->tmp_len=0;
|
||||
}
|
||||
}
|
||||
else if (p != q) /* finished on a '\n' */
|
||||
{
|
||||
|
@ -271,6 +287,11 @@ static int b64_read(BIO *b, char *out, int outl)
|
|||
else
|
||||
ctx->tmp_len=0;
|
||||
}
|
||||
/* If buffer isn't full and we can retry then
|
||||
* restart to read in more data.
|
||||
*/
|
||||
else if ((i < B64_BLOCK_SIZE) && (ctx->cont > 0))
|
||||
continue;
|
||||
|
||||
if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)
|
||||
{
|
||||
|
@ -310,8 +331,8 @@ static int b64_read(BIO *b, char *out, int outl)
|
|||
i=EVP_DecodeUpdate(&(ctx->base64),
|
||||
(unsigned char *)ctx->buf,&ctx->buf_len,
|
||||
(unsigned char *)ctx->tmp,i);
|
||||
ctx->tmp_len = 0;
|
||||
}
|
||||
ctx->cont=i;
|
||||
ctx->buf_off=0;
|
||||
if (i < 0)
|
||||
{
|
||||
|
@ -484,10 +505,7 @@ again:
|
|||
{
|
||||
i=b64_write(b,NULL,0);
|
||||
if (i < 0)
|
||||
{
|
||||
ret=i;
|
||||
break;
|
||||
}
|
||||
return i;
|
||||
}
|
||||
if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)
|
||||
{
|
||||
|
|
|
@ -59,6 +59,9 @@
|
|||
#include <stdio.h>
|
||||
#include "cryptlib.h"
|
||||
#include <openssl/evp.h>
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
#include <openssl/engine.h>
|
||||
#endif
|
||||
|
||||
#if 0
|
||||
#undef OpenSSL_add_all_algorithms
|
||||
|
|
|
@ -6,7 +6,7 @@ DIR= md5
|
|||
TOP= ../..
|
||||
CC= cc
|
||||
CPP= $(CC) -E
|
||||
INCLUDES=
|
||||
INCLUDES=-I.. -I$(TOP) -I../../include
|
||||
CFLAG=-g
|
||||
INSTALL_PREFIX=
|
||||
OPENSSLDIR= /usr/local/ssl
|
||||
|
@ -20,6 +20,7 @@ AR= ar r
|
|||
MD5_ASM_OBJ=
|
||||
|
||||
CFLAGS= $(INCLUDES) $(CFLAG)
|
||||
ASFLAGS= $(INCLUDES) $(ASFLAG)
|
||||
|
||||
GENERAL=Makefile
|
||||
TEST=md5test.c
|
||||
|
|
|
@ -293,7 +293,7 @@ sub md5_block
|
|||
&mov(&DWP(12,$tmp2,"",0),$D);
|
||||
|
||||
&cmp($tmp1,$X) unless $normal; # check count
|
||||
&jge(&label("start")) unless $normal;
|
||||
&jae(&label("start")) unless $normal;
|
||||
|
||||
&pop("eax"); # pop the temp variable off the stack
|
||||
&pop("ebx");
|
||||
|
|
|
@ -34,10 +34,12 @@
|
|||
*
|
||||
* or if above fails (it does if you have gas):
|
||||
*
|
||||
* gcc -E -DULTRASPARC -DMD5_BLOCK_DATA_ORDER md5_block.sparc.S | \
|
||||
* gcc -E -DOPENSSL_SYSNAMEULTRASPARC -DMD5_BLOCK_DATA_ORDER md5_block.sparc.S | \
|
||||
* as -xarch=v8plus /dev/fd/0 -o md5-sparcv9.o
|
||||
*/
|
||||
|
||||
#include <openssl/e_os2.h>
|
||||
|
||||
#define A %o0
|
||||
#define B %o1
|
||||
#define C %o2
|
||||
|
|
|
@ -73,7 +73,7 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result)
|
|||
{
|
||||
struct tm *ts = NULL;
|
||||
|
||||
#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_OS2) && !defined(__CYGWIN32__) && (!defined(OPENSSL_SYS_VMS) || defined(gmtime_r)) && !defined(OPENSSL_SYS_MACOSX)
|
||||
#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_OS2) && !defined(__CYGWIN32__) && (!defined(OPENSSL_SYS_VMS) || defined(gmtime_r)) && !defined(OPENSSL_SYS_MACOSX) && !defined(OPENSSL_SYS_SUNOS)
|
||||
/* should return &data, but doesn't on some systems,
|
||||
so we don't even look at the return value */
|
||||
gmtime_r(timer,result);
|
||||
|
|
|
@ -25,8 +25,8 @@
|
|||
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
|
||||
* major minor fix final patch/beta)
|
||||
*/
|
||||
#define OPENSSL_VERSION_NUMBER 0x0090702fL
|
||||
#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7b 10 Apr 2003"
|
||||
#define OPENSSL_VERSION_NUMBER 0x0090703fL
|
||||
#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7c 30 Sep 2003"
|
||||
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
|
||||
|
||||
|
||||
|
|
|
@ -144,7 +144,10 @@ sub main'jle { &out1("jle",@_); }
|
|||
sub main'jz { &out1("jz",@_); }
|
||||
sub main'jge { &out1("jge",@_); }
|
||||
sub main'jl { &out1("jl",@_); }
|
||||
sub main'ja { &out1("ja",@_); }
|
||||
sub main'jae { &out1("jae",@_); }
|
||||
sub main'jb { &out1("jb",@_); }
|
||||
sub main'jbe { &out1("jbe",@_); }
|
||||
sub main'jc { &out1("jc",@_); }
|
||||
sub main'jnc { &out1("jnc",@_); }
|
||||
sub main'jnz { &out1("jnz",@_); }
|
||||
|
|
|
@ -152,7 +152,10 @@ sub main'jle { &out1("jle NEAR",@_); }
|
|||
sub main'jz { &out1("jz NEAR",@_); }
|
||||
sub main'jge { &out1("jge NEAR",@_); }
|
||||
sub main'jl { &out1("jl NEAR",@_); }
|
||||
sub main'ja { &out1("ja NEAR",@_); }
|
||||
sub main'jae { &out1("jae NEAR",@_); }
|
||||
sub main'jb { &out1("jb NEAR",@_); }
|
||||
sub main'jbe { &out1("jbe NEAR",@_); }
|
||||
sub main'jc { &out1("jc NEAR",@_); }
|
||||
sub main'jnc { &out1("jnc NEAR",@_); }
|
||||
sub main'jnz { &out1("jnz NEAR",@_); }
|
||||
|
|
|
@ -156,7 +156,10 @@ sub main'jnz { &out1("jnz",@_); }
|
|||
sub main'jz { &out1("jz",@_); }
|
||||
sub main'jge { &out1("jge",@_); }
|
||||
sub main'jl { &out1("jl",@_); }
|
||||
sub main'ja { &out1("ja",@_); }
|
||||
sub main'jae { &out1("jae",@_); }
|
||||
sub main'jb { &out1("jb",@_); }
|
||||
sub main'jbe { &out1("jbe",@_); }
|
||||
sub main'jc { &out1("jc",@_); }
|
||||
sub main'jnc { &out1("jnc",@_); }
|
||||
sub main'jno { &out1("jno",@_); }
|
||||
|
|
|
@ -767,6 +767,11 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
|
|||
}
|
||||
if (EVP_MD_CTX_type(mdc) == md_type)
|
||||
break;
|
||||
/* Workaround for some broken clients that put the signature
|
||||
* OID instead of the digest OID in digest_alg->algorithm
|
||||
*/
|
||||
if (EVP_MD_pkey_type(EVP_MD_CTX_md(mdc)) == md_type)
|
||||
break;
|
||||
btmp=BIO_next(btmp);
|
||||
}
|
||||
|
||||
|
|
|
@ -162,6 +162,7 @@ typedef BOOL (WINAPI *GETCURSORINFO)(PCURSORINFO);
|
|||
typedef DWORD (WINAPI *GETQUEUESTATUS)(UINT);
|
||||
|
||||
typedef HANDLE (WINAPI *CREATETOOLHELP32SNAPSHOT)(DWORD, DWORD);
|
||||
typedef BOOL (WINAPI *CLOSETOOLHELP32SNAPSHOT)(HANDLE);
|
||||
typedef BOOL (WINAPI *HEAP32FIRST)(LPHEAPENTRY32, DWORD, DWORD);
|
||||
typedef BOOL (WINAPI *HEAP32NEXT)(LPHEAPENTRY32);
|
||||
typedef BOOL (WINAPI *HEAP32LIST)(HANDLE, LPHEAPLIST32);
|
||||
|
@ -431,7 +432,7 @@ int RAND_poll(void)
|
|||
* This seeding method was proposed in Peter Gutmann, Software
|
||||
* Generation of Practically Strong Random Numbers,
|
||||
* http://www.usenix.org/publications/library/proceedings/sec98/gutmann.html
|
||||
* revised version at http://www.cryptoengines.com/~peter/06_random.pdf
|
||||
* revised version at http://www.cryptoengines.com/~peter/06_random.pdf
|
||||
* (The assignment of entropy estimates below is arbitrary, but based
|
||||
* on Peter's analysis the full poll appears to be safe. Additional
|
||||
* interactive seeding is encouraged.)
|
||||
|
@ -440,6 +441,7 @@ int RAND_poll(void)
|
|||
if (kernel)
|
||||
{
|
||||
CREATETOOLHELP32SNAPSHOT snap;
|
||||
CLOSETOOLHELP32SNAPSHOT close_snap;
|
||||
HANDLE handle;
|
||||
|
||||
HEAP32FIRST heap_first;
|
||||
|
@ -457,6 +459,8 @@ int RAND_poll(void)
|
|||
|
||||
snap = (CREATETOOLHELP32SNAPSHOT)
|
||||
GetProcAddress(kernel, TEXT("CreateToolhelp32Snapshot"));
|
||||
close_snap = (CLOSETOOLHELP32SNAPSHOT)
|
||||
GetProcAddress(kernel, TEXT("CloseToolhelp32Snapshot"));
|
||||
heap_first = (HEAP32FIRST) GetProcAddress(kernel, TEXT("Heap32First"));
|
||||
heap_next = (HEAP32NEXT) GetProcAddress(kernel, TEXT("Heap32Next"));
|
||||
heaplist_first = (HEAP32LIST) GetProcAddress(kernel, TEXT("Heap32ListFirst"));
|
||||
|
@ -472,7 +476,7 @@ int RAND_poll(void)
|
|||
heaplist_next && process_first && process_next &&
|
||||
thread_first && thread_next && module_first &&
|
||||
module_next && (handle = snap(TH32CS_SNAPALL,0))
|
||||
!= NULL)
|
||||
!= INVALID_HANDLE_VALUE)
|
||||
{
|
||||
/* heap list and heap walking */
|
||||
/* HEAPLIST32 contains 3 fields that will change with
|
||||
|
@ -534,8 +538,10 @@ int RAND_poll(void)
|
|||
do
|
||||
RAND_add(&m, m.dwSize, 9);
|
||||
while (module_next(handle, &m));
|
||||
|
||||
CloseHandle(handle);
|
||||
if (close_snap)
|
||||
close_snap(handle);
|
||||
else
|
||||
CloseHandle(handle);
|
||||
}
|
||||
|
||||
FreeLibrary(kernel);
|
||||
|
|
|
@ -99,14 +99,15 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey)
|
|||
case EVP_PKEY_RSA:
|
||||
ret|=EVP_PKS_RSA;
|
||||
break;
|
||||
case EVP_PKS_DSA:
|
||||
case EVP_PKEY_DSA:
|
||||
ret|=EVP_PKS_DSA;
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
|
||||
if (EVP_PKEY_size(pk) <= 512)
|
||||
if (EVP_PKEY_size(pk) <= 512/8) /* /8 because it's 512 bits we look
|
||||
for, not bytes */
|
||||
ret|=EVP_PKT_EXP;
|
||||
if(pkey==NULL) EVP_PKEY_free(pk);
|
||||
return(ret);
|
||||
|
|
|
@ -236,7 +236,7 @@ static int v3_check_critical(char **value)
|
|||
static int v3_check_generic(char **value)
|
||||
{
|
||||
char *p = *value;
|
||||
if ((strlen(p) < 4) || strncmp(p, "DER:,", 4)) return 0;
|
||||
if ((strlen(p) < 4) || strncmp(p, "DER:", 4)) return 0;
|
||||
p+=4;
|
||||
while (isspace((unsigned char)*p)) p++;
|
||||
*value = p;
|
||||
|
|
|
@ -73,7 +73,7 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx,
|
|||
STACK_OF(CONF_VALUE) *polstrs, int ia5org);
|
||||
static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
|
||||
STACK_OF(CONF_VALUE) *unot, int ia5org);
|
||||
static STACK_OF(ASN1_INTEGER) *nref_nos(STACK_OF(CONF_VALUE) *nos);
|
||||
static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos);
|
||||
|
||||
X509V3_EXT_METHOD v3_cpols = {
|
||||
NID_certificate_policies, 0,ASN1_ITEM_ref(CERTIFICATEPOLICIES),
|
||||
|
@ -226,6 +226,8 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx,
|
|||
qual = notice_section(ctx, unot, ia5org);
|
||||
X509V3_section_free(ctx, unot);
|
||||
if(!qual) goto err;
|
||||
if(!pol->qualifiers) pol->qualifiers =
|
||||
sk_POLICYQUALINFO_new_null();
|
||||
if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
|
||||
goto merr;
|
||||
} else {
|
||||
|
@ -255,7 +257,7 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx,
|
|||
static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
|
||||
STACK_OF(CONF_VALUE) *unot, int ia5org)
|
||||
{
|
||||
int i;
|
||||
int i, ret;
|
||||
CONF_VALUE *cnf;
|
||||
USERNOTICE *not;
|
||||
POLICYQUALINFO *qual;
|
||||
|
@ -275,8 +277,8 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
|
|||
if(!(nref = NOTICEREF_new())) goto merr;
|
||||
not->noticeref = nref;
|
||||
} else nref = not->noticeref;
|
||||
if(ia5org) nref->organization = M_ASN1_IA5STRING_new();
|
||||
else nref->organization = M_ASN1_VISIBLESTRING_new();
|
||||
if(ia5org) nref->organization->type = V_ASN1_IA5STRING;
|
||||
else nref->organization->type = V_ASN1_VISIBLESTRING;
|
||||
if(!ASN1_STRING_set(nref->organization, cnf->value,
|
||||
strlen(cnf->value))) goto merr;
|
||||
} else if(!strcmp(cnf->name, "noticeNumbers")) {
|
||||
|
@ -292,12 +294,12 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
|
|||
X509V3_conf_err(cnf);
|
||||
goto err;
|
||||
}
|
||||
nref->noticenos = nref_nos(nos);
|
||||
ret = nref_nos(nref->noticenos, nos);
|
||||
sk_CONF_VALUE_pop_free(nos, X509V3_conf_free);
|
||||
if(!nref->noticenos) goto err;
|
||||
if (!ret)
|
||||
goto err;
|
||||
} else {
|
||||
X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_OPTION);
|
||||
|
||||
X509V3_conf_err(cnf);
|
||||
goto err;
|
||||
}
|
||||
|
@ -319,15 +321,13 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
|
|||
return NULL;
|
||||
}
|
||||
|
||||
static STACK_OF(ASN1_INTEGER) *nref_nos(STACK_OF(CONF_VALUE) *nos)
|
||||
static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos)
|
||||
{
|
||||
STACK_OF(ASN1_INTEGER) *nnums;
|
||||
CONF_VALUE *cnf;
|
||||
ASN1_INTEGER *aint;
|
||||
|
||||
int i;
|
||||
|
||||
if(!(nnums = sk_ASN1_INTEGER_new_null())) goto merr;
|
||||
for(i = 0; i < sk_CONF_VALUE_num(nos); i++) {
|
||||
cnf = sk_CONF_VALUE_value(nos, i);
|
||||
if(!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) {
|
||||
|
@ -336,14 +336,14 @@ static STACK_OF(ASN1_INTEGER) *nref_nos(STACK_OF(CONF_VALUE) *nos)
|
|||
}
|
||||
if(!sk_ASN1_INTEGER_push(nnums, aint)) goto merr;
|
||||
}
|
||||
return nnums;
|
||||
return 1;
|
||||
|
||||
merr:
|
||||
X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE);
|
||||
|
||||
err:
|
||||
sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free);
|
||||
return NULL;
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -202,6 +202,7 @@ void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx)
|
|||
if(OBJ_obj2nid(ex->object) == nid) {
|
||||
if(idx) {
|
||||
*idx = i;
|
||||
found_ex = ex;
|
||||
break;
|
||||
} else if(found_ex) {
|
||||
/* Found more than one */
|
||||
|
|
|
@ -184,7 +184,7 @@ int X509V3_extensions_print(BIO *bp, char *title, STACK_OF(X509_EXTENSION) *exts
|
|||
j=X509_EXTENSION_get_critical(ex);
|
||||
if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0)
|
||||
return 0;
|
||||
if(!X509V3_EXT_print(bp, ex, flag, 12))
|
||||
if(!X509V3_EXT_print(bp, ex, flag, indent + 4))
|
||||
{
|
||||
BIO_printf(bp, "%*s", indent + 4, "");
|
||||
M_ASN1_OCTET_STRING_print(bp,ex->value);
|
||||
|
|
|
@ -55,16 +55,15 @@ to standard output:
|
|||
Read Base64 encoded data from standard input and write the decoded
|
||||
data to standard output:
|
||||
|
||||
BIO *bio, *b64, bio_out;
|
||||
BIO *bio, *b64, *bio_out;
|
||||
char inbuf[512];
|
||||
int inlen;
|
||||
char message[] = "Hello World \n";
|
||||
|
||||
b64 = BIO_new(BIO_f_base64());
|
||||
bio = BIO_new_fp(stdin, BIO_NOCLOSE);
|
||||
bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);
|
||||
bio = BIO_push(b64, bio);
|
||||
while((inlen = BIO_read(bio, inbuf, strlen(message))) > 0)
|
||||
while((inlen = BIO_read(bio, inbuf, 512) > 0)
|
||||
BIO_write(bio_out, inbuf, inlen);
|
||||
|
||||
BIO_free_all(bio);
|
||||
|
|
|
@ -135,9 +135,9 @@ process is immediately stopped with "verification failed" state. If
|
|||
SSL_VERIFY_PEER is set, a verification failure alert is sent to the peer and
|
||||
the TLS/SSL handshake is terminated. If B<verify_callback> returns 1,
|
||||
the verification process is continued. If B<verify_callback> always returns
|
||||
1, the TLS/SSL handshake will never be terminated because of this application
|
||||
experiencing a verification failure. The calling process can however
|
||||
retrieve the error code of the last verification error using
|
||||
1, the TLS/SSL handshake will not be terminated with respect to verification
|
||||
failures and the connection will be established. The calling process can
|
||||
however retrieve the error code of the last verification error using
|
||||
L<SSL_get_verify_result(3)|SSL_get_verify_result(3)> or by maintaining its
|
||||
own error storage managed by B<verify_callback>.
|
||||
|
||||
|
|
|
@ -68,7 +68,9 @@ should be preferred.
|
|||
|
||||
SSL_CTX_use_certificate_chain_file() loads a certificate chain from
|
||||
B<file> into B<ctx>. The certificates must be in PEM format and must
|
||||
be sorted starting with the certificate to the highest level (root CA).
|
||||
be sorted starting with the subject's certificate (actual client or server
|
||||
certificate), followed by intermediate CA certificates if applicable, and
|
||||
ending at the highest level (root) CA.
|
||||
There is no corresponding function working on a single SSL object.
|
||||
|
||||
SSL_CTX_use_PrivateKey() adds B<pkey> as private key to B<ctx>.
|
||||
|
|
|
@ -28,7 +28,8 @@ should be called again.
|
|||
|
||||
If the underlying BIO is B<non-blocking>, SSL_accept() will also return
|
||||
when the underlying BIO could not satisfy the needs of SSL_accept()
|
||||
to continue the handshake. In this case a call to SSL_get_error() with the
|
||||
to continue the handshake, indicating the problem by the return value -1.
|
||||
In this case a call to SSL_get_error() with the
|
||||
return value of SSL_accept() will yield B<SSL_ERROR_WANT_READ> or
|
||||
B<SSL_ERROR_WANT_WRITE>. The calling process then must repeat the call after
|
||||
taking appropriate action to satisfy the needs of SSL_accept().
|
||||
|
|
|
@ -25,7 +25,8 @@ handshake has been finished or an error occurred.
|
|||
|
||||
If the underlying BIO is B<non-blocking>, SSL_connect() will also return
|
||||
when the underlying BIO could not satisfy the needs of SSL_connect()
|
||||
to continue the handshake. In this case a call to SSL_get_error() with the
|
||||
to continue the handshake, indicating the problem by the return value -1.
|
||||
In this case a call to SSL_get_error() with the
|
||||
return value of SSL_connect() will yield B<SSL_ERROR_WANT_READ> or
|
||||
B<SSL_ERROR_WANT_WRITE>. The calling process then must repeat the call after
|
||||
taking appropriate action to satisfy the needs of SSL_connect().
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
%define libmaj 0
|
||||
%define libmin 9
|
||||
%define librel 7
|
||||
%define librev b
|
||||
%define librev c
|
||||
Release: 1
|
||||
|
||||
%define openssldir /var/ssl
|
||||
|
@ -83,18 +83,18 @@ documentation and POD files from which the man pages were produced.
|
|||
|
||||
%build
|
||||
|
||||
%define CONFIG_FLAGS -DSSL_ALLOW_ADH --prefix=/usr
|
||||
%define CONFIG_FLAGS -DSSL_ALLOW_ADH --prefix=/usr --openssldir=%{openssldir}
|
||||
|
||||
perl util/perlpath.pl /usr/bin/perl
|
||||
|
||||
%ifarch i386 i486 i586 i686
|
||||
./Configure %{CONFIG_FLAGS} --openssldir=%{openssldir} linux-elf shared
|
||||
./Configure %{CONFIG_FLAGS} linux-elf shared
|
||||
%endif
|
||||
%ifarch ppc
|
||||
./Configure %{CONFIG_FLAGS} --openssldir=%{openssldir} linux-ppc shared
|
||||
./Configure %{CONFIG_FLAGS} linux-ppc shared
|
||||
%endif
|
||||
%ifarch alpha
|
||||
./Configure %{CONFIG_FLAGS} --openssldir=%{openssldir} linux-alpha shared
|
||||
./Configure %{CONFIG_FLAGS} linux-alpha shared
|
||||
%endif
|
||||
LD_LIBRARY_PATH=`pwd` make
|
||||
LD_LIBRARY_PATH=`pwd` make rehash
|
||||
|
@ -102,12 +102,7 @@ LD_LIBRARY_PATH=`pwd` make test
|
|||
|
||||
%install
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
make MANDIR=/usr/man INSTALL_PREFIX="$RPM_BUILD_ROOT" install
|
||||
|
||||
# Rename manpages
|
||||
for x in $RPM_BUILD_ROOT/usr/man/man*/*
|
||||
do mv ${x} ${x}ssl
|
||||
done
|
||||
make MANDIR=/usr/man MANSUFFIX=ssl INSTALL_PREFIX="$RPM_BUILD_ROOT" install
|
||||
|
||||
# Make backwards-compatibility symlink to ssleay
|
||||
ln -sf /usr/bin/openssl $RPM_BUILD_ROOT/usr/bin/ssleay
|
||||
|
@ -135,6 +130,7 @@ rm -rf $RPM_BUILD_ROOT
|
|||
%doc CHANGES CHANGES.SSLeay LICENSE NEWS README
|
||||
|
||||
%attr(0644,root,root) /usr/lib/*.a
|
||||
%attr(0644,root,root) /usr/lib/pkgconfig/openssl.pc
|
||||
%attr(0644,root,root) /usr/include/openssl/*
|
||||
%attr(0644,root,root) /usr/man/man[3]/*
|
||||
|
||||
|
@ -150,6 +146,8 @@ ldconfig
|
|||
ldconfig
|
||||
|
||||
%changelog
|
||||
* Wed May 7 2003 Richard Levitte <richard@levitte.org>
|
||||
- Add /usr/lib/pkgconfig/openssl.pc to the development section.
|
||||
* Thu Mar 22 2001 Richard Levitte <richard@levitte.org>
|
||||
- Removed redundant subsection that re-installed libcrypto.a and libssl.a
|
||||
as well. Also remove RSAref stuff completely, since it's not needed
|
||||
|
|
|
@ -1496,8 +1496,9 @@ kssl_sget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx,
|
|||
"bad ticket from krb5_rd_req.\n");
|
||||
}
|
||||
else if (kssl_ctx_setprinc(kssl_ctx, KSSL_CLIENT,
|
||||
&krb5ticket->enc_part2->client->realm,
|
||||
krb5ticket->enc_part2->client->data))
|
||||
&krb5ticket->enc_part2->client->realm,
|
||||
krb5ticket->enc_part2->client->data,
|
||||
krb5ticket->enc_part2->client->length))
|
||||
{
|
||||
kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET,
|
||||
"kssl_ctx_setprinc() fails.\n");
|
||||
|
@ -1564,16 +1565,17 @@ kssl_ctx_free(KSSL_CTX *kssl_ctx)
|
|||
}
|
||||
|
||||
|
||||
/* Given a (krb5_data *) entity (and optional realm),
|
||||
/* Given an array of (krb5_data *) entity (and optional realm),
|
||||
** set the plain (char *) client_princ or service_host member
|
||||
** of the kssl_ctx struct.
|
||||
*/
|
||||
krb5_error_code
|
||||
kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which,
|
||||
krb5_data *realm, krb5_data *entity)
|
||||
krb5_data *realm, krb5_data *entity, int nentities)
|
||||
{
|
||||
char **princ;
|
||||
int length;
|
||||
int i;
|
||||
|
||||
if (kssl_ctx == NULL || entity == NULL) return KSSL_CTX_ERR;
|
||||
|
||||
|
@ -1585,18 +1587,33 @@ kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which,
|
|||
}
|
||||
if (*princ) free(*princ);
|
||||
|
||||
length = entity->length + ((realm)? realm->length + 2: 1);
|
||||
/* Add up all the entity->lengths */
|
||||
length = 0;
|
||||
for (i=0; i < nentities; i++)
|
||||
{
|
||||
length += entity[i].length;
|
||||
}
|
||||
/* Add in space for the '/' character(s) (if any) */
|
||||
length += nentities-1;
|
||||
/* Space for the ('@'+realm+NULL | NULL) */
|
||||
length += ((realm)? realm->length + 2: 1);
|
||||
|
||||
if ((*princ = calloc(1, length)) == NULL)
|
||||
return KSSL_CTX_ERR;
|
||||
else
|
||||
{
|
||||
strncpy(*princ, entity->data, entity->length);
|
||||
(*princ)[entity->length]='\0';
|
||||
{
|
||||
for (i = 0; i < nentities; i++)
|
||||
{
|
||||
strncat(*princ, entity[i].data, entity[i].length);
|
||||
if (i < nentities-1)
|
||||
{
|
||||
strcat (*princ, "/");
|
||||
}
|
||||
}
|
||||
if (realm)
|
||||
{
|
||||
strcat (*princ, "@");
|
||||
(void) strncat(*princ, realm->data, realm->length);
|
||||
(*princ)[entity->length+1+realm->length]='\0';
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -149,7 +149,7 @@ KSSL_CTX *kssl_ctx_new(void);
|
|||
KSSL_CTX *kssl_ctx_free(KSSL_CTX *kssl_ctx);
|
||||
void kssl_ctx_show(KSSL_CTX *kssl_ctx);
|
||||
krb5_error_code kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which,
|
||||
krb5_data *realm, krb5_data *entity);
|
||||
krb5_data *realm, krb5_data *entity, int nentities);
|
||||
krb5_error_code kssl_cget_tkt(KSSL_CTX *kssl_ctx, krb5_data **enc_tktp,
|
||||
krb5_data *authenp, KSSL_ERR *kssl_err);
|
||||
krb5_error_code kssl_sget_tkt(KSSL_CTX *kssl_ctx, krb5_data *indata,
|
||||
|
|
|
@ -473,6 +473,11 @@ void SSL_free(SSL *s)
|
|||
|
||||
if (s->method != NULL) s->method->ssl_free(s);
|
||||
|
||||
#ifndef OPENSSL_NO_KRB5
|
||||
if (s->kssl_ctx != NULL)
|
||||
kssl_ctx_free(s->kssl_ctx);
|
||||
#endif /* OPENSSL_NO_KRB5 */
|
||||
|
||||
OPENSSL_free(s);
|
||||
}
|
||||
|
||||
|
|
|
@ -207,7 +207,7 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
|
|||
ok=1;
|
||||
else
|
||||
#endif
|
||||
if (!X509_check_private_key(c->pkeys[i].x509,pkey))
|
||||
if (!X509_check_private_key(c->pkeys[i].x509,pkey))
|
||||
{
|
||||
if ((i == SSL_PKEY_DH_RSA) || (i == SSL_PKEY_DH_DSA))
|
||||
{
|
||||
|
@ -241,6 +241,8 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
|
|||
return(0);
|
||||
}
|
||||
|
||||
ERR_clear_error(); /* make sure no error from X509_check_private_key()
|
||||
* is left if we have chosen to ignore it */
|
||||
if (c->pkeys[i].privatekey != NULL)
|
||||
EVP_PKEY_free(c->pkeys[i].privatekey);
|
||||
CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
#!/usr/local/bin/perl
|
||||
#!/usr/bin/perl
|
||||
|
||||
|
||||
# Perl c_rehash script, scan all files in a directory
|
||||
|
|
|
@ -9,8 +9,8 @@ while(<STDIN>) {
|
|||
} elsif ($name) {
|
||||
if (/ - /) {
|
||||
s/ - .*//;
|
||||
s/[ \t,]+/ /g;
|
||||
push @words, split ' ';
|
||||
s/,[ \t]+/,/g;
|
||||
push @words, split ',';
|
||||
}
|
||||
}
|
||||
if (/^=head1 *NAME *$/) {
|
||||
|
|
|
@ -2801,3 +2801,5 @@ BIO_indent 3242 EXIST::FUNCTION:
|
|||
BUF_strlcpy 3243 EXIST::FUNCTION:
|
||||
OpenSSLDie 3244 EXIST::FUNCTION:
|
||||
OPENSSL_cleanse 3245 EXIST::FUNCTION:
|
||||
ENGINE_setup_bsd_cryptodev 3246 EXIST:__FreeBSD__:FUNCTION:ENGINE
|
||||
ERR_release_err_state_table 3247 EXIST::FUNCTION:LHASH
|
||||
|
|
|
@ -85,7 +85,7 @@ sub do_lib_rule
|
|||
($Name=$name) =~ tr/a-z/A-Z/;
|
||||
|
||||
$ret.="$target: \$(${Name}OBJ)\n";
|
||||
$ret.="\t\$(RM) $target\n";
|
||||
$ret.="\tif exist $target \$(RM) $target\n";
|
||||
$ret.="\t\$(MKLIB) $target \$(${Name}OBJ)\n";
|
||||
$ret.="\t\$(RANLIB) $target\n\n";
|
||||
}
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
#!/bin/sh
|
||||
|
||||
rm -f $2
|
||||
rm -f "$2"
|
||||
if test "$OSTYPE" = msdosdjgpp; then
|
||||
cp $1 $2
|
||||
cp "$1" "$2"
|
||||
else
|
||||
ln -s $1 $2
|
||||
ln -s "$1" "$2"
|
||||
fi
|
||||
echo "$2 => $1"
|
||||
|
||||
|
|
Loading…
Reference in New Issue