resolve conflicts.
This commit is contained in:
parent
387e0d89ab
commit
ed56312e8a
84
crypto/dist/openssl/CHANGES
vendored
84
crypto/dist/openssl/CHANGES
vendored
@ -2,13 +2,56 @@
|
||||
OpenSSL CHANGES
|
||||
_______________
|
||||
|
||||
Changes between 0.9.8a and 0.9.8b [04 May 2006]
|
||||
|
||||
*) When applying a cipher rule check to see if string match is an explicit
|
||||
cipher suite and only match that one cipher suite if it is.
|
||||
[Steve Henson]
|
||||
|
||||
*) Link in manifests for VC++ if needed.
|
||||
[Austin Ziegler <halostatue@gmail.com>]
|
||||
|
||||
*) Update support for ECC-based TLS ciphersuites according to
|
||||
draft-ietf-tls-ecc-12.txt with proposed changes (but without
|
||||
TLS extensions, which are supported starting with the 0.9.9
|
||||
branch, not in the OpenSSL 0.9.8 branch).
|
||||
[Douglas Stebila]
|
||||
|
||||
*) New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free() to support
|
||||
opaque EVP_CIPHER_CTX handling.
|
||||
[Steve Henson]
|
||||
|
||||
*) Fixes and enhancements to zlib compression code. We now only use
|
||||
"zlib1.dll" and use the default __cdecl calling convention on Win32
|
||||
to conform with the standards mentioned here:
|
||||
http://www.zlib.net/DLL_FAQ.txt
|
||||
Static zlib linking now works on Windows and the new --with-zlib-include
|
||||
--with-zlib-lib options to Configure can be used to supply the location
|
||||
of the headers and library. Gracefully handle case where zlib library
|
||||
can't be loaded.
|
||||
[Steve Henson]
|
||||
|
||||
*) Several fixes and enhancements to the OID generation code. The old code
|
||||
sometimes allowed invalid OIDs (1.X for X >= 40 for example), couldn't
|
||||
handle numbers larger than ULONG_MAX, truncated printing and had a
|
||||
non standard OBJ_obj2txt() behaviour.
|
||||
[Steve Henson]
|
||||
|
||||
*) Add support for building of engines under engine/ as shared libraries
|
||||
under VC++ build system.
|
||||
[Steve Henson]
|
||||
|
||||
*) Corrected the numerous bugs in the Win32 path splitter in DSO.
|
||||
Hopefully, we will not see any false combination of paths any more.
|
||||
[Richard Levitte]
|
||||
|
||||
Changes between 0.9.8 and 0.9.8a [11 Oct 2005]
|
||||
|
||||
*) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING
|
||||
(part of SSL_OP_ALL). This option used to disable the
|
||||
countermeasure against man-in-the-middle protocol-version
|
||||
rollback in the SSL 2.0 server implementation, which is a bad
|
||||
idea. (CAN-2005-2969)
|
||||
idea. (CVE-2005-2969)
|
||||
|
||||
[Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center
|
||||
for Information Security, National Institute of Advanced Industrial
|
||||
@ -858,13 +901,22 @@
|
||||
differing sizes.
|
||||
[Richard Levitte]
|
||||
|
||||
Changes between 0.9.7h and 0.9.7i [14 Oct 2005]
|
||||
|
||||
*) Wrapped the definition of EVP_MAX_MD_SIZE in a #ifdef OPENSSL_FIPS.
|
||||
The value now differs depending on if you build for FIPS or not.
|
||||
BEWARE! A program linked with a shared FIPSed libcrypto can't be
|
||||
safely run with a non-FIPSed libcrypto, as it may crash because of
|
||||
the difference induced by this change.
|
||||
[Andy Polyakov]
|
||||
|
||||
Changes between 0.9.7g and 0.9.7h [11 Oct 2005]
|
||||
|
||||
*) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING
|
||||
(part of SSL_OP_ALL). This option used to disable the
|
||||
countermeasure against man-in-the-middle protocol-version
|
||||
rollback in the SSL 2.0 server implementation, which is a bad
|
||||
idea.
|
||||
idea. (CVE-2005-2969)
|
||||
|
||||
[Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center
|
||||
for Information Security, National Institute of Advanced Industrial
|
||||
@ -1029,11 +1081,11 @@
|
||||
Changes between 0.9.7c and 0.9.7d [17 Mar 2004]
|
||||
|
||||
*) Fix null-pointer assignment in do_change_cipher_spec() revealed
|
||||
by using the Codenomicon TLS Test Tool (CAN-2004-0079)
|
||||
by using the Codenomicon TLS Test Tool (CVE-2004-0079)
|
||||
[Joe Orton, Steve Henson]
|
||||
|
||||
*) Fix flaw in SSL/TLS handshaking when using Kerberos ciphersuites
|
||||
(CAN-2004-0112)
|
||||
(CVE-2004-0112)
|
||||
[Joe Orton, Steve Henson]
|
||||
|
||||
*) Make it possible to have multiple active certificates with the same
|
||||
@ -1076,9 +1128,9 @@
|
||||
*) Fix various bugs revealed by running the NISCC test suite:
|
||||
|
||||
Stop out of bounds reads in the ASN1 code when presented with
|
||||
invalid tags (CAN-2003-0543 and CAN-2003-0544).
|
||||
invalid tags (CVE-2003-0543 and CVE-2003-0544).
|
||||
|
||||
Free up ASN1_TYPE correctly if ANY type is invalid (CAN-2003-0545).
|
||||
Free up ASN1_TYPE correctly if ANY type is invalid (CVE-2003-0545).
|
||||
|
||||
If verify callback ignores invalid public key errors don't try to check
|
||||
certificate signature with the NULL public key.
|
||||
@ -1163,7 +1215,7 @@
|
||||
via timing by performing a MAC computation even if incorrrect
|
||||
block cipher padding has been found. This is a countermeasure
|
||||
against active attacks where the attacker has to distinguish
|
||||
between bad padding and a MAC verification error. (CAN-2003-0078)
|
||||
between bad padding and a MAC verification error. (CVE-2003-0078)
|
||||
|
||||
[Bodo Moeller; problem pointed out by Brice Canvel (EPFL),
|
||||
Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and
|
||||
@ -1380,7 +1432,7 @@
|
||||
|
||||
Remote buffer overflow in SSL3 protocol - an attacker could
|
||||
supply an oversized master key in Kerberos-enabled versions.
|
||||
(CAN-2002-0657)
|
||||
(CVE-2002-0657)
|
||||
[Ben Laurie (CHATS)]
|
||||
|
||||
*) Change the SSL kerb5 codes to match RFC 2712.
|
||||
@ -3064,7 +3116,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
|
||||
Changes between 0.9.6l and 0.9.6m [17 Mar 2004]
|
||||
|
||||
*) Fix null-pointer assignment in do_change_cipher_spec() revealed
|
||||
by using the Codenomicon TLS Test Tool (CAN-2004-0079)
|
||||
by using the Codenomicon TLS Test Tool (CVE-2004-0079)
|
||||
[Joe Orton, Steve Henson]
|
||||
|
||||
Changes between 0.9.6k and 0.9.6l [04 Nov 2003]
|
||||
@ -3072,7 +3124,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
|
||||
*) Fix additional bug revealed by the NISCC test suite:
|
||||
|
||||
Stop bug triggering large recursion when presented with
|
||||
certain ASN.1 tags (CAN-2003-0851)
|
||||
certain ASN.1 tags (CVE-2003-0851)
|
||||
[Steve Henson]
|
||||
|
||||
Changes between 0.9.6j and 0.9.6k [30 Sep 2003]
|
||||
@ -3080,7 +3132,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
|
||||
*) Fix various bugs revealed by running the NISCC test suite:
|
||||
|
||||
Stop out of bounds reads in the ASN1 code when presented with
|
||||
invalid tags (CAN-2003-0543 and CAN-2003-0544).
|
||||
invalid tags (CVE-2003-0543 and CVE-2003-0544).
|
||||
|
||||
If verify callback ignores invalid public key errors don't try to check
|
||||
certificate signature with the NULL public key.
|
||||
@ -3132,7 +3184,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
|
||||
via timing by performing a MAC computation even if incorrrect
|
||||
block cipher padding has been found. This is a countermeasure
|
||||
against active attacks where the attacker has to distinguish
|
||||
between bad padding and a MAC verification error. (CAN-2003-0078)
|
||||
between bad padding and a MAC verification error. (CVE-2003-0078)
|
||||
|
||||
[Bodo Moeller; problem pointed out by Brice Canvel (EPFL),
|
||||
Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and
|
||||
@ -3265,7 +3317,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
|
||||
*) Add various sanity checks to asn1_get_length() to reject
|
||||
the ASN1 length bytes if they exceed sizeof(long), will appear
|
||||
negative or the content length exceeds the length of the
|
||||
supplied buffer. (CAN-2002-0659)
|
||||
supplied buffer. (CVE-2002-0659)
|
||||
[Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
|
||||
|
||||
*) Assertions for various potential buffer overflows, not known to
|
||||
@ -3273,15 +3325,15 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
|
||||
[Ben Laurie (CHATS)]
|
||||
|
||||
*) Various temporary buffers to hold ASCII versions of integers were
|
||||
too small for 64 bit platforms. (CAN-2002-0655)
|
||||
too small for 64 bit platforms. (CVE-2002-0655)
|
||||
[Matthew Byng-Maddick <mbm@aldigital.co.uk> and Ben Laurie (CHATS)>
|
||||
|
||||
*) Remote buffer overflow in SSL3 protocol - an attacker could
|
||||
supply an oversized session ID to a client. (CAN-2002-0656)
|
||||
supply an oversized session ID to a client. (CVE-2002-0656)
|
||||
[Ben Laurie (CHATS)]
|
||||
|
||||
*) Remote buffer overflow in SSL2 protocol - an attacker could
|
||||
supply an oversized client master key. (CAN-2002-0656)
|
||||
supply an oversized client master key. (CVE-2002-0656)
|
||||
[Ben Laurie (CHATS)]
|
||||
|
||||
Changes between 0.9.6c and 0.9.6d [9 May 2002]
|
||||
|
72
crypto/dist/openssl/FAQ
vendored
72
crypto/dist/openssl/FAQ
vendored
@ -31,6 +31,7 @@ OpenSSL - Frequently Asked Questions
|
||||
* Why does my browser give a warning about a mismatched hostname?
|
||||
* How do I install a CA certificate into a browser?
|
||||
* Why is OpenSSL x509 DN output not conformant to RFC2253?
|
||||
* What is a "128 bit certificate"? Can I create one with OpenSSL?
|
||||
|
||||
[BUILD] Questions about building and testing OpenSSL
|
||||
|
||||
@ -48,6 +49,7 @@ OpenSSL - Frequently Asked Questions
|
||||
* Why does OpenBSD-i386 build fail on des-586.s with "Unimplemented segment type"?
|
||||
* Why does the OpenSSL test suite fail in sha512t on x86 CPU?
|
||||
* Why does compiler fail to compile sha512.c?
|
||||
* Test suite still fails, what to do?
|
||||
|
||||
[PROG] Questions about programming with OpenSSL
|
||||
|
||||
@ -72,7 +74,7 @@ OpenSSL - Frequently Asked Questions
|
||||
* Which is the current version of OpenSSL?
|
||||
|
||||
The current version is available from <URL: http://www.openssl.org>.
|
||||
OpenSSL 0.9.8a was released on October 11th, 2005.
|
||||
OpenSSL 0.9.8b was released on May 4th, 2006.
|
||||
|
||||
In addition to the current stable release, you can also access daily
|
||||
snapshots of the OpenSSL development version at <URL:
|
||||
@ -386,6 +388,43 @@ interface, the "-nameopt" option could be introduded. See the manual
|
||||
page of the "openssl x509" commandline tool for details. The old behaviour
|
||||
has however been left as default for the sake of compatibility.
|
||||
|
||||
* What is a "128 bit certificate"? Can I create one with OpenSSL?
|
||||
|
||||
The term "128 bit certificate" is a highly misleading marketing term. It does
|
||||
*not* refer to the size of the public key in the certificate! A certificate
|
||||
containing a 128 bit RSA key would have negligible security.
|
||||
|
||||
There were various other names such as "magic certificates", "SGC
|
||||
certificates", "step up certificates" etc.
|
||||
|
||||
You can't generally create such a certificate using OpenSSL but there is no
|
||||
need to any more. Nowadays web browsers using unrestricted strong encryption
|
||||
are generally available.
|
||||
|
||||
When there were tight export restrictions on the export of strong encryption
|
||||
software from the US only weak encryption algorithms could be freely exported
|
||||
(initially 40 bit and then 56 bit). It was widely recognised that this was
|
||||
inadequate. A relaxation the rules allowed the use of strong encryption but
|
||||
only to an authorised server.
|
||||
|
||||
Two slighly different techniques were developed to support this, one used by
|
||||
Netscape was called "step up", the other used by MSIE was called "Server Gated
|
||||
Cryptography" (SGC). When a browser initially connected to a server it would
|
||||
check to see if the certificate contained certain extensions and was issued by
|
||||
an authorised authority. If these test succeeded it would reconnect using
|
||||
strong encryption.
|
||||
|
||||
Only certain (initially one) certificate authorities could issue the
|
||||
certificates and they generally cost more than ordinary certificates.
|
||||
|
||||
Although OpenSSL can create certificates containing the appropriate extensions
|
||||
the certificate would not come from a permitted authority and so would not
|
||||
be recognized.
|
||||
|
||||
The export laws were later changed to allow almost unrestricted use of strong
|
||||
encryption so these certificates are now obsolete.
|
||||
|
||||
|
||||
[BUILD] =======================================================================
|
||||
|
||||
* Why does the linker complain about undefined symbols?
|
||||
@ -617,6 +656,18 @@ the module in question. The recommendation is to disable SHA-512 by
|
||||
adding no-sha512 to ./config [or ./Configure] command line. Another
|
||||
possible alternative might be to switch to GCC.
|
||||
|
||||
* Test suite still fails, what to do?
|
||||
|
||||
Another common reason for failure to complete some particular test is
|
||||
simply bad code generated by a buggy component in toolchain or deficiency
|
||||
in run-time environment. There are few cases documented in PROBLEMS file,
|
||||
consult it for possible workaround before you beat the drum. Even if you
|
||||
don't find solution or even mention there, do reserve for possibility of
|
||||
a compiler bug. Compiler bugs might appear in rather bizarre ways, they
|
||||
never make sense, and tend to emerge when you least expect them. In order
|
||||
to identify one, drop optimization level, e.g. by editing CFLAG line in
|
||||
top-level Makefile, recompile and re-run the test.
|
||||
|
||||
[PROG] ========================================================================
|
||||
|
||||
* Is OpenSSL thread-safe?
|
||||
@ -649,10 +700,10 @@ your application must link against the same by which OpenSSL was
|
||||
built. If you are using MS Visual C++ (Studio) this can be changed
|
||||
by:
|
||||
|
||||
1. Select Settings... from the Project Menu.
|
||||
2. Select the C/C++ Tab.
|
||||
3. Select "Code Generation from the "Category" drop down list box
|
||||
4. Select the Appropriate library (see table below) from the "Use
|
||||
1. Select Settings... from the Project Menu.
|
||||
2. Select the C/C++ Tab.
|
||||
3. Select "Code Generation from the "Category" drop down list box
|
||||
4. Select the Appropriate library (see table below) from the "Use
|
||||
run-time library" drop down list box. Perform this step for both
|
||||
your debug and release versions of your application (look at the
|
||||
top left of the settings panel to change between the two)
|
||||
@ -672,16 +723,19 @@ Note that debug and release libraries are NOT interchangeable. If you
|
||||
built OpenSSL with /MD your application must use /MD and cannot use /MDd.
|
||||
|
||||
As per 0.9.8 the above limitation is eliminated for .DLLs. OpenSSL
|
||||
.DLLs compiled with some specific run-time option [we recommend the
|
||||
.DLLs compiled with some specific run-time option [we insist on the
|
||||
default /MD] can be deployed with application compiled with different
|
||||
option or even different compiler. But there is a catch! Instead of
|
||||
re-compiling OpenSSL toolkit, as you would have to with prior versions,
|
||||
you have to compile small C snippet with compiler and/or options of
|
||||
your choice. The snippet gets installed as
|
||||
<install-root>/include/openssl/applink.c and should be either added to
|
||||
your project or simply #include-d in one [and only one] of your source
|
||||
files. Failure to do either manifests itself as fatal "no
|
||||
OPENSSL_Applink" error.
|
||||
your application project or simply #include-d in one [and only one]
|
||||
of your application source files. Failure to link this shim module
|
||||
into your application manifests itself as fatal "no OPENSSL_Applink"
|
||||
run-time error. An explicit reminder is due that in this situation
|
||||
[mixing compiler options] it is as important to add CRYPTO_malloc_init
|
||||
prior first call to OpenSSL.
|
||||
|
||||
* How do I read or write a DER encoded buffer using the ASN1 functions?
|
||||
|
||||
|
4
crypto/dist/openssl/apps/CA.pl.in
vendored
4
crypto/dist/openssl/apps/CA.pl.in
vendored
@ -94,6 +94,9 @@ foreach (@ARGV) {
|
||||
mkdir "${CATOP}/private", $DIRMODE;
|
||||
open OUT, ">${CATOP}/index.txt";
|
||||
close OUT;
|
||||
open OUT, ">${CATOP}/crlnumber";
|
||||
print OUT "01\n";
|
||||
close OUT;
|
||||
}
|
||||
if ( ! -f "${CATOP}/private/$CAKEY" ) {
|
||||
print "CA certificate filename (or enter to create)\n";
|
||||
@ -113,6 +116,7 @@ foreach (@ARGV) {
|
||||
system ("$CA -create_serial " .
|
||||
"-out ${CATOP}/$CACERT $CADAYS -batch " .
|
||||
"-keyfile ${CATOP}/private/$CAKEY -selfsign " .
|
||||
"-extensions v3_ca " .
|
||||
"-infiles ${CATOP}/$CAREQ ");
|
||||
$RET=$?;
|
||||
}
|
||||
|
2
crypto/dist/openssl/apps/speed.c
vendored
2
crypto/dist/openssl/apps/speed.c
vendored
@ -2522,6 +2522,7 @@ static void print_result(int alg,int run_no,int count,double time_used)
|
||||
results[alg][run_no]=((double)count)/time_used*lengths[run_no];
|
||||
}
|
||||
|
||||
#ifdef HAVE_FORK
|
||||
static char *sstrsep(char **string, const char *delim)
|
||||
{
|
||||
char isdelim[256];
|
||||
@ -2553,7 +2554,6 @@ static char *sstrsep(char **string, const char *delim)
|
||||
return token;
|
||||
}
|
||||
|
||||
#ifdef HAVE_FORK
|
||||
static int do_multi(int multi)
|
||||
{
|
||||
int n;
|
||||
|
4
crypto/dist/openssl/crypto/asn1/asn1.h
vendored
4
crypto/dist/openssl/crypto/asn1/asn1.h
vendored
@ -149,6 +149,7 @@ extern "C" {
|
||||
#define B_ASN1_UTF8STRING 0x2000
|
||||
#define B_ASN1_UTCTIME 0x4000
|
||||
#define B_ASN1_GENERALIZEDTIME 0x8000
|
||||
#define B_ASN1_SEQUENCE 0x10000
|
||||
|
||||
/* For use with ASN1_mbstring_copy() */
|
||||
#define MBSTRING_FLAG 0x1000
|
||||
@ -594,6 +595,7 @@ typedef struct BIT_STRING_BITNAME_st {
|
||||
B_ASN1_UNIVERSALSTRING|\
|
||||
B_ASN1_BMPSTRING|\
|
||||
B_ASN1_UTF8STRING|\
|
||||
B_ASN1_SEQUENCE|\
|
||||
B_ASN1_UNKNOWN
|
||||
|
||||
#define B_ASN1_DIRECTORYSTRING \
|
||||
@ -1045,7 +1047,7 @@ void ERR_load_ASN1_strings(void);
|
||||
#define ASN1_F_ASN1_I2D_FP 117
|
||||
#define ASN1_F_ASN1_INTEGER_SET 118
|
||||
#define ASN1_F_ASN1_INTEGER_TO_BN 119
|
||||
#define ASN1_F_ASN1_ITEM_D2I_FP 190
|
||||
#define ASN1_F_ASN1_ITEM_D2I_FP 206
|
||||
#define ASN1_F_ASN1_ITEM_DUP 191
|
||||
#define ASN1_F_ASN1_ITEM_EX_COMBINE_NEW 121
|
||||
#define ASN1_F_ASN1_ITEM_EX_D2I 120
|
||||
|
5
crypto/dist/openssl/crypto/asn1/asn1_par.c
vendored
5
crypto/dist/openssl/crypto/asn1/asn1_par.c
vendored
@ -88,7 +88,10 @@ static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
|
||||
BIO_snprintf(str,sizeof str,"cont [ %d ]",tag);
|
||||
else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION)
|
||||
BIO_snprintf(str,sizeof str,"appl [ %d ]",tag);
|
||||
else p = ASN1_tag2str(tag);
|
||||
else if (tag > 30)
|
||||
BIO_snprintf(str,sizeof str,"<ASN1 %d>",tag);
|
||||
else
|
||||
p = ASN1_tag2str(tag);
|
||||
|
||||
if (p2 != NULL)
|
||||
{
|
||||
|
38
crypto/dist/openssl/crypto/asn1/t_pkey.c
vendored
38
crypto/dist/openssl/crypto/asn1/t_pkey.c
vendored
@ -109,7 +109,7 @@ int RSA_print(BIO *bp, const RSA *x, int off)
|
||||
char str[128];
|
||||
const char *s;
|
||||
unsigned char *m=NULL;
|
||||
int ret=0;
|
||||
int ret=0, mod_len = 0;
|
||||
size_t buf_len=0, i;
|
||||
|
||||
if (x->n)
|
||||
@ -143,27 +143,37 @@ int RSA_print(BIO *bp, const RSA *x, int off)
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (x->n != NULL)
|
||||
mod_len = BN_num_bits(x->n);
|
||||
|
||||
if (x->d != NULL)
|
||||
{
|
||||
if(!BIO_indent(bp,off,128))
|
||||
goto err;
|
||||
if (BIO_printf(bp,"Private-Key: (%d bit)\n",BN_num_bits(x->n))
|
||||
if (BIO_printf(bp,"Private-Key: (%d bit)\n", mod_len)
|
||||
<= 0) goto err;
|
||||
}
|
||||
|
||||
if (x->d == NULL)
|
||||
BIO_snprintf(str,sizeof str,"Modulus (%d bit):",BN_num_bits(x->n));
|
||||
BIO_snprintf(str,sizeof str,"Modulus (%d bit):", mod_len);
|
||||
else
|
||||
BUF_strlcpy(str,"modulus:",sizeof str);
|
||||
if (!print(bp,str,x->n,m,off)) goto err;
|
||||
s=(x->d == NULL)?"Exponent:":"publicExponent:";
|
||||
if (!print(bp,s,x->e,m,off)) goto err;
|
||||
if (!print(bp,"privateExponent:",x->d,m,off)) goto err;
|
||||
if (!print(bp,"prime1:",x->p,m,off)) goto err;
|
||||
if (!print(bp,"prime2:",x->q,m,off)) goto err;
|
||||
if (!print(bp,"exponent1:",x->dmp1,m,off)) goto err;
|
||||
if (!print(bp,"exponent2:",x->dmq1,m,off)) goto err;
|
||||
if (!print(bp,"coefficient:",x->iqmp,m,off)) goto err;
|
||||
if ((x->e != NULL) && !print(bp,s,x->e,m,off))
|
||||
goto err;
|
||||
if ((x->d != NULL) && !print(bp,"privateExponent:",x->d,m,off))
|
||||
goto err;
|
||||
if ((x->p != NULL) && !print(bp,"prime1:",x->p,m,off))
|
||||
goto err;
|
||||
if ((x->q != NULL) && !print(bp,"prime2:",x->q,m,off))
|
||||
goto err;
|
||||
if ((x->dmp1 != NULL) && !print(bp,"exponent1:",x->dmp1,m,off))
|
||||
goto err;
|
||||
if ((x->dmq1 != NULL) && !print(bp,"exponent2:",x->dmq1,m,off))
|
||||
goto err;
|
||||
if ((x->iqmp != NULL) && !print(bp,"coefficient:",x->iqmp,m,off))
|
||||
goto err;
|
||||
ret=1;
|
||||
err:
|
||||
if (m != NULL) OPENSSL_free(m);
|
||||
@ -740,7 +750,7 @@ int DSAparams_print(BIO *bp, const DSA *x)
|
||||
buf_len = (size_t)BN_num_bytes(x->p);
|
||||
else
|
||||
{
|
||||
DSAerr(DSA_F_DSA_PRINT,DSA_R_MISSING_PARAMETERS);
|
||||
DSAerr(DSA_F_DSAPARAMS_PRINT,DSA_R_MISSING_PARAMETERS);
|
||||
goto err;
|
||||
}
|
||||
if (x->q)
|
||||
@ -752,7 +762,7 @@ int DSAparams_print(BIO *bp, const DSA *x)
|
||||
m=(unsigned char *)OPENSSL_malloc(buf_len+10);
|
||||
if (m == NULL)
|
||||
{
|
||||
DSAerr(DSA_F_DSA_PRINT,ERR_R_MALLOC_FAILURE);
|
||||
DSAerr(DSA_F_DSAPARAMS_PRINT,ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
}
|
||||
|
||||
@ -760,8 +770,8 @@ int DSAparams_print(BIO *bp, const DSA *x)
|
||||
BN_num_bits(x->p)) <= 0)
|
||||
goto err;
|
||||
if (!print(bp,"p:",x->p,m,4)) goto err;
|
||||
if (!print(bp,"q:",x->q,m,4)) goto err;
|
||||
if (!print(bp,"g:",x->g,m,4)) goto err;
|
||||
if ((x->q != NULL) && !print(bp,"q:",x->q,m,4)) goto err;
|
||||
if ((x->g != NULL) && !print(bp,"g:",x->g,m,4)) goto err;
|
||||
ret=1;
|
||||
err:
|
||||
if (m != NULL) OPENSSL_free(m);
|
||||
|
14
crypto/dist/openssl/crypto/asn1/tasn_dec.c
vendored
14
crypto/dist/openssl/crypto/asn1/tasn_dec.c
vendored
@ -98,7 +98,7 @@ static unsigned long tag2bit[32] = {
|
||||
B_ASN1_OCTET_STRING, 0, 0, B_ASN1_UNKNOWN,/* tags 4- 7 */
|
||||
B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN,/* tags 8-11 */
|
||||
B_ASN1_UTF8STRING,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,/* tags 12-15 */
|
||||
0, 0, B_ASN1_NUMERICSTRING,B_ASN1_PRINTABLESTRING, /* tags 16-19 */
|
||||
B_ASN1_SEQUENCE,0,B_ASN1_NUMERICSTRING,B_ASN1_PRINTABLESTRING, /* tags 16-19 */
|
||||
B_ASN1_T61STRING,B_ASN1_VIDEOTEXSTRING,B_ASN1_IA5STRING, /* tags 20-22 */
|
||||
B_ASN1_UTCTIME, B_ASN1_GENERALIZEDTIME, /* tags 23-24 */
|
||||
B_ASN1_GRAPHICSTRING,B_ASN1_ISO64STRING,B_ASN1_GENERALSTRING, /* tags 25-27 */
|
||||
@ -158,7 +158,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
|
||||
const ASN1_EXTERN_FUNCS *ef;
|
||||
const ASN1_AUX *aux = it->funcs;
|
||||
ASN1_aux_cb *asn1_cb;
|
||||
const unsigned char *p, *q;
|
||||
const unsigned char *p = NULL, *q;
|
||||
unsigned char *wp=NULL; /* BIG FAT WARNING! BREAKS CONST WHERE USED */
|
||||
unsigned char imphack = 0, oclass;
|
||||
char seq_eoc, seq_nolen, cst, isopt;
|
||||
@ -283,6 +283,12 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
|
||||
{
|
||||
wp = *(unsigned char **)in;
|
||||
imphack = *wp;
|
||||
if (p == NULL)
|
||||
{
|
||||
ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
|
||||
ERR_R_NESTED_ASN1_ERROR);
|
||||
goto err;
|
||||
}
|
||||
*wp = (unsigned char)((*p & V_ASN1_CONSTRUCTED)
|
||||
| it->utype);
|
||||
}
|
||||
@ -924,6 +930,8 @@ int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
|
||||
if (!*pval)
|
||||
{
|
||||
typ = ASN1_TYPE_new();
|
||||
if (typ == NULL)
|
||||
goto err;
|
||||
*pval = (ASN1_VALUE *)typ;
|
||||
}
|
||||
else
|
||||
@ -1167,7 +1175,7 @@ static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len,
|
||||
return 0;
|
||||
#endif
|
||||
}
|
||||
else if (!collect_data(buf, &p, plen))
|
||||
else if (plen && !collect_data(buf, &p, plen))
|
||||
return 0;
|
||||
len -= p - q;
|
||||
}
|
||||
|
15
crypto/dist/openssl/crypto/bio/bio.h
vendored
15
crypto/dist/openssl/crypto/bio/bio.h
vendored
@ -676,17 +676,20 @@ void BIO_copy_next_retry(BIO *b);
|
||||
|
||||
/*long BIO_ghbn_ctrl(int cmd,int iarg,char *parg);*/
|
||||
|
||||
#ifndef __GNUC__
|
||||
#define __attribute__(x)
|
||||
#ifdef __GNUC__
|
||||
# define __bio_h__attr__ __attribute__
|
||||
#else
|
||||
# define __bio_h__attr__(x)
|
||||
#endif
|
||||
int BIO_printf(BIO *bio, const char *format, ...)
|
||||
__attribute__((__format__(__printf__,2,3)));
|
||||
__bio_h__attr__((__format__(__printf__,2,3)));
|
||||
int BIO_vprintf(BIO *bio, const char *format, va_list args)
|
||||
__attribute__((__format__(__printf__,2,0)));
|
||||
__bio_h__attr__((__format__(__printf__,2,0)));
|
||||
int BIO_snprintf(char *buf, size_t n, const char *format, ...)
|
||||
__attribute__((__format__(__printf__,3,4)));
|
||||
__bio_h__attr__((__format__(__printf__,3,4)));
|
||||
int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
|
||||
__attribute__((__format__(__printf__,3,0)));
|
||||
__bio_h__attr__((__format__(__printf__,3,0)));
|
||||
#undef __bio_h__attr__
|
||||
|
||||
/* BEGIN ERROR CODES */
|
||||
/* The following lines are auto generated by the script mkerr.pl. Any changes
|
||||
|
2
crypto/dist/openssl/crypto/bio/bss_conn.c
vendored
2
crypto/dist/openssl/crypto/bio/bss_conn.c
vendored
@ -469,7 +469,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
|
||||
break;
|
||||
case BIO_C_DO_STATE_MACHINE:
|
||||
/* use this one to start the connection */
|
||||
if (!(data->state != BIO_CONN_S_OK))
|
||||
if (data->state != BIO_CONN_S_OK)
|
||||
ret=(long)conn_state(b,data);
|
||||
else
|
||||
ret=1;
|
||||
|
3
crypto/dist/openssl/crypto/bio/bss_file.c
vendored
3
crypto/dist/openssl/crypto/bio/bss_file.c
vendored
@ -128,7 +128,10 @@ BIO *BIO_new_file(const char *filename, const char *mode)
|
||||
return(NULL);
|
||||
}
|
||||
if ((ret=BIO_new(BIO_s_file_internal())) == NULL)
|
||||
{
|
||||
fclose(file);
|
||||
return(NULL);
|
||||
}
|
||||
|
||||
BIO_clear_flags(ret,BIO_FLAGS_UPLINK); /* we did fopen -> we disengage UPLINK */
|
||||
BIO_set_fp(ret,file,BIO_CLOSE);
|
||||
|
10
crypto/dist/openssl/crypto/bn/bn.h
vendored
10
crypto/dist/openssl/crypto/bn/bn.h
vendored
@ -412,9 +412,15 @@ int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
|
||||
int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
|
||||
int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
|
||||
int BN_sqr(BIGNUM *r, const BIGNUM *a,BN_CTX *ctx);
|
||||
/* BN_set_negative(): sets sign of a bignum */
|
||||
/** BN_set_negative sets sign of a BIGNUM
|
||||
* \param b pointer to the BIGNUM object
|
||||
* \param n 0 if the BIGNUM b should be positive and a value != 0 otherwise
|
||||
*/
|
||||
void BN_set_negative(BIGNUM *b, int n);
|
||||
/* BN_get_negative(): returns 1 if the bignum is < 0 and 0 otherwise */
|
||||
/** BN_is_negative returns 1 if the BIGNUM is negative
|
||||
* \param a pointer to the BIGNUM object
|
||||
* \return 1 if a < 0 and 0 otherwise
|
||||
*/
|
||||
#define BN_is_negative(a) ((a)->neg != 0)
|
||||
|
||||
int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
|
||||
|
2
crypto/dist/openssl/crypto/dh/dh.h
vendored
2
crypto/dist/openssl/crypto/dh/dh.h
vendored
@ -220,8 +220,8 @@ void ERR_load_DH_strings(void);
|
||||
|
||||
/* Reason codes. */
|
||||
#define DH_R_BAD_GENERATOR 101
|
||||
#define DH_R_NO_PRIVATE_VALUE 100
|
||||
#define DH_R_INVALID_PUBKEY 102
|
||||
#define DH_R_NO_PRIVATE_VALUE 100
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
|
38
crypto/dist/openssl/crypto/dso/dso_win32.c
vendored
38
crypto/dist/openssl/crypto/dso/dso_win32.c
vendored
@ -307,6 +307,7 @@ static struct file_st *win32_splitter(DSO *dso, const char *filename,
|
||||
struct file_st *result = NULL;
|
||||
enum { IN_NODE, IN_DEVICE, IN_FILE } position;
|
||||
const char *start = filename;
|
||||
char last;
|
||||
|
||||
if (!filename)
|
||||
{
|
||||
@ -337,7 +338,8 @@ static struct file_st *win32_splitter(DSO *dso, const char *filename,
|
||||
|
||||
do
|
||||
{
|
||||
switch(filename[0])
|
||||
last = filename[0];
|
||||
switch(last)
|
||||
{
|
||||
case ':':
|
||||
if(position != IN_DEVICE)
|
||||
@ -362,10 +364,19 @@ static struct file_st *win32_splitter(DSO *dso, const char *filename,
|
||||
start = ++filename;
|
||||
result->dir = start;
|
||||
}
|
||||
else if(position == IN_DEVICE)
|
||||
{
|
||||
position = IN_FILE;
|
||||
filename++;
|
||||
result->dir = start;
|
||||
result->dirlen = filename - start;
|
||||
start = filename;
|
||||
}
|
||||
else
|
||||
{
|
||||
filename++;
|
||||
result->dirlen += filename - start;
|
||||
start = filename;
|
||||
}
|
||||
break;
|
||||
case '\0':
|
||||
@ -379,12 +390,19 @@ static struct file_st *win32_splitter(DSO *dso, const char *filename,
|
||||
{
|
||||
if (assume_last_is_dir)
|
||||
{
|
||||
result->devicelen += filename - start;
|
||||
if (position == IN_DEVICE)
|
||||
{
|
||||
result->dir = start;
|
||||
result->dirlen = 0;
|
||||
}
|
||||
result->dirlen +=
|
||||
filename - start;
|
||||
}
|
||||
else
|
||||
{
|
||||
result->file = start;
|
||||
result->filelen = filename - start;
|
||||
result->filelen =
|
||||
filename - start;
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -394,7 +412,7 @@ static struct file_st *win32_splitter(DSO *dso, const char *filename,
|
||||
break;
|
||||
}
|
||||
}
|
||||
while(*filename);
|
||||
while(last);
|
||||
|
||||
if(!result->nodelen) result->node = NULL;
|
||||
if(!result->devicelen) result->device = NULL;
|
||||
@ -482,10 +500,13 @@ static char *win32_joiner(DSO *dso, const struct file_st *file_split)
|
||||
result[offset] = '\\'; offset++;
|
||||
start = end + 1;
|
||||
}
|
||||
#if 0 /* Not needed, since the directory converter above already appeneded
|
||||
a backslash */
|
||||
if(file_split->predir && (file_split->dir || file_split->file))
|
||||
{
|
||||
result[offset] = '\\'; offset++;
|
||||
}
|
||||
#endif
|
||||
start = file_split->dir;
|
||||
while(file_split->dirlen > (start - file_split->dir))
|
||||
{
|
||||
@ -500,10 +521,13 @@ static char *win32_joiner(DSO *dso, const struct file_st *file_split)
|
||||
result[offset] = '\\'; offset++;
|
||||
start = end + 1;
|
||||
}
|
||||
#if 0 /* Not needed, since the directory converter above already appeneded
|
||||
a backslash */
|
||||
if(file_split->dir && file_split->file)
|
||||
{
|
||||
result[offset] = '\\'; offset++;
|
||||
}
|
||||
#endif
|
||||
strncpy(&result[offset], file_split->file,
|
||||
file_split->filelen); offset += file_split->filelen;
|
||||
result[offset] = '\0';
|
||||
@ -546,15 +570,15 @@ static char *win32_merger(DSO *dso, const char *filespec1, const char *filespec2
|
||||
}
|
||||
else
|
||||
{
|
||||
filespec1_split = win32_splitter(dso, filespec1, 1);
|
||||
filespec1_split = win32_splitter(dso, filespec1, 0);
|
||||
if (!filespec1_split)
|
||||
{
|
||||
DSOerr(DSO_F_WIN32_MERGER,
|
||||
ERR_R_MALLOC_FAILURE);
|
||||
return(NULL);
|
||||
}
|
||||
filespec2_split = win32_splitter(dso, filespec2, 0);
|
||||
if (!filespec1_split)
|
||||
filespec2_split = win32_splitter(dso, filespec2, 1);
|
||||
if (!filespec2_split)
|
||||
{
|
||||
DSOerr(DSO_F_WIN32_MERGER,
|
||||
ERR_R_MALLOC_FAILURE);
|
||||
|
2
crypto/dist/openssl/crypto/ec/ec.h
vendored
2
crypto/dist/openssl/crypto/ec/ec.h
vendored
@ -385,6 +385,7 @@ void ERR_load_EC_strings(void);
|
||||
#define EC_F_EC_ASN1_GROUP2PKPARAMETERS 156
|
||||
#define EC_F_EC_ASN1_PARAMETERS2GROUP 157
|
||||
#define EC_F_EC_ASN1_PKPARAMETERS2GROUP 158
|
||||
#define EC_F_EC_EX_DATA_SET_DATA 211
|
||||
#define EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY 208
|
||||
#define EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT 159
|
||||
#define EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE 195
|
||||
@ -428,7 +429,6 @@ void ERR_load_EC_strings(void);
|
||||
#define EC_F_EC_GROUP_GET_ORDER 141
|
||||
#define EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS 193
|
||||
#define EC_F_EC_GROUP_GET_TRINOMIAL_BASIS 194
|
||||
#define EC_F_EC_GROUP_GROUP2NID 147
|
||||
#define EC_F_EC_GROUP_NEW 108
|
||||
#define EC_F_EC_GROUP_NEW_BY_CURVE_NAME 174
|
||||
#define EC_F_EC_GROUP_NEW_FROM_DATA 175
|
||||
|
3
crypto/dist/openssl/crypto/engine/engine.h
vendored
3
crypto/dist/openssl/crypto/engine/engine.h
vendored
@ -637,7 +637,7 @@ typedef struct st_dynamic_fns {
|
||||
* can be fully instantiated with IMPLEMENT_DYNAMIC_CHECK_FN(). */
|
||||
typedef unsigned long (*dynamic_v_check_fn)(unsigned long ossl_version);
|
||||
#define IMPLEMENT_DYNAMIC_CHECK_FN() \
|
||||
unsigned long v_check(unsigned long v) { \
|
||||
OPENSSL_EXPORT unsigned long v_check(unsigned long v) { \
|
||||
if(v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \
|
||||
return 0; }
|
||||
|
||||
@ -659,6 +659,7 @@ typedef unsigned long (*dynamic_v_check_fn)(unsigned long ossl_version);
|
||||
typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id,
|
||||
const dynamic_fns *fns);
|
||||
#define IMPLEMENT_DYNAMIC_BIND_FN(fn) \
|
||||
OPENSSL_EXPORT \
|
||||
int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \
|
||||
if(ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \
|
||||
if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \
|
||||
|
2
crypto/dist/openssl/crypto/err/err.c
vendored
2
crypto/dist/openssl/crypto/err/err.c
vendored
@ -1108,7 +1108,7 @@ int ERR_pop_to_mark(void)
|
||||
{
|
||||
err_clear(es,es->top);
|
||||
es->top-=1;
|
||||
if (es->top == -1) es->top=ERR_NUM_ERRORS;
|
||||
if (es->top == -1) es->top=ERR_NUM_ERRORS-1;
|
||||
}
|
||||
|
||||
if (es->bottom == es->top) return 0;
|
||||
|
2
crypto/dist/openssl/crypto/evp/evp.h
vendored
2
crypto/dist/openssl/crypto/evp/evp.h
vendored
@ -580,6 +580,8 @@ int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n);
|
||||
|
||||
void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a);
|
||||
int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a);
|
||||
EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void);
|
||||
void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *a);
|
||||
int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen);
|
||||
int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad);
|
||||
int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
|
||||
|
5
crypto/dist/openssl/crypto/idea/i_skey.c
vendored
5
crypto/dist/openssl/crypto/idea/i_skey.c
vendored
@ -94,10 +94,11 @@ void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks)
|
||||
}
|
||||
}
|
||||
|
||||
void idea_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk)
|
||||
void idea_set_decrypt_key(const IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk)
|
||||
{
|
||||
int r;
|
||||
register IDEA_INT *fp,*tp,t;
|
||||
register IDEA_INT *tp,t;
|
||||
const IDEA_INT *fp;
|
||||
|
||||
tp= &(dk->data[0][0]);
|
||||
fp= &(ek->data[8][0]);
|
||||
|
2
crypto/dist/openssl/crypto/idea/idea.h
vendored
2
crypto/dist/openssl/crypto/idea/idea.h
vendored
@ -84,7 +84,7 @@ const char *idea_options(void);
|
||||
void idea_ecb_encrypt(const unsigned char *in, unsigned char *out,
|
||||
IDEA_KEY_SCHEDULE *ks);
|
||||
void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks);
|
||||
void idea_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk);
|
||||
void idea_set_decrypt_key(const IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk);
|
||||
void idea_cbc_encrypt(const unsigned char *in, unsigned char *out,
|
||||
long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,int enc);
|
||||
void idea_cfb64_encrypt(const unsigned char *in, unsigned char *out,
|
||||
|
192
crypto/dist/openssl/crypto/objects/obj_dat.c
vendored
192
crypto/dist/openssl/crypto/objects/obj_dat.c
vendored
@ -58,6 +58,7 @@
|
||||
|
||||
#include <stdio.h>
|
||||
#include <ctype.h>
|
||||
#include <limits.h>
|
||||
#include "cryptlib.h"
|
||||
#include <openssl/lhash.h>
|
||||
#include <openssl/asn1.h>
|
||||
@ -413,8 +414,8 @@ ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name)
|
||||
/* Work out size of content octets */
|
||||
i=a2d_ASN1_OBJECT(NULL,0,s,-1);
|
||||
if (i <= 0) {
|
||||
/* Clear the error */
|
||||
ERR_clear_error();
|
||||
/* Don't clear the error */
|
||||
/*ERR_clear_error();*/
|
||||
return NULL;
|
||||
}
|
||||
/* Work out total size */
|
||||
@ -436,66 +437,161 @@ ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name)
|
||||
|
||||
int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
|
||||
{
|
||||
int i,idx=0,n=0,len,nid;
|
||||
int i,n=0,len,nid, first, use_bn;
|
||||
BIGNUM *bl;
|
||||
unsigned long l;
|
||||
unsigned char *p;
|
||||
const char *s;
|
||||
char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2];
|
||||
|
||||
if (buf_len <= 0) return(0);
|
||||
|
||||
if ((a == NULL) || (a->data == NULL)) {
|
||||
buf[0]='\0';
|
||||
return(0);
|
||||
}
|
||||
|
||||
if (no_name || (nid=OBJ_obj2nid(a)) == NID_undef) {
|
||||
len=a->length;
|
||||
p=a->data;
|
||||
|
||||
idx=0;
|
||||
l=0;
|
||||
while (idx < a->length) {
|
||||
l|=(p[idx]&0x7f);
|
||||
if (!(p[idx] & 0x80)) break;
|
||||
l<<=7L;
|
||||
idx++;
|
||||
}
|
||||
idx++;
|
||||
i=(int)(l/40);
|
||||
if (i > 2) i=2;
|
||||
l-=(long)(i*40);
|
||||
|
||||
BIO_snprintf(tbuf,sizeof tbuf,"%d.%lu",i,l);
|
||||
i=strlen(tbuf);
|
||||
BUF_strlcpy(buf,tbuf,buf_len);
|
||||
buf_len-=i;
|
||||
buf+=i;
|
||||
n+=i;
|
||||
|
||||
l=0;
|
||||
for (; idx<len; idx++) {
|
||||
l|=p[idx]&0x7f;
|
||||
if (!(p[idx] & 0x80)) {
|
||||
BIO_snprintf(tbuf,sizeof tbuf,".%lu",l);
|
||||
i=strlen(tbuf);
|
||||
if (buf_len > 0)
|
||||
BUF_strlcpy(buf,tbuf,buf_len);
|
||||
buf_len-=i;
|
||||
buf+=i;
|
||||
n+=i;
|
||||
l=0;
|
||||
}
|
||||
l<<=7L;
|
||||
}
|
||||
} else {
|
||||
if (!no_name && (nid=OBJ_obj2nid(a)) != NID_undef)
|
||||
{
|
||||
const char *s;
|
||||
s=OBJ_nid2ln(nid);
|
||||
if (s == NULL)
|
||||
s=OBJ_nid2sn(nid);
|
||||
BUF_strlcpy(buf,s,buf_len);
|
||||
if (buf)
|
||||
BUF_strlcpy(buf,s,buf_len);
|
||||
n=strlen(s);
|
||||
}
|
||||
return(n);
|
||||
return n;
|
||||
}
|
||||
|
||||
|
||||
len=a->length;
|
||||
p=a->data;
|
||||
|
||||
first = 1;
|
||||
bl = NULL;
|
||||
|
||||
while (len > 0)
|
||||
{
|
||||
l=0;
|
||||
use_bn = 0;
|
||||
for (;;)
|
||||
{
|
||||
unsigned char c = *p++;
|
||||
len--;
|
||||
if ((len == 0) && (c & 0x80))
|
||||
goto err;
|
||||
if (use_bn)
|
||||
{
|
||||
if (!BN_add_word(bl, c & 0x7f))
|
||||
goto err;
|
||||
}
|
||||
else
|
||||
l |= c & 0x7f;
|
||||
if (!(c & 0x80))
|
||||
break;
|
||||
if (!use_bn && (l > (ULONG_MAX >> 7L)))
|
||||
{
|
||||
if (!bl && !(bl = BN_new()))
|
||||
goto err;
|
||||
if (!BN_set_word(bl, l))
|
||||
goto err;
|
||||
use_bn = 1;
|
||||
}
|
||||
if (use_bn)
|
||||
{
|
||||
if (!BN_lshift(bl, bl, 7))
|
||||
goto err;
|
||||
}
|
||||
else
|
||||
l<<=7L;
|
||||
}
|
||||
|
||||
if (first)
|
||||
{
|
||||
first = 0;
|
||||
if (l >= 80)
|
||||
{
|
||||
i = 2;
|
||||
if (use_bn)
|
||||
{
|
||||
if (!BN_sub_word(bl, 80))
|
||||
goto err;
|
||||
}
|
||||
else
|
||||
l -= 80;
|
||||
}
|
||||
else
|
||||
{
|
||||
i=(int)(l/40);
|
||||
l-=(long)(i*40);
|
||||
}
|
||||
if (buf && (buf_len > 0))
|
||||
{
|
||||
*buf++ = i + '0';
|
||||
buf_len--;
|
||||
}
|
||||
n++;
|
||||
}
|
||||
|
||||
if (use_bn)
|
||||
{
|
||||
char *bndec;
|
||||
bndec = BN_bn2dec(bl);
|
||||
if (!bndec)
|
||||
goto err;
|
||||
i = strlen(bndec);
|
||||
if (buf)
|
||||
{
|
||||
if (buf_len > 0)
|
||||
{
|
||||
*buf++ = '.';
|
||||
buf_len--;
|
||||
}
|
||||
BUF_strlcpy(buf,bndec,buf_len);
|
||||
if (i > buf_len)
|
||||
{
|
||||
buf += buf_len;
|
||||
buf_len = 0;
|
||||
}
|
||||
else
|
||||
{
|
||||
buf+=i;
|
||||
buf_len-=i;
|
||||
}
|
||||
}
|
||||
n++;
|
||||
n += i;
|
||||
OPENSSL_free(bndec);
|
||||
}
|
||||
else
|
||||
{
|
||||
BIO_snprintf(tbuf,sizeof tbuf,".%lu",l);
|
||||
i=strlen(tbuf);
|
||||
if (buf && (buf_len > 0))
|
||||
{
|
||||
BUF_strlcpy(buf,tbuf,buf_len);
|
||||
if (i > buf_len)
|
||||
{
|
||||
buf += buf_len;
|
||||
buf_len = 0;
|
||||
}
|
||||
else
|
||||
{
|
||||
buf+=i;
|
||||
buf_len-=i;
|
||||
}
|
||||
}
|
||||
n+=i;
|
||||
l=0;
|
||||
}
|
||||
}
|
||||
|
||||
if (bl)
|
||||
BN_free(bl);
|
||||
return n;
|
||||
|
||||
err:
|
||||
if (bl)
|
||||
BN_free(bl);
|
||||
return -1;
|
||||
}
|
||||
|
||||
int OBJ_txt2nid(const char *s)
|
||||
|
6
crypto/dist/openssl/crypto/opensslv.h
vendored
6
crypto/dist/openssl/crypto/opensslv.h
vendored
@ -25,11 +25,11 @@
|
||||
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
|
||||
* major minor fix final patch/beta)
|
||||
*/
|
||||
#define OPENSSL_VERSION_NUMBER 0x0090801fL
|
||||
#define OPENSSL_VERSION_NUMBER 0x0090802fL
|
||||
#ifdef OPENSSL_FIPS
|
||||
#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8a-fips 11 Oct 2005"
|
||||
#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8b-fips 04 May 2006"
|
||||
#else
|
||||
#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8a 11 Oct 2005"
|
||||
#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8b 04 May 2006"
|
||||
#endif
|
||||
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
|
||||
|
||||
|
6
crypto/dist/openssl/crypto/rc2/rc2speed.c
vendored
6
crypto/dist/openssl/crypto/rc2/rc2speed.c
vendored
@ -105,10 +105,10 @@ OPENSSL_DECLARE_EXIT
|
||||
#ifndef HZ
|
||||
#ifndef CLK_TCK
|
||||
#define HZ 100.0
|
||||
#endif
|
||||
#else /* CLK_TCK */
|
||||
#else /* CLK_TCK */
|
||||
#define HZ ((double)CLK_TCK)
|
||||
#endif
|
||||
#endif /* CLK_TCK */
|
||||
#endif /* HZ */
|
||||
|
||||
#define BUFSIZE ((long)1024)
|
||||
long run=0;
|
||||
|
4
crypto/dist/openssl/crypto/rsa/rsa.h
vendored
4
crypto/dist/openssl/crypto/rsa/rsa.h
vendored
@ -411,17 +411,17 @@ void ERR_load_RSA_strings(void);
|
||||
#define RSA_R_NULL_BEFORE_BLOCK_MISSING 113
|
||||
#define RSA_R_N_DOES_NOT_EQUAL_P_Q 127
|
||||
#define RSA_R_OAEP_DECODING_ERROR 121
|
||||
#define RSA_R_SLEN_RECOVERY_FAILED 135
|
||||
#define RSA_R_PADDING_CHECK_FAILED 114
|
||||
#define RSA_R_P_NOT_PRIME 128
|
||||
#define RSA_R_Q_NOT_PRIME 129
|
||||
#define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130
|
||||
#define RSA_R_SLEN_CHECK_FAILED 136
|
||||
#define RSA_R_SLEN_RECOVERY_FAILED 135
|
||||
#define RSA_R_SSLV3_ROLLBACK_ATTACK 115
|
||||
#define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116
|
||||
#define RSA_R_UNKNOWN_ALGORITHM_TYPE 117
|
||||
#define RSA_R_UNKNOWN_PADDING_TYPE 118
|
||||
#define RSA_R_WRONG_SIGNATURE_LENGTH 119
|
||||
#define RSA_R_SLEN_CHECK_FAILED 136
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
|
2
crypto/dist/openssl/crypto/rsa/rsa_lib.c
vendored
2
crypto/dist/openssl/crypto/rsa/rsa_lib.c
vendored
@ -412,6 +412,8 @@ err:
|
||||
BN_CTX_end(ctx);
|
||||
if (in_ctx == NULL)
|
||||
BN_CTX_free(ctx);
|
||||
if(rsa->e == NULL)
|
||||
BN_free(e);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
2
crypto/dist/openssl/doc/crypto/hmac.pod
vendored
2
crypto/dist/openssl/doc/crypto/hmac.pod
vendored
@ -18,7 +18,7 @@ authentication code
|
||||
void HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len,
|
||||
const EVP_MD *md);
|
||||
void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len,
|
||||
const EVP_MD *md);
|
||||
const EVP_MD *md, ENGINE *impl);
|
||||
void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len);
|
||||
void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
|
||||
|
||||
|
2
crypto/dist/openssl/doc/ssleay.txt
vendored
2
crypto/dist/openssl/doc/ssleay.txt
vendored
@ -4295,7 +4295,7 @@ X-Status:
|
||||
Loading client certs into MSIE 3.01
|
||||
===================================
|
||||
|
||||
This document conatains all the information necessary to succesfully set up
|
||||
This document contains all the information necessary to successfully set up
|
||||
some scripts to issue client certs to Microsoft Internet Explorer. It
|
||||
includes the required knowledge about the model MSIE uses for client
|
||||
certification and includes complete sample scripts ready to play with. The
|
||||
|
7
crypto/dist/openssl/e_os2.h
vendored
7
crypto/dist/openssl/e_os2.h
vendored
@ -84,6 +84,13 @@ extern "C" {
|
||||
|
||||
/* ---------------------- Microsoft operating systems ---------------------- */
|
||||
|
||||
/* Note that MSDOS actually denotes 32-bit environments running on top of
|
||||
MS-DOS, such as DJGPP one. */
|
||||
#if defined(OPENSSL_SYSNAME_MSDOS)
|
||||
# undef OPENSSL_SYS_UNIX
|
||||
# define OPENSSL_SYS_MSDOS
|
||||
#endif
|
||||
|
||||
/* For 32 bit environment, there seems to be the CygWin environment and then
|
||||
all the others that try to do the same thing Microsoft does... */
|
||||
#if defined(OPENSSL_SYSNAME_UWIN)
|
||||
|
2
crypto/dist/openssl/ssl/s23_srvr.c
vendored
2
crypto/dist/openssl/ssl/s23_srvr.c
vendored
@ -140,7 +140,7 @@ IMPLEMENT_ssl23_meth_func(SSLv23_server_method,
|
||||
int ssl23_accept(SSL *s)
|
||||
{
|
||||
BUF_MEM *buf;
|
||||
unsigned long Time=time(NULL);
|
||||
unsigned long Time=(unsigned long)time(NULL);
|
||||
void (*cb)(const SSL *ssl,int type,int val)=NULL;
|
||||
int ret= -1;
|
||||
int new_state,state;
|
||||
|
2
crypto/dist/openssl/ssl/s2_clnt.c
vendored
2
crypto/dist/openssl/ssl/s2_clnt.c
vendored
@ -144,7 +144,7 @@ IMPLEMENT_ssl2_meth_func(SSLv2_client_method,
|
||||
|
||||
int ssl2_connect(SSL *s)
|
||||
{
|
||||
unsigned long l=time(NULL);
|
||||
unsigned long l=(unsigned long)time(NULL);
|
||||
BUF_MEM *buf=NULL;
|
||||
int ret= -1;
|
||||
void (*cb)(const SSL *ssl,int type,int val)=NULL;
|
||||
|
2
crypto/dist/openssl/ssl/s2_srvr.c
vendored
2
crypto/dist/openssl/ssl/s2_srvr.c
vendored
@ -144,7 +144,7 @@ IMPLEMENT_ssl2_meth_func(SSLv2_server_method,
|
||||
|
||||
int ssl2_accept(SSL *s)
|
||||
{
|
||||
unsigned long l=time(NULL);
|
||||
unsigned long l=(unsigned long)time(NULL);
|
||||
BUF_MEM *buf=NULL;
|
||||
int ret= -1;
|
||||
long num1;
|
||||
|
37
crypto/dist/openssl/ssl/s3_clnt.c
vendored
37
crypto/dist/openssl/ssl/s3_clnt.c
vendored
@ -159,7 +159,7 @@ IMPLEMENT_ssl3_meth_func(SSLv3_client_method,
|
||||
int ssl3_connect(SSL *s)
|
||||
{
|
||||
BUF_MEM *buf=NULL;
|
||||
unsigned long Time=time(NULL),l;
|
||||
unsigned long Time=(unsigned long)time(NULL),l;
|
||||
long num1;
|
||||
void (*cb)(const SSL *ssl,int type,int val)=NULL;
|
||||
int ret= -1;
|
||||
@ -541,7 +541,7 @@ int ssl3_client_hello(SSL *s)
|
||||
/* else use the pre-loaded session */
|
||||
|
||||
p=s->s3->client_random;
|
||||
Time=time(NULL); /* Time */
|
||||
Time=(unsigned long)time(NULL); /* Time */
|
||||
l2n(Time,p);
|
||||
if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
|
||||
goto err;
|
||||
@ -1211,12 +1211,12 @@ int ssl3_get_key_exchange(SSL *s)
|
||||
*/
|
||||
|
||||
/* XXX: For now we only support named (not generic) curves
|
||||
* and the ECParameters in this case is just two bytes.
|
||||
* and the ECParameters in this case is just three bytes.
|
||||
*/
|
||||
param_len=2;
|
||||
param_len=3;
|
||||
if ((param_len > n) ||
|
||||
(*p != NAMED_CURVE_TYPE) ||
|
||||
((curve_nid = curve_id2nid(*(p + 1))) == 0))
|
||||
((curve_nid = curve_id2nid(*(p + 2))) == 0))
|
||||
{
|
||||
al=SSL_AD_INTERNAL_ERROR;
|
||||
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
|
||||
@ -1246,7 +1246,7 @@ int ssl3_get_key_exchange(SSL *s)
|
||||
goto f_err;
|
||||
}
|
||||
|
||||
p+=2;
|
||||
p+=3;
|
||||
|
||||
/* Next, get the encoded ECPoint */
|
||||
if (((srvr_ecpoint = EC_POINT_new(group)) == NULL) ||
|
||||
@ -1614,22 +1614,6 @@ int ssl3_get_server_done(SSL *s)
|
||||
}
|
||||
|
||||
|
||||
#ifndef OPENSSL_NO_ECDH
|
||||
static const int KDF1_SHA1_len = 20;
|
||||
static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen)
|
||||
{
|
||||
#ifndef OPENSSL_NO_SHA
|
||||
if (*outlen < SHA_DIGEST_LENGTH)
|
||||
return NULL;
|
||||
else
|
||||
*outlen = SHA_DIGEST_LENGTH;
|
||||
return SHA1(in, inlen, out);
|
||||
#else
|
||||
return NULL;
|
||||
#endif /* OPENSSL_NO_SHA */
|
||||
}
|
||||
#endif /* OPENSSL_NO_ECDH */
|
||||
|
||||
int ssl3_send_client_key_exchange(SSL *s)
|
||||
{
|
||||
unsigned char *p,*d;
|
||||
@ -2027,14 +2011,7 @@ int ssl3_send_client_key_exchange(SSL *s)
|
||||
ERR_R_ECDH_LIB);
|
||||
goto err;
|
||||
}
|
||||
/* If field size is not more than 24 octets, then use SHA-1 hash of result;
|
||||
* otherwise, use result (see section 4.8 of draft-ietf-tls-ecc-03.txt;
|
||||
* this is new with this version of the Internet Draft).
|
||||
*/
|
||||
if (field_size <= 24 * 8)
|
||||
n=ECDH_compute_key(p, KDF1_SHA1_len, srvr_ecpoint, clnt_ecdh, KDF1_SHA1);
|
||||
else
|
||||
n=ECDH_compute_key(p, (field_size+7)/8, srvr_ecpoint, clnt_ecdh, NULL);
|
||||
n=ECDH_compute_key(p, (field_size+7)/8, srvr_ecpoint, clnt_ecdh, NULL);
|
||||
if (n <= 0)
|
||||
{
|
||||
SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
|
||||
|
649
crypto/dist/openssl/ssl/s3_lib.c
vendored
649
crypto/dist/openssl/ssl/s3_lib.c
vendored
@ -901,317 +901,6 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
#ifndef OPENSSL_NO_ECDH
|
||||
/* Cipher 47 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
|
||||
TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
|
||||
SSL_kECDH|SSL_aECDSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP,
|
||||
0,
|
||||
0,
|
||||
0,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher 48 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
|
||||
TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
|
||||
SSL_kECDH|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP,
|
||||
0,
|
||||
128,
|
||||
128,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher 49 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_ECDSA_WITH_DES_CBC_SHA,
|
||||
TLS1_CK_ECDH_ECDSA_WITH_DES_CBC_SHA,
|
||||
SSL_kECDH|SSL_aECDSA|SSL_DES|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP|SSL_LOW,
|
||||
0,
|
||||
56,
|
||||
56,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher 4A */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
|
||||
TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
|
||||
SSL_kECDH|SSL_aECDSA|SSL_3DES|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP|SSL_HIGH,
|
||||
0,
|
||||
168,
|
||||
168,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher 4B */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
|
||||
TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
|
||||
SSL_kECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP|SSL_HIGH,
|
||||
0,
|
||||
128,
|
||||
128,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher 4C */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
|
||||
TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
|
||||
SSL_kECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP|SSL_HIGH,
|
||||
0,
|
||||
256,
|
||||
256,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher 4D */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
|
||||
TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
|
||||
SSL_kECDH|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP,
|
||||
0,
|
||||
0,
|
||||
0,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher 4E */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
|
||||
TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
|
||||
SSL_kECDH|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP,
|
||||
0,
|
||||
128,
|
||||
128,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher 4F */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_RSA_WITH_DES_CBC_SHA,
|
||||
TLS1_CK_ECDH_RSA_WITH_DES_CBC_SHA,
|
||||
SSL_kECDH|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP|SSL_LOW,
|
||||
0,
|
||||
56,
|
||||
56,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher 50 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
|
||||
TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
|
||||
SSL_kECDH|SSL_aRSA|SSL_3DES|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP|SSL_HIGH,
|
||||
0,
|
||||
168,
|
||||
168,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher 51 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
|
||||
TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
|
||||
SSL_kECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP|SSL_HIGH,
|
||||
0,
|
||||
128,
|
||||
128,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher 52 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
|
||||
TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
|
||||
SSL_kECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP|SSL_HIGH,
|
||||
0,
|
||||
256,
|
||||
256,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher 53 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_RSA_EXPORT_WITH_RC4_40_SHA,
|
||||
TLS1_CK_ECDH_RSA_EXPORT_WITH_RC4_40_SHA,
|
||||
SSL_kECDH|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
|
||||
SSL_EXPORT|SSL_EXP40,
|
||||
0,
|
||||
40,
|
||||
128,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher 54 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_RSA_EXPORT_WITH_RC4_56_SHA,
|
||||
TLS1_CK_ECDH_RSA_EXPORT_WITH_RC4_56_SHA,
|
||||
SSL_kECDH|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
|
||||
SSL_EXPORT|SSL_EXP56,
|
||||
0,
|
||||
56,
|
||||
128,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher 55 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
|
||||
TLS1_CK_ECDH_anon_WITH_NULL_SHA,
|
||||
SSL_kECDHE|SSL_aNULL|SSL_eNULL|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP,
|
||||
0,
|
||||
0,
|
||||
0,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher 56 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
|
||||
TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
|
||||
SSL_kECDHE|SSL_aNULL|SSL_RC4|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP,
|
||||
0,
|
||||
128,
|
||||
128,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher 57 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_anon_WITH_DES_CBC_SHA,
|
||||
TLS1_CK_ECDH_anon_WITH_DES_CBC_SHA,
|
||||
SSL_kECDHE|SSL_aNULL|SSL_DES|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP|SSL_LOW,
|
||||
0,
|
||||
56,
|
||||
56,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher 58 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
|
||||
TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
|
||||
SSL_kECDHE|SSL_aNULL|SSL_3DES|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP|SSL_HIGH,
|
||||
0,
|
||||
168,
|
||||
168,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher 59 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_anon_EXPORT_WITH_DES_40_CBC_SHA,
|
||||
TLS1_CK_ECDH_anon_EXPORT_WITH_DES_40_CBC_SHA,
|
||||
SSL_kECDHE|SSL_aNULL|SSL_DES|SSL_SHA|SSL_TLSV1,
|
||||
SSL_EXPORT|SSL_EXP40,
|
||||
0,
|
||||
40,
|
||||
56,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher 5A */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_anon_EXPORT_WITH_RC4_40_SHA,
|
||||
TLS1_CK_ECDH_anon_EXPORT_WITH_RC4_40_SHA,
|
||||
SSL_kECDHE|SSL_aNULL|SSL_RC4|SSL_SHA|SSL_TLSV1,
|
||||
SSL_EXPORT|SSL_EXP40,
|
||||
0,
|
||||
40,
|
||||
128,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
/* Cipher 5B */
|
||||
/* XXX NOTE: The ECC/TLS draft has a bug and reuses 4B for this */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA,
|
||||
TLS1_CK_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA,
|
||||
SSL_kECDH|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
|
||||
SSL_EXPORT|SSL_EXP40,
|
||||
0,
|
||||
40,
|
||||
128,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher 5C */
|
||||
/* XXX NOTE: The ECC/TLS draft has a bug and reuses 4C for this */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA,
|
||||
TLS1_CK_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA,
|
||||
SSL_kECDH|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
|
||||
SSL_EXPORT|SSL_EXP56,
|
||||
0,
|
||||
56,
|
||||
128,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
#endif /* OPENSSL_NO_ECDH */
|
||||
|
||||
#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
|
||||
/* New TLS Export CipherSuites */
|
||||
@ -1307,16 +996,120 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||
SSL_ALL_STRENGTHS
|
||||
},
|
||||
#endif
|
||||
|
||||
#ifndef OPENSSL_NO_ECDH
|
||||
/* Cipher 77 XXX: ECC ciphersuites offering forward secrecy
|
||||
* are not yet specified in the ECC/TLS draft but our code
|
||||
* allows them to be implemented very easily. To add such
|
||||
* a cipher suite, one needs to add two constant definitions
|
||||
* to tls1.h and a new structure in this file as shown below. We
|
||||
* illustrate the process for the made-up cipher
|
||||
* ECDHE-ECDSA-AES128-SHA.
|
||||
*/
|
||||
/* Cipher C001 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
|
||||
TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
|
||||
SSL_kECDH|SSL_aECDSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP,
|
||||
0,
|
||||
0,
|
||||
0,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher C002 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
|
||||
TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
|
||||
SSL_kECDH|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP,
|
||||
0,
|
||||
128,
|
||||
128,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher C003 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
|
||||
TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
|
||||
SSL_kECDH|SSL_aECDSA|SSL_3DES|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP|SSL_HIGH,
|
||||
0,
|
||||
168,
|
||||
168,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher C004 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
|
||||
TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
|
||||
SSL_kECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP|SSL_HIGH,
|
||||
0,
|
||||
128,
|
||||
128,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher C005 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
|
||||
TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
|
||||
SSL_kECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP|SSL_HIGH,
|
||||
0,
|
||||
256,
|
||||
256,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher C006 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
|
||||
TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
|
||||
SSL_kECDHE|SSL_aECDSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP,
|
||||
0,
|
||||
0,
|
||||
0,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher C007 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
|
||||
TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
|
||||
SSL_kECDHE|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP,
|
||||
0,
|
||||
128,
|
||||
128,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher C008 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
|
||||
TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
|
||||
SSL_kECDHE|SSL_aECDSA|SSL_3DES|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP|SSL_HIGH,
|
||||
0,
|
||||
168,
|
||||
168,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher C009 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
|
||||
@ -1330,9 +1123,133 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher 78 XXX: Another made-up ECC cipher suite that
|
||||
* offers forward secrecy (ECDHE-RSA-AES128-SHA).
|
||||
*/
|
||||
/* Cipher C00A */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
|
||||
TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
|
||||
SSL_kECDHE|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP|SSL_HIGH,
|
||||
0,
|
||||
256,
|
||||
256,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher C00B */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
|
||||
TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
|
||||
SSL_kECDH|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP,
|
||||
0,
|
||||
0,
|
||||
0,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher C00C */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
|
||||
TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
|
||||
SSL_kECDH|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP,
|
||||
0,
|
||||
128,
|
||||
128,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher C00D */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
|
||||
TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
|
||||
SSL_kECDH|SSL_aRSA|SSL_3DES|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP|SSL_HIGH,
|
||||
0,
|
||||
168,
|
||||
168,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher C00E */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
|
||||
TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
|
||||
SSL_kECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP|SSL_HIGH,
|
||||
0,
|
||||
128,
|
||||
128,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher C00F */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
|
||||
TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
|
||||
SSL_kECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP|SSL_HIGH,
|
||||
0,
|
||||
256,
|
||||
256,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher C010 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
|
||||
TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
|
||||
SSL_kECDHE|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP,
|
||||
0,
|
||||
0,
|
||||
0,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher C011 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
|
||||
TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
|
||||
SSL_kECDHE|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP,
|
||||
0,
|
||||
128,
|
||||
128,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher C012 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
|
||||
TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
|
||||
SSL_kECDHE|SSL_aRSA|SSL_3DES|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP|SSL_HIGH,
|
||||
0,
|
||||
168,
|
||||
168,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher C013 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
|
||||
@ -1345,7 +1262,91 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
#endif /* !OPENSSL_NO_ECDH */
|
||||
|
||||
/* Cipher C014 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
|
||||
TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
|
||||
SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP|SSL_HIGH,
|
||||
0,
|
||||
256,
|
||||
256,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher C015 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
|
||||
TLS1_CK_ECDH_anon_WITH_NULL_SHA,
|
||||
SSL_kECDHE|SSL_aNULL|SSL_eNULL|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP,
|
||||
0,
|
||||
0,
|
||||
0,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher C016 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
|
||||
TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
|
||||
SSL_kECDHE|SSL_aNULL|SSL_RC4|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP,
|
||||
0,
|
||||
128,
|
||||
128,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher C017 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
|
||||
TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
|
||||
SSL_kECDHE|SSL_aNULL|SSL_3DES|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP|SSL_HIGH,
|
||||
0,
|
||||
168,
|
||||
168,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher C018 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
|
||||
TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
|
||||
SSL_kECDHE|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP|SSL_HIGH,
|
||||
0,
|
||||
128,
|
||||
128,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher C019 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
|
||||
TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
|
||||
SSL_kECDHE|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP|SSL_HIGH,
|
||||
0,
|
||||
256,
|
||||
256,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
#endif /* OPENSSL_NO_ECDH */
|
||||
|
||||
/* end of list */
|
||||
};
|
||||
|
48
crypto/dist/openssl/ssl/s3_srvr.c
vendored
48
crypto/dist/openssl/ssl/s3_srvr.c
vendored
@ -164,7 +164,7 @@ IMPLEMENT_ssl3_meth_func(SSLv3_server_method,
|
||||
int ssl3_accept(SSL *s)
|
||||
{
|
||||
BUF_MEM *buf;
|
||||
unsigned long l,Time=time(NULL);
|
||||
unsigned long l,Time=(unsigned long)time(NULL);
|
||||
void (*cb)(const SSL *ssl,int type,int val)=NULL;
|
||||
long num1;
|
||||
int ret= -1;
|
||||
@ -1038,7 +1038,7 @@ int ssl3_send_server_hello(SSL *s)
|
||||
{
|
||||
buf=(unsigned char *)s->init_buf->data;
|
||||
p=s->s3->server_random;
|
||||
Time=time(NULL); /* Time */
|
||||
Time=(unsigned long)time(NULL); /* Time */
|
||||
l2n(Time,p);
|
||||
if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
|
||||
return -1;
|
||||
@ -1366,11 +1366,11 @@ int ssl3_send_server_key_exchange(SSL *s)
|
||||
|
||||
/* XXX: For now, we only support named (not
|
||||
* generic) curves in ECDH ephemeral key exchanges.
|
||||
* In this situation, we need three additional bytes
|
||||
* In this situation, we need four additional bytes
|
||||
* to encode the entire ServerECDHParams
|
||||
* structure.
|
||||
*/
|
||||
n = 3 + encodedlen;
|
||||
n = 4 + encodedlen;
|
||||
|
||||
/* We'll generate the serverKeyExchange message
|
||||
* explicitly so we can set these to NULLs
|
||||
@ -1378,6 +1378,7 @@ int ssl3_send_server_key_exchange(SSL *s)
|
||||
r[0]=NULL;
|
||||
r[1]=NULL;
|
||||
r[2]=NULL;
|
||||
r[3]=NULL;
|
||||
}
|
||||
else
|
||||
#endif /* !OPENSSL_NO_ECDH */
|
||||
@ -1428,12 +1429,14 @@ int ssl3_send_server_key_exchange(SSL *s)
|
||||
{
|
||||
/* XXX: For now, we only support named (not generic) curves.
|
||||
* In this situation, the serverKeyExchange message has:
|
||||
* [1 byte CurveType], [1 byte CurveName]
|
||||
* [1 byte CurveType], [2 byte CurveName]
|
||||
* [1 byte length of encoded point], followed by
|
||||
* the actual encoded point itself
|
||||
*/
|
||||
*p = NAMED_CURVE_TYPE;
|
||||
p += 1;
|
||||
*p = 0;
|
||||
p += 1;
|
||||
*p = curve_id;
|
||||
p += 1;
|
||||
*p = encodedlen;
|
||||
@ -1637,23 +1640,6 @@ err:
|
||||
return(-1);
|
||||
}
|
||||
|
||||
|
||||
#ifndef OPENSSL_NO_ECDH
|
||||
static const int KDF1_SHA1_len = 20;
|
||||
static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen)
|
||||
{
|
||||
#ifndef OPENSSL_NO_SHA
|
||||
if (*outlen < SHA_DIGEST_LENGTH)
|
||||
return NULL;
|
||||
else
|
||||
*outlen = SHA_DIGEST_LENGTH;
|
||||
return SHA1(in, inlen, out);
|
||||
#else
|
||||
return NULL;
|
||||
#endif /* OPENSSL_NO_SHA */
|
||||
}
|
||||
#endif /* OPENSSL_NO_ECDH */
|
||||
|
||||
int ssl3_get_client_key_exchange(SSL *s)
|
||||
{
|
||||
int i,al,ok;
|
||||
@ -2116,8 +2102,13 @@ int ssl3_get_client_key_exchange(SSL *s)
|
||||
goto f_err;
|
||||
}
|
||||
|
||||
EC_POINT_copy(clnt_ecpoint,
|
||||
EC_KEY_get0_public_key(clnt_pub_pkey->pkey.ec));
|
||||
if (EC_POINT_copy(clnt_ecpoint,
|
||||
EC_KEY_get0_public_key(clnt_pub_pkey->pkey.ec)) == 0)
|
||||
{
|
||||
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
|
||||
ERR_R_EC_LIB);
|
||||
goto err;
|
||||
}
|
||||
ret = 2; /* Skip certificate verify processing */
|
||||
}
|
||||
else
|
||||
@ -2156,14 +2147,7 @@ int ssl3_get_client_key_exchange(SSL *s)
|
||||
ERR_R_ECDH_LIB);
|
||||
goto err;
|
||||
}
|
||||
/* If field size is not more than 24 octets, then use SHA-1 hash of result;
|
||||
* otherwise, use result (see section 4.8 of draft-ietf-tls-ecc-03.txt;
|
||||
* this is new with this version of the Internet Draft).
|
||||
*/
|
||||
if (field_size <= 24 * 8)
|
||||
i = ECDH_compute_key(p, KDF1_SHA1_len, clnt_ecpoint, srvr_ecdh, KDF1_SHA1);
|
||||
else
|
||||
i = ECDH_compute_key(p, (field_size+7)/8, clnt_ecpoint, srvr_ecdh, NULL);
|
||||
i = ECDH_compute_key(p, (field_size+7)/8, clnt_ecpoint, srvr_ecdh, NULL);
|
||||
if (i <= 0)
|
||||
{
|
||||
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
|
||||
|
132
crypto/dist/openssl/ssl/ssl.h
vendored
132
crypto/dist/openssl/ssl/ssl.h
vendored
@ -1543,35 +1543,35 @@ void ERR_load_SSL_strings(void);
|
||||
|
||||
/* Function codes. */
|
||||
#define SSL_F_CLIENT_CERTIFICATE 100
|
||||
#define SSL_F_CLIENT_FINISHED 238
|
||||
#define SSL_F_CLIENT_FINISHED 167
|
||||
#define SSL_F_CLIENT_HELLO 101
|
||||
#define SSL_F_CLIENT_MASTER_KEY 102
|
||||
#define SSL_F_D2I_SSL_SESSION 103
|
||||
#define SSL_F_DO_DTLS1_WRITE 1003
|
||||
#define SSL_F_DO_DTLS1_WRITE 245
|
||||
#define SSL_F_DO_SSL3_WRITE 104
|
||||
#define SSL_F_DTLS1_ACCEPT 1004
|
||||
#define SSL_F_DTLS1_BUFFER_RECORD 1005
|
||||
#define SSL_F_DTLS1_CLIENT_HELLO 1006
|
||||
#define SSL_F_DTLS1_CONNECT 1007
|
||||
#define SSL_F_DTLS1_ENC 1008
|
||||
#define SSL_F_DTLS1_GET_HELLO_VERIFY 1009
|
||||
#define SSL_F_DTLS1_GET_MESSAGE 1010
|
||||
#define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT 1011
|
||||
#define SSL_F_DTLS1_GET_RECORD 1012
|
||||
#define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 1013
|
||||
#define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 1014
|
||||
#define SSL_F_DTLS1_PROCESS_RECORD 1015
|
||||
#define SSL_F_DTLS1_READ_BYTES 1016
|
||||
#define SSL_F_DTLS1_READ_FAILED 1001
|
||||
#define SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST 1017
|
||||
#define SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE 1018
|
||||
#define SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE 1019
|
||||
#define SSL_F_DTLS1_SEND_CLIENT_VERIFY 1020
|
||||
#define SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST 1002
|
||||
#define SSL_F_DTLS1_SEND_SERVER_CERTIFICATE 1021
|
||||
#define SSL_F_DTLS1_SEND_SERVER_HELLO 1022
|
||||
#define SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE 1023
|
||||
#define SSL_F_DTLS1_WRITE_APP_DATA_BYTES 1024
|
||||
#define SSL_F_DTLS1_ACCEPT 246
|
||||
#define SSL_F_DTLS1_BUFFER_RECORD 247
|
||||
#define SSL_F_DTLS1_CLIENT_HELLO 248
|
||||
#define SSL_F_DTLS1_CONNECT 249
|
||||
#define SSL_F_DTLS1_ENC 250
|
||||
#define SSL_F_DTLS1_GET_HELLO_VERIFY 251
|
||||
#define SSL_F_DTLS1_GET_MESSAGE 252
|
||||
#define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT 253
|
||||
#define SSL_F_DTLS1_GET_RECORD 254
|
||||
#define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255
|
||||
#define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256
|
||||
#define SSL_F_DTLS1_PROCESS_RECORD 257
|
||||
#define SSL_F_DTLS1_READ_BYTES 258
|
||||
#define SSL_F_DTLS1_READ_FAILED 259
|
||||
#define SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST 260
|
||||
#define SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE 261
|
||||
#define SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE 262
|
||||
#define SSL_F_DTLS1_SEND_CLIENT_VERIFY 263
|
||||
#define SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST 264
|
||||
#define SSL_F_DTLS1_SEND_SERVER_CERTIFICATE 265
|
||||
#define SSL_F_DTLS1_SEND_SERVER_HELLO 266
|
||||
#define SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE 267
|
||||
#define SSL_F_DTLS1_WRITE_APP_DATA_BYTES 268
|
||||
#define SSL_F_GET_CLIENT_FINISHED 105
|
||||
#define SSL_F_GET_CLIENT_HELLO 106
|
||||
#define SSL_F_GET_CLIENT_MASTER_KEY 107
|
||||
@ -1655,7 +1655,7 @@ void ERR_load_SSL_strings(void);
|
||||
#define SSL_F_SSL_CTRL 232
|
||||
#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168
|
||||
#define SSL_F_SSL_CTX_NEW 169
|
||||
#define SSL_F_SSL_CTX_SET_CIPHER_LIST 1026
|
||||
#define SSL_F_SSL_CTX_SET_CIPHER_LIST 269
|
||||
#define SSL_F_SSL_CTX_SET_PURPOSE 226
|
||||
#define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219
|
||||
#define SSL_F_SSL_CTX_SET_SSL_VERSION 170
|
||||
@ -1678,7 +1678,7 @@ void ERR_load_SSL_strings(void);
|
||||
#define SSL_F_SSL_INIT_WBIO_BUFFER 184
|
||||
#define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185
|
||||
#define SSL_F_SSL_NEW 186
|
||||
#define SSL_F_SSL_PEEK 1025
|
||||
#define SSL_F_SSL_PEEK 270
|
||||
#define SSL_F_SSL_READ 223
|
||||
#define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187
|
||||
#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188
|
||||
@ -1686,7 +1686,7 @@ void ERR_load_SSL_strings(void);
|
||||
#define SSL_F_SSL_SESSION_PRINT_FP 190
|
||||
#define SSL_F_SSL_SESS_CERT_NEW 225
|
||||
#define SSL_F_SSL_SET_CERT 191
|
||||
#define SSL_F_SSL_SET_CIPHER_LIST 1027
|
||||
#define SSL_F_SSL_SET_CIPHER_LIST 271
|
||||
#define SSL_F_SSL_SET_FD 192
|
||||
#define SSL_F_SSL_SET_PKEY 193
|
||||
#define SSL_F_SSL_SET_PURPOSE 227
|
||||
@ -1729,9 +1729,9 @@ void ERR_load_SSL_strings(void);
|
||||
#define SSL_R_BAD_DH_P_LENGTH 110
|
||||
#define SSL_R_BAD_DIGEST_LENGTH 111
|
||||
#define SSL_R_BAD_DSA_SIGNATURE 112
|
||||
#define SSL_R_BAD_ECC_CERT 1117
|
||||
#define SSL_R_BAD_ECDSA_SIGNATURE 1112
|
||||
#define SSL_R_BAD_ECPOINT 1113
|
||||
#define SSL_R_BAD_ECC_CERT 304
|
||||
#define SSL_R_BAD_ECDSA_SIGNATURE 305
|
||||
#define SSL_R_BAD_ECPOINT 306
|
||||
#define SSL_R_BAD_HELLO_REQUEST 105
|
||||
#define SSL_R_BAD_LENGTH 271
|
||||
#define SSL_R_BAD_MAC_DECODE 113
|
||||
@ -1763,50 +1763,49 @@ void ERR_load_SSL_strings(void);
|
||||
#define SSL_R_CIPHER_TABLE_SRC_ERROR 139
|
||||
#define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140
|
||||
#define SSL_R_COMPRESSION_FAILURE 141
|
||||
#define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 1120
|
||||
#define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 307
|
||||
#define SSL_R_COMPRESSION_LIBRARY_ERROR 142
|
||||
#define SSL_R_CONNECTION_ID_IS_DIFFERENT 143
|
||||
#define SSL_R_CONNECTION_TYPE_NOT_SET 144
|
||||
#define SSL_R_COOKIE_MISMATCH 2002
|
||||
#define SSL_R_COOKIE_MISMATCH 308
|
||||
#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145
|
||||
#define SSL_R_DATA_LENGTH_TOO_LONG 146
|
||||
#define SSL_R_DECRYPTION_FAILED 147
|
||||
#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 1109
|
||||
#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281
|
||||
#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148
|
||||
#define SSL_R_DIGEST_CHECK_FAILED 149
|
||||
#define SSL_R_DUPLICATE_COMPRESSION_ID 1121
|
||||
#define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 1119
|
||||
#define SSL_R_DUPLICATE_COMPRESSION_ID 309
|
||||
#define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 310
|
||||
#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150
|
||||
#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 1092
|
||||
#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282
|
||||
#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151
|
||||
#define SSL_R_EXCESSIVE_MESSAGE_SIZE 152
|
||||
#define SSL_R_EXTRA_DATA_IN_MESSAGE 153
|
||||
#define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154
|
||||
#define SSL_R_HTTPS_PROXY_REQUEST 155
|
||||
#define SSL_R_HTTP_REQUEST 156
|
||||
#define SSL_R_ILLEGAL_PADDING 1110
|
||||
#define SSL_R_ILLEGAL_PADDING 283
|
||||
#define SSL_R_INVALID_CHALLENGE_LENGTH 158
|
||||
#define SSL_R_INVALID_COMMAND 280
|
||||
#define SSL_R_INVALID_PURPOSE 278
|
||||
#define SSL_R_INVALID_TRUST 279
|
||||
#define SSL_R_KEY_ARG_TOO_LONG 1112
|
||||
#define SSL_R_KRB5 1104
|
||||
#define SSL_R_KRB5_C_CC_PRINC 1094
|
||||
#define SSL_R_KRB5_C_GET_CRED 1095
|
||||
#define SSL_R_KRB5_C_INIT 1096
|
||||
#define SSL_R_KRB5_C_MK_REQ 1097
|
||||
#define SSL_R_KRB5_S_BAD_TICKET 1098
|
||||
#define SSL_R_KRB5_S_INIT 1099
|
||||
#define SSL_R_KRB5_S_RD_REQ 1108
|
||||
#define SSL_R_KRB5_S_TKT_EXPIRED 1105
|
||||
#define SSL_R_KRB5_S_TKT_NYV 1106
|
||||
#define SSL_R_KRB5_S_TKT_SKEW 1107
|
||||
#define SSL_R_KEY_ARG_TOO_LONG 284
|
||||
#define SSL_R_KRB5 285
|
||||
#define SSL_R_KRB5_C_CC_PRINC 286
|
||||
#define SSL_R_KRB5_C_GET_CRED 287
|
||||
#define SSL_R_KRB5_C_INIT 288
|
||||
#define SSL_R_KRB5_C_MK_REQ 289
|
||||
#define SSL_R_KRB5_S_BAD_TICKET 290
|
||||
#define SSL_R_KRB5_S_INIT 291
|
||||
#define SSL_R_KRB5_S_RD_REQ 292
|
||||
#define SSL_R_KRB5_S_TKT_EXPIRED 293
|
||||
#define SSL_R_KRB5_S_TKT_NYV 294
|
||||
#define SSL_R_KRB5_S_TKT_SKEW 295
|
||||
#define SSL_R_LENGTH_MISMATCH 159
|
||||
#define SSL_R_LENGTH_TOO_SHORT 160
|
||||
#define SSL_R_LIBRARY_BUG 274
|
||||
#define SSL_R_LIBRARY_HAS_NO_CIPHERS 161
|
||||
#define SSL_R_MASTER_KEY_TOO_LONG 1112
|
||||
#define SSL_R_MESSAGE_TOO_LONG 1111
|
||||
#define SSL_R_MESSAGE_TOO_LONG 296
|
||||
#define SSL_R_MISSING_DH_DSA_CERT 162
|
||||
#define SSL_R_MISSING_DH_KEY 163
|
||||
#define SSL_R_MISSING_DH_RSA_CERT 164
|
||||
@ -1817,7 +1816,7 @@ void ERR_load_SSL_strings(void);
|
||||
#define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169
|
||||
#define SSL_R_MISSING_RSA_SIGNING_CERT 170
|
||||
#define SSL_R_MISSING_TMP_DH_KEY 171
|
||||
#define SSL_R_MISSING_TMP_ECDH_KEY 1114
|
||||
#define SSL_R_MISSING_TMP_ECDH_KEY 311
|
||||
#define SSL_R_MISSING_TMP_RSA_KEY 172
|
||||
#define SSL_R_MISSING_TMP_RSA_PKEY 173
|
||||
#define SSL_R_MISSING_VERIFY_MESSAGE 174
|
||||
@ -1844,6 +1843,7 @@ void ERR_load_SSL_strings(void);
|
||||
#define SSL_R_NULL_SSL_CTX 195
|
||||
#define SSL_R_NULL_SSL_METHOD_PASSED 196
|
||||
#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197
|
||||
#define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 297
|
||||
#define SSL_R_PACKET_LENGTH_TOO_LONG 198
|
||||
#define SSL_R_PATH_TOO_LONG 270
|
||||
#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199
|
||||
@ -1859,11 +1859,11 @@ void ERR_load_SSL_strings(void);
|
||||
#define SSL_R_PUBLIC_KEY_IS_NOT_RSA 209
|
||||
#define SSL_R_PUBLIC_KEY_NOT_RSA 210
|
||||
#define SSL_R_READ_BIO_NOT_SET 211
|
||||
#define SSL_R_READ_TIMEOUT_EXPIRED 2001
|
||||
#define SSL_R_READ_TIMEOUT_EXPIRED 312
|
||||
#define SSL_R_READ_WRONG_PACKET_TYPE 212
|
||||
#define SSL_R_RECORD_LENGTH_MISMATCH 213
|
||||
#define SSL_R_RECORD_TOO_LARGE 214
|
||||
#define SSL_R_RECORD_TOO_SMALL 1093
|
||||
#define SSL_R_RECORD_TOO_SMALL 298
|
||||
#define SSL_R_REQUIRED_CIPHER_MISSING 215
|
||||
#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216
|
||||
#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217
|
||||
@ -1872,8 +1872,8 @@ void ERR_load_SSL_strings(void);
|
||||
#define SSL_R_SHORT_READ 219
|
||||
#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220
|
||||
#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221
|
||||
#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 1114
|
||||
#define SSL_R_SSL3_SESSION_ID_TOO_LONG 1113
|
||||
#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 299
|
||||
#define SSL_R_SSL3_SESSION_ID_TOO_LONG 300
|
||||
#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222
|
||||
#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
|
||||
#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
|
||||
@ -1884,20 +1884,15 @@ void ERR_load_SSL_strings(void);
|
||||
#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040
|
||||
#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047
|
||||
#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041
|
||||
#define SSL_R_SSLV3_ALERT_PEER_ERROR_CERTIFICATE 223
|
||||
#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CERTIFICATE 224
|
||||
#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CIPHER 225
|
||||
#define SSL_R_SSLV3_ALERT_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 226
|
||||
#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010
|
||||
#define SSL_R_SSLV3_ALERT_UNKNOWN_REMOTE_ERROR_TYPE 227
|
||||
#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043
|
||||
#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228
|
||||
#define SSL_R_SSL_HANDSHAKE_FAILURE 229
|
||||
#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230
|
||||
#define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 1102
|
||||
#define SSL_R_SSL_SESSION_ID_CONFLICT 1103
|
||||
#define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 301
|
||||
#define SSL_R_SSL_SESSION_ID_CONFLICT 302
|
||||
#define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273
|
||||
#define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 1101
|
||||
#define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 303
|
||||
#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 231
|
||||
#define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049
|
||||
#define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050
|
||||
@ -1916,10 +1911,10 @@ void ERR_load_SSL_strings(void);
|
||||
#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234
|
||||
#define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235
|
||||
#define SSL_R_UNABLE_TO_DECODE_DH_CERTS 236
|
||||
#define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS 1115
|
||||
#define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS 313
|
||||
#define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY 237
|
||||
#define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 238
|
||||
#define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 1116
|
||||
#define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 314
|
||||
#define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239
|
||||
#define SSL_R_UNABLE_TO_FIND_SSL_METHOD 240
|
||||
#define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES 241
|
||||
@ -1940,8 +1935,7 @@ void ERR_load_SSL_strings(void);
|
||||
#define SSL_R_UNKNOWN_STATE 255
|
||||
#define SSL_R_UNSUPPORTED_CIPHER 256
|
||||
#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257
|
||||
#define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 1118
|
||||
#define SSL_R_UNSUPPORTED_OPTION 1091
|
||||
#define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 315
|
||||
#define SSL_R_UNSUPPORTED_PROTOCOL 258
|
||||
#define SSL_R_UNSUPPORTED_SSL_VERSION 259
|
||||
#define SSL_R_WRITE_BIO_NOT_SET 260
|
||||
|
2
crypto/dist/openssl/ssl/ssl_asn1.c
vendored
2
crypto/dist/openssl/ssl/ssl_asn1.c
vendored
@ -344,7 +344,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
|
||||
OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
|
||||
}
|
||||
else
|
||||
ret->time=time(NULL);
|
||||
ret->time=(unsigned long)time(NULL);
|
||||
|
||||
ai.length=0;
|
||||
M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,2);
|
||||
|
2
crypto/dist/openssl/ssl/ssl_cert.c
vendored
2
crypto/dist/openssl/ssl/ssl_cert.c
vendored
@ -296,7 +296,7 @@ CERT *ssl_cert_dup(CERT *cert)
|
||||
|
||||
return(ret);
|
||||
|
||||
#ifndef OPENSSL_NO_DH /* avoid 'unreferenced label' warning if OPENSSL_NO_DH is defined */
|
||||
#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH)
|
||||
err:
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
|
25
crypto/dist/openssl/ssl/ssl_ciph.c
vendored
25
crypto/dist/openssl/ssl/ssl_ciph.c
vendored
@ -482,7 +482,8 @@ static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list,
|
||||
*ca_curr = NULL; /* end of list */
|
||||
}
|
||||
|
||||
static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask,
|
||||
static void ssl_cipher_apply_rule(unsigned long cipher_id,
|
||||
unsigned long algorithms, unsigned long mask,
|
||||
unsigned long algo_strength, unsigned long mask_strength,
|
||||
int rule, int strength_bits, CIPHER_ORDER *co_list,
|
||||
CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
|
||||
@ -508,11 +509,19 @@ static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask,
|
||||
|
||||
cp = curr->cipher;
|
||||
|
||||
/* If explicit cipher suite match that one only */
|
||||
|
||||
if (cipher_id)
|
||||
{
|
||||
if (cp->id != cipher_id)
|
||||
continue;
|
||||
}
|
||||
|
||||
/*
|
||||
* Selection criteria is either the number of strength_bits
|
||||
* or the algorithm used.
|
||||
*/
|
||||
if (strength_bits == -1)
|
||||
else if (strength_bits == -1)
|
||||
{
|
||||
ma = mask & cp->algorithms;
|
||||
ma_s = mask_strength & cp->algo_strength;
|
||||
@ -625,7 +634,7 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER *co_list,
|
||||
*/
|
||||
for (i = max_strength_bits; i >= 0; i--)
|
||||
if (number_uses[i] > 0)
|
||||
ssl_cipher_apply_rule(0, 0, 0, 0, CIPHER_ORD, i,
|
||||
ssl_cipher_apply_rule(0, 0, 0, 0, 0, CIPHER_ORD, i,
|
||||
co_list, head_p, tail_p);
|
||||
|
||||
OPENSSL_free(number_uses);
|
||||
@ -639,6 +648,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
|
||||
unsigned long algorithms, mask, algo_strength, mask_strength;
|
||||
const char *l, *start, *buf;
|
||||
int j, multi, found, rule, retval, ok, buflen;
|
||||
unsigned long cipher_id;
|
||||
char ch;
|
||||
|
||||
retval = 1;
|
||||
@ -728,6 +738,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
|
||||
* use strcmp(), because buf is not '\0' terminated.)
|
||||
*/
|
||||
j = found = 0;
|
||||
cipher_id = 0;
|
||||
while (ca_list[j])
|
||||
{
|
||||
if (!strncmp(buf, ca_list[j]->name, buflen) &&
|
||||
@ -742,6 +753,12 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
|
||||
if (!found)
|
||||
break; /* ignore this entry */
|
||||
|
||||
if (ca_list[j]->valid)
|
||||
{
|
||||
cipher_id = ca_list[j]->id;
|
||||
break;
|
||||
}
|
||||
|
||||
/* New algorithms:
|
||||
* 1 - any old restrictions apply outside new mask
|
||||
* 2 - any new restrictions apply outside old mask
|
||||
@ -785,7 +802,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
|
||||
}
|
||||
else if (found)
|
||||
{
|
||||
ssl_cipher_apply_rule(algorithms, mask,
|
||||
ssl_cipher_apply_rule(cipher_id, algorithms, mask,
|
||||
algo_strength, mask_strength, rule, -1,
|
||||
co_list, head_p, tail_p);
|
||||
}
|
||||
|
10
crypto/dist/openssl/ssl/ssl_err.c
vendored
10
crypto/dist/openssl/ssl/ssl_err.c
vendored
@ -204,7 +204,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
|
||||
{ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_CERT), "SSL_GET_SERVER_SEND_CERT"},
|
||||
{ERR_FUNC(SSL_F_SSL_GET_SIGN_PKEY), "SSL_GET_SIGN_PKEY"},
|
||||
{ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER), "SSL_INIT_WBIO_BUFFER"},
|
||||
{ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_load_client_CA_file"},
|
||||
{ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_LOAD_CLIENT_CA_FILE"},
|
||||
{ERR_FUNC(SSL_F_SSL_NEW), "SSL_new"},
|
||||
{ERR_FUNC(SSL_F_SSL_PEEK), "SSL_peek"},
|
||||
{ERR_FUNC(SSL_F_SSL_READ), "SSL_read"},
|
||||
@ -336,7 +336,6 @@ static ERR_STRING_DATA SSL_str_reasons[]=
|
||||
{ERR_REASON(SSL_R_LENGTH_TOO_SHORT) ,"length too short"},
|
||||
{ERR_REASON(SSL_R_LIBRARY_BUG) ,"library bug"},
|
||||
{ERR_REASON(SSL_R_LIBRARY_HAS_NO_CIPHERS),"library has no ciphers"},
|
||||
{ERR_REASON(SSL_R_MASTER_KEY_TOO_LONG) ,"master key too long"},
|
||||
{ERR_REASON(SSL_R_MESSAGE_TOO_LONG) ,"message too long"},
|
||||
{ERR_REASON(SSL_R_MISSING_DH_DSA_CERT) ,"missing dh dsa cert"},
|
||||
{ERR_REASON(SSL_R_MISSING_DH_KEY) ,"missing dh key"},
|
||||
@ -375,6 +374,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
|
||||
{ERR_REASON(SSL_R_NULL_SSL_CTX) ,"null ssl ctx"},
|
||||
{ERR_REASON(SSL_R_NULL_SSL_METHOD_PASSED),"null ssl method passed"},
|
||||
{ERR_REASON(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED),"old session cipher not returned"},
|
||||
{ERR_REASON(SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE),"only tls allowed in fips mode"},
|
||||
{ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG),"packet length too long"},
|
||||
{ERR_REASON(SSL_R_PATH_TOO_LONG) ,"path too long"},
|
||||
{ERR_REASON(SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE),"peer did not return a certificate"},
|
||||
@ -415,12 +415,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
|
||||
{ERR_REASON(SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE),"sslv3 alert handshake failure"},
|
||||
{ERR_REASON(SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER),"sslv3 alert illegal parameter"},
|
||||
{ERR_REASON(SSL_R_SSLV3_ALERT_NO_CERTIFICATE),"sslv3 alert no certificate"},
|
||||
{ERR_REASON(SSL_R_SSLV3_ALERT_PEER_ERROR_CERTIFICATE),"sslv3 alert peer error certificate"},
|
||||
{ERR_REASON(SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CERTIFICATE),"sslv3 alert peer error no certificate"},
|
||||
{ERR_REASON(SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CIPHER),"sslv3 alert peer error no cipher"},
|
||||
{ERR_REASON(SSL_R_SSLV3_ALERT_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE),"sslv3 alert peer error unsupported certificate type"},
|
||||
{ERR_REASON(SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE),"sslv3 alert unexpected message"},
|
||||
{ERR_REASON(SSL_R_SSLV3_ALERT_UNKNOWN_REMOTE_ERROR_TYPE),"sslv3 alert unknown remote error type"},
|
||||
{ERR_REASON(SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE),"sslv3 alert unsupported certificate"},
|
||||
{ERR_REASON(SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION),"ssl ctx has no default ssl version"},
|
||||
{ERR_REASON(SSL_R_SSL_HANDSHAKE_FAILURE) ,"ssl handshake failure"},
|
||||
@ -472,7 +467,6 @@ static ERR_STRING_DATA SSL_str_reasons[]=
|
||||
{ERR_REASON(SSL_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"},
|
||||
{ERR_REASON(SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM),"unsupported compression algorithm"},
|
||||
{ERR_REASON(SSL_R_UNSUPPORTED_ELLIPTIC_CURVE),"unsupported elliptic curve"},
|
||||
{ERR_REASON(SSL_R_UNSUPPORTED_OPTION) ,"unsupported option"},
|
||||
{ERR_REASON(SSL_R_UNSUPPORTED_PROTOCOL) ,"unsupported protocol"},
|
||||
{ERR_REASON(SSL_R_UNSUPPORTED_SSL_VERSION),"unsupported ssl version"},
|
||||
{ERR_REASON(SSL_R_WRITE_BIO_NOT_SET) ,"write bio not set"},
|
||||
|
4
crypto/dist/openssl/ssl/ssl_sess.c
vendored
4
crypto/dist/openssl/ssl/ssl_sess.c
vendored
@ -118,7 +118,7 @@ SSL_SESSION *SSL_SESSION_new(void)
|
||||
ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */
|
||||
ss->references=1;
|
||||
ss->timeout=60*5+4; /* 5 minute timeout by default */
|
||||
ss->time=time(NULL);
|
||||
ss->time=(unsigned long)time(NULL);
|
||||
ss->prev=NULL;
|
||||
ss->next=NULL;
|
||||
ss->compress_meth=0;
|
||||
@ -389,7 +389,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len)
|
||||
CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
|
||||
#endif
|
||||
|
||||
if ((long)(ret->time+ret->timeout) < (long)time(NULL)) /* timeout */
|
||||
if (ret->timeout < (long)(time(NULL) - ret->time)) /* timeout */
|
||||
{
|
||||
s->ctx->stats.sess_timeout++;
|
||||
/* remove it from the cache */
|
||||
|
10
crypto/dist/openssl/ssl/ssltest.c
vendored
10
crypto/dist/openssl/ssl/ssltest.c
vendored
@ -2234,6 +2234,7 @@ static DH *get_dh1024dsa()
|
||||
dh->length = 160;
|
||||
return(dh);
|
||||
}
|
||||
#endif
|
||||
|
||||
static int do_test_cipherlist(void)
|
||||
{
|
||||
@ -2241,6 +2242,7 @@ static int do_test_cipherlist(void)
|
||||
const SSL_METHOD *meth;
|
||||
SSL_CIPHER *ci, *tci = NULL;
|
||||
|
||||
#ifndef OPENSSL_NO_SSL2
|
||||
fprintf(stderr, "testing SSLv2 cipher list order: ");
|
||||
meth = SSLv2_method();
|
||||
while ((ci = meth->get_cipher(i++)) != NULL)
|
||||
@ -2254,7 +2256,8 @@ static int do_test_cipherlist(void)
|
||||
tci = ci;
|
||||
}
|
||||
fprintf(stderr, "ok\n");
|
||||
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_SSL3
|
||||
fprintf(stderr, "testing SSLv3 cipher list order: ");
|
||||
meth = SSLv3_method();
|
||||
tci = NULL;
|
||||
@ -2269,7 +2272,8 @@ static int do_test_cipherlist(void)
|
||||
tci = ci;
|
||||
}
|
||||
fprintf(stderr, "ok\n");
|
||||
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_TLS1
|
||||
fprintf(stderr, "testing TLSv1 cipher list order: ");
|
||||
meth = TLSv1_method();
|
||||
tci = NULL;
|
||||
@ -2284,7 +2288,7 @@ static int do_test_cipherlist(void)
|
||||
tci = ci;
|
||||
}
|
||||
fprintf(stderr, "ok\n");
|
||||
#endif
|
||||
|
||||
return 1;
|
||||
}
|
||||
#endif
|
||||
|
58
crypto/dist/openssl/util/mkdef.pl
vendored
58
crypto/dist/openssl/util/mkdef.pl
vendored
@ -145,6 +145,8 @@ foreach (@ARGV, split(/ /, $options))
|
||||
$do_crypto=1;
|
||||
$libname=$_;
|
||||
}
|
||||
$no_static_engine=1 if $_ eq "no-static-engine";
|
||||
$no_static_engine=0 if $_ eq "enable-static-engine";
|
||||
$do_update=1 if $_ eq "update";
|
||||
$do_rewrite=1 if $_ eq "rewrite";
|
||||
$do_ctest=1 if $_ eq "ctest";
|
||||
@ -450,17 +452,22 @@ sub do_defs
|
||||
next;
|
||||
}
|
||||
|
||||
$cpp = 1 if /^\#.*ifdef.*cplusplus/;
|
||||
if(/\/\*/) {
|
||||
if (not /\*\//) { # multiline comment...
|
||||
$line = $_; # ... just accumulate
|
||||
next;
|
||||
} else {
|
||||
s/\/\*.*?\*\///gs;# wipe it
|
||||
}
|
||||
}
|
||||
|
||||
if ($cpp) {
|
||||
$cpp = 0 if /^\#.*endif/;
|
||||
$cpp++ if /^#\s*if/;
|
||||
$cpp-- if /^#\s*endif/;
|
||||
next;
|
||||
}
|
||||
$cpp = 1 if /^#.*ifdef.*cplusplus/;
|
||||
|
||||
s/\/\*.*?\*\///gs; # ignore comments
|
||||
if (/\/\*/) { # if we have part
|
||||
$line = $_; # of a comment,
|
||||
next; # continue reading
|
||||
}
|
||||
s/{[^{}]*}//gs; # ignore {} blocks
|
||||
print STDERR "DEBUG: \$def=\"$def\"\n" if $debug && $def ne "";
|
||||
print STDERR "DEBUG: \$_=\"$_\"\n" if $debug;
|
||||
@ -738,6 +745,12 @@ sub do_defs
|
||||
$def .= "int i2d_$1_NDEF(void);";
|
||||
} elsif (/^\s*DECLARE_ASN1_SET_OF\s*\(\s*(\w*)\s*\)/) {
|
||||
next;
|
||||
} elsif (/^\s*DECLARE_ASN1_PRINT_FUNCTION\s*\(\s*(\w*)\s*\)/) {
|
||||
$def .= "int $1_print_ctx(void);";
|
||||
next;
|
||||
} elsif (/^\s*DECLARE_ASN1_PRINT_FUNCTION_name\s*\(\s*(\w*)\s*,\s*(\w*)\s*\)/) {
|
||||
$def .= "int $2_print_ctx(void);";
|
||||
next;
|
||||
} elsif (/^\s*DECLARE_PKCS12_STACK_OF\s*\(\s*(\w*)\s*\)/) {
|
||||
next;
|
||||
} elsif (/^DECLARE_PEM_rw\s*\(\s*(\w*)\s*,/ ||
|
||||
@ -830,6 +843,17 @@ sub do_defs
|
||||
next if(/typedef\W/);
|
||||
next if(/\#define/);
|
||||
|
||||
# Reduce argument lists to empty ()
|
||||
# fold round brackets recursively: (t(*v)(t),t) -> (t{}{},t) -> {}
|
||||
while(/\(.*\)/s) {
|
||||
s/\([^\(\)]+\)/\{\}/gs;
|
||||
s/\(\s*\*\s*(\w+)\s*\{\}\s*\)/$1/gs; #(*f{}) -> f
|
||||
}
|
||||
# pretend as we didn't use curly braces: {} -> ()
|
||||
s/\{\}/\(\)/gs;
|
||||
|
||||
s/STACK_OF\(\)/void/gs;
|
||||
|
||||
print STDERR "DEBUG: \$_ = \"$_\"\n" if $debug;
|
||||
if (/^\#INFO:([^:]*):(.*)$/) {
|
||||
$plats = $1;
|
||||
@ -840,25 +864,11 @@ sub do_defs
|
||||
$s = $1;
|
||||
$k = "VARIABLE";
|
||||
print STDERR "DEBUG: found external variable $s\n" if $debug;
|
||||
} elsif (/\(\*(\w*(\{[0-9]+\})?)\([^\)]+/) {
|
||||
$s = $1;
|
||||
print STDERR "DEBUG: found ANSI C function $s\n" if $debug;
|
||||
} elsif (/\w+\W+(\w+)\W*\(\s*\)(\s*__attribute__\(.*\)\s*)?$/s) {
|
||||
# K&R C
|
||||
print STDERR "DEBUG: found K&R C function $s\n" if $debug;
|
||||
} elsif (/TYPEDEF_\w+_OF/s) {
|
||||
next;
|
||||
} elsif (/\w+\W+\w+(\{[0-9]+\})?\W*\(.*\)(\s*__attribute__\(.*\)\s*)?$/s) {
|
||||
while (not /\(\)(\s*__attribute__\(.*\)\s*)?$/s) {
|
||||
s/[^\(\)]*\)(\s*__attribute__\(.*\)\s*)?$/\)/s;
|
||||
s/\([^\(\)]*\)\)(\s*__attribute__\(.*\)\s*)?$/\)/s;
|
||||
}
|
||||
s/\(void\)//;
|
||||
/(\w+(\{[0-9]+\})?)\W*\(\)/s;
|
||||
$s = $1;
|
||||
} elsif (/(\w+)\s*\(\).*/s) { # first token prior [first] () is
|
||||
$s = $1; # a function name!
|
||||
print STDERR "DEBUG: found function $s\n" if $debug;
|
||||
|
||||
} elsif (/TYPEDEF_\w+_OF/) {
|
||||
next;
|
||||
} elsif (/\(/ and not (/=/)) {
|
||||
print STDERR "File $file: cannot parse: $_;\n";
|
||||
next;
|
||||
|
Loading…
Reference in New Issue
Block a user