Move more comments that confuse indent
Conflicts: crypto/dsa/dsa.h demos/engines/ibmca/hw_ibmca.c ssl/ssl_locl.h Conflicts: crypto/bn/rsaz_exp.c crypto/evp/e_aes_cbc_hmac_sha1.c crypto/evp/e_aes_cbc_hmac_sha256.c ssl/ssl_locl.h Reviewed-by: Tim Hudson <tjh@openssl.org>
This commit is contained in:
parent
4651718410
commit
0f6c965823
10
apps/apps.c
10
apps/apps.c
@ -110,10 +110,12 @@
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
#if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS)
|
#if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS)
|
||||||
#define _POSIX_C_SOURCE 2 /* On VMS, you need to define this to get
|
/* On VMS, you need to define this to get
|
||||||
the declaration of fileno(). The value
|
* the declaration of fileno(). The value
|
||||||
2 is to make sure no function defined
|
* 2 is to make sure no function defined
|
||||||
in POSIX-2 is left undefined. */
|
* in POSIX-2 is left undefined.
|
||||||
|
*/
|
||||||
|
#define _POSIX_C_SOURCE 2
|
||||||
#endif
|
#endif
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
|
@ -1491,7 +1491,8 @@ bad:
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
if (crlnumberfile != NULL) /* we have a CRL number that need updating */
|
/* we have a CRL number that need updating */
|
||||||
|
if (crlnumberfile != NULL)
|
||||||
if (!save_serial(crlnumberfile,"new",crlnumber,NULL)) goto err;
|
if (!save_serial(crlnumberfile,"new",crlnumber,NULL)) goto err;
|
||||||
|
|
||||||
if (crlnumber)
|
if (crlnumber)
|
||||||
|
@ -310,7 +310,8 @@ err:
|
|||||||
*/
|
*/
|
||||||
static char *md5crypt(const char *passwd, const char *magic, const char *salt)
|
static char *md5crypt(const char *passwd, const char *magic, const char *salt)
|
||||||
{
|
{
|
||||||
static char out_buf[6 + 9 + 24 + 2]; /* "$apr1$..salt..$.......md5hash..........\0" */
|
/* "$apr1$..salt..$.......md5hash..........\0" */
|
||||||
|
static char out_buf[6 + 9 + 24 + 2];
|
||||||
unsigned char buf[MD5_DIGEST_LENGTH];
|
unsigned char buf[MD5_DIGEST_LENGTH];
|
||||||
char *salt_out;
|
char *salt_out;
|
||||||
int n;
|
int n;
|
||||||
|
@ -108,7 +108,8 @@
|
|||||||
* Hudson (tjh@cryptsoft.com).
|
* Hudson (tjh@cryptsoft.com).
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
#if !defined(OPENSSL_SYS_NETWARE) /* conflicts with winsock2 stuff on netware */
|
/* conflicts with winsock2 stuff on netware */
|
||||||
|
#if !defined(OPENSSL_SYS_NETWARE)
|
||||||
#include <sys/types.h>
|
#include <sys/types.h>
|
||||||
#endif
|
#endif
|
||||||
#include <openssl/opensslconf.h>
|
#include <openssl/opensslconf.h>
|
||||||
|
@ -157,7 +157,8 @@
|
|||||||
#define APPS_WIN16
|
#define APPS_WIN16
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if !defined(OPENSSL_SYS_NETWARE) /* conflicts with winsock2 stuff on netware */
|
/* conflicts with winsock2 stuff on netware */
|
||||||
|
#if !defined(OPENSSL_SYS_NETWARE)
|
||||||
#include <sys/types.h>
|
#include <sys/types.h>
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -151,7 +151,8 @@ static int bio_new(BIO *bio)
|
|||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
b->peer = NULL;
|
b->peer = NULL;
|
||||||
b->size = 17*1024; /* enough for one TLS record (just a default) */
|
/* enough for one TLS record (just a default) */
|
||||||
|
b->size = 17*1024;
|
||||||
b->buf = NULL;
|
b->buf = NULL;
|
||||||
|
|
||||||
bio->ptr = b;
|
bio->ptr = b;
|
||||||
|
@ -76,11 +76,16 @@ typedef unsigned short io_channel;
|
|||||||
/*************************************************************************/
|
/*************************************************************************/
|
||||||
struct io_status { short status, count; long flags; };
|
struct io_status { short status, count; long flags; };
|
||||||
|
|
||||||
struct rpc_msg { /* Should have member alignment inhibited */
|
/* Should have member alignment inhibited */
|
||||||
char channel; /* 'A'-app data. 'R'-remote client 'G'-global */
|
struct rpc_msg {
|
||||||
char function; /* 'G'-get, 'P'-put, 'C'-confirm, 'X'-close */
|
/* 'A'-app data. 'R'-remote client 'G'-global */
|
||||||
unsigned short int length; /* Amount of data returned or max to return */
|
char channel;
|
||||||
char data[4092]; /* variable data */
|
/* 'G'-get, 'P'-put, 'C'-confirm, 'X'-close */
|
||||||
|
char function;
|
||||||
|
/* Amount of data returned or max to return */
|
||||||
|
unsigned short int length;
|
||||||
|
/* variable data */
|
||||||
|
char data[4092];
|
||||||
};
|
};
|
||||||
#define RPC_HDR_SIZE (sizeof(struct rpc_msg) - 4092)
|
#define RPC_HDR_SIZE (sizeof(struct rpc_msg) - 4092)
|
||||||
|
|
||||||
|
@ -350,6 +350,11 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
|
|||||||
a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];
|
a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];
|
||||||
A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;
|
A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;
|
||||||
}
|
}
|
||||||
|
/*
|
||||||
|
* workaround for ultrix cc: without 'case 0', the optimizer does
|
||||||
|
* the switch table by doing a=top&3; a--; goto jump_table[a];
|
||||||
|
* which fails for top== 0
|
||||||
|
*/
|
||||||
switch (b->top&3)
|
switch (b->top&3)
|
||||||
{
|
{
|
||||||
case 3: A[2]=B[2];
|
case 3: A[2]=B[2];
|
||||||
@ -357,11 +362,6 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
|
|||||||
case 1: A[0]=B[0];
|
case 1: A[0]=B[0];
|
||||||
case 0:
|
case 0:
|
||||||
;
|
;
|
||||||
/*
|
|
||||||
* workaround for ultrix cc: without 'case 0', the optimizer does
|
|
||||||
* the switch table by doing a=top&3; a--; goto jump_table[a];
|
|
||||||
* which fails for top== 0
|
|
||||||
*/
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -508,12 +508,13 @@ BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
|
|||||||
a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];
|
a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];
|
||||||
A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;
|
A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;
|
||||||
}
|
}
|
||||||
|
/* ultrix cc workaround, see comments in bn_expand_internal */
|
||||||
switch (b->top&3)
|
switch (b->top&3)
|
||||||
{
|
{
|
||||||
case 3: A[2]=B[2];
|
case 3: A[2]=B[2];
|
||||||
case 2: A[1]=B[1];
|
case 2: A[1]=B[1];
|
||||||
case 1: A[0]=B[0];
|
case 1: A[0]=B[0];
|
||||||
case 0: ; /* ultrix cc workaround, see comments in bn_expand_internal */
|
case 0: ;
|
||||||
}
|
}
|
||||||
#else
|
#else
|
||||||
memcpy(a->d,b->d,sizeof(b->d[0])*b->top);
|
memcpy(a->d,b->d,sizeof(b->d[0])*b->top);
|
||||||
|
@ -285,7 +285,8 @@ typedef struct bio_st BIO_dummy;
|
|||||||
struct crypto_ex_data_st
|
struct crypto_ex_data_st
|
||||||
{
|
{
|
||||||
STACK_OF(void) *sk;
|
STACK_OF(void) *sk;
|
||||||
int dummy; /* gcc is screwing up this data structure :-( */
|
/* gcc is screwing up this data structure :-( */
|
||||||
|
int dummy;
|
||||||
};
|
};
|
||||||
DECLARE_STACK_OF(void)
|
DECLARE_STACK_OF(void)
|
||||||
|
|
||||||
|
@ -67,5 +67,7 @@
|
|||||||
#define DES_version OSSL_DES_version
|
#define DES_version OSSL_DES_version
|
||||||
#define libdes_version OSSL_libdes_version
|
#define libdes_version OSSL_libdes_version
|
||||||
|
|
||||||
OPENSSL_EXTERN const char OSSL_DES_version[]; /* SSLeay version string */
|
/* SSLeay version string */
|
||||||
OPENSSL_EXTERN const char OSSL_libdes_version[]; /* old libdes version string */
|
OPENSSL_EXTERN const char OSSL_DES_version[];
|
||||||
|
/* old libdes version string */
|
||||||
|
OPENSSL_EXTERN const char OSSL_libdes_version[];
|
||||||
|
@ -89,13 +89,20 @@
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
#define DSA_FLAG_CACHE_MONT_P 0x01
|
#define DSA_FLAG_CACHE_MONT_P 0x01
|
||||||
#define DSA_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DSA
|
/* new with 0.9.7h; the
|
||||||
* implementation now uses constant time
|
* built-in DSA
|
||||||
* modular exponentiation for secret exponents
|
* implementation now
|
||||||
* by default. This flag causes the
|
* uses constant time
|
||||||
* faster variable sliding window method to
|
* modular exponentiation
|
||||||
* be used for all exponents.
|
* for secret exponents
|
||||||
|
* by default. This flag
|
||||||
|
* causes the faster
|
||||||
|
* variable sliding
|
||||||
|
* window method to be
|
||||||
|
* used for all
|
||||||
|
* exponents.
|
||||||
*/
|
*/
|
||||||
|
#define DSA_FLAG_NO_EXP_CONSTTIME 0x02
|
||||||
|
|
||||||
/* If this flag is set the DSA method is FIPS compliant and can be used
|
/* If this flag is set the DSA method is FIPS compliant and can be used
|
||||||
* in FIPS mode. This is set in the validated module method. If an
|
* in FIPS mode. This is set in the validated module method. If an
|
||||||
|
@ -391,7 +391,8 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
|
|||||||
if (!EC_POINT_set_affine_coordinates_GF2m(group, point, x, y, ctx)) goto err;
|
if (!EC_POINT_set_affine_coordinates_GF2m(group, point, x, y, ctx)) goto err;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!EC_POINT_is_on_curve(group, point, ctx)) /* test required by X9.62 */
|
/* test required by X9.62 */
|
||||||
|
if (!EC_POINT_is_on_curve(group, point, ctx))
|
||||||
{
|
{
|
||||||
ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
|
ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
|
||||||
goto err;
|
goto err;
|
||||||
|
@ -1568,9 +1568,10 @@ static void batch_mul(felem x_out, felem y_out, felem z_out,
|
|||||||
|
|
||||||
if (!skip)
|
if (!skip)
|
||||||
{
|
{
|
||||||
|
/* Arg 1 below is for "mixed" */
|
||||||
point_add(nq[0], nq[1], nq[2],
|
point_add(nq[0], nq[1], nq[2],
|
||||||
nq[0], nq[1], nq[2],
|
nq[0], nq[1], nq[2],
|
||||||
1 /* mixed */, tmp[0], tmp[1], tmp[2]);
|
1, tmp[0], tmp[1], tmp[2]);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
@ -1587,9 +1588,10 @@ static void batch_mul(felem x_out, felem y_out, felem z_out,
|
|||||||
bits |= get_bit(g_scalar, i);
|
bits |= get_bit(g_scalar, i);
|
||||||
/* select the point to add, in constant time */
|
/* select the point to add, in constant time */
|
||||||
select_point(bits, 16, g_pre_comp[0], tmp);
|
select_point(bits, 16, g_pre_comp[0], tmp);
|
||||||
|
/* Arg 1 below is for "mixed" */
|
||||||
point_add(nq[0], nq[1], nq[2],
|
point_add(nq[0], nq[1], nq[2],
|
||||||
nq[0], nq[1], nq[2],
|
nq[0], nq[1], nq[2],
|
||||||
1 /* mixed */, tmp[0], tmp[1], tmp[2]);
|
1, tmp[0], tmp[1], tmp[2]);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* do other additions every 5 doublings */
|
/* do other additions every 5 doublings */
|
||||||
|
@ -1460,9 +1460,10 @@ static void batch_mul(felem x_out, felem y_out, felem z_out,
|
|||||||
select_point(bits, 16, g_pre_comp, tmp);
|
select_point(bits, 16, g_pre_comp, tmp);
|
||||||
if (!skip)
|
if (!skip)
|
||||||
{
|
{
|
||||||
|
/* The 1 argument below is for "mixed" */
|
||||||
point_add(nq[0], nq[1], nq[2],
|
point_add(nq[0], nq[1], nq[2],
|
||||||
nq[0], nq[1], nq[2],
|
nq[0], nq[1], nq[2],
|
||||||
1 /* mixed */, tmp[0], tmp[1], tmp[2]);
|
1, tmp[0], tmp[1], tmp[2]);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
@ -79,7 +79,8 @@ void ec_GFp_nistp_points_make_affine_internal(size_t num, void *point_array,
|
|||||||
/* tmp_felem(i-1) is the product of Z(0) .. Z(i-1),
|
/* tmp_felem(i-1) is the product of Z(0) .. Z(i-1),
|
||||||
* tmp_felem(i) is the inverse of the product of Z(0) .. Z(i)
|
* tmp_felem(i) is the inverse of the product of Z(0) .. Z(i)
|
||||||
*/
|
*/
|
||||||
felem_mul(tmp_felem(num), tmp_felem(i-1), tmp_felem(i)); /* 1/Z(i) */
|
/* 1/Z(i) */
|
||||||
|
felem_mul(tmp_felem(num), tmp_felem(i-1), tmp_felem(i));
|
||||||
else
|
else
|
||||||
felem_assign(tmp_felem(num), tmp_felem(0)); /* 1/Z(0) */
|
felem_assign(tmp_felem(num), tmp_felem(0)); /* 1/Z(0) */
|
||||||
|
|
||||||
|
@ -417,7 +417,8 @@ int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
|
|||||||
if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) goto err;
|
if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) goto err;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!EC_POINT_is_on_curve(group, point, ctx)) /* test required by X9.62 */
|
/* test required by X9.62 */
|
||||||
|
if (!EC_POINT_is_on_curve(group, point, ctx))
|
||||||
{
|
{
|
||||||
ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
|
ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
|
||||||
goto err;
|
goto err;
|
||||||
|
@ -2019,7 +2019,8 @@ static const u8 T19[]= {
|
|||||||
/* Test Case 20 */
|
/* Test Case 20 */
|
||||||
#define K20 K1
|
#define K20 K1
|
||||||
#define A20 A1
|
#define A20 A1
|
||||||
static const u8 IV20[64]={0xff,0xff,0xff,0xff}; /* this results in 0xff in counter LSB */
|
/* this results in 0xff in counter LSB */
|
||||||
|
static const u8 IV20[64]={0xff,0xff,0xff,0xff};
|
||||||
static const u8 P20[288];
|
static const u8 P20[288];
|
||||||
static const u8 C20[]= {
|
static const u8 C20[]= {
|
||||||
0x56,0xb3,0x37,0x3c,0xa9,0xef,0x6e,0x4a,
|
0x56,0xb3,0x37,0x3c,0xa9,0xef,0x6e,0x4a,
|
||||||
|
@ -147,7 +147,8 @@ static unsigned int crypto_lock_rand = 0; /* may be set only when a thread
|
|||||||
* holds CRYPTO_LOCK_RAND
|
* holds CRYPTO_LOCK_RAND
|
||||||
* (to prevent double locking) */
|
* (to prevent double locking) */
|
||||||
/* access to lockin_thread is synchronized by CRYPTO_LOCK_RAND2 */
|
/* access to lockin_thread is synchronized by CRYPTO_LOCK_RAND2 */
|
||||||
static CRYPTO_THREADID locking_threadid; /* valid iff crypto_lock_rand is set */
|
/* valid iff crypto_lock_rand is set */
|
||||||
|
static CRYPTO_THREADID locking_threadid;
|
||||||
|
|
||||||
|
|
||||||
#ifdef PREDICT
|
#ifdef PREDICT
|
||||||
@ -504,7 +505,8 @@ int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock)
|
|||||||
|
|
||||||
for (i=0; i<MD_DIGEST_LENGTH/2; i++)
|
for (i=0; i<MD_DIGEST_LENGTH/2; i++)
|
||||||
{
|
{
|
||||||
state[st_idx++]^=local_md[i]; /* may compete with other threads */
|
/* may compete with other threads */
|
||||||
|
state[st_idx++]^=local_md[i];
|
||||||
if (st_idx >= st_num)
|
if (st_idx >= st_num)
|
||||||
st_idx=0;
|
st_idx=0;
|
||||||
if (i < j)
|
if (i < j)
|
||||||
|
@ -89,7 +89,8 @@
|
|||||||
#error SEED is disabled.
|
#error SEED is disabled.
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef AES_LONG /* look whether we need 'long' to get 32 bits */
|
/* look whether we need 'long' to get 32 bits */
|
||||||
|
#ifdef AES_LONG
|
||||||
# ifndef SEED_LONG
|
# ifndef SEED_LONG
|
||||||
# define SEED_LONG 1
|
# define SEED_LONG 1
|
||||||
# endif
|
# endif
|
||||||
|
@ -570,7 +570,8 @@ X509_ALGOR *encryption;
|
|||||||
} PBE2PARAM;
|
} PBE2PARAM;
|
||||||
|
|
||||||
typedef struct PBKDF2PARAM_st {
|
typedef struct PBKDF2PARAM_st {
|
||||||
ASN1_TYPE *salt; /* Usually OCTET STRING but could be anything */
|
/* Usually OCTET STRING but could be anything */
|
||||||
|
ASN1_TYPE *salt;
|
||||||
ASN1_INTEGER *iter;
|
ASN1_INTEGER *iter;
|
||||||
ASN1_INTEGER *keylength;
|
ASN1_INTEGER *keylength;
|
||||||
X509_ALGOR *prf;
|
X509_ALGOR *prf;
|
||||||
@ -581,7 +582,8 @@ X509_ALGOR *prf;
|
|||||||
|
|
||||||
struct pkcs8_priv_key_info_st
|
struct pkcs8_priv_key_info_st
|
||||||
{
|
{
|
||||||
int broken; /* Flag for various broken formats */
|
/* Flag for various broken formats */
|
||||||
|
int broken;
|
||||||
#define PKCS8_OK 0
|
#define PKCS8_OK 0
|
||||||
#define PKCS8_NO_OCTET 1
|
#define PKCS8_NO_OCTET 1
|
||||||
#define PKCS8_EMBEDDED_PARAM 2
|
#define PKCS8_EMBEDDED_PARAM 2
|
||||||
@ -589,7 +591,8 @@ struct pkcs8_priv_key_info_st
|
|||||||
#define PKCS8_NEG_PRIVKEY 4
|
#define PKCS8_NEG_PRIVKEY 4
|
||||||
ASN1_INTEGER *version;
|
ASN1_INTEGER *version;
|
||||||
X509_ALGOR *pkeyalg;
|
X509_ALGOR *pkeyalg;
|
||||||
ASN1_TYPE *pkey; /* Should be OCTET STRING but some are broken */
|
/* Should be OCTET STRING but some are broken */
|
||||||
|
ASN1_TYPE *pkey;
|
||||||
STACK_OF(X509_ATTRIBUTE) *attributes;
|
STACK_OF(X509_ATTRIBUTE) *attributes;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -419,7 +419,8 @@ void ENGINE_load_chil(void)
|
|||||||
static DSO *hwcrhk_dso = NULL;
|
static DSO *hwcrhk_dso = NULL;
|
||||||
static HWCryptoHook_ContextHandle hwcrhk_context = 0;
|
static HWCryptoHook_ContextHandle hwcrhk_context = 0;
|
||||||
#ifndef OPENSSL_NO_RSA
|
#ifndef OPENSSL_NO_RSA
|
||||||
static int hndidx_rsa = -1; /* Index for KM handle. Not really used yet. */
|
/* Index for KM handle. Not really used yet. */
|
||||||
|
static int hndidx_rsa = -1;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* These are the function pointers that are (un)set when the library has
|
/* These are the function pointers that are (un)set when the library has
|
||||||
|
@ -337,10 +337,12 @@ void ENGINE_load_sureware(void)
|
|||||||
* implicitly. */
|
* implicitly. */
|
||||||
static DSO *surewarehk_dso = NULL;
|
static DSO *surewarehk_dso = NULL;
|
||||||
#ifndef OPENSSL_NO_RSA
|
#ifndef OPENSSL_NO_RSA
|
||||||
static int rsaHndidx = -1; /* Index for KM handle. Not really used yet. */
|
/* Index for KM handle. Not really used yet. */
|
||||||
|
static int rsaHndidx = -1;
|
||||||
#endif
|
#endif
|
||||||
#ifndef OPENSSL_NO_DSA
|
#ifndef OPENSSL_NO_DSA
|
||||||
static int dsaHndidx = -1; /* Index for KM handle. Not really used yet. */
|
/* Index for KM handle. Not really used yet. */
|
||||||
|
static int dsaHndidx = -1;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* These are the function pointers that are (un)set when the library has
|
/* These are the function pointers that are (un)set when the library has
|
||||||
|
@ -782,9 +782,13 @@ static DSA_SIG *ubsec_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
|
|||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (p_UBSEC_dsa_sign_ioctl(fd, 0, /* compute hash before signing */
|
if (p_UBSEC_dsa_sign_ioctl(fd,
|
||||||
|
/* compute hash before signing */
|
||||||
|
0,
|
||||||
(unsigned char *)dgst, d_len,
|
(unsigned char *)dgst, d_len,
|
||||||
NULL, 0, /* compute random value */
|
NULL,
|
||||||
|
/* compute random value */
|
||||||
|
0,
|
||||||
(unsigned char *)dsa->p->d, BN_num_bits(dsa->p),
|
(unsigned char *)dsa->p->d, BN_num_bits(dsa->p),
|
||||||
(unsigned char *)dsa->q->d, BN_num_bits(dsa->q),
|
(unsigned char *)dsa->q->d, BN_num_bits(dsa->q),
|
||||||
(unsigned char *)dsa->g->d, BN_num_bits(dsa->g),
|
(unsigned char *)dsa->g->d, BN_num_bits(dsa->g),
|
||||||
|
@ -711,7 +711,8 @@ again:
|
|||||||
{
|
{
|
||||||
if(dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num)<0)
|
if(dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num)<0)
|
||||||
return -1;
|
return -1;
|
||||||
dtls1_record_bitmap_update(s, bitmap);/* Mark receipt of record. */
|
/* Mark receipt of record. */
|
||||||
|
dtls1_record_bitmap_update(s, bitmap);
|
||||||
}
|
}
|
||||||
rr->length = 0;
|
rr->length = 0;
|
||||||
s->packet_length = 0;
|
s->packet_length = 0;
|
||||||
|
@ -1813,8 +1813,10 @@ kssl_ctx_show(KSSL_CTX *kssl_ctx)
|
|||||||
|
|
||||||
krb5rc = krb5_kt_get_entry(krb5context, krb5keytab,
|
krb5rc = krb5_kt_get_entry(krb5context, krb5keytab,
|
||||||
princ,
|
princ,
|
||||||
0 /* IGNORE_VNO */,
|
/* IGNORE_VNO */
|
||||||
0 /* IGNORE_ENCTYPE */,
|
0,
|
||||||
|
/* IGNORE_ENCTYPE */
|
||||||
|
0,
|
||||||
&entry);
|
&entry);
|
||||||
if ( krb5rc == KRB5_KT_NOTFOUND ) {
|
if ( krb5rc == KRB5_KT_NOTFOUND ) {
|
||||||
rc = 1;
|
rc = 1;
|
||||||
@ -1898,7 +1900,8 @@ void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data)
|
|||||||
krb5_free_data_contents(NULL, data);
|
krb5_free_data_contents(NULL, data);
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
#endif /* !OPENSSL_SYS_WINDOWS && !OPENSSL_SYS_WIN32 */
|
#endif
|
||||||
|
/* !OPENSSL_SYS_WINDOWS && !OPENSSL_SYS_WIN32 */
|
||||||
|
|
||||||
|
|
||||||
/* Given pointers to KerberosTime and struct tm structs, convert the
|
/* Given pointers to KerberosTime and struct tm structs, convert the
|
||||||
|
51
ssl/ssl.h
51
ssl/ssl.h
@ -573,7 +573,8 @@ struct ssl_session_st
|
|||||||
* the workaround is not needed. Unfortunately some broken SSL/TLS
|
* the workaround is not needed. Unfortunately some broken SSL/TLS
|
||||||
* implementations cannot handle it at all, which is why we include
|
* implementations cannot handle it at all, which is why we include
|
||||||
* it in SSL_OP_ALL. */
|
* it in SSL_OP_ALL. */
|
||||||
#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800L /* added in 0.9.6e */
|
/* added in 0.9.6e */
|
||||||
|
#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800L
|
||||||
|
|
||||||
/* SSL_OP_ALL: various bug workarounds that should be rather harmless.
|
/* SSL_OP_ALL: various bug workarounds that should be rather harmless.
|
||||||
* This used to be 0x000FFFFFL before 0.9.7. */
|
* This used to be 0x000FFFFFL before 0.9.7. */
|
||||||
@ -1537,27 +1538,40 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
|
|||||||
|
|
||||||
/* These alert types are for SSLv3 and TLSv1 */
|
/* These alert types are for SSLv3 and TLSv1 */
|
||||||
#define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY
|
#define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY
|
||||||
#define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE /* fatal */
|
/* fatal */
|
||||||
#define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC /* fatal */
|
#define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE
|
||||||
|
/* fatal */
|
||||||
|
#define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC
|
||||||
#define SSL_AD_DECRYPTION_FAILED TLS1_AD_DECRYPTION_FAILED
|
#define SSL_AD_DECRYPTION_FAILED TLS1_AD_DECRYPTION_FAILED
|
||||||
#define SSL_AD_RECORD_OVERFLOW TLS1_AD_RECORD_OVERFLOW
|
#define SSL_AD_RECORD_OVERFLOW TLS1_AD_RECORD_OVERFLOW
|
||||||
#define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE/* fatal */
|
/* fatal */
|
||||||
#define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE/* fatal */
|
#define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE
|
||||||
#define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE /* Not for TLS */
|
/* fatal */
|
||||||
|
#define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE
|
||||||
|
/* Not for TLS */
|
||||||
|
#define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE
|
||||||
#define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE
|
#define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE
|
||||||
#define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE
|
#define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE
|
||||||
#define SSL_AD_CERTIFICATE_REVOKED SSL3_AD_CERTIFICATE_REVOKED
|
#define SSL_AD_CERTIFICATE_REVOKED SSL3_AD_CERTIFICATE_REVOKED
|
||||||
#define SSL_AD_CERTIFICATE_EXPIRED SSL3_AD_CERTIFICATE_EXPIRED
|
#define SSL_AD_CERTIFICATE_EXPIRED SSL3_AD_CERTIFICATE_EXPIRED
|
||||||
#define SSL_AD_CERTIFICATE_UNKNOWN SSL3_AD_CERTIFICATE_UNKNOWN
|
#define SSL_AD_CERTIFICATE_UNKNOWN SSL3_AD_CERTIFICATE_UNKNOWN
|
||||||
#define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER /* fatal */
|
/* fatal */
|
||||||
#define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA /* fatal */
|
#define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER
|
||||||
#define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED /* fatal */
|
/* fatal */
|
||||||
#define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR /* fatal */
|
#define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA
|
||||||
|
/* fatal */
|
||||||
|
#define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED
|
||||||
|
/* fatal */
|
||||||
|
#define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR
|
||||||
#define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR
|
#define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR
|
||||||
#define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION/* fatal */
|
/* fatal */
|
||||||
#define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION /* fatal */
|
#define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION
|
||||||
#define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY/* fatal */
|
/* fatal */
|
||||||
#define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR /* fatal */
|
#define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION
|
||||||
|
/* fatal */
|
||||||
|
#define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY
|
||||||
|
/* fatal */
|
||||||
|
#define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR
|
||||||
#define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED
|
#define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED
|
||||||
#define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION
|
#define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION
|
||||||
#define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION
|
#define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION
|
||||||
@ -1565,8 +1579,10 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
|
|||||||
#define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME
|
#define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME
|
||||||
#define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE
|
#define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE
|
||||||
#define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE
|
#define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE
|
||||||
#define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */
|
/* fatal */
|
||||||
#define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK /* fatal */
|
#define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY
|
||||||
|
/* fatal */
|
||||||
|
#define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK
|
||||||
|
|
||||||
#define SSL_ERROR_NONE 0
|
#define SSL_ERROR_NONE 0
|
||||||
#define SSL_ERROR_SSL 1
|
#define SSL_ERROR_SSL 1
|
||||||
@ -1791,7 +1807,8 @@ int SSL_use_certificate_file(SSL *ssl, const char *file, int type);
|
|||||||
int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);
|
int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);
|
||||||
int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);
|
int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);
|
||||||
int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);
|
int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);
|
||||||
int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM type */
|
/* PEM type */
|
||||||
|
int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file);
|
||||||
STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
|
STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
|
||||||
int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
|
int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
|
||||||
const char *file);
|
const char *file);
|
||||||
|
@ -288,30 +288,54 @@
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
/* Bits for algorithm_mkey (key exchange algorithm) */
|
/* Bits for algorithm_mkey (key exchange algorithm) */
|
||||||
#define SSL_kRSA 0x00000001L /* RSA key exchange */
|
/* RSA key exchange */
|
||||||
#define SSL_kDHr 0x00000002L /* DH cert, RSA CA cert */ /* no such ciphersuites supported! */
|
#define SSL_kRSA 0x00000001L
|
||||||
#define SSL_kDHd 0x00000004L /* DH cert, DSA CA cert */ /* no such ciphersuite supported! */
|
/* DH cert, RSA CA cert */
|
||||||
#define SSL_kEDH 0x00000008L /* tmp DH key no DH cert */
|
/* no such ciphersuites supported! */
|
||||||
#define SSL_kKRB5 0x00000010L /* Kerberos5 key exchange */
|
#define SSL_kDHr 0x00000002L
|
||||||
#define SSL_kECDHr 0x00000020L /* ECDH cert, RSA CA cert */
|
/* DH cert, DSA CA cert */
|
||||||
#define SSL_kECDHe 0x00000040L /* ECDH cert, ECDSA CA cert */
|
/* no such ciphersuite supported! */
|
||||||
#define SSL_kEECDH 0x00000080L /* ephemeral ECDH */
|
#define SSL_kDHd 0x00000004L
|
||||||
#define SSL_kPSK 0x00000100L /* PSK */
|
/* tmp DH key no DH cert */
|
||||||
#define SSL_kGOST 0x00000200L /* GOST key exchange */
|
#define SSL_kEDH 0x00000008L
|
||||||
#define SSL_kSRP 0x00000400L /* SRP */
|
/* Kerberos5 key exchange */
|
||||||
|
#define SSL_kKRB5 0x00000010L
|
||||||
|
/* ECDH cert, RSA CA cert */
|
||||||
|
#define SSL_kECDHr 0x00000020L
|
||||||
|
/* ECDH cert, ECDSA CA cert */
|
||||||
|
#define SSL_kECDHe 0x00000040L
|
||||||
|
/* ephemeral ECDH */
|
||||||
|
#define SSL_kEECDH 0x00000080L
|
||||||
|
/* PSK */
|
||||||
|
#define SSL_kPSK 0x00000100L
|
||||||
|
/* GOST key exchange */
|
||||||
|
#define SSL_kGOST 0x00000200L
|
||||||
|
/* SRP */
|
||||||
|
#define SSL_kSRP 0x00000400L
|
||||||
|
|
||||||
/* Bits for algorithm_auth (server authentication) */
|
/* Bits for algorithm_auth (server authentication) */
|
||||||
#define SSL_aRSA 0x00000001L /* RSA auth */
|
/* RSA auth */
|
||||||
#define SSL_aDSS 0x00000002L /* DSS auth */
|
#define SSL_aRSA 0x00000001L
|
||||||
#define SSL_aNULL 0x00000004L /* no auth (i.e. use ADH or AECDH) */
|
/* DSS auth */
|
||||||
#define SSL_aDH 0x00000008L /* Fixed DH auth (kDHd or kDHr) */ /* no such ciphersuites supported! */
|
#define SSL_aDSS 0x00000002L
|
||||||
#define SSL_aECDH 0x00000010L /* Fixed ECDH auth (kECDHe or kECDHr) */
|
/* no auth (i.e. use ADH or AECDH) */
|
||||||
#define SSL_aKRB5 0x00000020L /* KRB5 auth */
|
#define SSL_aNULL 0x00000004L
|
||||||
#define SSL_aECDSA 0x00000040L /* ECDSA auth*/
|
/* Fixed DH auth (kDHd or kDHr) */ /* no such ciphersuites supported! */
|
||||||
#define SSL_aPSK 0x00000080L /* PSK auth */
|
#define SSL_aDH 0x00000008L
|
||||||
#define SSL_aGOST94 0x00000100L /* GOST R 34.10-94 signature auth */
|
/* Fixed ECDH auth (kECDHe or kECDHr) */
|
||||||
#define SSL_aGOST01 0x00000200L /* GOST R 34.10-2001 signature auth */
|
#define SSL_aECDH 0x00000010L
|
||||||
#define SSL_aSRP 0x00000400L /* SRP auth */
|
/* KRB5 auth */
|
||||||
|
#define SSL_aKRB5 0x00000020L
|
||||||
|
/* ECDSA auth*/
|
||||||
|
#define SSL_aECDSA 0x00000040L
|
||||||
|
/* PSK auth */
|
||||||
|
#define SSL_aPSK 0x00000080L
|
||||||
|
/* GOST R 34.10-94 signature auth */
|
||||||
|
#define SSL_aGOST94 0x00000100L
|
||||||
|
/* GOST R 34.10-2001 signature auth */
|
||||||
|
#define SSL_aGOST01 0x00000200L
|
||||||
|
/* SRP auth */
|
||||||
|
#define SSL_aSRP 0x00000400L
|
||||||
|
|
||||||
|
|
||||||
/* Bits for algorithm_enc (symmetric encryption) */
|
/* Bits for algorithm_enc (symmetric encryption) */
|
||||||
|
@ -144,11 +144,16 @@ static int s_nbio=0;
|
|||||||
#endif
|
#endif
|
||||||
#define TEST_SERVER_CERT "SSL_SERVER_CERTIFICATE"
|
#define TEST_SERVER_CERT "SSL_SERVER_CERTIFICATE"
|
||||||
/*************************************************************************/
|
/*************************************************************************/
|
||||||
struct rpc_msg { /* Should have member alignment inhibited */
|
/* Should have member alignment inhibited */
|
||||||
char channel; /* 'A'-app data. 'R'-remote client 'G'-global */
|
struct rpc_msg {
|
||||||
char function; /* 'G'-get, 'P'-put, 'C'-confirm, 'X'-close */
|
/* 'A'-app data. 'R'-remote client 'G'-global */
|
||||||
unsigned short int length; /* Amount of data returned or max to return */
|
char channel;
|
||||||
char data[4092]; /* variable data */
|
/* 'G'-get, 'P'-put, 'C'-confirm, 'X'-close */
|
||||||
|
char function;
|
||||||
|
/* Amount of data returned or max to return */
|
||||||
|
unsigned short int length;
|
||||||
|
/* variable data */
|
||||||
|
char data[4092];
|
||||||
};
|
};
|
||||||
#define RPC_HDR_SIZE (sizeof(struct rpc_msg) - 4092)
|
#define RPC_HDR_SIZE (sizeof(struct rpc_msg) - 4092)
|
||||||
|
|
||||||
|
@ -1011,8 +1011,10 @@ bad:
|
|||||||
#ifdef TLSEXT_TYPE_opaque_prf_input
|
#ifdef TLSEXT_TYPE_opaque_prf_input
|
||||||
SSL_CTX_set_tlsext_opaque_prf_input_callback(c_ctx, opaque_prf_input_cb);
|
SSL_CTX_set_tlsext_opaque_prf_input_callback(c_ctx, opaque_prf_input_cb);
|
||||||
SSL_CTX_set_tlsext_opaque_prf_input_callback(s_ctx, opaque_prf_input_cb);
|
SSL_CTX_set_tlsext_opaque_prf_input_callback(s_ctx, opaque_prf_input_cb);
|
||||||
SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(c_ctx, &co1); /* or &co2 or NULL */
|
/* or &co2 or NULL */
|
||||||
SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(s_ctx, &so1); /* or &so2 or NULL */
|
SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(c_ctx, &co1);
|
||||||
|
/* or &so2 or NULL */
|
||||||
|
SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(s_ctx, &so1);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if (!SSL_CTX_use_certificate_file(s_ctx,server_cert,SSL_FILETYPE_PEM))
|
if (!SSL_CTX_use_certificate_file(s_ctx,server_cert,SSL_FILETYPE_PEM))
|
||||||
|
@ -1245,7 +1245,8 @@ int tls1_alert_code(int code)
|
|||||||
case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: return(TLS1_AD_BAD_CERTIFICATE_HASH_VALUE);
|
case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: return(TLS1_AD_BAD_CERTIFICATE_HASH_VALUE);
|
||||||
case SSL_AD_UNKNOWN_PSK_IDENTITY:return(TLS1_AD_UNKNOWN_PSK_IDENTITY);
|
case SSL_AD_UNKNOWN_PSK_IDENTITY:return(TLS1_AD_UNKNOWN_PSK_IDENTITY);
|
||||||
case SSL_AD_INAPPROPRIATE_FALLBACK:return(TLS1_AD_INAPPROPRIATE_FALLBACK);
|
case SSL_AD_INAPPROPRIATE_FALLBACK:return(TLS1_AD_INAPPROPRIATE_FALLBACK);
|
||||||
#if 0 /* not appropriate for TLS, not used for DTLS */
|
#if 0
|
||||||
|
/* not appropriate for TLS, not used for DTLS */
|
||||||
case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE: return
|
case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE: return
|
||||||
(DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
|
(DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
|
||||||
#endif
|
#endif
|
||||||
|
Loading…
x
Reference in New Issue
Block a user