generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Remove Kerberos support from libssl

Browse Source 
Remove RFC2712 Kerberos support from libssl. This code and the associated
standard is no longer considered fit-for-purpose.

Reviewed-by: Rich Salz <rsalz@openssl.org>
This commit is contained in:
Matt Caswell 2015-05-12 10:27:53 +01:00
parent 5561419a60
commit 55a9a16f1c
31 changed files with 839 additions and 4406 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

332
apps/Makefile
View File

@ -183,21 +183,20 @@ apps.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
apps.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
apps.o: ../include/openssl/engine.h ../include/openssl/err.h
apps.o: ../include/openssl/evp.h ../include/openssl/hmac.h
apps.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
apps.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
apps.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
apps.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
apps.o: ../include/openssl/pem.h ../include/openssl/pem2.h
apps.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
apps.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
apps.o: ../include/openssl/sha.h ../include/openssl/srtp.h
apps.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
apps.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
apps.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
apps.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
apps.o: ../include/openssl/ui.h ../include/openssl/x509.h
apps.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.c apps.h
apps.o: progs.h
apps.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
apps.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
apps.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
apps.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
apps.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
apps.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h
apps.o: ../include/openssl/safestack.h ../include/openssl/sha.h
apps.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
apps.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
apps.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
apps.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
apps.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
apps.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
apps.o: ../include/openssl/x509v3.h apps.c apps.h progs.h
asn1pars.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
asn1pars.o: ../include/openssl/buffer.h ../include/openssl/conf.h
asn1pars.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
@ -237,20 +236,19 @@ ciphers.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
ciphers.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
ciphers.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
ciphers.o: ../include/openssl/err.h ../include/openssl/evp.h
ciphers.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
ciphers.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
ciphers.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
ciphers.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
ciphers.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
ciphers.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
ciphers.o: ../include/openssl/safestack.h ../include/openssl/sha.h
ciphers.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
ciphers.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
ciphers.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
ciphers.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
ciphers.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
ciphers.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
ciphers.o: ciphers.c progs.h
ciphers.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
ciphers.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
ciphers.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
ciphers.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
ciphers.o: ../include/openssl/pem.h ../include/openssl/pem2.h
ciphers.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
ciphers.o: ../include/openssl/sha.h ../include/openssl/srtp.h
ciphers.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
ciphers.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
ciphers.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
ciphers.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
ciphers.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
ciphers.o: ../include/openssl/x509v3.h apps.h ciphers.c progs.h
cms.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
cms.o: ../include/openssl/buffer.h ../include/openssl/cms.h
cms.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@ -422,20 +420,19 @@ engine.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
engine.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
engine.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
engine.o: ../include/openssl/err.h ../include/openssl/evp.h
engine.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
engine.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
engine.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
engine.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
engine.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
engine.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
engine.o: ../include/openssl/safestack.h ../include/openssl/sha.h
engine.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
engine.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
engine.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
engine.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
engine.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
engine.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
engine.o: engine.c progs.h
engine.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
engine.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
engine.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
engine.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
engine.o: ../include/openssl/pem.h ../include/openssl/pem2.h
engine.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
engine.o: ../include/openssl/sha.h ../include/openssl/srtp.h
engine.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
engine.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
engine.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
engine.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
engine.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
engine.o: ../include/openssl/x509v3.h apps.h engine.c progs.h
errstr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
errstr.o: ../include/openssl/buffer.h ../include/openssl/comp.h
errstr.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@ -443,20 +440,19 @@ errstr.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
errstr.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
errstr.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
errstr.o: ../include/openssl/err.h ../include/openssl/evp.h
errstr.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
errstr.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
errstr.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
errstr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
errstr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
errstr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
errstr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
errstr.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
errstr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
errstr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
errstr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
errstr.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
errstr.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
errstr.o: errstr.c progs.h
errstr.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
errstr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
errstr.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
errstr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
errstr.o: ../include/openssl/pem.h ../include/openssl/pem2.h
errstr.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
errstr.o: ../include/openssl/sha.h ../include/openssl/srtp.h
errstr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
errstr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
errstr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
errstr.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
errstr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
errstr.o: ../include/openssl/x509v3.h apps.h errstr.c progs.h
gendsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
gendsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
gendsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@ -531,19 +527,19 @@ ocsp.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
ocsp.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
ocsp.o: ../include/openssl/engine.h ../include/openssl/err.h
ocsp.o: ../include/openssl/evp.h ../include/openssl/hmac.h
ocsp.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
ocsp.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
ocsp.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
ocsp.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
ocsp.o: ../include/openssl/pem.h ../include/openssl/pem2.h
ocsp.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
ocsp.o: ../include/openssl/sha.h ../include/openssl/srtp.h
ocsp.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
ocsp.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
ocsp.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
ocsp.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
ocsp.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
ocsp.o: ../include/openssl/x509v3.h apps.h ocsp.c progs.h
ocsp.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
ocsp.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
ocsp.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
ocsp.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
ocsp.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
ocsp.o: ../include/openssl/safestack.h ../include/openssl/sha.h
ocsp.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
ocsp.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
ocsp.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
ocsp.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
ocsp.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
ocsp.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ocsp.c
ocsp.o: progs.h
openssl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
openssl.o: ../include/openssl/buffer.h ../include/openssl/comp.h
openssl.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@ -551,20 +547,20 @@ openssl.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
openssl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
openssl.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
openssl.o: ../include/openssl/err.h ../include/openssl/evp.h
openssl.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
openssl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
openssl.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
openssl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
openssl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
openssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
openssl.o: ../include/openssl/rand.h ../include/openssl/safestack.h
openssl.o: ../include/openssl/sha.h ../include/openssl/srtp.h
openssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
openssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
openssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
openssl.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
openssl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
openssl.o: ../include/openssl/x509v3.h apps.h openssl.c progs.h s_apps.h
openssl.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
openssl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
openssl.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
openssl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
openssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
openssl.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
openssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
openssl.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
openssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
openssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
openssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
openssl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
openssl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
openssl.o: openssl.c progs.h s_apps.h
opt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
opt.o: ../include/openssl/buffer.h ../include/openssl/conf.h
opt.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
@ -779,20 +775,20 @@ s_cb.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
s_cb.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
s_cb.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
s_cb.o: ../include/openssl/err.h ../include/openssl/evp.h
s_cb.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
s_cb.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
s_cb.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
s_cb.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
s_cb.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
s_cb.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
s_cb.o: ../include/openssl/rand.h ../include/openssl/safestack.h
s_cb.o: ../include/openssl/sha.h ../include/openssl/srtp.h
s_cb.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
s_cb.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
s_cb.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
s_cb.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
s_cb.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
s_cb.o: ../include/openssl/x509v3.h apps.h progs.h s_apps.h s_cb.c
s_cb.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
s_cb.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
s_cb.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
s_cb.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
s_cb.o: ../include/openssl/pem.h ../include/openssl/pem2.h
s_cb.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
s_cb.o: ../include/openssl/safestack.h ../include/openssl/sha.h
s_cb.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
s_cb.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
s_cb.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
s_cb.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
s_cb.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
s_cb.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
s_cb.o: progs.h s_apps.h s_cb.c
s_client.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
s_client.o: ../include/openssl/bn.h ../include/openssl/buffer.h
s_client.o: ../include/openssl/comp.h ../include/openssl/conf.h
@ -801,21 +797,20 @@ s_client.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
s_client.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
s_client.o: ../include/openssl/engine.h ../include/openssl/err.h
s_client.o: ../include/openssl/evp.h ../include/openssl/hmac.h
s_client.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
s_client.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
s_client.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
s_client.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
s_client.o: ../include/openssl/pem.h ../include/openssl/pem2.h
s_client.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
s_client.o: ../include/openssl/safestack.h ../include/openssl/sha.h
s_client.o: ../include/openssl/srp.h ../include/openssl/srtp.h
s_client.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
s_client.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
s_client.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
s_client.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
s_client.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
s_client.o: ../include/openssl/x509v3.h apps.h progs.h s_apps.h s_client.c
s_client.o: timeouts.h
s_client.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
s_client.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
s_client.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
s_client.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
s_client.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
s_client.o: ../include/openssl/rand.h ../include/openssl/safestack.h
s_client.o: ../include/openssl/sha.h ../include/openssl/srp.h
s_client.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
s_client.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
s_client.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
s_client.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
s_client.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
s_client.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
s_client.o: progs.h s_apps.h s_client.c timeouts.h
s_server.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
s_server.o: ../include/openssl/bn.h ../include/openssl/buffer.h
s_server.o: ../include/openssl/comp.h ../include/openssl/conf.h
@ -824,22 +819,21 @@ s_server.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
s_server.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
s_server.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
s_server.o: ../include/openssl/err.h ../include/openssl/evp.h
s_server.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
s_server.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
s_server.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
s_server.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
s_server.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
s_server.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
s_server.o: ../include/openssl/rand.h ../include/openssl/rsa.h
s_server.o: ../include/openssl/safestack.h ../include/openssl/sha.h
s_server.o: ../include/openssl/srp.h ../include/openssl/srtp.h
s_server.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
s_server.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
s_server.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
s_server.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
s_server.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
s_server.o: ../include/openssl/x509v3.h apps.h progs.h s_apps.h s_server.c
s_server.o: timeouts.h
s_server.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
s_server.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
s_server.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
s_server.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
s_server.o: ../include/openssl/pem.h ../include/openssl/pem2.h
s_server.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
s_server.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
s_server.o: ../include/openssl/sha.h ../include/openssl/srp.h
s_server.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
s_server.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
s_server.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
s_server.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
s_server.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
s_server.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
s_server.o: progs.h s_apps.h s_server.c timeouts.h
s_socket.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
s_socket.o: ../include/openssl/buffer.h ../include/openssl/comp.h
s_socket.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@ -847,19 +841,19 @@ s_socket.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
s_socket.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
s_socket.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
s_socket.o: ../include/openssl/evp.h ../include/openssl/hmac.h
s_socket.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
s_socket.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
s_socket.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
s_socket.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
s_socket.o: ../include/openssl/pem.h ../include/openssl/pem2.h
s_socket.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
s_socket.o: ../include/openssl/sha.h ../include/openssl/srtp.h
s_socket.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
s_socket.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
s_socket.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
s_socket.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
s_socket.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
s_socket.o: ../include/openssl/x509v3.h apps.h progs.h s_apps.h s_socket.c
s_socket.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
s_socket.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
s_socket.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
s_socket.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
s_socket.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
s_socket.o: ../include/openssl/safestack.h ../include/openssl/sha.h
s_socket.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
s_socket.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
s_socket.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
s_socket.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
s_socket.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
s_socket.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
s_socket.o: progs.h s_apps.h s_socket.c
s_time.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
s_time.o: ../include/openssl/buffer.h ../include/openssl/comp.h
s_time.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@ -867,20 +861,19 @@ s_time.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
s_time.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
s_time.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
s_time.o: ../include/openssl/err.h ../include/openssl/evp.h
s_time.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
s_time.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
s_time.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
s_time.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
s_time.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
s_time.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
s_time.o: ../include/openssl/safestack.h ../include/openssl/sha.h
s_time.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
s_time.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
s_time.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
s_time.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
s_time.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
s_time.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
s_time.o: progs.h s_apps.h s_time.c
s_time.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
s_time.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
s_time.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
s_time.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
s_time.o: ../include/openssl/pem.h ../include/openssl/pem2.h
s_time.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
s_time.o: ../include/openssl/sha.h ../include/openssl/srtp.h
s_time.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
s_time.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
s_time.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
s_time.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
s_time.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
s_time.o: ../include/openssl/x509v3.h apps.h progs.h s_apps.h s_time.c
sess_id.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
sess_id.o: ../include/openssl/buffer.h ../include/openssl/comp.h
sess_id.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@ -888,20 +881,19 @@ sess_id.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
sess_id.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
sess_id.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
sess_id.o: ../include/openssl/err.h ../include/openssl/evp.h
sess_id.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
sess_id.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
sess_id.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
sess_id.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
sess_id.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
sess_id.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
sess_id.o: ../include/openssl/safestack.h ../include/openssl/sha.h
sess_id.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
sess_id.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
sess_id.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
sess_id.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
sess_id.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
sess_id.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
sess_id.o: progs.h sess_id.c
sess_id.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
sess_id.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
sess_id.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
sess_id.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
sess_id.o: ../include/openssl/pem.h ../include/openssl/pem2.h
sess_id.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
sess_id.o: ../include/openssl/sha.h ../include/openssl/srtp.h
sess_id.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
sess_id.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
sess_id.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
sess_id.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
sess_id.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
sess_id.o: ../include/openssl/x509v3.h apps.h progs.h sess_id.c
smime.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
smime.o: ../include/openssl/buffer.h ../include/openssl/conf.h
smime.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h

28
crypto/evp/e_des3.c
View File

@ -146,17 +146,6 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
{
DES_EDE_KEY *dat = data(ctx);
# ifdef KSSL_DEBUG
{
int i;
fprintf(stderr, "des_ede_cbc_cipher(ctx=%p, buflen=%d)\n", ctx,
ctx->buf_len);
fprintf(stderr, "\t iv= ");
for (i = 0; i < 8; i++)
fprintf(stderr, "%02X", ctx->iv[i]);
fprintf(stderr, "\n");
}
# endif /* KSSL_DEBUG */
if (dat->stream.cbc) {
(*dat->stream.cbc) (in, out, inl, &dat->ks, ctx->iv);
return 1;
@ -298,23 +287,6 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
DES_cblock *deskey = (DES_cblock *)key;
DES_EDE_KEY *dat = data(ctx);
# ifdef KSSL_DEBUG
{
int i;
fprintf(stderr, "des_ede3_init_key(ctx=%p)\n", ctx);
fprintf(stderr, "\tKEY= ");
for (i = 0; i < 24; i++)
fprintf(stderr, "%02X", key[i]);
fprintf(stderr, "\n");
if (iv) {
fprintf(stderr, "\t IV= ");
for (i = 0; i < 8; i++)
fprintf(stderr, "%02X", iv[i]);
fprintf(stderr, "\n");
}
}
# endif /* KSSL_DEBUG */
dat->stream.cbc = NULL;
# if defined(SPARC_DES_CAPABLE)
if (SPARC_DES_CAPABLE) {

197
include/openssl/kssl.h
View File

@ -1,197 +0,0 @@
/* ssl/kssl.h -*- mode: C; c-file-style: "eay" -*- */
/*
* Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project
* 2000. project 2000.
*/
/* ====================================================================
* Copyright (c) 2000 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/*
** 19990701 VRS Started.
*/
#ifndef KSSL_H
# define KSSL_H
# include <openssl/opensslconf.h>
# ifndef OPENSSL_NO_KRB5
# include <stdio.h>
# include <ctype.h>
# include <krb5.h>
# ifdef OPENSSL_SYS_WIN32
/*
* These can sometimes get redefined indirectly by krb5 header files after
* they get undefed in ossl_typ.h
*/
# undef X509_NAME
# undef X509_EXTENSIONS
# undef OCSP_REQUEST
# undef OCSP_RESPONSE
# endif
#ifdef __cplusplus
extern "C" {
#endif
/*
* Depending on which KRB5 implementation used, some types from
* the other may be missing. Resolve that here and now
*/
# ifdef KRB5_HEIMDAL
typedef unsigned char krb5_octet;
# define FAR
# else
# ifndef FAR
# define FAR
# endif
# endif
/*-
* Uncomment this to debug kssl problems or
* to trace usage of the Kerberos session key
*
* #define KSSL_DEBUG
*/
# ifndef KRB5SVC
# define KRB5SVC "host"
# endif
# ifndef KRB5KEYTAB
# define KRB5KEYTAB "/etc/krb5.keytab"
# endif
# ifndef KRB5SENDAUTH
# define KRB5SENDAUTH 1
# endif
# ifndef KRB5CHECKAUTH
# define KRB5CHECKAUTH 1
# endif
# ifndef KSSL_CLOCKSKEW
# define KSSL_CLOCKSKEW 300;
# endif
# define KSSL_ERR_MAX 255
typedef struct kssl_err_st {
int reason;
char text[KSSL_ERR_MAX + 1];
} KSSL_ERR;
/*- Context for passing
* (1) Kerberos session key to SSL, and
* (2) Config data between application and SSL lib
*/
typedef struct kssl_ctx_st {
/* used by: disposition: */
char *service_name; /* C,S default ok (kssl) */
char *service_host; /* C input, REQUIRED */
char *client_princ; /* S output from krb5 ticket */
char *keytab_file; /* S NULL (/etc/krb5.keytab) */
char *cred_cache; /* C NULL (default) */
krb5_enctype enctype;
int length;
krb5_octet FAR *key;
} KSSL_CTX;
# define KSSL_CLIENT 1
# define KSSL_SERVER 2
# define KSSL_SERVICE 3
# define KSSL_KEYTAB 4
# define KSSL_CTX_OK 0
# define KSSL_CTX_ERR 1
# define KSSL_NOMEM 2
/* Public (for use by applications that use OpenSSL with Kerberos 5 support */
krb5_error_code kssl_ctx_setstring(KSSL_CTX *kssl_ctx, int which, char *text);
KSSL_CTX *kssl_ctx_new(void);
KSSL_CTX *kssl_ctx_free(KSSL_CTX *kssl_ctx);
void kssl_ctx_show(KSSL_CTX *kssl_ctx);
krb5_error_code kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which,
krb5_data *realm, krb5_data *entity,
int nentities);
krb5_error_code kssl_cget_tkt(KSSL_CTX *kssl_ctx, krb5_data **enc_tktp,
krb5_data *authenp, KSSL_ERR *kssl_err);
krb5_error_code kssl_sget_tkt(KSSL_CTX *kssl_ctx, krb5_data *indata,
krb5_ticket_times *ttimes, KSSL_ERR *kssl_err);
krb5_error_code kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session);
void kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text);
void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data);
krb5_error_code kssl_build_principal_2(krb5_context context,
krb5_principal *princ, int rlen,
const char *realm, int slen,
const char *svc, int hlen,
const char *host);
krb5_error_code kssl_validate_times(krb5_timestamp atime,
krb5_ticket_times *ttimes);
krb5_error_code kssl_check_authent(KSSL_CTX *kssl_ctx, krb5_data *authentp,
krb5_timestamp *atimep,
KSSL_ERR *kssl_err);
unsigned char *kssl_skip_confound(krb5_enctype enctype, unsigned char *authn);
void SSL_set0_kssl_ctx(SSL *s, KSSL_CTX *kctx);
KSSL_CTX *SSL_get0_kssl_ctx(SSL *s);
char *kssl_ctx_get0_client_princ(KSSL_CTX *kctx);
#ifdef __cplusplus
}
#endif
# endif /* OPENSSL_NO_KRB5 */
#endif /* KSSL_H */

46
include/openssl/ssl.h
View File

@ -156,7 +156,6 @@
# include <openssl/pem.h>
# include <openssl/hmac.h>
# include <openssl/kssl.h>
# include <openssl/safestack.h>
# include <openssl/symhacks.h>
@ -171,35 +170,6 @@ extern "C" {
*/
# define SSL_SESSION_ASN1_VERSION 0x0001
/* text strings for the ciphers */
/*
* VRS Additional Kerberos5 entries
*/
# define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA
# define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA
# define SSL_TXT_KRB5_RC4_128_SHA SSL3_TXT_KRB5_RC4_128_SHA
# define SSL_TXT_KRB5_IDEA_128_CBC_SHA SSL3_TXT_KRB5_IDEA_128_CBC_SHA
# define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5
# define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5
# define SSL_TXT_KRB5_RC4_128_MD5 SSL3_TXT_KRB5_RC4_128_MD5
# define SSL_TXT_KRB5_IDEA_128_CBC_MD5 SSL3_TXT_KRB5_IDEA_128_CBC_MD5
# define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA
# define SSL_TXT_KRB5_RC2_40_CBC_SHA SSL3_TXT_KRB5_RC2_40_CBC_SHA
# define SSL_TXT_KRB5_RC4_40_SHA SSL3_TXT_KRB5_RC4_40_SHA
# define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5
# define SSL_TXT_KRB5_RC2_40_CBC_MD5 SSL3_TXT_KRB5_RC2_40_CBC_MD5
# define SSL_TXT_KRB5_RC4_40_MD5 SSL3_TXT_KRB5_RC4_40_MD5
# define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA
# define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5
# define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA
# define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5
# define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA
# define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5
# define SSL_MAX_KRB5_PRINCIPAL_LENGTH 256
# define SSL_MAX_SSL_SESSION_ID_LENGTH 32
# define SSL_MAX_SID_CTX_LENGTH 32
@ -207,6 +177,8 @@ extern "C" {
# define SSL_MAX_KEY_ARG_LENGTH 8
# define SSL_MAX_MASTER_KEY_LENGTH 48
/* text strings for the ciphers */
/* These are used to specify which ciphers to use and not to use */
# define SSL_TXT_EXP40 "EXPORT40"
@ -226,7 +198,6 @@ extern "C" {
# define SSL_TXT_kDH "kDH"
# define SSL_TXT_kEDH "kEDH"/* alias for kDHE */
# define SSL_TXT_kDHE "kDHE"
# define SSL_TXT_kKRB5 "kKRB5"
# define SSL_TXT_kECDHr "kECDHr"
# define SSL_TXT_kECDHe "kECDHe"
# define SSL_TXT_kECDH "kECDH"
@ -240,7 +211,6 @@ extern "C" {
# define SSL_TXT_aDSS "aDSS"
# define SSL_TXT_aDH "aDH"
# define SSL_TXT_aECDH "aECDH"
# define SSL_TXT_aKRB5 "aKRB5"
# define SSL_TXT_aECDSA "aECDSA"
# define SSL_TXT_aPSK "aPSK"
# define SSL_TXT_aGOST94 "aGOST94"
@ -259,7 +229,6 @@ extern "C" {
# define SSL_TXT_ECDHE "ECDHE"/* same as "kECDHE:-AECDH" */
# define SSL_TXT_AECDH "AECDH"
# define SSL_TXT_ECDSA "ECDSA"
# define SSL_TXT_KRB5 "KRB5"
# define SSL_TXT_PSK "PSK"
# define SSL_TXT_SRP "SRP"
@ -2238,17 +2207,6 @@ void ERR_load_SSL_strings(void);
# define SSL_R_INVALID_STATUS_RESPONSE 328
# define SSL_R_INVALID_TICKET_KEYS_LENGTH 325
# define SSL_R_INVALID_TRUST 279
# define SSL_R_KRB5 285
# define SSL_R_KRB5_C_CC_PRINC 286
# define SSL_R_KRB5_C_GET_CRED 287
# define SSL_R_KRB5_C_INIT 288
# define SSL_R_KRB5_C_MK_REQ 289
# define SSL_R_KRB5_S_BAD_TICKET 290
# define SSL_R_KRB5_S_INIT 291
# define SSL_R_KRB5_S_RD_REQ 292
# define SSL_R_KRB5_S_TKT_EXPIRED 293
# define SSL_R_KRB5_S_TKT_NYV 294
# define SSL_R_KRB5_S_TKT_SKEW 295
# define SSL_R_LENGTH_MISMATCH 159
# define SSL_R_LENGTH_TOO_SHORT 160
# define SSL_R_LIBRARY_BUG 274

35
include/openssl/ssl3.h
View File

@ -177,25 +177,6 @@ extern "C" {
# define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A
# define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B
/*
* VRS Additional Kerberos5 entries
*/
# define SSL3_CK_KRB5_DES_64_CBC_SHA 0x0300001E
# define SSL3_CK_KRB5_DES_192_CBC3_SHA 0x0300001F
# define SSL3_CK_KRB5_RC4_128_SHA 0x03000020
# define SSL3_CK_KRB5_IDEA_128_CBC_SHA 0x03000021
# define SSL3_CK_KRB5_DES_64_CBC_MD5 0x03000022
# define SSL3_CK_KRB5_DES_192_CBC3_MD5 0x03000023
# define SSL3_CK_KRB5_RC4_128_MD5 0x03000024
# define SSL3_CK_KRB5_IDEA_128_CBC_MD5 0x03000025
# define SSL3_CK_KRB5_DES_40_CBC_SHA 0x03000026
# define SSL3_CK_KRB5_RC2_40_CBC_SHA 0x03000027
# define SSL3_CK_KRB5_RC4_40_SHA 0x03000028
# define SSL3_CK_KRB5_DES_40_CBC_MD5 0x03000029
# define SSL3_CK_KRB5_RC2_40_CBC_MD5 0x0300002A
# define SSL3_CK_KRB5_RC4_40_MD5 0x0300002B
# define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5"
# define SSL3_TXT_RSA_NULL_SHA "NULL-SHA"
# define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5"
@ -239,22 +220,6 @@ extern "C" {
# define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA"
# define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA"
# define SSL3_TXT_KRB5_DES_64_CBC_SHA "KRB5-DES-CBC-SHA"
# define SSL3_TXT_KRB5_DES_192_CBC3_SHA "KRB5-DES-CBC3-SHA"
# define SSL3_TXT_KRB5_RC4_128_SHA "KRB5-RC4-SHA"
# define SSL3_TXT_KRB5_IDEA_128_CBC_SHA "KRB5-IDEA-CBC-SHA"
# define SSL3_TXT_KRB5_DES_64_CBC_MD5 "KRB5-DES-CBC-MD5"
# define SSL3_TXT_KRB5_DES_192_CBC3_MD5 "KRB5-DES-CBC3-MD5"
# define SSL3_TXT_KRB5_RC4_128_MD5 "KRB5-RC4-MD5"
# define SSL3_TXT_KRB5_IDEA_128_CBC_MD5 "KRB5-IDEA-CBC-MD5"
# define SSL3_TXT_KRB5_DES_40_CBC_SHA "EXP-KRB5-DES-CBC-SHA"
# define SSL3_TXT_KRB5_RC2_40_CBC_SHA "EXP-KRB5-RC2-CBC-SHA"
# define SSL3_TXT_KRB5_RC4_40_SHA "EXP-KRB5-RC4-SHA"
# define SSL3_TXT_KRB5_DES_40_CBC_MD5 "EXP-KRB5-DES-CBC-MD5"
# define SSL3_TXT_KRB5_RC2_40_CBC_MD5 "EXP-KRB5-RC2-CBC-MD5"
# define SSL3_TXT_KRB5_RC4_40_MD5 "EXP-KRB5-RC4-MD5"
# define SSL3_SSL_SESSION_ID_LENGTH 32
# define SSL3_MAX_SSL_SESSION_ID_LENGTH 32

1253
ssl/Makefile
View File

File diff suppressed because it is too large Load Diff

3
ssl/d1_clnt.c
View File

@ -115,9 +115,6 @@
#include <stdio.h>
#include "ssl_locl.h"
#ifndef OPENSSL_NO_KRB5
# include "kssl_lcl.h"
#endif
#include <openssl/buffer.h>
#include <openssl/rand.h>
#include <openssl/objects.h>

6
ssl/d1_srvr.c
View File

@ -531,11 +531,7 @@ int dtls1_accept(SSL *s)
* verification (against the specs, but s3_clnt.c accepts
* this for SSL 3)
*/
!(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) ||
/*
* never request cert in Kerberos ciphersuites
*/
(s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5)
!(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))
/*
* With normal PSK Certificates and Certificate Requests
* are omitted

2
ssl/install-ssl.com
View File

@ -70,7 +70,7 @@ $ if f$parse("wrk_sslinclude:") .eqs. "" then -
$ if f$parse("wrk_sslxlib:") .eqs. "" then -
create /directory /log wrk_sslxlib:
$!
$ exheader := ssl.h, ssl2.h, ssl3.h, ssl23.h, tls1.h, dtls1.h, kssl.h, srtp.h
$ exheader := ssl.h, ssl2.h, ssl3.h, ssl23.h, tls1.h, dtls1.h, srtp.h
$ libs := ssl_libssl
$!
$ xexe_dir := [-.'archd'.exe.ssl]

2252
ssl/kssl.c
View File

File diff suppressed because it is too large Load Diff

88
ssl/kssl_lcl.h
View File

@ -1,88 +0,0 @@
/* ssl/kssl.h -*- mode: C; c-file-style: "eay" -*- */
/*
* Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project
* 2000. project 2000.
*/
/* ====================================================================
* Copyright (c) 2000 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#ifndef KSSL_LCL_H
# define KSSL_LCL_H
# include <openssl/kssl.h>
# ifndef OPENSSL_NO_KRB5
#ifdef __cplusplus
extern "C" {
#endif
/* Private (internal to OpenSSL) */
void print_krb5_data(char *label, krb5_data *kdata);
void print_krb5_authdata(char *label, krb5_authdata **adata);
void print_krb5_keyblock(char *label, krb5_keyblock *keyblk);
char *kstring(char *string);
char *knumber(int len, krb5_octet *contents);
const EVP_CIPHER *kssl_map_enc(krb5_enctype enctype);
int kssl_keytab_is_available(KSSL_CTX *kssl_ctx);
int kssl_tgt_is_available(KSSL_CTX *kssl_ctx);
#ifdef __cplusplus
}
#endif
# endif /* OPENSSL_NO_KRB5 */
#endif /* KSSL_LCL_H */

33
ssl/record/ssl3_record.c
View File

@ -644,10 +644,6 @@ int tls1_enc(SSL *s, int send)
enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
}
#ifdef KSSL_DEBUG
fprintf(stderr, "tls1_enc(%d)\n", send);
#endif /* KSSL_DEBUG */
if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) {
memmove(rec->data, rec->input, rec->length);
rec->input = rec->data;
@ -707,26 +703,6 @@ int tls1_enc(SSL *s, int send)
l += i;
rec->length += i;
}
#ifdef KSSL_DEBUG
{
unsigned long ui;
fprintf(stderr,
"EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n",
ds, rec->data, rec->input, l);
fprintf(stderr,
"\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%lu %lu], %d iv_len\n",
ds->buf_len, ds->cipher->key_len, DES_KEY_SZ,
DES_SCHEDULE_SZ, ds->cipher->iv_len);
fprintf(stderr, "\t\tIV: ");
for (i = 0; i < ds->cipher->iv_len; i++)
fprintf(stderr, "%02X", ds->iv[i]);
fprintf(stderr, "\n");
fprintf(stderr, "\trec->input=");
for (ui = 0; ui < l; ui++)
fprintf(stderr, " %02x", rec->input[ui]);
fprintf(stderr, "\n");
}
#endif /* KSSL_DEBUG */
if (!send) {
if (l == 0 || l % bs != 0)
@ -743,15 +719,6 @@ int tls1_enc(SSL *s, int send)
rec->input += EVP_GCM_TLS_EXPLICIT_IV_LEN;
rec->length -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
}
#ifdef KSSL_DEBUG
{
unsigned long i;
fprintf(stderr, "\trec->data=");
for (i = 0; i < l; i++)
fprintf(stderr, " %02x", rec->data[i]);
fprintf(stderr, "\n");
}
#endif /* KSSL_DEBUG */
ret = 1;
if (!SSL_USE_ETM(s) && EVP_MD_CTX_md(s->read_hash) != NULL)

174
ssl/s3_clnt.c
View File

@ -150,7 +150,6 @@
#include <stdio.h>
#include "ssl_locl.h"
#include "kssl_lcl.h"
#include <openssl/buffer.h>
#include <openssl/rand.h>
#include <openssl/objects.h>
@ -1161,7 +1160,7 @@ int ssl3_get_server_hello(SSL *s)
int ssl3_get_server_certificate(SSL *s)
{
int al, i, ok, ret = -1;
int al, i, ok, ret = -1, exp_idx;
unsigned long n, nc, llen, l;
X509 *x = NULL;
const unsigned char *q, *p;
@ -1169,8 +1168,6 @@ int ssl3_get_server_certificate(SSL *s)
STACK_OF(X509) *sk = NULL;
SESS_CERT *sc;
EVP_PKEY *pkey = NULL;
int need_cert = 1; /* VRS: 0=> will allow null cert if auth ==
* KRB5 */
n = s->method->ssl_get_message(s,
SSL3_ST_CR_CERT_A,
@ -1180,9 +1177,7 @@ int ssl3_get_server_certificate(SSL *s)
if (!ok)
return ((int)n);
if ((s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) ||
((s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5) &&
(s->s3->tmp.message_type == SSL3_MT_SERVER_DONE))) {
if (s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) {
s->s3->tmp.reuse_message = 1;
return (1);
}
@ -1237,12 +1232,7 @@ int ssl3_get_server_certificate(SSL *s)
}
i = ssl_verify_cert_chain(s, sk);
if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)
#ifndef OPENSSL_NO_KRB5
&& !((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5) &&
(s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5))
#endif /* OPENSSL_NO_KRB5 */
) {
if (s->verify_mode != SSL_VERIFY_NONE && i <= 0) {
al = ssl_verify_alarm_type(s->verify_result);
SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
SSL_R_CERTIFICATE_VERIFY_FAILED);
@ -1275,21 +1265,7 @@ int ssl3_get_server_certificate(SSL *s)
pkey = X509_get_pubkey(x);
/* VRS: allow null cert if auth == KRB5 */
need_cert = ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5) &&
(s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5))
? 0 : 1;
#ifdef KSSL_DEBUG
fprintf(stderr, "pkey,x = %p, %p\n", pkey, x);
fprintf(stderr, "ssl_cert_type(x,pkey) = %d\n", ssl_cert_type(x, pkey));
fprintf(stderr, "cipher, alg, nc = %s, %lx, %lx, %d\n",
s->s3->tmp.new_cipher->name,
s->s3->tmp.new_cipher->algorithm_mkey,
s->s3->tmp.new_cipher->algorithm_auth, need_cert);
#endif /* KSSL_DEBUG */
if (need_cert && ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey))) {
if (pkey == NULL || EVP_PKEY_missing_parameters(pkey)) {
x = NULL;
al = SSL3_AL_FATAL;
SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
@ -1298,7 +1274,7 @@ int ssl3_get_server_certificate(SSL *s)
}
i = ssl_cert_type(x, pkey);
if (need_cert && i < 0) {
if (i < 0) {
x = NULL;
al = SSL3_AL_FATAL;
SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
@ -1306,8 +1282,7 @@ int ssl3_get_server_certificate(SSL *s)
goto f_err;
}
if (need_cert) {
int exp_idx = ssl_cipher_get_cert_index(s->s3->tmp.new_cipher);
exp_idx = ssl_cipher_get_cert_index(s->s3->tmp.new_cipher);
if (exp_idx >= 0 && i != exp_idx) {
x = NULL;
al = SSL_AD_ILLEGAL_PARAMETER;
@ -1328,13 +1303,6 @@ int ssl3_get_server_certificate(SSL *s)
X509_free(s->session->peer);
CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
s->session->peer = x;
} else {
sc->peer_cert_type = i;
sc->peer_key = NULL;
X509_free(s->session->peer);
s->session->peer = NULL;
}
s->session->verify_result = s->verify_result;
x = NULL;
@ -2328,9 +2296,6 @@ int ssl3_send_client_key_exchange(SSL *s)
unsigned char *q;
EVP_PKEY *pkey = NULL;
#endif
#ifndef OPENSSL_NO_KRB5
KSSL_ERR kssl_err;
#endif /* OPENSSL_NO_KRB5 */
#ifndef OPENSSL_NO_EC
EC_KEY *clnt_ecdh = NULL;
const EC_POINT *srvr_ecpoint = NULL;
@ -2413,131 +2378,6 @@ int ssl3_send_client_key_exchange(SSL *s)
}
}
#endif
#ifndef OPENSSL_NO_KRB5
else if (alg_k & SSL_kKRB5) {
krb5_error_code krb5rc;
KSSL_CTX *kssl_ctx = s->kssl_ctx;
/* krb5_data krb5_ap_req; */
krb5_data *enc_ticket;
krb5_data authenticator, *authp = NULL;
EVP_CIPHER_CTX ciph_ctx;
const EVP_CIPHER *enc = NULL;
unsigned char iv[EVP_MAX_IV_LENGTH];
unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH + EVP_MAX_IV_LENGTH];
int padl, outl = sizeof(epms);
EVP_CIPHER_CTX_init(&ciph_ctx);
# ifdef KSSL_DEBUG
fprintf(stderr, "ssl3_send_client_key_exchange(%lx & %lx)\n",
alg_k, SSL_kKRB5);
# endif /* KSSL_DEBUG */
authp = NULL;
# ifdef KRB5SENDAUTH
if (KRB5SENDAUTH)
authp = &authenticator;
# endif /* KRB5SENDAUTH */
krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp, &kssl_err);
enc = kssl_map_enc(kssl_ctx->enctype);
if (enc == NULL)
goto err;
# ifdef KSSL_DEBUG
{
fprintf(stderr, "kssl_cget_tkt rtn %d\n", krb5rc);
if (krb5rc && kssl_err.text)
fprintf(stderr, "kssl_cget_tkt kssl_err=%s\n",
kssl_err.text);
}
# endif /* KSSL_DEBUG */
if (krb5rc) {
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, kssl_err.reason);
goto err;
}
/*-
* 20010406 VRS - Earlier versions used KRB5 AP_REQ
* in place of RFC 2712 KerberosWrapper, as in:
*
* Send ticket (copy to *p, set n = length)
* n = krb5_ap_req.length;
* memcpy(p, krb5_ap_req.data, krb5_ap_req.length);
* if (krb5_ap_req.data)
* kssl_krb5_free_data_contents(NULL,&krb5_ap_req);
*
* Now using real RFC 2712 KerberosWrapper
* (Thanks to Simon Wilkinson <sxw@sxw.org.uk>)
* Note: 2712 "opaque" types are here replaced
* with a 2-byte length followed by the value.
* Example:
* KerberosWrapper= xx xx asn1ticket 0 0 xx xx encpms
* Where "xx xx" = length bytes. Shown here with
* optional authenticator omitted.
*/
/* KerberosWrapper.Ticket */
s2n(enc_ticket->length, p);
memcpy(p, enc_ticket->data, enc_ticket->length);
p += enc_ticket->length;
n = enc_ticket->length + 2;
/* KerberosWrapper.Authenticator */
if (authp && authp->length) {
s2n(authp->length, p);
memcpy(p, authp->data, authp->length);
p += authp->length;
n += authp->length + 2;
free(authp->data);
authp->data = NULL;
authp->length = 0;
} else {
s2n(0, p); /* null authenticator length */
n += 2;
}
pmslen = SSL_MAX_MASTER_KEY_LENGTH;
pms = OPENSSL_malloc(pmslen);
if (!pms)
goto memerr;
pms[0] = s->client_version >> 8;
pms[1] = s->client_version & 0xff;
if (RAND_bytes(pms + 2, pmslen - 2) <= 0)
goto err;
/*-
* 20010420 VRS. Tried it this way; failed.
* EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);
* EVP_CIPHER_CTX_set_key_length(&ciph_ctx,
* kssl_ctx->length);
* EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);
*/
memset(iv, 0, sizeof(iv)); /* per RFC 1510 */
EVP_EncryptInit_ex(&ciph_ctx, enc, NULL, kssl_ctx->key, iv);
EVP_EncryptUpdate(&ciph_ctx, epms, &outl, pms, pmslen);
EVP_EncryptFinal_ex(&ciph_ctx, &(epms[outl]), &padl);
outl += padl;
if (outl > (int)sizeof epms) {
SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
ERR_R_INTERNAL_ERROR);
goto err;
}
EVP_CIPHER_CTX_cleanup(&ciph_ctx);
/* KerberosWrapper.EncryptedPreMasterSecret */
s2n(outl, p);
memcpy(p, epms, outl);
p += outl;
n += outl + 2;
OPENSSL_cleanse(epms, outl);
}
#endif
#ifndef OPENSSL_NO_DH
else if (alg_k & (SSL_kDHE | SSL_kDHr | SSL_kDHd)) {
DH *dh_srvr, *dh_clnt;
@ -3394,7 +3234,7 @@ int ssl3_check_cert_and_algorithm(SSL *s)
alg_a = s->s3->tmp.new_cipher->algorithm_auth;
/* we don't have a certificate */
if ((alg_a & (SSL_aNULL | SSL_aKRB5)) || (alg_k & SSL_kPSK))
if ((alg_a & SSL_aNULL) || (alg_k & SSL_kPSK))
return (1);
sc = s->session->sess_cert;

241
ssl/s3_lib.c
View File

@ -151,7 +151,6 @@
#include <stdio.h>
#include <openssl/objects.h>
#include "ssl_locl.h"
#include "kssl_lcl.h"
#include <openssl/md5.h>
#ifndef OPENSSL_NO_DH
# include <openssl/dh.h>
@ -601,233 +600,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
168,
},
#ifndef OPENSSL_NO_KRB5
/* The Kerberos ciphers*/
/* Cipher 1E */
{
1,
SSL3_TXT_KRB5_DES_64_CBC_SHA,
SSL3_CK_KRB5_DES_64_CBC_SHA,
SSL_kKRB5,
SSL_aKRB5,
SSL_DES,
SSL_SHA1,
SSL_SSLV3,
SSL_NOT_EXP | SSL_LOW,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
56,
56,
},
/* Cipher 1F */
{
1,
SSL3_TXT_KRB5_DES_192_CBC3_SHA,
SSL3_CK_KRB5_DES_192_CBC3_SHA,
SSL_kKRB5,
SSL_aKRB5,
SSL_3DES,
SSL_SHA1,
SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
},
/* Cipher 20 */
{
1,
SSL3_TXT_KRB5_RC4_128_SHA,
SSL3_CK_KRB5_RC4_128_SHA,
SSL_kKRB5,
SSL_aKRB5,
SSL_RC4,
SSL_SHA1,
SSL_SSLV3,
SSL_NOT_EXP | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
/* Cipher 21 */
{
1,
SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
SSL3_CK_KRB5_IDEA_128_CBC_SHA,
SSL_kKRB5,
SSL_aKRB5,
SSL_IDEA,
SSL_SHA1,
SSL_SSLV3,
SSL_NOT_EXP | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
/* Cipher 22 */
{
1,
SSL3_TXT_KRB5_DES_64_CBC_MD5,
SSL3_CK_KRB5_DES_64_CBC_MD5,
SSL_kKRB5,
SSL_aKRB5,
SSL_DES,
SSL_MD5,
SSL_SSLV3,
SSL_NOT_EXP | SSL_LOW,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
56,
56,
},
/* Cipher 23 */
{
1,
SSL3_TXT_KRB5_DES_192_CBC3_MD5,
SSL3_CK_KRB5_DES_192_CBC3_MD5,
SSL_kKRB5,
SSL_aKRB5,
SSL_3DES,
SSL_MD5,
SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
},
/* Cipher 24 */
{
1,
SSL3_TXT_KRB5_RC4_128_MD5,
SSL3_CK_KRB5_RC4_128_MD5,
SSL_kKRB5,
SSL_aKRB5,
SSL_RC4,
SSL_MD5,
SSL_SSLV3,
SSL_NOT_EXP | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
/* Cipher 25 */
{
1,
SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
SSL3_CK_KRB5_IDEA_128_CBC_MD5,
SSL_kKRB5,
SSL_aKRB5,
SSL_IDEA,
SSL_MD5,
SSL_SSLV3,
SSL_NOT_EXP | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
/* Cipher 26 */
{
1,
SSL3_TXT_KRB5_DES_40_CBC_SHA,
SSL3_CK_KRB5_DES_40_CBC_SHA,
SSL_kKRB5,
SSL_aKRB5,
SSL_DES,
SSL_SHA1,
SSL_SSLV3,
SSL_EXPORT | SSL_EXP40,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
40,
56,
},
/* Cipher 27 */
{
1,
SSL3_TXT_KRB5_RC2_40_CBC_SHA,
SSL3_CK_KRB5_RC2_40_CBC_SHA,
SSL_kKRB5,
SSL_aKRB5,
SSL_RC2,
SSL_SHA1,
SSL_SSLV3,
SSL_EXPORT | SSL_EXP40,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
40,
128,
},
/* Cipher 28 */
{
1,
SSL3_TXT_KRB5_RC4_40_SHA,
SSL3_CK_KRB5_RC4_40_SHA,
SSL_kKRB5,
SSL_aKRB5,
SSL_RC4,
SSL_SHA1,
SSL_SSLV3,
SSL_EXPORT | SSL_EXP40,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
40,
128,
},
/* Cipher 29 */
{
1,
SSL3_TXT_KRB5_DES_40_CBC_MD5,
SSL3_CK_KRB5_DES_40_CBC_MD5,
SSL_kKRB5,
SSL_aKRB5,
SSL_DES,
SSL_MD5,
SSL_SSLV3,
SSL_EXPORT | SSL_EXP40,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
40,
56,
},
/* Cipher 2A */
{
1,
SSL3_TXT_KRB5_RC2_40_CBC_MD5,
SSL3_CK_KRB5_RC2_40_CBC_MD5,
SSL_kKRB5,
SSL_aKRB5,
SSL_RC2,
SSL_MD5,
SSL_SSLV3,
SSL_EXPORT | SSL_EXP40,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
40,
128,
},
/* Cipher 2B */
{
1,
SSL3_TXT_KRB5_RC4_40_MD5,
SSL3_CK_KRB5_RC4_40_MD5,
SSL_kKRB5,
SSL_aKRB5,
SSL_RC4,
SSL_MD5,
SSL_SSLV3,
SSL_EXPORT | SSL_EXP40,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
40,
128,
},
#endif /* OPENSSL_NO_KRB5 */
/* New AES ciphersuites */
/* Cipher 2F */
{
@ -4124,22 +3896,9 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
}
#endif
#ifdef KSSL_DEBUG
/*
* fprintf(stderr,"ssl3_choose_cipher %d alg= %lx\n",
* i,c->algorithms);
*/
#endif /* KSSL_DEBUG */
alg_k = c->algorithm_mkey;
alg_a = c->algorithm_auth;
#ifndef OPENSSL_NO_KRB5
if (alg_k & SSL_kKRB5) {
if (!kssl_keytab_is_available(s->kssl_ctx))
continue;
}
#endif /* OPENSSL_NO_KRB5 */
#ifndef OPENSSL_NO_PSK
/* with PSK there must be server callback set */
if ((alg_k & SSL_kPSK) && s->psk_server_callback == NULL)

206
ssl/s3_srvr.c
View File

@ -151,7 +151,6 @@
#include <stdio.h>
#include "ssl_locl.h"
#include "kssl_lcl.h"
#include "../crypto/constant_time_locl.h"
#include <openssl/buffer.h>
#include <openssl/rand.h>
@ -163,9 +162,6 @@
# include <openssl/dh.h>
#endif
#include <openssl/bn.h>
#ifndef OPENSSL_NO_KRB5
# include <openssl/krb5_asn.h>
#endif
#include <openssl/md5.h>
#ifndef OPENSSL_NO_SSL3_METHOD
@ -421,11 +417,10 @@ int ssl3_accept(SSL *s)
case SSL3_ST_SW_CERT_A:
case SSL3_ST_SW_CERT_B:
/* Check if it is anon DH or anon ECDH, */
/* normal PSK or KRB5 or SRP */
/* normal PSK or SRP */
if (!
(s->s3->tmp.
new_cipher->algorithm_auth & (SSL_aNULL | SSL_aKRB5 |
SSL_aSRP))
new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
&& !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
ret = ssl3_send_server_certificate(s);
if (ret <= 0)
@ -522,10 +517,6 @@ int ssl3_accept(SSL *s)
* this for SSL 3)
*/
!(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) ||
/*
* never request cert in Kerberos ciphersuites
*/
(s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5) ||
/* don't request certificate for SRP auth */
(s->s3->tmp.new_cipher->algorithm_auth & SSL_aSRP)
/*
@ -2123,9 +2114,6 @@ int ssl3_get_client_key_exchange(SSL *s)
BIGNUM *pub = NULL;
DH *dh_srvr, *dh_clnt = NULL;
#endif
#ifndef OPENSSL_NO_KRB5
KSSL_ERR kssl_err;
#endif /* OPENSSL_NO_KRB5 */
#ifndef OPENSSL_NO_EC
EC_KEY *srvr_ecdh = NULL;
@ -2391,189 +2379,6 @@ int ssl3_get_client_key_exchange(SSL *s)
return 2;
} else
#endif
#ifndef OPENSSL_NO_KRB5
if (alg_k & SSL_kKRB5) {
krb5_error_code krb5rc;
krb5_data enc_ticket;
krb5_data authenticator;
krb5_data enc_pms;
KSSL_CTX *kssl_ctx = s->kssl_ctx;
EVP_CIPHER_CTX ciph_ctx;
const EVP_CIPHER *enc = NULL;
unsigned char iv[EVP_MAX_IV_LENGTH];
unsigned char pms[SSL_MAX_MASTER_KEY_LENGTH + EVP_MAX_BLOCK_LENGTH];
int padl, outl;
krb5_timestamp authtime = 0;
krb5_ticket_times ttimes;
EVP_CIPHER_CTX_init(&ciph_ctx);
if (!kssl_ctx)
kssl_ctx = kssl_ctx_new();
n2s(p, i);
enc_ticket.length = i;
if (n < (long)(enc_ticket.length + 6)) {
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
SSL_R_DATA_LENGTH_TOO_LONG);
goto err;
}
enc_ticket.data = (char *)p;
p += enc_ticket.length;
n2s(p, i);
authenticator.length = i;
if (n < (long)(enc_ticket.length + authenticator.length + 6)) {
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
SSL_R_DATA_LENGTH_TOO_LONG);
goto err;
}
authenticator.data = (char *)p;
p += authenticator.length;
n2s(p, i);
enc_pms.length = i;
enc_pms.data = (char *)p;
p += enc_pms.length;
/*
* Note that the length is checked again below, ** after decryption
*/
if (enc_pms.length > sizeof pms) {
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
SSL_R_DATA_LENGTH_TOO_LONG);
goto err;
}
if (n != (long)(enc_ticket.length + authenticator.length +
enc_pms.length + 6)) {
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
SSL_R_DATA_LENGTH_TOO_LONG);
goto err;
}
if ((krb5rc = kssl_sget_tkt(kssl_ctx, &enc_ticket, &ttimes,
&kssl_err)) != 0) {
# ifdef KSSL_DEBUG
fprintf(stderr, "kssl_sget_tkt rtn %d [%d]\n",
krb5rc, kssl_err.reason);
if (kssl_err.text)
fprintf(stderr, "kssl_err text= %s\n", kssl_err.text);
# endif /* KSSL_DEBUG */
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, kssl_err.reason);
goto err;
}
/*
* Note: no authenticator is not considered an error, ** but will
* return authtime == 0.
*/
if ((krb5rc = kssl_check_authent(kssl_ctx, &authenticator,
&authtime, &kssl_err)) != 0) {
# ifdef KSSL_DEBUG
fprintf(stderr, "kssl_check_authent rtn %d [%d]\n",
krb5rc, kssl_err.reason);
if (kssl_err.text)
fprintf(stderr, "kssl_err text= %s\n", kssl_err.text);
# endif /* KSSL_DEBUG */
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, kssl_err.reason);
goto err;
}
if ((krb5rc = kssl_validate_times(authtime, &ttimes)) != 0) {
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, krb5rc);
goto err;
}
# ifdef KSSL_DEBUG
kssl_ctx_show(kssl_ctx);
# endif /* KSSL_DEBUG */
enc = kssl_map_enc(kssl_ctx->enctype);
if (enc == NULL)
goto err;
memset(iv, 0, sizeof(iv)); /* per RFC 1510 */
if (!EVP_DecryptInit_ex(&ciph_ctx, enc, NULL, kssl_ctx->key, iv)) {
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
SSL_R_DECRYPTION_FAILED);
goto err;
}
if (!EVP_DecryptUpdate(&ciph_ctx, pms, &outl,
(unsigned char *)enc_pms.data, enc_pms.length))
{
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
SSL_R_DECRYPTION_FAILED);
goto err;
}
if (outl > SSL_MAX_MASTER_KEY_LENGTH) {
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
SSL_R_DATA_LENGTH_TOO_LONG);
goto err;
}
if (!EVP_DecryptFinal_ex(&ciph_ctx, &(pms[outl]), &padl)) {
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
SSL_R_DECRYPTION_FAILED);
goto err;
}
outl += padl;
if (outl > SSL_MAX_MASTER_KEY_LENGTH) {
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
SSL_R_DATA_LENGTH_TOO_LONG);
goto err;
}
if (!((pms[0] == (s->client_version >> 8))
&& (pms[1] == (s->client_version & 0xff)))) {
/*
* The premaster secret must contain the same version number as
* the ClientHello to detect version rollback attacks (strangely,
* the protocol does not offer such protection for DH
* ciphersuites). However, buggy clients exist that send random
* bytes instead of the protocol version. If
* SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients.
* (Perhaps we should have a separate BUG value for the Kerberos
* cipher)
*/
if (!(s->options & SSL_OP_TLS_ROLLBACK_BUG)) {
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
SSL_AD_DECODE_ERROR);
goto err;
}
}
EVP_CIPHER_CTX_cleanup(&ciph_ctx);
s->session->master_key_length =
s->method->ssl3_enc->generate_master_secret(s,
s->
session->master_key,
pms, outl);
if (s->session->master_key_length < 0) {
al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
goto f_err;
}
if (kssl_ctx->client_princ) {
size_t len = strlen(kssl_ctx->client_princ);
if (len < SSL_MAX_KRB5_PRINCIPAL_LENGTH) {
s->session->krb5_client_princ_len = len;
memcpy(s->session->krb5_client_princ, kssl_ctx->client_princ,
len);
}
}
/*- Was doing kssl_ctx_free() here,
* but it caused problems for apache.
* kssl_ctx = kssl_ctx_free(kssl_ctx);
* if (s->kssl_ctx) s->kssl_ctx = NULL;
*/
} else
#endif /* OPENSSL_NO_KRB5 */
#ifndef OPENSSL_NO_EC
if (alg_k & (SSL_kECDHE | SSL_kECDHr | SSL_kECDHe)) {
@ -3303,15 +3108,10 @@ int ssl3_send_server_certificate(SSL *s)
if (s->state == SSL3_ST_SW_CERT_A) {
cpk = ssl_get_server_send_pkey(s);
if (cpk == NULL) {
/* VRS: allow null cert if auth == KRB5 */
if ((s->s3->tmp.new_cipher->algorithm_auth != SSL_aKRB5) ||
(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5)) {
SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE,
ERR_R_INTERNAL_ERROR);
SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE, ERR_R_INTERNAL_ERROR);
s->state = SSL_ST_ERR;
return (0);
}
}
if (!ssl3_output_cert_chain(s, cpk)) {
SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE, ERR_R_INTERNAL_ERROR);

2
ssl/ssl-lib.com
View File

@ -215,7 +215,7 @@ $ LIB_SSL = "s3_meth, s3_srvr, s3_clnt, s3_lib, s3_enc,s3_pkt,s3_both,s3_cbc,"+
"ssl_lib,ssl_err2,ssl_cert,ssl_sess,"+ -
"ssl_ciph,ssl_stat,ssl_rsa,"+ -
"ssl_asn1,ssl_txt,ssl_algs,ssl_conf,"+ -
"bio_ssl,ssl_err,kssl,t1_reneg,tls_srp,t1_trce,ssl_utst"
"bio_ssl,ssl_err,t1_reneg,tls_srp,t1_trce,ssl_utst"
$!
$! Tell The User That We Are Compiling The Library.
$!

22
ssl/ssl_asn1.c
View File

@ -95,9 +95,6 @@ typedef struct {
ASN1_OCTET_STRING *comp_id;
ASN1_OCTET_STRING *master_key;
ASN1_OCTET_STRING *session_id;
#ifndef OPENSSL_NO_KRB5
ASN1_OCTET_STRING *krb5_princ;
#endif
ASN1_OCTET_STRING *key_arg;
long time;
long timeout;
@ -125,9 +122,6 @@ ASN1_SEQUENCE(SSL_SESSION_ASN1) = {
ASN1_SIMPLE(SSL_SESSION_ASN1, cipher, ASN1_OCTET_STRING),
ASN1_SIMPLE(SSL_SESSION_ASN1, session_id, ASN1_OCTET_STRING),
ASN1_SIMPLE(SSL_SESSION_ASN1, master_key, ASN1_OCTET_STRING),
#ifndef OPENSSL_NO_KRB5
ASN1_OPT(SSL_SESSION_ASN1, krb5_princ, ASN1_OCTET_STRING),
#endif
ASN1_IMP_OPT(SSL_SESSION_ASN1, key_arg, ASN1_OCTET_STRING, 0),
ASN1_EXP_OPT(SSL_SESSION_ASN1, time, ZLONG, 1),
ASN1_EXP_OPT(SSL_SESSION_ASN1, timeout, ZLONG, 2),
@ -195,10 +189,6 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
ASN1_OCTET_STRING tlsext_hostname, tlsext_tick;
#endif
#ifndef OPENSSL_NO_KRB5
ASN1_OCTET_STRING krb5_princ;
#endif
#ifndef OPENSSL_NO_SRP
ASN1_OCTET_STRING srp_username;
#endif
@ -241,12 +231,6 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
ssl_session_oinit(&as.session_id_context, &sid_ctx,
in->sid_ctx, in->sid_ctx_length);
#ifndef OPENSSL_NO_KRB5
if (in->krb5_client_princ_len) {
ssl_session_oinit(&as.krb5_princ, &krb5_princ,
in->krb5_client_princ, in->krb5_client_princ_len);
}
#endif /* OPENSSL_NO_KRB5 */
as.time = in->time;
as.timeout = in->timeout;
@ -368,12 +352,6 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
ret->master_key_length = tmpl;
#ifndef OPENSSL_NO_KRB5
if (!ssl_session_memcpy(ret->krb5_client_princ, &ret->krb5_client_princ_len,
as->krb5_princ, SSL_MAX_KRB5_PRINCIPAL_LENGTH))
goto err;
#endif /* OPENSSL_NO_KRB5 */
if (as->time != 0)
ret->time = as->time;
else

39
ssl/ssl_ciph.c
View File

@ -305,8 +305,6 @@ static const SSL_CIPHER cipher_aliases[] = {
{0, SSL_TXT_DH, 0, SSL_kDHr | SSL_kDHd | SSL_kDHE, 0, 0, 0, 0, 0, 0, 0,
0},
{0, SSL_TXT_kKRB5, 0, SSL_kKRB5, 0, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_kECDHr, 0, SSL_kECDHr, 0, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_kECDHe, 0, SSL_kECDHe, 0, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_kECDH, 0, SSL_kECDHr | SSL_kECDHe, 0, 0, 0, 0, 0, 0, 0, 0},
@ -323,7 +321,6 @@ static const SSL_CIPHER cipher_aliases[] = {
{0, SSL_TXT_aRSA, 0, 0, SSL_aRSA, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_aDSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_DSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_aKRB5, 0, 0, SSL_aKRB5, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_aNULL, 0, 0, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
/* no such ciphersuites supported! */
{0, SSL_TXT_aDH, 0, 0, SSL_aDH, 0, 0, 0, 0, 0, 0, 0},
@ -342,7 +339,6 @@ static const SSL_CIPHER cipher_aliases[] = {
{0, SSL_TXT_EECDH, 0, SSL_kECDHE, ~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_ECDHE, 0, SSL_kECDHE, ~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_NULL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_KRB5, 0, SSL_kKRB5, SSL_aKRB5, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_RSA, 0, SSL_kRSA, SSL_aRSA, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_ADH, 0, SSL_kDHE, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_AECDH, 0, SSL_kECDHE, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
@ -693,10 +689,6 @@ static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth,
*mkey |= SSL_kDHr | SSL_kDHd | SSL_kDHE;
*auth |= SSL_aDH;
#endif
#ifdef OPENSSL_NO_KRB5
*mkey |= SSL_kKRB5;
*auth |= SSL_aKRB5;
#endif
#ifdef OPENSSL_NO_EC
*mkey |= SSL_kECDHe | SSL_kECDHr;
*auth |= SSL_aECDSA | SSL_aECDH;
@ -801,10 +793,6 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
co_list[co_list_num].prev = NULL;
co_list[co_list_num].active = 0;
co_list_num++;
#ifdef KSSL_DEBUG
fprintf(stderr, "\t%d: %s %lx %lx %lx\n", i, c->name, c->id,
c->algorithm_mkey, c->algorithm_auth);
#endif /* KSSL_DEBUG */
/*
* if (!sk_push(ca_list,(char *)c)) goto err;
*/
@ -1446,10 +1434,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK
* it is used for allocation.
*/
num_of_ciphers = ssl_method->num_ciphers();
#ifdef KSSL_DEBUG
fprintf(stderr, "ssl_create_cipher_list() for %d ciphers\n",
num_of_ciphers);
#endif /* KSSL_DEBUG */
co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers);
if (co_list == NULL) {
SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
@ -1502,8 +1487,6 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK
&tail);
ssl_cipher_apply_rule(0, SSL_kPSK, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
&tail);
ssl_cipher_apply_rule(0, SSL_kKRB5, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
&tail);
/* RC4 is sort-of broken -- move the the end */
ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head,
@ -1616,13 +1599,8 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
const char *ver, *exp_str;
const char *kx, *au, *enc, *mac;
unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl;
#ifdef KSSL_DEBUG
static const char *format =
"%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx/%lx/%lx/%lx/%lx\n";
#else
static const char *format =
"%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";
#endif /* KSSL_DEBUG */
alg_mkey = cipher->algorithm_mkey;
alg_auth = cipher->algorithm_auth;
@ -1652,9 +1630,6 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
case SSL_kDHd:
kx = "DH/DSS";
break;
case SSL_kKRB5:
kx = "KRB5";
break;
case SSL_kDHE:
kx = is_export ? (pkl == 512 ? "DH(512)" : "DH(1024)") : "DH";
break;
@ -1690,9 +1665,6 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
case SSL_aDH:
au = "DH";
break;
case SSL_aKRB5:
au = "KRB5";
break;
case SSL_aECDH:
au = "ECDH";
break;
@ -1802,13 +1774,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
} else if (len < 128)
return ("Buffer too small");
#ifdef KSSL_DEBUG
BIO_snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac,
exp_str, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl);
#else
BIO_snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac,
exp_str);
#endif /* KSSL_DEBUG */
return (buf);
}
@ -2000,9 +1968,6 @@ int ssl_cipher_get_cert_index(const SSL_CIPHER *c)
return SSL_PKEY_DSA_SIGN;
else if (alg_a & SSL_aRSA)
return SSL_PKEY_RSA_ENC;
else if (alg_a & SSL_aKRB5)
/* VRS something else here? */
return -1;
else if (alg_a & SSL_aGOST94)
return SSL_PKEY_GOST94;
else if (alg_a & SSL_aGOST01)

11
ssl/ssl_err.c
View File

@ -462,17 +462,6 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
{ERR_REASON(SSL_R_INVALID_TICKET_KEYS_LENGTH),
"invalid ticket keys length"},
{ERR_REASON(SSL_R_INVALID_TRUST), "invalid trust"},
{ERR_REASON(SSL_R_KRB5), "krb5"},
{ERR_REASON(SSL_R_KRB5_C_CC_PRINC), "krb5 client cc principal (no tkt?)"},
{ERR_REASON(SSL_R_KRB5_C_GET_CRED), "krb5 client get cred"},
{ERR_REASON(SSL_R_KRB5_C_INIT), "krb5 client init"},
{ERR_REASON(SSL_R_KRB5_C_MK_REQ), "krb5 client mk_req (expired tkt?)"},
{ERR_REASON(SSL_R_KRB5_S_BAD_TICKET), "krb5 server bad ticket"},
{ERR_REASON(SSL_R_KRB5_S_INIT), "krb5 server init"},
{ERR_REASON(SSL_R_KRB5_S_RD_REQ), "krb5 server rd_req (keytab perms?)"},
{ERR_REASON(SSL_R_KRB5_S_TKT_EXPIRED), "krb5 server tkt expired"},
{ERR_REASON(SSL_R_KRB5_S_TKT_NYV), "krb5 server tkt not yet valid"},
{ERR_REASON(SSL_R_KRB5_S_TKT_SKEW), "krb5 server tkt skew"},
{ERR_REASON(SSL_R_LENGTH_MISMATCH), "length mismatch"},
{ERR_REASON(SSL_R_LENGTH_TOO_SHORT), "length too short"},
{ERR_REASON(SSL_R_LIBRARY_BUG), "library bug"},

17
ssl/ssl_lib.c
View File

@ -147,7 +147,6 @@
#endif
#include <stdio.h>
#include "ssl_locl.h"
#include "kssl_lcl.h"
#include <openssl/objects.h>
#include <openssl/lhash.h>
#include <openssl/x509v3.h>
@ -279,10 +278,6 @@ SSL *SSL_new(SSL_CTX *ctx)
RECORD_LAYER_init(&s->rlayer, s);
#ifndef OPENSSL_NO_KRB5
s->kssl_ctx = kssl_ctx_new();
#endif /* OPENSSL_NO_KRB5 */
s->options = ctx->options;
s->mode = ctx->mode;
s->max_cert_list = ctx->max_cert_list;
@ -584,11 +579,6 @@ void SSL_free(SSL *s)
SSL_CTX_free(s->ctx);
#ifndef OPENSSL_NO_KRB5
if (s->kssl_ctx != NULL)
kssl_ctx_free(s->kssl_ctx);
#endif /* OPENSSL_NO_KRB5 */
#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
OPENSSL_free(s->next_proto_negotiated);
#endif
@ -2217,13 +2207,6 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
mask_a |= SSL_aNULL;
emask_a |= SSL_aNULL;
#ifndef OPENSSL_NO_KRB5
mask_k |= SSL_kKRB5;
mask_a |= SSL_aKRB5;
emask_k |= SSL_kKRB5;
emask_a |= SSL_aKRB5;
#endif
/*
* An ECC certificate may be usable for ECDH and/or ECDSA cipher suites
* depending on the key usage extension.

13
ssl/ssl_locl.h
View File

@ -300,8 +300,6 @@
# define SSL_kDHE 0x00000008L
/* synonym */
# define SSL_kEDH SSL_kDHE
/* Kerberos5 key exchange */
# define SSL_kKRB5 0x00000010L
/* ECDH cert, RSA CA cert */
# define SSL_kECDHr 0x00000020L
/* ECDH cert, ECDSA CA cert */
@ -328,8 +326,6 @@
# define SSL_aDH 0x00000008L
/* Fixed ECDH auth (kECDHe or kECDHr) */
# define SSL_aECDH 0x00000010L
/* KRB5 auth */
# define SSL_aKRB5 0x00000020L
/* ECDSA auth*/
# define SSL_aECDSA 0x00000040L
/* PSK auth */
@ -585,7 +581,6 @@ struct ssl_method_st {
* Cipher OCTET STRING, -- the 3 byte cipher ID
* Session_ID OCTET STRING, -- the Session ID
* Master_key OCTET STRING, -- the master key
* KRB5_principal OCTET STRING -- optional Kerberos principal
* Key_Arg [ 0 ] IMPLICIT OCTET STRING, -- the optional Key argument
* Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time
* Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds
@ -619,10 +614,6 @@ struct ssl_session_st {
*/
unsigned int sid_ctx_length;
unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
# ifndef OPENSSL_NO_KRB5
unsigned int krb5_client_princ_len;
unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH];
# endif /* OPENSSL_NO_KRB5 */
# ifndef OPENSSL_NO_PSK
char *psk_identity_hint;
char *psk_identity;
@ -1074,10 +1065,6 @@ struct ssl_st {
int error;
/* actual code */
int error_code;
# ifndef OPENSSL_NO_KRB5
/* Kerberos 5 context */
KSSL_CTX *kssl_ctx;
# endif /* OPENSSL_NO_KRB5 */
# ifndef OPENSSL_NO_PSK
unsigned int (*psk_client_callback) (SSL *ssl, const char *hint,
char *identity,

14
ssl/ssl_sess.c
View File

@ -772,20 +772,6 @@ int SSL_set_session(SSL *s, SSL_SESSION *session)
if (!SSL_set_ssl_method(s, meth))
return (0);
}
#ifndef OPENSSL_NO_KRB5
if (s->kssl_ctx && !s->kssl_ctx->client_princ &&
session->krb5_client_princ_len > 0) {
s->kssl_ctx->client_princ =
OPENSSL_malloc(session->krb5_client_princ_len + 1);
if (s->kssl_ctx->client_princ == NULL) {
SSLerr(SSL_F_SSL_SET_SESSION, ERR_R_MALLOC_FAILURE);
return (0);
}
memcpy(s->kssl_ctx->client_princ, session->krb5_client_princ,
session->krb5_client_princ_len);
s->kssl_ctx->client_princ[session->krb5_client_princ_len] = '\0';
}
#endif /* OPENSSL_NO_KRB5 */
/* CRYPTO_w_lock(CRYPTO_LOCK_SSL); */
CRYPTO_add(&session->references, 1, CRYPTO_LOCK_SSL_SESSION);

12
ssl/ssl_txt.c
View File

@ -165,18 +165,6 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
if (BIO_printf(bp, "%02X", x->master_key[i]) <= 0)
goto err;
}
#ifndef OPENSSL_NO_KRB5
if (BIO_puts(bp, "\n Krb5 Principal: ") <= 0)
goto err;
if (x->krb5_client_princ_len == 0) {
if (BIO_puts(bp, "None") <= 0)
goto err;
} else
for (i = 0; i < x->krb5_client_princ_len; i++) {
if (BIO_printf(bp, "%02X", x->krb5_client_princ[i]) <= 0)
goto err;
}
#endif /* OPENSSL_NO_KRB5 */
#ifndef OPENSSL_NO_PSK
if (BIO_puts(bp, "\n PSK identity: ") <= 0)
goto err;

67
ssl/t1_enc.c
View File

@ -144,9 +144,6 @@
#include <openssl/hmac.h>
#include <openssl/md5.h>
#include <openssl/rand.h>
#ifdef KSSL_DEBUG
# include <openssl/des.h>
#endif
/* seed1 through seed5 are virtually concatenated */
static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
@ -302,17 +299,7 @@ static int tls1_generate_key_block(SSL *s, unsigned char *km,
SSL3_RANDOM_SIZE, s->s3->client_random, SSL3_RANDOM_SIZE,
NULL, 0, NULL, 0, s->session->master_key,
s->session->master_key_length, km, tmp, num);
#ifdef KSSL_DEBUG
fprintf(stderr, "tls1_generate_key_block() ==> %d byte master_key =\n\t",
s->session->master_key_length);
{
int i;
for (i = 0; i < s->session->master_key_length; i++) {
fprintf(stderr, "%02X", s->session->master_key[i]);
}
fprintf(stderr, "\n");
}
#endif /* KSSL_DEBUG */
return ret;
}
@ -348,24 +335,6 @@ int tls1_change_cipher_state(SSL *s, int which)
comp = s->s3->tmp.new_compression;
#endif
#ifdef KSSL_DEBUG
fprintf(stderr, "tls1_change_cipher_state(which= %d) w/\n", which);
fprintf(stderr, "\talg= %ld/%ld, comp= %p\n",
s->s3->tmp.new_cipher->algorithm_mkey,
s->s3->tmp.new_cipher->algorithm_auth, comp);
fprintf(stderr, "\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", c);
fprintf(stderr, "\tevp_cipher: nid, blksz= %d, %d, keylen=%d, ivlen=%d\n",
c->nid, c->block_size, c->key_len, c->iv_len);
fprintf(stderr, "\tkey_block: len= %d, data= ",
s->s3->tmp.key_block_length);
{
int i;
for (i = 0; i < s->s3->tmp.key_block_length; i++)
fprintf(stderr, "%02x", s->s3->tmp.key_block[i]);
fprintf(stderr, "\n");
}
#endif /* KSSL_DEBUG */
if (which & SSL3_CC_READ) {
if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
s->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM;
@ -530,20 +499,6 @@ int tls1_change_cipher_state(SSL *s, int which)
iv = &(iv1[k]);
}
}
#ifdef KSSL_DEBUG
{
int i;
fprintf(stderr, "EVP_CipherInit_ex(dd,c,key=,iv=,which)\n");
fprintf(stderr, "\tkey= ");
for (i = 0; i < c->key_len; i++)
fprintf(stderr, "%02x", key[i]);
fprintf(stderr, "\n");
fprintf(stderr, "\t iv= ");
for (i = 0; i < c->iv_len; i++)
fprintf(stderr, "%02x", iv[i]);
fprintf(stderr, "\n");
}
#endif /* KSSL_DEBUG */
if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE) {
if (!EVP_CipherInit_ex(dd, c, NULL, key, NULL, (which & SSL3_CC_WRITE))
@ -621,10 +576,6 @@ int tls1_setup_key_block(SSL *s)
int mac_type = NID_undef, mac_secret_size = 0;
int ret = 0;
#ifdef KSSL_DEBUG
fprintf(stderr, "tls1_setup_key_block()\n");
#endif /* KSSL_DEBUG */
if (s->s3->tmp.key_block_length != 0)
return (1);
@ -778,11 +729,6 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
{
unsigned char buff[SSL_MAX_MASTER_KEY_LENGTH];
#ifdef KSSL_DEBUG
fprintf(stderr, "tls1_generate_master_secret(%p,%p, %p, %d)\n", s, out, p,
len);
#endif /* KSSL_DEBUG */
if (s->session->flags & SSL_SESS_FLAG_EXTMS) {
unsigned char hash[EVP_MAX_MD_SIZE * 2];
int hashlen;
@ -848,9 +794,6 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
}
#endif
#ifdef KSSL_DEBUG
fprintf(stderr, "tls1_generate_master_secret() complete\n");
#endif /* KSSL_DEBUG */
return (SSL3_MASTER_SECRET_SIZE);
}
@ -864,11 +807,6 @@ int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
size_t vallen, currentvalpos;
int rv;
#ifdef KSSL_DEBUG
fprintf(stderr, "tls1_export_keying_material(%p,%p,%lu,%s,%lu,%p,%lu)\n",
s, out, olen, label, llen, context, contextlen);
#endif /* KSSL_DEBUG */
buff = OPENSSL_malloc(olen);
if (buff == NULL)
goto err2;
@ -936,9 +874,6 @@ int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
OPENSSL_cleanse(val, vallen);
OPENSSL_cleanse(buff, olen);
#ifdef KSSL_DEBUG
fprintf(stderr, "tls1_export_keying_material() complete\n");
#endif /* KSSL_DEBUG */
goto ret;
err1:
SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL,

6
ssl/t1_lib.c
View File

@ -1068,12 +1068,6 @@ void ssl_set_client_disabled(SSL *s)
c->mask_k |= SSL_kDHd;
if (c->mask_a & SSL_aECDSA)
c->mask_k |= SSL_kECDHe;
# ifndef OPENSSL_NO_KRB5
if (!kssl_tgt_is_available(s->kssl_ctx)) {
c->mask_a |= SSL_aKRB5;
c->mask_k |= SSL_kKRB5;
}
# endif
# ifndef OPENSSL_NO_PSK
/* with PSK there must be client callback set */
if (!s->psk_client_callback) {

4
ssl/t1_trce.c
View File

@ -778,10 +778,6 @@ static int ssl_get_keyex(const char **pname, SSL *ssl)
*pname = "dh_dss";
return SSL_kDHd;
}
if (alg_k & SSL_kKRB5) {
*pname = "krb5";
return SSL_kKRB5;
}
if (alg_k & SSL_kDHE) {
*pname = "DHE";
return SSL_kDHE;

34
test/Makefile
View File

@ -736,9 +736,8 @@ heartbeat_test.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
heartbeat_test.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
heartbeat_test.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
heartbeat_test.o: ../include/openssl/evp.h ../include/openssl/hmac.h
heartbeat_test.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
heartbeat_test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
heartbeat_test.o: ../include/openssl/opensslconf.h
heartbeat_test.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
heartbeat_test.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
heartbeat_test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
heartbeat_test.o: ../include/openssl/pem.h ../include/openssl/pem2.h
heartbeat_test.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
@ -844,21 +843,20 @@ ssltest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
ssltest.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
ssltest.o: ../include/openssl/engine.h ../include/openssl/err.h
ssltest.o: ../include/openssl/evp.h ../include/openssl/hmac.h
ssltest.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
ssltest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
ssltest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
ssltest.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
ssltest.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
ssltest.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
ssltest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
ssltest.o: ../include/openssl/sha.h ../include/openssl/srp.h
ssltest.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
ssltest.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
ssltest.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
ssltest.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
ssltest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
ssltest.o: ../include/openssl/x509v3.h ../ssl/record/record.h ../ssl/ssl_locl.h
ssltest.o: ssltest.c
ssltest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
ssltest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
ssltest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
ssltest.o: ../include/openssl/pem.h ../include/openssl/pem2.h
ssltest.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
ssltest.o: ../include/openssl/rand.h ../include/openssl/rsa.h
ssltest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
ssltest.o: ../include/openssl/srp.h ../include/openssl/srtp.h
ssltest.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
ssltest.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
ssltest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
ssltest.o: ../include/openssl/tls1.h ../include/openssl/x509.h
ssltest.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h
ssltest.o: ../ssl/record/record.h ../ssl/ssl_locl.h ssltest.c
testutil.o: ../e_os.h ../include/openssl/e_os2.h
testutil.o: ../include/openssl/opensslconf.h testutil.c testutil.h
v3nametest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h

15
test/ssltest.c
View File

@ -1719,21 +1719,6 @@ int main(int argc, char *argv[])
c_ssl = SSL_new(c_ctx);
s_ssl = SSL_new(s_ctx);
#ifndef OPENSSL_NO_KRB5
if (c_ssl && c_ssl->kssl_ctx) {
char localhost[MAXHOSTNAMELEN + 2];
if (gethostname(localhost, sizeof localhost - 1) == 0) {
localhost[sizeof localhost - 1] = '\0';
if (strlen(localhost) == sizeof localhost - 1) {
BIO_printf(bio_err, "localhost name too long\n");
goto end;
}
kssl_ctx_setstring(c_ssl->kssl_ctx, KSSL_SERVER, localhost);
}
}
#endif /* OPENSSL_NO_KRB5 */
BIO_printf(bio_stdout, "Doing handshakes=%d bytes=%ld\n", number, bytes);
for (i = 0; i < number; i++) {
if (!reuse) {

2
util/indent.pro
View File

@ -313,8 +313,6 @@
-T KRB5_ENCKEY
-T KRB5_PRINCNAME
-T KRB5_TKTBODY
-T KSSL_CTX
-T KSSL_ERR
-T LHASH
-T LHASH_COMP_FN_TYPE
-T LHASH_DOALL_ARG_FN_TYPE

1
util/mkdef.pl
View File

@ -258,7 +258,6 @@ $max_ssl = $max_num;
$max_crypto = $max_num;
my $ssl="include/openssl/ssl.h";
$ssl.=" include/openssl/kssl.h";
$ssl.=" include/openssl/tls1.h";
$ssl.=" include/openssl/srtp.h";

34
util/ssleay.num
View File

@ -196,22 +196,22 @@ SSL_callback_ctrl 244 EXIST::FUNCTION:
SSL_CTX_sessions 245 EXIST::FUNCTION:
SSL_get_rfd 246 EXIST::FUNCTION:
SSL_get_wfd 247 EXIST::FUNCTION:
kssl_cget_tkt 248 EXIST::FUNCTION:KRB5
kssl_cget_tkt 248 NOEXIST::FUNCTION:
SSL_has_matching_session_id 249 EXIST::FUNCTION:
kssl_err_set 250 EXIST::FUNCTION:KRB5
kssl_ctx_show 251 EXIST::FUNCTION:KRB5
kssl_validate_times 252 EXIST::FUNCTION:KRB5
kssl_check_authent 253 EXIST::FUNCTION:KRB5
kssl_ctx_new 254 EXIST::FUNCTION:KRB5
kssl_build_principal_2 255 EXIST::FUNCTION:KRB5
kssl_skip_confound 256 EXIST::FUNCTION:KRB5
kssl_sget_tkt 257 EXIST::FUNCTION:KRB5
kssl_err_set 250 NOEXIST::FUNCTION:
kssl_ctx_show 251 NOEXIST::FUNCTION:
kssl_validate_times 252 NOEXIST::FUNCTION:
kssl_check_authent 253 NOEXIST::FUNCTION:
kssl_ctx_new 254 NOEXIST::FUNCTION:
kssl_build_principal_2 255 NOEXIST::FUNCTION:
kssl_skip_confound 256 NOEXIST::FUNCTION:
kssl_sget_tkt 257 NOEXIST::FUNCTION:
SSL_set_generate_session_id 258 EXIST::FUNCTION:
kssl_ctx_setkey 259 EXIST::FUNCTION:KRB5
kssl_ctx_setprinc 260 EXIST::FUNCTION:KRB5
kssl_ctx_free 261 EXIST::FUNCTION:KRB5
kssl_krb5_free_data_contents 262 EXIST::FUNCTION:KRB5
kssl_ctx_setstring 263 EXIST::FUNCTION:KRB5
kssl_ctx_setkey 259 NOEXIST::FUNCTION:
kssl_ctx_setprinc 260 NOEXIST::FUNCTION:
kssl_ctx_free 261 NOEXIST::FUNCTION:
kssl_krb5_free_data_contents 262 NOEXIST::FUNCTION:
kssl_ctx_setstring 263 NOEXIST::FUNCTION:
SSL_CTX_set_generate_session_id 264 EXIST::FUNCTION:
SSL_renegotiate_pending 265 EXIST::FUNCTION:
SSL_CTX_set_msg_callback 266 EXIST::FUNCTION:
@ -301,14 +301,14 @@ TLSv1_2_client_method 341 EXIST::FUNCTION:
SSL_SESSION_set1_id_context 342 EXIST::FUNCTION:
TLSv1_2_server_method 343 EXIST::FUNCTION:
SSL_cache_hit 344 EXIST::FUNCTION:
SSL_get0_kssl_ctx 345 EXIST::FUNCTION:KRB5
SSL_set0_kssl_ctx 346 EXIST::FUNCTION:KRB5
SSL_get0_kssl_ctx 345 NOEXIST::FUNCTION:
SSL_set0_kssl_ctx 346 NOEXIST::FUNCTION:
SSL_SESSION_get0_id 347 NOEXIST::FUNCTION:
SSL_set_state 348 EXIST::FUNCTION:
SSL_CIPHER_get_id 349 EXIST::FUNCTION:
TLSv1_2_method 350 EXIST::FUNCTION:
SSL_SESSION_get_id_len 351 NOEXIST::FUNCTION:
kssl_ctx_get0_client_princ 352 EXIST::FUNCTION:KRB5
kssl_ctx_get0_client_princ 352 NOEXIST::FUNCTION:
SSL_export_keying_material 353 EXIST::FUNCTION:TLSEXT
SSL_set_tlsext_use_srtp 354 EXIST::FUNCTION:SRTP
SSL_CTX_set_next_protos_advertised_cb 355 EXIST:!VMS:FUNCTION:NEXTPROTONEG