Add support for experimental code, not compiled in by default and
with OPENSSL_EXPERIMENTAL_FOO around it. Make JPAKE experimental.
This commit is contained in:
Dr. Stephen Henson
6
CHANGES
6
CHANGES
@@ -4,6 +4,12 @@
|
|||||||
|
|
||||||
Changes between 0.9.8i and 0.9.8j [xx XXX xxxx]
|
Changes between 0.9.8i and 0.9.8j [xx XXX xxxx]
|
||||||
|
|
||||||
|
*) Update Configure code and WIN32 build scripts to support experimental
|
||||||
|
code. This is surrounded by OPENSSL_EXPERIMENTAL_FOO and not compiled
|
||||||
|
in by default. Using the configuration option "enable-experimental-foo"
|
||||||
|
enables it. Use this option for JPAKE.
|
||||||
|
[Steve Henson]
|
||||||
|
|
||||||
*) Use correct exit code if there is an error in dgst command.
|
*) Use correct exit code if there is an error in dgst command.
|
||||||
[Steve Henson; problem pointed out by Roland Dirlewanger]
|
[Steve Henson; problem pointed out by Roland Dirlewanger]
|
||||||
|
|
||||||
|
|||||||
12
Configure
12
Configure
@@ -588,6 +588,7 @@ my $no_threads=0;
|
|||||||
my $threads=0;
|
my $threads=0;
|
||||||
my $no_shared=0; # but "no-shared" is default
|
my $no_shared=0; # but "no-shared" is default
|
||||||
my $zlib=1; # but "no-zlib" is default
|
my $zlib=1; # but "no-zlib" is default
|
||||||
|
my $jpake=1; # but "no-jpake" is default
|
||||||
my $no_krb5=0; # but "no-krb5" is implied unless "--with-krb5-..." is used
|
my $no_krb5=0; # but "no-krb5" is implied unless "--with-krb5-..." is used
|
||||||
my $no_rfc3779=1; # but "no-rfc3779" is default
|
my $no_rfc3779=1; # but "no-rfc3779" is default
|
||||||
my $montasm=1; # but "no-montasm" is default
|
my $montasm=1; # but "no-montasm" is default
|
||||||
@@ -628,6 +629,7 @@ my %disabled = ( # "what" => "comment"
|
|||||||
"camellia" => "default",
|
"camellia" => "default",
|
||||||
"capieng" => "default",
|
"capieng" => "default",
|
||||||
"cms" => "default",
|
"cms" => "default",
|
||||||
|
"experimental-jpake" => "default",
|
||||||
"gmp" => "default",
|
"gmp" => "default",
|
||||||
"mdc2" => "default",
|
"mdc2" => "default",
|
||||||
"montasm" => "default", # explicit option in 0.9.8 only (implicitly enabled in 0.9.9)
|
"montasm" => "default", # explicit option in 0.9.8 only (implicitly enabled in 0.9.9)
|
||||||
@@ -975,6 +977,8 @@ foreach (sort (keys %disabled))
|
|||||||
{ $no_threads = 1; }
|
{ $no_threads = 1; }
|
||||||
elsif (/^shared$/)
|
elsif (/^shared$/)
|
||||||
{ $no_shared = 1; }
|
{ $no_shared = 1; }
|
||||||
|
elsif (/^experimental-jpake$/)
|
||||||
|
{ $jpake = 0; push @skip, "jpake"}
|
||||||
elsif (/^zlib$/)
|
elsif (/^zlib$/)
|
||||||
{ $zlib = 0; }
|
{ $zlib = 0; }
|
||||||
elsif (/^montasm$/)
|
elsif (/^montasm$/)
|
||||||
@@ -1212,6 +1216,11 @@ if ($threads)
|
|||||||
$openssl_thread_defines .= $thread_defines;
|
$openssl_thread_defines .= $thread_defines;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ($jpake)
|
||||||
|
{
|
||||||
|
$openssl_other_defines = "#define OPENSSL_EXPERIMENTAL_JPAKE\n";
|
||||||
|
}
|
||||||
|
|
||||||
if ($zlib)
|
if ($zlib)
|
||||||
{
|
{
|
||||||
$cflags = "-DZLIB $cflags";
|
$cflags = "-DZLIB $cflags";
|
||||||
@@ -1410,7 +1419,8 @@ while (<IN>)
|
|||||||
if ($sdirs) {
|
if ($sdirs) {
|
||||||
my $dir;
|
my $dir;
|
||||||
foreach $dir (@skip) {
|
foreach $dir (@skip) {
|
||||||
s/([ ])$dir /\1/;
|
s/(\s)$dir\s/$1/;
|
||||||
|
s/\s$dir$//;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
$sdirs = 0 unless /\\$/;
|
$sdirs = 0 unless /\\$/;
|
||||||
|
|||||||
@@ -130,7 +130,9 @@
|
|||||||
#include <openssl/rsa.h>
|
#include <openssl/rsa.h>
|
||||||
#endif
|
#endif
|
||||||
#include <openssl/bn.h>
|
#include <openssl/bn.h>
|
||||||
|
#ifdef OPENSSL_EXPERIMENTAL_JPAKE
|
||||||
#include <openssl/jpake.h>
|
#include <openssl/jpake.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
#define NON_MAIN
|
#define NON_MAIN
|
||||||
#include "apps.h"
|
#include "apps.h"
|
||||||
@@ -2336,6 +2338,8 @@ void policies_print(BIO *out, X509_STORE_CTX *ctx)
|
|||||||
BIO_free(out);
|
BIO_free(out);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifdef OPENSSL_EXPERIMENTAL_JPAKE
|
||||||
|
|
||||||
static JPAKE_CTX *jpake_init(const char *us, const char *them,
|
static JPAKE_CTX *jpake_init(const char *us, const char *them,
|
||||||
const char *secret)
|
const char *secret)
|
||||||
{
|
{
|
||||||
@@ -2547,3 +2551,5 @@ void jpake_server_auth(BIO *out, BIO *conn, const char *secret)
|
|||||||
BIO_pop(bconn);
|
BIO_pop(bconn);
|
||||||
BIO_free(bconn);
|
BIO_free(bconn);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#endif
|
||||||
|
|||||||
@@ -338,8 +338,10 @@ X509_NAME *parse_name(char *str, long chtype, int multirdn);
|
|||||||
int args_verify(char ***pargs, int *pargc,
|
int args_verify(char ***pargs, int *pargc,
|
||||||
int *badarg, BIO *err, X509_VERIFY_PARAM **pm);
|
int *badarg, BIO *err, X509_VERIFY_PARAM **pm);
|
||||||
void policies_print(BIO *out, X509_STORE_CTX *ctx);
|
void policies_print(BIO *out, X509_STORE_CTX *ctx);
|
||||||
|
#ifdef OPENSSL_EXPERIMENTAL_JPAKE
|
||||||
void jpake_client_auth(BIO *out, BIO *conn, const char *secret);
|
void jpake_client_auth(BIO *out, BIO *conn, const char *secret);
|
||||||
void jpake_server_auth(BIO *out, BIO *conn, const char *secret);
|
void jpake_server_auth(BIO *out, BIO *conn, const char *secret);
|
||||||
|
#endif
|
||||||
|
|
||||||
#define FORMAT_UNDEF 0
|
#define FORMAT_UNDEF 0
|
||||||
#define FORMAT_ASN1 1
|
#define FORMAT_ASN1 1
|
||||||
|
|||||||
@@ -338,7 +338,9 @@ int MAIN(int argc, char **argv)
|
|||||||
int peerlen = sizeof(peer);
|
int peerlen = sizeof(peer);
|
||||||
int enable_timeouts = 0 ;
|
int enable_timeouts = 0 ;
|
||||||
long mtu = 0;
|
long mtu = 0;
|
||||||
|
#ifdef OPENSSL_EXPERIMENTAL_JPAKE
|
||||||
char *jpake_secret = NULL;
|
char *jpake_secret = NULL;
|
||||||
|
#endif
|
||||||
|
|
||||||
#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
|
#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
|
||||||
meth=SSLv23_client_method();
|
meth=SSLv23_client_method();
|
||||||
@@ -583,11 +585,13 @@ int MAIN(int argc, char **argv)
|
|||||||
/* meth=TLSv1_client_method(); */
|
/* meth=TLSv1_client_method(); */
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
#ifdef OPENSSL_EXPERIMENTAL_JPAKE
|
||||||
else if (strcmp(*argv,"-jpake") == 0)
|
else if (strcmp(*argv,"-jpake") == 0)
|
||||||
{
|
{
|
||||||
if (--argc < 1) goto bad;
|
if (--argc < 1) goto bad;
|
||||||
jpake_secret = *++argv;
|
jpake_secret = *++argv;
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
BIO_printf(bio_err,"unknown option %s\n",*argv);
|
BIO_printf(bio_err,"unknown option %s\n",*argv);
|
||||||
@@ -893,9 +897,10 @@ SSL_set_tlsext_status_ids(con, ids);
|
|||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
#ifdef OPENSSL_EXPERIMENTAL_JPAKE
|
||||||
if (jpake_secret)
|
if (jpake_secret)
|
||||||
jpake_client_auth(bio_c_out, sbio, jpake_secret);
|
jpake_client_auth(bio_c_out, sbio, jpake_secret);
|
||||||
|
#endif
|
||||||
|
|
||||||
SSL_set_bio(con,sbio,sbio);
|
SSL_set_bio(con,sbio,sbio);
|
||||||
SSL_set_connect_state(con);
|
SSL_set_connect_state(con);
|
||||||
|
|||||||
@@ -742,7 +742,9 @@ BIO_printf(err, "cert_status: received %d ids\n", sk_OCSP_RESPID_num(ids));
|
|||||||
#endif
|
#endif
|
||||||
int MAIN(int, char **);
|
int MAIN(int, char **);
|
||||||
|
|
||||||
|
#ifdef OPENSSL_EXPERIMENTAL_JPAKE
|
||||||
static char *jpake_secret = NULL;
|
static char *jpake_secret = NULL;
|
||||||
|
#endif
|
||||||
|
|
||||||
int MAIN(int argc, char *argv[])
|
int MAIN(int argc, char *argv[])
|
||||||
{
|
{
|
||||||
@@ -1074,11 +1076,13 @@ int MAIN(int argc, char *argv[])
|
|||||||
}
|
}
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
#ifdef OPENSSL_EXPERIMENTAL_JPAKE
|
||||||
else if (strcmp(*argv,"-jpake") == 0)
|
else if (strcmp(*argv,"-jpake") == 0)
|
||||||
{
|
{
|
||||||
if (--argc < 1) goto bad;
|
if (--argc < 1) goto bad;
|
||||||
jpake_secret = *(++argv);
|
jpake_secret = *(++argv);
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
BIO_printf(bio_err,"unknown option %s\n",*argv);
|
BIO_printf(bio_err,"unknown option %s\n",*argv);
|
||||||
@@ -1680,9 +1684,10 @@ static int sv_body(char *hostname, int s, unsigned char *context)
|
|||||||
test=BIO_new(BIO_f_nbio_test());
|
test=BIO_new(BIO_f_nbio_test());
|
||||||
sbio=BIO_push(test,sbio);
|
sbio=BIO_push(test,sbio);
|
||||||
}
|
}
|
||||||
|
#ifdef OPENSSL_EXPERIMENTAL_JPAKE
|
||||||
if(jpake_secret)
|
if(jpake_secret)
|
||||||
jpake_server_auth(bio_s_out, sbio, jpake_secret);
|
jpake_server_auth(bio_s_out, sbio, jpake_secret);
|
||||||
|
#endif
|
||||||
|
|
||||||
SSL_set_bio(con,sbio,sbio);
|
SSL_set_bio(con,sbio,sbio);
|
||||||
SSL_set_accept_state(con);
|
SSL_set_accept_state(con);
|
||||||
|
|||||||
@@ -101,8 +101,9 @@
|
|||||||
#ifndef OPENSSL_NO_CMS
|
#ifndef OPENSSL_NO_CMS
|
||||||
#include <openssl/cms.h>
|
#include <openssl/cms.h>
|
||||||
#endif
|
#endif
|
||||||
|
#ifdef OPENSSL_EXPERIMENTAL_JPAKE
|
||||||
#include <openssl/jpake.h>
|
#include <openssl/jpake.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
void ERR_load_crypto_strings(void)
|
void ERR_load_crypto_strings(void)
|
||||||
{
|
{
|
||||||
@@ -153,6 +154,8 @@ void ERR_load_crypto_strings(void)
|
|||||||
#ifndef OPENSSL_NO_CMS
|
#ifndef OPENSSL_NO_CMS
|
||||||
ERR_load_CMS_strings();
|
ERR_load_CMS_strings();
|
||||||
#endif
|
#endif
|
||||||
|
#ifdef OPENSSL_EXPERIMENTAL_JPAKE
|
||||||
ERR_load_JPAKE_strings();
|
ERR_load_JPAKE_strings();
|
||||||
|
#endif
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -8,6 +8,12 @@
|
|||||||
#ifndef HEADER_JPAKE_H
|
#ifndef HEADER_JPAKE_H
|
||||||
#define HEADER_JPAKE_H
|
#define HEADER_JPAKE_H
|
||||||
|
|
||||||
|
#include <openssl/opensslconf.h>
|
||||||
|
|
||||||
|
#ifndef OPENSSL_EXPERIMENTAL_JPAKE
|
||||||
|
#error JPAKE is disabled.
|
||||||
|
#endif
|
||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
extern "C" {
|
extern "C" {
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
@@ -3701,24 +3701,24 @@ FIPS_dsa_sig_encode 4089 EXIST:OPENSSL_FIPS:FUNCTION:DSA
|
|||||||
CRYPTO_dbg_remove_all_info 4090 EXIST::FUNCTION:
|
CRYPTO_dbg_remove_all_info 4090 EXIST::FUNCTION:
|
||||||
OPENSSL_init 4091 EXIST::FUNCTION:
|
OPENSSL_init 4091 EXIST::FUNCTION:
|
||||||
private_Camellia_set_key 4092 EXIST:OPENSSL_FIPS:FUNCTION:CAMELLIA
|
private_Camellia_set_key 4092 EXIST:OPENSSL_FIPS:FUNCTION:CAMELLIA
|
||||||
JPAKE_STEP3A_process 4093 EXIST::FUNCTION:
|
CRYPTO_strdup 4093 EXIST::FUNCTION:
|
||||||
JPAKE_STEP1_release 4094 EXIST::FUNCTION:
|
JPAKE_STEP3A_process 4094 EXIST:OPENSSL_EXPERIMENTAL_JPAKE:FUNCTION:
|
||||||
JPAKE_get_shared_key 4095 EXIST::FUNCTION:
|
JPAKE_STEP1_release 4095 EXIST:OPENSSL_EXPERIMENTAL_JPAKE:FUNCTION:
|
||||||
JPAKE_STEP3B_init 4096 EXIST::FUNCTION:
|
JPAKE_get_shared_key 4096 EXIST:OPENSSL_EXPERIMENTAL_JPAKE:FUNCTION:
|
||||||
JPAKE_STEP1_generate 4097 EXIST::FUNCTION:
|
JPAKE_STEP3B_init 4097 EXIST:OPENSSL_EXPERIMENTAL_JPAKE:FUNCTION:
|
||||||
JPAKE_STEP1_init 4098 EXIST::FUNCTION:
|
JPAKE_STEP1_generate 4098 EXIST:OPENSSL_EXPERIMENTAL_JPAKE:FUNCTION:
|
||||||
JPAKE_STEP3B_process 4099 EXIST::FUNCTION:
|
JPAKE_STEP1_init 4099 EXIST:OPENSSL_EXPERIMENTAL_JPAKE:FUNCTION:
|
||||||
JPAKE_STEP2_generate 4100 EXIST::FUNCTION:
|
JPAKE_STEP3B_process 4100 EXIST:OPENSSL_EXPERIMENTAL_JPAKE:FUNCTION:
|
||||||
JPAKE_CTX_new 4101 EXIST::FUNCTION:
|
JPAKE_STEP2_generate 4101 EXIST:OPENSSL_EXPERIMENTAL_JPAKE:FUNCTION:
|
||||||
JPAKE_CTX_free 4102 EXIST::FUNCTION:
|
JPAKE_CTX_new 4102 EXIST:OPENSSL_EXPERIMENTAL_JPAKE:FUNCTION:
|
||||||
JPAKE_STEP3B_release 4103 EXIST::FUNCTION:
|
JPAKE_CTX_free 4103 EXIST:OPENSSL_EXPERIMENTAL_JPAKE:FUNCTION:
|
||||||
JPAKE_STEP3A_release 4104 EXIST::FUNCTION:
|
JPAKE_STEP3B_release 4104 EXIST:OPENSSL_EXPERIMENTAL_JPAKE:FUNCTION:
|
||||||
JPAKE_STEP2_process 4105 EXIST::FUNCTION:
|
JPAKE_STEP3A_release 4105 EXIST:OPENSSL_EXPERIMENTAL_JPAKE:FUNCTION:
|
||||||
CRYPTO_strdup 4106 EXIST::FUNCTION:
|
JPAKE_STEP2_process 4106 EXIST:OPENSSL_EXPERIMENTAL_JPAKE:FUNCTION:
|
||||||
JPAKE_STEP3B_generate 4107 EXIST::FUNCTION:
|
JPAKE_STEP3B_generate 4107 EXIST:OPENSSL_EXPERIMENTAL_JPAKE:FUNCTION:
|
||||||
JPAKE_STEP1_process 4108 EXIST::FUNCTION:
|
JPAKE_STEP1_process 4108 EXIST:OPENSSL_EXPERIMENTAL_JPAKE:FUNCTION:
|
||||||
JPAKE_STEP3A_generate 4109 EXIST::FUNCTION:
|
JPAKE_STEP3A_generate 4109 EXIST:OPENSSL_EXPERIMENTAL_JPAKE:FUNCTION:
|
||||||
JPAKE_STEP2_release 4110 EXIST::FUNCTION:
|
JPAKE_STEP2_release 4110 EXIST:OPENSSL_EXPERIMENTAL_JPAKE:FUNCTION:
|
||||||
JPAKE_STEP3A_init 4111 EXIST::FUNCTION:
|
JPAKE_STEP3A_init 4111 EXIST:OPENSSL_EXPERIMENTAL_JPAKE:FUNCTION:
|
||||||
ERR_load_JPAKE_strings 4112 EXIST::FUNCTION:
|
ERR_load_JPAKE_strings 4112 EXIST:OPENSSL_EXPERIMENTAL_JPAKE:FUNCTION:
|
||||||
JPAKE_STEP2_init 4113 EXIST::FUNCTION:
|
JPAKE_STEP2_init 4113 EXIST:OPENSSL_EXPERIMENTAL_JPAKE:FUNCTION:
|
||||||
|
|||||||
@@ -79,7 +79,8 @@ my $OS2=0;
|
|||||||
my $safe_stack_def = 0;
|
my $safe_stack_def = 0;
|
||||||
|
|
||||||
my @known_platforms = ( "__FreeBSD__", "PERL5", "NeXT",
|
my @known_platforms = ( "__FreeBSD__", "PERL5", "NeXT",
|
||||||
"EXPORT_VAR_AS_FUNCTION", "ZLIB", "OPENSSL_FIPS" );
|
"EXPORT_VAR_AS_FUNCTION", "ZLIB", "OPENSSL_FIPS",
|
||||||
|
"OPENSSL_EXPERIMENTAL_JPAKE" );
|
||||||
my @known_ossl_platforms = ( "VMS", "WIN16", "WIN32", "WINNT", "OS2" );
|
my @known_ossl_platforms = ( "VMS", "WIN16", "WIN32", "WINNT", "OS2" );
|
||||||
my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
|
my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
|
||||||
"CAST", "MD2", "MD4", "MD5", "SHA", "SHA0", "SHA1",
|
"CAST", "MD2", "MD4", "MD5", "SHA", "SHA0", "SHA1",
|
||||||
@@ -152,6 +153,9 @@ foreach (@ARGV, split(/ /, $options))
|
|||||||
$zlib = 1;
|
$zlib = 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ($_ eq "enable-experimental-jpake") {
|
||||||
|
$jpake = 1;
|
||||||
|
}
|
||||||
|
|
||||||
$do_ssl=1 if $_ eq "ssleay";
|
$do_ssl=1 if $_ eq "ssleay";
|
||||||
if ($_ eq "ssl") {
|
if ($_ eq "ssl") {
|
||||||
@@ -552,6 +556,10 @@ sub do_defs
|
|||||||
$tag{$tag[$tag_i]}=2;
|
$tag{$tag[$tag_i]}=2;
|
||||||
print STDERR "DEBUG: $file: chaged tag $1 = 2\n" if $debug;
|
print STDERR "DEBUG: $file: chaged tag $1 = 2\n" if $debug;
|
||||||
}
|
}
|
||||||
|
if ($tag[$tag_i] eq "OPENSSL_EXPERIMENTAL_".$1) {
|
||||||
|
$tag{$tag[$tag_i]}=-2;
|
||||||
|
print STDERR "DEBUG: $file: chaged tag $1 = -2\n" if $debug;
|
||||||
|
}
|
||||||
$tag_i--;
|
$tag_i--;
|
||||||
}
|
}
|
||||||
} elsif (/^\#\s*endif/) {
|
} elsif (/^\#\s*endif/) {
|
||||||
@@ -561,6 +569,8 @@ sub do_defs
|
|||||||
print STDERR "DEBUG: \$t=\"$t\"\n" if $debug;
|
print STDERR "DEBUG: \$t=\"$t\"\n" if $debug;
|
||||||
if ($tag{$t}==2) {
|
if ($tag{$t}==2) {
|
||||||
$tag{$t}=-1;
|
$tag{$t}=-1;
|
||||||
|
} elsif ($tag{$t}==-2) {
|
||||||
|
$tag{$t}=1;
|
||||||
} else {
|
} else {
|
||||||
$tag{$t}=0;
|
$tag{$t}=0;
|
||||||
}
|
}
|
||||||
@@ -1099,6 +1109,9 @@ sub is_valid
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
if ($keyword eq "ZLIB" && $zlib) { return 1; }
|
if ($keyword eq "ZLIB" && $zlib) { return 1; }
|
||||||
|
if ($keyword eq "OPENSSL_EXPERIMENTAL_JPAKE" && $jpake) {
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
return 0;
|
return 0;
|
||||||
} else {
|
} else {
|
||||||
# algorithms
|
# algorithms
|
||||||
|
|||||||
Reference in New Issue
Block a user