Reduce version skew.
This commit is contained in:
Ben Laurie
parent
5b2bbf37fa
commit
af454b5bb0
@ -1408,6 +1408,7 @@ bad:
|
||||
if (!NCONF_get_number(conf,section,
|
||||
ENV_DEFAULT_CRL_HOURS, &crlhours))
|
||||
crlhours = 0;
|
||||
ERR_clear_error();
|
||||
}
|
||||
if ((crldays == 0) && (crlhours == 0) && (crlsec == 0))
|
||||
{
|
||||
|
||||
@ -216,10 +216,10 @@ int MAIN(int argc, char **argv)
|
||||
out_bin = 1;
|
||||
else if (strcmp(*argv,"-d") == 0)
|
||||
debug=1;
|
||||
else if (strcmp(*argv,"-non-fips-allow") == 0)
|
||||
non_fips_allow=1;
|
||||
else if (!strcmp(*argv,"-fips-fingerprint"))
|
||||
hmac_key = "etaonrishdlcupfm";
|
||||
else if (strcmp(*argv,"-non-fips-allow") == 0)
|
||||
non_fips_allow=1;
|
||||
else if (!strcmp(*argv,"-hmac"))
|
||||
{
|
||||
if (--argc < 1)
|
||||
|
||||
@ -326,6 +326,7 @@ bad:
|
||||
goto end;
|
||||
}
|
||||
#endif
|
||||
ERR_print_errors(bio_err);
|
||||
BIO_printf(bio_err,"Error, DSA key generation failed\n");
|
||||
goto end;
|
||||
}
|
||||
@ -429,13 +430,19 @@ bad:
|
||||
|
||||
assert(need_rand);
|
||||
if ((dsakey=DSAparams_dup(dsa)) == NULL) goto end;
|
||||
if (!DSA_generate_key(dsakey)) goto end;
|
||||
if (!DSA_generate_key(dsakey))
|
||||
{
|
||||
ERR_print_errors(bio_err);
|
||||
DSA_free(dsakey);
|
||||
goto end;
|
||||
}
|
||||
if (outformat == FORMAT_ASN1)
|
||||
i=i2d_DSAPrivateKey_bio(out,dsakey);
|
||||
else if (outformat == FORMAT_PEM)
|
||||
i=PEM_write_bio_DSAPrivateKey(out,dsakey,NULL,NULL,0,NULL,NULL);
|
||||
else {
|
||||
BIO_printf(bio_err,"bad output format specified for outfile\n");
|
||||
DSA_free(dsakey);
|
||||
goto end;
|
||||
}
|
||||
DSA_free(dsakey);
|
||||
|
||||
@ -237,8 +237,8 @@ int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file)
|
||||
|
||||
/* If we are using DSA, we can copy the parameters from
|
||||
* the private key */
|
||||
|
||||
|
||||
|
||||
|
||||
/* Now we know that a key and cert have been set against
|
||||
* the SSL context */
|
||||
if (!SSL_CTX_check_private_key(ctx))
|
||||
|
||||
@ -357,7 +357,7 @@ static void sc_usage(void)
|
||||
BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions received\n");
|
||||
BIO_printf(bio_err," -status - request certificate status from server\n");
|
||||
BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n");
|
||||
# if !defined(OPENSSL_NO_NEXTPROTONEG)
|
||||
# ifndef OPENSSL_NO_NEXTPROTONEG
|
||||
BIO_printf(bio_err," -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n");
|
||||
# endif
|
||||
#endif
|
||||
@ -536,7 +536,7 @@ static int next_proto_cb(SSL *s, unsigned char **out, unsigned char *outlen, con
|
||||
ctx->status = SSL_select_next_proto(out, outlen, in, inlen, ctx->data, ctx->len);
|
||||
return SSL_TLSEXT_ERR_OK;
|
||||
}
|
||||
# endif
|
||||
# endif /* ndef OPENSSL_NO_NEXTPROTONEG */
|
||||
#endif
|
||||
|
||||
enum
|
||||
|
||||
@ -1206,13 +1206,13 @@ int MAIN(int argc, char *argv[])
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
srp_verifier_file = *(++argv);
|
||||
meth=TLSv1_server_method();
|
||||
meth = TLSv1_server_method();
|
||||
}
|
||||
else if (strcmp(*argv, "-srpuserseed") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
srpuserseed = *(++argv);
|
||||
meth=TLSv1_server_method();
|
||||
meth = TLSv1_server_method();
|
||||
}
|
||||
#endif
|
||||
else if (strcmp(*argv,"-www") == 0)
|
||||
@ -1730,7 +1730,7 @@ bad:
|
||||
}
|
||||
#endif
|
||||
|
||||
if (!set_cert_key_stuff(ctx,s_cert,s_key))
|
||||
if (!set_cert_key_stuff(ctx, s_cert, s_key))
|
||||
goto end;
|
||||
#ifndef OPENSSL_NO_TLSEXT
|
||||
if (ctx2 && !set_cert_key_stuff(ctx2,s_cert2,s_key2))
|
||||
@ -1738,7 +1738,7 @@ bad:
|
||||
#endif
|
||||
if (s_dcert != NULL)
|
||||
{
|
||||
if (!set_cert_key_stuff(ctx,s_dcert,s_dkey))
|
||||
if (!set_cert_key_stuff(ctx, s_dcert, s_dkey))
|
||||
goto end;
|
||||
}
|
||||
|
||||
@ -2433,6 +2433,7 @@ static int init_ssl_connection(SSL *con)
|
||||
BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf);
|
||||
str=SSL_CIPHER_get_name(SSL_get_current_cipher(con));
|
||||
BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)");
|
||||
|
||||
#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
|
||||
SSL_get0_next_proto_negotiated(con, &next_proto_neg, &next_proto_neg_len);
|
||||
if (next_proto_neg)
|
||||
@ -2701,6 +2702,11 @@ static int www_body(char *hostname, int s, unsigned char *context)
|
||||
}
|
||||
BIO_puts(io,"\n");
|
||||
|
||||
BIO_printf(io,
|
||||
"Secure Renegotiation IS%s supported\n",
|
||||
SSL_get_secure_renegotiation_support(con) ?
|
||||
"" : " NOT");
|
||||
|
||||
/* The following is evil and should not really
|
||||
* be done */
|
||||
BIO_printf(io,"Ciphers supported in s_server binary\n");
|
||||
|
||||
@ -254,7 +254,7 @@ static const char *names[ALGOR_NUM]={
|
||||
"aes-128 cbc","aes-192 cbc","aes-256 cbc",
|
||||
"camellia-128 cbc","camellia-192 cbc","camellia-256 cbc",
|
||||
"evp","sha256","sha512","whirlpool",
|
||||
"aes-128 ige","aes-192 ige","aes-256 ige","ghash"};
|
||||
"aes-128 ige","aes-192 ige","aes-256 ige","ghash" };
|
||||
static double results[ALGOR_NUM][SIZE_NUM];
|
||||
static int lengths[SIZE_NUM]={16,64,256,1024,8*1024};
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
@ -299,7 +299,7 @@ static SIGRETTYPE sig_done(int sig)
|
||||
#if defined(_WIN32)
|
||||
|
||||
#if !defined(SIGALRM)
|
||||
#define SIGALRM
|
||||
# define SIGALRM
|
||||
#endif
|
||||
static unsigned int lapse,schlock;
|
||||
static void alarm_win32(unsigned int secs) { lapse = secs*1000; }
|
||||
|
||||
30
apps/srp.c
30
apps/srp.c
@ -125,13 +125,13 @@ static int get_index(CA_DB *db, char* id, char type)
|
||||
if (type == DB_SRP_INDEX)
|
||||
for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
|
||||
{
|
||||
pp = (char **)sk_OPENSSL_PSTRING_value(db->db->data, i);
|
||||
if (pp[DB_srptype][0] == DB_SRP_INDEX && !strcmp(id, pp[DB_srpid]))
|
||||
pp = sk_OPENSSL_PSTRING_value(db->db->data,i);
|
||||
if (pp[DB_srptype][0] == DB_SRP_INDEX && !strcmp(id,pp[DB_srpid]))
|
||||
return i;
|
||||
}
|
||||
else for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
|
||||
{
|
||||
pp = (char **)sk_OPENSSL_PSTRING_value(db->db->data, i);
|
||||
pp = sk_OPENSSL_PSTRING_value(db->db->data,i);
|
||||
|
||||
if (pp[DB_srptype][0] != DB_SRP_INDEX && !strcmp(id,pp[DB_srpid]))
|
||||
return i;
|
||||
@ -145,7 +145,7 @@ static void print_entry(CA_DB *db, BIO *bio, int indx, int verbose, char *s)
|
||||
if (indx >= 0 && verbose)
|
||||
{
|
||||
int j;
|
||||
char **pp = (char **)sk_OPENSSL_PSTRING_value(db->db->data, indx);
|
||||
char **pp = sk_OPENSSL_PSTRING_value(db->db->data, indx);
|
||||
BIO_printf(bio, "%s \"%s\"\n", s, pp[DB_srpid]);
|
||||
for (j = 0; j < DB_NUMBER; j++)
|
||||
{
|
||||
@ -163,7 +163,7 @@ static void print_user(CA_DB *db, BIO *bio, int userindex, int verbose)
|
||||
{
|
||||
if (verbose > 0)
|
||||
{
|
||||
char **pp = (char **)sk_OPENSSL_PSTRING_value(db->db->data, userindex);
|
||||
char **pp = sk_OPENSSL_PSTRING_value(db->db->data,userindex);
|
||||
|
||||
if (pp[DB_srptype][0] != 'I')
|
||||
{
|
||||
@ -517,7 +517,7 @@ bad:
|
||||
/* Lets check some fields */
|
||||
for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
|
||||
{
|
||||
pp = (char **)sk_OPENSSL_PSTRING_value(db->db->data, i);
|
||||
pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
|
||||
|
||||
if (pp[DB_srptype][0] == DB_SRP_INDEX)
|
||||
{
|
||||
@ -533,8 +533,8 @@ bad:
|
||||
|
||||
if (gNindex >= 0)
|
||||
{
|
||||
gNrow = (char **)sk_OPENSSL_PSTRING_value(db->db->data, gNindex);
|
||||
print_entry(db, bio_err, gNindex, verbose > 1, "Default g and N") ;
|
||||
gNrow = sk_OPENSSL_PSTRING_value(db->db->data,gNindex);
|
||||
print_entry(db, bio_err, gNindex, verbose > 1, "Default g and N");
|
||||
}
|
||||
else if (maxgN > 0 && !SRP_get_default_gN(gN))
|
||||
{
|
||||
@ -587,7 +587,7 @@ bad:
|
||||
if (userindex >= 0)
|
||||
{
|
||||
/* reactivation of a new user */
|
||||
char **row = (char **)sk_OPENSSL_PSTRING_value(db->db->data, userindex);
|
||||
char **row = sk_OPENSSL_PSTRING_value(db->db->data, userindex);
|
||||
BIO_printf(bio_err, "user \"%s\" reactivated.\n", user);
|
||||
row[DB_srptype][0] = 'V';
|
||||
|
||||
@ -634,7 +634,7 @@ bad:
|
||||
else
|
||||
{
|
||||
|
||||
char **row = (char **)sk_OPENSSL_PSTRING_value(db->db->data, userindex);
|
||||
char **row = sk_OPENSSL_PSTRING_value(db->db->data, userindex);
|
||||
char type = row[DB_srptype][0];
|
||||
if (type == 'v')
|
||||
{
|
||||
@ -664,9 +664,9 @@ bad:
|
||||
|
||||
if (!(gNid=srp_create_user(user,&(row[DB_srpverifier]), &(row[DB_srpsalt]),gNrow?gNrow[DB_srpsalt]:NULL, gNrow?gNrow[DB_srpverifier]:NULL, passout, bio_err,verbose)))
|
||||
{
|
||||
BIO_printf(bio_err, "Cannot create srp verifier for user \"%s\", operation abandoned.\n", user);
|
||||
errors++;
|
||||
goto err;
|
||||
BIO_printf(bio_err, "Cannot create srp verifier for user \"%s\", operation abandoned.\n", user);
|
||||
errors++;
|
||||
goto err;
|
||||
}
|
||||
|
||||
row[DB_srptype][0] = 'v';
|
||||
@ -689,7 +689,7 @@ bad:
|
||||
}
|
||||
else
|
||||
{
|
||||
char **xpp = (char **)sk_OPENSSL_PSTRING_value(db->db->data, userindex);
|
||||
char **xpp = sk_OPENSSL_PSTRING_value(db->db->data,userindex);
|
||||
BIO_printf(bio_err, "user \"%s\" revoked. t\n", user);
|
||||
|
||||
xpp[DB_srptype][0] = 'R';
|
||||
@ -714,7 +714,7 @@ bad:
|
||||
/* Lets check some fields */
|
||||
for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
|
||||
{
|
||||
pp = (char **)sk_OPENSSL_PSTRING_value(db->db->data, i);
|
||||
pp = sk_OPENSSL_PSTRING_value(db->db->data,i);
|
||||
|
||||
if (pp[DB_srptype][0] == 'v')
|
||||
{
|
||||
|
||||
@ -235,13 +235,16 @@ end:
|
||||
BIO_printf(bio_err," [-engine e]");
|
||||
#endif
|
||||
BIO_printf(bio_err," cert1 cert2 ...\n");
|
||||
|
||||
BIO_printf(bio_err,"recognized usages:\n");
|
||||
for(i = 0; i < X509_PURPOSE_get_count(); i++) {
|
||||
for(i = 0; i < X509_PURPOSE_get_count(); i++)
|
||||
{
|
||||
X509_PURPOSE *ptmp;
|
||||
ptmp = X509_PURPOSE_get0(i);
|
||||
BIO_printf(bio_err, "\t%-10s\t%s\n", X509_PURPOSE_get0_sname(ptmp),
|
||||
X509_PURPOSE_get0_name(ptmp));
|
||||
}
|
||||
BIO_printf(bio_err, "\t%-10s\t%s\n",
|
||||
X509_PURPOSE_get0_sname(ptmp),
|
||||
X509_PURPOSE_get0_name(ptmp));
|
||||
}
|
||||
}
|
||||
if (vpm) X509_VERIFY_PARAM_free(vpm);
|
||||
if (cert_ctx != NULL) X509_STORE_free(cert_ctx);
|
||||
|
||||
@ -288,7 +288,7 @@ int MAIN(int argc, char **argv)
|
||||
days=atoi(*(++argv));
|
||||
if (days == 0)
|
||||
{
|
||||
BIO_printf(STDout,"bad number of days\n");
|
||||
BIO_printf(bio_err,"bad number of days\n");
|
||||
goto bad;
|
||||
}
|
||||
}
|
||||
@ -912,7 +912,7 @@ bad:
|
||||
}
|
||||
else if (text == i)
|
||||
{
|
||||
X509_print_ex(out,x,nmflag, certflag);
|
||||
X509_print_ex(STDout,x,nmflag, certflag);
|
||||
}
|
||||
else if (startdate == i)
|
||||
{
|
||||
|
||||
@ -50,7 +50,6 @@
|
||||
*/
|
||||
|
||||
#include <openssl/opensslv.h>
|
||||
#include <openssl/crypto.h>
|
||||
#include <openssl/aes.h>
|
||||
#include "aes_locl.h"
|
||||
|
||||
|
||||
@ -81,6 +81,16 @@
|
||||
#define IP_MTU 14 /* linux is lame */
|
||||
#endif
|
||||
|
||||
#ifdef __FreeBSD__
|
||||
/* Standard definition causes type-punning problems. */
|
||||
#undef IN6_IS_ADDR_V4MAPPED
|
||||
#define s6_addr32 __u6_addr.__u6_addr32
|
||||
#define IN6_IS_ADDR_V4MAPPED(a) \
|
||||
(((a)->s6_addr32[0] == 0) && \
|
||||
((a)->s6_addr32[1] == 0) && \
|
||||
((a)->s6_addr32[2] == htonl(0x0000ffff)))
|
||||
#endif
|
||||
|
||||
#ifdef WATT32
|
||||
#define sock_write SockWrite /* Watt-32 uses same names */
|
||||
#define sock_read SockRead
|
||||
|
||||
@ -141,6 +141,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
|
||||
*
|
||||
* <appro@fy.chalmers.se>
|
||||
*/
|
||||
#undef bn_div_words
|
||||
# define bn_div_words(n0,n1,d0) \
|
||||
({ asm volatile ( \
|
||||
"divl %4" \
|
||||
@ -155,6 +156,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
|
||||
* Same story here, but it's 128-bit by 64-bit division. Wow!
|
||||
* <appro@fy.chalmers.se>
|
||||
*/
|
||||
# undef bn_div_words
|
||||
# define bn_div_words(n0,n1,d0) \
|
||||
({ asm volatile ( \
|
||||
"divq %4" \
|
||||
|
||||
@ -205,6 +205,7 @@ err:
|
||||
/* solves ax == 1 (mod n) */
|
||||
static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
|
||||
const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx);
|
||||
|
||||
BIGNUM *BN_mod_inverse(BIGNUM *in,
|
||||
const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
|
||||
{
|
||||
|
||||
@ -50,7 +50,6 @@
|
||||
*/
|
||||
|
||||
#include <openssl/opensslv.h>
|
||||
#include <openssl/crypto.h>
|
||||
#include <openssl/camellia.h>
|
||||
#include "cmll_locl.h"
|
||||
|
||||
|
||||
@ -56,7 +56,6 @@
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
|
||||
#include <openssl/crypto.h>
|
||||
#include <openssl/cast.h>
|
||||
#include "cast_lcl.h"
|
||||
#include "cast_s.h"
|
||||
|
||||
@ -74,7 +74,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
|
||||
X509_ALGOR *calg = ec->contentEncryptionAlgorithm;
|
||||
unsigned char iv[EVP_MAX_IV_LENGTH], *piv = NULL;
|
||||
unsigned char *tkey = NULL;
|
||||
size_t tkeylen;
|
||||
size_t tkeylen = 0;
|
||||
|
||||
int ok = 0;
|
||||
|
||||
|
||||
@ -411,9 +411,7 @@ int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
|
||||
* algorithm OID instead of digest.
|
||||
*/
|
||||
|| EVP_MD_pkey_type(EVP_MD_CTX_md(mtmp)) == nid)
|
||||
{
|
||||
return EVP_MD_CTX_copy_ex(mctx, mtmp);
|
||||
}
|
||||
chain = BIO_next(chain);
|
||||
}
|
||||
}
|
||||
|
||||
@ -704,6 +704,7 @@ void OPENSSL_cpuid_setup(void)
|
||||
}
|
||||
else
|
||||
vec = OPENSSL_ia32_cpuid();
|
||||
|
||||
/*
|
||||
* |(1<<10) sets a reserved bit to signal that variable
|
||||
* was initialized already... This is to avoid interference
|
||||
|
||||
@ -100,7 +100,7 @@ extern "C" {
|
||||
|
||||
void OPENSSL_cpuid_setup(void);
|
||||
extern unsigned int OPENSSL_ia32cap_P[];
|
||||
void OPENSSL_showfatal(const char *,...);
|
||||
void OPENSSL_showfatal(const char *fmta,...);
|
||||
void *OPENSSL_stderr(void);
|
||||
extern int OPENSSL_NONPIC_relocated;
|
||||
|
||||
|
||||
@ -488,10 +488,10 @@ void CRYPTO_get_mem_debug_functions(void (**m)(void *,int,const char *,int,int),
|
||||
long (**go)(void));
|
||||
|
||||
void *CRYPTO_malloc_locked(int num, const char *file, int line);
|
||||
void CRYPTO_free_locked(void *);
|
||||
void CRYPTO_free_locked(void *ptr);
|
||||
void *CRYPTO_malloc(int num, const char *file, int line);
|
||||
char *CRYPTO_strdup(const char *str, const char *file, int line);
|
||||
void CRYPTO_free(void *);
|
||||
void CRYPTO_free(void *ptr);
|
||||
void *CRYPTO_realloc(void *addr,int num, const char *file, int line);
|
||||
void *CRYPTO_realloc_clean(void *addr,int old_num,int num,const char *file,
|
||||
int line);
|
||||
|
||||
@ -63,9 +63,8 @@
|
||||
* 1.1 added norm_expand_bits
|
||||
* 1.0 First working version
|
||||
*/
|
||||
#include "des_locl.h"
|
||||
|
||||
#include <openssl/crypto.h>
|
||||
#include "des_locl.h"
|
||||
|
||||
OPENSSL_IMPLEMENT_GLOBAL(int,DES_check_key,0) /* defaults to false */
|
||||
|
||||
|
||||
@ -56,8 +56,8 @@
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
|
||||
#include "des_locl.h"
|
||||
#include <openssl/crypto.h>
|
||||
#include "des_locl.h"
|
||||
|
||||
void DES_string_to_key(const char *str, DES_cblock *key)
|
||||
{
|
||||
|
||||
@ -274,10 +274,10 @@ int EC_GROUP_get_curve_name(const EC_GROUP *group);
|
||||
void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag);
|
||||
int EC_GROUP_get_asn1_flag(const EC_GROUP *group);
|
||||
|
||||
void EC_GROUP_set_point_conversion_form(EC_GROUP *, point_conversion_form_t);
|
||||
void EC_GROUP_set_point_conversion_form(EC_GROUP *group, point_conversion_form_t form);
|
||||
point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *);
|
||||
|
||||
unsigned char *EC_GROUP_get0_seed(const EC_GROUP *);
|
||||
unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x);
|
||||
size_t EC_GROUP_get_seed_len(const EC_GROUP *);
|
||||
size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len);
|
||||
|
||||
@ -626,8 +626,8 @@ int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *c
|
||||
*/
|
||||
int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx);
|
||||
|
||||
int EC_POINT_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *);
|
||||
int EC_POINTs_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *);
|
||||
int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx);
|
||||
int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx);
|
||||
|
||||
/** Computes r = generator * n sum_{i=0}^num p[i] * m[i]
|
||||
* \param group underlying EC_GROUP object
|
||||
@ -800,16 +800,16 @@ const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key);
|
||||
int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub);
|
||||
|
||||
unsigned EC_KEY_get_enc_flags(const EC_KEY *key);
|
||||
void EC_KEY_set_enc_flags(EC_KEY *, unsigned int);
|
||||
point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *);
|
||||
void EC_KEY_set_conv_form(EC_KEY *, point_conversion_form_t);
|
||||
void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags);
|
||||
point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key);
|
||||
void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform);
|
||||
/* functions to set/get method specific data */
|
||||
void *EC_KEY_get_key_method_data(EC_KEY *,
|
||||
void *EC_KEY_get_key_method_data(EC_KEY *key,
|
||||
void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
|
||||
void EC_KEY_insert_key_method_data(EC_KEY *, void *data,
|
||||
void EC_KEY_insert_key_method_data(EC_KEY *key, void *data,
|
||||
void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
|
||||
/* wrapper functions for the underlying EC_GROUP object */
|
||||
void EC_KEY_set_asn1_flag(EC_KEY *, int);
|
||||
void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag);
|
||||
|
||||
/** Creates a table of pre-computed multiples of the generator to
|
||||
* accelerate further EC_KEY operations.
|
||||
|
||||
@ -188,7 +188,7 @@ static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
|
||||
|
||||
pubkey = EC_KEY_get0_public_key(ctx->peerkey->pkey.ec);
|
||||
|
||||
/* NB: unlike PKS#3 DH, if *outlen is less than maximum size this is
|
||||
/* NB: unlike PKCS#3 DH, if *outlen is less than maximum size this is
|
||||
* not an error, the result is truncated.
|
||||
*/
|
||||
|
||||
|
||||
@ -114,7 +114,6 @@ const EC_METHOD *EC_GFp_mont_method(void)
|
||||
ec_GFp_mont_field_decode,
|
||||
ec_GFp_mont_field_set_to_one };
|
||||
|
||||
|
||||
return &ret;
|
||||
#endif
|
||||
}
|
||||
|
||||
@ -236,7 +236,7 @@ static void group_order_tests(EC_GROUP *group)
|
||||
}
|
||||
|
||||
static void prime_field_tests(void)
|
||||
{
|
||||
{
|
||||
BN_CTX *ctx = NULL;
|
||||
BIGNUM *p, *a, *b;
|
||||
EC_GROUP *group;
|
||||
|
||||
@ -68,9 +68,6 @@
|
||||
*/
|
||||
|
||||
#include "ech_locl.h"
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
#include <openssl/engine.h>
|
||||
#endif
|
||||
|
||||
int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
|
||||
EC_KEY *eckey,
|
||||
|
||||
@ -95,6 +95,9 @@
|
||||
#include <openssl/ui.h>
|
||||
#include <openssl/ocsp.h>
|
||||
#include <openssl/err.h>
|
||||
#ifdef OPENSSL_FIPS
|
||||
#include <openssl/fips.h>
|
||||
#endif
|
||||
#include <openssl/ts.h>
|
||||
#ifndef OPENSSL_NO_CMS
|
||||
#include <openssl/cms.h>
|
||||
@ -104,10 +107,6 @@
|
||||
#endif
|
||||
#include <openssl/comp.h>
|
||||
|
||||
#ifdef OPENSSL_FIPS
|
||||
#include <openssl/fips.h>
|
||||
#endif
|
||||
|
||||
void ERR_load_crypto_strings(void)
|
||||
{
|
||||
#ifndef OPENSSL_NO_ERR
|
||||
@ -153,6 +152,9 @@ void ERR_load_crypto_strings(void)
|
||||
#endif
|
||||
ERR_load_OCSP_strings();
|
||||
ERR_load_UI_strings();
|
||||
#ifdef OPENSSL_FIPS
|
||||
ERR_load_FIPS_strings();
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_CMS
|
||||
ERR_load_CMS_strings();
|
||||
#endif
|
||||
@ -160,8 +162,5 @@ void ERR_load_crypto_strings(void)
|
||||
ERR_load_JPAKE_strings();
|
||||
#endif
|
||||
ERR_load_COMP_strings();
|
||||
#endif
|
||||
#ifdef OPENSSL_FIPS
|
||||
ERR_load_FIPS_strings();
|
||||
#endif
|
||||
}
|
||||
|
||||
@ -67,7 +67,7 @@ files:
|
||||
links:
|
||||
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
|
||||
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
|
||||
cp $(TESTDATA) ../../test
|
||||
[ ! -f $(TESTDATA) ] || cp $(TESTDATA) ../../test
|
||||
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
|
||||
|
||||
install:
|
||||
|
||||
@ -267,6 +267,7 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
|
||||
return FIPS_digestfinal(ctx, md, size);
|
||||
#else
|
||||
int ret;
|
||||
|
||||
OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
|
||||
ret=ctx->digest->final(ctx,md);
|
||||
if (size != NULL)
|
||||
|
||||
@ -58,7 +58,6 @@
|
||||
#include <openssl/objects.h>
|
||||
#include <openssl/aes.h>
|
||||
#include <openssl/sha.h>
|
||||
#include "evp_locl.h"
|
||||
|
||||
#ifndef EVP_CIPH_FLAG_AEAD_CIPHER
|
||||
#define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000
|
||||
|
||||
@ -62,7 +62,6 @@
|
||||
#ifndef OPENSSL_NO_RC4
|
||||
|
||||
#include <openssl/evp.h>
|
||||
#include "evp_locl.h"
|
||||
#include <openssl/objects.h>
|
||||
#include <openssl/rc4.h>
|
||||
|
||||
|
||||
@ -402,7 +402,6 @@ struct evp_cipher_st
|
||||
/* Length of tag for TLS */
|
||||
#define EVP_GCM_TLS_TAG_LEN 16
|
||||
|
||||
|
||||
typedef struct evp_cipher_info_st
|
||||
{
|
||||
const EVP_CIPHER *cipher;
|
||||
@ -789,8 +788,8 @@ const EVP_CIPHER *EVP_aes_128_cfb128(void);
|
||||
# define EVP_aes_128_cfb EVP_aes_128_cfb128
|
||||
const EVP_CIPHER *EVP_aes_128_ofb(void);
|
||||
const EVP_CIPHER *EVP_aes_128_ctr(void);
|
||||
const EVP_CIPHER *EVP_aes_128_gcm(void);
|
||||
const EVP_CIPHER *EVP_aes_128_ccm(void);
|
||||
const EVP_CIPHER *EVP_aes_128_gcm(void);
|
||||
const EVP_CIPHER *EVP_aes_128_xts(void);
|
||||
const EVP_CIPHER *EVP_aes_192_ecb(void);
|
||||
const EVP_CIPHER *EVP_aes_192_cbc(void);
|
||||
@ -800,8 +799,8 @@ const EVP_CIPHER *EVP_aes_192_cfb128(void);
|
||||
# define EVP_aes_192_cfb EVP_aes_192_cfb128
|
||||
const EVP_CIPHER *EVP_aes_192_ofb(void);
|
||||
const EVP_CIPHER *EVP_aes_192_ctr(void);
|
||||
const EVP_CIPHER *EVP_aes_192_gcm(void);
|
||||
const EVP_CIPHER *EVP_aes_192_ccm(void);
|
||||
const EVP_CIPHER *EVP_aes_192_gcm(void);
|
||||
const EVP_CIPHER *EVP_aes_256_ecb(void);
|
||||
const EVP_CIPHER *EVP_aes_256_cbc(void);
|
||||
const EVP_CIPHER *EVP_aes_256_cfb1(void);
|
||||
@ -810,8 +809,8 @@ const EVP_CIPHER *EVP_aes_256_cfb128(void);
|
||||
# define EVP_aes_256_cfb EVP_aes_256_cfb128
|
||||
const EVP_CIPHER *EVP_aes_256_ofb(void);
|
||||
const EVP_CIPHER *EVP_aes_256_ctr(void);
|
||||
const EVP_CIPHER *EVP_aes_256_gcm(void);
|
||||
const EVP_CIPHER *EVP_aes_256_ccm(void);
|
||||
const EVP_CIPHER *EVP_aes_256_gcm(void);
|
||||
const EVP_CIPHER *EVP_aes_256_xts(void);
|
||||
#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
|
||||
const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void);
|
||||
|
||||
@ -60,7 +60,7 @@
|
||||
#include "cryptlib.h"
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/objects.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/sha.h>
|
||||
#ifndef OPENSSL_NO_DSA
|
||||
#include <openssl/dsa.h>
|
||||
#endif
|
||||
|
||||
@ -63,7 +63,7 @@
|
||||
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/objects.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/sha.h>
|
||||
#ifndef OPENSSL_NO_DSA
|
||||
#include <openssl/dsa.h>
|
||||
#endif
|
||||
|
||||
@ -69,8 +69,6 @@
|
||||
#include <openssl/rsa.h>
|
||||
#endif
|
||||
|
||||
#include "evp_locl.h"
|
||||
|
||||
static int init(EVP_MD_CTX *ctx)
|
||||
{ return MD4_Init(ctx->md_data); }
|
||||
|
||||
|
||||
@ -68,7 +68,6 @@
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
#include <openssl/rsa.h>
|
||||
#endif
|
||||
#include "evp_locl.h"
|
||||
|
||||
static int init(EVP_MD_CTX *ctx)
|
||||
{ return MD5_Init(ctx->md_data); }
|
||||
|
||||
@ -69,8 +69,6 @@
|
||||
#include <openssl/rsa.h>
|
||||
#endif
|
||||
|
||||
#include "evp_locl.h"
|
||||
|
||||
static int init(EVP_MD_CTX *ctx)
|
||||
{ return MDC2_Init(ctx->md_data); }
|
||||
|
||||
|
||||
@ -68,7 +68,6 @@
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
#include <openssl/rsa.h>
|
||||
#endif
|
||||
#include "evp_locl.h"
|
||||
|
||||
static int init(EVP_MD_CTX *ctx)
|
||||
{ return RIPEMD160_Init(ctx->md_data); }
|
||||
|
||||
@ -67,7 +67,6 @@
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
#include <openssl/rsa.h>
|
||||
#endif
|
||||
#include "evp_locl.h"
|
||||
|
||||
static int init(EVP_MD_CTX *ctx)
|
||||
{ return SHA_Init(ctx->md_data); }
|
||||
|
||||
@ -65,7 +65,7 @@
|
||||
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/objects.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/sha.h>
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
#include <openssl/rsa.h>
|
||||
#endif
|
||||
|
||||
@ -9,7 +9,6 @@
|
||||
#include <openssl/objects.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/whrlpool.h>
|
||||
#include "evp_locl.h"
|
||||
|
||||
static int init(EVP_MD_CTX *ctx)
|
||||
{ return WHIRLPOOL_Init(ctx->md_data); }
|
||||
|
||||
@ -80,7 +80,7 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen,
|
||||
{
|
||||
unsigned char m[EVP_MAX_MD_SIZE];
|
||||
unsigned int m_len;
|
||||
int i=0,ok=0,v;
|
||||
int i = 0,ok = 0,v;
|
||||
EVP_MD_CTX tmp_ctx;
|
||||
EVP_PKEY_CTX *pkctx = NULL;
|
||||
|
||||
|
||||
@ -67,7 +67,7 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
|
||||
{
|
||||
unsigned char m[EVP_MAX_MD_SIZE];
|
||||
unsigned int m_len;
|
||||
int i=-1,ok=0,v;
|
||||
int i = 0,ok = 0,v;
|
||||
EVP_MD_CTX tmp_ctx;
|
||||
EVP_PKEY_CTX *pkctx = NULL;
|
||||
|
||||
|
||||
@ -56,7 +56,6 @@
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
|
||||
#include <openssl/crypto.h>
|
||||
#include <openssl/idea.h>
|
||||
#include "idea_lcl.h"
|
||||
|
||||
|
||||
@ -59,9 +59,9 @@
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <openssl/crypto.h>
|
||||
#include <openssl/des.h>
|
||||
#include <openssl/mdc2.h>
|
||||
#include <openssl/crypto.h>
|
||||
|
||||
#undef c2l
|
||||
#define c2l(c,l) (l =((DES_LONG)(*((c)++))) , \
|
||||
|
||||
@ -121,10 +121,10 @@ static void (*set_debug_options_func)(long) = NULL;
|
||||
static long (*get_debug_options_func)(void) = NULL;
|
||||
#endif
|
||||
|
||||
|
||||
int CRYPTO_set_mem_functions(void *(*m)(size_t), void *(*r)(void *, size_t),
|
||||
void (*f)(void *))
|
||||
{
|
||||
/* Dummy call just to ensure OPENSSL_init() gets linked in */
|
||||
OPENSSL_init();
|
||||
if (!allow_customize)
|
||||
return 0;
|
||||
|
||||
@ -635,7 +635,7 @@ sub mmx_loop() {
|
||||
{ my @lo = ("mm0","mm1","mm2");
|
||||
my @hi = ("mm3","mm4","mm5");
|
||||
my @tmp = ("mm6","mm7");
|
||||
my $off1=0,$off2=0,$i;
|
||||
my ($off1,$off2,$i) = (0,0,);
|
||||
|
||||
&add ($Htbl,128); # optimize for size
|
||||
&lea ("edi",&DWP(16+128,"esp"));
|
||||
@ -883,7 +883,7 @@ sub reduction_alg9 { # 17/13 times faster than Intel version
|
||||
my ($Xhi,$Xi) = @_;
|
||||
|
||||
# 1st phase
|
||||
&movdqa ($T1,$Xi) #
|
||||
&movdqa ($T1,$Xi); #
|
||||
&psllq ($Xi,1);
|
||||
&pxor ($Xi,$T1); #
|
||||
&psllq ($Xi,5); #
|
||||
@ -1019,7 +1019,7 @@ my ($Xhi,$Xi) = @_;
|
||||
&movdqa ($Xhn,$Xn);
|
||||
&pxor ($Xhi,$T1); # "Ii+Xi", consume early
|
||||
|
||||
&movdqa ($T1,$Xi) #&reduction_alg9($Xhi,$Xi); 1st phase
|
||||
&movdqa ($T1,$Xi); #&reduction_alg9($Xhi,$Xi); 1st phase
|
||||
&psllq ($Xi,1);
|
||||
&pxor ($Xi,$T1); #
|
||||
&psllq ($Xi,5); #
|
||||
|
||||
@ -723,7 +723,7 @@ void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx,void *key,block128_f block)
|
||||
# endif
|
||||
gcm_init_4bit(ctx->Htable,ctx->H.u);
|
||||
# if defined(GHASH_ASM_X86) /* x86 only */
|
||||
# if defined(OPENSSL_IA32_SSE2)
|
||||
# if defined(OPENSSL_IA32_SSE2)
|
||||
if (OPENSSL_ia32cap_P[0]&(1<<25)) { /* check SSE bit */
|
||||
# else
|
||||
if (OPENSSL_ia32cap_P[0]&(1<<23)) { /* check MMX bit */
|
||||
|
||||
@ -394,7 +394,8 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
|
||||
goto err;
|
||||
/* The 'iv' is used as the iv and as a salt. It is
|
||||
* NOT taken from the BytesToKey function */
|
||||
EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL);
|
||||
if (!EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL))
|
||||
goto err;
|
||||
|
||||
if (kstr == (unsigned char *)buf) OPENSSL_cleanse(buf,PEM_BUFSIZE);
|
||||
|
||||
@ -406,12 +407,15 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
|
||||
/* k=strlen(buf); */
|
||||
|
||||
EVP_CIPHER_CTX_init(&ctx);
|
||||
EVP_EncryptInit_ex(&ctx,enc,NULL,key,iv);
|
||||
EVP_EncryptUpdate(&ctx,data,&j,data,i);
|
||||
EVP_EncryptFinal_ex(&ctx,&(data[j]),&i);
|
||||
ret = 1;
|
||||
if (!EVP_EncryptInit_ex(&ctx,enc,NULL,key,iv)
|
||||
|| !EVP_EncryptUpdate(&ctx,data,&j,data,i)
|
||||
|| !EVP_EncryptFinal_ex(&ctx,&(data[j]),&i))
|
||||
ret = 0;
|
||||
EVP_CIPHER_CTX_cleanup(&ctx);
|
||||
if (ret == 0)
|
||||
goto err;
|
||||
i+=j;
|
||||
ret=1;
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -459,14 +463,17 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
|
||||
ebcdic2ascii(buf, buf, klen);
|
||||
#endif
|
||||
|
||||
EVP_BytesToKey(cipher->cipher,EVP_md5(),&(cipher->iv[0]),
|
||||
(unsigned char *)buf,klen,1,key,NULL);
|
||||
if (!EVP_BytesToKey(cipher->cipher,EVP_md5(),&(cipher->iv[0]),
|
||||
(unsigned char *)buf,klen,1,key,NULL))
|
||||
return 0;
|
||||
|
||||
j=(int)len;
|
||||
EVP_CIPHER_CTX_init(&ctx);
|
||||
EVP_DecryptInit_ex(&ctx,cipher->cipher,NULL, key,&(cipher->iv[0]));
|
||||
EVP_DecryptUpdate(&ctx,data,&i,data,j);
|
||||
o=EVP_DecryptFinal_ex(&ctx,&(data[i]),&j);
|
||||
o = EVP_DecryptInit_ex(&ctx,cipher->cipher,NULL, key,&(cipher->iv[0]));
|
||||
if (o)
|
||||
o = EVP_DecryptUpdate(&ctx,data,&i,data,j);
|
||||
if (o)
|
||||
o = EVP_DecryptFinal_ex(&ctx,&(data[i]),&j);
|
||||
EVP_CIPHER_CTX_cleanup(&ctx);
|
||||
OPENSSL_cleanse((char *)buf,sizeof(buf));
|
||||
OPENSSL_cleanse((char *)key,sizeof(key));
|
||||
|
||||
@ -96,7 +96,8 @@ int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type,
|
||||
EVP_EncodeInit(&ctx->encode);
|
||||
|
||||
EVP_MD_CTX_init(&ctx->md);
|
||||
EVP_SignInit(&ctx->md,md_type);
|
||||
if (!EVP_SignInit(&ctx->md,md_type))
|
||||
goto err;
|
||||
|
||||
EVP_CIPHER_CTX_init(&ctx->cipher);
|
||||
ret=EVP_SealInit(&ctx->cipher,type,ek,ekl,iv,pubk,npubk);
|
||||
@ -163,7 +164,8 @@ int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl,
|
||||
goto err;
|
||||
}
|
||||
|
||||
EVP_EncryptFinal_ex(&ctx->cipher,s,(int *)&i);
|
||||
if (!EVP_EncryptFinal_ex(&ctx->cipher,s,(int *)&i))
|
||||
goto err;
|
||||
EVP_EncodeUpdate(&ctx->encode,out,&j,s,i);
|
||||
*outl=j;
|
||||
out+=j;
|
||||
|
||||
@ -150,7 +150,7 @@ sub cbc
|
||||
&set_label("PIC_point");
|
||||
&blindpop("edx");
|
||||
&lea("ecx",&DWP(&label("cbc_enc_jmp_table")."-".&label("PIC_point"),"edx"));
|
||||
&mov($count,&DWP(0,"ecx",$count,4))
|
||||
&mov($count,&DWP(0,"ecx",$count,4));
|
||||
&add($count,"edx");
|
||||
&xor("ecx","ecx");
|
||||
&xor("edx","edx");
|
||||
|
||||
@ -33,6 +33,7 @@ sub ::generic
|
||||
sub ::call { &::emit("call",(&::islabel($_[0]) or "$nmdecor$_[0]")); }
|
||||
sub ::call_ptr { &::emit("call",@_); }
|
||||
sub ::jmp_ptr { &::emit("jmp",@_); }
|
||||
sub ::lock { &::data_byte(0xf0); }
|
||||
|
||||
sub get_mem
|
||||
{ my($size,$addr,$reg1,$reg2,$idx)=@_;
|
||||
|
||||
@ -176,24 +176,32 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
|
||||
out += u;
|
||||
for (j = 0; j < v; j++) B[j] = Ai[j % u];
|
||||
/* Work out B + 1 first then can use B as tmp space */
|
||||
if (!BN_bin2bn (B, v, Bpl1)) goto err;
|
||||
if (!BN_add_word (Bpl1, 1)) goto err;
|
||||
if (!BN_bin2bn (B, v, Bpl1))
|
||||
goto err;
|
||||
if (!BN_add_word (Bpl1, 1))
|
||||
goto err;
|
||||
for (j = 0; j < Ilen ; j+=v) {
|
||||
if (!BN_bin2bn (I + j, v, Ij)) goto err;
|
||||
if (!BN_add (Ij, Ij, Bpl1)) goto err;
|
||||
BN_bn2bin (Ij, B);
|
||||
if (!BN_bin2bn(I + j, v, Ij))
|
||||
goto err;
|
||||
if (!BN_add(Ij, Ij, Bpl1))
|
||||
goto err;
|
||||
if (!BN_bn2bin(Ij, B))
|
||||
goto err;
|
||||
Ijlen = BN_num_bytes (Ij);
|
||||
/* If more than 2^(v*8) - 1 cut off MSB */
|
||||
if (Ijlen > v) {
|
||||
BN_bn2bin (Ij, B);
|
||||
if (!BN_bn2bin (Ij, B))
|
||||
goto err;
|
||||
memcpy (I + j, B + 1, v);
|
||||
#ifndef PKCS12_BROKEN_KEYGEN
|
||||
/* If less than v bytes pad with zeroes */
|
||||
} else if (Ijlen < v) {
|
||||
memset(I + j, 0, v - Ijlen);
|
||||
BN_bn2bin(Ij, I + j + v - Ijlen);
|
||||
if (!BN_bn2bin(Ij, I + j + v - Ijlen))
|
||||
goto err;
|
||||
#endif
|
||||
} else BN_bn2bin (Ij, I + j);
|
||||
} else if (!BN_bn2bin (Ij, I + j))
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -56,7 +56,7 @@
|
||||
#include <openssl/pkcs7.h>
|
||||
#include <openssl/bio.h>
|
||||
|
||||
#ifndef OPENSSL_SYSNAME_NETWARE
|
||||
#if !defined(OPENSSL_SYSNAME_NETWARE) && !defined(OPENSSL_SYSNAME_VXWORKS)
|
||||
#include <memory.h>
|
||||
#endif
|
||||
#include <stdio.h>
|
||||
|
||||
@ -123,10 +123,10 @@
|
||||
|
||||
#include "e_os.h"
|
||||
|
||||
#include <openssl/crypto.h>
|
||||
#include <openssl/rand.h>
|
||||
#include "rand_lcl.h"
|
||||
|
||||
#include <openssl/crypto.h>
|
||||
#include <openssl/err.h>
|
||||
|
||||
#ifdef BN_DEBUG
|
||||
|
||||
@ -235,14 +235,12 @@ static size_t drbg_get_adin(DRBG_CTX *ctx, unsigned char **pout)
|
||||
static int drbg_rand_add(DRBG_CTX *ctx, const void *in, int inlen,
|
||||
double entropy)
|
||||
{
|
||||
RAND_SSLeay()->add(in, inlen, entropy);
|
||||
return 1;
|
||||
return RAND_SSLeay()->add(in, inlen, entropy);
|
||||
}
|
||||
|
||||
static int drbg_rand_seed(DRBG_CTX *ctx, const void *in, int inlen)
|
||||
{
|
||||
RAND_SSLeay()->seed(in, inlen);
|
||||
return 1;
|
||||
return RAND_SSLeay()->seed(in, inlen);
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_DRBG_DEFAULT_TYPE
|
||||
|
||||
@ -57,7 +57,9 @@
|
||||
*/
|
||||
|
||||
/* We need to define this to get macros like S_IFBLK and S_IFCHR */
|
||||
#if !defined(OPENSSL_SYS_VXWORKS)
|
||||
#define _XOPEN_SOURCE 500
|
||||
#endif
|
||||
|
||||
#include <errno.h>
|
||||
#include <stdio.h>
|
||||
|
||||
@ -56,7 +56,6 @@
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
|
||||
#include <openssl/crypto.h>
|
||||
#include <openssl/rc2.h>
|
||||
#include "rc2_locl.h"
|
||||
|
||||
|
||||
@ -280,7 +280,7 @@ struct rsa_st
|
||||
|
||||
RSA * RSA_new(void);
|
||||
RSA * RSA_new_method(ENGINE *engine);
|
||||
int RSA_size(const RSA *);
|
||||
int RSA_size(const RSA *rsa);
|
||||
|
||||
/* Deprecated version */
|
||||
#ifndef OPENSSL_NO_DEPRECATED
|
||||
|
||||
@ -847,12 +847,12 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
|
||||
if (!BN_mod(r0,pr1,rsa->p,ctx)) goto err;
|
||||
|
||||
/* If p < q it is occasionally possible for the correction of
|
||||
* adding 'p' if r0 is negative above to leave the result still
|
||||
* adding 'p' if r0 is negative above to leave the result still
|
||||
* negative. This can break the private key operations: the following
|
||||
* second correction should *always* correct this rare occurrence.
|
||||
* This will *never* happen with OpenSSL generated keys because
|
||||
* they ensure p > q [steve]
|
||||
*/
|
||||
* they ensure p > q [steve]
|
||||
*/
|
||||
if (BN_is_negative(r0))
|
||||
if (!BN_add(r0,r0,rsa->p)) goto err;
|
||||
if (!BN_mul(r1,r0,rsa->q,ctx)) goto err;
|
||||
|
||||
@ -32,7 +32,6 @@
|
||||
#include <memory.h>
|
||||
#endif
|
||||
|
||||
#include <openssl/crypto.h>
|
||||
#include <openssl/seed.h>
|
||||
#include "seed_locl.h"
|
||||
|
||||
|
||||
@ -271,7 +271,8 @@ tmp6=loc13;
|
||||
|
||||
___
|
||||
|
||||
{ my $i,@V=($A,$B,$C,$D,$E);
|
||||
{ my $i;
|
||||
my @V=($A,$B,$C,$D,$E);
|
||||
|
||||
for($i=0;$i<16;$i++) { &BODY_00_15(\$code,$i,@V); unshift(@V,pop(@V)); }
|
||||
for(;$i<20;$i++) { &BODY_16_19(\$code,$i,@V); unshift(@V,pop(@V)); }
|
||||
|
||||
@ -549,7 +549,7 @@ ___
|
||||
# programmer detect if current CPU is VIS capable at run-time.
|
||||
sub unvis {
|
||||
my ($mnemonic,$rs1,$rs2,$rd)=@_;
|
||||
my $ref,$opf;
|
||||
my ($ref,$opf);
|
||||
my %visopf = ( "fmul8ulx16" => 0x037,
|
||||
"faligndata" => 0x048,
|
||||
"fpadd32" => 0x052,
|
||||
|
||||
@ -142,9 +142,9 @@ sub BODY_00_15_x86 {
|
||||
&mov ("edx",$Ehi);
|
||||
&mov ("esi","ecx");
|
||||
|
||||
&shr ("ecx",9) # lo>>9
|
||||
&shr ("ecx",9); # lo>>9
|
||||
&mov ("edi","edx");
|
||||
&shr ("edx",9) # hi>>9
|
||||
&shr ("edx",9); # hi>>9
|
||||
&mov ("ebx","ecx");
|
||||
&shl ("esi",14); # lo<<14
|
||||
&mov ("eax","edx");
|
||||
@ -207,9 +207,9 @@ sub BODY_00_15_x86 {
|
||||
&mov ($Dhi,"ebx");
|
||||
&mov ("esi","ecx");
|
||||
|
||||
&shr ("ecx",2) # lo>>2
|
||||
&shr ("ecx",2); # lo>>2
|
||||
&mov ("edi","edx");
|
||||
&shr ("edx",2) # hi>>2
|
||||
&shr ("edx",2); # hi>>2
|
||||
&mov ("ebx","ecx");
|
||||
&shl ("esi",4); # lo<<4
|
||||
&mov ("eax","edx");
|
||||
@ -452,9 +452,9 @@ if ($sse2) {
|
||||
&mov ("edx",&DWP(8*(9+15+16-1)+4,"esp"));
|
||||
&mov ("esi","ecx");
|
||||
|
||||
&shr ("ecx",1) # lo>>1
|
||||
&shr ("ecx",1); # lo>>1
|
||||
&mov ("edi","edx");
|
||||
&shr ("edx",1) # hi>>1
|
||||
&shr ("edx",1); # hi>>1
|
||||
&mov ("eax","ecx");
|
||||
&shl ("esi",24); # lo<<24
|
||||
&mov ("ebx","edx");
|
||||
@ -488,9 +488,9 @@ if ($sse2) {
|
||||
&mov ("edx",&DWP(8*(9+15+16-14)+4,"esp"));
|
||||
&mov ("esi","ecx");
|
||||
|
||||
&shr ("ecx",6) # lo>>6
|
||||
&shr ("ecx",6); # lo>>6
|
||||
&mov ("edi","edx");
|
||||
&shr ("edx",6) # hi>>6
|
||||
&shr ("edx",6); # hi>>6
|
||||
&mov ("eax","ecx");
|
||||
&shl ("esi",3); # lo<<3
|
||||
&mov ("ebx","edx");
|
||||
|
||||
@ -58,8 +58,8 @@
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <openssl/sha.h>
|
||||
#include <openssl/crypto.h>
|
||||
#include <openssl/sha.h>
|
||||
|
||||
#ifndef OPENSSL_NO_SHA1
|
||||
unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md)
|
||||
|
||||
@ -56,8 +56,8 @@
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
|
||||
#include <openssl/opensslconf.h>
|
||||
#include <openssl/crypto.h>
|
||||
#include <openssl/opensslconf.h>
|
||||
#if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_NO_SHA)
|
||||
|
||||
#undef SHA_0
|
||||
|
||||
@ -56,8 +56,8 @@
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
|
||||
#include <openssl/opensslconf.h>
|
||||
#include <openssl/crypto.h>
|
||||
#include <openssl/opensslconf.h>
|
||||
#if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA)
|
||||
|
||||
#undef SHA_1
|
||||
|
||||
@ -390,7 +390,7 @@ int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file)
|
||||
}
|
||||
for (i = 0; i < sk_OPENSSL_PSTRING_num(tmpdb->data); i++)
|
||||
{
|
||||
pp = (char **)sk_OPENSSL_PSTRING_value(tmpdb->data,i);
|
||||
pp = sk_OPENSSL_PSTRING_value(tmpdb->data,i);
|
||||
if (pp[DB_srptype][0] == DB_SRP_INDEX)
|
||||
{
|
||||
/*we add this couple in the internal Stack */
|
||||
@ -581,7 +581,8 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt,
|
||||
if (*salt == NULL)
|
||||
{
|
||||
char *tmp_salt;
|
||||
if ((tmp_salt = (char *)OPENSSL_malloc(SRP_RANDOM_SALT_LEN * 2)) == NULL)
|
||||
|
||||
if ((tmp_salt = OPENSSL_malloc(SRP_RANDOM_SALT_LEN * 2)) == NULL)
|
||||
{
|
||||
OPENSSL_free(vf);
|
||||
goto err;
|
||||
|
||||
@ -122,9 +122,15 @@
|
||||
* sigaction and fileno included. -pedantic would be more appropriate for
|
||||
* the intended purposes, but we can't prevent users from adding -ansi.
|
||||
*/
|
||||
#if defined(OPENSSL_SYSNAME_VXWORKS)
|
||||
#include <sys/types.h>
|
||||
#endif
|
||||
|
||||
#if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS)
|
||||
#ifndef _POSIX_C_SOURCE
|
||||
#define _POSIX_C_SOURCE 2
|
||||
#endif
|
||||
#endif
|
||||
#include <signal.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
|
||||
@ -119,7 +119,7 @@ $tbl="ebp";
|
||||
&mov ("eax",&DWP(0,"esp"));
|
||||
&mov ("ebx",&DWP(4,"esp"));
|
||||
for($i=0;$i<8;$i++) {
|
||||
my $func = ($i==0)? movq : pxor;
|
||||
my $func = ($i==0)? \&movq : \&pxor;
|
||||
&movb (&LB("ecx"),&LB("eax"));
|
||||
&movb (&LB("edx"),&HB("eax"));
|
||||
&scale ("esi","ecx");
|
||||
|
||||
@ -86,10 +86,9 @@ unsigned long X509_issuer_and_serial_hash(X509 *a)
|
||||
|
||||
EVP_MD_CTX_init(&ctx);
|
||||
f=X509_NAME_oneline(a->cert_info->issuer,NULL,0);
|
||||
ret=strlen(f);
|
||||
if (!EVP_DigestInit_ex(&ctx, EVP_md5(), NULL))
|
||||
goto err;
|
||||
if (!EVP_DigestUpdate(&ctx,(unsigned char *)f,ret))
|
||||
if (!EVP_DigestUpdate(&ctx,(unsigned char *)f,strlen(f)))
|
||||
goto err;
|
||||
OPENSSL_free(f);
|
||||
if(!EVP_DigestUpdate(&ctx,(unsigned char *)a->cert_info->serialNumber->data,
|
||||
@ -249,14 +248,14 @@ unsigned long X509_NAME_hash_old(X509_NAME *x)
|
||||
i2d_X509_NAME(x,NULL);
|
||||
EVP_MD_CTX_init(&md_ctx);
|
||||
EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
|
||||
EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL);
|
||||
EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length);
|
||||
EVP_DigestFinal_ex(&md_ctx,md,NULL);
|
||||
if (EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL)
|
||||
&& EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length)
|
||||
&& EVP_DigestFinal_ex(&md_ctx,md,NULL))
|
||||
ret=(((unsigned long)md[0] )|((unsigned long)md[1]<<8L)|
|
||||
((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
|
||||
)&0xffffffffL;
|
||||
EVP_MD_CTX_cleanup(&md_ctx);
|
||||
|
||||
ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)|
|
||||
((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
|
||||
)&0xffffffffL;
|
||||
return(ret);
|
||||
}
|
||||
#endif
|
||||
|
||||
@ -165,7 +165,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
|
||||
&jnz (&label("nohalt")); # not enough privileges
|
||||
|
||||
&pushf ();
|
||||
&pop ("eax")
|
||||
&pop ("eax");
|
||||
&bt ("eax",9);
|
||||
&jnc (&label("nohalt")); # interrupts are disabled
|
||||
|
||||
@ -280,7 +280,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
|
||||
# arguments is 1 or 2!
|
||||
&function_begin_B("OPENSSL_indirect_call");
|
||||
{
|
||||
my $i,$max=7; # $max has to be chosen as 4*n-1
|
||||
my ($max,$i)=(7,); # $max has to be chosen as 4*n-1
|
||||
# in order to preserve eventual
|
||||
# stack alignment
|
||||
&push ("ebp");
|
||||
|
||||
@ -57,8 +57,8 @@
|
||||
*
|
||||
*/
|
||||
|
||||
#ifndef HEADER_DTLS1_H
|
||||
#define HEADER_DTLS1_H
|
||||
#ifndef HEADER_DTLS1_H
|
||||
#define HEADER_DTLS1_H
|
||||
|
||||
#include <openssl/buffer.h>
|
||||
#include <openssl/pqueue.h>
|
||||
@ -72,8 +72,12 @@
|
||||
#elif defined(OPENSSL_SYS_NETWARE) && !defined(_WINSOCK2API_)
|
||||
#include <sys/timeval.h>
|
||||
#else
|
||||
#if defined(OPENSSL_SYS_VXWORKS)
|
||||
#include <sys/times.h>
|
||||
#else
|
||||
#include <sys/time.h>
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
|
||||
@ -1059,10 +1059,12 @@ static int request_certificate(SSL *s)
|
||||
EVP_PKEY *pkey=NULL;
|
||||
|
||||
EVP_MD_CTX_init(&ctx);
|
||||
EVP_VerifyInit_ex(&ctx,s->ctx->rsa_md5, NULL);
|
||||
EVP_VerifyUpdate(&ctx,s->s2->key_material,
|
||||
s->s2->key_material_length);
|
||||
EVP_VerifyUpdate(&ctx,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
|
||||
if (!EVP_VerifyInit_ex(&ctx,s->ctx->rsa_md5, NULL)
|
||||
|| !EVP_VerifyUpdate(&ctx,s->s2->key_material,
|
||||
s->s2->key_material_length)
|
||||
|| !EVP_VerifyUpdate(&ctx,ccd,
|
||||
SSL2_MIN_CERT_CHALLENGE_LENGTH))
|
||||
goto msg_end;
|
||||
|
||||
i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,NULL);
|
||||
buf2=OPENSSL_malloc((unsigned int)i);
|
||||
@ -1073,7 +1075,11 @@ static int request_certificate(SSL *s)
|
||||
}
|
||||
p2=buf2;
|
||||
i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,&p2);
|
||||
EVP_VerifyUpdate(&ctx,buf2,(unsigned int)i);
|
||||
if (!EVP_VerifyUpdate(&ctx,buf2,(unsigned int)i))
|
||||
{
|
||||
OPENSSL_free(buf2);
|
||||
goto msg_end;
|
||||
}
|
||||
OPENSSL_free(buf2);
|
||||
|
||||
pkey=X509_get_pubkey(x509);
|
||||
|
||||
@ -204,7 +204,8 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
|
||||
|
||||
#ifndef OPENSSL_NO_NEXTPROTONEG
|
||||
/* ssl3_take_mac calculates the Finished MAC for the handshakes messages seen to far. */
|
||||
static void ssl3_take_mac(SSL *s) {
|
||||
static void ssl3_take_mac(SSL *s)
|
||||
{
|
||||
const char *sender;
|
||||
int slen;
|
||||
|
||||
@ -221,7 +222,7 @@ static void ssl3_take_mac(SSL *s) {
|
||||
|
||||
s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
|
||||
sender,slen,s->s3->tmp.peer_finish_md);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
int ssl3_get_finished(SSL *s, int a, int b)
|
||||
@ -231,8 +232,9 @@ int ssl3_get_finished(SSL *s, int a, int b)
|
||||
unsigned char *p;
|
||||
|
||||
#ifdef OPENSSL_NO_NEXTPROTONEG
|
||||
/* the mac has already been generated when we received the change
|
||||
* cipher spec message and is in s->s3->tmp.peer_finish_md. */
|
||||
/* the mac has already been generated when we received the
|
||||
* change cipher spec message and is in s->s3->tmp.peer_finish_md.
|
||||
*/
|
||||
#endif
|
||||
|
||||
n=s->method->ssl_get_message(s,
|
||||
@ -537,12 +539,14 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
|
||||
s->init_num += i;
|
||||
n -= i;
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_NEXTPROTONEG
|
||||
/* If receiving Finished, record MAC of prior handshake messages for
|
||||
* Finished verification. */
|
||||
if (*s->init_buf->data == SSL3_MT_FINISHED)
|
||||
ssl3_take_mac(s);
|
||||
#endif
|
||||
|
||||
/* Feed this message into MAC computation. */
|
||||
ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4);
|
||||
if (s->msg_callback)
|
||||
|
||||
@ -459,7 +459,6 @@ int ssl3_connect(SSL *s)
|
||||
SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);
|
||||
if (ret <= 0) goto end;
|
||||
|
||||
|
||||
#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
|
||||
s->state=SSL3_ST_CW_FINISHED_A;
|
||||
#else
|
||||
|
||||
@ -1239,7 +1239,7 @@ start:
|
||||
goto f_err;
|
||||
}
|
||||
#ifdef SSL_AD_MISSING_SRP_USERNAME
|
||||
if (alert_descr == SSL_AD_MISSING_SRP_USERNAME)
|
||||
else if (alert_descr == SSL_AD_MISSING_SRP_USERNAME)
|
||||
return(0);
|
||||
#endif
|
||||
}
|
||||
|
||||
@ -191,7 +191,8 @@ static int ssl_check_srp_ext_ClientHello(SSL *s, int *al)
|
||||
{
|
||||
if(s->srp_ctx.login == NULL)
|
||||
{
|
||||
/* There isn't any srp login extension !!! */
|
||||
/* RFC 5054 says SHOULD reject,
|
||||
we do so if There is no srp login name */
|
||||
ret = SSL3_AL_FATAL;
|
||||
*al = SSL_AD_UNKNOWN_PSK_IDENTITY;
|
||||
}
|
||||
@ -378,6 +379,7 @@ int ssl3_accept(SSL *s)
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
s->renegotiate = 2;
|
||||
s->state=SSL3_ST_SW_SRVR_HELLO_A;
|
||||
s->init_num=0;
|
||||
|
||||
@ -493,6 +493,9 @@ struct ssl_session_st
|
||||
char *psk_identity_hint;
|
||||
char *psk_identity;
|
||||
#endif
|
||||
/* Used to indicate that session resumption is not allowed.
|
||||
* Applications can also set this bit for a new session via
|
||||
* not_resumable_session_cb to disable session caching and tickets. */
|
||||
int not_resumable;
|
||||
|
||||
/* The cert is the certificate used to establish this connection */
|
||||
@ -535,7 +538,7 @@ struct ssl_session_st
|
||||
#endif /* OPENSSL_NO_EC */
|
||||
/* RFC4507 info */
|
||||
unsigned char *tlsext_tick; /* Session ticket */
|
||||
size_t tlsext_ticklen; /* Session ticket length */
|
||||
size_t tlsext_ticklen; /* Session ticket length */
|
||||
long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_SRP
|
||||
@ -927,6 +930,7 @@ struct ssl_ctx_st
|
||||
/* Callback for status request */
|
||||
int (*tlsext_status_cb)(SSL *ssl, void *arg);
|
||||
void *tlsext_status_arg;
|
||||
|
||||
/* draft-rescorla-tls-opaque-prf-input-00.txt information */
|
||||
int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput, size_t len, void *arg);
|
||||
void *tlsext_opaque_prf_input_callback_arg;
|
||||
@ -952,6 +956,7 @@ struct ssl_ctx_st
|
||||
#endif
|
||||
|
||||
#ifndef OPENSSL_NO_TLSEXT
|
||||
|
||||
# ifndef OPENSSL_NO_NEXTPROTONEG
|
||||
/* Next protocol negotiation information */
|
||||
/* (for experimental NPN extension). */
|
||||
|
||||
@ -578,8 +578,10 @@ typedef struct ssl3_state_st
|
||||
#define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT)
|
||||
#define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT)
|
||||
#define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT)
|
||||
#ifndef OPENSSL_NO_NEXTPROTONEG
|
||||
#define SSL3_ST_CW_NEXT_PROTO_A (0x200|SSL_ST_CONNECT)
|
||||
#define SSL3_ST_CW_NEXT_PROTO_B (0x201|SSL_ST_CONNECT)
|
||||
#endif
|
||||
#define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT)
|
||||
#define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT)
|
||||
/* read from server */
|
||||
@ -629,8 +631,10 @@ typedef struct ssl3_state_st
|
||||
#define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT)
|
||||
#define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT)
|
||||
#define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT)
|
||||
#ifndef OPENSSL_NO_NEXTPROTONEG
|
||||
#define SSL3_ST_SR_NEXT_PROTO_A (0x210|SSL_ST_ACCEPT)
|
||||
#define SSL3_ST_SR_NEXT_PROTO_B (0x211|SSL_ST_ACCEPT)
|
||||
#endif
|
||||
#define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT)
|
||||
#define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT)
|
||||
/* write to client */
|
||||
@ -655,7 +659,9 @@ typedef struct ssl3_state_st
|
||||
#define SSL3_MT_CLIENT_KEY_EXCHANGE 16
|
||||
#define SSL3_MT_FINISHED 20
|
||||
#define SSL3_MT_CERTIFICATE_STATUS 22
|
||||
#ifndef OPENSSL_NO_NEXTPROTONEG
|
||||
#define SSL3_MT_NEXT_PROTO 67
|
||||
#endif
|
||||
#define DTLS1_MT_HELLO_VERIFY_REQUEST 3
|
||||
|
||||
|
||||
|
||||
@ -2608,7 +2608,7 @@ const char *SSL_get_version(const SSL *s)
|
||||
return("TLSv1.2");
|
||||
else if (s->version == TLS1_1_VERSION)
|
||||
return("TLSv1.1");
|
||||
if (s->version == TLS1_VERSION)
|
||||
else if (s->version == TLS1_VERSION)
|
||||
return("TLSv1");
|
||||
else if (s->version == SSL3_VERSION)
|
||||
return("SSLv3");
|
||||
|
||||
@ -710,7 +710,7 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
|
||||
|
||||
ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */
|
||||
|
||||
in=BIO_new(BIO_s_file_internal());
|
||||
in = BIO_new(BIO_s_file_internal());
|
||||
if (in == NULL)
|
||||
{
|
||||
SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_BUF_LIB);
|
||||
@ -723,14 +723,16 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
|
||||
goto end;
|
||||
}
|
||||
|
||||
x=PEM_read_bio_X509_AUX(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
|
||||
x=PEM_read_bio_X509_AUX(in,NULL,ctx->default_passwd_callback,
|
||||
ctx->default_passwd_callback_userdata);
|
||||
if (x == NULL)
|
||||
{
|
||||
SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_PEM_LIB);
|
||||
goto end;
|
||||
}
|
||||
|
||||
ret=SSL_CTX_use_certificate(ctx,x);
|
||||
ret = SSL_CTX_use_certificate(ctx, x);
|
||||
|
||||
if (ERR_peek_error() != 0)
|
||||
ret = 0; /* Key/certificate mismatch doesn't imply ret==0 ... */
|
||||
if (ret)
|
||||
@ -742,13 +744,15 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
|
||||
int r;
|
||||
unsigned long err;
|
||||
|
||||
if (ctx->extra_certs != NULL)
|
||||
if (ctx->extra_certs != NULL)
|
||||
{
|
||||
sk_X509_pop_free(ctx->extra_certs, X509_free);
|
||||
ctx->extra_certs = NULL;
|
||||
}
|
||||
|
||||
while ((ca = PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata))
|
||||
while ((ca = PEM_read_bio_X509(in, NULL,
|
||||
ctx->default_passwd_callback,
|
||||
ctx->default_passwd_callback_userdata))
|
||||
!= NULL)
|
||||
{
|
||||
r = SSL_CTX_add_extra_chain_cert(ctx, ca);
|
||||
|
||||
@ -543,8 +543,8 @@ int main(int argc, char *argv[])
|
||||
int comp = 0;
|
||||
#ifndef OPENSSL_NO_COMP
|
||||
COMP_METHOD *cm = NULL;
|
||||
#endif
|
||||
STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
|
||||
#endif
|
||||
int test_cipherlist = 0;
|
||||
#ifdef OPENSSL_FIPS
|
||||
int fips_mode=0;
|
||||
|
||||
@ -242,7 +242,8 @@ int SSL_srp_server_param_with_username(SSL *s, int *ad)
|
||||
(s->srp_ctx.v == NULL))
|
||||
return SSL3_AL_FATAL;
|
||||
|
||||
RAND_bytes(b, sizeof(b));
|
||||
if (RAND_bytes(b, sizeof(b)) <= 0)
|
||||
return SSL3_AL_FATAL;
|
||||
s->srp_ctx.b = BN_bin2bn(b,sizeof(b),NULL);
|
||||
OPENSSL_cleanse(b,sizeof(b));
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user