generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add SHA2 algorithms to SSL_library_init(). Although these aren't used

Browse Source 
directly by SSL/TLS SHA2 certificates are becoming more common and
applications that only call SSL_library_init() and not
OpenSSL_add_all_alrgorithms() will fail when verifying certificates.

Update docs.
This commit is contained in:
Dr. Stephen Henson
2010-04-07 13:19:48 +00:00
parent 9eeb779e8f
commit bc06baca76
3 changed files with 22 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
CHANGES
View File

@@ -4,6 +4,11 @@
Changes between 0.9.8n and 0.9.8o [xx XXX xxxx] Changes between 0.9.8n and 0.9.8o [xx XXX xxxx]
*) Add SHA2 algorithms to SSL_library_init(). SHA2 is becoming far more
common in certificates and some applications which only call
SSL_library_init and not OpenSSL_add_all_algorithms() will fail.
[Steve Henson]
*) VMS fixes: *) VMS fixes:
Reduce copying into .apps and .test in makevms.com Reduce copying into .apps and .test in makevms.com
Don't try to use blank CA certificate in CA.com Don't try to use blank CA certificate in CA.com

15
doc/ssl/SSL_library_init.pod
View File

@@ -26,25 +26,28 @@ SSL_library_init() must be called before any other action takes place.
=head1 WARNING =head1 WARNING
SSL_library_init() mainly adds ciphers and digests used directly by SSL/TLS. SSL_library_init() adds ciphers and digests used directly and indirectly by
In some cases this is not sufficient and errors about unknown algorithms SSL/TLS.
will occur: for example when an attempt is made to use a certificate using
SHA256. This can be resolved by also calling OpenSSL_add_all_algorithms().
=head1 EXAMPLES =head1 EXAMPLES
A typical TLS/SSL application will start with the library initialization, A typical TLS/SSL application will start with the library initialization,
will provide readable error messages and will seed the PRNG. and provide readable error messages.
SSL_load_error_strings(); /* readable error messages */ SSL_load_error_strings(); /* readable error messages */
SSL_library_init(); /* initialize library */ SSL_library_init(); /* initialize library */
actions_to_seed_PRNG();
=head1 RETURN VALUES =head1 RETURN VALUES
SSL_library_init() always returns "1", so it is safe to discard the return SSL_library_init() always returns "1", so it is safe to discard the return
value. value.
=head1 NOTES
OpenSSL 0.9.8o and 1.0.0a and later added SHA2 algorithms to SSL_library_init().
Applications which need to use SHA2 in earlier versions of OpenSSL should call
OpenSSL_add_all_algorithms() as well.
=head1 SEE ALSO =head1 SEE ALSO
L<ssl(3)|ssl(3)>, L<SSL_load_error_strings(3)|SSL_load_error_strings(3)>, L<ssl(3)|ssl(3)>, L<SSL_load_error_strings(3)|SSL_load_error_strings(3)>,

8
ssl/ssl_algs.c
View File

@@ -102,6 +102,14 @@ int SSL_library_init(void)
EVP_add_digest_alias(SN_sha1,"ssl3-sha1"); EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA); EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
#endif #endif
#ifndef OPENSSL_NO_SHA256
EVP_add_digest(EVP_sha224());
EVP_add_digest(EVP_sha256());
#endif
#ifndef OPENSSL_NO_SHA512
EVP_add_digest(EVP_sha384());
EVP_add_digest(EVP_sha512());
#endif
#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA) #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA)
EVP_add_digest(EVP_dss1()); /* DSA with sha1 */ EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2); EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);