generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add SHA2 algorithms to SSL_library_init(). Although these aren't used

Browse Source 
directly by SSL/TLS SHA2 certificates are becoming more common and
applications that only call SSL_library_init() and not
OpenSSL_add_all_alrgorithms() will fail when verifying certificates.

Update docs.
This commit is contained in:
Dr. Stephen Henson 2010-04-07 13:18:07 +00:00
parent d4a45bf31a
commit c0b8eb606f
3 changed files with 24 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
CHANGES
View File

@ -940,6 +940,13 @@
*) Change 'Configure' script to enable Camellia by default. *) Change 'Configure' script to enable Camellia by default.
[NTT] [NTT]
Changes between 0.9.8n and 0.9.8o [xx XXX xxxx]
*) Add SHA2 algorithms to SSL_library_init(). SHA2 is becoming far more
common in certificates and some applications which only call
SSL_library_init and not OpenSSL_add_all_algorithms() will fail.
[Steve Henson]
Changes between 0.9.8m and 0.9.8n [24 Mar 2010] Changes between 0.9.8m and 0.9.8n [24 Mar 2010]
*) When rejecting SSL/TLS records due to an incorrect version number, never *) When rejecting SSL/TLS records due to an incorrect version number, never

15
doc/ssl/SSL_library_init.pod
View File

@ -27,25 +27,28 @@ SSL_library_init() is not reentrant.
=head1 WARNING =head1 WARNING
SSL_library_init() mainly adds ciphers and digests used directly by SSL/TLS. SSL_library_init() adds ciphers and digests used directly and indirectly by
In some cases this is not sufficient and errors about unknown algorithms SSL/TLS.
will occur: for example when an attempt is made to use a certificate using
SHA256. This can be resolved by also calling OpenSSL_add_all_algorithms().
=head1 EXAMPLES =head1 EXAMPLES
A typical TLS/SSL application will start with the library initialization, A typical TLS/SSL application will start with the library initialization,
will provide readable error messages and will seed the PRNG. and provide readable error messages.
SSL_load_error_strings(); /* readable error messages */ SSL_load_error_strings(); /* readable error messages */
SSL_library_init(); /* initialize library */ SSL_library_init(); /* initialize library */
actions_to_seed_PRNG();
=head1 RETURN VALUES =head1 RETURN VALUES
SSL_library_init() always returns "1", so it is safe to discard the return SSL_library_init() always returns "1", so it is safe to discard the return
value. value.
=head1 NOTES
OpenSSL 0.9.8o and 1.0.0a and later added SHA2 algorithms to SSL_library_init().
Applications which need to use SHA2 in earlier versions of OpenSSL should call
OpenSSL_add_all_algorithms() as well.
=head1 SEE ALSO =head1 SEE ALSO
L<ssl(3)|ssl(3)>, L<SSL_load_error_strings(3)|SSL_load_error_strings(3)>, L<ssl(3)|ssl(3)>, L<SSL_load_error_strings(3)|SSL_load_error_strings(3)>,

8
ssl/ssl_algs.c
View File

@ -105,6 +105,14 @@ int SSL_library_init(void)
EVP_add_digest_alias(SN_sha1,"ssl3-sha1"); EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA); EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
#endif #endif
#ifndef OPENSSL_NO_SHA256
EVP_add_digest(EVP_sha224());
EVP_add_digest(EVP_sha256());
#endif
#ifndef OPENSSL_NO_SHA512
EVP_add_digest(EVP_sha384());
EVP_add_digest(EVP_sha512());
#endif
#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA) #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA)
EVP_add_digest(EVP_dss1()); /* DSA with sha1 */ EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2); EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);