Changes from 1.0.0-stable.
This commit is contained in:
Dr. Stephen Henson
parent
14b3f1007e
commit
cc7399e79c
3
CHANGES
3
CHANGES
@ -772,6 +772,9 @@
|
|||||||
|
|
||||||
Changes between 0.9.8k and 0.9.8l [xx XXX xxxx]
|
Changes between 0.9.8k and 0.9.8l [xx XXX xxxx]
|
||||||
|
|
||||||
|
*) Handle non-blocking I/O properly in SSL_shutdown() call.
|
||||||
|
[Darryl Miles <darryl-mailinglists@netbauds.net>]
|
||||||
|
|
||||||
*) Add 2.5.4.* OIDs
|
*) Add 2.5.4.* OIDs
|
||||||
[Ilya O. <vrghost@gmail.com>]
|
[Ilya O. <vrghost@gmail.com>]
|
||||||
|
|
||||||
|
|||||||
@ -1218,7 +1218,14 @@ if ($zlib)
|
|||||||
$cflags = "-DZLIB $cflags";
|
$cflags = "-DZLIB $cflags";
|
||||||
if (defined($disabled{"zlib-dynamic"}))
|
if (defined($disabled{"zlib-dynamic"}))
|
||||||
{
|
{
|
||||||
$lflags = "$lflags -lz";
|
if (defined($withargs{"zlib-lib"}))
|
||||||
|
{
|
||||||
|
$lflags = "$lflags -L" . $withargs{"zlib-lib"} . " -lz";
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
$lflags = "$lflags -lz";
|
||||||
|
}
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
|||||||
@ -188,6 +188,7 @@ BUILDENV= PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)' \
|
|||||||
MAKEDEPPROG='$(MAKEDEPPROG)' \
|
MAKEDEPPROG='$(MAKEDEPPROG)' \
|
||||||
SHARED_LDFLAGS='$(SHARED_LDFLAGS)' \
|
SHARED_LDFLAGS='$(SHARED_LDFLAGS)' \
|
||||||
KRB5_INCLUDES='$(KRB5_INCLUDES)' LIBKRB5='$(LIBKRB5)' \
|
KRB5_INCLUDES='$(KRB5_INCLUDES)' LIBKRB5='$(LIBKRB5)' \
|
||||||
|
ZLIB_INCLUDE='$(ZLIB_INCLUDE)' LIBZLIB='$(LIBZLIB)' \
|
||||||
EXE_EXT='$(EXE_EXT)' SHARED_LIBS='$(SHARED_LIBS)' \
|
EXE_EXT='$(EXE_EXT)' SHARED_LIBS='$(SHARED_LIBS)' \
|
||||||
SHLIB_EXT='$(SHLIB_EXT)' SHLIB_TARGET='$(SHLIB_TARGET)' \
|
SHLIB_EXT='$(SHLIB_EXT)' SHLIB_TARGET='$(SHLIB_TARGET)' \
|
||||||
PEX_LIBS='$(PEX_LIBS)' EX_LIBS='$(EX_LIBS)' \
|
PEX_LIBS='$(PEX_LIBS)' EX_LIBS='$(EX_LIBS)' \
|
||||||
|
|||||||
@ -5,9 +5,9 @@
|
|||||||
DIR= crypto
|
DIR= crypto
|
||||||
TOP= ..
|
TOP= ..
|
||||||
CC= cc
|
CC= cc
|
||||||
INCLUDE= -I. -I$(TOP) -I../include
|
INCLUDE= -I. -I$(TOP) -I../include $(ZLIB_INCLUDE)
|
||||||
# INCLUDES targets sudbirs!
|
# INCLUDES targets sudbirs!
|
||||||
INCLUDES= -I.. -I../.. -I../asn1 -I../evp -I../../include
|
INCLUDES= -I.. -I../.. -I../asn1 -I../evp -I../../include $(ZLIB_INCLUDE)
|
||||||
CFLAG= -g
|
CFLAG= -g
|
||||||
MAKEDEPPROG= makedepend
|
MAKEDEPPROG= makedepend
|
||||||
MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
|
MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
|
||||||
|
|||||||
@ -54,10 +54,13 @@ my @srt2 = sort
|
|||||||
|
|
||||||
return $ap2 - $bp2;
|
return $ap2 - $bp2;
|
||||||
} @xrkeys;
|
} @xrkeys;
|
||||||
|
|
||||||
|
my $pname = $0;
|
||||||
|
|
||||||
|
$pname =~ s|^.[^/]/||;
|
||||||
|
|
||||||
print <<EOF;
|
print <<EOF;
|
||||||
/* AUTOGENERATED BY $0, DO NOT EDIT */
|
/* AUTOGENERATED BY $pname, DO NOT EDIT */
|
||||||
|
|
||||||
typedef struct
|
typedef struct
|
||||||
{
|
{
|
||||||
|
|||||||
@ -133,7 +133,50 @@
|
|||||||
# define FD_SETSIZE (8*sizeof(fd_set))
|
# define FD_SETSIZE (8*sizeof(fd_set))
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef __OpenBSD__
|
#ifdef __VOS__
|
||||||
|
int RAND_poll(void)
|
||||||
|
{
|
||||||
|
unsigned char buf[ENTROPY_NEEDED];
|
||||||
|
pid_t curr_pid;
|
||||||
|
uid_t curr_uid;
|
||||||
|
static int first=1;
|
||||||
|
int i;
|
||||||
|
long rnd = 0;
|
||||||
|
struct timespec ts;
|
||||||
|
unsigned seed;
|
||||||
|
|
||||||
|
/* The VOS random() function starts from a static seed so its
|
||||||
|
initial value is predictable. If random() returns the
|
||||||
|
initial value, reseed it with dynamic data. The VOS
|
||||||
|
real-time clock has a granularity of 1 nsec so it should be
|
||||||
|
reasonably difficult to predict its exact value. Do not
|
||||||
|
gratuitously reseed the PRNG because other code in this
|
||||||
|
process or thread may be using it. */
|
||||||
|
|
||||||
|
if (first) {
|
||||||
|
first = 0;
|
||||||
|
rnd = random ();
|
||||||
|
if (rnd == 1804289383) {
|
||||||
|
clock_gettime (CLOCK_REALTIME, &ts);
|
||||||
|
curr_pid = getpid();
|
||||||
|
curr_uid = getuid();
|
||||||
|
seed = ts.tv_sec ^ ts.tv_nsec ^ curr_pid ^ curr_uid;
|
||||||
|
srandom (seed);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
for (i = 0; i < sizeof(buf); i++) {
|
||||||
|
if (i % 4 == 0)
|
||||||
|
rnd = random();
|
||||||
|
buf[i] = rnd;
|
||||||
|
rnd >>= 8;
|
||||||
|
}
|
||||||
|
RAND_add(buf, sizeof(buf), ENTROPY_NEEDED);
|
||||||
|
memset(buf, 0, sizeof(buf));
|
||||||
|
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
#elif defined __OpenBSD__
|
||||||
int RAND_poll(void)
|
int RAND_poll(void)
|
||||||
{
|
{
|
||||||
u_int32_t rnd = 0, i;
|
u_int32_t rnd = 0, i;
|
||||||
|
|||||||
@ -11,21 +11,21 @@ d2i_Netscape_RSA - RSA public and private key encoding functions.
|
|||||||
#include <openssl/rsa.h>
|
#include <openssl/rsa.h>
|
||||||
#include <openssl/x509.h>
|
#include <openssl/x509.h>
|
||||||
|
|
||||||
RSA * d2i_RSAPublicKey(RSA **a, unsigned char **pp, long length);
|
RSA * d2i_RSAPublicKey(RSA **a, const unsigned char **pp, long length);
|
||||||
|
|
||||||
int i2d_RSAPublicKey(RSA *a, unsigned char **pp);
|
int i2d_RSAPublicKey(RSA *a, unsigned char **pp);
|
||||||
|
|
||||||
RSA * d2i_RSA_PUBKEY(RSA **a, unsigned char **pp, long length);
|
RSA * d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, long length);
|
||||||
|
|
||||||
int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp);
|
int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp);
|
||||||
|
|
||||||
RSA * d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length);
|
RSA * d2i_RSAPrivateKey(RSA **a, const unsigned char **pp, long length);
|
||||||
|
|
||||||
int i2d_RSAPrivateKey(RSA *a, unsigned char **pp);
|
int i2d_RSAPrivateKey(RSA *a, unsigned char **pp);
|
||||||
|
|
||||||
int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)());
|
int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)());
|
||||||
|
|
||||||
RSA * d2i_Netscape_RSA(RSA **a, unsigned char **pp, long length, int (*cb)());
|
RSA * d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, int (*cb)());
|
||||||
|
|
||||||
=head1 DESCRIPTION
|
=head1 DESCRIPTION
|
||||||
|
|
||||||
|
|||||||
17
ssl/s3_lib.c
17
ssl/s3_lib.c
@ -3138,6 +3138,7 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
|
|||||||
|
|
||||||
int ssl3_shutdown(SSL *s)
|
int ssl3_shutdown(SSL *s)
|
||||||
{
|
{
|
||||||
|
int ret;
|
||||||
|
|
||||||
/* Don't do anything much if we have not done the handshake or
|
/* Don't do anything much if we have not done the handshake or
|
||||||
* we don't want to send messages :-) */
|
* we don't want to send messages :-) */
|
||||||
@ -3155,18 +3156,32 @@ int ssl3_shutdown(SSL *s)
|
|||||||
#endif
|
#endif
|
||||||
/* our shutdown alert has been sent now, and if it still needs
|
/* our shutdown alert has been sent now, and if it still needs
|
||||||
* to be written, s->s3->alert_dispatch will be true */
|
* to be written, s->s3->alert_dispatch will be true */
|
||||||
|
if (s->s3->alert_dispatch)
|
||||||
|
return(-1); /* return WANT_WRITE */
|
||||||
}
|
}
|
||||||
else if (s->s3->alert_dispatch)
|
else if (s->s3->alert_dispatch)
|
||||||
{
|
{
|
||||||
/* resend it if not sent */
|
/* resend it if not sent */
|
||||||
#if 1
|
#if 1
|
||||||
s->method->ssl_dispatch_alert(s);
|
ret=s->method->ssl_dispatch_alert(s);
|
||||||
|
if(ret == -1)
|
||||||
|
{
|
||||||
|
/* we only get to return -1 here the 2nd/Nth
|
||||||
|
* invocation, we must have already signalled
|
||||||
|
* return 0 upon a previous invoation,
|
||||||
|
* return WANT_WRITE */
|
||||||
|
return(ret);
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
|
else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
|
||||||
{
|
{
|
||||||
/* If we are waiting for a close from our peer, we are closed */
|
/* If we are waiting for a close from our peer, we are closed */
|
||||||
s->method->ssl_read_bytes(s,0,NULL,0,0);
|
s->method->ssl_read_bytes(s,0,NULL,0,0);
|
||||||
|
if(!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
|
||||||
|
{
|
||||||
|
return(-1); /* return WANT_READ */
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
|
if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
|
||||||
|
|||||||
@ -1350,13 +1350,13 @@ int ssl3_do_change_cipher_spec(SSL *s)
|
|||||||
return(1);
|
return(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
void ssl3_send_alert(SSL *s, int level, int desc)
|
int ssl3_send_alert(SSL *s, int level, int desc)
|
||||||
{
|
{
|
||||||
/* Map tls/ssl alert value to correct one */
|
/* Map tls/ssl alert value to correct one */
|
||||||
desc=s->method->ssl3_enc->alert_value(desc);
|
desc=s->method->ssl3_enc->alert_value(desc);
|
||||||
if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION)
|
if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION)
|
||||||
desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have protocol_version alerts */
|
desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have protocol_version alerts */
|
||||||
if (desc < 0) return;
|
if (desc < 0) return -1;
|
||||||
/* If a fatal one, remove from cache */
|
/* If a fatal one, remove from cache */
|
||||||
if ((level == 2) && (s->session != NULL))
|
if ((level == 2) && (s->session != NULL))
|
||||||
SSL_CTX_remove_session(s->ctx,s->session);
|
SSL_CTX_remove_session(s->ctx,s->session);
|
||||||
@ -1365,9 +1365,10 @@ void ssl3_send_alert(SSL *s, int level, int desc)
|
|||||||
s->s3->send_alert[0]=level;
|
s->s3->send_alert[0]=level;
|
||||||
s->s3->send_alert[1]=desc;
|
s->s3->send_alert[1]=desc;
|
||||||
if (s->s3->wbuf.left == 0) /* data still being written out? */
|
if (s->s3->wbuf.left == 0) /* data still being written out? */
|
||||||
s->method->ssl_dispatch_alert(s);
|
return s->method->ssl_dispatch_alert(s);
|
||||||
/* else data is still being written out, we will get written
|
/* else data is still being written out, we will get written
|
||||||
* some time in the future */
|
* some time in the future */
|
||||||
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int ssl3_dispatch_alert(SSL *s)
|
int ssl3_dispatch_alert(SSL *s)
|
||||||
|
|||||||
@ -857,7 +857,7 @@ int ssl3_send_change_cipher_spec(SSL *s,int state_a,int state_b);
|
|||||||
int ssl3_change_cipher_state(SSL *s,int which);
|
int ssl3_change_cipher_state(SSL *s,int which);
|
||||||
void ssl3_cleanup_key_block(SSL *s);
|
void ssl3_cleanup_key_block(SSL *s);
|
||||||
int ssl3_do_write(SSL *s,int type);
|
int ssl3_do_write(SSL *s,int type);
|
||||||
void ssl3_send_alert(SSL *s,int level, int desc);
|
int ssl3_send_alert(SSL *s,int level, int desc);
|
||||||
int ssl3_generate_master_secret(SSL *s, unsigned char *out,
|
int ssl3_generate_master_secret(SSL *s, unsigned char *out,
|
||||||
unsigned char *p, int len);
|
unsigned char *p, int len);
|
||||||
int ssl3_get_req_cert_type(SSL *s,unsigned char *p);
|
int ssl3_get_req_cert_type(SSL *s,unsigned char *p);
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user