Compare commits
65 Commits
OpenSSL_0_
...
OpenSSL_0_
| Author | SHA1 | Date | |
|---|---|---|---|
|
8ccf402239 | ||
|
|
8b3b01a2d4 | ||
|
|
7884f064f1 | ||
|
|
08844f0cd9 | ||
|
|
fcc7c0a7bf | ||
|
|
0faa9d290f | ||
|
|
16c3ccca86 | ||
|
|
302b9b0dcd | ||
|
|
658cd50bbe | ||
|
|
a3940bb751 | ||
|
|
1a4dc04dc4 | ||
|
|
f7191d25ad | ||
|
|
e81cea2475 | ||
|
|
2217e86cd0 | ||
|
|
0dbd9ccc06 | ||
|
|
b923ccab78 | ||
|
|
7a035a4868 | ||
|
|
e57c110931 | ||
|
|
bc4de7940f | ||
|
|
ffa20374ac | ||
|
|
1a517f0a82 | ||
|
|
fbe7cd3138 | ||
|
|
83f70d68d6 | ||
|
|
3db7c0977c | ||
|
|
c0ec5de6db | ||
|
|
3074ade0cb | ||
|
|
c4c18c82e8 | ||
|
|
0a0a3ea339 | ||
|
|
3c28bfdc82 | ||
|
|
4b650cb731 | ||
|
|
411a301c04 | ||
|
|
3cb08a4fb1 | ||
|
|
a01fc63c11 | ||
|
|
a5bb5c9688 | ||
|
|
6023462f60 | ||
|
|
94f5c934f6 | ||
|
|
19ed670b51 | ||
|
|
3158c87a02 | ||
|
|
0841f288e5 | ||
|
|
46a539a2c9 | ||
|
|
58c84c1230 | ||
|
|
e5c1a02519 | ||
|
|
782576dbec | ||
|
|
e9dcc3fb34 | ||
|
|
702eb4dc0a | ||
|
|
a7a53184bf | ||
|
|
8848960020 | ||
|
|
f6ab5d5761 | ||
|
|
a974518704 | ||
|
|
d84aa433d4 | ||
|
|
647cfb980e | ||
|
|
9f0d2f6b09 | ||
|
|
29e301065f | ||
|
|
b9c2b03352 | ||
|
|
c2edb62beb | ||
|
|
0a02757b03 | ||
|
|
fd37856472 | ||
|
|
46956f0670 | ||
|
|
528c1ad2ae | ||
|
|
3b9e8c7c36 | ||
|
|
3ad23eb282 | ||
|
|
adc88583a9 | ||
|
|
19b114410e | ||
|
|
51c21d0fec | ||
|
|
0698f54e0e |
40
CHANGES
40
CHANGES
@@ -2,6 +2,46 @@
|
||||
OpenSSL CHANGES
|
||||
_______________
|
||||
|
||||
Changes between 0.9.6l and 0.9.6m [17 Mar 2004]
|
||||
|
||||
*) Fix null-pointer assignment in do_change_cipher_spec() revealed
|
||||
by using the Codenomicon TLS Test Tool (CAN-2004-0079)
|
||||
[Joe Orton, Steve Henson]
|
||||
|
||||
Changes between 0.9.6k and 0.9.6l [04 Nov 2003]
|
||||
|
||||
*) Fix additional bug revealed by the NISCC test suite:
|
||||
|
||||
Stop bug triggering large recursion when presented with
|
||||
certain ASN.1 tags (CAN-2003-0851)
|
||||
[Steve Henson]
|
||||
|
||||
Changes between 0.9.6j and 0.9.6k [30 Sep 2003]
|
||||
|
||||
*) Fix various bugs revealed by running the NISCC test suite:
|
||||
|
||||
Stop out of bounds reads in the ASN1 code when presented with
|
||||
invalid tags (CAN-2003-0543 and CAN-2003-0544).
|
||||
|
||||
If verify callback ignores invalid public key errors don't try to check
|
||||
certificate signature with the NULL public key.
|
||||
|
||||
[Steve Henson]
|
||||
|
||||
*) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate
|
||||
if the server requested one: as stated in TLS 1.0 and SSL 3.0
|
||||
specifications.
|
||||
[Steve Henson]
|
||||
|
||||
*) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional
|
||||
extra data after the compression methods not only for TLS 1.0
|
||||
but also for SSL 3.0 (as required by the specification).
|
||||
[Bodo Moeller; problem pointed out by Matthias Loepfe]
|
||||
|
||||
*) Change X509_certificate_type() to mark the key as exported/exportable
|
||||
when it's 512 *bits* long, not 512 bytes.
|
||||
[Richard Levitte]
|
||||
|
||||
Changes between 0.9.6i and 0.9.6j [10 Apr 2003]
|
||||
|
||||
*) Countermeasure against the Klima-Pokorny-Rosa extension of
|
||||
|
||||
@@ -122,7 +122,7 @@ my %table=(
|
||||
"debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -DBIO_PAIR_DEBUG -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
|
||||
"debug-ulf", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
|
||||
"debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
|
||||
"debug-levitte-linux-elf","gcc:-DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wstrict-prototypes -Wmissing-prototypes -pipe::-D_REENTRANT:-ldl:::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
"debug-levitte-linux-elf","gcc:-DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wmissing-declarations -Wno-long-long -pipe::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
"dist", "cc:-O::(unknown):::::",
|
||||
|
||||
# Basic configs that should work on any (32 and less bit) box
|
||||
@@ -344,7 +344,7 @@ my %table=(
|
||||
"linux-mips", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::",
|
||||
"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
"linux-m68k", "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
|
||||
"linux-s390", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR),\$(SHLIB_MINOR)",
|
||||
"linux-s390", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
"linux-s390x", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
"NetBSD-sparc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
|
||||
7
FAQ
7
FAQ
@@ -63,7 +63,7 @@ OpenSSL - Frequently Asked Questions
|
||||
* Which is the current version of OpenSSL?
|
||||
|
||||
The current version is available from <URL: http://www.openssl.org>.
|
||||
OpenSSL 0.9.7b was released on April 10, 2003.
|
||||
OpenSSL 0.9.7d was released on March 17, 2004.
|
||||
|
||||
In addition to the current stable release, you can also access daily
|
||||
snapshots of the OpenSSL development version at <URL:
|
||||
@@ -111,11 +111,14 @@ OpenSSL. Information on the OpenSSL mailing lists is available from
|
||||
|
||||
* Where can I get a compiled version of OpenSSL?
|
||||
|
||||
You can finder pointers to binary distributions in
|
||||
http://www.openssl.org/related/binaries.html .
|
||||
|
||||
Some applications that use OpenSSL are distributed in binary form.
|
||||
When using such an application, you don't need to install OpenSSL
|
||||
yourself; the application will include the required parts (e.g. DLLs).
|
||||
|
||||
If you want to install OpenSSL on a Windows system and you don't have
|
||||
If you want to build OpenSSL on a Windows system and you don't have
|
||||
a C compiler, read the "Mingw32" section of INSTALL.W32 for information
|
||||
on how to obtain and install the free GNU C compiler.
|
||||
|
||||
|
||||
@@ -216,7 +216,7 @@
|
||||
$ md c:\openssl\lib
|
||||
$ md c:\openssl\include
|
||||
$ md c:\openssl\include\openssl
|
||||
$ copy /b inc32\* c:\openssl\include\openssl
|
||||
$ copy /b inc32\openssl\* c:\openssl\include\openssl
|
||||
$ copy /b out32dll\ssleay32.lib c:\openssl\lib
|
||||
$ copy /b out32dll\libeay32.lib c:\openssl\lib
|
||||
$ copy /b out32dll\ssleay32.dll c:\openssl\bin
|
||||
|
||||
2
LICENSE
2
LICENSE
@@ -12,7 +12,7 @@
|
||||
---------------
|
||||
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
|
||||
* Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
|
||||
@@ -368,7 +368,7 @@ do_svr3-shared:
|
||||
find . -name "*.o" -print > allobjs ; \
|
||||
OBJS= ; export OBJS ; \
|
||||
for obj in `ar t lib$$i.a` ; do \
|
||||
OBJS="$${OBJS} `grep $$obj allobjs`" ; \
|
||||
OBJS="$${OBJS} `grep /$$obj allobjs`" ; \
|
||||
done ; \
|
||||
set -x; ${CC} ${SHARED_LDFLAGS} \
|
||||
-G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
|
||||
@@ -390,7 +390,7 @@ do_svr5-shared:
|
||||
find . -name "*.o" -print > allobjs ; \
|
||||
OBJS= ; export OBJS ; \
|
||||
for obj in `ar t lib$$i.a` ; do \
|
||||
OBJS="$${OBJS} `grep $$obj allobjs`" ; \
|
||||
OBJS="$${OBJS} `grep /$$obj allobjs`" ; \
|
||||
done ; \
|
||||
set -x; ${CC} ${SHARED_LDFLAGS} \
|
||||
$${SHARE_FLAG} -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
|
||||
|
||||
13
NEWS
13
NEWS
@@ -5,6 +5,19 @@
|
||||
This file gives a brief overview of the major changes between each OpenSSL
|
||||
release. For more details please read the CHANGES file.
|
||||
|
||||
Major changes between OpenSSL 0.9.6l and OpenSSL 0.9.6m:
|
||||
|
||||
o Security: fix null-pointer bug leading to crash
|
||||
|
||||
Major changes between OpenSSL 0.9.6k and OpenSSL 0.9.6l:
|
||||
|
||||
o Security: fix ASN1 bug leading to large recursion
|
||||
|
||||
Major changes between OpenSSL 0.9.6j and OpenSSL 0.9.6k:
|
||||
|
||||
o Security: fix various ASN1 parsing bugs.
|
||||
o SSL/TLS protocol fix for unrequested client certificates.
|
||||
|
||||
Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j:
|
||||
|
||||
o Security: counter the Klima-Pokorny-Rosa extension of
|
||||
|
||||
4
README
4
README
@@ -1,7 +1,7 @@
|
||||
|
||||
OpenSSL 0.9.6j 10 Apr 2003
|
||||
OpenSSL 0.9.6m 17 Mar 2004
|
||||
|
||||
Copyright (c) 1998-2003 The OpenSSL Project
|
||||
Copyright (c) 1998-2004 The OpenSSL Project
|
||||
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
|
||||
All rights reserved.
|
||||
|
||||
|
||||
7
STATUS
7
STATUS
@@ -1,13 +1,18 @@
|
||||
|
||||
OpenSSL STATUS Last modified at
|
||||
______________ $Date: 2003/04/10 20:21:26 $
|
||||
______________ $Date: 2004/03/17 11:40:42 $
|
||||
|
||||
DEVELOPMENT STATE
|
||||
|
||||
o OpenSSL 0.9.8: Under development...
|
||||
o OpenSSL 0.9.7d: Released on March 17th, 2004
|
||||
o OpenSSL 0.9.7c: Released on September 30th, 2003
|
||||
o OpenSSL 0.9.7b: Released on April 10th, 2003
|
||||
o OpenSSL 0.9.7a: Released on February 19th, 2003
|
||||
o OpenSSL 0.9.7: Released on December 31st, 2002
|
||||
o OpenSSL 0.9.6m: Released on March 17th, 2004
|
||||
o OpenSSL 0.9.6l: Released on November 4th, 2003
|
||||
o OpenSSL 0.9.6k: Released on September 30th, 2003
|
||||
o OpenSSL 0.9.6j: Released on April 10th, 2003
|
||||
o OpenSSL 0.9.6i: Released on February 19th, 2003
|
||||
o OpenSSL 0.9.6h: Released on December 5th, 2002
|
||||
|
||||
@@ -59,7 +59,11 @@
|
||||
#ifndef HEADER_APPS_H
|
||||
#define HEADER_APPS_H
|
||||
|
||||
#include "openssl/e_os.h"
|
||||
#ifdef FLAT_INC
|
||||
#include "e_os.h"
|
||||
#else
|
||||
#include "../e_os.h"
|
||||
#endif
|
||||
|
||||
#include <openssl/buffer.h>
|
||||
#include <openssl/bio.h>
|
||||
|
||||
@@ -301,7 +301,15 @@ bad:
|
||||
num=tmplen;
|
||||
}
|
||||
|
||||
if (length == 0) length=(unsigned int)num;
|
||||
if (offset >= num)
|
||||
{
|
||||
BIO_printf(bio_err, "Error: offset too large\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
num -= offset;
|
||||
|
||||
if ((length == 0) || ((long)length > num)) length=(unsigned int)num;
|
||||
if(derout) {
|
||||
if(BIO_write(derout, str + offset, length) != (int)length) {
|
||||
BIO_printf(bio_err, "Error writing output\n");
|
||||
|
||||
11
apps/pkcs8.c
11
apps/pkcs8.c
@@ -219,7 +219,7 @@ int MAIN(int argc, char **argv)
|
||||
}
|
||||
BIO_free(in);
|
||||
if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken))) {
|
||||
BIO_printf(bio_err, "Error converting key\n", outfile);
|
||||
BIO_printf(bio_err, "Error converting key\n");
|
||||
ERR_print_errors(bio_err);
|
||||
return (1);
|
||||
}
|
||||
@@ -243,8 +243,7 @@ int MAIN(int argc, char **argv)
|
||||
if (!(p8 = PKCS8_encrypt(pbe_nid, cipher,
|
||||
p8pass, strlen(p8pass),
|
||||
NULL, 0, iter, p8inf))) {
|
||||
BIO_printf(bio_err, "Error encrypting key\n",
|
||||
outfile);
|
||||
BIO_printf(bio_err, "Error encrypting key\n");
|
||||
ERR_print_errors(bio_err);
|
||||
return (1);
|
||||
}
|
||||
@@ -287,7 +286,7 @@ int MAIN(int argc, char **argv)
|
||||
}
|
||||
|
||||
if (!p8) {
|
||||
BIO_printf (bio_err, "Error reading key\n", outfile);
|
||||
BIO_printf (bio_err, "Error reading key\n");
|
||||
ERR_print_errors(bio_err);
|
||||
return (1);
|
||||
}
|
||||
@@ -301,13 +300,13 @@ int MAIN(int argc, char **argv)
|
||||
}
|
||||
|
||||
if (!p8inf) {
|
||||
BIO_printf(bio_err, "Error decrypting key\n", outfile);
|
||||
BIO_printf(bio_err, "Error decrypting key\n");
|
||||
ERR_print_errors(bio_err);
|
||||
return (1);
|
||||
}
|
||||
|
||||
if (!(pkey = EVP_PKCS82PKEY(p8inf))) {
|
||||
BIO_printf(bio_err, "Error converting key\n", outfile);
|
||||
BIO_printf(bio_err, "Error converting key\n");
|
||||
ERR_print_errors(bio_err);
|
||||
return (1);
|
||||
}
|
||||
|
||||
@@ -1063,7 +1063,7 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
|
||||
BIO_free(io);
|
||||
io=NULL;
|
||||
|
||||
if (!X509_STORE_add_cert(ctx,x)) goto end;
|
||||
/*if (!X509_STORE_add_cert(ctx,x)) goto end;*/
|
||||
|
||||
/* NOTE: this certificate can/should be self signed, unless it was
|
||||
* a certificate request in which case it is not. */
|
||||
|
||||
@@ -29,7 +29,7 @@ RC4-MD5, but a re-connect tries to use DES-CBC-SHA. So netscape, when
|
||||
doing a re-connect, always takes the first cipher in the cipher list.
|
||||
|
||||
If we accept a netscape connection, demand a client cert, have a
|
||||
non-self-sighed CA which does not have it's CA in netscape, and the
|
||||
non-self-signed CA which does not have it's CA in netscape, and the
|
||||
browser has a cert, it will crash/hang. Works for 3.x and 4.xbeta
|
||||
|
||||
Netscape browsers do not really notice the server sending a
|
||||
|
||||
18
certs/expired/vsign3.pem
Normal file
18
certs/expired/vsign3.pem
Normal file
@@ -0,0 +1,18 @@
|
||||
subject=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
|
||||
notBefore=Jan 29 00:00:00 1996 GMT
|
||||
notAfter=Jan 7 23:59:59 2004 GMT
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIICPTCCAaYCEQDknv3zOugOz6URPhmkJAIyMA0GCSqGSIb3DQEBAgUAMF8xCzAJ
|
||||
BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xh
|
||||
c3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05
|
||||
NjAxMjkwMDAwMDBaFw0wNDAxMDcyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYD
|
||||
VQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJp
|
||||
bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOB
|
||||
jQAwgYkCgYEAyVxZnvIbigEUtBDfBEDb41evakVAj4QMC9Ez2dkRz+4CWB8l9yqo
|
||||
RAWq7AMfeH+ek7maAKojfdashaJjRcdyJ8z0TMZ1cdI5709C8HXfCpDGjiBvmA/4
|
||||
rCNfcCk2pMmG57GaIMtTpYXnPb59mv4kRTPcdhXtD6JxZExlLoFoRacCAwEAATAN
|
||||
BgkqhkiG9w0BAQIFAAOBgQBhcOwvP579K+ZoVCGwZ3kIDCCWMYoNer62Jt95LCJp
|
||||
STbjl3diYaIy13pUITa6Ask05yXaRDWw0lyAXbOU+Pms7qRgdSoflUkjsUp89LNH
|
||||
ciFbfperVKxi513srpvSybIk+4Kt6WcVS7qqpvCXoPawl1cAyAw8CaCCBLpB2veZ
|
||||
pA==
|
||||
-----END CERTIFICATE-----
|
||||
@@ -1,18 +1,17 @@
|
||||
subject=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
|
||||
notBefore=Jan 29 00:00:00 1996 GMT
|
||||
notAfter=Jan 7 23:59:59 2004 GMT
|
||||
notAfter=Aug 1 23:59:59 2028 GMT
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIICPTCCAaYCEQDknv3zOugOz6URPhmkJAIyMA0GCSqGSIb3DQEBAgUAMF8xCzAJ
|
||||
BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xh
|
||||
c3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05
|
||||
NjAxMjkwMDAwMDBaFw0wNDAxMDcyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYD
|
||||
VQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJp
|
||||
bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOB
|
||||
jQAwgYkCgYEAyVxZnvIbigEUtBDfBEDb41evakVAj4QMC9Ez2dkRz+4CWB8l9yqo
|
||||
RAWq7AMfeH+ek7maAKojfdashaJjRcdyJ8z0TMZ1cdI5709C8HXfCpDGjiBvmA/4
|
||||
rCNfcCk2pMmG57GaIMtTpYXnPb59mv4kRTPcdhXtD6JxZExlLoFoRacCAwEAATAN
|
||||
BgkqhkiG9w0BAQIFAAOBgQBhcOwvP579K+ZoVCGwZ3kIDCCWMYoNer62Jt95LCJp
|
||||
STbjl3diYaIy13pUITa6Ask05yXaRDWw0lyAXbOU+Pms7qRgdSoflUkjsUp89LNH
|
||||
ciFbfperVKxi513srpvSybIk+4Kt6WcVS7qqpvCXoPawl1cAyAw8CaCCBLpB2veZ
|
||||
pA==
|
||||
MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG
|
||||
A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
|
||||
cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
|
||||
MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
|
||||
BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt
|
||||
YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
|
||||
ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE
|
||||
BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is
|
||||
I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G
|
||||
CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do
|
||||
lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc
|
||||
AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k
|
||||
-----END CERTIFICATE-----
|
||||
|
||||
@@ -201,7 +201,10 @@ ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, unsigned char **pp, long length,
|
||||
c.pp=pp;
|
||||
c.p=p;
|
||||
c.inf=inf;
|
||||
c.slen=len;
|
||||
if (inf & 1)
|
||||
c.slen = length - (p - *pp);
|
||||
else
|
||||
c.slen=len;
|
||||
c.tag=Ptag;
|
||||
c.xclass=Pclass;
|
||||
c.max=(length == 0)?0:(p+length);
|
||||
@@ -279,8 +282,7 @@ static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c)
|
||||
{
|
||||
if (c->inf & 1)
|
||||
{
|
||||
c->eos=ASN1_check_infinite_end(&c->p,
|
||||
(long)(c->max-c->p));
|
||||
c->eos=ASN1_check_infinite_end(&c->p, c->slen);
|
||||
if (c->eos) break;
|
||||
}
|
||||
else
|
||||
@@ -289,7 +291,7 @@ static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c)
|
||||
}
|
||||
|
||||
c->q=c->p;
|
||||
if (d2i_ASN1_bytes(&os,&c->p,c->max-c->p,c->tag,c->xclass)
|
||||
if (d2i_ASN1_bytes(&os,&c->p,c->slen,c->tag,c->xclass)
|
||||
== NULL)
|
||||
{
|
||||
c->error=ERR_R_ASN1_LIB;
|
||||
@@ -302,8 +304,7 @@ static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c)
|
||||
goto err;
|
||||
}
|
||||
memcpy(&(b.data[num]),os->data,os->length);
|
||||
if (!(c->inf & 1))
|
||||
c->slen-=(c->p-c->q);
|
||||
c->slen-=(c->p-c->q);
|
||||
num+=os->length;
|
||||
}
|
||||
|
||||
|
||||
@@ -78,7 +78,8 @@
|
||||
* and a FILE pointer.
|
||||
*/
|
||||
|
||||
int send_mem_chars(void *arg, const void *buf, int len)
|
||||
#if 0 /* Not used */
|
||||
static int send_mem_chars(void *arg, const void *buf, int len)
|
||||
{
|
||||
unsigned char **out = arg;
|
||||
if(!out) return 1;
|
||||
@@ -86,15 +87,16 @@ int send_mem_chars(void *arg, const void *buf, int len)
|
||||
*out += len;
|
||||
return 1;
|
||||
}
|
||||
#endif
|
||||
|
||||
int send_bio_chars(void *arg, const void *buf, int len)
|
||||
static int send_bio_chars(void *arg, const void *buf, int len)
|
||||
{
|
||||
if(!arg) return 1;
|
||||
if(BIO_write(arg, buf, len) != len) return 0;
|
||||
return 1;
|
||||
}
|
||||
|
||||
int send_fp_chars(void *arg, const void *buf, int len)
|
||||
static int send_fp_chars(void *arg, const void *buf, int len)
|
||||
{
|
||||
if(!arg) return 1;
|
||||
if(fwrite(buf, 1, len, arg) != (unsigned int)len) return 0;
|
||||
@@ -240,7 +242,8 @@ static int do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf, int buflen
|
||||
* #01234 format.
|
||||
*/
|
||||
|
||||
int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING *str)
|
||||
static int do_dump(unsigned long lflags, char_io *io_ch, void *arg,
|
||||
ASN1_STRING *str)
|
||||
{
|
||||
/* Placing the ASN1_STRING in a temp ASN1_TYPE allows
|
||||
* the DER encoding to readily obtained
|
||||
@@ -274,7 +277,7 @@ int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING *str)
|
||||
* otherwise it is the number of bytes per character
|
||||
*/
|
||||
|
||||
const static char tag2nbyte[] = {
|
||||
const static signed char tag2nbyte[] = {
|
||||
-1, -1, -1, -1, -1, /* 0-4 */
|
||||
-1, -1, -1, -1, -1, /* 5-9 */
|
||||
-1, -1, 0, -1, /* 10-13 */
|
||||
|
||||
@@ -123,7 +123,7 @@ extern "C" {
|
||||
#define B_ASN1_NUMERICSTRING 0x0001
|
||||
#define B_ASN1_PRINTABLESTRING 0x0002
|
||||
#define B_ASN1_T61STRING 0x0004
|
||||
#define B_ASN1_TELETEXSTRING 0x0008
|
||||
#define B_ASN1_TELETEXSTRING 0x0004
|
||||
#define B_ASN1_VIDEOTEXSTRING 0x0008
|
||||
#define B_ASN1_IA5STRING 0x0010
|
||||
#define B_ASN1_GRAPHICSTRING 0x0020
|
||||
|
||||
@@ -104,10 +104,12 @@ int ASN1_get_object(unsigned char **pp, long *plength, int *ptag, int *pclass,
|
||||
l<<=7L;
|
||||
l|= *(p++)&0x7f;
|
||||
if (--max == 0) goto err;
|
||||
if (l > (INT_MAX >> 7L)) goto err;
|
||||
}
|
||||
l<<=7L;
|
||||
l|= *(p++)&0x7f;
|
||||
tag=(int)l;
|
||||
if (--max == 0) goto err;
|
||||
}
|
||||
else
|
||||
{
|
||||
|
||||
@@ -63,7 +63,11 @@
|
||||
#include <string.h>
|
||||
#include <stdlib.h>
|
||||
|
||||
#ifdef FLAT_INC
|
||||
#include "e_os.h"
|
||||
#else
|
||||
#include "../e_os.h"
|
||||
#endif
|
||||
|
||||
#ifdef NO_BF
|
||||
int main(int argc, char *argv[])
|
||||
|
||||
@@ -565,12 +565,12 @@ abs_val(LDOUBLE value)
|
||||
}
|
||||
|
||||
static LDOUBLE
|
||||
pow10(int exp)
|
||||
pow10(int in_exp)
|
||||
{
|
||||
LDOUBLE result = 1;
|
||||
while (exp) {
|
||||
while (in_exp) {
|
||||
result *= 10;
|
||||
exp--;
|
||||
in_exp--;
|
||||
}
|
||||
return result;
|
||||
}
|
||||
@@ -825,5 +825,5 @@ int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
|
||||
* had the buffer been large enough.) */
|
||||
return -1;
|
||||
else
|
||||
return (retlen <= INT_MAX) ? retlen : -1;
|
||||
return (retlen <= INT_MAX) ? (int)retlen : -1;
|
||||
}
|
||||
|
||||
@@ -495,6 +495,7 @@ static int buffer_gets(BIO *b, char *buf, int size)
|
||||
if (i <= 0)
|
||||
{
|
||||
BIO_copy_next_retry(b);
|
||||
*buf='\0';
|
||||
if (i < 0) return((num > 0)?num:i);
|
||||
if (i == 0) return(num);
|
||||
}
|
||||
|
||||
@@ -1,4 +1,57 @@
|
||||
/* crypto/bio/bss_bio.c -*- Mode: C; c-file-style: "eay" -*- */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* openssl-core@openssl.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
* This product includes cryptographic software written by Eric Young
|
||||
* (eay@cryptsoft.com). This product includes software written by Tim
|
||||
* Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
*/
|
||||
|
||||
/* Special method for a BIO where the other endpoint is also a BIO
|
||||
* of this kind, handled by the same thread (i.e. the "peer" is actually
|
||||
@@ -503,7 +556,7 @@ static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr)
|
||||
break;
|
||||
|
||||
case BIO_C_DESTROY_BIO_PAIR:
|
||||
/* Effects both BIOs in the pair -- call just once!
|
||||
/* Affects both BIOs in the pair -- call just once!
|
||||
* Or let BIO_free(bio1); BIO_free(bio2); do the job. */
|
||||
bio_destroy_pair(bio);
|
||||
ret = 1;
|
||||
|
||||
@@ -224,7 +224,7 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int tn,
|
||||
int n, BN_ULONG *t)
|
||||
{
|
||||
int i,j,n2=n*2;
|
||||
unsigned int c1,c2,neg,zero;
|
||||
int c1,c2,neg,zero;
|
||||
BN_ULONG ln,lo,*p;
|
||||
|
||||
# ifdef BN_COUNT
|
||||
@@ -376,7 +376,7 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int tn,
|
||||
|
||||
/* The overflow will stop before we over write
|
||||
* words we should not overwrite */
|
||||
if (ln < c1)
|
||||
if (ln < (BN_ULONG)c1)
|
||||
{
|
||||
do {
|
||||
p++;
|
||||
|
||||
@@ -62,7 +62,11 @@
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
||||
#include "openssl/e_os.h"
|
||||
#ifdef FLAT_INC
|
||||
#include "e_os.h"
|
||||
#else
|
||||
#include "../e_os.h"
|
||||
#endif
|
||||
|
||||
#include <openssl/crypto.h>
|
||||
#include <openssl/buffer.h>
|
||||
|
||||
@@ -56,6 +56,7 @@
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
|
||||
#include "openssl/e_os.h"
|
||||
#include "des_locl.h"
|
||||
|
||||
/* The input and output are loaded in multiples of 8 bits.
|
||||
|
||||
@@ -123,7 +123,11 @@ DSO_METHOD *DSO_METHOD_dlfcn(void)
|
||||
# endif
|
||||
# endif
|
||||
#else
|
||||
# define DLOPEN_FLAG RTLD_NOW /* Hope this works everywhere else */
|
||||
# ifdef OPENSSL_SYS_SUNOS
|
||||
# define DLOPEN_FLAG 1
|
||||
# else
|
||||
# define DLOPEN_FLAG RTLD_NOW /* Hope this works everywhere else */
|
||||
# endif
|
||||
#endif
|
||||
|
||||
/* For this DSO_METHOD, our meth_data STACK will contain;
|
||||
|
||||
@@ -110,9 +110,8 @@ EVP_CIPHER *EVP_rc4_40(void)
|
||||
static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
|
||||
const unsigned char *iv, int enc)
|
||||
{
|
||||
memcpy(&(ctx->c.rc4.key[0]),key,EVP_CIPHER_CTX_key_length(ctx));
|
||||
RC4_set_key(&(ctx->c.rc4.ks),EVP_CIPHER_CTX_key_length(ctx),
|
||||
ctx->c.rc4.key);
|
||||
key);
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
@@ -293,7 +293,7 @@ sub md5_block
|
||||
&mov(&DWP(12,$tmp2,"",0),$D);
|
||||
|
||||
&cmp($tmp1,$X) unless $normal; # check count
|
||||
&jge(&label("start")) unless $normal;
|
||||
&jae(&label("start")) unless $normal;
|
||||
|
||||
&pop("eax"); # pop the temp variable off the stack
|
||||
&pop("ebx");
|
||||
|
||||
@@ -175,7 +175,7 @@ void *CRYPTO_malloc_locked(int num, const char *file, int line)
|
||||
void *ret = NULL;
|
||||
extern unsigned char cleanse_ctr;
|
||||
|
||||
if (num < 0) return NULL;
|
||||
if (num <= 0) return NULL;
|
||||
|
||||
allow_customize = 0;
|
||||
if (malloc_debug_func != NULL)
|
||||
@@ -216,7 +216,7 @@ void *CRYPTO_malloc(int num, const char *file, int line)
|
||||
void *ret = NULL;
|
||||
extern unsigned char cleanse_ctr;
|
||||
|
||||
if (num < 0) return NULL;
|
||||
if (num <= 0) return NULL;
|
||||
|
||||
allow_customize = 0;
|
||||
if (malloc_debug_func != NULL)
|
||||
@@ -247,7 +247,7 @@ void *CRYPTO_realloc(void *str, int num, const char *file, int line)
|
||||
if (str == NULL)
|
||||
return CRYPTO_malloc(num, file, line);
|
||||
|
||||
if (num < 0) return NULL;
|
||||
if (num <= 0) return NULL;
|
||||
|
||||
if (realloc_debug_func != NULL)
|
||||
realloc_debug_func(str, NULL, num, file, line, 0);
|
||||
|
||||
@@ -25,8 +25,8 @@
|
||||
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
|
||||
* major minor fix final patch/beta)
|
||||
*/
|
||||
#define OPENSSL_VERSION_NUMBER 0x009060afL
|
||||
#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.6j 10 Apr 2003"
|
||||
#define OPENSSL_VERSION_NUMBER 0x009060dfL
|
||||
#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.6m 17 Mar 2004"
|
||||
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
|
||||
|
||||
|
||||
|
||||
@@ -567,7 +567,7 @@ int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
|
||||
long len)
|
||||
{
|
||||
int nlen,n,i,j,outl;
|
||||
unsigned char *buf;
|
||||
unsigned char *buf = NULL;
|
||||
EVP_ENCODE_CTX ctx;
|
||||
int reason=ERR_R_BUF_LIB;
|
||||
|
||||
@@ -587,7 +587,7 @@ int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
|
||||
goto err;
|
||||
}
|
||||
|
||||
buf=(unsigned char *)OPENSSL_malloc(PEM_BUFSIZE*8);
|
||||
buf = OPENSSL_malloc(PEM_BUFSIZE*8);
|
||||
if (buf == NULL)
|
||||
{
|
||||
reason=ERR_R_MALLOC_FAILURE;
|
||||
@@ -608,12 +608,15 @@ int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
|
||||
EVP_EncodeFinal(&ctx,buf,&outl);
|
||||
if ((outl > 0) && (BIO_write(bp,(char *)buf,outl) != outl)) goto err;
|
||||
OPENSSL_free(buf);
|
||||
buf = NULL;
|
||||
if ( (BIO_write(bp,"-----END ",9) != 9) ||
|
||||
(BIO_write(bp,name,nlen) != nlen) ||
|
||||
(BIO_write(bp,"-----\n",6) != 6))
|
||||
goto err;
|
||||
return(i+outl);
|
||||
err:
|
||||
if (buf)
|
||||
OPENSSL_free(buf);
|
||||
PEMerr(PEM_F_PEM_WRITE_BIO,reason);
|
||||
return(0);
|
||||
}
|
||||
|
||||
@@ -141,7 +141,10 @@ sub main'jle { &out1("jle",@_); }
|
||||
sub main'jz { &out1("jz",@_); }
|
||||
sub main'jge { &out1("jge",@_); }
|
||||
sub main'jl { &out1("jl",@_); }
|
||||
sub main'ja { &out1("ja",@_); }
|
||||
sub main'jae { &out1("jae",@_); }
|
||||
sub main'jb { &out1("jb",@_); }
|
||||
sub main'jbe { &out1("jbe",@_); }
|
||||
sub main'jc { &out1("jc",@_); }
|
||||
sub main'jnc { &out1("jnc",@_); }
|
||||
sub main'jnz { &out1("jnz",@_); }
|
||||
|
||||
@@ -149,7 +149,10 @@ sub main'jle { &out1("jle NEAR",@_); }
|
||||
sub main'jz { &out1("jz NEAR",@_); }
|
||||
sub main'jge { &out1("jge NEAR",@_); }
|
||||
sub main'jl { &out1("jl NEAR",@_); }
|
||||
sub main'ja { &out1("ja NEAR",@_); }
|
||||
sub main'jae { &out1("jae NEAR",@_); }
|
||||
sub main'jb { &out1("jb NEAR",@_); }
|
||||
sub main'jbe { &out1("jbe NEAR",@_); }
|
||||
sub main'jc { &out1("jc NEAR",@_); }
|
||||
sub main'jnc { &out1("jnc NEAR",@_); }
|
||||
sub main'jnz { &out1("jnz NEAR",@_); }
|
||||
|
||||
@@ -154,7 +154,10 @@ sub main'jnz { &out1("jnz",@_); }
|
||||
sub main'jz { &out1("jz",@_); }
|
||||
sub main'jge { &out1("jge",@_); }
|
||||
sub main'jl { &out1("jl",@_); }
|
||||
sub main'ja { &out1("ja",@_); }
|
||||
sub main'jae { &out1("jae",@_); }
|
||||
sub main'jb { &out1("jb",@_); }
|
||||
sub main'jbe { &out1("jbe",@_); }
|
||||
sub main'jc { &out1("jc",@_); }
|
||||
sub main'jnc { &out1("jnc",@_); }
|
||||
sub main'jno { &out1("jno",@_); }
|
||||
|
||||
@@ -292,7 +292,7 @@ static void ssleay_rand_add(const void *buf, int num, double add)
|
||||
st_idx=0;
|
||||
}
|
||||
}
|
||||
memset((char *)&m,0,sizeof(m));
|
||||
OPENSSL_cleanse((char *)&m,sizeof(m));
|
||||
|
||||
if (!do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND);
|
||||
/* Don't just copy back local_md into md -- this could mean that
|
||||
@@ -493,7 +493,7 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
|
||||
MD_Final(md,&m);
|
||||
CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
|
||||
|
||||
memset(&m,0,sizeof(m));
|
||||
OPENSSL_cleanse(&m,sizeof(m));
|
||||
if (ok)
|
||||
return(1);
|
||||
else
|
||||
|
||||
@@ -102,7 +102,7 @@ int RAND_egd(const char *path)
|
||||
|
||||
memset(&addr, 0, sizeof(addr));
|
||||
addr.sun_family = AF_UNIX;
|
||||
if (strlen(path) > sizeof(addr.sun_path))
|
||||
if (strlen(path) >= sizeof(addr.sun_path))
|
||||
return (-1);
|
||||
strcpy(addr.sun_path,path);
|
||||
len = offsetof(struct sockaddr_un, sun_path) + strlen(path);
|
||||
@@ -134,7 +134,7 @@ int RAND_egd_bytes(const char *path,int bytes)
|
||||
|
||||
memset(&addr, 0, sizeof(addr));
|
||||
addr.sun_family = AF_UNIX;
|
||||
if (strlen(path) > sizeof(addr.sun_path))
|
||||
if (strlen(path) >= sizeof(addr.sun_path))
|
||||
return (-1);
|
||||
strcpy(addr.sun_path,path);
|
||||
len = offsetof(struct sockaddr_un, sun_path) + strlen(path);
|
||||
|
||||
@@ -162,6 +162,7 @@ typedef BOOL (WINAPI *GETCURSORINFO)(PCURSORINFO);
|
||||
typedef DWORD (WINAPI *GETQUEUESTATUS)(UINT);
|
||||
|
||||
typedef HANDLE (WINAPI *CREATETOOLHELP32SNAPSHOT)(DWORD, DWORD);
|
||||
typedef BOOL (WINAPI *CLOSETOOLHELP32SNAPSHOT)(HANDLE);
|
||||
typedef BOOL (WINAPI *HEAP32FIRST)(LPHEAPENTRY32, DWORD, DWORD);
|
||||
typedef BOOL (WINAPI *HEAP32NEXT)(LPHEAPENTRY32);
|
||||
typedef BOOL (WINAPI *HEAP32LIST)(HANDLE, LPHEAPLIST32);
|
||||
@@ -414,7 +415,7 @@ int RAND_poll(void)
|
||||
* This seeding method was proposed in Peter Gutmann, Software
|
||||
* Generation of Practically Strong Random Numbers,
|
||||
* http://www.usenix.org/publications/library/proceedings/sec98/gutmann.html
|
||||
* revised version at http://www.cryptoengines.com/~peter/06_random.pdf
|
||||
* revised version at http://www.cryptoengines.com/~peter/06_random.pdf
|
||||
* (The assignment of entropy estimates below is arbitrary, but based
|
||||
* on Peter's analysis the full poll appears to be safe. Additional
|
||||
* interactive seeding is encouraged.)
|
||||
@@ -423,6 +424,7 @@ int RAND_poll(void)
|
||||
if (kernel)
|
||||
{
|
||||
CREATETOOLHELP32SNAPSHOT snap;
|
||||
CLOSETOOLHELP32SNAPSHOT close_snap;
|
||||
HANDLE handle;
|
||||
|
||||
HEAP32FIRST heap_first;
|
||||
@@ -440,6 +442,8 @@ int RAND_poll(void)
|
||||
|
||||
snap = (CREATETOOLHELP32SNAPSHOT)
|
||||
GetProcAddress(kernel, "CreateToolhelp32Snapshot");
|
||||
close_snap = (CLOSETOOLHELP32SNAPSHOT)
|
||||
GetProcAddress(kernel, "CloseToolhelp32Snapshot");
|
||||
heap_first = (HEAP32FIRST) GetProcAddress(kernel, "Heap32First");
|
||||
heap_next = (HEAP32NEXT) GetProcAddress(kernel, "Heap32Next");
|
||||
heaplist_first = (HEAP32LIST) GetProcAddress(kernel, "Heap32ListFirst");
|
||||
@@ -455,7 +459,7 @@ int RAND_poll(void)
|
||||
heaplist_next && process_first && process_next &&
|
||||
thread_first && thread_next && module_first &&
|
||||
module_next && (handle = snap(TH32CS_SNAPALL,0))
|
||||
!= NULL)
|
||||
!= INVALID_HANDLE_VALUE)
|
||||
{
|
||||
/* heap list and heap walking */
|
||||
/* HEAPLIST32 contains 3 fields that will change with
|
||||
@@ -517,8 +521,10 @@ int RAND_poll(void)
|
||||
do
|
||||
RAND_add(&m, m.dwSize, 9);
|
||||
while (module_next(handle, &m));
|
||||
|
||||
CloseHandle(handle);
|
||||
if (close_snap)
|
||||
close_snap(handle);
|
||||
else
|
||||
CloseHandle(handle);
|
||||
}
|
||||
|
||||
FreeLibrary(kernel);
|
||||
|
||||
@@ -152,11 +152,6 @@ struct rsa_st
|
||||
#define RSA_FLAG_CACHE_PUBLIC 0x02
|
||||
#define RSA_FLAG_CACHE_PRIVATE 0x04
|
||||
#define RSA_FLAG_BLINDING 0x08
|
||||
#define RSA_FLAG_NO_BLINDING 0x80 /* new with 0.9.6j and 0.9.7b; the built-in
|
||||
* RSA implementation now uses blinding by
|
||||
* default (ignoring RSA_FLAG_BLINDING),
|
||||
* but other engines might not need it
|
||||
*/
|
||||
#define RSA_FLAG_THREAD_SAFE 0x10
|
||||
/* This flag means the private key operations will be handled by rsa_mod_exp
|
||||
* and that they do not depend on the private key components being present:
|
||||
@@ -169,7 +164,11 @@ struct rsa_st
|
||||
*/
|
||||
#define RSA_FLAG_SIGN_VER 0x40
|
||||
|
||||
#define RSA_FLAG_NO_BLINDING 0x80
|
||||
#define RSA_FLAG_NO_BLINDING 0x80 /* new with 0.9.6j and 0.9.7b; the built-in
|
||||
* RSA implementation now uses blinding by
|
||||
* default (ignoring RSA_FLAG_BLINDING),
|
||||
* but other engines might not need it
|
||||
*/
|
||||
|
||||
#define RSA_PKCS1_PADDING 1
|
||||
#define RSA_SSLV23_PADDING 2
|
||||
|
||||
@@ -482,6 +482,8 @@ err:
|
||||
if (ctx != NULL) BN_CTX_free(ctx);
|
||||
BN_clear_free(&f);
|
||||
BN_clear_free(&ret);
|
||||
if (local_blinding)
|
||||
BN_BLINDING_free(blinding);
|
||||
if (buf != NULL)
|
||||
{
|
||||
OPENSSL_cleanse(buf,num);
|
||||
|
||||
@@ -260,7 +260,7 @@ void RSA_blinding_off(RSA *rsa)
|
||||
|
||||
int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx)
|
||||
{
|
||||
BIGNUM *A,*Ai;
|
||||
BIGNUM *A,*Ai = NULL;
|
||||
BN_CTX *ctx;
|
||||
int ret=0;
|
||||
|
||||
@@ -271,8 +271,12 @@ int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx)
|
||||
else
|
||||
ctx=p_ctx;
|
||||
|
||||
/* XXXXX: Shouldn't this be RSA_blinding_off(rsa)? */
|
||||
if (rsa->blinding != NULL)
|
||||
{
|
||||
BN_BLINDING_free(rsa->blinding);
|
||||
rsa->blinding = NULL;
|
||||
}
|
||||
|
||||
/* NB: similar code appears in setup_blinding (rsa_eay.c);
|
||||
* this should be placed in a new function of its own, but for reasons
|
||||
@@ -300,9 +304,9 @@ int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx)
|
||||
rsa->blinding->thread_id = CRYPTO_thread_id();
|
||||
rsa->flags |= RSA_FLAG_BLINDING;
|
||||
rsa->flags &= ~RSA_FLAG_NO_BLINDING;
|
||||
BN_free(Ai);
|
||||
ret=1;
|
||||
err:
|
||||
if (Ai != NULL) BN_free(Ai);
|
||||
BN_CTX_end(ctx);
|
||||
if (ctx != p_ctx) BN_CTX_free(ctx);
|
||||
return(ret);
|
||||
|
||||
@@ -302,8 +302,36 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
|
||||
k=0;
|
||||
for (;;)
|
||||
{
|
||||
sprintf(b->data,"%s/%08lx.%s%d",ctx->dirs[i],h,
|
||||
postfix,k);
|
||||
char c = '/';
|
||||
#ifdef VMS
|
||||
c = ctx->dirs[i][strlen(ctx->dirs[i])-1];
|
||||
if (c != ':' && c != '>' && c != ']')
|
||||
{
|
||||
/* If no separator is present, we assume the
|
||||
directory specifier is a logical name, and
|
||||
add a colon. We really should use better
|
||||
VMS routines for merging things like this,
|
||||
but this will do for now...
|
||||
-- Richard Levitte */
|
||||
c = ':';
|
||||
}
|
||||
else
|
||||
{
|
||||
c = '\0';
|
||||
}
|
||||
#endif
|
||||
if (c == '\0')
|
||||
{
|
||||
/* This is special. When c == '\0', no
|
||||
directory separator should be added. */
|
||||
sprintf(b->data,"%s%08lx.%s%d",ctx->dirs[i],h,
|
||||
postfix,k);
|
||||
}
|
||||
else
|
||||
{
|
||||
sprintf(b->data,"%s%c%08lx.%s%d",
|
||||
ctx->dirs[i],c,h,postfix,k);
|
||||
}
|
||||
k++;
|
||||
if (stat(b->data,&st) < 0)
|
||||
break;
|
||||
|
||||
@@ -94,6 +94,7 @@ int i;
|
||||
OPENSSL_free(b);
|
||||
}
|
||||
strncpy(buf,"NO X509_NAME",len);
|
||||
buf[len-1]='\0';
|
||||
return buf;
|
||||
}
|
||||
|
||||
|
||||
@@ -490,7 +490,7 @@ static int internal_verify(X509_STORE_CTX *ctx)
|
||||
ok=(*cb)(0,ctx);
|
||||
if (!ok) goto end;
|
||||
}
|
||||
if (X509_verify(xs,pkey) <= 0)
|
||||
else if (X509_verify(xs,pkey) <= 0)
|
||||
{
|
||||
ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;
|
||||
ctx->current_cert=xs;
|
||||
|
||||
@@ -99,14 +99,15 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey)
|
||||
case EVP_PKEY_RSA:
|
||||
ret|=EVP_PKS_RSA;
|
||||
break;
|
||||
case EVP_PKS_DSA:
|
||||
case EVP_PKEY_DSA:
|
||||
ret|=EVP_PKS_DSA;
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
|
||||
if (EVP_PKEY_size(pk) <= 512)
|
||||
if (EVP_PKEY_size(pk) <= 1024/8)/* /8 because it's 1024 bits we look
|
||||
for, not bytes */
|
||||
ret|=EVP_PKT_EXP;
|
||||
if(pkey==NULL) EVP_PKEY_free(pk);
|
||||
return(ret);
|
||||
|
||||
@@ -287,8 +287,8 @@ a client and also echoes the request to standard output.
|
||||
return 0;
|
||||
}
|
||||
|
||||
BIO_puts(sbio, "HTTP/1.0 200 OK\r\nContent-type: text/html\r\n\r\n");
|
||||
BIO_puts(sbio, "<pre>\r\nConnection Established\r\nRequest headers:\r\n");
|
||||
BIO_puts(sbio, "HTTP/1.0 200 OK\r\nContent-type: text/plain\r\n\r\n");
|
||||
BIO_puts(sbio, "\r\nConnection Established\r\nRequest headers:\r\n");
|
||||
BIO_puts(sbio, "--------------------------------------------------\r\n");
|
||||
|
||||
for(;;) {
|
||||
@@ -301,7 +301,7 @@ a client and also echoes the request to standard output.
|
||||
}
|
||||
|
||||
BIO_puts(sbio, "--------------------------------------------------\r\n");
|
||||
BIO_puts(sbio, "</pre>\r\n");
|
||||
BIO_puts(sbio, "\r\n");
|
||||
|
||||
/* Since there is a buffering BIO present we had better flush it */
|
||||
BIO_flush(sbio);
|
||||
|
||||
@@ -53,11 +53,11 @@ SSL_COMP_add_compression_method() may return the following values:
|
||||
|
||||
=over 4
|
||||
|
||||
=item 1
|
||||
=item 0
|
||||
|
||||
The operation succeeded.
|
||||
|
||||
=item 0
|
||||
=item 1
|
||||
|
||||
The operation failed. Check the error queue to find out the reason.
|
||||
|
||||
|
||||
@@ -168,7 +168,7 @@ Diffie-Hellman) key exchange should be used instead.
|
||||
=item SSL_OP_NETSCAPE_CA_DN_BUG
|
||||
|
||||
If we accept a netscape connection, demand a client cert, have a
|
||||
non-self-sighed CA which does not have it's CA in netscape, and the
|
||||
non-self-signed CA which does not have it's CA in netscape, and the
|
||||
browser has a cert, it will crash/hang. Works for 3.x and 4.xbeta
|
||||
|
||||
=item SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
|
||||
|
||||
2
e_os.h
2
e_os.h
@@ -301,6 +301,8 @@ extern "C" {
|
||||
# define pid_t int /* pid_t is missing on NEXTSTEP/OPENSTEP
|
||||
* (unless when compiling with -D_POSIX_SOURCE,
|
||||
* which doesn't work for us) */
|
||||
# endif
|
||||
# if defined(NeXT) || defined(OPENSSL_SYS_NEWS4) || defined(OPENSSL_SYS_SUNOS)
|
||||
# define ssize_t int /* ditto */
|
||||
# endif
|
||||
# ifdef NEWS4 /* setvbuf is missing on mips-sony-bsd */
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
%define libmaj 0
|
||||
%define libmin 9
|
||||
%define librel 6
|
||||
%define librev j
|
||||
%define librev m
|
||||
Release: 1
|
||||
|
||||
%define openssldir /var/ssl
|
||||
|
||||
@@ -1608,6 +1608,7 @@ static int ssl3_send_client_verify(SSL *s)
|
||||
*(d++)=SSL3_MT_CERTIFICATE_VERIFY;
|
||||
l2n3(n,d);
|
||||
|
||||
s->state=SSL3_ST_CW_CERT_VRFY_B;
|
||||
s->init_num=(int)n+4;
|
||||
s->init_off=0;
|
||||
}
|
||||
@@ -1785,7 +1786,7 @@ static int ssl3_check_cert_and_algorithm(SSL *s)
|
||||
if (algs & SSL_kRSA)
|
||||
{
|
||||
if (rsa == NULL
|
||||
|| RSA_size(rsa) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
|
||||
|| RSA_size(rsa)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
|
||||
{
|
||||
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
|
||||
goto f_err;
|
||||
@@ -1797,7 +1798,7 @@ static int ssl3_check_cert_and_algorithm(SSL *s)
|
||||
if (algs & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
|
||||
{
|
||||
if (dh == NULL
|
||||
|| DH_size(dh) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
|
||||
|| DH_size(dh)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
|
||||
{
|
||||
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY);
|
||||
goto f_err;
|
||||
|
||||
12
ssl/s3_enc.c
12
ssl/s3_enc.c
@@ -188,9 +188,9 @@ int ssl3_change_cipher_state(SSL *s, int which)
|
||||
COMP_METHOD *comp;
|
||||
const EVP_MD *m;
|
||||
MD5_CTX md;
|
||||
int exp,n,i,j,k,cl;
|
||||
int is_exp,n,i,j,k,cl;
|
||||
|
||||
exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
|
||||
is_exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
|
||||
c=s->s3->tmp.new_sym_enc;
|
||||
m=s->s3->tmp.new_hash;
|
||||
if (s->s3->tmp.new_compression == NULL)
|
||||
@@ -262,9 +262,9 @@ int ssl3_change_cipher_state(SSL *s, int which)
|
||||
p=s->s3->tmp.key_block;
|
||||
i=EVP_MD_size(m);
|
||||
cl=EVP_CIPHER_key_length(c);
|
||||
j=exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
|
||||
cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
|
||||
/* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
|
||||
j=is_exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
|
||||
cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
|
||||
/* Was j=(is_exp)?5:EVP_CIPHER_key_length(c); */
|
||||
k=EVP_CIPHER_iv_length(c);
|
||||
if ( (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
|
||||
(which == SSL3_CHANGE_CIPHER_SERVER_READ))
|
||||
@@ -292,7 +292,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
|
||||
}
|
||||
|
||||
memcpy(mac_secret,ms,i);
|
||||
if (exp)
|
||||
if (is_exp)
|
||||
{
|
||||
/* In here I set both the read and write key/iv to the
|
||||
* same value since only the correct one will be used :-).
|
||||
|
||||
@@ -1079,6 +1079,14 @@ start:
|
||||
goto err;
|
||||
}
|
||||
|
||||
/* Check we have a cipher to change to */
|
||||
if (s->s3->tmp.new_cipher == NULL)
|
||||
{
|
||||
i=SSL_AD_UNEXPECTED_MESSAGE;
|
||||
SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_CCS_RECEIVED_EARLY);
|
||||
goto err;
|
||||
}
|
||||
|
||||
rr->length=0;
|
||||
s->s3->change_cipher_spec=1;
|
||||
if (!do_change_cipher_spec(s))
|
||||
|
||||
@@ -420,10 +420,11 @@ int ssl3_accept(SSL *s)
|
||||
if (ret == 2)
|
||||
s->state = SSL3_ST_SR_CLNT_HELLO_C;
|
||||
else {
|
||||
/* could be sent for a DH cert, even if we
|
||||
* have not asked for it :-) */
|
||||
ret=ssl3_get_client_certificate(s);
|
||||
if (ret <= 0) goto end;
|
||||
if (s->s3->tmp.cert_request)
|
||||
{
|
||||
ret=ssl3_get_client_certificate(s);
|
||||
if (ret <= 0) goto end;
|
||||
}
|
||||
s->init_num=0;
|
||||
s->state=SSL3_ST_SR_KEY_EXCH_A;
|
||||
}
|
||||
@@ -828,6 +829,9 @@ static int ssl3_get_client_hello(SSL *s)
|
||||
}
|
||||
|
||||
/* TLS does not mind if there is extra stuff */
|
||||
#if 0 /* SSL 3.0 does not mind either, so we should disable this test
|
||||
* (was enabled in 0.9.6d through 0.9.6j and 0.9.7 through 0.9.7b,
|
||||
* in earlier SSLeay/OpenSSL releases this test existed but was buggy) */
|
||||
if (s->version == SSL3_VERSION)
|
||||
{
|
||||
if (p < (d+n))
|
||||
@@ -839,6 +843,7 @@ static int ssl3_get_client_hello(SSL *s)
|
||||
goto f_err;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
/* Given s->session->ciphers and ssl_get_ciphers_by_id(s), we must
|
||||
* pick a cipher */
|
||||
@@ -1333,6 +1338,7 @@ static int ssl3_send_certificate_request(SSL *s)
|
||||
s->init_num += 4;
|
||||
#endif
|
||||
|
||||
s->state = SSL3_ST_SW_CERT_REQ_B;
|
||||
}
|
||||
|
||||
/* SSL3_ST_SW_CERT_REQ_B */
|
||||
|
||||
@@ -1175,8 +1175,8 @@ char *SSL_alert_type_string(int value);
|
||||
char *SSL_alert_desc_string_long(int value);
|
||||
char *SSL_alert_desc_string(int value);
|
||||
|
||||
void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list);
|
||||
void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list);
|
||||
void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);
|
||||
void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);
|
||||
STACK_OF(X509_NAME) *SSL_get_client_CA_list(SSL *s);
|
||||
STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *s);
|
||||
int SSL_add_client_CA(SSL *ssl,X509 *x);
|
||||
|
||||
@@ -483,12 +483,12 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
|
||||
return(i);
|
||||
}
|
||||
|
||||
static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,STACK_OF(X509_NAME) *list)
|
||||
static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,STACK_OF(X509_NAME) *name_list)
|
||||
{
|
||||
if (*ca_list != NULL)
|
||||
sk_X509_NAME_pop_free(*ca_list,X509_NAME_free);
|
||||
|
||||
*ca_list=list;
|
||||
*ca_list=name_list;
|
||||
}
|
||||
|
||||
STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk)
|
||||
@@ -510,14 +510,14 @@ STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk)
|
||||
return(ret);
|
||||
}
|
||||
|
||||
void SSL_set_client_CA_list(SSL *s,STACK_OF(X509_NAME) *list)
|
||||
void SSL_set_client_CA_list(SSL *s,STACK_OF(X509_NAME) *name_list)
|
||||
{
|
||||
set_client_CA_list(&(s->client_CA),list);
|
||||
set_client_CA_list(&(s->client_CA),name_list);
|
||||
}
|
||||
|
||||
void SSL_CTX_set_client_CA_list(SSL_CTX *ctx,STACK_OF(X509_NAME) *list)
|
||||
void SSL_CTX_set_client_CA_list(SSL_CTX *ctx,STACK_OF(X509_NAME) *name_list)
|
||||
{
|
||||
set_client_CA_list(&(ctx->client_CA),list);
|
||||
set_client_CA_list(&(ctx->client_CA),name_list);
|
||||
}
|
||||
|
||||
STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *ctx)
|
||||
|
||||
@@ -310,10 +310,10 @@ static unsigned long ssl_cipher_get_disabled(void)
|
||||
}
|
||||
|
||||
static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
|
||||
int num_of_ciphers, unsigned long mask, CIPHER_ORDER *list,
|
||||
int num_of_ciphers, unsigned long mask, CIPHER_ORDER *co_list,
|
||||
CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
|
||||
{
|
||||
int i, list_num;
|
||||
int i, co_list_num;
|
||||
SSL_CIPHER *c;
|
||||
|
||||
/*
|
||||
@@ -324,18 +324,18 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
|
||||
*/
|
||||
|
||||
/* Get the initial list of ciphers */
|
||||
list_num = 0; /* actual count of ciphers */
|
||||
co_list_num = 0; /* actual count of ciphers */
|
||||
for (i = 0; i < num_of_ciphers; i++)
|
||||
{
|
||||
c = ssl_method->get_cipher(i);
|
||||
/* drop those that use any of that is not available */
|
||||
if ((c != NULL) && c->valid && !(c->algorithms & mask))
|
||||
{
|
||||
list[list_num].cipher = c;
|
||||
list[list_num].next = NULL;
|
||||
list[list_num].prev = NULL;
|
||||
list[list_num].active = 0;
|
||||
list_num++;
|
||||
co_list[co_list_num].cipher = c;
|
||||
co_list[co_list_num].next = NULL;
|
||||
co_list[co_list_num].prev = NULL;
|
||||
co_list[co_list_num].active = 0;
|
||||
co_list_num++;
|
||||
/*
|
||||
if (!sk_push(ca_list,(char *)c)) goto err;
|
||||
*/
|
||||
@@ -345,18 +345,18 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
|
||||
/*
|
||||
* Prepare linked list from list entries
|
||||
*/
|
||||
for (i = 1; i < list_num - 1; i++)
|
||||
for (i = 1; i < co_list_num - 1; i++)
|
||||
{
|
||||
list[i].prev = &(list[i-1]);
|
||||
list[i].next = &(list[i+1]);
|
||||
co_list[i].prev = &(co_list[i-1]);
|
||||
co_list[i].next = &(co_list[i+1]);
|
||||
}
|
||||
if (list_num > 0)
|
||||
if (co_list_num > 0)
|
||||
{
|
||||
(*head_p) = &(list[0]);
|
||||
(*head_p) = &(co_list[0]);
|
||||
(*head_p)->prev = NULL;
|
||||
(*head_p)->next = &(list[1]);
|
||||
(*tail_p) = &(list[list_num - 1]);
|
||||
(*tail_p)->prev = &(list[list_num - 2]);
|
||||
(*head_p)->next = &(co_list[1]);
|
||||
(*tail_p) = &(co_list[co_list_num - 1]);
|
||||
(*tail_p)->prev = &(co_list[co_list_num - 2]);
|
||||
(*tail_p)->next = NULL;
|
||||
}
|
||||
}
|
||||
@@ -402,7 +402,7 @@ static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list,
|
||||
|
||||
static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask,
|
||||
unsigned long algo_strength, unsigned long mask_strength,
|
||||
int rule, int strength_bits, CIPHER_ORDER *list,
|
||||
int rule, int strength_bits, CIPHER_ORDER *co_list,
|
||||
CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
|
||||
{
|
||||
CIPHER_ORDER *head, *tail, *curr, *curr2, *tail2;
|
||||
@@ -497,8 +497,9 @@ static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask,
|
||||
*tail_p = tail;
|
||||
}
|
||||
|
||||
static int ssl_cipher_strength_sort(CIPHER_ORDER *list, CIPHER_ORDER **head_p,
|
||||
CIPHER_ORDER **tail_p)
|
||||
static int ssl_cipher_strength_sort(CIPHER_ORDER *co_list,
|
||||
CIPHER_ORDER **head_p,
|
||||
CIPHER_ORDER **tail_p)
|
||||
{
|
||||
int max_strength_bits, i, *number_uses;
|
||||
CIPHER_ORDER *curr;
|
||||
@@ -543,14 +544,14 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER *list, CIPHER_ORDER **head_p,
|
||||
for (i = max_strength_bits; i >= 0; i--)
|
||||
if (number_uses[i] > 0)
|
||||
ssl_cipher_apply_rule(0, 0, 0, 0, CIPHER_ORD, i,
|
||||
list, head_p, tail_p);
|
||||
co_list, head_p, tail_p);
|
||||
|
||||
OPENSSL_free(number_uses);
|
||||
return(1);
|
||||
}
|
||||
|
||||
static int ssl_cipher_process_rulestr(const char *rule_str,
|
||||
CIPHER_ORDER *list, CIPHER_ORDER **head_p,
|
||||
CIPHER_ORDER *co_list, CIPHER_ORDER **head_p,
|
||||
CIPHER_ORDER **tail_p, SSL_CIPHER **ca_list)
|
||||
{
|
||||
unsigned long algorithms, mask, algo_strength, mask_strength;
|
||||
@@ -674,7 +675,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
|
||||
ok = 0;
|
||||
if ((buflen == 8) &&
|
||||
!strncmp(buf, "STRENGTH", 8))
|
||||
ok = ssl_cipher_strength_sort(list,
|
||||
ok = ssl_cipher_strength_sort(co_list,
|
||||
head_p, tail_p);
|
||||
else
|
||||
SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
|
||||
@@ -694,7 +695,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
|
||||
{
|
||||
ssl_cipher_apply_rule(algorithms, mask,
|
||||
algo_strength, mask_strength, rule, -1,
|
||||
list, head_p, tail_p);
|
||||
co_list, head_p, tail_p);
|
||||
}
|
||||
else
|
||||
{
|
||||
@@ -716,7 +717,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
|
||||
unsigned long disabled_mask;
|
||||
STACK_OF(SSL_CIPHER) *cipherstack;
|
||||
const char *rule_p;
|
||||
CIPHER_ORDER *list = NULL, *head = NULL, *tail = NULL, *curr;
|
||||
CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
|
||||
SSL_CIPHER **ca_list = NULL;
|
||||
|
||||
/*
|
||||
@@ -738,15 +739,15 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
|
||||
* it is used for allocation.
|
||||
*/
|
||||
num_of_ciphers = ssl_method->num_ciphers();
|
||||
list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers);
|
||||
if (list == NULL)
|
||||
co_list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers);
|
||||
if (co_list == NULL)
|
||||
{
|
||||
SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
|
||||
return(NULL); /* Failure */
|
||||
}
|
||||
|
||||
ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, disabled_mask,
|
||||
list, &head, &tail);
|
||||
co_list, &head, &tail);
|
||||
|
||||
/*
|
||||
* We also need cipher aliases for selecting based on the rule_str.
|
||||
@@ -762,7 +763,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
|
||||
(SSL_CIPHER **)OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
|
||||
if (ca_list == NULL)
|
||||
{
|
||||
OPENSSL_free(list);
|
||||
OPENSSL_free(co_list);
|
||||
SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
|
||||
return(NULL); /* Failure */
|
||||
}
|
||||
@@ -778,21 +779,21 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
|
||||
if (strncmp(rule_str,"DEFAULT",7) == 0)
|
||||
{
|
||||
ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
|
||||
list, &head, &tail, ca_list);
|
||||
co_list, &head, &tail, ca_list);
|
||||
rule_p += 7;
|
||||
if (*rule_p == ':')
|
||||
rule_p++;
|
||||
}
|
||||
|
||||
if (ok && (strlen(rule_p) > 0))
|
||||
ok = ssl_cipher_process_rulestr(rule_p, list, &head, &tail,
|
||||
ok = ssl_cipher_process_rulestr(rule_p, co_list, &head, &tail,
|
||||
ca_list);
|
||||
|
||||
OPENSSL_free(ca_list); /* Not needed anymore */
|
||||
|
||||
if (!ok)
|
||||
{ /* Rule processing failure */
|
||||
OPENSSL_free(list);
|
||||
OPENSSL_free(co_list);
|
||||
return(NULL);
|
||||
}
|
||||
/*
|
||||
@@ -801,7 +802,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
|
||||
*/
|
||||
if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL)
|
||||
{
|
||||
OPENSSL_free(list);
|
||||
OPENSSL_free(co_list);
|
||||
return(NULL);
|
||||
}
|
||||
|
||||
@@ -819,7 +820,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
|
||||
#endif
|
||||
}
|
||||
}
|
||||
OPENSSL_free(list); /* Not needed any longer */
|
||||
OPENSSL_free(co_list); /* Not needed any longer */
|
||||
|
||||
/*
|
||||
* The following passage is a little bit odd. If pointer variables
|
||||
@@ -869,7 +870,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
|
||||
char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
|
||||
{
|
||||
int is_export,pkl,kl;
|
||||
char *ver,*exp;
|
||||
char *ver,*exp_str;
|
||||
char *kx,*au,*enc,*mac;
|
||||
unsigned long alg,alg2,alg_s;
|
||||
static char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";
|
||||
@@ -881,7 +882,7 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
|
||||
is_export=SSL_C_IS_EXPORT(cipher);
|
||||
pkl=SSL_C_EXPORT_PKEYLENGTH(cipher);
|
||||
kl=SSL_C_EXPORT_KEYLENGTH(cipher);
|
||||
exp=is_export?" export":"";
|
||||
exp_str=is_export?" export":"";
|
||||
|
||||
if (alg & SSL_SSLV2)
|
||||
ver="SSLv2";
|
||||
@@ -982,7 +983,7 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
|
||||
else if (len < 128)
|
||||
return("Buffer too small");
|
||||
|
||||
BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp);
|
||||
BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str);
|
||||
return(buf);
|
||||
}
|
||||
|
||||
@@ -1063,9 +1064,9 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
|
||||
if ((sk == NULL) || !sk_SSL_COMP_push(sk,comp))
|
||||
{
|
||||
SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE);
|
||||
return(0);
|
||||
return(1);
|
||||
}
|
||||
else
|
||||
return(1);
|
||||
return(0);
|
||||
}
|
||||
|
||||
|
||||
@@ -207,7 +207,7 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
|
||||
ok=1;
|
||||
else
|
||||
#endif
|
||||
if (!X509_check_private_key(c->pkeys[i].x509,pkey))
|
||||
if (!X509_check_private_key(c->pkeys[i].x509,pkey))
|
||||
{
|
||||
if ((i == SSL_PKEY_DH_RSA) || (i == SSL_PKEY_DH_DSA))
|
||||
{
|
||||
@@ -241,6 +241,8 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
|
||||
return(0);
|
||||
}
|
||||
|
||||
ERR_clear_error(); /* make sure no error from X509_check_private_key()
|
||||
* is left if we have chosen to ignore it */
|
||||
if (c->pkeys[i].privatekey != NULL)
|
||||
EVP_PKEY_free(c->pkeys[i].privatekey);
|
||||
CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
|
||||
|
||||
@@ -81,11 +81,11 @@ SSL_SESSION *SSL_get1_session(SSL *ssl)
|
||||
/* Need to lock this all up rather than just use CRYPTO_add so that
|
||||
* somebody doesn't free ssl->session between when we check it's
|
||||
* non-null and when we up the reference count. */
|
||||
CRYPTO_r_lock(CRYPTO_LOCK_SSL_SESSION);
|
||||
CRYPTO_w_lock(CRYPTO_LOCK_SSL_SESSION);
|
||||
sess = ssl->session;
|
||||
if(sess)
|
||||
sess->references++;
|
||||
CRYPTO_r_unlock(CRYPTO_LOCK_SSL_SESSION);
|
||||
CRYPTO_w_unlock(CRYPTO_LOCK_SSL_SESSION);
|
||||
return(sess);
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user