Compare commits
97 Commits
OpenSSL_1_
...
OpenSSL_1_
| Author | SHA1 | Date | |
|---|---|---|---|
|
49f6cb968f | ||
|
|
07e120b7da | ||
|
|
f3dcae15ac | ||
|
|
25ec498dc7 | ||
|
|
9cc42cb091 | ||
|
|
bcf9cf89e7 | ||
|
|
f0729fc3e0 | ||
|
|
8186c00ef3 | ||
|
|
c0b31ccb87 | ||
|
|
267c950c5f | ||
|
|
ce1605b508 | ||
|
|
66fdb1c0d4 | ||
|
|
25bfdca16a | ||
|
|
9c284f9651 | ||
|
|
6d78c381f6 | ||
|
|
784e2080df | ||
|
|
70505bc334 | ||
|
|
8e8b247341 | ||
|
|
a8595879ec | ||
|
|
33a688e806 | ||
|
|
5c2bfad9b4 | ||
|
|
250f979237 | ||
|
|
b527b6e8ff | ||
|
|
a54ce007e6 | ||
|
|
4ed1f3490e | ||
|
|
0a082e9b37 | ||
|
|
236a99a409 | ||
|
|
04b4363ec8 | ||
|
|
37ebc20093 | ||
|
|
cef781cc87 | ||
|
|
08e4c7a967 | ||
|
|
697e4edcad | ||
|
|
b26297ca51 | ||
|
|
6ca7dba0cf | ||
|
|
f1fa05b407 | ||
|
|
02e22c35fe | ||
|
|
b935714237 | ||
|
|
a8314df902 | ||
|
|
0cd7a0325f | ||
|
|
16b7c81d55 | ||
|
|
424ba8b588 | ||
|
|
bf493e8d62 | ||
|
|
c714e43c8d | ||
|
|
cdf9d6f6ed | ||
|
|
cc4b48c27c | ||
|
|
cac9c92cc0 | ||
|
|
d40abf1689 | ||
|
|
69e9c69e70 | ||
|
|
c489ea7d01 | ||
|
|
26c6857a59 | ||
|
|
508bd3d1aa | ||
|
|
8705846710 | ||
|
|
c944a9696e | ||
|
|
943cc09d8a | ||
|
|
fc6800d19f | ||
|
|
d06f047b04 | ||
|
|
ddc899bada | ||
|
|
bd479e25c7 | ||
|
|
eaf5bd168e | ||
|
|
d7ecc206ba | ||
|
|
11ea212e8c | ||
|
|
cb29d8c11f | ||
|
|
adcea5a043 | ||
|
|
f02f7c2c4a | ||
|
|
a1e44cc14f | ||
|
|
d2d09bf68c | ||
|
|
e2dfb655f7 | ||
|
|
463e76b63c | ||
|
|
2dc4b0dbe8 | ||
|
|
7b23c126e6 | ||
|
|
25e3d2225a | ||
|
|
c8e0b5d7b6 | ||
|
|
4fb7e2b445 | ||
|
|
9138e3c061 | ||
|
|
9b2a29660b | ||
|
|
b7b4a9fa57 | ||
|
|
1fb07a7de8 | ||
|
|
b9cbcaad58 | ||
|
|
c6706a6f6c | ||
|
|
958e6a75a1 | ||
|
|
397977726c | ||
|
|
285d9189c7 | ||
|
|
767d3e0054 | ||
|
|
409d2a1b71 | ||
|
|
e0b9678d7f | ||
|
|
166dea6ac8 | ||
|
|
52bef4d677 | ||
|
|
801e5ef840 | ||
|
|
0044739ae5 | ||
|
|
4e44bd3650 | ||
|
|
0cffb0cd3e | ||
|
|
aaa3850ccd | ||
|
|
a17b5d5a4f | ||
|
|
2f97765bc3 | ||
|
|
3205ca8deb | ||
|
|
1cb4d65b87 | ||
|
|
7b2dd292bc |
112
CHANGES
112
CHANGES
@@ -2,7 +2,25 @@
|
||||
OpenSSL CHANGES
|
||||
_______________
|
||||
|
||||
Changes between 1.0.0f and 1.0.1 [xx XXX xxxx]
|
||||
Changes between 1.0.0h and 1.0.1 [14 Mar 2012]
|
||||
|
||||
*) Add compatibility with old MDC2 signatures which use an ASN1 OCTET
|
||||
STRING form instead of a DigestInfo.
|
||||
[Steve Henson]
|
||||
|
||||
*) The format used for MDC2 RSA signatures is inconsistent between EVP
|
||||
and the RSA_sign/RSA_verify functions. This was made more apparent when
|
||||
OpenSSL used RSA_sign/RSA_verify for some RSA signatures in particular
|
||||
those which went through EVP_PKEY_METHOD in 1.0.0 and later. Detect
|
||||
the correct format in RSA_verify so both forms transparently work.
|
||||
[Steve Henson]
|
||||
|
||||
*) Some servers which support TLS 1.0 can choke if we initially indicate
|
||||
support for TLS 1.2 and later renegotiate using TLS 1.0 in the RSA
|
||||
encrypted premaster secret. As a workaround use the maximum pemitted
|
||||
client version in client hello, this should keep such servers happy
|
||||
and still work with previous versions of OpenSSL.
|
||||
[Steve Henson]
|
||||
|
||||
*) Add support for TLS/DTLS heartbeats.
|
||||
[Robin Seggelmann <seggelmann@fh-muenster.de>]
|
||||
@@ -267,7 +285,56 @@
|
||||
Add command line options to s_client/s_server.
|
||||
[Steve Henson]
|
||||
|
||||
Changes between 1.0.0e and 1.0.0f [xx XXX xxxx]
|
||||
Changes between 1.0.0g and 1.0.0h [xx XXX xxxx]
|
||||
|
||||
*) Fix CVE-2011-4619: make sure we really are receiving a
|
||||
client hello before rejecting multiple SGC restarts. Thanks to
|
||||
Ivan Nestlerode <inestlerode@us.ibm.com> for discovering this bug.
|
||||
[Steve Henson]
|
||||
|
||||
Changes between 1.0.0f and 1.0.0g [18 Jan 2012]
|
||||
|
||||
*) Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.
|
||||
Thanks to Antonio Martin, Enterprise Secure Access Research and
|
||||
Development, Cisco Systems, Inc. for discovering this bug and
|
||||
preparing a fix. (CVE-2012-0050)
|
||||
[Antonio Martin]
|
||||
|
||||
Changes between 1.0.0e and 1.0.0f [4 Jan 2012]
|
||||
|
||||
*) Nadhem Alfardan and Kenny Paterson have discovered an extension
|
||||
of the Vaudenay padding oracle attack on CBC mode encryption
|
||||
which enables an efficient plaintext recovery attack against
|
||||
the OpenSSL implementation of DTLS. Their attack exploits timing
|
||||
differences arising during decryption processing. A research
|
||||
paper describing this attack can be found at:
|
||||
http://www.isg.rhul.ac.uk/~kp/dtls.pdf
|
||||
Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
|
||||
Security Group at Royal Holloway, University of London
|
||||
(www.isg.rhul.ac.uk) for discovering this flaw and to Robin Seggelmann
|
||||
<seggelmann@fh-muenster.de> and Michael Tuexen <tuexen@fh-muenster.de>
|
||||
for preparing the fix. (CVE-2011-4108)
|
||||
[Robin Seggelmann, Michael Tuexen]
|
||||
|
||||
*) Clear bytes used for block padding of SSL 3.0 records.
|
||||
(CVE-2011-4576)
|
||||
[Adam Langley (Google)]
|
||||
|
||||
*) Only allow one SGC handshake restart for SSL/TLS. Thanks to George
|
||||
Kadianakis <desnacked@gmail.com> for discovering this issue and
|
||||
Adam Langley for preparing the fix. (CVE-2011-4619)
|
||||
[Adam Langley (Google)]
|
||||
|
||||
*) Check parameters are not NULL in GOST ENGINE. (CVE-2012-0027)
|
||||
[Andrey Kulikov <amdeich@gmail.com>]
|
||||
|
||||
*) Prevent malformed RFC3779 data triggering an assertion failure.
|
||||
Thanks to Andrew Chi, BBN Technologies, for discovering the flaw
|
||||
and Rob Austein <sra@hactrn.net> for fixing it. (CVE-2011-4577)
|
||||
[Rob Austein <sra@hactrn.net>]
|
||||
|
||||
*) Improved PRNG seeding for VOS.
|
||||
[Paul Green <Paul.Green@stratus.com>]
|
||||
|
||||
*) Fix ssl_ciph.c set-up race.
|
||||
[Adam Langley (Google)]
|
||||
@@ -1196,8 +1263,47 @@
|
||||
|
||||
*) Change 'Configure' script to enable Camellia by default.
|
||||
[NTT]
|
||||
|
||||
Changes between 0.9.8s and 0.9.8t [18 Jan 2012]
|
||||
|
||||
*) Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.
|
||||
Thanks to Antonio Martin, Enterprise Secure Access Research and
|
||||
Development, Cisco Systems, Inc. for discovering this bug and
|
||||
preparing a fix. (CVE-2012-0050)
|
||||
[Antonio Martin]
|
||||
|
||||
Changes between 0.9.8r and 0.9.8s [xx XXX xxxx]
|
||||
Changes between 0.9.8r and 0.9.8s [4 Jan 2012]
|
||||
|
||||
*) Nadhem Alfardan and Kenny Paterson have discovered an extension
|
||||
of the Vaudenay padding oracle attack on CBC mode encryption
|
||||
which enables an efficient plaintext recovery attack against
|
||||
the OpenSSL implementation of DTLS. Their attack exploits timing
|
||||
differences arising during decryption processing. A research
|
||||
paper describing this attack can be found at:
|
||||
http://www.isg.rhul.ac.uk/~kp/dtls.pdf
|
||||
Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
|
||||
Security Group at Royal Holloway, University of London
|
||||
(www.isg.rhul.ac.uk) for discovering this flaw and to Robin Seggelmann
|
||||
<seggelmann@fh-muenster.de> and Michael Tuexen <tuexen@fh-muenster.de>
|
||||
for preparing the fix. (CVE-2011-4108)
|
||||
[Robin Seggelmann, Michael Tuexen]
|
||||
|
||||
*) Stop policy check failure freeing same buffer twice. (CVE-2011-4109)
|
||||
[Ben Laurie, Kasper <ekasper@google.com>]
|
||||
|
||||
*) Clear bytes used for block padding of SSL 3.0 records.
|
||||
(CVE-2011-4576)
|
||||
[Adam Langley (Google)]
|
||||
|
||||
*) Only allow one SGC handshake restart for SSL/TLS. Thanks to George
|
||||
Kadianakis <desnacked@gmail.com> for discovering this issue and
|
||||
Adam Langley for preparing the fix. (CVE-2011-4619)
|
||||
[Adam Langley (Google)]
|
||||
|
||||
*) Prevent malformed RFC3779 data triggering an assertion failure.
|
||||
Thanks to Andrew Chi, BBN Technologies, for discovering the flaw
|
||||
and Rob Austein <sra@hactrn.net> for fixing it. (CVE-2011-4577)
|
||||
[Rob Austein <sra@hactrn.net>]
|
||||
|
||||
*) Fix ssl_ciph.c set-up race.
|
||||
[Adam Langley (Google)]
|
||||
|
||||
21
Configure
21
Configure
@@ -296,8 +296,8 @@ my %table=(
|
||||
# Since there is mention of this in shlib/hpux10-cc.sh
|
||||
"hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
"hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
"hpux-parisc1_1-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${parisc11_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
"hpux-parisc2-gcc","gcc:-march=2.0 -O3 -DB_ENDIAN -D_REENTRANT::::-Wl,+s -ldld:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL DES_RISC1::pa-risc2.o::::::::::::::void:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
"hpux-parisc1_1-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${parisc11_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa1.1",
|
||||
"hpux-parisc2-gcc","gcc:-march=2.0 -O3 -DB_ENDIAN -D_REENTRANT::::-Wl,+s -ldld:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL DES_RISC1:".eval{my $asm=$parisc20_asm;$asm=~s/2W\./2\./;$asm=~s/:64/:32/;$asm}.":dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_32",
|
||||
"hpux64-parisc2-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::pa-risc2W.o::::::::::::::void:dlfcn:hpux-shared:-fpic:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_64",
|
||||
|
||||
# More attempts at unified 10.X and 11.X targets for HP C compiler.
|
||||
@@ -306,7 +306,7 @@ my %table=(
|
||||
# Kevin Steves <ks@hp.se>
|
||||
"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
"hpux-parisc1_1-cc","cc:+DA1.1 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${parisc11_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa1.1",
|
||||
"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT::::-Wl,+s -ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::pa-risc2.o::::::::::::::void:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT::::-Wl,+s -ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:".eval{my $asm=$parisc20_asm;$asm=~s/2W\./2\./;$asm=~s/:64/:32/;$asm}.":dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_32",
|
||||
"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${parisc20_asm}:dlfcn:hpux-shared:+Z:+DD64 -b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_64",
|
||||
|
||||
# HP/UX IA-64 targets
|
||||
@@ -1019,10 +1019,11 @@ if (defined($disabled{"ec"}) || defined($disabled{"dsa"})
|
||||
$disabled{"gost"} = "forced";
|
||||
}
|
||||
|
||||
# SRP requires TLSEXT
|
||||
# SRP and HEARTBEATS require TLSEXT
|
||||
if (defined($disabled{"tlsext"}))
|
||||
{
|
||||
$disabled{"srp"} = "forced";
|
||||
$disabled{"heartbeats"} = "forced";
|
||||
}
|
||||
|
||||
if ($target eq "TABLE") {
|
||||
@@ -1094,6 +1095,8 @@ foreach (sort (keys %disabled))
|
||||
else
|
||||
{
|
||||
push @skip, $algo;
|
||||
# fix-up crypto/directory name(s)
|
||||
@skip[$#skip]="whrlpool" if $algo eq "whirlpool";
|
||||
print " (skip dir)";
|
||||
|
||||
$depflags .= " -DOPENSSL_NO_$ALGO";
|
||||
@@ -1390,14 +1393,6 @@ if (!$IsMK1MF)
|
||||
}
|
||||
}
|
||||
|
||||
if (!defined($disabled{"sctp"}))
|
||||
{
|
||||
if ($target =~ /^solaris/)
|
||||
{
|
||||
$cflags = "$cflags -D_XPG4_2 -D__EXTENSIONS__";
|
||||
}
|
||||
}
|
||||
|
||||
$cpuid_obj.=" uplink.o uplink-x86.o" if ($cflags =~ /\-DOPENSSL_USE_APPLINK/);
|
||||
|
||||
#
|
||||
@@ -1520,7 +1515,7 @@ else {
|
||||
$aes_obj=$aes_enc;
|
||||
}
|
||||
$wp_obj="" if ($wp_obj =~ /mmx/ && $processor eq "386");
|
||||
if ($wp_obj =~ /\.o$/)
|
||||
if ($wp_obj =~ /\.o$/ && !$disabled{"whirlpool"})
|
||||
{
|
||||
$cflags.=" -DWHIRLPOOL_ASM";
|
||||
}
|
||||
|
||||
2
FAQ
2
FAQ
@@ -82,7 +82,7 @@ OpenSSL - Frequently Asked Questions
|
||||
* Which is the current version of OpenSSL?
|
||||
|
||||
The current version is available from <URL: http://www.openssl.org>.
|
||||
OpenSSL 1.0.0d was released on Feb 8th, 2011.
|
||||
OpenSSL 1.0.1 was released on Mar 14th, 2012.
|
||||
|
||||
In addition to the current stable release, you can also access daily
|
||||
snapshots of the OpenSSL development version at <URL:
|
||||
|
||||
@@ -364,7 +364,8 @@ libcrypto.pc: Makefile
|
||||
echo 'Description: OpenSSL cryptography library'; \
|
||||
echo 'Version: '$(VERSION); \
|
||||
echo 'Requires: '; \
|
||||
echo 'Libs: -L$${libdir} -lcrypto $(EX_LIBS)'; \
|
||||
echo 'Libs: -L$${libdir} -lcrypto'; \
|
||||
echo 'Libs.private: $(EX_LIBS)'; \
|
||||
echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libcrypto.pc
|
||||
|
||||
libssl.pc: Makefile
|
||||
@@ -377,7 +378,8 @@ libssl.pc: Makefile
|
||||
echo 'Description: Secure Sockets Layer and cryptography libraries'; \
|
||||
echo 'Version: '$(VERSION); \
|
||||
echo 'Requires: '; \
|
||||
echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
|
||||
echo 'Libs: -L$${libdir} -lssl -lcrypto'; \
|
||||
echo 'Libs.private: $(EX_LIBS)'; \
|
||||
echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc
|
||||
|
||||
openssl.pc: Makefile
|
||||
@@ -390,7 +392,8 @@ openssl.pc: Makefile
|
||||
echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
|
||||
echo 'Version: '$(VERSION); \
|
||||
echo 'Requires: '; \
|
||||
echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
|
||||
echo 'Libs: -L$${libdir} -lssl -lcrypto'; \
|
||||
echo 'Libs.private: $(EX_LIBS)'; \
|
||||
echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
|
||||
|
||||
Makefile: Makefile.org Configure config
|
||||
|
||||
20
NEWS
20
NEWS
@@ -5,7 +5,7 @@
|
||||
This file gives a brief overview of the major changes between each OpenSSL
|
||||
release. For more details please read the CHANGES file.
|
||||
|
||||
Major changes between OpenSSL 1.0.0e and OpenSSL 1.0.1:
|
||||
Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1:
|
||||
|
||||
o TLS/DTLS heartbeat support.
|
||||
o SCTP support.
|
||||
@@ -18,6 +18,24 @@
|
||||
o Preliminary FIPS capability for unvalidated 2.0 FIPS module.
|
||||
o SRP support.
|
||||
|
||||
Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h:
|
||||
|
||||
o Fix for CMS/PKCS#7 MMA CVE-2012-0884
|
||||
o Corrected fix for CVE-2011-4619
|
||||
o Various DTLS fixes.
|
||||
|
||||
Major changes between OpenSSL 1.0.0f and OpenSSL 1.0.0g:
|
||||
|
||||
o Fix for DTLS DoS issue CVE-2012-0050
|
||||
|
||||
Major changes between OpenSSL 1.0.0e and OpenSSL 1.0.0f:
|
||||
|
||||
o Fix for DTLS plaintext recovery attack CVE-2011-4108
|
||||
o Clear block padding bytes of SSL 3.0 records CVE-2011-4576
|
||||
o Only allow one SGC handshake restart for SSL/TLS CVE-2011-4619
|
||||
o Check parameters are not NULL in GOST ENGINE CVE-2012-0027
|
||||
o Check for malformed RFC3779 data CVE-2011-4577
|
||||
|
||||
Major changes between OpenSSL 1.0.0d and OpenSSL 1.0.0e:
|
||||
|
||||
o Fix for CRL vulnerability issue CVE-2011-3207
|
||||
|
||||
2
README
2
README
@@ -1,5 +1,5 @@
|
||||
|
||||
OpenSSL 1.0.1-beta1 3 Jan 2012
|
||||
OpenSSL 1.0.1 14 Mar 2012
|
||||
|
||||
Copyright (c) 1998-2011 The OpenSSL Project
|
||||
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
|
||||
|
||||
11
STATUS
11
STATUS
@@ -1,16 +1,23 @@
|
||||
|
||||
OpenSSL STATUS Last modified at
|
||||
______________ $Date: 2012/01/03 13:30:27 $
|
||||
______________ $Date: 2012/03/14 12:14:06 $
|
||||
|
||||
DEVELOPMENT STATE
|
||||
|
||||
o OpenSSL 1.1.0: Under development...
|
||||
o OpenSSL 1.0.1-beta1: Released on January 3rd, 2011
|
||||
o OpenSSL 1.0.1: Released on March 14th, 2012
|
||||
o OpenSSL 1.0.0h: Released on March 12th, 2012
|
||||
o OpenSSL 1.0.0g: Released on January 18th, 2012
|
||||
o OpenSSL 1.0.0f: Released on January 4th, 2012
|
||||
o OpenSSL 1.0.0e: Released on September 6th, 2011
|
||||
o OpenSSL 1.0.0d: Released on February 8nd, 2011
|
||||
o OpenSSL 1.0.0c: Released on December 2nd, 2010
|
||||
o OpenSSL 1.0.0b: Released on November 16th, 2010
|
||||
o OpenSSL 1.0.0a: Released on June 1st, 2010
|
||||
o OpenSSL 1.0.0: Released on March 29th, 2010
|
||||
o OpenSSL 0.9.8u: Released on March 12th, 2012
|
||||
o OpenSSL 0.9.8t: Released on January 18th, 2012
|
||||
o OpenSSL 0.9.8s: Released on January 4th, 2012
|
||||
o OpenSSL 0.9.8r: Released on February 8nd, 2011
|
||||
o OpenSSL 0.9.8q: Released on December 2nd, 2010
|
||||
o OpenSSL 0.9.8p: Released on November 16th, 2010
|
||||
|
||||
34
TABLE
34
TABLE
@@ -3298,7 +3298,7 @@ $shared_ldflag = -shared
|
||||
$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
|
||||
$ranlib =
|
||||
$arflags =
|
||||
$multilib =
|
||||
$multilib = /pa1.1
|
||||
|
||||
*** hpux-parisc2-cc
|
||||
$cc = cc
|
||||
@@ -3308,22 +3308,22 @@ $thread_cflag =
|
||||
$sys_id =
|
||||
$lflags = -Wl,+s -ldld
|
||||
$bn_ops = SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT
|
||||
$cpuid_obj =
|
||||
$bn_obj = pa-risc2.o
|
||||
$cpuid_obj = pariscid.o
|
||||
$bn_obj = pa-risc2.o parisc-mont.o
|
||||
$des_obj =
|
||||
$aes_obj =
|
||||
$aes_obj = aes_core.o aes_cbc.o aes-parisc.o
|
||||
$bf_obj =
|
||||
$md5_obj =
|
||||
$sha1_obj =
|
||||
$sha1_obj = sha1-parisc.o sha256-parisc.o sha512-parisc.o
|
||||
$cast_obj =
|
||||
$rc4_obj =
|
||||
$rc4_obj = rc4-parisc.o
|
||||
$rmd160_obj =
|
||||
$rc5_obj =
|
||||
$wp_obj =
|
||||
$cmll_obj =
|
||||
$modes_obj =
|
||||
$modes_obj = ghash-parisc.o
|
||||
$engines_obj =
|
||||
$perlasm_scheme = void
|
||||
$perlasm_scheme = 32
|
||||
$dso_scheme = dl
|
||||
$shared_target= hpux-shared
|
||||
$shared_cflag = +Z
|
||||
@@ -3331,7 +3331,7 @@ $shared_ldflag = -b
|
||||
$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
|
||||
$ranlib =
|
||||
$arflags =
|
||||
$multilib =
|
||||
$multilib = /pa20_32
|
||||
|
||||
*** hpux-parisc2-gcc
|
||||
$cc = gcc
|
||||
@@ -3341,22 +3341,22 @@ $thread_cflag =
|
||||
$sys_id =
|
||||
$lflags = -Wl,+s -ldld
|
||||
$bn_ops = SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL DES_RISC1
|
||||
$cpuid_obj =
|
||||
$bn_obj = pa-risc2.o
|
||||
$cpuid_obj = pariscid.o
|
||||
$bn_obj = pa-risc2.o parisc-mont.o
|
||||
$des_obj =
|
||||
$aes_obj =
|
||||
$aes_obj = aes_core.o aes_cbc.o aes-parisc.o
|
||||
$bf_obj =
|
||||
$md5_obj =
|
||||
$sha1_obj =
|
||||
$sha1_obj = sha1-parisc.o sha256-parisc.o sha512-parisc.o
|
||||
$cast_obj =
|
||||
$rc4_obj =
|
||||
$rc4_obj = rc4-parisc.o
|
||||
$rmd160_obj =
|
||||
$rc5_obj =
|
||||
$wp_obj =
|
||||
$cmll_obj =
|
||||
$modes_obj =
|
||||
$modes_obj = ghash-parisc.o
|
||||
$engines_obj =
|
||||
$perlasm_scheme = void
|
||||
$perlasm_scheme = 32
|
||||
$dso_scheme = dl
|
||||
$shared_target= hpux-shared
|
||||
$shared_cflag = -fPIC
|
||||
@@ -3364,7 +3364,7 @@ $shared_ldflag = -shared
|
||||
$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
|
||||
$ranlib =
|
||||
$arflags =
|
||||
$multilib =
|
||||
$multilib = /pa20_32
|
||||
|
||||
*** hpux64-ia64-cc
|
||||
$cc = cc
|
||||
|
||||
@@ -109,7 +109,7 @@
|
||||
*
|
||||
*/
|
||||
|
||||
#ifndef _POSIX_C_SOURCE
|
||||
#if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS)
|
||||
#define _POSIX_C_SOURCE 2 /* On VMS, you need to define this to get
|
||||
the declaration of fileno(). The value
|
||||
2 is to make sure no function defined
|
||||
@@ -1215,7 +1215,8 @@ STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
|
||||
const char *pass, ENGINE *e, const char *desc)
|
||||
{
|
||||
STACK_OF(X509) *certs;
|
||||
load_certs_crls(err, file, format, pass, e, desc, &certs, NULL);
|
||||
if (!load_certs_crls(err, file, format, pass, e, desc, &certs, NULL))
|
||||
return NULL;
|
||||
return certs;
|
||||
}
|
||||
|
||||
@@ -1223,7 +1224,8 @@ STACK_OF(X509_CRL) *load_crls(BIO *err, const char *file, int format,
|
||||
const char *pass, ENGINE *e, const char *desc)
|
||||
{
|
||||
STACK_OF(X509_CRL) *crls;
|
||||
load_certs_crls(err, file, format, pass, e, desc, NULL, &crls);
|
||||
if (!load_certs_crls(err, file, format, pass, e, desc, NULL, &crls))
|
||||
return NULL;
|
||||
return crls;
|
||||
}
|
||||
|
||||
|
||||
@@ -2560,7 +2560,7 @@ static int get_certificate_status(const char *serial, CA_DB *db)
|
||||
|
||||
/* Make it Upper Case */
|
||||
for (i=0; row[DB_serial][i] != '\0'; i++)
|
||||
row[DB_serial][i] = toupper(row[DB_serial][i]);
|
||||
row[DB_serial][i] = toupper((unsigned char)row[DB_serial][i]);
|
||||
|
||||
|
||||
ok=1;
|
||||
|
||||
@@ -626,7 +626,7 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf (bio_err, "-certsout file certificate output file\n");
|
||||
BIO_printf (bio_err, "-signer file signer certificate file\n");
|
||||
BIO_printf (bio_err, "-recip file recipient certificate file for decryption\n");
|
||||
BIO_printf (bio_err, "-keyid use subject key identifier\n");
|
||||
BIO_printf (bio_err, "-keyid use subject key identifier\n");
|
||||
BIO_printf (bio_err, "-in file input file\n");
|
||||
BIO_printf (bio_err, "-inform arg input format SMIME (default), PEM or DER\n");
|
||||
BIO_printf (bio_err, "-inkey file input private key (if not signer or recipient)\n");
|
||||
|
||||
12
apps/dgst.c
12
apps/dgst.c
@@ -127,6 +127,7 @@ int MAIN(int argc, char **argv)
|
||||
#endif
|
||||
char *hmac_key=NULL;
|
||||
char *mac_name=NULL;
|
||||
int non_fips_allow = 0;
|
||||
STACK_OF(OPENSSL_STRING) *sigopts = NULL, *macopts = NULL;
|
||||
|
||||
apps_startup();
|
||||
@@ -215,6 +216,10 @@ int MAIN(int argc, char **argv)
|
||||
out_bin = 1;
|
||||
else if (strcmp(*argv,"-d") == 0)
|
||||
debug=1;
|
||||
else if (strcmp(*argv,"-non-fips-allow") == 0)
|
||||
non_fips_allow=1;
|
||||
else if (!strcmp(*argv,"-fips-fingerprint"))
|
||||
hmac_key = "etaonrishdlcupfm";
|
||||
else if (!strcmp(*argv,"-hmac"))
|
||||
{
|
||||
if (--argc < 1)
|
||||
@@ -395,6 +400,13 @@ int MAIN(int argc, char **argv)
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (non_fips_allow)
|
||||
{
|
||||
EVP_MD_CTX *md_ctx;
|
||||
BIO_get_md_ctx(bmd,&md_ctx);
|
||||
EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
|
||||
}
|
||||
|
||||
if (hmac_key)
|
||||
{
|
||||
sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, e,
|
||||
|
||||
@@ -129,6 +129,7 @@ int MAIN(int argc, char **argv)
|
||||
char *engine = NULL;
|
||||
#endif
|
||||
const EVP_MD *dgst=NULL;
|
||||
int non_fips_allow = 0;
|
||||
|
||||
apps_startup();
|
||||
|
||||
@@ -281,6 +282,8 @@ int MAIN(int argc, char **argv)
|
||||
if (--argc < 1) goto bad;
|
||||
md= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-non-fips-allow") == 0)
|
||||
non_fips_allow = 1;
|
||||
else if ((argv[0][0] == '-') &&
|
||||
((c=EVP_get_cipherbyname(&(argv[0][1]))) != NULL))
|
||||
{
|
||||
@@ -589,6 +592,11 @@ bad:
|
||||
*/
|
||||
|
||||
BIO_get_cipher_ctx(benc, &ctx);
|
||||
|
||||
if (non_fips_allow)
|
||||
EVP_CIPHER_CTX_set_flags(ctx,
|
||||
EVP_CIPH_FLAG_NON_FIPS_ALLOW);
|
||||
|
||||
if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc))
|
||||
{
|
||||
BIO_printf(bio_err, "Error setting cipher %s\n",
|
||||
|
||||
@@ -44,9 +44,9 @@ extern int smime_main(int argc,char *argv[]);
|
||||
extern int rand_main(int argc,char *argv[]);
|
||||
extern int engine_main(int argc,char *argv[]);
|
||||
extern int ocsp_main(int argc,char *argv[]);
|
||||
extern int srp_main(int argc,char *argv[]);
|
||||
extern int prime_main(int argc,char *argv[]);
|
||||
extern int ts_main(int argc,char *argv[]);
|
||||
extern int srp_main(int argc,char *argv[]);
|
||||
|
||||
#define FUNC_TYPE_GENERAL 1
|
||||
#define FUNC_TYPE_MD 2
|
||||
@@ -146,11 +146,11 @@ FUNCTION functions[] = {
|
||||
#ifndef OPENSSL_NO_OCSP
|
||||
{FUNC_TYPE_GENERAL,"ocsp",ocsp_main},
|
||||
#endif
|
||||
{FUNC_TYPE_GENERAL,"prime",prime_main},
|
||||
{FUNC_TYPE_GENERAL,"ts",ts_main},
|
||||
#ifndef OPENSSL_NO_SRP
|
||||
{FUNC_TYPE_GENERAL,"srp",srp_main},
|
||||
#endif
|
||||
{FUNC_TYPE_GENERAL,"prime",prime_main},
|
||||
{FUNC_TYPE_GENERAL,"ts",ts_main},
|
||||
#ifndef OPENSSL_NO_MD2
|
||||
{FUNC_TYPE_MD,"md2",dgst_main},
|
||||
#endif
|
||||
|
||||
@@ -51,6 +51,8 @@ foreach (@ARGV)
|
||||
{ print "#ifndef OPENSSL_NO_CMS\n${str}#endif\n"; }
|
||||
elsif ( ($_ =~ /^ocsp$/))
|
||||
{ print "#ifndef OPENSSL_NO_OCSP\n${str}#endif\n"; }
|
||||
elsif ( ($_ =~ /^srp$/))
|
||||
{ print "#ifndef OPENSSL_NO_SRP\n${str}#endif\n"; }
|
||||
else
|
||||
{ print $str; }
|
||||
}
|
||||
|
||||
51
apps/s_cb.c
51
apps/s_cb.c
@@ -357,6 +357,12 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *
|
||||
case TLS1_VERSION:
|
||||
str_version = "TLS 1.0 ";
|
||||
break;
|
||||
case TLS1_1_VERSION:
|
||||
str_version = "TLS 1.1 ";
|
||||
break;
|
||||
case TLS1_2_VERSION:
|
||||
str_version = "TLS 1.2 ";
|
||||
break;
|
||||
case DTLS1_VERSION:
|
||||
str_version = "DTLS 1.0 ";
|
||||
break;
|
||||
@@ -680,6 +686,22 @@ void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type,
|
||||
extname = "status request";
|
||||
break;
|
||||
|
||||
case TLSEXT_TYPE_user_mapping:
|
||||
extname = "user mapping";
|
||||
break;
|
||||
|
||||
case TLSEXT_TYPE_client_authz:
|
||||
extname = "client authz";
|
||||
break;
|
||||
|
||||
case TLSEXT_TYPE_server_authz:
|
||||
extname = "server authz";
|
||||
break;
|
||||
|
||||
case TLSEXT_TYPE_cert_type:
|
||||
extname = "cert type";
|
||||
break;
|
||||
|
||||
case TLSEXT_TYPE_elliptic_curves:
|
||||
extname = "elliptic curves";
|
||||
break;
|
||||
@@ -688,23 +710,40 @@ void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type,
|
||||
extname = "EC point formats";
|
||||
break;
|
||||
|
||||
case TLSEXT_TYPE_session_ticket:
|
||||
extname = "server ticket";
|
||||
break;
|
||||
|
||||
case TLSEXT_TYPE_renegotiate:
|
||||
extname = "renegotiate";
|
||||
case TLSEXT_TYPE_srp:
|
||||
extname = "SRP";
|
||||
break;
|
||||
|
||||
case TLSEXT_TYPE_signature_algorithms:
|
||||
extname = "signature algorithms";
|
||||
break;
|
||||
|
||||
case TLSEXT_TYPE_use_srtp:
|
||||
extname = "use SRTP";
|
||||
break;
|
||||
|
||||
case TLSEXT_TYPE_heartbeat:
|
||||
extname = "heartbeat";
|
||||
break;
|
||||
|
||||
case TLSEXT_TYPE_session_ticket:
|
||||
extname = "session ticket";
|
||||
break;
|
||||
|
||||
case TLSEXT_TYPE_renegotiate:
|
||||
extname = "renegotiation info";
|
||||
break;
|
||||
|
||||
#ifdef TLSEXT_TYPE_opaque_prf_input
|
||||
case TLSEXT_TYPE_opaque_prf_input:
|
||||
extname = "opaque PRF input";
|
||||
break;
|
||||
#endif
|
||||
#ifdef TLSEXT_TYPE_next_proto_neg
|
||||
case TLSEXT_TYPE_next_proto_neg:
|
||||
extname = "next protocol";
|
||||
break;
|
||||
#endif
|
||||
|
||||
default:
|
||||
extname = "unknown";
|
||||
|
||||
@@ -362,7 +362,7 @@ static void sc_usage(void)
|
||||
# endif
|
||||
#endif
|
||||
BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
|
||||
BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list");
|
||||
BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
|
||||
BIO_printf(bio_err," -keymatexport label - Export keying material using label\n");
|
||||
BIO_printf(bio_err," -keymatexportlen len - Export len bytes of keying material (default 20)\n");
|
||||
}
|
||||
@@ -763,7 +763,7 @@ int MAIN(int argc, char **argv)
|
||||
psk_key=*(++argv);
|
||||
for (j = 0; j < strlen(psk_key); j++)
|
||||
{
|
||||
if (isxdigit((int)psk_key[j]))
|
||||
if (isxdigit((unsigned char)psk_key[j]))
|
||||
continue;
|
||||
BIO_printf(bio_err,"Not a hex number '%s'\n",*argv);
|
||||
goto bad;
|
||||
@@ -993,14 +993,13 @@ bad:
|
||||
goto end;
|
||||
}
|
||||
psk_identity = "JPAKE";
|
||||
if (cipher)
|
||||
{
|
||||
BIO_printf(bio_err, "JPAKE sets cipher to PSK\n");
|
||||
goto end;
|
||||
}
|
||||
cipher = "PSK";
|
||||
}
|
||||
|
||||
if (cipher)
|
||||
{
|
||||
BIO_printf(bio_err, "JPAKE sets cipher to PSK\n");
|
||||
goto end;
|
||||
}
|
||||
cipher = "PSK";
|
||||
#endif
|
||||
|
||||
OpenSSL_add_ssl_algorithms();
|
||||
@@ -2077,30 +2076,33 @@ static void print_stuff(BIO *bio, SSL *s, int full)
|
||||
}
|
||||
|
||||
SSL_SESSION_print(bio,SSL_get_session(s));
|
||||
if (keymatexportlabel != NULL) {
|
||||
if (keymatexportlabel != NULL)
|
||||
{
|
||||
BIO_printf(bio, "Keying material exporter:\n");
|
||||
BIO_printf(bio, " Label: '%s'\n", keymatexportlabel);
|
||||
BIO_printf(bio, " Length: %i bytes\n", keymatexportlen);
|
||||
exportedkeymat = OPENSSL_malloc(keymatexportlen);
|
||||
if (exportedkeymat != NULL) {
|
||||
i = SSL_export_keying_material(s, exportedkeymat,
|
||||
keymatexportlen,
|
||||
keymatexportlabel,
|
||||
strlen(keymatexportlabel),
|
||||
NULL, 0, 0);
|
||||
if (i != keymatexportlen) {
|
||||
BIO_printf(bio,
|
||||
" Error: return value %i\n", i);
|
||||
} else {
|
||||
if (exportedkeymat != NULL)
|
||||
{
|
||||
if (!SSL_export_keying_material(s, exportedkeymat,
|
||||
keymatexportlen,
|
||||
keymatexportlabel,
|
||||
strlen(keymatexportlabel),
|
||||
NULL, 0, 0))
|
||||
{
|
||||
BIO_printf(bio, " Error\n");
|
||||
}
|
||||
else
|
||||
{
|
||||
BIO_printf(bio, " Keying material: ");
|
||||
for (i=0; i<keymatexportlen; i++)
|
||||
BIO_printf(bio, "%02X",
|
||||
exportedkeymat[i]);
|
||||
BIO_printf(bio, "\n");
|
||||
}
|
||||
}
|
||||
OPENSSL_free(exportedkeymat);
|
||||
}
|
||||
}
|
||||
}
|
||||
BIO_printf(bio,"---\n");
|
||||
if (peer != NULL)
|
||||
X509_free(peer);
|
||||
|
||||
@@ -556,7 +556,7 @@ static void sv_usage(void)
|
||||
# ifndef OPENSSL_NO_NEXTPROTONEG
|
||||
BIO_printf(bio_err," -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)\n");
|
||||
# endif
|
||||
BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list");
|
||||
BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
|
||||
#endif
|
||||
BIO_printf(bio_err," -keymatexport label - Export keying material using label\n");
|
||||
BIO_printf(bio_err," -keymatexportlen len - Export len bytes of keying material (default 20)\n");
|
||||
@@ -1204,7 +1204,7 @@ int MAIN(int argc, char *argv[])
|
||||
psk_key=*(++argv);
|
||||
for (i=0; i<strlen(psk_key); i++)
|
||||
{
|
||||
if (isxdigit((int)psk_key[i]))
|
||||
if (isxdigit((unsigned char)psk_key[i]))
|
||||
continue;
|
||||
BIO_printf(bio_err,"Not a hex number '%s'\n",*argv);
|
||||
goto bad;
|
||||
@@ -2245,6 +2245,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
|
||||
{ static count=0; if (++count == 100) { count=0; SSL_renegotiate(con); } }
|
||||
#endif
|
||||
k=SSL_write(con,&(buf[l]),(unsigned int)i);
|
||||
#ifndef OPENSSL_NO_SRP
|
||||
while (SSL_get_error(con,k) == SSL_ERROR_WANT_X509_LOOKUP)
|
||||
{
|
||||
BIO_printf(bio_s_out,"LOOKUP renego during write\n");
|
||||
@@ -2255,6 +2256,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
|
||||
BIO_printf(bio_s_out,"LOOKUP not successful\n");
|
||||
k=SSL_write(con,&(buf[l]),(unsigned int)i);
|
||||
}
|
||||
#endif
|
||||
switch (SSL_get_error(con,k))
|
||||
{
|
||||
case SSL_ERROR_NONE:
|
||||
@@ -2302,6 +2304,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
|
||||
{
|
||||
again:
|
||||
i=SSL_read(con,(char *)buf,bufsize);
|
||||
#ifndef OPENSSL_NO_SRP
|
||||
while (SSL_get_error(con,i) == SSL_ERROR_WANT_X509_LOOKUP)
|
||||
{
|
||||
BIO_printf(bio_s_out,"LOOKUP renego during read\n");
|
||||
@@ -2312,6 +2315,7 @@ again:
|
||||
BIO_printf(bio_s_out,"LOOKUP not successful\n");
|
||||
i=SSL_read(con,(char *)buf,bufsize);
|
||||
}
|
||||
#endif
|
||||
switch (SSL_get_error(con,i))
|
||||
{
|
||||
case SSL_ERROR_NONE:
|
||||
@@ -2389,6 +2393,7 @@ static int init_ssl_connection(SSL *con)
|
||||
|
||||
|
||||
i=SSL_accept(con);
|
||||
#ifndef OPENSSL_NO_SRP
|
||||
while (i <= 0 && SSL_get_error(con,i) == SSL_ERROR_WANT_X509_LOOKUP)
|
||||
{
|
||||
BIO_printf(bio_s_out,"LOOKUP during accept %s\n",srp_callback_parm.login);
|
||||
@@ -2399,6 +2404,7 @@ static int init_ssl_connection(SSL *con)
|
||||
BIO_printf(bio_s_out,"LOOKUP not successful\n");
|
||||
i=SSL_accept(con);
|
||||
}
|
||||
#endif
|
||||
if (i <= 0)
|
||||
{
|
||||
if (BIO_sock_should_retry(i))
|
||||
@@ -2469,31 +2475,34 @@ static int init_ssl_connection(SSL *con)
|
||||
#endif /* OPENSSL_NO_KRB5 */
|
||||
BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n",
|
||||
SSL_get_secure_renegotiation_support(con) ? "" : " NOT");
|
||||
if (keymatexportlabel != NULL) {
|
||||
BIO_printf(bio_s_out, "Keying material exporter:\n");
|
||||
BIO_printf(bio_s_out, " Label: '%s'\n", keymatexportlabel);
|
||||
BIO_printf(bio_s_out, " Length: %i bytes\n",
|
||||
if (keymatexportlabel != NULL)
|
||||
{
|
||||
BIO_printf(bio_s_out, "Keying material exporter:\n");
|
||||
BIO_printf(bio_s_out, " Label: '%s'\n", keymatexportlabel);
|
||||
BIO_printf(bio_s_out, " Length: %i bytes\n",
|
||||
keymatexportlen);
|
||||
exportedkeymat = OPENSSL_malloc(keymatexportlen);
|
||||
if (exportedkeymat != NULL) {
|
||||
i = SSL_export_keying_material(con, exportedkeymat,
|
||||
keymatexportlen,
|
||||
keymatexportlabel,
|
||||
strlen(keymatexportlabel),
|
||||
NULL, 0, 0);
|
||||
if (i != keymatexportlen) {
|
||||
BIO_printf(bio_s_out,
|
||||
" Error: return value %i\n", i);
|
||||
} else {
|
||||
BIO_printf(bio_s_out, " Keying material: ");
|
||||
for (i=0; i<keymatexportlen; i++)
|
||||
BIO_printf(bio_s_out, "%02X",
|
||||
exportedkeymat = OPENSSL_malloc(keymatexportlen);
|
||||
if (exportedkeymat != NULL)
|
||||
{
|
||||
if (!SSL_export_keying_material(con, exportedkeymat,
|
||||
keymatexportlen,
|
||||
keymatexportlabel,
|
||||
strlen(keymatexportlabel),
|
||||
NULL, 0, 0))
|
||||
{
|
||||
BIO_printf(bio_s_out, " Error\n");
|
||||
}
|
||||
else
|
||||
{
|
||||
BIO_printf(bio_s_out, " Keying material: ");
|
||||
for (i=0; i<keymatexportlen; i++)
|
||||
BIO_printf(bio_s_out, "%02X",
|
||||
exportedkeymat[i]);
|
||||
BIO_printf(bio_s_out, "\n");
|
||||
}
|
||||
OPENSSL_free(exportedkeymat);
|
||||
}
|
||||
}
|
||||
BIO_printf(bio_s_out, "\n");
|
||||
}
|
||||
OPENSSL_free(exportedkeymat);
|
||||
}
|
||||
}
|
||||
|
||||
return(1);
|
||||
}
|
||||
@@ -2623,6 +2632,7 @@ static int www_body(char *hostname, int s, unsigned char *context)
|
||||
if (hack)
|
||||
{
|
||||
i=SSL_accept(con);
|
||||
#ifndef OPENSSL_NO_SRP
|
||||
while (i <= 0 && SSL_get_error(con,i) == SSL_ERROR_WANT_X509_LOOKUP)
|
||||
{
|
||||
BIO_printf(bio_s_out,"LOOKUP during accept %s\n",srp_callback_parm.login);
|
||||
@@ -2633,7 +2643,7 @@ static int www_body(char *hostname, int s, unsigned char *context)
|
||||
BIO_printf(bio_s_out,"LOOKUP not successful\n");
|
||||
i=SSL_accept(con);
|
||||
}
|
||||
|
||||
#endif
|
||||
switch (SSL_get_error(con,i))
|
||||
{
|
||||
case SSL_ERROR_NONE:
|
||||
|
||||
@@ -2597,7 +2597,7 @@ static void pkey_print_message(const char *str, const char *str2, long num,
|
||||
BIO_printf(bio_err,mr ? "+DTP:%d:%s:%s:%d\n"
|
||||
: "Doing %d bit %s %s's for %ds: ",bits,str,str2,tm);
|
||||
(void)BIO_flush(bio_err);
|
||||
alarm(RSA_SECONDS);
|
||||
alarm(tm);
|
||||
#else
|
||||
BIO_printf(bio_err,mr ? "+DNP:%ld:%d:%s:%s\n"
|
||||
: "Doing %ld %d bit %s %s's: ",num,bits,str,str2);
|
||||
|
||||
@@ -1176,6 +1176,7 @@ ___
|
||||
# As UltraSPARC T1, a.k.a. Niagara, has shared FPU, FP nops can have
|
||||
# undesired effect, so just omit them and sacrifice some portion of
|
||||
# percent in performance...
|
||||
$code =~ s/fmovs.*$//gem;
|
||||
$code =~ s/fmovs.*$//gm;
|
||||
|
||||
print $code;
|
||||
close STDOUT; # ensure flush
|
||||
|
||||
@@ -386,8 +386,8 @@ long ASN1_INTEGER_get(const ASN1_INTEGER *a)
|
||||
|
||||
if (a->length > (int)sizeof(long))
|
||||
{
|
||||
/* hmm... a bit ugly */
|
||||
return(0xffffffffL);
|
||||
/* hmm... a bit ugly, return all ones */
|
||||
return -1;
|
||||
}
|
||||
if (a->data == NULL)
|
||||
return 0;
|
||||
|
||||
@@ -377,8 +377,12 @@ static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
|
||||
BIO *tmpbio;
|
||||
const ASN1_AUX *aux = it->funcs;
|
||||
ASN1_STREAM_ARG sarg;
|
||||
int rv = 1;
|
||||
|
||||
if (!(flags & SMIME_DETACHED))
|
||||
/* If data is not deteched or resigning then the output BIO is
|
||||
* already set up to finalise when it is written through.
|
||||
*/
|
||||
if (!(flags & SMIME_DETACHED) || (flags & PKCS7_REUSE_DIGEST))
|
||||
{
|
||||
SMIME_crlf_copy(data, out, flags);
|
||||
return 1;
|
||||
@@ -405,7 +409,7 @@ static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
|
||||
|
||||
/* Finalize structure */
|
||||
if (aux->asn1_cb(ASN1_OP_DETACHED_POST, &val, it, &sarg) <= 0)
|
||||
return 0;
|
||||
rv = 0;
|
||||
|
||||
/* Now remove any digests prepended to the BIO */
|
||||
|
||||
@@ -416,7 +420,7 @@ static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
|
||||
sarg.ndef_bio = tmpbio;
|
||||
}
|
||||
|
||||
return 1;
|
||||
return rv;
|
||||
|
||||
}
|
||||
|
||||
@@ -486,9 +490,9 @@ ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it)
|
||||
|
||||
if(strcmp(hdr->value, "application/x-pkcs7-signature") &&
|
||||
strcmp(hdr->value, "application/pkcs7-signature")) {
|
||||
sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
|
||||
ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_SIG_INVALID_MIME_TYPE);
|
||||
ERR_add_error_data(2, "type: ", hdr->value);
|
||||
sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
|
||||
sk_BIO_pop_free(parts, BIO_vfree);
|
||||
return NULL;
|
||||
}
|
||||
@@ -801,7 +805,7 @@ static MIME_HEADER *mime_hdr_new(char *name, char *value)
|
||||
if(name) {
|
||||
if(!(tmpname = BUF_strdup(name))) return NULL;
|
||||
for(p = tmpname ; *p; p++) {
|
||||
c = *p;
|
||||
c = (unsigned char)*p;
|
||||
if(isupper(c)) {
|
||||
c = tolower(c);
|
||||
*p = c;
|
||||
@@ -811,7 +815,7 @@ static MIME_HEADER *mime_hdr_new(char *name, char *value)
|
||||
if(value) {
|
||||
if(!(tmpval = BUF_strdup(value))) return NULL;
|
||||
for(p = tmpval ; *p; p++) {
|
||||
c = *p;
|
||||
c = (unsigned char)*p;
|
||||
if(isupper(c)) {
|
||||
c = tolower(c);
|
||||
*p = c;
|
||||
@@ -835,7 +839,7 @@ static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value)
|
||||
tmpname = BUF_strdup(name);
|
||||
if(!tmpname) return 0;
|
||||
for(p = tmpname ; *p; p++) {
|
||||
c = *p;
|
||||
c = (unsigned char)*p;
|
||||
if(isupper(c)) {
|
||||
c = tolower(c);
|
||||
*p = c;
|
||||
@@ -858,12 +862,17 @@ static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value)
|
||||
static int mime_hdr_cmp(const MIME_HEADER * const *a,
|
||||
const MIME_HEADER * const *b)
|
||||
{
|
||||
if (!(*a)->name || !(*b)->name)
|
||||
return !!(*a)->name - !!(*b)->name;
|
||||
|
||||
return(strcmp((*a)->name, (*b)->name));
|
||||
}
|
||||
|
||||
static int mime_param_cmp(const MIME_PARAM * const *a,
|
||||
const MIME_PARAM * const *b)
|
||||
{
|
||||
if (!(*a)->param_name || !(*b)->param_name)
|
||||
return !!(*a)->param_name - !!(*b)->param_name;
|
||||
return(strcmp((*a)->param_name, (*b)->param_name));
|
||||
}
|
||||
|
||||
|
||||
@@ -138,10 +138,10 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag)
|
||||
if (BIO_write(bp," Serial Number:",22) <= 0) goto err;
|
||||
|
||||
bs=X509_get_serialNumber(x);
|
||||
if (bs->length <= 4)
|
||||
if (bs->length <= (int)sizeof(long))
|
||||
{
|
||||
l=ASN1_INTEGER_get(bs);
|
||||
if (l < 0)
|
||||
if (bs->type == V_ASN1_NEG_INTEGER)
|
||||
{
|
||||
l= -l;
|
||||
neg="-";
|
||||
|
||||
@@ -399,8 +399,7 @@ static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in)
|
||||
/* If type not in bitmask just copy string across */
|
||||
if (!(ASN1_tag2bit(in->type) & ASN1_MASK_CANON))
|
||||
{
|
||||
out->type = in->type;
|
||||
if (!ASN1_STRING_set(out, in->data, in->length))
|
||||
if (!ASN1_STRING_copy(out, in))
|
||||
return 0;
|
||||
return 1;
|
||||
}
|
||||
|
||||
@@ -171,7 +171,16 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
|
||||
goto error;
|
||||
}
|
||||
|
||||
key->pkey = ret;
|
||||
/* Check to see if another thread set key->pkey first */
|
||||
CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY);
|
||||
if (key->pkey)
|
||||
{
|
||||
EVP_PKEY_free(ret);
|
||||
ret = key->pkey;
|
||||
}
|
||||
else
|
||||
key->pkey = ret;
|
||||
CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
|
||||
CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY);
|
||||
|
||||
return ret;
|
||||
|
||||
@@ -69,7 +69,11 @@
|
||||
#include <openssl/crypto.h>
|
||||
|
||||
#ifndef OPENSSL_NO_SCTP
|
||||
#include <stdint.h>
|
||||
# ifndef OPENSSL_SYS_VMS
|
||||
# include <stdint.h>
|
||||
# else
|
||||
# include <inttypes.h>
|
||||
# endif
|
||||
#endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
@@ -153,6 +157,7 @@ extern "C" {
|
||||
/* #endif */
|
||||
|
||||
#define BIO_CTRL_DGRAM_QUERY_MTU 40 /* as kernel for current MTU */
|
||||
#define BIO_CTRL_DGRAM_GET_FALLBACK_MTU 47
|
||||
#define BIO_CTRL_DGRAM_GET_MTU 41 /* get cached value for MTU */
|
||||
#define BIO_CTRL_DGRAM_SET_MTU 42 /* set cached value for
|
||||
* MTU. want to use this
|
||||
|
||||
@@ -616,6 +616,27 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
|
||||
ret = 0;
|
||||
#endif
|
||||
break;
|
||||
case BIO_CTRL_DGRAM_GET_FALLBACK_MTU:
|
||||
switch (data->peer.sa.sa_family)
|
||||
{
|
||||
case AF_INET:
|
||||
ret = 576 - 20 - 8;
|
||||
break;
|
||||
#if OPENSSL_USE_IPV6
|
||||
case AF_INET6:
|
||||
#ifdef IN6_IS_ADDR_V4MAPPED
|
||||
if (IN6_IS_ADDR_V4MAPPED(&data->peer.sa_in6.sin6_addr))
|
||||
ret = 576 - 20 - 8;
|
||||
else
|
||||
#endif
|
||||
ret = 1280 - 40 - 8;
|
||||
break;
|
||||
#endif
|
||||
default:
|
||||
ret = 576 - 20 - 8;
|
||||
break;
|
||||
}
|
||||
break;
|
||||
case BIO_CTRL_DGRAM_GET_MTU:
|
||||
return data->mtu;
|
||||
break;
|
||||
|
||||
@@ -472,6 +472,10 @@ extern "C" {
|
||||
}
|
||||
#endif /* !BN_LLONG */
|
||||
|
||||
#if defined(OPENSSL_DOING_MAKEDEPEND) && defined(OPENSSL_FIPS)
|
||||
#undef bn_div_words
|
||||
#endif
|
||||
|
||||
void bn_mul_normal(BN_ULONG *r,BN_ULONG *a,int na,BN_ULONG *b,int nb);
|
||||
void bn_mul_comba8(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b);
|
||||
void bn_mul_comba4(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b);
|
||||
|
||||
@@ -341,7 +341,7 @@ static void nist_cp_bn(BN_ULONG *buf, BN_ULONG *a, int top)
|
||||
#define bn_32_set_0(to, n) (to)[n] = (BN_ULONG)0;
|
||||
# if defined(_WIN32) && !defined(__GNUC__)
|
||||
# define NIST_INT64 __int64
|
||||
# else
|
||||
# elif defined(BN_LLONG)
|
||||
# define NIST_INT64 long long
|
||||
# endif
|
||||
#endif /* BN_BITS2 != 64 */
|
||||
|
||||
@@ -111,6 +111,7 @@ DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
|
||||
#define CMS_PARTIAL 0x4000
|
||||
#define CMS_REUSE_DIGEST 0x8000
|
||||
#define CMS_USE_KEYID 0x10000
|
||||
#define CMS_DEBUG_DECRYPT 0x20000
|
||||
|
||||
const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms);
|
||||
|
||||
|
||||
@@ -73,6 +73,8 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
|
||||
const EVP_CIPHER *ciph;
|
||||
X509_ALGOR *calg = ec->contentEncryptionAlgorithm;
|
||||
unsigned char iv[EVP_MAX_IV_LENGTH], *piv = NULL;
|
||||
unsigned char *tkey = NULL;
|
||||
size_t tkeylen;
|
||||
|
||||
int ok = 0;
|
||||
|
||||
@@ -137,32 +139,57 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
|
||||
CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
|
||||
goto err;
|
||||
}
|
||||
|
||||
|
||||
if (enc && !ec->key)
|
||||
/* Generate random session key */
|
||||
if (!enc || !ec->key)
|
||||
{
|
||||
/* Generate random key */
|
||||
if (!ec->keylen)
|
||||
ec->keylen = EVP_CIPHER_CTX_key_length(ctx);
|
||||
ec->key = OPENSSL_malloc(ec->keylen);
|
||||
if (!ec->key)
|
||||
tkeylen = EVP_CIPHER_CTX_key_length(ctx);
|
||||
tkey = OPENSSL_malloc(tkeylen);
|
||||
if (!tkey)
|
||||
{
|
||||
CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
|
||||
ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
}
|
||||
if (EVP_CIPHER_CTX_rand_key(ctx, ec->key) <= 0)
|
||||
if (EVP_CIPHER_CTX_rand_key(ctx, tkey) <= 0)
|
||||
goto err;
|
||||
keep_key = 1;
|
||||
}
|
||||
else if (ec->keylen != (unsigned int)EVP_CIPHER_CTX_key_length(ctx))
|
||||
|
||||
if (!ec->key)
|
||||
{
|
||||
ec->key = tkey;
|
||||
ec->keylen = tkeylen;
|
||||
tkey = NULL;
|
||||
if (enc)
|
||||
keep_key = 1;
|
||||
else
|
||||
ERR_clear_error();
|
||||
|
||||
}
|
||||
|
||||
if (ec->keylen != tkeylen)
|
||||
{
|
||||
/* If necessary set key length */
|
||||
if (EVP_CIPHER_CTX_set_key_length(ctx, ec->keylen) <= 0)
|
||||
{
|
||||
CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
|
||||
CMS_R_INVALID_KEY_LENGTH);
|
||||
goto err;
|
||||
/* Only reveal failure if debugging so we don't
|
||||
* leak information which may be useful in MMA.
|
||||
*/
|
||||
if (ec->debug)
|
||||
{
|
||||
CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
|
||||
CMS_R_INVALID_KEY_LENGTH);
|
||||
goto err;
|
||||
}
|
||||
else
|
||||
{
|
||||
/* Use random key */
|
||||
OPENSSL_cleanse(ec->key, ec->keylen);
|
||||
OPENSSL_free(ec->key);
|
||||
ec->key = tkey;
|
||||
ec->keylen = tkeylen;
|
||||
tkey = NULL;
|
||||
ERR_clear_error();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -198,6 +225,11 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
|
||||
OPENSSL_free(ec->key);
|
||||
ec->key = NULL;
|
||||
}
|
||||
if (tkey)
|
||||
{
|
||||
OPENSSL_cleanse(tkey, tkeylen);
|
||||
OPENSSL_free(tkey);
|
||||
}
|
||||
if (ok)
|
||||
return b;
|
||||
BIO_free(b);
|
||||
|
||||
@@ -370,6 +370,8 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
|
||||
unsigned char *ek = NULL;
|
||||
size_t eklen;
|
||||
int ret = 0;
|
||||
CMS_EncryptedContentInfo *ec;
|
||||
ec = cms->d.envelopedData->encryptedContentInfo;
|
||||
|
||||
if (ktri->pkey == NULL)
|
||||
{
|
||||
@@ -416,8 +418,14 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
|
||||
|
||||
ret = 1;
|
||||
|
||||
cms->d.envelopedData->encryptedContentInfo->key = ek;
|
||||
cms->d.envelopedData->encryptedContentInfo->keylen = eklen;
|
||||
if (ec->key)
|
||||
{
|
||||
OPENSSL_cleanse(ec->key, ec->keylen);
|
||||
OPENSSL_free(ec->key);
|
||||
}
|
||||
|
||||
ec->key = ek;
|
||||
ec->keylen = eklen;
|
||||
|
||||
err:
|
||||
if (pctx)
|
||||
|
||||
@@ -175,6 +175,8 @@ struct CMS_EncryptedContentInfo_st
|
||||
const EVP_CIPHER *cipher;
|
||||
unsigned char *key;
|
||||
size_t keylen;
|
||||
/* Set to 1 if we are debugging decrypt and don't fake keys for MMA */
|
||||
int debug;
|
||||
};
|
||||
|
||||
struct CMS_RecipientInfo_st
|
||||
|
||||
@@ -611,7 +611,10 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
|
||||
STACK_OF(CMS_RecipientInfo) *ris;
|
||||
CMS_RecipientInfo *ri;
|
||||
int i, r;
|
||||
int debug = 0;
|
||||
ris = CMS_get0_RecipientInfos(cms);
|
||||
if (ris)
|
||||
debug = cms->d.envelopedData->encryptedContentInfo->debug;
|
||||
for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++)
|
||||
{
|
||||
ri = sk_CMS_RecipientInfo_value(ris, i);
|
||||
@@ -625,17 +628,38 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
|
||||
CMS_RecipientInfo_set0_pkey(ri, pk);
|
||||
r = CMS_RecipientInfo_decrypt(cms, ri);
|
||||
CMS_RecipientInfo_set0_pkey(ri, NULL);
|
||||
if (r > 0)
|
||||
return 1;
|
||||
if (cert)
|
||||
{
|
||||
/* If not debugging clear any error and
|
||||
* return success to avoid leaking of
|
||||
* information useful to MMA
|
||||
*/
|
||||
if (!debug)
|
||||
{
|
||||
ERR_clear_error();
|
||||
return 1;
|
||||
}
|
||||
if (r > 0)
|
||||
return 1;
|
||||
CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY,
|
||||
CMS_R_DECRYPT_ERROR);
|
||||
return 0;
|
||||
}
|
||||
ERR_clear_error();
|
||||
/* If no cert and not debugging don't leave loop
|
||||
* after first successful decrypt. Always attempt
|
||||
* to decrypt all recipients to avoid leaking timing
|
||||
* of a successful decrypt.
|
||||
*/
|
||||
else if (r > 0 && debug)
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
/* If no cert and not debugging always return success */
|
||||
if (!cert && !debug)
|
||||
{
|
||||
ERR_clear_error();
|
||||
return 1;
|
||||
}
|
||||
|
||||
CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY, CMS_R_NO_MATCHING_RECIPIENT);
|
||||
return 0;
|
||||
@@ -718,9 +742,14 @@ int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert,
|
||||
}
|
||||
if (!dcont && !check_content(cms))
|
||||
return 0;
|
||||
if (flags & CMS_DEBUG_DECRYPT)
|
||||
cms->d.envelopedData->encryptedContentInfo->debug = 1;
|
||||
else
|
||||
cms->d.envelopedData->encryptedContentInfo->debug = 0;
|
||||
if (!pk && !cert && !dcont && !out)
|
||||
return 1;
|
||||
if (pk && !CMS_decrypt_set1_pkey(cms, pk, cert))
|
||||
return 0;
|
||||
|
||||
cont = CMS_dataInit(cms, dcont);
|
||||
if (!cont)
|
||||
return 0;
|
||||
|
||||
@@ -698,7 +698,7 @@ void OPENSSL_cpuid_setup(void)
|
||||
#if defined(_WIN32)
|
||||
if (!sscanf(env+off,"%I64i",&vec)) vec = strtoul(env+off,NULL,0);
|
||||
#else
|
||||
vec = strtoull(env+off,NULL,0);
|
||||
if (!sscanf(env+off,"%lli",(long long *)&vec)) vec = strtoul(env+off,NULL,0);
|
||||
#endif
|
||||
if (off) vec = OPENSSL_ia32_cpuid()&~vec;
|
||||
}
|
||||
|
||||
@@ -64,7 +64,6 @@
|
||||
#include <string.h>
|
||||
#include "ec_lcl.h"
|
||||
#include <openssl/err.h>
|
||||
#include <string.h>
|
||||
#ifdef OPENSSL_FIPS
|
||||
#include <openssl/fips.h>
|
||||
#endif
|
||||
|
||||
@@ -28,7 +28,12 @@
|
||||
#include <openssl/opensslconf.h>
|
||||
#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
|
||||
|
||||
#ifndef OPENSSL_SYS_VMS
|
||||
#include <stdint.h>
|
||||
#else
|
||||
#include <inttypes.h>
|
||||
#endif
|
||||
|
||||
#include <string.h>
|
||||
#include <openssl/err.h>
|
||||
#include "ec_lcl.h"
|
||||
|
||||
@@ -29,7 +29,12 @@
|
||||
#include <openssl/opensslconf.h>
|
||||
#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
|
||||
|
||||
#ifndef OPENSSL_SYS_VMS
|
||||
#include <stdint.h>
|
||||
#else
|
||||
#include <inttypes.h>
|
||||
#endif
|
||||
|
||||
#include <string.h>
|
||||
#include <openssl/err.h>
|
||||
#include "ec_lcl.h"
|
||||
|
||||
@@ -29,7 +29,12 @@
|
||||
#include <openssl/opensslconf.h>
|
||||
#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
|
||||
|
||||
#ifndef OPENSSL_SYS_VMS
|
||||
#include <stdint.h>
|
||||
#else
|
||||
#include <inttypes.h>
|
||||
#endif
|
||||
|
||||
#include <string.h>
|
||||
#include <openssl/err.h>
|
||||
#include "ec_lcl.h"
|
||||
|
||||
@@ -79,8 +79,6 @@ struct dev_crypto_state {
|
||||
unsigned char digest_res[HASH_MAX_LEN];
|
||||
char *mac_data;
|
||||
int mac_len;
|
||||
|
||||
int copy;
|
||||
#endif
|
||||
};
|
||||
|
||||
@@ -200,6 +198,7 @@ get_dev_crypto(void)
|
||||
|
||||
if ((fd = open_dev_crypto()) == -1)
|
||||
return (-1);
|
||||
#ifndef CRIOGET_NOT_NEEDED
|
||||
if (ioctl(fd, CRIOGET, &retfd) == -1)
|
||||
return (-1);
|
||||
|
||||
@@ -208,9 +207,19 @@ get_dev_crypto(void)
|
||||
close(retfd);
|
||||
return (-1);
|
||||
}
|
||||
#else
|
||||
retfd = fd;
|
||||
#endif
|
||||
return (retfd);
|
||||
}
|
||||
|
||||
static void put_dev_crypto(int fd)
|
||||
{
|
||||
#ifndef CRIOGET_NOT_NEEDED
|
||||
close(fd);
|
||||
#endif
|
||||
}
|
||||
|
||||
/* Caching version for asym operations */
|
||||
static int
|
||||
get_asym_dev_crypto(void)
|
||||
@@ -252,7 +261,7 @@ get_cryptodev_ciphers(const int **cnids)
|
||||
ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
|
||||
nids[count++] = ciphers[i].nid;
|
||||
}
|
||||
close(fd);
|
||||
put_dev_crypto(fd);
|
||||
|
||||
if (count > 0)
|
||||
*cnids = nids;
|
||||
@@ -291,7 +300,7 @@ get_cryptodev_digests(const int **cnids)
|
||||
ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
|
||||
nids[count++] = digests[i].nid;
|
||||
}
|
||||
close(fd);
|
||||
put_dev_crypto(fd);
|
||||
|
||||
if (count > 0)
|
||||
*cnids = nids;
|
||||
@@ -436,7 +445,7 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
|
||||
sess->cipher = cipher;
|
||||
|
||||
if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
|
||||
close(state->d_fd);
|
||||
put_dev_crypto(state->d_fd);
|
||||
state->d_fd = -1;
|
||||
return (0);
|
||||
}
|
||||
@@ -473,7 +482,7 @@ cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
|
||||
} else {
|
||||
ret = 1;
|
||||
}
|
||||
close(state->d_fd);
|
||||
put_dev_crypto(state->d_fd);
|
||||
state->d_fd = -1;
|
||||
|
||||
return (ret);
|
||||
@@ -686,7 +695,7 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
|
||||
sess->mac = digest;
|
||||
|
||||
if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
|
||||
close(state->d_fd);
|
||||
put_dev_crypto(state->d_fd);
|
||||
state->d_fd = -1;
|
||||
printf("cryptodev_digest_init: Open session failed\n");
|
||||
return (0);
|
||||
@@ -758,14 +767,12 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
|
||||
if (! (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) ) {
|
||||
/* if application doesn't support one buffer */
|
||||
memset(&cryp, 0, sizeof(cryp));
|
||||
|
||||
cryp.ses = sess->ses;
|
||||
cryp.flags = 0;
|
||||
cryp.len = state->mac_len;
|
||||
cryp.src = state->mac_data;
|
||||
cryp.dst = NULL;
|
||||
cryp.mac = (caddr_t)md;
|
||||
|
||||
if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
|
||||
printf("cryptodev_digest_final: digest failed\n");
|
||||
return (0);
|
||||
@@ -786,6 +793,9 @@ static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
|
||||
struct dev_crypto_state *state = ctx->md_data;
|
||||
struct session_op *sess = &state->d_sess;
|
||||
|
||||
if (state == NULL)
|
||||
return 0;
|
||||
|
||||
if (state->d_fd < 0) {
|
||||
printf("cryptodev_digest_cleanup: illegal input\n");
|
||||
return (0);
|
||||
@@ -797,16 +807,13 @@ static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
|
||||
state->mac_len = 0;
|
||||
}
|
||||
|
||||
if (state->copy)
|
||||
return 1;
|
||||
|
||||
if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
|
||||
printf("cryptodev_digest_cleanup: failed to close session\n");
|
||||
ret = 0;
|
||||
} else {
|
||||
ret = 1;
|
||||
}
|
||||
close(state->d_fd);
|
||||
put_dev_crypto(state->d_fd);
|
||||
state->d_fd = -1;
|
||||
|
||||
return (ret);
|
||||
@@ -816,15 +823,39 @@ static int cryptodev_digest_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from)
|
||||
{
|
||||
struct dev_crypto_state *fstate = from->md_data;
|
||||
struct dev_crypto_state *dstate = to->md_data;
|
||||
struct session_op *sess;
|
||||
int digest;
|
||||
|
||||
memcpy(dstate, fstate, sizeof(struct dev_crypto_state));
|
||||
if (dstate == NULL || fstate == NULL)
|
||||
return 1;
|
||||
|
||||
if (fstate->mac_len != 0) {
|
||||
dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
|
||||
memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len);
|
||||
memcpy(dstate, fstate, sizeof(struct dev_crypto_state));
|
||||
|
||||
sess = &dstate->d_sess;
|
||||
|
||||
digest = digest_nid_to_cryptodev(to->digest->type);
|
||||
|
||||
sess->mackey = dstate->dummy_mac_key;
|
||||
sess->mackeylen = digest_key_length(to->digest->type);
|
||||
sess->mac = digest;
|
||||
|
||||
dstate->d_fd = get_dev_crypto();
|
||||
|
||||
if (ioctl(dstate->d_fd, CIOCGSESSION, sess) < 0) {
|
||||
put_dev_crypto(dstate->d_fd);
|
||||
dstate->d_fd = -1;
|
||||
printf("cryptodev_digest_init: Open session failed\n");
|
||||
return (0);
|
||||
}
|
||||
|
||||
dstate->copy = 1;
|
||||
if (fstate->mac_len != 0) {
|
||||
if (fstate->mac_data != NULL)
|
||||
{
|
||||
dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
|
||||
memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len);
|
||||
dstate->mac_len = fstate->mac_len;
|
||||
}
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
@@ -1347,11 +1378,11 @@ ENGINE_load_cryptodev(void)
|
||||
* find out what asymmetric crypto algorithms we support
|
||||
*/
|
||||
if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {
|
||||
close(fd);
|
||||
put_dev_crypto(fd);
|
||||
ENGINE_free(engine);
|
||||
return;
|
||||
}
|
||||
close(fd);
|
||||
put_dev_crypto(fd);
|
||||
|
||||
if (!ENGINE_set_id(engine, "cryptodev") ||
|
||||
!ENGINE_set_name(engine, "BSD cryptodev engine") ||
|
||||
|
||||
@@ -58,6 +58,7 @@
|
||||
#include <openssl/objects.h>
|
||||
#include <openssl/aes.h>
|
||||
#include <openssl/sha.h>
|
||||
#include "evp_locl.h"
|
||||
|
||||
#ifndef EVP_CIPH_FLAG_AEAD_CIPHER
|
||||
#define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000
|
||||
|
||||
@@ -125,10 +125,14 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
|
||||
/* Ensure a context left lying around from last time is cleared
|
||||
* (the previous check attempted to avoid this if the same
|
||||
* ENGINE and EVP_CIPHER could be used). */
|
||||
EVP_CIPHER_CTX_cleanup(ctx);
|
||||
|
||||
/* Restore encrypt field: it is zeroed by cleanup */
|
||||
ctx->encrypt = enc;
|
||||
if (ctx->cipher)
|
||||
{
|
||||
unsigned long flags = ctx->flags;
|
||||
EVP_CIPHER_CTX_cleanup(ctx);
|
||||
/* Restore encrypt and flags */
|
||||
ctx->encrypt = enc;
|
||||
ctx->flags = flags;
|
||||
}
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
if(impl)
|
||||
{
|
||||
|
||||
@@ -352,6 +352,7 @@ int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
|
||||
|
||||
#ifdef OPENSSL_DOING_MAKEDEPEND
|
||||
#undef SHA1_Init
|
||||
#undef SHA1_Update
|
||||
#undef SHA224_Init
|
||||
#undef SHA256_Init
|
||||
#undef SHA384_Init
|
||||
|
||||
@@ -331,7 +331,7 @@ if (!$x86only) {{{
|
||||
|
||||
&static_label("rem_4bit");
|
||||
|
||||
if (0) {{ # "May" MMX version is kept for reference...
|
||||
if (!$sse2) {{ # pure-MMX "May" version...
|
||||
|
||||
$S=12; # shift factor for rem_4bit
|
||||
|
||||
|
||||
@@ -723,7 +723,11 @@ void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx,void *key,block128_f block)
|
||||
# endif
|
||||
gcm_init_4bit(ctx->Htable,ctx->H.u);
|
||||
# if defined(GHASH_ASM_X86) /* x86 only */
|
||||
# if defined(OPENSSL_IA32_SSE2)
|
||||
if (OPENSSL_ia32cap_P[0]&(1<<25)) { /* check SSE bit */
|
||||
# else
|
||||
if (OPENSSL_ia32cap_P[0]&(1<<23)) { /* check MMX bit */
|
||||
# endif
|
||||
ctx->gmult = gcm_gmult_4bit_mmx;
|
||||
ctx->ghash = gcm_ghash_4bit_mmx;
|
||||
} else {
|
||||
|
||||
@@ -36,7 +36,7 @@ typedef unsigned char u8;
|
||||
# undef STRICT_ALIGNMENT
|
||||
#endif
|
||||
|
||||
#if !defined(PEDANTIC) && !defined(OPENSSL_NO_ASM) && !defined(OPNESSL_NO_INLINE_ASM)
|
||||
#if !defined(PEDANTIC) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
|
||||
#if defined(__GNUC__) && __GNUC__>=2
|
||||
# if defined(__x86_64) || defined(__x86_64__)
|
||||
# define BSWAP8(x) ({ u64 ret=(x); \
|
||||
|
||||
@@ -25,11 +25,11 @@
|
||||
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
|
||||
* major minor fix final patch/beta)
|
||||
*/
|
||||
#define OPENSSL_VERSION_NUMBER 0x10001001L
|
||||
#define OPENSSL_VERSION_NUMBER 0x1000100fL
|
||||
#ifdef OPENSSL_FIPS
|
||||
#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1-fips-beta1 03 Jan 2012"
|
||||
#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1-fips 14 Mar 2012"
|
||||
#else
|
||||
#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1-beta1 03 Jan 2012"
|
||||
#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1 14 Mar 2012"
|
||||
#endif
|
||||
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
|
||||
|
||||
|
||||
@@ -62,12 +62,8 @@ my $flavour = shift;
|
||||
my $output = shift;
|
||||
if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
|
||||
|
||||
{ my ($stddev,$stdino,@junk)=stat(STDOUT);
|
||||
my ($outdev,$outino,@junk)=stat($output);
|
||||
|
||||
open STDOUT,">$output" || die "can't open $output: $!"
|
||||
if ($stddev!=$outdev || $stdino!=$outino);
|
||||
}
|
||||
open STDOUT,">$output" || die "can't open $output: $!"
|
||||
if (defined($output));
|
||||
|
||||
my $gas=1; $gas=0 if ($output =~ /\.asm$/);
|
||||
my $elf=1; $elf=0 if (!$gas);
|
||||
@@ -569,7 +565,8 @@ my %globals;
|
||||
$v.=" READONLY";
|
||||
$v.=" ALIGN(".($1 eq "p" ? 4 : 8).")" if ($masm>=$masmref);
|
||||
} elsif ($line=~/\.CRT\$/i) {
|
||||
$v.=" READONLY ALIGN(8)";
|
||||
$v.=" READONLY ";
|
||||
$v.=$masm>=$masmref ? "ALIGN(8)" : "DWORD";
|
||||
}
|
||||
}
|
||||
$current_segment = $line;
|
||||
|
||||
@@ -167,7 +167,7 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
|
||||
if (cert && *cert)
|
||||
X509_free(*cert);
|
||||
if (x)
|
||||
X509_free(*cert);
|
||||
X509_free(x);
|
||||
if (ocerts)
|
||||
sk_X509_pop_free(ocerts, X509_free);
|
||||
return 0;
|
||||
|
||||
@@ -204,11 +204,11 @@ static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen,
|
||||
unsigned char *ek = NULL;
|
||||
size_t eklen;
|
||||
|
||||
int ret = 0;
|
||||
int ret = -1;
|
||||
|
||||
pctx = EVP_PKEY_CTX_new(pkey, NULL);
|
||||
if (!pctx)
|
||||
return 0;
|
||||
return -1;
|
||||
|
||||
if (EVP_PKEY_decrypt_init(pctx) <= 0)
|
||||
goto err;
|
||||
@@ -235,12 +235,19 @@ static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen,
|
||||
if (EVP_PKEY_decrypt(pctx, ek, &eklen,
|
||||
ri->enc_key->data, ri->enc_key->length) <= 0)
|
||||
{
|
||||
ret = 0;
|
||||
PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_EVP_LIB);
|
||||
goto err;
|
||||
}
|
||||
|
||||
ret = 1;
|
||||
|
||||
if (*pek)
|
||||
{
|
||||
OPENSSL_cleanse(*pek, *peklen);
|
||||
OPENSSL_free(*pek);
|
||||
}
|
||||
|
||||
*pek = ek;
|
||||
*peklen = eklen;
|
||||
|
||||
@@ -500,8 +507,8 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
|
||||
int max;
|
||||
X509_OBJECT ret;
|
||||
#endif
|
||||
unsigned char *ek = NULL;
|
||||
int eklen;
|
||||
unsigned char *ek = NULL, *tkey = NULL;
|
||||
int eklen, tkeylen;
|
||||
|
||||
if ((etmp=BIO_new(BIO_f_cipher())) == NULL)
|
||||
{
|
||||
@@ -534,29 +541,28 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
|
||||
}
|
||||
|
||||
/* If we haven't got a certificate try each ri in turn */
|
||||
|
||||
if (pcert == NULL)
|
||||
{
|
||||
/* Always attempt to decrypt all rinfo even
|
||||
* after sucess as a defence against MMA timing
|
||||
* attacks.
|
||||
*/
|
||||
for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)
|
||||
{
|
||||
ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
|
||||
|
||||
if (pkcs7_decrypt_rinfo(&ek, &eklen,
|
||||
ri, pkey) > 0)
|
||||
break;
|
||||
ri, pkey) < 0)
|
||||
goto err;
|
||||
ERR_clear_error();
|
||||
ri = NULL;
|
||||
}
|
||||
if (ri == NULL)
|
||||
{
|
||||
PKCS7err(PKCS7_F_PKCS7_DATADECODE,
|
||||
PKCS7_R_NO_RECIPIENT_MATCHES_KEY);
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey) <= 0)
|
||||
/* Only exit on fatal errors, not decrypt failure */
|
||||
if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey) < 0)
|
||||
goto err;
|
||||
ERR_clear_error();
|
||||
}
|
||||
|
||||
evp_ctx=NULL;
|
||||
@@ -565,6 +571,19 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
|
||||
goto err;
|
||||
if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0)
|
||||
goto err;
|
||||
/* Generate random key as MMA defence */
|
||||
tkeylen = EVP_CIPHER_CTX_key_length(evp_ctx);
|
||||
tkey = OPENSSL_malloc(tkeylen);
|
||||
if (!tkey)
|
||||
goto err;
|
||||
if (EVP_CIPHER_CTX_rand_key(evp_ctx, tkey) <= 0)
|
||||
goto err;
|
||||
if (ek == NULL)
|
||||
{
|
||||
ek = tkey;
|
||||
eklen = tkeylen;
|
||||
tkey = NULL;
|
||||
}
|
||||
|
||||
if (eklen != EVP_CIPHER_CTX_key_length(evp_ctx)) {
|
||||
/* Some S/MIME clients don't use the same key
|
||||
@@ -573,11 +592,16 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
|
||||
*/
|
||||
if(!EVP_CIPHER_CTX_set_key_length(evp_ctx, eklen))
|
||||
{
|
||||
PKCS7err(PKCS7_F_PKCS7_DATADECODE,
|
||||
PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH);
|
||||
goto err;
|
||||
/* Use random key as MMA defence */
|
||||
OPENSSL_cleanse(ek, eklen);
|
||||
OPENSSL_free(ek);
|
||||
ek = tkey;
|
||||
eklen = tkeylen;
|
||||
tkey = NULL;
|
||||
}
|
||||
}
|
||||
/* Clear errors so we don't leak information useful in MMA */
|
||||
ERR_clear_error();
|
||||
if (EVP_CipherInit_ex(evp_ctx,NULL,NULL,ek,NULL,0) <= 0)
|
||||
goto err;
|
||||
|
||||
@@ -586,6 +610,11 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
|
||||
OPENSSL_cleanse(ek,eklen);
|
||||
OPENSSL_free(ek);
|
||||
}
|
||||
if (tkey)
|
||||
{
|
||||
OPENSSL_cleanse(tkey,tkeylen);
|
||||
OPENSSL_free(tkey);
|
||||
}
|
||||
|
||||
if (out == NULL)
|
||||
out=etmp;
|
||||
|
||||
@@ -573,15 +573,34 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
|
||||
return 0;
|
||||
}
|
||||
ret = SMIME_text(bread, data);
|
||||
if (ret > 0 && BIO_method_type(tmpmem) == BIO_TYPE_CIPHER)
|
||||
{
|
||||
if (!BIO_get_cipher_status(tmpmem))
|
||||
ret = 0;
|
||||
}
|
||||
BIO_free_all(bread);
|
||||
return ret;
|
||||
} else {
|
||||
for(;;) {
|
||||
i = BIO_read(tmpmem, buf, sizeof(buf));
|
||||
if(i <= 0) break;
|
||||
BIO_write(data, buf, i);
|
||||
if(i <= 0)
|
||||
{
|
||||
ret = 1;
|
||||
if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER)
|
||||
{
|
||||
if (!BIO_get_cipher_status(tmpmem))
|
||||
ret = 0;
|
||||
}
|
||||
|
||||
break;
|
||||
}
|
||||
if (BIO_write(data, buf, i) != i)
|
||||
{
|
||||
ret = 0;
|
||||
break;
|
||||
}
|
||||
}
|
||||
BIO_free_all(tmpmem);
|
||||
return 1;
|
||||
return ret;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -137,7 +137,7 @@ int RAND_load_file(const char *file, long bytes)
|
||||
in=fopen(file,"rb");
|
||||
#endif
|
||||
if (in == NULL) goto err;
|
||||
#if defined(S_IFBLK) && defined(S_IFCHR) && !defined(OPNESSL_NO_POSIX_IO)
|
||||
#if defined(S_IFBLK) && defined(S_IFCHR) && !defined(OPENSSL_NO_POSIX_IO)
|
||||
if (sb.st_mode & (S_IFBLK | S_IFCHR)) {
|
||||
/* this file is a device. we don't want read an infinite number
|
||||
* of bytes from a random device, nor do we want to use buffered
|
||||
|
||||
@@ -243,9 +243,9 @@ ___
|
||||
|
||||
$code.=<<___;
|
||||
|
||||
.EXPORT RC4_set_key,ENTRY,ARGW0=GR,ARGW1=GR,ARGW2=GR
|
||||
.EXPORT private_RC4_set_key,ENTRY,ARGW0=GR,ARGW1=GR,ARGW2=GR
|
||||
.ALIGN 8
|
||||
RC4_set_key
|
||||
private_RC4_set_key
|
||||
.PROC
|
||||
.CALLINFO NO_CALLS
|
||||
.ENTRY
|
||||
|
||||
@@ -222,7 +222,20 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
if (rctx->pad_mode == RSA_X931_PADDING)
|
||||
|
||||
if (EVP_MD_type(rctx->md) == NID_mdc2)
|
||||
{
|
||||
unsigned int sltmp;
|
||||
if (rctx->pad_mode != RSA_PKCS1_PADDING)
|
||||
return -1;
|
||||
ret = RSA_sign_ASN1_OCTET_STRING(NID_mdc2,
|
||||
tbs, tbslen, sig, &sltmp, rsa);
|
||||
|
||||
if (ret <= 0)
|
||||
return ret;
|
||||
ret = sltmp;
|
||||
}
|
||||
else if (rctx->pad_mode == RSA_X931_PADDING)
|
||||
{
|
||||
if (!setup_tbuf(rctx, ctx))
|
||||
return -1;
|
||||
|
||||
@@ -199,6 +199,22 @@ int int_rsa_verify(int dtype, const unsigned char *m,
|
||||
i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING);
|
||||
|
||||
if (i <= 0) goto err;
|
||||
/* Oddball MDC2 case: signature can be OCTET STRING.
|
||||
* check for correct tag and length octets.
|
||||
*/
|
||||
if (dtype == NID_mdc2 && i == 18 && s[0] == 0x04 && s[1] == 0x10)
|
||||
{
|
||||
if (rm)
|
||||
{
|
||||
memcpy(rm, s + 2, 16);
|
||||
*prm_len = 16;
|
||||
ret = 1;
|
||||
}
|
||||
else if(memcmp(m, s + 2, 16))
|
||||
RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
|
||||
else
|
||||
ret = 1;
|
||||
}
|
||||
|
||||
/* Special case: SSL signature */
|
||||
if(dtype == NID_md5_sha1) {
|
||||
|
||||
@@ -36,6 +36,10 @@
|
||||
#include <openssl/seed.h>
|
||||
#include "seed_locl.h"
|
||||
|
||||
#ifdef SS /* can get defined on Solaris by inclusion of <stdlib.h> */
|
||||
#undef SS
|
||||
#endif
|
||||
|
||||
static const seed_word SS[4][256] = { {
|
||||
0x2989a1a8, 0x05858184, 0x16c6d2d4, 0x13c3d3d0, 0x14445054, 0x1d0d111c, 0x2c8ca0ac, 0x25052124,
|
||||
0x1d4d515c, 0x03434340, 0x18081018, 0x1e0e121c, 0x11415150, 0x3cccf0fc, 0x0acac2c8, 0x23436360,
|
||||
|
||||
@@ -170,7 +170,6 @@ void OPENSSL_cpuid_setup(void)
|
||||
char *e;
|
||||
struct sigaction common_act,ill_oact,bus_oact;
|
||||
sigset_t all_masked,oset;
|
||||
int sig;
|
||||
static int trigger=0;
|
||||
|
||||
if (trigger) return;
|
||||
|
||||
@@ -43,7 +43,8 @@ links:
|
||||
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
|
||||
|
||||
install:
|
||||
@for i in $(EXHEADER) ; \
|
||||
@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
|
||||
@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
|
||||
do \
|
||||
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
|
||||
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
|
||||
|
||||
@@ -192,6 +192,18 @@
|
||||
#define SSL_CTX_set_srp_verify_param_callback SSL_CTX_set_srp_vfy_param_cb
|
||||
#undef SSL_CTX_set_srp_username_callback
|
||||
#define SSL_CTX_set_srp_username_callback SSL_CTX_set_srp_un_cb
|
||||
#undef ssl_add_clienthello_use_srtp_ext
|
||||
#define ssl_add_clienthello_use_srtp_ext ssl_add_clihello_use_srtp_ext
|
||||
#undef ssl_add_serverhello_use_srtp_ext
|
||||
#define ssl_add_serverhello_use_srtp_ext ssl_add_serhello_use_srtp_ext
|
||||
#undef ssl_parse_clienthello_use_srtp_ext
|
||||
#define ssl_parse_clienthello_use_srtp_ext ssl_parse_clihello_use_srtp_ext
|
||||
#undef ssl_parse_serverhello_use_srtp_ext
|
||||
#define ssl_parse_serverhello_use_srtp_ext ssl_parse_serhello_use_srtp_ext
|
||||
#undef SSL_CTX_set_next_protos_advertised_cb
|
||||
#define SSL_CTX_set_next_protos_advertised_cb SSL_CTX_set_next_protos_adv_cb
|
||||
#undef SSL_CTX_set_next_proto_select_cb
|
||||
#define SSL_CTX_set_next_proto_select_cb SSL_CTX_set_next_proto_sel_cb
|
||||
|
||||
/* Hack some long ENGINE names */
|
||||
#undef ENGINE_get_default_BN_mod_exp_crt
|
||||
|
||||
@@ -86,9 +86,6 @@
|
||||
#include <openssl/dh.h>
|
||||
#endif
|
||||
|
||||
#include <openssl/evp.h>
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
@@ -122,7 +122,7 @@
|
||||
* sigaction and fileno included. -pedantic would be more appropriate for
|
||||
* the intended purposes, but we can't prevent users from adding -ansi.
|
||||
*/
|
||||
#ifndef _POSIX_C_SOURCE
|
||||
#if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS)
|
||||
#define _POSIX_C_SOURCE 2
|
||||
#endif
|
||||
#include <signal.h>
|
||||
|
||||
@@ -142,12 +142,13 @@ unsigned int v3_addr_get_afi(const IPAddressFamily *f)
|
||||
* Expand the bitstring form of an address into a raw byte array.
|
||||
* At the moment this is coded for simplicity, not speed.
|
||||
*/
|
||||
static void addr_expand(unsigned char *addr,
|
||||
static int addr_expand(unsigned char *addr,
|
||||
const ASN1_BIT_STRING *bs,
|
||||
const int length,
|
||||
const unsigned char fill)
|
||||
{
|
||||
OPENSSL_assert(bs->length >= 0 && bs->length <= length);
|
||||
if (bs->length < 0 || bs->length > length)
|
||||
return 0;
|
||||
if (bs->length > 0) {
|
||||
memcpy(addr, bs->data, bs->length);
|
||||
if ((bs->flags & 7) != 0) {
|
||||
@@ -159,6 +160,7 @@ static void addr_expand(unsigned char *addr,
|
||||
}
|
||||
}
|
||||
memset(addr + bs->length, fill, length - bs->length);
|
||||
return 1;
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -181,15 +183,13 @@ static int i2r_address(BIO *out,
|
||||
return 0;
|
||||
switch (afi) {
|
||||
case IANA_AFI_IPV4:
|
||||
if (bs->length > 4)
|
||||
if (!addr_expand(addr, bs, 4, fill))
|
||||
return 0;
|
||||
addr_expand(addr, bs, 4, fill);
|
||||
BIO_printf(out, "%d.%d.%d.%d", addr[0], addr[1], addr[2], addr[3]);
|
||||
break;
|
||||
case IANA_AFI_IPV6:
|
||||
if (bs->length > 16)
|
||||
if (!addr_expand(addr, bs, 16, fill))
|
||||
return 0;
|
||||
addr_expand(addr, bs, 16, fill);
|
||||
for (n = 16; n > 1 && addr[n-1] == 0x00 && addr[n-2] == 0x00; n -= 2)
|
||||
;
|
||||
for (i = 0; i < n; i += 2)
|
||||
@@ -315,6 +315,12 @@ static int i2r_IPAddrBlocks(const X509V3_EXT_METHOD *method,
|
||||
/*
|
||||
* Sort comparison function for a sequence of IPAddressOrRange
|
||||
* elements.
|
||||
*
|
||||
* There's no sane answer we can give if addr_expand() fails, and an
|
||||
* assertion failure on externally supplied data is seriously uncool,
|
||||
* so we just arbitrarily declare that if given invalid inputs this
|
||||
* function returns -1. If this messes up your preferred sort order
|
||||
* for garbage input, tough noogies.
|
||||
*/
|
||||
static int IPAddressOrRange_cmp(const IPAddressOrRange *a,
|
||||
const IPAddressOrRange *b,
|
||||
@@ -326,22 +332,26 @@ static int IPAddressOrRange_cmp(const IPAddressOrRange *a,
|
||||
|
||||
switch (a->type) {
|
||||
case IPAddressOrRange_addressPrefix:
|
||||
addr_expand(addr_a, a->u.addressPrefix, length, 0x00);
|
||||
if (!addr_expand(addr_a, a->u.addressPrefix, length, 0x00))
|
||||
return -1;
|
||||
prefixlen_a = addr_prefixlen(a->u.addressPrefix);
|
||||
break;
|
||||
case IPAddressOrRange_addressRange:
|
||||
addr_expand(addr_a, a->u.addressRange->min, length, 0x00);
|
||||
if (!addr_expand(addr_a, a->u.addressRange->min, length, 0x00))
|
||||
return -1;
|
||||
prefixlen_a = length * 8;
|
||||
break;
|
||||
}
|
||||
|
||||
switch (b->type) {
|
||||
case IPAddressOrRange_addressPrefix:
|
||||
addr_expand(addr_b, b->u.addressPrefix, length, 0x00);
|
||||
if (!addr_expand(addr_b, b->u.addressPrefix, length, 0x00))
|
||||
return -1;
|
||||
prefixlen_b = addr_prefixlen(b->u.addressPrefix);
|
||||
break;
|
||||
case IPAddressOrRange_addressRange:
|
||||
addr_expand(addr_b, b->u.addressRange->min, length, 0x00);
|
||||
if (!addr_expand(addr_b, b->u.addressRange->min, length, 0x00))
|
||||
return -1;
|
||||
prefixlen_b = length * 8;
|
||||
break;
|
||||
}
|
||||
@@ -602,10 +612,10 @@ static IPAddressOrRanges *make_prefix_or_range(IPAddrBlocks *addr,
|
||||
return NULL;
|
||||
switch (afi) {
|
||||
case IANA_AFI_IPV4:
|
||||
sk_IPAddressOrRange_set_cmp_func(aors, v4IPAddressOrRange_cmp);
|
||||
(void) sk_IPAddressOrRange_set_cmp_func(aors, v4IPAddressOrRange_cmp);
|
||||
break;
|
||||
case IANA_AFI_IPV6:
|
||||
sk_IPAddressOrRange_set_cmp_func(aors, v6IPAddressOrRange_cmp);
|
||||
(void) sk_IPAddressOrRange_set_cmp_func(aors, v6IPAddressOrRange_cmp);
|
||||
break;
|
||||
}
|
||||
f->ipAddressChoice->type = IPAddressChoice_addressesOrRanges;
|
||||
@@ -657,22 +667,22 @@ int v3_addr_add_range(IPAddrBlocks *addr,
|
||||
/*
|
||||
* Extract min and max values from an IPAddressOrRange.
|
||||
*/
|
||||
static void extract_min_max(IPAddressOrRange *aor,
|
||||
static int extract_min_max(IPAddressOrRange *aor,
|
||||
unsigned char *min,
|
||||
unsigned char *max,
|
||||
int length)
|
||||
{
|
||||
OPENSSL_assert(aor != NULL && min != NULL && max != NULL);
|
||||
if (aor == NULL || min == NULL || max == NULL)
|
||||
return 0;
|
||||
switch (aor->type) {
|
||||
case IPAddressOrRange_addressPrefix:
|
||||
addr_expand(min, aor->u.addressPrefix, length, 0x00);
|
||||
addr_expand(max, aor->u.addressPrefix, length, 0xFF);
|
||||
return;
|
||||
return (addr_expand(min, aor->u.addressPrefix, length, 0x00) &&
|
||||
addr_expand(max, aor->u.addressPrefix, length, 0xFF));
|
||||
case IPAddressOrRange_addressRange:
|
||||
addr_expand(min, aor->u.addressRange->min, length, 0x00);
|
||||
addr_expand(max, aor->u.addressRange->max, length, 0xFF);
|
||||
return;
|
||||
return (addr_expand(min, aor->u.addressRange->min, length, 0x00) &&
|
||||
addr_expand(max, aor->u.addressRange->max, length, 0xFF));
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -688,9 +698,10 @@ int v3_addr_get_range(IPAddressOrRange *aor,
|
||||
if (aor == NULL || min == NULL || max == NULL ||
|
||||
afi_length == 0 || length < afi_length ||
|
||||
(aor->type != IPAddressOrRange_addressPrefix &&
|
||||
aor->type != IPAddressOrRange_addressRange))
|
||||
aor->type != IPAddressOrRange_addressRange) ||
|
||||
!extract_min_max(aor, min, max, afi_length))
|
||||
return 0;
|
||||
extract_min_max(aor, min, max, afi_length);
|
||||
|
||||
return afi_length;
|
||||
}
|
||||
|
||||
@@ -772,8 +783,9 @@ int v3_addr_is_canonical(IPAddrBlocks *addr)
|
||||
IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);
|
||||
IPAddressOrRange *b = sk_IPAddressOrRange_value(aors, j + 1);
|
||||
|
||||
extract_min_max(a, a_min, a_max, length);
|
||||
extract_min_max(b, b_min, b_max, length);
|
||||
if (!extract_min_max(a, a_min, a_max, length) ||
|
||||
!extract_min_max(b, b_min, b_max, length))
|
||||
return 0;
|
||||
|
||||
/*
|
||||
* Punt misordered list, overlapping start, or inverted range.
|
||||
@@ -808,7 +820,8 @@ int v3_addr_is_canonical(IPAddrBlocks *addr)
|
||||
{
|
||||
IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);
|
||||
if (a != NULL && a->type == IPAddressOrRange_addressRange) {
|
||||
extract_min_max(a, a_min, a_max, length);
|
||||
if (!extract_min_max(a, a_min, a_max, length))
|
||||
return 0;
|
||||
if (memcmp(a_min, a_max, length) > 0 ||
|
||||
range_should_be_prefix(a_min, a_max, length) >= 0)
|
||||
return 0;
|
||||
@@ -844,8 +857,9 @@ static int IPAddressOrRanges_canonize(IPAddressOrRanges *aors,
|
||||
unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN];
|
||||
unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN];
|
||||
|
||||
extract_min_max(a, a_min, a_max, length);
|
||||
extract_min_max(b, b_min, b_max, length);
|
||||
if (!extract_min_max(a, a_min, a_max, length) ||
|
||||
!extract_min_max(b, b_min, b_max, length))
|
||||
return 0;
|
||||
|
||||
/*
|
||||
* Punt inverted ranges.
|
||||
@@ -870,8 +884,8 @@ static int IPAddressOrRanges_canonize(IPAddressOrRanges *aors,
|
||||
IPAddressOrRange *merged;
|
||||
if (!make_addressRange(&merged, a_min, b_max, length))
|
||||
return 0;
|
||||
sk_IPAddressOrRange_set(aors, i, merged);
|
||||
sk_IPAddressOrRange_delete(aors, i + 1);
|
||||
(void) sk_IPAddressOrRange_set(aors, i, merged);
|
||||
(void) sk_IPAddressOrRange_delete(aors, i + 1);
|
||||
IPAddressOrRange_free(a);
|
||||
IPAddressOrRange_free(b);
|
||||
--i;
|
||||
@@ -909,7 +923,7 @@ int v3_addr_canonize(IPAddrBlocks *addr)
|
||||
v3_addr_get_afi(f)))
|
||||
return 0;
|
||||
}
|
||||
sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp);
|
||||
(void) sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp);
|
||||
sk_IPAddressFamily_sort(addr);
|
||||
OPENSSL_assert(v3_addr_is_canonical(addr));
|
||||
return 1;
|
||||
@@ -1131,13 +1145,15 @@ static int addr_contains(IPAddressOrRanges *parent,
|
||||
|
||||
p = 0;
|
||||
for (c = 0; c < sk_IPAddressOrRange_num(child); c++) {
|
||||
extract_min_max(sk_IPAddressOrRange_value(child, c),
|
||||
c_min, c_max, length);
|
||||
if (!extract_min_max(sk_IPAddressOrRange_value(child, c),
|
||||
c_min, c_max, length))
|
||||
return -1;
|
||||
for (;; p++) {
|
||||
if (p >= sk_IPAddressOrRange_num(parent))
|
||||
return 0;
|
||||
extract_min_max(sk_IPAddressOrRange_value(parent, p),
|
||||
p_min, p_max, length);
|
||||
if (!extract_min_max(sk_IPAddressOrRange_value(parent, p),
|
||||
p_min, p_max, length))
|
||||
return 0;
|
||||
if (memcmp(p_max, c_max, length) < 0)
|
||||
continue;
|
||||
if (memcmp(p_min, c_min, length) > 0)
|
||||
@@ -1159,7 +1175,7 @@ int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b)
|
||||
return 1;
|
||||
if (b == NULL || v3_addr_inherits(a) || v3_addr_inherits(b))
|
||||
return 0;
|
||||
sk_IPAddressFamily_set_cmp_func(b, IPAddressFamily_cmp);
|
||||
(void) sk_IPAddressFamily_set_cmp_func(b, IPAddressFamily_cmp);
|
||||
for (i = 0; i < sk_IPAddressFamily_num(a); i++) {
|
||||
IPAddressFamily *fa = sk_IPAddressFamily_value(a, i);
|
||||
int j = sk_IPAddressFamily_find(b, fa);
|
||||
@@ -1224,7 +1240,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
|
||||
}
|
||||
if (!v3_addr_is_canonical(ext))
|
||||
validation_err(X509_V_ERR_INVALID_EXTENSION);
|
||||
sk_IPAddressFamily_set_cmp_func(ext, IPAddressFamily_cmp);
|
||||
(void) sk_IPAddressFamily_set_cmp_func(ext, IPAddressFamily_cmp);
|
||||
if ((child = sk_IPAddressFamily_dup(ext)) == NULL) {
|
||||
X509V3err(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL, ERR_R_MALLOC_FAILURE);
|
||||
ret = 0;
|
||||
@@ -1250,7 +1266,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
|
||||
}
|
||||
continue;
|
||||
}
|
||||
sk_IPAddressFamily_set_cmp_func(x->rfc3779_addr, IPAddressFamily_cmp);
|
||||
(void) sk_IPAddressFamily_set_cmp_func(x->rfc3779_addr, IPAddressFamily_cmp);
|
||||
for (j = 0; j < sk_IPAddressFamily_num(child); j++) {
|
||||
IPAddressFamily *fc = sk_IPAddressFamily_value(child, j);
|
||||
int k = sk_IPAddressFamily_find(x->rfc3779_addr, fc);
|
||||
|
||||
@@ -358,6 +358,20 @@ static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice)
|
||||
goto done;
|
||||
}
|
||||
|
||||
/*
|
||||
* Check for inverted range.
|
||||
*/
|
||||
i = sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1;
|
||||
{
|
||||
ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
|
||||
ASN1_INTEGER *a_min, *a_max;
|
||||
if (a != NULL && a->type == ASIdOrRange_range) {
|
||||
extract_min_max(a, &a_min, &a_max);
|
||||
if (ASN1_INTEGER_cmp(a_min, a_max) > 0)
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
|
||||
ret = 1;
|
||||
|
||||
done:
|
||||
@@ -392,9 +406,18 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
|
||||
return 1;
|
||||
|
||||
/*
|
||||
* We have a list. Sort it.
|
||||
* If not a list, or if empty list, it's broken.
|
||||
*/
|
||||
if (choice->type != ASIdentifierChoice_asIdsOrRanges ||
|
||||
sk_ASIdOrRange_num(choice->u.asIdsOrRanges) == 0) {
|
||||
X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,
|
||||
X509V3_R_EXTENSION_VALUE_ERROR);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* We have a non-empty list. Sort it.
|
||||
*/
|
||||
OPENSSL_assert(choice->type == ASIdentifierChoice_asIdsOrRanges);
|
||||
sk_ASIdOrRange_sort(choice->u.asIdsOrRanges);
|
||||
|
||||
/*
|
||||
@@ -414,6 +437,13 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
|
||||
*/
|
||||
OPENSSL_assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0);
|
||||
|
||||
/*
|
||||
* Punt inverted ranges.
|
||||
*/
|
||||
if (ASN1_INTEGER_cmp(a_min, a_max) > 0 ||
|
||||
ASN1_INTEGER_cmp(b_min, b_max) > 0)
|
||||
goto done;
|
||||
|
||||
/*
|
||||
* Check for overlaps.
|
||||
*/
|
||||
@@ -465,12 +495,26 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
|
||||
break;
|
||||
}
|
||||
ASIdOrRange_free(b);
|
||||
sk_ASIdOrRange_delete(choice->u.asIdsOrRanges, i + 1);
|
||||
(void) sk_ASIdOrRange_delete(choice->u.asIdsOrRanges, i + 1);
|
||||
i--;
|
||||
continue;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Check for final inverted range.
|
||||
*/
|
||||
i = sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1;
|
||||
{
|
||||
ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
|
||||
ASN1_INTEGER *a_min, *a_max;
|
||||
if (a != NULL && a->type == ASIdOrRange_range) {
|
||||
extract_min_max(a, &a_min, &a_max);
|
||||
if (ASN1_INTEGER_cmp(a_min, a_max) > 0)
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
|
||||
OPENSSL_assert(ASIdentifierChoice_is_canonical(choice)); /* Paranoia */
|
||||
|
||||
ret = 1;
|
||||
@@ -498,6 +542,7 @@ static void *v2i_ASIdentifiers(const struct v3_ext_method *method,
|
||||
struct v3_ext_ctx *ctx,
|
||||
STACK_OF(CONF_VALUE) *values)
|
||||
{
|
||||
ASN1_INTEGER *min = NULL, *max = NULL;
|
||||
ASIdentifiers *asid = NULL;
|
||||
int i;
|
||||
|
||||
@@ -508,7 +553,6 @@ static void *v2i_ASIdentifiers(const struct v3_ext_method *method,
|
||||
|
||||
for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
|
||||
CONF_VALUE *val = sk_CONF_VALUE_value(values, i);
|
||||
ASN1_INTEGER *min = NULL, *max = NULL;
|
||||
int i1, i2, i3, is_range, which;
|
||||
|
||||
/*
|
||||
@@ -578,18 +622,19 @@ static void *v2i_ASIdentifiers(const struct v3_ext_method *method,
|
||||
max = s2i_ASN1_INTEGER(NULL, s + i2);
|
||||
OPENSSL_free(s);
|
||||
if (min == NULL || max == NULL) {
|
||||
ASN1_INTEGER_free(min);
|
||||
ASN1_INTEGER_free(max);
|
||||
X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
}
|
||||
if (ASN1_INTEGER_cmp(min, max) > 0) {
|
||||
X509V3err(X509V3_F_V2I_ASIDENTIFIERS, X509V3_R_EXTENSION_VALUE_ERROR);
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
if (!v3_asid_add_id_or_range(asid, which, min, max)) {
|
||||
ASN1_INTEGER_free(min);
|
||||
ASN1_INTEGER_free(max);
|
||||
X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
}
|
||||
min = max = NULL;
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -601,6 +646,8 @@ static void *v2i_ASIdentifiers(const struct v3_ext_method *method,
|
||||
|
||||
err:
|
||||
ASIdentifiers_free(asid);
|
||||
ASN1_INTEGER_free(min);
|
||||
ASN1_INTEGER_free(max);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
||||
@@ -19,9 +19,9 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
|
||||
&pushf ();
|
||||
&pop ("eax");
|
||||
&xor ("ecx","eax");
|
||||
&bt ("ecx",21);
|
||||
&jnc (&label("generic"));
|
||||
&xor ("eax","eax");
|
||||
&bt ("ecx",21);
|
||||
&jnc (&label("nocpuid"));
|
||||
&cpuid ();
|
||||
&mov ("edi","eax"); # max value for standard query level
|
||||
|
||||
@@ -136,6 +136,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
|
||||
&set_label("done");
|
||||
&mov ("eax","esi");
|
||||
&mov ("edx","ebp");
|
||||
&set_label("nocpuid");
|
||||
&function_end("OPENSSL_ia32_cpuid");
|
||||
|
||||
&external_label("OPENSSL_ia32cap_P");
|
||||
|
||||
@@ -114,6 +114,8 @@ hexadecimal value if preceded by B<0x>. Default value is 65537.
|
||||
|
||||
The number of bits in the generated parameters. If not specified 1024 is used.
|
||||
|
||||
=back
|
||||
|
||||
=head1 DH PARAMETER GENERATION OPTIONS
|
||||
|
||||
=over 4
|
||||
|
||||
@@ -287,8 +287,6 @@ SHA Digest
|
||||
|
||||
SHA-1 Digest
|
||||
|
||||
=back
|
||||
|
||||
=item B<sha224>
|
||||
|
||||
SHA-224 Digest
|
||||
@@ -305,6 +303,8 @@ SHA-384 Digest
|
||||
|
||||
SHA-512 Digest
|
||||
|
||||
=back
|
||||
|
||||
=head2 ENCODING AND CIPHER COMMANDS
|
||||
|
||||
=over 10
|
||||
|
||||
@@ -114,7 +114,7 @@ using the public key B<eckey>.
|
||||
|
||||
ECDSA_size() returns the maximum length signature or 0 on error.
|
||||
|
||||
ECDSA_sign_setup() and ECDSA_sign() return 1 if successful or -1
|
||||
ECDSA_sign_setup() and ECDSA_sign() return 1 if successful or 0
|
||||
on error.
|
||||
|
||||
ECDSA_verify() and ECDSA_do_verify() return 1 for a valid
|
||||
|
||||
@@ -280,6 +280,10 @@ int pkey_GOST01cp_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key, size_t * key_l
|
||||
}
|
||||
|
||||
param = get_encryption_params(gkt->key_agreement_info->cipher);
|
||||
if(!param){
|
||||
goto err;
|
||||
}
|
||||
|
||||
gost_init(&ctx,param->sblock);
|
||||
OPENSSL_assert(gkt->key_agreement_info->eph_iv->length==8);
|
||||
memcpy(wrappedKey,gkt->key_agreement_info->eph_iv->data,8);
|
||||
|
||||
@@ -261,6 +261,10 @@ int pkey_GOST94cp_decrypt(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *key_len
|
||||
}
|
||||
|
||||
param = get_encryption_params(gkt->key_agreement_info->cipher);
|
||||
if(!param){
|
||||
goto err;
|
||||
}
|
||||
|
||||
gost_init(&cctx,param->sblock);
|
||||
OPENSSL_assert(gkt->key_agreement_info->eph_iv->length==8);
|
||||
memcpy(wrappedKey,gkt->key_agreement_info->eph_iv->data,8);
|
||||
|
||||
@@ -13,6 +13,9 @@
|
||||
#include <openssl/engine.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/asn1.h>
|
||||
#ifndef OPENSSL_NO_CMS
|
||||
#include <openssl/cms.h>
|
||||
#endif
|
||||
#include "gost_params.h"
|
||||
#include "gost_lcl.h"
|
||||
#include "e_gost_err.h"
|
||||
@@ -230,6 +233,24 @@ static int pkey_ctrl_gost(EVP_PKEY *pkey, int op,
|
||||
X509_ALGOR_set0(alg2, OBJ_nid2obj(nid), V_ASN1_NULL, 0);
|
||||
}
|
||||
return 1;
|
||||
#ifndef OPENSSL_NO_CMS
|
||||
case ASN1_PKEY_CTRL_CMS_SIGN:
|
||||
if (arg1 == 0)
|
||||
{
|
||||
X509_ALGOR *alg1 = NULL, *alg2 = NULL;
|
||||
int nid = EVP_PKEY_base_id(pkey);
|
||||
CMS_SignerInfo_get0_algs((CMS_SignerInfo *)arg2,
|
||||
NULL, NULL, &alg1, &alg2);
|
||||
X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_id_GostR3411_94),
|
||||
V_ASN1_NULL, 0);
|
||||
if (nid == NID_undef)
|
||||
{
|
||||
return (-1);
|
||||
}
|
||||
X509_ALGOR_set0(alg2, OBJ_nid2obj(nid), V_ASN1_NULL, 0);
|
||||
}
|
||||
return 1;
|
||||
#endif
|
||||
case ASN1_PKEY_CTRL_PKCS7_ENCRYPT:
|
||||
if (arg1 == 0)
|
||||
{
|
||||
@@ -244,6 +265,22 @@ static int pkey_ctrl_gost(EVP_PKEY *pkey, int op,
|
||||
V_ASN1_SEQUENCE, params);
|
||||
}
|
||||
return 1;
|
||||
#ifndef OPENSSL_NO_CMS
|
||||
case ASN1_PKEY_CTRL_CMS_ENVELOPE:
|
||||
if (arg1 == 0)
|
||||
{
|
||||
X509_ALGOR *alg;
|
||||
ASN1_STRING * params = encode_gost_algor_params(pkey);
|
||||
if (!params)
|
||||
{
|
||||
return -1;
|
||||
}
|
||||
CMS_RecipientInfo_ktri_get0_algs((CMS_RecipientInfo *)arg2, NULL, NULL, &alg);
|
||||
X509_ALGOR_set0(alg, OBJ_nid2obj(pkey->type),
|
||||
V_ASN1_SEQUENCE, params);
|
||||
}
|
||||
return 1;
|
||||
#endif
|
||||
case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
|
||||
*(int *)arg2 = NID_id_GostR3411_94;
|
||||
return 2;
|
||||
|
||||
@@ -89,6 +89,12 @@ static int pkey_gost_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
|
||||
case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
|
||||
case EVP_PKEY_CTRL_PKCS7_DECRYPT:
|
||||
case EVP_PKEY_CTRL_PKCS7_SIGN:
|
||||
case EVP_PKEY_CTRL_DIGESTINIT:
|
||||
#ifndef OPENSSL_NO_CMS
|
||||
case EVP_PKEY_CTRL_CMS_ENCRYPT:
|
||||
case EVP_PKEY_CTRL_CMS_DECRYPT:
|
||||
case EVP_PKEY_CTRL_CMS_SIGN:
|
||||
#endif
|
||||
return 1;
|
||||
|
||||
case EVP_PKEY_CTRL_GOST_PARAMSET:
|
||||
@@ -123,7 +129,7 @@ static int pkey_gost_ctrl94_str(EVP_PKEY_CTX *ctx,
|
||||
}
|
||||
if (strlen(value) == 1)
|
||||
{
|
||||
switch(toupper(value[0]))
|
||||
switch(toupper((unsigned char)value[0]))
|
||||
{
|
||||
case 'A':
|
||||
param_nid = NID_id_GostR3410_94_CryptoPro_A_ParamSet;
|
||||
@@ -142,9 +148,9 @@ static int pkey_gost_ctrl94_str(EVP_PKEY_CTX *ctx,
|
||||
break;
|
||||
}
|
||||
}
|
||||
else if ((strlen(value) == 2) && (toupper(value[0]) == 'X'))
|
||||
else if ((strlen(value) == 2) && (toupper((unsigned char)value[0]) == 'X'))
|
||||
{
|
||||
switch (toupper(value[1]))
|
||||
switch (toupper((unsigned char)value[1]))
|
||||
{
|
||||
case 'A':
|
||||
param_nid = NID_id_GostR3410_94_CryptoPro_XchA_ParamSet;
|
||||
@@ -198,7 +204,7 @@ static int pkey_gost_ctrl01_str(EVP_PKEY_CTX *ctx,
|
||||
}
|
||||
if (strlen(value) == 1)
|
||||
{
|
||||
switch(toupper(value[0]))
|
||||
switch(toupper((unsigned char)value[0]))
|
||||
{
|
||||
case 'A':
|
||||
param_nid = NID_id_GostR3410_2001_CryptoPro_A_ParamSet;
|
||||
@@ -217,9 +223,9 @@ static int pkey_gost_ctrl01_str(EVP_PKEY_CTX *ctx,
|
||||
break;
|
||||
}
|
||||
}
|
||||
else if ((strlen(value) == 2) && (toupper(value[0]) == 'X'))
|
||||
else if ((strlen(value) == 2) && (toupper((unsigned char)value[0]) == 'X'))
|
||||
{
|
||||
switch (toupper(value[1]))
|
||||
switch (toupper((unsigned char)value[1]))
|
||||
{
|
||||
case 'A':
|
||||
param_nid = NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet;
|
||||
@@ -521,6 +527,7 @@ static int pkey_gost_mac_ctrl_str(EVP_PKEY_CTX *ctx,
|
||||
{
|
||||
GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL_STR,
|
||||
GOST_R_INVALID_MAC_KEY_LENGTH);
|
||||
OPENSSL_free(keybuf);
|
||||
return 0;
|
||||
}
|
||||
ret= pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY,
|
||||
|
||||
@@ -85,7 +85,6 @@ extern int GetThreadID(void);
|
||||
#ifndef OPENSSL_NO_DH
|
||||
#include <openssl/dh.h>
|
||||
#endif
|
||||
#include <openssl/bn.h>
|
||||
|
||||
#ifndef OPENSSL_NO_HW
|
||||
#ifndef OPENSSL_NO_HW_AEP
|
||||
|
||||
@@ -442,28 +442,36 @@ static int capi_init(ENGINE *e)
|
||||
CAPI_CTX *ctx;
|
||||
const RSA_METHOD *ossl_rsa_meth;
|
||||
const DSA_METHOD *ossl_dsa_meth;
|
||||
capi_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL, 0);
|
||||
cert_capi_idx = X509_get_ex_new_index(0, NULL, NULL, NULL, 0);
|
||||
|
||||
if (capi_idx < 0)
|
||||
{
|
||||
capi_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL, 0);
|
||||
if (capi_idx < 0)
|
||||
goto memerr;
|
||||
|
||||
cert_capi_idx = X509_get_ex_new_index(0, NULL, NULL, NULL, 0);
|
||||
|
||||
/* Setup RSA_METHOD */
|
||||
rsa_capi_idx = RSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
|
||||
ossl_rsa_meth = RSA_PKCS1_SSLeay();
|
||||
capi_rsa_method.rsa_pub_enc = ossl_rsa_meth->rsa_pub_enc;
|
||||
capi_rsa_method.rsa_pub_dec = ossl_rsa_meth->rsa_pub_dec;
|
||||
capi_rsa_method.rsa_mod_exp = ossl_rsa_meth->rsa_mod_exp;
|
||||
capi_rsa_method.bn_mod_exp = ossl_rsa_meth->bn_mod_exp;
|
||||
|
||||
/* Setup DSA Method */
|
||||
dsa_capi_idx = DSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
|
||||
ossl_dsa_meth = DSA_OpenSSL();
|
||||
capi_dsa_method.dsa_do_verify = ossl_dsa_meth->dsa_do_verify;
|
||||
capi_dsa_method.dsa_mod_exp = ossl_dsa_meth->dsa_mod_exp;
|
||||
capi_dsa_method.bn_mod_exp = ossl_dsa_meth->bn_mod_exp;
|
||||
}
|
||||
|
||||
ctx = capi_ctx_new();
|
||||
if (!ctx || (capi_idx < 0))
|
||||
if (!ctx)
|
||||
goto memerr;
|
||||
|
||||
ENGINE_set_ex_data(e, capi_idx, ctx);
|
||||
/* Setup RSA_METHOD */
|
||||
rsa_capi_idx = RSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
|
||||
ossl_rsa_meth = RSA_PKCS1_SSLeay();
|
||||
capi_rsa_method.rsa_pub_enc = ossl_rsa_meth->rsa_pub_enc;
|
||||
capi_rsa_method.rsa_pub_dec = ossl_rsa_meth->rsa_pub_dec;
|
||||
capi_rsa_method.rsa_mod_exp = ossl_rsa_meth->rsa_mod_exp;
|
||||
capi_rsa_method.bn_mod_exp = ossl_rsa_meth->bn_mod_exp;
|
||||
|
||||
/* Setup DSA Method */
|
||||
dsa_capi_idx = DSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
|
||||
ossl_dsa_meth = DSA_OpenSSL();
|
||||
capi_dsa_method.dsa_do_verify = ossl_dsa_meth->dsa_do_verify;
|
||||
capi_dsa_method.dsa_mod_exp = ossl_dsa_meth->dsa_mod_exp;
|
||||
capi_dsa_method.bn_mod_exp = ossl_dsa_meth->bn_mod_exp;
|
||||
|
||||
#ifdef OPENSSL_CAPIENG_DIALOG
|
||||
{
|
||||
@@ -1156,6 +1164,7 @@ static int capi_list_containers(CAPI_CTX *ctx, BIO *out)
|
||||
{
|
||||
CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, CAPI_R_ENUMCONTAINERS_ERROR);
|
||||
capi_addlasterror();
|
||||
CryptReleaseContext(hprov, 0);
|
||||
return 0;
|
||||
}
|
||||
CAPI_trace(ctx, "Got max container len %d\n", buflen);
|
||||
@@ -1573,6 +1582,8 @@ static int capi_ctx_set_provname(CAPI_CTX *ctx, LPSTR pname, DWORD type, int che
|
||||
}
|
||||
CryptReleaseContext(hprov, 0);
|
||||
}
|
||||
if (ctx->cspname)
|
||||
OPENSSL_free(ctx->cspname);
|
||||
ctx->cspname = BUF_strdup(pname);
|
||||
ctx->csptype = type;
|
||||
return 1;
|
||||
@@ -1582,9 +1593,12 @@ static int capi_ctx_set_provname_idx(CAPI_CTX *ctx, int idx)
|
||||
{
|
||||
LPSTR pname;
|
||||
DWORD type;
|
||||
int res;
|
||||
if (capi_get_provname(ctx, &pname, &type, idx) != 1)
|
||||
return 0;
|
||||
return capi_ctx_set_provname(ctx, pname, type, 0);
|
||||
res = capi_ctx_set_provname(ctx, pname, type, 0);
|
||||
OPENSSL_free(pname);
|
||||
return res;
|
||||
}
|
||||
|
||||
static int cert_issuer_match(STACK_OF(X509_NAME) *ca_dn, X509 *x)
|
||||
|
||||
@@ -503,6 +503,9 @@ $ WRITE H_FILE " * value _IONBF is not supported."
|
||||
$ WRITE H_FILE " * So, skip it on VMS."
|
||||
$ WRITE H_FILE " */"
|
||||
$ WRITE H_FILE "#define OPENSSL_NO_SETVBUF_IONBF"
|
||||
$ WRITE H_FILE "/* STCP support comes with TCPIP 5.7 ECO 2 "
|
||||
$ WRITE H_FILE " * enable on newer systems / 2012-02-24 arpadffy */"
|
||||
$ WRITE H_FILE "#define OPENSSL_NO_SCTP"
|
||||
$ WRITE H_FILE ""
|
||||
$!
|
||||
$! Add in the common "crypto/opensslconf.h.in".
|
||||
@@ -784,7 +787,7 @@ $!
|
||||
$! Copy All The ".H" Files From The [.SSL] Directory.
|
||||
$!
|
||||
$! (keep these in the same order as ssl/Makefile)
|
||||
$ EXHEADER := ssl.h, ssl2.h, ssl3.h, ssl23.h, tls1.h, dtls1.h, kssl.h
|
||||
$ EXHEADER := ssl.h, ssl2.h, ssl3.h, ssl23.h, tls1.h, dtls1.h, kssl.h, srtp.h
|
||||
$ copy sys$disk:[.ssl]'exheader' sys$disk:[.include.openssl]
|
||||
$!
|
||||
$! Purge the [.include.openssl] header files.
|
||||
|
||||
@@ -227,14 +227,14 @@ int dtls1_do_write(SSL *s, int type)
|
||||
unsigned int len, frag_off, mac_size, blocksize;
|
||||
|
||||
/* AHA! Figure out the MTU, and stick to the right size */
|
||||
if ( ! (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
|
||||
if (s->d1->mtu < dtls1_min_mtu() && !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
|
||||
{
|
||||
s->d1->mtu =
|
||||
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
|
||||
|
||||
/* I've seen the kernel return bogus numbers when it doesn't know
|
||||
* (initial write), so just make sure we have a reasonable number */
|
||||
if ( s->d1->mtu < dtls1_min_mtu())
|
||||
if (s->d1->mtu < dtls1_min_mtu())
|
||||
{
|
||||
s->d1->mtu = 0;
|
||||
s->d1->mtu = dtls1_guess_mtu(s->d1->mtu);
|
||||
@@ -1478,8 +1478,9 @@ dtls1_process_heartbeat(SSL *s)
|
||||
*bp++ = TLS1_HB_RESPONSE;
|
||||
s2n(payload, bp);
|
||||
memcpy(bp, pl, payload);
|
||||
bp += payload;
|
||||
/* Random padding */
|
||||
RAND_pseudo_bytes(p, padding);
|
||||
RAND_pseudo_bytes(bp, padding);
|
||||
|
||||
r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding);
|
||||
|
||||
|
||||
@@ -329,7 +329,6 @@ int dtls1_connect(SSL *s)
|
||||
if (ret <= 0) goto end;
|
||||
else
|
||||
{
|
||||
dtls1_stop_timer(s);
|
||||
if (s->hit)
|
||||
{
|
||||
#ifndef OPENSSL_NO_SCTP
|
||||
@@ -440,6 +439,7 @@ int dtls1_connect(SSL *s)
|
||||
case SSL3_ST_CR_SRVR_DONE_B:
|
||||
ret=ssl3_get_server_done(s);
|
||||
if (ret <= 0) goto end;
|
||||
dtls1_stop_timer(s);
|
||||
if (s->s3->tmp.cert_req)
|
||||
s->s3->tmp.next_state=SSL3_ST_CW_CERT_A;
|
||||
else
|
||||
|
||||
40
ssl/d1_lib.c
40
ssl/d1_lib.c
@@ -391,6 +391,7 @@ void dtls1_double_timeout(SSL *s)
|
||||
void dtls1_stop_timer(SSL *s)
|
||||
{
|
||||
/* Reset everything */
|
||||
memset(&(s->d1->timeout), 0, sizeof(struct dtls1_timeout_st));
|
||||
memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));
|
||||
s->d1->timeout_duration = 1;
|
||||
BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout));
|
||||
@@ -398,10 +399,28 @@ void dtls1_stop_timer(SSL *s)
|
||||
dtls1_clear_record_buffer(s);
|
||||
}
|
||||
|
||||
int dtls1_check_timeout_num(SSL *s)
|
||||
{
|
||||
s->d1->timeout.num_alerts++;
|
||||
|
||||
/* Reduce MTU after 2 unsuccessful retransmissions */
|
||||
if (s->d1->timeout.num_alerts > 2)
|
||||
{
|
||||
s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);
|
||||
}
|
||||
|
||||
if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT)
|
||||
{
|
||||
/* fail the connection, enough alerts have been sent */
|
||||
SSLerr(SSL_F_DTLS1_HANDLE_TIMEOUT,SSL_R_READ_TIMEOUT_EXPIRED);
|
||||
return -1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int dtls1_handle_timeout(SSL *s)
|
||||
{
|
||||
DTLS1_STATE *state;
|
||||
|
||||
/* if no timer is expired, don't do anything */
|
||||
if (!dtls1_is_timer_expired(s))
|
||||
{
|
||||
@@ -409,19 +428,14 @@ int dtls1_handle_timeout(SSL *s)
|
||||
}
|
||||
|
||||
dtls1_double_timeout(s);
|
||||
state = s->d1;
|
||||
state->timeout.num_alerts++;
|
||||
if ( state->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT)
|
||||
{
|
||||
/* fail the connection, enough alerts have been sent */
|
||||
SSLerr(SSL_F_DTLS1_HANDLE_TIMEOUT,SSL_R_READ_TIMEOUT_EXPIRED);
|
||||
return -1;
|
||||
}
|
||||
|
||||
state->timeout.read_timeouts++;
|
||||
if ( state->timeout.read_timeouts > DTLS1_TMO_READ_COUNT)
|
||||
if (dtls1_check_timeout_num(s) < 0)
|
||||
return -1;
|
||||
|
||||
s->d1->timeout.read_timeouts++;
|
||||
if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT)
|
||||
{
|
||||
state->timeout.read_timeouts = 1;
|
||||
s->d1->timeout.read_timeouts = 1;
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_HEARTBEATS
|
||||
|
||||
53
ssl/d1_pkt.c
53
ssl/d1_pkt.c
@@ -179,7 +179,6 @@ static int dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr,
|
||||
static int dtls1_buffer_record(SSL *s, record_pqueue *q,
|
||||
unsigned char *priority);
|
||||
static int dtls1_process_record(SSL *s);
|
||||
static void dtls1_clear_timeouts(SSL *s);
|
||||
|
||||
/* copy buffered record into SSL structure */
|
||||
static int
|
||||
@@ -383,6 +382,8 @@ dtls1_process_record(SSL *s)
|
||||
SSL3_RECORD *rr;
|
||||
unsigned int mac_size;
|
||||
unsigned char md[EVP_MAX_MD_SIZE];
|
||||
int decryption_failed_or_bad_record_mac = 0;
|
||||
unsigned char *mac = NULL;
|
||||
|
||||
|
||||
rr= &(s->s3->rrec);
|
||||
@@ -417,13 +418,10 @@ dtls1_process_record(SSL *s)
|
||||
enc_err = s->method->ssl3_enc->enc(s,0);
|
||||
if (enc_err <= 0)
|
||||
{
|
||||
/* decryption failed, silently discard message */
|
||||
if (enc_err < 0)
|
||||
{
|
||||
rr->length = 0;
|
||||
s->packet_length = 0;
|
||||
}
|
||||
goto err;
|
||||
/* To minimize information leaked via timing, we will always
|
||||
* perform all computations before discarding the message.
|
||||
*/
|
||||
decryption_failed_or_bad_record_mac = 1;
|
||||
}
|
||||
|
||||
#ifdef TLS_DEBUG
|
||||
@@ -453,28 +451,32 @@ printf("\n");
|
||||
SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
|
||||
goto f_err;
|
||||
#else
|
||||
goto err;
|
||||
decryption_failed_or_bad_record_mac = 1;
|
||||
#endif
|
||||
}
|
||||
/* check the MAC for rr->input (it's in mac_size bytes at the tail) */
|
||||
if (rr->length < mac_size)
|
||||
if (rr->length >= mac_size)
|
||||
{
|
||||
#if 0 /* OK only for stream ciphers */
|
||||
al=SSL_AD_DECODE_ERROR;
|
||||
SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT);
|
||||
goto f_err;
|
||||
#else
|
||||
goto err;
|
||||
#endif
|
||||
rr->length -= mac_size;
|
||||
mac = &rr->data[rr->length];
|
||||
}
|
||||
rr->length-=mac_size;
|
||||
else
|
||||
rr->length = 0;
|
||||
i=s->method->ssl3_enc->mac(s,md,0);
|
||||
if (i < 0 || memcmp(md,&(rr->data[rr->length]),mac_size) != 0)
|
||||
if (i < 0 || mac == NULL || memcmp(md, mac, mac_size) != 0)
|
||||
{
|
||||
goto err;
|
||||
decryption_failed_or_bad_record_mac = 1;
|
||||
}
|
||||
}
|
||||
|
||||
if (decryption_failed_or_bad_record_mac)
|
||||
{
|
||||
/* decryption failed, silently discard message */
|
||||
rr->length = 0;
|
||||
s->packet_length = 0;
|
||||
goto err;
|
||||
}
|
||||
|
||||
/* r->length is now just compressed */
|
||||
if (s->expand != NULL)
|
||||
{
|
||||
@@ -695,7 +697,6 @@ again:
|
||||
goto again; /* get another record */
|
||||
}
|
||||
|
||||
dtls1_clear_timeouts(s); /* done waiting */
|
||||
return(1);
|
||||
|
||||
}
|
||||
@@ -1247,6 +1248,9 @@ start:
|
||||
*/
|
||||
if (msg_hdr.type == SSL3_MT_FINISHED)
|
||||
{
|
||||
if (dtls1_check_timeout_num(s) < 0)
|
||||
return -1;
|
||||
|
||||
dtls1_retransmit_buffered_messages(s);
|
||||
rr->length = 0;
|
||||
goto start;
|
||||
@@ -1870,10 +1874,3 @@ dtls1_reset_seq_numbers(SSL *s, int rw)
|
||||
|
||||
memset(seq, 0x00, seq_bytes);
|
||||
}
|
||||
|
||||
|
||||
static void
|
||||
dtls1_clear_timeouts(SSL *s)
|
||||
{
|
||||
memset(&(s->d1->timeout), 0x00, sizeof(struct dtls1_timeout_st));
|
||||
}
|
||||
|
||||
@@ -278,19 +278,25 @@ int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int max
|
||||
return 1;
|
||||
}
|
||||
|
||||
if((ct*2) > maxlen)
|
||||
if((2 + ct*2 + 1) > maxlen)
|
||||
{
|
||||
SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT,SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG);
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* Add the length */
|
||||
s2n(ct * 2, p);
|
||||
for(i=0;i<ct;i++)
|
||||
{
|
||||
prof=sk_SRTP_PROTECTION_PROFILE_value(clnt,i);
|
||||
s2n(prof->id,p);
|
||||
}
|
||||
|
||||
/* Add an empty use_mki value */
|
||||
*p++ = 0;
|
||||
}
|
||||
*len=ct*2;
|
||||
|
||||
*len=2 + ct*2 + 1;
|
||||
|
||||
return 0;
|
||||
}
|
||||
@@ -300,23 +306,48 @@ int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al
|
||||
{
|
||||
SRTP_PROTECTION_PROFILE *cprof,*sprof;
|
||||
STACK_OF(SRTP_PROTECTION_PROFILE) *clnt=0,*srvr;
|
||||
int ct;
|
||||
int mki_len;
|
||||
int i,j;
|
||||
int id;
|
||||
int ret;
|
||||
|
||||
if(len%2)
|
||||
|
||||
/* Length value + the MKI length */
|
||||
if(len < 3)
|
||||
{
|
||||
SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
|
||||
*al=SSL_AD_DECODE_ERROR;
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* Pull off the length of the cipher suite list */
|
||||
n2s(d, ct);
|
||||
len -= 2;
|
||||
|
||||
/* Check that it is even */
|
||||
if(ct%2)
|
||||
{
|
||||
SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
|
||||
*al=SSL_AD_DECODE_ERROR;
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* Check that lengths are consistent */
|
||||
if(len < (ct + 1))
|
||||
{
|
||||
SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
|
||||
*al=SSL_AD_DECODE_ERROR;
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
clnt=sk_SRTP_PROTECTION_PROFILE_new_null();
|
||||
|
||||
while(len)
|
||||
while(ct)
|
||||
{
|
||||
n2s(d,id);
|
||||
len-=2;
|
||||
ct-=2;
|
||||
len-=2;
|
||||
|
||||
if(!find_profile_by_num(id,&cprof))
|
||||
{
|
||||
@@ -328,6 +359,17 @@ int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al
|
||||
}
|
||||
}
|
||||
|
||||
/* Now extract the MKI value as a sanity check, but discard it for now */
|
||||
mki_len = *d;
|
||||
d++; len--;
|
||||
|
||||
if (mki_len != len)
|
||||
{
|
||||
SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_MKI_VALUE);
|
||||
*al=SSL_AD_DECODE_ERROR;
|
||||
return 1;
|
||||
}
|
||||
|
||||
srvr=SSL_get_srtp_profiles(s);
|
||||
|
||||
/* Pick our most preferred profile. If no profiles have been
|
||||
@@ -364,7 +406,7 @@ int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int max
|
||||
{
|
||||
if(p)
|
||||
{
|
||||
if(maxlen < 2)
|
||||
if(maxlen < 5)
|
||||
{
|
||||
SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT,SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG);
|
||||
return 1;
|
||||
@@ -375,10 +417,11 @@ int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int max
|
||||
SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT,SSL_R_USE_SRTP_NOT_NEGOTIATED);
|
||||
return 1;
|
||||
}
|
||||
|
||||
s2n(2, p);
|
||||
s2n(s->srtp_profile->id,p);
|
||||
}
|
||||
*len=2;
|
||||
*p++ = 0;
|
||||
}
|
||||
*len=5;
|
||||
|
||||
return 0;
|
||||
}
|
||||
@@ -388,10 +431,20 @@ int ssl_parse_serverhello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al
|
||||
{
|
||||
unsigned id;
|
||||
int i;
|
||||
int ct;
|
||||
|
||||
STACK_OF(SRTP_PROTECTION_PROFILE) *clnt;
|
||||
SRTP_PROTECTION_PROFILE *prof;
|
||||
|
||||
if(len!=2)
|
||||
if(len!=5)
|
||||
{
|
||||
SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
|
||||
*al=SSL_AD_DECODE_ERROR;
|
||||
return 1;
|
||||
}
|
||||
|
||||
n2s(d, ct);
|
||||
if(ct!=2)
|
||||
{
|
||||
SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
|
||||
*al=SSL_AD_DECODE_ERROR;
|
||||
@@ -399,6 +452,12 @@ int ssl_parse_serverhello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al
|
||||
}
|
||||
|
||||
n2s(d,id);
|
||||
if (*d) /* Must be no MKI, since we never offer one */
|
||||
{
|
||||
SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_MKI_VALUE);
|
||||
*al=SSL_AD_ILLEGAL_PARAMETER;
|
||||
return 1;
|
||||
}
|
||||
|
||||
clnt=SSL_get_srtp_profiles(s);
|
||||
|
||||
|
||||
@@ -591,15 +591,16 @@ int dtls1_accept(SSL *s)
|
||||
ret = ssl3_check_client_hello(s);
|
||||
if (ret <= 0)
|
||||
goto end;
|
||||
dtls1_stop_timer(s);
|
||||
if (ret == 2)
|
||||
{
|
||||
dtls1_stop_timer(s);
|
||||
s->state = SSL3_ST_SR_CLNT_HELLO_C;
|
||||
}
|
||||
else {
|
||||
/* could be sent for a DH cert, even if we
|
||||
* have not asked for it :-) */
|
||||
ret=ssl3_get_client_certificate(s);
|
||||
if (ret <= 0) goto end;
|
||||
dtls1_stop_timer(s);
|
||||
s->init_num=0;
|
||||
s->state=SSL3_ST_SR_KEY_EXCH_A;
|
||||
}
|
||||
@@ -609,7 +610,6 @@ int dtls1_accept(SSL *s)
|
||||
case SSL3_ST_SR_KEY_EXCH_B:
|
||||
ret=ssl3_get_client_key_exchange(s);
|
||||
if (ret <= 0) goto end;
|
||||
dtls1_stop_timer(s);
|
||||
#ifndef OPENSSL_NO_SCTP
|
||||
/* Add new shared key for SCTP-Auth,
|
||||
* will be ignored if no SCTP used.
|
||||
@@ -661,7 +661,6 @@ int dtls1_accept(SSL *s)
|
||||
/* we should decide if we expected this one */
|
||||
ret=ssl3_get_cert_verify(s);
|
||||
if (ret <= 0) goto end;
|
||||
dtls1_stop_timer(s);
|
||||
#ifndef OPENSSL_NO_SCTP
|
||||
if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
|
||||
state == SSL_ST_RENEGOTIATE)
|
||||
|
||||
@@ -689,9 +689,43 @@ int ssl3_client_hello(SSL *s)
|
||||
/* Do the message type and length last */
|
||||
d=p= &(buf[4]);
|
||||
|
||||
/* version indicates the negotiated version: for example from
|
||||
* an SSLv2/v3 compatible client hello). The client_version
|
||||
* field is the maximum version we permit and it is also
|
||||
* used in RSA encrypted premaster secrets. Some servers can
|
||||
* choke if we initially report a higher version then
|
||||
* renegotiate to a lower one in the premaster secret. This
|
||||
* didn't happen with TLS 1.0 as most servers supported it
|
||||
* but it can with TLS 1.1 or later if the server only supports
|
||||
* 1.0.
|
||||
*
|
||||
* Possible scenario with previous logic:
|
||||
* 1. Client hello indicates TLS 1.2
|
||||
* 2. Server hello says TLS 1.0
|
||||
* 3. RSA encrypted premaster secret uses 1.2.
|
||||
* 4. Handhaked proceeds using TLS 1.0.
|
||||
* 5. Server sends hello request to renegotiate.
|
||||
* 6. Client hello indicates TLS v1.0 as we now
|
||||
* know that is maximum server supports.
|
||||
* 7. Server chokes on RSA encrypted premaster secret
|
||||
* containing version 1.0.
|
||||
*
|
||||
* For interoperability it should be OK to always use the
|
||||
* maximum version we support in client hello and then rely
|
||||
* on the checking of version to ensure the servers isn't
|
||||
* being inconsistent: for example initially negotiating with
|
||||
* TLS 1.0 and renegotiating with TLS 1.2. We do this by using
|
||||
* client_version in client hello and not resetting it to
|
||||
* the negotiated version.
|
||||
*/
|
||||
#if 0
|
||||
*(p++)=s->version>>8;
|
||||
*(p++)=s->version&0xff;
|
||||
s->client_version=s->version;
|
||||
#else
|
||||
*(p++)=s->client_version>>8;
|
||||
*(p++)=s->client_version&0xff;
|
||||
#endif
|
||||
|
||||
/* Random stuff */
|
||||
memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
|
||||
|
||||
@@ -512,6 +512,9 @@ int ssl3_enc(SSL *s, int send)
|
||||
|
||||
/* we need to add 'i-1' padding bytes */
|
||||
l+=i;
|
||||
/* the last of these zero bytes will be overwritten
|
||||
* with the padding length. */
|
||||
memset(&rec->input[rec->length], 0, i);
|
||||
rec->length+=i;
|
||||
rec->input[l-1]=(i-1);
|
||||
}
|
||||
|
||||
@@ -3589,7 +3589,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
|
||||
ctx->srp_ctx.login = NULL;
|
||||
if (parg == NULL)
|
||||
break;
|
||||
if (strlen((char *)parg) > 254)
|
||||
if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1)
|
||||
{
|
||||
SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
|
||||
return 0;
|
||||
|
||||
@@ -295,6 +295,7 @@ int ssl3_accept(SSL *s)
|
||||
}
|
||||
|
||||
s->init_num=0;
|
||||
s->s3->flags &= ~SSL3_FLAGS_SGC_RESTART_DONE;
|
||||
|
||||
if (s->state != SSL_ST_RENEGOTIATE)
|
||||
{
|
||||
@@ -881,6 +882,13 @@ int ssl3_check_client_hello(SSL *s)
|
||||
s->s3->tmp.reuse_message = 1;
|
||||
if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO)
|
||||
{
|
||||
/* We only allow the client to restart the handshake once per
|
||||
* negotiation. */
|
||||
if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE)
|
||||
{
|
||||
SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO, SSL_R_MULTIPLE_SGC_RESTARTS);
|
||||
return -1;
|
||||
}
|
||||
/* Throw away what we have done so far in the current handshake,
|
||||
* which will now be aborted. (A full SSL_clear would be too much.) */
|
||||
#ifndef OPENSSL_NO_DH
|
||||
@@ -897,6 +905,7 @@ int ssl3_check_client_hello(SSL *s)
|
||||
s->s3->tmp.ecdh = NULL;
|
||||
}
|
||||
#endif
|
||||
s->s3->flags |= SSL3_FLAGS_SGC_RESTART_DONE;
|
||||
return 2;
|
||||
}
|
||||
return 1;
|
||||
@@ -2291,6 +2300,7 @@ int ssl3_get_client_key_exchange(SSL *s)
|
||||
if (i <= 0)
|
||||
{
|
||||
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
|
||||
BN_clear_free(pub);
|
||||
goto err;
|
||||
}
|
||||
|
||||
@@ -2900,7 +2910,7 @@ int ssl3_get_cert_verify(SSL *s)
|
||||
SSL3_ST_SR_CERT_VRFY_A,
|
||||
SSL3_ST_SR_CERT_VRFY_B,
|
||||
-1,
|
||||
514, /* 514? */
|
||||
516, /* Enough for 4096 bit RSA key with TLS v1.2 */
|
||||
&ok);
|
||||
|
||||
if (!ok) return((int)n);
|
||||
|
||||
@@ -218,7 +218,7 @@ $ LIB_SSL = "s2_meth,s2_srvr,s2_clnt,s2_lib,s2_enc,s2_pkt,"+ -
|
||||
"s23_meth,s23_srvr,s23_clnt,s23_lib,s23_pkt,"+ -
|
||||
"t1_meth,t1_srvr,t1_clnt,t1_lib,t1_enc,"+ -
|
||||
"d1_meth,d1_srvr,d1_clnt,d1_lib,d1_pkt,"+ -
|
||||
"d1_both,d1_enc,"+ -
|
||||
"d1_both,d1_enc,d1_srtp,"+ -
|
||||
"ssl_lib,ssl_err2,ssl_cert,ssl_sess,"+ -
|
||||
"ssl_ciph,ssl_stat,ssl_rsa,"+ -
|
||||
"ssl_asn1,ssl_txt,ssl_algs,"+ -
|
||||
|
||||
112
ssl/ssl.h
112
ssl/ssl.h
@@ -927,29 +927,9 @@ struct ssl_ctx_st
|
||||
/* Callback for status request */
|
||||
int (*tlsext_status_cb)(SSL *ssl, void *arg);
|
||||
void *tlsext_status_arg;
|
||||
|
||||
# ifndef OPENSSL_NO_NEXTPROTONEG
|
||||
/* Next protocol negotiation information */
|
||||
/* (for experimental NPN extension). */
|
||||
|
||||
/* For a server, this contains a callback function by which the set of
|
||||
* advertised protocols can be provided. */
|
||||
int (*next_protos_advertised_cb)(SSL *s, const unsigned char **buf,
|
||||
unsigned int *len, void *arg);
|
||||
void *next_protos_advertised_cb_arg;
|
||||
/* For a client, this contains a callback function that selects the
|
||||
* next protocol from the list provided by the server. */
|
||||
int (*next_proto_select_cb)(SSL *s, unsigned char **out,
|
||||
unsigned char *outlen,
|
||||
const unsigned char *in,
|
||||
unsigned int inlen,
|
||||
void *arg);
|
||||
void *next_proto_select_cb_arg;
|
||||
|
||||
/* draft-rescorla-tls-opaque-prf-input-00.txt information */
|
||||
int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput, size_t len, void *arg);
|
||||
void *tlsext_opaque_prf_input_callback_arg;
|
||||
# endif
|
||||
#endif
|
||||
|
||||
#ifndef OPENSSL_NO_PSK
|
||||
@@ -972,6 +952,24 @@ struct ssl_ctx_st
|
||||
#endif
|
||||
|
||||
#ifndef OPENSSL_NO_TLSEXT
|
||||
# ifndef OPENSSL_NO_NEXTPROTONEG
|
||||
/* Next protocol negotiation information */
|
||||
/* (for experimental NPN extension). */
|
||||
|
||||
/* For a server, this contains a callback function by which the set of
|
||||
* advertised protocols can be provided. */
|
||||
int (*next_protos_advertised_cb)(SSL *s, const unsigned char **buf,
|
||||
unsigned int *len, void *arg);
|
||||
void *next_protos_advertised_cb_arg;
|
||||
/* For a client, this contains a callback function that selects the
|
||||
* next protocol from the list provided by the server. */
|
||||
int (*next_proto_select_cb)(SSL *s, unsigned char **out,
|
||||
unsigned char *outlen,
|
||||
const unsigned char *in,
|
||||
unsigned int inlen,
|
||||
void *arg);
|
||||
void *next_proto_select_cb_arg;
|
||||
# endif
|
||||
/* SRTP profiles we are willing to do from RFC 5764 */
|
||||
STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
|
||||
#endif
|
||||
@@ -1147,10 +1145,6 @@ struct ssl_st
|
||||
* NB: For servers, the 'new' session may actually be a previously
|
||||
* cached session or even the previous session unless
|
||||
* SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
|
||||
int renegotiate;/* 1 if we are renegotiating.
|
||||
* 2 if we are a server and are inside a handshake
|
||||
* (i.e. not just sending a HelloRequest) */
|
||||
|
||||
int quiet_shutdown;/* don't send shutdown packets */
|
||||
int shutdown; /* we have shut things down, 0x01 sent, 0x02
|
||||
* for received */
|
||||
@@ -1248,10 +1242,6 @@ struct ssl_st
|
||||
unsigned char *psk, unsigned int max_psk_len);
|
||||
#endif
|
||||
|
||||
#ifndef OPENSSL_NO_SRP
|
||||
SRP_CTX srp_ctx; /* ctx for SRP authentication */
|
||||
#endif
|
||||
|
||||
SSL_CTX *ctx;
|
||||
/* set this flag to 1 and a sleep(1) is put into all SSL_read()
|
||||
* and SSL_write() calls, good for nbio debuging :-) */
|
||||
@@ -1349,6 +1339,14 @@ struct ssl_st
|
||||
#else
|
||||
#define session_ctx ctx
|
||||
#endif /* OPENSSL_NO_TLSEXT */
|
||||
|
||||
int renegotiate;/* 1 if we are renegotiating.
|
||||
* 2 if we are a server and are inside a handshake
|
||||
* (i.e. not just sending a HelloRequest) */
|
||||
|
||||
#ifndef OPENSSL_NO_SRP
|
||||
SRP_CTX srp_ctx; /* ctx for SRP authentication */
|
||||
#endif
|
||||
};
|
||||
|
||||
#endif
|
||||
@@ -2040,7 +2038,7 @@ int SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn tls_session_secre
|
||||
|
||||
void SSL_set_debug(SSL *s, int debug);
|
||||
int SSL_cache_hit(SSL *s);
|
||||
|
||||
|
||||
/* BEGIN ERROR CODES */
|
||||
/* The following lines are auto generated by the script mkerr.pl. Any changes
|
||||
* made after this point may be overwritten when the script is next run.
|
||||
@@ -2068,7 +2066,7 @@ void ERR_load_SSL_strings(void);
|
||||
#define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT 253
|
||||
#define SSL_F_DTLS1_GET_RECORD 254
|
||||
#define SSL_F_DTLS1_HANDLE_TIMEOUT 297
|
||||
#define SSL_F_DTLS1_HEARTBEAT 314
|
||||
#define SSL_F_DTLS1_HEARTBEAT 305
|
||||
#define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255
|
||||
#define SSL_F_DTLS1_PREPROCESS_FRAGMENT 288
|
||||
#define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256
|
||||
@@ -2118,6 +2116,7 @@ void ERR_load_SSL_strings(void);
|
||||
#define SSL_F_SSL3_CALLBACK_CTRL 233
|
||||
#define SSL_F_SSL3_CHANGE_CIPHER_STATE 129
|
||||
#define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130
|
||||
#define SSL_F_SSL3_CHECK_CLIENT_HELLO 304
|
||||
#define SSL_F_SSL3_CLIENT_HELLO 131
|
||||
#define SSL_F_SSL3_CONNECT 132
|
||||
#define SSL_F_SSL3_CTRL 213
|
||||
@@ -2136,7 +2135,7 @@ void ERR_load_SSL_strings(void);
|
||||
#define SSL_F_SSL3_GET_KEY_EXCHANGE 141
|
||||
#define SSL_F_SSL3_GET_MESSAGE 142
|
||||
#define SSL_F_SSL3_GET_NEW_SESSION_TICKET 283
|
||||
#define SSL_F_SSL3_GET_NEXT_PROTO 305
|
||||
#define SSL_F_SSL3_GET_NEXT_PROTO 306
|
||||
#define SSL_F_SSL3_GET_RECORD 143
|
||||
#define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144
|
||||
#define SSL_F_SSL3_GET_SERVER_DONE 145
|
||||
@@ -2224,7 +2223,7 @@ void ERR_load_SSL_strings(void);
|
||||
#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188
|
||||
#define SSL_F_SSL_SESSION_NEW 189
|
||||
#define SSL_F_SSL_SESSION_PRINT_FP 190
|
||||
#define SSL_F_SSL_SESSION_SET1_ID_CONTEXT 306
|
||||
#define SSL_F_SSL_SESSION_SET1_ID_CONTEXT 312
|
||||
#define SSL_F_SSL_SESS_CERT_NEW 225
|
||||
#define SSL_F_SSL_SET_CERT 191
|
||||
#define SSL_F_SSL_SET_CIPHER_LIST 271
|
||||
@@ -2238,7 +2237,7 @@ void ERR_load_SSL_strings(void);
|
||||
#define SSL_F_SSL_SET_TRUST 228
|
||||
#define SSL_F_SSL_SET_WFD 196
|
||||
#define SSL_F_SSL_SHUTDOWN 224
|
||||
#define SSL_F_SSL_SRP_CTX_INIT 304
|
||||
#define SSL_F_SSL_SRP_CTX_INIT 313
|
||||
#define SSL_F_SSL_UNDEFINED_CONST_FUNCTION 243
|
||||
#define SSL_F_SSL_UNDEFINED_FUNCTION 197
|
||||
#define SSL_F_SSL_UNDEFINED_VOID_FUNCTION 244
|
||||
@@ -2258,8 +2257,8 @@ void ERR_load_SSL_strings(void);
|
||||
#define SSL_F_TLS1_CHANGE_CIPHER_STATE 209
|
||||
#define SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT 274
|
||||
#define SSL_F_TLS1_ENC 210
|
||||
#define SSL_F_TLS1_EXPORT_KEYING_MATERIAL 312
|
||||
#define SSL_F_TLS1_HEARTBEAT 313
|
||||
#define SSL_F_TLS1_EXPORT_KEYING_MATERIAL 314
|
||||
#define SSL_F_TLS1_HEARTBEAT 315
|
||||
#define SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT 275
|
||||
#define SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT 276
|
||||
#define SSL_F_TLS1_PRF 284
|
||||
@@ -2299,12 +2298,13 @@ void ERR_load_SSL_strings(void);
|
||||
#define SSL_R_BAD_RSA_MODULUS_LENGTH 121
|
||||
#define SSL_R_BAD_RSA_SIGNATURE 122
|
||||
#define SSL_R_BAD_SIGNATURE 123
|
||||
#define SSL_R_BAD_SRP_A_LENGTH 346
|
||||
#define SSL_R_BAD_SRP_B_LENGTH 347
|
||||
#define SSL_R_BAD_SRP_G_LENGTH 348
|
||||
#define SSL_R_BAD_SRP_N_LENGTH 349
|
||||
#define SSL_R_BAD_SRP_S_LENGTH 350
|
||||
#define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST 360
|
||||
#define SSL_R_BAD_SRP_A_LENGTH 347
|
||||
#define SSL_R_BAD_SRP_B_LENGTH 348
|
||||
#define SSL_R_BAD_SRP_G_LENGTH 349
|
||||
#define SSL_R_BAD_SRP_N_LENGTH 350
|
||||
#define SSL_R_BAD_SRP_S_LENGTH 351
|
||||
#define SSL_R_BAD_SRTP_MKI_VALUE 352
|
||||
#define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST 353
|
||||
#define SSL_R_BAD_SSL_FILETYPE 124
|
||||
#define SSL_R_BAD_SSL_SESSION_ID_LENGTH 125
|
||||
#define SSL_R_BAD_STATE 126
|
||||
@@ -2343,7 +2343,7 @@ void ERR_load_SSL_strings(void);
|
||||
#define SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE 322
|
||||
#define SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE 323
|
||||
#define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 310
|
||||
#define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 361
|
||||
#define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 354
|
||||
#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150
|
||||
#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282
|
||||
#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151
|
||||
@@ -2360,7 +2360,7 @@ void ERR_load_SSL_strings(void);
|
||||
#define SSL_R_INVALID_COMMAND 280
|
||||
#define SSL_R_INVALID_COMPRESSION_ALGORITHM 341
|
||||
#define SSL_R_INVALID_PURPOSE 278
|
||||
#define SSL_R_INVALID_SRP_USERNAME 351
|
||||
#define SSL_R_INVALID_SRP_USERNAME 357
|
||||
#define SSL_R_INVALID_STATUS_RESPONSE 328
|
||||
#define SSL_R_INVALID_TICKET_KEYS_LENGTH 325
|
||||
#define SSL_R_INVALID_TRUST 279
|
||||
@@ -2390,13 +2390,13 @@ void ERR_load_SSL_strings(void);
|
||||
#define SSL_R_MISSING_RSA_CERTIFICATE 168
|
||||
#define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169
|
||||
#define SSL_R_MISSING_RSA_SIGNING_CERT 170
|
||||
#define SSL_R_MISSING_SRP_PARAM 352
|
||||
#define SSL_R_MISSING_SRP_USERNAME 353
|
||||
#define SSL_R_MISSING_SRP_PARAM 358
|
||||
#define SSL_R_MISSING_TMP_DH_KEY 171
|
||||
#define SSL_R_MISSING_TMP_ECDH_KEY 311
|
||||
#define SSL_R_MISSING_TMP_RSA_KEY 172
|
||||
#define SSL_R_MISSING_TMP_RSA_PKEY 173
|
||||
#define SSL_R_MISSING_VERIFY_MESSAGE 174
|
||||
#define SSL_R_MULTIPLE_SGC_RESTARTS 346
|
||||
#define SSL_R_NON_SSLV2_INITIAL_PACKET 175
|
||||
#define SSL_R_NO_CERTIFICATES_RETURNED 176
|
||||
#define SSL_R_NO_CERTIFICATE_ASSIGNED 177
|
||||
@@ -2420,7 +2420,7 @@ void ERR_load_SSL_strings(void);
|
||||
#define SSL_R_NO_RENEGOTIATION 339
|
||||
#define SSL_R_NO_REQUIRED_DIGEST 324
|
||||
#define SSL_R_NO_SHARED_CIPHER 193
|
||||
#define SSL_R_NO_SRTP_PROFILES 362
|
||||
#define SSL_R_NO_SRTP_PROFILES 359
|
||||
#define SSL_R_NO_VERIFY_CALLBACK 194
|
||||
#define SSL_R_NULL_SSL_CTX 195
|
||||
#define SSL_R_NULL_SSL_METHOD_PASSED 196
|
||||
@@ -2464,12 +2464,12 @@ void ERR_load_SSL_strings(void);
|
||||
#define SSL_R_SERVERHELLO_TLSEXT 275
|
||||
#define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277
|
||||
#define SSL_R_SHORT_READ 219
|
||||
#define SSL_R_SIGNATURE_ALGORITHMS_ERROR 359
|
||||
#define SSL_R_SIGNATURE_ALGORITHMS_ERROR 360
|
||||
#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220
|
||||
#define SSL_R_SRP_A_CALC 354
|
||||
#define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES 363
|
||||
#define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG 364
|
||||
#define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE 365
|
||||
#define SSL_R_SRP_A_CALC 361
|
||||
#define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES 362
|
||||
#define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG 363
|
||||
#define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE 364
|
||||
#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221
|
||||
#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 299
|
||||
#define SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT 321
|
||||
@@ -2514,8 +2514,8 @@ void ERR_load_SSL_strings(void);
|
||||
#define SSL_R_TLSV1_UNRECOGNIZED_NAME 1112
|
||||
#define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110
|
||||
#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232
|
||||
#define SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT 368
|
||||
#define SSL_R_TLS_HEARTBEAT_PENDING 369
|
||||
#define SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT 365
|
||||
#define SSL_R_TLS_HEARTBEAT_PENDING 366
|
||||
#define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL 367
|
||||
#define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157
|
||||
#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
|
||||
@@ -2538,7 +2538,7 @@ void ERR_load_SSL_strings(void);
|
||||
#define SSL_R_UNKNOWN_CERTIFICATE_TYPE 247
|
||||
#define SSL_R_UNKNOWN_CIPHER_RETURNED 248
|
||||
#define SSL_R_UNKNOWN_CIPHER_TYPE 249
|
||||
#define SSL_R_UNKNOWN_DIGEST 357
|
||||
#define SSL_R_UNKNOWN_DIGEST 368
|
||||
#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250
|
||||
#define SSL_R_UNKNOWN_PKEY_TYPE 251
|
||||
#define SSL_R_UNKNOWN_PROTOCOL 252
|
||||
@@ -2553,14 +2553,14 @@ void ERR_load_SSL_strings(void);
|
||||
#define SSL_R_UNSUPPORTED_PROTOCOL 258
|
||||
#define SSL_R_UNSUPPORTED_SSL_VERSION 259
|
||||
#define SSL_R_UNSUPPORTED_STATUS_TYPE 329
|
||||
#define SSL_R_USE_SRTP_NOT_NEGOTIATED 366
|
||||
#define SSL_R_USE_SRTP_NOT_NEGOTIATED 369
|
||||
#define SSL_R_WRITE_BIO_NOT_SET 260
|
||||
#define SSL_R_WRONG_CIPHER_RETURNED 261
|
||||
#define SSL_R_WRONG_MESSAGE_TYPE 262
|
||||
#define SSL_R_WRONG_NUMBER_OF_KEY_BITS 263
|
||||
#define SSL_R_WRONG_SIGNATURE_LENGTH 264
|
||||
#define SSL_R_WRONG_SIGNATURE_SIZE 265
|
||||
#define SSL_R_WRONG_SIGNATURE_TYPE 358
|
||||
#define SSL_R_WRONG_SIGNATURE_TYPE 370
|
||||
#define SSL_R_WRONG_SSL_VERSION 266
|
||||
#define SSL_R_WRONG_VERSION_NUMBER 267
|
||||
#define SSL_R_X509_LIB 268
|
||||
|
||||
21
ssl/ssl3.h
21
ssl/ssl3.h
@@ -388,6 +388,17 @@ typedef struct ssl3_buffer_st
|
||||
#define TLS1_FLAGS_TLS_PADDING_BUG 0x0008
|
||||
#define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010
|
||||
#define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020
|
||||
|
||||
/* SSL3_FLAGS_SGC_RESTART_DONE is set when we
|
||||
* restart a handshake because of MS SGC and so prevents us
|
||||
* from restarting the handshake in a loop. It's reset on a
|
||||
* renegotiation, so effectively limits the client to one restart
|
||||
* per negotiation. This limits the possibility of a DDoS
|
||||
* attack where the client handshakes in a loop using SGC to
|
||||
* restart. Servers which permit renegotiation can still be
|
||||
* effected, but we can't prevent that.
|
||||
*/
|
||||
#define SSL3_FLAGS_SGC_RESTART_DONE 0x0040
|
||||
|
||||
#ifndef OPENSSL_NO_SSL_INTERN
|
||||
|
||||
@@ -466,11 +477,6 @@ typedef struct ssl3_state_st
|
||||
void *server_opaque_prf_input;
|
||||
size_t server_opaque_prf_input_len;
|
||||
|
||||
#ifndef OPENSSL_NO_NEXTPROTONEG
|
||||
/* Set if we saw the Next Protocol Negotiation extension from our peer. */
|
||||
int next_proto_neg_seen;
|
||||
#endif
|
||||
|
||||
struct {
|
||||
/* actually only needs to be 16+20 */
|
||||
unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];
|
||||
@@ -528,6 +534,11 @@ typedef struct ssl3_state_st
|
||||
unsigned char previous_server_finished[EVP_MAX_MD_SIZE];
|
||||
unsigned char previous_server_finished_len;
|
||||
int send_connection_binding; /* TODOEKR */
|
||||
|
||||
#ifndef OPENSSL_NO_NEXTPROTONEG
|
||||
/* Set if we saw the Next Protocol Negotiation extension from our peer. */
|
||||
int next_proto_neg_seen;
|
||||
#endif
|
||||
} SSL3_STATE;
|
||||
|
||||
#endif
|
||||
|
||||
@@ -90,7 +90,7 @@ int SSL_library_init(void)
|
||||
EVP_add_cipher(EVP_aes_256_cbc());
|
||||
EVP_add_cipher(EVP_aes_128_gcm());
|
||||
EVP_add_cipher(EVP_aes_256_gcm());
|
||||
#if !defined(OPENSSL_NO_SHA) && !defined(OPNESSL_NO_SHA1)
|
||||
#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
|
||||
EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1());
|
||||
EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1());
|
||||
#endif
|
||||
|
||||
@@ -138,6 +138,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
|
||||
{ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL), "SSL3_CALLBACK_CTRL"},
|
||||
{ERR_FUNC(SSL_F_SSL3_CHANGE_CIPHER_STATE), "SSL3_CHANGE_CIPHER_STATE"},
|
||||
{ERR_FUNC(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM), "SSL3_CHECK_CERT_AND_ALGORITHM"},
|
||||
{ERR_FUNC(SSL_F_SSL3_CHECK_CLIENT_HELLO), "SSL3_CHECK_CLIENT_HELLO"},
|
||||
{ERR_FUNC(SSL_F_SSL3_CLIENT_HELLO), "SSL3_CLIENT_HELLO"},
|
||||
{ERR_FUNC(SSL_F_SSL3_CONNECT), "SSL3_CONNECT"},
|
||||
{ERR_FUNC(SSL_F_SSL3_CTRL), "SSL3_CTRL"},
|
||||
@@ -327,6 +328,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
|
||||
{ERR_REASON(SSL_R_BAD_SRP_G_LENGTH) ,"bad srp g length"},
|
||||
{ERR_REASON(SSL_R_BAD_SRP_N_LENGTH) ,"bad srp n length"},
|
||||
{ERR_REASON(SSL_R_BAD_SRP_S_LENGTH) ,"bad srp s length"},
|
||||
{ERR_REASON(SSL_R_BAD_SRTP_MKI_VALUE) ,"bad srtp mki value"},
|
||||
{ERR_REASON(SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST),"bad srtp protection profile list"},
|
||||
{ERR_REASON(SSL_R_BAD_SSL_FILETYPE) ,"bad ssl filetype"},
|
||||
{ERR_REASON(SSL_R_BAD_SSL_SESSION_ID_LENGTH),"bad ssl session id length"},
|
||||
@@ -414,12 +416,12 @@ static ERR_STRING_DATA SSL_str_reasons[]=
|
||||
{ERR_REASON(SSL_R_MISSING_RSA_ENCRYPTING_CERT),"missing rsa encrypting cert"},
|
||||
{ERR_REASON(SSL_R_MISSING_RSA_SIGNING_CERT),"missing rsa signing cert"},
|
||||
{ERR_REASON(SSL_R_MISSING_SRP_PARAM) ,"can't find SRP server param"},
|
||||
{ERR_REASON(SSL_R_MISSING_SRP_USERNAME) ,"missing srp username"},
|
||||
{ERR_REASON(SSL_R_MISSING_TMP_DH_KEY) ,"missing tmp dh key"},
|
||||
{ERR_REASON(SSL_R_MISSING_TMP_ECDH_KEY) ,"missing tmp ecdh key"},
|
||||
{ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY) ,"missing tmp rsa key"},
|
||||
{ERR_REASON(SSL_R_MISSING_TMP_RSA_PKEY) ,"missing tmp rsa pkey"},
|
||||
{ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE),"missing verify message"},
|
||||
{ERR_REASON(SSL_R_MULTIPLE_SGC_RESTARTS) ,"multiple sgc restarts"},
|
||||
{ERR_REASON(SSL_R_NON_SSLV2_INITIAL_PACKET),"non sslv2 initial packet"},
|
||||
{ERR_REASON(SSL_R_NO_CERTIFICATES_RETURNED),"no certificates returned"},
|
||||
{ERR_REASON(SSL_R_NO_CERTIFICATE_ASSIGNED),"no certificate assigned"},
|
||||
|
||||
@@ -1079,8 +1079,10 @@ long SSL_ctrl(SSL *s,int cmd,long larg,void *parg)
|
||||
s->max_cert_list=larg;
|
||||
return(l);
|
||||
case SSL_CTRL_SET_MTU:
|
||||
#ifndef OPENSSL_NO_DTLS1
|
||||
if (larg < (long)dtls1_min_mtu())
|
||||
return 0;
|
||||
#endif
|
||||
|
||||
if (SSL_version(s) == DTLS1_VERSION ||
|
||||
SSL_version(s) == DTLS1_BAD_VER)
|
||||
|
||||
@@ -965,6 +965,7 @@ void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr);
|
||||
void dtls1_reset_seq_numbers(SSL *s, int rw);
|
||||
long dtls1_default_timeout(void);
|
||||
struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft);
|
||||
int dtls1_check_timeout_num(SSL *s);
|
||||
int dtls1_handle_timeout(SSL *s);
|
||||
const SSL_CIPHER *dtls1_get_cipher(unsigned int u);
|
||||
void dtls1_start_timer(SSL *s);
|
||||
|
||||
@@ -825,7 +825,10 @@ int tls1_enc(SSL *s, int send)
|
||||
}
|
||||
}
|
||||
|
||||
if (EVP_Cipher(ds,rec->data,rec->input,l) < 0)
|
||||
i = EVP_Cipher(ds,rec->data,rec->input,l);
|
||||
if ((EVP_CIPHER_flags(ds->cipher)&EVP_CIPH_FLAG_CUSTOM_CIPHER)
|
||||
?(i<0)
|
||||
:(i==0))
|
||||
return -1; /* AEAD can fail to verify MAC */
|
||||
if (EVP_CIPHER_mode(enc) == EVP_CIPH_GCM_MODE && !send)
|
||||
{
|
||||
|
||||
97
ssl/t1_lib.c
97
ssl/t1_lib.c
@@ -432,25 +432,29 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_SRP
|
||||
#define MIN(x,y) (((x)<(y))?(x):(y))
|
||||
/* we add SRP username the first time only if we have one! */
|
||||
/* Add SRP username if there is one */
|
||||
if (s->srp_ctx.login != NULL)
|
||||
{/* Add TLS extension SRP username to the Client Hello message */
|
||||
int login_len = MIN(strlen(s->srp_ctx.login) + 1, 255);
|
||||
long lenmax;
|
||||
{ /* Add TLS extension SRP username to the Client Hello message */
|
||||
|
||||
if ((lenmax = limit - ret - 5) < 0) return NULL;
|
||||
if (login_len > lenmax) return NULL;
|
||||
if (login_len > 255)
|
||||
int login_len = strlen(s->srp_ctx.login);
|
||||
if (login_len > 255 || login_len == 0)
|
||||
{
|
||||
SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
|
||||
/* check for enough space.
|
||||
4 for the srp type type and entension length
|
||||
1 for the srp user identity
|
||||
+ srp user identity length
|
||||
*/
|
||||
if ((limit - ret - 5 - login_len) < 0) return NULL;
|
||||
|
||||
/* fill in the extension */
|
||||
s2n(TLSEXT_TYPE_srp,ret);
|
||||
s2n(login_len+1,ret);
|
||||
|
||||
(*ret++) = (unsigned char) MIN(strlen(s->srp_ctx.login), 254);
|
||||
memcpy(ret, s->srp_ctx.login, MIN(strlen(s->srp_ctx.login), 254));
|
||||
(*ret++) = (unsigned char) login_len;
|
||||
memcpy(ret, s->srp_ctx.login, login_len);
|
||||
ret+=login_len;
|
||||
}
|
||||
#endif
|
||||
@@ -812,17 +816,21 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_HEARTBEATS
|
||||
/* Add Heartbeat extension */
|
||||
s2n(TLSEXT_TYPE_heartbeat,ret);
|
||||
s2n(1,ret);
|
||||
/* Set mode:
|
||||
* 1: peer may send requests
|
||||
* 2: peer not allowed to send requests
|
||||
*/
|
||||
if (s->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_RECV_REQUESTS)
|
||||
*(ret++) = SSL_TLSEXT_HB_DONT_SEND_REQUESTS;
|
||||
else
|
||||
*(ret++) = SSL_TLSEXT_HB_ENABLED;
|
||||
/* Add Heartbeat extension if we've received one */
|
||||
if (s->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED)
|
||||
{
|
||||
s2n(TLSEXT_TYPE_heartbeat,ret);
|
||||
s2n(1,ret);
|
||||
/* Set mode:
|
||||
* 1: peer may send requests
|
||||
* 2: peer not allowed to send requests
|
||||
*/
|
||||
if (s->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_RECV_REQUESTS)
|
||||
*(ret++) = SSL_TLSEXT_HB_DONT_SEND_REQUESTS;
|
||||
else
|
||||
*(ret++) = SSL_TLSEXT_HB_ENABLED;
|
||||
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifndef OPENSSL_NO_NEXTPROTONEG
|
||||
@@ -1003,13 +1011,25 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
|
||||
#ifndef OPENSSL_NO_SRP
|
||||
else if (type == TLSEXT_TYPE_srp)
|
||||
{
|
||||
if (size > 0)
|
||||
if (size <= 0 || ((len = data[0])) != (size -1))
|
||||
{
|
||||
len = data[0];
|
||||
if ((s->srp_ctx.login = OPENSSL_malloc(len+1)) == NULL)
|
||||
return -1;
|
||||
memcpy(s->srp_ctx.login, &data[1], len);
|
||||
s->srp_ctx.login[len]='\0';
|
||||
*al = SSL_AD_DECODE_ERROR;
|
||||
return 0;
|
||||
}
|
||||
if (s->srp_ctx.login != NULL)
|
||||
{
|
||||
*al = SSL_AD_DECODE_ERROR;
|
||||
return 0;
|
||||
}
|
||||
if ((s->srp_ctx.login = OPENSSL_malloc(len+1)) == NULL)
|
||||
return -1;
|
||||
memcpy(s->srp_ctx.login, &data[1], len);
|
||||
s->srp_ctx.login[len]='\0';
|
||||
|
||||
if (strlen(s->srp_ctx.login) != len)
|
||||
{
|
||||
*al = SSL_AD_DECODE_ERROR;
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
@@ -1244,6 +1264,12 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
|
||||
sdata = data;
|
||||
if (dsize > 0)
|
||||
{
|
||||
if (s->tlsext_ocsp_exts)
|
||||
{
|
||||
sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
|
||||
X509_EXTENSION_free);
|
||||
}
|
||||
|
||||
s->tlsext_ocsp_exts =
|
||||
d2i_X509_EXTENSIONS(NULL,
|
||||
&sdata, dsize);
|
||||
@@ -1273,6 +1299,8 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
|
||||
s->tlsext_heartbeat |= SSL_TLSEXT_HB_ENABLED;
|
||||
s->tlsext_heartbeat |= SSL_TLSEXT_HB_DONT_SEND_REQUESTS;
|
||||
break;
|
||||
default: *al = SSL_AD_ILLEGAL_PARAMETER;
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
@@ -1544,6 +1572,8 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
|
||||
s->tlsext_heartbeat |= SSL_TLSEXT_HB_ENABLED;
|
||||
s->tlsext_heartbeat |= SSL_TLSEXT_HB_DONT_SEND_REQUESTS;
|
||||
break;
|
||||
default: *al = SSL_AD_ILLEGAL_PARAMETER;
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
@@ -2231,7 +2261,7 @@ static tls12_lookup tls12_sig[] = {
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
{EVP_PKEY_RSA, TLSEXT_signature_rsa},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
#ifndef OPENSSL_NO_DSA
|
||||
{EVP_PKEY_DSA, TLSEXT_signature_dsa},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_ECDSA
|
||||
@@ -2265,6 +2295,8 @@ static int tls12_find_nid(int id, tls12_lookup *table, size_t tlen)
|
||||
int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk, const EVP_MD *md)
|
||||
{
|
||||
int sig_id, md_id;
|
||||
if (!md)
|
||||
return 0;
|
||||
md_id = tls12_find_id(EVP_MD_type(md), tls12_md,
|
||||
sizeof(tls12_md)/sizeof(tls12_lookup));
|
||||
if (md_id == -1)
|
||||
@@ -2435,7 +2467,10 @@ tls1_process_heartbeat(SSL *s)
|
||||
*bp++ = TLS1_HB_RESPONSE;
|
||||
s2n(payload, bp);
|
||||
memcpy(bp, pl, payload);
|
||||
|
||||
bp += payload;
|
||||
/* Random padding */
|
||||
RAND_pseudo_bytes(bp, padding);
|
||||
|
||||
r = ssl3_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding);
|
||||
|
||||
if (r >= 0 && s->msg_callback)
|
||||
|
||||
30
ssl/tls1.h
30
ssl/tls1.h
@@ -197,20 +197,42 @@ extern "C" {
|
||||
#define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114
|
||||
#define TLS1_AD_UNKNOWN_PSK_IDENTITY 115 /* fatal */
|
||||
|
||||
/* ExtensionType values from RFC3546 / RFC4366 */
|
||||
/* ExtensionType values from RFC3546 / RFC4366 / RFC6066 */
|
||||
#define TLSEXT_TYPE_server_name 0
|
||||
#define TLSEXT_TYPE_max_fragment_length 1
|
||||
#define TLSEXT_TYPE_client_certificate_url 2
|
||||
#define TLSEXT_TYPE_trusted_ca_keys 3
|
||||
#define TLSEXT_TYPE_truncated_hmac 4
|
||||
#define TLSEXT_TYPE_status_request 5
|
||||
/* ExtensionType values from RFC4681 */
|
||||
#define TLSEXT_TYPE_user_mapping 6
|
||||
|
||||
/* ExtensionType values from RFC5878 */
|
||||
#define TLSEXT_TYPE_client_authz 7
|
||||
#define TLSEXT_TYPE_server_authz 8
|
||||
|
||||
/* ExtensionType values from RFC6091 */
|
||||
#define TLSEXT_TYPE_cert_type 9
|
||||
|
||||
/* ExtensionType values from RFC4492 */
|
||||
#define TLSEXT_TYPE_elliptic_curves 10
|
||||
#define TLSEXT_TYPE_ec_point_formats 11
|
||||
|
||||
/* ExtensionType value from RFC5054 */
|
||||
#define TLSEXT_TYPE_srp 12
|
||||
|
||||
/* ExtensionType values from RFC5246 */
|
||||
#define TLSEXT_TYPE_signature_algorithms 13
|
||||
|
||||
/* ExtensionType value from RFC5764 */
|
||||
#define TLSEXT_TYPE_use_srtp 14
|
||||
|
||||
/* ExtensionType value from RFC5620 */
|
||||
#define TLSEXT_TYPE_heartbeat 15
|
||||
|
||||
/* ExtensionType value from RFC4507 */
|
||||
#define TLSEXT_TYPE_session_ticket 35
|
||||
|
||||
/* ExtensionType value from draft-rescorla-tls-opaque-prf-input-00.txt */
|
||||
#if 0 /* will have to be provided externally for now ,
|
||||
* i.e. build with -DTLSEXT_TYPE_opaque_prf_input=38183
|
||||
@@ -253,12 +275,6 @@ extern "C" {
|
||||
#define TLSEXT_hash_sha384 5
|
||||
#define TLSEXT_hash_sha512 6
|
||||
|
||||
/* ExtensionType value from RFC5764 */
|
||||
#define TLSEXT_TYPE_use_srtp 14
|
||||
|
||||
/* Heartbeat extension */
|
||||
#define TLSEXT_TYPE_heartbeat 15
|
||||
|
||||
#ifndef OPENSSL_NO_TLSEXT
|
||||
|
||||
#define TLSEXT_MAXLEN_host_name 255
|
||||
|
||||
@@ -68,6 +68,8 @@ $ EXPTEST := exptest
|
||||
$ IDEATEST := ideatest
|
||||
$ SHATEST := shatest
|
||||
$ SHA1TEST := sha1test
|
||||
$ SHA256TEST := sha256t
|
||||
$ SHA512TEST := sha512t
|
||||
$ MDC2TEST := mdc2test
|
||||
$ RMDTEST := rmdtest
|
||||
$ MD2TEST := md2test
|
||||
@@ -115,6 +117,8 @@ $ return
|
||||
$ test_sha:
|
||||
$ mcr 'texe_dir''shatest'
|
||||
$ mcr 'texe_dir''sha1test'
|
||||
$ mcr 'texe_dir''sha256test'
|
||||
$ mcr 'texe_dir''sha512test'
|
||||
$ return
|
||||
$ test_mdc2:
|
||||
$ mcr 'texe_dir''mdc2test'
|
||||
|
||||
@@ -59,7 +59,6 @@ while(<IN>) {
|
||||
}
|
||||
close(IN);
|
||||
|
||||
$fipsdir =~ tr/\//${o}/;
|
||||
$debug = 1 if $mf_platform =~ /^debug-/;
|
||||
|
||||
die "Makefile is not the toplevel Makefile!\n" if $ssl_version eq "";
|
||||
@@ -234,6 +233,8 @@ else
|
||||
$cflags.=' -DTERMIO';
|
||||
}
|
||||
|
||||
$fipsdir =~ s/\//${o}/g;
|
||||
|
||||
$out_dir=(defined($VARS{'OUT'}))?$VARS{'OUT'}:$out_def.($debug?".dbg":"");
|
||||
$tmp_dir=(defined($VARS{'TMP'}))?$VARS{'TMP'}:$tmp_def.($debug?".dbg":"");
|
||||
$inc_dir=(defined($VARS{'INC'}))?$VARS{'INC'}:$inc_def;
|
||||
|
||||
@@ -310,11 +310,13 @@ SSL_SESSION_get_id_len 351 NOEXIST::FUNCTION:
|
||||
kssl_ctx_get0_client_princ 352 EXIST::FUNCTION:KRB5
|
||||
SSL_export_keying_material 353 EXIST::FUNCTION:TLSEXT
|
||||
SSL_set_tlsext_use_srtp 354 EXIST::FUNCTION:
|
||||
SSL_CTX_set_next_protos_advertised_cb 355 EXIST::FUNCTION:NEXTPROTONEG
|
||||
SSL_CTX_set_next_protos_advertised_cb 355 EXIST:!VMS:FUNCTION:NEXTPROTONEG
|
||||
SSL_CTX_set_next_protos_adv_cb 355 EXIST:VMS:FUNCTION:NEXTPROTONEG
|
||||
SSL_get0_next_proto_negotiated 356 EXIST::FUNCTION:NEXTPROTONEG
|
||||
SSL_get_selected_srtp_profile 357 EXIST::FUNCTION:
|
||||
SSL_CTX_set_tlsext_use_srtp 358 EXIST::FUNCTION:
|
||||
SSL_select_next_proto 359 EXIST::FUNCTION:NEXTPROTONEG
|
||||
SSL_get_srtp_profiles 360 EXIST::FUNCTION:
|
||||
SSL_CTX_set_next_proto_select_cb 361 EXIST::FUNCTION:NEXTPROTONEG
|
||||
SSL_CTX_set_next_proto_select_cb 361 EXIST:!VMS:FUNCTION:NEXTPROTONEG
|
||||
SSL_CTX_set_next_proto_sel_cb 361 EXIST:VMS:FUNCTION:NEXTPROTONEG
|
||||
SSL_SESSION_get_compress_id 362 EXIST::FUNCTION:
|
||||
|
||||
Reference in New Issue
Block a user