Compare commits
40 Commits
OpenSSL_1_
...
OpenSSL_1_
| Author | SHA1 | Date | |
|---|---|---|---|
|
531c6fc8f3 | ||
|
|
e011d0a3c4 | ||
|
|
8d5505d099 | ||
|
|
d36e0ee460 | ||
|
|
143619ccf6 | ||
|
|
9f339d75b5 | ||
|
|
28583660fb | ||
|
|
dedfe959dd | ||
|
|
4d936ace08 | ||
|
|
89bd25eb26 | ||
|
|
4a1cf50187 | ||
|
|
32e12316e5 | ||
|
|
ad7b24f145 | ||
|
|
c2770c0e0e | ||
|
|
371056f2b9 | ||
|
|
2d613908e8 | ||
|
|
18fb1fae08 | ||
|
|
39ef161c72 | ||
|
|
a7612c5066 | ||
|
|
6cbae10b5e | ||
|
|
ebe81134c0 | ||
|
|
a1d573e282 | ||
|
|
e959e24b47 | ||
|
|
3f98d7c0b5 | ||
|
|
d2f950c984 | ||
|
|
63e8f16737 | ||
|
|
9bf5fd894f | ||
|
|
6296729fae | ||
|
|
67d216801b | ||
|
|
0a5575f3f6 | ||
|
|
418044cbab | ||
|
|
8c67b13407 | ||
|
|
2a477ccf0b | ||
|
|
c34137bef9 | ||
|
|
914d91c5b3 | ||
|
|
e733dea3ce | ||
|
|
78c5d2a9bb | ||
|
|
3bf4e14cc3 | ||
|
|
d68d160cb7 | ||
|
|
202cb42fbb |
43
CHANGES
43
CHANGES
@@ -2,6 +2,36 @@
|
||||
OpenSSL CHANGES
|
||||
_______________
|
||||
|
||||
Changes between 1.0.1 and 1.0.1a [19 Apr 2012]
|
||||
|
||||
*) Check for potentially exploitable overflows in asn1_d2i_read_bio
|
||||
BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
|
||||
in CRYPTO_realloc_clean.
|
||||
|
||||
Thanks to Tavis Ormandy, Google Security Team, for discovering this
|
||||
issue and to Adam Langley <agl@chromium.org> for fixing it.
|
||||
(CVE-2012-2110)
|
||||
[Adam Langley (Google), Tavis Ormandy, Google Security Team]
|
||||
|
||||
*) Don't allow TLS 1.2 SHA-256 ciphersuites in TLS 1.0, 1.1 connections.
|
||||
[Adam Langley]
|
||||
|
||||
*) Workarounds for some broken servers that "hang" if a client hello
|
||||
record length exceeds 255 bytes.
|
||||
|
||||
1. Do not use record version number > TLS 1.0 in initial client
|
||||
hello: some (but not all) hanging servers will now work.
|
||||
2. If we set OPENSSL_MAX_TLS1_2_CIPHER_LENGTH this will truncate
|
||||
the number of ciphers sent in the client hello. This should be
|
||||
set to an even number, such as 50, for example by passing:
|
||||
-DOPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50 to config or Configure.
|
||||
Most broken servers should now work.
|
||||
3. If all else fails setting OPENSSL_NO_TLS1_2_CLIENT will disable
|
||||
TLS 1.2 client support entirely.
|
||||
|
||||
*) Fix SEGV in Vector Permutation AES module observed in OpenSSH.
|
||||
[Andy Polyakov]
|
||||
|
||||
Changes between 1.0.0h and 1.0.1 [14 Mar 2012]
|
||||
|
||||
*) Add compatibility with old MDC2 signatures which use an ASN1 OCTET
|
||||
@@ -285,7 +315,18 @@
|
||||
Add command line options to s_client/s_server.
|
||||
[Steve Henson]
|
||||
|
||||
Changes between 1.0.0g and 1.0.0h [xx XXX xxxx]
|
||||
Changes between 1.0.0g and 1.0.0h [12 Mar 2012]
|
||||
|
||||
*) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness
|
||||
in CMS and PKCS7 code. When RSA decryption fails use a random key for
|
||||
content decryption and always return the same error. Note: this attack
|
||||
needs on average 2^20 messages so it only affects automated senders. The
|
||||
old behaviour can be reenabled in the CMS code by setting the
|
||||
CMS_DEBUG_DECRYPT flag: this is useful for debugging and testing where
|
||||
an MMA defence is not necessary.
|
||||
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
|
||||
this issue. (CVE-2012-0884)
|
||||
[Steve Henson]
|
||||
|
||||
*) Fix CVE-2011-4619: make sure we really are receiving a
|
||||
client hello before rejecting multiple SGC restarts. Thanks to
|
||||
|
||||
@@ -904,11 +904,11 @@ PROCESS_ARGS:
|
||||
}
|
||||
elsif (/^--with-fipsdir=(.*)$/)
|
||||
{
|
||||
$fipsdir="$1/";
|
||||
$fipsdir="$1";
|
||||
}
|
||||
elsif (/^--with-fipslibdir=(.*)$/)
|
||||
{
|
||||
$fipslibdir="$1/";
|
||||
$fipslibdir="$1";
|
||||
}
|
||||
elsif (/^--with-baseaddr=(.*)$/)
|
||||
{
|
||||
|
||||
2
FAQ
2
FAQ
@@ -82,7 +82,7 @@ OpenSSL - Frequently Asked Questions
|
||||
* Which is the current version of OpenSSL?
|
||||
|
||||
The current version is available from <URL: http://www.openssl.org>.
|
||||
OpenSSL 1.0.1 was released on Mar 14th, 2012.
|
||||
OpenSSL 1.0.1a was released on Apr 19th, 2012.
|
||||
|
||||
In addition to the current stable release, you can also access daily
|
||||
snapshots of the OpenSSL development version at <URL:
|
||||
|
||||
@@ -198,7 +198,7 @@ CLEARENV= TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS} \
|
||||
$${EXHEADER+EXHEADER} $${HEADER+HEADER} \
|
||||
$${GENERAL+GENERAL} $${CFLAGS+CFLAGS} \
|
||||
$${ASFLAGS+ASFLAGS} $${AFLAGS+AFLAGS} \
|
||||
$${LDCMD+LDCMD} $${LDFLAGS+LDFLAGS} \
|
||||
$${LDCMD+LDCMD} $${LDFLAGS+LDFLAGS} $${SCRIPTS+SCRIPTS} \
|
||||
$${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS} \
|
||||
$${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS}
|
||||
|
||||
|
||||
6
NEWS
6
NEWS
@@ -5,6 +5,12 @@
|
||||
This file gives a brief overview of the major changes between each OpenSSL
|
||||
release. For more details please read the CHANGES file.
|
||||
|
||||
Major changes between OpenSSL 1.0.1 and OpenSSL 1.0.1a:
|
||||
|
||||
o Fix for ASN1 overflow bug CVE-2012-2110
|
||||
o Workarounds for some servers that hang on long client hellos.
|
||||
o Fix SEGV in AES code.
|
||||
|
||||
Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1:
|
||||
|
||||
o TLS/DTLS heartbeat support.
|
||||
|
||||
2
README
2
README
@@ -1,5 +1,5 @@
|
||||
|
||||
OpenSSL 1.0.1 14 Mar 2012
|
||||
OpenSSL 1.0.1a 19 Apr 2012
|
||||
|
||||
Copyright (c) 1998-2011 The OpenSSL Project
|
||||
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
|
||||
|
||||
3
STATUS
3
STATUS
@@ -1,10 +1,11 @@
|
||||
|
||||
OpenSSL STATUS Last modified at
|
||||
______________ $Date: 2012/03/14 12:14:06 $
|
||||
______________ $Date: 2012/04/19 12:17:17 $
|
||||
|
||||
DEVELOPMENT STATE
|
||||
|
||||
o OpenSSL 1.1.0: Under development...
|
||||
o OpenSSL 1.0.1a: Released on April 19th, 2012
|
||||
o OpenSSL 1.0.1: Released on March 14th, 2012
|
||||
o OpenSSL 1.0.0h: Released on March 12th, 2012
|
||||
o OpenSSL 1.0.0g: Released on January 18th, 2012
|
||||
|
||||
@@ -622,13 +622,7 @@ int MAIN(int argc, char **argv)
|
||||
SRP_ARG srp_arg = {NULL,NULL,0,0,0,1024};
|
||||
#endif
|
||||
|
||||
#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
|
||||
meth=SSLv23_client_method();
|
||||
#elif !defined(OPENSSL_NO_SSL3)
|
||||
meth=SSLv3_client_method();
|
||||
#elif !defined(OPENSSL_NO_SSL2)
|
||||
meth=SSLv2_client_method();
|
||||
#endif
|
||||
|
||||
apps_startup();
|
||||
c_Pause=0;
|
||||
|
||||
@@ -969,17 +969,7 @@ int MAIN(int argc, char *argv[])
|
||||
char *srpuserseed = NULL;
|
||||
char *srp_verifier_file = NULL;
|
||||
#endif
|
||||
#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
|
||||
meth=SSLv23_server_method();
|
||||
#elif !defined(OPENSSL_NO_SSL3)
|
||||
meth=SSLv3_server_method();
|
||||
#elif !defined(OPENSSL_NO_SSL2)
|
||||
meth=SSLv2_server_method();
|
||||
#elif !defined(OPENSSL_NO_TLS1)
|
||||
meth=TLSv1_server_method();
|
||||
#else
|
||||
/* #error no SSL version enabled */
|
||||
#endif
|
||||
|
||||
local_argc=argc;
|
||||
local_argv=argv;
|
||||
|
||||
@@ -408,6 +408,7 @@ _armv4_AES_encrypt:
|
||||
.type private_AES_set_encrypt_key,%function
|
||||
.align 5
|
||||
private_AES_set_encrypt_key:
|
||||
_armv4_AES_set_encrypt_key:
|
||||
sub r3,pc,#8 @ AES_set_encrypt_key
|
||||
teq r0,#0
|
||||
moveq r0,#-1
|
||||
@@ -425,7 +426,7 @@ private_AES_set_encrypt_key:
|
||||
bne .Labrt
|
||||
|
||||
.Lok: stmdb sp!,{r4-r12,lr}
|
||||
sub $tbl,r3,#private_AES_set_encrypt_key-AES_Te-1024 @ Te4
|
||||
sub $tbl,r3,#_armv4_AES_set_encrypt_key-AES_Te-1024 @ Te4
|
||||
|
||||
mov $rounds,r0 @ inp
|
||||
mov lr,r1 @ bits
|
||||
@@ -685,7 +686,7 @@ private_AES_set_encrypt_key:
|
||||
.align 5
|
||||
private_AES_set_decrypt_key:
|
||||
str lr,[sp,#-4]! @ push lr
|
||||
bl private_AES_set_encrypt_key
|
||||
bl _armv4_AES_set_encrypt_key
|
||||
teq r0,#0
|
||||
ldrne lr,[sp],#4 @ pop lr
|
||||
bne .Labrt
|
||||
|
||||
@@ -783,6 +783,7 @@ $code.=<<___;
|
||||
.type private_AES_set_encrypt_key,\@function
|
||||
.align 16
|
||||
private_AES_set_encrypt_key:
|
||||
_s390x_AES_set_encrypt_key:
|
||||
lghi $t0,0
|
||||
cl${g}r $inp,$t0
|
||||
je .Lminus1
|
||||
@@ -836,7 +837,8 @@ $code.=<<___ if (!$softonly);
|
||||
je 1f
|
||||
lg %r1,24($inp)
|
||||
stg %r1,24($key)
|
||||
1: st $bits,236($key) # save bits
|
||||
1: st $bits,236($key) # save bits [for debugging purposes]
|
||||
lgr $t0,%r5
|
||||
st %r5,240($key) # save km code
|
||||
lghi %r2,0
|
||||
br %r14
|
||||
@@ -844,7 +846,7 @@ ___
|
||||
$code.=<<___;
|
||||
.align 16
|
||||
.Lekey_internal:
|
||||
stm${g} %r6,%r13,6*$SIZE_T($sp) # all non-volatile regs
|
||||
stm${g} %r4,%r13,4*$SIZE_T($sp) # all non-volatile regs and $key
|
||||
|
||||
larl $tbl,AES_Te+2048
|
||||
|
||||
@@ -904,8 +906,9 @@ $code.=<<___;
|
||||
la $key,16($key) # key+=4
|
||||
la $t3,4($t3) # i++
|
||||
brct $rounds,.L128_loop
|
||||
lghi $t0,10
|
||||
lghi %r2,0
|
||||
lm${g} %r6,%r13,6*$SIZE_T($sp)
|
||||
lm${g} %r4,%r13,4*$SIZE_T($sp)
|
||||
br $ra
|
||||
|
||||
.align 16
|
||||
@@ -952,8 +955,9 @@ $code.=<<___;
|
||||
st $s2,32($key)
|
||||
st $s3,36($key)
|
||||
brct $rounds,.L192_continue
|
||||
lghi $t0,12
|
||||
lghi %r2,0
|
||||
lm${g} %r6,%r13,6*$SIZE_T($sp)
|
||||
lm${g} %r4,%r13,4*$SIZE_T($sp)
|
||||
br $ra
|
||||
|
||||
.align 16
|
||||
@@ -1014,8 +1018,9 @@ $code.=<<___;
|
||||
st $s2,40($key)
|
||||
st $s3,44($key)
|
||||
brct $rounds,.L256_continue
|
||||
lghi $t0,14
|
||||
lghi %r2,0
|
||||
lm${g} %r6,%r13,6*$SIZE_T($sp)
|
||||
lm${g} %r4,%r13,4*$SIZE_T($sp)
|
||||
br $ra
|
||||
|
||||
.align 16
|
||||
@@ -1066,34 +1071,26 @@ $code.=<<___;
|
||||
.type private_AES_set_decrypt_key,\@function
|
||||
.align 16
|
||||
private_AES_set_decrypt_key:
|
||||
st${g} $key,4*$SIZE_T($sp) # I rely on AES_set_encrypt_key to
|
||||
st${g} $ra,14*$SIZE_T($sp) # save non-volatile registers!
|
||||
bras $ra,AES_set_encrypt_key
|
||||
l${g} $key,4*$SIZE_T($sp)
|
||||
#st${g} $key,4*$SIZE_T($sp) # I rely on AES_set_encrypt_key to
|
||||
st${g} $ra,14*$SIZE_T($sp) # save non-volatile registers and $key!
|
||||
bras $ra,_s390x_AES_set_encrypt_key
|
||||
#l${g} $key,4*$SIZE_T($sp)
|
||||
l${g} $ra,14*$SIZE_T($sp)
|
||||
ltgr %r2,%r2
|
||||
bnzr $ra
|
||||
___
|
||||
$code.=<<___ if (!$softonly);
|
||||
l $t0,240($key)
|
||||
#l $t0,240($key)
|
||||
lhi $t1,16
|
||||
cr $t0,$t1
|
||||
jl .Lgo
|
||||
oill $t0,0x80 # set "decrypt" bit
|
||||
st $t0,240($key)
|
||||
br $ra
|
||||
|
||||
.align 16
|
||||
.Ldkey_internal:
|
||||
st${g} $key,4*$SIZE_T($sp)
|
||||
st${g} $ra,14*$SIZE_T($sp)
|
||||
bras $ra,.Lekey_internal
|
||||
l${g} $key,4*$SIZE_T($sp)
|
||||
l${g} $ra,14*$SIZE_T($sp)
|
||||
___
|
||||
$code.=<<___;
|
||||
|
||||
.Lgo: llgf $rounds,240($key)
|
||||
.align 16
|
||||
.Lgo: lgr $rounds,$t0 #llgf $rounds,240($key)
|
||||
la $i1,0($key)
|
||||
sllg $i2,$rounds,4
|
||||
la $i2,0($i2,$key)
|
||||
|
||||
@@ -65,12 +65,12 @@
|
||||
# function is:
|
||||
#
|
||||
# conversion conversion/8x block
|
||||
# Core 2 410 0.37
|
||||
# Nehalem 310 0.35
|
||||
# Atom 570 0.26
|
||||
# Core 2 240 0.22
|
||||
# Nehalem 180 0.20
|
||||
# Atom 430 0.19
|
||||
#
|
||||
# The ratio values mean that 128-byte blocks will be processed
|
||||
# 21-27% slower, 256-byte blocks - 12-16%, 384-byte blocks - 8-11%,
|
||||
# 16-18% slower, 256-byte blocks - 9-10%, 384-byte blocks - 6-7%,
|
||||
# etc. Then keep in mind that input sizes not divisible by 128 are
|
||||
# *effectively* slower, especially shortest ones, e.g. consecutive
|
||||
# 144-byte blocks are processed 44% slower than one would expect,
|
||||
@@ -85,6 +85,7 @@
|
||||
#
|
||||
# Core 2 11.0
|
||||
# Nehalem 9.16
|
||||
# Atom 20.9
|
||||
#
|
||||
# November 2011.
|
||||
#
|
||||
@@ -754,7 +755,7 @@ _bsaes_encrypt8:
|
||||
|
||||
movdqa ($key), @XMM[9] # round 0 key
|
||||
lea 0x10($key), $key
|
||||
movdqa 0x60($const), @XMM[8] # .LM0SR
|
||||
movdqa 0x50($const), @XMM[8] # .LM0SR
|
||||
pxor @XMM[9], @XMM[0] # xor with round0 key
|
||||
pxor @XMM[9], @XMM[1]
|
||||
pshufb @XMM[8], @XMM[0]
|
||||
@@ -905,46 +906,82 @@ $code.=<<___;
|
||||
.type _bsaes_key_convert,\@abi-omnipotent
|
||||
.align 16
|
||||
_bsaes_key_convert:
|
||||
lea .LBS1(%rip), $const
|
||||
lea .Lmasks(%rip), $const
|
||||
movdqu ($inp), %xmm7 # load round 0 key
|
||||
movdqa -0x10($const), %xmm8 # .LBS0
|
||||
movdqa 0x00($const), %xmm9 # .LBS1
|
||||
movdqa 0x10($const), %xmm10 # .LBS2
|
||||
movdqa 0x40($const), %xmm13 # .LM0
|
||||
movdqa 0x60($const), %xmm14 # .LNOT
|
||||
|
||||
movdqu 0x10($inp), %xmm6 # load round 1 key
|
||||
lea 0x10($inp), $inp
|
||||
movdqa 0x00($const), %xmm0 # 0x01...
|
||||
movdqa 0x10($const), %xmm1 # 0x02...
|
||||
movdqa 0x20($const), %xmm2 # 0x04...
|
||||
movdqa 0x30($const), %xmm3 # 0x08...
|
||||
movdqa 0x40($const), %xmm4 # .LM0
|
||||
pcmpeqd %xmm5, %xmm5 # .LNOT
|
||||
|
||||
movdqu ($inp), %xmm6 # load round 1 key
|
||||
movdqa %xmm7, ($out) # save round 0 key
|
||||
lea 0x10($out), $out
|
||||
dec $rounds
|
||||
jmp .Lkey_loop
|
||||
.align 16
|
||||
.Lkey_loop:
|
||||
pshufb %xmm13, %xmm6 # .LM0
|
||||
movdqa %xmm6, %xmm7
|
||||
___
|
||||
&bitslice_key (map("%xmm$_",(0..7, 8..12)));
|
||||
$code.=<<___;
|
||||
pxor %xmm14, %xmm5 # "pnot"
|
||||
pxor %xmm14, %xmm6
|
||||
pxor %xmm14, %xmm0
|
||||
pxor %xmm14, %xmm1
|
||||
lea 0x10($inp), $inp
|
||||
movdqa %xmm0, 0x00($out) # write bit-sliced round key
|
||||
movdqa %xmm1, 0x10($out)
|
||||
movdqa %xmm2, 0x20($out)
|
||||
movdqa %xmm3, 0x30($out)
|
||||
movdqa %xmm4, 0x40($out)
|
||||
movdqa %xmm5, 0x50($out)
|
||||
movdqa %xmm6, 0x60($out)
|
||||
movdqa %xmm7, 0x70($out)
|
||||
pshufb %xmm4, %xmm6 # .LM0
|
||||
|
||||
movdqa %xmm0, %xmm8
|
||||
movdqa %xmm1, %xmm9
|
||||
|
||||
pand %xmm6, %xmm8
|
||||
pand %xmm6, %xmm9
|
||||
movdqa %xmm2, %xmm10
|
||||
pcmpeqb %xmm0, %xmm8
|
||||
psllq \$4, %xmm0 # 0x10...
|
||||
movdqa %xmm3, %xmm11
|
||||
pcmpeqb %xmm1, %xmm9
|
||||
psllq \$4, %xmm1 # 0x20...
|
||||
|
||||
pand %xmm6, %xmm10
|
||||
pand %xmm6, %xmm11
|
||||
movdqa %xmm0, %xmm12
|
||||
pcmpeqb %xmm2, %xmm10
|
||||
psllq \$4, %xmm2 # 0x40...
|
||||
movdqa %xmm1, %xmm13
|
||||
pcmpeqb %xmm3, %xmm11
|
||||
psllq \$4, %xmm3 # 0x80...
|
||||
|
||||
movdqa %xmm2, %xmm14
|
||||
movdqa %xmm3, %xmm15
|
||||
pxor %xmm5, %xmm8 # "pnot"
|
||||
pxor %xmm5, %xmm9
|
||||
|
||||
pand %xmm6, %xmm12
|
||||
pand %xmm6, %xmm13
|
||||
movdqa %xmm8, 0x00($out) # write bit-sliced round key
|
||||
pcmpeqb %xmm0, %xmm12
|
||||
psrlq \$4, %xmm0 # 0x01...
|
||||
movdqa %xmm9, 0x10($out)
|
||||
pcmpeqb %xmm1, %xmm13
|
||||
psrlq \$4, %xmm1 # 0x02...
|
||||
lea 0x10($inp), $inp
|
||||
|
||||
pand %xmm6, %xmm14
|
||||
pand %xmm6, %xmm15
|
||||
movdqa %xmm10, 0x20($out)
|
||||
pcmpeqb %xmm2, %xmm14
|
||||
psrlq \$4, %xmm2 # 0x04...
|
||||
movdqa %xmm11, 0x30($out)
|
||||
pcmpeqb %xmm3, %xmm15
|
||||
psrlq \$4, %xmm3 # 0x08...
|
||||
movdqu ($inp), %xmm6 # load next round key
|
||||
|
||||
pxor %xmm5, %xmm13 # "pnot"
|
||||
pxor %xmm5, %xmm14
|
||||
movdqa %xmm12, 0x40($out)
|
||||
movdqa %xmm13, 0x50($out)
|
||||
movdqa %xmm14, 0x60($out)
|
||||
movdqa %xmm15, 0x70($out)
|
||||
lea 0x80($out),$out
|
||||
movdqu ($inp), %xmm6 # load next round key
|
||||
dec $rounds
|
||||
jnz .Lkey_loop
|
||||
|
||||
movdqa 0x70($const), %xmm7 # .L63
|
||||
movdqa 0x50($const), %xmm7 # .L63
|
||||
#movdqa %xmm6, ($out) # don't save last round key
|
||||
ret
|
||||
.size _bsaes_key_convert,.-_bsaes_key_convert
|
||||
@@ -2800,14 +2837,8 @@ _bsaes_const:
|
||||
.quad 0x0504070600030201, 0x0f0e0d0c0a09080b
|
||||
.LSRM0:
|
||||
.quad 0x0304090e00050a0f, 0x01060b0c0207080d
|
||||
.LM0:
|
||||
.quad 0x02060a0e03070b0f, 0x0004080c0105090d
|
||||
.LM0SR:
|
||||
.quad 0x0a0e02060f03070b, 0x0004080c05090d01
|
||||
.LNOT: # magic constants
|
||||
.quad 0xffffffffffffffff, 0xffffffffffffffff
|
||||
.L63:
|
||||
.quad 0x6363636363636363, 0x6363636363636363
|
||||
.LSWPUP: # byte-swap upper dword
|
||||
.quad 0x0706050403020100, 0x0c0d0e0f0b0a0908
|
||||
.LSWPUPM0SR:
|
||||
@@ -2830,6 +2861,15 @@ _bsaes_const:
|
||||
.quad 0x0000000000000000, 0x0000000800000000
|
||||
.Lxts_magic:
|
||||
.long 0x87,0,1,0
|
||||
.Lmasks:
|
||||
.quad 0x0101010101010101, 0x0101010101010101
|
||||
.quad 0x0202020202020202, 0x0202020202020202
|
||||
.quad 0x0404040404040404, 0x0404040404040404
|
||||
.quad 0x0808080808080808, 0x0808080808080808
|
||||
.LM0:
|
||||
.quad 0x02060a0e03070b0f, 0x0004080c0105090d
|
||||
.L63:
|
||||
.quad 0x6363636363636363, 0x6363636363636363
|
||||
.asciz "Bit-sliced AES for x86_64/SSSE3, Emilia Käsper, Peter Schwabe, Andy Polyakov"
|
||||
.align 64
|
||||
.size _bsaes_const,.-_bsaes_const
|
||||
|
||||
@@ -843,6 +843,8 @@ $k_dsbo=0x2c0; # decryption sbox final output
|
||||
&mov ($out,&wparam(1)); # out
|
||||
&mov ($round,&wparam(2)); # len
|
||||
&mov ($key,&wparam(3)); # key
|
||||
&sub ($round,16);
|
||||
&jc (&label("cbc_abort"));
|
||||
&lea ($base,&DWP(-56,"esp"));
|
||||
&mov ($const,&wparam(4)); # ivp
|
||||
&and ($base,-16);
|
||||
@@ -853,7 +855,6 @@ $k_dsbo=0x2c0; # decryption sbox final output
|
||||
&mov (&DWP(48,"esp"),$base);
|
||||
|
||||
&mov (&DWP(0,"esp"),$out); # save out
|
||||
&sub ($round,16);
|
||||
&mov (&DWP(4,"esp"),$key) # save key
|
||||
&mov (&DWP(8,"esp"),$const); # save ivp
|
||||
&mov ($out,$round); # $out works as $len
|
||||
@@ -896,6 +897,7 @@ $k_dsbo=0x2c0; # decryption sbox final output
|
||||
&mov ($base,&DWP(8,"esp")); # restore ivp
|
||||
&mov ("esp",&DWP(48,"esp"));
|
||||
&movdqu (&QWP(0,$base),"xmm1"); # write IV
|
||||
&set_label("cbc_abort");
|
||||
&function_end("${PREFIX}_cbc_encrypt");
|
||||
|
||||
&asm_finish();
|
||||
|
||||
@@ -263,7 +263,7 @@ _vpaes_decrypt_core:
|
||||
pshufb %xmm2, %xmm4 # 4 = sbou
|
||||
pxor %xmm0, %xmm4 # 4 = sb1u + k
|
||||
movdqa 0x70(%r10), %xmm0 # 0 : sbot
|
||||
movdqa .Lk_sr-.Lk_dsbd(%r11), %xmm2
|
||||
movdqa -0x160(%r11), %xmm2 # .Lk_sr-.Lk_dsbd=-0x160
|
||||
pshufb %xmm3, %xmm0 # 0 = sb1t
|
||||
pxor %xmm4, %xmm0 # 0 = A
|
||||
pshufb %xmm2, %xmm0
|
||||
@@ -869,6 +869,8 @@ ${PREFIX}_cbc_encrypt:
|
||||
___
|
||||
($len,$key)=($key,$len);
|
||||
$code.=<<___;
|
||||
sub \$16,$len
|
||||
jc .Lcbc_abort
|
||||
___
|
||||
$code.=<<___ if ($win64);
|
||||
lea -0xb8(%rsp),%rsp
|
||||
@@ -887,7 +889,6 @@ ___
|
||||
$code.=<<___;
|
||||
movdqu ($ivp),%xmm6 # load IV
|
||||
sub $inp,$out
|
||||
sub \$16,$len
|
||||
call _vpaes_preheat
|
||||
cmp \$0,${enc}d
|
||||
je .Lcbc_dec_loop
|
||||
@@ -932,6 +933,7 @@ $code.=<<___ if ($win64);
|
||||
.Lcbc_epilogue:
|
||||
___
|
||||
$code.=<<___;
|
||||
.Lcbc_abort:
|
||||
ret
|
||||
.size ${PREFIX}_cbc_encrypt,.-${PREFIX}_cbc_encrypt
|
||||
___
|
||||
|
||||
@@ -57,6 +57,7 @@
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <limits.h>
|
||||
#include "cryptlib.h"
|
||||
#include <openssl/buffer.h>
|
||||
#include <openssl/asn1_mac.h>
|
||||
@@ -143,17 +144,11 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
|
||||
BUF_MEM *b;
|
||||
unsigned char *p;
|
||||
int i;
|
||||
int ret=-1;
|
||||
ASN1_const_CTX c;
|
||||
int want=HEADER_SIZE;
|
||||
size_t want=HEADER_SIZE;
|
||||
int eos=0;
|
||||
#if defined(__GNUC__) && defined(__ia64)
|
||||
/* pathetic compiler bug in all known versions as of Nov. 2002 */
|
||||
long off=0;
|
||||
#else
|
||||
int off=0;
|
||||
#endif
|
||||
int len=0;
|
||||
size_t off=0;
|
||||
size_t len=0;
|
||||
|
||||
b=BUF_MEM_new();
|
||||
if (b == NULL)
|
||||
@@ -169,7 +164,7 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
|
||||
{
|
||||
want-=(len-off);
|
||||
|
||||
if (!BUF_MEM_grow_clean(b,len+want))
|
||||
if (len + want < len || !BUF_MEM_grow_clean(b,len+want))
|
||||
{
|
||||
ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
@@ -181,7 +176,14 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
|
||||
goto err;
|
||||
}
|
||||
if (i > 0)
|
||||
{
|
||||
if (len+i < len)
|
||||
{
|
||||
ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG);
|
||||
goto err;
|
||||
}
|
||||
len+=i;
|
||||
}
|
||||
}
|
||||
/* else data already loaded */
|
||||
|
||||
@@ -206,6 +208,11 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
|
||||
{
|
||||
/* no data body so go round again */
|
||||
eos++;
|
||||
if (eos < 0)
|
||||
{
|
||||
ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_HEADER_TOO_LONG);
|
||||
goto err;
|
||||
}
|
||||
want=HEADER_SIZE;
|
||||
}
|
||||
else if (eos && (c.slen == 0) && (c.tag == V_ASN1_EOC))
|
||||
@@ -220,10 +227,16 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
|
||||
else
|
||||
{
|
||||
/* suck in c.slen bytes of data */
|
||||
want=(int)c.slen;
|
||||
want=c.slen;
|
||||
if (want > (len-off))
|
||||
{
|
||||
want-=(len-off);
|
||||
if (want > INT_MAX /* BIO_read takes an int length */ ||
|
||||
len+want < len)
|
||||
{
|
||||
ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG);
|
||||
goto err;
|
||||
}
|
||||
if (!BUF_MEM_grow_clean(b,len+want))
|
||||
{
|
||||
ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE);
|
||||
@@ -238,11 +251,18 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
|
||||
ASN1_R_NOT_ENOUGH_DATA);
|
||||
goto err;
|
||||
}
|
||||
/* This can't overflow because
|
||||
* |len+want| didn't overflow. */
|
||||
len+=i;
|
||||
want -= i;
|
||||
want-=i;
|
||||
}
|
||||
}
|
||||
off+=(int)c.slen;
|
||||
if (off + c.slen < off)
|
||||
{
|
||||
ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG);
|
||||
goto err;
|
||||
}
|
||||
off+=c.slen;
|
||||
if (eos <= 0)
|
||||
{
|
||||
break;
|
||||
@@ -252,9 +272,15 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
|
||||
}
|
||||
}
|
||||
|
||||
if (off > INT_MAX)
|
||||
{
|
||||
ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG);
|
||||
goto err;
|
||||
}
|
||||
|
||||
*pb = b;
|
||||
return off;
|
||||
err:
|
||||
if (b != NULL) BUF_MEM_free(b);
|
||||
return(ret);
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -446,11 +446,11 @@ static int asn1_print_fsname(BIO *out, int indent,
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int asn1_print_boolean_ctx(BIO *out, const int bool,
|
||||
static int asn1_print_boolean_ctx(BIO *out, int boolval,
|
||||
const ASN1_PCTX *pctx)
|
||||
{
|
||||
const char *str;
|
||||
switch (bool)
|
||||
switch (boolval)
|
||||
{
|
||||
case -1:
|
||||
str = "BOOL ABSENT";
|
||||
@@ -574,10 +574,10 @@ static int asn1_primitive_print(BIO *out, ASN1_VALUE **fld,
|
||||
{
|
||||
case V_ASN1_BOOLEAN:
|
||||
{
|
||||
int bool = *(int *)fld;
|
||||
if (bool == -1)
|
||||
bool = it->size;
|
||||
ret = asn1_print_boolean_ctx(out, bool, pctx);
|
||||
int boolval = *(int *)fld;
|
||||
if (boolval == -1)
|
||||
boolval = it->size;
|
||||
ret = asn1_print_boolean_ctx(out, boolval, pctx);
|
||||
}
|
||||
break;
|
||||
|
||||
|
||||
@@ -960,7 +960,6 @@ int BIO_set_tcp_ndelay(int s, int on)
|
||||
#endif
|
||||
return(ret == 0);
|
||||
}
|
||||
#endif
|
||||
|
||||
int BIO_socket_nbio(int s, int mode)
|
||||
{
|
||||
@@ -973,3 +972,4 @@ int BIO_socket_nbio(int s, int mode)
|
||||
#endif
|
||||
return(ret == 0);
|
||||
}
|
||||
#endif
|
||||
|
||||
@@ -521,40 +521,40 @@ void BIO_free_all(BIO *bio)
|
||||
|
||||
BIO *BIO_dup_chain(BIO *in)
|
||||
{
|
||||
BIO *ret=NULL,*eoc=NULL,*bio,*new;
|
||||
BIO *ret=NULL,*eoc=NULL,*bio,*new_bio;
|
||||
|
||||
for (bio=in; bio != NULL; bio=bio->next_bio)
|
||||
{
|
||||
if ((new=BIO_new(bio->method)) == NULL) goto err;
|
||||
new->callback=bio->callback;
|
||||
new->cb_arg=bio->cb_arg;
|
||||
new->init=bio->init;
|
||||
new->shutdown=bio->shutdown;
|
||||
new->flags=bio->flags;
|
||||
if ((new_bio=BIO_new(bio->method)) == NULL) goto err;
|
||||
new_bio->callback=bio->callback;
|
||||
new_bio->cb_arg=bio->cb_arg;
|
||||
new_bio->init=bio->init;
|
||||
new_bio->shutdown=bio->shutdown;
|
||||
new_bio->flags=bio->flags;
|
||||
|
||||
/* This will let SSL_s_sock() work with stdin/stdout */
|
||||
new->num=bio->num;
|
||||
new_bio->num=bio->num;
|
||||
|
||||
if (!BIO_dup_state(bio,(char *)new))
|
||||
if (!BIO_dup_state(bio,(char *)new_bio))
|
||||
{
|
||||
BIO_free(new);
|
||||
BIO_free(new_bio);
|
||||
goto err;
|
||||
}
|
||||
|
||||
/* copy app data */
|
||||
if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO, &new->ex_data,
|
||||
if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO, &new_bio->ex_data,
|
||||
&bio->ex_data))
|
||||
goto err;
|
||||
|
||||
if (ret == NULL)
|
||||
{
|
||||
eoc=new;
|
||||
eoc=new_bio;
|
||||
ret=eoc;
|
||||
}
|
||||
else
|
||||
{
|
||||
BIO_push(eoc,new);
|
||||
eoc=new;
|
||||
BIO_push(eoc,new_bio);
|
||||
eoc=new_bio;
|
||||
}
|
||||
}
|
||||
return(ret);
|
||||
|
||||
@@ -628,8 +628,11 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
|
||||
}
|
||||
if (ubits==vbits)
|
||||
{
|
||||
bn_correct_top(u);
|
||||
ubits = BN_num_bits(u);
|
||||
BN_ULONG ul;
|
||||
int utop = (ubits-1)/BN_BITS2;
|
||||
|
||||
while ((ul=udp[utop])==0 && utop) utop--;
|
||||
ubits = utop*BN_BITS2 + BN_num_bits_word(ul);
|
||||
}
|
||||
}
|
||||
bn_correct_top(b);
|
||||
|
||||
@@ -60,6 +60,11 @@
|
||||
#include "cryptlib.h"
|
||||
#include <openssl/buffer.h>
|
||||
|
||||
/* LIMIT_BEFORE_EXPANSION is the maximum n such that (n+3)/3*4 < 2**31. That
|
||||
* function is applied in several functions in this file and this limit ensures
|
||||
* that the result fits in an int. */
|
||||
#define LIMIT_BEFORE_EXPANSION 0x5ffffffc
|
||||
|
||||
BUF_MEM *BUF_MEM_new(void)
|
||||
{
|
||||
BUF_MEM *ret;
|
||||
@@ -105,6 +110,12 @@ int BUF_MEM_grow(BUF_MEM *str, size_t len)
|
||||
str->length=len;
|
||||
return(len);
|
||||
}
|
||||
/* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */
|
||||
if (len > LIMIT_BEFORE_EXPANSION)
|
||||
{
|
||||
BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE);
|
||||
return 0;
|
||||
}
|
||||
n=(len+3)/3*4;
|
||||
if (str->data == NULL)
|
||||
ret=OPENSSL_malloc(n);
|
||||
@@ -142,6 +153,12 @@ int BUF_MEM_grow_clean(BUF_MEM *str, size_t len)
|
||||
str->length=len;
|
||||
return(len);
|
||||
}
|
||||
/* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */
|
||||
if (len > LIMIT_BEFORE_EXPANSION)
|
||||
{
|
||||
BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE);
|
||||
return 0;
|
||||
}
|
||||
n=(len+3)/3*4;
|
||||
if (str->data == NULL)
|
||||
ret=OPENSSL_malloc(n);
|
||||
|
||||
@@ -179,6 +179,8 @@ int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen,
|
||||
return 0;
|
||||
if (!EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, zero_iv))
|
||||
return 0;
|
||||
memset(ctx->tbl, 0, EVP_CIPHER_CTX_block_size(&ctx->cctx));
|
||||
ctx->nlast_block = 0;
|
||||
return 1;
|
||||
}
|
||||
/* Initialiase context */
|
||||
|
||||
@@ -83,6 +83,8 @@ typedef struct
|
||||
} aux;
|
||||
} EVP_AES_HMAC_SHA1;
|
||||
|
||||
#define NO_PAYLOAD_LENGTH ((size_t)-1)
|
||||
|
||||
#if defined(AES_ASM) && ( \
|
||||
defined(__x86_64) || defined(__x86_64__) || \
|
||||
defined(_M_AMD64) || defined(_M_X64) || \
|
||||
@@ -124,7 +126,7 @@ static int aesni_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx,
|
||||
key->tail = key->head;
|
||||
key->md = key->head;
|
||||
|
||||
key->payload_length = 0;
|
||||
key->payload_length = NO_PAYLOAD_LENGTH;
|
||||
|
||||
return ret<0?0:1;
|
||||
}
|
||||
@@ -185,7 +187,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
||||
if (len%AES_BLOCK_SIZE) return 0;
|
||||
|
||||
if (ctx->encrypt) {
|
||||
if (plen==0)
|
||||
if (plen==NO_PAYLOAD_LENGTH)
|
||||
plen = len;
|
||||
else if (len!=((plen+SHA_DIGEST_LENGTH+AES_BLOCK_SIZE)&-AES_BLOCK_SIZE))
|
||||
return 0;
|
||||
@@ -271,7 +273,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
||||
}
|
||||
}
|
||||
|
||||
key->payload_length = 0;
|
||||
key->payload_length = NO_PAYLOAD_LENGTH;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
@@ -75,6 +75,8 @@ typedef struct
|
||||
size_t payload_length;
|
||||
} EVP_RC4_HMAC_MD5;
|
||||
|
||||
#define NO_PAYLOAD_LENGTH ((size_t)-1)
|
||||
|
||||
void rc4_md5_enc (RC4_KEY *key, const void *in0, void *out,
|
||||
MD5_CTX *ctx,const void *inp,size_t blocks);
|
||||
|
||||
@@ -93,7 +95,7 @@ static int rc4_hmac_md5_init_key(EVP_CIPHER_CTX *ctx,
|
||||
key->tail = key->head;
|
||||
key->md = key->head;
|
||||
|
||||
key->payload_length = 0;
|
||||
key->payload_length = NO_PAYLOAD_LENGTH;
|
||||
|
||||
return 1;
|
||||
}
|
||||
@@ -101,8 +103,7 @@ static int rc4_hmac_md5_init_key(EVP_CIPHER_CTX *ctx,
|
||||
#if !defined(OPENSSL_NO_ASM) && ( \
|
||||
defined(__x86_64) || defined(__x86_64__) || \
|
||||
defined(_M_AMD64) || defined(_M_X64) || \
|
||||
defined(__INTEL__) ) && \
|
||||
!(defined(__APPLE__) && defined(__MACH__))
|
||||
defined(__INTEL__) )
|
||||
#define STITCHED_CALL
|
||||
#endif
|
||||
|
||||
@@ -123,10 +124,10 @@ static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
||||
#endif
|
||||
size_t plen = key->payload_length;
|
||||
|
||||
if (plen && len!=(plen+MD5_DIGEST_LENGTH)) return 0;
|
||||
if (plen!=NO_PAYLOAD_LENGTH && len!=(plen+MD5_DIGEST_LENGTH)) return 0;
|
||||
|
||||
if (ctx->encrypt) {
|
||||
if (plen==0) plen = len;
|
||||
if (plen==NO_PAYLOAD_LENGTH) plen = len;
|
||||
#if defined(STITCHED_CALL)
|
||||
/* cipher has to "fall behind" */
|
||||
if (rc4_off>md5_off) md5_off+=MD5_CBLOCK;
|
||||
@@ -191,7 +192,7 @@ static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
||||
#endif
|
||||
/* decrypt HMAC at once */
|
||||
RC4(&key->ks,len-rc4_off,in+rc4_off,out+rc4_off);
|
||||
if (plen) { /* "TLS" mode of operation */
|
||||
if (plen!=NO_PAYLOAD_LENGTH) { /* "TLS" mode of operation */
|
||||
MD5_Update(&key->md,out+md5_off,plen-md5_off);
|
||||
|
||||
/* calculate HMAC and verify it */
|
||||
@@ -207,7 +208,7 @@ static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
||||
}
|
||||
}
|
||||
|
||||
key->payload_length = 0;
|
||||
key->payload_length = NO_PAYLOAD_LENGTH;
|
||||
|
||||
return 1;
|
||||
}
|
||||
@@ -288,6 +289,8 @@ static EVP_CIPHER r4_hmac_md5_cipher=
|
||||
|
||||
const EVP_CIPHER *EVP_rc4_hmac_md5(void)
|
||||
{
|
||||
return(&r4_hmac_md5_cipher);
|
||||
extern unsigned int OPENSSL_ia32cap_P[];
|
||||
/* RC4_CHAR flag ------------vvvvv */
|
||||
return(OPENSSL_ia32cap_P[0]&(1<<20) ? NULL : &r4_hmac_md5_cipher);
|
||||
}
|
||||
#endif
|
||||
|
||||
@@ -170,7 +170,8 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
|
||||
#endif
|
||||
|
||||
#ifdef OPENSSL_FIPS
|
||||
return FIPS_cipherinit(ctx, cipher, key, iv, enc);
|
||||
if (FIPS_mode())
|
||||
return FIPS_cipherinit(ctx, cipher, key, iv, enc);
|
||||
#else
|
||||
ctx->cipher=cipher;
|
||||
if (ctx->cipher->ctx_size)
|
||||
@@ -207,7 +208,8 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
|
||||
skip_to_init:
|
||||
#endif
|
||||
#ifdef OPENSSL_FIPS
|
||||
return FIPS_cipherinit(ctx, cipher, key, iv, enc);
|
||||
if (FIPS_mode())
|
||||
return FIPS_cipherinit(ctx, cipher, key, iv, enc);
|
||||
#else
|
||||
/* we assume block size is a power of 2 in *cryptUpdate */
|
||||
OPENSSL_assert(ctx->cipher->block_size == 1
|
||||
|
||||
@@ -138,5 +138,6 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
|
||||
OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
|
||||
rv = 1;
|
||||
err:
|
||||
EVP_MD_CTX_cleanup(&ctx);
|
||||
return rv;
|
||||
}
|
||||
|
||||
@@ -363,6 +363,10 @@ void *CRYPTO_realloc_clean(void *str, int old_len, int num, const char *file,
|
||||
|
||||
if (num <= 0) return NULL;
|
||||
|
||||
/* We don't support shrinking the buffer. Note the memcpy that copies
|
||||
* |old_len| bytes to the new buffer, below. */
|
||||
if (num < old_len) return NULL;
|
||||
|
||||
if (realloc_debug_func != NULL)
|
||||
realloc_debug_func(str, NULL, num, file, line, 0);
|
||||
ret=malloc_ex_func(num,file,line);
|
||||
|
||||
@@ -138,7 +138,7 @@ $code.=<<___ if(!$softonly);
|
||||
.align 32
|
||||
.Lsoft_ghash:
|
||||
___
|
||||
$cdoe.=<<___ if ($flavour =~ /3[12]/);
|
||||
$code.=<<___ if ($flavour =~ /3[12]/);
|
||||
llgfr $len,$len
|
||||
___
|
||||
$code.=<<___;
|
||||
|
||||
@@ -45,7 +45,7 @@ typedef unsigned char u8;
|
||||
# define BSWAP4(x) ({ u32 ret=(x); \
|
||||
asm ("bswapl %0" \
|
||||
: "+r"(ret)); ret; })
|
||||
# elif (defined(__i386) || defined(__i386__))
|
||||
# elif (defined(__i386) || defined(__i386__)) && !defined(I386_ONLY)
|
||||
# define BSWAP8(x) ({ u32 lo=(u64)(x)>>32,hi=(x); \
|
||||
asm ("bswapl %0; bswapl %1" \
|
||||
: "+r"(hi),"+r"(lo)); \
|
||||
|
||||
@@ -25,11 +25,11 @@
|
||||
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
|
||||
* major minor fix final patch/beta)
|
||||
*/
|
||||
#define OPENSSL_VERSION_NUMBER 0x1000100fL
|
||||
#define OPENSSL_VERSION_NUMBER 0x1000101fL
|
||||
#ifdef OPENSSL_FIPS
|
||||
#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1-fips 14 Mar 2012"
|
||||
#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1a-fips 19 Apr 2012"
|
||||
#else
|
||||
#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1 14 Mar 2012"
|
||||
#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1a 19 Apr 2012"
|
||||
#endif
|
||||
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
|
||||
|
||||
|
||||
@@ -16,7 +16,7 @@ sub ::generic
|
||||
# fix hexadecimal constants
|
||||
for (@arg) { s/(?<![\w\$\.])0x([0-9a-f]+)/0$1h/oi; }
|
||||
|
||||
if ($opcode =~ /lea/ && @arg[1] =~ s/.*PTR\s+([^\[]+)$/$1/) # no []
|
||||
if ($opcode =~ /lea/ && @arg[1] =~ s/.*PTR\s+(\(.*\))$/OFFSET $1/) # no []
|
||||
{ $opcode="mov"; }
|
||||
elsif ($opcode !~ /movq/)
|
||||
{ # fix xmm references
|
||||
|
||||
@@ -430,6 +430,8 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
|
||||
STACK_OF(X509_ALGOR) *md_sk=NULL;
|
||||
STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL;
|
||||
PKCS7_RECIP_INFO *ri=NULL;
|
||||
unsigned char *ek = NULL, *tkey = NULL;
|
||||
int eklen = 0, tkeylen = 0;
|
||||
|
||||
i=OBJ_obj2nid(p7->type);
|
||||
p7->state=PKCS7_S_HEADER;
|
||||
@@ -507,8 +509,6 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
|
||||
int max;
|
||||
X509_OBJECT ret;
|
||||
#endif
|
||||
unsigned char *ek = NULL, *tkey = NULL;
|
||||
int eklen, tkeylen;
|
||||
|
||||
if ((etmp=BIO_new(BIO_f_cipher())) == NULL)
|
||||
{
|
||||
@@ -609,11 +609,13 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
|
||||
{
|
||||
OPENSSL_cleanse(ek,eklen);
|
||||
OPENSSL_free(ek);
|
||||
ek = NULL;
|
||||
}
|
||||
if (tkey)
|
||||
{
|
||||
OPENSSL_cleanse(tkey,tkeylen);
|
||||
OPENSSL_free(tkey);
|
||||
tkey = NULL;
|
||||
}
|
||||
|
||||
if (out == NULL)
|
||||
@@ -656,6 +658,16 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
|
||||
if (0)
|
||||
{
|
||||
err:
|
||||
if (ek)
|
||||
{
|
||||
OPENSSL_cleanse(ek,eklen);
|
||||
OPENSSL_free(ek);
|
||||
}
|
||||
if (tkey)
|
||||
{
|
||||
OPENSSL_cleanse(tkey,tkeylen);
|
||||
OPENSSL_free(tkey);
|
||||
}
|
||||
if (out != NULL) BIO_free_all(out);
|
||||
if (btmp != NULL) BIO_free_all(btmp);
|
||||
if (etmp != NULL) BIO_free_all(etmp);
|
||||
|
||||
@@ -171,10 +171,10 @@ $ikey="%r7";
|
||||
$iinp="%r8";
|
||||
|
||||
$code.=<<___;
|
||||
.globl RC4_set_key
|
||||
.type RC4_set_key,\@function
|
||||
.globl private_RC4_set_key
|
||||
.type private_RC4_set_key,\@function
|
||||
.align 64
|
||||
RC4_set_key:
|
||||
private_RC4_set_key:
|
||||
stm${g} %r6,%r8,6*$SIZE_T($sp)
|
||||
lhi $cnt,256
|
||||
la $idx,0(%r0)
|
||||
@@ -210,7 +210,7 @@ RC4_set_key:
|
||||
.Ldone:
|
||||
lm${g} %r6,%r8,6*$SIZE_T($sp)
|
||||
br $rp
|
||||
.size RC4_set_key,.-RC4_set_key
|
||||
.size private_RC4_set_key,.-private_RC4_set_key
|
||||
|
||||
___
|
||||
}
|
||||
|
||||
@@ -87,7 +87,7 @@ void X509_LOOKUP_free(X509_LOOKUP *ctx)
|
||||
if (ctx == NULL) return;
|
||||
if ( (ctx->method != NULL) &&
|
||||
(ctx->method->free != NULL))
|
||||
ctx->method->free(ctx);
|
||||
(*ctx->method->free)(ctx);
|
||||
OPENSSL_free(ctx);
|
||||
}
|
||||
|
||||
|
||||
@@ -6,7 +6,8 @@ EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate,
|
||||
EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, EVP_MAX_MD_SIZE,
|
||||
EVP_MD_CTX_copy_ex, EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size,
|
||||
EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type,
|
||||
EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_dss, EVP_dss1, EVP_mdc2,
|
||||
EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_sha224, EVP_sha256,
|
||||
EVP_sha384, EVP_sha512, EVP_dss, EVP_dss1, EVP_mdc2,
|
||||
EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj -
|
||||
EVP digest routines
|
||||
|
||||
@@ -33,16 +34,15 @@ EVP digest routines
|
||||
|
||||
int EVP_MD_CTX_copy(EVP_MD_CTX *out,EVP_MD_CTX *in);
|
||||
|
||||
#define EVP_MAX_MD_SIZE (16+20) /* The SSLv3 md5+sha1 type */
|
||||
#define EVP_MAX_MD_SIZE 64 /* SHA512 */
|
||||
|
||||
int EVP_MD_type(const EVP_MD *md);
|
||||
int EVP_MD_pkey_type(const EVP_MD *md);
|
||||
int EVP_MD_size(const EVP_MD *md);
|
||||
int EVP_MD_block_size(const EVP_MD *md);
|
||||
|
||||
#define EVP_MD_type(e) ((e)->type)
|
||||
#define EVP_MD_pkey_type(e) ((e)->pkey_type)
|
||||
#define EVP_MD_size(e) ((e)->md_size)
|
||||
#define EVP_MD_block_size(e) ((e)->block_size)
|
||||
|
||||
#define EVP_MD_CTX_md(e) (e)->digest)
|
||||
#define EVP_MD_CTX_size(e) EVP_MD_size((e)->digest)
|
||||
const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx);
|
||||
#define EVP_MD_CTX_size(e) EVP_MD_size(EVP_MD_CTX_md(e))
|
||||
#define EVP_MD_CTX_block_size(e) EVP_MD_block_size((e)->digest)
|
||||
#define EVP_MD_CTX_type(e) EVP_MD_type((e)->digest)
|
||||
|
||||
@@ -56,6 +56,11 @@ EVP digest routines
|
||||
const EVP_MD *EVP_mdc2(void);
|
||||
const EVP_MD *EVP_ripemd160(void);
|
||||
|
||||
const EVP_MD *EVP_sha224(void);
|
||||
const EVP_MD *EVP_sha256(void);
|
||||
const EVP_MD *EVP_sha384(void);
|
||||
const EVP_MD *EVP_sha512(void);
|
||||
|
||||
const EVP_MD *EVP_get_digestbyname(const char *name);
|
||||
#define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a))
|
||||
#define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a))
|
||||
@@ -124,12 +129,14 @@ B<EVP_MD_CTX>.
|
||||
|
||||
EVP_MD_pkey_type() returns the NID of the public key signing algorithm associated
|
||||
with this digest. For example EVP_sha1() is associated with RSA so this will
|
||||
return B<NID_sha1WithRSAEncryption>. This "link" between digests and signature
|
||||
algorithms may not be retained in future versions of OpenSSL.
|
||||
return B<NID_sha1WithRSAEncryption>. Since digests and signature algorithms
|
||||
are no longer linked this function is only retained for compatibility
|
||||
reasons.
|
||||
|
||||
EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_mdc2() and EVP_ripemd160()
|
||||
return B<EVP_MD> structures for the MD2, MD5, SHA, SHA1, MDC2 and RIPEMD160 digest
|
||||
algorithms respectively. The associated signature algorithm is RSA in each case.
|
||||
EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_sha224(), EVP_sha256(),
|
||||
EVP_sha384(), EVP_sha512(), EVP_mdc2() and EVP_ripemd160() return B<EVP_MD>
|
||||
structures for the MD2, MD5, SHA, SHA1, SHA224, SHA256, SHA384, SHA512, MDC2
|
||||
and RIPEMD160 digest algorithms respectively.
|
||||
|
||||
EVP_dss() and EVP_dss1() return B<EVP_MD> structures for SHA and SHA1 digest
|
||||
algorithms but using DSS (DSA) for the signature algorithm. Note: there is
|
||||
@@ -171,8 +178,8 @@ The B<EVP> interface to message digests should almost always be used in
|
||||
preference to the low level interfaces. This is because the code then becomes
|
||||
transparent to the digest used and much more flexible.
|
||||
|
||||
SHA1 is the digest of choice for new applications. The other digest algorithms
|
||||
are still in common use.
|
||||
New applications should use the SHA2 digest algorithms such as SHA256.
|
||||
The other digest algorithms are still in common use.
|
||||
|
||||
For most applications the B<impl> parameter to EVP_DigestInit_ex() will be
|
||||
set to NULL to use the default digest implementation.
|
||||
@@ -187,6 +194,19 @@ implementations of digests to be specified.
|
||||
In OpenSSL 0.9.7 and later if digest contexts are not cleaned up after use
|
||||
memory leaks will occur.
|
||||
|
||||
Stack allocation of EVP_MD_CTX structures is common, for example:
|
||||
|
||||
EVP_MD_CTX mctx;
|
||||
EVP_MD_CTX_init(&mctx);
|
||||
|
||||
This will cause binary compatibility issues if the size of EVP_MD_CTX
|
||||
structure changes (this will only happen with a major release of OpenSSL).
|
||||
Applications wishing to avoid this should use EVP_MD_CTX_create() instead:
|
||||
|
||||
EVP_MD_CTX *mctx;
|
||||
mctx = EVP_MD_CTX_create();
|
||||
|
||||
|
||||
=head1 EXAMPLE
|
||||
|
||||
This example digests the data "Test Message\n" and "Hello World\n", using the
|
||||
@@ -197,7 +217,7 @@ digest name passed on the command line.
|
||||
|
||||
main(int argc, char *argv[])
|
||||
{
|
||||
EVP_MD_CTX mdctx;
|
||||
EVP_MD_CTX *mdctx;
|
||||
const EVP_MD *md;
|
||||
char mess1[] = "Test Message\n";
|
||||
char mess2[] = "Hello World\n";
|
||||
@@ -218,12 +238,12 @@ digest name passed on the command line.
|
||||
exit(1);
|
||||
}
|
||||
|
||||
EVP_MD_CTX_init(&mdctx);
|
||||
EVP_DigestInit_ex(&mdctx, md, NULL);
|
||||
EVP_DigestUpdate(&mdctx, mess1, strlen(mess1));
|
||||
EVP_DigestUpdate(&mdctx, mess2, strlen(mess2));
|
||||
EVP_DigestFinal_ex(&mdctx, md_value, &md_len);
|
||||
EVP_MD_CTX_cleanup(&mdctx);
|
||||
mdctx = EVP_MD_CTX_create();
|
||||
EVP_DigestInit_ex(mdctx, md, NULL);
|
||||
EVP_DigestUpdate(mdctx, mess1, strlen(mess1));
|
||||
EVP_DigestUpdate(mdctx, mess2, strlen(mess2));
|
||||
EVP_DigestFinal_ex(mdctx, md_value, &md_len);
|
||||
EVP_MD_CTX_destroy(mdctx);
|
||||
|
||||
printf("Digest is: ");
|
||||
for(i = 0; i < md_len; i++) printf("%02x", md_value[i]);
|
||||
|
||||
@@ -2,15 +2,15 @@
|
||||
%define libmaj 1
|
||||
%define libmin 0
|
||||
%define librel 1
|
||||
#%define librev a
|
||||
%define librev a
|
||||
Release: 1
|
||||
|
||||
%define openssldir /var/ssl
|
||||
|
||||
Summary: Secure Sockets Layer and cryptography libraries and tools
|
||||
Name: openssl
|
||||
Version: %{libmaj}.%{libmin}.%{librel}
|
||||
#Version: %{libmaj}.%{libmin}.%{librel}%{librev}
|
||||
#Version: %{libmaj}.%{libmin}.%{librel}
|
||||
Version: %{libmaj}.%{libmin}.%{librel}%{librev}
|
||||
Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
|
||||
Copyright: Freely distributable
|
||||
Group: System Environment/Libraries
|
||||
|
||||
@@ -538,6 +538,7 @@ err:
|
||||
|
||||
BIO *BIO_new_ssl_connect(SSL_CTX *ctx)
|
||||
{
|
||||
#ifndef OPENSSL_NO_SOCK
|
||||
BIO *ret=NULL,*con=NULL,*ssl=NULL;
|
||||
|
||||
if ((con=BIO_new(BIO_s_connect())) == NULL)
|
||||
@@ -549,6 +550,7 @@ BIO *BIO_new_ssl_connect(SSL_CTX *ctx)
|
||||
return(ret);
|
||||
err:
|
||||
if (con != NULL) BIO_free(con);
|
||||
#endif
|
||||
return(NULL);
|
||||
}
|
||||
|
||||
|
||||
@@ -412,7 +412,7 @@ int dtls1_check_timeout_num(SSL *s)
|
||||
if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT)
|
||||
{
|
||||
/* fail the connection, enough alerts have been sent */
|
||||
SSLerr(SSL_F_DTLS1_HANDLE_TIMEOUT,SSL_R_READ_TIMEOUT_EXPIRED);
|
||||
SSLerr(SSL_F_DTLS1_CHECK_TIMEOUT_NUM,SSL_R_READ_TIMEOUT_EXPIRED);
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
||||
@@ -920,7 +920,7 @@ int dtls1_send_server_hello(SSL *s)
|
||||
p=s->s3->server_random;
|
||||
Time=(unsigned long)time(NULL); /* Time */
|
||||
l2n(Time,p);
|
||||
RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
|
||||
RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4);
|
||||
/* Do the message type and length last */
|
||||
d=p= &(buf[DTLS1_HM_HEADER_LENGTH]);
|
||||
|
||||
|
||||
@@ -287,12 +287,14 @@ static int ssl23_client_hello(SSL *s)
|
||||
|
||||
if (ssl2_compat && ssl23_no_ssl2_ciphers(s))
|
||||
ssl2_compat = 0;
|
||||
|
||||
#ifndef OPENSSL_NO_TLS1_2_CLIENT
|
||||
if (!(s->options & SSL_OP_NO_TLSv1_2))
|
||||
{
|
||||
version = TLS1_2_VERSION;
|
||||
}
|
||||
else if (!(s->options & SSL_OP_NO_TLSv1_1))
|
||||
else
|
||||
#endif
|
||||
if (!(s->options & SSL_OP_NO_TLSv1_1))
|
||||
{
|
||||
version = TLS1_1_VERSION;
|
||||
}
|
||||
@@ -467,6 +469,15 @@ static int ssl23_client_hello(SSL *s)
|
||||
SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
|
||||
return -1;
|
||||
}
|
||||
#ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH
|
||||
/* Some servers hang if client hello > 256 bytes
|
||||
* as hack workaround chop number of supported ciphers
|
||||
* to keep it well below this if we use TLS v1.2
|
||||
*/
|
||||
if (TLS1_get_version(s) >= TLS1_2_VERSION
|
||||
&& i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH)
|
||||
i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1;
|
||||
#endif
|
||||
s2n(i,p);
|
||||
p+=i;
|
||||
|
||||
@@ -521,8 +532,13 @@ static int ssl23_client_hello(SSL *s)
|
||||
d=buf;
|
||||
*(d++) = SSL3_RT_HANDSHAKE;
|
||||
*(d++) = version_major;
|
||||
*(d++) = version_minor; /* arguably we should send the *lowest* suported version here
|
||||
* (indicating, e.g., TLS 1.0 in "SSL 3.0 format") */
|
||||
/* Some servers hang if we use long client hellos
|
||||
* and a record number > TLS 1.0.
|
||||
*/
|
||||
if (TLS1_get_client_version(s) > TLS1_VERSION)
|
||||
*(d++) = 1;
|
||||
else
|
||||
*(d++) = version_minor;
|
||||
s2n((int)l,d);
|
||||
|
||||
/* number of bytes to write */
|
||||
|
||||
@@ -755,6 +755,15 @@ int ssl3_client_hello(SSL *s)
|
||||
SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
|
||||
goto err;
|
||||
}
|
||||
#ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH
|
||||
/* Some servers hang if client hello > 256 bytes
|
||||
* as hack workaround chop number of supported ciphers
|
||||
* to keep it well below this if we use TLS v1.2
|
||||
*/
|
||||
if (TLS1_get_version(s) >= TLS1_2_VERSION
|
||||
&& i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH)
|
||||
i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1;
|
||||
#endif
|
||||
s2n(i,p);
|
||||
p+=i;
|
||||
|
||||
|
||||
26
ssl/s3_lib.c
26
ssl/s3_lib.c
@@ -1081,7 +1081,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||
SSL_aRSA,
|
||||
SSL_eNULL,
|
||||
SSL_SHA256,
|
||||
SSL_SSLV3,
|
||||
SSL_TLSV1_2,
|
||||
SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
||||
0,
|
||||
@@ -1097,7 +1097,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||
SSL_aRSA,
|
||||
SSL_AES128,
|
||||
SSL_SHA256,
|
||||
SSL_TLSV1,
|
||||
SSL_TLSV1_2,
|
||||
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
||||
128,
|
||||
@@ -1113,7 +1113,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||
SSL_aRSA,
|
||||
SSL_AES256,
|
||||
SSL_SHA256,
|
||||
SSL_TLSV1,
|
||||
SSL_TLSV1_2,
|
||||
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
||||
256,
|
||||
@@ -1129,7 +1129,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||
SSL_aDH,
|
||||
SSL_AES128,
|
||||
SSL_SHA256,
|
||||
SSL_TLSV1,
|
||||
SSL_TLSV1_2,
|
||||
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
||||
128,
|
||||
@@ -1145,7 +1145,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||
SSL_aDH,
|
||||
SSL_AES128,
|
||||
SSL_SHA256,
|
||||
SSL_TLSV1,
|
||||
SSL_TLSV1_2,
|
||||
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
||||
128,
|
||||
@@ -1161,7 +1161,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||
SSL_aDSS,
|
||||
SSL_AES128,
|
||||
SSL_SHA256,
|
||||
SSL_TLSV1,
|
||||
SSL_TLSV1_2,
|
||||
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
||||
128,
|
||||
@@ -1395,7 +1395,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||
SSL_aRSA,
|
||||
SSL_AES128,
|
||||
SSL_SHA256,
|
||||
SSL_TLSV1,
|
||||
SSL_TLSV1_2,
|
||||
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
||||
128,
|
||||
@@ -1411,7 +1411,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||
SSL_aDH,
|
||||
SSL_AES256,
|
||||
SSL_SHA256,
|
||||
SSL_TLSV1,
|
||||
SSL_TLSV1_2,
|
||||
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
||||
256,
|
||||
@@ -1427,7 +1427,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||
SSL_aDH,
|
||||
SSL_AES256,
|
||||
SSL_SHA256,
|
||||
SSL_TLSV1,
|
||||
SSL_TLSV1_2,
|
||||
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
||||
256,
|
||||
@@ -1443,7 +1443,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||
SSL_aDSS,
|
||||
SSL_AES256,
|
||||
SSL_SHA256,
|
||||
SSL_TLSV1,
|
||||
SSL_TLSV1_2,
|
||||
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
||||
256,
|
||||
@@ -1459,7 +1459,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||
SSL_aRSA,
|
||||
SSL_AES256,
|
||||
SSL_SHA256,
|
||||
SSL_TLSV1,
|
||||
SSL_TLSV1_2,
|
||||
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
||||
256,
|
||||
@@ -1475,7 +1475,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||
SSL_aNULL,
|
||||
SSL_AES128,
|
||||
SSL_SHA256,
|
||||
SSL_TLSV1,
|
||||
SSL_TLSV1_2,
|
||||
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
||||
128,
|
||||
@@ -1491,7 +1491,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||
SSL_aNULL,
|
||||
SSL_AES256,
|
||||
SSL_SHA256,
|
||||
SSL_TLSV1,
|
||||
SSL_TLSV1_2,
|
||||
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
||||
256,
|
||||
|
||||
17
ssl/s3_pkt.c
17
ssl/s3_pkt.c
@@ -664,10 +664,14 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
|
||||
if ( (sess == NULL) ||
|
||||
(s->enc_write_ctx == NULL) ||
|
||||
(EVP_MD_CTX_md(s->write_hash) == NULL))
|
||||
{
|
||||
#if 1
|
||||
clear=s->enc_write_ctx?0:1; /* must be AEAD cipher */
|
||||
#else
|
||||
clear=1;
|
||||
|
||||
if (clear)
|
||||
#endif
|
||||
mac_size=0;
|
||||
}
|
||||
else
|
||||
{
|
||||
mac_size=EVP_MD_CTX_size(s->write_hash);
|
||||
@@ -736,7 +740,14 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
|
||||
wr->type=type;
|
||||
|
||||
*(p++)=(s->version>>8);
|
||||
*(p++)=s->version&0xff;
|
||||
/* Some servers hang if iniatial client hello is larger than 256
|
||||
* bytes and record version number > TLS 1.0
|
||||
*/
|
||||
if (s->state == SSL3_ST_CW_CLNT_HELLO_B
|
||||
&& TLS1_get_version(s) > TLS1_VERSION)
|
||||
*(p++) = 0x1;
|
||||
else
|
||||
*(p++)=s->version&0xff;
|
||||
|
||||
/* field where we are to write out packet length */
|
||||
plen=p;
|
||||
|
||||
@@ -2930,7 +2930,7 @@ int ssl3_get_cert_verify(SSL *s)
|
||||
if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY)
|
||||
{
|
||||
s->s3->tmp.reuse_message=1;
|
||||
if ((peer != NULL) && (type | EVP_PKT_SIGN))
|
||||
if ((peer != NULL) && (type & EVP_PKT_SIGN))
|
||||
{
|
||||
al=SSL_AD_UNEXPECTED_MESSAGE;
|
||||
SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_MISSING_VERIFY_MESSAGE);
|
||||
|
||||
@@ -2058,6 +2058,7 @@ void ERR_load_SSL_strings(void);
|
||||
#define SSL_F_DTLS1_ACCEPT 246
|
||||
#define SSL_F_DTLS1_ADD_CERT_TO_BUF 295
|
||||
#define SSL_F_DTLS1_BUFFER_RECORD 247
|
||||
#define SSL_F_DTLS1_CHECK_TIMEOUT_NUM 316
|
||||
#define SSL_F_DTLS1_CLIENT_HELLO 248
|
||||
#define SSL_F_DTLS1_CONNECT 249
|
||||
#define SSL_F_DTLS1_ENC 250
|
||||
|
||||
@@ -616,18 +616,19 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
|
||||
{
|
||||
const EVP_CIPHER *evp;
|
||||
|
||||
if (s->ssl_version >= TLS1_VERSION &&
|
||||
c->algorithm_enc == SSL_RC4 &&
|
||||
if (s->ssl_version>>8 != TLS1_VERSION_MAJOR ||
|
||||
s->ssl_version < TLS1_VERSION)
|
||||
return 1;
|
||||
|
||||
if (c->algorithm_enc == SSL_RC4 &&
|
||||
c->algorithm_mac == SSL_MD5 &&
|
||||
(evp=EVP_get_cipherbyname("RC4-HMAC-MD5")))
|
||||
*enc = evp, *md = NULL;
|
||||
else if (s->ssl_version >= TLS1_VERSION &&
|
||||
c->algorithm_enc == SSL_AES128 &&
|
||||
else if (c->algorithm_enc == SSL_AES128 &&
|
||||
c->algorithm_mac == SSL_SHA1 &&
|
||||
(evp=EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1")))
|
||||
*enc = evp, *md = NULL;
|
||||
else if (s->ssl_version >= TLS1_VERSION &&
|
||||
c->algorithm_enc == SSL_AES256 &&
|
||||
else if (c->algorithm_enc == SSL_AES256 &&
|
||||
c->algorithm_mac == SSL_SHA1 &&
|
||||
(evp=EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1")))
|
||||
*enc = evp, *md = NULL;
|
||||
|
||||
@@ -80,6 +80,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
|
||||
{ERR_FUNC(SSL_F_DTLS1_ACCEPT), "DTLS1_ACCEPT"},
|
||||
{ERR_FUNC(SSL_F_DTLS1_ADD_CERT_TO_BUF), "DTLS1_ADD_CERT_TO_BUF"},
|
||||
{ERR_FUNC(SSL_F_DTLS1_BUFFER_RECORD), "DTLS1_BUFFER_RECORD"},
|
||||
{ERR_FUNC(SSL_F_DTLS1_CHECK_TIMEOUT_NUM), "DTLS1_CHECK_TIMEOUT_NUM"},
|
||||
{ERR_FUNC(SSL_F_DTLS1_CLIENT_HELLO), "DTLS1_CLIENT_HELLO"},
|
||||
{ERR_FUNC(SSL_F_DTLS1_CONNECT), "DTLS1_CONNECT"},
|
||||
{ERR_FUNC(SSL_F_DTLS1_ENC), "DTLS1_ENC"},
|
||||
|
||||
@@ -544,7 +544,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
|
||||
}
|
||||
skip_ext:
|
||||
|
||||
if (TLS1_get_version(s) >= TLS1_2_VERSION)
|
||||
if (TLS1_get_client_version(s) >= TLS1_2_VERSION)
|
||||
{
|
||||
if ((size_t)(limit - ret) < sizeof(tls12_sigalgs) + 6)
|
||||
return NULL;
|
||||
|
||||
@@ -11,6 +11,7 @@ CONFIG_OPTIONS="--prefix=/usr shared zlib no-idea no-rc5"
|
||||
INSTALL_PREFIX=/tmp/install/INSTALL
|
||||
|
||||
VERSION=
|
||||
SHLIB_VERSION_NUMBER=
|
||||
SUBVERSION=$1
|
||||
|
||||
function cleanup()
|
||||
@@ -28,6 +29,13 @@ function get_openssl_version()
|
||||
echo " Check value of variable VERSION in Makefile."
|
||||
exit 1
|
||||
fi
|
||||
eval `grep '^SHLIB_VERSION_NUMBER=' Makefile`
|
||||
if [ -z "${SHLIB_VERSION_NUMBER}" ]
|
||||
then
|
||||
echo "Error: Couldn't retrieve OpenSSL shared lib version from Makefile."
|
||||
echo " Check value of variable SHLIB_VERSION_NUMBER in Makefile."
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
function base_install()
|
||||
@@ -124,7 +132,7 @@ strip usr/bin/*.exe usr/bin/*.dll usr/lib/engines/*.so
|
||||
chmod u-w usr/lib/engines/*.so
|
||||
|
||||
# Runtime package
|
||||
tar cjf libopenssl${VERSION//[!0-9]/}-${VERSION}-${SUBVERSION}.tar.bz2 \
|
||||
tar cjf libopenssl${SHLIB_VERSION_NUMBER//[!0-9]/}-${VERSION}-${SUBVERSION}.tar.bz2 \
|
||||
usr/bin/cyg*dll
|
||||
# Base package
|
||||
find etc usr/bin/openssl.exe usr/bin/c_rehash usr/lib/engines usr/share/doc \
|
||||
@@ -139,7 +147,7 @@ tar cjfT openssl-devel-${VERSION}-${SUBVERSION}.tar.bz2 -
|
||||
|
||||
ls -l openssl-${VERSION}-${SUBVERSION}.tar.bz2
|
||||
ls -l openssl-devel-${VERSION}-${SUBVERSION}.tar.bz2
|
||||
ls -l libopenssl${VERSION//[!0-9]/}-${VERSION}-${SUBVERSION}.tar.bz2
|
||||
ls -l libopenssl${SHLIB_VERSION_NUMBER//[!0-9]/}-${VERSION}-${SUBVERSION}.tar.bz2
|
||||
|
||||
cleanup
|
||||
|
||||
|
||||
Reference in New Issue
Block a user