Compare commits

...

98 Commits

Author SHA1 Message Date
Dr. Stephen Henson
0d8776344c Prepare for 1.0.1f release 2014-01-06 14:36:07 +00:00
Dr. Stephen Henson
197e0ea817 Fix for TLS record tampering bug CVE-2013-4353 2014-01-06 14:35:04 +00:00
Dr. Stephen Henson
c776a3f398 make update 2014-01-06 13:33:27 +00:00
Dr. Stephen Henson
25c9fa6026 Restore SSL_OP_MSIE_SSLV2_RSA_PADDING
The flag SSL_OP_MSIE_SSLV2_RSA_PADDING hasn't done anything since OpenSSL
0.9.7h but deleting it will break source compatibility with any software
that references it. Restore it but #define to zero.
(cherry picked from commit b17d6b8d1d)
2014-01-04 14:00:44 +00:00
Dr. Stephen Henson
d2dc33d57c update NEWS 2014-01-02 19:02:28 +00:00
Dr. Stephen Henson
f3dcc8411e Don't change version number if session established
When sending an invalid version number alert don't change the
version number to the client version if a session is already
established.

Thanks to Marek Majkowski for additional analysis of this issue.

PR#3191
2014-01-02 15:12:48 +00:00
Dr. Stephen Henson
1c2c5e402a Don't use rdrand engine as default unless explicitly requested.
(cherry picked from commit 8f68678989)
2013-12-22 16:08:01 +00:00
Dr. Stephen Henson
34628967f1 Fix DTLS retransmission from previous session.
For DTLS we might need to retransmit messages from the previous session
so keep a copy of write context in DTLS retransmission buffers instead
of replacing it after sending CCS. CVE-2013-6450.
2013-12-20 23:12:18 +00:00
Dr. Stephen Henson
a6c62f0c25 Ignore NULL parameter in EVP_MD_CTX_destroy. 2013-12-20 22:52:41 +00:00
Dr. Stephen Henson
ca989269a2 Use version in SSL_METHOD not SSL structure.
When deciding whether to use TLS 1.2 PRF and record hash algorithms
use the version number in the corresponding SSL_METHOD structure
instead of the SSL structure. The SSL structure version is sometimes
inaccurate. Note: OpenSSL 1.0.2 and later effectively do this already.
(CVE-2013-6449)
2013-12-19 21:04:28 +00:00
Andy Polyakov
2ec4181ba9 sha512.c: fullfull implicit API contract in SHA512_Transform.
SHA512_Transform was initially added rather as tribute to tradition
than for practucal reasons. But use was recently found in ssl/s3_cbc.c
and it turned to be problematic on platforms that don't tolerate
misasligned references to memory and lack assembly subroutine.
(cherry picked from commit cdd1acd788)
2013-12-18 23:03:03 +01:00
Dr. Stephen Henson
0294b2be5f Check EVP errors for handshake digests.
Partial mitigation of PR#3200
2013-12-18 13:26:10 +00:00
Dr. Stephen Henson
f1068a1ab7 Get FIPS checking logic right.
We need to lock when *not* in FIPS mode.
(cherry picked from commit 57c4e42d75)
2013-12-10 12:54:55 +00:00
Dr. Stephen Henson
cadde467a8 remove obsolete STATUS file 2013-12-10 00:10:53 +00:00
Dr. Stephen Henson
c2bdcba347 Add release dates to NEWS 2013-12-09 23:55:12 +00:00
Dr. Stephen Henson
60df657b3a make update 2013-12-08 13:23:14 +00:00
Dr. Stephen Henson
17a2d0801f Avoid multiple locks in FIPS mode.
PR: 3176.

In FIPS mode ssleay_rand_bytes is only used for PRNG seeding and is
performed in either a single threaded context (when the PRNG is first
initialised) or under a lock (reseeding). To avoid multiple locks disable
use of CRYPTO_LOCK_RAND in FIPS mode in ssleay_rand_bytes.
(cherry picked from commit 53142f72c9b9c9bad2f39ca6200a4f04f5c8001c)
2013-12-08 13:23:14 +00:00
Andy Polyakov
accb3007ac bn/asm/x86_64-mont5.pl: comply with Win64 ABI.
PR: 3189
Submitted by: Oscar Ciurana
(cherry picked from commit c5d5f5bd0f)
2013-12-04 00:03:46 +01:00
Dr. Stephen Henson
b13dff6141 Simplify and update openssl.spec 2013-11-27 15:38:04 +00:00
Andy Polyakov
4ade6a8ca4 srp/srp_grps.h: make it Compaq C-friendly.
PR: 3165
Submitted by: Daniel Richard G.
(cherry picked from commit 2df9ec01d5)
(cherry picked from commit 0de70011ad)
2013-11-12 22:20:45 +01:00
Andy Polyakov
00fadef414 modes/asm/ghash-alpha.pl: update from HEAD.
PR: 3165
(cherry picked from commit 220d1e5353)
2013-11-12 22:01:31 +01:00
Andy Polyakov
7ed244a0b3 Make Makefiles OSF-make-friendly.
PR: 3165
(cherry picked from commit d1cf23ac86)
2013-11-12 22:01:20 +01:00
Dr. Stephen Henson
e94a23876c Fix memory leak.
(cherry picked from commit 16bc45ba95)
2013-11-11 23:55:40 +00:00
Dr. Stephen Henson
041f681943 Typo.
(cherry picked from commit 5c50462e1e)
2013-11-11 22:24:40 +00:00
Andy Polyakov
afec9f57da Makefile.org: make FIPS build work with BSD make.
(cherry picked from commit 60adefa610)
2013-11-10 23:08:25 +01:00
Dr. Stephen Henson
0ec1a77891 Check for missing components in RSA_check.
(cherry picked from commit 01be36ef70525e81fc358d2e559bdd0a0d9427a5)
2013-11-09 15:09:21 +00:00
Dr. Stephen Henson
62c2b6d944 Document RSAPublicKey_{in,out} options.
(cherry picked from commit 7040d73d22987532faa503630d6616cf2788c975)
2013-11-09 15:09:21 +00:00
Andy Polyakov
5b98979712 engines/ccgost/gost89.h: make word32 defintion unconditional.
Original definition depended on __LONG_MAX__ that is not guaranteed to
be present. As we don't support platforms with int narrower that 32 bits
it's appropriate to make defition inconditional.

PR: 3165
(cherry picked from commit 96180cac04)
2013-11-08 23:09:26 +01:00
Andy Polyakov
9abbf5cce7 modes/asm/ghash-alpha.pl: make it work with older assembler.
PR: 3165
(cherry picked from commit d24d1d7daf)
2013-11-08 23:09:13 +01:00
Dr. Stephen Henson
ddfe486e4c Enable PSK in FIPS mode.
Enable PSK ciphersuites with AES or DES3 in FIPS mode.
(cherry picked from commit e0ffd129c1)
2013-11-06 14:40:01 +00:00
Dr. Stephen Henson
834d30bc63 Initialise context before using it.
(cherry picked from commit a4947e4e06)
2013-11-06 13:19:23 +00:00
Ben Laurie
e26faa9e0c PBKDF2 should be efficient. Contributed by Christian Heimes
<christian@python.org>.
2013-11-03 17:33:54 +00:00
Robin Seggelmann
025f7dbdd1 DTLS/SCTP Finished Auth Bug
PR: 2808

With DTLS/SCTP the SCTP extension SCTP-AUTH is used to protect DATA and
FORWARD-TSN chunks. The key for this extension is derived from the
master secret and changed with the next ChangeCipherSpec, whenever a new
key has been negotiated. The following Finished then already uses the
new key.  Unfortunately, the ChangeCipherSpec and Finished are part of
the same flight as the ClientKeyExchange, which is necessary for the
computation of the new secret. Hence, these messages are sent
immediately following each other, leaving the server very little time to
compute the new secret and pass it to SCTP before the finished arrives.
So the Finished is likely to be discarded by SCTP and a retransmission
becomes necessary. To prevent this issue, the Finished of the client is
still sent with the old key.
(cherry picked from commit 9fb523adce)
(cherry picked from commit b9ef52b078)
2013-11-01 22:44:20 +00:00
Robin Seggelmann
44f4934bde DTLS/SCTP struct authchunks Bug
PR: 2809

DTLS/SCTP requires DATA and FORWARD-TSN chunks to be protected with
SCTP-AUTH.  It is checked if this has been activated successfully for
the local and remote peer. Due to a bug, however, the
gauth_number_of_chunks field of the authchunks struct is missing on
FreeBSD, and was therefore not considered in the OpenSSL implementation.
This patch sets the corresponding pointer for the check correctly
whether or not this bug is present.
(cherry picked from commit f596e3c491)
(cherry picked from commit b814081136)
2013-11-01 22:44:06 +00:00
Nick Mathewson
453ca706cc Fix another gmt_unix_time case in server_random 2013-10-20 15:14:40 -07:00
Dr. Stephen Henson
5e1ff664f9 Don't use RSA+MD5 with TLS 1.2
Since the TLS 1.2 supported signature algorithms extension is less
sophisticaed in OpenSSL 1.0.1 this has to be done in two stages.

RSA+MD5 is removed from supported signature algorithms extension:
any compliant implementation should never use RSA+MD5 as a result.

To cover the case of a broken implementation using RSA+MD5 anyway
disable lookup of MD5 algorithm in TLS 1.2.
2013-10-20 12:23:27 +01:00
Ben Laurie
833a896681 More cleanup. 2013-10-19 12:37:15 +01:00
Ben Laurie
34e43b909f Cleanup. 2013-10-19 12:34:15 +01:00
Ben Laurie
62036c6fc3 Merge branch 'no_gmt_unix_time' of git://github.com/nmathewson/openssl into OpenSSL_1_0_1-stable 2013-10-19 11:46:32 +01:00
Andy Polyakov
68dd8512b7 MIPS assembly pack: get rid of deprecated instructions.
Latest MIPS ISA specification declared 'branch likely' instructions
obsolete. To makes code future-proof replace them with equivalent.
(cherry picked from commit 0c2adb0a9b)
2013-10-13 13:19:12 +02:00
Andy Polyakov
bbf9f3c654 aes/asm/bsaes-x86_64.pl: update from master.
Performance improvement and Windows-specific bugfix (PR#3139).
(cherry picked from commit 9ed6fba2b4)
2013-10-12 21:50:15 +02:00
Nick Mathewson
2583270191 Control sending time with SSL_SEND_{CLIENT,SERVER}RANDOM_MODE
(I'd rather use an option, but it appears that the options field is
full.)

Now, we send the time in the gmt_unix_time field if the appropriate
one of these mode options is set, but randomize the field if the flag
is not set.
2013-10-09 10:37:53 -04:00
Nick Mathewson
3da721dac9 Refactor {client,server}_random to call an intermediate function
I'll be using this to make an option for randomizing the time.
2013-10-09 10:28:42 -04:00
Andy Polyakov
eb22b7ec75 evp/e_des3.c: fix typo with potential integer overflow on 32-bit platforms.
Submitted by: Yuriy Kaminskiy
(cherry picked from commit 524b00c0da)

Resolved conflicts:

	crypto/evp/e_des3.c
2013-10-03 11:11:44 +02:00
Ben Laurie
b93916149d Constification. 2013-10-01 14:53:18 +01:00
Dr. Stephen Henson
82f42a1d2e Typo.
(cherry picked from commit 415ece7301)
2013-09-30 14:20:42 +01:00
Dr. Stephen Henson
a4870de5aa Disable Dual EC DRBG.
Return an error if an attempt is made to enable the Dual EC DRBG: it
is not used by default.
2013-09-22 18:24:12 +01:00
Dr. Stephen Henson
39aabe59c8 Fix warning. 2013-09-22 18:24:12 +01:00
Nick Mathewson
f4c93b46ed Do not include a timestamp in the ServerHello Random field.
Instead, send random bytes.
2013-09-16 13:44:10 -04:00
Nick Mathewson
4af793036f Do not include a timestamp in the ClientHello Random field.
Instead, send random bytes.

While the gmt_unix_time record was added in an ostensible attempt to
mitigate the dangers of a bad RNG, its presence leaks the host's view
of the current time in the clear.  This minor leak can help
fingerprint TLS instances across networks and protocols... and what's
worse, it's doubtful thet the gmt_unix_time record does any good at
all for its intended purpose, since:

    * It's quite possible to open two TLS connections in one second.
    * If the PRNG output is prone to repeat itself, ephemeral
    * handshakes (and who knows what else besides) are broken.
2013-09-16 13:44:10 -04:00
Rob Stradling
13bca90ac5 Update CHANGES. 2013-09-16 15:17:37 +01:00
Rob Stradling
c9a6ddafc5 Tidy up comments. 2013-09-16 15:07:52 +01:00
Rob Stradling
f4a51970d2 Use TLS version supplied by client when fingerprinting Safari. 2013-09-16 15:07:52 +01:00
Rob Stradling
937f125efc Fix compilation with no-ec and/or no-tlsext. 2013-09-16 15:07:52 +01:00
Rob Stradling
4b61f6d2a6 Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X.
OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.
2013-09-16 15:07:51 +01:00
Ben Laurie
d5bff72615 Remove AVX and VIS3 support. 2013-09-16 15:05:21 +01:00
Andy Polyakov
3b4be0018b gcm128.c: update from master (add AVX and VIS3 support). 2013-09-16 14:14:56 +01:00
Andy Polyakov
125c2ed8a3 crypto/modes: even more strict aliasing fixes [and fix bug in cbc128.c from
previous cbc128.c commit].
2013-09-16 14:12:25 +01:00
Andy Polyakov
09da95542a cbc128.c: fix strict aliasing warning. 2013-09-16 14:11:53 +01:00
Bodo Moeller
cc53b38574 Sync CHANGES and NEWS files. 2013-09-16 14:47:56 +02:00
Bodo Moeller
0aeeae0c9c Fix overly lenient comparisons:
- EC_GROUP_cmp shouldn't consider curves equal just because
      the curve name is the same. (They really *should* be the same
      in this case, but there's an EC_GROUP_set_curve_name API,
      which could be misused.)

    - EC_POINT_cmp shouldn't return 0 for ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
      or EC_R_INCOMPATIBLE_OBJECTS errors because in a cmp API, 0 indicates
      equality (not an error).

    Reported by: king cope

(cherry picked from commit 312a46791ab465cfa3bf26764361faed0e5df014)
2013-09-16 13:09:27 +02:00
Andy Polyakov
00c991f028 crypto/armcap.c: fix typo in rdtsc subroutine.
PR: 3125
Submitted by: Kyle McMartin
(cherry picked from commit 8e52a9063a)
2013-09-15 22:11:34 +02:00
Dr. Stephen Henson
55856a7b74 Correct ECDSA example.
(cherry picked from commit 3a918ea2bbf4175d9461f81be1403d3781b2c0dc)
2013-08-20 17:30:38 +01:00
Michael Tuexen
83a3af9f4e DTLS message_sequence number wrong in rehandshake ServerHello
This fix ensures that
* A HelloRequest is retransmitted if not responded by a ClientHello
* The HelloRequest "consumes" the sequence number 0. The subsequent
ServerHello uses the sequence number 1.
* The client also expects the sequence number of the ServerHello to
be 1 if a HelloRequest was received earlier.
This patch fixes the RFC violation.
(cherry picked from commit b62f4daac0)
2013-08-13 18:55:41 +01:00
Michael Tuexen
76bf0cf27c DTLS handshake fix.
Reported by: Prashant Jaikumar <rmstar@gmail.com>

Fix handling of application data received before a handshake.
(cherry picked from commit 0c75eeacd3)
2013-08-08 13:32:11 +01:00
Dr. Stephen Henson
7cf0529b52 Fix verify loop with CRL checking.
PR #3090
Reported by: Franck Youssef <fry@open.ch>

If no new reason codes are obtained after checking a CRL exit with an
error to avoid repeatedly checking the same CRL.

This will only happen if verify errors such as invalid CRL scope are
overridden in a callback.
(cherry picked from commit 4b26645c1a)
2013-08-06 16:08:09 +01:00
Kaspar Brand
6c03af135b Fix for PEM_X509_INFO_read_bio.
PR: 3028
Fix bug introduced in PEM_X509_INFO_bio which wouldn't process RSA keys
correctly if they appeared first.
(cherry picked from commit 5ae8d6bcba)
2013-08-06 16:05:19 +01:00
Andy Polyakov
5cd1aa4f15 crypto/evp/e_aes.c: fix logical pre-processor bug and formatting.
Bug would emerge when XTS is added to bsaes-armv7.pl. Pointed out by
Ard Biesheuvel of Linaro.
(cherry picked from commit 044f63086051d7542fa9485a1432498c39c4d8fa)
2013-08-03 17:08:43 +02:00
Andy Polyakov
04b80f4003 crypto/sha/asm/sha1-x86_64.pl: comply with Win64 ABI. 2013-07-31 23:53:49 +02:00
Andy Polyakov
591c55a981 config: fix executable format detection on latest FreeBSD.
Submitted by: Bryan Drewery
PR: 3075
(cherry picked from commit c256e69d3f)
2013-07-01 00:00:20 +02:00
Andy Polyakov
cd2693862b PA-RISC assembler pack: switch to bve in 64-bit builds.
PR: 3074
(cherry picked from commit 02450ec69d)
2013-06-30 23:15:53 +02:00
Dr. Stephen Henson
25370e93c6 Typo: don't call RAND_cleanup during app startup.
(cherry picked from commit 90e7f983b5)
2013-06-12 21:18:47 +01:00
Dr. Stephen Henson
cdb6c48445 Don't use RC2 with PKCS#12 files in FIPS mode. 2013-05-30 21:39:50 +01:00
Dr. Stephen Henson
04b727b4dd Fix PSS signature printing.
Fix PSS signature printing: consistently use 0x prefix for hex values for
padding length and trailer fields.
(cherry picked from commit deb24ad53147f5a8dd63416224a5edd7bbc0e74a)
2013-05-05 14:03:30 +01:00
Dr. Stephen Henson
cbd93a0636 Reencode with X509_CRL_ctx_sign too.
(cherry picked from commit 96940f4f2d0300c033379a87db0ff19e598c6264)
2013-05-03 13:06:18 +01:00
Dr. Stephen Henson
b9e84f007f Reencode certificates in X509_sign_ctx.
Reencode certificates in X509_sign_ctx as well as X509_sign.

This was causing a problem in the x509 application when it modified an
existing certificate.
(cherry picked from commit c6d8adb8a4)
2013-05-02 12:24:56 +01:00
Andy Polyakov
29a546720b crypto/modes/modes_lcl.h: let STRICT_ALIGNMENT be on ARMv7.
While ARMv7 in general is capable of unaligned access, not all instructions
actually are. And trouble is that compiler doesn't seem to differentiate
those capable and incapable of unaligned access. Side effect is that kernel
goes into endless loop retrying same instruction triggering unaligned trap.
Problem was observed in xts128.c and ccm128.c modules. It's possible to
resolve it by using (volatile u32*) casts, but letting STRICT_ALIGNMENT
be feels more appropriate.
(cherry picked from commit 3bdd80521a)
2013-04-13 21:19:31 +02:00
Dr. Stephen Henson
0e9dd387ea Set s->d1 to NULL after freeing it.
(cherry picked from commit 04638f2fc3)
2013-04-08 18:40:28 +01:00
Dr. Stephen Henson
79dabcc137 Typo.
(cherry picked from commit 0ded2a0689)
2013-03-31 17:43:58 +01:00
Dr. Stephen Henson
944bc29f90 Call RAND_cleanup in openssl application. 2013-03-28 14:28:06 +00:00
Matt Caswell
03e1b3a153 Make binary curve ASN.1 work in FIPS mode.
Don't check for binary curves by checking methods: the values will
be different in FIPS mode as they are redirected to the validated module
version.
(cherry picked from commit 94782e0e9c)
2013-03-26 16:58:40 +00:00
Dr. Stephen Henson
9c95ff968a Disable compression for DTLS.
The only standard compression method is stateful and is incompatible with
DTLS.
(cherry picked from commit e14b8410ca)
2013-03-19 13:47:29 +00:00
Andy Polyakov
96b680f210 x86cpuid.pl: make it work with older CPUs.
PR: 3005
(cherry picked from commit 5702e965d7)
2013-03-18 19:50:23 +01:00
Andy Polyakov
9ab3ce1246 e_aes_cbc_hmac_sha1.c: fix rare bad record mac on AES-NI plaforms.
PR: 3002
(cherry picked from commit 5c60046553)
2013-03-18 19:35:48 +01:00
Michael Tuexen
3972dbe462 Avoid unnecessary fragmentation.
(cherry picked from commit 80ccc66d7e)
2013-03-18 14:33:09 +00:00
Dr. Stephen Henson
85615e33e5 Encode INTEGER correctly.
If an ASN1_INTEGER structure is allocated but not explicitly set encode
it as zero: don't generate an invalid zero length INTEGER.
(cherry picked from commit 1643edc63c)
2013-03-18 14:21:56 +00:00
Dr. Stephen Henson
f4cfc3444a Merge branch 'OpenSSL_1_0_1-stable' of ../openssl into OpenSSL_1_0_1-stable 2013-03-18 14:00:13 +00:00
Dr. Stephen Henson
24f599af21 Typo.
(cherry picked from commit 1546fb780b)
2013-03-18 13:59:44 +00:00
Andy Polyakov
bca0d7fdb5 x86_64-gf2m.pl: fix typo.
(cherry picked from commit 342dbbbe4e)
2013-03-01 22:38:11 +01:00
Andy Polyakov
bc4ae2cb0b x86_64-gf2m.pl: add missing Windows build fix for #2963.
PR: 3004
(cherry picked from commit 7c43601d44)
2013-03-01 21:58:08 +01:00
Andy Polyakov
ef4b9f001a bn_nist.c: cumulative update from master.
PR: 2981, 2837
2013-02-16 11:40:35 +01:00
Nick Alcock
08f8933fa3 Fix POD errors to stop make install_docs dying with pod2man 2.5.0+
podlators 2.5.0 has switched to dying on POD syntax errors. This means
that a bunch of long-standing erroneous POD in the openssl documentation
now leads to fatal errors from pod2man, halting installation.

Unfortunately POD constraints mean that you have to sort numeric lists
in ascending order if they start with 1: you cannot do 1, 0, 2 even if
you want 1 to appear first. I've reshuffled such (alas, I wish there
were a better way but I don't know of one).
(cherry picked from commit 5cc2707742)
2013-02-15 19:40:09 +01:00
Andy Polyakov
41958376b5 cms-test.pl: make it work with not-so-latest perl.
(cherry picked from commit 9c437e2fad)
2013-02-14 16:39:33 +01:00
David Woodhouse
9fe4603b82 Check DTLS_BAD_VER for version number.
The version check for DTLS1_VERSION was redundant as
DTLS1_VERSION > TLS1_1_VERSION, however we do need to
check for DTLS1_BAD_VER for compatibility.

PR:2984
(cherry picked from commit d980abb22e)
2013-02-12 15:16:05 +00:00
Dr. Stephen Henson
147dbb2fe3 Fix for SSL_get_certificate
Now we set the current certificate to the one used by a server
there is no need to call ssl_get_server_send_cert which will
fail if we haven't sent a certificate yet.
2013-02-11 18:24:03 +00:00
Dr. Stephen Henson
cbf9b4aed3 Fix in ssltest is no-ssl2 configured 2013-02-11 18:17:50 +00:00
Dr. Stephen Henson
625a55324f update CHANGES 2013-02-11 16:35:10 +00:00
Dr. Stephen Henson
3151e328e0 prepare for next version 2013-02-11 16:14:11 +00:00
102 changed files with 1564 additions and 997 deletions

163
CHANGES
View File

@@ -2,9 +2,31 @@
OpenSSL CHANGES
_______________
Changes between 1.0.1e and 1.0.1f [6 Jan 2014]
*) Fix for TLS record tampering bug. A carefully crafted invalid
handshake could crash OpenSSL with a NULL pointer exception.
Thanks to Anton Johansson for reporting this issues.
(CVE-2013-4353)
*) Keep original DTLS digest and encryption contexts in retransmission
structures so we can use the previous session parameters if they need
to be resent. (CVE-2013-6450)
[Steve Henson]
*) Add option SSL_OP_SAFARI_ECDHE_ECDSA_BUG (part of SSL_OP_ALL) which
avoids preferring ECDHE-ECDSA ciphers when the client appears to be
Safari on OS X. Safari on OS X 10.8..10.8.3 advertises support for
several ECDHE-ECDSA ciphers, but fails to negotiate them. The bug
is fixed in OS X 10.8.4, but Apple have ruled out both hot fixing
10.8..10.8.3 and forcing users to upgrade to 10.8.4 or newer.
[Rob Stradling, Adam Langley]
Changes between 1.0.1d and 1.0.1e [11 Feb 2013]
*)
*) Correct fix for CVE-2013-0169. The original didn't work on AES-NI
supporting platforms or when small records were transferred.
[Andy Polyakov, Steve Henson]
Changes between 1.0.1c and 1.0.1d [5 Feb 2013]
@@ -404,6 +426,63 @@
Add command line options to s_client/s_server.
[Steve Henson]
Changes between 1.0.0j and 1.0.0k [5 Feb 2013]
*) Make the decoding of SSLv3, TLS and DTLS CBC records constant time.
This addresses the flaw in CBC record processing discovered by
Nadhem Alfardan and Kenny Paterson. Details of this attack can be found
at: http://www.isg.rhul.ac.uk/tls/
Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
Security Group at Royal Holloway, University of London
(www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and
Emilia K<>sper for the initial patch.
(CVE-2013-0169)
[Emilia K<>sper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson]
*) Return an error when checking OCSP signatures when key is NULL.
This fixes a DoS attack. (CVE-2013-0166)
[Steve Henson]
*) Call OCSP Stapling callback after ciphersuite has been chosen, so
the right response is stapled. Also change SSL_get_certificate()
so it returns the certificate actually sent.
See http://rt.openssl.org/Ticket/Display.html?id=2836.
(This is a backport)
[Rob Stradling <rob.stradling@comodo.com>]
*) Fix possible deadlock when decoding public keys.
[Steve Henson]
Changes between 1.0.0i and 1.0.0j [10 May 2012]
[NB: OpenSSL 1.0.0i and later 1.0.0 patch levels were released after
OpenSSL 1.0.1.]
*) Sanity check record length before skipping explicit IV in DTLS
to fix DoS attack.
Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
fuzzing as a service testing platform.
(CVE-2012-2333)
[Steve Henson]
*) Initialise tkeylen properly when encrypting CMS messages.
Thanks to Solar Designer of Openwall for reporting this issue.
[Steve Henson]
Changes between 1.0.0h and 1.0.0i [19 Apr 2012]
*) Check for potentially exploitable overflows in asn1_d2i_read_bio
BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
in CRYPTO_realloc_clean.
Thanks to Tavis Ormandy, Google Security Team, for discovering this
issue and to Adam Langley <agl@chromium.org> for fixing it.
(CVE-2012-2110)
[Adam Langley (Google), Tavis Ormandy, Google Security Team]
Changes between 1.0.0g and 1.0.0h [12 Mar 2012]
*) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness
@@ -1394,6 +1473,86 @@
*) Change 'Configure' script to enable Camellia by default.
[NTT]
Changes between 0.9.8x and 0.9.8y [5 Feb 2013]
*) Make the decoding of SSLv3, TLS and DTLS CBC records constant time.
This addresses the flaw in CBC record processing discovered by
Nadhem Alfardan and Kenny Paterson. Details of this attack can be found
at: http://www.isg.rhul.ac.uk/tls/
Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
Security Group at Royal Holloway, University of London
(www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and
Emilia K<>sper for the initial patch.
(CVE-2013-0169)
[Emilia K<>sper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson]
*) Return an error when checking OCSP signatures when key is NULL.
This fixes a DoS attack. (CVE-2013-0166)
[Steve Henson]
*) Call OCSP Stapling callback after ciphersuite has been chosen, so
the right response is stapled. Also change SSL_get_certificate()
so it returns the certificate actually sent.
See http://rt.openssl.org/Ticket/Display.html?id=2836.
(This is a backport)
[Rob Stradling <rob.stradling@comodo.com>]
*) Fix possible deadlock when decoding public keys.
[Steve Henson]
Changes between 0.9.8w and 0.9.8x [10 May 2012]
*) Sanity check record length before skipping explicit IV in DTLS
to fix DoS attack.
Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
fuzzing as a service testing platform.
(CVE-2012-2333)
[Steve Henson]
*) Initialise tkeylen properly when encrypting CMS messages.
Thanks to Solar Designer of Openwall for reporting this issue.
[Steve Henson]
Changes between 0.9.8v and 0.9.8w [23 Apr 2012]
*) The fix for CVE-2012-2110 did not take into account that the
'len' argument to BUF_MEM_grow and BUF_MEM_grow_clean is an
int in OpenSSL 0.9.8, making it still vulnerable. Fix by
rejecting negative len parameter. (CVE-2012-2131)
[Tomas Hoger <thoger@redhat.com>]
Changes between 0.9.8u and 0.9.8v [19 Apr 2012]
*) Check for potentially exploitable overflows in asn1_d2i_read_bio
BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
in CRYPTO_realloc_clean.
Thanks to Tavis Ormandy, Google Security Team, for discovering this
issue and to Adam Langley <agl@chromium.org> for fixing it.
(CVE-2012-2110)
[Adam Langley (Google), Tavis Ormandy, Google Security Team]
Changes between 0.9.8t and 0.9.8u [12 Mar 2012]
*) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness
in CMS and PKCS7 code. When RSA decryption fails use a random key for
content decryption and always return the same error. Note: this attack
needs on average 2^20 messages so it only affects automated senders. The
old behaviour can be reenabled in the CMS code by setting the
CMS_DEBUG_DECRYPT flag: this is useful for debugging and testing where
an MMA defence is not necessary.
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
this issue. (CVE-2012-0884)
[Steve Henson]
*) Fix CVE-2011-4619: make sure we really are receiving a
client hello before rejecting multiple SGC restarts. Thanks to
Ivan Nestlerode <inestlerode@us.ibm.com> for discovering this bug.
[Steve Henson]
Changes between 0.9.8s and 0.9.8t [18 Jan 2012]
*) Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.
@@ -1401,7 +1560,7 @@
Development, Cisco Systems, Inc. for discovering this bug and
preparing a fix. (CVE-2012-0050)
[Antonio Martin]
Changes between 0.9.8r and 0.9.8s [4 Jan 2012]
*) Nadhem Alfardan and Kenny Paterson have discovered an extension

View File

@@ -178,7 +178,7 @@ my %table=(
"debug-ben-no-opt", "gcc: -Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG -Werror -DL_ENDIAN -DTERMIOS -Wall -g3::(unknown)::::::",
"debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::",
"debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
"debug-bodo", "gcc:$gcc_devteam_warn -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
"debug-bodo", "gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
"debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations:::CYGWIN32:::${no_asm}:win32:cygwin-shared:::.dll",
"debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-steve32", "gcc:$gcc_devteam_warn -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -g -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

View File

@@ -302,7 +302,8 @@ libcrypto$(SHLIB_EXT): libcrypto.a fips_premain_dso$(EXE_EXT)
FIPSLD_CC="$(CC)"; CC=$(FIPSDIR)/bin/fipsld; \
export CC FIPSLD_CC FIPSLD_LIBCRYPTO; \
fi; \
$(MAKE) -e SHLIBDIRS=crypto build-shared; \
$(MAKE) -e SHLIBDIRS=crypto CC=$${CC:-$(CC)} build-shared; \
touch -c fips_premain_dso$(EXE_EXT); \
else \
echo "There's no support for shared libraries on this platform" >&2; \
exit 1; \

184
NEWS
View File

@@ -5,11 +5,17 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
Major changes between OpenSSL 1.0.1d and OpenSSL 1.0.1e:
Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f [6 Jan 2014]
o Fix for TLS record tampering bug CVE-2013-4353
o Fix for TLS version checking bug CVE-2013-6449
o Fix for DTLS retransmission bug CVE-2013-6450
Major changes between OpenSSL 1.0.1d and OpenSSL 1.0.1e [11 Feb 2013]:
o Corrected fix for CVE-2013-0169
Major changes between OpenSSL 1.0.1c and OpenSSL 1.0.1d:
Major changes between OpenSSL 1.0.1c and OpenSSL 1.0.1d [4 Feb 2013]:
o Fix renegotiation in TLS 1.1, 1.2 by using the correct TLS version.
o Include the fips configuration module.
@@ -17,24 +23,24 @@
o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
o Fix for TLS AESNI record handling flaw CVE-2012-2686
Major changes between OpenSSL 1.0.1b and OpenSSL 1.0.1c:
Major changes between OpenSSL 1.0.1b and OpenSSL 1.0.1c [10 May 2012]:
o Fix TLS/DTLS record length checking bug CVE-2012-2333
o Don't attempt to use non-FIPS composite ciphers in FIPS mode.
Major changes between OpenSSL 1.0.1a and OpenSSL 1.0.1b:
Major changes between OpenSSL 1.0.1a and OpenSSL 1.0.1b [26 Apr 2012]:
o Fix compilation error on non-x86 platforms.
o Make FIPS capable OpenSSL ciphers work in non-FIPS mode.
o Fix SSL_OP_NO_TLSv1_1 clash with SSL_OP_ALL in OpenSSL 1.0.0
Major changes between OpenSSL 1.0.1 and OpenSSL 1.0.1a:
Major changes between OpenSSL 1.0.1 and OpenSSL 1.0.1a [19 Apr 2012]:
o Fix for ASN1 overflow bug CVE-2012-2110
o Workarounds for some servers that hang on long client hellos.
o Fix SEGV in AES code.
Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1:
Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1 [14 Mar 2012]:
o TLS/DTLS heartbeat support.
o SCTP support.
@@ -47,17 +53,30 @@
o Preliminary FIPS capability for unvalidated 2.0 FIPS module.
o SRP support.
Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h:
Major changes between OpenSSL 1.0.0j and OpenSSL 1.0.0k [5 Feb 2013]:
o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
o Fix OCSP bad key DoS attack CVE-2013-0166
Major changes between OpenSSL 1.0.0i and OpenSSL 1.0.0j [10 May 2012]:
o Fix DTLS record length checking bug CVE-2012-2333
Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.0i [19 Apr 2012]:
o Fix for ASN1 overflow bug CVE-2012-2110
Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h [12 Mar 2012]:
o Fix for CMS/PKCS#7 MMA CVE-2012-0884
o Corrected fix for CVE-2011-4619
o Various DTLS fixes.
Major changes between OpenSSL 1.0.0f and OpenSSL 1.0.0g:
Major changes between OpenSSL 1.0.0f and OpenSSL 1.0.0g [18 Jan 2012]:
o Fix for DTLS DoS issue CVE-2012-0050
Major changes between OpenSSL 1.0.0e and OpenSSL 1.0.0f:
Major changes between OpenSSL 1.0.0e and OpenSSL 1.0.0f [4 Jan 2012]:
o Fix for DTLS plaintext recovery attack CVE-2011-4108
o Clear block padding bytes of SSL 3.0 records CVE-2011-4576
@@ -65,7 +84,7 @@
o Check parameters are not NULL in GOST ENGINE CVE-2012-0027
o Check for malformed RFC3779 data CVE-2011-4577
Major changes between OpenSSL 1.0.0d and OpenSSL 1.0.0e:
Major changes between OpenSSL 1.0.0d and OpenSSL 1.0.0e [6 Sep 2011]:
o Fix for CRL vulnerability issue CVE-2011-3207
o Fix for ECDH crashes CVE-2011-3210
@@ -73,11 +92,11 @@
o Support ECDH ciphersuites for certificates using SHA2 algorithms.
o Various DTLS fixes.
Major changes between OpenSSL 1.0.0c and OpenSSL 1.0.0d:
Major changes between OpenSSL 1.0.0c and OpenSSL 1.0.0d [8 Feb 2011]:
o Fix for security issue CVE-2011-0014
Major changes between OpenSSL 1.0.0b and OpenSSL 1.0.0c:
Major changes between OpenSSL 1.0.0b and OpenSSL 1.0.0c [2 Dec 2010]:
o Fix for security issue CVE-2010-4180
o Fix for CVE-2010-4252
@@ -85,18 +104,18 @@
o Fix various platform compilation issues.
o Corrected fix for security issue CVE-2010-3864.
Major changes between OpenSSL 1.0.0a and OpenSSL 1.0.0b:
Major changes between OpenSSL 1.0.0a and OpenSSL 1.0.0b [16 Nov 2010]:
o Fix for security issue CVE-2010-3864.
o Fix for CVE-2010-2939
o Fix WIN32 build system for GOST ENGINE.
Major changes between OpenSSL 1.0.0 and OpenSSL 1.0.0a:
Major changes between OpenSSL 1.0.0 and OpenSSL 1.0.0a [1 Jun 2010]:
o Fix for security issue CVE-2010-1633.
o GOST MAC and CFB fixes.
Major changes between OpenSSL 0.9.8n and OpenSSL 1.0.0:
Major changes between OpenSSL 0.9.8n and OpenSSL 1.0.0 [29 Mar 2010]:
o RFC3280 path validation: sufficient to process PKITS tests.
o Integrated support for PVK files and keyblobs.
@@ -119,20 +138,55 @@
o Opaque PRF Input TLS extension support.
o Updated time routines to avoid OS limitations.
Major changes between OpenSSL 0.9.8q and OpenSSL 0.9.8r:
Major changes between OpenSSL 0.9.8x and OpenSSL 0.9.8y [5 Feb 2013]:
o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
o Fix OCSP bad key DoS attack CVE-2013-0166
Major changes between OpenSSL 0.9.8w and OpenSSL 0.9.8x [10 May 2012]:
o Fix DTLS record length checking bug CVE-2012-2333
Major changes between OpenSSL 0.9.8v and OpenSSL 0.9.8w [23 Apr 2012]:
o Fix for CVE-2012-2131 (corrected fix for 0.9.8 and CVE-2012-2110)
Major changes between OpenSSL 0.9.8u and OpenSSL 0.9.8v [19 Apr 2012]:
o Fix for ASN1 overflow bug CVE-2012-2110
Major changes between OpenSSL 0.9.8t and OpenSSL 0.9.8u [12 Mar 2012]:
o Fix for CMS/PKCS#7 MMA CVE-2012-0884
o Corrected fix for CVE-2011-4619
o Various DTLS fixes.
Major changes between OpenSSL 0.9.8s and OpenSSL 0.9.8t [18 Jan 2012]:
o Fix for DTLS DoS issue CVE-2012-0050
Major changes between OpenSSL 0.9.8r and OpenSSL 0.9.8s [4 Jan 2012]:
o Fix for DTLS plaintext recovery attack CVE-2011-4108
o Fix policy check double free error CVE-2011-4109
o Clear block padding bytes of SSL 3.0 records CVE-2011-4576
o Only allow one SGC handshake restart for SSL/TLS CVE-2011-4619
o Check for malformed RFC3779 data CVE-2011-4577
Major changes between OpenSSL 0.9.8q and OpenSSL 0.9.8r [8 Feb 2011]:
o Fix for security issue CVE-2011-0014
Major changes between OpenSSL 0.9.8p and OpenSSL 0.9.8q:
Major changes between OpenSSL 0.9.8p and OpenSSL 0.9.8q [2 Dec 2010]:
o Fix for security issue CVE-2010-4180
o Fix for CVE-2010-4252
Major changes between OpenSSL 0.9.8o and OpenSSL 0.9.8p:
Major changes between OpenSSL 0.9.8o and OpenSSL 0.9.8p [16 Nov 2010]:
o Fix for security issue CVE-2010-3864.
Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o:
Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o [1 Jun 2010]:
o Fix for security issue CVE-2010-0742.
o Various DTLS fixes.
@@ -140,12 +194,12 @@
o Fix for no-rc4 compilation.
o Chil ENGINE unload workaround.
Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n:
Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n [24 Mar 2010]:
o CFB cipher definition fixes.
o Fix security issues CVE-2010-0740 and CVE-2010-0433.
Major changes between OpenSSL 0.9.8l and OpenSSL 0.9.8m:
Major changes between OpenSSL 0.9.8l and OpenSSL 0.9.8m [25 Feb 2010]:
o Cipher definition fixes.
o Workaround for slow RAND_poll() on some WIN32 versions.
@@ -157,33 +211,33 @@
o Ticket and SNI coexistence fixes.
o Many fixes to DTLS handling.
Major changes between OpenSSL 0.9.8k and OpenSSL 0.9.8l:
Major changes between OpenSSL 0.9.8k and OpenSSL 0.9.8l [5 Nov 2009]:
o Temporary work around for CVE-2009-3555: disable renegotiation.
Major changes between OpenSSL 0.9.8j and OpenSSL 0.9.8k:
Major changes between OpenSSL 0.9.8j and OpenSSL 0.9.8k [25 Mar 2009]:
o Fix various build issues.
o Fix security issues (CVE-2009-0590, CVE-2009-0591, CVE-2009-0789)
Major changes between OpenSSL 0.9.8i and OpenSSL 0.9.8j:
Major changes between OpenSSL 0.9.8i and OpenSSL 0.9.8j [7 Jan 2009]:
o Fix security issue (CVE-2008-5077)
o Merge FIPS 140-2 branch code.
Major changes between OpenSSL 0.9.8g and OpenSSL 0.9.8h:
Major changes between OpenSSL 0.9.8g and OpenSSL 0.9.8h [28 May 2008]:
o CryptoAPI ENGINE support.
o Various precautionary measures.
o Fix for bugs affecting certificate request creation.
o Support for local machine keyset attribute in PKCS#12 files.
Major changes between OpenSSL 0.9.8f and OpenSSL 0.9.8g:
Major changes between OpenSSL 0.9.8f and OpenSSL 0.9.8g [19 Oct 2007]:
o Backport of CMS functionality to 0.9.8.
o Fixes for bugs introduced with 0.9.8f.
Major changes between OpenSSL 0.9.8e and OpenSSL 0.9.8f:
Major changes between OpenSSL 0.9.8e and OpenSSL 0.9.8f [11 Oct 2007]:
o Add gcc 4.2 support.
o Add support for AES and SSE2 assembly lanugauge optimization
@@ -194,23 +248,23 @@
o RFC4507bis support.
o TLS Extensions support.
Major changes between OpenSSL 0.9.8d and OpenSSL 0.9.8e:
Major changes between OpenSSL 0.9.8d and OpenSSL 0.9.8e [23 Feb 2007]:
o Various ciphersuite selection fixes.
o RFC3779 support.
Major changes between OpenSSL 0.9.8c and OpenSSL 0.9.8d:
Major changes between OpenSSL 0.9.8c and OpenSSL 0.9.8d [28 Sep 2006]:
o Introduce limits to prevent malicious key DoS (CVE-2006-2940)
o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343)
o Changes to ciphersuite selection algorithm
Major changes between OpenSSL 0.9.8b and OpenSSL 0.9.8c:
Major changes between OpenSSL 0.9.8b and OpenSSL 0.9.8c [5 Sep 2006]:
o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339
o New cipher Camellia
Major changes between OpenSSL 0.9.8a and OpenSSL 0.9.8b:
Major changes between OpenSSL 0.9.8a and OpenSSL 0.9.8b [4 May 2006]:
o Cipher string fixes.
o Fixes for VC++ 2005.
@@ -220,12 +274,12 @@
o Built in dynamic engine compilation support on Win32.
o Fixes auto dynamic engine loading in Win32.
Major changes between OpenSSL 0.9.8 and OpenSSL 0.9.8a:
Major changes between OpenSSL 0.9.8 and OpenSSL 0.9.8a [11 Oct 2005]:
o Fix potential SSL 2.0 rollback, CVE-2005-2969
o Extended Windows CE support
Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.8:
Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.8 [5 Jul 2005]:
o Major work on the BIGNUM library for higher efficiency and to
make operations more streamlined and less contradictory. This
@@ -299,36 +353,36 @@
o Added initial support for Win64.
o Added alternate pkg-config files.
Major changes between OpenSSL 0.9.7l and OpenSSL 0.9.7m:
Major changes between OpenSSL 0.9.7l and OpenSSL 0.9.7m [23 Feb 2007]:
o FIPS 1.1.1 module linking.
o Various ciphersuite selection fixes.
Major changes between OpenSSL 0.9.7k and OpenSSL 0.9.7l:
Major changes between OpenSSL 0.9.7k and OpenSSL 0.9.7l [28 Sep 2006]:
o Introduce limits to prevent malicious key DoS (CVE-2006-2940)
o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343)
Major changes between OpenSSL 0.9.7j and OpenSSL 0.9.7k:
Major changes between OpenSSL 0.9.7j and OpenSSL 0.9.7k [5 Sep 2006]:
o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339
Major changes between OpenSSL 0.9.7i and OpenSSL 0.9.7j:
Major changes between OpenSSL 0.9.7i and OpenSSL 0.9.7j [4 May 2006]:
o Visual C++ 2005 fixes.
o Update Windows build system for FIPS.
Major changes between OpenSSL 0.9.7h and OpenSSL 0.9.7i:
Major changes between OpenSSL 0.9.7h and OpenSSL 0.9.7i [14 Oct 2005]:
o Give EVP_MAX_MD_SIZE it's old value, except for a FIPS build.
Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h:
Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h [11 Oct 2005]:
o Fix SSL 2.0 Rollback, CVE-2005-2969
o Allow use of fixed-length exponent on DSA signing
o Default fixed-window RSA, DSA, DH private-key operations
Major changes between OpenSSL 0.9.7f and OpenSSL 0.9.7g:
Major changes between OpenSSL 0.9.7f and OpenSSL 0.9.7g [11 Apr 2005]:
o More compilation issues fixed.
o Adaptation to more modern Kerberos API.
@@ -337,7 +391,7 @@
o More constification.
o Added processing of proxy certificates (RFC 3820).
Major changes between OpenSSL 0.9.7e and OpenSSL 0.9.7f:
Major changes between OpenSSL 0.9.7e and OpenSSL 0.9.7f [22 Mar 2005]:
o Several compilation issues fixed.
o Many memory allocation failure checks added.
@@ -345,12 +399,12 @@
o Mandatory basic checks on certificates.
o Performance improvements.
Major changes between OpenSSL 0.9.7d and OpenSSL 0.9.7e:
Major changes between OpenSSL 0.9.7d and OpenSSL 0.9.7e [25 Oct 2004]:
o Fix race condition in CRL checking code.
o Fixes to PKCS#7 (S/MIME) code.
Major changes between OpenSSL 0.9.7c and OpenSSL 0.9.7d:
Major changes between OpenSSL 0.9.7c and OpenSSL 0.9.7d [17 Mar 2004]:
o Security: Fix Kerberos ciphersuite SSL/TLS handshaking bug
o Security: Fix null-pointer assignment in do_change_cipher_spec()
@@ -358,14 +412,14 @@
o Multiple X509 verification fixes
o Speed up HMAC and other operations
Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c:
Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c [30 Sep 2003]:
o Security: fix various ASN1 parsing bugs.
o New -ignore_err option to OCSP utility.
o Various interop and bug fixes in S/MIME code.
o SSL/TLS protocol fix for unrequested client certificates.
Major changes between OpenSSL 0.9.7a and OpenSSL 0.9.7b:
Major changes between OpenSSL 0.9.7a and OpenSSL 0.9.7b [10 Apr 2003]:
o Security: counter the Klima-Pokorny-Rosa extension of
Bleichbacher's attack
@@ -376,7 +430,7 @@
o ASN.1: treat domainComponent correctly.
o Documentation: fixes and additions.
Major changes between OpenSSL 0.9.7 and OpenSSL 0.9.7a:
Major changes between OpenSSL 0.9.7 and OpenSSL 0.9.7a [19 Feb 2003]:
o Security: Important security related bugfixes.
o Enhanced compatibility with MIT Kerberos.
@@ -387,7 +441,7 @@
o SSL/TLS: now handles manual certificate chain building.
o SSL/TLS: certain session ID malfunctions corrected.
Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7:
Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7 [30 Dec 2002]:
o New library section OCSP.
o Complete rewrite of ASN1 code.
@@ -433,23 +487,23 @@
o SSL/TLS: add callback to retrieve SSL/TLS messages.
o SSL/TLS: support AES cipher suites (RFC3268).
Major changes between OpenSSL 0.9.6j and OpenSSL 0.9.6k:
Major changes between OpenSSL 0.9.6j and OpenSSL 0.9.6k [30 Sep 2003]:
o Security: fix various ASN1 parsing bugs.
o SSL/TLS protocol fix for unrequested client certificates.
Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j:
Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j [10 Apr 2003]:
o Security: counter the Klima-Pokorny-Rosa extension of
Bleichbacher's attack
o Security: make RSA blinding default.
o Build: shared library support fixes.
Major changes between OpenSSL 0.9.6h and OpenSSL 0.9.6i:
Major changes between OpenSSL 0.9.6h and OpenSSL 0.9.6i [19 Feb 2003]:
o Important security related bugfixes.
Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h:
Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h [5 Dec 2002]:
o New configuration targets for Tandem OSS and A/UX.
o New OIDs for Microsoft attributes.
@@ -463,25 +517,25 @@
o Fixes for smaller building problems.
o Updates of manuals, FAQ and other instructive documents.
Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g:
Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g [9 Aug 2002]:
o Important building fixes on Unix.
Major changes between OpenSSL 0.9.6e and OpenSSL 0.9.6f:
Major changes between OpenSSL 0.9.6e and OpenSSL 0.9.6f [8 Aug 2002]:
o Various important bugfixes.
Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e:
Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e [30 Jul 2002]:
o Important security related bugfixes.
o Various SSL/TLS library bugfixes.
Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d:
Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d [9 May 2002]:
o Various SSL/TLS library bugfixes.
o Fix DH parameter generation for 'non-standard' generators.
Major changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c:
Major changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c [21 Dec 2001]:
o Various SSL/TLS library bugfixes.
o BIGNUM library fixes.
@@ -494,7 +548,7 @@
Broadcom and Cryptographic Appliance's keyserver
[in 0.9.6c-engine release].
Major changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b:
Major changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b [9 Jul 2001]:
o Security fix: PRNG improvements.
o Security fix: RSA OAEP check.
@@ -511,7 +565,7 @@
o Increase default size for BIO buffering filter.
o Compatibility fixes in some scripts.
Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a:
Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a [5 Apr 2001]:
o Security fix: change behavior of OpenSSL to avoid using
environment variables when running as root.
@@ -536,7 +590,7 @@
o New function BN_rand_range().
o Add "-rand" option to openssl s_client and s_server.
Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6:
Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6 [10 Oct 2000]:
o Some documentation for BIO and SSL libraries.
o Enhanced chain verification using key identifiers.
@@ -551,7 +605,7 @@
[1] The support for external crypto devices is currently a separate
distribution. See the file README.ENGINE.
Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a:
Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a [1 Apr 2000]:
o Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8
o Shared library support for HPUX and Solaris-gcc
@@ -560,7 +614,7 @@
o New 'rand' application
o New way to check for existence of algorithms from scripts
Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5:
Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5 [25 May 2000]:
o S/MIME support in new 'smime' command
o Documentation for the OpenSSL command line application
@@ -596,7 +650,7 @@
o Enhanced support for Alpha Linux
o Experimental MacOS support
Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4:
Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4 [9 Aug 1999]:
o Transparent support for PKCS#8 format private keys: these are used
by several software packages and are more secure than the standard
@@ -607,7 +661,7 @@
o New pipe-like BIO that allows using the SSL library when actual I/O
must be handled by the application (BIO pair)
Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3:
Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3 [24 May 1999]:
o Lots of enhancements and cleanups to the Configuration mechanism
o RSA OEAP related fixes
o Added `openssl ca -revoke' option for revoking a certificate
@@ -621,7 +675,7 @@
o Sparc assembler bignum implementation, optimized hash functions
o Option to disable selected ciphers
Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b:
Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b [22 Mar 1999]:
o Fixed a security hole related to session resumption
o Fixed RSA encryption routines for the p < q case
o "ALL" in cipher lists now means "everything except NULL ciphers"
@@ -643,7 +697,7 @@
o Lots of memory leak fixes.
o Lots of bug fixes.
Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c:
Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c [23 Dec 1998]:
o Integration of the popular NO_RSA/NO_DSA patches
o Initial support for compression inside the SSL record layer
o Added BIO proxy and filtering functionality

2
README
View File

@@ -1,5 +1,5 @@
OpenSSL 1.0.1e 11 Feb 2013
OpenSSL 1.0.1f 6 Jan 2014
Copyright (c) 1998-2011 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson

160
STATUS
View File

@@ -1,160 +0,0 @@
OpenSSL STATUS Last modified at
______________ $Date: 2012/05/10 15:16:36 $
DEVELOPMENT STATE
o OpenSSL 1.1.0: Under development...
o OpenSSL 1.0.1e: Released on February 11th, 2013
o OpenSSL 1.0.1d: Released on February 5th, 2013
o OpenSSL 1.0.1c: Released on May 10th, 2012
o OpenSSL 1.0.1b: Released on April 26th, 2012
o OpenSSL 1.0.1a: Released on April 19th, 2012
o OpenSSL 1.0.1: Released on March 14th, 2012
o OpenSSL 1.0.0h: Released on March 12th, 2012
o OpenSSL 1.0.0g: Released on January 18th, 2012
o OpenSSL 1.0.0f: Released on January 4th, 2012
o OpenSSL 1.0.0e: Released on September 6th, 2011
o OpenSSL 1.0.0d: Released on February 8nd, 2011
o OpenSSL 1.0.0c: Released on December 2nd, 2010
o OpenSSL 1.0.0b: Released on November 16th, 2010
o OpenSSL 1.0.0a: Released on June 1st, 2010
o OpenSSL 1.0.0: Released on March 29th, 2010
o OpenSSL 0.9.8u: Released on March 12th, 2012
o OpenSSL 0.9.8t: Released on January 18th, 2012
o OpenSSL 0.9.8s: Released on January 4th, 2012
o OpenSSL 0.9.8r: Released on February 8nd, 2011
o OpenSSL 0.9.8q: Released on December 2nd, 2010
o OpenSSL 0.9.8p: Released on November 16th, 2010
o OpenSSL 0.9.8o: Released on June 1st, 2010
o OpenSSL 0.9.8n: Released on March 24th, 2010
o OpenSSL 0.9.8m: Released on February 25th, 2010
o OpenSSL 0.9.8l: Released on November 5th, 2009
o OpenSSL 0.9.8k: Released on March 25th, 2009
o OpenSSL 0.9.8j: Released on January 7th, 2009
o OpenSSL 0.9.8i: Released on September 15th, 2008
o OpenSSL 0.9.8h: Released on May 28th, 2008
o OpenSSL 0.9.8g: Released on October 19th, 2007
o OpenSSL 0.9.8f: Released on October 11th, 2007
o OpenSSL 0.9.8e: Released on February 23rd, 2007
o OpenSSL 0.9.8d: Released on September 28th, 2006
o OpenSSL 0.9.8c: Released on September 5th, 2006
o OpenSSL 0.9.8b: Released on May 4th, 2006
o OpenSSL 0.9.8a: Released on October 11th, 2005
o OpenSSL 0.9.8: Released on July 5th, 2005
o OpenSSL 0.9.7m: Released on February 23rd, 2007
o OpenSSL 0.9.7l: Released on September 28th, 2006
o OpenSSL 0.9.7k: Released on September 5th, 2006
o OpenSSL 0.9.7j: Released on May 4th, 2006
o OpenSSL 0.9.7i: Released on October 14th, 2005
o OpenSSL 0.9.7h: Released on October 11th, 2005
o OpenSSL 0.9.7g: Released on April 11th, 2005
o OpenSSL 0.9.7f: Released on March 22nd, 2005
o OpenSSL 0.9.7e: Released on October 25th, 2004
o OpenSSL 0.9.7d: Released on March 17th, 2004
o OpenSSL 0.9.7c: Released on September 30th, 2003
o OpenSSL 0.9.7b: Released on April 10th, 2003
o OpenSSL 0.9.7a: Released on February 19th, 2003
o OpenSSL 0.9.7: Released on December 31st, 2002
o OpenSSL 0.9.6m: Released on March 17th, 2004
o OpenSSL 0.9.6l: Released on November 4th, 2003
o OpenSSL 0.9.6k: Released on September 30th, 2003
o OpenSSL 0.9.6j: Released on April 10th, 2003
o OpenSSL 0.9.6i: Released on February 19th, 2003
o OpenSSL 0.9.6h: Released on December 5th, 2002
o OpenSSL 0.9.6g: Released on August 9th, 2002
o OpenSSL 0.9.6f: Released on August 8th, 2002
o OpenSSL 0.9.6e: Released on July 30th, 2002
o OpenSSL 0.9.6d: Released on May 9th, 2002
o OpenSSL 0.9.6c: Released on December 21st, 2001
o OpenSSL 0.9.6b: Released on July 9th, 2001
o OpenSSL 0.9.6a: Released on April 5th, 2001
o OpenSSL 0.9.6: Released on September 24th, 2000
o OpenSSL 0.9.5a: Released on April 1st, 2000
o OpenSSL 0.9.5: Released on February 28th, 2000
o OpenSSL 0.9.4: Released on August 09th, 1999
o OpenSSL 0.9.3a: Released on May 29th, 1999
o OpenSSL 0.9.3: Released on May 25th, 1999
o OpenSSL 0.9.2b: Released on March 22th, 1999
o OpenSSL 0.9.1c: Released on December 23th, 1998
[See also http://www.openssl.org/support/rt.html]
RELEASE SHOWSTOPPERS
o The Makefiles fail with some SysV makes.
o
AVAILABLE PATCHES
o
IN PROGRESS
o Steve is currently working on (in no particular order):
ASN1 code redesign, butchery, replacement.
OCSP
EVP cipher enhancement.
Enhanced certificate chain verification.
Private key, certificate and CRL API and implementation.
Developing and bugfixing PKCS#7 (S/MIME code).
Various X509 issues: character sets, certificate request extensions.
o Richard is currently working on:
Constification
Attribute Certificate support
Certificate Pair support
Storage Engines (primarly an LDAP storage engine)
Certificate chain validation with full RFC 3280 compatibility
NEEDS PATCH
o 0.9.8-dev: COMPLEMENTOFALL and COMPLEMENTOFDEFAULT do not
handle ECCdraft cipher suites correctly.
o apps/ca.c: "Sign the certificate?" - "n" creates empty certificate file
o "OpenSSL STATUS" is never up-to-date.
OPEN ISSUES
o The Makefile hierarchy and build mechanism is still not a round thing:
1. The config vs. Configure scripts
It's the same nasty situation as for Apache with APACI vs.
src/Configure. It confuses.
Suggestion: Merge Configure and config into a single configure
script with a Autoconf style interface ;-) and remove
Configure and config. Or even let us use GNU Autoconf
itself. Then we can avoid a lot of those platform checks
which are currently in Configure.
o Support for Shared Libraries has to be added at least
for the major Unix platforms. The details we can rip from the stuff
Ralf has done for the Apache src/Configure script. Ben wants the
solution to be really simple.
Status: Ralf will look how we can easily incorporate the
compiler PIC and linker DSO flags from Apache
into the OpenSSL Configure script.
Ulf: +1 for using GNU autoconf and libtool (but not automake,
which apparently is not flexible enough to generate
libcrypto)
WISHES
o Add variants of DH_generate_parameters() and BN_generate_prime() [etc?]
where the callback function can request that the function be aborted.
[Gregory Stark <ghstark@pobox.com>, <rayyang2000@yahoo.com>]
o SRP in TLS.
[wished by:
Dj <derek@yo.net>, Tom Wu <tom@arcot.com>,
Tom Holroyd <tomh@po.crl.go.jp>]
See http://search.ietf.org/internet-drafts/draft-ietf-tls-srp-00.txt
as well as http://www-cs-students.stanford.edu/~tjw/srp/.
Tom Holroyd tells us there is a SRP patch for OpenSSH at
http://members.tripod.com/professor_tom/archives/, that could
be useful.

70
TABLE
View File

@@ -1716,6 +1716,39 @@ $ranlib =
$arflags =
$multilib =
*** debug-ben-darwin64
$cc = cc
$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -Wno-language-extension-token -Wno-extended-offsetof -arch x86_64 -O3 -DL_ENDIAN -Wall
$unistd =
$thread_cflag = -D_REENTRANT
$sys_id = MACOSX
$lflags = -Wl,-search_paths_first%
$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL
$cpuid_obj = x86_64cpuid.o
$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o modexp512-x86_64.o
$des_obj =
$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o
$bf_obj =
$md5_obj = md5-x86_64.o
$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o
$cast_obj =
$rc4_obj =
$rmd160_obj =
$rc5_obj =
$wp_obj = wp-x86_64.o
$cmll_obj = cmll-x86_64.o cmll_misc.o
$modes_obj = ghash-x86_64.o
$engines_obj =
$perlasm_scheme = macosx
$dso_scheme = dlfcn
$shared_target= darwin-shared
$shared_cflag = -fPIC -fno-common
$shared_ldflag = -arch x86_64 -dynamiclib
$shared_extension = .$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib
$ranlib =
$arflags =
$multilib =
*** debug-ben-debug
$cc = gcc44
$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O2 -pipe
@@ -1749,6 +1782,39 @@ $ranlib =
$arflags =
$multilib =
*** debug-ben-debug-64
$cc = gcc
$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -Wno-error=overlength-strings -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe
$unistd =
$thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT
$sys_id =
$lflags =
$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL
$cpuid_obj = x86_64cpuid.o
$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o modexp512-x86_64.o
$des_obj =
$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o
$bf_obj =
$md5_obj = md5-x86_64.o
$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o
$cast_obj =
$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o
$rmd160_obj =
$rc5_obj =
$wp_obj = wp-x86_64.o
$cmll_obj = cmll-x86_64.o cmll_misc.o
$modes_obj = ghash-x86_64.o
$engines_obj =
$perlasm_scheme = elf
$dso_scheme = dlfcn
$shared_target= bsd-gcc-shared
$shared_cflag = -fPIC
$shared_ldflag =
$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
$ranlib =
$arflags =
$multilib =
*** debug-ben-macos
$cc = cc
$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -arch i386 -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -DL_ENDIAN -g3 -pipe
@@ -1949,7 +2015,7 @@ $multilib =
*** debug-bodo
$cc = gcc
$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int
$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -Wno-error=overlength-strings -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int
$unistd =
$thread_cflag = -D_REENTRANT
$sys_id =
@@ -2741,7 +2807,7 @@ $multilib =
*** debug-steve64
$cc = gcc
$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g
$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g
$unistd =
$thread_cflag = -D_REENTRANT
$sys_id =

View File

@@ -577,14 +577,15 @@ openssl.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
openssl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
openssl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
openssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
openssl.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
openssl.o: ../include/openssl/sha.h ../include/openssl/srtp.h
openssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
openssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
openssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
openssl.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
openssl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
openssl.o: ../include/openssl/x509v3.h apps.h openssl.c progs.h s_apps.h
openssl.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
openssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
openssl.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
openssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
openssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
openssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
openssl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
openssl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
openssl.o: openssl.c progs.h s_apps.h
passwd.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
passwd.o: ../include/openssl/buffer.h ../include/openssl/conf.h
passwd.o: ../include/openssl/crypto.h ../include/openssl/des.h

View File

@@ -188,6 +188,7 @@ extern BIO *bio_err;
do { CONF_modules_unload(1); destroy_ui_method(); \
OBJ_cleanup(); EVP_cleanup(); ENGINE_cleanup(); \
CRYPTO_cleanup_all_ex_data(); ERR_remove_thread_state(NULL); \
RAND_cleanup(); \
ERR_free_strings(); zlib_cleanup();} while(0)
# else
# define apps_startup() \
@@ -198,6 +199,7 @@ extern BIO *bio_err;
do { CONF_modules_unload(1); destroy_ui_method(); \
OBJ_cleanup(); EVP_cleanup(); \
CRYPTO_cleanup_all_ex_data(); ERR_remove_thread_state(NULL); \
RAND_cleanup(); \
ERR_free_strings(); zlib_cleanup(); } while(0)
# endif
#endif

View File

@@ -117,6 +117,7 @@
#include "apps.h"
#include <openssl/bio.h>
#include <openssl/crypto.h>
#include <openssl/rand.h>
#include <openssl/lhash.h>
#include <openssl/conf.h>
#include <openssl/x509.h>

View File

@@ -112,7 +112,7 @@ int MAIN(int argc, char **argv)
int maciter = PKCS12_DEFAULT_ITER;
int twopass = 0;
int keytype = 0;
int cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
int cert_pbe;
int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
int ret = 1;
int macver = 1;
@@ -130,6 +130,13 @@ int MAIN(int argc, char **argv)
apps_startup();
#ifdef OPENSSL_FIPS
if (FIPS_mode())
cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
else
#endif
cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
enc = EVP_des_ede3_cbc();
if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);

2
config
View File

@@ -739,7 +739,7 @@ case "$GUESSOS" in
libc=/usr/lib/libc.so
else # OpenBSD
# ld searches for highest libc.so.* and so do we
libc=`(ls /usr/lib/libc.so.* | tail -1) 2>/dev/null`
libc=`(ls /usr/lib/libc.so.* /lib/libc.so.* | tail -1) 2>/dev/null`
fi
case "`(file -L $libc) 2>/dev/null`" in
*ELF*) OUT="BSD-x86-elf" ;;

View File

@@ -77,7 +77,9 @@ ia64cpuid.s: ia64cpuid.S; $(CC) $(CFLAGS) -E ia64cpuid.S > $@
ppccpuid.s: ppccpuid.pl; $(PERL) ppccpuid.pl $(PERLASM_SCHEME) $@
pariscid.s: pariscid.pl; $(PERL) pariscid.pl $(PERLASM_SCHEME) $@
alphacpuid.s: alphacpuid.pl
$(PERL) $< | $(CC) -E - | tee $@ > /dev/null
(preproc=/tmp/$$$$.$@; trap "rm $$preproc" INT; \
$(PERL) alphacpuid.pl > $$preproc && \
$(CC) -E $$preproc > $@ && rm $$preproc)
testapps:
[ -z "$(THIS)" ] || ( if echo $(SDIRS) | fgrep ' des '; \

View File

@@ -1015,7 +1015,8 @@ foreach (split("\n",$code)) {
$SIZE_T==4 ? sprintf("extru%s,%d,8,",$1,31-$2)
: sprintf("extrd,u%s,%d,8,",$1,63-$2)/e;
s/,\*/,/ if ($SIZE_T==4);
s/,\*/,/ if ($SIZE_T==4);
s/\bbv\b(.*\(%r2\))/bve$1/ if ($SIZE_T==8);
print $_,"\n";
}
close STDOUT;

View File

@@ -83,9 +83,9 @@
# Add decryption procedure. Performance in CPU cycles spent to decrypt
# one byte out of 4096-byte buffer with 128-bit key is:
#
# Core 2 11.0
# Nehalem 9.16
# Atom 20.9
# Core 2 9.83
# Nehalem 7.74
# Atom 19.0
#
# November 2011.
#
@@ -456,6 +456,7 @@ sub MixColumns {
# modified to emit output in order suitable for feeding back to aesenc[last]
my @x=@_[0..7];
my @t=@_[8..15];
my $inv=@_[16]; # optional
$code.=<<___;
pshufd \$0x93, @x[0], @t[0] # x0 <<< 32
pshufd \$0x93, @x[1], @t[1]
@@ -497,7 +498,8 @@ $code.=<<___;
pxor @t[4], @t[0]
pshufd \$0x4E, @x[2], @x[6]
pxor @t[5], @t[1]
___
$code.=<<___ if (!$inv);
pxor @t[3], @x[4]
pxor @t[7], @x[5]
pxor @t[6], @x[3]
@@ -505,9 +507,20 @@ $code.=<<___;
pxor @t[2], @x[6]
movdqa @t[1], @x[7]
___
$code.=<<___ if ($inv);
pxor @x[4], @t[3]
pxor @t[7], @x[5]
pxor @x[3], @t[6]
movdqa @t[0], @x[3]
pxor @t[2], @x[6]
movdqa @t[6], @x[2]
movdqa @t[1], @x[7]
movdqa @x[6], @x[4]
movdqa @t[3], @x[6]
___
}
sub InvMixColumns {
sub InvMixColumns_orig {
my @x=@_[0..7];
my @t=@_[8..15];
@@ -661,6 +674,54 @@ $code.=<<___;
___
}
sub InvMixColumns {
my @x=@_[0..7];
my @t=@_[8..15];
# Thanks to Jussi Kivilinna for providing pointer to
#
# | 0e 0b 0d 09 | | 02 03 01 01 | | 05 00 04 00 |
# | 09 0e 0b 0d | = | 01 02 03 01 | x | 00 05 00 04 |
# | 0d 09 0e 0b | | 01 01 02 03 | | 04 00 05 00 |
# | 0b 0d 09 0e | | 03 01 01 02 | | 00 04 00 05 |
$code.=<<___;
# multiplication by 0x05-0x00-0x04-0x00
pshufd \$0x4E, @x[0], @t[0]
pshufd \$0x4E, @x[6], @t[6]
pxor @x[0], @t[0]
pshufd \$0x4E, @x[7], @t[7]
pxor @x[6], @t[6]
pshufd \$0x4E, @x[1], @t[1]
pxor @x[7], @t[7]
pshufd \$0x4E, @x[2], @t[2]
pxor @x[1], @t[1]
pshufd \$0x4E, @x[3], @t[3]
pxor @x[2], @t[2]
pxor @t[6], @x[0]
pxor @t[6], @x[1]
pshufd \$0x4E, @x[4], @t[4]
pxor @x[3], @t[3]
pxor @t[0], @x[2]
pxor @t[1], @x[3]
pshufd \$0x4E, @x[5], @t[5]
pxor @x[4], @t[4]
pxor @t[7], @x[1]
pxor @t[2], @x[4]
pxor @x[5], @t[5]
pxor @t[7], @x[2]
pxor @t[6], @x[3]
pxor @t[6], @x[4]
pxor @t[3], @x[5]
pxor @t[4], @x[6]
pxor @t[7], @x[4]
pxor @t[7], @x[5]
pxor @t[5], @x[7]
___
&MixColumns (@x,@t,1); # flipped 2<->3 and 4<->6
}
sub aesenc { # not used
my @b=@_[0..7];
my @t=@_[8..15];
@@ -2028,6 +2089,8 @@ ___
# const unsigned char iv[16]);
#
my ($twmask,$twres,$twtmp)=@XMM[13..15];
$arg6=~s/d$//;
$code.=<<___;
.globl bsaes_xts_encrypt
.type bsaes_xts_encrypt,\@abi-omnipotent

View File

@@ -23,7 +23,7 @@ unsigned int _armv7_tick(void);
unsigned int OPENSSL_rdtsc(void)
{
if (OPENSSL_armcap_P|ARMV7_TICK)
if (OPENSSL_armcap_P & ARMV7_TICK)
return _armv7_tick();
else
return 0;

View File

@@ -116,7 +116,7 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
int pad=0,ret,i,neg;
unsigned char *p,*n,pb=0;
if ((a == NULL) || (a->data == NULL)) return(0);
if (a == NULL) return(0);
neg=a->type & V_ASN1_NEG;
if (a->length == 0)
ret=1;

View File

@@ -906,8 +906,8 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag)
memset(authchunks, 0, sizeof(sockopt_len));
ret = getsockopt(fd, IPPROTO_SCTP, SCTP_LOCAL_AUTH_CHUNKS, authchunks, &sockopt_len);
OPENSSL_assert(ret >= 0);
for (p = (unsigned char*) authchunks + sizeof(sctp_assoc_t);
for (p = (unsigned char*) authchunks->gauth_chunks;
p < (unsigned char*) authchunks + sockopt_len;
p += sizeof(uint8_t))
{
@@ -1197,7 +1197,7 @@ static int dgram_sctp_read(BIO *b, char *out, int outl)
ii = getsockopt(b->num, IPPROTO_SCTP, SCTP_PEER_AUTH_CHUNKS, authchunks, &optlen);
OPENSSL_assert(ii >= 0);
for (p = (unsigned char*) authchunks + sizeof(sctp_assoc_t);
for (p = (unsigned char*) authchunks->gauth_chunks;
p < (unsigned char*) authchunks + optlen;
p += sizeof(uint8_t))
{

View File

@@ -125,7 +125,9 @@ ppc-mont.s: asm/ppc-mont.pl;$(PERL) asm/ppc-mont.pl $(PERLASM_SCHEME) $@
ppc64-mont.s: asm/ppc64-mont.pl;$(PERL) asm/ppc64-mont.pl $(PERLASM_SCHEME) $@
alpha-mont.s: asm/alpha-mont.pl
$(PERL) $< | $(CC) -E - | tee $@ > /dev/null
(preproc=/tmp/$$$$.$@; trap "rm $$preproc" INT; \
$(PERL) asm/alpha-mont.pl > $$preproc && \
$(CC) -E $$preproc > $@ && rm $$preproc)
# GNU make "catch all"
%-mont.s: asm/%-mont.pl; $(PERL) $< $(PERLASM_SCHEME) $@

View File

@@ -133,7 +133,7 @@ $code.=<<___;
bnez $at,1f
li $t0,0
slt $at,$num,17 # on in-order CPU
bnezl $at,bn_mul_mont_internal
bnez $at,bn_mul_mont_internal
nop
1: jr $ra
li $a0,0

View File

@@ -140,10 +140,10 @@ $code.=<<___;
.set reorder
li $minus4,-4
and $ta0,$a2,$minus4
$LD $t0,0($a1)
beqz $ta0,.L_bn_mul_add_words_tail
.L_bn_mul_add_words_loop:
$LD $t0,0($a1)
$MULTU $t0,$a3
$LD $t1,0($a0)
$LD $t2,$BNSZ($a1)
@@ -200,10 +200,9 @@ $code.=<<___;
$ADDU $v0,$ta2
sltu $at,$ta3,$at
$ST $ta3,-$BNSZ($a0)
$ADDU $v0,$at
.set noreorder
bgtzl $ta0,.L_bn_mul_add_words_loop
$LD $t0,0($a1)
bgtz $ta0,.L_bn_mul_add_words_loop
$ADDU $v0,$at
beqz $a2,.L_bn_mul_add_words_return
nop
@@ -300,10 +299,10 @@ $code.=<<___;
.set reorder
li $minus4,-4
and $ta0,$a2,$minus4
$LD $t0,0($a1)
beqz $ta0,.L_bn_mul_words_tail
.L_bn_mul_words_loop:
$LD $t0,0($a1)
$MULTU $t0,$a3
$LD $t2,$BNSZ($a1)
$LD $ta0,2*$BNSZ($a1)
@@ -341,10 +340,9 @@ $code.=<<___;
$ADDU $v0,$at
sltu $ta3,$v0,$at
$ST $v0,-$BNSZ($a0)
$ADDU $v0,$ta3,$ta2
.set noreorder
bgtzl $ta0,.L_bn_mul_words_loop
$LD $t0,0($a1)
bgtz $ta0,.L_bn_mul_words_loop
$ADDU $v0,$ta3,$ta2
beqz $a2,.L_bn_mul_words_return
nop
@@ -429,10 +427,10 @@ $code.=<<___;
.set reorder
li $minus4,-4
and $ta0,$a2,$minus4
$LD $t0,0($a1)
beqz $ta0,.L_bn_sqr_words_tail
.L_bn_sqr_words_loop:
$LD $t0,0($a1)
$MULTU $t0,$t0
$LD $t2,$BNSZ($a1)
$LD $ta0,2*$BNSZ($a1)
@@ -463,11 +461,10 @@ $code.=<<___;
mflo $ta3
mfhi $ta2
$ST $ta3,-2*$BNSZ($a0)
$ST $ta2,-$BNSZ($a0)
.set noreorder
bgtzl $ta0,.L_bn_sqr_words_loop
$LD $t0,0($a1)
bgtz $ta0,.L_bn_sqr_words_loop
$ST $ta2,-$BNSZ($a0)
beqz $a2,.L_bn_sqr_words_return
nop
@@ -547,10 +544,10 @@ $code.=<<___;
.set reorder
li $minus4,-4
and $at,$a3,$minus4
$LD $t0,0($a1)
beqz $at,.L_bn_add_words_tail
.L_bn_add_words_loop:
$LD $t0,0($a1)
$LD $ta0,0($a2)
subu $a3,4
$LD $t1,$BNSZ($a1)
@@ -589,11 +586,10 @@ $code.=<<___;
$ADDU $t3,$ta3,$v0
sltu $v0,$t3,$ta3
$ST $t3,-$BNSZ($a0)
$ADDU $v0,$t9
.set noreorder
bgtzl $at,.L_bn_add_words_loop
$LD $t0,0($a1)
bgtz $at,.L_bn_add_words_loop
$ADDU $v0,$t9
beqz $a3,.L_bn_add_words_return
nop
@@ -679,10 +675,10 @@ $code.=<<___;
.set reorder
li $minus4,-4
and $at,$a3,$minus4
$LD $t0,0($a1)
beqz $at,.L_bn_sub_words_tail
.L_bn_sub_words_loop:
$LD $t0,0($a1)
$LD $ta0,0($a2)
subu $a3,4
$LD $t1,$BNSZ($a1)
@@ -722,11 +718,10 @@ $code.=<<___;
$SUBU $t3,$ta3,$v0
sgtu $v0,$t3,$ta3
$ST $t3,-$BNSZ($a0)
$ADDU $v0,$t9
.set noreorder
bgtzl $at,.L_bn_sub_words_loop
$LD $t0,0($a1)
bgtz $at,.L_bn_sub_words_loop
$ADDU $v0,$t9
beqz $a3,.L_bn_sub_words_return
nop
@@ -840,8 +835,9 @@ $code.=<<___;
sltu $ta0,$a1,$a2
or $t8,$ta0
.set noreorder
beqzl $at,.L_bn_div_3_words_inner_loop
beqz $at,.L_bn_div_3_words_inner_loop
$SUBU $v0,1
$ADDU $v0,1
.set reorder
.L_bn_div_3_words_inner_loop_done:
.set noreorder
@@ -902,7 +898,8 @@ $code.=<<___;
and $t2,$a0
$SRL $at,$a1,$t1
.set noreorder
bnezl $t2,.+8
beqz $t2,.+12
nop
break 6 # signal overflow
.set reorder
$SLL $a0,$t9
@@ -917,7 +914,8 @@ $code.=<<___;
$SRL $DH,$a2,4*$BNSZ # bits
sgeu $at,$a0,$a2
.set noreorder
bnezl $at,.+8
beqz $at,.+12
nop
$SUBU $a0,$a2
.set reorder

View File

@@ -40,7 +40,7 @@
# of arithmetic operations, most notably multiplications. It requires
# more memory references, most notably to tp[num], but this doesn't
# seem to exhaust memory port capacity. And indeed, dedicated PA-RISC
# 2.0 code path, provides virtually same performance as pa-risc2[W].s:
# 2.0 code path provides virtually same performance as pa-risc2[W].s:
# it's ~10% better for shortest key length and ~10% worse for longest
# one.
#
@@ -988,6 +988,8 @@ foreach (split("\n",$code)) {
# assemble 2.0 instructions in 32-bit mode...
s/^\s+([a-z]+)([\S]*)\s+([\S]*)/&assemble($1,$2,$3)/e if ($BN_SZ==4);
s/\bbv\b/bve/gm if ($SIZE_T==8);
print $_,"\n";
}
close STDOUT;

View File

@@ -31,7 +31,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
die "can't locate x86_64-xlate.pl";
open STDOUT,"| \"$^X\" $xlate $flavour $output";
open OUT,"| \"$^X\" $xlate $flavour $output";
*STDOUT=*OUT;
($lo,$hi)=("%rax","%rdx"); $a=$lo;
($i0,$i1)=("%rsi","%rdi");

View File

@@ -901,8 +901,8 @@ $code.=<<___;
jnz .Lgather
___
$code.=<<___ if ($win64);
movaps %xmm6,(%rsp)
movaps %xmm7,0x10(%rsp)
movaps (%rsp),%xmm6
movaps 0x10(%rsp),%xmm7
lea 0x28(%rsp),%rsp
___
$code.=<<___;

View File

@@ -286,26 +286,25 @@ const BIGNUM *BN_get0_nist_prime_521(void)
}
static void nist_cp_bn_0(BN_ULONG *buf, BN_ULONG *a, int top, int max)
static void nist_cp_bn_0(BN_ULONG *dst, const BN_ULONG *src, int top, int max)
{
int i;
BN_ULONG *_tmp1 = (buf), *_tmp2 = (a);
#ifdef BN_DEBUG
OPENSSL_assert(top <= max);
#endif
for (i = (top); i != 0; i--)
*_tmp1++ = *_tmp2++;
for (i = (max) - (top); i != 0; i--)
*_tmp1++ = (BN_ULONG) 0;
for (i = 0; i < top; i++)
dst[i] = src[i];
for (; i < max; i++)
dst[i] = 0;
}
static void nist_cp_bn(BN_ULONG *buf, BN_ULONG *a, int top)
static void nist_cp_bn(BN_ULONG *dst, const BN_ULONG *src, int top)
{
int i;
BN_ULONG *_tmp1 = (buf), *_tmp2 = (a);
for (i = (top); i != 0; i--)
*_tmp1++ = *_tmp2++;
for (i = 0; i < top; i++)
dst[i] = src[i];
}
#if BN_BITS2 == 64
@@ -451,8 +450,9 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
*/
mask = 0-(PTR_SIZE_INT)bn_sub_words(c_d,r_d,_nist_p_192[0],BN_NIST_192_TOP);
mask &= 0-(PTR_SIZE_INT)carry;
res = c_d;
res = (BN_ULONG *)
(((PTR_SIZE_INT)c_d&~mask) | ((PTR_SIZE_INT)r_d&mask));
(((PTR_SIZE_INT)res&~mask) | ((PTR_SIZE_INT)r_d&mask));
nist_cp_bn(r_d, res, BN_NIST_192_TOP);
r->top = BN_NIST_192_TOP;
bn_correct_top(r);
@@ -479,8 +479,11 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
int top = a->top, i;
int carry;
BN_ULONG *r_d, *a_d = a->d;
BN_ULONG buf[BN_NIST_224_TOP],
c_d[BN_NIST_224_TOP],
union {
BN_ULONG bn[BN_NIST_224_TOP];
unsigned int ui[BN_NIST_224_TOP*sizeof(BN_ULONG)/sizeof(unsigned int)];
} buf;
BN_ULONG c_d[BN_NIST_224_TOP],
*res;
PTR_SIZE_INT mask;
union { bn_addsub_f f; PTR_SIZE_INT p; } u;
@@ -519,18 +522,18 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
/* copy upper 256 bits of 448 bit number ... */
nist_cp_bn_0(c_d, a_d + (BN_NIST_224_TOP-1), top - (BN_NIST_224_TOP-1), BN_NIST_224_TOP);
/* ... and right shift by 32 to obtain upper 224 bits */
nist_set_224(buf, c_d, 14, 13, 12, 11, 10, 9, 8);
nist_set_224(buf.bn, c_d, 14, 13, 12, 11, 10, 9, 8);
/* truncate lower part to 224 bits too */
r_d[BN_NIST_224_TOP-1] &= BN_MASK2l;
#else
nist_cp_bn_0(buf, a_d + BN_NIST_224_TOP, top - BN_NIST_224_TOP, BN_NIST_224_TOP);
nist_cp_bn_0(buf.bn, a_d + BN_NIST_224_TOP, top - BN_NIST_224_TOP, BN_NIST_224_TOP);
#endif
#if defined(NIST_INT64) && BN_BITS2!=64
{
NIST_INT64 acc; /* accumulator */
unsigned int *rp=(unsigned int *)r_d;
const unsigned int *bp=(const unsigned int *)buf;
const unsigned int *bp=(const unsigned int *)buf.ui;
acc = rp[0]; acc -= bp[7-7];
acc -= bp[11-7]; rp[0] = (unsigned int)acc; acc >>= 32;
@@ -565,13 +568,13 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
{
BN_ULONG t_d[BN_NIST_224_TOP];
nist_set_224(t_d, buf, 10, 9, 8, 7, 0, 0, 0);
nist_set_224(t_d, buf.bn, 10, 9, 8, 7, 0, 0, 0);
carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP);
nist_set_224(t_d, buf, 0, 13, 12, 11, 0, 0, 0);
nist_set_224(t_d, buf.bn, 0, 13, 12, 11, 0, 0, 0);
carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP);
nist_set_224(t_d, buf, 13, 12, 11, 10, 9, 8, 7);
nist_set_224(t_d, buf.bn, 13, 12, 11, 10, 9, 8, 7);
carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP);
nist_set_224(t_d, buf, 0, 0, 0, 0, 13, 12, 11);
nist_set_224(t_d, buf.bn, 0, 0, 0, 0, 13, 12, 11);
carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP);
#if BN_BITS2==64
@@ -606,7 +609,8 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
/* otherwise it's effectively same as in BN_nist_mod_192... */
mask = 0-(PTR_SIZE_INT)(*u.f)(c_d,r_d,_nist_p_224[0],BN_NIST_224_TOP);
mask &= 0-(PTR_SIZE_INT)carry;
res = (BN_ULONG *)(((PTR_SIZE_INT)c_d&~mask) |
res = c_d;
res = (BN_ULONG *)(((PTR_SIZE_INT)res&~mask) |
((PTR_SIZE_INT)r_d&mask));
nist_cp_bn(r_d, res, BN_NIST_224_TOP);
r->top = BN_NIST_224_TOP;
@@ -805,7 +809,8 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
mask = 0-(PTR_SIZE_INT)(*u.f)(c_d,r_d,_nist_p_256[0],BN_NIST_256_TOP);
mask &= 0-(PTR_SIZE_INT)carry;
res = (BN_ULONG *)(((PTR_SIZE_INT)c_d&~mask) |
res = c_d;
res = (BN_ULONG *)(((PTR_SIZE_INT)res&~mask) |
((PTR_SIZE_INT)r_d&mask));
nist_cp_bn(r_d, res, BN_NIST_256_TOP);
r->top = BN_NIST_256_TOP;
@@ -1026,7 +1031,8 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
mask = 0-(PTR_SIZE_INT)(*u.f)(c_d,r_d,_nist_p_384[0],BN_NIST_384_TOP);
mask &= 0-(PTR_SIZE_INT)carry;
res = (BN_ULONG *)(((PTR_SIZE_INT)c_d&~mask) |
res = c_d;
res = (BN_ULONG *)(((PTR_SIZE_INT)res&~mask) |
((PTR_SIZE_INT)r_d&mask));
nist_cp_bn(r_d, res, BN_NIST_384_TOP);
r->top = BN_NIST_384_TOP;
@@ -1092,7 +1098,8 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
bn_add_words(r_d,r_d,t_d,BN_NIST_521_TOP);
mask = 0-(PTR_SIZE_INT)bn_sub_words(t_d,r_d,_nist_p_521,BN_NIST_521_TOP);
res = (BN_ULONG *)(((PTR_SIZE_INT)t_d&~mask) |
res = t_d;
res = (BN_ULONG *)(((PTR_SIZE_INT)res&~mask) |
((PTR_SIZE_INT)r_d&mask));
nist_cp_bn(r_d,res,BN_NIST_521_TOP);
r->top = BN_NIST_521_TOP;

View File

@@ -179,14 +179,14 @@ int BUF_MEM_grow_clean(BUF_MEM *str, size_t len)
return(len);
}
void BUF_reverse(unsigned char *out, unsigned char *in, size_t size)
void BUF_reverse(unsigned char *out, const unsigned char *in, size_t size)
{
size_t i;
if (in)
{
out += size - 1;
for (i = 0; i < size; i++)
*in++ = *out--;
*out-- = *in++;
}
else
{

View File

@@ -88,7 +88,7 @@ int BUF_MEM_grow_clean(BUF_MEM *str, size_t len);
char * BUF_strdup(const char *str);
char * BUF_strndup(const char *str, size_t siz);
void * BUF_memdup(const void *data, size_t siz);
void BUF_reverse(unsigned char *out, unsigned char *in, size_t siz);
void BUF_reverse(unsigned char *out, const unsigned char *in, size_t siz);
/* safe string functions */
size_t BUF_strlcpy(char *dst,const char *src,size_t siz);

View File

@@ -88,7 +88,7 @@ static int eckey_param2type(int *pptype, void **ppval, EC_KEY *ec_key)
if (!pstr)
return 0;
pstr->length = i2d_ECParameters(ec_key, &pstr->data);
if (pstr->length < 0)
if (pstr->length <= 0)
{
ASN1_STRING_free(pstr);
ECerr(EC_F_ECKEY_PARAM2TYPE, ERR_R_EC_LIB);

View File

@@ -89,7 +89,8 @@ int EC_GROUP_get_trinomial_basis(const EC_GROUP *group, unsigned int *k)
if (group == NULL)
return 0;
if (EC_GROUP_method_of(group)->group_set_curve != ec_GF2m_simple_group_set_curve
if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) !=
NID_X9_62_characteristic_two_field
|| !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] == 0)))
{
ECerr(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
@@ -107,7 +108,8 @@ int EC_GROUP_get_pentanomial_basis(const EC_GROUP *group, unsigned int *k1,
if (group == NULL)
return 0;
if (EC_GROUP_method_of(group)->group_set_curve != ec_GF2m_simple_group_set_curve
if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) !=
NID_X9_62_characteristic_two_field
|| !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] != 0) && (group->poly[3] != 0) && (group->poly[4] == 0)))
{
ECerr(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

View File

@@ -480,10 +480,10 @@ int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx)
if (EC_METHOD_get_field_type(EC_GROUP_method_of(a)) !=
EC_METHOD_get_field_type(EC_GROUP_method_of(b)))
return 1;
/* compare the curve name (if present) */
/* compare the curve name (if present in both) */
if (EC_GROUP_get_curve_name(a) && EC_GROUP_get_curve_name(b) &&
EC_GROUP_get_curve_name(a) == EC_GROUP_get_curve_name(b))
return 0;
EC_GROUP_get_curve_name(a) != EC_GROUP_get_curve_name(b))
return 1;
if (!ctx)
ctx_new = ctx = BN_CTX_new();
@@ -993,12 +993,12 @@ int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN
if (group->meth->point_cmp == 0)
{
ECerr(EC_F_EC_POINT_CMP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
return -1;
}
if ((group->meth != a->meth) || (a->meth != b->meth))
{
ECerr(EC_F_EC_POINT_CMP, EC_R_INCOMPATIBLE_OBJECTS);
return 0;
return -1;
}
return group->meth->point_cmp(group, a, b, ctx);
}

View File

@@ -104,6 +104,7 @@ static int bind_helper(ENGINE *e)
{
if (!ENGINE_set_id(e, engine_e_rdrand_id) ||
!ENGINE_set_name(e, engine_e_rdrand_name) ||
!ENGINE_set_flags(e, ENGINE_FLAGS_NO_REGISTER_ALL) ||
!ENGINE_set_init_function(e, rdrand_init) ||
!ENGINE_set_RAND(e, &rdrand_meth) )
return 0;

View File

@@ -67,7 +67,7 @@ files:
links:
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
[ ! -f $(TESTDATA) ] || cp $(TESTDATA) ../../test
@[ -f $(TESTDATA) ] && cp $(TESTDATA) ../../test && echo "$(TESTDATA) -> ../../test/$(TESTDATA)"
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
install:

View File

@@ -366,8 +366,11 @@ int EVP_Digest(const void *data, size_t count,
void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
{
EVP_MD_CTX_cleanup(ctx);
OPENSSL_free(ctx);
if (ctx)
{
EVP_MD_CTX_cleanup(ctx);
OPENSSL_free(ctx);
}
}
/* This call frees resources associated with the context */

View File

@@ -842,7 +842,10 @@ static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
gctx->ctr = NULL;
break;
}
else
#endif
(void)0; /* terminate potentially open 'else' */
AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks);
CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, (block128_f)AES_encrypt);
#ifdef AES_CTR_ASM
@@ -1083,14 +1086,17 @@ static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
xctx->xts.block1 = (block128_f)vpaes_decrypt;
}
vpaes_set_encrypt_key(key + ctx->key_len/2,
vpaes_set_encrypt_key(key + ctx->key_len/2,
ctx->key_len * 4, &xctx->ks2);
xctx->xts.block2 = (block128_f)vpaes_encrypt;
xctx->xts.block2 = (block128_f)vpaes_encrypt;
xctx->xts.key1 = &xctx->ks1;
break;
}
xctx->xts.key1 = &xctx->ks1;
break;
}
else
#endif
(void)0; /* terminate potentially open 'else' */
if (enc)
{
AES_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1);

View File

@@ -328,10 +328,11 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
if (res!=SHA_CBLOCK) continue;
mask = 0-((inp_len+8-j)>>(sizeof(j)*8-1));
/* j is not incremented yet */
mask = 0-((inp_len+7-j)>>(sizeof(j)*8-1));
data->u[SHA_LBLOCK-1] |= bitlen&mask;
sha1_block_data_order(&key->md,data,1);
mask &= 0-((j-inp_len-73)>>(sizeof(j)*8-1));
mask &= 0-((j-inp_len-72)>>(sizeof(j)*8-1));
pmac->u[0] |= key->md.h0 & mask;
pmac->u[1] |= key->md.h1 & mask;
pmac->u[2] |= key->md.h2 & mask;

View File

@@ -101,7 +101,7 @@ static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl)
{
if (inl>=EVP_MAXCHUNK)
while (inl>=EVP_MAXCHUNK)
{
DES_ede3_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK,
&data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
@@ -132,7 +132,7 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
printf("\n");
}
#endif /* KSSL_DEBUG */
if (inl>=EVP_MAXCHUNK)
while (inl>=EVP_MAXCHUNK)
{
DES_ede3_cbc_encrypt(in, out, (long)EVP_MAXCHUNK,
&data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
@@ -151,7 +151,7 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
static int des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl)
{
if (inl>=EVP_MAXCHUNK)
while (inl>=EVP_MAXCHUNK)
{
DES_ede3_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK,
&data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,

View File

@@ -85,19 +85,24 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
unsigned char digtmp[EVP_MAX_MD_SIZE], *p, itmp[4];
int cplen, j, k, tkeylen, mdlen;
unsigned long i = 1;
HMAC_CTX hctx;
HMAC_CTX hctx_tpl, hctx;
mdlen = EVP_MD_size(digest);
if (mdlen < 0)
return 0;
HMAC_CTX_init(&hctx);
HMAC_CTX_init(&hctx_tpl);
p = out;
tkeylen = keylen;
if(!pass)
passlen = 0;
else if(passlen == -1)
passlen = strlen(pass);
if (!HMAC_Init_ex(&hctx_tpl, pass, passlen, digest, NULL))
{
HMAC_CTX_cleanup(&hctx_tpl);
return 0;
}
while(tkeylen)
{
if(tkeylen > mdlen)
@@ -111,19 +116,36 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
itmp[1] = (unsigned char)((i >> 16) & 0xff);
itmp[2] = (unsigned char)((i >> 8) & 0xff);
itmp[3] = (unsigned char)(i & 0xff);
if (!HMAC_Init_ex(&hctx, pass, passlen, digest, NULL)
|| !HMAC_Update(&hctx, salt, saltlen)
|| !HMAC_Update(&hctx, itmp, 4)
|| !HMAC_Final(&hctx, digtmp, NULL))
if (!HMAC_CTX_copy(&hctx, &hctx_tpl))
{
HMAC_CTX_cleanup(&hctx_tpl);
return 0;
}
if (!HMAC_Update(&hctx, salt, saltlen)
|| !HMAC_Update(&hctx, itmp, 4)
|| !HMAC_Final(&hctx, digtmp, NULL))
{
HMAC_CTX_cleanup(&hctx_tpl);
HMAC_CTX_cleanup(&hctx);
return 0;
}
HMAC_CTX_cleanup(&hctx);
memcpy(p, digtmp, cplen);
for(j = 1; j < iter; j++)
{
HMAC(digest, pass, passlen,
digtmp, mdlen, digtmp, NULL);
if (!HMAC_CTX_copy(&hctx, &hctx_tpl))
{
HMAC_CTX_cleanup(&hctx_tpl);
return 0;
}
if (!HMAC_Update(&hctx, digtmp, mdlen)
|| !HMAC_Final(&hctx, digtmp, NULL))
{
HMAC_CTX_cleanup(&hctx_tpl);
HMAC_CTX_cleanup(&hctx);
return 0;
}
HMAC_CTX_cleanup(&hctx);
for(k = 0; k < cplen; k++)
p[k] ^= digtmp[k];
}
@@ -131,7 +153,7 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
i++;
p+= cplen;
}
HMAC_CTX_cleanup(&hctx);
HMAC_CTX_cleanup(&hctx_tpl);
#ifdef DEBUG_PKCS5V2
fprintf(stderr, "Password:\n");
h__dump (pass, passlen);

View File

@@ -53,7 +53,10 @@ ghash-x86_64.s: asm/ghash-x86_64.pl
ghash-sparcv9.s: asm/ghash-sparcv9.pl
$(PERL) asm/ghash-sparcv9.pl $@ $(CFLAGS)
ghash-alpha.s: asm/ghash-alpha.pl
$(PERL) $< | $(CC) -E - | tee $@ > /dev/null
(preproc=/tmp/$$$$.$@; trap "rm $$preproc" INT; \
$(PERL) asm/ghash-alpha.pl > $$preproc && \
$(CC) -E $$preproc > $@ && rm $$preproc)
ghash-parisc.s: asm/ghash-parisc.pl
$(PERL) asm/ghash-parisc.pl $(PERLASM_SCHEME) $@

View File

@@ -266,8 +266,8 @@ gcm_gmult_4bit:
ldq $Xlo,8($Xi)
ldq $Xhi,0($Xi)
br $rem_4bit,.Lpic1
.Lpic1: lda $rem_4bit,rem_4bit-.Lpic1($rem_4bit)
bsr $t0,picmeup
nop
___
&loop();
@@ -341,8 +341,8 @@ gcm_ghash_4bit:
ldq $Xhi,0($Xi)
ldq $Xlo,8($Xi)
br $rem_4bit,.Lpic2
.Lpic2: lda $rem_4bit,rem_4bit-.Lpic2($rem_4bit)
bsr $t0,picmeup
nop
.Louter:
extql $inhi,$inp,$inhi
@@ -436,11 +436,20 @@ $code.=<<___;
.end gcm_ghash_4bit
.align 4
.ent picmeup
picmeup:
.frame sp,0,$t0
.prologue 0
br $rem_4bit,.Lpic
.Lpic: lda $rem_4bit,12($rem_4bit)
ret ($t0)
.end picmeup
nop
rem_4bit:
.quad 0x0000<<48, 0x1C20<<48, 0x3840<<48, 0x2460<<48
.quad 0x7080<<48, 0x6CA0<<48, 0x48C0<<48, 0x54E0<<48
.quad 0xE100<<48, 0xFD20<<48, 0xD940<<48, 0xC560<<48
.quad 0x9180<<48, 0x8DA0<<48, 0xA9C0<<48, 0xB5E0<<48
.long 0,0x0000<<16, 0,0x1C20<<16, 0,0x3840<<16, 0,0x2460<<16
.long 0,0x7080<<16, 0,0x6CA0<<16, 0,0x48C0<<16, 0,0x54E0<<16
.long 0,0xE100<<16, 0,0xFD20<<16, 0,0xD940<<16, 0,0xC560<<16
.long 0,0x9180<<16, 0,0x8DA0<<16, 0,0xA9C0<<16, 0,0xB5E0<<16
.ascii "GHASH for Alpha, CRYPTOGAMS by <appro\@openssl.org>"
.align 4

View File

@@ -724,6 +724,7 @@ foreach (split("\n",$code)) {
s/cmpb,\*/comb,/;
s/,\*/,/;
}
s/\bbv\b/bve/ if ($SIZE_T==8);
print $_,"\n";
}

View File

@@ -117,7 +117,7 @@ void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out,
unsigned char ivec[16], block128_f block)
{
size_t n;
union { size_t align; unsigned char c[16]; } tmp;
union { size_t t[16/sizeof(size_t)]; unsigned char c[16]; } tmp;
assert(in && out && key && ivec);
@@ -137,11 +137,13 @@ void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out,
out += 16;
}
}
else {
else if (16%sizeof(size_t) == 0) { /* always true */
while (len>=16) {
size_t *out_t=(size_t *)out, *iv_t=(size_t *)iv;
(*block)(in, out, key);
for(n=0; n<16; n+=sizeof(size_t))
*(size_t *)(out+n) ^= *(size_t *)(iv+n);
for(n=0; n<16/sizeof(size_t); n++)
out_t[n] ^= iv_t[n];
iv = in;
len -= 16;
in += 16;
@@ -165,15 +167,16 @@ void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out,
out += 16;
}
}
else {
size_t c;
else if (16%sizeof(size_t) == 0) { /* always true */
while (len>=16) {
size_t c, *out_t=(size_t *)out, *ivec_t=(size_t *)ivec;
const size_t *in_t=(const size_t *)in;
(*block)(in, tmp.c, key);
for(n=0; n<16; n+=sizeof(size_t)) {
c = *(size_t *)(in+n);
*(size_t *)(out+n) =
*(size_t *)(tmp.c+n) ^ *(size_t *)(ivec+n);
*(size_t *)(ivec+n) = c;
for(n=0; n<16/sizeof(size_t); n++) {
c = in_t[n];
out_t[n] = tmp.t[n] ^ ivec_t[n];
ivec_t[n] = c;
}
len -= 16;
in += 16;

View File

@@ -87,7 +87,7 @@ int CRYPTO_ccm128_setiv(CCM128_CONTEXT *ctx,
ctx->nonce.c[11] = (u8)(mlen>>(32%(sizeof(mlen)*8)));
}
else
*(u32*)(&ctx->nonce.c[8]) = 0;
ctx->nonce.u[1] = 0;
ctx->nonce.c[12] = (u8)(mlen>>24);
ctx->nonce.c[13] = (u8)(mlen>>16);

View File

@@ -108,12 +108,8 @@ size_t CRYPTO_cts128_encrypt(const unsigned char *in, unsigned char *out,
(*cbc)(in,out-16,residue,key,ivec,1);
memcpy(out,tmp.c,residue);
#else
{
size_t n;
for (n=0; n<16; n+=sizeof(size_t))
*(size_t *)(tmp.c+n) = 0;
memset(tmp.c,0,sizeof(tmp));
memcpy(tmp.c,in,residue);
}
memcpy(out,out-16,residue);
(*cbc)(tmp.c,out-16,16,key,ivec,1);
#endif
@@ -144,12 +140,8 @@ size_t CRYPTO_nistcts128_encrypt(const unsigned char *in, unsigned char *out,
#if defined(CBC_HANDLES_TRUNCATED_IO)
(*cbc)(in,out-16+residue,residue,key,ivec,1);
#else
{
size_t n;
for (n=0; n<16; n+=sizeof(size_t))
*(size_t *)(tmp.c+n) = 0;
memset(tmp.c,0,sizeof(tmp));
memcpy(tmp.c,in,residue);
}
(*cbc)(tmp.c,out-16+residue,16,key,ivec,1);
#endif
return len+residue;
@@ -177,8 +169,7 @@ size_t CRYPTO_cts128_decrypt_block(const unsigned char *in, unsigned char *out,
(*block)(in,tmp.c+16,key);
for (n=0; n<16; n+=sizeof(size_t))
*(size_t *)(tmp.c+n) = *(size_t *)(tmp.c+16+n);
memcpy(tmp.c,tmp.c+16,16);
memcpy(tmp.c,in+16,residue);
(*block)(tmp.c,tmp.c,key);
@@ -220,8 +211,7 @@ size_t CRYPTO_nistcts128_decrypt_block(const unsigned char *in, unsigned char *o
(*block)(in+residue,tmp.c+16,key);
for (n=0; n<16; n+=sizeof(size_t))
*(size_t *)(tmp.c+n) = *(size_t *)(tmp.c+16+n);
memcpy(tmp.c,tmp.c+16,16);
memcpy(tmp.c,in,residue);
(*block)(tmp.c,tmp.c,key);
@@ -240,7 +230,7 @@ size_t CRYPTO_nistcts128_decrypt_block(const unsigned char *in, unsigned char *o
size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out,
size_t len, const void *key,
unsigned char ivec[16], cbc128_f cbc)
{ size_t residue, n;
{ size_t residue;
union { size_t align; unsigned char c[32]; } tmp;
assert (in && out && key && ivec);
@@ -257,8 +247,7 @@ size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out,
out += len;
}
for (n=16; n<32; n+=sizeof(size_t))
*(size_t *)(tmp.c+n) = 0;
memset(tmp.c,0,sizeof(tmp));
/* this places in[16] at &tmp.c[16] and decrypted block at &tmp.c[0] */
(*cbc)(in,tmp.c,16,key,tmp.c+16,0);
@@ -275,7 +264,7 @@ size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out,
size_t CRYPTO_nistcts128_decrypt(const unsigned char *in, unsigned char *out,
size_t len, const void *key,
unsigned char ivec[16], cbc128_f cbc)
{ size_t residue, n;
{ size_t residue;
union { size_t align; unsigned char c[32]; } tmp;
assert (in && out && key && ivec);
@@ -297,8 +286,7 @@ size_t CRYPTO_nistcts128_decrypt(const unsigned char *in, unsigned char *out,
out += len;
}
for (n=16; n<32; n+=sizeof(size_t))
*(size_t *)(tmp.c+n) = 0;
memset(tmp.c,0,sizeof(tmp));
/* this places in[16] at &tmp.c[16] and decrypted block at &tmp.c[0] */
(*cbc)(in+residue,tmp.c,16,key,tmp.c+16,0);

View File

@@ -941,15 +941,17 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
size_t j=GHASH_CHUNK;
while (j) {
size_t *out_t=(size_t *)out;
const size_t *in_t=(const size_t *)in;
(*block)(ctx->Yi.c,ctx->EKi.c,key);
++ctr;
if (is_endian.little)
PUTU32(ctx->Yi.c+12,ctr);
else
ctx->Yi.d[3] = ctr;
for (i=0; i<16; i+=sizeof(size_t))
*(size_t *)(out+i) =
*(size_t *)(in+i)^*(size_t *)(ctx->EKi.c+i);
for (i=0; i<16/sizeof(size_t); ++i)
out_t[i] = in_t[i] ^ ctx->EKi.t[i];
out += 16;
in += 16;
j -= 16;
@@ -961,15 +963,17 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
size_t j=i;
while (len>=16) {
size_t *out_t=(size_t *)out;
const size_t *in_t=(const size_t *)in;
(*block)(ctx->Yi.c,ctx->EKi.c,key);
++ctr;
if (is_endian.little)
PUTU32(ctx->Yi.c+12,ctr);
else
ctx->Yi.d[3] = ctr;
for (i=0; i<16; i+=sizeof(size_t))
*(size_t *)(out+i) =
*(size_t *)(in+i)^*(size_t *)(ctx->EKi.c+i);
for (i=0; i<16/sizeof(size_t); ++i)
out_t[i] = in_t[i] ^ ctx->EKi.t[i];
out += 16;
in += 16;
len -= 16;
@@ -978,16 +982,18 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
}
#else
while (len>=16) {
size_t *out_t=(size_t *)out;
const size_t *in_t=(const size_t *)in;
(*block)(ctx->Yi.c,ctx->EKi.c,key);
++ctr;
if (is_endian.little)
PUTU32(ctx->Yi.c+12,ctr);
else
ctx->Yi.d[3] = ctr;
for (i=0; i<16; i+=sizeof(size_t))
*(size_t *)(ctx->Xi.c+i) ^=
*(size_t *)(out+i) =
*(size_t *)(in+i)^*(size_t *)(ctx->EKi.c+i);
for (i=0; i<16/sizeof(size_t); ++i)
ctx->Xi.t[i] ^=
out_t[i] = in_t[i]^ctx->EKi.t[i];
GCM_MUL(ctx,Xi);
out += 16;
in += 16;
@@ -1091,15 +1097,17 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
GHASH(ctx,in,GHASH_CHUNK);
while (j) {
size_t *out_t=(size_t *)out;
const size_t *in_t=(const size_t *)in;
(*block)(ctx->Yi.c,ctx->EKi.c,key);
++ctr;
if (is_endian.little)
PUTU32(ctx->Yi.c+12,ctr);
else
ctx->Yi.d[3] = ctr;
for (i=0; i<16; i+=sizeof(size_t))
*(size_t *)(out+i) =
*(size_t *)(in+i)^*(size_t *)(ctx->EKi.c+i);
for (i=0; i<16/sizeof(size_t); ++i)
out_t[i] = in_t[i]^ctx->EKi.t[i];
out += 16;
in += 16;
j -= 16;
@@ -1109,15 +1117,17 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
if ((i = (len&(size_t)-16))) {
GHASH(ctx,in,i);
while (len>=16) {
size_t *out_t=(size_t *)out;
const size_t *in_t=(const size_t *)in;
(*block)(ctx->Yi.c,ctx->EKi.c,key);
++ctr;
if (is_endian.little)
PUTU32(ctx->Yi.c+12,ctr);
else
ctx->Yi.d[3] = ctr;
for (i=0; i<16; i+=sizeof(size_t))
*(size_t *)(out+i) =
*(size_t *)(in+i)^*(size_t *)(ctx->EKi.c+i);
for (i=0; i<16/sizeof(size_t); ++i)
out_t[i] = in_t[i]^ctx->EKi.t[i];
out += 16;
in += 16;
len -= 16;
@@ -1125,16 +1135,19 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
}
#else
while (len>=16) {
size_t *out_t=(size_t *)out;
const size_t *in_t=(const size_t *)in;
(*block)(ctx->Yi.c,ctx->EKi.c,key);
++ctr;
if (is_endian.little)
PUTU32(ctx->Yi.c+12,ctr);
else
ctx->Yi.d[3] = ctr;
for (i=0; i<16; i+=sizeof(size_t)) {
size_t c = *(size_t *)(in+i);
*(size_t *)(out+i) = c^*(size_t *)(ctx->EKi.c+i);
*(size_t *)(ctx->Xi.c+i) ^= c;
for (i=0; i<16/sizeof(size_t); ++i) {
size_t c = in[i];
out[i] = c^ctx->EKi.t[i];
ctx->Xi.t[i] ^= c;
}
GCM_MUL(ctx,Xi);
out += 16;
@@ -1669,6 +1682,46 @@ static const u8 IV18[]={0x93,0x13,0x22,0x5d,0xf8,0x84,0x06,0xe5,0x55,0x90,0x9c,0
0xa2,0x41,0x89,0x97,0x20,0x0e,0xf8,0x2e,0x44,0xae,0x7e,0x3f},
T18[]= {0xa4,0x4a,0x82,0x66,0xee,0x1c,0x8e,0xb0,0xc8,0xb5,0xd4,0xcf,0x5a,0xe9,0xf1,0x9a};
/* Test Case 19 */
#define K19 K1
#define P19 P1
#define IV19 IV1
#define C19 C1
static const u8 A19[]= {0xd9,0x31,0x32,0x25,0xf8,0x84,0x06,0xe5,0xa5,0x59,0x09,0xc5,0xaf,0xf5,0x26,0x9a,
0x86,0xa7,0xa9,0x53,0x15,0x34,0xf7,0xda,0x2e,0x4c,0x30,0x3d,0x8a,0x31,0x8a,0x72,
0x1c,0x3c,0x0c,0x95,0x95,0x68,0x09,0x53,0x2f,0xcf,0x0e,0x24,0x49,0xa6,0xb5,0x25,
0xb1,0x6a,0xed,0xf5,0xaa,0x0d,0xe6,0x57,0xba,0x63,0x7b,0x39,0x1a,0xaf,0xd2,0x55,
0x52,0x2d,0xc1,0xf0,0x99,0x56,0x7d,0x07,0xf4,0x7f,0x37,0xa3,0x2a,0x84,0x42,0x7d,
0x64,0x3a,0x8c,0xdc,0xbf,0xe5,0xc0,0xc9,0x75,0x98,0xa2,0xbd,0x25,0x55,0xd1,0xaa,
0x8c,0xb0,0x8e,0x48,0x59,0x0d,0xbb,0x3d,0xa7,0xb0,0x8b,0x10,0x56,0x82,0x88,0x38,
0xc5,0xf6,0x1e,0x63,0x93,0xba,0x7a,0x0a,0xbc,0xc9,0xf6,0x62,0x89,0x80,0x15,0xad},
T19[]= {0x5f,0xea,0x79,0x3a,0x2d,0x6f,0x97,0x4d,0x37,0xe6,0x8e,0x0c,0xb8,0xff,0x94,0x92};
/* Test Case 20 */
#define K20 K1
#define A20 A1
static const u8 IV20[64]={0xff,0xff,0xff,0xff}, /* this results in 0xff in counter LSB */
P20[288],
C20[]= {0x56,0xb3,0x37,0x3c,0xa9,0xef,0x6e,0x4a,0x2b,0x64,0xfe,0x1e,0x9a,0x17,0xb6,0x14,
0x25,0xf1,0x0d,0x47,0xa7,0x5a,0x5f,0xce,0x13,0xef,0xc6,0xbc,0x78,0x4a,0xf2,0x4f,
0x41,0x41,0xbd,0xd4,0x8c,0xf7,0xc7,0x70,0x88,0x7a,0xfd,0x57,0x3c,0xca,0x54,0x18,
0xa9,0xae,0xff,0xcd,0x7c,0x5c,0xed,0xdf,0xc6,0xa7,0x83,0x97,0xb9,0xa8,0x5b,0x49,
0x9d,0xa5,0x58,0x25,0x72,0x67,0xca,0xab,0x2a,0xd0,0xb2,0x3c,0xa4,0x76,0xa5,0x3c,
0xb1,0x7f,0xb4,0x1c,0x4b,0x8b,0x47,0x5c,0xb4,0xf3,0xf7,0x16,0x50,0x94,0xc2,0x29,
0xc9,0xe8,0xc4,0xdc,0x0a,0x2a,0x5f,0xf1,0x90,0x3e,0x50,0x15,0x11,0x22,0x13,0x76,
0xa1,0xcd,0xb8,0x36,0x4c,0x50,0x61,0xa2,0x0c,0xae,0x74,0xbc,0x4a,0xcd,0x76,0xce,
0xb0,0xab,0xc9,0xfd,0x32,0x17,0xef,0x9f,0x8c,0x90,0xbe,0x40,0x2d,0xdf,0x6d,0x86,
0x97,0xf4,0xf8,0x80,0xdf,0xf1,0x5b,0xfb,0x7a,0x6b,0x28,0x24,0x1e,0xc8,0xfe,0x18,
0x3c,0x2d,0x59,0xe3,0xf9,0xdf,0xff,0x65,0x3c,0x71,0x26,0xf0,0xac,0xb9,0xe6,0x42,
0x11,0xf4,0x2b,0xae,0x12,0xaf,0x46,0x2b,0x10,0x70,0xbe,0xf1,0xab,0x5e,0x36,0x06,
0x87,0x2c,0xa1,0x0d,0xee,0x15,0xb3,0x24,0x9b,0x1a,0x1b,0x95,0x8f,0x23,0x13,0x4c,
0x4b,0xcc,0xb7,0xd0,0x32,0x00,0xbc,0xe4,0x20,0xa2,0xf8,0xeb,0x66,0xdc,0xf3,0x64,
0x4d,0x14,0x23,0xc1,0xb5,0x69,0x90,0x03,0xc1,0x3e,0xce,0xf4,0xbf,0x38,0xa3,0xb6,
0x0e,0xed,0xc3,0x40,0x33,0xba,0xc1,0x90,0x27,0x83,0xdc,0x6d,0x89,0xe2,0xe7,0x74,
0x18,0x8a,0x43,0x9c,0x7e,0xbc,0xc0,0x67,0x2d,0xbd,0xa4,0xdd,0xcf,0xb2,0x79,0x46,
0x13,0xb0,0xbe,0x41,0x31,0x5e,0xf7,0x78,0x70,0x8a,0x70,0xee,0x7d,0x75,0x16,0x5c},
T20[]= {0x8b,0x30,0x7f,0x6b,0x33,0x28,0x6d,0x0a,0xb0,0x26,0xa9,0xed,0x3f,0xe1,0xe8,0x5f};
#define TEST_CASE(n) do { \
u8 out[sizeof(P##n)]; \
AES_set_encrypt_key(K##n,sizeof(K##n)*8,&key); \
@@ -1713,6 +1766,8 @@ int main()
TEST_CASE(16);
TEST_CASE(17);
TEST_CASE(18);
TEST_CASE(19);
TEST_CASE(20);
#ifdef OPENSSL_CPUID_OBJ
{
@@ -1743,11 +1798,16 @@ int main()
ctr_t/(double)sizeof(buf),
(gcm_t-ctr_t)/(double)sizeof(buf));
#ifdef GHASH
GHASH(&ctx,buf.c,sizeof(buf));
{
void (*gcm_ghash_p)(u64 Xi[2],const u128 Htable[16],
const u8 *inp,size_t len) = ctx.ghash;
GHASH((&ctx),buf.c,sizeof(buf));
start = OPENSSL_rdtsc();
for (i=0;i<100;++i) GHASH(&ctx,buf.c,sizeof(buf));
for (i=0;i<100;++i) GHASH((&ctx),buf.c,sizeof(buf));
gcm_t = OPENSSL_rdtsc() - start;
printf("%.2f\n",gcm_t/(double)sizeof(buf)/(double)i);
}
#endif
}
#endif

View File

@@ -29,10 +29,7 @@ typedef unsigned char u8;
#if defined(__i386) || defined(__i386__) || \
defined(__x86_64) || defined(__x86_64__) || \
defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \
defined(__s390__) || defined(__s390x__) || \
( (defined(__arm__) || defined(__arm)) && \
(defined(__ARM_ARCH_7__) || defined(__ARM_ARCH_7A__) || \
defined(__ARM_ARCH_7R__) || defined(__ARM_ARCH_7M__)) )
defined(__s390__) || defined(__s390x__)
# undef STRICT_ALIGNMENT
#endif
@@ -101,8 +98,8 @@ typedef struct { u64 hi,lo; } u128;
struct gcm128_context {
/* Following 6 names follow names in GCM specification */
union { u64 u[2]; u32 d[4]; u8 c[16]; } Yi,EKi,EK0,len,
Xi,H;
union { u64 u[2]; u32 d[4]; u8 c[16]; size_t t[16/sizeof(size_t)]; }
Yi,EKi,EK0,len,Xi,H;
/* Relative position of Xi, H and pre-computed Htable is used
* in some assembler modules, i.e. don't change the order! */
#if TABLE_BITS==8

View File

@@ -25,11 +25,11 @@
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
#define OPENSSL_VERSION_NUMBER 0x1000105fL
#define OPENSSL_VERSION_NUMBER 0x1000106fL
#ifdef OPENSSL_FIPS
#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1e-fips 11 Feb 2013"
#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1f-fips 6 Jan 2014"
#else
#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1e 11 Feb 2013"
#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1f 6 Jan 2014"
#endif
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT

View File

@@ -97,33 +97,33 @@ OPENSSL_cleanse
.PROC
.CALLINFO NO_CALLS
.ENTRY
cmpib,*= 0,$len,Ldone
cmpib,*= 0,$len,L\$done
nop
cmpib,*>>= 15,$len,Little
cmpib,*>>= 15,$len,L\$ittle
ldi $SIZE_T-1,%r1
Lalign
L\$align
and,*<> $inp,%r1,%r28
b,n Laligned
b,n L\$aligned
stb %r0,0($inp)
ldo -1($len),$len
b Lalign
b L\$align
ldo 1($inp),$inp
Laligned
L\$aligned
andcm $len,%r1,%r28
Lot
L\$ot
$ST %r0,0($inp)
addib,*<> -$SIZE_T,%r28,Lot
addib,*<> -$SIZE_T,%r28,L\$ot
ldo $SIZE_T($inp),$inp
and,*<> $len,%r1,$len
b,n Ldone
Little
b,n L\$done
L\$ittle
stb %r0,0($inp)
addib,*<> -1,$len,Little
addib,*<> -1,$len,L\$ittle
ldo 1($inp),$inp
Ldone
L\$done
bv ($rp)
.EXIT
nop
@@ -151,7 +151,7 @@ OPENSSL_instrument_bus
ldw 0($out),$tick
add $diff,$tick,$tick
stw $tick,0($out)
Loop
L\$oop
mfctl %cr16,$tick
sub $tick,$lasttick,$diff
copy $tick,$lasttick
@@ -161,7 +161,7 @@ Loop
add $diff,$tick,$tick
stw $tick,0($out)
addib,<> -1,$cnt,Loop
addib,<> -1,$cnt,L\$oop
addi 4,$out,$out
bv ($rp)
@@ -190,14 +190,14 @@ OPENSSL_instrument_bus2
mfctl %cr16,$tick
sub $tick,$lasttick,$diff
copy $tick,$lasttick
Loop2
L\$oop2
copy $diff,$lastdiff
fdc 0($out)
ldw 0($out),$tick
add $diff,$tick,$tick
stw $tick,0($out)
addib,= -1,$max,Ldone2
addib,= -1,$max,L\$done2
nop
mfctl %cr16,$tick
@@ -208,17 +208,18 @@ Loop2
ldi 1,%r1
xor %r1,$tick,$tick
addb,<> $tick,$cnt,Loop2
addb,<> $tick,$cnt,L\$oop2
shladd,l $tick,2,$out,$out
Ldone2
L\$done2
bv ($rp)
.EXIT
add $rv,$cnt,$rv
.PROCEND
___
}
$code =~ s/cmpib,\*/comib,/gm if ($SIZE_T==4);
$code =~ s/,\*/,/gm if ($SIZE_T==4);
$code =~ s/cmpib,\*/comib,/gm if ($SIZE_T==4);
$code =~ s/,\*/,/gm if ($SIZE_T==4);
$code =~ s/\bbv\b/bve/gm if ($SIZE_T==8);
print $code;
close STDOUT;

View File

@@ -167,6 +167,7 @@ start:
#ifndef OPENSSL_NO_RSA
if (strcmp(name,PEM_STRING_RSA) == 0)
{
d2i=(D2I_OF(void))d2i_RSAPrivateKey;
if (xi->x_pkey != NULL)
{
if (!sk_X509_INFO_push(ret,xi)) goto err;

View File

@@ -90,7 +90,14 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
/* Set defaults */
if (!nid_cert)
{
#ifdef OPENSSL_FIPS
if (FIPS_mode())
nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
else
#endif
nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
}
if (!nid_key)
nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
if (!iter)

View File

@@ -380,8 +380,11 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo)
* are fed into the hash function and the results are kept in the
* global 'md'.
*/
CRYPTO_w_lock(CRYPTO_LOCK_RAND);
#ifdef OPENSSL_FIPS
/* NB: in FIPS mode we are already under a lock */
if (!FIPS_mode())
#endif
CRYPTO_w_lock(CRYPTO_LOCK_RAND);
/* prevent ssleay_rand_bytes() from trying to obtain the lock again */
CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
@@ -460,7 +463,10 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo)
/* before unlocking, we must clear 'crypto_lock_rand' */
crypto_lock_rand = 0;
CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
#ifdef OPENSSL_FIPS
if (!FIPS_mode())
#endif
CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
while (num > 0)
{
@@ -512,10 +518,16 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo)
MD_Init(&m);
MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
MD_Update(&m,local_md,MD_DIGEST_LENGTH);
CRYPTO_w_lock(CRYPTO_LOCK_RAND);
#ifdef OPENSSL_FIPS
if (!FIPS_mode())
#endif
CRYPTO_w_lock(CRYPTO_LOCK_RAND);
MD_Update(&m,md,MD_DIGEST_LENGTH);
MD_Final(&m,md);
CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
#ifdef OPENSSL_FIPS
if (!FIPS_mode())
#endif
CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
EVP_MD_CTX_cleanup(&m);
if (ok)

View File

@@ -138,6 +138,7 @@ void ERR_load_RAND_strings(void);
#define RAND_F_SSLEAY_RAND_BYTES 100
/* Reason codes. */
#define RAND_R_DUAL_EC_DRBG_DISABLED 104
#define RAND_R_ERROR_INITIALISING_DRBG 102
#define RAND_R_ERROR_INSTANTIATING_DRBG 103
#define RAND_R_NO_FIPS_RANDOM_METHOD_SET 101

View File

@@ -78,6 +78,7 @@ static ERR_STRING_DATA RAND_str_functs[]=
static ERR_STRING_DATA RAND_str_reasons[]=
{
{ERR_REASON(RAND_R_DUAL_EC_DRBG_DISABLED),"dual ec drbg disabled"},
{ERR_REASON(RAND_R_ERROR_INITIALISING_DRBG),"error initialising drbg"},
{ERR_REASON(RAND_R_ERROR_INSTANTIATING_DRBG),"error instantiating drbg"},
{ERR_REASON(RAND_R_NO_FIPS_RANDOM_METHOD_SET),"no fips random method set"},

View File

@@ -269,6 +269,14 @@ int RAND_init_fips(void)
DRBG_CTX *dctx;
size_t plen;
unsigned char pers[32], *p;
#ifndef OPENSSL_ALLOW_DUAL_EC_DRBG
if (fips_drbg_type >> 16)
{
RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_DUAL_EC_DRBG_DISABLED);
return 0;
}
#endif
dctx = FIPS_get_default_drbg();
if (FIPS_drbg_init(dctx, fips_drbg_type, fips_drbg_flags) <= 0)
{

View File

@@ -307,7 +307,8 @@ L\$opts
.STRINGZ "RC4 for PA-RISC, CRYPTOGAMS by <appro\@openssl.org>"
___
$code =~ s/\`([^\`]*)\`/eval $1/gem;
$code =~ s/cmpib,\*/comib,/gm if ($SIZE_T==4);
$code =~ s/cmpib,\*/comib,/gm if ($SIZE_T==4);
$code =~ s/\bbv\b/bve/gm if ($SIZE_T==8);
print $code;
close STDOUT;

View File

@@ -351,27 +351,27 @@ static int rsa_pss_param_print(BIO *bp, RSA_PSS_PARAMS *pss,
if (!BIO_indent(bp, indent, 128))
goto err;
if (BIO_puts(bp, "Salt Length: ") <= 0)
if (BIO_puts(bp, "Salt Length: 0x") <= 0)
goto err;
if (pss->saltLength)
{
if (i2a_ASN1_INTEGER(bp, pss->saltLength) <= 0)
goto err;
}
else if (BIO_puts(bp, "20 (default)") <= 0)
else if (BIO_puts(bp, "0x14 (default)") <= 0)
goto err;
BIO_puts(bp, "\n");
if (!BIO_indent(bp, indent, 128))
goto err;
if (BIO_puts(bp, "Trailer Field: ") <= 0)
if (BIO_puts(bp, "Trailer Field: 0x") <= 0)
goto err;
if (pss->trailerField)
{
if (i2a_ASN1_INTEGER(bp, pss->trailerField) <= 0)
goto err;
}
else if (BIO_puts(bp, "0xbc (default)") <= 0)
else if (BIO_puts(bp, "BC (default)") <= 0)
goto err;
BIO_puts(bp, "\n");

View File

@@ -59,6 +59,12 @@ int RSA_check_key(const RSA *key)
BN_CTX *ctx;
int r;
int ret=1;
if (!key->p || !key->q || !key->n || !key->e || !key->d)
{
RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_VALUE_MISSING);
return 0;
}
i = BN_new();
j = BN_new();

View File

@@ -611,6 +611,8 @@ static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx,
pm = RSA_NO_PADDING;
else if (!strcmp(value, "oeap"))
pm = RSA_PKCS1_OAEP_PADDING;
else if (!strcmp(value, "oaep"))
pm = RSA_PKCS1_OAEP_PADDING;
else if (!strcmp(value, "x931"))
pm = RSA_X931_PADDING;
else if (!strcmp(value, "pss"))

View File

@@ -60,7 +60,9 @@ sha256-armv4.S: asm/sha256-armv4.pl
$(PERL) $< $(PERLASM_SCHEME) $@
sha1-alpha.s: asm/sha1-alpha.pl
$(PERL) $< | $(CC) -E - | tee $@ > /dev/null
(preproc=/tmp/$$$$.$@; trap "rm $$preproc" INT; \
$(PERL) asm/sha1-alpha.pl > $$preproc && \
$(CC) -E $$preproc > $@ && rm $$preproc)
# Solaris make has to be explicitly told
sha1-x86_64.s: asm/sha1-x86_64.pl; $(PERL) asm/sha1-x86_64.pl $(PERLASM_SCHEME) > $@

View File

@@ -254,6 +254,7 @@ $code.=<<___;
___
$code =~ s/\`([^\`]*)\`/eval $1/gem;
$code =~ s/,\*/,/gm if ($SIZE_T==4);
$code =~ s/,\*/,/gm if ($SIZE_T==4);
$code =~ s/\bbv\b/bve/gm if ($SIZE_T==8);
print $code;
close STDOUT;

View File

@@ -745,7 +745,7 @@ $code.=<<___;
mov %rdi,$ctx # reassigned argument
mov %rsi,$inp # reassigned argument
mov %rdx,$num # reassigned argument
vzeroall
vzeroupper
shl \$6,$num
add $inp,$num
@@ -1038,7 +1038,7 @@ ___
&Xtail_avx(\&body_20_39);
$code.=<<___;
vzeroall
vzeroupper
add 0($ctx),$A # update context
add 4($ctx),@T[0]

View File

@@ -351,7 +351,7 @@ $code.=<<___;
$ST $G,6*$SZ($ctx)
$ST $H,7*$SZ($ctx)
bnel $inp,@X[15],.Loop
bne $inp,@X[15],.Loop
$PTR_SUB $Ktbl,`($rounds-16)*$SZ` # rewind $Ktbl
$REG_L $ra,$FRAMESIZE-1*$SZREG($sp)

View File

@@ -785,6 +785,8 @@ foreach (split("\n",$code)) {
s/cmpb,\*/comb,/ if ($SIZE_T==4);
s/\bbv\b/bve/ if ($SIZE_T==8);
print $_,"\n";
}

View File

@@ -232,7 +232,14 @@ int SHA384_Update (SHA512_CTX *c, const void *data, size_t len)
{ return SHA512_Update (c,data,len); }
void SHA512_Transform (SHA512_CTX *c, const unsigned char *data)
{ sha512_block_data_order (c,data,1); }
{
#ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
if ((size_t)data%sizeof(c->u.d[0]) != 0)
memcpy(c->u.p,data,sizeof(c->u.p)),
data = c->u.p;
#endif
sha512_block_data_order (c,data,1);
}
unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md)
{

View File

@@ -1,22 +1,22 @@
/* start of generated data */
static BN_ULONG bn_group_1024_value[] = {
bn_pack4(9FC6,1D2F,C0EB,06E3),
bn_pack4(FD51,38FE,8376,435B),
bn_pack4(2FD4,CBF4,976E,AA9A),
bn_pack4(68ED,BC3C,0572,6CC0),
bn_pack4(C529,F566,660E,57EC),
bn_pack4(8255,9B29,7BCF,1885),
bn_pack4(CE8E,F4AD,69B1,5D49),
bn_pack4(5DC7,D7B4,6154,D6B6),
bn_pack4(8E49,5C1D,6089,DAD1),
bn_pack4(E0D5,D8E2,50B9,8BE4),
bn_pack4(383B,4813,D692,C6E0),
bn_pack4(D674,DF74,96EA,81D3),
bn_pack4(9EA2,314C,9C25,6576),
bn_pack4(6072,6187,75FF,3C0B),
bn_pack4(9C33,F80A,FA8F,C5E8),
bn_pack4(EEAF,0AB9,ADB3,8DD6)
bn_pack4(0x9FC6,0x1D2F,0xC0EB,0x06E3),
bn_pack4(0xFD51,0x38FE,0x8376,0x435B),
bn_pack4(0x2FD4,0xCBF4,0x976E,0xAA9A),
bn_pack4(0x68ED,0xBC3C,0x0572,0x6CC0),
bn_pack4(0xC529,0xF566,0x660E,0x57EC),
bn_pack4(0x8255,0x9B29,0x7BCF,0x1885),
bn_pack4(0xCE8E,0xF4AD,0x69B1,0x5D49),
bn_pack4(0x5DC7,0xD7B4,0x6154,0xD6B6),
bn_pack4(0x8E49,0x5C1D,0x6089,0xDAD1),
bn_pack4(0xE0D5,0xD8E2,0x50B9,0x8BE4),
bn_pack4(0x383B,0x4813,0xD692,0xC6E0),
bn_pack4(0xD674,0xDF74,0x96EA,0x81D3),
bn_pack4(0x9EA2,0x314C,0x9C25,0x6576),
bn_pack4(0x6072,0x6187,0x75FF,0x3C0B),
bn_pack4(0x9C33,0xF80A,0xFA8F,0xC5E8),
bn_pack4(0xEEAF,0x0AB9,0xADB3,0x8DD6)
};
static BIGNUM bn_group_1024 = {
bn_group_1024_value,
@@ -27,30 +27,30 @@ static BIGNUM bn_group_1024 = {
};
static BN_ULONG bn_group_1536_value[] = {
bn_pack4(CF76,E3FE,D135,F9BB),
bn_pack4(1518,0F93,499A,234D),
bn_pack4(8CE7,A28C,2442,C6F3),
bn_pack4(5A02,1FFF,5E91,479E),
bn_pack4(7F8A,2FE9,B8B5,292E),
bn_pack4(837C,264A,E3A9,BEB8),
bn_pack4(E442,734A,F7CC,B7AE),
bn_pack4(6577,2E43,7D6C,7F8C),
bn_pack4(DB2F,D53D,24B7,C486),
bn_pack4(6EDF,0195,3934,9627),
bn_pack4(158B,FD3E,2B9C,8CF5),
bn_pack4(764E,3F4B,53DD,9DA1),
bn_pack4(4754,8381,DBC5,B1FC),
bn_pack4(9B60,9E0B,E3BA,B63D),
bn_pack4(8134,B1C8,B979,8914),
bn_pack4(DF02,8A7C,EC67,F0D0),
bn_pack4(80B6,55BB,9A22,E8DC),
bn_pack4(1558,903B,A0D0,F843),
bn_pack4(51C6,A94B,E460,7A29),
bn_pack4(5F4F,5F55,6E27,CBDE),
bn_pack4(BEEE,A961,4B19,CC4D),
bn_pack4(DBA5,1DF4,99AC,4C80),
bn_pack4(B1F1,2A86,17A4,7BBB),
bn_pack4(9DEF,3CAF,B939,277A)
bn_pack4(0xCF76,0xE3FE,0xD135,0xF9BB),
bn_pack4(0x1518,0x0F93,0x499A,0x234D),
bn_pack4(0x8CE7,0xA28C,0x2442,0xC6F3),
bn_pack4(0x5A02,0x1FFF,0x5E91,0x479E),
bn_pack4(0x7F8A,0x2FE9,0xB8B5,0x292E),
bn_pack4(0x837C,0x264A,0xE3A9,0xBEB8),
bn_pack4(0xE442,0x734A,0xF7CC,0xB7AE),
bn_pack4(0x6577,0x2E43,0x7D6C,0x7F8C),
bn_pack4(0xDB2F,0xD53D,0x24B7,0xC486),
bn_pack4(0x6EDF,0x0195,0x3934,0x9627),
bn_pack4(0x158B,0xFD3E,0x2B9C,0x8CF5),
bn_pack4(0x764E,0x3F4B,0x53DD,0x9DA1),
bn_pack4(0x4754,0x8381,0xDBC5,0xB1FC),
bn_pack4(0x9B60,0x9E0B,0xE3BA,0xB63D),
bn_pack4(0x8134,0xB1C8,0xB979,0x8914),
bn_pack4(0xDF02,0x8A7C,0xEC67,0xF0D0),
bn_pack4(0x80B6,0x55BB,0x9A22,0xE8DC),
bn_pack4(0x1558,0x903B,0xA0D0,0xF843),
bn_pack4(0x51C6,0xA94B,0xE460,0x7A29),
bn_pack4(0x5F4F,0x5F55,0x6E27,0xCBDE),
bn_pack4(0xBEEE,0xA961,0x4B19,0xCC4D),
bn_pack4(0xDBA5,0x1DF4,0x99AC,0x4C80),
bn_pack4(0xB1F1,0x2A86,0x17A4,0x7BBB),
bn_pack4(0x9DEF,0x3CAF,0xB939,0x277A)
};
static BIGNUM bn_group_1536 = {
bn_group_1536_value,
@@ -61,38 +61,38 @@ static BIGNUM bn_group_1536 = {
};
static BN_ULONG bn_group_2048_value[] = {
bn_pack4(0FA7,111F,9E4A,FF73),
bn_pack4(9B65,E372,FCD6,8EF2),
bn_pack4(35DE,236D,525F,5475),
bn_pack4(94B5,C803,D89F,7AE4),
bn_pack4(71AE,35F8,E9DB,FBB6),
bn_pack4(2A56,98F3,A8D0,C382),
bn_pack4(9CCC,041C,7BC3,08D8),
bn_pack4(AF87,4E73,03CE,5329),
bn_pack4(6160,2790,04E5,7AE6),
bn_pack4(032C,FBDB,F52F,B378),
bn_pack4(5EA7,7A27,75D2,ECFA),
bn_pack4(5445,23B5,24B0,D57D),
bn_pack4(5B9D,32E6,88F8,7748),
bn_pack4(F1D2,B907,8717,461A),
bn_pack4(76BD,207A,436C,6481),
bn_pack4(CA97,B43A,23FB,8016),
bn_pack4(1D28,1E44,6B14,773B),
bn_pack4(7359,D041,D5C3,3EA7),
bn_pack4(A80D,740A,DBF4,FF74),
bn_pack4(55F9,7993,EC97,5EEA),
bn_pack4(2918,A996,2F0B,93B8),
bn_pack4(661A,05FB,D5FA,AAE8),
bn_pack4(CF60,9517,9A16,3AB3),
bn_pack4(E808,3969,EDB7,67B0),
bn_pack4(CD7F,48A9,DA04,FD50),
bn_pack4(D523,12AB,4B03,310D),
bn_pack4(8193,E075,7767,A13D),
bn_pack4(A373,29CB,B4A0,99ED),
bn_pack4(FC31,9294,3DB5,6050),
bn_pack4(AF72,B665,1987,EE07),
bn_pack4(F166,DE5E,1389,582F),
bn_pack4(AC6B,DB41,324A,9A9B)
bn_pack4(0x0FA7,0x111F,0x9E4A,0xFF73),
bn_pack4(0x9B65,0xE372,0xFCD6,0x8EF2),
bn_pack4(0x35DE,0x236D,0x525F,0x5475),
bn_pack4(0x94B5,0xC803,0xD89F,0x7AE4),
bn_pack4(0x71AE,0x35F8,0xE9DB,0xFBB6),
bn_pack4(0x2A56,0x98F3,0xA8D0,0xC382),
bn_pack4(0x9CCC,0x041C,0x7BC3,0x08D8),
bn_pack4(0xAF87,0x4E73,0x03CE,0x5329),
bn_pack4(0x6160,0x2790,0x04E5,0x7AE6),
bn_pack4(0x032C,0xFBDB,0xF52F,0xB378),
bn_pack4(0x5EA7,0x7A27,0x75D2,0xECFA),
bn_pack4(0x5445,0x23B5,0x24B0,0xD57D),
bn_pack4(0x5B9D,0x32E6,0x88F8,0x7748),
bn_pack4(0xF1D2,0xB907,0x8717,0x461A),
bn_pack4(0x76BD,0x207A,0x436C,0x6481),
bn_pack4(0xCA97,0xB43A,0x23FB,0x8016),
bn_pack4(0x1D28,0x1E44,0x6B14,0x773B),
bn_pack4(0x7359,0xD041,0xD5C3,0x3EA7),
bn_pack4(0xA80D,0x740A,0xDBF4,0xFF74),
bn_pack4(0x55F9,0x7993,0xEC97,0x5EEA),
bn_pack4(0x2918,0xA996,0x2F0B,0x93B8),
bn_pack4(0x661A,0x05FB,0xD5FA,0xAAE8),
bn_pack4(0xCF60,0x9517,0x9A16,0x3AB3),
bn_pack4(0xE808,0x3969,0xEDB7,0x67B0),
bn_pack4(0xCD7F,0x48A9,0xDA04,0xFD50),
bn_pack4(0xD523,0x12AB,0x4B03,0x310D),
bn_pack4(0x8193,0xE075,0x7767,0xA13D),
bn_pack4(0xA373,0x29CB,0xB4A0,0x99ED),
bn_pack4(0xFC31,0x9294,0x3DB5,0x6050),
bn_pack4(0xAF72,0xB665,0x1987,0xEE07),
bn_pack4(0xF166,0xDE5E,0x1389,0x582F),
bn_pack4(0xAC6B,0xDB41,0x324A,0x9A9B)
};
static BIGNUM bn_group_2048 = {
bn_group_2048_value,
@@ -103,54 +103,54 @@ static BIGNUM bn_group_2048 = {
};
static BN_ULONG bn_group_3072_value[] = {
bn_pack4(FFFF,FFFF,FFFF,FFFF),
bn_pack4(4B82,D120,A93A,D2CA),
bn_pack4(43DB,5BFC,E0FD,108E),
bn_pack4(08E2,4FA0,74E5,AB31),
bn_pack4(7709,88C0,BAD9,46E2),
bn_pack4(BBE1,1757,7A61,5D6C),
bn_pack4(521F,2B18,177B,200C),
bn_pack4(D876,0273,3EC8,6A64),
bn_pack4(F12F,FA06,D98A,0864),
bn_pack4(CEE3,D226,1AD2,EE6B),
bn_pack4(1E8C,94E0,4A25,619D),
bn_pack4(ABF5,AE8C,DB09,33D7),
bn_pack4(B397,0F85,A6E1,E4C7),
bn_pack4(8AEA,7157,5D06,0C7D),
bn_pack4(ECFB,8504,58DB,EF0A),
bn_pack4(A855,21AB,DF1C,BA64),
bn_pack4(AD33,170D,0450,7A33),
bn_pack4(1572,8E5A,8AAA,C42D),
bn_pack4(15D2,2618,98FA,0510),
bn_pack4(3995,497C,EA95,6AE5),
bn_pack4(DE2B,CBF6,9558,1718),
bn_pack4(B5C5,5DF0,6F4C,52C9),
bn_pack4(9B27,83A2,EC07,A28F),
bn_pack4(E39E,772C,180E,8603),
bn_pack4(3290,5E46,2E36,CE3B),
bn_pack4(F174,6C08,CA18,217C),
bn_pack4(670C,354E,4ABC,9804),
bn_pack4(9ED5,2907,7096,966D),
bn_pack4(1C62,F356,2085,52BB),
bn_pack4(8365,5D23,DCA3,AD96),
bn_pack4(6916,3FA8,FD24,CF5F),
bn_pack4(98DA,4836,1C55,D39A),
bn_pack4(C200,7CB8,A163,BF05),
bn_pack4(4928,6651,ECE4,5B3D),
bn_pack4(AE9F,2411,7C4B,1FE6),
bn_pack4(EE38,6BFB,5A89,9FA5),
bn_pack4(0BFF,5CB6,F406,B7ED),
bn_pack4(F44C,42E9,A637,ED6B),
bn_pack4(E485,B576,625E,7EC6),
bn_pack4(4FE1,356D,6D51,C245),
bn_pack4(302B,0A6D,F25F,1437),
bn_pack4(EF95,19B3,CD3A,431B),
bn_pack4(514A,0879,8E34,04DD),
bn_pack4(020B,BEA6,3B13,9B22),
bn_pack4(2902,4E08,8A67,CC74),
bn_pack4(C4C6,628B,80DC,1CD1),
bn_pack4(C90F,DAA2,2168,C234),
bn_pack4(FFFF,FFFF,FFFF,FFFF)
bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF),
bn_pack4(0x4B82,0xD120,0xA93A,0xD2CA),
bn_pack4(0x43DB,0x5BFC,0xE0FD,0x108E),
bn_pack4(0x08E2,0x4FA0,0x74E5,0xAB31),
bn_pack4(0x7709,0x88C0,0xBAD9,0x46E2),
bn_pack4(0xBBE1,0x1757,0x7A61,0x5D6C),
bn_pack4(0x521F,0x2B18,0x177B,0x200C),
bn_pack4(0xD876,0x0273,0x3EC8,0x6A64),
bn_pack4(0xF12F,0xFA06,0xD98A,0x0864),
bn_pack4(0xCEE3,0xD226,0x1AD2,0xEE6B),
bn_pack4(0x1E8C,0x94E0,0x4A25,0x619D),
bn_pack4(0xABF5,0xAE8C,0xDB09,0x33D7),
bn_pack4(0xB397,0x0F85,0xA6E1,0xE4C7),
bn_pack4(0x8AEA,0x7157,0x5D06,0x0C7D),
bn_pack4(0xECFB,0x8504,0x58DB,0xEF0A),
bn_pack4(0xA855,0x21AB,0xDF1C,0xBA64),
bn_pack4(0xAD33,0x170D,0x0450,0x7A33),
bn_pack4(0x1572,0x8E5A,0x8AAA,0xC42D),
bn_pack4(0x15D2,0x2618,0x98FA,0x0510),
bn_pack4(0x3995,0x497C,0xEA95,0x6AE5),
bn_pack4(0xDE2B,0xCBF6,0x9558,0x1718),
bn_pack4(0xB5C5,0x5DF0,0x6F4C,0x52C9),
bn_pack4(0x9B27,0x83A2,0xEC07,0xA28F),
bn_pack4(0xE39E,0x772C,0x180E,0x8603),
bn_pack4(0x3290,0x5E46,0x2E36,0xCE3B),
bn_pack4(0xF174,0x6C08,0xCA18,0x217C),
bn_pack4(0x670C,0x354E,0x4ABC,0x9804),
bn_pack4(0x9ED5,0x2907,0x7096,0x966D),
bn_pack4(0x1C62,0xF356,0x2085,0x52BB),
bn_pack4(0x8365,0x5D23,0xDCA3,0xAD96),
bn_pack4(0x6916,0x3FA8,0xFD24,0xCF5F),
bn_pack4(0x98DA,0x4836,0x1C55,0xD39A),
bn_pack4(0xC200,0x7CB8,0xA163,0xBF05),
bn_pack4(0x4928,0x6651,0xECE4,0x5B3D),
bn_pack4(0xAE9F,0x2411,0x7C4B,0x1FE6),
bn_pack4(0xEE38,0x6BFB,0x5A89,0x9FA5),
bn_pack4(0x0BFF,0x5CB6,0xF406,0xB7ED),
bn_pack4(0xF44C,0x42E9,0xA637,0xED6B),
bn_pack4(0xE485,0xB576,0x625E,0x7EC6),
bn_pack4(0x4FE1,0x356D,0x6D51,0xC245),
bn_pack4(0x302B,0x0A6D,0xF25F,0x1437),
bn_pack4(0xEF95,0x19B3,0xCD3A,0x431B),
bn_pack4(0x514A,0x0879,0x8E34,0x04DD),
bn_pack4(0x020B,0xBEA6,0x3B13,0x9B22),
bn_pack4(0x2902,0x4E08,0x8A67,0xCC74),
bn_pack4(0xC4C6,0x628B,0x80DC,0x1CD1),
bn_pack4(0xC90F,0xDAA2,0x2168,0xC234),
bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF)
};
static BIGNUM bn_group_3072 = {
bn_group_3072_value,
@@ -161,70 +161,70 @@ static BIGNUM bn_group_3072 = {
};
static BN_ULONG bn_group_4096_value[] = {
bn_pack4(FFFF,FFFF,FFFF,FFFF),
bn_pack4(4DF4,35C9,3406,3199),
bn_pack4(86FF,B7DC,90A6,C08F),
bn_pack4(93B4,EA98,8D8F,DDC1),
bn_pack4(D006,9127,D5B0,5AA9),
bn_pack4(B81B,DD76,2170,481C),
bn_pack4(1F61,2970,CEE2,D7AF),
bn_pack4(233B,A186,515B,E7ED),
bn_pack4(99B2,964F,A090,C3A2),
bn_pack4(287C,5947,4E6B,C05D),
bn_pack4(2E8E,FC14,1FBE,CAA6),
bn_pack4(DBBB,C2DB,04DE,8EF9),
bn_pack4(2583,E9CA,2AD4,4CE8),
bn_pack4(1A94,6834,B615,0BDA),
bn_pack4(99C3,2718,6AF4,E23C),
bn_pack4(8871,9A10,BDBA,5B26),
bn_pack4(1A72,3C12,A787,E6D7),
bn_pack4(4B82,D120,A921,0801),
bn_pack4(43DB,5BFC,E0FD,108E),
bn_pack4(08E2,4FA0,74E5,AB31),
bn_pack4(7709,88C0,BAD9,46E2),
bn_pack4(BBE1,1757,7A61,5D6C),
bn_pack4(521F,2B18,177B,200C),
bn_pack4(D876,0273,3EC8,6A64),
bn_pack4(F12F,FA06,D98A,0864),
bn_pack4(CEE3,D226,1AD2,EE6B),
bn_pack4(1E8C,94E0,4A25,619D),
bn_pack4(ABF5,AE8C,DB09,33D7),
bn_pack4(B397,0F85,A6E1,E4C7),
bn_pack4(8AEA,7157,5D06,0C7D),
bn_pack4(ECFB,8504,58DB,EF0A),
bn_pack4(A855,21AB,DF1C,BA64),
bn_pack4(AD33,170D,0450,7A33),
bn_pack4(1572,8E5A,8AAA,C42D),
bn_pack4(15D2,2618,98FA,0510),
bn_pack4(3995,497C,EA95,6AE5),
bn_pack4(DE2B,CBF6,9558,1718),
bn_pack4(B5C5,5DF0,6F4C,52C9),
bn_pack4(9B27,83A2,EC07,A28F),
bn_pack4(E39E,772C,180E,8603),
bn_pack4(3290,5E46,2E36,CE3B),
bn_pack4(F174,6C08,CA18,217C),
bn_pack4(670C,354E,4ABC,9804),
bn_pack4(9ED5,2907,7096,966D),
bn_pack4(1C62,F356,2085,52BB),
bn_pack4(8365,5D23,DCA3,AD96),
bn_pack4(6916,3FA8,FD24,CF5F),
bn_pack4(98DA,4836,1C55,D39A),
bn_pack4(C200,7CB8,A163,BF05),
bn_pack4(4928,6651,ECE4,5B3D),
bn_pack4(AE9F,2411,7C4B,1FE6),
bn_pack4(EE38,6BFB,5A89,9FA5),
bn_pack4(0BFF,5CB6,F406,B7ED),
bn_pack4(F44C,42E9,A637,ED6B),
bn_pack4(E485,B576,625E,7EC6),
bn_pack4(4FE1,356D,6D51,C245),
bn_pack4(302B,0A6D,F25F,1437),
bn_pack4(EF95,19B3,CD3A,431B),
bn_pack4(514A,0879,8E34,04DD),
bn_pack4(020B,BEA6,3B13,9B22),
bn_pack4(2902,4E08,8A67,CC74),
bn_pack4(C4C6,628B,80DC,1CD1),
bn_pack4(C90F,DAA2,2168,C234),
bn_pack4(FFFF,FFFF,FFFF,FFFF)
bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF),
bn_pack4(0x4DF4,0x35C9,0x3406,0x3199),
bn_pack4(0x86FF,0xB7DC,0x90A6,0xC08F),
bn_pack4(0x93B4,0xEA98,0x8D8F,0xDDC1),
bn_pack4(0xD006,0x9127,0xD5B0,0x5AA9),
bn_pack4(0xB81B,0xDD76,0x2170,0x481C),
bn_pack4(0x1F61,0x2970,0xCEE2,0xD7AF),
bn_pack4(0x233B,0xA186,0x515B,0xE7ED),
bn_pack4(0x99B2,0x964F,0xA090,0xC3A2),
bn_pack4(0x287C,0x5947,0x4E6B,0xC05D),
bn_pack4(0x2E8E,0xFC14,0x1FBE,0xCAA6),
bn_pack4(0xDBBB,0xC2DB,0x04DE,0x8EF9),
bn_pack4(0x2583,0xE9CA,0x2AD4,0x4CE8),
bn_pack4(0x1A94,0x6834,0xB615,0x0BDA),
bn_pack4(0x99C3,0x2718,0x6AF4,0xE23C),
bn_pack4(0x8871,0x9A10,0xBDBA,0x5B26),
bn_pack4(0x1A72,0x3C12,0xA787,0xE6D7),
bn_pack4(0x4B82,0xD120,0xA921,0x0801),
bn_pack4(0x43DB,0x5BFC,0xE0FD,0x108E),
bn_pack4(0x08E2,0x4FA0,0x74E5,0xAB31),
bn_pack4(0x7709,0x88C0,0xBAD9,0x46E2),
bn_pack4(0xBBE1,0x1757,0x7A61,0x5D6C),
bn_pack4(0x521F,0x2B18,0x177B,0x200C),
bn_pack4(0xD876,0x0273,0x3EC8,0x6A64),
bn_pack4(0xF12F,0xFA06,0xD98A,0x0864),
bn_pack4(0xCEE3,0xD226,0x1AD2,0xEE6B),
bn_pack4(0x1E8C,0x94E0,0x4A25,0x619D),
bn_pack4(0xABF5,0xAE8C,0xDB09,0x33D7),
bn_pack4(0xB397,0x0F85,0xA6E1,0xE4C7),
bn_pack4(0x8AEA,0x7157,0x5D06,0x0C7D),
bn_pack4(0xECFB,0x8504,0x58DB,0xEF0A),
bn_pack4(0xA855,0x21AB,0xDF1C,0xBA64),
bn_pack4(0xAD33,0x170D,0x0450,0x7A33),
bn_pack4(0x1572,0x8E5A,0x8AAA,0xC42D),
bn_pack4(0x15D2,0x2618,0x98FA,0x0510),
bn_pack4(0x3995,0x497C,0xEA95,0x6AE5),
bn_pack4(0xDE2B,0xCBF6,0x9558,0x1718),
bn_pack4(0xB5C5,0x5DF0,0x6F4C,0x52C9),
bn_pack4(0x9B27,0x83A2,0xEC07,0xA28F),
bn_pack4(0xE39E,0x772C,0x180E,0x8603),
bn_pack4(0x3290,0x5E46,0x2E36,0xCE3B),
bn_pack4(0xF174,0x6C08,0xCA18,0x217C),
bn_pack4(0x670C,0x354E,0x4ABC,0x9804),
bn_pack4(0x9ED5,0x2907,0x7096,0x966D),
bn_pack4(0x1C62,0xF356,0x2085,0x52BB),
bn_pack4(0x8365,0x5D23,0xDCA3,0xAD96),
bn_pack4(0x6916,0x3FA8,0xFD24,0xCF5F),
bn_pack4(0x98DA,0x4836,0x1C55,0xD39A),
bn_pack4(0xC200,0x7CB8,0xA163,0xBF05),
bn_pack4(0x4928,0x6651,0xECE4,0x5B3D),
bn_pack4(0xAE9F,0x2411,0x7C4B,0x1FE6),
bn_pack4(0xEE38,0x6BFB,0x5A89,0x9FA5),
bn_pack4(0x0BFF,0x5CB6,0xF406,0xB7ED),
bn_pack4(0xF44C,0x42E9,0xA637,0xED6B),
bn_pack4(0xE485,0xB576,0x625E,0x7EC6),
bn_pack4(0x4FE1,0x356D,0x6D51,0xC245),
bn_pack4(0x302B,0x0A6D,0xF25F,0x1437),
bn_pack4(0xEF95,0x19B3,0xCD3A,0x431B),
bn_pack4(0x514A,0x0879,0x8E34,0x04DD),
bn_pack4(0x020B,0xBEA6,0x3B13,0x9B22),
bn_pack4(0x2902,0x4E08,0x8A67,0xCC74),
bn_pack4(0xC4C6,0x628B,0x80DC,0x1CD1),
bn_pack4(0xC90F,0xDAA2,0x2168,0xC234),
bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF)
};
static BIGNUM bn_group_4096 = {
bn_group_4096_value,
@@ -235,102 +235,102 @@ static BIGNUM bn_group_4096 = {
};
static BN_ULONG bn_group_6144_value[] = {
bn_pack4(FFFF,FFFF,FFFF,FFFF),
bn_pack4(E694,F91E,6DCC,4024),
bn_pack4(12BF,2D5B,0B74,74D6),
bn_pack4(043E,8F66,3F48,60EE),
bn_pack4(387F,E8D7,6E3C,0468),
bn_pack4(DA56,C9EC,2EF2,9632),
bn_pack4(EB19,CCB1,A313,D55C),
bn_pack4(F550,AA3D,8A1F,BFF0),
bn_pack4(06A1,D58B,B7C5,DA76),
bn_pack4(A797,15EE,F29B,E328),
bn_pack4(14CC,5ED2,0F80,37E0),
bn_pack4(CC8F,6D7E,BF48,E1D8),
bn_pack4(4BD4,07B2,2B41,54AA),
bn_pack4(0F1D,45B7,FF58,5AC5),
bn_pack4(23A9,7A7E,36CC,88BE),
bn_pack4(59E7,C97F,BEC7,E8F3),
bn_pack4(B5A8,4031,900B,1C9E),
bn_pack4(D55E,702F,4698,0C82),
bn_pack4(F482,D7CE,6E74,FEF6),
bn_pack4(F032,EA15,D172,1D03),
bn_pack4(5983,CA01,C64B,92EC),
bn_pack4(6FB8,F401,378C,D2BF),
bn_pack4(3320,5151,2BD7,AF42),
bn_pack4(DB7F,1447,E6CC,254B),
bn_pack4(44CE,6CBA,CED4,BB1B),
bn_pack4(DA3E,DBEB,CF9B,14ED),
bn_pack4(1797,27B0,865A,8918),
bn_pack4(B06A,53ED,9027,D831),
bn_pack4(E5DB,382F,4130,01AE),
bn_pack4(F8FF,9406,AD9E,530E),
bn_pack4(C975,1E76,3DBA,37BD),
bn_pack4(C1D4,DCB2,6026,46DE),
bn_pack4(36C3,FAB4,D27C,7026),
bn_pack4(4DF4,35C9,3402,8492),
bn_pack4(86FF,B7DC,90A6,C08F),
bn_pack4(93B4,EA98,8D8F,DDC1),
bn_pack4(D006,9127,D5B0,5AA9),
bn_pack4(B81B,DD76,2170,481C),
bn_pack4(1F61,2970,CEE2,D7AF),
bn_pack4(233B,A186,515B,E7ED),
bn_pack4(99B2,964F,A090,C3A2),
bn_pack4(287C,5947,4E6B,C05D),
bn_pack4(2E8E,FC14,1FBE,CAA6),
bn_pack4(DBBB,C2DB,04DE,8EF9),
bn_pack4(2583,E9CA,2AD4,4CE8),
bn_pack4(1A94,6834,B615,0BDA),
bn_pack4(99C3,2718,6AF4,E23C),
bn_pack4(8871,9A10,BDBA,5B26),
bn_pack4(1A72,3C12,A787,E6D7),
bn_pack4(4B82,D120,A921,0801),
bn_pack4(43DB,5BFC,E0FD,108E),
bn_pack4(08E2,4FA0,74E5,AB31),
bn_pack4(7709,88C0,BAD9,46E2),
bn_pack4(BBE1,1757,7A61,5D6C),
bn_pack4(521F,2B18,177B,200C),
bn_pack4(D876,0273,3EC8,6A64),
bn_pack4(F12F,FA06,D98A,0864),
bn_pack4(CEE3,D226,1AD2,EE6B),
bn_pack4(1E8C,94E0,4A25,619D),
bn_pack4(ABF5,AE8C,DB09,33D7),
bn_pack4(B397,0F85,A6E1,E4C7),
bn_pack4(8AEA,7157,5D06,0C7D),
bn_pack4(ECFB,8504,58DB,EF0A),
bn_pack4(A855,21AB,DF1C,BA64),
bn_pack4(AD33,170D,0450,7A33),
bn_pack4(1572,8E5A,8AAA,C42D),
bn_pack4(15D2,2618,98FA,0510),
bn_pack4(3995,497C,EA95,6AE5),
bn_pack4(DE2B,CBF6,9558,1718),
bn_pack4(B5C5,5DF0,6F4C,52C9),
bn_pack4(9B27,83A2,EC07,A28F),
bn_pack4(E39E,772C,180E,8603),
bn_pack4(3290,5E46,2E36,CE3B),
bn_pack4(F174,6C08,CA18,217C),
bn_pack4(670C,354E,4ABC,9804),
bn_pack4(9ED5,2907,7096,966D),
bn_pack4(1C62,F356,2085,52BB),
bn_pack4(8365,5D23,DCA3,AD96),
bn_pack4(6916,3FA8,FD24,CF5F),
bn_pack4(98DA,4836,1C55,D39A),
bn_pack4(C200,7CB8,A163,BF05),
bn_pack4(4928,6651,ECE4,5B3D),
bn_pack4(AE9F,2411,7C4B,1FE6),
bn_pack4(EE38,6BFB,5A89,9FA5),
bn_pack4(0BFF,5CB6,F406,B7ED),
bn_pack4(F44C,42E9,A637,ED6B),
bn_pack4(E485,B576,625E,7EC6),
bn_pack4(4FE1,356D,6D51,C245),
bn_pack4(302B,0A6D,F25F,1437),
bn_pack4(EF95,19B3,CD3A,431B),
bn_pack4(514A,0879,8E34,04DD),
bn_pack4(020B,BEA6,3B13,9B22),
bn_pack4(2902,4E08,8A67,CC74),
bn_pack4(C4C6,628B,80DC,1CD1),
bn_pack4(C90F,DAA2,2168,C234),
bn_pack4(FFFF,FFFF,FFFF,FFFF)
bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF),
bn_pack4(0xE694,0xF91E,0x6DCC,0x4024),
bn_pack4(0x12BF,0x2D5B,0x0B74,0x74D6),
bn_pack4(0x043E,0x8F66,0x3F48,0x60EE),
bn_pack4(0x387F,0xE8D7,0x6E3C,0x0468),
bn_pack4(0xDA56,0xC9EC,0x2EF2,0x9632),
bn_pack4(0xEB19,0xCCB1,0xA313,0xD55C),
bn_pack4(0xF550,0xAA3D,0x8A1F,0xBFF0),
bn_pack4(0x06A1,0xD58B,0xB7C5,0xDA76),
bn_pack4(0xA797,0x15EE,0xF29B,0xE328),
bn_pack4(0x14CC,0x5ED2,0x0F80,0x37E0),
bn_pack4(0xCC8F,0x6D7E,0xBF48,0xE1D8),
bn_pack4(0x4BD4,0x07B2,0x2B41,0x54AA),
bn_pack4(0x0F1D,0x45B7,0xFF58,0x5AC5),
bn_pack4(0x23A9,0x7A7E,0x36CC,0x88BE),
bn_pack4(0x59E7,0xC97F,0xBEC7,0xE8F3),
bn_pack4(0xB5A8,0x4031,0x900B,0x1C9E),
bn_pack4(0xD55E,0x702F,0x4698,0x0C82),
bn_pack4(0xF482,0xD7CE,0x6E74,0xFEF6),
bn_pack4(0xF032,0xEA15,0xD172,0x1D03),
bn_pack4(0x5983,0xCA01,0xC64B,0x92EC),
bn_pack4(0x6FB8,0xF401,0x378C,0xD2BF),
bn_pack4(0x3320,0x5151,0x2BD7,0xAF42),
bn_pack4(0xDB7F,0x1447,0xE6CC,0x254B),
bn_pack4(0x44CE,0x6CBA,0xCED4,0xBB1B),
bn_pack4(0xDA3E,0xDBEB,0xCF9B,0x14ED),
bn_pack4(0x1797,0x27B0,0x865A,0x8918),
bn_pack4(0xB06A,0x53ED,0x9027,0xD831),
bn_pack4(0xE5DB,0x382F,0x4130,0x01AE),
bn_pack4(0xF8FF,0x9406,0xAD9E,0x530E),
bn_pack4(0xC975,0x1E76,0x3DBA,0x37BD),
bn_pack4(0xC1D4,0xDCB2,0x6026,0x46DE),
bn_pack4(0x36C3,0xFAB4,0xD27C,0x7026),
bn_pack4(0x4DF4,0x35C9,0x3402,0x8492),
bn_pack4(0x86FF,0xB7DC,0x90A6,0xC08F),
bn_pack4(0x93B4,0xEA98,0x8D8F,0xDDC1),
bn_pack4(0xD006,0x9127,0xD5B0,0x5AA9),
bn_pack4(0xB81B,0xDD76,0x2170,0x481C),
bn_pack4(0x1F61,0x2970,0xCEE2,0xD7AF),
bn_pack4(0x233B,0xA186,0x515B,0xE7ED),
bn_pack4(0x99B2,0x964F,0xA090,0xC3A2),
bn_pack4(0x287C,0x5947,0x4E6B,0xC05D),
bn_pack4(0x2E8E,0xFC14,0x1FBE,0xCAA6),
bn_pack4(0xDBBB,0xC2DB,0x04DE,0x8EF9),
bn_pack4(0x2583,0xE9CA,0x2AD4,0x4CE8),
bn_pack4(0x1A94,0x6834,0xB615,0x0BDA),
bn_pack4(0x99C3,0x2718,0x6AF4,0xE23C),
bn_pack4(0x8871,0x9A10,0xBDBA,0x5B26),
bn_pack4(0x1A72,0x3C12,0xA787,0xE6D7),
bn_pack4(0x4B82,0xD120,0xA921,0x0801),
bn_pack4(0x43DB,0x5BFC,0xE0FD,0x108E),
bn_pack4(0x08E2,0x4FA0,0x74E5,0xAB31),
bn_pack4(0x7709,0x88C0,0xBAD9,0x46E2),
bn_pack4(0xBBE1,0x1757,0x7A61,0x5D6C),
bn_pack4(0x521F,0x2B18,0x177B,0x200C),
bn_pack4(0xD876,0x0273,0x3EC8,0x6A64),
bn_pack4(0xF12F,0xFA06,0xD98A,0x0864),
bn_pack4(0xCEE3,0xD226,0x1AD2,0xEE6B),
bn_pack4(0x1E8C,0x94E0,0x4A25,0x619D),
bn_pack4(0xABF5,0xAE8C,0xDB09,0x33D7),
bn_pack4(0xB397,0x0F85,0xA6E1,0xE4C7),
bn_pack4(0x8AEA,0x7157,0x5D06,0x0C7D),
bn_pack4(0xECFB,0x8504,0x58DB,0xEF0A),
bn_pack4(0xA855,0x21AB,0xDF1C,0xBA64),
bn_pack4(0xAD33,0x170D,0x0450,0x7A33),
bn_pack4(0x1572,0x8E5A,0x8AAA,0xC42D),
bn_pack4(0x15D2,0x2618,0x98FA,0x0510),
bn_pack4(0x3995,0x497C,0xEA95,0x6AE5),
bn_pack4(0xDE2B,0xCBF6,0x9558,0x1718),
bn_pack4(0xB5C5,0x5DF0,0x6F4C,0x52C9),
bn_pack4(0x9B27,0x83A2,0xEC07,0xA28F),
bn_pack4(0xE39E,0x772C,0x180E,0x8603),
bn_pack4(0x3290,0x5E46,0x2E36,0xCE3B),
bn_pack4(0xF174,0x6C08,0xCA18,0x217C),
bn_pack4(0x670C,0x354E,0x4ABC,0x9804),
bn_pack4(0x9ED5,0x2907,0x7096,0x966D),
bn_pack4(0x1C62,0xF356,0x2085,0x52BB),
bn_pack4(0x8365,0x5D23,0xDCA3,0xAD96),
bn_pack4(0x6916,0x3FA8,0xFD24,0xCF5F),
bn_pack4(0x98DA,0x4836,0x1C55,0xD39A),
bn_pack4(0xC200,0x7CB8,0xA163,0xBF05),
bn_pack4(0x4928,0x6651,0xECE4,0x5B3D),
bn_pack4(0xAE9F,0x2411,0x7C4B,0x1FE6),
bn_pack4(0xEE38,0x6BFB,0x5A89,0x9FA5),
bn_pack4(0x0BFF,0x5CB6,0xF406,0xB7ED),
bn_pack4(0xF44C,0x42E9,0xA637,0xED6B),
bn_pack4(0xE485,0xB576,0x625E,0x7EC6),
bn_pack4(0x4FE1,0x356D,0x6D51,0xC245),
bn_pack4(0x302B,0x0A6D,0xF25F,0x1437),
bn_pack4(0xEF95,0x19B3,0xCD3A,0x431B),
bn_pack4(0x514A,0x0879,0x8E34,0x04DD),
bn_pack4(0x020B,0xBEA6,0x3B13,0x9B22),
bn_pack4(0x2902,0x4E08,0x8A67,0xCC74),
bn_pack4(0xC4C6,0x628B,0x80DC,0x1CD1),
bn_pack4(0xC90F,0xDAA2,0x2168,0xC234),
bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF)
};
static BIGNUM bn_group_6144 = {
bn_group_6144_value,
@@ -341,134 +341,134 @@ static BIGNUM bn_group_6144 = {
};
static BN_ULONG bn_group_8192_value[] = {
bn_pack4(FFFF,FFFF,FFFF,FFFF),
bn_pack4(60C9,80DD,98ED,D3DF),
bn_pack4(C81F,56E8,80B9,6E71),
bn_pack4(9E30,50E2,7656,94DF),
bn_pack4(9558,E447,5677,E9AA),
bn_pack4(C919,0DA6,FC02,6E47),
bn_pack4(889A,002E,D5EE,382B),
bn_pack4(4009,438B,481C,6CD7),
bn_pack4(3590,46F4,EB87,9F92),
bn_pack4(FAF3,6BC3,1ECF,A268),
bn_pack4(B1D5,10BD,7EE7,4D73),
bn_pack4(F9AB,4819,5DED,7EA1),
bn_pack4(64F3,1CC5,0846,851D),
bn_pack4(4597,E899,A025,5DC1),
bn_pack4(DF31,0EE0,74AB,6A36),
bn_pack4(6D2A,13F8,3F44,F82D),
bn_pack4(062B,3CF5,B3A2,78A6),
bn_pack4(7968,3303,ED5B,DD3A),
bn_pack4(FA9D,4B7F,A2C0,87E8),
bn_pack4(4BCB,C886,2F83,85DD),
bn_pack4(3473,FC64,6CEA,306B),
bn_pack4(13EB,57A8,1A23,F0C7),
bn_pack4(2222,2E04,A403,7C07),
bn_pack4(E3FD,B8BE,FC84,8AD9),
bn_pack4(238F,16CB,E39D,652D),
bn_pack4(3423,B474,2BF1,C978),
bn_pack4(3AAB,639C,5AE4,F568),
bn_pack4(2576,F693,6BA4,2466),
bn_pack4(741F,A7BF,8AFC,47ED),
bn_pack4(3BC8,32B6,8D9D,D300),
bn_pack4(D8BE,C4D0,73B9,31BA),
bn_pack4(3877,7CB6,A932,DF8C),
bn_pack4(74A3,926F,12FE,E5E4),
bn_pack4(E694,F91E,6DBE,1159),
bn_pack4(12BF,2D5B,0B74,74D6),
bn_pack4(043E,8F66,3F48,60EE),
bn_pack4(387F,E8D7,6E3C,0468),
bn_pack4(DA56,C9EC,2EF2,9632),
bn_pack4(EB19,CCB1,A313,D55C),
bn_pack4(F550,AA3D,8A1F,BFF0),
bn_pack4(06A1,D58B,B7C5,DA76),
bn_pack4(A797,15EE,F29B,E328),
bn_pack4(14CC,5ED2,0F80,37E0),
bn_pack4(CC8F,6D7E,BF48,E1D8),
bn_pack4(4BD4,07B2,2B41,54AA),
bn_pack4(0F1D,45B7,FF58,5AC5),
bn_pack4(23A9,7A7E,36CC,88BE),
bn_pack4(59E7,C97F,BEC7,E8F3),
bn_pack4(B5A8,4031,900B,1C9E),
bn_pack4(D55E,702F,4698,0C82),
bn_pack4(F482,D7CE,6E74,FEF6),
bn_pack4(F032,EA15,D172,1D03),
bn_pack4(5983,CA01,C64B,92EC),
bn_pack4(6FB8,F401,378C,D2BF),
bn_pack4(3320,5151,2BD7,AF42),
bn_pack4(DB7F,1447,E6CC,254B),
bn_pack4(44CE,6CBA,CED4,BB1B),
bn_pack4(DA3E,DBEB,CF9B,14ED),
bn_pack4(1797,27B0,865A,8918),
bn_pack4(B06A,53ED,9027,D831),
bn_pack4(E5DB,382F,4130,01AE),
bn_pack4(F8FF,9406,AD9E,530E),
bn_pack4(C975,1E76,3DBA,37BD),
bn_pack4(C1D4,DCB2,6026,46DE),
bn_pack4(36C3,FAB4,D27C,7026),
bn_pack4(4DF4,35C9,3402,8492),
bn_pack4(86FF,B7DC,90A6,C08F),
bn_pack4(93B4,EA98,8D8F,DDC1),
bn_pack4(D006,9127,D5B0,5AA9),
bn_pack4(B81B,DD76,2170,481C),
bn_pack4(1F61,2970,CEE2,D7AF),
bn_pack4(233B,A186,515B,E7ED),
bn_pack4(99B2,964F,A090,C3A2),
bn_pack4(287C,5947,4E6B,C05D),
bn_pack4(2E8E,FC14,1FBE,CAA6),
bn_pack4(DBBB,C2DB,04DE,8EF9),
bn_pack4(2583,E9CA,2AD4,4CE8),
bn_pack4(1A94,6834,B615,0BDA),
bn_pack4(99C3,2718,6AF4,E23C),
bn_pack4(8871,9A10,BDBA,5B26),
bn_pack4(1A72,3C12,A787,E6D7),
bn_pack4(4B82,D120,A921,0801),
bn_pack4(43DB,5BFC,E0FD,108E),
bn_pack4(08E2,4FA0,74E5,AB31),
bn_pack4(7709,88C0,BAD9,46E2),
bn_pack4(BBE1,1757,7A61,5D6C),
bn_pack4(521F,2B18,177B,200C),
bn_pack4(D876,0273,3EC8,6A64),
bn_pack4(F12F,FA06,D98A,0864),
bn_pack4(CEE3,D226,1AD2,EE6B),
bn_pack4(1E8C,94E0,4A25,619D),
bn_pack4(ABF5,AE8C,DB09,33D7),
bn_pack4(B397,0F85,A6E1,E4C7),
bn_pack4(8AEA,7157,5D06,0C7D),
bn_pack4(ECFB,8504,58DB,EF0A),
bn_pack4(A855,21AB,DF1C,BA64),
bn_pack4(AD33,170D,0450,7A33),
bn_pack4(1572,8E5A,8AAA,C42D),
bn_pack4(15D2,2618,98FA,0510),
bn_pack4(3995,497C,EA95,6AE5),
bn_pack4(DE2B,CBF6,9558,1718),
bn_pack4(B5C5,5DF0,6F4C,52C9),
bn_pack4(9B27,83A2,EC07,A28F),
bn_pack4(E39E,772C,180E,8603),
bn_pack4(3290,5E46,2E36,CE3B),
bn_pack4(F174,6C08,CA18,217C),
bn_pack4(670C,354E,4ABC,9804),
bn_pack4(9ED5,2907,7096,966D),
bn_pack4(1C62,F356,2085,52BB),
bn_pack4(8365,5D23,DCA3,AD96),
bn_pack4(6916,3FA8,FD24,CF5F),
bn_pack4(98DA,4836,1C55,D39A),
bn_pack4(C200,7CB8,A163,BF05),
bn_pack4(4928,6651,ECE4,5B3D),
bn_pack4(AE9F,2411,7C4B,1FE6),
bn_pack4(EE38,6BFB,5A89,9FA5),
bn_pack4(0BFF,5CB6,F406,B7ED),
bn_pack4(F44C,42E9,A637,ED6B),
bn_pack4(E485,B576,625E,7EC6),
bn_pack4(4FE1,356D,6D51,C245),
bn_pack4(302B,0A6D,F25F,1437),
bn_pack4(EF95,19B3,CD3A,431B),
bn_pack4(514A,0879,8E34,04DD),
bn_pack4(020B,BEA6,3B13,9B22),
bn_pack4(2902,4E08,8A67,CC74),
bn_pack4(C4C6,628B,80DC,1CD1),
bn_pack4(C90F,DAA2,2168,C234),
bn_pack4(FFFF,FFFF,FFFF,FFFF)
bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF),
bn_pack4(0x60C9,0x80DD,0x98ED,0xD3DF),
bn_pack4(0xC81F,0x56E8,0x80B9,0x6E71),
bn_pack4(0x9E30,0x50E2,0x7656,0x94DF),
bn_pack4(0x9558,0xE447,0x5677,0xE9AA),
bn_pack4(0xC919,0x0DA6,0xFC02,0x6E47),
bn_pack4(0x889A,0x002E,0xD5EE,0x382B),
bn_pack4(0x4009,0x438B,0x481C,0x6CD7),
bn_pack4(0x3590,0x46F4,0xEB87,0x9F92),
bn_pack4(0xFAF3,0x6BC3,0x1ECF,0xA268),
bn_pack4(0xB1D5,0x10BD,0x7EE7,0x4D73),
bn_pack4(0xF9AB,0x4819,0x5DED,0x7EA1),
bn_pack4(0x64F3,0x1CC5,0x0846,0x851D),
bn_pack4(0x4597,0xE899,0xA025,0x5DC1),
bn_pack4(0xDF31,0x0EE0,0x74AB,0x6A36),
bn_pack4(0x6D2A,0x13F8,0x3F44,0xF82D),
bn_pack4(0x062B,0x3CF5,0xB3A2,0x78A6),
bn_pack4(0x7968,0x3303,0xED5B,0xDD3A),
bn_pack4(0xFA9D,0x4B7F,0xA2C0,0x87E8),
bn_pack4(0x4BCB,0xC886,0x2F83,0x85DD),
bn_pack4(0x3473,0xFC64,0x6CEA,0x306B),
bn_pack4(0x13EB,0x57A8,0x1A23,0xF0C7),
bn_pack4(0x2222,0x2E04,0xA403,0x7C07),
bn_pack4(0xE3FD,0xB8BE,0xFC84,0x8AD9),
bn_pack4(0x238F,0x16CB,0xE39D,0x652D),
bn_pack4(0x3423,0xB474,0x2BF1,0xC978),
bn_pack4(0x3AAB,0x639C,0x5AE4,0xF568),
bn_pack4(0x2576,0xF693,0x6BA4,0x2466),
bn_pack4(0x741F,0xA7BF,0x8AFC,0x47ED),
bn_pack4(0x3BC8,0x32B6,0x8D9D,0xD300),
bn_pack4(0xD8BE,0xC4D0,0x73B9,0x31BA),
bn_pack4(0x3877,0x7CB6,0xA932,0xDF8C),
bn_pack4(0x74A3,0x926F,0x12FE,0xE5E4),
bn_pack4(0xE694,0xF91E,0x6DBE,0x1159),
bn_pack4(0x12BF,0x2D5B,0x0B74,0x74D6),
bn_pack4(0x043E,0x8F66,0x3F48,0x60EE),
bn_pack4(0x387F,0xE8D7,0x6E3C,0x0468),
bn_pack4(0xDA56,0xC9EC,0x2EF2,0x9632),
bn_pack4(0xEB19,0xCCB1,0xA313,0xD55C),
bn_pack4(0xF550,0xAA3D,0x8A1F,0xBFF0),
bn_pack4(0x06A1,0xD58B,0xB7C5,0xDA76),
bn_pack4(0xA797,0x15EE,0xF29B,0xE328),
bn_pack4(0x14CC,0x5ED2,0x0F80,0x37E0),
bn_pack4(0xCC8F,0x6D7E,0xBF48,0xE1D8),
bn_pack4(0x4BD4,0x07B2,0x2B41,0x54AA),
bn_pack4(0x0F1D,0x45B7,0xFF58,0x5AC5),
bn_pack4(0x23A9,0x7A7E,0x36CC,0x88BE),
bn_pack4(0x59E7,0xC97F,0xBEC7,0xE8F3),
bn_pack4(0xB5A8,0x4031,0x900B,0x1C9E),
bn_pack4(0xD55E,0x702F,0x4698,0x0C82),
bn_pack4(0xF482,0xD7CE,0x6E74,0xFEF6),
bn_pack4(0xF032,0xEA15,0xD172,0x1D03),
bn_pack4(0x5983,0xCA01,0xC64B,0x92EC),
bn_pack4(0x6FB8,0xF401,0x378C,0xD2BF),
bn_pack4(0x3320,0x5151,0x2BD7,0xAF42),
bn_pack4(0xDB7F,0x1447,0xE6CC,0x254B),
bn_pack4(0x44CE,0x6CBA,0xCED4,0xBB1B),
bn_pack4(0xDA3E,0xDBEB,0xCF9B,0x14ED),
bn_pack4(0x1797,0x27B0,0x865A,0x8918),
bn_pack4(0xB06A,0x53ED,0x9027,0xD831),
bn_pack4(0xE5DB,0x382F,0x4130,0x01AE),
bn_pack4(0xF8FF,0x9406,0xAD9E,0x530E),
bn_pack4(0xC975,0x1E76,0x3DBA,0x37BD),
bn_pack4(0xC1D4,0xDCB2,0x6026,0x46DE),
bn_pack4(0x36C3,0xFAB4,0xD27C,0x7026),
bn_pack4(0x4DF4,0x35C9,0x3402,0x8492),
bn_pack4(0x86FF,0xB7DC,0x90A6,0xC08F),
bn_pack4(0x93B4,0xEA98,0x8D8F,0xDDC1),
bn_pack4(0xD006,0x9127,0xD5B0,0x5AA9),
bn_pack4(0xB81B,0xDD76,0x2170,0x481C),
bn_pack4(0x1F61,0x2970,0xCEE2,0xD7AF),
bn_pack4(0x233B,0xA186,0x515B,0xE7ED),
bn_pack4(0x99B2,0x964F,0xA090,0xC3A2),
bn_pack4(0x287C,0x5947,0x4E6B,0xC05D),
bn_pack4(0x2E8E,0xFC14,0x1FBE,0xCAA6),
bn_pack4(0xDBBB,0xC2DB,0x04DE,0x8EF9),
bn_pack4(0x2583,0xE9CA,0x2AD4,0x4CE8),
bn_pack4(0x1A94,0x6834,0xB615,0x0BDA),
bn_pack4(0x99C3,0x2718,0x6AF4,0xE23C),
bn_pack4(0x8871,0x9A10,0xBDBA,0x5B26),
bn_pack4(0x1A72,0x3C12,0xA787,0xE6D7),
bn_pack4(0x4B82,0xD120,0xA921,0x0801),
bn_pack4(0x43DB,0x5BFC,0xE0FD,0x108E),
bn_pack4(0x08E2,0x4FA0,0x74E5,0xAB31),
bn_pack4(0x7709,0x88C0,0xBAD9,0x46E2),
bn_pack4(0xBBE1,0x1757,0x7A61,0x5D6C),
bn_pack4(0x521F,0x2B18,0x177B,0x200C),
bn_pack4(0xD876,0x0273,0x3EC8,0x6A64),
bn_pack4(0xF12F,0xFA06,0xD98A,0x0864),
bn_pack4(0xCEE3,0xD226,0x1AD2,0xEE6B),
bn_pack4(0x1E8C,0x94E0,0x4A25,0x619D),
bn_pack4(0xABF5,0xAE8C,0xDB09,0x33D7),
bn_pack4(0xB397,0x0F85,0xA6E1,0xE4C7),
bn_pack4(0x8AEA,0x7157,0x5D06,0x0C7D),
bn_pack4(0xECFB,0x8504,0x58DB,0xEF0A),
bn_pack4(0xA855,0x21AB,0xDF1C,0xBA64),
bn_pack4(0xAD33,0x170D,0x0450,0x7A33),
bn_pack4(0x1572,0x8E5A,0x8AAA,0xC42D),
bn_pack4(0x15D2,0x2618,0x98FA,0x0510),
bn_pack4(0x3995,0x497C,0xEA95,0x6AE5),
bn_pack4(0xDE2B,0xCBF6,0x9558,0x1718),
bn_pack4(0xB5C5,0x5DF0,0x6F4C,0x52C9),
bn_pack4(0x9B27,0x83A2,0xEC07,0xA28F),
bn_pack4(0xE39E,0x772C,0x180E,0x8603),
bn_pack4(0x3290,0x5E46,0x2E36,0xCE3B),
bn_pack4(0xF174,0x6C08,0xCA18,0x217C),
bn_pack4(0x670C,0x354E,0x4ABC,0x9804),
bn_pack4(0x9ED5,0x2907,0x7096,0x966D),
bn_pack4(0x1C62,0xF356,0x2085,0x52BB),
bn_pack4(0x8365,0x5D23,0xDCA3,0xAD96),
bn_pack4(0x6916,0x3FA8,0xFD24,0xCF5F),
bn_pack4(0x98DA,0x4836,0x1C55,0xD39A),
bn_pack4(0xC200,0x7CB8,0xA163,0xBF05),
bn_pack4(0x4928,0x6651,0xECE4,0x5B3D),
bn_pack4(0xAE9F,0x2411,0x7C4B,0x1FE6),
bn_pack4(0xEE38,0x6BFB,0x5A89,0x9FA5),
bn_pack4(0x0BFF,0x5CB6,0xF406,0xB7ED),
bn_pack4(0xF44C,0x42E9,0xA637,0xED6B),
bn_pack4(0xE485,0xB576,0x625E,0x7EC6),
bn_pack4(0x4FE1,0x356D,0x6D51,0xC245),
bn_pack4(0x302B,0x0A6D,0xF25F,0x1437),
bn_pack4(0xEF95,0x19B3,0xCD3A,0x431B),
bn_pack4(0x514A,0x0879,0x8E34,0x04DD),
bn_pack4(0x020B,0xBEA6,0x3B13,0x9B22),
bn_pack4(0x2902,0x4E08,0x8A67,0xCC74),
bn_pack4(0xC4C6,0x628B,0x80DC,0x1CD1),
bn_pack4(0xC90F,0xDAA2,0x2168,0xC234),
bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF)
};
static BIGNUM bn_group_8192 = {
bn_group_8192_value,

View File

@@ -63,13 +63,17 @@
#include <openssl/evp.h>
#if (BN_BYTES == 8)
#define bn_pack4(a1,a2,a3,a4) 0x##a1##a2##a3##a4##ul
#endif
#if (BN_BYTES == 4)
#define bn_pack4(a1,a2,a3,a4) 0x##a3##a4##ul, 0x##a1##a2##ul
#endif
#if (BN_BYTES == 2)
#define bn_pack4(a1,a2,a3,a4) 0x##a4##u,0x##a3##u,0x##a2##u,0x##a1##u
# if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
# define bn_pack4(a1,a2,a3,a4) ((a1##UI64<<48)|(a2##UI64<<32)|(a3##UI64<<16)|a4##UI64)
# elif defined(__arch64__)
# define bn_pack4(a1,a2,a3,a4) ((a1##UL<<48)|(a2##UL<<32)|(a3##UL<<16)|a4##UL)
# else
# define bn_pack4(a1,a2,a3,a4) ((a1##ULL<<48)|(a2##ULL<<32)|(a3##ULL<<16)|a4##ULL)
# endif
#elif (BN_BYTES == 4)
# define bn_pack4(a1,a2,a3,a4) ((a3##UL<<16)|a4##UL), ((a1##UL<<16)|a2##UL)
#else
# error "unsupported BN_BYTES"
#endif

View File

@@ -694,6 +694,7 @@ static int check_cert(X509_STORE_CTX *ctx)
X509_CRL *crl = NULL, *dcrl = NULL;
X509 *x;
int ok, cnum;
unsigned int last_reasons;
cnum = ctx->error_depth;
x = sk_X509_value(ctx->chain, cnum);
ctx->current_cert = x;
@@ -702,6 +703,7 @@ static int check_cert(X509_STORE_CTX *ctx)
ctx->current_reasons = 0;
while (ctx->current_reasons != CRLDP_ALL_REASONS)
{
last_reasons = ctx->current_reasons;
/* Try to retrieve relevant CRL */
if (ctx->get_crl)
ok = ctx->get_crl(ctx, &crl, x);
@@ -745,6 +747,15 @@ static int check_cert(X509_STORE_CTX *ctx)
X509_CRL_free(dcrl);
crl = NULL;
dcrl = NULL;
/* If reasons not updated we wont get anywhere by
* another iteration, so exit loop.
*/
if (last_reasons == ctx->current_reasons)
{
ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
ok = ctx->verify_cb(0, ctx);
goto err;
}
}
err:
X509_CRL_free(crl);

View File

@@ -97,6 +97,7 @@ int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx)
{
x->cert_info->enc.modified = 1;
return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CINF),
x->cert_info->signature,
x->sig_alg, x->signature, x->cert_info, ctx);
@@ -123,6 +124,7 @@ int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md)
int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx)
{
x->crl->enc.modified = 1;
return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CRL_INFO),
x->crl->sig_alg, x->sig_alg, x->signature, x->crl, ctx);
}

View File

@@ -67,6 +67,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
&inc ("esi"); # number of cores
&mov ("eax",1);
&xor ("ecx","ecx");
&cpuid ();
&bt ("edx",28);
&jnc (&label("generic"));
@@ -91,6 +92,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
&set_label("nocacheinfo");
&mov ("eax",1);
&xor ("ecx","ecx");
&cpuid ();
&and ("edx",0xbfefffff); # force reserved bits #20, #30 to 0
&cmp ("ebp",0);

View File

@@ -7,13 +7,14 @@
#include <openssl/pem.h>
#include <openssl/conf.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
int mkreq(X509_REQ **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days);
int add_ext(STACK_OF(X509_REQUEST) *sk, int nid, char *value);
int add_ext(STACK_OF(X509_EXTENSION) *sk, int nid, char *value);
int main(int argc, char **argv)
{
@@ -148,7 +149,7 @@ err:
* because we wont reference any other sections.
*/
int add_ext(STACK_OF(X509_REQUEST) *sk, int nid, char *value)
int add_ext(STACK_OF(X509_EXTENSION) *sk, int nid, char *value)
{
X509_EXTENSION *ex;
ex = X509V3_EXT_conf_nid(NULL, NULL, nid, value);

View File

@@ -24,6 +24,8 @@ B<openssl> B<rsa>
[B<-check>]
[B<-pubin>]
[B<-pubout>]
[B<-RSAPublicKey_in>]
[B<-RSAPublicKey_out>]
[B<-engine id>]
=head1 DESCRIPTION
@@ -118,6 +120,10 @@ by default a private key is output: with this option a public
key will be output instead. This option is automatically set if
the input is a public key.
=item B<-RSAPublicKey_in>, B<-RSAPublicKey_out>
like B<-pubin> and B<-pubout> except B<RSAPublicKey> format is used instead.
=item B<-engine id>
specifying an engine (by its unique B<id> string) will cause B<rsa>
@@ -139,6 +145,11 @@ The PEM public key format uses the header and footer lines:
-----BEGIN PUBLIC KEY-----
-----END PUBLIC KEY-----
The PEM B<RSAPublicKey> format uses the header and footer lines:
-----BEGIN RSA PUBLIC KEY-----
-----END RSA PUBLIC KEY-----
The B<NET> form is a format compatible with older Netscape servers
and Microsoft IIS .key files, this uses unsalted RC4 for its encryption.
It is not very secure and so should only be used when necessary.
@@ -173,6 +184,10 @@ To just output the public part of a private key:
openssl rsa -in key.pem -pubout -out pubkey.pem
Output the public part of a private key in B<RSAPublicKey> format:
openssl rsa -in key.pem -RSAPublicKey_out -out pubkey.pem
=head1 BUGS
The command line password arguments don't currently work with

View File

@@ -278,6 +278,8 @@ happen if extended CRL checking is enabled.
an application specific error. This will never be returned unless explicitly
set by an application.
=back
=head1 NOTES
The above functions should be used instead of directly referencing the fields

View File

@@ -95,7 +95,7 @@ is ignored.
ECDSA_verify() verifies that the signature in B<sig> of size
B<siglen> is a valid ECDSA signature of the hash value
value B<dgst> of size B<dgstlen> using the public key B<eckey>.
B<dgst> of size B<dgstlen> using the public key B<eckey>.
The parameter B<type> is ignored.
ECDSA_do_sign() is wrapper function for ECDSA_do_sign_ex with B<kinv>
@@ -131,16 +131,12 @@ specific)
int ret;
ECDSA_SIG *sig;
EC_KEY *eckey = EC_KEY_new();
EC_KEY *eckey;
eckey = EC_KEY_new_by_curve_name(NID_secp192k1);
if (eckey == NULL)
{
/* error */
}
key->group = EC_GROUP_new_by_nid(NID_secp192k1);
if (key->group == NULL)
{
/* error */
}
if (!EC_KEY_generate_key(eckey))
{
/* error */

View File

@@ -66,16 +66,16 @@ values:
=over 4
=item 1
The operation succeeded.
=item 0
A failure while manipulating the STACK_OF(X509_NAME) object occurred or
the X509_NAME could not be extracted from B<cacert>. Check the error stack
to find out the reason.
=item 1
The operation succeeded.
=back
=head1 EXAMPLES

View File

@@ -88,9 +88,10 @@ As of OpenSSL 0.9.8q and 1.0.0c, this option has no effect.
...
=item SSL_OP_MSIE_SSLV2_RSA_PADDING
=item SSL_OP_SAFARI_ECDHE_ECDSA_BUG
As of OpenSSL 0.9.7h and 0.9.8a, this option has no effect.
Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X.
OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.
=item SSL_OP_SSLEAY_080_CLIENT_DH_BUG

View File

@@ -81,6 +81,8 @@ SSL_CTX_use_psk_identity_hint() and SSL_use_psk_identity_hint() return
Return values from the server callback are interpreted as follows:
=over 4
=item > 0
PSK identity was found and the server callback has provided the PSK
@@ -99,4 +101,6 @@ completely.
PSK identity was not found. An "unknown_psk_identity" alert message
will be sent and the connection setup fails.
=back
=cut

View File

@@ -44,17 +44,17 @@ The following return values can occur:
=over 4
=item 1
The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
established.
=item 0
The TLS/SSL handshake was not successful but was shut down controlled and
by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
return value B<ret> to find out the reason.
=item 1
The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
established.
=item E<lt>0
The TLS/SSL handshake was not successful because a fatal error occurred either

View File

@@ -41,17 +41,17 @@ The following return values can occur:
=over 4
=item 1
The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
established.
=item 0
The TLS/SSL handshake was not successful but was shut down controlled and
by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
return value B<ret> to find out the reason.
=item 1
The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
established.
=item E<lt>0
The TLS/SSL handshake was not successful, because a fatal error occurred either

View File

@@ -45,17 +45,17 @@ The following return values can occur:
=over 4
=item 1
The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
established.
=item 0
The TLS/SSL handshake was not successful but was shut down controlled and
by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
return value B<ret> to find out the reason.
=item 1
The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
established.
=item E<lt>0
The TLS/SSL handshake was not successful because a fatal error occurred either

View File

@@ -92,11 +92,6 @@ The following return values can occur:
=over 4
=item 1
The shutdown was successfully completed. The "close notify" alert was sent
and the peer's "close notify" alert was received.
=item 0
The shutdown is not yet finished. Call SSL_shutdown() for a second time,
@@ -104,6 +99,11 @@ if a bidirectional shutdown shall be performed.
The output of L<SSL_get_error(3)|SSL_get_error(3)> may be misleading, as an
erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred.
=item 1
The shutdown was successfully completed. The "close notify" alert was sent
and the peer's "close notify" alert was received.
=item -1
The shutdown was not successful because a fatal error occurred either

View File

@@ -87,10 +87,6 @@ extern gost_subst_block Gost28147_CryptoProParamSetB;
extern gost_subst_block Gost28147_CryptoProParamSetC;
extern gost_subst_block Gost28147_CryptoProParamSetD;
extern const byte CryptoProKeyMeshingKey[];
#if __LONG_MAX__ > 2147483647L
typedef unsigned int word32;
#else
typedef unsigned long word32;
#endif
#endif

View File

@@ -1,8 +1,5 @@
%define _unpackaged_files_terminate_build 0
%define libmaj 1
%define libmin 0
%define librel 1
%define librev e
Release: 1
%define openssldir /var/ssl
@@ -10,9 +7,9 @@ Release: 1
Summary: Secure Sockets Layer and cryptography libraries and tools
Name: openssl
#Version: %{libmaj}.%{libmin}.%{librel}
Version: %{libmaj}.%{libmin}.%{librel}%{librev}
Version: 1.0.1f
Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
Copyright: Freely distributable
License: OpenSSL
Group: System Environment/Libraries
Provides: SSL
URL: http://www.openssl.org/

View File

@@ -214,6 +214,12 @@ dtls1_hm_fragment_new(unsigned long frag_len, int reassembly)
static void
dtls1_hm_fragment_free(hm_fragment *frag)
{
if (frag->msg_header.is_ccs)
{
EVP_CIPHER_CTX_free(frag->msg_header.saved_retransmit_state.enc_write_ctx);
EVP_MD_CTX_destroy(frag->msg_header.saved_retransmit_state.write_hash);
}
if (frag->fragment) OPENSSL_free(frag->fragment);
if (frag->reassembly) OPENSSL_free(frag->reassembly);
OPENSSL_free(frag);
@@ -313,9 +319,10 @@ int dtls1_do_write(SSL *s, int type)
s->init_off -= DTLS1_HM_HEADER_LENGTH;
s->init_num += DTLS1_HM_HEADER_LENGTH;
/* write atleast DTLS1_HM_HEADER_LENGTH bytes */
if ( len <= DTLS1_HM_HEADER_LENGTH)
len += DTLS1_HM_HEADER_LENGTH;
if ( s->init_num > curr_mtu)
len = curr_mtu;
else
len = s->init_num;
}
dtls1_fix_message_header(s, frag_off,

View File

@@ -538,13 +538,6 @@ int dtls1_connect(SSL *s)
SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);
if (ret <= 0) goto end;
#ifndef OPENSSL_NO_SCTP
/* Change to new shared key of SCTP-Auth,
* will be ignored if no SCTP used.
*/
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
#endif
s->state=SSL3_ST_CW_FINISHED_A;
s->init_num=0;
@@ -571,6 +564,16 @@ int dtls1_connect(SSL *s)
goto end;
}
#ifndef OPENSSL_NO_SCTP
if (s->hit)
{
/* Change to new shared key of SCTP-Auth,
* will be ignored if no SCTP used.
*/
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
}
#endif
dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
break;
@@ -613,6 +616,13 @@ int dtls1_connect(SSL *s)
}
else
{
#ifndef OPENSSL_NO_SCTP
/* Change to new shared key of SCTP-Auth,
* will be ignored if no SCTP used.
*/
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
#endif
#ifndef OPENSSL_NO_TLSEXT
/* Allow NewSessionTicket if ticket expected */
if (s->tlsext_ticket_expected)
@@ -773,7 +783,7 @@ int dtls1_client_hello(SSL *s)
unsigned char *buf;
unsigned char *p,*d;
unsigned int i,j;
unsigned long Time,l;
unsigned long l;
SSL_COMP *comp;
buf=(unsigned char *)s->init_buf->data;
@@ -798,13 +808,11 @@ int dtls1_client_hello(SSL *s)
/* if client_random is initialized, reuse it, we are
* required to use same upon reply to HelloVerify */
for (i=0;p[i]=='\0' && i<sizeof(s->s3->client_random);i++) ;
for (i=0;p[i]=='\0' && i<sizeof(s->s3->client_random);i++)
;
if (i==sizeof(s->s3->client_random))
{
Time=(unsigned long)time(NULL); /* Time */
l2n(Time,p);
RAND_pseudo_bytes(p,sizeof(s->s3->client_random)-4);
}
ssl_fill_hello_random(s, 0, p,
sizeof(s->s3->client_random));
/* Do the message type and length last */
d=p= &(buf[DTLS1_HM_HEADER_LENGTH]);

View File

@@ -196,6 +196,7 @@ void dtls1_free(SSL *s)
pqueue_free(s->d1->buffered_app_data.q);
OPENSSL_free(s->d1);
s->d1 = NULL;
}
void dtls1_clear(SSL *s)

View File

@@ -847,6 +847,12 @@ start:
}
}
if (s->d1->listen && rr->type != SSL3_RT_HANDSHAKE)
{
rr->length = 0;
goto start;
}
/* we now have a packet which can be read and processed */
if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
@@ -1051,6 +1057,7 @@ start:
!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
!s->s3->renegotiate)
{
s->d1->handshake_read_seq++;
s->new_session = 1;
ssl3_renegotiate(s);
if (ssl3_renegotiate_check(s))

View File

@@ -276,10 +276,11 @@ int dtls1_accept(SSL *s)
case SSL3_ST_SW_HELLO_REQ_B:
s->shutdown=0;
dtls1_clear_record_buffer(s);
dtls1_start_timer(s);
ret=dtls1_send_hello_request(s);
if (ret <= 0) goto end;
s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C;
s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A;
s->state=SSL3_ST_SW_FLUSH;
s->init_num=0;
@@ -721,10 +722,13 @@ int dtls1_accept(SSL *s)
if (ret <= 0) goto end;
#ifndef OPENSSL_NO_SCTP
/* Change to new shared key of SCTP-Auth,
* will be ignored if no SCTP used.
*/
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
if (!s->hit)
{
/* Change to new shared key of SCTP-Auth,
* will be ignored if no SCTP used.
*/
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
}
#endif
s->state=SSL3_ST_SW_FINISHED_A;
@@ -749,7 +753,16 @@ int dtls1_accept(SSL *s)
if (ret <= 0) goto end;
s->state=SSL3_ST_SW_FLUSH;
if (s->hit)
{
s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
#ifndef OPENSSL_NO_SCTP
/* Change to new shared key of SCTP-Auth,
* will be ignored if no SCTP used.
*/
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
#endif
}
else
{
s->s3->tmp.next_state=SSL_ST_OK;
@@ -912,15 +925,13 @@ int dtls1_send_server_hello(SSL *s)
unsigned char *p,*d;
int i;
unsigned int sl;
unsigned long l,Time;
unsigned long l;
if (s->state == SSL3_ST_SW_SRVR_HELLO_A)
{
buf=(unsigned char *)s->init_buf->data;
p=s->s3->server_random;
Time=(unsigned long)time(NULL); /* Time */
l2n(Time,p);
RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4);
ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE);
/* Do the message type and length last */
d=p= &(buf[DTLS1_HM_HEADER_LENGTH]);

View File

@@ -269,12 +269,35 @@ static int ssl23_no_ssl2_ciphers(SSL *s)
return 1;
}
/* Fill a ClientRandom or ServerRandom field of length len. Returns <= 0
* on failure, 1 on success. */
int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len)
{
int send_time = 0;
if (len < 4)
return 0;
if (server)
send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
else
send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
if (send_time)
{
unsigned long Time = time(NULL);
unsigned char *p = result;
l2n(Time, p);
return RAND_pseudo_bytes(p, len-4);
}
else
return RAND_pseudo_bytes(result, len);
}
static int ssl23_client_hello(SSL *s)
{
unsigned char *buf;
unsigned char *p,*d;
int i,ch_len;
unsigned long Time,l;
unsigned long l;
int ssl2_compat;
int version = 0, version_major, version_minor;
#ifndef OPENSSL_NO_COMP
@@ -355,9 +378,7 @@ static int ssl23_client_hello(SSL *s)
#endif
p=s->s3->client_random;
Time=(unsigned long)time(NULL); /* Time */
l2n(Time,p);
if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0)
return -1;
if (version == TLS1_2_VERSION)

View File

@@ -161,6 +161,8 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
i=s->method->ssl3_enc->final_finish_mac(s,
sender,slen,s->s3->tmp.finish_md);
if (i == 0)
return 0;
s->s3->tmp.finish_md_len = i;
memcpy(p, s->s3->tmp.finish_md, i);
p+=i;
@@ -208,7 +210,11 @@ static void ssl3_take_mac(SSL *s)
{
const char *sender;
int slen;
/* If no new cipher setup return immediately: other functions will
* set the appropriate error.
*/
if (s->s3->tmp.new_cipher == NULL)
return;
if (s->state & SSL_ST_CONNECT)
{
sender=s->method->ssl3_enc->server_finished_label;

View File

@@ -148,7 +148,7 @@ int tls1_cbc_remove_padding(const SSL* s,
unsigned padding_length, good, to_check, i;
const unsigned overhead = 1 /* padding length byte */ + mac_size;
/* Check if version requires explicit IV */
if (s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION)
if (s->version >= TLS1_1_VERSION || s->version == DTLS1_BAD_VER)
{
/* These lengths are all public so we can test them in
* non-constant time.

View File

@@ -655,7 +655,7 @@ int ssl3_client_hello(SSL *s)
unsigned char *buf;
unsigned char *p,*d;
int i;
unsigned long Time,l;
unsigned long l;
#ifndef OPENSSL_NO_COMP
int j;
SSL_COMP *comp;
@@ -680,9 +680,8 @@ int ssl3_client_hello(SSL *s)
/* else use the pre-loaded session */
p=s->s3->client_random;
Time=(unsigned long)time(NULL); /* Time */
l2n(Time,p);
if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0)
goto err;
/* Do the message type and length last */

View File

@@ -1683,7 +1683,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_3DES,
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
168,
168,
@@ -1699,7 +1699,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_AES128,
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
128,
128,
@@ -1715,7 +1715,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_AES256,
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
256,
256,
@@ -3037,6 +3037,11 @@ void ssl3_clear(SSL *s)
s->s3->tmp.ecdh = NULL;
}
#endif
#ifndef OPENSSL_NO_TLSEXT
#ifndef OPENSSL_NO_EC
s->s3->is_probably_safari = 0;
#endif /* !OPENSSL_NO_EC */
#endif /* !OPENSSL_NO_TLSEXT */
rp = s->s3->rbuf.buf;
wp = s->s3->wbuf.buf;
@@ -4016,6 +4021,13 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
ii=sk_SSL_CIPHER_find(allow,c);
if (ii >= 0)
{
#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_TLSEXT)
if ((alg_k & SSL_kEECDH) && (alg_a & SSL_aECDSA) && s->s3->is_probably_safari)
{
if (!ret) ret=sk_SSL_CIPHER_value(allow,ii);
continue;
}
#endif
ret=sk_SSL_CIPHER_value(allow,ii);
break;
}
@@ -4274,7 +4286,7 @@ need to go to SSL_ST_ACCEPT.
long ssl_get_algorithm2(SSL *s)
{
long alg2 = s->s3->tmp.new_cipher->algorithm2;
if (TLS1_get_version(s) >= TLS1_2_VERSION &&
if (s->method->version == TLS1_2_VERSION &&
alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF))
return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
return alg2;

View File

@@ -335,7 +335,7 @@ fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length);
if (version != s->version)
{
SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
if ((s->version & 0xFF00) == (version & 0xFF00))
if ((s->version & 0xFF00) == (version & 0xFF00) && !s->enc_write_ctx && !s->write_hash)
/* Send back error using their minor version number :-) */
s->version = (unsigned short)version;
al=SSL_AD_PROTOCOL_VERSION;
@@ -1459,8 +1459,14 @@ int ssl3_do_change_cipher_spec(SSL *s)
slen=s->method->ssl3_enc->client_finished_label_len;
}
s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
i = s->method->ssl3_enc->final_finish_mac(s,
sender,slen,s->s3->tmp.peer_finish_md);
if (i == 0)
{
SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR);
return 0;
}
s->s3->tmp.peer_finish_md_len = i;
return(1);
}

View File

@@ -958,7 +958,8 @@ int ssl3_get_client_hello(SSL *s)
(s->version != DTLS1_VERSION && s->client_version < s->version))
{
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER);
if ((s->client_version>>8) == SSL3_VERSION_MAJOR)
if ((s->client_version>>8) == SSL3_VERSION_MAJOR &&
!s->enc_write_ctx && !s->write_hash)
{
/* similar to ssl3_get_record, send alert using remote version number */
s->version = s->client_version;
@@ -1193,12 +1194,9 @@ int ssl3_get_client_hello(SSL *s)
* server_random before calling tls_session_secret_cb in order to allow
* SessionTicket processing to use it in key derivation. */
{
unsigned long Time;
unsigned char *pos;
Time=(unsigned long)time(NULL); /* Time */
pos=s->s3->server_random;
l2n(Time,pos);
if (RAND_pseudo_bytes(pos,SSL3_RANDOM_SIZE-4) <= 0)
if (ssl_fill_hello_random(s, 1, pos, SSL3_RANDOM_SIZE) <= 0)
{
al=SSL_AD_INTERNAL_ERROR;
goto f_err;
@@ -1435,19 +1433,13 @@ int ssl3_send_server_hello(SSL *s)
unsigned char *p,*d;
int i,sl;
unsigned long l;
#ifdef OPENSSL_NO_TLSEXT
unsigned long Time;
#endif
if (s->state == SSL3_ST_SW_SRVR_HELLO_A)
{
buf=(unsigned char *)s->init_buf->data;
#ifdef OPENSSL_NO_TLSEXT
p=s->s3->server_random;
/* Generate server_random if it was not needed previously */
Time=(unsigned long)time(NULL); /* Time */
l2n(Time,p);
if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
if (ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE) <= 0)
return -1;
#endif
/* Do the message type and length last */

View File

@@ -555,11 +555,14 @@ struct ssl_session_st
#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L
#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L
#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L
#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L /* no effect since 0.9.7h and 0.9.8b */
#define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040L
#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L
#define SSL_OP_TLS_D5_BUG 0x00000100L
#define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L
/* Hasn't done anything since OpenSSL 0.9.7h, retained for compatibility */
#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x0
/* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added
* in OpenSSL 0.9.6d. Usually (depending on the application protocol)
* the workaround is not needed. Unfortunately some broken SSL/TLS
@@ -641,6 +644,12 @@ struct ssl_session_st
* TLS only.) "Released" buffers are put onto a free-list in the context
* or just freed (depending on the context's setting for freelist_max_len). */
#define SSL_MODE_RELEASE_BUFFERS 0x00000010L
/* Send the current time in the Random fields of the ClientHello and
* ServerHello records for compatibility with hypothetical implementations
* that require it.
*/
#define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L
#define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L
/* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
* they cannot be used to clear bits. */

View File

@@ -539,6 +539,15 @@ typedef struct ssl3_state_st
/* Set if we saw the Next Protocol Negotiation extension from our peer. */
int next_proto_neg_seen;
#endif
#ifndef OPENSSL_NO_TLSEXT
#ifndef OPENSSL_NO_EC
/* This is set to true if we believe that this is a version of Safari
* running on OS X 10.6 or newer. We wish to know this because Safari
* on 10.8 .. 10.8.3 has broken ECDHE-ECDSA support. */
char is_probably_safari;
#endif /* !OPENSSL_NO_EC */
#endif /* !OPENSSL_NO_TLSEXT */
} SSL3_STATE;
#endif

View File

@@ -1797,7 +1797,9 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data);
ret->extra_certs=NULL;
ret->comp_methods=SSL_COMP_get_compression_methods();
/* No compression for DTLS */
if (meth->version != DTLS1_VERSION)
ret->comp_methods=SSL_COMP_get_compression_methods();
ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
@@ -2792,9 +2794,7 @@ void ssl_clear_cipher_ctx(SSL *s)
/* Fix this function so that it takes an optional type parameter */
X509 *SSL_get_certificate(const SSL *s)
{
if (s->server)
return(ssl_get_server_send_cert(s));
else if (s->cert != NULL)
if (s->cert != NULL)
return(s->cert->key->x509);
else
return(NULL);

View File

@@ -621,6 +621,8 @@ extern SSL3_ENC_METHOD TLSv1_enc_data;
extern SSL3_ENC_METHOD SSLv3_enc_data;
extern SSL3_ENC_METHOD DTLSv1_enc_data;
#define SSL_IS_DTLS(s) (s->method->version == DTLS1_VERSION)
#define IMPLEMENT_tls_meth_func(version, func_name, s_accept, s_connect, \
s_get_meth) \
const SSL_METHOD *func_name(void) \
@@ -847,6 +849,7 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher);
STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
int ssl_verify_alarm_type(long type);
void ssl_load_ciphers(void);
int ssl_fill_hello_random(SSL *s, int server, unsigned char *field, int len);
int ssl2_enc_init(SSL *s, int client);
int ssl2_generate_key_material(SSL *s);

View File

@@ -881,7 +881,13 @@ bad:
meth=SSLv23_method();
#else
#ifdef OPENSSL_NO_SSL2
meth=SSLv3_method();
if (tls1)
meth=TLSv1_method();
else
if (ssl3)
meth=SSLv3_method();
else
meth=SSLv23_method();
#else
meth=SSLv2_method();
#endif

View File

@@ -414,15 +414,20 @@ int tls1_change_cipher_state(SSL *s, int which)
s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM;
else
s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM;
if (s->enc_write_ctx != NULL)
if (s->enc_write_ctx != NULL && !SSL_IS_DTLS(s))
reuse_dd = 1;
else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
else if ((s->enc_write_ctx=EVP_CIPHER_CTX_new()) == NULL)
goto err;
else
/* make sure it's intialized in case we exit later with an error */
EVP_CIPHER_CTX_init(s->enc_write_ctx);
dd= s->enc_write_ctx;
mac_ctx = ssl_replace_hash(&s->write_hash,NULL);
if (SSL_IS_DTLS(s))
{
mac_ctx = EVP_MD_CTX_create();
if (!mac_ctx)
goto err;
s->write_hash = mac_ctx;
}
else
mac_ctx = ssl_replace_hash(&s->write_hash,NULL);
#ifndef OPENSSL_NO_COMP
if (s->compress != NULL)
{
@@ -915,18 +920,19 @@ int tls1_final_finish_mac(SSL *s,
if (mask & ssl_get_algorithm2(s))
{
int hashsize = EVP_MD_size(md);
if (hashsize < 0 || hashsize > (int)(sizeof buf - (size_t)(q-buf)))
EVP_MD_CTX *hdgst = s->s3->handshake_dgst[idx];
if (!hdgst || hashsize < 0 || hashsize > (int)(sizeof buf - (size_t)(q-buf)))
{
/* internal error: 'buf' is too small for this cipersuite! */
err = 1;
}
else
{
EVP_MD_CTX_copy_ex(&ctx,s->s3->handshake_dgst[idx]);
EVP_DigestFinal_ex(&ctx,q,&i);
if (i != (unsigned int)hashsize) /* can't really happen */
if (!EVP_MD_CTX_copy_ex(&ctx, hdgst) ||
!EVP_DigestFinal_ex(&ctx,q,&i) ||
(i != (unsigned int)hashsize))
err = 1;
q+=i;
q+=hashsize;
}
}
}

View File

@@ -342,19 +342,11 @@ static unsigned char tls12_sigalgs[] = {
#ifndef OPENSSL_NO_SHA
tlsext_sigalg(TLSEXT_hash_sha1)
#endif
#ifndef OPENSSL_NO_MD5
tlsext_sigalg_rsa(TLSEXT_hash_md5)
#endif
};
int tls12_get_req_sig_algs(SSL *s, unsigned char *p)
{
size_t slen = sizeof(tls12_sigalgs);
#ifdef OPENSSL_FIPS
/* If FIPS mode don't include MD5 which is last */
if (FIPS_mode())
slen -= 2;
#endif
if (p)
memcpy(p, tls12_sigalgs, slen);
return (int)slen;
@@ -866,6 +858,89 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
return ret;
}
#ifndef OPENSSL_NO_EC
/* ssl_check_for_safari attempts to fingerprint Safari using OS X
* SecureTransport using the TLS extension block in |d|, of length |n|.
* Safari, since 10.6, sends exactly these extensions, in this order:
* SNI,
* elliptic_curves
* ec_point_formats
*
* We wish to fingerprint Safari because they broke ECDHE-ECDSA support in 10.8,
* but they advertise support. So enabling ECDHE-ECDSA ciphers breaks them.
* Sadly we cannot differentiate 10.6, 10.7 and 10.8.4 (which work), from
* 10.8..10.8.3 (which don't work).
*/
static void ssl_check_for_safari(SSL *s, const unsigned char *data, const unsigned char *d, int n) {
unsigned short type, size;
static const unsigned char kSafariExtensionsBlock[] = {
0x00, 0x0a, /* elliptic_curves extension */
0x00, 0x08, /* 8 bytes */
0x00, 0x06, /* 6 bytes of curve ids */
0x00, 0x17, /* P-256 */
0x00, 0x18, /* P-384 */
0x00, 0x19, /* P-521 */
0x00, 0x0b, /* ec_point_formats */
0x00, 0x02, /* 2 bytes */
0x01, /* 1 point format */
0x00, /* uncompressed */
};
/* The following is only present in TLS 1.2 */
static const unsigned char kSafariTLS12ExtensionsBlock[] = {
0x00, 0x0d, /* signature_algorithms */
0x00, 0x0c, /* 12 bytes */
0x00, 0x0a, /* 10 bytes */
0x05, 0x01, /* SHA-384/RSA */
0x04, 0x01, /* SHA-256/RSA */
0x02, 0x01, /* SHA-1/RSA */
0x04, 0x03, /* SHA-256/ECDSA */
0x02, 0x03, /* SHA-1/ECDSA */
};
if (data >= (d+n-2))
return;
data += 2;
if (data > (d+n-4))
return;
n2s(data,type);
n2s(data,size);
if (type != TLSEXT_TYPE_server_name)
return;
if (data+size > d+n)
return;
data += size;
if (TLS1_get_client_version(s) >= TLS1_2_VERSION)
{
const size_t len1 = sizeof(kSafariExtensionsBlock);
const size_t len2 = sizeof(kSafariTLS12ExtensionsBlock);
if (data + len1 + len2 != d+n)
return;
if (memcmp(data, kSafariExtensionsBlock, len1) != 0)
return;
if (memcmp(data + len1, kSafariTLS12ExtensionsBlock, len2) != 0)
return;
}
else
{
const size_t len = sizeof(kSafariExtensionsBlock);
if (data + len != d+n)
return;
if (memcmp(data, kSafariExtensionsBlock, len) != 0)
return;
}
s->s3->is_probably_safari = 1;
}
#endif /* !OPENSSL_NO_EC */
int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al)
{
unsigned short type;
@@ -886,6 +961,11 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
SSL_TLSEXT_HB_DONT_SEND_REQUESTS);
#endif
#ifndef OPENSSL_NO_EC
if (s->options & SSL_OP_SAFARI_ECDHE_ECDSA_BUG)
ssl_check_for_safari(s, data, d, n);
#endif /* !OPENSSL_NO_EC */
if (data >= (d+n-2))
goto ri_check;
n2s(data,len);
@@ -2364,14 +2444,6 @@ const EVP_MD *tls12_get_hash(unsigned char hash_alg)
{
switch(hash_alg)
{
#ifndef OPENSSL_NO_MD5
case TLSEXT_hash_md5:
#ifdef OPENSSL_FIPS
if (FIPS_mode())
return NULL;
#endif
return EVP_md5();
#endif
#ifndef OPENSSL_NO_SHA
case TLSEXT_hash_sha1:
return EVP_sha1();

Some files were not shown because too many files have changed in this diff Show More