Changes between 0.9.6b and 0.9.6c [XX xxx XXXX]
- *) Add support for Broadcom crypto accelerator cards, backported
+ *) [In 0.9.6c-engine release:]
+ Add support for Broadcom crypto accelerator cards, backported
from 0.9.7.
[Broadcom, Nalin Dahyabhai <nalin@redhat.com>, Mark Cox]
- *) Add support for SureWare crypto accelerator cards from
+ *) [In 0.9.6c-engine release:]
+ Add support for SureWare crypto accelerator cards from
Baltimore Technologies. (Use engine 'sureware')
[Baltimore Technologies and Mark Cox]
- *) Add support for crypto accelerator cards from Accelerated
+ *) [In 0.9.6c-engine release:]
+ Add support for crypto accelerator cards from Accelerated
Encryption Processing, www.aep.ie. (Use engine 'aep')
[AEP Inc. and Mark Cox]
+ *) Add a configuration entry for gcc on UnixWare.
+ [Gary Benson <gbenson@redhat.com>]
+
+ *) Change ssl/s2_clnt.c and ssl/s2_srvr.c so that received handshake
+ messages are stored in a single piece (fixed-length part and
+ variable-length part combined) and fix various bugs found on the way.
+ [Bodo Moeller]
+
+ *) Disable caching in BIO_gethostbyname(), directly use gethostbyname()
+ instead. BIO_gethostbyname() does not know what timeouts are
+ appropriate, so entries would stay in cache even when they have
+ become invalid.
+ [Bodo Moeller; problem pointed out by Rich Salz <rsalz@zolera.com>
+
+ *) Change ssl23_get_client_hello (ssl/s23_srvr.c) behaviour when
+ faced with a pathologically small ClientHello fragment that does
+ not contain client_version: Instead of aborting with an error,
+ simply choose the highest available protocol version (i.e.,
+ TLS 1.0 unless it is disabled). In practice, ClientHello
+ messages are never sent like this, but this change gives us
+ strictly correct behaviour at least for TLS.
+ [Bodo Moeller]
+
+ *) Fix SSL handshake functions and SSL_clear() such that SSL_clear()
+ never resets s->method to s->ctx->method when called from within
+ one of the SSL handshake functions.
+ [Bodo Moeller; problem pointed out by Niko Baric]
+
+ *) In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert
+ (sent using the client's version number) if client_version is
+ smaller than the protocol version in use. Also change
+ ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0 if
+ the client demanded SSL 3.0 but only TLS 1.0 is enabled; then
+ the client will at least see that alert.
+ [Bodo Moeller]
+
+ *) Fix ssl3_get_message (ssl/s3_both.c) to handle message fragmentation
+ correctly.
+ [Bodo Moeller]
+
+ *) Avoid infinite loop in ssl3_get_message (ssl/s3_both.c) if a
+ client receives HelloRequest while in a handshake.
+ [Bodo Moeller; bug noticed by Andy Schneider <andy.schneider@bjss.co.uk>]
+
+ *) Bugfix in ssl3_accept (ssl/s3_srvr.c): Case SSL3_ST_SW_HELLO_REQ_C
+ should end in 'break', not 'goto end' which circuments various
+ cleanups done in state SSL_ST_OK. But session related stuff
+ must be disabled for SSL_ST_OK in the case that we just sent a
+ HelloRequest.
+
+ Also avoid some overhead by not calling ssl_init_wbio_buffer()
+ before just sending a HelloRequest.
+ [Bodo Moeller, Eric Rescorla <ekr@rtfm.com>]
+
+ *) Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't
+ reveal whether illegal block cipher padding was found or a MAC
+ verification error occured. (Neither SSLerr() codes nor alerts
+ are directly visible to potential attackers, but the information
+ may leak via logfiles.)
+
+ Similar changes are not required for the SSL 2.0 implementation
+ because the number of padding bytes is sent in clear for SSL 2.0,
+ and the extra bytes are just ignored. However ssl/s2_pkt.c
+ failed to verify that the purported number of padding bytes is in
+ the legal range.
+ [Bodo Moeller]
+
+ *) OpenUNIX-8 support (Boyd Lynn Gerber <gerberb@zenez.com>)
+ [Lutz Jaenicke]
+
+ *) Improve RSA_padding_check_PKCS1_OAEP() check again to avoid
+ 'wristwatch attack' using huge encoding parameters (cf.
+ James H. Manger's CRYPTO 2001 paper). Note that the
+ RSA_PKCS1_OAEP_PADDING case of RSA_private_decrypt() does not use
+ encoding parameters and hence was not vulnerable.
+ [Bodo Moeller]
+
+ *) BN_sqr() bug fix.
+ [Ulf Möller, reported by Jim Ellis <jim.ellis@cavium.com>]
+
+ *) Rabin-Miller test analyses assume uniformly distributed witnesses,
+ so use BN_pseudo_rand_range() instead of using BN_pseudo_rand()
+ followed by modular reduction.
+ [Bodo Moeller; pointed out by Adam Young <AYoung1@NCSUS.JNJ.COM>]
+
+ *) Add BN_pseudo_rand_range() with obvious functionality: BN_rand_range()
+ equivalent based on BN_pseudo_rand() instead of BN_rand().
+ [Bodo Moeller]
+
+ *) s3_srvr.c: allow sending of large client certificate lists (> 16 kB).
+ This function was broken, as the check for a new client hello message
+ to handle SGC did not allow these large messages.
+ (Tracked down by "Douglas E. Engert" <deengert@anl.gov>.)
+ [Lutz Jaenicke]
+
+ *) Add alert descriptions for TLSv1 to SSL_alert_desc_string[_long]().
+ [Lutz Jaenicke]
+
+ *) Fix buggy behaviour of BIO_get_num_renegotiates() and BIO_ctrl()
+ for BIO_C_GET_WRITE_BUF_SIZE ("Stephen Hinton" <shinton@netopia.com>).
+ [Lutz Jaenicke]
+
+ *) Rework the configuration and shared library support for Tru64 Unix.
+ The configuration part makes use of modern compiler features and
+ still retains old compiler behavior for those that run older versions
+ of the OS. The shared library support part includes a variant that
+ uses the RPATH feature, and is available through the special
+ configuration target "alpha-cc-rpath", which will never be selected
+ automatically.
+ [Tim Mooney <mooney@dogbert.cc.ndsu.NoDak.edu> via Richard Levitte]
+
+ *) In ssl3_get_key_exchange (ssl/s3_clnt.c), call ssl3_get_message()
+ with the same message size as in ssl3_get_certificate_request().
+ Otherwise, if no ServerKeyExchange message occurs, CertificateRequest
+ messages might inadvertently be reject as too long.
+ [Petr Lampa <lampa@fee.vutbr.cz>]
+
+ *) Enhanced support for IA-64 Unix platforms (well, Linux and HP-UX).
+ [Andy Polyakov]
+
+ *) Modified SSL library such that the verify_callback that has been set
+ specificly for an SSL object with SSL_set_verify() is actually being
+ used. Before the change, a verify_callback set with this function was
+ ignored and the verify_callback() set in the SSL_CTX at the time of
+ the call was used. New function X509_STORE_CTX_set_verify_cb() introduced
+ to allow the necessary settings.
+ [Lutz Jaenicke]
+
+ *) Initialize static variable in crypto/dsa/dsa_lib.c and crypto/dh/dh_lib.c
+ explicitly to NULL, as at least on Solaris 8 this seems not always to be
+ done automatically (in contradiction to the requirements of the C
+ standard). This made problems when used from OpenSSH.
+ [Lutz Jaenicke]
+
+ *) In OpenSSL 0.9.6a and 0.9.6b, crypto/dh/dh_key.c ignored
+ dh->length and always used
+
+ BN_rand_range(priv_key, dh->p).
+
+ BN_rand_range() is not necessary for Diffie-Hellman, and this
+ specific range makes Diffie-Hellman unnecessarily inefficient if
+ dh->length (recommended exponent length) is much smaller than the
+ length of dh->p. We could use BN_rand_range() if the order of
+ the subgroup was stored in the DH structure, but we only have
+ dh->length.
+
+ So switch back to
+
+ BN_rand(priv_key, l, ...)
+
+ where 'l' is dh->length if this is defined, or BN_num_bits(dh->p)-1
+ otherwise.
+ [Bodo Moeller]
+
+ *) In
+
+ RSA_eay_public_encrypt
+ RSA_eay_private_decrypt
+ RSA_eay_private_encrypt (signing)
+ RSA_eay_public_decrypt (signature verification)
+
+ (default implementations for RSA_public_encrypt,
+ RSA_private_decrypt, RSA_private_encrypt, RSA_public_decrypt),
+ always reject numbers >= n.
+ [Bodo Moeller]
+
+ *) In crypto/rand/md_rand.c, use a new short-time lock CRYPTO_LOCK_RAND2
+ to synchronize access to 'locking_thread'. This is necessary on
+ systems where access to 'locking_thread' (an 'unsigned long'
+ variable) is not atomic.
+ [Bodo Moeller]
+
+ *) In crypto/rand/md_rand.c, set 'locking_thread' to current thread's ID
+ *before* setting the 'crypto_lock_rand' flag. The previous code had
+ a race condition if 0 is a valid thread ID.
+ [Travis Vitek <vitek@roguewave.com>]
+
Changes between 0.9.6a and 0.9.6b [9 Jul 2001]
*) Change ssleay_rand_bytes (crypto/rand/md_rand.c)
[Ulf Möller, Bodo Möller]
*) The countermeasure against Bleichbacher's attack on PKCS #1 v1.5
- RSA encryption was accidentily removed in s3_srvr.c in OpenSSL 0.9.5
+ RSA encryption was accidentally removed in s3_srvr.c in OpenSSL 0.9.5
when fixing the server behaviour for backwards-compatible 'client
hello' messages. (Note that the attack is impractical against
SSL 3.0 and TLS 1.0 anyway because length and version checking
combination of a flag and a thread ID variable.
Otherwise while one thread is in ssleay_rand_bytes (which sets the
flag), *other* threads can enter ssleay_add_bytes without obeying
- the CRYPTO_LOCK_RAND lock (and may even illegaly release the lock
+ the CRYPTO_LOCK_RAND lock (and may even illegally release the lock
that they do not hold after the first thread unsets add_do_not_lock).
[Bodo Moeller]
default is static libraries only, and the OpenSSL programs
are always statically linked for now, but there are
preparations for dynamic linking in place.
- This has been tested on Linux and True64.
+ This has been tested on Linux and Tru64.
[Richard Levitte]
*) Randomness polling function for Win9x, as described in:
"debug-ben-debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::",
"debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown):::::",
"debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
-"debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DBIO_PAIR_DEBUG -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
-"debug-ulf", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+"debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -DBIO_PAIR_DEBUG -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+"debug-ulf", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
"debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
-"debug-levitte-linux-elf","gcc:-DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -pipe::-D_REENTRANT:-ldl:::::::::::dlfcn",
+"debug-levitte-linux-elf","gcc:-DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -pipe::-D_REENTRANT:-ldl:::::::::::dlfcn",
"dist", "cc:-O::(unknown):::::",
# Basic configs that should work on any (32 and less bit) box
#### HP MPE/iX http://jazz.external.hp.com/src/openssl/
"MPE/iX-gcc", "gcc:-D_ENDIAN -DBN_DIV2W -O3 -DMPE -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
-# Dec Alpha, OSF/1 - the alpha164-cc is the flags for a 21164A with
-# the new compiler
+# Dec Alpha, OSF/1 - the alpha164-cc is historical, for the conversion
+# from the older DEC C Compiler to the newer compiler. It's now the
+# same as the preferred entry, alpha-cc. If you are still using the
+# older compiler (you're at 3.x or earlier, or perhaps very early 4.x)
+# you should use `alphaold-cc'.
+#
+# "What's in a name? That which we call a rose
+# By any other word would smell as sweet."
+#
+# - William Shakespeare, "Romeo & Juliet", Act II, scene II.
+#
+# For OSF/1 3.2b and earlier, and Digital UNIX 3.2c - 3.2g, with the
+# vendor compiler, use alphaold-cc.
+# For Digital UNIX 4.0 - 4.0e, with the vendor compiler, use alpha-cc.
+# For Tru64 UNIX 4.f - current, with the vendor compiler, use alpha-cc.
+#
+# There's also an alternate target available (which `config' will never
+# select) called alpha-cc-rpath. This target builds an RPATH into the
+# shared libraries, which is very convenient on Tru64 since binaries
+# linked against that shared library will automatically inherit that RPATH,
+# and hence know where to look for the openssl libraries, even if they're in
+# an odd place.
+#
# For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version
-"alpha-gcc","gcc:-O3::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${alpha_asm}:dlfcn:tru64-shared::.so",
-"alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared::.so",
-"alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared::.so",
+#
+"alpha-gcc","gcc:-O3::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${alpha_asm}:dlfcn:alpha-osf1-shared::.so",
+"alphaold-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::.so",
+"alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared::.so",
+"alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared::.so",
+"alpha-cc-rpath", "cc:-std1 -tune host -fast -readonly_strings::-pthread::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared-rpath::.so",
+#
+# This probably belongs in a different section.
+#
"FreeBSD-alpha","gcc:-DTERMIOS -O -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#### Alpha Linux with GNU C and Compaq C setups
"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
"linux-m68k", "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
"linux-s390", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
-"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::SIXTY_FOUR_BIT_LONG::",
+"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o:::::::::dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"NetBSD-sparc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"NetBSD-m68", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"NetBSD-x86", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
"unixware-7-pentium","cc:-O -DFILIO_H -Kalloca -Kpentium::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
"unixware-7-pentium_pro","cc:-O -DFILIO_H -Kalloca -Kpentium_pro::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
+"unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT:-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+# OpenUNIX 8
+"OpenUNIX","cc:-O -DFILIO_H -Kalloca::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
+"OpenUNIX-8","cc:-O -DFILIO_H -Kalloca::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
+"OpenUNIX-8-gcc","gcc:-O -DFILIO_H -fomit-frame-pointer::-pthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
+"OpenUNIX-8-pentium","cc:-O -DFILIO_H -Kalloca -Kpentium::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
+"OpenUNIX-8-pentium_pro","cc:-O -DFILIO_H -Kalloca -Kpentium_pro::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
+"OpenUNIX-8-shared","cc:-O -DFILIO_H -Kalloca::-Kthread:-lsocket -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic",
+"OpenUNIX-8-gcc-shared","gcc:-O3 -DFILIO_H -fomit-frame-pointer::-pthread:-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr5-shared:-fPIC",
# IBM's AIX.
"aix-cc", "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown)::BN_LLONG RC4_CHAR:::",
* How can I contact the OpenSSL developers?
* Where can I get a compiled version of OpenSSL?
* Why aren't tools like 'autoconf' and 'libtool' used?
+* What is an 'engine' version?
[LEGAL] Legal questions
* Why does the linker complain about undefined symbols?
* Why does the OpenSSL test fail with "bc: command not found"?
* Why does the OpenSSL test fail with "bc: 1 no implemented"?
-* Why does the OpenSSL compilation fail on Alpha True64 Unix?
+* Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
* Why does the OpenSSL compilation fail with "ar: command not found"?
* Why does the OpenSSL compilation fail on Win32 with VC++?
autoconf will probably be used in future OpenSSL versions. If it was
less Unix-centric, it might have been used much earlier.
+* What is an 'engine' version?
+
+With version 0.9.6 OpenSSL was extended to interface to external crypto
+hardware. This was realized in a special release '0.9.6-engine'. With
+version 0.9.7 (not yet released) the changes were merged into the main
+development line, so that the special release is no longer necessary.
[LEGAL] =======================================================================
their software on operating systems that don't normally include OpenSSL.
If you develop open source software that uses OpenSSL, you may find it
-useful to choose an other license than the GPL, or state explicitely that
+useful to choose an other license than the GPL, or state explicitly that
"This program is released under the GPL with the additional exemption that
compiling, linking, and/or using OpenSSL is allowed." If you are using
GPL software developed by others, you may want to ask the copyright holder
If neither RANDFILE nor HOME is set, versions up to OpenSSL 0.9.6 will
use file .rnd in the current directory while OpenSSL 0.9.6a uses no
default seeding file at all. OpenSSL 0.9.6b and later will behave
-similarly to 0.9.6a, but will use a default of "C:" for HOME on
+similarly to 0.9.6a, but will use a default of "C:\" for HOME on
Windows systems if the environment variable has not been set.
If the default seeding file does not exist or is too short, the "PRNG
reject.
The solution is to add the relevant CA certificate to your servers "trusted
-CA list". How you do this depends on the server sofware in uses. You can
+CA list". How you do this depends on the server software in uses. You can
print out the servers list of acceptable CAs using the OpenSSL s_client tool:
openssl s_client -connect www.some.host:443 -prexit
for download instructions) can be safely used, for example.
-* Why does the OpenSSL compilation fail on Alpha True64 Unix?
+* Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
-On some Alpha installations running True64 Unix and Compaq C, the compilation
+On some Alpha installations running Tru64 Unix and Compaq C, the compilation
of crypto/sha/sha_dgst.c fails with the message 'Fatal: Insufficient virtual
memory to continue compilation.' As far as the tests have shown, this may be
a compiler bug. What happens is that it eats up a lot of resident memory
* Why can't the OpenSSH configure script detect OpenSSL?
-There is a problem with OpenSSH 1.2.2p1, in that the configure script
-can't find the installed OpenSSL libraries. The problem is actually
-a small glitch that is easily solved with the following patch to be
-applied to the OpenSSH distribution:
-
------ snip:start -----
---- openssh-1.2.2p1/configure.in.orig Thu Mar 23 18:56:58 2000
-+++ openssh-1.2.2p1/configure.in Thu Mar 23 18:55:05 2000
-@@ -152,10 +152,10 @@
- AC_MSG_CHECKING([for OpenSSL/SSLeay directory])
- for ssldir in "" $tryssldir /usr /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg /opt /opt/openssl ; do
- if test ! -z "$ssldir" ; then
-- LIBS="$saved_LIBS -L$ssldir"
-+ LIBS="$saved_LIBS -L$ssldir/lib"
- CFLAGS="$CFLAGS -I$ssldir/include"
- if test "x$need_dash_r" = "x1" ; then
-- LIBS="$LIBS -R$ssldir"
-+ LIBS="$LIBS -R$ssldir/lib"
- fi
- fi
- LIBS="$LIBS -lcrypto"
---- openssh-1.2.2p1/configure.orig Thu Mar 23 18:55:02 2000
-+++ openssh-1.2.2p1/configure Thu Mar 23 18:57:08 2000
-@@ -1890,10 +1890,10 @@
- echo "configure:1891: checking for OpenSSL/SSLeay directory" >&5
- for ssldir in "" $tryssldir /usr /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg /opt /opt/openssl ; do
- if test ! -z "$ssldir" ; then
-- LIBS="$saved_LIBS -L$ssldir"
-+ LIBS="$saved_LIBS -L$ssldir/lib"
- CFLAGS="$CFLAGS -I$ssldir/include"
- if test "x$need_dash_r" = "x1" ; then
-- LIBS="$LIBS -R$ssldir"
-+ LIBS="$LIBS -R$ssldir/lib"
- fi
- fi
- LIBS="$LIBS -lcrypto"
------ snip:end -----
+Several reasons for problems with the automatic detection exist.
+OpenSSH requires at least version 0.9.5a of the OpenSSL libraries.
+Sometimes the distribution has installed an older version in the system
+locations that is detected instead of a new one installed. The OpenSSL
+library might have been compiled for another CPU or another mode (32/64 bits).
+Permissions might be wrong.
+The general answer is to check the config.log file generated when running
+the OpenSSH configure script. It should contain the detailed information
+on why the OpenSSL library was not detected or considered incompatible.
* Can I use OpenSSL's SSL library with non-blocking I/O?
* Why doesn't my server application receive a client certificate?
Due to the TLS protocol definition, a client will only send a certificate,
-if explicitely asked by the server. Use the SSL_VERIFY_PEER flag of the
+if explicitly asked by the server. Use the SSL_VERIFY_PEER flag of the
SSL_CTX_set_verify() function to enable the use of client certificates.
-OpenSSL - Port To The Macintosh
-===============================
+OpenSSL - Port To The Macintosh OS 9 or Earlier
+===============================================
-Thanks to Roy Wood <roy@centricsystems.ca> initial support for MacOS (pre
+Thanks to Roy Wood <roy@centricsystems.ca> initial support for Mac OS (pre
X) is now provided. "Initial" means that unlike other platforms where you
get an SDK and a "swiss army" openssl application, on Macintosh you only
get one sample application which fetches a page over HTTPS(*) and dumps it
BSD sockets and some other POSIX APIs. The GUSI distribution is
expected to be found in the same directory as openssl source tree,
i.e. in the parent directory to the one where this very file,
- namely INSTALL.MacOS. For more informations about GUSI, see
+ namely INSTALL.MacOS. For more information about GUSI, see
http://www.iis.ee.ethz.ch/~neeri/macintosh/gusi-qa.html
Finally some essential comments from our generous contributor:-)
done
# This assumes that GNU utilities are *not* used
-do_tru64-shared:
+do_alpha-osf1-shared:
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
( set -x; ${CC} -shared -no_archive -o lib$$i.so \
-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
libs="$$libs -l$$i"; \
done
+# This assumes that GNU utilities are *not* used
+# The difference between alpha-osf1-shared and tru64-shared is the `-msym'
+# option passed to the linker.
+do_tru64-shared:
+ libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+ ( set -x; ${CC} -shared -msym -no_archive -o lib$$i.so \
+ -set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
+ -all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
+ libs="$$libs -l$$i"; \
+ done
+
+# This assumes that GNU utilities are *not* used
+# The difference between tru64-shared and tru64-shared-rpath is the
+# -rpath ${INSTALLTOP}/lib passed to the linker.
+do_tru64-shared-rpath:
+ libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+ ( set -x; ${CC} -shared -msym -no_archive -o lib$$i.so \
+ -rpath ${INSTALLTOP}/lib \
+ -set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
+ -all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
+ libs="$$libs -l$$i"; \
+ done
+
+
# This assumes that GNU utilities are *not* used
do_solaris-shared:
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
libs="$$libs -l$$i"; \
done
+# UnixWare 7 and OpenUNIX 8 native compilers used
+do_svr5-shared:
+ libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+ ( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
+ find . -name "*.o" -print > allobjs ; \
+ OBJS= ; export OBJS ; \
+ for obj in `ar t lib$$i.a` ; do \
+ OBJS="$${OBJS} `grep $$obj allobjs`" ; \
+ done ; \
+ set -x; ${CC} -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+ -h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+ $${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
+ libs="$$libs -l$$i"; \
+ done
+
Makefile.ssl: Makefile.org
@echo "Makefile.ssl is older than Makefile.org."
@echo "Reconfigure the source tree (via './config' or 'perl Configure'), please."
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c:
+
+ o Various SSL/TLS library bugfixes.
+ o BIGNUM library fixes.
+ o Add crypto accelerator support for AEP, Baltimore SureWare,
+ Broadcom [in 0.9.6c-engine release].
+
Changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b:
o Security fix: PRNG improvements.
X.509v3 certificates
X509 encoding/decoding into/from binary ASN1 and a PEM
- based ascii-binary encoding which supports encryption with a
+ based ASCII-binary encoding which supports encryption with a
private key. Program to generate RSA and DSA certificate
requests and to generate RSA and DSA certificates.
locations around the world. _YOU_ are responsible for ensuring that your use
of any algorithms is legal by checking if there are any patents in your
country. The file contains some of the patents that we know about or are
- rumoured to exist. This is not a definitive list.
+ rumored to exist. This is not a definitive list.
RSA Security holds software patents on the RC5 algorithm. If you
intend to use this cipher, you must contact RSA Security for
only be used with RSA Security's permission.
The IDEA algorithm is patented by Ascom in Austria, France, Germany, Italy,
- Japan, Netherlands, Spain, Sweden, Switzerland, UK and the USA. They should
- be contacted if that algorithm is to be used, their web page is
+ Japan, the Netherlands, Spain, Sweden, Switzerland, UK and the USA. They
+ should be contacted if that algorithm is to be used; their web page is
http://www.ascom.ch/.
INSTALLATION
INSTALL.VMS.
Read the documentation in the doc/ directory. It is quite rough, but it
- lists the functions, you will probably have to look at the code to work out
- how to used them. Look at the example programs.
+ lists the functions; you will probably have to look at the code to work out
+ how to use them. Look at the example programs.
SUPPORT
-------
With OpenSSL 0.9.6, a new component has been added to support external
crypto devices, for example accelerator cards. The component is called
ENGINE, and has still a pretty experimental status and almost no
- documentation. It's designed to be faily easily extensible by the
+ documentation. It's designed to be fairly easily extensible by the
calling programs.
There's currently built-in support for the following crypto devices:
No external crypto device is chosen unless you say so. You have actively
tell the openssl utility commands to use it through a new command line
switch called "-engine". And if you want to use the ENGINE library to
- do something similar, you must also explicitely choose an external crypto
+ do something similar, you must also explicitly choose an external crypto
device, or the built-in crypto routines will be used, just as in the
default OpenSSL distribution.
PROBLEMS
========
- It seems like the ENGINE part doesn't work too well with Cryptoswift on
+ It seems like the ENGINE part doesn't work too well with CryptoSwift on
Win32. A quick test done right before the release showed that trying
"openssl speed -engine cswift" generated errors. If the DSO gets enabled,
an attempt is made to write at memory address 0x00000002.
OpenSSL STATUS Last modified at
- ______________ $Date: 2001/04/05 17:48:02 $
+ ______________ $Date: 2001/11/12 22:26:22 $
DEVELOPMENT STATE
+ o OpenSSL 0.9.7: Under development...
+ o OpenSSL 0.9.6b: Released on July 9th, 2001
o OpenSSL 0.9.6a: Released on April 5th, 2001
o OpenSSL 0.9.6: Released on September 24th, 2000
o OpenSSL 0.9.5a: Released on April 1st, 2000
AVAILABLE PATCHES
+ o IA-64 (a.k.a. Intel Itanium) public-key operation performance
+ patch for Linux is available for download at
+ http://www.openssl.org/~appro/096b.linux-ia64.diff. As URL
+ suggests the patch is relative to OpenSSL 0.9.6b.
+
IN PROGRESS
o Steve is currently working on (in no particular order):
o Geoff and Richard are currently working on:
ENGINE (the new code that gives hardware support among others).
o Richard is currently working on:
+ UI (User Interface)
UTIL (a new set of library functions to support some higher level
functionality that is currently missing).
Shared library support for VMS.
- OCSP
Kerberos 5 authentication
Constification
+ OCSP
NEEDS PATCH
o Whenever strncpy is used, make sure the resulting string is NULL-terminated
or an error is reported
- OPEN ISSUES
+ o "OpenSSL STATUS" is never up-to-date.
- o crypto/ex_data.c is not really thread-safe and so must be used
- with care (e.g., extra locking where necessary, or don't call
- CRYPTO_get_ex_new_index once multiple threads exist).
- The current API is not suitable for everything that it pretends
- to offer.
+ OPEN ISSUES
o The Makefile hierarchy and build mechanism is still not a round thing:
WISHES
- o
+ o SRP in TLS.
+ [wished by:
+ Dj <derek@yo.net>, Tom Wu <tom@arcot.com>,
+ Tom Holroyd <tomh@po.crl.go.jp>]
+
+ See http://search.ietf.org/internet-drafts/draft-ietf-tls-srp-00.txt
+ as well as http://www-cs-students.stanford.edu/~tjw/srp/.
+
+ Tom Holroyd tells us there is a SRP patch for OpenSSH at
+ http://members.tripod.com/professor_tom/archives/, that could
+ be useful.
$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
$ranlib =
+*** OpenUNIX
+$cc = cc
+$cflags = -O -DFILIO_H -Kalloca
+$unistd =
+$thread_cflag = -Kthread
+$lflags = -lsocket -lnsl
+$bn_ops = BN_LLONG MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
+$bn_obj =
+$des_obj =
+$bf_obj =
+$md5_obj =
+$sha1_obj =
+$cast_obj =
+$rc4_obj =
+$rmd160_obj =
+$rc5_obj =
+$dso_scheme =
+$shared_target=
+$shared_cflag =
+$shared_extension =
+$ranlib =
+
+*** OpenUNIX-8
+$cc = cc
+$cflags = -O -DFILIO_H -Kalloca
+$unistd =
+$thread_cflag = -Kthread
+$lflags = -lsocket -lnsl
+$bn_ops = BN_LLONG MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
+$bn_obj =
+$des_obj =
+$bf_obj =
+$md5_obj =
+$sha1_obj =
+$cast_obj =
+$rc4_obj =
+$rmd160_obj =
+$rc5_obj =
+$dso_scheme =
+$shared_target=
+$shared_cflag =
+$shared_extension =
+$ranlib =
+
+*** OpenUNIX-8-gcc
+$cc = gcc
+$cflags = -O -DFILIO_H -fomit-frame-pointer
+$unistd =
+$thread_cflag = -pthread
+$lflags = -lsocket -lnsl
+$bn_ops = BN_LLONG MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
+$bn_obj =
+$des_obj =
+$bf_obj =
+$md5_obj =
+$sha1_obj =
+$cast_obj =
+$rc4_obj =
+$rmd160_obj =
+$rc5_obj =
+$dso_scheme =
+$shared_target=
+$shared_cflag =
+$shared_extension =
+$ranlib =
+
+*** OpenUNIX-8-gcc-shared
+$cc = gcc
+$cflags = -O3 -DFILIO_H -fomit-frame-pointer
+$unistd =
+$thread_cflag = -pthread
+$lflags = -lsocket -lnsl
+$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj = asm/bn86-elf.o asm/co86-elf.o
+$des_obj = asm/dx86-elf.o asm/yx86-elf.o
+$bf_obj = asm/bx86-elf.o
+$md5_obj = asm/mx86-elf.o
+$sha1_obj = asm/sx86-elf.o
+$cast_obj = asm/cx86-elf.o
+$rc4_obj = asm/rx86-elf.o
+$rmd160_obj = asm/rm86-elf.o
+$rc5_obj = asm/r586-elf.o
+$dso_scheme = dlfcn
+$shared_target= svr5-shared
+$shared_cflag = -fPIC
+$shared_extension =
+$ranlib =
+
+*** OpenUNIX-8-pentium
+$cc = cc
+$cflags = -O -DFILIO_H -Kalloca -Kpentium
+$unistd =
+$thread_cflag = -Kthread
+$lflags = -lsocket -lnsl
+$bn_ops = BN_LLONG MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
+$bn_obj =
+$des_obj =
+$bf_obj =
+$md5_obj =
+$sha1_obj =
+$cast_obj =
+$rc4_obj =
+$rmd160_obj =
+$rc5_obj =
+$dso_scheme =
+$shared_target=
+$shared_cflag =
+$shared_extension =
+$ranlib =
+
+*** OpenUNIX-8-pentium_pro
+$cc = cc
+$cflags = -O -DFILIO_H -Kalloca -Kpentium_pro
+$unistd =
+$thread_cflag = -Kthread
+$lflags = -lsocket -lnsl
+$bn_ops = BN_LLONG MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
+$bn_obj =
+$des_obj =
+$bf_obj =
+$md5_obj =
+$sha1_obj =
+$cast_obj =
+$rc4_obj =
+$rmd160_obj =
+$rc5_obj =
+$dso_scheme =
+$shared_target=
+$shared_cflag =
+$shared_extension =
+$ranlib =
+
+*** OpenUNIX-8-shared
+$cc = cc
+$cflags = -O -DFILIO_H -Kalloca
+$unistd =
+$thread_cflag = -Kthread
+$lflags = -lsocket -lnsl
+$bn_ops = MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
+$bn_obj =
+$des_obj =
+$bf_obj =
+$md5_obj =
+$sha1_obj =
+$cast_obj =
+$rc4_obj =
+$rmd160_obj =
+$rc5_obj =
+$dso_scheme = dlfcn
+$shared_target= svr5-shared
+$shared_cflag = -Kpic
+$shared_extension =
+$ranlib =
+
*** ReliantUNIX
$cc = cc
$cflags = -KPIC -g -DSNI -DTERMIOS -DB_ENDIAN
*** alpha-cc
$cc = cc
-$cflags = -std1 -tune host -O4 -readonly_strings
+$cflags = -std1 -tune host -fast -readonly_strings
$unistd =
-$thread_cflag = (unknown)
+$thread_cflag = -pthread
$lflags =
$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK
$bn_obj =
$shared_extension = .so
$ranlib =
+*** alpha-cc-rpath
+$cc = cc
+$cflags = -std1 -tune host -fast -readonly_strings
+$unistd =
+$thread_cflag = -pthread
+$lflags =
+$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK
+$bn_obj =
+$des_obj =
+$bf_obj =
+$md5_obj =
+$sha1_obj =
+$cast_obj =
+$rc4_obj =
+$rmd160_obj =
+$rc5_obj =
+$dso_scheme = dlfcn
+$shared_target= tru64-shared-rpath
+$shared_cflag =
+$shared_extension = .so
+$ranlib =
+
*** alpha-gcc
$cc = gcc
$cflags = -O3
$rmd160_obj =
$rc5_obj =
$dso_scheme = dlfcn
-$shared_target= tru64-shared
+$shared_target= alpha-osf1-shared
$shared_cflag =
$shared_extension = .so
$ranlib =
$cc = cc
$cflags = -std1 -tune host -fast -readonly_strings
$unistd =
-$thread_cflag = (unknown)
+$thread_cflag = -pthread
$lflags =
$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK
$bn_obj =
$shared_extension = .so
$ranlib =
+*** alphaold-cc
+$cc = cc
+$cflags = -std1 -tune host -O4 -readonly_strings
+$unistd =
+$thread_cflag = (unknown)
+$lflags =
+$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK
+$bn_obj =
+$des_obj =
+$bf_obj =
+$md5_obj =
+$sha1_obj =
+$cast_obj =
+$rc4_obj =
+$rmd160_obj =
+$rc5_obj =
+$dso_scheme = dlfcn
+$shared_target= alpha-osf1-shared
+$shared_cflag =
+$shared_extension = .so
+$ranlib =
+
*** bsdi-elf-gcc
$cc = gcc
$cflags = -DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall
*** debug-bodo
$cc = gcc
-$cflags = -DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DBIO_PAIR_DEBUG -g -m486 -pedantic -Wshadow -Wall
+$cflags = -DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -DBIO_PAIR_DEBUG -g -m486 -pedantic -Wshadow -Wall
$unistd =
$thread_cflag = -D_REENTRANT
$lflags =
*** debug-levitte-linux-elf
$cc = gcc
-$cflags = -DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -pipe
+$cflags = -DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -pipe
$unistd =
$thread_cflag = -D_REENTRANT
$lflags = -ldl
*** debug-ulf
$cc = gcc
-$cflags = -DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe
+$cflags = -DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -Wall -Werror -Wshadow -pipe
$unistd =
$thread_cflag = -D_REENTRANT
$lflags =
$cc = gcc
$cflags = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
$unistd =
-$thread_cflag = (unknown)
-$lflags =
-$bn_ops = SIXTY_FOUR_BIT_LONG
-$bn_obj =
+$thread_cflag = -D_REENTRANT
+$lflags = -ldl
+$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR
+$bn_obj = asm/ia64.o
$des_obj =
$bf_obj =
$md5_obj =
$rc4_obj =
$rmd160_obj =
$rc5_obj =
-$dso_scheme =
-$shared_target=
-$shared_cflag =
-$shared_extension =
+$dso_scheme = dlfcn
+$shared_target= linux-shared
+$shared_cflag = -fPIC
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
$ranlib =
*** linux-m68k
$shared_extension =
$ranlib =
+*** unixware-7-gcc
+$cc = gcc
+$cflags = -DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -m486 -Wall
+$unistd =
+$thread_cflag = -D_REENTRANT
+$lflags = -lsocket -lnsl
+$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj =
+$des_obj =
+$bf_obj =
+$md5_obj =
+$sha1_obj =
+$cast_obj =
+$rc4_obj =
+$rmd160_obj =
+$rc5_obj =
+$dso_scheme = dlfcn
+$shared_target= gnu-shared
+$shared_cflag = -fPIC
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib =
+
*** unixware-7-pentium
$cc = cc
$cflags = -O -DFILIO_H -Kalloca -Kpentium
$! Save directory information
$!
$ __HERE = F$PARSE(F$PARSE("A.;",F$ENVIRONMENT("PROCEDURE"))-"A.;","[]A.;") - "A.;"
+$ __HERE = F$EDIT(__HERE,"UPCASE")
$ __TOP = __HERE - "APPS]"
$ __INCLUDE = __TOP + "INCLUDE.OPENSSL]"
$!
BIO_printf(bio_err," the random number generator\n");
BIO_printf(bio_err," -newkey rsa:bits generate a new RSA key of 'bits' in size\n");
BIO_printf(bio_err," -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n");
-
- BIO_printf(bio_err," -[digest] Digest to sign with (md5, sha1, md2, mdc2)\n");
+ BIO_printf(bio_err," -[digest] Digest to sign with (md5, sha1, md2, mdc2, md4)\n");
BIO_printf(bio_err," -config file request template file.\n");
BIO_printf(bio_err," -new new request.\n");
BIO_printf(bio_err," -x509 output a x509 structure instead of a cert. req.\n");
BIO_printf(bio,"---\n");
if (peer != NULL)
X509_free(peer);
+ /* flush, or debugging output gets mixed with http response */
+ BIO_flush(bio);
}
4.2)
echo "whatever-whatever-unixware1"; exit 0
;;
+ OpenUNIX)
+ if [ "`echo x$VERSION | sed -e 's/\..*//'`" = "x8" ]; then
+ echo "${MACHINE}-unknown-OpenUNIX${VERSION}"; exit 0
+ fi
+ ;;
5)
if [ "`echo x$VERSION | sed -e 's/\..*//'`" = "x7" ]; then
echo "${MACHINE}-sco-unixware7"; exit 0
echo "${MACHINE}-whatever-openbsd"; exit 0
;;
+ OpenUNIX:*)
+ echo "${MACHINE}-unknown-OpenUNIX${VERSION}"; exit 0
+ ;;
+
OSF1:*:*:*alpha*)
- echo "${MACHINE}-dec-osf"; exit 0
+ OSFMAJOR=`echo ${RELEASE}| sed -e 's/^V\([0-9]*\)\..*$/\1/'`
+ case "$OSFMAJOR" in
+ 4|5)
+ echo "${MACHINE}-dec-tru64"; exit 0
+ ;;
+ 1|2|3)
+ echo "${MACHINE}-dec-osf"; exit 0
+ ;;
+ *)
+ echo "${MACHINE}-dec-osf"; exit 0
+ ;;
+ esac
;;
QNX:*)
pmax*-*-openbsd) OUT="OpenBSD-mips" ;;
*-*-openbsd) OUT="OpenBSD" ;;
*86*-*-bsdi4) OUT="bsdi-elf-gcc" ;;
- *-*-osf) OUT="alpha-cc" ;;
+ *-*-osf) OUT="alphaold-cc" ;;
+ *-*-tru64) OUT="alpha-cc" ;;
+ *-*-OpenUNIX*)
+ if [ "$CC" = "gcc" ]; then
+ OUT="OpenUNIX-8-gcc"
+ else
+ OUT="OpenUNIX-8"
+ fi
+ ;;
*-*-unixware7) OUT="unixware-7" ;;
*-*-UnixWare7) OUT="unixware-7" ;;
*-*-Unixware7) OUT="unixware-7" ;;
i386-*) options="$options 386" ;;
esac
-for i in bf cast des dh dsa hmac md2 md5 mdc2 rc2 rc4 rc5 ripemd rsa sha
+for i in bf cast des dh dsa hmac idea md2 md5 mdc2 rc2 rc4 rc5 ripemd rsa sha
do
if [ ! -d crypto/$i ]
then
mask = strtoul(p + 5, &end, 0);
if(*end) return 0;
} else if(!strcmp(p, "nombstr"))
- mask = ~(B_ASN1_BMPSTRING|B_ASN1_UTF8STRING);
+ mask = ~((unsigned long)(B_ASN1_BMPSTRING|B_ASN1_UTF8STRING));
else if(!strcmp(p, "pkix"))
- mask = ~B_ASN1_T61STRING;
+ mask = ~((unsigned long)B_ASN1_T61STRING);
else if(!strcmp(p, "utf8only")) mask = B_ASN1_UTF8STRING;
else if(!strcmp(p, "default"))
mask = 0xFFFFFFFFL;
struct hostent *BIO_gethostbyname(const char *name)
{
+#if 1
+ /* Caching gethostbyname() results forever is wrong,
+ * so we have to let the true gethostbyname() worry about this */
+ return gethostbyname(name);
+#else
struct hostent *ret;
int i,lowi=0,j;
unsigned long low= (unsigned long)-1;
-/* return(gethostbyname(name)); */
-#if 0 /* It doesn't make sense to use locking here: The function interface
- * is not thread-safe, because threads can never be sure when
- * some other thread destroys the data they were given a pointer to.
- */
+# if 0
+ /* It doesn't make sense to use locking here: The function interface
+ * is not thread-safe, because threads can never be sure when
+ * some other thread destroys the data they were given a pointer to.
+ */
CRYPTO_w_lock(CRYPTO_LOCK_GETHOSTBYNAME);
-#endif
+# endif
j=strlen(name);
if (j < 128)
{
* parameter is 'char *', instead of 'const char *'
*/
ret=gethostbyname(
-#ifndef CONST_STRICT
+# ifndef CONST_STRICT
(char *)
-#endif
+# endif
name);
if (ret == NULL)
goto end;
if (j > 128) /* too big to cache */
{
-#if 0 /* If we were trying to make this function thread-safe (which
- * is bound to fail), we'd have to give up in this case
- * (or allocate more memory). */
+# if 0
+ /* If we were trying to make this function thread-safe (which
+ * is bound to fail), we'd have to give up in this case
+ * (or allocate more memory). */
ret = NULL;
-#endif
+# endif
goto end;
}
ghbn_cache[i].order=BIO_ghbn_miss+BIO_ghbn_hits;
}
end:
-#if 0
+# if 0
CRYPTO_w_unlock(CRYPTO_LOCK_GETHOSTBYNAME);
-#endif
+# endif
return(ret);
+#endif
}
+
int BIO_sock_init(void)
{
#ifdef WINDOWS
#define BIO_set_ssl_renegotiate_bytes(b,num) \
BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL);
#define BIO_get_num_renegotiates(b) \
- BIO_ctrl(b,BIO_C_SET_SSL_NUM_RENEGOTIATES,0,NULL);
+ BIO_ctrl(b,BIO_C_GET_SSL_NUM_RENEGOTIATES,0,NULL);
#define BIO_set_ssl_renegotiate_timeout(b,seconds) \
BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL);
break;
case BIO_C_GET_WRITE_BUF_SIZE:
- num = (long) b->size;
+ ret = (long) b->size;
+ break;
case BIO_C_MAKE_BIO_PAIR:
{
$(CC) $(ASFLAGS) -E asm/sparcv8plus.S | \
/usr/ccs/bin/as -xarch=v8plus - -o asm/sparcv8plus-gcc27.o
+asm/ia64.o: asm/ia64.S
+
files:
$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
* be on. Again this in only really a problem on machines
* using "long long's", are 32bit, and are not using my assembler code. */
#if defined(MSDOS) || defined(WINDOWS) || defined(WIN32) || defined(linux)
-#define BN_DIV2W
+# ifndef BN_DIV2W
+# define BN_DIV2W
+# endif
#endif
/* assuming long is 64bit - this is the DEC Alpha
int BN_rand(BIGNUM *rnd, int bits, int top,int bottom);
int BN_pseudo_rand(BIGNUM *rnd, int bits, int top,int bottom);
int BN_rand_range(BIGNUM *rnd, BIGNUM *range);
+int BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range);
int BN_num_bits(const BIGNUM *a);
int BN_num_bits_word(BN_ULONG);
BIGNUM *BN_new(void);
#if !defined(NO_ASM) && !defined(NO_INLINE_ASM) && !defined(PEDANTIC) && !defined(BN_DIV3W)
# if defined(__GNUC__) && __GNUC__>=2
-# if defined(__i386)
+# if defined(__i386) || defined (__i386__)
/*
* There were two reasons for implementing this template:
* - GNU C generates a call to a function (__udivdi3 to be exact)
BN_MONT_CTX *mont = NULL;
const BIGNUM *A = NULL;
+ if (BN_cmp(a, BN_value_one()) <= 0)
+ return 0;
+
if (checks == BN_prime_checks)
checks = BN_prime_checks_for_size(BN_num_bits(a));
/* first look for small factors */
if (!BN_is_odd(a))
- return(0);
+ return 0;
if (do_trial_division)
{
for (i = 1; i < NUMPRIMES; i++)
for (i = 0; i < checks; i++)
{
- if (!BN_pseudo_rand(check, BN_num_bits(A1), 0, 0))
+ if (!BN_pseudo_rand_range(check, A1))
goto err;
- if (BN_cmp(check, A1) >= 0)
- if (!BN_sub(check, check, A1))
- goto err;
if (!BN_add_word(check, 1))
goto err;
/* now 1 <= check < A */
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
#include <stdio.h>
#include <time.h>
#endif
/* random number r: 0 <= r < range */
-int BN_rand_range(BIGNUM *r, BIGNUM *range)
+static int bn_rand_range(int pseudo, BIGNUM *r, BIGNUM *range)
{
+ int (*bn_rand)(BIGNUM *, int, int, int) = pseudo ? BN_pseudo_rand : BN_rand;
int n;
if (range->neg || BN_is_zero(range))
do
{
/* range = 11..._2, so each iteration succeeds with probability >= .75 */
- if (!BN_rand(r, n, -1, 0)) return 0;
+ if (!bn_rand(r, n, -1, 0)) return 0;
}
while (BN_cmp(r, range) >= 0);
}
* so 3*range (= 11..._2) is exactly one bit longer than range */
do
{
- if (!BN_rand(r, n + 1, -1, 0)) return 0;
+ if (!bn_rand(r, n + 1, -1, 0)) return 0;
/* If r < 3*range, use r := r MOD range
* (which is either r, r - range, or r - 2*range).
* Otherwise, iterate once more.
return 1;
}
+
+
+int BN_rand_range(BIGNUM *r, BIGNUM *range)
+ {
+ return bn_rand_range(0, r, range);
+ }
+
+int BN_pseudo_rand_range(BIGNUM *r, BIGNUM *range)
+ {
+ return bn_rand_range(1, r, range);
+ }
if (!zero)
bn_sqr_recursive(&(t[n2]),t,n,p);
else
- memset(&(t[n2]),0,n*sizeof(BN_ULONG));
+ memset(&(t[n2]),0,n2*sizeof(BN_ULONG));
bn_sqr_recursive(r,a,n,p);
bn_sqr_recursive(&(r[n2]),&(a[n]),n,p);
"ssl_sess_cert",
"ssl",
"rand",
+ "rand2",
"debug_malloc",
"BIO",
"gethostbyname",
"dso",
"dynlock",
"engine",
-#if CRYPTO_NUM_LOCKS != 29
+#if CRYPTO_NUM_LOCKS != 30
# error "Inconsistency between crypto.h and cryptlib.c"
#endif
};
$! Save directory information
$!
$ __HERE = F$PARSE(F$PARSE("A.;",F$ENVIRONMENT("PROCEDURE"))-"A.;","[]A.;") - "A.;"
+$ __HERE = F$EDIT(__HERE,"UPCASE")
$ __TOP = __HERE - "CRYPTO]"
$ __INCLUDE = __TOP + "INCLUDE.OPENSSL]"
$!
#define CRYPTO_LOCK_SSL_SESS_CERT 15
#define CRYPTO_LOCK_SSL 16
#define CRYPTO_LOCK_RAND 17
-#define CRYPTO_LOCK_MALLOC 18
-#define CRYPTO_LOCK_BIO 19
-#define CRYPTO_LOCK_GETHOSTBYNAME 20
-#define CRYPTO_LOCK_GETSERVBYNAME 21
-#define CRYPTO_LOCK_READDIR 22
-#define CRYPTO_LOCK_RSA_BLINDING 23
-#define CRYPTO_LOCK_DH 24
-#define CRYPTO_LOCK_MALLOC2 25
-#define CRYPTO_LOCK_DSO 26
-#define CRYPTO_LOCK_DYNLOCK 27
-#define CRYPTO_LOCK_ENGINE 28
+#define CRYPTO_LOCK_RAND2 18
+#define CRYPTO_LOCK_MALLOC 19
+#define CRYPTO_LOCK_BIO 20
+#define CRYPTO_LOCK_GETHOSTBYNAME 21
+#define CRYPTO_LOCK_GETSERVBYNAME 22
+#define CRYPTO_LOCK_READDIR 23
+#define CRYPTO_LOCK_RSA_BLINDING 24
+#define CRYPTO_LOCK_DH 25
+#define CRYPTO_LOCK_MALLOC2 26
+#define CRYPTO_LOCK_DSO 27
+#define CRYPTO_LOCK_DYNLOCK 28
#define CRYPTO_NUM_LOCKS 29
+#define CRYPTO_LOCK_ENGINE 29
+#define CRYPTO_NUM_LOCKS 30
#define CRYPTO_LOCK 1
#define CRYPTO_UNLOCK 2
int CRYPTO_pop_info(void);
int CRYPTO_remove_all_info(void);
+
+/* Default debugging functions (enabled by CRYPTO_malloc_debug_init() macro;
+ * used as default in CRYPTO_MDEBUG compilations): */
/* The last argument has the following significance:
*
* 0: called before the actual memory allocation has taken place
void CRYPTO_dbg_malloc(void *addr,int num,const char *file,int line,int before_p);
void CRYPTO_dbg_realloc(void *addr1,void *addr2,int num,const char *file,int line,int before_p);
void CRYPTO_dbg_free(void *addr,int before_p);
-
/* Tell the debugging code about options. By default, the following values
* apply:
*
- * 0: Clear all options.
- * 1: Set the "Show Time" option.
- * 2: Set the "Show Thread Number" option.
- * 3: 1 + 2
+ * 0: Clear all options.
+ * V_CRYPTO_MDEBUG_TIME (1): Set the "Show Time" option.
+ * V_CRYPTO_MDEBUG_THREAD (2): Set the "Show Thread Number" option.
+ * V_CRYPTO_MDEBUG_ALL (3): 1 + 2
*/
void CRYPTO_dbg_set_options(long bits);
long CRYPTO_dbg_get_options(void);
+
#ifndef NO_FP_API
void CRYPTO_mem_leaks_fp(FILE *);
#endif
static int generate_key(DH *dh)
{
int ok=0;
+ int generate_new_key=0;
+ unsigned l;
BN_CTX ctx;
BN_MONT_CTX *mont;
BIGNUM *pub_key=NULL,*priv_key=NULL;
{
priv_key=BN_new();
if (priv_key == NULL) goto err;
- do
- if (!BN_rand_range(priv_key, dh->p)) goto err;
- while (BN_is_zero(priv_key));
+ generate_new_key=1;
}
else
priv_key=dh->priv_key;
}
mont=(BN_MONT_CTX *)dh->method_mont_p;
+ if (generate_new_key)
+ {
+ l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */
+ if (!BN_rand(priv_key, l, 0, 0)) goto err;
+ }
if (!ENGINE_get_DH(dh->engine)->bn_mod_exp(dh, pub_key, dh->g,
priv_key,dh->p,&ctx,mont))
goto err;
const char *DH_version="Diffie-Hellman" OPENSSL_VERSION_PTEXT;
-static DH_METHOD *default_DH_method;
+static DH_METHOD *default_DH_method = NULL;
static int dh_meth_num = 0;
static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dh_meth = NULL;
const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT;
-static DSA_METHOD *default_DSA_method;
+static DSA_METHOD *default_DSA_method = NULL;
static int dsa_meth_num = 0;
static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dsa_meth = NULL;
if (p == NULL)
{
OPENSSL_free(str);
- return;
+ goto err;
}
else
str=p;
}
ERR_set_error_data(str,ERR_TXT_MALLOCED|ERR_TXT_STRING);
+err:
va_end(args);
}
break;
case BIO_CTRL_WPENDING: /* More to write in buffer */
ret=ctx->buf_len-ctx->buf_off;
- if ((ret == 0) && (ctx->base64.num != 0))
+ if ((ret == 0) && (ctx->encode != B64_NONE)
+ && (ctx->base64.num != 0))
ret=1;
else if (ret <= 0)
ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
goto again;
}
}
- else if (ctx->base64.num != 0)
+ else if (ctx->encode != B64_NONE && ctx->base64.num != 0)
{
ctx->buf_off=0;
EVP_EncodeFinal(&(ctx->base64),
static EVP_MD md4_md=
{
NID_md4,
- 0,
+ NID_md4WithRSAEncryption,
MD4_DIGEST_LENGTH,
MD4_Init,
MD4_Update,
*
* <appro@fy.chalmers.se>
*/
-# if defined(__i386)
+# if defined(__i386) || defined(__i386__)
# define ROTATE(a,n) ({ register unsigned int ret; \
asm ( \
"roll %1,%0" \
*/
# if defined(__GNUC__) && __GNUC__>=2 && !defined(NO_ASM) && !defined(NO_INLINE_ASM)
/* some GNU C inline assembler templates by <appro@fy.chalmers.se> */
-# if defined(__i386) && !defined(I386_ONLY)
+# if (defined(__i386) || defined(__i386__)) && !defined(I386_ONLY)
# define BE_FETCH32(a) ({ register unsigned int l=(a);\
asm ( \
"bswapl %0" \
void md4_block_host_order (MD4_CTX *c, const void *p,int num);
void md4_block_data_order (MD4_CTX *c, const void *p,int num);
-#if defined(__i386) || defined(_M_IX86) || defined(__INTEL__)
+#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
/*
* *_block_host_order is expected to handle aligned data while
* *_block_data_order - unaligned. As algorithm and host (x86)
#endif
#ifdef MD5_ASM
-# if defined(__i386) || defined(_M_IX86) || defined(__INTEL__)
+# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
# define md5_block_host_order md5_block_asm_host_order
# elif defined(__sparc) && defined(ULTRASPARC)
void md5_block_asm_data_order_aligned (MD5_CTX *c, const MD5_LONG *p,int num);
void md5_block_host_order (MD5_CTX *c, const void *p,int num);
void md5_block_data_order (MD5_CTX *c, const void *p,int num);
-#if defined(__i386) || defined(_M_IX86) || defined(__INTEL__)
+#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
/*
* *_block_host_order is expected to handle aligned data while
* *_block_data_order - unaligned. As algorithm and host (x86)
* perl obj_dat.pl objects.h obj_dat.h
*/
-#define NUM_NID 393
-#define NUM_SN 392
-#define NUM_LN 392
-#define NUM_OBJ 366
+#define NUM_NID 404
+#define NUM_SN 403
+#define NUM_LN 403
+#define NUM_OBJ 377
-static unsigned char lvalues[2896]={
+static unsigned char lvalues[2949]={
0x00, /* [ 0] OBJ_undef */
0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 1] OBJ_rsadsi */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 7] OBJ_pkcs */
0xBA,0x82,0x58, /* [2872] OBJ_dcObject */
0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x19,/* [2875] OBJ_domainComponent */
0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0D,/* [2885] OBJ_Domain */
+0x50, /* [2895] OBJ_joint_iso_ccitt */
+0x55,0x01,0x05, /* [2896] OBJ_selected_attribute_types */
+0x55,0x01,0x05,0x37, /* [2899] OBJ_clearance */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x03,/* [2903] OBJ_md4WithRSAEncryption */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0A, /* [2912] OBJ_ac_proxying */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0B, /* [2920] OBJ_sinfo_access */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x06, /* [2928] OBJ_id_aca_encAttrs */
+0x55,0x04,0x48, /* [2936] OBJ_role */
+0x55,0x1D,0x24, /* [2939] OBJ_policy_constraints */
+0x55,0x1D,0x37, /* [2942] OBJ_target_information */
+0x55,0x1D,0x38, /* [2945] OBJ_no_rev_avail */
};
static ASN1_OBJECT nid_objs[NUM_NID]={
{"dcobject","dcObject",NID_dcObject,3,&(lvalues[2872]),0},
{"DC","domainComponent",NID_domainComponent,10,&(lvalues[2875]),0},
{"domain","Domain",NID_Domain,10,&(lvalues[2885]),0},
+{"JOINT-ISO-CCITT","joint-iso-ccitt",NID_joint_iso_ccitt,1,
+ &(lvalues[2895]),0},
+{"selected-attribute-types","Selected Attribute Types",
+ NID_selected_attribute_types,3,&(lvalues[2896]),0},
+{"clearance","clearance",NID_clearance,4,&(lvalues[2899]),0},
+{"RSA-MD4","md4WithRSAEncryption",NID_md4WithRSAEncryption,9,
+ &(lvalues[2903]),0},
+{"ac-proxying","ac-proxying",NID_ac_proxying,8,&(lvalues[2912]),0},
+{"subjectInfoAccess","Subject Information Access",NID_sinfo_access,8,
+ &(lvalues[2920]),0},
+{"id-aca-encAttrs","id-aca-encAttrs",NID_id_aca_encAttrs,8,
+ &(lvalues[2928]),0},
+{"role","role",NID_role,3,&(lvalues[2936]),0},
+{"policyConstraints","X509v3 Policy Constraints",
+ NID_policy_constraints,3,&(lvalues[2939]),0},
+{"targetInformation","X509v3 AC Targeting",NID_target_information,3,
+ &(lvalues[2942]),0},
+{"noRevAvail","X509v3 No Revocation Available",NID_no_rev_avail,3,
+ &(lvalues[2945]),0},
};
static ASN1_OBJECT *sn_objs[NUM_SN]={
&(nid_objs[46]),/* "IDEA-OFB" */
&(nid_objs[181]),/* "ISO" */
&(nid_objs[183]),/* "ISO-US" */
+&(nid_objs[393]),/* "JOINT-ISO-CCITT" */
&(nid_objs[15]),/* "L" */
&(nid_objs[ 3]),/* "MD2" */
&(nid_objs[257]),/* "MD4" */
&(nid_objs[124]),/* "RLE" */
&(nid_objs[19]),/* "RSA" */
&(nid_objs[ 7]),/* "RSA-MD2" */
+&(nid_objs[396]),/* "RSA-MD4" */
&(nid_objs[ 8]),/* "RSA-MD5" */
&(nid_objs[96]),/* "RSA-MDC2" */
&(nid_objs[104]),/* "RSA-NP-MD5" */
&(nid_objs[125]),/* "ZLIB" */
&(nid_objs[289]),/* "aaControls" */
&(nid_objs[287]),/* "ac-auditEntity" */
+&(nid_objs[397]),/* "ac-proxying" */
&(nid_objs[288]),/* "ac-targeting" */
&(nid_objs[368]),/* "acceptableResponses" */
&(nid_objs[363]),/* "ad_timestamping" */
&(nid_objs[152]),/* "certBag" */
&(nid_objs[89]),/* "certificatePolicies" */
&(nid_objs[54]),/* "challengePassword" */
+&(nid_objs[395]),/* "clearance" */
&(nid_objs[130]),/* "clientAuth" */
&(nid_objs[131]),/* "codeSigning" */
&(nid_objs[50]),/* "contentType" */
&(nid_objs[355]),/* "id-aca-accessIdentity" */
&(nid_objs[354]),/* "id-aca-authenticationInfo" */
&(nid_objs[356]),/* "id-aca-chargingIdentity" */
+&(nid_objs[399]),/* "id-aca-encAttrs" */
&(nid_objs[357]),/* "id-aca-group" */
&(nid_objs[358]),/* "id-aca-role" */
&(nid_objs[176]),/* "id-ad" */
&(nid_objs[137]),/* "msSGC" */
&(nid_objs[173]),/* "name" */
&(nid_objs[369]),/* "noCheck" */
+&(nid_objs[403]),/* "noRevAvail" */
&(nid_objs[72]),/* "nsBaseUrl" */
&(nid_objs[76]),/* "nsCaPolicyUrl" */
&(nid_objs[74]),/* "nsCaRevocationUrl" */
&(nid_objs[22]),/* "pkcs7-signedData" */
&(nid_objs[151]),/* "pkcs8ShroudedKeyBag" */
&(nid_objs[47]),/* "pkcs9" */
+&(nid_objs[401]),/* "policyConstraints" */
&(nid_objs[385]),/* "private" */
&(nid_objs[84]),/* "privateKeyUsagePeriod" */
&(nid_objs[286]),/* "qcStatements" */
+&(nid_objs[400]),/* "role" */
&(nid_objs[ 6]),/* "rsaEncryption" */
&(nid_objs[377]),/* "rsaSignature" */
&(nid_objs[ 1]),/* "rsadsi" */
&(nid_objs[159]),/* "sdsiCertificate" */
&(nid_objs[154]),/* "secretBag" */
&(nid_objs[386]),/* "security" */
+&(nid_objs[394]),/* "selected-attribute-types" */
&(nid_objs[129]),/* "serverAuth" */
&(nid_objs[371]),/* "serviceLocator" */
&(nid_objs[52]),/* "signingTime" */
&(nid_objs[387]),/* "snmpv2" */
&(nid_objs[85]),/* "subjectAltName" */
+&(nid_objs[398]),/* "subjectInfoAccess" */
&(nid_objs[82]),/* "subjectKeyIdentifier" */
+&(nid_objs[402]),/* "targetInformation" */
&(nid_objs[293]),/* "textNotice" */
&(nid_objs[133]),/* "timeStamping" */
&(nid_objs[375]),/* "trustRoot" */
&(nid_objs[167]),/* "S/MIME Capabilities" */
&(nid_objs[387]),/* "SNMPv2" */
&(nid_objs[386]),/* "Security" */
+&(nid_objs[394]),/* "Selected Attribute Types" */
&(nid_objs[143]),/* "Strong Extranet ID" */
+&(nid_objs[398]),/* "Subject Information Access" */
&(nid_objs[130]),/* "TLS Web Client Authentication" */
&(nid_objs[129]),/* "TLS Web Server Authentication" */
&(nid_objs[133]),/* "Time Stamping" */
&(nid_objs[375]),/* "Trust Root" */
&(nid_objs[12]),/* "X509" */
+&(nid_objs[402]),/* "X509v3 AC Targeting" */
&(nid_objs[90]),/* "X509v3 Authority Key Identifier" */
&(nid_objs[87]),/* "X509v3 Basic Constraints" */
&(nid_objs[103]),/* "X509v3 CRL Distribution Points" */
&(nid_objs[126]),/* "X509v3 Extended Key Usage" */
&(nid_objs[86]),/* "X509v3 Issuer Alternative Name" */
&(nid_objs[83]),/* "X509v3 Key Usage" */
+&(nid_objs[403]),/* "X509v3 No Revocation Available" */
+&(nid_objs[401]),/* "X509v3 Policy Constraints" */
&(nid_objs[84]),/* "X509v3 Private Key Usage Period" */
&(nid_objs[85]),/* "X509v3 Subject Alternative Name" */
&(nid_objs[82]),/* "X509v3 Subject Key Identifier" */
&(nid_objs[185]),/* "X9.57 CM ?" */
&(nid_objs[289]),/* "aaControls" */
&(nid_objs[287]),/* "ac-auditEntity" */
+&(nid_objs[397]),/* "ac-proxying" */
&(nid_objs[288]),/* "ac-targeting" */
&(nid_objs[364]),/* "ad dvcs" */
&(nid_objs[376]),/* "algorithm" */
&(nid_objs[111]),/* "cast5-ofb" */
&(nid_objs[152]),/* "certBag" */
&(nid_objs[54]),/* "challengePassword" */
+&(nid_objs[395]),/* "clearance" */
&(nid_objs[13]),/* "commonName" */
&(nid_objs[50]),/* "contentType" */
&(nid_objs[53]),/* "countersignature" */
&(nid_objs[355]),/* "id-aca-accessIdentity" */
&(nid_objs[354]),/* "id-aca-authenticationInfo" */
&(nid_objs[356]),/* "id-aca-chargingIdentity" */
+&(nid_objs[399]),/* "id-aca-encAttrs" */
&(nid_objs[357]),/* "id-aca-group" */
&(nid_objs[358]),/* "id-aca-role" */
&(nid_objs[176]),/* "id-ad" */
&(nid_objs[46]),/* "idea-ofb" */
&(nid_objs[101]),/* "initials" */
&(nid_objs[181]),/* "iso" */
+&(nid_objs[393]),/* "joint-iso-ccitt" */
&(nid_objs[150]),/* "keyBag" */
&(nid_objs[157]),/* "localKeyID" */
&(nid_objs[15]),/* "localityName" */
&(nid_objs[ 3]),/* "md2" */
&(nid_objs[ 7]),/* "md2WithRSAEncryption" */
&(nid_objs[257]),/* "md4" */
+&(nid_objs[396]),/* "md4WithRSAEncryption" */
&(nid_objs[ 4]),/* "md5" */
&(nid_objs[114]),/* "md5-sha1" */
&(nid_objs[104]),/* "md5WithRSA" */
&(nid_objs[123]),/* "rc5-ofb" */
&(nid_objs[117]),/* "ripemd160" */
&(nid_objs[119]),/* "ripemd160WithRSA" */
+&(nid_objs[400]),/* "role" */
&(nid_objs[19]),/* "rsa" */
&(nid_objs[ 6]),/* "rsaEncryption" */
&(nid_objs[377]),/* "rsaSignature" */
&(nid_objs[181]),/* OBJ_iso 1 */
&(nid_objs[182]),/* OBJ_member_body 1 2 */
&(nid_objs[379]),/* OBJ_org 1 3 */
+&(nid_objs[393]),/* OBJ_joint_iso_ccitt 2 */
&(nid_objs[11]),/* OBJ_X500 2 5 */
&(nid_objs[380]),/* OBJ_dod 1 3 6 */
&(nid_objs[12]),/* OBJ_X509 2 5 4 */
&(nid_objs[81]),/* OBJ_id_ce 2 5 29 */
&(nid_objs[183]),/* OBJ_ISO_US 1 2 840 */
&(nid_objs[381]),/* OBJ_iana 1 3 6 1 */
+&(nid_objs[394]),/* OBJ_selected_attribute_types 2 5 1 5 */
&(nid_objs[13]),/* OBJ_commonName 2 5 4 3 */
&(nid_objs[100]),/* OBJ_surname 2 5 4 4 */
&(nid_objs[105]),/* OBJ_serialNumber 2 5 4 5 */
&(nid_objs[101]),/* OBJ_initials 2 5 4 43 */
&(nid_objs[102]),/* OBJ_uniqueIdentifier 2 5 4 45 */
&(nid_objs[174]),/* OBJ_dnQualifier 2 5 4 46 */
+&(nid_objs[400]),/* OBJ_role 2 5 4 72 */
&(nid_objs[82]),/* OBJ_subject_key_identifier 2 5 29 14 */
&(nid_objs[83]),/* OBJ_key_usage 2 5 29 15 */
&(nid_objs[84]),/* OBJ_private_key_usage_period 2 5 29 16 */
&(nid_objs[103]),/* OBJ_crl_distribution_points 2 5 29 31 */
&(nid_objs[89]),/* OBJ_certificate_policies 2 5 29 32 */
&(nid_objs[90]),/* OBJ_authority_key_identifier 2 5 29 35 */
+&(nid_objs[401]),/* OBJ_policy_constraints 2 5 29 36 */
&(nid_objs[126]),/* OBJ_ext_key_usage 2 5 29 37 */
+&(nid_objs[402]),/* OBJ_target_information 2 5 29 55 */
+&(nid_objs[403]),/* OBJ_no_rev_avail 2 5 29 56 */
&(nid_objs[390]),/* OBJ_dcObject 1466 344 */
&(nid_objs[382]),/* OBJ_Directory 1 3 6 1 1 */
&(nid_objs[383]),/* OBJ_Management 1 3 6 1 2 */
&(nid_objs[387]),/* OBJ_SNMPv2 1 3 6 1 6 */
&(nid_objs[388]),/* OBJ_Mail 1 3 6 1 7 */
&(nid_objs[376]),/* OBJ_algorithm 1 3 14 3 2 */
+&(nid_objs[395]),/* OBJ_clearance 2 5 1 5 55 */
&(nid_objs[19]),/* OBJ_rsa 2 5 8 1 1 */
&(nid_objs[96]),/* OBJ_mdc2WithRSA 2 5 8 3 100 */
&(nid_objs[95]),/* OBJ_mdc2 2 5 8 3 101 */
&(nid_objs[290]),/* OBJ_sbqp_ipAddrBlock 1 3 6 1 5 5 7 1 7 */
&(nid_objs[291]),/* OBJ_sbqp_autonomousSysNum 1 3 6 1 5 5 7 1 8 */
&(nid_objs[292]),/* OBJ_sbqp_routerIdentifier 1 3 6 1 5 5 7 1 9 */
+&(nid_objs[397]),/* OBJ_ac_proxying 1 3 6 1 5 5 7 1 10 */
+&(nid_objs[398]),/* OBJ_sinfo_access 1 3 6 1 5 5 7 1 11 */
&(nid_objs[164]),/* OBJ_id_qt_cps 1 3 6 1 5 5 7 2 1 */
&(nid_objs[165]),/* OBJ_id_qt_unotice 1 3 6 1 5 5 7 2 2 */
&(nid_objs[293]),/* OBJ_textNotice 1 3 6 1 5 5 7 2 3 */
&(nid_objs[356]),/* OBJ_id_aca_chargingIdentity 1 3 6 1 5 5 7 10 3 */
&(nid_objs[357]),/* OBJ_id_aca_group 1 3 6 1 5 5 7 10 4 */
&(nid_objs[358]),/* OBJ_id_aca_role 1 3 6 1 5 5 7 10 5 */
+&(nid_objs[399]),/* OBJ_id_aca_encAttrs 1 3 6 1 5 5 7 10 6 */
&(nid_objs[359]),/* OBJ_id_qcs_pkixQCSyntax_v1 1 3 6 1 5 5 7 11 1 */
&(nid_objs[360]),/* OBJ_id_cct_crs 1 3 6 1 5 5 7 12 1 */
&(nid_objs[361]),/* OBJ_id_cct_PKIData 1 3 6 1 5 5 7 12 2 */
&(nid_objs[112]),/* OBJ_pbeWithMD5AndCast5_CBC 1 2 840 113533 7 66 12 */
&(nid_objs[ 6]),/* OBJ_rsaEncryption 1 2 840 113549 1 1 1 */
&(nid_objs[ 7]),/* OBJ_md2WithRSAEncryption 1 2 840 113549 1 1 2 */
+&(nid_objs[396]),/* OBJ_md4WithRSAEncryption 1 2 840 113549 1 1 3 */
&(nid_objs[ 8]),/* OBJ_md5WithRSAEncryption 1 2 840 113549 1 1 4 */
&(nid_objs[65]),/* OBJ_sha1WithRSAEncryption 1 2 840 113549 1 1 5 */
&(nid_objs[28]),/* OBJ_dhKeyAgreement 1 2 840 113549 1 3 1 */
#define NID_iso 181
#define OBJ_iso 1L
+#define SN_joint_iso_ccitt "JOINT-ISO-CCITT"
+#define LN_joint_iso_ccitt "joint-iso-ccitt"
+#define NID_joint_iso_ccitt 393
+#define OBJ_joint_iso_ccitt 2L
+
#define SN_member_body "member-body"
#define LN_member_body "ISO Member Body"
#define NID_member_body 182
#define OBJ_member_body OBJ_iso,2L
+#define SN_selected_attribute_types "selected-attribute-types"
+#define LN_selected_attribute_types "Selected Attribute Types"
+#define NID_selected_attribute_types 394
+#define OBJ_selected_attribute_types OBJ_joint_iso_ccitt,5L,1L,5L
+
+#define SN_clearance "clearance"
+#define NID_clearance 395
+#define OBJ_clearance OBJ_selected_attribute_types,55L
+
#define SN_ISO_US "ISO-US"
#define LN_ISO_US "ISO US Member Body"
#define NID_ISO_US 183
#define NID_md2WithRSAEncryption 7
#define OBJ_md2WithRSAEncryption OBJ_pkcs1,2L
+#define SN_md4WithRSAEncryption "RSA-MD4"
+#define LN_md4WithRSAEncryption "md4WithRSAEncryption"
+#define NID_md4WithRSAEncryption 396
+#define OBJ_md4WithRSAEncryption OBJ_pkcs1,3L
+
#define SN_md5WithRSAEncryption "RSA-MD5"
#define LN_md5WithRSAEncryption "md5WithRSAEncryption"
#define NID_md5WithRSAEncryption 8
#define NID_sbqp_routerIdentifier 292
#define OBJ_sbqp_routerIdentifier OBJ_id_pe,9L
+#define SN_ac_proxying "ac-proxying"
+#define NID_ac_proxying 397
+#define OBJ_ac_proxying OBJ_id_pe,10L
+
+#define SN_sinfo_access "subjectInfoAccess"
+#define LN_sinfo_access "Subject Information Access"
+#define NID_sinfo_access 398
+#define OBJ_sinfo_access OBJ_id_pe,11L
+
#define SN_id_qt_cps "id-qt-cps"
#define LN_id_qt_cps "Policy Qualifier CPS"
#define NID_id_qt_cps 164
#define NID_id_aca_role 358
#define OBJ_id_aca_role OBJ_id_aca,5L
+#define SN_id_aca_encAttrs "id-aca-encAttrs"
+#define NID_id_aca_encAttrs 399
+#define OBJ_id_aca_encAttrs OBJ_id_aca,6L
+
#define SN_id_qcs_pkixQCSyntax_v1 "id-qcs-pkixQCSyntax-v1"
#define NID_id_qcs_pkixQCSyntax_v1 359
#define OBJ_id_qcs_pkixQCSyntax_v1 OBJ_id_qcs,1L
#define NID_dnQualifier 174
#define OBJ_dnQualifier OBJ_X509,46L
+#define SN_role "role"
+#define LN_role "role"
+#define NID_role 400
+#define OBJ_role OBJ_X509,72L
+
#define SN_X500algorithms "X500algorithms"
#define LN_X500algorithms "directory services - algorithms"
#define NID_X500algorithms 378
#define NID_authority_key_identifier 90
#define OBJ_authority_key_identifier OBJ_id_ce,35L
+#define SN_policy_constraints "policyConstraints"
+#define LN_policy_constraints "X509v3 Policy Constraints"
+#define NID_policy_constraints 401
+#define OBJ_policy_constraints OBJ_id_ce,36L
+
#define SN_ext_key_usage "extendedKeyUsage"
#define LN_ext_key_usage "X509v3 Extended Key Usage"
#define NID_ext_key_usage 126
#define OBJ_ext_key_usage OBJ_id_ce,37L
+#define SN_target_information "targetInformation"
+#define LN_target_information "X509v3 AC Targeting"
+#define NID_target_information 402
+#define OBJ_target_information OBJ_id_ce,55L
+
+#define SN_no_rev_avail "noRevAvail"
+#define LN_no_rev_avail "X509v3 No Revocation Available"
+#define NID_no_rev_avail 403
+#define OBJ_no_rev_avail OBJ_id_ce,56L
+
#define SN_netscape "Netscape"
#define LN_netscape "Netscape Communications Corp."
#define NID_netscape 57
dcObject 390
domainComponent 391
Domain 392
+joint_iso_ccitt 393
+selected_attribute_types 394
+clearance 395
+md4WithRSAEncryption 396
+ac_proxying 397
+sinfo_access 398
+id_aca_encAttrs 399
+role 400
+policy_constraints 401
+target_information 402
+no_rev_avail 403
1 : ISO : iso
+2 : JOINT-ISO-CCITT : joint-iso-ccitt
+
iso 2 : member-body : ISO Member Body
+joint-iso-ccitt 5 1 5 : selected-attribute-types : Selected Attribute Types
+
+selected-attribute-types 55 : clearance
+
member-body 840 : ISO-US : ISO US Member Body
ISO-US 10040 : X9-57 : X9.57
X9-57 4 : X9cm : X9.57 CM ?
pkcs 1 : pkcs1
pkcs1 1 : : rsaEncryption
pkcs1 2 : RSA-MD2 : md2WithRSAEncryption
+pkcs1 3 : RSA-MD4 : md4WithRSAEncryption
pkcs1 4 : RSA-MD5 : md5WithRSAEncryption
pkcs1 5 : RSA-SHA1 : sha1WithRSAEncryption
id-pe 7 : sbqp-ipAddrBlock
id-pe 8 : sbqp-autonomousSysNum
id-pe 9 : sbqp-routerIdentifier
+id-pe 10 : ac-proxying
+!Cname sinfo-access
+id-pe 11 : subjectInfoAccess : Subject Information Access
# PKIX policyQualifiers for Internet policy qualifiers
id-qt 1 : id-qt-cps : Policy Qualifier CPS
id-aca 2 : id-aca-accessIdentity
id-aca 3 : id-aca-chargingIdentity
id-aca 4 : id-aca-group
+# attention : the following seems to be obsolete, replace by 'role'
id-aca 5 : id-aca-role
+id-aca 6 : id-aca-encAttrs
# qualified certificate statements
id-qcs 1 : id-qcs-pkixQCSyntax-v1
X509 43 : I : initials
X509 45 : UID : uniqueIdentifier
X509 46 : dnQualifier : dnQualifier
+X509 72 : role : role
X500 8 : X500algorithms : directory services - algorithms
X500algorithms 1 1 : RSA : rsa
id-ce 32 : certificatePolicies : X509v3 Certificate Policies
!Cname authority-key-identifier
id-ce 35 : authorityKeyIdentifier : X509v3 Authority Key Identifier
+!Cname policy-constraints
+id-ce 36 : policyConstraints : X509v3 Policy Constraints
!Cname ext-key-usage
id-ce 37 : extendedKeyUsage : X509v3 Extended Key Usage
+!Cname target-information
+id-ce 55 : targetInformation : X509v3 AC Targeting
+!Cname no-rev-avail
+id-ce 56 : noRevAvail : X509v3 No Revocation Available
!Cname netscape
2 16 840 1 113730 : Netscape : Netscape Communications Corp.
*
* libcrypto.so.0
*
- * On True64 it works a little bit differently. There, the shared library
- * version is stored in the file, and is actually a series of versions,
- * separated by colons. The rightmost version present in the library when
- * linking an application is stored in the application to be matched at
- * run time. When the application is run, a check is done to see if the
- * library version stored in the application matches any of the versions
- * in the version string of the library itself.
+ * On Tru64 and IRIX 6.x it works a little bit differently. There, the
+ * shared library version is stored in the file, and is actually a series
+ * of versions, separated by colons. The rightmost version present in the
+ * library when linking an application is stored in the application to be
+ * matched at run time. When the application is run, a check is done to
+ * see if the library version stored in the application matches any of the
+ * versions in the version string of the library itself.
* This version string can be constructed in any way, depending on what
* kind of matching is desired. However, to implement the same scheme as
* the one used in the other unixen, all compatible versions, from lowest
* However, it's nice and more understandable if it actually does.
* The current library version is stored in the macro SHLIB_VERSION_NUMBER,
* which is just a piece of text in the format "M.m.e" (Major, minor, edit).
- * For the sake of True64 and any other OS that behaves in similar ways,
+ * For the sake of Tru64, IRIX, and any other OS that behaves in similar ways,
* we need to keep a history of version numbers, which is done in the
* macro SHLIB_VERSION_HISTORY. The numbers are separated by colons and
* should only keep the versions that are binary compatible with the current.
/* pk7_attr.c */
-/* S/MIME code.
- * Copyright (C) 1997-8 Dr S N Henson (shenson@bigfoot.com)
- * All Rights Reserved.
- * Redistribution of this code without the authors permission is expressly
- * prohibited.
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
*/
#include <stdio.h>
* [including the GNU Public Licence.]
*/
/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
static unsigned int crypto_lock_rand = 0; /* may be set only when a thread
* holds CRYPTO_LOCK_RAND
* (to prevent double locking) */
+/* access to lockin_thread is synchronized by CRYPTO_LOCK_RAND2 */
static unsigned long locking_thread = 0; /* valid iff crypto_lock_rand is set */
*/
/* check if we already have the lock */
- do_not_lock = crypto_lock_rand && (locking_thread == CRYPTO_thread_id());
+ if (crypto_lock_rand)
+ {
+ CRYPTO_r_lock(CRYPTO_LOCK_RAND2);
+ do_not_lock = (locking_thread == CRYPTO_thread_id());
+ CRYPTO_r_unlock(CRYPTO_LOCK_RAND2);
+ }
+ else
+ do_not_lock = 0;
if (!do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND);
st_idx=state_index;
CRYPTO_w_lock(CRYPTO_LOCK_RAND);
/* prevent ssleay_rand_bytes() from trying to obtain the lock again */
- crypto_lock_rand = 1;
+ CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
locking_thread = CRYPTO_thread_id();
+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
+ crypto_lock_rand = 1;
if (!initialized)
{
/* before unlocking, we must clear 'crypto_lock_rand' */
crypto_lock_rand = 0;
- locking_thread = 0;
CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
while (num > 0)
/* check if we already have the lock
* (could happen if a RAND_poll() implementation calls RAND_status()) */
- do_not_lock = crypto_lock_rand && (locking_thread == CRYPTO_thread_id());
+ if (crypto_lock_rand)
+ {
+ CRYPTO_r_lock(CRYPTO_LOCK_RAND2);
+ do_not_lock = (locking_thread == CRYPTO_thread_id());
+ CRYPTO_r_unlock(CRYPTO_LOCK_RAND2);
+ }
+ else
+ do_not_lock = 0;
if (!do_not_lock)
{
CRYPTO_w_lock(CRYPTO_LOCK_RAND);
/* prevent ssleay_rand_bytes() from trying to obtain the lock again */
- crypto_lock_rand = 1;
+ CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
locking_thread = CRYPTO_thread_id();
+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
+ crypto_lock_rand = 1;
}
if (!initialized)
{
/* before unlocking, we must clear 'crypto_lock_rand' */
crypto_lock_rand = 0;
- locking_thread = 0;
CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
}
* <appro@fy.chalmers.se>
*/
#ifdef RMD160_ASM
-# if defined(__i386) || defined(_M_IX86) || defined(__INTEL__)
+# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
# define ripemd160_block_host_order ripemd160_block_asm_host_order
# endif
#endif
void ripemd160_block_host_order (RIPEMD160_CTX *c, const void *p,int num);
void ripemd160_block_data_order (RIPEMD160_CTX *c, const void *p,int num);
-#if defined(__i386) || defined(_M_IX86) || defined(__INTEL__)
+#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
#define ripemd160_block_data_order ripemd160_block_host_order
#endif
#define RSA_R_DATA_GREATER_THAN_MOD_LEN 108
#define RSA_R_DATA_TOO_LARGE 109
#define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 110
+#define RSA_R_DATA_TOO_LARGE_FOR_MODULUS 132
#define RSA_R_DATA_TOO_SMALL 111
#define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE 122
#define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 112
static RSA_METHOD rsa_pkcs1_eay_meth={
"Eric Young's PKCS#1 RSA",
RSA_eay_public_encrypt,
- RSA_eay_public_decrypt,
- RSA_eay_private_encrypt,
+ RSA_eay_public_decrypt, /* signature verification */
+ RSA_eay_private_encrypt, /* signing */
RSA_eay_private_decrypt,
RSA_eay_mod_exp,
BN_mod_exp_mont,
if (BN_bin2bn(buf,num,&f) == NULL) goto err;
+ if (BN_ucmp(&f, rsa->n) >= 0)
+ {
+ /* usually the padding functions would catch this */
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
+ goto err;
+ }
+
if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC))
{
BN_MONT_CTX* bn_mont_ctx;
return(r);
}
+/* signing */
static int RSA_eay_private_encrypt(int flen, unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
if (i <= 0) goto err;
if (BN_bin2bn(buf,num,&f) == NULL) goto err;
+
+ if (BN_ucmp(&f, rsa->n) >= 0)
+ {
+ /* usually the padding functions would catch this */
+ RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
+ goto err;
+ }
if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))
RSA_blinding_on(rsa,ctx);
/* make data into a big number */
if (BN_bin2bn(from,(int)flen,&f) == NULL) goto err;
+ if (BN_ucmp(&f, rsa->n) >= 0)
+ {
+ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
+ goto err;
+ }
+
if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))
RSA_blinding_on(rsa,ctx);
if (rsa->flags & RSA_FLAG_BLINDING)
return(r);
}
+/* signature verification */
static int RSA_eay_public_decrypt(int flen, unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
}
if (BN_bin2bn(from,flen,&f) == NULL) goto err;
+
+ if (BN_ucmp(&f, rsa->n) >= 0)
+ {
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
+ goto err;
+ }
+
/* do the decrypt */
if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC))
{
{RSA_R_DATA_GREATER_THAN_MOD_LEN ,"data greater than mod len"},
{RSA_R_DATA_TOO_LARGE ,"data too large"},
{RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE ,"data too large for key size"},
+{RSA_R_DATA_TOO_LARGE_FOR_MODULUS ,"data too large for modulus"},
{RSA_R_DATA_TOO_SMALL ,"data too small"},
{RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE ,"data too small for key size"},
{RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY ,"digest too big for rsa key"},
/* Written by Ulf Moeller. This software is distributed on an "AS IS"
basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. */
-/* EME_OAEP as defined in RFC 2437 (PKCS #1 v2.0) */
+/* EME-OAEP as defined in RFC 2437 (PKCS #1 v2.0) */
+
+/* See Victor Shoup, "OAEP reconsidered," Nov. 2000,
+ * <URL: http://www.shoup.net/papers/oaep.ps.Z>
+ * for problems with the security proof for the
+ * original OAEP scheme, which EME-OAEP is based on.
+ *
+ * A new proof can be found in E. Fujisaki, T. Okamoto,
+ * D. Pointcheval, J. Stern, "RSA-OEAP is Still Alive!",
+ * Dec. 2000, <URL: http://eprint.iacr.org/2000/061/>.
+ * The new proof has stronger requirements for the
+ * underlying permutation: "partial-one-wayness" instead
+ * of one-wayness. For the RSA function, this is
+ * an equivalent notion.
+ */
+
#if !defined(NO_SHA) && !defined(NO_SHA1)
#include <stdio.h>
#include <openssl/sha.h>
#include <openssl/rand.h>
-int MGF1(unsigned char *mask, long len, unsigned char *seed, long seedlen);
+int MGF1(unsigned char *mask, long len,
+ unsigned char *seed, long seedlen);
int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
- unsigned char *from, int flen, unsigned char *param, int plen)
- {
- int i, emlen = tlen - 1;
- unsigned char *db, *seed;
- unsigned char *dbmask, seedmask[SHA_DIGEST_LENGTH];
-
- if (flen > emlen - 2 * SHA_DIGEST_LENGTH - 1)
+ unsigned char *from, int flen,
+ unsigned char *param, int plen)
{
- RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP,
- RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
- return (0);
- }
+ int i, emlen = tlen - 1;
+ unsigned char *db, *seed;
+ unsigned char *dbmask, seedmask[SHA_DIGEST_LENGTH];
- if (emlen < 2 * SHA_DIGEST_LENGTH + 1)
- {
- RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, RSA_R_KEY_SIZE_TOO_SMALL);
- return (0);
- }
-
- dbmask = OPENSSL_malloc(emlen - SHA_DIGEST_LENGTH);
- if (dbmask == NULL)
- {
- RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);
- return (0);
- }
+ if (flen > emlen - 2 * SHA_DIGEST_LENGTH - 1)
+ {
+ RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP,
+ RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+ return 0;
+ }
+
+ if (emlen < 2 * SHA_DIGEST_LENGTH + 1)
+ {
+ RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, RSA_R_KEY_SIZE_TOO_SMALL);
+ return 0;
+ }
- to[0] = 0;
- seed = to + 1;
- db = to + SHA_DIGEST_LENGTH + 1;
-
- SHA1(param, plen, db);
- memset(db + SHA_DIGEST_LENGTH, 0,
- emlen - flen - 2 * SHA_DIGEST_LENGTH - 1);
- db[emlen - flen - SHA_DIGEST_LENGTH - 1] = 0x01;
- memcpy(db + emlen - flen - SHA_DIGEST_LENGTH, from, (unsigned int) flen);
- if (RAND_bytes(seed, SHA_DIGEST_LENGTH) <= 0)
- return (0);
+ dbmask = OPENSSL_malloc(emlen - SHA_DIGEST_LENGTH);
+ if (dbmask == NULL)
+ {
+ RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+
+ to[0] = 0;
+ seed = to + 1;
+ db = to + SHA_DIGEST_LENGTH + 1;
+
+ SHA1(param, plen, db);
+ memset(db + SHA_DIGEST_LENGTH, 0,
+ emlen - flen - 2 * SHA_DIGEST_LENGTH - 1);
+ db[emlen - flen - SHA_DIGEST_LENGTH - 1] = 0x01;
+ memcpy(db + emlen - flen - SHA_DIGEST_LENGTH, from, (unsigned int) flen);
+ if (RAND_bytes(seed, SHA_DIGEST_LENGTH) <= 0)
+ return 0;
#ifdef PKCS_TESTVECT
- memcpy(seed,
+ memcpy(seed,
"\xaa\xfd\x12\xf6\x59\xca\xe6\x34\x89\xb4\x79\xe5\x07\x6d\xde\xc2\xf0\x6c\xb5\x8f",
20);
#endif
- MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH);
- for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++)
- db[i] ^= dbmask[i];
+ MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH);
+ for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++)
+ db[i] ^= dbmask[i];
- MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH);
- for (i = 0; i < SHA_DIGEST_LENGTH; i++)
- seed[i] ^= seedmask[i];
+ MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH);
+ for (i = 0; i < SHA_DIGEST_LENGTH; i++)
+ seed[i] ^= seedmask[i];
- OPENSSL_free(dbmask);
- return (1);
- }
+ OPENSSL_free(dbmask);
+ return 1;
+ }
int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
unsigned char *from, int flen, int num, unsigned char *param,
int plen)
- {
- int i, dblen, mlen = -1;
- unsigned char *maskeddb;
- int lzero;
- unsigned char *db = NULL, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH];
-
- if (--num < 2 * SHA_DIGEST_LENGTH + 1)
- goto decoding_err;
-
- lzero = num - flen;
- if (lzero < 0)
- goto decoding_err;
- maskeddb = from - lzero + SHA_DIGEST_LENGTH;
-
- dblen = num - SHA_DIGEST_LENGTH;
- db = OPENSSL_malloc(dblen);
- if (db == NULL)
{
- RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);
- return (-1);
- }
+ int i, dblen, mlen = -1;
+ unsigned char *maskeddb;
+ int lzero;
+ unsigned char *db = NULL, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH];
+ int bad = 0;
+
+ if (--num < 2 * SHA_DIGEST_LENGTH + 1)
+ /* 'num' is the length of the modulus, i.e. does not depend on the
+ * particular ciphertext. */
+ goto decoding_err;
+
+ lzero = num - flen;
+ if (lzero < 0)
+ {
+ /* lzero == -1 */
+
+ /* signalling this error immediately after detection might allow
+ * for side-channel attacks (e.g. timing if 'plen' is huge
+ * -- cf. James H. Manger, "A Chosen Ciphertext Attack on RSA Optimal
+ * Asymmetric Encryption Padding (OAEP) [...]", CRYPTO 2001),
+ * so we use a 'bad' flag */
+ bad = 1;
+ lzero = 0;
+ }
+ maskeddb = from - lzero + SHA_DIGEST_LENGTH;
+
+ dblen = num - SHA_DIGEST_LENGTH;
+ db = OPENSSL_malloc(dblen);
+ if (db == NULL)
+ {
+ RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);
+ return -1;
+ }
- MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen);
- for (i = lzero; i < SHA_DIGEST_LENGTH; i++)
- seed[i] ^= from[i - lzero];
-
- MGF1(db, dblen, seed, SHA_DIGEST_LENGTH);
- for (i = 0; i < dblen; i++)
- db[i] ^= maskeddb[i];
+ MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen);
+ for (i = lzero; i < SHA_DIGEST_LENGTH; i++)
+ seed[i] ^= from[i - lzero];
- SHA1(param, plen, phash);
+ MGF1(db, dblen, seed, SHA_DIGEST_LENGTH);
+ for (i = 0; i < dblen; i++)
+ db[i] ^= maskeddb[i];
- if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0)
- goto decoding_err;
- else
- {
- for (i = SHA_DIGEST_LENGTH; i < dblen; i++)
- if (db[i] != 0x00)
- break;
- if (db[i] != 0x01 || i++ >= dblen)
- goto decoding_err;
+ SHA1(param, plen, phash);
+
+ if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad)
+ goto decoding_err;
else
- {
- mlen = dblen - i;
- if (tlen < mlen)
{
- RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE);
- mlen = -1;
+ for (i = SHA_DIGEST_LENGTH; i < dblen; i++)
+ if (db[i] != 0x00)
+ break;
+ if (db[i] != 0x01 || i++ >= dblen)
+ goto decoding_err;
+ else
+ {
+ /* everything looks OK */
+
+ mlen = dblen - i;
+ if (tlen < mlen)
+ {
+ RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE);
+ mlen = -1;
+ }
+ else
+ memcpy(to, db + i, mlen);
+ }
}
- else
- memcpy(to, db + i, mlen);
- }
- }
- OPENSSL_free(db);
- return (mlen);
+ OPENSSL_free(db);
+ return mlen;
decoding_err:
- /* to avoid chosen ciphertext attacks, the error message should not reveal
- * which kind of decoding error happened */
- RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR);
- if (db != NULL) OPENSSL_free(db);
- return -1;
- }
+ /* to avoid chosen ciphertext attacks, the error message should not reveal
+ * which kind of decoding error happened */
+ RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR);
+ if (db != NULL) OPENSSL_free(db);
+ return -1;
+ }
int MGF1(unsigned char *mask, long len, unsigned char *seed, long seedlen)
- {
- long i, outlen = 0;
- unsigned char cnt[4];
- SHA_CTX c;
- unsigned char md[SHA_DIGEST_LENGTH];
-
- for (i = 0; outlen < len; i++)
{
- cnt[0] = (i >> 24) & 255, cnt[1] = (i >> 16) & 255,
- cnt[2] = (i >> 8) & 255, cnt[3] = i & 255;
- SHA1_Init(&c);
- SHA1_Update(&c, seed, seedlen);
- SHA1_Update(&c, cnt, 4);
- if (outlen + SHA_DIGEST_LENGTH <= len)
- {
- SHA1_Final(mask + outlen, &c);
- outlen += SHA_DIGEST_LENGTH;
- }
- else
- {
- SHA1_Final(md, &c);
- memcpy(mask + outlen, md, len - outlen);
- outlen = len;
- }
+ long i, outlen = 0;
+ unsigned char cnt[4];
+ SHA_CTX c;
+ unsigned char md[SHA_DIGEST_LENGTH];
+
+ for (i = 0; outlen < len; i++)
+ {
+ cnt[0] = (i >> 24) & 255, cnt[1] = (i >> 16) & 255,
+ cnt[2] = (i >> 8) & 255, cnt[3] = i & 255;
+ SHA1_Init(&c);
+ SHA1_Update(&c, seed, seedlen);
+ SHA1_Update(&c, cnt, 4);
+ if (outlen + SHA_DIGEST_LENGTH <= len)
+ {
+ SHA1_Final(mask + outlen, &c);
+ outlen += SHA_DIGEST_LENGTH;
+ }
+ else
+ {
+ SHA1_Final(md, &c);
+ memcpy(mask + outlen, md, len - outlen);
+ outlen = len;
+ }
+ }
+ return 0;
}
- return (0);
- }
#endif
# endif
# ifdef SHA1_ASM
-# if defined(__i386) || defined(_M_IX86) || defined(__INTEL__)
+# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
# define sha1_block_host_order sha1_block_asm_host_order
# define DONT_IMPLEMENT_BLOCK_HOST_ORDER
# define sha1_block_data_order sha1_block_asm_data_order
static X509_TRUST trstandard[] = {
{X509_TRUST_COMPAT, 0, trust_compat, "compatible", 0, NULL},
{X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, NULL},
-{X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Client", NID_server_auth, NULL},
+{X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Server", NID_server_auth, NULL},
{X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL},
};
case X509_V_ERR_CRL_NOT_YET_VALID:
return("CRL is not yet valid");
case X509_V_ERR_CERT_HAS_EXPIRED:
- return("Certificate has expired");
+ return("certificate has expired");
case X509_V_ERR_CRL_HAS_EXPIRED:
return("CRL has expired");
case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
ctx->flags |= X509_V_FLAG_USE_CHECK_TIME;
}
+void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
+ int (*verify_cb)(int, X509_STORE_CTX *))
+ {
+ ctx->verify_cb=verify_cb;
+ }
+
IMPLEMENT_STACK_OF(X509)
IMPLEMENT_ASN1_SET_OF(X509)
int purpose, int trust);
void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, long flags);
void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, long flags, time_t t);
+void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
+ int (*verify_cb)(int, X509_STORE_CTX *));
#ifdef __cplusplus
}
Generation of hashed passwords.
+=item L<B<pkcs12>|pkcs12(1)>
+
+PKCS#12 Data Management.
+
=item L<B<pkcs7>|pkcs7(1)>
PKCS#7 Data Management.
the certificate is not yet valid: the notBefore date is after the current time.
-=item B<10 X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid>
+=item B<10 X509_V_ERR_CERT_HAS_EXPIRED: certificate has expired>
-the CRL is not yet valid. Unused.
+the certificate has expired: that is the notAfter date is before the current time.
-=item B<11 X509_V_ERR_CERT_HAS_EXPIRED: Certificate has expired>
+=item B<11 X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid>
-the certificate has expired: that is the notAfter date is before the current time.
+the CRL is not yet valid. Unused.
=item B<12 X509_V_ERR_CRL_HAS_EXPIRED: CRL has expired>
int BN_rand_range(BIGNUM *rnd, BIGNUM *range);
+ int BN_pseudo_rand_range(BIGNUM *rnd, int bits, int top, int bottom);
+
=head1 DESCRIPTION
BN_rand() generates a cryptographically strong pseudo-random number of
BN_rand_range() generates a cryptographically strong pseudo-random
number B<rnd> in the range 0 <lt>= B<rnd> E<lt> B<range>.
+BN_pseudo_rand_range() does the same, but is based on BN_pseudo_rand(),
+and hence numbers generated by it are not necessarily unpredictable.
The PRNG must be seeded prior to calling BN_rand() or BN_rand_range().
BN_rand() is available in all versions of SSLeay and OpenSSL.
BN_pseudo_rand() was added in OpenSSL 0.9.5. The B<top> == -1 case
and the function BN_rand_range() were added in OpenSSL 0.9.6a.
+BN_pseudo_rand_range() was added in OpenSSL 0.9.6c.
=cut
int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);
int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
int BN_rand_range(BIGNUM *rnd, BIGNUM *range);
+ int BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range);
BIGNUM *BN_generate_prime(BIGNUM *ret, int bits,int safe, BIGNUM *add,
BIGNUM *rem, void (*callback)(int, int, void *), void *cb_arg);
that at least two callback functions are set.
locking_function(int mode, int n, const char *file, int line) is
-needed to perform locking on shared data structures. Multi-threaded
-applications will crash at random if it is not set.
+needed to perform locking on shared data structures.
+(Note that OpenSSL uses a number of global data structures that
+will be implicitly shared whenever multiple threads use OpenSSL.)
+Multi-threaded applications will crash at random if it is not set.
locking_function() must be able to handle up to CRYPTO_num_locks()
different mutex locks. It sets the B<n>-th lock if B<mode> &
#include <openssl/ssl.h>
- long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg);
+ long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg);
long SSL_CTX_callback_ctrl(SSL_CTX *, int cmd, void (*fp)());
- long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg);
+ long SSL_ctrl(SSL *ssl, int cmd, long larg, char *parg);
long SSL_callback_ctrl(SSL *, int cmd, void (*fp)());
=head1 DESCRIPTION
SSL_CTX_free() does not provide diagnostic information.
+=head1 SEE ALSO
+
L<SSL_CTX_new(3)|SSL_CTX_new(3)>, L<ssl(3)|ssl(3)>
=cut
In server mode, when requesting a client certificate, the server must send
the list of CAs of which it will accept client certificates. This list
is not influenced by the contents of B<CAfile> or B<CApath> and must
-explicitely be set using the
+explicitly be set using the
L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)>
family of functions.
L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)>,
L<SSL_get_client_CA_list(3)|SSL_get_client_CA_list(3)>,
L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>,
-L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>
-
+L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>,
+L<SSL_CTX_set_cert_store(3)|SSL_CTX_set_cert_store(3)>
=cut
=back
-If a generic method is used, it is necessary to explicitly set client or
-server mode with L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>
-or SSL_set_accept_state().
-
The list of protocols available can later be limited using the SSL_OP_NO_SSLv2,
SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1 options of the B<SSL_CTX_set_options()> or
B<SSL_set_options()> functions. Using these options it is possible to choose
session caching was disabled. The get_session_cb() is passed the
B<ssl> connection, the session id of length B<length> at the memory location
B<data>. With the parameter B<copy> the callback can require the
-SSL engine to increment the reference count of the SSL_SESSION object.
+SSL engine to increment the reference count of the SSL_SESSION object,
+Normally the reference count is not incremented and therefore the
+session must not be explicitly freed with
+L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>.
=head1 SEE ALSO
L<ssl(3)|ssl(3)>, L<d2i_SSL_SESSION(3)|d2i_SSL_SESSION(3)>,
L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
-L<SSL_CTX_flush_sessions(3)|<SSL_CTX_flush_sessions(3)>
+L<SSL_CTX_flush_sessions(3)|<SSL_CTX_flush_sessions(3)>,
+L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>
=cut
also sufficient. On the server side, additional restrictions apply. All ciphers
have additional requirements. ADH ciphers don't need a certificate, but
DH-parameters must have been set. All other ciphers need a corresponding
-certificate and key. A RSA cipher can only be chosen, when a RSA certificate is
-available, the respective is valid for DSA ciphers. Ciphers using EDH need
-a certificate and key and DH-parameters.
+certificate and key.
+
+A RSA cipher can only be chosen, when a RSA certificate is available.
+RSA export ciphers with a keylength of 512 bits for the RSA key require
+a temporary 512 bit RSA key, as typically the supplied key has a length
+of 1024 bit (see
+L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>).
+RSA ciphers using EDH need a certificate and key and additional DH-parameters
+(see L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>).
+
+A DSA cipher can only be chosen, when a DSA certificate is available.
+DSA ciphers always use DH key exchange and therefore need DH-parameters
+(see L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>).
+
+When these conditions are not met for any cipher in the list (e.g. a
+client only supports export RSA ciphers with a asymmetric key length
+of 512 bits and the server is not configured to use temporary RSA
+keys), the "no shared cipher" (SSL_R_NO_SHARED_CIPHER) error is generated
+and the handshake will fail.
=head1 RETURN VALUES
L<ssl(3)|ssl(3)>, L<SSL_get_ciphers(3)|SSL_get_ciphers(3)>,
L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>,
+L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>,
+L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>,
L<ciphers(1)|ciphers(1)>
=cut
password could be stored into the B<userdata> storage and the
pem_passwd_cb() only returns the password already stored.
+When asking for the password interactively, pem_passwd_cb() can use
+B<rwflag> to check, whether an item shall be encrypted (rwflag=1).
+In this case the password dialog may ask for the same password twice
+for comparison in order to catch typos, that would make decryption
+impossible.
+
Other items in PEM formatting (certificates) can also be encrypted, it is
however not usual, as certificate information is considered public.
Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
when just a single record has been written). When not set (the default),
SSL_write() will only report success once the complete chunk was written.
+Once SSL_write() returns with r, r bytes have been successfully written
+and the next call to SSL_write() must only send the n-r bytes left,
+imitating the behaviour of write().
=item SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER
=head1 DESCRIPTION
SSL_CTX_set_options() adds the options set via bitmask in B<options> to B<ctx>.
-Options already set before are not cleared.
+Options already set before are not cleared!
SSL_set_options() adds the options set via bitmask in B<options> to B<ssl>.
-Options already set before are not cleared.
+Options already set before are not cleared!
SSL_CTX_get_options() returns the options set for B<ctx>.
The options are coded as bitmasks and can be combined by a logical B<or>
operation (|). Options can only be added but can never be reset.
-During a handshake, the option settings of the SSL object used. When
+SSL_CTX_set_options() and SSL_set_options() affect the (external)
+protocol behaviour of the SSL library. The (internal) behaviour of
+the API can be changed by using the similar
+L<SSL_CTX_set_modes(3)|SSL_CTX_set_modes(3)> and SSL_set_modes() functions.
+
+During a handshake, the option settings of the SSL object are used. When
a new SSL object is created from a context using SSL_new(), the current
option setting is copied. Changes to B<ctx> do not affect already created
SSL objects. SSL_clear() does not affect the settings.
=item SSL_OP_SINGLE_DH_USE
-Always create a new key when using temporary DH parameters.
+Always create a new key when using temporary/ephemeral DH parameters
+(see L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>).
+This option must be used to prevent small subgroup attacks, when
+the DH parameters were not generated using "strong" primes
+(e.g. when using DSA-parameters, see L<dhparam(1)|dhparam(1)>).
+If "strong" primes were used, it is not strictly necessary to generate
+a new DH key during each handshake but it is also recommended.
+SSL_OP_SINGLE_DH_USE should therefore be enabled whenever
+temporary/ephemeral DH parameters are used.
=item SSL_OP_EPHEMERAL_RSA
-Also use the temporary RSA key when doing RSA operations.
+Always use ephemeral (temporary) RSA key when doing RSA operations
+(see L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>).
+According to the specifications this is only done, when a RSA key
+can only be used for signature operations (namely under export ciphers
+with restricted RSA keylength). By setting this option, ephemeral
+RSA keys are always used. This option breaks compatibility with the
+SSL/TLS specifications and may lead to interoperability problems with
+clients and should therefore never be used. Ciphers with EDH (ephemeral
+Diffie-Hellman) key exchange should be used instead.
=item SSL_OP_PKCS1_CHECK_1
non-self-sighed CA which does not have it's CA in netscape, and the
browser has a cert, it will crash/hang. Works for 3.x and 4.xbeta
-=item SSL_OP_NON_EXPORT_FIRST
-
-On servers try to use non-export (stronger) ciphers first. This option does
-not work under all circumstances (in the code it is declared "broken").
-
=item SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
...
=head1 SEE ALSO
-L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>, L<SSL_clear(3)|SSL_clear(3)>
+L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>, L<SSL_clear(3)|SSL_clear(3)>,
+L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>,
+L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>,
+L<dhparam(1)|dhparam(1)>
=head1 HISTORY
=head1 SEE ALSO
L<ssl(3)|ssl(3)>, L<SSL_set_session(3)|SSL_set_session(3)>,
+L<SSL_session_reused(3)|SSL_session_reused(3)>,
L<SSL_CTX_sess_number(3)|SSL_CTX_sess_number(3)>,
L<SSL_CTX_sess_set_cache_size(3)|SSL_CTX_sess_set_cache_size(3)>,
L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>,
directly by the application or automatically (see
L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>)
-The default value for session timeout is 300 seconds.
+The default value for session timeout is decided on a per protocol
+basis, see L<SSL_get_default_timeout(3)|SSL_get_default_timeout(3)>.
+All currently supported protocols have the same default timeout value
+of 300 seconds.
=head1 RETURN VALUES
L<ssl(3)|ssl(3)>,
L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
L<SSL_SESSION_get_time(3)|SSL_SESSION_get_time(3)>,
-L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>
+L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>,
+L<SSL_get_default_timeout(3)|SSL_get_default_timeout(3)>
=cut
B<Server mode:> the server sends a client certificate request to the client.
The certificate returned (if any) is checked. If the verification process
-fails as indicated by B<verify_callback>, the TLS/SSL handshake is
+fails, the TLS/SSL handshake is
immediately terminated with an alert message containing the reason for
the verification failure.
The behaviour can be controlled by the additional
SSL_VERIFY_FAIL_IF_NO_PEER_CERT and SSL_VERIFY_CLIENT_ONCE flags.
B<Client mode:> the server certificate is verified. If the verification process
-fails as indicated by B<verify_callback>, the TLS/SSL handshake is
+fails, the TLS/SSL handshake is
immediately terminated with an alert message containing the reason for
the verification failure. If no server certificate is sent, because an
anonymous cipher is used, SSL_VERIFY_PEER is ignored.
Exactly one of the B<mode> flags SSL_VERIFY_NONE and SSL_VERIFY_PEER must be
set at any time.
+The actual verification procedure is performed either using the built-in
+verification procedure or using another application provided verification
+function set with
+L<SSL_CTX_set_cert_verify_callback(3)|SSL_CTX_set_cert_verify_callback(3)>.
+The following descriptions apply in the case of the built-in procedure. An
+application provided procedure also has access to the verify depth information
+and the verify_callback() function, but the way this information is used
+may be different.
+
SSL_CTX_set_verify_depth() and SSL_set_verify_depth() set the limit up
to which depth certificates in a chain are used during the verification
procedure. If the certificate chain is longer than allowed, the certificates
L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>,
L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>,
L<SSL_get_peer_certificate(3)|SSL_get_peer_certificate(3)>,
+L<SSL_CTX_set_cert_verify_callback(3)|SSL_CTX_set_cert_verify_callback(3)>,
L<SSL_get_ex_data_X509_STORE_CTX_idx(3)|SSL_get_ex_data_X509_STORE_CTX_idx(3)>,
L<SSL_get_ex_new_index(3)|SSL_get_ex_new_index(3)>
the B<SSL_SESSION> structure pointed to by B<session> and frees up the allocated
memory, if the the reference count has reached 0.
+=head1 NOTES
+
+SSL_SESSION objects are allocated, when a TLS/SSL handshake operation
+is successfully completed. Depending on the settings, see
+L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
+the SSL_SESSION objects are internally referenced by the SSL_CTX and
+linked into its session cache. SSL objects may be using the SSL_SESSION object;
+as a session may be reused, several SSL objects may be using one SSL_SESSION
+object at the same time. It is therefore crucial to keep the reference
+count (usage information) correct and not delete a SSL_SESSION object
+that is still used, as this may lead to program failures due to
+dangling pointers. These failures may also appear delayed, e.g.
+when an SSL_SESSION object was completely freed as the reference count
+incorrectly became 0, but it is still referenced in the internal
+session cache and the cache list is processed during a
+L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)> operation.
+
+SSL_SESSION_free() must only be called for SSL_SESSION objects, for
+which the reference count was explicitly incremented (e.g.
+by calling SSL_get1_session(), see L<SSL_get_session(3)|SSL_get_session(3)>)
+or when the SSL_SESSION object was generated outside a TLS handshake
+operation, e.g. by using L<d2i_SSL_SESSION(3)|d2i_SSL_SESSION(3)>.
+It must not be called on other SSL_SESSION objects, as this would cause
+incorrect reference counts and therefore program failures.
+
=head1 RETURN VALUES
SSL_SESSION_free() does not provide diagnostic information.
-L<ssl(3)|ssl(3)>, L<SSL_get_session(3)|SSL_get_session(3)>
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>, L<SSL_get_session(3)|SSL_get_session(3)>,
+L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
+L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>,
+ L<d2i_SSL_SESSION(3)|d2i_SSL_SESSION(3)>
=cut
=head1 SEE ALSO
L<ssl(3)|ssl(3)>,
-L<SSL_CTX_set_timeout(3)|SSL_CTX_set_timeout(3)>
+L<SSL_CTX_set_timeout(3)|SSL_CTX_set_timeout(3)>,
+L<SSL_get_default_timeout(3)|SSL_get_default_timeout(3)>
=cut
condition. When using a buffering BIO, like a BIO pair, data must be written
into or retrieved out of the BIO before being able to continue.
-When using a generic method (see L<SSL_CTX_new(3)|SSL_CTX_new(3)>), it
-is necessary to call SSL_set_accept_state()
-before calling SSL_accept() to explicitly switch the B<ssl> to server
-mode.
-
=head1 RETURN VALUES
The following return values can occur:
#include <openssl/ssl.h>
- const char *SSL_alert_type_string(int value);
- const char *SSL_alert_type_string_long(int value);
+ char *SSL_alert_type_string(int value);
+ char *SSL_alert_type_string_long(int value);
- const char *SSL_alert_desc_string(int value);
- const char *SSL_alert_desc_string_long(int value);
+ char *SSL_alert_desc_string(int value);
+ char *SSL_alert_desc_string_long(int value);
=head1 DESCRIPTION
condition. When using a buffering BIO, like a BIO pair, data must be written
into or retrieved out of the BIO before being able to continue.
-When using a generic method (see L<SSL_CTX_new(3)|SSL_CTX_new(3)>), it
-is necessary to call L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>
-before calling SSL_connect() to explicitly switch the B<ssl> to client
-mode.
-
=head1 RETURN VALUES
The following return values can occur:
time during the protocol (initiated by either the client or the server);
SSL_read(), SSL_peek(), and SSL_write() will handle any pending handshakes.
-=item SSL_ERROR_WANT_CONNECT
+=item SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT
The operation did not complete; the same TLS/SSL I/O function should be
called again later. The underlying BIO was not connected yet to the peer
-and the call would block in connect(). The SSL function should be
-called again when the connection is established. This messages can only
-appear with a BIO_s_connect() BIO.
+and the call would block in connect()/accept(). The SSL function should be
+called again when the connection is established. These messages can only
+appear with a BIO_s_connect() or BIO_s_accept() BIO, respectively.
In order to find out, when the connection has been successfully established,
on many platforms select() or poll() for writing on the socket file descriptor
can be used.
Due to the protocol definition, a TLS/SSL server will always send a
certificate, if present. A client will only send a certificate when
-explicitely requested to do so by the server (see
+explicitly requested to do so by the server (see
L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>). If an anonymous cipher
is used, no certificates are sent.
count and the session will stay in memory until explicitly freed with
L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>, regardless of its state.
+SSL_SESSION objects keep internal link information about the session cache
+list, when being inserted into one SSL_CTX object's session cache.
+One SSL_SESSION object, regardless of its reference count, must therefore
+only be used with one SSL_CTX object (and the SSL objects created
+from this SSL_CTX object).
+
=head1 RETURN VALUES
The following return values can occur:
L<SSL_free(3)|SSL_free(3)>, L<SSL_clear(3)|SSL_clear(3)>,
L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>,
+L<SSL_get_SSL_CTX(3)|SSL_get_SSL_CTX(3)>,
L<ssl(3)|ssl(3)>
=cut
underlying BIO.
For the transparent negotiation to succeed, the B<ssl> must have been
-initialized to client or server mode. This is not the case if a generic
-method is being used (see L<SSL_CTX_new(3)|SSL_CTX_new(3)>, so that
+initialized to client or server mode. This is being done by calling
L<SSL_set_connect_state(3)|SSL_set_connect_state(3)> or SSL_set_accept_state()
-must be used before the first call to an SSL_read() or
-L<SSL_write(3)|SSL_write(3)> function).
+before the first call to an SSL_read() or L<SSL_write(3)|SSL_write(3)>
+function.
SSL_read() works based on the SSL/TLS records. The data are received in
records (with a maximum record size of 16kB for SSLv3/TLSv1). Only when a
=item 0
-The read operation was not successful, probably because no data was
-available. Call SSL_get_error() with the return value B<ret> to find out,
-whether an error occurred.
+The read operation was not successful. The reason may either be a clean
+shutdown due to a "close notify" alert sent by the peer (in which case
+the SSL_RECEIVED_SHUTDOWN flag in the ssl shutdown state is set
+(see L<SSL_shutdown(3)|SSL_shutdown(3)>,
+L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>). It is also possible, that
+the peer simply shut down the underlying transport and the shutdown is
+incomplete. Call SSL_get_error() with the return value B<ret> to find out,
+whether an error occurred or the connection was shut down cleanly
+(SSL_ERROR_ZERO_RETURN).
+
+SSLv2 (deprecated) does not support a shutdown alert protocol, so it can
+only be detected, whether the underlying connection was closed. It cannot
+be checked, whether the closure was initiated by the peer or by something
+else.
=item E<lt>0
L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)>, L<SSL_CTX_new(3)|SSL_CTX_new(3)>,
L<SSL_connect(3)|SSL_connect(3)>, L<SSL_accept(3)|SSL_accept(3)>
L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>,
+L<SSL_shutdown(3)|SSL_shutdown(3)>, L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>,
L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>
=cut
#include <openssl/ssl.h>
- const char *SSL_rstate_string(SSL *ssl);
- const char *SSL_rstate_string_long(SSL *ssl);
+ char *SSL_rstate_string(SSL *ssl);
+ char *SSL_rstate_string_long(SSL *ssl);
=head1 DESCRIPTION
=head1 DESCRIPTION
-SSL_set_connect_state() B<ssl> to work in client mode.
+SSL_set_connect_state() sets B<ssl> to work in client mode.
-SSL_set_accept_state() B<ssl> to work in server mode.
+SSL_set_accept_state() sets B<ssl> to work in server mode.
=head1 NOTES
L<SSL_CTX_set_ssl_version(3)|SSL_CTX_set_ssl_version(3)> or
SSL_set_ssl_method().)
-In order to successfully accomplish the handshake, the SSL routines need
-to know whether they should act in server or client mode. If the generic
-method was used, this is not clear from the method itself and must be set
-with either SSL_set_connect_state() or SSL_set_accept_state(). If these
-routines are not called, the default value set when L<SSL_new(3)|SSL_new(3)>
-is called is server mode.
+When beginning a new handshake, the SSL engine must know whether it must
+call the connect (client) or accept (server) routines. Even though it may
+be clear from the method chosen, whether client or server mode was
+requested, the handshake routines must be explicitly set.
+
+When using the L<SSL_connect(3)|SSL_connect(3)> or
+L<SSL_accept(3)|SSL_accept(3)> routines, the correct handshake
+routines are automatically set. When performing a transparent negotiation
+using L<SSL_write(3)|SSL_write(3)> or L<SSL_read(3)|SSL_read(3)>, the
+handshake routines must be explicitly set in advance using either
+SSL_set_connect_state() or SSL_set_accept_state().
=head1 RETURN VALUES
=head1 SEE ALSO
L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>, L<SSL_CTX_new(3)|SSL_CTX_new(3)>,
+L<SSL_connect(3)|SSL_connect(3)>, L<SSL_accept(3)|SSL_accept(3)>,
+L<SSL_write(3)|SSL_write(3)>, L<SSL_read(3)|SSL_read(3)>,
L<SSL_CTX_set_ssl_version(3)|SSL_CTX_set_ssl_version(3)>
=cut
is to be established. SSL_set_session() is only useful for TLS/SSL clients.
When the session is set, the reference count of B<session> is incremented
by 1. If the session is not reused, the reference count is decremented
-again during SSL_connect().
+again during SSL_connect(). Whether the session was reused can be queried
+with the L<SSL_session_reused(3)|SSL_session_reused(3)> call.
If there is already a session set inside B<ssl> (because it was set with
SSL_set_session() before or because the same B<ssl> was already used for
a connection), SSL_SESSION_free() will be called for that session.
+=head1 NOTES
+
+SSL_SESSION objects keep internal link information about the session cache
+list, when being inserted into one SSL_CTX object's session cache.
+One SSL_SESSION object, regardless of its reference count, must therefore
+only be used with one SSL_CTX object (and the SSL objects created
+from this SSL_CTX object).
+
=head1 RETURN VALUES
The following return values can occur:
=head1 SEE ALSO
L<ssl(3)|ssl(3)>, L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>,
+L<SSL_get_session(3)|SSL_get_session(3)>,
+L<SSL_session_reused(3)|SSL_session_reused(3)>,
L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>
=cut
the ssl session. If the session is still open, when
L<SSL_clear(3)|SSL_clear(3)> or L<SSL_free(3)|SSL_free(3)> is called,
it is considered bad and removed according to RFC2246.
-The actual condition for a correctly closed session is SSL_SENT_SHUTDOWN.
+The actual condition for a correctly closed session is SSL_SENT_SHUTDOWN
+(according to the TLS RFC, it is acceptable to only send the "close notify"
+alert but to not wait for the peer's answer, when the underlying connection
+is closed).
SSL_set_shutdown() can be used to set this state without sending a
close alert to the peer (see L<SSL_shutdown(3)|SSL_shutdown(3)>).
=head1 SEE ALSO
L<ssl(3)|ssl(3)>, L<SSL_shutdown(3)|SSL_shutdown(3)>,
+L<SSL_CTX_set_quiet_shutdown(3)|SSL_CTX_set_quiet_shutdown(3)>,
L<SSL_clear(3)|SSL_clear(3)>, L<SSL_free(3)|SSL_free(3)>
=cut
a currently open session is considered closed and good and will be kept in the
session cache for further reuse.
-The behaviour of SSL_shutdown() depends on the underlying BIO.
+The shutdown procedure consists of 2 steps: the sending of the "close notify"
+shutdown alert and the reception of the peer's "close notify" shutdown
+alert. According to the TLS standard, it is acceptable for an application
+to only send its shutdown alert and then close the underlying connection
+without waiting for the peer's response (this way resources can be saved,
+as the process can already terminate or serve another connection).
+When the underlying connection shall be used for more communications, the
+complete shutdown procedure (bidirectional "close notify" alerts) must be
+performed, so that the peers stay synchronized.
+
+SSL_shutdown() supports both uni- and bidirectional shutdown by its 2 step
+behaviour.
+
+=over 4
+
+=item When the application is the first party to send the "close notify"
+alert, SSL_shutdown() will only send the alert and the set the
+SSL_SENT_SHUTDOWN flag (so that the session is considered good and will
+be kept in cache). SSL_shutdown() will then return with 0. If a unidirectional
+shutdown is enough (the underlying connection shall be closed anyway), this
+first call to SSL_shutdown() is sufficient. In order to complete the
+bidirectional shutdown handshake, SSL_shutdown() must be called again.
+The second call will make SSL_shutdown() wait for the peer's "close notify"
+shutdown alert. On success, the second call to SSL_shutdown() will return
+with 1.
+
+=item If the peer already sent the "close notify" alert B<and> it was
+already processed implicitly inside another function
+(L<SSL_read(3)|SSL_read(3)>), the SSL_RECEIVED_SHUTDOWN flag is set.
+SSL_shutdown() will send the "close notify" alert, set the SSL_SENT_SHUTDOWN
+flag and will immediately return with 1.
+Whether SSL_RECEIVED_SHUTDOWN is already set can be checked using the
+SSL_get_shutdown() (see also L<SSL_set_shutdown(3)|SSL_set_shutdown(3)> call.
+
+=back
+
+It is therefore recommended, to check the return value of SSL_shutdown()
+and call SSL_shutdown() again, if the bidirectional shutdown is not yet
+complete (return value of the first call is 0). As the shutdown is not
+specially handled in the SSLv2 protocol, SSL_shutdown() will succeed on
+the first call.
+
+The behaviour of SSL_shutdown() additionally depends on the underlying BIO.
If the underlying BIO is B<blocking>, SSL_shutdown() will only return once the
-handshake has been finished or an error occurred.
+handshake step has been finished or an error occurred.
If the underlying BIO is B<non-blocking>, SSL_shutdown() will also return
when the underlying BIO could not satisfy the needs of SSL_shutdown()
condition. When using a buffering BIO, like a BIO pair, data must be written
into or retrieved out of the BIO before being able to continue.
+SSL_shutdown() can be modified to only set the connection to "shutdown"
+state but not actually send the "close notify" alert messages,
+see L<SSL_CTX_set_quiet_shutdown(3)|SSL_CTX_set_quiet_shutdown(3)>.
+When "quiet shutdown" is enabled, SSL_shutdown() will always succeed
+and return 1.
+
=head1 RETURN VALUES
The following return values can occur:
=item 1
-The shutdown was successfully completed.
+The shutdown was successfully completed. The "close notify" alert was sent
+and the peer's "close notify" alert was received.
=item 0
-The shutdown was not successful. Call SSL_get_error() with the return
-value B<ret> to find out the reason.
+The shutdown is not yet finished. Call SSL_shutdown() for a second time,
+if a bidirectional shutdown shall be performed.
+The output of L<SSL_get_error(3)|SSL_get_error(3)> may be misleading, as an
+erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred.
=item -1
The shutdown was not successful because a fatal error occurred either
-at the protocol level or a connection failure occurred. It can also occur of
+at the protocol level or a connection failure occurred. It can also occur if
action is need to continue the operation for non-blocking BIOs.
-Call SSL_get_error() with the return value B<ret> to find out the reason.
+Call L<SSL_get_error(3)|SSL_get_error(3)> with the return value B<ret>
+to find out the reason.
=back
L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_connect(3)|SSL_connect(3)>,
L<SSL_accept(3)|SSL_accept(3)>, L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>,
+L<SSL_CTX_set_quiet_shutdown(3)|SSL_CTX_set_quiet_shutdown(3)>,
L<SSL_clear(3)|SSL_clear(3)>, L<SSL_free(3)|SSL_free(3)>,
L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>
#include <openssl/ssl.h>
- const char *SSL_state_string(SSL *ssl);
- const char *SSL_state_string_long(SSL *ssl);
+ char *SSL_state_string(SSL *ssl);
+ char *SSL_state_string_long(SSL *ssl);
=head1 DESCRIPTION
underlying BIO.
For the transparent negotiation to succeed, the B<ssl> must have been
-initialized to client or server mode. This is not the case if a generic
-method is being used (see L<SSL_CTX_new(3)|SSL_CTX_new(3)>, so that
+initialized to client or server mode. This is being done by calling
L<SSL_set_connect_state(3)|SSL_set_connect_state(3)> or SSL_set_accept_state()
-must be used before the first call to an L<SSL_read(3)|SSL_read(3)>
-or SSL_write() function.
+before the first call to an L<SSL_read(3)|SSL_read(3)> or SSL_write() function.
If the underlying BIO is B<blocking>, SSL_write() will only return, once the
write operation has been finished or an error occurred, except when a
=item 0
-The write operation was not successful. Call SSL_get_error() with the return
-value B<ret> to find out, whether an error occurred.
+The write operation was not successful. Probably the underlying connection
+was closed. Call SSL_get_error() with the return value B<ret> to find out,
+whether an error occurred or the connection was shut down cleanly
+(SSL_ERROR_ZERO_RETURN).
+
+SSLv2 (deprecated) does not support a shutdown alert protocol, so it can
+only be detected, whether the underlying connection was closed. It cannot
+be checked, why the closure happened.
=item E<lt>0
a binary ASN1 representation.
When using d2i_SSL_SESSION(), the SSL_SESSION object is automatically
-allocated.
+allocated. The reference count is 1, so that the session must be
+explicitly removed using L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>,
+unless the SSL_SESSION object is completely taken over, when being called
+inside the get_session_cb() (see
+L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>).
+
+SSL_SESSION objects keep internal link information about the session cache
+list, when being inserted into one SSL_CTX object's session cache.
+One SSL_SESSION object, regardless of its reference count, must therefore
+only be used with one SSL_CTX object (and the SSL objects created
+from this SSL_CTX object).
When using i2d_SSL_SESSION(), the memory location pointed to by B<pp> must be
large enough to hold the binary representation of the session. There is no
=head1 SEE ALSO
-L<ssl(3)|ssl(3)>,
+L<ssl(3)|ssl(3)>, L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>,
L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>
=cut
=item void B<SSL_CTX_set_cert_store>(SSL_CTX *ctx, X509_STORE *cs);
-=item void B<SSL_CTX_set_cert_verify_cb>(SSL_CTX *ctx, int (*cb)(SSL_CTX *), char *arg)
+=item void B<SSL_CTX_set_cert_verify_cb>(SSL_CTX *ctx, int (*cb)(), char *arg)
=item int B<SSL_CTX_set_cipher_list>(SSL_CTX *ctx, char *str);
L<SSL_accept(3)|SSL_accept(3)>, L<SSL_clear(3)|SSL_clear(3)>,
L<SSL_connect(3)|SSL_connect(3)>,
L<SSL_CIPHER_get_name(3)|SSL_CIPHER_get_name(3)>,
+L<SSL_COMP_add_compression_method(3)|SSL_COMP_add_compression_method(3)>,
L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>,
L<SSL_CTX_add_session(3)|SSL_CTX_add_session(3)>,
+L<SSL_CTX_ctrl(3)|SSL_CTX_ctrl(3)>,
L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>,
L<SSL_CTX_get_ex_new_index(3)|SSL_CTX_get_ex_new_index(3)>,
L<SSL_CTX_get_verify_mode(3)|SSL_CTX_get_verify_mode(3)>,
L<SSL_CTX_sess_set_cache_size(3)|SSL_CTX_sess_set_cache_size(3)>,
L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>,
L<SSL_CTX_sessions(3)|SSL_CTX_sessions(3)>,
+L<SSL_CTX_set_cert_store(3)|SSL_CTX_set_cert_store(3)>,
+L<SSL_CTX_set_cert_verify_callback(3)|SSL_CTX_set_cert_verify_callback(3)>,
+L<SSL_CTX_set_cipher_list(3)|SSL_CTX_set_cipher_list(3)>,
L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)>,
L<SSL_CTX_set_default_passwd_cb(3)|SSL_CTX_set_default_passwd_cb(3)>,
+L<SSL_CTX_set_info_callback(3)|SSL_CTX_set_info_callback(3)>,
L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)>,
L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>,
+L<SSL_CTX_set_quiet_shutdown(3)|SSL_CTX_set_quiet_shutdown(3)>,
L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
L<SSL_CTX_set_session_id_context(3)|SSL_CTX_set_session_id_context(3)>,
L<SSL_CTX_set_ssl_version(3)|SSL_CTX_set_ssl_version(3)>,
L<SSL_CTX_set_timeout(3)|SSL_CTX_set_timeout(3)>,
+L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>,
+L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>,
L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>,
L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>,
+L<SSL_alert_type_string(3)|SSL_alert_type_string(3)>,
+L<SSL_get_SSL_CTX(3)|SSL_get_SSL_CTX(3)>,
L<SSL_get_ciphers(3)|SSL_get_ciphers(3)>,
L<SSL_get_client_CA_list(3)|SSL_get_client_CA_list(3)>,
+L<SSL_get_default_timeout(3)|SSL_get_default_timeout(3)>,
L<SSL_get_error(3)|SSL_get_error(3)>,
L<SSL_get_ex_data_X509_STORE_CTX_idx(3)|SSL_get_ex_data_X509_STORE_CTX_idx(3)>,
L<SSL_get_ex_new_index(3)|SSL_get_ex_new_index(3)>,
L<SSL_library_init(3)|SSL_library_init(3)>,
L<SSL_load_client_CA_file(3)|SSL_load_client_CA_file(3)>,
L<SSL_new(3)|SSL_new(3)>,
-L<SSL_read(3)|SSL_read(3)>, L<SSL_set_bio(3)|SSL_set_bio(3)>,
+L<SSL_pending(3)|SSL_pending(3)>,
+L<SSL_read(3)|SSL_read(3)>,
+L<SSL_rstate_string(3)|SSL_rstate_string(3)>,
+L<SSL_session_reused(3)|SSL_session_reused(3)>,
+L<SSL_set_bio(3)|SSL_set_bio(3)>,
L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>,
-L<SSL_set_fd(3)|SSL_set_fd(3)>, L<SSL_pending(3)|SSL_pending(3)>,
+L<SSL_set_fd(3)|SSL_set_fd(3)>,
L<SSL_set_session(3)|SSL_set_session(3)>,
L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>,
-L<SSL_shutdown(3)|SSL_shutdown(3)>, L<SSL_write(3)|SSL_write(3)>,
+L<SSL_shutdown(3)|SSL_shutdown(3)>,
+L<SSL_state_string(3)|SSL_state_string(3)>,
+L<SSL_want(3)|SSL_want(3)>,
+L<SSL_write(3)|SSL_write(3)>,
L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>,
L<SSL_SESSION_get_ex_new_index(3)|SSL_SESSION_get_ex_new_index(3)>,
L<SSL_SESSION_get_time(3)|SSL_SESSION_get_time(3)>,
# endif
#endif
-#if defined(THREADS) || defined(sun)
-#ifndef _REENTRANT
-#define _REENTRANT
-#endif
-#endif
-
#if defined(sun) && !defined(__svr4__) && !defined(__SVR4)
+ /* include headers first, so our defines don't break it */
+#include <stdlib.h>
+#include <string.h>
/* bcopy can handle overlapping moves according to SunOS 4.1.4 manpage */
# define memmove(s1,s2,n) bcopy((s2),(s1),(n))
# define strtoul(s,e,b) ((unsigned long int)strtol((s),(e),(b)))
$ THEN
$ TYPE [.CRYPTO]OPENSSLCONF_H.IN /OUTPUT=H_FILE:
$ ELSE
-$ WRITE SYS$ERROR "Couldn't find a [.CRYPTO]OPENSSLCONF.H_IN. Exiting!"
-$ EXIT 0
+$ ! For ODS-5
+$ IF F$SEARCH("[.CRYPTO]OPENSSLCONF.H.IN") .NES. ""
+$ THEN
+$ TYPE [.CRYPTO]OPENSSLCONF.H.IN /OUTPUT=H_FILE:
+$ ELSE
+$ WRITE SYS$ERROR "Couldn't find a [.CRYPTO]OPENSSLCONF.H_IN. Exiting!"
+$ EXIT 0
+$ ENDIF
$ ENDIF
$ ENDIF
$!
#!/usr/bin/sh
major="0"
-minor="9.7"
+minor="9.6b"
slib=libssl
sh_slib=$slib.so.$major.$minor
#!/usr/bin/sh
major="0"
-minor="9.7"
+minor="9.6b"
slib=libssl
sh_slib=$slib.so.$major.$minor
#!/usr/bin/sh
major="0"
-minor="9.7"
+minor="9.6b"
slib=libssl
sh_slib=$slib.so.$major.$minor
else if (s->ctx->info_callback != NULL)
cb=s->ctx->info_callback;
- if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
s->in_handshake++;
+ if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
for (;;)
{
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
#include <stdio.h>
#include <errno.h>
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
#include <stdio.h>
#include <openssl/buffer.h>
else if (s->ctx->info_callback != NULL)
cb=s->ctx->info_callback;
- if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
s->in_handshake++;
+ if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
for (;;)
{
}
}
end:
+ s->in_handshake--;
if (cb != NULL)
cb(s,SSL_CB_ACCEPT_EXIT,ret);
- s->in_handshake--;
return(ret);
}
/* We must look at client_version inside the Client Hello message
* to get the correct minor version.
* However if we have only a pathologically small fragment of the
- * Client Hello message, this would be difficult, we'd have
- * to read at least one additional record to find out.
- * This doesn't usually happen in real life, so we just complain
- * for now.
- */
+ * Client Hello message, this would be difficult, and we'd have
+ * to read more records to find out.
+ * No known SSL 3.0 client fragments ClientHello like this,
+ * so we simply assume TLS 1.0 to avoid protocol version downgrade
+ * attacks. */
if (p[3] == 0 && p[4] < 6)
{
+#if 0
SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_SMALL);
goto err;
+#else
+ v[1] = TLS1_VERSION_MINOR;
+#endif
}
- v[1]=p[10]; /* minor version according to client_version */
+ else
+ v[1]=p[10]; /* minor version according to client_version */
if (v[1] >= TLS1_VERSION_MINOR)
{
if (!(s->options & SSL_OP_NO_TLSv1))
type=3;
}
}
- else if (!(s->options & SSL_OP_NO_SSLv3))
+ else
{
- s->version=SSL3_VERSION;
- type=3;
+ /* client requests SSL 3.0 */
+ if (!(s->options & SSL_OP_NO_SSLv3))
+ {
+ s->version=SSL3_VERSION;
+ type=3;
+ }
+ else if (!(s->options & SSL_OP_NO_TLSv1))
+ {
+ /* we won't be able to use TLS of course,
+ * but this will send an appropriate alert */
+ s->version=TLS1_VERSION;
+ type=3;
+ }
}
}
else if ((strncmp("GET ", (char *)p,4) == 0) ||
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
#include "ssl_locl.h"
#ifndef NO_SSL2
cb=s->ctx->info_callback;
/* init things to blank */
- if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
s->in_handshake++;
+ if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
for (;;)
{
unsigned char *buf;
unsigned char *p;
int i,j;
+ unsigned long len;
STACK_OF(SSL_CIPHER) *sk=NULL,*cl;
buf=(unsigned char *)s->init_buf->data;
i=ssl2_read(s,(char *)&(buf[s->init_num]),11-s->init_num);
if (i < (11-s->init_num))
return(ssl2_part_read(s,SSL_F_GET_SERVER_HELLO,i));
+ s->init_num = 11;
if (*(p++) != SSL2_MT_SERVER_HELLO)
{
n2s(p,i); s->s2->tmp.csl=i;
n2s(p,i); s->s2->tmp.conn_id_length=i;
s->state=SSL2_ST_GET_SERVER_HELLO_B;
- s->init_num=0;
}
/* SSL2_ST_GET_SERVER_HELLO_B */
- j=s->s2->tmp.cert_length+s->s2->tmp.csl+s->s2->tmp.conn_id_length
- - s->init_num;
- i=ssl2_read(s,(char *)&(buf[s->init_num]),j);
+ len = 11 + (unsigned long)s->s2->tmp.cert_length + (unsigned long)s->s2->tmp.csl + (unsigned long)s->s2->tmp.conn_id_length;
+ if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
+ {
+ SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_MESSAGE_TOO_LONG);
+ return -1;
+ }
+ j = (int)len - s->init_num;
+ i = ssl2_read(s,(char *)&(buf[s->init_num]),j);
if (i != j) return(ssl2_part_read(s,SSL_F_GET_SERVER_HELLO,i));
/* things are looking good */
- p=buf;
+ p = buf + 11;
if (s->hit)
{
if (s->s2->tmp.cert_length != 0)
unsigned char *p,*d;
int i;
unsigned int n;
- int cert_ch_len=0;
+ int cert_ch_len;
unsigned char *cert_ch;
buf=(unsigned char *)s->init_buf->data;
- cert_ch= &(buf[2]);
/* We have a cert associated with the SSL, so attach it to
* the session if it does not have one */
SSL2_MAX_CERT_CHALLENGE_LENGTH+1-s->init_num);
if (i<(SSL2_MIN_CERT_CHALLENGE_LENGTH+1-s->init_num))
return(ssl2_part_read(s,SSL_F_CLIENT_CERTIFICATE,i));
+ s->init_num += i;
/* type=buf[0]; */
/* type eq x509 */
SSLerr(SSL_F_CLIENT_CERTIFICATE,SSL_R_BAD_AUTHENTICATION_TYPE);
return(-1);
}
- cert_ch_len=i-1;
if ((s->cert == NULL) ||
(s->cert->key->x509 == NULL) ||
s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_C;
}
+ cert_ch = buf + 2;
+ cert_ch_len = s->init_num - 2;
+
if (s->state == SSL2_ST_X509_GET_CLIENT_CERTIFICATE)
{
X509 *x509=NULL;
static int get_server_verify(SSL *s)
{
unsigned char *p;
- int i;
+ int i, n, len;
p=(unsigned char *)s->init_buf->data;
if (s->state == SSL2_ST_GET_SERVER_VERIFY_A)
i=ssl2_read(s,(char *)&(p[s->init_num]),1-s->init_num);
if (i < (1-s->init_num))
return(ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i));
+ s->init_num += i;
s->state= SSL2_ST_GET_SERVER_VERIFY_B;
- s->init_num=0;
if (*p != SSL2_MT_SERVER_VERIFY)
{
if (p[0] != SSL2_MT_ERROR)
}
p=(unsigned char *)s->init_buf->data;
- i=ssl2_read(s,(char *)&(p[s->init_num]),
- (unsigned int)s->s2->challenge_length-s->init_num);
- if (i < ((int)s->s2->challenge_length-s->init_num))
+ len = 1 + s->s2->challenge_length;
+ n = len - s->init_num;
+ i = ssl2_read(s,(char *)&(p[s->init_num]),n);
+ if (i < n)
return(ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i));
+ p += 1;
+
if (memcmp(p,s->s2->challenge,(unsigned int)s->s2->challenge_length) != 0)
{
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
{
unsigned char *buf;
unsigned char *p;
- int i;
+ int i, n, len;
buf=(unsigned char *)s->init_buf->data;
p=buf;
i=ssl2_read(s,(char *)&(buf[s->init_num]),1-s->init_num);
if (i < (1-s->init_num))
return(ssl2_part_read(s,SSL_F_GET_SERVER_FINISHED,i));
- s->init_num=i;
+ s->init_num += i;
+
if (*p == SSL2_MT_REQUEST_CERTIFICATE)
{
s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_A;
SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_PEER_ERROR);
return(-1);
}
- s->state=SSL_ST_OK;
- s->init_num=0;
+ s->state=SSL2_ST_GET_SERVER_FINISHED_B;
}
- i=ssl2_read(s,(char *)&(buf[s->init_num]),
- SSL2_SSL_SESSION_ID_LENGTH-s->init_num);
- if (i < (SSL2_SSL_SESSION_ID_LENGTH-s->init_num))
+ len = 1 + SSL2_SSL_SESSION_ID_LENGTH;
+ n = len - s->init_num;
+ i = ssl2_read(s,(char *)&(buf[s->init_num]), n);
+ if (i < n) /* XXX could be shorter than SSL2_SSL_SESSION_ID_LENGTH, that's the maximum */
return(ssl2_part_read(s,SSL_F_GET_SERVER_FINISHED,i));
+ s->init_num += i;
if (!s->hit) /* new session */
{
}
}
}
+ s->state = SSL_ST_OK;
return(1);
}
}
/* read/writes from s->s2->mac_data using length for encrypt and
- * decrypt. It sets the s->s2->padding, s->[rw]length and
- * s->s2->pad_data ptr if we are encrypting */
+ * decrypt. It sets s->s2->padding and s->[rw]length
+ * if we are encrypting */
void ssl2_enc(SSL *s, int send)
{
EVP_CIPHER_CTX *ds;
* [including the GNU Public Licence.]
*/
/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
unsigned char mac[MAX_MAC_SIZE];
unsigned char *p;
int i;
- unsigned int mac_size=0;
+ unsigned int mac_size;
ssl2_read_again:
if (SSL_in_init(s) && !s->in_handshake)
/* Data portion */
if (s->s2->clear_text)
{
+ mac_size = 0;
s->s2->mac_data=p;
s->s2->ract_data=p;
- s->s2->pad_data=NULL;
+ if (s->s2->padding)
+ {
+ SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_ILLEGAL_PADDING);
+ return(-1);
+ }
}
else
{
mac_size=EVP_MD_size(s->read_hash);
s->s2->mac_data=p;
s->s2->ract_data= &p[mac_size];
- s->s2->pad_data= &p[mac_size+
- s->s2->rlength-s->s2->padding];
+ if (s->s2->padding + mac_size > s->s2->rlength)
+ {
+ SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_ILLEGAL_PADDING);
+ return(-1);
+ }
}
s->s2->ract_data_length=s->s2->rlength;
s->s2->wact_data= &(s->s2->wbuf[3+mac_size]);
/* we copy the data into s->s2->wbuf */
memcpy(s->s2->wact_data,buf,len);
-#ifdef PURIFY
if (p)
- memset(&(s->s2->wact_data[len]),0,p);
-#endif
+ memset(&(s->s2->wact_data[len]),0,p); /* arbitrary padding */
if (!s->s2->clear_text)
{
unsigned char *p;
int j;
- /* check for error */
- if ((s->init_num == 0) && (i >= 3))
- {
- p=(unsigned char *)s->init_buf->data;
- if (p[0] == SSL2_MT_ERROR)
- {
- j=(p[1]<<8)|p[2];
- SSLerr((int)f,ssl_mt_error(j));
- }
- }
-
if (i < 0)
{
/* ssl2_return_error(s); */
/* for non-blocking io,
- * this is not fatal */
+ * this is not necessarily fatal */
return(i);
}
else
{
s->init_num+=i;
+
+ /* Check for error. While there are recoverable errors,
+ * this function is not called when those must be expected;
+ * any error detected here is fatal. */
+ if (s->init_num >= 3)
+ {
+ p=(unsigned char *)s->init_buf->data;
+ if (p[0] == SSL2_MT_ERROR)
+ {
+ j=(p[1]<<8)|p[2];
+ SSLerr((int)f,ssl_mt_error(j));
+ s->init_num -= 3;
+ if (s->init_num > 0)
+ memmove(p, p+3, s->init_num);
+ }
+ }
+
+ /* If it's not an error message, we have some error anyway --
+ * the message was shorter than expected. This too is treated
+ * as fatal (at least if SSL_get_error is asked for its opinion). */
return(0);
}
}
ret=ssl2_write(s,&s->init_buf->data[s->init_off],s->init_num);
if (ret == s->init_num)
+ {
return(1);
+ }
if (ret < 0)
return(-1);
s->init_off+=ret;
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
#include "ssl_locl.h"
#ifndef NO_SSL2
cb=s->ctx->info_callback;
/* init things to blank */
- if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
s->in_handshake++;
+ if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
if (s->cert == NULL)
{
static int get_client_master_key(SSL *s)
{
int is_export,i,n,keya,ek;
+ unsigned long len;
unsigned char *p;
SSL_CIPHER *cp;
const EVP_CIPHER *c;
if (i < (10-s->init_num))
return(ssl2_part_read(s,SSL_F_GET_CLIENT_MASTER_KEY,i));
+ s->init_num = 10;
+
if (*(p++) != SSL2_MT_CLIENT_MASTER_KEY)
{
if (p[-1] != SSL2_MT_ERROR)
n2s(p,i); s->s2->tmp.enc=i;
n2s(p,i); s->session->key_arg_length=i;
s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B;
- s->init_num=0;
}
/* SSL2_ST_GET_CLIENT_MASTER_KEY_B */
p=(unsigned char *)s->init_buf->data;
keya=s->session->key_arg_length;
- n=s->s2->tmp.clear+s->s2->tmp.enc+keya - s->init_num;
- i=ssl2_read(s,(char *)&(p[s->init_num]),n);
+ len = 10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc + (unsigned long)keya;
+ if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
+ {
+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_MESSAGE_TOO_LONG);
+ return -1;
+ }
+ n = (int)len - s->init_num;
+ i = ssl2_read(s,(char *)&(p[s->init_num]),n);
if (i != n) return(ssl2_part_read(s,SSL_F_GET_CLIENT_MASTER_KEY,i));
+ p += 10;
memcpy(s->session->key_arg,&(p[s->s2->tmp.clear+s->s2->tmp.enc]),
(unsigned int)keya);
static int get_client_hello(SSL *s)
{
int i,n;
+ unsigned long len;
unsigned char *p;
STACK_OF(SSL_CIPHER) *cs; /* a stack of SSL_CIPHERS */
STACK_OF(SSL_CIPHER) *cl; /* the ones we want to use */
i=ssl2_read(s,(char *)&(p[s->init_num]),9-s->init_num);
if (i < (9-s->init_num))
return(ssl2_part_read(s,SSL_F_GET_CLIENT_HELLO,i));
+ s->init_num = 9;
if (*(p++) != SSL2_MT_CLIENT_HELLO)
{
return(-1);
}
s->state=SSL2_ST_GET_CLIENT_HELLO_C;
- s->init_num=0;
}
/* SSL2_ST_GET_CLIENT_HELLO_C */
p=(unsigned char *)s->init_buf->data;
- n=s->s2->tmp.cipher_spec_length+s->s2->challenge_length+
- s->s2->tmp.session_id_length-s->init_num;
- i=ssl2_read(s,(char *)&(p[s->init_num]),n);
+ len = 9 + (unsigned long)s->s2->tmp.cipher_spec_length + (unsigned long)s->s2->challenge_length + (unsigned long)s->s2->tmp.session_id_length;
+ if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
+ {
+ SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_MESSAGE_TOO_LONG);
+ return -1;
+ }
+ n = (int)len - s->init_num;
+ i = ssl2_read(s,(char *)&(p[s->init_num]),n);
if (i != n) return(ssl2_part_read(s,SSL_F_GET_CLIENT_HELLO,i));
+ p += 9;
/* get session-id before cipher stuff so we can get out session
* structure if it is cached */
static int get_client_finished(SSL *s)
{
unsigned char *p;
- int i;
+ int i, n;
+ unsigned long len;
p=(unsigned char *)s->init_buf->data;
if (s->state == SSL2_ST_GET_CLIENT_FINISHED_A)
i=ssl2_read(s,(char *)&(p[s->init_num]),1-s->init_num);
if (i < 1-s->init_num)
return(ssl2_part_read(s,SSL_F_GET_CLIENT_FINISHED,i));
+ s->init_num += i;
if (*p != SSL2_MT_CLIENT_FINISHED)
{
SSLerr(SSL_F_GET_CLIENT_FINISHED,SSL_R_PEER_ERROR);
return(-1);
}
- s->init_num=0;
s->state=SSL2_ST_GET_CLIENT_FINISHED_B;
}
/* SSL2_ST_GET_CLIENT_FINISHED_B */
- i=ssl2_read(s,(char *)&(p[s->init_num]),s->s2->conn_id_length-s->init_num);
- if (i < (int)s->s2->conn_id_length-s->init_num)
+ len = 1 + (unsigned long)s->s2->conn_id_length;
+ n = (int)len - s->init_num;
+ i = ssl2_read(s,(char *)&(p[s->init_num]),n);
+ if (i < n)
{
return(ssl2_part_read(s,SSL_F_GET_CLIENT_FINISHED,i));
}
+ p += 1;
if (memcmp(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length) != 0)
{
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
unsigned char *p,*p2,*buf2;
unsigned char *ccd;
int i,j,ctype,ret= -1;
+ unsigned long len;
X509 *x509=NULL;
STACK_OF(X509) *sk=NULL;
if (s->state == SSL2_ST_SEND_REQUEST_CERTIFICATE_C)
{
p=(unsigned char *)s->init_buf->data;
- i=ssl2_read(s,(char *)&(p[s->init_num]),6-s->init_num);
- if (i < 3)
+ i=ssl2_read(s,(char *)&(p[s->init_num]),6-s->init_num); /* try to read 6 octets ... */
+ if (i < 3-s->init_num) /* ... but don't call ssl2_part_read now if we got at least 3
+ * (probably NO-CERTIFICATE-ERROR) */
{
ret=ssl2_part_read(s,SSL_F_REQUEST_CERTIFICATE,i);
goto end;
}
+ s->init_num += i;
- if ((*p == SSL2_MT_ERROR) && (i >= 3))
+ if ((s->init_num >= 3) && (p[0] == SSL2_MT_ERROR))
{
n2s(p,i);
+ if (i != SSL2_PE_NO_CERTIFICATE)
+ {
+ /* not the error message we expected -- let ssl2_part_read handle it */
+ s->init_num -= 3;
+ ret = ssl2_part_read(s,SSL_F_REQUEST_CERTIFICATE, 3);
+ goto end;
+ }
+
+ /* this is the one place where we can recover from an SSL 2.0 error */
+
if (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
{
ssl2_return_error(s,SSL2_PE_BAD_CERTIFICATE);
ret=1;
goto end;
}
- if ((*(p++) != SSL2_MT_CLIENT_CERTIFICATE) || (i < 6))
+ if ((*(p++) != SSL2_MT_CLIENT_CERTIFICATE) || (s->init_num < 6))
{
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_SHORT_READ);
goto end;
}
+ if (s->init_num != 6)
+ {
+ SSLerr(SSL_F_REQUEST_CERTIFICATE, SSL_R_INTERNAL_ERROR);
+ goto end;
+ }
+
/* ok we have a response */
/* certificate type, there is only one right now. */
ctype= *(p++);
n2s(p,i); s->s2->tmp.clen=i;
n2s(p,i); s->s2->tmp.rlen=i;
s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_D;
- s->init_num=0;
}
/* SSL2_ST_SEND_REQUEST_CERTIFICATE_D */
p=(unsigned char *)s->init_buf->data;
- j=s->s2->tmp.clen+s->s2->tmp.rlen-s->init_num;
- i=ssl2_read(s,(char *)&(p[s->init_num]),j);
+ len = 6 + (unsigned long)s->s2->tmp.clen + (unsigned long)s->s2->tmp.rlen;
+ if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
+ {
+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_MESSAGE_TOO_LONG);
+ goto end;
+ }
+ j = (int)len - s->init_num;
+ i = ssl2_read(s,(char *)&(p[s->init_num]),j);
if (i < j)
{
ret=ssl2_part_read(s,SSL_F_REQUEST_CERTIFICATE,i);
goto end;
}
+ p += 6;
x509=(X509 *)d2i_X509(NULL,&p,(long)s->s2->tmp.clen);
if (x509 == NULL)
* if their format is correct. Does not count for
* 'Finished' MAC. */
if (p[1] == 0 && p[2] == 0 &&p[3] == 0)
+ {
+ s->init_num = 0;
skip_message = 1;
+ }
+
}
while (skip_message);
/* next state (stn) */
p=(unsigned char *)s->init_buf->data;
n=s->s3->tmp.message_size;
+ n -= s->init_num;
while (n > 0)
{
i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n,0);
else if (s->ctx->info_callback != NULL)
cb=s->ctx->info_callback;
- if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
s->in_handshake++;
+ if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
for (;;)
{
skip=0;
}
end:
+ s->in_handshake--;
if (cb != NULL)
cb(s,SSL_CB_CONNECT_EXIT,ret);
- s->in_handshake--;
return(ret);
}
DH *dh=NULL;
#endif
+ /* use same message size as in ssl3_get_certificate_request()
+ * as ServerKeyExchange message may be skipped */
n=ssl3_get_message(s,
SSL3_ST_CR_KEY_EXCH_A,
SSL3_ST_CR_KEY_EXCH_B,
-1,
- 1024*8, /* ?? */
+#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32)
+ 1024*30, /* 30k max cert list :-) */
+#else
+ 1024*100, /* 100k max cert list :-) */
+#endif
&ok);
if (!ok) return((int)n);
if (l == 0 || l%bs != 0)
{
SSLerr(SSL_F_SSL3_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPT_ERROR);
- return(0);
+ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
+ return 0;
}
}
* padding bytes (except that last) are arbitrary */
if (i > bs)
{
- SSLerr(SSL_F_SSL3_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPT_ERROR);
- return(0);
+ /* Incorrect padding. SSLerr() and ssl3_alert are done
+ * by caller: we don't want to reveal whether this is
+ * a decryption error or a MAC verification failure
+ * (see http://www.openssl.org/~bodo/tls-cbc.txt) */
+ return -1;
}
rec->length-=i;
}
static int ssl3_get_record(SSL *s)
{
int ssl_major,ssl_minor,al;
- int n,i,ret= -1;
+ int enc_err,n,i,ret= -1;
SSL3_RECORD *rr;
SSL_SESSION *sess;
unsigned char *p;
/* decrypt in place in 'rr->input' */
rr->data=rr->input;
- if (!s->method->ssl3_enc->enc(s,0))
+ enc_err = s->method->ssl3_enc->enc(s,0);
+ if (enc_err <= 0)
{
- al=SSL_AD_DECRYPT_ERROR;
- goto f_err;
+ if (enc_err == 0)
+ /* SSLerr() and ssl3_send_alert() have been called */
+ goto err;
+
+ /* otherwise enc_err == -1 */
+ goto decryption_failed_or_bad_record_mac;
}
+
#ifdef TLS_DEBUG
printf("dec %d\n",rr->length);
{ unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); }
printf("\n");
#endif
+
/* r->length is now the compressed data plus mac */
if ( (sess == NULL) ||
(s->enc_read_ctx == NULL) ||
if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size)
{
+#if 0 /* OK only for stream ciphers (then rr->length is visible from ciphertext anyway) */
al=SSL_AD_RECORD_OVERFLOW;
SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
goto f_err;
+#else
+ goto decryption_failed_or_bad_record_mac;
+#endif
}
/* check the MAC for rr->input (it's in mac_size bytes at the tail) */
if (rr->length < mac_size)
{
+#if 0 /* OK only for stream ciphers */
al=SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
goto f_err;
+#else
+ goto decryption_failed_or_bad_record_mac;
+#endif
}
rr->length-=mac_size;
i=s->method->ssl3_enc->mac(s,md,0);
if (memcmp(md,&(rr->data[rr->length]),mac_size) != 0)
{
- al=SSL_AD_BAD_RECORD_MAC;
- SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_MAC_DECODE);
- ret= -1;
- goto f_err;
+ goto decryption_failed_or_bad_record_mac;
}
}
if (rr->length == 0) goto again;
return(1);
+
+decryption_failed_or_bad_record_mac:
+ /* Separate 'decryption_failed' alert was introduced with TLS 1.0,
+ * SSL 3.0 only has 'bad_record_mac'. But unless a decryption
+ * failure is directly visible from the ciphertext anyway,
+ * we should not reveal which kind of error occured -- this
+ * might become visible to an attacker (e.g. via logfile) */
+ al=SSL_AD_BAD_RECORD_MAC;
+ SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
f_err:
ssl3_send_alert(s,SSL3_AL_FATAL,al);
err:
{
/* Map tls/ssl alert value to correct one */
desc=s->method->ssl3_enc->alert_value(desc);
+ if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION)
+ desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have protocol_version alerts */
if (desc < 0) return;
/* If a fatal one, remove from cache */
if ((level == 2) && (s->session != NULL))
s->s3->alert_dispatch=1;
s->s3->send_alert[0]=level;
s->s3->send_alert[1]=desc;
- if (s->s3->wbuf.left == 0) /* data still being written out */
+ if (s->s3->wbuf.left == 0) /* data still being written out? */
ssl3_dispatch_alert(s);
/* else data is still being written out, we will get written
* some time in the future */
}
else
{
- /* If it is important, send it now. If the message
- * does not get sent due to non-blocking IO, we will
- * not worry too much. */
+ /* Alert sent to BIO. If it is important, flush it now.
+ * If the message does not get sent due to non-blocking IO,
+ * we will not worry too much. */
if (s->s3->send_alert[0] == SSL3_AL_FATAL)
(void)BIO_flush(s->wbio);
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
#define REUSE_CIPHER_BUG
#define NETSCAPE_HANG_BUG
long num1;
int ret= -1;
int new_state,state,skip=0;
+ int got_new_session=0;
RAND_add(&Time,sizeof(Time),0);
ERR_clear_error();
cb=s->ctx->info_callback;
/* init things to blank */
- if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
s->in_handshake++;
+ if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
if (s->cert == NULL)
{
goto end;
}
- /* Ok, we now need to push on a buffering BIO so that
- * the output is sent in a way that TCP likes :-)
- */
- if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; }
-
s->init_num=0;
if (s->state != SSL_ST_RENEGOTIATE)
{
+ /* Ok, we now need to push on a buffering BIO so that
+ * the output is sent in a way that TCP likes :-)
+ */
+ if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; }
+
ssl3_init_finished_mac(s);
s->state=SSL3_ST_SR_CLNT_HELLO_A;
s->ctx->stats.sess_accept++;
}
else
{
+ /* s->state == SSL_ST_RENEGOTIATE,
+ * we will just send a HelloRequest */
s->ctx->stats.sess_accept_renegotiate++;
s->state=SSL3_ST_SW_HELLO_REQ_A;
}
case SSL3_ST_SW_HELLO_REQ_C:
s->state=SSL_ST_OK;
- ret=1;
- goto end;
- /* break; */
+ break;
case SSL3_ST_SR_CLNT_HELLO_A:
case SSL3_ST_SR_CLNT_HELLO_B:
s->shutdown=0;
ret=ssl3_get_client_hello(s);
if (ret <= 0) goto end;
+ got_new_session=1;
s->state=SSL3_ST_SW_SRVR_HELLO_A;
s->init_num=0;
break;
/* remove buffering on output */
ssl_free_wbio_buffer(s);
- s->new_session=0;
s->init_num=0;
- ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
-
- s->ctx->stats.sess_accept_good++;
- /* s->server=1; */
- s->handshake_func=ssl3_accept;
- ret=1;
-
- if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
-
+ if (got_new_session) /* skipped if we just sent a HelloRequest */
+ {
+ /* actually not necessarily a 'new' session */
+
+ s->new_session=0;
+
+ ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
+
+ s->ctx->stats.sess_accept_good++;
+ /* s->server=1; */
+ s->handshake_func=ssl3_accept;
+
+ if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
+ }
+
+ ret = 1;
goto end;
/* break; */
end:
/* BIO_flush(s->wbio); */
+ s->in_handshake--;
if (cb != NULL)
cb(s,SSL_CB_ACCEPT_EXIT,ret);
- s->in_handshake--;
return(ret);
}
int ok;
long n;
+ /* this function is called when we really expect a Certificate message,
+ * so permit appropriate message length */
n=ssl3_get_message(s,
SSL3_ST_SR_CERT_A,
SSL3_ST_SR_CERT_B,
-1,
- SSL3_RT_MAX_PLAIN_LENGTH,
+#if defined(MSDOS) && !defined(WIN32)
+ 1024*30, /* 30k max cert list :-) */
+#else
+ 1024*100, /* 100k max cert list :-) */
+#endif
&ok);
if (!ok) return((int)n);
s->s3->tmp.reuse_message = 1;
s->client_version=(((int)p[0])<<8)|(int)p[1];
p+=2;
+ if (s->client_version < s->version)
+ {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER);
+ if ((s->client_version>>8) == SSL3_VERSION_MAJOR)
+ {
+ /* similar to ssl3_get_record, send alert using remote version number */
+ s->version = s->client_version;
+ }
+ al = SSL_AD_PROTOCOL_VERSION;
+ goto f_err;
+ }
+
/* load the client random */
memcpy(s->s3->client_random,p,SSL3_RANDOM_SIZE);
p+=SSL3_RANDOM_SIZE;
SSL3_ST_SR_KEY_EXCH_A,
SSL3_ST_SR_KEY_EXCH_B,
SSL3_MT_CLIENT_KEY_EXCHANGE,
- 400, /* ???? */
+ 2048, /* ???? */
&ok);
if (!ok) return((int)n);
$! Save directory information
$!
$ __HERE = F$PARSE(F$PARSE("A.;",F$ENVIRONMENT("PROCEDURE"))-"A.;","[]A.;") - "A.;"
+$ __HERE = F$EDIT(__HERE,"UPCASE")
$ __TOP = __HERE - "SSL]"
$ __INCLUDE = __TOP + "INCLUDE.OPENSSL]"
$!
int server; /* are we the server side? - mostly used by SSL_clear*/
- int new_session;/* 1 if we are to use a new session */
+ int new_session;/* 1 if we are to use a new session.
+ * NB: For servers, the 'new' session may actually be a previously
+ * cached session or even the previous session */
int quiet_shutdown;/* don't send shutdown packets */
int shutdown; /* we have shut things down, 0x01 sent, 0x02
* for received */
const char * SSL_CIPHER_get_name(SSL_CIPHER *c);
int SSL_get_fd(SSL *s);
+int SSL_get_rfd(SSL *s);
+int SSL_get_wfd(SSL *s);
const char * SSL_get_cipher_list(SSL *s,int n);
char * SSL_get_shared_ciphers(SSL *s, char *buf, int len);
int SSL_get_read_ahead(SSL * s);
#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145
#define SSL_R_DATA_LENGTH_TOO_LONG 146
#define SSL_R_DECRYPTION_FAILED 147
+#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 1109
#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148
#define SSL_R_DIGEST_CHECK_FAILED 149
#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150
#define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154
#define SSL_R_HTTPS_PROXY_REQUEST 155
#define SSL_R_HTTP_REQUEST 156
+#define SSL_R_ILLEGAL_PADDING 1110
#define SSL_R_INTERNAL_ERROR 157
#define SSL_R_INVALID_CHALLENGE_LENGTH 158
#define SSL_R_INVALID_COMMAND 280
#define SSL_R_LENGTH_TOO_SHORT 160
#define SSL_R_LIBRARY_BUG 274
#define SSL_R_LIBRARY_HAS_NO_CIPHERS 161
+#define SSL_R_MESSAGE_TOO_LONG 1111
#define SSL_R_MISSING_DH_DSA_CERT 162
#define SSL_R_MISSING_DH_KEY 163
#define SSL_R_MISSING_DH_RSA_CERT 164
unsigned char *ract_data;
unsigned char *wact_data;
unsigned char *mac_data;
- unsigned char *pad_data;
+ unsigned char *pad_data_UNUSED; /* only for binary compatibility with 0.9.6b */
unsigned char *read_key;
unsigned char *write_key;
unsigned int conn_id_length;
unsigned int cert_type;
unsigned int cert_length;
- int csl;
- int clear;
+ unsigned int csl;
+ unsigned int clear;
unsigned int enc;
unsigned char ccl[SSL2_MAX_CERT_CHALLENGE_LENGTH];
- int cipher_spec_length;
+ unsigned int cipher_spec_length;
unsigned int session_id_length;
unsigned int clen;
unsigned int rlen;
X509_STORE_CTX_purpose_inherit(&ctx, i, s->purpose, s->trust);
+ if (s->verify_callback)
+ X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback);
+
if (s->ctx->app_verify_callback != NULL)
i=s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */
else
{SSL_R_DATA_BETWEEN_CCS_AND_FINISHED ,"data between ccs and finished"},
{SSL_R_DATA_LENGTH_TOO_LONG ,"data length too long"},
{SSL_R_DECRYPTION_FAILED ,"decryption failed"},
+{SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC,"decryption failed or bad record mac"},
{SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG ,"dh public value length is wrong"},
{SSL_R_DIGEST_CHECK_FAILED ,"digest check failed"},
{SSL_R_ENCRYPTED_LENGTH_TOO_LONG ,"encrypted length too long"},
{SSL_R_GOT_A_FIN_BEFORE_A_CCS ,"got a fin before a ccs"},
{SSL_R_HTTPS_PROXY_REQUEST ,"https proxy request"},
{SSL_R_HTTP_REQUEST ,"http request"},
+{SSL_R_ILLEGAL_PADDING ,"illegal padding"},
{SSL_R_INTERNAL_ERROR ,"internal error"},
{SSL_R_INVALID_CHALLENGE_LENGTH ,"invalid challenge length"},
{SSL_R_INVALID_COMMAND ,"invalid command"},
{SSL_R_LENGTH_TOO_SHORT ,"length too short"},
{SSL_R_LIBRARY_BUG ,"library bug"},
{SSL_R_LIBRARY_HAS_NO_CIPHERS ,"library has no ciphers"},
+{SSL_R_MESSAGE_TOO_LONG ,"message too long"},
{SSL_R_MISSING_DH_DSA_CERT ,"missing dh dsa cert"},
{SSL_R_MISSING_DH_KEY ,"missing dh key"},
{SSL_R_MISSING_DH_RSA_CERT ,"missing dh rsa cert"},
#if 1
/* Check to see if we were changed into a different method, if
* so, revert back if we are not doing session-id reuse. */
- if ((s->session == NULL) && (s->method != s->ctx->method))
+ if (!s->in_handshake && (s->session == NULL) && (s->method != s->ctx->method))
{
s->method->ssl_free(s);
s->method=s->ctx->method;
{ return(s->wbio); }
int SSL_get_fd(SSL *s)
+ {
+ return(SSL_get_rfd(s));
+ }
+
+int SSL_get_rfd(SSL *s)
{
int ret= -1;
BIO *b,*r;
return(ret);
}
+int SSL_get_wfd(SSL *s)
+ {
+ int ret= -1;
+ BIO *b,*r;
+
+ b=SSL_get_wbio(s);
+ r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR);
+ if (r != NULL)
+ BIO_get_fd(r,&ret);
+ return(ret);
+ }
+
#ifndef NO_SOCK
int SSL_set_fd(SSL *s,int fd)
{
{
ctx->verify_mode=mode;
ctx->default_verify_callback=cb;
- /* This needs cleaning up EAY EAY EAY */
- X509_STORE_set_verify_cb_func(ctx->cert_store,cb);
}
void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth)
case SSL3_ST_CW_KEY_EXCH_A: str="SSLv3 write client key exchange A"; break;
case SSL3_ST_CW_KEY_EXCH_B: str="SSLv3 write client key exchange B"; break;
case SSL3_ST_CW_CERT_VRFY_A: str="SSLv3 write certificate verify A"; break;
-case SSL3_ST_CW_CERT_VRFY_B: str="SSLv3 write certificate verify A"; break;
+case SSL3_ST_CW_CERT_VRFY_B: str="SSLv3 write certificate verify B"; break;
case SSL3_ST_CW_CHANGE_A:
case SSL3_ST_SW_CHANGE_A: str="SSLv3 write change cipher spec A"; break;
case SSL3_ST_CW_FINISHED_A:
case SSL3_ST_SW_FINISHED_A: str="SSLv3 write finished A"; break;
case SSL3_ST_CW_FINISHED_B:
-case SSL3_ST_SW_FINISHED_B: str="SSLv3 write finished A"; break;
+case SSL3_ST_SW_FINISHED_B: str="SSLv3 write finished B"; break;
case SSL3_ST_CR_CHANGE_A:
case SSL3_ST_SR_CHANGE_A: str="SSLv3 read change cipher spec A"; break;
case SSL3_ST_CR_CHANGE_B:
case SSL3_AD_CERTIFICATE_EXPIRED: str="CE"; break;
case SSL3_AD_CERTIFICATE_UNKNOWN: str="CU"; break;
case SSL3_AD_ILLEGAL_PARAMETER: str="IP"; break;
+ case TLS1_AD_DECRYPTION_FAILED: str="DC"; break;
+ case TLS1_AD_RECORD_OVERFLOW: str="RO"; break;
+ case TLS1_AD_UNKNOWN_CA: str="CA"; break;
+ case TLS1_AD_ACCESS_DENIED: str="AD"; break;
+ case TLS1_AD_DECODE_ERROR: str="DE"; break;
+ case TLS1_AD_DECRYPT_ERROR: str="CY"; break;
+ case TLS1_AD_EXPORT_RESTRICTION: str="ER"; break;
+ case TLS1_AD_PROTOCOL_VERSION: str="PV"; break;
+ case TLS1_AD_INSUFFICIENT_SECURITY: str="IS"; break;
+ case TLS1_AD_INTERNAL_ERROR: str="IE"; break;
+ case TLS1_AD_USER_CANCELLED: str="US"; break;
+ case TLS1_AD_NO_RENEGOTIATION: str="NR"; break;
default: str="UK"; break;
}
return(str);
case SSL3_AD_ILLEGAL_PARAMETER:
str="illegal parameter";
break;
+ case TLS1_AD_DECRYPTION_FAILED:
+ str="decryption failed";
+ break;
+ case TLS1_AD_RECORD_OVERFLOW:
+ str="record overflow";
+ break;
+ case TLS1_AD_UNKNOWN_CA:
+ str="unknown CA";
+ break;
+ case TLS1_AD_ACCESS_DENIED:
+ str="access denied";
+ break;
+ case TLS1_AD_DECODE_ERROR:
+ str="decode error";
+ break;
+ case TLS1_AD_DECRYPT_ERROR:
+ str="decrypt error";
+ break;
+ case TLS1_AD_EXPORT_RESTRICTION:
+ str="export restriction";
+ break;
+ case TLS1_AD_PROTOCOL_VERSION:
+ str="protocol version";
+ break;
+ case TLS1_AD_INSUFFICIENT_SECURITY:
+ str="insufficient security";
+ break;
+ case TLS1_AD_INTERNAL_ERROR:
+ str="internal error";
+ break;
+ case TLS1_AD_USER_CANCELLED:
+ str="user canceled";
+ break;
+ case TLS1_AD_NO_RENEGOTIATION:
+ str="no renegotiation";
+ break;
default: str="unknown"; break;
}
return(str);
if (l == 0 || l%bs != 0)
{
SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPT_ERROR);
- return(0);
+ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
+ return 0;
}
}
* All of them must have value 'padding_length'. */
if (i > (int)rec->length)
{
- SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
- return(0);
+ /* Incorrect padding. SSLerr() and ssl3_alert are done
+ * by caller: we don't want to reveal whether this is
+ * a decryption error or a MAC verification failure
+ * (see http://www.openssl.org/~bodo/tls-cbc.txt) */
+ return -1;
}
for (j=(int)(l-i); j<(int)l; j++)
{
if (rec->data[j] != ii)
{
- SSLerr(SSL_F_TLS1_ENC,SSL_R_DECRYPTION_FAILED);
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
- return(0);
+ /* Incorrect padding */
+ return -1;
}
}
rec->length-=i;
$! Save directory information
$!
$ __HERE = F$PARSE(F$PARSE("A.;",F$ENVIRONMENT("PROCEDURE"))-"A.;","[]A.;") - "A.;"
+$ __HERE = F$EDIT(__HERE,"UPCASE")
$ __TOP = __HERE - "TEST]"
$ __INCLUDE = __TOP + "INCLUDE.OPENSSL]"
$!
echo
echo "make a certificate request using 'req'"
+echo "string to make the random number generator think it has entropy" >> ./.rnd
+
if ../apps/openssl no-rsa; then
req_new='-newkey dsa:../apps/dsa512.pem'
else
ENGINE_get_DSA 2520 EXIST::FUNCTION:
ENGINE_get_ctrl_function 2521 EXIST::FUNCTION:
ENGINE_set_ctrl_function 2522 EXIST::FUNCTION:
+BN_pseudo_rand_range 2523 EXIST::FUNCTION:
+X509_STORE_CTX_set_verify_cb 2524 EXIST::FUNCTION:
SSL_CTX_callback_ctrl 243 EXIST::FUNCTION:
SSL_callback_ctrl 244 EXIST::FUNCTION:
SSL_CTX_sessions 245 EXIST::FUNCTION:
+SSL_get_rfd 246 EXIST::FUNCTION:
+SSL_get_wfd 247 EXIST::FUNCTION:
projects / oweals / openssl.git / commitdiff