From 14023fe3521db8c2b984c44eb53ecfe498b1a01e Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 3 Apr 2009 11:45:19 +0000 Subject: [PATCH] Merge from 1.0.0-stable branch. --- CHANGES | 7 ++ NEWS | 1 + STATUS | 4 +- TABLE | 2 +- apps/ocsp.c | 2 + crypto/asn1/asn1.h | 4 +- crypto/asn1/asn1_err.c | 4 +- crypto/des/enc_read.c | 2 +- crypto/objects/obj_xref.h | 2 +- crypto/pkcs12/p12_kiss.c | 163 ++++++++++++++++++++------------------ crypto/stack/safestack.h | 23 ------ crypto/x509v3/pcy_tree.c | 2 +- demos/pkcs12/pkread.c | 2 +- doc/apps/x509.pod | 5 ++ engines/ccgost/Makefile | 2 +- ssl/d1_clnt.c | 2 - test/Makefile | 6 +- 17 files changed, 116 insertions(+), 117 deletions(-) diff --git a/CHANGES b/CHANGES index 14ffb4083e..f17154b8e3 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,13 @@ Changes between 0.9.8k and 1.0 [xx XXX xxxx] + *) Alter match criteria in PKCS12_parse(). It used to try to use local + key ids to find matching certificates and keys but some PKCS#12 files + don't follow the (somewhat unwritten) rules and this strategy fails. + Now just gather all certificates together and the first private key + then look for the first certificate that matches the key. + [Steve Henson] + *) Support use of registered digest and cipher names for dgst and cipher commands instead of having to add each one as a special case. So now you can do: diff --git a/NEWS b/NEWS index 91914af30b..d4841f9a62 100644 --- a/NEWS +++ b/NEWS @@ -27,6 +27,7 @@ o ecdsa-with-SHA224/256/384/512 signature types. o dsa-with-SHA224 and dsa-with-SHA256 signature types. o Opaque PRF Input TLS extension support. + o Updated time routines to avoid OS limitations. Major changes between OpenSSL 0.9.8j and OpenSSL 0.9.8k: diff --git a/STATUS b/STATUS index 6c368603d7..1d4f8b9fbe 100644 --- a/STATUS +++ b/STATUS @@ -1,10 +1,10 @@ OpenSSL STATUS Last modified at - ______________ $Date: 2009/03/30 11:33:03 $ + ______________ $Date: 2009/04/03 11:45:14 $ DEVELOPMENT STATE - o OpenSSL 1.0: Under development... + o OpenSSL 1.0.0-beta1: Released on April 1st, 2009 o OpenSSL 0.9.8h: Released on May 28th, 2008 o OpenSSL 0.9.8g: Released on October 19th, 2007 o OpenSSL 0.9.8f: Released on October 11th, 2007 diff --git a/TABLE b/TABLE index eedbecced9..fffc6bdb80 100644 --- a/TABLE +++ b/TABLE @@ -1366,7 +1366,7 @@ $multilib = *** debug-ben-debug $cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe +$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -DBN_DEBUG -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -g3 -O2 -pipe $unistd = $thread_cflag = (unknown) $sys_id = diff --git a/apps/ocsp.c b/apps/ocsp.c index 43179c77b8..a8e00fd0ed 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -62,6 +62,8 @@ on OpenVMS */ #endif +#define USE_SOCKETS + #include #include #include diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index 6129d0a1cf..8f5b0517e9 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -1278,7 +1278,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_BAD_OBJECT_HEADER 102 #define ASN1_R_BAD_PASSWORD_READ 103 #define ASN1_R_BAD_TAG 104 -#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 210 +#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 214 #define ASN1_R_BN_LIB 105 #define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106 #define ASN1_R_BUFFER_TOO_SMALL 107 @@ -1370,7 +1370,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157 #define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 158 #define ASN1_R_UNEXPECTED_EOC 159 -#define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 211 +#define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 215 #define ASN1_R_UNKNOWN_FORMAT 160 #define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161 #define ASN1_R_UNKNOWN_OBJECT_TYPE 162 diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c index cdee663834..82496b3698 100644 --- a/crypto/asn1/asn1_err.c +++ b/crypto/asn1/asn1_err.c @@ -1,6 +1,6 @@ /* crypto/asn1/asn1_err.c */ /* ==================================================================== - * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -176,7 +176,7 @@ static ERR_STRING_DATA ASN1_str_functs[]= {ERR_FUNC(ASN1_F_PKCS5_PBE2_SET_IV), "PKCS5_pbe2_set_iv"}, {ERR_FUNC(ASN1_F_PKCS5_PBE_SET), "PKCS5_pbe_set"}, {ERR_FUNC(ASN1_F_PKCS5_PBE_SET0_ALGOR), "PKCS5_pbe_set0_algor"}, -{ERR_FUNC(ASN1_F_SMIME_READ_ASN1), "SMIME_read_asn1"}, +{ERR_FUNC(ASN1_F_SMIME_READ_ASN1), "SMIME_read_ASN1"}, {ERR_FUNC(ASN1_F_SMIME_TEXT), "SMIME_text"}, {ERR_FUNC(ASN1_F_X509_CINF_NEW), "X509_CINF_NEW"}, {ERR_FUNC(ASN1_F_X509_CRL_ADD0_REVOKED), "X509_CRL_add0_revoked"}, diff --git a/crypto/des/enc_read.c b/crypto/des/enc_read.c index e7c853f5cc..edb6620d08 100644 --- a/crypto/des/enc_read.c +++ b/crypto/des/enc_read.c @@ -150,7 +150,7 @@ int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched, /* first - get the length */ while (net_num < HDRSIZE) { -#ifndef _WIN32 +#ifndef OPENSSL_SYS_WIN32 i=read(fd,(void *)&(net[net_num]),HDRSIZE-net_num); #else i=_read(fd,(void *)&(net[net_num]),HDRSIZE-net_num); diff --git a/crypto/objects/obj_xref.h b/crypto/objects/obj_xref.h index d5b9b8e198..7836f01d95 100644 --- a/crypto/objects/obj_xref.h +++ b/crypto/objects/obj_xref.h @@ -1,4 +1,4 @@ -/* AUTOGENERATED BY objxref.pl, DO NOT EDIT */ +/* AUTOGENERATED BY crypto/objects/objxref.pl, DO NOT EDIT */ typedef struct { diff --git a/crypto/pkcs12/p12_kiss.c b/crypto/pkcs12/p12_kiss.c index 5c4c6ec988..10ee5e7b94 100644 --- a/crypto/pkcs12/p12_kiss.c +++ b/crypto/pkcs12/p12_kiss.c @@ -63,16 +63,13 @@ /* Simplified PKCS#12 routines */ static int parse_pk12( PKCS12 *p12, const char *pass, int passlen, - EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca); + EVP_PKEY **pkey, STACK_OF(X509) *ocerts); static int parse_bags( STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, - int passlen, EVP_PKEY **pkey, X509 **cert, - STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid, - char *keymatch); + int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts); static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen, - EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca, - ASN1_OCTET_STRING **keyid, char *keymatch); + EVP_PKEY **pkey, STACK_OF(X509) *ocerts); /* Parse and decrypt a PKCS#12 structure returning user key, user cert * and other (CA) certs. Note either ca should be NULL, *ca should be NULL, @@ -83,24 +80,20 @@ static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen, int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca) { - + STACK_OF(X509) *ocerts = NULL; + X509 *x; /* Check for NULL PKCS12 structure */ - if(!p12) { + if(!p12) + { PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_INVALID_NULL_PKCS12_POINTER); return 0; - } - - /* Allocate stack for ca certificates if needed */ - if ((ca != NULL) && (*ca == NULL)) { - if (!(*ca = sk_X509_new_null())) { - PKCS12err(PKCS12_F_PKCS12_PARSE,ERR_R_MALLOC_FAILURE); - return 0; } - } - if(pkey) *pkey = NULL; - if(cert) *cert = NULL; + if(pkey) + *pkey = NULL; + if(cert) + *cert = NULL; /* Check the mac */ @@ -122,19 +115,61 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, goto err; } - if (!parse_pk12 (p12, pass, -1, pkey, cert, ca)) + /* Allocate stack for other certificates */ + ocerts = sk_X509_new_null(); + + if (!ocerts) + { + PKCS12err(PKCS12_F_PKCS12_PARSE,ERR_R_MALLOC_FAILURE); + return 0; + } + + if (!parse_pk12 (p12, pass, -1, pkey, ocerts)) { PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_PARSE_ERROR); goto err; } + while ((x = sk_X509_pop(ocerts))) + { + if (pkey && *pkey && cert && !*cert) + { + if (X509_check_private_key(x, *pkey)) + { + *cert = x; + x = NULL; + } + } + + if (ca && x) + { + if (!*ca) + *ca = sk_X509_new_null(); + if (!*ca) + goto err; + if (!sk_X509_push(*ca, x)) + goto err; + x = NULL; + } + if (x) + X509_free(x); + } + + if (ocerts) + sk_X509_pop_free(ocerts, X509_free); + return 1; err: - if (pkey && *pkey) EVP_PKEY_free(*pkey); - if (cert && *cert) X509_free(*cert); - if (ca) sk_X509_pop_free(*ca, X509_free); + if (pkey && *pkey) + EVP_PKEY_free(*pkey); + if (cert && *cert) + X509_free(*cert); + if (x) + X509_free(*cert); + if (ocerts) + sk_X509_pop_free(ocerts, X509_free); return 0; } @@ -142,15 +177,13 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, /* Parse the outer PKCS#12 structure */ static int parse_pk12(PKCS12 *p12, const char *pass, int passlen, - EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca) + EVP_PKEY **pkey, STACK_OF(X509) *ocerts) { STACK_OF(PKCS7) *asafes; STACK_OF(PKCS12_SAFEBAG) *bags; int i, bagnid; PKCS7 *p7; - ASN1_OCTET_STRING *keyid = NULL; - char keymatch = 0; if (!(asafes = PKCS12_unpack_authsafes (p12))) return 0; for (i = 0; i < sk_PKCS7_num (asafes); i++) { p7 = sk_PKCS7_value (asafes, i); @@ -164,8 +197,7 @@ static int parse_pk12(PKCS12 *p12, const char *pass, int passlen, sk_PKCS7_pop_free(asafes, PKCS7_free); return 0; } - if (!parse_bags(bags, pass, passlen, pkey, cert, ca, - &keyid, &keymatch)) { + if (!parse_bags(bags, pass, passlen, pkey, ocerts)) { sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); sk_PKCS7_pop_free(asafes, PKCS7_free); return 0; @@ -173,89 +205,65 @@ static int parse_pk12(PKCS12 *p12, const char *pass, int passlen, sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); } sk_PKCS7_pop_free(asafes, PKCS7_free); - if (keyid) M_ASN1_OCTET_STRING_free(keyid); return 1; } static int parse_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, - int passlen, EVP_PKEY **pkey, X509 **cert, - STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid, - char *keymatch) + int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts) { int i; for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) { if (!parse_bag(sk_PKCS12_SAFEBAG_value (bags, i), - pass, passlen, pkey, cert, ca, keyid, - keymatch)) return 0; + pass, passlen, pkey, ocerts)) + return 0; } return 1; } -#define MATCH_KEY 0x1 -#define MATCH_CERT 0x2 -#define MATCH_ALL 0x3 - static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, - EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca, - ASN1_OCTET_STRING **keyid, - char *keymatch) + EVP_PKEY **pkey, STACK_OF(X509) *ocerts) { PKCS8_PRIV_KEY_INFO *p8; X509 *x509; - ASN1_OCTET_STRING *lkey = NULL, *ckid = NULL; ASN1_TYPE *attrib; ASN1_BMPSTRING *fname = NULL; + ASN1_OCTET_STRING *lkid = NULL; if ((attrib = PKCS12_get_attr (bag, NID_friendlyName))) fname = attrib->value.bmpstring; - if ((attrib = PKCS12_get_attr (bag, NID_localKeyID))) { - lkey = attrib->value.octet_string; - ckid = lkey; - } + if ((attrib = PKCS12_get_attr (bag, NID_localKeyID))) + lkid = attrib->value.octet_string; - /* Check for any local key id matching (if needed) */ - if (lkey && ((*keymatch & MATCH_ALL) != MATCH_ALL)) { - if (*keyid) { - if (M_ASN1_OCTET_STRING_cmp(*keyid, lkey)) lkey = NULL; - } else { - if (!(*keyid = M_ASN1_OCTET_STRING_dup(lkey))) { - PKCS12err(PKCS12_F_PARSE_BAG,ERR_R_MALLOC_FAILURE); - return 0; - } - } - } - switch (M_PKCS12_bag_type(bag)) { case NID_keyBag: - if (!lkey || !pkey) return 1; - if (!(*pkey = EVP_PKCS82PKEY(bag->value.keybag))) return 0; - *keymatch |= MATCH_KEY; + if (!pkey || *pkey) + return 1; + if (!(*pkey = EVP_PKCS82PKEY(bag->value.keybag))) + return 0; break; case NID_pkcs8ShroudedKeyBag: - if (!lkey || !pkey) return 1; + if (!pkey || *pkey) + return 1; if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen))) return 0; *pkey = EVP_PKCS82PKEY(p8); PKCS8_PRIV_KEY_INFO_free(p8); if (!(*pkey)) return 0; - *keymatch |= MATCH_KEY; break; case NID_certBag: if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate ) - return 1; - if (!(x509 = PKCS12_certbag2x509(bag))) return 0; - if(ckid) + return 1; + if (!(x509 = PKCS12_certbag2x509(bag))) + return 0; + if(lkid && !X509_keyid_set1(x509, lkid->data, lkid->length)) { - if (!X509_keyid_set1(x509, ckid->data, ckid->length)) - { - X509_free(x509); - return 0; - } + X509_free(x509); + return 0; } if(fname) { int len, r; @@ -272,20 +280,17 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, } } + if(!sk_X509_push(ocerts, x509)) + { + X509_free(x509); + return 0; + } - if (lkey) { - *keymatch |= MATCH_CERT; - if (cert) *cert = x509; - else X509_free(x509); - } else { - if(ca) sk_X509_push (*ca, x509); - else X509_free(x509); - } break; case NID_safeContentsBag: return parse_bags(bag->value.safes, pass, passlen, - pkey, cert, ca, keyid, keymatch); + pkey, ocerts); break; default: diff --git a/crypto/stack/safestack.h b/crypto/stack/safestack.h index 58597c4479..3f565e9efa 100644 --- a/crypto/stack/safestack.h +++ b/crypto/stack/safestack.h @@ -1967,29 +1967,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void) #define sk_X509_POLICY_NODE_sort(st) SKM_sk_sort(X509_POLICY_NODE, (st)) #define sk_X509_POLICY_NODE_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_NODE, (st)) -#define sk_X509_POLICY_REF_new(cmp) SKM_sk_new(X509_POLICY_REF, (cmp)) -#define sk_X509_POLICY_REF_new_null() SKM_sk_new_null(X509_POLICY_REF) -#define sk_X509_POLICY_REF_free(st) SKM_sk_free(X509_POLICY_REF, (st)) -#define sk_X509_POLICY_REF_num(st) SKM_sk_num(X509_POLICY_REF, (st)) -#define sk_X509_POLICY_REF_value(st, i) SKM_sk_value(X509_POLICY_REF, (st), (i)) -#define sk_X509_POLICY_REF_set(st, i, val) SKM_sk_set(X509_POLICY_REF, (st), (i), (val)) -#define sk_X509_POLICY_REF_zero(st) SKM_sk_zero(X509_POLICY_REF, (st)) -#define sk_X509_POLICY_REF_push(st, val) SKM_sk_push(X509_POLICY_REF, (st), (val)) -#define sk_X509_POLICY_REF_unshift(st, val) SKM_sk_unshift(X509_POLICY_REF, (st), (val)) -#define sk_X509_POLICY_REF_find(st, val) SKM_sk_find(X509_POLICY_REF, (st), (val)) -#define sk_X509_POLICY_REF_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_REF, (st), (val)) -#define sk_X509_POLICY_REF_delete(st, i) SKM_sk_delete(X509_POLICY_REF, (st), (i)) -#define sk_X509_POLICY_REF_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_REF, (st), (ptr)) -#define sk_X509_POLICY_REF_insert(st, val, i) SKM_sk_insert(X509_POLICY_REF, (st), (val), (i)) -#define sk_X509_POLICY_REF_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_REF, (st), (cmp)) -#define sk_X509_POLICY_REF_dup(st) SKM_sk_dup(X509_POLICY_REF, st) -#define sk_X509_POLICY_REF_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_REF, (st), (free_func)) -#define sk_X509_POLICY_REF_free(st) SKM_sk_free(X509_POLICY_REF, (st)) -#define sk_X509_POLICY_REF_shift(st) SKM_sk_shift(X509_POLICY_REF, (st)) -#define sk_X509_POLICY_REF_pop(st) SKM_sk_pop(X509_POLICY_REF, (st)) -#define sk_X509_POLICY_REF_sort(st) SKM_sk_sort(X509_POLICY_REF, (st)) -#define sk_X509_POLICY_REF_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_REF, (st)) - #define sk_X509_PURPOSE_new(cmp) SKM_sk_new(X509_PURPOSE, (cmp)) #define sk_X509_PURPOSE_new_null() SKM_sk_new_null(X509_PURPOSE) #define sk_X509_PURPOSE_free(st) SKM_sk_free(X509_PURPOSE, (st)) diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c index 6dcdf481d9..92f6b24556 100644 --- a/crypto/x509v3/pcy_tree.c +++ b/crypto/x509v3/pcy_tree.c @@ -231,7 +231,7 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, tree->auth_policies = NULL; tree->user_policies = NULL; - if (!tree) + if (!tree->levels) { OPENSSL_free(tree); return 0; diff --git a/demos/pkcs12/pkread.c b/demos/pkcs12/pkread.c index 8e1b686312..02e16cda2a 100644 --- a/demos/pkcs12/pkread.c +++ b/demos/pkcs12/pkread.c @@ -51,7 +51,7 @@ int main(int argc, char **argv) fprintf(fp, "***User Certificate***\n"); PEM_write_X509_AUX(fp, cert); } - if (ca && sk_num(ca)) { + if (ca && sk_X509_num(ca)) { fprintf(fp, "***Other Certificates***\n"); for (i = 0; i < sk_X509_num(ca); i++) PEM_write_X509_AUX(fp, sk_X509_value(ca, i)); diff --git a/doc/apps/x509.pod b/doc/apps/x509.pod index c0c39770ce..04d732dc60 100644 --- a/doc/apps/x509.pod +++ b/doc/apps/x509.pod @@ -23,6 +23,7 @@ B B [B<-issuer>] [B<-nameopt option>] [B<-email>] +[B<-ocsp_uri>] [B<-startdate>] [B<-enddate>] [B<-purpose>] @@ -176,6 +177,10 @@ set multiple options. See the B section for more information. outputs the email address(es) if any. +=item B<-ocsp_uri> + +outputs the OCSP responder address(es) if any. + =item B<-startdate> prints out the start date of the certificate, that is the notBefore date. diff --git a/engines/ccgost/Makefile b/engines/ccgost/Makefile index 8959165b65..61077b551a 100644 --- a/engines/ccgost/Makefile +++ b/engines/ccgost/Makefile @@ -55,7 +55,7 @@ install: esac; \ cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/$${pfx}$(LIBNAME)$$sfx.new; \ else \ - sfx="so"; \ + sfx=".so"; \ cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/$${pfx}$(LIBNAME)$$sfx.new; \ fi; \ chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/$${pfx}$(LIBNAME)$$sfx.new; \ diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c index f4e9df9810..f569d4beac 100644 --- a/ssl/d1_clnt.c +++ b/ssl/d1_clnt.c @@ -425,8 +425,6 @@ int dtls1_connect(SSL *s) s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A; } s->init_num=0; - /* mark client_random uninitialized */ - memset (s->s3->client_random,0,sizeof(s->s3->client_random)); break; case SSL3_ST_CR_FINISHED_A: diff --git a/test/Makefile b/test/Makefile index c515d1ac4c..75eb2d902d 100644 --- a/test/Makefile +++ b/test/Makefile @@ -573,7 +573,11 @@ ideatest.o: ../include/openssl/opensslconf.h ideatest.c igetest.o: ../include/openssl/aes.h ../include/openssl/e_os2.h igetest.o: ../include/openssl/opensslconf.h ../include/openssl/ossl_typ.h igetest.o: ../include/openssl/rand.h igetest.c -jpaketest.o: ../include/openssl/opensslconf.h jpaketest.c +jpaketest.o: ../include/openssl/buffer.h ../include/openssl/crypto.h +jpaketest.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h +jpaketest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +jpaketest.o: ../include/openssl/safestack.h ../include/openssl/stack.h +jpaketest.o: ../include/openssl/symhacks.h jpaketest.c md2test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h md2test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h md2test.o: ../include/openssl/evp.h ../include/openssl/md2.h -- 2.25.1