From 55a9a16f1c02837058173c41fa26f36ec3acd22e Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Tue, 12 May 2015 10:27:53 +0100 Subject: [PATCH] Remove Kerberos support from libssl Remove RFC2712 Kerberos support from libssl. This code and the associated standard is no longer considered fit-for-purpose. Reviewed-by: Rich Salz --- apps/Makefile | 332 +++--- crypto/evp/e_des3.c | 28 - include/openssl/kssl.h | 197 ---- include/openssl/ssl.h | 46 +- include/openssl/ssl3.h | 35 - ssl/Makefile | 1253 ++++++++++----------- ssl/d1_clnt.c | 3 - ssl/d1_srvr.c | 12 +- ssl/install-ssl.com | 2 +- ssl/kssl.c | 2252 -------------------------------------- ssl/kssl_lcl.h | 88 -- ssl/record/ssl3_record.c | 33 - ssl/s3_clnt.c | 212 +--- ssl/s3_lib.c | 241 ---- ssl/s3_srvr.c | 218 +--- ssl/ssl-lib.com | 2 +- ssl/ssl_asn1.c | 22 - ssl/ssl_ciph.c | 39 +- ssl/ssl_err.c | 11 - ssl/ssl_lib.c | 17 - ssl/ssl_locl.h | 13 - ssl/ssl_sess.c | 14 - ssl/ssl_txt.c | 12 - ssl/t1_enc.c | 67 +- ssl/t1_lib.c | 6 - ssl/t1_trce.c | 4 - test/Makefile | 34 +- test/ssltest.c | 15 - util/indent.pro | 2 - util/mkdef.pl | 1 - util/ssleay.num | 34 +- 31 files changed, 839 insertions(+), 4406 deletions(-) delete mode 100644 include/openssl/kssl.h delete mode 100644 ssl/kssl.c delete mode 100644 ssl/kssl_lcl.h diff --git a/apps/Makefile b/apps/Makefile index 14a9fdba49..9952b3d1f0 100644 --- a/apps/Makefile +++ b/apps/Makefile @@ -183,21 +183,20 @@ apps.o: ../include/openssl/e_os2.h ../include/openssl/ec.h apps.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h apps.o: ../include/openssl/engine.h ../include/openssl/err.h apps.o: ../include/openssl/evp.h ../include/openssl/hmac.h -apps.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -apps.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -apps.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h -apps.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -apps.o: ../include/openssl/pem.h ../include/openssl/pem2.h -apps.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h -apps.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -apps.o: ../include/openssl/sha.h ../include/openssl/srtp.h -apps.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -apps.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -apps.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -apps.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -apps.o: ../include/openssl/ui.h ../include/openssl/x509.h -apps.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.c apps.h -apps.o: progs.h +apps.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +apps.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +apps.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +apps.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +apps.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h +apps.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h +apps.o: ../include/openssl/safestack.h ../include/openssl/sha.h +apps.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +apps.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +apps.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +apps.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +apps.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +apps.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +apps.o: ../include/openssl/x509v3.h apps.c apps.h progs.h asn1pars.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h asn1pars.o: ../include/openssl/buffer.h ../include/openssl/conf.h asn1pars.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h @@ -237,20 +236,19 @@ ciphers.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h ciphers.o: ../include/openssl/ec.h ../include/openssl/ecdh.h ciphers.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h ciphers.o: ../include/openssl/err.h ../include/openssl/evp.h -ciphers.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -ciphers.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -ciphers.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -ciphers.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ciphers.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -ciphers.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ciphers.o: ../include/openssl/safestack.h ../include/openssl/sha.h -ciphers.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -ciphers.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -ciphers.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ciphers.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ciphers.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -ciphers.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h -ciphers.o: ciphers.c progs.h +ciphers.o: ../include/openssl/hmac.h ../include/openssl/lhash.h +ciphers.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +ciphers.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +ciphers.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ciphers.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ciphers.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h +ciphers.o: ../include/openssl/sha.h ../include/openssl/srtp.h +ciphers.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +ciphers.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +ciphers.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ciphers.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h +ciphers.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +ciphers.o: ../include/openssl/x509v3.h apps.h ciphers.c progs.h cms.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h cms.o: ../include/openssl/buffer.h ../include/openssl/cms.h cms.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -422,20 +420,19 @@ engine.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h engine.o: ../include/openssl/ec.h ../include/openssl/ecdh.h engine.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h engine.o: ../include/openssl/err.h ../include/openssl/evp.h -engine.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -engine.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -engine.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -engine.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -engine.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -engine.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -engine.o: ../include/openssl/safestack.h ../include/openssl/sha.h -engine.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -engine.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -engine.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -engine.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -engine.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -engine.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h -engine.o: engine.c progs.h +engine.o: ../include/openssl/hmac.h ../include/openssl/lhash.h +engine.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +engine.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +engine.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +engine.o: ../include/openssl/pem.h ../include/openssl/pem2.h +engine.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h +engine.o: ../include/openssl/sha.h ../include/openssl/srtp.h +engine.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +engine.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +engine.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +engine.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h +engine.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +engine.o: ../include/openssl/x509v3.h apps.h engine.c progs.h errstr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h errstr.o: ../include/openssl/buffer.h ../include/openssl/comp.h errstr.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -443,20 +440,19 @@ errstr.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h errstr.o: ../include/openssl/ec.h ../include/openssl/ecdh.h errstr.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h errstr.o: ../include/openssl/err.h ../include/openssl/evp.h -errstr.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -errstr.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -errstr.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -errstr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -errstr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -errstr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -errstr.o: ../include/openssl/safestack.h ../include/openssl/sha.h -errstr.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -errstr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -errstr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -errstr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -errstr.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -errstr.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h -errstr.o: errstr.c progs.h +errstr.o: ../include/openssl/hmac.h ../include/openssl/lhash.h +errstr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +errstr.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +errstr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +errstr.o: ../include/openssl/pem.h ../include/openssl/pem2.h +errstr.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h +errstr.o: ../include/openssl/sha.h ../include/openssl/srtp.h +errstr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +errstr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +errstr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +errstr.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h +errstr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +errstr.o: ../include/openssl/x509v3.h apps.h errstr.c progs.h gendsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h gendsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h gendsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -531,19 +527,19 @@ ocsp.o: ../include/openssl/e_os2.h ../include/openssl/ec.h ocsp.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h ocsp.o: ../include/openssl/engine.h ../include/openssl/err.h ocsp.o: ../include/openssl/evp.h ../include/openssl/hmac.h -ocsp.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -ocsp.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -ocsp.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h -ocsp.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -ocsp.o: ../include/openssl/pem.h ../include/openssl/pem2.h -ocsp.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h -ocsp.o: ../include/openssl/sha.h ../include/openssl/srtp.h -ocsp.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -ocsp.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -ocsp.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ocsp.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -ocsp.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -ocsp.o: ../include/openssl/x509v3.h apps.h ocsp.c progs.h +ocsp.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +ocsp.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +ocsp.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +ocsp.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +ocsp.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +ocsp.o: ../include/openssl/safestack.h ../include/openssl/sha.h +ocsp.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +ocsp.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +ocsp.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +ocsp.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +ocsp.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +ocsp.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ocsp.c +ocsp.o: progs.h openssl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h openssl.o: ../include/openssl/buffer.h ../include/openssl/comp.h openssl.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -551,20 +547,20 @@ openssl.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h openssl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h openssl.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h openssl.o: ../include/openssl/err.h ../include/openssl/evp.h -openssl.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -openssl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -openssl.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -openssl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -openssl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -openssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -openssl.o: ../include/openssl/rand.h ../include/openssl/safestack.h -openssl.o: ../include/openssl/sha.h ../include/openssl/srtp.h -openssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -openssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -openssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -openssl.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -openssl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -openssl.o: ../include/openssl/x509v3.h apps.h openssl.c progs.h s_apps.h +openssl.o: ../include/openssl/hmac.h ../include/openssl/lhash.h +openssl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +openssl.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +openssl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +openssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h +openssl.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +openssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h +openssl.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +openssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +openssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +openssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +openssl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +openssl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +openssl.o: openssl.c progs.h s_apps.h opt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h opt.o: ../include/openssl/buffer.h ../include/openssl/conf.h opt.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h @@ -779,20 +775,20 @@ s_cb.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h s_cb.o: ../include/openssl/ec.h ../include/openssl/ecdh.h s_cb.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h s_cb.o: ../include/openssl/err.h ../include/openssl/evp.h -s_cb.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -s_cb.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -s_cb.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -s_cb.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s_cb.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s_cb.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s_cb.o: ../include/openssl/rand.h ../include/openssl/safestack.h -s_cb.o: ../include/openssl/sha.h ../include/openssl/srtp.h -s_cb.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s_cb.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s_cb.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s_cb.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -s_cb.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -s_cb.o: ../include/openssl/x509v3.h apps.h progs.h s_apps.h s_cb.c +s_cb.o: ../include/openssl/hmac.h ../include/openssl/lhash.h +s_cb.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s_cb.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +s_cb.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s_cb.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s_cb.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +s_cb.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s_cb.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +s_cb.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s_cb.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s_cb.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s_cb.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +s_cb.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +s_cb.o: progs.h s_apps.h s_cb.c s_client.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s_client.o: ../include/openssl/bn.h ../include/openssl/buffer.h s_client.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -801,21 +797,20 @@ s_client.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s_client.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s_client.o: ../include/openssl/engine.h ../include/openssl/err.h s_client.o: ../include/openssl/evp.h ../include/openssl/hmac.h -s_client.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s_client.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s_client.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h -s_client.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -s_client.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s_client.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -s_client.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s_client.o: ../include/openssl/srp.h ../include/openssl/srtp.h -s_client.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s_client.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s_client.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s_client.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -s_client.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -s_client.o: ../include/openssl/x509v3.h apps.h progs.h s_apps.h s_client.c -s_client.o: timeouts.h +s_client.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +s_client.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +s_client.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s_client.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +s_client.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +s_client.o: ../include/openssl/rand.h ../include/openssl/safestack.h +s_client.o: ../include/openssl/sha.h ../include/openssl/srp.h +s_client.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +s_client.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s_client.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s_client.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s_client.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +s_client.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +s_client.o: progs.h s_apps.h s_client.c timeouts.h s_server.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s_server.o: ../include/openssl/bn.h ../include/openssl/buffer.h s_server.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -824,22 +819,21 @@ s_server.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h s_server.o: ../include/openssl/ec.h ../include/openssl/ecdh.h s_server.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h s_server.o: ../include/openssl/err.h ../include/openssl/evp.h -s_server.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -s_server.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -s_server.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -s_server.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s_server.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s_server.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s_server.o: ../include/openssl/rand.h ../include/openssl/rsa.h -s_server.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s_server.o: ../include/openssl/srp.h ../include/openssl/srtp.h -s_server.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s_server.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s_server.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s_server.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -s_server.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -s_server.o: ../include/openssl/x509v3.h apps.h progs.h s_apps.h s_server.c -s_server.o: timeouts.h +s_server.o: ../include/openssl/hmac.h ../include/openssl/lhash.h +s_server.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s_server.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +s_server.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s_server.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s_server.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +s_server.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +s_server.o: ../include/openssl/sha.h ../include/openssl/srp.h +s_server.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +s_server.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s_server.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s_server.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s_server.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +s_server.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +s_server.o: progs.h s_apps.h s_server.c timeouts.h s_socket.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s_socket.o: ../include/openssl/buffer.h ../include/openssl/comp.h s_socket.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -847,19 +841,19 @@ s_socket.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h s_socket.o: ../include/openssl/ec.h ../include/openssl/ecdh.h s_socket.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h s_socket.o: ../include/openssl/evp.h ../include/openssl/hmac.h -s_socket.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s_socket.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s_socket.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h -s_socket.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -s_socket.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s_socket.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h -s_socket.o: ../include/openssl/sha.h ../include/openssl/srtp.h -s_socket.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s_socket.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s_socket.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s_socket.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -s_socket.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -s_socket.o: ../include/openssl/x509v3.h apps.h progs.h s_apps.h s_socket.c +s_socket.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +s_socket.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +s_socket.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s_socket.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +s_socket.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +s_socket.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s_socket.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +s_socket.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s_socket.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s_socket.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s_socket.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +s_socket.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +s_socket.o: progs.h s_apps.h s_socket.c s_time.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s_time.o: ../include/openssl/buffer.h ../include/openssl/comp.h s_time.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -867,20 +861,19 @@ s_time.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h s_time.o: ../include/openssl/ec.h ../include/openssl/ecdh.h s_time.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h s_time.o: ../include/openssl/err.h ../include/openssl/evp.h -s_time.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -s_time.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -s_time.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -s_time.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s_time.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s_time.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s_time.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s_time.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -s_time.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s_time.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s_time.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s_time.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -s_time.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h -s_time.o: progs.h s_apps.h s_time.c +s_time.o: ../include/openssl/hmac.h ../include/openssl/lhash.h +s_time.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s_time.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +s_time.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s_time.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s_time.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h +s_time.o: ../include/openssl/sha.h ../include/openssl/srtp.h +s_time.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s_time.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s_time.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s_time.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h +s_time.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +s_time.o: ../include/openssl/x509v3.h apps.h progs.h s_apps.h s_time.c sess_id.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h sess_id.o: ../include/openssl/buffer.h ../include/openssl/comp.h sess_id.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -888,20 +881,19 @@ sess_id.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h sess_id.o: ../include/openssl/ec.h ../include/openssl/ecdh.h sess_id.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h sess_id.o: ../include/openssl/err.h ../include/openssl/evp.h -sess_id.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -sess_id.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -sess_id.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -sess_id.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -sess_id.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -sess_id.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -sess_id.o: ../include/openssl/safestack.h ../include/openssl/sha.h -sess_id.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -sess_id.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -sess_id.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -sess_id.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -sess_id.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -sess_id.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h -sess_id.o: progs.h sess_id.c +sess_id.o: ../include/openssl/hmac.h ../include/openssl/lhash.h +sess_id.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +sess_id.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +sess_id.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +sess_id.o: ../include/openssl/pem.h ../include/openssl/pem2.h +sess_id.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h +sess_id.o: ../include/openssl/sha.h ../include/openssl/srtp.h +sess_id.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +sess_id.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +sess_id.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +sess_id.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h +sess_id.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +sess_id.o: ../include/openssl/x509v3.h apps.h progs.h sess_id.c smime.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h smime.o: ../include/openssl/buffer.h ../include/openssl/conf.h smime.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c index c720242af7..3340308f15 100644 --- a/crypto/evp/e_des3.c +++ b/crypto/evp/e_des3.c @@ -146,17 +146,6 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, { DES_EDE_KEY *dat = data(ctx); -# ifdef KSSL_DEBUG - { - int i; - fprintf(stderr, "des_ede_cbc_cipher(ctx=%p, buflen=%d)\n", ctx, - ctx->buf_len); - fprintf(stderr, "\t iv= "); - for (i = 0; i < 8; i++) - fprintf(stderr, "%02X", ctx->iv[i]); - fprintf(stderr, "\n"); - } -# endif /* KSSL_DEBUG */ if (dat->stream.cbc) { (*dat->stream.cbc) (in, out, inl, &dat->ks, ctx->iv); return 1; @@ -298,23 +287,6 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, DES_cblock *deskey = (DES_cblock *)key; DES_EDE_KEY *dat = data(ctx); -# ifdef KSSL_DEBUG - { - int i; - fprintf(stderr, "des_ede3_init_key(ctx=%p)\n", ctx); - fprintf(stderr, "\tKEY= "); - for (i = 0; i < 24; i++) - fprintf(stderr, "%02X", key[i]); - fprintf(stderr, "\n"); - if (iv) { - fprintf(stderr, "\t IV= "); - for (i = 0; i < 8; i++) - fprintf(stderr, "%02X", iv[i]); - fprintf(stderr, "\n"); - } - } -# endif /* KSSL_DEBUG */ - dat->stream.cbc = NULL; # if defined(SPARC_DES_CAPABLE) if (SPARC_DES_CAPABLE) { diff --git a/include/openssl/kssl.h b/include/openssl/kssl.h deleted file mode 100644 index 9a57672801..0000000000 --- a/include/openssl/kssl.h +++ /dev/null @@ -1,197 +0,0 @@ -/* ssl/kssl.h -*- mode: C; c-file-style: "eay" -*- */ -/* - * Written by Vern Staats for the OpenSSL project - * 2000. project 2000. - */ -/* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -/* - ** 19990701 VRS Started. - */ - -#ifndef KSSL_H -# define KSSL_H - -# include - -# ifndef OPENSSL_NO_KRB5 - -# include -# include -# include -# ifdef OPENSSL_SYS_WIN32 -/* - * These can sometimes get redefined indirectly by krb5 header files after - * they get undefed in ossl_typ.h - */ -# undef X509_NAME -# undef X509_EXTENSIONS -# undef OCSP_REQUEST -# undef OCSP_RESPONSE -# endif - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * Depending on which KRB5 implementation used, some types from - * the other may be missing. Resolve that here and now - */ -# ifdef KRB5_HEIMDAL -typedef unsigned char krb5_octet; -# define FAR -# else - -# ifndef FAR -# define FAR -# endif - -# endif - -/*- - * Uncomment this to debug kssl problems or - * to trace usage of the Kerberos session key - * - * #define KSSL_DEBUG - */ - -# ifndef KRB5SVC -# define KRB5SVC "host" -# endif - -# ifndef KRB5KEYTAB -# define KRB5KEYTAB "/etc/krb5.keytab" -# endif - -# ifndef KRB5SENDAUTH -# define KRB5SENDAUTH 1 -# endif - -# ifndef KRB5CHECKAUTH -# define KRB5CHECKAUTH 1 -# endif - -# ifndef KSSL_CLOCKSKEW -# define KSSL_CLOCKSKEW 300; -# endif - -# define KSSL_ERR_MAX 255 -typedef struct kssl_err_st { - int reason; - char text[KSSL_ERR_MAX + 1]; -} KSSL_ERR; - -/*- Context for passing - * (1) Kerberos session key to SSL, and - * (2) Config data between application and SSL lib - */ -typedef struct kssl_ctx_st { - /* used by: disposition: */ - char *service_name; /* C,S default ok (kssl) */ - char *service_host; /* C input, REQUIRED */ - char *client_princ; /* S output from krb5 ticket */ - char *keytab_file; /* S NULL (/etc/krb5.keytab) */ - char *cred_cache; /* C NULL (default) */ - krb5_enctype enctype; - int length; - krb5_octet FAR *key; -} KSSL_CTX; - -# define KSSL_CLIENT 1 -# define KSSL_SERVER 2 -# define KSSL_SERVICE 3 -# define KSSL_KEYTAB 4 - -# define KSSL_CTX_OK 0 -# define KSSL_CTX_ERR 1 -# define KSSL_NOMEM 2 - -/* Public (for use by applications that use OpenSSL with Kerberos 5 support */ -krb5_error_code kssl_ctx_setstring(KSSL_CTX *kssl_ctx, int which, char *text); -KSSL_CTX *kssl_ctx_new(void); -KSSL_CTX *kssl_ctx_free(KSSL_CTX *kssl_ctx); -void kssl_ctx_show(KSSL_CTX *kssl_ctx); -krb5_error_code kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which, - krb5_data *realm, krb5_data *entity, - int nentities); -krb5_error_code kssl_cget_tkt(KSSL_CTX *kssl_ctx, krb5_data **enc_tktp, - krb5_data *authenp, KSSL_ERR *kssl_err); -krb5_error_code kssl_sget_tkt(KSSL_CTX *kssl_ctx, krb5_data *indata, - krb5_ticket_times *ttimes, KSSL_ERR *kssl_err); -krb5_error_code kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session); -void kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text); -void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data); -krb5_error_code kssl_build_principal_2(krb5_context context, - krb5_principal *princ, int rlen, - const char *realm, int slen, - const char *svc, int hlen, - const char *host); -krb5_error_code kssl_validate_times(krb5_timestamp atime, - krb5_ticket_times *ttimes); -krb5_error_code kssl_check_authent(KSSL_CTX *kssl_ctx, krb5_data *authentp, - krb5_timestamp *atimep, - KSSL_ERR *kssl_err); -unsigned char *kssl_skip_confound(krb5_enctype enctype, unsigned char *authn); - -void SSL_set0_kssl_ctx(SSL *s, KSSL_CTX *kctx); -KSSL_CTX *SSL_get0_kssl_ctx(SSL *s); -char *kssl_ctx_get0_client_princ(KSSL_CTX *kctx); - -#ifdef __cplusplus -} -#endif -# endif /* OPENSSL_NO_KRB5 */ -#endif /* KSSL_H */ diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index e8c2e6cc1f..27e44cc20f 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -156,7 +156,6 @@ # include # include -# include # include # include @@ -171,35 +170,6 @@ extern "C" { */ # define SSL_SESSION_ASN1_VERSION 0x0001 -/* text strings for the ciphers */ - -/* - * VRS Additional Kerberos5 entries - */ -# define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA -# define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA -# define SSL_TXT_KRB5_RC4_128_SHA SSL3_TXT_KRB5_RC4_128_SHA -# define SSL_TXT_KRB5_IDEA_128_CBC_SHA SSL3_TXT_KRB5_IDEA_128_CBC_SHA -# define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5 -# define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5 -# define SSL_TXT_KRB5_RC4_128_MD5 SSL3_TXT_KRB5_RC4_128_MD5 -# define SSL_TXT_KRB5_IDEA_128_CBC_MD5 SSL3_TXT_KRB5_IDEA_128_CBC_MD5 - -# define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA -# define SSL_TXT_KRB5_RC2_40_CBC_SHA SSL3_TXT_KRB5_RC2_40_CBC_SHA -# define SSL_TXT_KRB5_RC4_40_SHA SSL3_TXT_KRB5_RC4_40_SHA -# define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5 -# define SSL_TXT_KRB5_RC2_40_CBC_MD5 SSL3_TXT_KRB5_RC2_40_CBC_MD5 -# define SSL_TXT_KRB5_RC4_40_MD5 SSL3_TXT_KRB5_RC4_40_MD5 - -# define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA -# define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5 -# define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA -# define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5 -# define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA -# define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5 -# define SSL_MAX_KRB5_PRINCIPAL_LENGTH 256 - # define SSL_MAX_SSL_SESSION_ID_LENGTH 32 # define SSL_MAX_SID_CTX_LENGTH 32 @@ -207,6 +177,8 @@ extern "C" { # define SSL_MAX_KEY_ARG_LENGTH 8 # define SSL_MAX_MASTER_KEY_LENGTH 48 +/* text strings for the ciphers */ + /* These are used to specify which ciphers to use and not to use */ # define SSL_TXT_EXP40 "EXPORT40" @@ -226,7 +198,6 @@ extern "C" { # define SSL_TXT_kDH "kDH" # define SSL_TXT_kEDH "kEDH"/* alias for kDHE */ # define SSL_TXT_kDHE "kDHE" -# define SSL_TXT_kKRB5 "kKRB5" # define SSL_TXT_kECDHr "kECDHr" # define SSL_TXT_kECDHe "kECDHe" # define SSL_TXT_kECDH "kECDH" @@ -240,7 +211,6 @@ extern "C" { # define SSL_TXT_aDSS "aDSS" # define SSL_TXT_aDH "aDH" # define SSL_TXT_aECDH "aECDH" -# define SSL_TXT_aKRB5 "aKRB5" # define SSL_TXT_aECDSA "aECDSA" # define SSL_TXT_aPSK "aPSK" # define SSL_TXT_aGOST94 "aGOST94" @@ -259,7 +229,6 @@ extern "C" { # define SSL_TXT_ECDHE "ECDHE"/* same as "kECDHE:-AECDH" */ # define SSL_TXT_AECDH "AECDH" # define SSL_TXT_ECDSA "ECDSA" -# define SSL_TXT_KRB5 "KRB5" # define SSL_TXT_PSK "PSK" # define SSL_TXT_SRP "SRP" @@ -2238,17 +2207,6 @@ void ERR_load_SSL_strings(void); # define SSL_R_INVALID_STATUS_RESPONSE 328 # define SSL_R_INVALID_TICKET_KEYS_LENGTH 325 # define SSL_R_INVALID_TRUST 279 -# define SSL_R_KRB5 285 -# define SSL_R_KRB5_C_CC_PRINC 286 -# define SSL_R_KRB5_C_GET_CRED 287 -# define SSL_R_KRB5_C_INIT 288 -# define SSL_R_KRB5_C_MK_REQ 289 -# define SSL_R_KRB5_S_BAD_TICKET 290 -# define SSL_R_KRB5_S_INIT 291 -# define SSL_R_KRB5_S_RD_REQ 292 -# define SSL_R_KRB5_S_TKT_EXPIRED 293 -# define SSL_R_KRB5_S_TKT_NYV 294 -# define SSL_R_KRB5_S_TKT_SKEW 295 # define SSL_R_LENGTH_MISMATCH 159 # define SSL_R_LENGTH_TOO_SHORT 160 # define SSL_R_LIBRARY_BUG 274 diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h index 7d16d70de5..66bc8c6e85 100644 --- a/include/openssl/ssl3.h +++ b/include/openssl/ssl3.h @@ -177,25 +177,6 @@ extern "C" { # define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A # define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B -/* - * VRS Additional Kerberos5 entries - */ -# define SSL3_CK_KRB5_DES_64_CBC_SHA 0x0300001E -# define SSL3_CK_KRB5_DES_192_CBC3_SHA 0x0300001F -# define SSL3_CK_KRB5_RC4_128_SHA 0x03000020 -# define SSL3_CK_KRB5_IDEA_128_CBC_SHA 0x03000021 -# define SSL3_CK_KRB5_DES_64_CBC_MD5 0x03000022 -# define SSL3_CK_KRB5_DES_192_CBC3_MD5 0x03000023 -# define SSL3_CK_KRB5_RC4_128_MD5 0x03000024 -# define SSL3_CK_KRB5_IDEA_128_CBC_MD5 0x03000025 - -# define SSL3_CK_KRB5_DES_40_CBC_SHA 0x03000026 -# define SSL3_CK_KRB5_RC2_40_CBC_SHA 0x03000027 -# define SSL3_CK_KRB5_RC4_40_SHA 0x03000028 -# define SSL3_CK_KRB5_DES_40_CBC_MD5 0x03000029 -# define SSL3_CK_KRB5_RC2_40_CBC_MD5 0x0300002A -# define SSL3_CK_KRB5_RC4_40_MD5 0x0300002B - # define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5" # define SSL3_TXT_RSA_NULL_SHA "NULL-SHA" # define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5" @@ -239,22 +220,6 @@ extern "C" { # define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA" # define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA" -# define SSL3_TXT_KRB5_DES_64_CBC_SHA "KRB5-DES-CBC-SHA" -# define SSL3_TXT_KRB5_DES_192_CBC3_SHA "KRB5-DES-CBC3-SHA" -# define SSL3_TXT_KRB5_RC4_128_SHA "KRB5-RC4-SHA" -# define SSL3_TXT_KRB5_IDEA_128_CBC_SHA "KRB5-IDEA-CBC-SHA" -# define SSL3_TXT_KRB5_DES_64_CBC_MD5 "KRB5-DES-CBC-MD5" -# define SSL3_TXT_KRB5_DES_192_CBC3_MD5 "KRB5-DES-CBC3-MD5" -# define SSL3_TXT_KRB5_RC4_128_MD5 "KRB5-RC4-MD5" -# define SSL3_TXT_KRB5_IDEA_128_CBC_MD5 "KRB5-IDEA-CBC-MD5" - -# define SSL3_TXT_KRB5_DES_40_CBC_SHA "EXP-KRB5-DES-CBC-SHA" -# define SSL3_TXT_KRB5_RC2_40_CBC_SHA "EXP-KRB5-RC2-CBC-SHA" -# define SSL3_TXT_KRB5_RC4_40_SHA "EXP-KRB5-RC4-SHA" -# define SSL3_TXT_KRB5_DES_40_CBC_MD5 "EXP-KRB5-DES-CBC-MD5" -# define SSL3_TXT_KRB5_RC2_40_CBC_MD5 "EXP-KRB5-RC2-CBC-MD5" -# define SSL3_TXT_KRB5_RC4_40_MD5 "EXP-KRB5-RC4-MD5" - # define SSL3_SSL_SESSION_ID_LENGTH 32 # define SSL3_MAX_SSL_SESSION_ID_LENGTH 32 diff --git a/ssl/Makefile b/ssl/Makefile index 86f50777a3..18b17d27b5 100644 --- a/ssl/Makefile +++ b/ssl/Makefile @@ -5,12 +5,10 @@ DIR= ssl TOP= .. CC= cc -INCLUDES= -I../crypto -I$(TOP) -I../include $(KRB5_INCLUDES) +INCLUDES= -I../crypto -I$(TOP) -I../include CFLAG=-g MAKEFILE= Makefile AR= ar r -# KRB5 stuff -KRB5_INCLUDES= CFLAGS= $(INCLUDES) $(CFLAG) @@ -28,7 +26,7 @@ LIBSRC= \ ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c \ ssl_ciph.c ssl_stat.c ssl_rsa.c \ ssl_asn1.c ssl_txt.c ssl_algs.c ssl_conf.c \ - bio_ssl.c ssl_err.c kssl.c t1_reneg.c tls_srp.c t1_trce.c ssl_utst.c \ + bio_ssl.c ssl_err.c t1_reneg.c tls_srp.c t1_trce.c ssl_utst.c \ record/ssl3_buffer.c record/ssl3_record.c record/dtls1_bitmap.c LIBOBJ= \ s3_meth.o s3_srvr.o s3_clnt.o s3_lib.o s3_enc.o record/rec_layer_s3.o \ @@ -40,12 +38,12 @@ LIBOBJ= \ ssl_lib.o ssl_err2.o ssl_cert.o ssl_sess.o \ ssl_ciph.o ssl_stat.o ssl_rsa.o \ ssl_asn1.o ssl_txt.o ssl_algs.o ssl_conf.o \ - bio_ssl.o ssl_err.o kssl.o t1_reneg.o tls_srp.o t1_trce.o ssl_utst.o \ + bio_ssl.o ssl_err.o t1_reneg.o tls_srp.o t1_trce.o ssl_utst.o \ record/ssl3_buffer.o record/ssl3_record.o record/dtls1_bitmap.o SRC= $(LIBSRC) -HEADER= ssl_locl.h kssl_lcl.h record/record_locl.h record/record.h +HEADER= ssl_locl.h record/record_locl.h record/record.h ALL= $(GENERAL) $(SRC) $(HEADER) @@ -100,19 +98,18 @@ bio_ssl.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h bio_ssl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h bio_ssl.o: ../include/openssl/ecdsa.h ../include/openssl/err.h bio_ssl.o: ../include/openssl/evp.h ../include/openssl/hmac.h -bio_ssl.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -bio_ssl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -bio_ssl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -bio_ssl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -bio_ssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -bio_ssl.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -bio_ssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h -bio_ssl.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -bio_ssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -bio_ssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -bio_ssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -bio_ssl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h bio_ssl.c -bio_ssl.o: record/record.h ssl_locl.h +bio_ssl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +bio_ssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +bio_ssl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +bio_ssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h +bio_ssl.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +bio_ssl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +bio_ssl.o: ../include/openssl/sha.h ../include/openssl/srtp.h +bio_ssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +bio_ssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +bio_ssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +bio_ssl.o: ../include/openssl/tls1.h ../include/openssl/x509.h +bio_ssl.o: ../include/openssl/x509_vfy.h bio_ssl.c record/record.h ssl_locl.h d1_both.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h d1_both.o: ../include/openssl/buffer.h ../include/openssl/comp.h d1_both.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -120,19 +117,19 @@ d1_both.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h d1_both.o: ../include/openssl/ec.h ../include/openssl/ecdh.h d1_both.o: ../include/openssl/ecdsa.h ../include/openssl/err.h d1_both.o: ../include/openssl/evp.h ../include/openssl/hmac.h -d1_both.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -d1_both.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -d1_both.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -d1_both.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -d1_both.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -d1_both.o: ../include/openssl/pqueue.h ../include/openssl/rand.h -d1_both.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -d1_both.o: ../include/openssl/sha.h ../include/openssl/srtp.h -d1_both.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -d1_both.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -d1_both.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -d1_both.o: ../include/openssl/tls1.h ../include/openssl/x509.h -d1_both.o: ../include/openssl/x509_vfy.h d1_both.c record/record.h ssl_locl.h +d1_both.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +d1_both.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +d1_both.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +d1_both.o: ../include/openssl/pem.h ../include/openssl/pem2.h +d1_both.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +d1_both.o: ../include/openssl/rand.h ../include/openssl/rsa.h +d1_both.o: ../include/openssl/safestack.h ../include/openssl/sha.h +d1_both.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +d1_both.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +d1_both.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +d1_both.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +d1_both.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_both.c +d1_both.o: record/record.h ssl_locl.h d1_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h d1_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h d1_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -141,20 +138,19 @@ d1_clnt.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h d1_clnt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h d1_clnt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h d1_clnt.o: ../include/openssl/evp.h ../include/openssl/hmac.h -d1_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -d1_clnt.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h -d1_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -d1_clnt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -d1_clnt.o: ../include/openssl/pem.h ../include/openssl/pem2.h -d1_clnt.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h -d1_clnt.o: ../include/openssl/rand.h ../include/openssl/rsa.h -d1_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h -d1_clnt.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -d1_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -d1_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -d1_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -d1_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_clnt.c -d1_clnt.o: kssl_lcl.h record/record.h ssl_locl.h +d1_clnt.o: ../include/openssl/lhash.h ../include/openssl/md5.h +d1_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +d1_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +d1_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +d1_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +d1_clnt.o: ../include/openssl/pqueue.h ../include/openssl/rand.h +d1_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +d1_clnt.o: ../include/openssl/sha.h ../include/openssl/srtp.h +d1_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +d1_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +d1_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +d1_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h +d1_clnt.o: ../include/openssl/x509_vfy.h d1_clnt.c record/record.h ssl_locl.h d1_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h d1_lib.o: ../include/openssl/buffer.h ../include/openssl/comp.h d1_lib.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -162,19 +158,18 @@ d1_lib.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h d1_lib.o: ../include/openssl/ec.h ../include/openssl/ecdh.h d1_lib.o: ../include/openssl/ecdsa.h ../include/openssl/err.h d1_lib.o: ../include/openssl/evp.h ../include/openssl/hmac.h -d1_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -d1_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -d1_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -d1_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -d1_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -d1_lib.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -d1_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h -d1_lib.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -d1_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -d1_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -d1_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -d1_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_lib.c -d1_lib.o: record/record.h ssl_locl.h +d1_lib.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +d1_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +d1_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +d1_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h +d1_lib.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +d1_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +d1_lib.o: ../include/openssl/sha.h ../include/openssl/srtp.h +d1_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +d1_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +d1_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +d1_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h +d1_lib.o: ../include/openssl/x509_vfy.h d1_lib.c record/record.h ssl_locl.h d1_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h d1_meth.o: ../include/openssl/buffer.h ../include/openssl/comp.h d1_meth.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -182,19 +177,18 @@ d1_meth.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h d1_meth.o: ../include/openssl/ec.h ../include/openssl/ecdh.h d1_meth.o: ../include/openssl/ecdsa.h ../include/openssl/err.h d1_meth.o: ../include/openssl/evp.h ../include/openssl/hmac.h -d1_meth.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -d1_meth.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -d1_meth.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -d1_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -d1_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -d1_meth.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -d1_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h -d1_meth.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -d1_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -d1_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -d1_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -d1_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_meth.c -d1_meth.o: record/record.h ssl_locl.h +d1_meth.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +d1_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +d1_meth.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +d1_meth.o: ../include/openssl/pem.h ../include/openssl/pem2.h +d1_meth.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +d1_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +d1_meth.o: ../include/openssl/sha.h ../include/openssl/srtp.h +d1_meth.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +d1_meth.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +d1_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +d1_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h +d1_meth.o: ../include/openssl/x509_vfy.h d1_meth.c record/record.h ssl_locl.h d1_msg.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h d1_msg.o: ../include/openssl/buffer.h ../include/openssl/comp.h d1_msg.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -202,19 +196,18 @@ d1_msg.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h d1_msg.o: ../include/openssl/ec.h ../include/openssl/ecdh.h d1_msg.o: ../include/openssl/ecdsa.h ../include/openssl/err.h d1_msg.o: ../include/openssl/evp.h ../include/openssl/hmac.h -d1_msg.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -d1_msg.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -d1_msg.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -d1_msg.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -d1_msg.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -d1_msg.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -d1_msg.o: ../include/openssl/safestack.h ../include/openssl/sha.h -d1_msg.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -d1_msg.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -d1_msg.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -d1_msg.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -d1_msg.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_msg.c -d1_msg.o: record/record.h ssl_locl.h +d1_msg.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +d1_msg.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +d1_msg.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +d1_msg.o: ../include/openssl/pem.h ../include/openssl/pem2.h +d1_msg.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +d1_msg.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +d1_msg.o: ../include/openssl/sha.h ../include/openssl/srtp.h +d1_msg.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +d1_msg.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +d1_msg.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +d1_msg.o: ../include/openssl/tls1.h ../include/openssl/x509.h +d1_msg.o: ../include/openssl/x509_vfy.h d1_msg.c record/record.h ssl_locl.h d1_srtp.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h d1_srtp.o: ../include/openssl/buffer.h ../include/openssl/comp.h d1_srtp.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -222,19 +215,18 @@ d1_srtp.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h d1_srtp.o: ../include/openssl/ec.h ../include/openssl/ecdh.h d1_srtp.o: ../include/openssl/ecdsa.h ../include/openssl/err.h d1_srtp.o: ../include/openssl/evp.h ../include/openssl/hmac.h -d1_srtp.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -d1_srtp.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -d1_srtp.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -d1_srtp.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -d1_srtp.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -d1_srtp.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -d1_srtp.o: ../include/openssl/safestack.h ../include/openssl/sha.h -d1_srtp.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -d1_srtp.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -d1_srtp.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -d1_srtp.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -d1_srtp.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_srtp.c -d1_srtp.o: record/record.h ssl_locl.h +d1_srtp.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +d1_srtp.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +d1_srtp.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +d1_srtp.o: ../include/openssl/pem.h ../include/openssl/pem2.h +d1_srtp.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +d1_srtp.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +d1_srtp.o: ../include/openssl/sha.h ../include/openssl/srtp.h +d1_srtp.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +d1_srtp.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +d1_srtp.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +d1_srtp.o: ../include/openssl/tls1.h ../include/openssl/x509.h +d1_srtp.o: ../include/openssl/x509_vfy.h d1_srtp.c record/record.h ssl_locl.h d1_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h d1_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h d1_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -243,20 +235,19 @@ d1_srvr.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h d1_srvr.o: ../include/openssl/ec.h ../include/openssl/ecdh.h d1_srvr.o: ../include/openssl/ecdsa.h ../include/openssl/err.h d1_srvr.o: ../include/openssl/evp.h ../include/openssl/hmac.h -d1_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -d1_srvr.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h -d1_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -d1_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -d1_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h -d1_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h -d1_srvr.o: ../include/openssl/rand.h ../include/openssl/rsa.h -d1_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h -d1_srvr.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -d1_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -d1_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -d1_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -d1_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_srvr.c -d1_srvr.o: record/record.h ssl_locl.h +d1_srvr.o: ../include/openssl/lhash.h ../include/openssl/md5.h +d1_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +d1_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +d1_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +d1_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +d1_srvr.o: ../include/openssl/pqueue.h ../include/openssl/rand.h +d1_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +d1_srvr.o: ../include/openssl/sha.h ../include/openssl/srtp.h +d1_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +d1_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +d1_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +d1_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h +d1_srvr.o: ../include/openssl/x509_vfy.h d1_srvr.c record/record.h ssl_locl.h dtls1_bitmap.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h dtls1_bitmap.o: ../include/openssl/buffer.h ../include/openssl/comp.h dtls1_bitmap.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -264,41 +255,20 @@ dtls1_bitmap.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h dtls1_bitmap.o: ../include/openssl/ec.h ../include/openssl/ecdh.h dtls1_bitmap.o: ../include/openssl/ecdsa.h ../include/openssl/err.h dtls1_bitmap.o: ../include/openssl/evp.h ../include/openssl/hmac.h -dtls1_bitmap.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -dtls1_bitmap.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -dtls1_bitmap.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -dtls1_bitmap.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -dtls1_bitmap.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -dtls1_bitmap.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -dtls1_bitmap.o: ../include/openssl/safestack.h ../include/openssl/sha.h -dtls1_bitmap.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -dtls1_bitmap.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -dtls1_bitmap.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -dtls1_bitmap.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -dtls1_bitmap.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -dtls1_bitmap.o: dtls1_bitmap.c record/../record/record.h record/../ssl_locl.h +dtls1_bitmap.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +dtls1_bitmap.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +dtls1_bitmap.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +dtls1_bitmap.o: ../include/openssl/pem.h ../include/openssl/pem2.h +dtls1_bitmap.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +dtls1_bitmap.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +dtls1_bitmap.o: ../include/openssl/sha.h ../include/openssl/srtp.h +dtls1_bitmap.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +dtls1_bitmap.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +dtls1_bitmap.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +dtls1_bitmap.o: ../include/openssl/tls1.h ../include/openssl/x509.h +dtls1_bitmap.o: ../include/openssl/x509_vfy.h dtls1_bitmap.c +dtls1_bitmap.o: record/../record/record.h record/../ssl_locl.h dtls1_bitmap.o: record/dtls1_bitmap.c record/record_locl.h -kssl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -kssl.o: ../include/openssl/buffer.h ../include/openssl/comp.h -kssl.o: ../include/openssl/crypto.h ../include/openssl/dsa.h -kssl.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h -kssl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h -kssl.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -kssl.o: ../include/openssl/evp.h ../include/openssl/hmac.h -kssl.o: ../include/openssl/krb5_asn.h ../include/openssl/kssl.h -kssl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -kssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -kssl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -kssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h -kssl.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h -kssl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -kssl.o: ../include/openssl/sha.h ../include/openssl/srtp.h -kssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -kssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -kssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -kssl.o: ../include/openssl/tls1.h ../include/openssl/x509.h -kssl.o: ../include/openssl/x509_vfy.h kssl.c kssl_lcl.h record/record.h -kssl.o: ssl_locl.h rec_layer_d1.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h rec_layer_d1.o: ../include/openssl/buffer.h ../include/openssl/comp.h rec_layer_d1.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -306,20 +276,19 @@ rec_layer_d1.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h rec_layer_d1.o: ../include/openssl/ec.h ../include/openssl/ecdh.h rec_layer_d1.o: ../include/openssl/ecdsa.h ../include/openssl/err.h rec_layer_d1.o: ../include/openssl/evp.h ../include/openssl/hmac.h -rec_layer_d1.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -rec_layer_d1.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -rec_layer_d1.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -rec_layer_d1.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -rec_layer_d1.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -rec_layer_d1.o: ../include/openssl/pqueue.h ../include/openssl/rand.h -rec_layer_d1.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -rec_layer_d1.o: ../include/openssl/sha.h ../include/openssl/srtp.h -rec_layer_d1.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -rec_layer_d1.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -rec_layer_d1.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -rec_layer_d1.o: ../include/openssl/tls1.h ../include/openssl/x509.h -rec_layer_d1.o: ../include/openssl/x509_vfy.h rec_layer_d1.c -rec_layer_d1.o: record/../record/record.h record/../ssl_locl.h +rec_layer_d1.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +rec_layer_d1.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +rec_layer_d1.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +rec_layer_d1.o: ../include/openssl/pem.h ../include/openssl/pem2.h +rec_layer_d1.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +rec_layer_d1.o: ../include/openssl/rand.h ../include/openssl/rsa.h +rec_layer_d1.o: ../include/openssl/safestack.h ../include/openssl/sha.h +rec_layer_d1.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +rec_layer_d1.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +rec_layer_d1.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +rec_layer_d1.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +rec_layer_d1.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +rec_layer_d1.o: rec_layer_d1.c record/../record/record.h record/../ssl_locl.h rec_layer_d1.o: record/rec_layer_d1.c record/record_locl.h rec_layer_s23.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h rec_layer_s23.o: ../include/openssl/buffer.h ../include/openssl/comp.h @@ -328,19 +297,19 @@ rec_layer_s23.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h rec_layer_s23.o: ../include/openssl/ec.h ../include/openssl/ecdh.h rec_layer_s23.o: ../include/openssl/ecdsa.h ../include/openssl/err.h rec_layer_s23.o: ../include/openssl/evp.h ../include/openssl/hmac.h -rec_layer_s23.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -rec_layer_s23.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -rec_layer_s23.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -rec_layer_s23.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -rec_layer_s23.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -rec_layer_s23.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -rec_layer_s23.o: ../include/openssl/safestack.h ../include/openssl/sha.h -rec_layer_s23.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -rec_layer_s23.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -rec_layer_s23.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -rec_layer_s23.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -rec_layer_s23.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -rec_layer_s23.o: rec_layer_s23.c record/../record/record.h record/../ssl_locl.h +rec_layer_s23.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +rec_layer_s23.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +rec_layer_s23.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +rec_layer_s23.o: ../include/openssl/pem.h ../include/openssl/pem2.h +rec_layer_s23.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +rec_layer_s23.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +rec_layer_s23.o: ../include/openssl/sha.h ../include/openssl/srtp.h +rec_layer_s23.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +rec_layer_s23.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +rec_layer_s23.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +rec_layer_s23.o: ../include/openssl/tls1.h ../include/openssl/x509.h +rec_layer_s23.o: ../include/openssl/x509_vfy.h rec_layer_s23.c +rec_layer_s23.o: record/../record/record.h record/../ssl_locl.h rec_layer_s23.o: record/rec_layer_s23.c rec_layer_s3.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h rec_layer_s3.o: ../include/openssl/buffer.h ../include/openssl/comp.h @@ -349,20 +318,19 @@ rec_layer_s3.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h rec_layer_s3.o: ../include/openssl/ec.h ../include/openssl/ecdh.h rec_layer_s3.o: ../include/openssl/ecdsa.h ../include/openssl/err.h rec_layer_s3.o: ../include/openssl/evp.h ../include/openssl/hmac.h -rec_layer_s3.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -rec_layer_s3.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -rec_layer_s3.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -rec_layer_s3.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -rec_layer_s3.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -rec_layer_s3.o: ../include/openssl/pqueue.h ../include/openssl/rand.h -rec_layer_s3.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -rec_layer_s3.o: ../include/openssl/sha.h ../include/openssl/srtp.h -rec_layer_s3.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -rec_layer_s3.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -rec_layer_s3.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -rec_layer_s3.o: ../include/openssl/tls1.h ../include/openssl/x509.h -rec_layer_s3.o: ../include/openssl/x509_vfy.h rec_layer_s3.c -rec_layer_s3.o: record/../record/record.h record/../ssl_locl.h +rec_layer_s3.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +rec_layer_s3.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +rec_layer_s3.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +rec_layer_s3.o: ../include/openssl/pem.h ../include/openssl/pem2.h +rec_layer_s3.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +rec_layer_s3.o: ../include/openssl/rand.h ../include/openssl/rsa.h +rec_layer_s3.o: ../include/openssl/safestack.h ../include/openssl/sha.h +rec_layer_s3.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +rec_layer_s3.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +rec_layer_s3.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +rec_layer_s3.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +rec_layer_s3.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +rec_layer_s3.o: rec_layer_s3.c record/../record/record.h record/../ssl_locl.h rec_layer_s3.o: record/rec_layer_s3.c record/record_locl.h s23_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s23_clnt.o: ../include/openssl/buffer.h ../include/openssl/comp.h @@ -371,19 +339,19 @@ s23_clnt.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h s23_clnt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h s23_clnt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h s23_clnt.o: ../include/openssl/evp.h ../include/openssl/hmac.h -s23_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s23_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s23_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s23_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s23_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s23_clnt.o: ../include/openssl/pqueue.h ../include/openssl/rand.h -s23_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s23_clnt.o: ../include/openssl/sha.h ../include/openssl/srtp.h -s23_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s23_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s23_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s23_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h -s23_clnt.o: ../include/openssl/x509_vfy.h record/record.h s23_clnt.c ssl_locl.h +s23_clnt.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +s23_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s23_clnt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s23_clnt.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s23_clnt.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +s23_clnt.o: ../include/openssl/rand.h ../include/openssl/rsa.h +s23_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s23_clnt.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +s23_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s23_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s23_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s23_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +s23_clnt.o: record/record.h s23_clnt.c ssl_locl.h s23_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s23_lib.o: ../include/openssl/buffer.h ../include/openssl/comp.h s23_lib.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -391,19 +359,18 @@ s23_lib.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h s23_lib.o: ../include/openssl/ec.h ../include/openssl/ecdh.h s23_lib.o: ../include/openssl/ecdsa.h ../include/openssl/err.h s23_lib.o: ../include/openssl/evp.h ../include/openssl/hmac.h -s23_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s23_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s23_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s23_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s23_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s23_lib.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -s23_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s23_lib.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -s23_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s23_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s23_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s23_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -s23_lib.o: record/record.h s23_lib.c ssl_locl.h +s23_lib.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +s23_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s23_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s23_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s23_lib.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +s23_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +s23_lib.o: ../include/openssl/sha.h ../include/openssl/srtp.h +s23_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s23_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s23_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s23_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h +s23_lib.o: ../include/openssl/x509_vfy.h record/record.h s23_lib.c ssl_locl.h s23_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s23_meth.o: ../include/openssl/buffer.h ../include/openssl/comp.h s23_meth.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -411,19 +378,18 @@ s23_meth.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h s23_meth.o: ../include/openssl/ec.h ../include/openssl/ecdh.h s23_meth.o: ../include/openssl/ecdsa.h ../include/openssl/err.h s23_meth.o: ../include/openssl/evp.h ../include/openssl/hmac.h -s23_meth.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s23_meth.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s23_meth.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s23_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s23_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s23_meth.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -s23_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s23_meth.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -s23_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s23_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s23_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s23_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -s23_meth.o: record/record.h s23_meth.c ssl_locl.h +s23_meth.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +s23_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s23_meth.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s23_meth.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s23_meth.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +s23_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +s23_meth.o: ../include/openssl/sha.h ../include/openssl/srtp.h +s23_meth.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s23_meth.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s23_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s23_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h +s23_meth.o: ../include/openssl/x509_vfy.h record/record.h s23_meth.c ssl_locl.h s23_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s23_srvr.o: ../include/openssl/buffer.h ../include/openssl/comp.h s23_srvr.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -431,19 +397,19 @@ s23_srvr.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h s23_srvr.o: ../include/openssl/ec.h ../include/openssl/ecdh.h s23_srvr.o: ../include/openssl/ecdsa.h ../include/openssl/err.h s23_srvr.o: ../include/openssl/evp.h ../include/openssl/hmac.h -s23_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s23_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s23_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s23_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s23_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s23_srvr.o: ../include/openssl/pqueue.h ../include/openssl/rand.h -s23_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s23_srvr.o: ../include/openssl/sha.h ../include/openssl/srtp.h -s23_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s23_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s23_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s23_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h -s23_srvr.o: ../include/openssl/x509_vfy.h record/record.h s23_srvr.c ssl_locl.h +s23_srvr.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +s23_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s23_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s23_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s23_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +s23_srvr.o: ../include/openssl/rand.h ../include/openssl/rsa.h +s23_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s23_srvr.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +s23_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s23_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s23_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s23_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +s23_srvr.o: record/record.h s23_srvr.c ssl_locl.h s3_both.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s3_both.o: ../include/openssl/buffer.h ../include/openssl/comp.h s3_both.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -451,19 +417,19 @@ s3_both.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h s3_both.o: ../include/openssl/ec.h ../include/openssl/ecdh.h s3_both.o: ../include/openssl/ecdsa.h ../include/openssl/err.h s3_both.o: ../include/openssl/evp.h ../include/openssl/hmac.h -s3_both.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s3_both.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s3_both.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s3_both.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s3_both.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s3_both.o: ../include/openssl/pqueue.h ../include/openssl/rand.h -s3_both.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s3_both.o: ../include/openssl/sha.h ../include/openssl/srtp.h -s3_both.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s3_both.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s3_both.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s3_both.o: ../include/openssl/tls1.h ../include/openssl/x509.h -s3_both.o: ../include/openssl/x509_vfy.h record/record.h s3_both.c ssl_locl.h +s3_both.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +s3_both.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s3_both.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s3_both.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s3_both.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +s3_both.o: ../include/openssl/rand.h ../include/openssl/rsa.h +s3_both.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s3_both.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +s3_both.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s3_both.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s3_both.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s3_both.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +s3_both.o: record/record.h s3_both.c ssl_locl.h s3_cbc.o: ../crypto/constant_time_locl.h ../e_os.h ../include/openssl/asn1.h s3_cbc.o: ../include/openssl/bio.h ../include/openssl/buffer.h s3_cbc.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -471,20 +437,19 @@ s3_cbc.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h s3_cbc.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s3_cbc.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s3_cbc.o: ../include/openssl/err.h ../include/openssl/evp.h -s3_cbc.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -s3_cbc.o: ../include/openssl/lhash.h ../include/openssl/md5.h -s3_cbc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s3_cbc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s3_cbc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s3_cbc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s3_cbc.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -s3_cbc.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s3_cbc.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -s3_cbc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s3_cbc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s3_cbc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s3_cbc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -s3_cbc.o: record/record.h s3_cbc.c ssl_locl.h +s3_cbc.o: ../include/openssl/hmac.h ../include/openssl/lhash.h +s3_cbc.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h +s3_cbc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s3_cbc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s3_cbc.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s3_cbc.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +s3_cbc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +s3_cbc.o: ../include/openssl/sha.h ../include/openssl/srtp.h +s3_cbc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s3_cbc.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s3_cbc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s3_cbc.o: ../include/openssl/tls1.h ../include/openssl/x509.h +s3_cbc.o: ../include/openssl/x509_vfy.h record/record.h s3_cbc.c ssl_locl.h s3_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s3_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h s3_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -493,21 +458,20 @@ s3_clnt.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h s3_clnt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h s3_clnt.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h s3_clnt.o: ../include/openssl/err.h ../include/openssl/evp.h -s3_clnt.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -s3_clnt.o: ../include/openssl/lhash.h ../include/openssl/md5.h -s3_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s3_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s3_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s3_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s3_clnt.o: ../include/openssl/pqueue.h ../include/openssl/rand.h -s3_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s3_clnt.o: ../include/openssl/sha.h ../include/openssl/srtp.h -s3_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s3_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s3_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s3_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h -s3_clnt.o: ../include/openssl/x509_vfy.h kssl_lcl.h record/record.h s3_clnt.c -s3_clnt.o: ssl_locl.h +s3_clnt.o: ../include/openssl/hmac.h ../include/openssl/lhash.h +s3_clnt.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h +s3_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s3_clnt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s3_clnt.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s3_clnt.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +s3_clnt.o: ../include/openssl/rand.h ../include/openssl/rsa.h +s3_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s3_clnt.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +s3_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s3_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s3_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s3_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +s3_clnt.o: record/record.h s3_clnt.c ssl_locl.h s3_enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s3_enc.o: ../include/openssl/buffer.h ../include/openssl/comp.h s3_enc.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -515,19 +479,19 @@ s3_enc.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h s3_enc.o: ../include/openssl/ec.h ../include/openssl/ecdh.h s3_enc.o: ../include/openssl/ecdsa.h ../include/openssl/err.h s3_enc.o: ../include/openssl/evp.h ../include/openssl/hmac.h -s3_enc.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s3_enc.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h -s3_enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s3_enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -s3_enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s3_enc.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h -s3_enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s3_enc.o: ../include/openssl/sha.h ../include/openssl/srtp.h -s3_enc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s3_enc.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s3_enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s3_enc.o: ../include/openssl/tls1.h ../include/openssl/x509.h -s3_enc.o: ../include/openssl/x509_vfy.h record/record.h s3_enc.c ssl_locl.h +s3_enc.o: ../include/openssl/lhash.h ../include/openssl/md5.h +s3_enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s3_enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s3_enc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +s3_enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +s3_enc.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h +s3_enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s3_enc.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +s3_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s3_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s3_enc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s3_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +s3_enc.o: record/record.h s3_enc.c ssl_locl.h s3_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s3_lib.o: ../include/openssl/buffer.h ../include/openssl/comp.h s3_lib.o: ../include/openssl/crypto.h ../include/openssl/dh.h @@ -535,20 +499,19 @@ s3_lib.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h s3_lib.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s3_lib.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s3_lib.o: ../include/openssl/err.h ../include/openssl/evp.h -s3_lib.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -s3_lib.o: ../include/openssl/lhash.h ../include/openssl/md5.h -s3_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s3_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s3_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s3_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s3_lib.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -s3_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s3_lib.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -s3_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s3_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s3_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s3_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h kssl_lcl.h -s3_lib.o: record/record.h s3_lib.c ssl_locl.h +s3_lib.o: ../include/openssl/hmac.h ../include/openssl/lhash.h +s3_lib.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h +s3_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s3_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s3_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s3_lib.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +s3_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +s3_lib.o: ../include/openssl/sha.h ../include/openssl/srtp.h +s3_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s3_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s3_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s3_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h +s3_lib.o: ../include/openssl/x509_vfy.h record/record.h s3_lib.c ssl_locl.h s3_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s3_meth.o: ../include/openssl/buffer.h ../include/openssl/comp.h s3_meth.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -556,19 +519,18 @@ s3_meth.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h s3_meth.o: ../include/openssl/ec.h ../include/openssl/ecdh.h s3_meth.o: ../include/openssl/ecdsa.h ../include/openssl/err.h s3_meth.o: ../include/openssl/evp.h ../include/openssl/hmac.h -s3_meth.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s3_meth.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s3_meth.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s3_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s3_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s3_meth.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -s3_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s3_meth.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -s3_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s3_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s3_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s3_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -s3_meth.o: record/record.h s3_meth.c ssl_locl.h +s3_meth.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +s3_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s3_meth.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s3_meth.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s3_meth.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +s3_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +s3_meth.o: ../include/openssl/sha.h ../include/openssl/srtp.h +s3_meth.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s3_meth.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s3_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s3_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h +s3_meth.o: ../include/openssl/x509_vfy.h record/record.h s3_meth.c ssl_locl.h s3_msg.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s3_msg.o: ../include/openssl/buffer.h ../include/openssl/comp.h s3_msg.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -576,19 +538,18 @@ s3_msg.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h s3_msg.o: ../include/openssl/ec.h ../include/openssl/ecdh.h s3_msg.o: ../include/openssl/ecdsa.h ../include/openssl/err.h s3_msg.o: ../include/openssl/evp.h ../include/openssl/hmac.h -s3_msg.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s3_msg.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s3_msg.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s3_msg.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s3_msg.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s3_msg.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -s3_msg.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s3_msg.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -s3_msg.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s3_msg.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s3_msg.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s3_msg.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -s3_msg.o: record/record.h s3_msg.c ssl_locl.h +s3_msg.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +s3_msg.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s3_msg.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s3_msg.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s3_msg.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +s3_msg.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +s3_msg.o: ../include/openssl/sha.h ../include/openssl/srtp.h +s3_msg.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s3_msg.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s3_msg.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s3_msg.o: ../include/openssl/tls1.h ../include/openssl/x509.h +s3_msg.o: ../include/openssl/x509_vfy.h record/record.h s3_msg.c ssl_locl.h s3_srvr.o: ../crypto/constant_time_locl.h ../e_os.h ../include/openssl/asn1.h s3_srvr.o: ../include/openssl/bio.h ../include/openssl/bn.h s3_srvr.o: ../include/openssl/buffer.h ../include/openssl/comp.h @@ -597,8 +558,7 @@ s3_srvr.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h s3_srvr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s3_srvr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s3_srvr.o: ../include/openssl/err.h ../include/openssl/evp.h -s3_srvr.o: ../include/openssl/hmac.h ../include/openssl/krb5_asn.h -s3_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s3_srvr.o: ../include/openssl/hmac.h ../include/openssl/lhash.h s3_srvr.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h s3_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h s3_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h @@ -610,7 +570,7 @@ s3_srvr.o: ../include/openssl/srtp.h ../include/openssl/ssl.h s3_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h s3_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h s3_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s3_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h kssl_lcl.h +s3_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s3_srvr.o: record/record.h s3_srvr.c ssl_locl.h ssl3_buffer.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ssl3_buffer.o: ../include/openssl/buffer.h ../include/openssl/comp.h @@ -619,20 +579,20 @@ ssl3_buffer.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h ssl3_buffer.o: ../include/openssl/ec.h ../include/openssl/ecdh.h ssl3_buffer.o: ../include/openssl/ecdsa.h ../include/openssl/err.h ssl3_buffer.o: ../include/openssl/evp.h ../include/openssl/hmac.h -ssl3_buffer.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -ssl3_buffer.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -ssl3_buffer.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ssl3_buffer.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -ssl3_buffer.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ssl3_buffer.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -ssl3_buffer.o: ../include/openssl/safestack.h ../include/openssl/sha.h -ssl3_buffer.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -ssl3_buffer.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -ssl3_buffer.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ssl3_buffer.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ssl3_buffer.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -ssl3_buffer.o: record/../record/record.h record/../ssl_locl.h -ssl3_buffer.o: record/record_locl.h record/ssl3_buffer.c ssl3_buffer.c +ssl3_buffer.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +ssl3_buffer.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +ssl3_buffer.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ssl3_buffer.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ssl3_buffer.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +ssl3_buffer.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +ssl3_buffer.o: ../include/openssl/sha.h ../include/openssl/srtp.h +ssl3_buffer.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +ssl3_buffer.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +ssl3_buffer.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ssl3_buffer.o: ../include/openssl/tls1.h ../include/openssl/x509.h +ssl3_buffer.o: ../include/openssl/x509_vfy.h record/../record/record.h +ssl3_buffer.o: record/../ssl_locl.h record/record_locl.h record/ssl3_buffer.c +ssl3_buffer.o: ssl3_buffer.c ssl3_record.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ssl3_record.o: ../include/openssl/buffer.h ../include/openssl/comp.h ssl3_record.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -640,19 +600,18 @@ ssl3_record.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h ssl3_record.o: ../include/openssl/ec.h ../include/openssl/ecdh.h ssl3_record.o: ../include/openssl/ecdsa.h ../include/openssl/err.h ssl3_record.o: ../include/openssl/evp.h ../include/openssl/hmac.h -ssl3_record.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -ssl3_record.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -ssl3_record.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ssl3_record.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -ssl3_record.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ssl3_record.o: ../include/openssl/pqueue.h ../include/openssl/rand.h -ssl3_record.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -ssl3_record.o: ../include/openssl/sha.h ../include/openssl/srtp.h -ssl3_record.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -ssl3_record.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -ssl3_record.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ssl3_record.o: ../include/openssl/tls1.h ../include/openssl/x509.h -ssl3_record.o: ../include/openssl/x509_vfy.h +ssl3_record.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +ssl3_record.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +ssl3_record.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ssl3_record.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ssl3_record.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +ssl3_record.o: ../include/openssl/rand.h ../include/openssl/rsa.h +ssl3_record.o: ../include/openssl/safestack.h ../include/openssl/sha.h +ssl3_record.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +ssl3_record.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +ssl3_record.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +ssl3_record.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +ssl3_record.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl3_record.o: record/../../crypto/constant_time_locl.h ssl3_record.o: record/../record/record.h record/../ssl_locl.h ssl3_record.o: record/record_locl.h record/ssl3_record.c ssl3_record.c @@ -663,19 +622,18 @@ ssl_algs.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h ssl_algs.o: ../include/openssl/ec.h ../include/openssl/ecdh.h ssl_algs.o: ../include/openssl/ecdsa.h ../include/openssl/err.h ssl_algs.o: ../include/openssl/evp.h ../include/openssl/hmac.h -ssl_algs.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -ssl_algs.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -ssl_algs.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ssl_algs.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -ssl_algs.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ssl_algs.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -ssl_algs.o: ../include/openssl/safestack.h ../include/openssl/sha.h -ssl_algs.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -ssl_algs.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -ssl_algs.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ssl_algs.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ssl_algs.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -ssl_algs.o: record/record.h ssl_algs.c ssl_locl.h +ssl_algs.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +ssl_algs.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +ssl_algs.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ssl_algs.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ssl_algs.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +ssl_algs.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +ssl_algs.o: ../include/openssl/sha.h ../include/openssl/srtp.h +ssl_algs.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +ssl_algs.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +ssl_algs.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ssl_algs.o: ../include/openssl/tls1.h ../include/openssl/x509.h +ssl_algs.o: ../include/openssl/x509_vfy.h record/record.h ssl_algs.c ssl_locl.h ssl_asn1.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h ssl_asn1.o: ../include/openssl/bio.h ../include/openssl/buffer.h ssl_asn1.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -683,19 +641,19 @@ ssl_asn1.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h ssl_asn1.o: ../include/openssl/e_os2.h ../include/openssl/ec.h ssl_asn1.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h ssl_asn1.o: ../include/openssl/err.h ../include/openssl/evp.h -ssl_asn1.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -ssl_asn1.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -ssl_asn1.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -ssl_asn1.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -ssl_asn1.o: ../include/openssl/pem.h ../include/openssl/pem2.h -ssl_asn1.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h -ssl_asn1.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -ssl_asn1.o: ../include/openssl/sha.h ../include/openssl/srtp.h -ssl_asn1.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -ssl_asn1.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -ssl_asn1.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ssl_asn1.o: ../include/openssl/tls1.h ../include/openssl/x509.h -ssl_asn1.o: ../include/openssl/x509_vfy.h record/record.h ssl_asn1.c ssl_locl.h +ssl_asn1.o: ../include/openssl/hmac.h ../include/openssl/lhash.h +ssl_asn1.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +ssl_asn1.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +ssl_asn1.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +ssl_asn1.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +ssl_asn1.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h +ssl_asn1.o: ../include/openssl/safestack.h ../include/openssl/sha.h +ssl_asn1.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +ssl_asn1.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +ssl_asn1.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +ssl_asn1.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +ssl_asn1.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +ssl_asn1.o: record/record.h ssl_asn1.c ssl_locl.h ssl_cert.o: ../crypto/o_dir.h ../e_os.h ../include/openssl/asn1.h ssl_cert.o: ../include/openssl/bio.h ../include/openssl/bn.h ssl_cert.o: ../include/openssl/buffer.h ../include/openssl/comp.h @@ -705,19 +663,19 @@ ssl_cert.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h ssl_cert.o: ../include/openssl/ec.h ../include/openssl/ecdh.h ssl_cert.o: ../include/openssl/ecdsa.h ../include/openssl/err.h ssl_cert.o: ../include/openssl/evp.h ../include/openssl/hmac.h -ssl_cert.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -ssl_cert.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -ssl_cert.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ssl_cert.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -ssl_cert.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ssl_cert.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -ssl_cert.o: ../include/openssl/safestack.h ../include/openssl/sha.h -ssl_cert.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -ssl_cert.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -ssl_cert.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ssl_cert.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ssl_cert.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -ssl_cert.o: ../include/openssl/x509v3.h record/record.h ssl_cert.c ssl_locl.h +ssl_cert.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +ssl_cert.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +ssl_cert.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ssl_cert.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ssl_cert.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +ssl_cert.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +ssl_cert.o: ../include/openssl/sha.h ../include/openssl/srtp.h +ssl_cert.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +ssl_cert.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +ssl_cert.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ssl_cert.o: ../include/openssl/tls1.h ../include/openssl/x509.h +ssl_cert.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h +ssl_cert.o: record/record.h ssl_cert.c ssl_locl.h ssl_ciph.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ssl_ciph.o: ../include/openssl/buffer.h ../include/openssl/comp.h ssl_ciph.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -725,19 +683,19 @@ ssl_ciph.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h ssl_ciph.o: ../include/openssl/ec.h ../include/openssl/ecdh.h ssl_ciph.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h ssl_ciph.o: ../include/openssl/err.h ../include/openssl/evp.h -ssl_ciph.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -ssl_ciph.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -ssl_ciph.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -ssl_ciph.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -ssl_ciph.o: ../include/openssl/pem.h ../include/openssl/pem2.h -ssl_ciph.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h -ssl_ciph.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -ssl_ciph.o: ../include/openssl/sha.h ../include/openssl/srtp.h -ssl_ciph.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -ssl_ciph.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -ssl_ciph.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ssl_ciph.o: ../include/openssl/tls1.h ../include/openssl/x509.h -ssl_ciph.o: ../include/openssl/x509_vfy.h record/record.h ssl_ciph.c ssl_locl.h +ssl_ciph.o: ../include/openssl/hmac.h ../include/openssl/lhash.h +ssl_ciph.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +ssl_ciph.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +ssl_ciph.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +ssl_ciph.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +ssl_ciph.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h +ssl_ciph.o: ../include/openssl/safestack.h ../include/openssl/sha.h +ssl_ciph.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +ssl_ciph.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +ssl_ciph.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +ssl_ciph.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +ssl_ciph.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +ssl_ciph.o: record/record.h ssl_ciph.c ssl_locl.h ssl_conf.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ssl_conf.o: ../include/openssl/buffer.h ../include/openssl/comp.h ssl_conf.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -746,55 +704,52 @@ ssl_conf.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h ssl_conf.o: ../include/openssl/ec.h ../include/openssl/ecdh.h ssl_conf.o: ../include/openssl/ecdsa.h ../include/openssl/err.h ssl_conf.o: ../include/openssl/evp.h ../include/openssl/hmac.h -ssl_conf.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -ssl_conf.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -ssl_conf.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ssl_conf.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -ssl_conf.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ssl_conf.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -ssl_conf.o: ../include/openssl/safestack.h ../include/openssl/sha.h -ssl_conf.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -ssl_conf.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -ssl_conf.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ssl_conf.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ssl_conf.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -ssl_conf.o: record/record.h ssl_conf.c ssl_locl.h +ssl_conf.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +ssl_conf.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +ssl_conf.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ssl_conf.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ssl_conf.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +ssl_conf.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +ssl_conf.o: ../include/openssl/sha.h ../include/openssl/srtp.h +ssl_conf.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +ssl_conf.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +ssl_conf.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ssl_conf.o: ../include/openssl/tls1.h ../include/openssl/x509.h +ssl_conf.o: ../include/openssl/x509_vfy.h record/record.h ssl_conf.c ssl_locl.h ssl_err.o: ../include/openssl/asn1.h ../include/openssl/bio.h ssl_err.o: ../include/openssl/buffer.h ../include/openssl/comp.h ssl_err.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h ssl_err.o: ../include/openssl/e_os2.h ../include/openssl/ec.h ssl_err.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h ssl_err.o: ../include/openssl/err.h ../include/openssl/evp.h -ssl_err.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -ssl_err.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -ssl_err.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -ssl_err.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -ssl_err.o: ../include/openssl/pem.h ../include/openssl/pem2.h -ssl_err.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h -ssl_err.o: ../include/openssl/sha.h ../include/openssl/srtp.h -ssl_err.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -ssl_err.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -ssl_err.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ssl_err.o: ../include/openssl/tls1.h ../include/openssl/x509.h -ssl_err.o: ../include/openssl/x509_vfy.h ssl_err.c +ssl_err.o: ../include/openssl/hmac.h ../include/openssl/lhash.h +ssl_err.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +ssl_err.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +ssl_err.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +ssl_err.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +ssl_err.o: ../include/openssl/safestack.h ../include/openssl/sha.h +ssl_err.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +ssl_err.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +ssl_err.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +ssl_err.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +ssl_err.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_err.c ssl_err2.o: ../include/openssl/asn1.h ../include/openssl/bio.h ssl_err2.o: ../include/openssl/buffer.h ../include/openssl/comp.h ssl_err2.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h ssl_err2.o: ../include/openssl/e_os2.h ../include/openssl/ec.h ssl_err2.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h ssl_err2.o: ../include/openssl/err.h ../include/openssl/evp.h -ssl_err2.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -ssl_err2.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -ssl_err2.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -ssl_err2.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -ssl_err2.o: ../include/openssl/pem.h ../include/openssl/pem2.h -ssl_err2.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h -ssl_err2.o: ../include/openssl/sha.h ../include/openssl/srtp.h -ssl_err2.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -ssl_err2.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -ssl_err2.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ssl_err2.o: ../include/openssl/tls1.h ../include/openssl/x509.h -ssl_err2.o: ../include/openssl/x509_vfy.h ssl_err2.c +ssl_err2.o: ../include/openssl/hmac.h ../include/openssl/lhash.h +ssl_err2.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +ssl_err2.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +ssl_err2.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +ssl_err2.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +ssl_err2.o: ../include/openssl/safestack.h ../include/openssl/sha.h +ssl_err2.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +ssl_err2.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +ssl_err2.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +ssl_err2.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +ssl_err2.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_err2.c ssl_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ssl_lib.o: ../include/openssl/buffer.h ../include/openssl/comp.h ssl_lib.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -803,21 +758,20 @@ ssl_lib.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h ssl_lib.o: ../include/openssl/ec.h ../include/openssl/ecdh.h ssl_lib.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h ssl_lib.o: ../include/openssl/err.h ../include/openssl/evp.h -ssl_lib.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -ssl_lib.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -ssl_lib.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -ssl_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ssl_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -ssl_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ssl_lib.o: ../include/openssl/pqueue.h ../include/openssl/rand.h -ssl_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -ssl_lib.o: ../include/openssl/sha.h ../include/openssl/srtp.h -ssl_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -ssl_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -ssl_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ssl_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h -ssl_lib.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h kssl_lcl.h -ssl_lib.o: record/record.h ssl_lib.c ssl_locl.h +ssl_lib.o: ../include/openssl/hmac.h ../include/openssl/lhash.h +ssl_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +ssl_lib.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +ssl_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ssl_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ssl_lib.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +ssl_lib.o: ../include/openssl/rand.h ../include/openssl/rsa.h +ssl_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h +ssl_lib.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +ssl_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +ssl_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +ssl_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +ssl_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +ssl_lib.o: ../include/openssl/x509v3.h record/record.h ssl_lib.c ssl_locl.h ssl_rsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ssl_rsa.o: ../include/openssl/buffer.h ../include/openssl/comp.h ssl_rsa.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -825,19 +779,18 @@ ssl_rsa.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h ssl_rsa.o: ../include/openssl/ec.h ../include/openssl/ecdh.h ssl_rsa.o: ../include/openssl/ecdsa.h ../include/openssl/err.h ssl_rsa.o: ../include/openssl/evp.h ../include/openssl/hmac.h -ssl_rsa.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -ssl_rsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -ssl_rsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ssl_rsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -ssl_rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ssl_rsa.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -ssl_rsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h -ssl_rsa.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -ssl_rsa.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -ssl_rsa.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ssl_rsa.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ssl_rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -ssl_rsa.o: record/record.h ssl_locl.h ssl_rsa.c +ssl_rsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +ssl_rsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +ssl_rsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ssl_rsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ssl_rsa.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +ssl_rsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +ssl_rsa.o: ../include/openssl/sha.h ../include/openssl/srtp.h +ssl_rsa.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +ssl_rsa.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +ssl_rsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ssl_rsa.o: ../include/openssl/tls1.h ../include/openssl/x509.h +ssl_rsa.o: ../include/openssl/x509_vfy.h record/record.h ssl_locl.h ssl_rsa.c ssl_sess.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ssl_sess.o: ../include/openssl/buffer.h ../include/openssl/comp.h ssl_sess.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -845,20 +798,19 @@ ssl_sess.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h ssl_sess.o: ../include/openssl/ec.h ../include/openssl/ecdh.h ssl_sess.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h ssl_sess.o: ../include/openssl/err.h ../include/openssl/evp.h -ssl_sess.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -ssl_sess.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -ssl_sess.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -ssl_sess.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -ssl_sess.o: ../include/openssl/pem.h ../include/openssl/pem2.h -ssl_sess.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h -ssl_sess.o: ../include/openssl/rand.h ../include/openssl/rsa.h -ssl_sess.o: ../include/openssl/safestack.h ../include/openssl/sha.h -ssl_sess.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -ssl_sess.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -ssl_sess.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ssl_sess.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ssl_sess.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -ssl_sess.o: record/record.h ssl_locl.h ssl_sess.c +ssl_sess.o: ../include/openssl/hmac.h ../include/openssl/lhash.h +ssl_sess.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +ssl_sess.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +ssl_sess.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +ssl_sess.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +ssl_sess.o: ../include/openssl/pqueue.h ../include/openssl/rand.h +ssl_sess.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +ssl_sess.o: ../include/openssl/sha.h ../include/openssl/srtp.h +ssl_sess.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +ssl_sess.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +ssl_sess.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ssl_sess.o: ../include/openssl/tls1.h ../include/openssl/x509.h +ssl_sess.o: ../include/openssl/x509_vfy.h record/record.h ssl_locl.h ssl_sess.c ssl_stat.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ssl_stat.o: ../include/openssl/buffer.h ../include/openssl/comp.h ssl_stat.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -866,19 +818,18 @@ ssl_stat.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h ssl_stat.o: ../include/openssl/ec.h ../include/openssl/ecdh.h ssl_stat.o: ../include/openssl/ecdsa.h ../include/openssl/err.h ssl_stat.o: ../include/openssl/evp.h ../include/openssl/hmac.h -ssl_stat.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -ssl_stat.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -ssl_stat.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ssl_stat.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -ssl_stat.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ssl_stat.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -ssl_stat.o: ../include/openssl/safestack.h ../include/openssl/sha.h -ssl_stat.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -ssl_stat.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -ssl_stat.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ssl_stat.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ssl_stat.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -ssl_stat.o: record/record.h ssl_locl.h ssl_stat.c +ssl_stat.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +ssl_stat.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +ssl_stat.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ssl_stat.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ssl_stat.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +ssl_stat.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +ssl_stat.o: ../include/openssl/sha.h ../include/openssl/srtp.h +ssl_stat.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +ssl_stat.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +ssl_stat.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ssl_stat.o: ../include/openssl/tls1.h ../include/openssl/x509.h +ssl_stat.o: ../include/openssl/x509_vfy.h record/record.h ssl_locl.h ssl_stat.c ssl_txt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ssl_txt.o: ../include/openssl/buffer.h ../include/openssl/comp.h ssl_txt.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -886,19 +837,18 @@ ssl_txt.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h ssl_txt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h ssl_txt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h ssl_txt.o: ../include/openssl/evp.h ../include/openssl/hmac.h -ssl_txt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -ssl_txt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -ssl_txt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ssl_txt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -ssl_txt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ssl_txt.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -ssl_txt.o: ../include/openssl/safestack.h ../include/openssl/sha.h -ssl_txt.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -ssl_txt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -ssl_txt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ssl_txt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ssl_txt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -ssl_txt.o: record/record.h ssl_locl.h ssl_txt.c +ssl_txt.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +ssl_txt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +ssl_txt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ssl_txt.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ssl_txt.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +ssl_txt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +ssl_txt.o: ../include/openssl/sha.h ../include/openssl/srtp.h +ssl_txt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +ssl_txt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +ssl_txt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ssl_txt.o: ../include/openssl/tls1.h ../include/openssl/x509.h +ssl_txt.o: ../include/openssl/x509_vfy.h record/record.h ssl_locl.h ssl_txt.c ssl_utst.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ssl_utst.o: ../include/openssl/buffer.h ../include/openssl/comp.h ssl_utst.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -906,19 +856,18 @@ ssl_utst.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h ssl_utst.o: ../include/openssl/ec.h ../include/openssl/ecdh.h ssl_utst.o: ../include/openssl/ecdsa.h ../include/openssl/err.h ssl_utst.o: ../include/openssl/evp.h ../include/openssl/hmac.h -ssl_utst.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -ssl_utst.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -ssl_utst.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ssl_utst.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -ssl_utst.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ssl_utst.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -ssl_utst.o: ../include/openssl/safestack.h ../include/openssl/sha.h -ssl_utst.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -ssl_utst.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -ssl_utst.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ssl_utst.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ssl_utst.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -ssl_utst.o: record/record.h ssl_locl.h ssl_utst.c +ssl_utst.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +ssl_utst.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +ssl_utst.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ssl_utst.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ssl_utst.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +ssl_utst.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +ssl_utst.o: ../include/openssl/sha.h ../include/openssl/srtp.h +ssl_utst.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +ssl_utst.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +ssl_utst.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ssl_utst.o: ../include/openssl/tls1.h ../include/openssl/x509.h +ssl_utst.o: ../include/openssl/x509_vfy.h record/record.h ssl_locl.h ssl_utst.c t1_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h t1_clnt.o: ../include/openssl/buffer.h ../include/openssl/comp.h t1_clnt.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -926,19 +875,19 @@ t1_clnt.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h t1_clnt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h t1_clnt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h t1_clnt.o: ../include/openssl/evp.h ../include/openssl/hmac.h -t1_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -t1_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -t1_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -t1_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -t1_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -t1_clnt.o: ../include/openssl/pqueue.h ../include/openssl/rand.h -t1_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -t1_clnt.o: ../include/openssl/sha.h ../include/openssl/srtp.h -t1_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -t1_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -t1_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -t1_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h -t1_clnt.o: ../include/openssl/x509_vfy.h record/record.h ssl_locl.h t1_clnt.c +t1_clnt.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +t1_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +t1_clnt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +t1_clnt.o: ../include/openssl/pem.h ../include/openssl/pem2.h +t1_clnt.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +t1_clnt.o: ../include/openssl/rand.h ../include/openssl/rsa.h +t1_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h +t1_clnt.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +t1_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +t1_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +t1_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +t1_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +t1_clnt.o: record/record.h ssl_locl.h t1_clnt.c t1_enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h t1_enc.o: ../include/openssl/buffer.h ../include/openssl/comp.h t1_enc.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -946,20 +895,19 @@ t1_enc.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h t1_enc.o: ../include/openssl/ec.h ../include/openssl/ecdh.h t1_enc.o: ../include/openssl/ecdsa.h ../include/openssl/err.h t1_enc.o: ../include/openssl/evp.h ../include/openssl/hmac.h -t1_enc.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -t1_enc.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h -t1_enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -t1_enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -t1_enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h -t1_enc.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h -t1_enc.o: ../include/openssl/rand.h ../include/openssl/rsa.h -t1_enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h -t1_enc.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -t1_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -t1_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -t1_enc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -t1_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -t1_enc.o: record/record.h ssl_locl.h t1_enc.c +t1_enc.o: ../include/openssl/lhash.h ../include/openssl/md5.h +t1_enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +t1_enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +t1_enc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +t1_enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +t1_enc.o: ../include/openssl/pqueue.h ../include/openssl/rand.h +t1_enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +t1_enc.o: ../include/openssl/sha.h ../include/openssl/srtp.h +t1_enc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +t1_enc.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +t1_enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +t1_enc.o: ../include/openssl/tls1.h ../include/openssl/x509.h +t1_enc.o: ../include/openssl/x509_vfy.h record/record.h ssl_locl.h t1_enc.c t1_ext.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h t1_ext.o: ../include/openssl/buffer.h ../include/openssl/comp.h t1_ext.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -967,19 +915,18 @@ t1_ext.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h t1_ext.o: ../include/openssl/ec.h ../include/openssl/ecdh.h t1_ext.o: ../include/openssl/ecdsa.h ../include/openssl/err.h t1_ext.o: ../include/openssl/evp.h ../include/openssl/hmac.h -t1_ext.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -t1_ext.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -t1_ext.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -t1_ext.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -t1_ext.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -t1_ext.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -t1_ext.o: ../include/openssl/safestack.h ../include/openssl/sha.h -t1_ext.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -t1_ext.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -t1_ext.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -t1_ext.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -t1_ext.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -t1_ext.o: record/record.h ssl_locl.h t1_ext.c +t1_ext.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +t1_ext.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +t1_ext.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +t1_ext.o: ../include/openssl/pem.h ../include/openssl/pem2.h +t1_ext.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +t1_ext.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +t1_ext.o: ../include/openssl/sha.h ../include/openssl/srtp.h +t1_ext.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +t1_ext.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +t1_ext.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +t1_ext.o: ../include/openssl/tls1.h ../include/openssl/x509.h +t1_ext.o: ../include/openssl/x509_vfy.h record/record.h ssl_locl.h t1_ext.c t1_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h t1_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h t1_lib.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -988,21 +935,20 @@ t1_lib.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h t1_lib.o: ../include/openssl/e_os2.h ../include/openssl/ec.h t1_lib.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h t1_lib.o: ../include/openssl/err.h ../include/openssl/evp.h -t1_lib.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -t1_lib.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -t1_lib.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -t1_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -t1_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -t1_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -t1_lib.o: ../include/openssl/pqueue.h ../include/openssl/rand.h -t1_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -t1_lib.o: ../include/openssl/sha.h ../include/openssl/srtp.h -t1_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -t1_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -t1_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -t1_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h -t1_lib.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h -t1_lib.o: record/record.h ssl_locl.h t1_lib.c +t1_lib.o: ../include/openssl/hmac.h ../include/openssl/lhash.h +t1_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +t1_lib.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +t1_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +t1_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h +t1_lib.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +t1_lib.o: ../include/openssl/rand.h ../include/openssl/rsa.h +t1_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h +t1_lib.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +t1_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +t1_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +t1_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +t1_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +t1_lib.o: ../include/openssl/x509v3.h record/record.h ssl_locl.h t1_lib.c t1_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h t1_meth.o: ../include/openssl/buffer.h ../include/openssl/comp.h t1_meth.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -1010,19 +956,18 @@ t1_meth.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h t1_meth.o: ../include/openssl/ec.h ../include/openssl/ecdh.h t1_meth.o: ../include/openssl/ecdsa.h ../include/openssl/err.h t1_meth.o: ../include/openssl/evp.h ../include/openssl/hmac.h -t1_meth.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -t1_meth.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -t1_meth.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -t1_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -t1_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -t1_meth.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -t1_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h -t1_meth.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -t1_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -t1_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -t1_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -t1_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -t1_meth.o: record/record.h ssl_locl.h t1_meth.c +t1_meth.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +t1_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +t1_meth.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +t1_meth.o: ../include/openssl/pem.h ../include/openssl/pem2.h +t1_meth.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +t1_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +t1_meth.o: ../include/openssl/sha.h ../include/openssl/srtp.h +t1_meth.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +t1_meth.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +t1_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +t1_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h +t1_meth.o: ../include/openssl/x509_vfy.h record/record.h ssl_locl.h t1_meth.c t1_reneg.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h t1_reneg.o: ../include/openssl/buffer.h ../include/openssl/comp.h t1_reneg.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -1030,19 +975,18 @@ t1_reneg.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h t1_reneg.o: ../include/openssl/ec.h ../include/openssl/ecdh.h t1_reneg.o: ../include/openssl/ecdsa.h ../include/openssl/err.h t1_reneg.o: ../include/openssl/evp.h ../include/openssl/hmac.h -t1_reneg.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -t1_reneg.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -t1_reneg.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -t1_reneg.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -t1_reneg.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -t1_reneg.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -t1_reneg.o: ../include/openssl/safestack.h ../include/openssl/sha.h -t1_reneg.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -t1_reneg.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -t1_reneg.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -t1_reneg.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -t1_reneg.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -t1_reneg.o: record/record.h ssl_locl.h t1_reneg.c +t1_reneg.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +t1_reneg.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +t1_reneg.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +t1_reneg.o: ../include/openssl/pem.h ../include/openssl/pem2.h +t1_reneg.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +t1_reneg.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +t1_reneg.o: ../include/openssl/sha.h ../include/openssl/srtp.h +t1_reneg.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +t1_reneg.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +t1_reneg.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +t1_reneg.o: ../include/openssl/tls1.h ../include/openssl/x509.h +t1_reneg.o: ../include/openssl/x509_vfy.h record/record.h ssl_locl.h t1_reneg.c t1_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h t1_srvr.o: ../include/openssl/buffer.h ../include/openssl/comp.h t1_srvr.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -1050,19 +994,19 @@ t1_srvr.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h t1_srvr.o: ../include/openssl/ec.h ../include/openssl/ecdh.h t1_srvr.o: ../include/openssl/ecdsa.h ../include/openssl/err.h t1_srvr.o: ../include/openssl/evp.h ../include/openssl/hmac.h -t1_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -t1_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -t1_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -t1_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -t1_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -t1_srvr.o: ../include/openssl/pqueue.h ../include/openssl/rand.h -t1_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -t1_srvr.o: ../include/openssl/sha.h ../include/openssl/srtp.h -t1_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -t1_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -t1_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -t1_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h -t1_srvr.o: ../include/openssl/x509_vfy.h record/record.h ssl_locl.h t1_srvr.c +t1_srvr.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +t1_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +t1_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +t1_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h +t1_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +t1_srvr.o: ../include/openssl/rand.h ../include/openssl/rsa.h +t1_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h +t1_srvr.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +t1_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +t1_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +t1_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +t1_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +t1_srvr.o: record/record.h ssl_locl.h t1_srvr.c t1_trce.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h t1_trce.o: ../include/openssl/buffer.h ../include/openssl/comp.h t1_trce.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -1070,19 +1014,18 @@ t1_trce.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h t1_trce.o: ../include/openssl/ec.h ../include/openssl/ecdh.h t1_trce.o: ../include/openssl/ecdsa.h ../include/openssl/err.h t1_trce.o: ../include/openssl/evp.h ../include/openssl/hmac.h -t1_trce.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -t1_trce.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -t1_trce.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -t1_trce.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -t1_trce.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -t1_trce.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -t1_trce.o: ../include/openssl/safestack.h ../include/openssl/sha.h -t1_trce.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -t1_trce.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -t1_trce.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -t1_trce.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -t1_trce.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -t1_trce.o: record/record.h ssl_locl.h t1_trce.c +t1_trce.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +t1_trce.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +t1_trce.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +t1_trce.o: ../include/openssl/pem.h ../include/openssl/pem2.h +t1_trce.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +t1_trce.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +t1_trce.o: ../include/openssl/sha.h ../include/openssl/srtp.h +t1_trce.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +t1_trce.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +t1_trce.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +t1_trce.o: ../include/openssl/tls1.h ../include/openssl/x509.h +t1_trce.o: ../include/openssl/x509_vfy.h record/record.h ssl_locl.h t1_trce.c tls_srp.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h tls_srp.o: ../include/openssl/bn.h ../include/openssl/buffer.h tls_srp.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -1090,17 +1033,17 @@ tls_srp.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h tls_srp.o: ../include/openssl/e_os2.h ../include/openssl/ec.h tls_srp.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h tls_srp.o: ../include/openssl/err.h ../include/openssl/evp.h -tls_srp.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -tls_srp.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -tls_srp.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -tls_srp.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -tls_srp.o: ../include/openssl/pem.h ../include/openssl/pem2.h -tls_srp.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h -tls_srp.o: ../include/openssl/rand.h ../include/openssl/rsa.h -tls_srp.o: ../include/openssl/safestack.h ../include/openssl/sha.h -tls_srp.o: ../include/openssl/srp.h ../include/openssl/srtp.h -tls_srp.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -tls_srp.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -tls_srp.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -tls_srp.o: ../include/openssl/tls1.h ../include/openssl/x509.h -tls_srp.o: ../include/openssl/x509_vfy.h record/record.h ssl_locl.h tls_srp.c +tls_srp.o: ../include/openssl/hmac.h ../include/openssl/lhash.h +tls_srp.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +tls_srp.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +tls_srp.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +tls_srp.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +tls_srp.o: ../include/openssl/pqueue.h ../include/openssl/rand.h +tls_srp.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +tls_srp.o: ../include/openssl/sha.h ../include/openssl/srp.h +tls_srp.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +tls_srp.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +tls_srp.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +tls_srp.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +tls_srp.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +tls_srp.o: record/record.h ssl_locl.h tls_srp.c diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c index 142438ac1d..ed67f9d2fb 100644 --- a/ssl/d1_clnt.c +++ b/ssl/d1_clnt.c @@ -115,9 +115,6 @@ #include #include "ssl_locl.h" -#ifndef OPENSSL_NO_KRB5 -# include "kssl_lcl.h" -#endif #include #include #include diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index 94bd435e7a..ac2a0067cf 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -526,16 +526,12 @@ int dtls1_accept(SSL *s) * RFC 2246): */ ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) && - /* - * ... except when the application insists on - * verification (against the specs, but s3_clnt.c accepts - * this for SSL 3) - */ - !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) || /* - * never request cert in Kerberos ciphersuites + * ... except when the application insists on + * verification (against the specs, but s3_clnt.c accepts + * this for SSL 3) */ - (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5) + !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) /* * With normal PSK Certificates and Certificate Requests * are omitted diff --git a/ssl/install-ssl.com b/ssl/install-ssl.com index ce26b68b84..55e1a6a036 100755 --- a/ssl/install-ssl.com +++ b/ssl/install-ssl.com @@ -70,7 +70,7 @@ $ if f$parse("wrk_sslinclude:") .eqs. "" then - $ if f$parse("wrk_sslxlib:") .eqs. "" then - create /directory /log wrk_sslxlib: $! -$ exheader := ssl.h, ssl2.h, ssl3.h, ssl23.h, tls1.h, dtls1.h, kssl.h, srtp.h +$ exheader := ssl.h, ssl2.h, ssl3.h, ssl23.h, tls1.h, dtls1.h, srtp.h $ libs := ssl_libssl $! $ xexe_dir := [-.'archd'.exe.ssl] diff --git a/ssl/kssl.c b/ssl/kssl.c deleted file mode 100644 index 15973edc2a..0000000000 --- a/ssl/kssl.c +++ /dev/null @@ -1,2252 +0,0 @@ -/* ssl/kssl.c -*- mode: C; c-file-style: "eay" -*- */ -/* - * Written by Vern Staats for the OpenSSL project - * 2000. - */ -/* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -/*- - * ssl/kssl.c -- Routines to support (& debug) Kerberos5 auth for openssl - * - * 19990701 VRS Started. - * 200011?? Jeffrey Altman, Richard Levitte - * Generalized for Heimdal, Newer MIT, & Win32. - * Integrated into main OpenSSL 0.9.7 snapshots. - * 20010413 Simon Wilkinson, VRS - * Real RFC2712 KerberosWrapper replaces AP_REQ. - */ - -#include - -#include - -#define KRB5_PRIVATE 1 - -#include -#include -#include -#include -#include "kssl_lcl.h" -#include "ssl_locl.h" - -#ifndef OPENSSL_NO_KRB5 - -# ifndef ENOMEM -# define ENOMEM KRB5KRB_ERR_GENERIC -# endif - -/* - * When OpenSSL is built on Windows, we do not want to require that - * the Kerberos DLLs be available in order for the OpenSSL DLLs to - * work. Therefore, all Kerberos routines are loaded at run time - * and we do not link to a .LIB file. - */ - -# if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) -/* - * The purpose of the following pre-processor statements is to provide - * compatibility with different releases of MIT Kerberos for Windows. - * All versions up to 1.2 used macros. But macros do not allow for - * a binary compatible interface for DLLs. Therefore, all macros are - * being replaced by function calls. The following code will allow - * an OpenSSL DLL built on Windows to work whether or not the macro - * or function form of the routines are utilized. - */ -# ifdef krb5_cc_get_principal -# define NO_DEF_KRB5_CCACHE -# undef krb5_cc_get_principal -# endif -# define krb5_cc_get_principal kssl_krb5_cc_get_principal - -# define krb5_free_data_contents kssl_krb5_free_data_contents -# define krb5_free_context kssl_krb5_free_context -# define krb5_auth_con_free kssl_krb5_auth_con_free -# define krb5_free_principal kssl_krb5_free_principal -# define krb5_mk_req_extended kssl_krb5_mk_req_extended -# define krb5_get_credentials kssl_krb5_get_credentials -# define krb5_cc_default kssl_krb5_cc_default -# define krb5_sname_to_principal kssl_krb5_sname_to_principal -# define krb5_init_context kssl_krb5_init_context -# define krb5_free_ticket kssl_krb5_free_ticket -# define krb5_rd_req kssl_krb5_rd_req -# define krb5_kt_default kssl_krb5_kt_default -# define krb5_kt_resolve kssl_krb5_kt_resolve -/* macros in mit 1.2.2 and earlier; functions in mit 1.2.3 and greater */ -# ifndef krb5_kt_close -# define krb5_kt_close kssl_krb5_kt_close -# endif /* krb5_kt_close */ -# ifndef krb5_kt_get_entry -# define krb5_kt_get_entry kssl_krb5_kt_get_entry -# endif /* krb5_kt_get_entry */ -# define krb5_auth_con_init kssl_krb5_auth_con_init - -# define krb5_principal_compare kssl_krb5_principal_compare -# define krb5_decrypt_tkt_part kssl_krb5_decrypt_tkt_part -# define krb5_timeofday kssl_krb5_timeofday -# define krb5_rc_default kssl_krb5_rc_default - -# ifdef krb5_rc_initialize -# undef krb5_rc_initialize -# endif -# define krb5_rc_initialize kssl_krb5_rc_initialize - -# ifdef krb5_rc_get_lifespan -# undef krb5_rc_get_lifespan -# endif -# define krb5_rc_get_lifespan kssl_krb5_rc_get_lifespan - -# ifdef krb5_rc_destroy -# undef krb5_rc_destroy -# endif -# define krb5_rc_destroy kssl_krb5_rc_destroy - -# define valid_cksumtype kssl_valid_cksumtype -# define krb5_checksum_size kssl_krb5_checksum_size -# define krb5_kt_free_entry kssl_krb5_kt_free_entry -# define krb5_auth_con_setrcache kssl_krb5_auth_con_setrcache -# define krb5_auth_con_getrcache kssl_krb5_auth_con_getrcache -# define krb5_get_server_rcache kssl_krb5_get_server_rcache - -/* Prototypes for built in stubs */ -void kssl_krb5_free_data_contents(krb5_context, krb5_data *); -void kssl_krb5_free_principal(krb5_context, krb5_principal); -krb5_error_code kssl_krb5_kt_resolve(krb5_context, - krb5_const char *, krb5_keytab *); -krb5_error_code kssl_krb5_kt_default(krb5_context, krb5_keytab *); -krb5_error_code kssl_krb5_free_ticket(krb5_context, krb5_ticket *); -krb5_error_code kssl_krb5_rd_req(krb5_context, krb5_auth_context *, - krb5_const krb5_data *, - krb5_const_principal, krb5_keytab, - krb5_flags *, krb5_ticket **); - -krb5_boolean kssl_krb5_principal_compare(krb5_context, krb5_const_principal, - krb5_const_principal); -krb5_error_code kssl_krb5_mk_req_extended(krb5_context, - krb5_auth_context *, - krb5_const krb5_flags, - krb5_data *, - krb5_creds *, krb5_data *); -krb5_error_code kssl_krb5_init_context(krb5_context *); -void kssl_krb5_free_context(krb5_context); -krb5_error_code kssl_krb5_cc_default(krb5_context, krb5_ccache *); -krb5_error_code kssl_krb5_sname_to_principal(krb5_context, - krb5_const char *, - krb5_const char *, - krb5_int32, krb5_principal *); -krb5_error_code kssl_krb5_get_credentials(krb5_context, - krb5_const krb5_flags, - krb5_ccache, - krb5_creds *, krb5_creds * *); -krb5_error_code kssl_krb5_auth_con_init(krb5_context, krb5_auth_context *); -krb5_error_code kssl_krb5_cc_get_principal(krb5_context context, - krb5_ccache cache, - krb5_principal *principal); -krb5_error_code kssl_krb5_auth_con_free(krb5_context, krb5_auth_context); -size_t kssl_krb5_checksum_size(krb5_context context, krb5_cksumtype ctype); -krb5_boolean kssl_valid_cksumtype(krb5_cksumtype ctype); -krb5_error_code krb5_kt_free_entry(krb5_context, krb5_keytab_entry FAR *); -krb5_error_code kssl_krb5_auth_con_setrcache(krb5_context, - krb5_auth_context, krb5_rcache); -krb5_error_code kssl_krb5_get_server_rcache(krb5_context, - krb5_const krb5_data *, - krb5_rcache *); -krb5_error_code kssl_krb5_auth_con_getrcache(krb5_context, - krb5_auth_context, - krb5_rcache *); - -/* Function pointers (almost all Kerberos functions are _stdcall) */ -static void (_stdcall *p_krb5_free_data_contents) (krb5_context, krb5_data *) - = NULL; -static void (_stdcall *p_krb5_free_principal) (krb5_context, krb5_principal) - = NULL; -static krb5_error_code(_stdcall *p_krb5_kt_resolve) - (krb5_context, krb5_const char *, krb5_keytab *) = NULL; -static krb5_error_code(_stdcall *p_krb5_kt_default) (krb5_context, - krb5_keytab *) = NULL; -static krb5_error_code(_stdcall *p_krb5_free_ticket) (krb5_context, - krb5_ticket *) = NULL; -static krb5_error_code(_stdcall *p_krb5_rd_req) (krb5_context, - krb5_auth_context *, - krb5_const krb5_data *, - krb5_const_principal, - krb5_keytab, krb5_flags *, - krb5_ticket **) = NULL; -static krb5_error_code(_stdcall *p_krb5_mk_req_extended) - (krb5_context, krb5_auth_context *, - krb5_const krb5_flags, krb5_data *, krb5_creds *, krb5_data *) = NULL; -static krb5_error_code(_stdcall *p_krb5_init_context) (krb5_context *) = NULL; -static void (_stdcall *p_krb5_free_context) (krb5_context) = NULL; -static krb5_error_code(_stdcall *p_krb5_cc_default) (krb5_context, - krb5_ccache *) = NULL; -static krb5_error_code(_stdcall *p_krb5_sname_to_principal) - (krb5_context, krb5_const char *, krb5_const char *, - krb5_int32, krb5_principal *) = NULL; -static krb5_error_code(_stdcall *p_krb5_get_credentials) - (krb5_context, krb5_const krb5_flags, krb5_ccache, - krb5_creds *, krb5_creds **) = NULL; -static krb5_error_code(_stdcall *p_krb5_auth_con_init) - (krb5_context, krb5_auth_context *) = NULL; -static krb5_error_code(_stdcall *p_krb5_cc_get_principal) - (krb5_context context, krb5_ccache cache, krb5_principal *principal) = NULL; -static krb5_error_code(_stdcall *p_krb5_auth_con_free) - (krb5_context, krb5_auth_context) = NULL; -static krb5_error_code(_stdcall *p_krb5_decrypt_tkt_part) - (krb5_context, krb5_const krb5_keyblock *, krb5_ticket *) = NULL; -static krb5_error_code(_stdcall *p_krb5_timeofday) - (krb5_context context, krb5_int32 *timeret) = NULL; -static krb5_error_code(_stdcall *p_krb5_rc_default) - (krb5_context context, krb5_rcache *rc) = NULL; -static krb5_error_code(_stdcall *p_krb5_rc_initialize) - (krb5_context context, krb5_rcache rc, krb5_deltat lifespan) = NULL; -static krb5_error_code(_stdcall *p_krb5_rc_get_lifespan) - (krb5_context context, krb5_rcache rc, krb5_deltat *lifespan) = NULL; -static krb5_error_code(_stdcall *p_krb5_rc_destroy) - (krb5_context context, krb5_rcache rc) = NULL; -static krb5_boolean(_stdcall *p_krb5_principal_compare) - (krb5_context, krb5_const_principal, krb5_const_principal) = NULL; -static size_t (_stdcall *p_krb5_checksum_size) (krb5_context context, - krb5_cksumtype ctype) = NULL; -static krb5_boolean(_stdcall *p_valid_cksumtype) (krb5_cksumtype ctype) = - NULL; -static krb5_error_code(_stdcall *p_krb5_kt_free_entry) - (krb5_context, krb5_keytab_entry *) = NULL; -static krb5_error_code(_stdcall *p_krb5_auth_con_setrcache) (krb5_context, - krb5_auth_context, - krb5_rcache) = - NULL; -static krb5_error_code(_stdcall *p_krb5_get_server_rcache) (krb5_context, - krb5_const - krb5_data *, - krb5_rcache *) = - NULL; -static krb5_error_code(*p_krb5_auth_con_getrcache) (krb5_context, - krb5_auth_context, - krb5_rcache *) = NULL; -static krb5_error_code(_stdcall *p_krb5_kt_close) (krb5_context context, - krb5_keytab keytab) = NULL; -static krb5_error_code(_stdcall *p_krb5_kt_get_entry) (krb5_context context, - krb5_keytab keytab, - krb5_const_principal - principal, - krb5_kvno vno, - krb5_enctype enctype, - krb5_keytab_entry - *entry) = NULL; -static int krb5_loaded = 0; /* only attempt to initialize func ptrs once */ - -/* Function to Load the Kerberos 5 DLL and initialize function pointers */ -void load_krb5_dll(void) -{ - HANDLE hKRB5_32; - - krb5_loaded++; - hKRB5_32 = LoadLibrary(TEXT("KRB5_32")); - if (!hKRB5_32) - return; - - (FARPROC) p_krb5_free_data_contents = - GetProcAddress(hKRB5_32, "krb5_free_data_contents"); - (FARPROC) p_krb5_free_context = - GetProcAddress(hKRB5_32, "krb5_free_context"); - (FARPROC) p_krb5_auth_con_free = - GetProcAddress(hKRB5_32, "krb5_auth_con_free"); - (FARPROC) p_krb5_free_principal = - GetProcAddress(hKRB5_32, "krb5_free_principal"); - (FARPROC) p_krb5_mk_req_extended = - GetProcAddress(hKRB5_32, "krb5_mk_req_extended"); - (FARPROC) p_krb5_get_credentials = - GetProcAddress(hKRB5_32, "krb5_get_credentials"); - (FARPROC) p_krb5_cc_get_principal = - GetProcAddress(hKRB5_32, "krb5_cc_get_principal"); - (FARPROC) p_krb5_cc_default = GetProcAddress(hKRB5_32, "krb5_cc_default"); - (FARPROC) p_krb5_sname_to_principal = - GetProcAddress(hKRB5_32, "krb5_sname_to_principal"); - (FARPROC) p_krb5_init_context = - GetProcAddress(hKRB5_32, "krb5_init_context"); - (FARPROC) p_krb5_free_ticket = - GetProcAddress(hKRB5_32, "krb5_free_ticket"); - (FARPROC) p_krb5_rd_req = GetProcAddress(hKRB5_32, "krb5_rd_req"); - (FARPROC) p_krb5_principal_compare = - GetProcAddress(hKRB5_32, "krb5_principal_compare"); - (FARPROC) p_krb5_decrypt_tkt_part = - GetProcAddress(hKRB5_32, "krb5_decrypt_tkt_part"); - (FARPROC) p_krb5_timeofday = GetProcAddress(hKRB5_32, "krb5_timeofday"); - (FARPROC) p_krb5_rc_default = GetProcAddress(hKRB5_32, "krb5_rc_default"); - (FARPROC) p_krb5_rc_initialize = - GetProcAddress(hKRB5_32, "krb5_rc_initialize"); - (FARPROC) p_krb5_rc_get_lifespan = - GetProcAddress(hKRB5_32, "krb5_rc_get_lifespan"); - (FARPROC) p_krb5_rc_destroy = GetProcAddress(hKRB5_32, "krb5_rc_destroy"); - (FARPROC) p_krb5_kt_default = GetProcAddress(hKRB5_32, "krb5_kt_default"); - (FARPROC) p_krb5_kt_resolve = GetProcAddress(hKRB5_32, "krb5_kt_resolve"); - (FARPROC) p_krb5_auth_con_init = - GetProcAddress(hKRB5_32, "krb5_auth_con_init"); - (FARPROC) p_valid_cksumtype = GetProcAddress(hKRB5_32, "valid_cksumtype"); - (FARPROC) p_krb5_checksum_size = - GetProcAddress(hKRB5_32, "krb5_checksum_size"); - (FARPROC) p_krb5_kt_free_entry = - GetProcAddress(hKRB5_32, "krb5_kt_free_entry"); - (FARPROC) p_krb5_auth_con_setrcache = - GetProcAddress(hKRB5_32, "krb5_auth_con_setrcache"); - (FARPROC) p_krb5_get_server_rcache = - GetProcAddress(hKRB5_32, "krb5_get_server_rcache"); - (FARPROC) p_krb5_auth_con_getrcache = - GetProcAddress(hKRB5_32, "krb5_auth_con_getrcache"); - (FARPROC) p_krb5_kt_close = GetProcAddress(hKRB5_32, "krb5_kt_close"); - (FARPROC) p_krb5_kt_get_entry = - GetProcAddress(hKRB5_32, "krb5_kt_get_entry"); -} - -/* Stubs for each function to be dynamicly loaded */ -void kssl_krb5_free_data_contents(krb5_context CO, krb5_data *data) -{ - if (!krb5_loaded) - load_krb5_dll(); - - if (p_krb5_free_data_contents) - p_krb5_free_data_contents(CO, data); -} - -krb5_error_code -kssl_krb5_mk_req_extended(krb5_context CO, - krb5_auth_context *pACO, - krb5_const krb5_flags F, - krb5_data *pD1, krb5_creds *pC, krb5_data *pD2) -{ - if (!krb5_loaded) - load_krb5_dll(); - - if (p_krb5_mk_req_extended) - return (p_krb5_mk_req_extended(CO, pACO, F, pD1, pC, pD2)); - else - return KRB5KRB_ERR_GENERIC; -} - -krb5_error_code -kssl_krb5_auth_con_init(krb5_context CO, krb5_auth_context *pACO) -{ - if (!krb5_loaded) - load_krb5_dll(); - - if (p_krb5_auth_con_init) - return (p_krb5_auth_con_init(CO, pACO)); - else - return KRB5KRB_ERR_GENERIC; -} - -krb5_error_code -kssl_krb5_auth_con_free(krb5_context CO, krb5_auth_context ACO) -{ - if (!krb5_loaded) - load_krb5_dll(); - - if (p_krb5_auth_con_free) - return (p_krb5_auth_con_free(CO, ACO)); - else - return KRB5KRB_ERR_GENERIC; -} - -krb5_error_code -kssl_krb5_get_credentials(krb5_context CO, - krb5_const krb5_flags F, - krb5_ccache CC, krb5_creds *pCR, krb5_creds **ppCR) -{ - if (!krb5_loaded) - load_krb5_dll(); - - if (p_krb5_get_credentials) - return (p_krb5_get_credentials(CO, F, CC, pCR, ppCR)); - else - return KRB5KRB_ERR_GENERIC; -} - -krb5_error_code -kssl_krb5_sname_to_principal(krb5_context CO, - krb5_const char *pC1, - krb5_const char *pC2, - krb5_int32 I, krb5_principal *pPR) -{ - if (!krb5_loaded) - load_krb5_dll(); - - if (p_krb5_sname_to_principal) - return (p_krb5_sname_to_principal(CO, pC1, pC2, I, pPR)); - else - return KRB5KRB_ERR_GENERIC; -} - -krb5_error_code kssl_krb5_cc_default(krb5_context CO, krb5_ccache *pCC) -{ - if (!krb5_loaded) - load_krb5_dll(); - - if (p_krb5_cc_default) - return (p_krb5_cc_default(CO, pCC)); - else - return KRB5KRB_ERR_GENERIC; -} - -krb5_error_code kssl_krb5_init_context(krb5_context *pCO) -{ - if (!krb5_loaded) - load_krb5_dll(); - - if (p_krb5_init_context) - return (p_krb5_init_context(pCO)); - else - return KRB5KRB_ERR_GENERIC; -} - -void kssl_krb5_free_context(krb5_context CO) -{ - if (!krb5_loaded) - load_krb5_dll(); - - if (p_krb5_free_context) - p_krb5_free_context(CO); -} - -void kssl_krb5_free_principal(krb5_context c, krb5_principal p) -{ - if (!krb5_loaded) - load_krb5_dll(); - - if (p_krb5_free_principal) - p_krb5_free_principal(c, p); -} - -krb5_error_code -kssl_krb5_kt_resolve(krb5_context con, krb5_const char *sz, krb5_keytab *kt) -{ - if (!krb5_loaded) - load_krb5_dll(); - - if (p_krb5_kt_resolve) - return (p_krb5_kt_resolve(con, sz, kt)); - else - return KRB5KRB_ERR_GENERIC; -} - -krb5_error_code kssl_krb5_kt_default(krb5_context con, krb5_keytab *kt) -{ - if (!krb5_loaded) - load_krb5_dll(); - - if (p_krb5_kt_default) - return (p_krb5_kt_default(con, kt)); - else - return KRB5KRB_ERR_GENERIC; -} - -krb5_error_code kssl_krb5_free_ticket(krb5_context con, krb5_ticket *kt) -{ - if (!krb5_loaded) - load_krb5_dll(); - - if (p_krb5_free_ticket) - return (p_krb5_free_ticket(con, kt)); - else - return KRB5KRB_ERR_GENERIC; -} - -krb5_error_code -kssl_krb5_rd_req(krb5_context con, krb5_auth_context *pacon, - krb5_const krb5_data *data, - krb5_const_principal princ, krb5_keytab keytab, - krb5_flags *flags, krb5_ticket **pptkt) -{ - if (!krb5_loaded) - load_krb5_dll(); - - if (p_krb5_rd_req) - return (p_krb5_rd_req(con, pacon, data, princ, keytab, flags, pptkt)); - else - return KRB5KRB_ERR_GENERIC; -} - -krb5_boolean -krb5_principal_compare(krb5_context con, krb5_const_principal princ1, - krb5_const_principal princ2) -{ - if (!krb5_loaded) - load_krb5_dll(); - - if (p_krb5_principal_compare) - return (p_krb5_principal_compare(con, princ1, princ2)); - else - return KRB5KRB_ERR_GENERIC; -} - -krb5_error_code -krb5_decrypt_tkt_part(krb5_context con, krb5_const krb5_keyblock *keys, - krb5_ticket *ticket) -{ - if (!krb5_loaded) - load_krb5_dll(); - - if (p_krb5_decrypt_tkt_part) - return (p_krb5_decrypt_tkt_part(con, keys, ticket)); - else - return KRB5KRB_ERR_GENERIC; -} - -krb5_error_code krb5_timeofday(krb5_context con, krb5_int32 *timeret) -{ - if (!krb5_loaded) - load_krb5_dll(); - - if (p_krb5_timeofday) - return (p_krb5_timeofday(con, timeret)); - else - return KRB5KRB_ERR_GENERIC; -} - -krb5_error_code krb5_rc_default(krb5_context con, krb5_rcache *rc) -{ - if (!krb5_loaded) - load_krb5_dll(); - - if (p_krb5_rc_default) - return (p_krb5_rc_default(con, rc)); - else - return KRB5KRB_ERR_GENERIC; -} - -krb5_error_code -krb5_rc_initialize(krb5_context con, krb5_rcache rc, krb5_deltat lifespan) -{ - if (!krb5_loaded) - load_krb5_dll(); - - if (p_krb5_rc_initialize) - return (p_krb5_rc_initialize(con, rc, lifespan)); - else - return KRB5KRB_ERR_GENERIC; -} - -krb5_error_code -krb5_rc_get_lifespan(krb5_context con, krb5_rcache rc, krb5_deltat *lifespanp) -{ - if (!krb5_loaded) - load_krb5_dll(); - - if (p_krb5_rc_get_lifespan) - return (p_krb5_rc_get_lifespan(con, rc, lifespanp)); - else - return KRB5KRB_ERR_GENERIC; -} - -krb5_error_code krb5_rc_destroy(krb5_context con, krb5_rcache rc) -{ - if (!krb5_loaded) - load_krb5_dll(); - - if (p_krb5_rc_destroy) - return (p_krb5_rc_destroy(con, rc)); - else - return KRB5KRB_ERR_GENERIC; -} - -size_t krb5_checksum_size(krb5_context context, krb5_cksumtype ctype) -{ - if (!krb5_loaded) - load_krb5_dll(); - - if (p_krb5_checksum_size) - return (p_krb5_checksum_size(context, ctype)); - else - return KRB5KRB_ERR_GENERIC; -} - -krb5_boolean valid_cksumtype(krb5_cksumtype ctype) -{ - if (!krb5_loaded) - load_krb5_dll(); - - if (p_valid_cksumtype) - return (p_valid_cksumtype(ctype)); - else - return KRB5KRB_ERR_GENERIC; -} - -krb5_error_code krb5_kt_free_entry(krb5_context con, krb5_keytab_entry *entry) -{ - if (!krb5_loaded) - load_krb5_dll(); - - if (p_krb5_kt_free_entry) - return (p_krb5_kt_free_entry(con, entry)); - else - return KRB5KRB_ERR_GENERIC; -} - -/* Structure definitions */ -# ifndef NO_DEF_KRB5_CCACHE -# ifndef krb5_x -# define krb5_x(ptr,args) ((ptr)?((*(ptr)) args):(abort(),1)) -# define krb5_xc(ptr,args) ((ptr)?((*(ptr)) args):(abort(),(char*)0)) -# endif - -typedef krb5_pointer krb5_cc_cursor; /* cursor for sequential lookup */ - -typedef struct _krb5_ccache { - krb5_magic magic; - struct _krb5_cc_ops FAR *ops; - krb5_pointer data; -} *krb5_ccache; - -typedef struct _krb5_cc_ops { - krb5_magic magic; - char *prefix; - char *(KRB5_CALLCONV *get_name) - (krb5_context, krb5_ccache); - krb5_error_code(KRB5_CALLCONV *resolve) - (krb5_context, krb5_ccache *, const char *); - krb5_error_code(KRB5_CALLCONV *gen_new) - (krb5_context, krb5_ccache *); - krb5_error_code(KRB5_CALLCONV *init) - (krb5_context, krb5_ccache, krb5_principal); - krb5_error_code(KRB5_CALLCONV *destroy) - (krb5_context, krb5_ccache); - krb5_error_code(KRB5_CALLCONV *close) - (krb5_context, krb5_ccache); - krb5_error_code(KRB5_CALLCONV *store) - (krb5_context, krb5_ccache, krb5_creds *); - krb5_error_code(KRB5_CALLCONV *retrieve) - (krb5_context, krb5_ccache, krb5_flags, krb5_creds *, krb5_creds *); - krb5_error_code(KRB5_CALLCONV *get_princ) - (krb5_context, krb5_ccache, krb5_principal *); - krb5_error_code(KRB5_CALLCONV *get_first) - (krb5_context, krb5_ccache, krb5_cc_cursor *); - krb5_error_code(KRB5_CALLCONV *get_next) - (krb5_context, krb5_ccache, krb5_cc_cursor *, krb5_creds *); - krb5_error_code(KRB5_CALLCONV *end_get) - (krb5_context, krb5_ccache, krb5_cc_cursor *); - krb5_error_code(KRB5_CALLCONV *remove_cred) - (krb5_context, krb5_ccache, krb5_flags, krb5_creds *); - krb5_error_code(KRB5_CALLCONV *set_flags) - (krb5_context, krb5_ccache, krb5_flags); -} krb5_cc_ops; -# endif /* NO_DEF_KRB5_CCACHE */ - -krb5_error_code - kssl_krb5_cc_get_principal - (krb5_context context, krb5_ccache cache, krb5_principal *principal) { - if (p_krb5_cc_get_principal) - return (p_krb5_cc_get_principal(context, cache, principal)); - else - return (krb5_x((cache)->ops->get_princ, (context, cache, principal))); -} - -krb5_error_code -kssl_krb5_auth_con_setrcache(krb5_context con, krb5_auth_context acon, - krb5_rcache rcache) -{ - if (p_krb5_auth_con_setrcache) - return (p_krb5_auth_con_setrcache(con, acon, rcache)); - else - return KRB5KRB_ERR_GENERIC; -} - -krb5_error_code -kssl_krb5_get_server_rcache(krb5_context con, krb5_const krb5_data *data, - krb5_rcache *rcache) -{ - if (p_krb5_get_server_rcache) - return (p_krb5_get_server_rcache(con, data, rcache)); - else - return KRB5KRB_ERR_GENERIC; -} - -krb5_error_code -kssl_krb5_auth_con_getrcache(krb5_context con, krb5_auth_context acon, - krb5_rcache *prcache) -{ - if (p_krb5_auth_con_getrcache) - return (p_krb5_auth_con_getrcache(con, acon, prcache)); - else - return KRB5KRB_ERR_GENERIC; -} - -krb5_error_code kssl_krb5_kt_close(krb5_context context, krb5_keytab keytab) -{ - if (p_krb5_kt_close) - return (p_krb5_kt_close(context, keytab)); - else - return KRB5KRB_ERR_GENERIC; -} - -krb5_error_code -kssl_krb5_kt_get_entry(krb5_context context, krb5_keytab keytab, - krb5_const_principal principal, krb5_kvno vno, - krb5_enctype enctype, krb5_keytab_entry *entry) -{ - if (p_krb5_kt_get_entry) - return (p_krb5_kt_get_entry - (context, keytab, principal, vno, enctype, entry)); - else - return KRB5KRB_ERR_GENERIC; -} -# endif /* OPENSSL_SYS_WINDOWS || OPENSSL_SYS_WIN32 */ - -/* - * memory allocation functions for non-temporary storage (e.g. stuff that - * gets saved into the kssl context) - */ -static void *kssl_calloc(size_t nmemb, size_t size) -{ - void *p; - - p = OPENSSL_malloc(nmemb * size); - if (p) { - memset(p, 0, nmemb * size); - } - return p; -} - -# define kssl_malloc(size) OPENSSL_malloc((size)) -# define kssl_realloc(ptr, size) OPENSSL_realloc(ptr, size) -# define kssl_free(ptr) OPENSSL_free((ptr)) - -char -*kstring(char *string) -{ - static char *null = "[NULL]"; - - return ((string == NULL) ? null : string); -} - -/* - * Given KRB5 enctype (basically DES or 3DES), return closest match openssl - * EVP_ encryption algorithm. Return NULL for unknown or problematic - * (krb5_dk_encrypt) enctypes. Assume ENCTYPE_*_RAW (krb5_raw_encrypt) are - * OK. - */ -const EVP_CIPHER *kssl_map_enc(krb5_enctype enctype) -{ - switch (enctype) { - case ENCTYPE_DES_HMAC_SHA1: /* EVP_des_cbc(); */ - case ENCTYPE_DES_CBC_CRC: - case ENCTYPE_DES_CBC_MD4: - case ENCTYPE_DES_CBC_MD5: - case ENCTYPE_DES_CBC_RAW: - return EVP_des_cbc(); - break; - case ENCTYPE_DES3_CBC_SHA1: /* EVP_des_ede3_cbc(); */ - case ENCTYPE_DES3_CBC_SHA: - case ENCTYPE_DES3_CBC_RAW: - return EVP_des_ede3_cbc(); - break; - default: - return NULL; - break; - } -} - -/* - * Return true:1 if p "looks like" the start of the real authenticator - * described in kssl_skip_confound() below. The ASN.1 pattern is "62 xx 30 - * yy" (APPLICATION-2, SEQUENCE), where xx-yy =~ 2, and xx and yy are - * possibly multi-byte length fields. - */ -static int kssl_test_confound(unsigned char *p) -{ - int len = 2; - int xx = 0, yy = 0; - - if (*p++ != 0x62) - return 0; - if (*p > 0x82) - return 0; - switch (*p) { - case 0x82: - p++; - xx = (*p++ << 8); - xx += *p++; - break; - case 0x81: - p++; - xx = *p++; - break; - case 0x80: - return 0; - default: - xx = *p++; - break; - } - if (*p++ != 0x30) - return 0; - if (*p > 0x82) - return 0; - switch (*p) { - case 0x82: - p++; - len += 2; - yy = (*p++ << 8); - yy += *p++; - break; - case 0x81: - p++; - len++; - yy = *p++; - break; - case 0x80: - return 0; - default: - yy = *p++; - break; - } - - return (xx - len == yy) ? 1 : 0; -} - -/* - * Allocate, fill, and return cksumlens array of checksum lengths. This - * array holds just the unique elements from the krb5_cksumarray[]. array[n] - * == 0 signals end of data. The krb5_cksumarray[] was an internal variable - * that has since been replaced by a more general method for storing the - * data. It should not be used. Instead we use real API calls and make a - * guess for what the highest assigned CKSUMTYPE_ constant is. As of 1.2.2 - * it is 0x000c (CKSUMTYPE_HMAC_SHA1_DES3). So we will use 0x0010. - */ -static size_t *populate_cksumlens(void) -{ - int i, j, n; - static size_t *cklens = NULL; - -# ifdef KRB5_MIT_OLD11 - n = krb5_max_cksum; -# else - n = 0x0010; -# endif /* KRB5_MIT_OLD11 */ - -# ifdef KRB5CHECKAUTH - if (cklens == NULL - && (cklens = (size_t *)calloc(sizeof(int), n + 1)) == NULL) - return NULL; - - for (i = 0; i < n; i++) { - if (!valid_cksumtype(i)) - continue; /* array has holes */ - for (j = 0; j < n; j++) { - if (cklens[j] == 0) { - cklens[j] = krb5_checksum_size(NULL, i); - break; /* krb5 elem was new: add */ - } - if (cklens[j] == krb5_checksum_size(NULL, i)) { - break; /* ignore duplicate elements */ - } - } - } -# endif /* KRB5CHECKAUTH */ - - return cklens; -} - -/*- - * Return pointer to start of real authenticator within authenticator, or - * return NULL on error. - * Decrypted authenticator looks like this: - * [0 or 8 byte confounder] [4-24 byte checksum] [real authent'r] - * This hackery wouldn't be necessary if MIT KRB5 1.0.6 had the - * krb5_auth_con_getcksumtype() function advertised in its krb5.h. - */ -unsigned char *kssl_skip_confound(krb5_enctype etype, unsigned char *a) -{ - int i, conlen; - size_t cklen; - static size_t *cksumlens = NULL; - unsigned char *test_auth; - - conlen = (etype) ? 8 : 0; - - if (cksumlens NULL - && (cksumlens = populate_cksumlens()) == NULL) - return NULL; - for (i = 0; (cklen = cksumlens[i]) != 0; i++) { - test_auth = a + conlen + cklen; - if (kssl_test_confound(test_auth)) - return test_auth; - } - - return NULL; -} - -/* - * Set kssl_err error info when reason text is a simple string kssl_err = - * struct { int reason; char text[KSSL_ERR_MAX+1]; } - */ -void kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text) -{ - if (kssl_err == NULL) - return; - - kssl_err->reason = reason; - BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, "%s", text); - return; -} - -/* - * Display contents of krb5_data struct, for debugging - */ -void print_krb5_data(char *label, krb5_data *kdata) -{ - int i; - - fprintf(stderr, "%s[%d] ", label, kdata->length); - for (i = 0; i < (int)kdata->length; i++) { - if (0 && isprint((int)kdata->data[i])) - fprintf(stderr, "%c ", kdata->data[i]); - else - fprintf(stderr, "%02x ", (unsigned char)kdata->data[i]); - } - fprintf(stderr, "\n"); -} - -/* - * Display contents of krb5_authdata struct, for debugging - */ -void print_krb5_authdata(char *label, krb5_authdata **adata) -{ - if (adata == NULL) { - fprintf(stderr, "%s, authdata==0\n", label); - return; - } - fprintf(stderr, "%s [%p]\n", label, (void *)adata); -} - -/* - * Display contents of krb5_keyblock struct, for debugging - */ -void print_krb5_keyblock(char *label, krb5_keyblock *keyblk) -{ - int i; - - if (keyblk == NULL) { - fprintf(stderr, "%s, keyblk==0\n", label); - return; - } -# ifdef KRB5_HEIMDAL - fprintf(stderr, "%s\n\t[et%d:%d]: ", label, keyblk->keytype, - keyblk->keyvalue->length); - for (i = 0; i < (int)keyblk->keyvalue->length; i++) { - fprintf(stderr, "%02x", - (unsigned char *)(keyblk->keyvalue->contents)[i]); - } - fprintf(stderr, "\n"); -# else - fprintf(stderr, "%s\n\t[et%d:%d]: ", label, keyblk->enctype, - keyblk->length); - for (i = 0; i < (int)keyblk->length; i++) { - fprintf(stderr, "%02x", keyblk->contents[i]); - } - fprintf(stderr, "\n"); -# endif -} - -/* - * Display contents of krb5_principal_data struct, for debugging - * (krb5_principal is typedef'd == krb5_principal_data *) - */ -static void print_krb5_princ(char *label, krb5_principal_data *princ) -{ - int i, ui, uj; - - fprintf(stderr, "%s principal Realm: ", label); - if (princ == NULL) - return; - for (ui = 0; ui < (int)princ->realm.length; ui++) - putchar(princ->realm.data[ui]); - fprintf(stderr, " (nametype %d) has %d strings:\n", princ->type, - princ->length); - for (i = 0; i < (int)princ->length; i++) { - fprintf(stderr, "\t%d [%d]: ", i, princ->data[i].length); - for (uj = 0; uj < (int)princ->data[i].length; uj++) { - putchar(princ->data[i].data[uj]); - } - fprintf(stderr, "\n"); - } - return; -} - -/*- Given krb5 service (typically "kssl") and hostname in kssl_ctx, - * Return encrypted Kerberos ticket for service @ hostname. - * If authenp is non-NULL, also return encrypted authenticator, - * whose data should be freed by caller. - * (Originally was: Create Kerberos AP_REQ message for SSL Client.) - * - * 19990628 VRS Started; Returns Kerberos AP_REQ message. - * 20010409 VRS Modified for RFC2712; Returns enc tkt. - * 20010606 VRS May also return optional authenticator. - */ -krb5_error_code kssl_cget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx, - /* - * OUT - */ krb5_data **enc_ticketp, - /* - * UPDATE - */ krb5_data *authenp, - /* - * OUT - */ KSSL_ERR *kssl_err) -{ - krb5_error_code krb5rc = KRB5KRB_ERR_GENERIC; - krb5_context krb5context = NULL; - krb5_auth_context krb5auth_context = NULL; - krb5_ccache krb5ccdef = NULL; - krb5_creds krb5creds, *krb5credsp = NULL; - krb5_data krb5_app_req; - - kssl_err_set(kssl_err, 0, ""); - memset(&krb5creds, 0, sizeof(krb5creds)); - - if (!kssl_ctx) { - kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, "No kssl_ctx defined.\n"); - goto err; - } else if (!kssl_ctx->service_host) { - kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, - "kssl_ctx service_host undefined.\n"); - goto err; - } - - if ((krb5rc = krb5_init_context(&krb5context)) != 0) { - BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, - "krb5_init_context() fails: %d\n", krb5rc); - kssl_err->reason = SSL_R_KRB5_C_INIT; - goto err; - } - - if ((krb5rc = krb5_sname_to_principal(krb5context, - kssl_ctx->service_host, - (kssl_ctx->service_name) ? - kssl_ctx->service_name : KRB5SVC, - KRB5_NT_SRV_HST, - &krb5creds.server)) != 0) { - BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, - "krb5_sname_to_principal() fails for %s/%s\n", - kssl_ctx->service_host, - (kssl_ctx-> - service_name) ? kssl_ctx->service_name : KRB5SVC); - kssl_err->reason = SSL_R_KRB5_C_INIT; - goto err; - } - - if ((krb5rc = krb5_cc_default(krb5context, &krb5ccdef)) != 0) { - kssl_err_set(kssl_err, SSL_R_KRB5_C_CC_PRINC, - "krb5_cc_default fails.\n"); - goto err; - } - - if ((krb5rc = krb5_cc_get_principal(krb5context, krb5ccdef, - &krb5creds.client)) != 0) { - kssl_err_set(kssl_err, SSL_R_KRB5_C_CC_PRINC, - "krb5_cc_get_principal() fails.\n"); - goto err; - } - - if ((krb5rc = krb5_get_credentials(krb5context, 0, krb5ccdef, - &krb5creds, &krb5credsp)) != 0) { - kssl_err_set(kssl_err, SSL_R_KRB5_C_GET_CRED, - "krb5_get_credentials() fails.\n"); - goto err; - } - - *enc_ticketp = &krb5credsp->ticket; -# ifdef KRB5_HEIMDAL - kssl_ctx->enctype = krb5credsp->session.keytype; -# else - kssl_ctx->enctype = krb5credsp->keyblock.enctype; -# endif - - krb5rc = KRB5KRB_ERR_GENERIC; - /* caller should free data of krb5_app_req */ - /* - * 20010406 VRS deleted for real KerberosWrapper 20010605 VRS reinstated - * to offer Authenticator to KerberosWrapper - */ - krb5_app_req.length = 0; - if (authenp) { - krb5_data krb5in_data; - const unsigned char *p; - long arlen; - KRB5_APREQBODY *ap_req; - - authenp->length = 0; - krb5in_data.data = NULL; - krb5in_data.length = 0; - if ((krb5rc = krb5_mk_req_extended(krb5context, - &krb5auth_context, 0, &krb5in_data, - krb5credsp, &krb5_app_req)) != 0) { - kssl_err_set(kssl_err, SSL_R_KRB5_C_MK_REQ, - "krb5_mk_req_extended() fails.\n"); - goto err; - } - - arlen = krb5_app_req.length; - p = (unsigned char *)krb5_app_req.data; - ap_req = (KRB5_APREQBODY *)d2i_KRB5_APREQ(NULL, &p, arlen); - if (ap_req) { - authenp->length = i2d_KRB5_ENCDATA(ap_req->authenticator, NULL); - if (authenp->length && (authenp->data = malloc(authenp->length))) { - unsigned char *adp = (unsigned char *)authenp->data; - authenp->length = - i2d_KRB5_ENCDATA(ap_req->authenticator, &adp); - } - } - - if (ap_req) - KRB5_APREQ_free((KRB5_APREQ *) ap_req); - if (krb5_app_req.length) - kssl_krb5_free_data_contents(krb5context, &krb5_app_req); - } -# ifdef KRB5_HEIMDAL - if (kssl_ctx_setkey(kssl_ctx, &krb5credsp->session)) { - kssl_err_set(kssl_err, SSL_R_KRB5_C_INIT, - "kssl_ctx_setkey() fails.\n"); - } -# else - if (kssl_ctx_setkey(kssl_ctx, &krb5credsp->keyblock)) { - kssl_err_set(kssl_err, SSL_R_KRB5_C_INIT, - "kssl_ctx_setkey() fails.\n"); - } -# endif - else - krb5rc = 0; - - err: -# ifdef KSSL_DEBUG - kssl_ctx_show(kssl_ctx); -# endif /* KSSL_DEBUG */ - - if (krb5creds.client) - krb5_free_principal(krb5context, krb5creds.client); - if (krb5creds.server) - krb5_free_principal(krb5context, krb5creds.server); - if (krb5auth_context) - krb5_auth_con_free(krb5context, krb5auth_context); - if (krb5context) - krb5_free_context(krb5context); - return (krb5rc); -} - -/*- - * Given d2i_-decoded asn1ticket, allocate and return a new krb5_ticket. - * Return Kerberos error code and kssl_err struct on error. - * Allocates krb5_ticket and krb5_principal; caller should free these. - * - * 20010410 VRS Implemented krb5_decode_ticket() as - * old_krb5_decode_ticket(). Missing from MIT1.0.6. - * 20010615 VRS Re-cast as openssl/asn1 d2i_*() functions. - * Re-used some of the old krb5_decode_ticket() - * code here. This tkt should alloc/free just - * like the real thing. - */ -static krb5_error_code kssl_TKT2tkt( /* IN */ krb5_context krb5context, - /* - * IN - */ KRB5_TKTBODY *asn1ticket, - /* - * OUT - */ krb5_ticket **krb5ticket, - /* - * OUT - */ KSSL_ERR *kssl_err) -{ - krb5_error_code krb5rc = KRB5KRB_ERR_GENERIC; - krb5_ticket *new5ticket = NULL; - ASN1_GENERALSTRING *gstr_svc, *gstr_host; - - *krb5ticket = NULL; - - if (asn1ticket == NULL || asn1ticket->realm == NULL || - asn1ticket->sname == NULL || - sk_ASN1_GENERALSTRING_num(asn1ticket->sname->namestring) < 2) { - BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, - "Null field in asn1ticket.\n"); - kssl_err->reason = SSL_R_KRB5_S_RD_REQ; - return KRB5KRB_ERR_GENERIC; - } - - if ((new5ticket = (krb5_ticket *)calloc(1, sizeof(krb5_ticket))) == NULL) { - BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, - "Unable to allocate new krb5_ticket.\n"); - kssl_err->reason = SSL_R_KRB5_S_RD_REQ; - return ENOMEM; /* or KRB5KRB_ERR_GENERIC; */ - } - - gstr_svc = sk_ASN1_GENERALSTRING_value(asn1ticket->sname->namestring, 0); - gstr_host = sk_ASN1_GENERALSTRING_value(asn1ticket->sname->namestring, 1); - - if ((krb5rc = kssl_build_principal_2(krb5context, - &new5ticket->server, - asn1ticket->realm->length, - (char *)asn1ticket->realm->data, - gstr_svc->length, - (char *)gstr_svc->data, - gstr_host->length, - (char *)gstr_host->data)) != 0) { - free(new5ticket); - BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, - "Error building ticket server principal.\n"); - kssl_err->reason = SSL_R_KRB5_S_RD_REQ; - return krb5rc; /* or KRB5KRB_ERR_GENERIC; */ - } - - krb5_princ_type(krb5context, new5ticket->server) = - asn1ticket->sname->nametype->data[0]; - new5ticket->enc_part.enctype = asn1ticket->encdata->etype->data[0]; - new5ticket->enc_part.kvno = asn1ticket->encdata->kvno->data[0]; - new5ticket->enc_part.ciphertext.length = - asn1ticket->encdata->cipher->length; - if ((new5ticket->enc_part.ciphertext.data = - calloc(1, asn1ticket->encdata->cipher->length)) == NULL) { - free(new5ticket); - BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, - "Error allocating cipher in krb5ticket.\n"); - kssl_err->reason = SSL_R_KRB5_S_RD_REQ; - return KRB5KRB_ERR_GENERIC; - } else { - memcpy(new5ticket->enc_part.ciphertext.data, - asn1ticket->encdata->cipher->data, - asn1ticket->encdata->cipher->length); - } - - *krb5ticket = new5ticket; - return 0; -} - -/*- - * Given krb5 service name in KSSL_CTX *kssl_ctx (typically "kssl"), - * and krb5 AP_REQ message & message length, - * Return Kerberos session key and client principle - * to SSL Server in KSSL_CTX *kssl_ctx. - * - * 19990702 VRS Started. - */ -krb5_error_code kssl_sget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx, - /* - * IN - */ krb5_data *indata, - /* - * OUT - */ krb5_ticket_times *ttimes, - /* - * OUT - */ KSSL_ERR *kssl_err) -{ - krb5_error_code krb5rc = KRB5KRB_ERR_GENERIC; - static krb5_context krb5context = NULL; - static krb5_auth_context krb5auth_context = NULL; - krb5_ticket *krb5ticket = NULL; - KRB5_TKTBODY *asn1ticket = NULL; - const unsigned char *p; - krb5_keytab krb5keytab = NULL; - krb5_keytab_entry kt_entry; - krb5_principal krb5server; - krb5_rcache rcache = NULL; - - kssl_err_set(kssl_err, 0, ""); - - if (!kssl_ctx) { - kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, "No kssl_ctx defined.\n"); - goto err; - } -# ifdef KSSL_DEBUG - fprintf(stderr, "in kssl_sget_tkt(%s)\n", - kstring(kssl_ctx->service_name)); -# endif /* KSSL_DEBUG */ - - if (!krb5context && (krb5rc = krb5_init_context(&krb5context))) { - kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, - "krb5_init_context() fails.\n"); - goto err; - } - if (krb5auth_context && - (krb5rc = krb5_auth_con_free(krb5context, krb5auth_context))) { - kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, - "krb5_auth_con_free() fails.\n"); - goto err; - } else - krb5auth_context = NULL; - if (!krb5auth_context && - (krb5rc = krb5_auth_con_init(krb5context, &krb5auth_context))) { - kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, - "krb5_auth_con_init() fails.\n"); - goto err; - } - - if ((krb5rc = krb5_auth_con_getrcache(krb5context, krb5auth_context, - &rcache))) { - kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, - "krb5_auth_con_getrcache() fails.\n"); - goto err; - } - - if ((krb5rc = krb5_sname_to_principal(krb5context, NULL, - (kssl_ctx->service_name) ? - kssl_ctx->service_name : KRB5SVC, - KRB5_NT_SRV_HST, - &krb5server)) != 0) { - kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, - "krb5_sname_to_principal() fails.\n"); - goto err; - } - - if (rcache == NULL) { - if ((krb5rc = krb5_get_server_rcache(krb5context, - krb5_princ_component(krb5context, - krb5server, - 0), - &rcache))) { - kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, - "krb5_get_server_rcache() fails.\n"); - goto err; - } - } - - if ((krb5rc = - krb5_auth_con_setrcache(krb5context, krb5auth_context, rcache))) { - kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, - "krb5_auth_con_setrcache() fails.\n"); - goto err; - } - - /* - * kssl_ctx->keytab_file == NULL ==> use Kerberos default - */ - if (kssl_ctx->keytab_file) { - krb5rc = krb5_kt_resolve(krb5context, kssl_ctx->keytab_file, - &krb5keytab); - if (krb5rc) { - kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, - "krb5_kt_resolve() fails.\n"); - goto err; - } - } else { - krb5rc = krb5_kt_default(krb5context, &krb5keytab); - if (krb5rc) { - kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, - "krb5_kt_default() fails.\n"); - goto err; - } - } - - /*- Actual Kerberos5 krb5_recvauth() has initial conversation here - * o check KRB5_SENDAUTH_BADAUTHVERS - * unless KRB5_RECVAUTH_SKIP_VERSION - * o check KRB5_SENDAUTH_BADAPPLVERS - * o send "0" msg if all OK - */ - - /*- - * 20010411 was using AP_REQ instead of true KerberosWrapper - * - * if ((krb5rc = krb5_rd_req(krb5context, &krb5auth_context, - * &krb5in_data, krb5server, krb5keytab, - * &ap_option, &krb5ticket)) != 0) { Error } - */ - - p = (unsigned char *)indata->data; - if ((asn1ticket = (KRB5_TKTBODY *)d2i_KRB5_TICKET(NULL, &p, - (long)indata->length)) - == NULL) { - BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, - "d2i_KRB5_TICKET() ASN.1 decode failure.\n"); - kssl_err->reason = SSL_R_KRB5_S_RD_REQ; - goto err; - } - - /* - * Was: krb5rc = krb5_decode_ticket(krb5in_data,&krb5ticket)) != 0) - */ - if ((krb5rc = kssl_TKT2tkt(krb5context, asn1ticket, &krb5ticket, - kssl_err)) != 0) { - BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, - "Error converting ASN.1 ticket to krb5_ticket.\n"); - kssl_err->reason = SSL_R_KRB5_S_RD_REQ; - goto err; - } - - if (!krb5_principal_compare(krb5context, krb5server, krb5ticket->server)) { - krb5rc = KRB5_PRINC_NOMATCH; - BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, - "server principal != ticket principal\n"); - kssl_err->reason = SSL_R_KRB5_S_RD_REQ; - goto err; - } - if ((krb5rc = krb5_kt_get_entry(krb5context, krb5keytab, - krb5ticket->server, - krb5ticket->enc_part.kvno, - krb5ticket->enc_part.enctype, - &kt_entry)) != 0) { - BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, - "krb5_kt_get_entry() fails with %x.\n", krb5rc); - kssl_err->reason = SSL_R_KRB5_S_RD_REQ; - goto err; - } - if ((krb5rc = krb5_decrypt_tkt_part(krb5context, &kt_entry.key, - krb5ticket)) != 0) { - BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, - "krb5_decrypt_tkt_part() failed.\n"); - kssl_err->reason = SSL_R_KRB5_S_RD_REQ; - goto err; - } else { - krb5_kt_free_entry(krb5context, &kt_entry); -# ifdef KSSL_DEBUG - { - int i; - krb5_address **paddr = krb5ticket->enc_part2->caddrs; - fprintf(stderr, "Decrypted ticket fields:\n"); - fprintf(stderr, "\tflags: %X, transit-type: %X", - krb5ticket->enc_part2->flags, - krb5ticket->enc_part2->transited.tr_type); - print_krb5_data("\ttransit-data: ", - &(krb5ticket->enc_part2->transited.tr_contents)); - fprintf(stderr, "\tcaddrs: %p, authdata: %p\n", - krb5ticket->enc_part2->caddrs, - krb5ticket->enc_part2->authorization_data); - if (paddr) { - fprintf(stderr, "\tcaddrs:\n"); - for (i = 0; paddr[i] != NULL; i++) { - krb5_data d; - d.length = paddr[i]->length; - d.data = paddr[i]->contents; - print_krb5_data("\t\tIP: ", &d); - } - } - fprintf(stderr, "\tstart/auth/end times: %d / %d / %d\n", - krb5ticket->enc_part2->times.starttime, - krb5ticket->enc_part2->times.authtime, - krb5ticket->enc_part2->times.endtime); - } -# endif /* KSSL_DEBUG */ - } - - krb5rc = KRB5_NO_TKT_SUPPLIED; - if (!krb5ticket || !krb5ticket->enc_part2 || - !krb5ticket->enc_part2->client || - !krb5ticket->enc_part2->client->data || - !krb5ticket->enc_part2->session) { - kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET, - "bad ticket from krb5_rd_req.\n"); - } else if (kssl_ctx_setprinc(kssl_ctx, KSSL_CLIENT, - &krb5ticket->enc_part2->client->realm, - krb5ticket->enc_part2->client->data, - krb5ticket->enc_part2->client->length)) { - kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET, - "kssl_ctx_setprinc() fails.\n"); - } else if (kssl_ctx_setkey(kssl_ctx, krb5ticket->enc_part2->session)) { - kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET, - "kssl_ctx_setkey() fails.\n"); - } else if (krb5ticket->enc_part2->flags & TKT_FLG_INVALID) { - krb5rc = KRB5KRB_AP_ERR_TKT_INVALID; - kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET, - "invalid ticket from krb5_rd_req.\n"); - } else - krb5rc = 0; - - kssl_ctx->enctype = krb5ticket->enc_part.enctype; - ttimes->authtime = krb5ticket->enc_part2->times.authtime; - ttimes->starttime = krb5ticket->enc_part2->times.starttime; - ttimes->endtime = krb5ticket->enc_part2->times.endtime; - ttimes->renew_till = krb5ticket->enc_part2->times.renew_till; - - err: -# ifdef KSSL_DEBUG - kssl_ctx_show(kssl_ctx); -# endif /* KSSL_DEBUG */ - - if (asn1ticket) - KRB5_TICKET_free((KRB5_TICKET *) asn1ticket); - if (krb5keytab) - krb5_kt_close(krb5context, krb5keytab); - if (krb5ticket) - krb5_free_ticket(krb5context, krb5ticket); - if (krb5server) - krb5_free_principal(krb5context, krb5server); - return (krb5rc); -} - -/* - * Allocate & return a new kssl_ctx struct. - */ -KSSL_CTX *kssl_ctx_new(void) -{ - return ((KSSL_CTX *)kssl_calloc(1, sizeof(KSSL_CTX))); -} - -/* - * Frees a kssl_ctx struct and any allocated memory it holds. Returns NULL. - */ -KSSL_CTX *kssl_ctx_free(KSSL_CTX *kssl_ctx) -{ - if (kssl_ctx == NULL) - return kssl_ctx; - - if (kssl_ctx->key) - OPENSSL_cleanse(kssl_ctx->key, kssl_ctx->length); - if (kssl_ctx->key) - kssl_free(kssl_ctx->key); - if (kssl_ctx->client_princ) - kssl_free(kssl_ctx->client_princ); - if (kssl_ctx->service_host) - kssl_free(kssl_ctx->service_host); - if (kssl_ctx->service_name) - kssl_free(kssl_ctx->service_name); - if (kssl_ctx->keytab_file) - kssl_free(kssl_ctx->keytab_file); - - kssl_free(kssl_ctx); - return (KSSL_CTX *)NULL; -} - -/* - * Given an array of (krb5_data *) entity (and optional realm), set the plain - * (char *) client_princ or service_host member of the kssl_ctx struct. - */ -krb5_error_code -kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which, - krb5_data *realm, krb5_data *entity, int nentities) -{ - char **princ; - int length; - int i; - - if (kssl_ctx == NULL || entity == NULL) - return KSSL_CTX_ERR; - - switch (which) { - case KSSL_CLIENT: - princ = &kssl_ctx->client_princ; - break; - case KSSL_SERVER: - princ = &kssl_ctx->service_host; - break; - default: - return KSSL_CTX_ERR; - break; - } - if (*princ) - kssl_free(*princ); - - /* Add up all the entity->lengths */ - length = 0; - for (i = 0; i < nentities; i++) { - length += entity[i].length; - } - /* Add in space for the '/' character(s) (if any) */ - length += nentities - 1; - /* Space for the ('@'+realm+NULL | NULL) */ - length += ((realm) ? realm->length + 2 : 1); - - if ((*princ = kssl_calloc(1, length)) == NULL) - return KSSL_CTX_ERR; - else { - for (i = 0; i < nentities; i++) { - strncat(*princ, entity[i].data, entity[i].length); - if (i < nentities - 1) { - strcat(*princ, "/"); - } - } - if (realm) { - strcat(*princ, "@"); - (void)strncat(*princ, realm->data, realm->length); - } - } - - return KSSL_CTX_OK; -} - -/*- Set one of the plain (char *) string members of the kssl_ctx struct. - * Default values should be: - * which == KSSL_SERVICE => "khost" (KRB5SVC) - * which == KSSL_KEYTAB => "/etc/krb5.keytab" (KRB5KEYTAB) - */ -krb5_error_code kssl_ctx_setstring(KSSL_CTX *kssl_ctx, int which, char *text) -{ - char **string; - - if (!kssl_ctx) - return KSSL_CTX_ERR; - - switch (which) { - case KSSL_SERVICE: - string = &kssl_ctx->service_name; - break; - case KSSL_SERVER: - string = &kssl_ctx->service_host; - break; - case KSSL_CLIENT: - string = &kssl_ctx->client_princ; - break; - case KSSL_KEYTAB: - string = &kssl_ctx->keytab_file; - break; - default: - return KSSL_CTX_ERR; - break; - } - if (*string) - kssl_free(*string); - - if (!text) { - *string = '\0'; - return KSSL_CTX_OK; - } - - if ((*string = kssl_calloc(1, strlen(text) + 1)) == NULL) - return KSSL_CTX_ERR; - else - strcpy(*string, text); - - return KSSL_CTX_OK; -} - -/* - * Copy the Kerberos session key from a (krb5_keyblock *) to a kssl_ctx - * struct. Clear kssl_ctx->key if Kerberos session key is NULL. - */ -krb5_error_code kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session) -{ - int length; - krb5_enctype enctype; - krb5_octet FAR *contents = NULL; - - if (!kssl_ctx) - return KSSL_CTX_ERR; - - if (kssl_ctx->key) { - OPENSSL_cleanse(kssl_ctx->key, kssl_ctx->length); - kssl_free(kssl_ctx->key); - } - - if (session) { - -# ifdef KRB5_HEIMDAL - length = session->keyvalue->length; - enctype = session->keytype; - contents = session->keyvalue->contents; -# else - length = session->length; - enctype = session->enctype; - contents = session->contents; -# endif - kssl_ctx->enctype = enctype; - kssl_ctx->length = length; - } else { - kssl_ctx->enctype = ENCTYPE_UNKNOWN; - kssl_ctx->length = 0; - return KSSL_CTX_OK; - } - - if ((kssl_ctx->key = - (krb5_octet FAR *)kssl_calloc(1, kssl_ctx->length)) == NULL) { - kssl_ctx->length = 0; - return KSSL_CTX_ERR; - } else - memcpy(kssl_ctx->key, contents, length); - - return KSSL_CTX_OK; -} - -/* - * Display contents of kssl_ctx struct - */ -void kssl_ctx_show(KSSL_CTX *kssl_ctx) -{ - int i; - - printf("kssl_ctx: "); - if (kssl_ctx == NULL) { - printf("NULL\n"); - return; - } else - printf("%p\n", (void *)kssl_ctx); - - printf("\tservice:\t%s\n", - (kssl_ctx->service_name) ? kssl_ctx->service_name : "NULL"); - printf("\tclient:\t%s\n", - (kssl_ctx->client_princ) ? kssl_ctx->client_princ : "NULL"); - printf("\tserver:\t%s\n", - (kssl_ctx->service_host) ? kssl_ctx->service_host : "NULL"); - printf("\tkeytab:\t%s\n", - (kssl_ctx->keytab_file) ? kssl_ctx->keytab_file : "NULL"); - printf("\tkey [%d:%d]:\t", kssl_ctx->enctype, kssl_ctx->length); - - for (i = 0; i < kssl_ctx->length && kssl_ctx->key; i++) { - printf("%02x", kssl_ctx->key[i]); - } - printf("\n"); - return; -} - -int kssl_keytab_is_available(KSSL_CTX *kssl_ctx) -{ - krb5_context krb5context = NULL; - krb5_keytab krb5keytab = NULL; - krb5_keytab_entry entry; - krb5_principal princ = NULL; - krb5_error_code krb5rc = KRB5KRB_ERR_GENERIC; - int rc = 0; - - if ((krb5rc = krb5_init_context(&krb5context))) - return (0); - - /* - * kssl_ctx->keytab_file == NULL ==> use Kerberos default - */ - if (kssl_ctx->keytab_file) { - krb5rc = krb5_kt_resolve(krb5context, kssl_ctx->keytab_file, - &krb5keytab); - if (krb5rc) - goto exit; - } else { - krb5rc = krb5_kt_default(krb5context, &krb5keytab); - if (krb5rc) - goto exit; - } - - /* the host key we are looking for */ - krb5rc = krb5_sname_to_principal(krb5context, NULL, - kssl_ctx-> - service_name ? kssl_ctx->service_name : - KRB5SVC, KRB5_NT_SRV_HST, &princ); - - if (krb5rc) - goto exit; - - krb5rc = krb5_kt_get_entry(krb5context, krb5keytab, princ, - /* IGNORE_VNO */ - 0, - /* IGNORE_ENCTYPE */ - 0, &entry); - if (krb5rc == KRB5_KT_NOTFOUND) { - rc = 1; - goto exit; - } else if (krb5rc) - goto exit; - - krb5_kt_free_entry(krb5context, &entry); - rc = 1; - - exit: - if (krb5keytab) - krb5_kt_close(krb5context, krb5keytab); - if (princ) - krb5_free_principal(krb5context, princ); - if (krb5context) - krb5_free_context(krb5context); - return (rc); -} - -int kssl_tgt_is_available(KSSL_CTX *kssl_ctx) -{ - krb5_error_code krb5rc = KRB5KRB_ERR_GENERIC; - krb5_context krb5context = NULL; - krb5_ccache krb5ccdef = NULL; - krb5_creds krb5creds, *krb5credsp = NULL; - int rc = 0; - - memset(&krb5creds, 0, sizeof(krb5creds)); - - if (!kssl_ctx) - return (0); - - if (!kssl_ctx->service_host) - return (0); - - if ((krb5rc = krb5_init_context(&krb5context)) != 0) - goto err; - - if ((krb5rc = krb5_sname_to_principal(krb5context, - kssl_ctx->service_host, - (kssl_ctx->service_name) ? - kssl_ctx->service_name : KRB5SVC, - KRB5_NT_SRV_HST, - &krb5creds.server)) != 0) - goto err; - - if ((krb5rc = krb5_cc_default(krb5context, &krb5ccdef)) != 0) - goto err; - - if ((krb5rc = krb5_cc_get_principal(krb5context, krb5ccdef, - &krb5creds.client)) != 0) - goto err; - - if ((krb5rc = krb5_get_credentials(krb5context, 0, krb5ccdef, - &krb5creds, &krb5credsp)) != 0) - goto err; - - rc = 1; - - err: -# ifdef KSSL_DEBUG - kssl_ctx_show(kssl_ctx); -# endif /* KSSL_DEBUG */ - - if (krb5creds.client) - krb5_free_principal(krb5context, krb5creds.client); - if (krb5creds.server) - krb5_free_principal(krb5context, krb5creds.server); - if (krb5context) - krb5_free_context(krb5context); - return (rc); -} - -# if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_WIN32) -void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data) -{ -# ifdef KRB5_HEIMDAL - data->length = 0; - if (data->data) - free(data->data); -# elif defined(KRB5_MIT_OLD11) - if (data->data) { - krb5_xfree(data->data); - data->data = 0; - } -# else - krb5_free_data_contents(NULL, data); -# endif -} -# endif -/* !OPENSSL_SYS_WINDOWS && !OPENSSL_SYS_WIN32 */ - -/* - * Given pointers to KerberosTime and struct tm structs, convert the - * KerberosTime string to struct tm. Note that KerberosTime is a - * ASN1_GENERALIZEDTIME value, constrained to GMT with no fractional seconds - * as defined in RFC 1510. Return pointer to the (partially) filled in - * struct tm on success, return NULL on failure. - */ -static struct tm *k_gmtime(ASN1_GENERALIZEDTIME *gtime, struct tm *k_tm) -{ - char c, *p; - - if (!k_tm) - return NULL; - if (gtime == NULL || gtime->length < 14) - return NULL; - if (gtime->data == NULL) - return NULL; - - p = (char *)>ime->data[14]; - - c = *p; - *p = '\0'; - p -= 2; - k_tm->tm_sec = atoi(p); - *(p + 2) = c; - c = *p; - *p = '\0'; - p -= 2; - k_tm->tm_min = atoi(p); - *(p + 2) = c; - c = *p; - *p = '\0'; - p -= 2; - k_tm->tm_hour = atoi(p); - *(p + 2) = c; - c = *p; - *p = '\0'; - p -= 2; - k_tm->tm_mday = atoi(p); - *(p + 2) = c; - c = *p; - *p = '\0'; - p -= 2; - k_tm->tm_mon = atoi(p) - 1; - *(p + 2) = c; - c = *p; - *p = '\0'; - p -= 4; - k_tm->tm_year = atoi(p) - 1900; - *(p + 4) = c; - - return k_tm; -} - -/* - * Helper function for kssl_validate_times(). We need context->clockskew, - * but krb5_context is an opaque struct. So we try to sneek the clockskew - * out through the replay cache. If that fails just return a likely default - * (300 seconds). - */ -static krb5_deltat get_rc_clockskew(krb5_context context) -{ - krb5_rcache rc; - krb5_deltat clockskew; - - if (krb5_rc_default(context, &rc)) - return KSSL_CLOCKSKEW; - if (krb5_rc_initialize(context, rc, 0)) - return KSSL_CLOCKSKEW; - if (krb5_rc_get_lifespan(context, rc, &clockskew)) { - clockskew = KSSL_CLOCKSKEW; - } - (void)krb5_rc_destroy(context, rc); - return clockskew; -} - -/* - * kssl_validate_times() combines (and more importantly exposes) the MIT KRB5 - * internal function krb5_validate_times() and the in_clock_skew() macro. - * The authenticator client time is checked to be within clockskew secs of - * the current time and the current time is checked to be within the ticket - * start and expire times. Either check may be omitted by supplying a NULL - * value. Returns 0 for valid times, SSL_R_KRB5* error codes otherwise. See - * Also: (Kerberos source)/krb5/lib/krb5/krb/valid_times.c 20010420 VRS - */ -krb5_error_code kssl_validate_times(krb5_timestamp atime, - krb5_ticket_times *ttimes) -{ - krb5_deltat skew; - krb5_timestamp start, now; - krb5_error_code rc; - krb5_context context; - - if ((rc = krb5_init_context(&context))) - return SSL_R_KRB5_S_BAD_TICKET; - skew = get_rc_clockskew(context); - if ((rc = krb5_timeofday(context, &now))) - return SSL_R_KRB5_S_BAD_TICKET; - krb5_free_context(context); - - if (atime && labs(atime - now) >= skew) - return SSL_R_KRB5_S_TKT_SKEW; - - if (!ttimes) - return 0; - - start = (ttimes->starttime != 0) ? ttimes->starttime : ttimes->authtime; - if (start - now > skew) - return SSL_R_KRB5_S_TKT_NYV; - if ((now - ttimes->endtime) > skew) - return SSL_R_KRB5_S_TKT_EXPIRED; - -# ifdef KSSL_DEBUG - fprintf(stderr, "kssl_validate_times: %d |<- | %d - %d | < %d ->| %d\n", - start, atime, now, skew, ttimes->endtime); -# endif /* KSSL_DEBUG */ - - return 0; -} - -/* - * Decode and decrypt given DER-encoded authenticator, then pass - * authenticator ctime back in *atimep (or 0 if time unavailable). Returns - * krb5_error_code and kssl_err on error. A NULL authenticator - * (authentp->length == 0) is not considered an error. Note that - * kssl_check_authent() makes use of the KRB5 session key; you must call - * kssl_sget_tkt() to get the key before calling this routine. - */ -krb5_error_code kssl_check_authent( - /* - * IN - */ KSSL_CTX *kssl_ctx, - /* - * IN - */ krb5_data *authentp, - /* - * OUT - */ krb5_timestamp *atimep, - /* - * OUT - */ KSSL_ERR *kssl_err) -{ - krb5_error_code krb5rc = 0; - KRB5_ENCDATA *dec_authent = NULL; - KRB5_AUTHENTBODY *auth = NULL; - krb5_enctype enctype; - EVP_CIPHER_CTX ciph_ctx; - const EVP_CIPHER *enc = NULL; - unsigned char iv[EVP_MAX_IV_LENGTH]; - const unsigned char *p; - unsigned char *unenc_authent; - int outl, unencbufsize; - struct tm tm_time, *tm_l, *tm_g; - time_t now, tl, tg, tr, tz_offset; - - EVP_CIPHER_CTX_init(&ciph_ctx); - *atimep = 0; - kssl_err_set(kssl_err, 0, ""); - -# ifndef KRB5CHECKAUTH - authentp = NULL; -# else -# if KRB5CHECKAUTH == 0 - authentp = NULL; -# endif -# endif /* KRB5CHECKAUTH */ - - if (authentp == NULL || authentp->length == 0) - return 0; - -# ifdef KSSL_DEBUG - { - unsigned int ui; - fprintf(stderr, "kssl_check_authent: authenticator[%d]:\n", - authentp->length); - p = authentp->data; - for (ui = 0; ui < authentp->length; ui++) - fprintf(stderr, "%02x ", p[ui]); - fprintf(stderr, "\n"); - } -# endif /* KSSL_DEBUG */ - - unencbufsize = 2 * authentp->length; - if ((unenc_authent = calloc(1, unencbufsize)) == NULL) { - kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, - "Unable to allocate authenticator buffer.\n"); - krb5rc = KRB5KRB_ERR_GENERIC; - goto err; - } - - p = (unsigned char *)authentp->data; - if ((dec_authent = d2i_KRB5_ENCDATA(NULL, &p, - (long)authentp->length)) == NULL) { - kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, - "Error decoding authenticator.\n"); - krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY; - goto err; - } - - enctype = dec_authent->etype->data[0]; /* should = kssl_ctx->enctype */ -# if !defined(KRB5_MIT_OLD11) - switch (enctype) { - case ENCTYPE_DES3_CBC_SHA1: /* EVP_des_ede3_cbc(); */ - case ENCTYPE_DES3_CBC_SHA: - case ENCTYPE_DES3_CBC_RAW: - krb5rc = 0; /* Skip, can't handle derived keys */ - goto err; - } -# endif - enc = kssl_map_enc(enctype); - memset(iv, 0, sizeof(iv)); /* per RFC 1510 */ - - if (enc == NULL) { - /* - * Disable kssl_check_authent for ENCTYPE_DES3_CBC_SHA1. This - * enctype indicates the authenticator was encrypted using key-usage - * derived keys which openssl cannot decrypt. - */ - goto err; - } - - if (!EVP_CipherInit(&ciph_ctx, enc, kssl_ctx->key, iv, 0)) { - kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, - "EVP_CipherInit error decrypting authenticator.\n"); - krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY; - goto err; - } - outl = dec_authent->cipher->length; - if (!EVP_Cipher - (&ciph_ctx, unenc_authent, dec_authent->cipher->data, outl)) { - kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, - "EVP_Cipher error decrypting authenticator.\n"); - krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY; - goto err; - } - EVP_CIPHER_CTX_cleanup(&ciph_ctx); - -# ifdef KSSL_DEBUG - { - int padl; - fprintf(stderr, "kssl_check_authent: decrypted authenticator[%d] =\n", - outl); - for (padl = 0; padl < outl; padl++) - fprintf(stderr, "%02x ", unenc_authent[padl]); - fprintf(stderr, "\n"); - } -# endif /* KSSL_DEBUG */ - - if ((p = kssl_skip_confound(enctype, unenc_authent)) == NULL) { - kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, - "confounded by authenticator.\n"); - krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY; - goto err; - } - outl -= p - unenc_authent; - - if ((auth = (KRB5_AUTHENTBODY *)d2i_KRB5_AUTHENT(NULL, &p, - (long)outl)) == NULL) { - kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, - "Error decoding authenticator body.\n"); - krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY; - goto err; - } - - memset(&tm_time, 0, sizeof(tm_tmime)); - if (k_gmtime(auth->ctime, &tm_time) && - ((tr = mktime(&tm_time)) != (time_t)(-1))) { - now = time(&now); - tm_l = localtime(&now); - tl = mktime(tm_l); - tm_g = gmtime(&now); - tg = mktime(tm_g); - tz_offset = tg - tl; - - *atimep = (krb5_timestamp)(tr - tz_offset); - } -# ifdef KSSL_DEBUG - fprintf(stderr, "kssl_check_authent: returns %d for client time ", - *atimep); - if (auth->ctime && auth->ctime->length && auth->ctime->data) - fprintf(stderr, "%.*s\n", auth->ctime->length, auth->ctime->data); - else - fprintf(stderr, "NULL\n"); -# endif /* KSSL_DEBUG */ - - err: - if (auth) - KRB5_AUTHENT_free((KRB5_AUTHENT *) auth); - if (dec_authent) - KRB5_ENCDATA_free(dec_authent); - if (unenc_authent) - free(unenc_authent); - EVP_CIPHER_CTX_cleanup(&ciph_ctx); - return krb5rc; -} - -/* - * Replaces krb5_build_principal_ext(), with varargs length == 2 (svc, host), - * because I don't know how to stub varargs. Returns krb5_error_code == - * ENOMEM on alloc error, otherwise passes back newly constructed principal, - * which should be freed by caller. - */ -krb5_error_code kssl_build_principal_2( - /* - * UPDATE - */ krb5_context context, - /* - * OUT - */ krb5_principal *princ, - /* - * IN - */ int rlen, const char *realm, - /* - * IN - */ int slen, const char *svc, - /* - * IN - */ int hlen, const char *host) -{ - krb5_data *p_data = NULL; - krb5_principal new_p = NULL; - char *new_r = NULL; - - if ((p_data = (krb5_data *)calloc(2, sizeof(krb5_data))) == NULL || - (new_p = (krb5_principal)calloc(1, sizeof(krb5_principal_data))) - == NULL) - goto err; - new_p->length = 2; - new_p->data = p_data; - - if ((new_r = calloc(1, rlen + 1)) == NULL) - goto err; - memcpy(new_r, realm, rlen); - krb5_princ_set_realm_length(context, new_p, rlen); - krb5_princ_set_realm_data(context, new_p, new_r); - - if ((new_p->data[0].data = calloc(1, slen + 1)) == NULL) - goto err; - memcpy(new_p->data[0].data, svc, slen); - new_p->data[0].length = slen; - - if ((new_p->data[1].data = calloc(1, hlen + 1)) == NULL) - goto err; - memcpy(new_p->data[1].data, host, hlen); - new_p->data[1].length = hlen; - - krb5_princ_type(context, new_p) = KRB5_NT_UNKNOWN; - *princ = new_p; - return 0; - - err: - if (new_p && new_p[0].data) - free(new_p[0].data); - if (new_p && new_p[1].data) - free(new_p[1].data); - if (new_p) - free(new_p); - if (new_r) - free(new_r); - return ENOMEM; -} - -void SSL_set0_kssl_ctx(SSL *s, KSSL_CTX *kctx) -{ - s->kssl_ctx = kctx; -} - -KSSL_CTX *SSL_get0_kssl_ctx(SSL *s) -{ - return s->kssl_ctx; -} - -char *kssl_ctx_get0_client_princ(KSSL_CTX *kctx) -{ - if (kctx) - return kctx->client_princ; - return NULL; -} - -#else /* !OPENSSL_NO_KRB5 */ - -# if defined(PEDANTIC) || defined(OPENSSL_SYS_VMS) -static void *dummy = &dummy; -# endif - -#endif /* !OPENSSL_NO_KRB5 */ diff --git a/ssl/kssl_lcl.h b/ssl/kssl_lcl.h deleted file mode 100644 index 46dcef22d1..0000000000 --- a/ssl/kssl_lcl.h +++ /dev/null @@ -1,88 +0,0 @@ -/* ssl/kssl.h -*- mode: C; c-file-style: "eay" -*- */ -/* - * Written by Vern Staats for the OpenSSL project - * 2000. project 2000. - */ -/* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#ifndef KSSL_LCL_H -# define KSSL_LCL_H - -# include - -# ifndef OPENSSL_NO_KRB5 - -#ifdef __cplusplus -extern "C" { -#endif - -/* Private (internal to OpenSSL) */ -void print_krb5_data(char *label, krb5_data *kdata); -void print_krb5_authdata(char *label, krb5_authdata **adata); -void print_krb5_keyblock(char *label, krb5_keyblock *keyblk); - -char *kstring(char *string); -char *knumber(int len, krb5_octet *contents); - -const EVP_CIPHER *kssl_map_enc(krb5_enctype enctype); - -int kssl_keytab_is_available(KSSL_CTX *kssl_ctx); -int kssl_tgt_is_available(KSSL_CTX *kssl_ctx); - -#ifdef __cplusplus -} -#endif -# endif /* OPENSSL_NO_KRB5 */ -#endif /* KSSL_LCL_H */ diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index 1e6f88ea1e..db6d4e792b 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -644,10 +644,6 @@ int tls1_enc(SSL *s, int send) enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx); } -#ifdef KSSL_DEBUG - fprintf(stderr, "tls1_enc(%d)\n", send); -#endif /* KSSL_DEBUG */ - if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) { memmove(rec->data, rec->input, rec->length); rec->input = rec->data; @@ -707,26 +703,6 @@ int tls1_enc(SSL *s, int send) l += i; rec->length += i; } -#ifdef KSSL_DEBUG - { - unsigned long ui; - fprintf(stderr, - "EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n", - ds, rec->data, rec->input, l); - fprintf(stderr, - "\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%lu %lu], %d iv_len\n", - ds->buf_len, ds->cipher->key_len, DES_KEY_SZ, - DES_SCHEDULE_SZ, ds->cipher->iv_len); - fprintf(stderr, "\t\tIV: "); - for (i = 0; i < ds->cipher->iv_len; i++) - fprintf(stderr, "%02X", ds->iv[i]); - fprintf(stderr, "\n"); - fprintf(stderr, "\trec->input="); - for (ui = 0; ui < l; ui++) - fprintf(stderr, " %02x", rec->input[ui]); - fprintf(stderr, "\n"); - } -#endif /* KSSL_DEBUG */ if (!send) { if (l == 0 || l % bs != 0) @@ -743,15 +719,6 @@ int tls1_enc(SSL *s, int send) rec->input += EVP_GCM_TLS_EXPLICIT_IV_LEN; rec->length -= EVP_GCM_TLS_EXPLICIT_IV_LEN; } -#ifdef KSSL_DEBUG - { - unsigned long i; - fprintf(stderr, "\trec->data="); - for (i = 0; i < l; i++) - fprintf(stderr, " %02x", rec->data[i]); - fprintf(stderr, "\n"); - } -#endif /* KSSL_DEBUG */ ret = 1; if (!SSL_USE_ETM(s) && EVP_MD_CTX_md(s->read_hash) != NULL) diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 85a3ef64cd..2228654f8e 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -150,7 +150,6 @@ #include #include "ssl_locl.h" -#include "kssl_lcl.h" #include #include #include @@ -1161,7 +1160,7 @@ int ssl3_get_server_hello(SSL *s) int ssl3_get_server_certificate(SSL *s) { - int al, i, ok, ret = -1; + int al, i, ok, ret = -1, exp_idx; unsigned long n, nc, llen, l; X509 *x = NULL; const unsigned char *q, *p; @@ -1169,8 +1168,6 @@ int ssl3_get_server_certificate(SSL *s) STACK_OF(X509) *sk = NULL; SESS_CERT *sc; EVP_PKEY *pkey = NULL; - int need_cert = 1; /* VRS: 0=> will allow null cert if auth == - * KRB5 */ n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_A, @@ -1180,9 +1177,7 @@ int ssl3_get_server_certificate(SSL *s) if (!ok) return ((int)n); - if ((s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) || - ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5) && - (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE))) { + if (s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) { s->s3->tmp.reuse_message = 1; return (1); } @@ -1237,12 +1232,7 @@ int ssl3_get_server_certificate(SSL *s) } i = ssl_verify_cert_chain(s, sk); - if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0) -#ifndef OPENSSL_NO_KRB5 - && !((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5) && - (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5)) -#endif /* OPENSSL_NO_KRB5 */ - ) { + if (s->verify_mode != SSL_VERIFY_NONE && i <= 0) { al = ssl_verify_alarm_type(s->verify_result); SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, SSL_R_CERTIFICATE_VERIFY_FAILED); @@ -1275,21 +1265,7 @@ int ssl3_get_server_certificate(SSL *s) pkey = X509_get_pubkey(x); - /* VRS: allow null cert if auth == KRB5 */ - need_cert = ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5) && - (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5)) - ? 0 : 1; - -#ifdef KSSL_DEBUG - fprintf(stderr, "pkey,x = %p, %p\n", pkey, x); - fprintf(stderr, "ssl_cert_type(x,pkey) = %d\n", ssl_cert_type(x, pkey)); - fprintf(stderr, "cipher, alg, nc = %s, %lx, %lx, %d\n", - s->s3->tmp.new_cipher->name, - s->s3->tmp.new_cipher->algorithm_mkey, - s->s3->tmp.new_cipher->algorithm_auth, need_cert); -#endif /* KSSL_DEBUG */ - - if (need_cert && ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey))) { + if (pkey == NULL || EVP_PKEY_missing_parameters(pkey)) { x = NULL; al = SSL3_AL_FATAL; SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, @@ -1298,7 +1274,7 @@ int ssl3_get_server_certificate(SSL *s) } i = ssl_cert_type(x, pkey); - if (need_cert && i < 0) { + if (i < 0) { x = NULL; al = SSL3_AL_FATAL; SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, @@ -1306,35 +1282,27 @@ int ssl3_get_server_certificate(SSL *s) goto f_err; } - if (need_cert) { - int exp_idx = ssl_cipher_get_cert_index(s->s3->tmp.new_cipher); - if (exp_idx >= 0 && i != exp_idx) { - x = NULL; - al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, - SSL_R_WRONG_CERTIFICATE_TYPE); - goto f_err; - } - sc->peer_cert_type = i; - CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); - /* - * Why would the following ever happen? We just created sc a couple - * of lines ago. - */ - X509_free(sc->peer_pkeys[i].x509); - sc->peer_pkeys[i].x509 = x; - sc->peer_key = &(sc->peer_pkeys[i]); - - X509_free(s->session->peer); - CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); - s->session->peer = x; - } else { - sc->peer_cert_type = i; - sc->peer_key = NULL; - - X509_free(s->session->peer); - s->session->peer = NULL; + exp_idx = ssl_cipher_get_cert_index(s->s3->tmp.new_cipher); + if (exp_idx >= 0 && i != exp_idx) { + x = NULL; + al = SSL_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, + SSL_R_WRONG_CERTIFICATE_TYPE); + goto f_err; } + sc->peer_cert_type = i; + CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); + /* + * Why would the following ever happen? We just created sc a couple + * of lines ago. + */ + X509_free(sc->peer_pkeys[i].x509); + sc->peer_pkeys[i].x509 = x; + sc->peer_key = &(sc->peer_pkeys[i]); + + X509_free(s->session->peer); + CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); + s->session->peer = x; s->session->verify_result = s->verify_result; x = NULL; @@ -2328,9 +2296,6 @@ int ssl3_send_client_key_exchange(SSL *s) unsigned char *q; EVP_PKEY *pkey = NULL; #endif -#ifndef OPENSSL_NO_KRB5 - KSSL_ERR kssl_err; -#endif /* OPENSSL_NO_KRB5 */ #ifndef OPENSSL_NO_EC EC_KEY *clnt_ecdh = NULL; const EC_POINT *srvr_ecpoint = NULL; @@ -2413,131 +2378,6 @@ int ssl3_send_client_key_exchange(SSL *s) } } #endif -#ifndef OPENSSL_NO_KRB5 - else if (alg_k & SSL_kKRB5) { - krb5_error_code krb5rc; - KSSL_CTX *kssl_ctx = s->kssl_ctx; - /* krb5_data krb5_ap_req; */ - krb5_data *enc_ticket; - krb5_data authenticator, *authp = NULL; - EVP_CIPHER_CTX ciph_ctx; - const EVP_CIPHER *enc = NULL; - unsigned char iv[EVP_MAX_IV_LENGTH]; - unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; - unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH + EVP_MAX_IV_LENGTH]; - int padl, outl = sizeof(epms); - - EVP_CIPHER_CTX_init(&ciph_ctx); - -# ifdef KSSL_DEBUG - fprintf(stderr, "ssl3_send_client_key_exchange(%lx & %lx)\n", - alg_k, SSL_kKRB5); -# endif /* KSSL_DEBUG */ - - authp = NULL; -# ifdef KRB5SENDAUTH - if (KRB5SENDAUTH) - authp = &authenticator; -# endif /* KRB5SENDAUTH */ - - krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp, &kssl_err); - enc = kssl_map_enc(kssl_ctx->enctype); - if (enc == NULL) - goto err; -# ifdef KSSL_DEBUG - { - fprintf(stderr, "kssl_cget_tkt rtn %d\n", krb5rc); - if (krb5rc && kssl_err.text) - fprintf(stderr, "kssl_cget_tkt kssl_err=%s\n", - kssl_err.text); - } -# endif /* KSSL_DEBUG */ - - if (krb5rc) { - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, kssl_err.reason); - goto err; - } - - /*- - * 20010406 VRS - Earlier versions used KRB5 AP_REQ - * in place of RFC 2712 KerberosWrapper, as in: - * - * Send ticket (copy to *p, set n = length) - * n = krb5_ap_req.length; - * memcpy(p, krb5_ap_req.data, krb5_ap_req.length); - * if (krb5_ap_req.data) - * kssl_krb5_free_data_contents(NULL,&krb5_ap_req); - * - * Now using real RFC 2712 KerberosWrapper - * (Thanks to Simon Wilkinson ) - * Note: 2712 "opaque" types are here replaced - * with a 2-byte length followed by the value. - * Example: - * KerberosWrapper= xx xx asn1ticket 0 0 xx xx encpms - * Where "xx xx" = length bytes. Shown here with - * optional authenticator omitted. - */ - - /* KerberosWrapper.Ticket */ - s2n(enc_ticket->length, p); - memcpy(p, enc_ticket->data, enc_ticket->length); - p += enc_ticket->length; - n = enc_ticket->length + 2; - - /* KerberosWrapper.Authenticator */ - if (authp && authp->length) { - s2n(authp->length, p); - memcpy(p, authp->data, authp->length); - p += authp->length; - n += authp->length + 2; - - free(authp->data); - authp->data = NULL; - authp->length = 0; - } else { - s2n(0, p); /* null authenticator length */ - n += 2; - } - - pmslen = SSL_MAX_MASTER_KEY_LENGTH; - pms = OPENSSL_malloc(pmslen); - if (!pms) - goto memerr; - - pms[0] = s->client_version >> 8; - pms[1] = s->client_version & 0xff; - if (RAND_bytes(pms + 2, pmslen - 2) <= 0) - goto err; - - /*- - * 20010420 VRS. Tried it this way; failed. - * EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL); - * EVP_CIPHER_CTX_set_key_length(&ciph_ctx, - * kssl_ctx->length); - * EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv); - */ - - memset(iv, 0, sizeof(iv)); /* per RFC 1510 */ - EVP_EncryptInit_ex(&ciph_ctx, enc, NULL, kssl_ctx->key, iv); - EVP_EncryptUpdate(&ciph_ctx, epms, &outl, pms, pmslen); - EVP_EncryptFinal_ex(&ciph_ctx, &(epms[outl]), &padl); - outl += padl; - if (outl > (int)sizeof epms) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, - ERR_R_INTERNAL_ERROR); - goto err; - } - EVP_CIPHER_CTX_cleanup(&ciph_ctx); - - /* KerberosWrapper.EncryptedPreMasterSecret */ - s2n(outl, p); - memcpy(p, epms, outl); - p += outl; - n += outl + 2; - OPENSSL_cleanse(epms, outl); - } -#endif #ifndef OPENSSL_NO_DH else if (alg_k & (SSL_kDHE | SSL_kDHr | SSL_kDHd)) { DH *dh_srvr, *dh_clnt; @@ -3394,7 +3234,7 @@ int ssl3_check_cert_and_algorithm(SSL *s) alg_a = s->s3->tmp.new_cipher->algorithm_auth; /* we don't have a certificate */ - if ((alg_a & (SSL_aNULL | SSL_aKRB5)) || (alg_k & SSL_kPSK)) + if ((alg_a & SSL_aNULL) || (alg_k & SSL_kPSK)) return (1); sc = s->session->sess_cert; diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 7e9faf4ab1..e7f1898e81 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -151,7 +151,6 @@ #include #include #include "ssl_locl.h" -#include "kssl_lcl.h" #include #ifndef OPENSSL_NO_DH # include @@ -601,233 +600,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { 168, }, -#ifndef OPENSSL_NO_KRB5 -/* The Kerberos ciphers*/ -/* Cipher 1E */ - { - 1, - SSL3_TXT_KRB5_DES_64_CBC_SHA, - SSL3_CK_KRB5_DES_64_CBC_SHA, - SSL_kKRB5, - SSL_aKRB5, - SSL_DES, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP | SSL_LOW, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 56, - 56, - }, - -/* Cipher 1F */ - { - 1, - SSL3_TXT_KRB5_DES_192_CBC3_SHA, - SSL3_CK_KRB5_DES_192_CBC3_SHA, - SSL_kKRB5, - SSL_aKRB5, - SSL_3DES, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 112, - 168, - }, - -/* Cipher 20 */ - { - 1, - SSL3_TXT_KRB5_RC4_128_SHA, - SSL3_CK_KRB5_RC4_128_SHA, - SSL_kKRB5, - SSL_aKRB5, - SSL_RC4, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - -/* Cipher 21 */ - { - 1, - SSL3_TXT_KRB5_IDEA_128_CBC_SHA, - SSL3_CK_KRB5_IDEA_128_CBC_SHA, - SSL_kKRB5, - SSL_aKRB5, - SSL_IDEA, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - -/* Cipher 22 */ - { - 1, - SSL3_TXT_KRB5_DES_64_CBC_MD5, - SSL3_CK_KRB5_DES_64_CBC_MD5, - SSL_kKRB5, - SSL_aKRB5, - SSL_DES, - SSL_MD5, - SSL_SSLV3, - SSL_NOT_EXP | SSL_LOW, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 56, - 56, - }, - -/* Cipher 23 */ - { - 1, - SSL3_TXT_KRB5_DES_192_CBC3_MD5, - SSL3_CK_KRB5_DES_192_CBC3_MD5, - SSL_kKRB5, - SSL_aKRB5, - SSL_3DES, - SSL_MD5, - SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 112, - 168, - }, - -/* Cipher 24 */ - { - 1, - SSL3_TXT_KRB5_RC4_128_MD5, - SSL3_CK_KRB5_RC4_128_MD5, - SSL_kKRB5, - SSL_aKRB5, - SSL_RC4, - SSL_MD5, - SSL_SSLV3, - SSL_NOT_EXP | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - -/* Cipher 25 */ - { - 1, - SSL3_TXT_KRB5_IDEA_128_CBC_MD5, - SSL3_CK_KRB5_IDEA_128_CBC_MD5, - SSL_kKRB5, - SSL_aKRB5, - SSL_IDEA, - SSL_MD5, - SSL_SSLV3, - SSL_NOT_EXP | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - -/* Cipher 26 */ - { - 1, - SSL3_TXT_KRB5_DES_40_CBC_SHA, - SSL3_CK_KRB5_DES_40_CBC_SHA, - SSL_kKRB5, - SSL_aKRB5, - SSL_DES, - SSL_SHA1, - SSL_SSLV3, - SSL_EXPORT | SSL_EXP40, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 40, - 56, - }, - -/* Cipher 27 */ - { - 1, - SSL3_TXT_KRB5_RC2_40_CBC_SHA, - SSL3_CK_KRB5_RC2_40_CBC_SHA, - SSL_kKRB5, - SSL_aKRB5, - SSL_RC2, - SSL_SHA1, - SSL_SSLV3, - SSL_EXPORT | SSL_EXP40, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 40, - 128, - }, - -/* Cipher 28 */ - { - 1, - SSL3_TXT_KRB5_RC4_40_SHA, - SSL3_CK_KRB5_RC4_40_SHA, - SSL_kKRB5, - SSL_aKRB5, - SSL_RC4, - SSL_SHA1, - SSL_SSLV3, - SSL_EXPORT | SSL_EXP40, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 40, - 128, - }, - -/* Cipher 29 */ - { - 1, - SSL3_TXT_KRB5_DES_40_CBC_MD5, - SSL3_CK_KRB5_DES_40_CBC_MD5, - SSL_kKRB5, - SSL_aKRB5, - SSL_DES, - SSL_MD5, - SSL_SSLV3, - SSL_EXPORT | SSL_EXP40, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 40, - 56, - }, - -/* Cipher 2A */ - { - 1, - SSL3_TXT_KRB5_RC2_40_CBC_MD5, - SSL3_CK_KRB5_RC2_40_CBC_MD5, - SSL_kKRB5, - SSL_aKRB5, - SSL_RC2, - SSL_MD5, - SSL_SSLV3, - SSL_EXPORT | SSL_EXP40, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 40, - 128, - }, - -/* Cipher 2B */ - { - 1, - SSL3_TXT_KRB5_RC4_40_MD5, - SSL3_CK_KRB5_RC4_40_MD5, - SSL_kKRB5, - SSL_aKRB5, - SSL_RC4, - SSL_MD5, - SSL_SSLV3, - SSL_EXPORT | SSL_EXP40, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 40, - 128, - }, -#endif /* OPENSSL_NO_KRB5 */ - /* New AES ciphersuites */ /* Cipher 2F */ { @@ -4124,22 +3896,9 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, } #endif -#ifdef KSSL_DEBUG - /* - * fprintf(stderr,"ssl3_choose_cipher %d alg= %lx\n", - * i,c->algorithms); - */ -#endif /* KSSL_DEBUG */ - alg_k = c->algorithm_mkey; alg_a = c->algorithm_auth; -#ifndef OPENSSL_NO_KRB5 - if (alg_k & SSL_kKRB5) { - if (!kssl_keytab_is_available(s->kssl_ctx)) - continue; - } -#endif /* OPENSSL_NO_KRB5 */ #ifndef OPENSSL_NO_PSK /* with PSK there must be server callback set */ if ((alg_k & SSL_kPSK) && s->psk_server_callback == NULL) diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 80d04c9597..04dbb7a735 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -151,7 +151,6 @@ #include #include "ssl_locl.h" -#include "kssl_lcl.h" #include "../crypto/constant_time_locl.h" #include #include @@ -163,9 +162,6 @@ # include #endif #include -#ifndef OPENSSL_NO_KRB5 -# include -#endif #include #ifndef OPENSSL_NO_SSL3_METHOD @@ -421,11 +417,10 @@ int ssl3_accept(SSL *s) case SSL3_ST_SW_CERT_A: case SSL3_ST_SW_CERT_B: /* Check if it is anon DH or anon ECDH, */ - /* normal PSK or KRB5 or SRP */ + /* normal PSK or SRP */ if (! (s->s3->tmp. - new_cipher->algorithm_auth & (SSL_aNULL | SSL_aKRB5 | - SSL_aSRP)) + new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP)) && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) { ret = ssl3_send_server_certificate(s); if (ret <= 0) @@ -516,16 +511,12 @@ int ssl3_accept(SSL *s) * RFC 2246): */ ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) && - /* - * ... except when the application insists on - * verification (against the specs, but s3_clnt.c accepts - * this for SSL 3) - */ - !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) || /* - * never request cert in Kerberos ciphersuites + * ... except when the application insists on + * verification (against the specs, but s3_clnt.c accepts + * this for SSL 3) */ - (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5) || + !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) || /* don't request certificate for SRP auth */ (s->s3->tmp.new_cipher->algorithm_auth & SSL_aSRP) /* @@ -2123,9 +2114,6 @@ int ssl3_get_client_key_exchange(SSL *s) BIGNUM *pub = NULL; DH *dh_srvr, *dh_clnt = NULL; #endif -#ifndef OPENSSL_NO_KRB5 - KSSL_ERR kssl_err; -#endif /* OPENSSL_NO_KRB5 */ #ifndef OPENSSL_NO_EC EC_KEY *srvr_ecdh = NULL; @@ -2391,189 +2379,6 @@ int ssl3_get_client_key_exchange(SSL *s) return 2; } else #endif -#ifndef OPENSSL_NO_KRB5 - if (alg_k & SSL_kKRB5) { - krb5_error_code krb5rc; - krb5_data enc_ticket; - krb5_data authenticator; - krb5_data enc_pms; - KSSL_CTX *kssl_ctx = s->kssl_ctx; - EVP_CIPHER_CTX ciph_ctx; - const EVP_CIPHER *enc = NULL; - unsigned char iv[EVP_MAX_IV_LENGTH]; - unsigned char pms[SSL_MAX_MASTER_KEY_LENGTH + EVP_MAX_BLOCK_LENGTH]; - int padl, outl; - krb5_timestamp authtime = 0; - krb5_ticket_times ttimes; - - EVP_CIPHER_CTX_init(&ciph_ctx); - - if (!kssl_ctx) - kssl_ctx = kssl_ctx_new(); - - n2s(p, i); - enc_ticket.length = i; - - if (n < (long)(enc_ticket.length + 6)) { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_R_DATA_LENGTH_TOO_LONG); - goto err; - } - - enc_ticket.data = (char *)p; - p += enc_ticket.length; - - n2s(p, i); - authenticator.length = i; - - if (n < (long)(enc_ticket.length + authenticator.length + 6)) { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_R_DATA_LENGTH_TOO_LONG); - goto err; - } - - authenticator.data = (char *)p; - p += authenticator.length; - - n2s(p, i); - enc_pms.length = i; - enc_pms.data = (char *)p; - p += enc_pms.length; - - /* - * Note that the length is checked again below, ** after decryption - */ - if (enc_pms.length > sizeof pms) { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_R_DATA_LENGTH_TOO_LONG); - goto err; - } - - if (n != (long)(enc_ticket.length + authenticator.length + - enc_pms.length + 6)) { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_R_DATA_LENGTH_TOO_LONG); - goto err; - } - - if ((krb5rc = kssl_sget_tkt(kssl_ctx, &enc_ticket, &ttimes, - &kssl_err)) != 0) { -# ifdef KSSL_DEBUG - fprintf(stderr, "kssl_sget_tkt rtn %d [%d]\n", - krb5rc, kssl_err.reason); - if (kssl_err.text) - fprintf(stderr, "kssl_err text= %s\n", kssl_err.text); -# endif /* KSSL_DEBUG */ - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, kssl_err.reason); - goto err; - } - - /* - * Note: no authenticator is not considered an error, ** but will - * return authtime == 0. - */ - if ((krb5rc = kssl_check_authent(kssl_ctx, &authenticator, - &authtime, &kssl_err)) != 0) { -# ifdef KSSL_DEBUG - fprintf(stderr, "kssl_check_authent rtn %d [%d]\n", - krb5rc, kssl_err.reason); - if (kssl_err.text) - fprintf(stderr, "kssl_err text= %s\n", kssl_err.text); -# endif /* KSSL_DEBUG */ - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, kssl_err.reason); - goto err; - } - - if ((krb5rc = kssl_validate_times(authtime, &ttimes)) != 0) { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, krb5rc); - goto err; - } -# ifdef KSSL_DEBUG - kssl_ctx_show(kssl_ctx); -# endif /* KSSL_DEBUG */ - - enc = kssl_map_enc(kssl_ctx->enctype); - if (enc == NULL) - goto err; - - memset(iv, 0, sizeof(iv)); /* per RFC 1510 */ - - if (!EVP_DecryptInit_ex(&ciph_ctx, enc, NULL, kssl_ctx->key, iv)) { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_R_DECRYPTION_FAILED); - goto err; - } - if (!EVP_DecryptUpdate(&ciph_ctx, pms, &outl, - (unsigned char *)enc_pms.data, enc_pms.length)) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_R_DECRYPTION_FAILED); - goto err; - } - if (outl > SSL_MAX_MASTER_KEY_LENGTH) { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_R_DATA_LENGTH_TOO_LONG); - goto err; - } - if (!EVP_DecryptFinal_ex(&ciph_ctx, &(pms[outl]), &padl)) { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_R_DECRYPTION_FAILED); - goto err; - } - outl += padl; - if (outl > SSL_MAX_MASTER_KEY_LENGTH) { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_R_DATA_LENGTH_TOO_LONG); - goto err; - } - if (!((pms[0] == (s->client_version >> 8)) - && (pms[1] == (s->client_version & 0xff)))) { - /* - * The premaster secret must contain the same version number as - * the ClientHello to detect version rollback attacks (strangely, - * the protocol does not offer such protection for DH - * ciphersuites). However, buggy clients exist that send random - * bytes instead of the protocol version. If - * SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients. - * (Perhaps we should have a separate BUG value for the Kerberos - * cipher) - */ - if (!(s->options & SSL_OP_TLS_ROLLBACK_BUG)) { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_AD_DECODE_ERROR); - goto err; - } - } - - EVP_CIPHER_CTX_cleanup(&ciph_ctx); - - s->session->master_key_length = - s->method->ssl3_enc->generate_master_secret(s, - s-> - session->master_key, - pms, outl); - if (s->session->master_key_length < 0) { - al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); - goto f_err; - } - - if (kssl_ctx->client_princ) { - size_t len = strlen(kssl_ctx->client_princ); - if (len < SSL_MAX_KRB5_PRINCIPAL_LENGTH) { - s->session->krb5_client_princ_len = len; - memcpy(s->session->krb5_client_princ, kssl_ctx->client_princ, - len); - } - } - - /*- Was doing kssl_ctx_free() here, - * but it caused problems for apache. - * kssl_ctx = kssl_ctx_free(kssl_ctx); - * if (s->kssl_ctx) s->kssl_ctx = NULL; - */ - } else -#endif /* OPENSSL_NO_KRB5 */ #ifndef OPENSSL_NO_EC if (alg_k & (SSL_kECDHE | SSL_kECDHr | SSL_kECDHe)) { @@ -3303,14 +3108,9 @@ int ssl3_send_server_certificate(SSL *s) if (s->state == SSL3_ST_SW_CERT_A) { cpk = ssl_get_server_send_pkey(s); if (cpk == NULL) { - /* VRS: allow null cert if auth == KRB5 */ - if ((s->s3->tmp.new_cipher->algorithm_auth != SSL_aKRB5) || - (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5)) { - SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE, - ERR_R_INTERNAL_ERROR); - s->state = SSL_ST_ERR; - return (0); - } + SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE, ERR_R_INTERNAL_ERROR); + s->state = SSL_ST_ERR; + return (0); } if (!ssl3_output_cert_chain(s, cpk)) { diff --git a/ssl/ssl-lib.com b/ssl/ssl-lib.com index 0df80f03c5..9a20b547bd 100644 --- a/ssl/ssl-lib.com +++ b/ssl/ssl-lib.com @@ -215,7 +215,7 @@ $ LIB_SSL = "s3_meth, s3_srvr, s3_clnt, s3_lib, s3_enc,s3_pkt,s3_both,s3_cbc,"+ "ssl_lib,ssl_err2,ssl_cert,ssl_sess,"+ - "ssl_ciph,ssl_stat,ssl_rsa,"+ - "ssl_asn1,ssl_txt,ssl_algs,ssl_conf,"+ - - "bio_ssl,ssl_err,kssl,t1_reneg,tls_srp,t1_trce,ssl_utst" + "bio_ssl,ssl_err,t1_reneg,tls_srp,t1_trce,ssl_utst" $! $! Tell The User That We Are Compiling The Library. $! diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c index 3e849175ea..51cc72af27 100644 --- a/ssl/ssl_asn1.c +++ b/ssl/ssl_asn1.c @@ -95,9 +95,6 @@ typedef struct { ASN1_OCTET_STRING *comp_id; ASN1_OCTET_STRING *master_key; ASN1_OCTET_STRING *session_id; -#ifndef OPENSSL_NO_KRB5 - ASN1_OCTET_STRING *krb5_princ; -#endif ASN1_OCTET_STRING *key_arg; long time; long timeout; @@ -125,9 +122,6 @@ ASN1_SEQUENCE(SSL_SESSION_ASN1) = { ASN1_SIMPLE(SSL_SESSION_ASN1, cipher, ASN1_OCTET_STRING), ASN1_SIMPLE(SSL_SESSION_ASN1, session_id, ASN1_OCTET_STRING), ASN1_SIMPLE(SSL_SESSION_ASN1, master_key, ASN1_OCTET_STRING), -#ifndef OPENSSL_NO_KRB5 - ASN1_OPT(SSL_SESSION_ASN1, krb5_princ, ASN1_OCTET_STRING), -#endif ASN1_IMP_OPT(SSL_SESSION_ASN1, key_arg, ASN1_OCTET_STRING, 0), ASN1_EXP_OPT(SSL_SESSION_ASN1, time, ZLONG, 1), ASN1_EXP_OPT(SSL_SESSION_ASN1, timeout, ZLONG, 2), @@ -195,10 +189,6 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) ASN1_OCTET_STRING tlsext_hostname, tlsext_tick; #endif -#ifndef OPENSSL_NO_KRB5 - ASN1_OCTET_STRING krb5_princ; -#endif - #ifndef OPENSSL_NO_SRP ASN1_OCTET_STRING srp_username; #endif @@ -241,12 +231,6 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) ssl_session_oinit(&as.session_id_context, &sid_ctx, in->sid_ctx, in->sid_ctx_length); -#ifndef OPENSSL_NO_KRB5 - if (in->krb5_client_princ_len) { - ssl_session_oinit(&as.krb5_princ, &krb5_princ, - in->krb5_client_princ, in->krb5_client_princ_len); - } -#endif /* OPENSSL_NO_KRB5 */ as.time = in->time; as.timeout = in->timeout; @@ -368,12 +352,6 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, ret->master_key_length = tmpl; -#ifndef OPENSSL_NO_KRB5 - if (!ssl_session_memcpy(ret->krb5_client_princ, &ret->krb5_client_princ_len, - as->krb5_princ, SSL_MAX_KRB5_PRINCIPAL_LENGTH)) - goto err; -#endif /* OPENSSL_NO_KRB5 */ - if (as->time != 0) ret->time = as->time; else diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index ddedf5cef9..39b5a71094 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -305,8 +305,6 @@ static const SSL_CIPHER cipher_aliases[] = { {0, SSL_TXT_DH, 0, SSL_kDHr | SSL_kDHd | SSL_kDHE, 0, 0, 0, 0, 0, 0, 0, 0}, - {0, SSL_TXT_kKRB5, 0, SSL_kKRB5, 0, 0, 0, 0, 0, 0, 0, 0}, - {0, SSL_TXT_kECDHr, 0, SSL_kECDHr, 0, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_kECDHe, 0, SSL_kECDHe, 0, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_kECDH, 0, SSL_kECDHr | SSL_kECDHe, 0, 0, 0, 0, 0, 0, 0, 0}, @@ -323,7 +321,6 @@ static const SSL_CIPHER cipher_aliases[] = { {0, SSL_TXT_aRSA, 0, 0, SSL_aRSA, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_aDSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_DSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0}, - {0, SSL_TXT_aKRB5, 0, 0, SSL_aKRB5, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_aNULL, 0, 0, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, /* no such ciphersuites supported! */ {0, SSL_TXT_aDH, 0, 0, SSL_aDH, 0, 0, 0, 0, 0, 0, 0}, @@ -342,7 +339,6 @@ static const SSL_CIPHER cipher_aliases[] = { {0, SSL_TXT_EECDH, 0, SSL_kECDHE, ~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_ECDHE, 0, SSL_kECDHE, ~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_NULL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0}, - {0, SSL_TXT_KRB5, 0, SSL_kKRB5, SSL_aKRB5, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_RSA, 0, SSL_kRSA, SSL_aRSA, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_ADH, 0, SSL_kDHE, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_AECDH, 0, SSL_kECDHE, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, @@ -693,10 +689,6 @@ static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, *mkey |= SSL_kDHr | SSL_kDHd | SSL_kDHE; *auth |= SSL_aDH; #endif -#ifdef OPENSSL_NO_KRB5 - *mkey |= SSL_kKRB5; - *auth |= SSL_aKRB5; -#endif #ifdef OPENSSL_NO_EC *mkey |= SSL_kECDHe | SSL_kECDHr; *auth |= SSL_aECDSA | SSL_aECDH; @@ -801,10 +793,6 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, co_list[co_list_num].prev = NULL; co_list[co_list_num].active = 0; co_list_num++; -#ifdef KSSL_DEBUG - fprintf(stderr, "\t%d: %s %lx %lx %lx\n", i, c->name, c->id, - c->algorithm_mkey, c->algorithm_auth); -#endif /* KSSL_DEBUG */ /* * if (!sk_push(ca_list,(char *)c)) goto err; */ @@ -1446,10 +1434,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK * it is used for allocation. */ num_of_ciphers = ssl_method->num_ciphers(); -#ifdef KSSL_DEBUG - fprintf(stderr, "ssl_create_cipher_list() for %d ciphers\n", - num_of_ciphers); -#endif /* KSSL_DEBUG */ + co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers); if (co_list == NULL) { SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE); @@ -1502,8 +1487,6 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK &tail); ssl_cipher_apply_rule(0, SSL_kPSK, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); - ssl_cipher_apply_rule(0, SSL_kKRB5, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, - &tail); /* RC4 is sort-of broken -- move the the end */ ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head, @@ -1616,13 +1599,8 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) const char *ver, *exp_str; const char *kx, *au, *enc, *mac; unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl; -#ifdef KSSL_DEBUG - static const char *format = - "%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx/%lx/%lx/%lx/%lx\n"; -#else static const char *format = "%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n"; -#endif /* KSSL_DEBUG */ alg_mkey = cipher->algorithm_mkey; alg_auth = cipher->algorithm_auth; @@ -1652,9 +1630,6 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case SSL_kDHd: kx = "DH/DSS"; break; - case SSL_kKRB5: - kx = "KRB5"; - break; case SSL_kDHE: kx = is_export ? (pkl == 512 ? "DH(512)" : "DH(1024)") : "DH"; break; @@ -1690,9 +1665,6 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case SSL_aDH: au = "DH"; break; - case SSL_aKRB5: - au = "KRB5"; - break; case SSL_aECDH: au = "ECDH"; break; @@ -1802,13 +1774,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) } else if (len < 128) return ("Buffer too small"); -#ifdef KSSL_DEBUG - BIO_snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac, - exp_str, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl); -#else BIO_snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac, exp_str); -#endif /* KSSL_DEBUG */ + return (buf); } @@ -2000,9 +1968,6 @@ int ssl_cipher_get_cert_index(const SSL_CIPHER *c) return SSL_PKEY_DSA_SIGN; else if (alg_a & SSL_aRSA) return SSL_PKEY_RSA_ENC; - else if (alg_a & SSL_aKRB5) - /* VRS something else here? */ - return -1; else if (alg_a & SSL_aGOST94) return SSL_PKEY_GOST94; else if (alg_a & SSL_aGOST01) diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index 3396a50759..24891ad69e 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -462,17 +462,6 @@ static ERR_STRING_DATA SSL_str_reasons[] = { {ERR_REASON(SSL_R_INVALID_TICKET_KEYS_LENGTH), "invalid ticket keys length"}, {ERR_REASON(SSL_R_INVALID_TRUST), "invalid trust"}, - {ERR_REASON(SSL_R_KRB5), "krb5"}, - {ERR_REASON(SSL_R_KRB5_C_CC_PRINC), "krb5 client cc principal (no tkt?)"}, - {ERR_REASON(SSL_R_KRB5_C_GET_CRED), "krb5 client get cred"}, - {ERR_REASON(SSL_R_KRB5_C_INIT), "krb5 client init"}, - {ERR_REASON(SSL_R_KRB5_C_MK_REQ), "krb5 client mk_req (expired tkt?)"}, - {ERR_REASON(SSL_R_KRB5_S_BAD_TICKET), "krb5 server bad ticket"}, - {ERR_REASON(SSL_R_KRB5_S_INIT), "krb5 server init"}, - {ERR_REASON(SSL_R_KRB5_S_RD_REQ), "krb5 server rd_req (keytab perms?)"}, - {ERR_REASON(SSL_R_KRB5_S_TKT_EXPIRED), "krb5 server tkt expired"}, - {ERR_REASON(SSL_R_KRB5_S_TKT_NYV), "krb5 server tkt not yet valid"}, - {ERR_REASON(SSL_R_KRB5_S_TKT_SKEW), "krb5 server tkt skew"}, {ERR_REASON(SSL_R_LENGTH_MISMATCH), "length mismatch"}, {ERR_REASON(SSL_R_LENGTH_TOO_SHORT), "length too short"}, {ERR_REASON(SSL_R_LIBRARY_BUG), "library bug"}, diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 441c6fab18..38280186fa 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -147,7 +147,6 @@ #endif #include #include "ssl_locl.h" -#include "kssl_lcl.h" #include #include #include @@ -279,10 +278,6 @@ SSL *SSL_new(SSL_CTX *ctx) RECORD_LAYER_init(&s->rlayer, s); -#ifndef OPENSSL_NO_KRB5 - s->kssl_ctx = kssl_ctx_new(); -#endif /* OPENSSL_NO_KRB5 */ - s->options = ctx->options; s->mode = ctx->mode; s->max_cert_list = ctx->max_cert_list; @@ -584,11 +579,6 @@ void SSL_free(SSL *s) SSL_CTX_free(s->ctx); -#ifndef OPENSSL_NO_KRB5 - if (s->kssl_ctx != NULL) - kssl_ctx_free(s->kssl_ctx); -#endif /* OPENSSL_NO_KRB5 */ - #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) OPENSSL_free(s->next_proto_negotiated); #endif @@ -2217,13 +2207,6 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) mask_a |= SSL_aNULL; emask_a |= SSL_aNULL; -#ifndef OPENSSL_NO_KRB5 - mask_k |= SSL_kKRB5; - mask_a |= SSL_aKRB5; - emask_k |= SSL_kKRB5; - emask_a |= SSL_aKRB5; -#endif - /* * An ECC certificate may be usable for ECDH and/or ECDSA cipher suites * depending on the key usage extension. diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 64feb840a2..f9c4e127f4 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -300,8 +300,6 @@ # define SSL_kDHE 0x00000008L /* synonym */ # define SSL_kEDH SSL_kDHE -/* Kerberos5 key exchange */ -# define SSL_kKRB5 0x00000010L /* ECDH cert, RSA CA cert */ # define SSL_kECDHr 0x00000020L /* ECDH cert, ECDSA CA cert */ @@ -328,8 +326,6 @@ # define SSL_aDH 0x00000008L /* Fixed ECDH auth (kECDHe or kECDHr) */ # define SSL_aECDH 0x00000010L -/* KRB5 auth */ -# define SSL_aKRB5 0x00000020L /* ECDSA auth*/ # define SSL_aECDSA 0x00000040L /* PSK auth */ @@ -585,7 +581,6 @@ struct ssl_method_st { * Cipher OCTET STRING, -- the 3 byte cipher ID * Session_ID OCTET STRING, -- the Session ID * Master_key OCTET STRING, -- the master key - * KRB5_principal OCTET STRING -- optional Kerberos principal * Key_Arg [ 0 ] IMPLICIT OCTET STRING, -- the optional Key argument * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds @@ -619,10 +614,6 @@ struct ssl_session_st { */ unsigned int sid_ctx_length; unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; -# ifndef OPENSSL_NO_KRB5 - unsigned int krb5_client_princ_len; - unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH]; -# endif /* OPENSSL_NO_KRB5 */ # ifndef OPENSSL_NO_PSK char *psk_identity_hint; char *psk_identity; @@ -1074,10 +1065,6 @@ struct ssl_st { int error; /* actual code */ int error_code; -# ifndef OPENSSL_NO_KRB5 - /* Kerberos 5 context */ - KSSL_CTX *kssl_ctx; -# endif /* OPENSSL_NO_KRB5 */ # ifndef OPENSSL_NO_PSK unsigned int (*psk_client_callback) (SSL *ssl, const char *hint, char *identity, diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 4e73f047e0..2be9592c23 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -772,20 +772,6 @@ int SSL_set_session(SSL *s, SSL_SESSION *session) if (!SSL_set_ssl_method(s, meth)) return (0); } -#ifndef OPENSSL_NO_KRB5 - if (s->kssl_ctx && !s->kssl_ctx->client_princ && - session->krb5_client_princ_len > 0) { - s->kssl_ctx->client_princ = - OPENSSL_malloc(session->krb5_client_princ_len + 1); - if (s->kssl_ctx->client_princ == NULL) { - SSLerr(SSL_F_SSL_SET_SESSION, ERR_R_MALLOC_FAILURE); - return (0); - } - memcpy(s->kssl_ctx->client_princ, session->krb5_client_princ, - session->krb5_client_princ_len); - s->kssl_ctx->client_princ[session->krb5_client_princ_len] = '\0'; - } -#endif /* OPENSSL_NO_KRB5 */ /* CRYPTO_w_lock(CRYPTO_LOCK_SSL); */ CRYPTO_add(&session->references, 1, CRYPTO_LOCK_SSL_SESSION); diff --git a/ssl/ssl_txt.c b/ssl/ssl_txt.c index 918e75ea0b..0da2bb44b9 100644 --- a/ssl/ssl_txt.c +++ b/ssl/ssl_txt.c @@ -165,18 +165,6 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) if (BIO_printf(bp, "%02X", x->master_key[i]) <= 0) goto err; } -#ifndef OPENSSL_NO_KRB5 - if (BIO_puts(bp, "\n Krb5 Principal: ") <= 0) - goto err; - if (x->krb5_client_princ_len == 0) { - if (BIO_puts(bp, "None") <= 0) - goto err; - } else - for (i = 0; i < x->krb5_client_princ_len; i++) { - if (BIO_printf(bp, "%02X", x->krb5_client_princ[i]) <= 0) - goto err; - } -#endif /* OPENSSL_NO_KRB5 */ #ifndef OPENSSL_NO_PSK if (BIO_puts(bp, "\n PSK identity: ") <= 0) goto err; diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 47bab9985b..8c53aa8acf 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -144,9 +144,6 @@ #include #include #include -#ifdef KSSL_DEBUG -# include -#endif /* seed1 through seed5 are virtually concatenated */ static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec, @@ -302,17 +299,7 @@ static int tls1_generate_key_block(SSL *s, unsigned char *km, SSL3_RANDOM_SIZE, s->s3->client_random, SSL3_RANDOM_SIZE, NULL, 0, NULL, 0, s->session->master_key, s->session->master_key_length, km, tmp, num); -#ifdef KSSL_DEBUG - fprintf(stderr, "tls1_generate_key_block() ==> %d byte master_key =\n\t", - s->session->master_key_length); - { - int i; - for (i = 0; i < s->session->master_key_length; i++) { - fprintf(stderr, "%02X", s->session->master_key[i]); - } - fprintf(stderr, "\n"); - } -#endif /* KSSL_DEBUG */ + return ret; } @@ -348,24 +335,6 @@ int tls1_change_cipher_state(SSL *s, int which) comp = s->s3->tmp.new_compression; #endif -#ifdef KSSL_DEBUG - fprintf(stderr, "tls1_change_cipher_state(which= %d) w/\n", which); - fprintf(stderr, "\talg= %ld/%ld, comp= %p\n", - s->s3->tmp.new_cipher->algorithm_mkey, - s->s3->tmp.new_cipher->algorithm_auth, comp); - fprintf(stderr, "\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", c); - fprintf(stderr, "\tevp_cipher: nid, blksz= %d, %d, keylen=%d, ivlen=%d\n", - c->nid, c->block_size, c->key_len, c->iv_len); - fprintf(stderr, "\tkey_block: len= %d, data= ", - s->s3->tmp.key_block_length); - { - int i; - for (i = 0; i < s->s3->tmp.key_block_length; i++) - fprintf(stderr, "%02x", s->s3->tmp.key_block[i]); - fprintf(stderr, "\n"); - } -#endif /* KSSL_DEBUG */ - if (which & SSL3_CC_READ) { if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC) s->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM; @@ -530,20 +499,6 @@ int tls1_change_cipher_state(SSL *s, int which) iv = &(iv1[k]); } } -#ifdef KSSL_DEBUG - { - int i; - fprintf(stderr, "EVP_CipherInit_ex(dd,c,key=,iv=,which)\n"); - fprintf(stderr, "\tkey= "); - for (i = 0; i < c->key_len; i++) - fprintf(stderr, "%02x", key[i]); - fprintf(stderr, "\n"); - fprintf(stderr, "\t iv= "); - for (i = 0; i < c->iv_len; i++) - fprintf(stderr, "%02x", iv[i]); - fprintf(stderr, "\n"); - } -#endif /* KSSL_DEBUG */ if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE) { if (!EVP_CipherInit_ex(dd, c, NULL, key, NULL, (which & SSL3_CC_WRITE)) @@ -621,10 +576,6 @@ int tls1_setup_key_block(SSL *s) int mac_type = NID_undef, mac_secret_size = 0; int ret = 0; -#ifdef KSSL_DEBUG - fprintf(stderr, "tls1_setup_key_block()\n"); -#endif /* KSSL_DEBUG */ - if (s->s3->tmp.key_block_length != 0) return (1); @@ -778,11 +729,6 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, { unsigned char buff[SSL_MAX_MASTER_KEY_LENGTH]; -#ifdef KSSL_DEBUG - fprintf(stderr, "tls1_generate_master_secret(%p,%p, %p, %d)\n", s, out, p, - len); -#endif /* KSSL_DEBUG */ - if (s->session->flags & SSL_SESS_FLAG_EXTMS) { unsigned char hash[EVP_MAX_MD_SIZE * 2]; int hashlen; @@ -848,9 +794,6 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, } #endif -#ifdef KSSL_DEBUG - fprintf(stderr, "tls1_generate_master_secret() complete\n"); -#endif /* KSSL_DEBUG */ return (SSL3_MASTER_SECRET_SIZE); } @@ -864,11 +807,6 @@ int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, size_t vallen, currentvalpos; int rv; -#ifdef KSSL_DEBUG - fprintf(stderr, "tls1_export_keying_material(%p,%p,%lu,%s,%lu,%p,%lu)\n", - s, out, olen, label, llen, context, contextlen); -#endif /* KSSL_DEBUG */ - buff = OPENSSL_malloc(olen); if (buff == NULL) goto err2; @@ -936,9 +874,6 @@ int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, OPENSSL_cleanse(val, vallen); OPENSSL_cleanse(buff, olen); -#ifdef KSSL_DEBUG - fprintf(stderr, "tls1_export_keying_material() complete\n"); -#endif /* KSSL_DEBUG */ goto ret; err1: SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index f8ed091f39..9d90c1cb48 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1068,12 +1068,6 @@ void ssl_set_client_disabled(SSL *s) c->mask_k |= SSL_kDHd; if (c->mask_a & SSL_aECDSA) c->mask_k |= SSL_kECDHe; -# ifndef OPENSSL_NO_KRB5 - if (!kssl_tgt_is_available(s->kssl_ctx)) { - c->mask_a |= SSL_aKRB5; - c->mask_k |= SSL_kKRB5; - } -# endif # ifndef OPENSSL_NO_PSK /* with PSK there must be client callback set */ if (!s->psk_client_callback) { diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c index f8d19b87ad..6596c87932 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -778,10 +778,6 @@ static int ssl_get_keyex(const char **pname, SSL *ssl) *pname = "dh_dss"; return SSL_kDHd; } - if (alg_k & SSL_kKRB5) { - *pname = "krb5"; - return SSL_kKRB5; - } if (alg_k & SSL_kDHE) { *pname = "DHE"; return SSL_kDHE; diff --git a/test/Makefile b/test/Makefile index 97837e1682..695bb3273f 100644 --- a/test/Makefile +++ b/test/Makefile @@ -736,9 +736,8 @@ heartbeat_test.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h heartbeat_test.o: ../include/openssl/ec.h ../include/openssl/ecdh.h heartbeat_test.o: ../include/openssl/ecdsa.h ../include/openssl/err.h heartbeat_test.o: ../include/openssl/evp.h ../include/openssl/hmac.h -heartbeat_test.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -heartbeat_test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -heartbeat_test.o: ../include/openssl/opensslconf.h +heartbeat_test.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +heartbeat_test.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h heartbeat_test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h heartbeat_test.o: ../include/openssl/pem.h ../include/openssl/pem2.h heartbeat_test.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h @@ -844,21 +843,20 @@ ssltest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h ssltest.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h ssltest.o: ../include/openssl/engine.h ../include/openssl/err.h ssltest.o: ../include/openssl/evp.h ../include/openssl/hmac.h -ssltest.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -ssltest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -ssltest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ssltest.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -ssltest.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ssltest.o: ../include/openssl/pqueue.h ../include/openssl/rand.h -ssltest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -ssltest.o: ../include/openssl/sha.h ../include/openssl/srp.h -ssltest.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -ssltest.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -ssltest.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ssltest.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ssltest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -ssltest.o: ../include/openssl/x509v3.h ../ssl/record/record.h ../ssl/ssl_locl.h -ssltest.o: ssltest.c +ssltest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +ssltest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +ssltest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ssltest.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ssltest.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +ssltest.o: ../include/openssl/rand.h ../include/openssl/rsa.h +ssltest.o: ../include/openssl/safestack.h ../include/openssl/sha.h +ssltest.o: ../include/openssl/srp.h ../include/openssl/srtp.h +ssltest.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +ssltest.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +ssltest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ssltest.o: ../include/openssl/tls1.h ../include/openssl/x509.h +ssltest.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h +ssltest.o: ../ssl/record/record.h ../ssl/ssl_locl.h ssltest.c testutil.o: ../e_os.h ../include/openssl/e_os2.h testutil.o: ../include/openssl/opensslconf.h testutil.c testutil.h v3nametest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h diff --git a/test/ssltest.c b/test/ssltest.c index e531b32f65..1fa2aa2c72 100644 --- a/test/ssltest.c +++ b/test/ssltest.c @@ -1719,21 +1719,6 @@ int main(int argc, char *argv[]) c_ssl = SSL_new(c_ctx); s_ssl = SSL_new(s_ctx); -#ifndef OPENSSL_NO_KRB5 - if (c_ssl && c_ssl->kssl_ctx) { - char localhost[MAXHOSTNAMELEN + 2]; - - if (gethostname(localhost, sizeof localhost - 1) == 0) { - localhost[sizeof localhost - 1] = '\0'; - if (strlen(localhost) == sizeof localhost - 1) { - BIO_printf(bio_err, "localhost name too long\n"); - goto end; - } - kssl_ctx_setstring(c_ssl->kssl_ctx, KSSL_SERVER, localhost); - } - } -#endif /* OPENSSL_NO_KRB5 */ - BIO_printf(bio_stdout, "Doing handshakes=%d bytes=%ld\n", number, bytes); for (i = 0; i < number; i++) { if (!reuse) { diff --git a/util/indent.pro b/util/indent.pro index 87e2b3ba4a..2a7c1b7b44 100644 --- a/util/indent.pro +++ b/util/indent.pro @@ -313,8 +313,6 @@ -T KRB5_ENCKEY -T KRB5_PRINCNAME -T KRB5_TKTBODY --T KSSL_CTX --T KSSL_ERR -T LHASH -T LHASH_COMP_FN_TYPE -T LHASH_DOALL_ARG_FN_TYPE diff --git a/util/mkdef.pl b/util/mkdef.pl index 674ad1ee04..188a408002 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -258,7 +258,6 @@ $max_ssl = $max_num; $max_crypto = $max_num; my $ssl="include/openssl/ssl.h"; -$ssl.=" include/openssl/kssl.h"; $ssl.=" include/openssl/tls1.h"; $ssl.=" include/openssl/srtp.h"; diff --git a/util/ssleay.num b/util/ssleay.num index ab89e91849..7fb0714c9e 100755 --- a/util/ssleay.num +++ b/util/ssleay.num @@ -196,22 +196,22 @@ SSL_callback_ctrl 244 EXIST::FUNCTION: SSL_CTX_sessions 245 EXIST::FUNCTION: SSL_get_rfd 246 EXIST::FUNCTION: SSL_get_wfd 247 EXIST::FUNCTION: -kssl_cget_tkt 248 EXIST::FUNCTION:KRB5 +kssl_cget_tkt 248 NOEXIST::FUNCTION: SSL_has_matching_session_id 249 EXIST::FUNCTION: -kssl_err_set 250 EXIST::FUNCTION:KRB5 -kssl_ctx_show 251 EXIST::FUNCTION:KRB5 -kssl_validate_times 252 EXIST::FUNCTION:KRB5 -kssl_check_authent 253 EXIST::FUNCTION:KRB5 -kssl_ctx_new 254 EXIST::FUNCTION:KRB5 -kssl_build_principal_2 255 EXIST::FUNCTION:KRB5 -kssl_skip_confound 256 EXIST::FUNCTION:KRB5 -kssl_sget_tkt 257 EXIST::FUNCTION:KRB5 +kssl_err_set 250 NOEXIST::FUNCTION: +kssl_ctx_show 251 NOEXIST::FUNCTION: +kssl_validate_times 252 NOEXIST::FUNCTION: +kssl_check_authent 253 NOEXIST::FUNCTION: +kssl_ctx_new 254 NOEXIST::FUNCTION: +kssl_build_principal_2 255 NOEXIST::FUNCTION: +kssl_skip_confound 256 NOEXIST::FUNCTION: +kssl_sget_tkt 257 NOEXIST::FUNCTION: SSL_set_generate_session_id 258 EXIST::FUNCTION: -kssl_ctx_setkey 259 EXIST::FUNCTION:KRB5 -kssl_ctx_setprinc 260 EXIST::FUNCTION:KRB5 -kssl_ctx_free 261 EXIST::FUNCTION:KRB5 -kssl_krb5_free_data_contents 262 EXIST::FUNCTION:KRB5 -kssl_ctx_setstring 263 EXIST::FUNCTION:KRB5 +kssl_ctx_setkey 259 NOEXIST::FUNCTION: +kssl_ctx_setprinc 260 NOEXIST::FUNCTION: +kssl_ctx_free 261 NOEXIST::FUNCTION: +kssl_krb5_free_data_contents 262 NOEXIST::FUNCTION: +kssl_ctx_setstring 263 NOEXIST::FUNCTION: SSL_CTX_set_generate_session_id 264 EXIST::FUNCTION: SSL_renegotiate_pending 265 EXIST::FUNCTION: SSL_CTX_set_msg_callback 266 EXIST::FUNCTION: @@ -301,14 +301,14 @@ TLSv1_2_client_method 341 EXIST::FUNCTION: SSL_SESSION_set1_id_context 342 EXIST::FUNCTION: TLSv1_2_server_method 343 EXIST::FUNCTION: SSL_cache_hit 344 EXIST::FUNCTION: -SSL_get0_kssl_ctx 345 EXIST::FUNCTION:KRB5 -SSL_set0_kssl_ctx 346 EXIST::FUNCTION:KRB5 +SSL_get0_kssl_ctx 345 NOEXIST::FUNCTION: +SSL_set0_kssl_ctx 346 NOEXIST::FUNCTION: SSL_SESSION_get0_id 347 NOEXIST::FUNCTION: SSL_set_state 348 EXIST::FUNCTION: SSL_CIPHER_get_id 349 EXIST::FUNCTION: TLSv1_2_method 350 EXIST::FUNCTION: SSL_SESSION_get_id_len 351 NOEXIST::FUNCTION: -kssl_ctx_get0_client_princ 352 EXIST::FUNCTION:KRB5 +kssl_ctx_get0_client_princ 352 NOEXIST::FUNCTION: SSL_export_keying_material 353 EXIST::FUNCTION:TLSEXT SSL_set_tlsext_use_srtp 354 EXIST::FUNCTION:SRTP SSL_CTX_set_next_protos_advertised_cb 355 EXIST:!VMS:FUNCTION:NEXTPROTONEG -- 2.25.1