sync to netbsd-5diff -r1.1 -r1.1.14.1 src/crypto/dist/heimdal/lib/krb5/krb5_get_creds.3
(matt)
--- src/crypto/dist/heimdal/lib/krb5/Attic/krb5_get_creds.3 2008/03/22 08:37:14 1.1
+++ src/crypto/dist/heimdal/lib/krb5/Attic/krb5_get_creds.3 2010/04/21 05:17:36 1.1.14.1
@@ -20,27 +20,27 @@ | @@ -20,27 +20,27 @@ | |||
20 | .\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND | 20 | .\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND | |
21 | .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | 21 | .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
22 | .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | 22 | .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
23 | .\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE | 23 | .\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE | |
24 | .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | 24 | .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
25 | .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | 25 | .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
26 | .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | 26 | .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
27 | .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | 27 | .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
28 | .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 28 | .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
29 | .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 29 | .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
30 | .\" SUCH DAMAGE. | 30 | .\" SUCH DAMAGE. | |
31 | .\" | 31 | .\" | |
32 | .\" $Heimdal: krb5_get_creds.3 22071 2007-11-14 20:04:50Z lha $ | 32 | .\" $Heimdal: krb5_get_creds.3 22071 2007-11-14 20:04:50Z lha $ | |
33 | .\" $NetBSD: krb5_get_creds.3,v 1.1 2008/03/22 08:37:14 mlelstv Exp $ | 33 | .\" $NetBSD: krb5_get_creds.3,v 1.1.14.1 2010/04/21 05:17:36 matt Exp $ | |
34 | .\" | 34 | .\" | |
35 | .Dd June 15, 2006 | 35 | .Dd June 15, 2006 | |
36 | .Dt KRB5_GET_CREDS 3 | 36 | .Dt KRB5_GET_CREDS 3 | |
37 | .Os | 37 | .Os | |
38 | .Sh NAME | 38 | .Sh NAME | |
39 | .Nm krb5_get_creds , | 39 | .Nm krb5_get_creds , | |
40 | .Nm krb5_get_creds_opt_add_options , | 40 | .Nm krb5_get_creds_opt_add_options , | |
41 | .Nm krb5_get_creds_opt_alloc , | 41 | .Nm krb5_get_creds_opt_alloc , | |
42 | .Nm krb5_get_creds_opt_free , | 42 | .Nm krb5_get_creds_opt_free , | |
43 | .Nm krb5_get_creds_opt_set_enctype , | 43 | .Nm krb5_get_creds_opt_set_enctype , | |
44 | .Nm krb5_get_creds_opt_set_impersonate , | 44 | .Nm krb5_get_creds_opt_set_impersonate , | |
45 | .Nm krb5_get_creds_opt_set_options , | 45 | .Nm krb5_get_creds_opt_set_options , | |
46 | .Nm krb5_get_creds_opt_set_ticket | 46 | .Nm krb5_get_creds_opt_set_ticket | |
@@ -124,27 +124,27 @@ consumers free the memory before calling | @@ -124,27 +124,27 @@ consumers free the memory before calling | |||
124 | The structure | 124 | The structure | |
125 | .Li krb5_get_creds_opt | 125 | .Li krb5_get_creds_opt | |
126 | is allocated with | 126 | is allocated with | |
127 | .Fn krb5_get_creds_opt_alloc | 127 | .Fn krb5_get_creds_opt_alloc | |
128 | and freed with | 128 | and freed with | |
129 | .Fn krb5_get_creds_opt_free . | 129 | .Fn krb5_get_creds_opt_free . | |
130 | The free function also frees the content of the structure set by the | 130 | The free function also frees the content of the structure set by the | |
131 | accessor functions. | 131 | accessor functions. | |
132 | .Pp | 132 | .Pp | |
133 | .Fn krb5_get_creds_opt_add_options | 133 | .Fn krb5_get_creds_opt_add_options | |
134 | and | 134 | and | |
135 | .Fn krb5_get_creds_opt_set_options | 135 | .Fn krb5_get_creds_opt_set_options | |
136 | adds and sets options to the | 136 | adds and sets options to the | |
137 | .Fi krb5_get_creds_opt | 137 | .Vt krb5_get_creds_opt | |
138 | structure . | 138 | structure . | |
139 | The possible options to set are | 139 | The possible options to set are | |
140 | .Bl -tag -width "KRB5_GC_USER_USER" -compact | 140 | .Bl -tag -width "KRB5_GC_USER_USER" -compact | |
141 | .It KRB5_GC_CACHED | 141 | .It KRB5_GC_CACHED | |
142 | Only check the | 142 | Only check the | |
143 | .Fa ccache , | 143 | .Fa ccache , | |
144 | don't got out on network to fetch credential. | 144 | don't got out on network to fetch credential. | |
145 | .It KRB5_GC_USER_USER | 145 | .It KRB5_GC_USER_USER | |
146 | request a user to user ticket. | 146 | request a user to user ticket. | |
147 | This options doesn't store the resulting user to user credential in | 147 | This options doesn't store the resulting user to user credential in | |
148 | the | 148 | the | |
149 | .Fa ccache . | 149 | .Fa ccache . | |
150 | .It KRB5_GC_EXPIRED_OK | 150 | .It KRB5_GC_EXPIRED_OK |
--- src/crypto/dist/heimdal/lib/krb5/Attic/krb5_get_in_cred.3 2008/03/22 08:37:14 1.1
+++ src/crypto/dist/heimdal/lib/krb5/Attic/krb5_get_in_cred.3 2010/04/21 05:17:36 1.1.14.1
@@ -20,27 +20,27 @@ | @@ -20,27 +20,27 @@ | |||
20 | .\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND | 20 | .\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND | |
21 | .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | 21 | .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
22 | .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | 22 | .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
23 | .\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE | 23 | .\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE | |
24 | .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | 24 | .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
25 | .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | 25 | .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
26 | .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | 26 | .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
27 | .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | 27 | .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
28 | .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 28 | .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
29 | .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 29 | .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
30 | .\" SUCH DAMAGE. | 30 | .\" SUCH DAMAGE. | |
31 | .\" | 31 | .\" | |
32 | .\" $Heimdal: krb5_get_in_cred.3 17593 2006-05-29 14:55:18Z lha $ | 32 | .\" $Heimdal: krb5_get_in_cred.3 17593 2006-05-29 14:55:18Z lha $ | |
33 | .\" $NetBSD: krb5_get_in_cred.3,v 1.1 2008/03/22 08:37:14 mlelstv Exp $ | 33 | .\" $NetBSD: krb5_get_in_cred.3,v 1.1.14.1 2010/04/21 05:17:36 matt Exp $ | |
34 | .\" | 34 | .\" | |
35 | .Dd May 31, 2003 | 35 | .Dd May 31, 2003 | |
36 | .Dt KRB5_GET_IN_TKT 3 | 36 | .Dt KRB5_GET_IN_TKT 3 | |
37 | .Os | 37 | .Os | |
38 | .Sh NAME | 38 | .Sh NAME | |
39 | .Nm krb5_get_in_tkt , | 39 | .Nm krb5_get_in_tkt , | |
40 | .Nm krb5_get_in_cred , | 40 | .Nm krb5_get_in_cred , | |
41 | .Nm krb5_get_in_tkt_with_password , | 41 | .Nm krb5_get_in_tkt_with_password , | |
42 | .Nm krb5_get_in_tkt_with_keytab , | 42 | .Nm krb5_get_in_tkt_with_keytab , | |
43 | .Nm krb5_get_in_tkt_with_skey , | 43 | .Nm krb5_get_in_tkt_with_skey , | |
44 | .Nm krb5_free_kdc_rep , | 44 | .Nm krb5_free_kdc_rep , | |
45 | .Nm krb5_password_key_proc | 45 | .Nm krb5_password_key_proc | |
46 | .Nd deprecated initial authentication functions | 46 | .Nd deprecated initial authentication functions | |
@@ -160,27 +160,27 @@ stores the credential in a | @@ -160,27 +160,27 @@ stores the credential in a | |||
160 | .Li krb5_ccache . | 160 | .Li krb5_ccache . | |
161 | .Pp | 161 | .Pp | |
162 | .Nm krb5_get_in_tkt_with_password , | 162 | .Nm krb5_get_in_tkt_with_password , | |
163 | .Nm krb5_get_in_tkt_with_keytab , | 163 | .Nm krb5_get_in_tkt_with_keytab , | |
164 | and | 164 | and | |
165 | .Nm krb5_get_in_tkt_with_skey | 165 | .Nm krb5_get_in_tkt_with_skey | |
166 | does the same work as | 166 | does the same work as | |
167 | .Nm krb5_get_in_cred | 167 | .Nm krb5_get_in_cred | |
168 | but are more specialized. | 168 | but are more specialized. | |
169 | .Pp | 169 | .Pp | |
170 | .Nm krb5_get_in_tkt_with_password | 170 | .Nm krb5_get_in_tkt_with_password | |
171 | uses the clients password to authenticate. | 171 | uses the clients password to authenticate. | |
172 | If the password argument is | 172 | If the password argument is | |
173 | .DV NULL | 173 | .Dv NULL | |
174 | the user user queried with the default password query function. | 174 | the user user queried with the default password query function. | |
175 | .Pp | 175 | .Pp | |
176 | .Nm krb5_get_in_tkt_with_keytab | 176 | .Nm krb5_get_in_tkt_with_keytab | |
177 | searches the given keytab for a service entry for the client principal. | 177 | searches the given keytab for a service entry for the client principal. | |
178 | If the keytab is | 178 | If the keytab is | |
179 | .Dv NULL | 179 | .Dv NULL | |
180 | the default keytab is used. | 180 | the default keytab is used. | |
181 | .Pp | 181 | .Pp | |
182 | .Nm krb5_get_in_tkt_with_skey | 182 | .Nm krb5_get_in_tkt_with_skey | |
183 | uses a key to get the initial credential. | 183 | uses a key to get the initial credential. | |
184 | .Pp | 184 | .Pp | |
185 | There are some common arguments to the krb5_get_in functions, these are: | 185 | There are some common arguments to the krb5_get_in functions, these are: | |
186 | .Pp | 186 | .Pp |
--- src/crypto/dist/heimdal/lib/krb5/Attic/krb5_keytab.3 2008/03/22 08:37:14 1.9
+++ src/crypto/dist/heimdal/lib/krb5/Attic/krb5_keytab.3 2010/04/21 05:17:36 1.9.14.1
@@ -20,27 +20,27 @@ | @@ -20,27 +20,27 @@ | |||
20 | .\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND | 20 | .\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND | |
21 | .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | 21 | .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
22 | .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | 22 | .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
23 | .\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE | 23 | .\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE | |
24 | .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | 24 | .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
25 | .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | 25 | .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
26 | .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | 26 | .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
27 | .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | 27 | .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
28 | .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 28 | .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
29 | .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 29 | .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
30 | .\" SUCH DAMAGE. | 30 | .\" SUCH DAMAGE. | |
31 | .\" | 31 | .\" | |
32 | .\" $Heimdal: krb5_keytab.3 22071 2007-11-14 20:04:50Z lha $ | 32 | .\" $Heimdal: krb5_keytab.3 22071 2007-11-14 20:04:50Z lha $ | |
33 | .\" $NetBSD: krb5_keytab.3,v 1.9 2008/03/22 08:37:14 mlelstv Exp $ | 33 | .\" $NetBSD: krb5_keytab.3,v 1.9.14.1 2010/04/21 05:17:36 matt Exp $ | |
34 | .\" | 34 | .\" | |
35 | .Dd August 12, 2005 | 35 | .Dd August 12, 2005 | |
36 | .Dt KRB5_KEYTAB 3 | 36 | .Dt KRB5_KEYTAB 3 | |
37 | .Os | 37 | .Os | |
38 | .Sh NAME | 38 | .Sh NAME | |
39 | .Nm krb5_kt_ops , | 39 | .Nm krb5_kt_ops , | |
40 | .Nm krb5_keytab_entry , | 40 | .Nm krb5_keytab_entry , | |
41 | .Nm krb5_kt_cursor , | 41 | .Nm krb5_kt_cursor , | |
42 | .Nm krb5_kt_add_entry , | 42 | .Nm krb5_kt_add_entry , | |
43 | .Nm krb5_kt_close , | 43 | .Nm krb5_kt_close , | |
44 | .Nm krb5_kt_compare , | 44 | .Nm krb5_kt_compare , | |
45 | .Nm krb5_kt_copy_entry_contents , | 45 | .Nm krb5_kt_copy_entry_contents , | |
46 | .Nm krb5_kt_default , | 46 | .Nm krb5_kt_default , | |
@@ -194,27 +194,27 @@ The default value can be changed in the | @@ -194,27 +194,27 @@ The default value can be changed in the | |||
194 | by setting the variable | 194 | by setting the variable | |
195 | .Li [defaults]default_keytab_name . | 195 | .Li [defaults]default_keytab_name . | |
196 | .Pp | 196 | .Pp | |
197 | The keytab types that are implemented in Heimdal | 197 | The keytab types that are implemented in Heimdal | |
198 | are: | 198 | are: | |
199 | .Bl -tag -width Ds | 199 | .Bl -tag -width Ds | |
200 | .It Nm file | 200 | .It Nm file | |
201 | store the keytab in a file, the type's name is | 201 | store the keytab in a file, the type's name is | |
202 | .Li FILE . | 202 | .Li FILE . | |
203 | The residual part is a filename. | 203 | The residual part is a filename. | |
204 | For compatibility with other Kerberos implemtation | 204 | For compatibility with other Kerberos implemtation | |
205 | .Li WRFILE | 205 | .Li WRFILE | |
206 | and | 206 | and | |
207 | .LI JAVA14 | 207 | .Li JAVA14 | |
208 | is also accepted. | 208 | is also accepted. | |
209 | .Li WRFILE | 209 | .Li WRFILE | |
210 | has the same format as | 210 | has the same format as | |
211 | .Li FILE . | 211 | .Li FILE . | |
212 | .Li JAVA14 | 212 | .Li JAVA14 | |
213 | have a format that is compatible with older versions of MIT kerberos | 213 | have a format that is compatible with older versions of MIT kerberos | |
214 | and SUN's Java based installation. They store a truncted kvno, so | 214 | and SUN's Java based installation. They store a truncted kvno, so | |
215 | when the knvo excess 255, they are truncted in this format. | 215 | when the knvo excess 255, they are truncted in this format. | |
216 | .It Nm keyfile | 216 | .It Nm keyfile | |
217 | store the keytab in a | 217 | store the keytab in a | |
218 | .Li AFS | 218 | .Li AFS | |
219 | keyfile (usually | 219 | keyfile (usually | |
220 | .Pa /usr/afs/etc/KeyFile ) , | 220 | .Pa /usr/afs/etc/KeyFile ) , | |
@@ -370,27 +370,27 @@ releases all resources associated with | @@ -370,27 +370,27 @@ releases all resources associated with | |||
370 | .Fn krb5_kt_get_entry | 370 | .Fn krb5_kt_get_entry | |
371 | retrieves the keytab entry for | 371 | retrieves the keytab entry for | |
372 | .Fa principal , | 372 | .Fa principal , | |
373 | .Fa kvno , | 373 | .Fa kvno , | |
374 | .Fa enctype | 374 | .Fa enctype | |
375 | into | 375 | into | |
376 | .Fa entry | 376 | .Fa entry | |
377 | from the keytab | 377 | from the keytab | |
378 | .Fa id . | 378 | .Fa id . | |
379 | When comparing an entry in the keytab to determine a match, the | 379 | When comparing an entry in the keytab to determine a match, the | |
380 | function | 380 | function | |
381 | .Fn krb5_kt_compare | 381 | .Fn krb5_kt_compare | |
382 | is used, so the wildcard rules applies to the argument of | 382 | is used, so the wildcard rules applies to the argument of | |
383 | .F krb5_kt_get_entry | 383 | .Fn krb5_kt_get_entry | |
384 | too. | 384 | too. | |
385 | On success the returne entry must be freed with | 385 | On success the returne entry must be freed with | |
386 | .Fn krb5_kt_free_entry . | 386 | .Fn krb5_kt_free_entry . | |
387 | Returns 0 or an error. | 387 | Returns 0 or an error. | |
388 | .Pp | 388 | .Pp | |
389 | .Fn krb5_kt_read_service_key | 389 | .Fn krb5_kt_read_service_key | |
390 | reads the key identified by | 390 | reads the key identified by | |
391 | .Fa ( principal , | 391 | .Fa ( principal , | |
392 | .Fa vno , | 392 | .Fa vno , | |
393 | .Fa enctype ) | 393 | .Fa enctype ) | |
394 | from the keytab in | 394 | from the keytab in | |
395 | .Fa keyprocarg | 395 | .Fa keyprocarg | |
396 | (the system default keytab if | 396 | (the system default keytab if |
--- src/crypto/dist/ipsec-tools/src/racoon/handler.c 2009/02/08 18:42:16 1.21.4.1
+++ src/crypto/dist/ipsec-tools/src/racoon/handler.c 2010/04/21 05:17:36 1.21.4.1.4.1
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: handler.c,v 1.21.4.1 2009/02/08 18:42:16 snj Exp $ */ | 1 | /* $NetBSD: handler.c,v 1.21.4.1.4.1 2010/04/21 05:17:36 matt Exp $ */ | |
2 | 2 | |||
3 | /* Id: handler.c,v 1.28 2006/05/26 12:17:29 manubsd Exp */ | 3 | /* Id: handler.c,v 1.28 2006/05/26 12:17:29 manubsd Exp */ | |
4 | 4 | |||
5 | /* | 5 | /* | |
6 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | 6 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | |
7 | * All rights reserved. | 7 | * All rights reserved. | |
8 | * | 8 | * | |
9 | * Redistribution and use in source and binary forms, with or without | 9 | * Redistribution and use in source and binary forms, with or without | |
10 | * modification, are permitted provided that the following conditions | 10 | * modification, are permitted provided that the following conditions | |
11 | * are met: | 11 | * are met: | |
12 | * 1. Redistributions of source code must retain the above copyright | 12 | * 1. Redistributions of source code must retain the above copyright | |
13 | * notice, this list of conditions and the following disclaimer. | 13 | * notice, this list of conditions and the following disclaimer. | |
14 | * 2. Redistributions in binary form must reproduce the above copyright | 14 | * 2. Redistributions in binary form must reproduce the above copyright | |
@@ -468,27 +468,27 @@ getph2byseq(seq) | @@ -468,27 +468,27 @@ getph2byseq(seq) | |||
468 | return NULL; | 468 | return NULL; | |
469 | } | 469 | } | |
470 | 470 | |||
471 | /* | 471 | /* | |
472 | * search ph2handle with message id. | 472 | * search ph2handle with message id. | |
473 | */ | 473 | */ | |
474 | struct ph2handle * | 474 | struct ph2handle * | |
475 | getph2bymsgid(iph1, msgid) | 475 | getph2bymsgid(iph1, msgid) | |
476 | struct ph1handle *iph1; | 476 | struct ph1handle *iph1; | |
477 | u_int32_t msgid; | 477 | u_int32_t msgid; | |
478 | { | 478 | { | |
479 | struct ph2handle *p; | 479 | struct ph2handle *p; | |
480 | 480 | |||
481 | LIST_FOREACH(p, &ph2tree, chain) { | 481 | LIST_FOREACH(p, &iph1->ph2tree, ph1bind) { | |
482 | if (p->msgid == msgid) | 482 | if (p->msgid == msgid) | |
483 | return p; | 483 | return p; | |
484 | } | 484 | } | |
485 | 485 | |||
486 | return NULL; | 486 | return NULL; | |
487 | } | 487 | } | |
488 | 488 | |||
489 | struct ph2handle * | 489 | struct ph2handle * | |
490 | getph2byid(src, dst, spid) | 490 | getph2byid(src, dst, spid) | |
491 | struct sockaddr *src, *dst; | 491 | struct sockaddr *src, *dst; | |
492 | u_int32_t spid; | 492 | u_int32_t spid; | |
493 | { | 493 | { | |
494 | struct ph2handle *p; | 494 | struct ph2handle *p; |
--- src/crypto/dist/ipsec-tools/src/racoon/isakmp.c 2009/02/08 18:42:16 1.42.4.1
+++ src/crypto/dist/ipsec-tools/src/racoon/isakmp.c 2010/04/21 05:17:36 1.42.4.1.4.1
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: isakmp.c,v 1.42.4.1 2009/02/08 18:42:16 snj Exp $ */ | 1 | /* $NetBSD: isakmp.c,v 1.42.4.1.4.1 2010/04/21 05:17:36 matt Exp $ */ | |
2 | 2 | |||
3 | /* Id: isakmp.c,v 1.74 2006/05/07 21:32:59 manubsd Exp */ | 3 | /* Id: isakmp.c,v 1.74 2006/05/07 21:32:59 manubsd Exp */ | |
4 | 4 | |||
5 | /* | 5 | /* | |
6 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | 6 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | |
7 | * All rights reserved. | 7 | * All rights reserved. | |
8 | * | 8 | * | |
9 | * Redistribution and use in source and binary forms, with or without | 9 | * Redistribution and use in source and binary forms, with or without | |
10 | * modification, are permitted provided that the following conditions | 10 | * modification, are permitted provided that the following conditions | |
11 | * are met: | 11 | * are met: | |
12 | * 1. Redistributions of source code must retain the above copyright | 12 | * 1. Redistributions of source code must retain the above copyright | |
13 | * notice, this list of conditions and the following disclaimer. | 13 | * notice, this list of conditions and the following disclaimer. | |
14 | * 2. Redistributions in binary form must reproduce the above copyright | 14 | * 2. Redistributions in binary form must reproduce the above copyright | |
@@ -3076,26 +3076,36 @@ script_hook(iph1, script) | @@ -3076,26 +3076,36 @@ script_hook(iph1, script) | |||
3076 | plog(LLV_ERROR, LOCATION, NULL, | 3076 | plog(LLV_ERROR, LOCATION, NULL, | |
3077 | "Cannot set REMOTE_ADDR\n"); | 3077 | "Cannot set REMOTE_ADDR\n"); | |
3078 | goto out; | 3078 | goto out; | |
3079 | } | 3079 | } | |
3080 | 3080 | |||
3081 | if (script_env_append(&envp, &envc, | 3081 | if (script_env_append(&envp, &envc, | |
3082 | "REMOTE_PORT", portstr) != 0) { | 3082 | "REMOTE_PORT", portstr) != 0) { | |
3083 | plog(LLV_ERROR, LOCATION, NULL, | 3083 | plog(LLV_ERROR, LOCATION, NULL, | |
3084 | "Cannot set REMOTEL_PORT\n"); | 3084 | "Cannot set REMOTEL_PORT\n"); | |
3085 | goto out; | 3085 | goto out; | |
3086 | } | 3086 | } | |
3087 | } | 3087 | } | |
3088 | 3088 | |||
3089 | /* Peer identity. */ | |||
3090 | if (iph1->id_p != NULL) { | |||
3091 | if (script_env_append(&envp, &envc, "REMOTE_ID", | |||
3092 | ipsecdoi_id2str(iph1->id_p)) != 0) { | |||
3093 | plog(LLV_ERROR, LOCATION, NULL, | |||
3094 | "Cannot set REMOTE_ID\n"); | |||
3095 | goto out; | |||
3096 | } | |||
3097 | } | |||
3098 | ||||
3089 | if (privsep_script_exec(iph1->rmconf->script[script]->v, | 3099 | if (privsep_script_exec(iph1->rmconf->script[script]->v, | |
3090 | script, envp) != 0) | 3100 | script, envp) != 0) | |
3091 | plog(LLV_ERROR, LOCATION, NULL, | 3101 | plog(LLV_ERROR, LOCATION, NULL, | |
3092 | "Script %s execution failed\n", script_names[script]); | 3102 | "Script %s execution failed\n", script_names[script]); | |
3093 | 3103 | |||
3094 | out: | 3104 | out: | |
3095 | for (c = envp; *c; c++) | 3105 | for (c = envp; *c; c++) | |
3096 | racoon_free(*c); | 3106 | racoon_free(*c); | |
3097 | 3107 | |||
3098 | racoon_free(envp); | 3108 | racoon_free(envp); | |
3099 | 3109 | |||
3100 | return; | 3110 | return; | |
3101 | } | 3111 | } |
--- src/crypto/dist/ipsec-tools/src/racoon/racoon.conf.5 2009/02/08 18:42:18 1.46.4.1
+++ src/crypto/dist/ipsec-tools/src/racoon/racoon.conf.5 2010/04/21 05:17:36 1.46.4.1.4.1
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | .\" $NetBSD: racoon.conf.5,v 1.46.4.1 2009/02/08 18:42:18 snj Exp $ | 1 | .\" $NetBSD: racoon.conf.5,v 1.46.4.1.4.1 2010/04/21 05:17:36 matt Exp $ | |
2 | .\" | 2 | .\" | |
3 | .\" Id: racoon.conf.5,v 1.54 2006/08/22 18:17:17 manubsd Exp | 3 | .\" Id: racoon.conf.5,v 1.54 2006/08/22 18:17:17 manubsd Exp | |
4 | .\" | 4 | .\" | |
5 | .\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | 5 | .\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | |
6 | .\" All rights reserved. | 6 | .\" All rights reserved. | |
7 | .\" | 7 | .\" | |
8 | .\" Redistribution and use in source and binary forms, with or without | 8 | .\" Redistribution and use in source and binary forms, with or without | |
9 | .\" modification, are permitted provided that the following conditions | 9 | .\" modification, are permitted provided that the following conditions | |
10 | .\" are met: | 10 | .\" are met: | |
11 | .\" 1. Redistributions of source code must retain the above copyright | 11 | .\" 1. Redistributions of source code must retain the above copyright | |
12 | .\" notice, this list of conditions and the following disclaimer. | 12 | .\" notice, this list of conditions and the following disclaimer. | |
13 | .\" 2. Redistributions in binary form must reproduce the above copyright | 13 | .\" 2. Redistributions in binary form must reproduce the above copyright | |
14 | .\" notice, this list of conditions and the following disclaimer in the | 14 | .\" notice, this list of conditions and the following disclaimer in the | |
@@ -564,26 +564,28 @@ Both scripts get either | @@ -564,26 +564,28 @@ Both scripts get either | |||
564 | or | 564 | or | |
565 | .Ic phase1_down | 565 | .Ic phase1_down | |
566 | as first argument, and the following | 566 | as first argument, and the following | |
567 | variables are set in their environment: | 567 | variables are set in their environment: | |
568 | .Bl -tag -width Ds -compact | 568 | .Bl -tag -width Ds -compact | |
569 | .It Ev LOCAL_ADDR | 569 | .It Ev LOCAL_ADDR | |
570 | The local address of the phase 1 SA. | 570 | The local address of the phase 1 SA. | |
571 | .It Ev LOCAL_PORT | 571 | .It Ev LOCAL_PORT | |
572 | The local port used for IKE for the phase 1 SA. | 572 | The local port used for IKE for the phase 1 SA. | |
573 | .It Ev REMOTE_ADDR | 573 | .It Ev REMOTE_ADDR | |
574 | The remote address of the phase 1 SA. | 574 | The remote address of the phase 1 SA. | |
575 | .It Ev REMOTE_PORT | 575 | .It Ev REMOTE_PORT | |
576 | The remote port used for IKE for the phase 1 SA. | 576 | The remote port used for IKE for the phase 1 SA. | |
577 | .It Ev REMOTE_ID | |||
578 | The remote identity received in IKE for the phase 1 SA. | |||
577 | .El | 579 | .El | |
578 | The following variables are only set if | 580 | The following variables are only set if | |
579 | .Ic mode_cfg | 581 | .Ic mode_cfg | |
580 | was enabled: | 582 | was enabled: | |
581 | .Bl -tag -width Ds -compact | 583 | .Bl -tag -width Ds -compact | |
582 | .It INTERNAL_ADDR4 | 584 | .It INTERNAL_ADDR4 | |
583 | An IPv4 internal address obtained by ISAKMP mode config. | 585 | An IPv4 internal address obtained by ISAKMP mode config. | |
584 | .It INTERNAL_NETMASK4 | 586 | .It INTERNAL_NETMASK4 | |
585 | An IPv4 internal netmask obtained by ISAKMP mode config. | 587 | An IPv4 internal netmask obtained by ISAKMP mode config. | |
586 | .It INTERNAL_CIDR4 | 588 | .It INTERNAL_CIDR4 | |
587 | An IPv4 internal netmask obtained by ISAKMP mode config, in CIDR notation. | 589 | An IPv4 internal netmask obtained by ISAKMP mode config, in CIDR notation. | |
588 | .It INTERNAL_DNS4 | 590 | .It INTERNAL_DNS4 | |
589 | The first internal DNS server IPv4 address obtained by ISAKMP mode config. | 591 | The first internal DNS server IPv4 address obtained by ISAKMP mode config. |
--- src/crypto/dist/openssl/crypto/comp/Attic/c_zlib.c 2008/05/09 21:34:23 1.1.1.7
+++ src/crypto/dist/openssl/crypto/comp/Attic/c_zlib.c 2010/04/21 05:17:37 1.1.1.7.10.1
@@ -126,35 +126,26 @@ static DSO *zlib_dso = NULL; | @@ -126,35 +126,26 @@ static DSO *zlib_dso = NULL; | |||
126 | #define deflate p_deflate | 126 | #define deflate p_deflate | |
127 | #define deflateInit_ p_deflateInit_ | 127 | #define deflateInit_ p_deflateInit_ | |
128 | #define zError p_zError | 128 | #define zError p_zError | |
129 | #endif /* ZLIB_SHARED */ | 129 | #endif /* ZLIB_SHARED */ | |
130 | 130 | |||
131 | struct zlib_state | 131 | struct zlib_state | |
132 | { | 132 | { | |
133 | z_stream istream; | 133 | z_stream istream; | |
134 | z_stream ostream; | 134 | z_stream ostream; | |
135 | }; | 135 | }; | |
136 | 136 | |||
137 | static int zlib_stateful_ex_idx = -1; | 137 | static int zlib_stateful_ex_idx = -1; | |
138 | 138 | |||
139 | static void zlib_stateful_free_ex_data(void *obj, void *item, | |||
140 | CRYPTO_EX_DATA *ad, int ind,long argl, void *argp) | |||
141 | { | |||
142 | struct zlib_state *state = (struct zlib_state *)item; | |||
143 | inflateEnd(&state->istream); | |||
144 | deflateEnd(&state->ostream); | |||
145 | OPENSSL_free(state); | |||
146 | } | |||
147 | ||||
148 | static int zlib_stateful_init(COMP_CTX *ctx) | 139 | static int zlib_stateful_init(COMP_CTX *ctx) | |
149 | { | 140 | { | |
150 | int err; | 141 | int err; | |
151 | struct zlib_state *state = | 142 | struct zlib_state *state = | |
152 | (struct zlib_state *)OPENSSL_malloc(sizeof(struct zlib_state)); | 143 | (struct zlib_state *)OPENSSL_malloc(sizeof(struct zlib_state)); | |
153 | 144 | |||
154 | if (state == NULL) | 145 | if (state == NULL) | |
155 | goto err; | 146 | goto err; | |
156 | 147 | |||
157 | state->istream.zalloc = zlib_zalloc; | 148 | state->istream.zalloc = zlib_zalloc; | |
158 | state->istream.zfree = zlib_zfree; | 149 | state->istream.zfree = zlib_zfree; | |
159 | state->istream.opaque = Z_NULL; | 150 | state->istream.opaque = Z_NULL; | |
160 | state->istream.next_in = Z_NULL; | 151 | state->istream.next_in = Z_NULL; | |
@@ -178,26 +169,32 @@ static int zlib_stateful_init(COMP_CTX * | @@ -178,26 +169,32 @@ static int zlib_stateful_init(COMP_CTX * | |||
178 | if (err != Z_OK) | 169 | if (err != Z_OK) | |
179 | goto err; | 170 | goto err; | |
180 | 171 | |||
181 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_COMP,ctx,&ctx->ex_data); | 172 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_COMP,ctx,&ctx->ex_data); | |
182 | CRYPTO_set_ex_data(&ctx->ex_data,zlib_stateful_ex_idx,state); | 173 | CRYPTO_set_ex_data(&ctx->ex_data,zlib_stateful_ex_idx,state); | |
183 | return 1; | 174 | return 1; | |
184 | err: | 175 | err: | |
185 | if (state) OPENSSL_free(state); | 176 | if (state) OPENSSL_free(state); | |
186 | return 0; | 177 | return 0; | |
187 | } | 178 | } | |
188 | 179 | |||
189 | static void zlib_stateful_finish(COMP_CTX *ctx) | 180 | static void zlib_stateful_finish(COMP_CTX *ctx) | |
190 | { | 181 | { | |
182 | struct zlib_state *state = | |||
183 | (struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data, | |||
184 | zlib_stateful_ex_idx); | |||
185 | inflateEnd(&state->istream); | |||
186 | deflateEnd(&state->ostream); | |||
187 | OPENSSL_free(state); | |||
191 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_COMP,ctx,&ctx->ex_data); | 188 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_COMP,ctx,&ctx->ex_data); | |
192 | } | 189 | } | |
193 | 190 | |||
194 | static int zlib_stateful_compress_block(COMP_CTX *ctx, unsigned char *out, | 191 | static int zlib_stateful_compress_block(COMP_CTX *ctx, unsigned char *out, | |
195 | unsigned int olen, unsigned char *in, unsigned int ilen) | 192 | unsigned int olen, unsigned char *in, unsigned int ilen) | |
196 | { | 193 | { | |
197 | int err = Z_OK; | 194 | int err = Z_OK; | |
198 | struct zlib_state *state = | 195 | struct zlib_state *state = | |
199 | (struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data, | 196 | (struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data, | |
200 | zlib_stateful_ex_idx); | 197 | zlib_stateful_ex_idx); | |
201 | 198 | |||
202 | if (state == NULL) | 199 | if (state == NULL) | |
203 | return -1; | 200 | return -1; | |
@@ -392,27 +389,27 @@ COMP_METHOD *COMP_zlib(void) | @@ -392,27 +389,27 @@ COMP_METHOD *COMP_zlib(void) | |||
392 | if (zlib_loaded) | 389 | if (zlib_loaded) | |
393 | #endif | 390 | #endif | |
394 | #if defined(ZLIB) || defined(ZLIB_SHARED) | 391 | #if defined(ZLIB) || defined(ZLIB_SHARED) | |
395 | { | 392 | { | |
396 | /* init zlib_stateful_ex_idx here so that in a multi-process | 393 | /* init zlib_stateful_ex_idx here so that in a multi-process | |
397 | * application it's enough to intialize openssl before forking | 394 | * application it's enough to intialize openssl before forking | |
398 | * (idx will be inherited in all the children) */ | 395 | * (idx will be inherited in all the children) */ | |
399 | if (zlib_stateful_ex_idx == -1) | 396 | if (zlib_stateful_ex_idx == -1) | |
400 | { | 397 | { | |
401 | CRYPTO_w_lock(CRYPTO_LOCK_COMP); | 398 | CRYPTO_w_lock(CRYPTO_LOCK_COMP); | |
402 | if (zlib_stateful_ex_idx == -1) | 399 | if (zlib_stateful_ex_idx == -1) | |
403 | zlib_stateful_ex_idx = | 400 | zlib_stateful_ex_idx = | |
404 | CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_COMP, | 401 | CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_COMP, | |
405 | 0,NULL,NULL,NULL,zlib_stateful_free_ex_data); | 402 | 0,NULL,NULL,NULL,NULL); | |
406 | CRYPTO_w_unlock(CRYPTO_LOCK_COMP); | 403 | CRYPTO_w_unlock(CRYPTO_LOCK_COMP); | |
407 | if (zlib_stateful_ex_idx == -1) | 404 | if (zlib_stateful_ex_idx == -1) | |
408 | goto err; | 405 | goto err; | |
409 | } | 406 | } | |
410 | 407 | |||
411 | meth = &zlib_stateful_method; | 408 | meth = &zlib_stateful_method; | |
412 | } | 409 | } | |
413 | err: | 410 | err: | |
414 | #endif | 411 | #endif | |
415 | 412 | |||
416 | return(meth); | 413 | return(meth); | |
417 | } | 414 | } | |
418 | 415 |
--- src/crypto/dist/openssl/crypto/evp/Attic/m_sha1.c 2009/07/14 19:35:22 1.1.1.5.8.1
+++ src/crypto/dist/openssl/crypto/evp/Attic/m_sha1.c 2010/04/21 05:17:37 1.1.1.5.8.1.2.1
@@ -148,40 +148,44 @@ static const EVP_MD sha256_md= | @@ -148,40 +148,44 @@ static const EVP_MD sha256_md= | |||
148 | sizeof(EVP_MD *)+sizeof(SHA256_CTX), | 148 | sizeof(EVP_MD *)+sizeof(SHA256_CTX), | |
149 | }; | 149 | }; | |
150 | 150 | |||
151 | const EVP_MD *EVP_sha256(void) | 151 | const EVP_MD *EVP_sha256(void) | |
152 | { return(&sha256_md); } | 152 | { return(&sha256_md); } | |
153 | #endif /* ifndef OPENSSL_NO_SHA256 */ | 153 | #endif /* ifndef OPENSSL_NO_SHA256 */ | |
154 | 154 | |||
155 | #ifndef OPENSSL_NO_SHA512 | 155 | #ifndef OPENSSL_NO_SHA512 | |
156 | static int init384(EVP_MD_CTX *ctx) | 156 | static int init384(EVP_MD_CTX *ctx) | |
157 | { return SHA384_Init(ctx->md_data); } | 157 | { return SHA384_Init(ctx->md_data); } | |
158 | static int init512(EVP_MD_CTX *ctx) | 158 | static int init512(EVP_MD_CTX *ctx) | |
159 | { return SHA512_Init(ctx->md_data); } | 159 | { return SHA512_Init(ctx->md_data); } | |
160 | /* See comment in SHA224/256 section */ | 160 | /* See comment in SHA224/256 section */ | |
161 | static int update384(EVP_MD_CTX *ctx,const void *data,size_t count) | |||
162 | { return SHA384_Update(ctx->md_data,data,count); } | |||
161 | static int update512(EVP_MD_CTX *ctx,const void *data,size_t count) | 163 | static int update512(EVP_MD_CTX *ctx,const void *data,size_t count) | |
162 | { return SHA512_Update(ctx->md_data,data,count); } | 164 | { return SHA512_Update(ctx->md_data,data,count); } | |
165 | static int final384(EVP_MD_CTX *ctx,unsigned char *md) | |||
166 | { return SHA384_Final(md,ctx->md_data); } | |||
163 | static int final512(EVP_MD_CTX *ctx,unsigned char *md) | 167 | static int final512(EVP_MD_CTX *ctx,unsigned char *md) | |
164 | { return SHA512_Final(md,ctx->md_data); } | 168 | { return SHA512_Final(md,ctx->md_data); } | |
165 | 169 | |||
166 | static const EVP_MD sha384_md= | 170 | static const EVP_MD sha384_md= | |
167 | { | 171 | { | |
168 | NID_sha384, | 172 | NID_sha384, | |
169 | NID_sha384WithRSAEncryption, | 173 | NID_sha384WithRSAEncryption, | |
170 | SHA384_DIGEST_LENGTH, | 174 | SHA384_DIGEST_LENGTH, | |
171 | EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT, | 175 | EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT, | |
172 | init384, | 176 | init384, | |
173 | update512, | 177 | update384, | |
174 | final512, | 178 | final384, | |
175 | NULL, | 179 | NULL, | |
176 | NULL, | 180 | NULL, | |
177 | EVP_PKEY_RSA_method, | 181 | EVP_PKEY_RSA_method, | |
178 | SHA512_CBLOCK, | 182 | SHA512_CBLOCK, | |
179 | sizeof(EVP_MD *)+sizeof(SHA512_CTX), | 183 | sizeof(EVP_MD *)+sizeof(SHA512_CTX), | |
180 | }; | 184 | }; | |
181 | 185 | |||
182 | const EVP_MD *EVP_sha384(void) | 186 | const EVP_MD *EVP_sha384(void) | |
183 | { return(&sha384_md); } | 187 | { return(&sha384_md); } | |
184 | 188 | |||
185 | static const EVP_MD sha512_md= | 189 | static const EVP_MD sha512_md= | |
186 | { | 190 | { | |
187 | NID_sha512, | 191 | NID_sha512, |
--- src/crypto/dist/openssl/ssl/Attic/s3_enc.c 2008/05/09 21:34:44 1.1.1.12
+++ src/crypto/dist/openssl/ssl/Attic/s3_enc.c 2010/04/21 05:17:37 1.1.1.12.10.1
@@ -560,27 +560,27 @@ void ssl3_free_digest_list(SSL *s) | @@ -560,27 +560,27 @@ void ssl3_free_digest_list(SSL *s) | |||
560 | } | 560 | } | |
561 | OPENSSL_free(s->s3->handshake_dgst); | 561 | OPENSSL_free(s->s3->handshake_dgst); | |
562 | s->s3->handshake_dgst=NULL; | 562 | s->s3->handshake_dgst=NULL; | |
563 | } | 563 | } | |
564 | 564 | |||
565 | 565 | |||
566 | 566 | |||
567 | void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len) | 567 | void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len) | |
568 | { | 568 | { | |
569 | if (s->s3->handshake_buffer) | 569 | if (s->s3->handshake_buffer) | |
570 | { | 570 | { | |
571 | BIO_write (s->s3->handshake_buffer,(void *)buf,len); | 571 | BIO_write (s->s3->handshake_buffer,(void *)buf,len); | |
572 | } | 572 | } | |
573 | else | 573 | else if (s->s3->handshake_dgst != NULL) | |
574 | { | 574 | { | |
575 | int i; | 575 | int i; | |
576 | for (i=0;i< SSL_MAX_DIGEST;i++) | 576 | for (i=0;i< SSL_MAX_DIGEST;i++) | |
577 | { | 577 | { | |
578 | if (s->s3->handshake_dgst[i]!= NULL) | 578 | if (s->s3->handshake_dgst[i]!= NULL) | |
579 | EVP_DigestUpdate(s->s3->handshake_dgst[i],buf,len); | 579 | EVP_DigestUpdate(s->s3->handshake_dgst[i],buf,len); | |
580 | } | 580 | } | |
581 | } | 581 | } | |
582 | } | 582 | } | |
583 | void ssl3_digest_cached_records(SSL *s) | 583 | void ssl3_digest_cached_records(SSL *s) | |
584 | { | 584 | { | |
585 | int i; | 585 | int i; | |
586 | long mask; | 586 | long mask; |
--- src/crypto/dist/openssl/ssl/Attic/t1_enc.c 2008/05/09 21:34:46 1.1.1.12
+++ src/crypto/dist/openssl/ssl/Attic/t1_enc.c 2010/04/21 05:17:37 1.1.1.12.10.1
@@ -740,34 +740,36 @@ int tls1_enc(SSL *s, int send) | @@ -740,34 +740,36 @@ int tls1_enc(SSL *s, int send) | |||
740 | rec->length-=i; | 740 | rec->length-=i; | |
741 | } | 741 | } | |
742 | } | 742 | } | |
743 | return(1); | 743 | return(1); | |
744 | } | 744 | } | |
745 | int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out) | 745 | int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out) | |
746 | { | 746 | { | |
747 | unsigned int ret; | 747 | unsigned int ret; | |
748 | EVP_MD_CTX ctx, *d=NULL; | 748 | EVP_MD_CTX ctx, *d=NULL; | |
749 | int i; | 749 | int i; | |
750 | 750 | |||
751 | if (s->s3->handshake_buffer) | 751 | if (s->s3->handshake_buffer) | |
752 | ssl3_digest_cached_records(s); | 752 | ssl3_digest_cached_records(s); | |
753 | for (i=0;i<SSL_MAX_DIGEST;i++) | 753 | if (s->s3->handshake_dgst) { | |
754 | { | 754 | for (i=0;i<SSL_MAX_DIGEST;i++) | |
755 | if (s->s3->handshake_dgst[i]&&EVP_MD_CTX_type(s->s3->handshake_dgst[i])==md_nid) | 755 | { | |
756 | { | 756 | if (s->s3->handshake_dgst[i]&&EVP_MD_CTX_type(s->s3->handshake_dgst[i])==md_nid) | |
757 | d=s->s3->handshake_dgst[i]; | 757 | { | |
758 | break; | 758 | d=s->s3->handshake_dgst[i]; | |
759 | break; | |||
760 | } | |||
759 | } | 761 | } | |
760 | } | 762 | } | |
761 | if (!d) { | 763 | if (!d) { | |
762 | SSLerr(SSL_F_TLS1_CERT_VERIFY_MAC,SSL_R_NO_REQUIRED_DIGEST); | 764 | SSLerr(SSL_F_TLS1_CERT_VERIFY_MAC,SSL_R_NO_REQUIRED_DIGEST); | |
763 | return 0; | 765 | return 0; | |
764 | } | 766 | } | |
765 | 767 | |||
766 | EVP_MD_CTX_init(&ctx); | 768 | EVP_MD_CTX_init(&ctx); | |
767 | EVP_MD_CTX_copy_ex(&ctx,d); | 769 | EVP_MD_CTX_copy_ex(&ctx,d); | |
768 | EVP_DigestFinal_ex(&ctx,out,&ret); | 770 | EVP_DigestFinal_ex(&ctx,out,&ret); | |
769 | EVP_MD_CTX_cleanup(&ctx); | 771 | EVP_MD_CTX_cleanup(&ctx); | |
770 | return((int)ret); | 772 | return((int)ret); | |
771 | } | 773 | } | |
772 | 774 | |||
773 | int tls1_final_finish_mac(SSL *s, | 775 | int tls1_final_finish_mac(SSL *s, | |
@@ -784,27 +786,28 @@ int tls1_final_finish_mac(SSL *s, | @@ -784,27 +786,28 @@ int tls1_final_finish_mac(SSL *s, | |||
784 | 786 | |||
785 | q=buf; | 787 | q=buf; | |
786 | 788 | |||
787 | EVP_MD_CTX_init(&ctx); | 789 | EVP_MD_CTX_init(&ctx); | |
788 | 790 | |||
789 | if (s->s3->handshake_buffer) | 791 | if (s->s3->handshake_buffer) | |
790 | ssl3_digest_cached_records(s); | 792 | ssl3_digest_cached_records(s); | |
791 | 793 | |||
792 | for (idx=0;ssl_get_handshake_digest(idx,&mask,&md);idx++) | 794 | for (idx=0;ssl_get_handshake_digest(idx,&mask,&md);idx++) | |
793 | { | 795 | { | |
794 | if (mask & s->s3->tmp.new_cipher->algorithm2) | 796 | if (mask & s->s3->tmp.new_cipher->algorithm2) | |
795 | { | 797 | { | |
796 | unsigned int hashsize = EVP_MD_size(md); | 798 | unsigned int hashsize = EVP_MD_size(md); | |
797 | if (hashsize > (sizeof buf - (size_t)(q-buf))) | 799 | if (hashsize > (sizeof buf - (size_t)(q-buf)) || | |
800 | s->s3->handshake_dgst == NULL) | |||
798 | { | 801 | { | |
799 | /* internal error: 'buf' is too small for this cipersuite! */ | 802 | /* internal error: 'buf' is too small for this cipersuite! */ | |
800 | err = 1; | 803 | err = 1; | |
801 | } | 804 | } | |
802 | else | 805 | else | |
803 | { | 806 | { | |
804 | EVP_MD_CTX_copy_ex(&ctx,s->s3->handshake_dgst[idx]); | 807 | EVP_MD_CTX_copy_ex(&ctx,s->s3->handshake_dgst[idx]); | |
805 | EVP_DigestFinal_ex(&ctx,q,&i); | 808 | EVP_DigestFinal_ex(&ctx,q,&i); | |
806 | if (i != hashsize) /* can't really happen */ | 809 | if (i != hashsize) /* can't really happen */ | |
807 | err = 1; | 810 | err = 1; | |
808 | q+=i; | 811 | q+=i; | |
809 | } | 812 | } | |
810 | } | 813 | } |
--- src/crypto/dist/openssl/ssl/Attic/s3_lib.c 2008/06/10 19:45:00 1.14
+++ src/crypto/dist/openssl/ssl/Attic/s3_lib.c 2010/04/21 05:17:37 1.14.10.1
@@ -3279,26 +3279,29 @@ int ssl3_read(SSL *s, void *buf, int len | @@ -3279,26 +3279,29 @@ int ssl3_read(SSL *s, void *buf, int len | |||
3279 | int ssl3_peek(SSL *s, void *buf, int len) | 3279 | int ssl3_peek(SSL *s, void *buf, int len) | |
3280 | { | 3280 | { | |
3281 | return ssl3_read_internal(s, buf, len, 1); | 3281 | return ssl3_read_internal(s, buf, len, 1); | |
3282 | } | 3282 | } | |
3283 | 3283 | |||
3284 | int ssl3_renegotiate(SSL *s) | 3284 | int ssl3_renegotiate(SSL *s) | |
3285 | { | 3285 | { | |
3286 | if (s->handshake_func == NULL) | 3286 | if (s->handshake_func == NULL) | |
3287 | return(1); | 3287 | return(1); | |
3288 | 3288 | |||
3289 | if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) | 3289 | if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) | |
3290 | return(0); | 3290 | return(0); | |
3291 | 3291 | |||
3292 | if (!(s->s3->flags & SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) | |||
3293 | return(0); | |||
3294 | ||||
3292 | s->s3->renegotiate=1; | 3295 | s->s3->renegotiate=1; | |
3293 | return(1); | 3296 | return(1); | |
3294 | } | 3297 | } | |
3295 | 3298 | |||
3296 | int ssl3_renegotiate_check(SSL *s) | 3299 | int ssl3_renegotiate_check(SSL *s) | |
3297 | { | 3300 | { | |
3298 | int ret=0; | 3301 | int ret=0; | |
3299 | 3302 | |||
3300 | if (s->s3->renegotiate) | 3303 | if (s->s3->renegotiate) | |
3301 | { | 3304 | { | |
3302 | if ( (s->s3->rbuf.left == 0) && | 3305 | if ( (s->s3->rbuf.left == 0) && | |
3303 | (s->s3->wbuf.left == 0) && | 3306 | (s->s3->wbuf.left == 0) && | |
3304 | !SSL_in_init(s)) | 3307 | !SSL_in_init(s)) |
--- src/crypto/dist/openssl/ssl/Attic/s3_pkt.c 2009/07/05 00:31:20 1.9.8.1
+++ src/crypto/dist/openssl/ssl/Attic/s3_pkt.c 2010/04/21 05:17:37 1.9.8.1.2.1
@@ -303,29 +303,29 @@ again: | @@ -303,29 +303,29 @@ again: | |||
303 | ssl_minor= *(p++); | 303 | ssl_minor= *(p++); | |
304 | version=(ssl_major<<8)|ssl_minor; | 304 | version=(ssl_major<<8)|ssl_minor; | |
305 | n2s(p,rr->length); | 305 | n2s(p,rr->length); | |
306 | #if 0 | 306 | #if 0 | |
307 | fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length); | 307 | fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length); | |
308 | #endif | 308 | #endif | |
309 | 309 | |||
310 | /* Lets check version */ | 310 | /* Lets check version */ | |
311 | if (!s->first_packet) | 311 | if (!s->first_packet) | |
312 | { | 312 | { | |
313 | if (version != s->version) | 313 | if (version != s->version) | |
314 | { | 314 | { | |
315 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); | 315 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); | |
316 | /* Send back error using their | 316 | if ((s->version & 0xFF00) == (version & 0xFF00)) | |
317 | * version number :-) */ | 317 | /* Send back error using their minor version number :-) */ | |
318 | s->version=version; | 318 | s->version = (unsigned short)version; | |
319 | al=SSL_AD_PROTOCOL_VERSION; | 319 | al=SSL_AD_PROTOCOL_VERSION; | |
320 | goto f_err; | 320 | goto f_err; | |
321 | } | 321 | } | |
322 | } | 322 | } | |
323 | 323 | |||
324 | if ((version>>8) != SSL3_VERSION_MAJOR) | 324 | if ((version>>8) != SSL3_VERSION_MAJOR) | |
325 | { | 325 | { | |
326 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); | 326 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); | |
327 | goto err; | 327 | goto err; | |
328 | } | 328 | } | |
329 | 329 | |||
330 | if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH) | 330 | if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH) | |
331 | { | 331 | { | |
@@ -1031,26 +1031,27 @@ start: | @@ -1031,26 +1031,27 @@ start: | |||
1031 | (s->s3->handshake_fragment[2] != 0) || | 1031 | (s->s3->handshake_fragment[2] != 0) || | |
1032 | (s->s3->handshake_fragment[3] != 0)) | 1032 | (s->s3->handshake_fragment[3] != 0)) | |
1033 | { | 1033 | { | |
1034 | al=SSL_AD_DECODE_ERROR; | 1034 | al=SSL_AD_DECODE_ERROR; | |
1035 | SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_HELLO_REQUEST); | 1035 | SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_HELLO_REQUEST); | |
1036 | goto f_err; | 1036 | goto f_err; | |
1037 | } | 1037 | } | |
1038 | 1038 | |||
1039 | if (s->msg_callback) | 1039 | if (s->msg_callback) | |
1040 | s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->s3->handshake_fragment, 4, s, s->msg_callback_arg); | 1040 | s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->s3->handshake_fragment, 4, s, s->msg_callback_arg); | |
1041 | 1041 | |||
1042 | if (SSL_is_init_finished(s) && | 1042 | if (SSL_is_init_finished(s) && | |
1043 | !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && | 1043 | !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && | |
1044 | (s->s3->flags & SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) && | |||
1044 | !s->s3->renegotiate) | 1045 | !s->s3->renegotiate) | |
1045 | { | 1046 | { | |
1046 | ssl3_renegotiate(s); | 1047 | ssl3_renegotiate(s); | |
1047 | if (ssl3_renegotiate_check(s)) | 1048 | if (ssl3_renegotiate_check(s)) | |
1048 | { | 1049 | { | |
1049 | i=s->handshake_func(s); | 1050 | i=s->handshake_func(s); | |
1050 | if (i < 0) return(i); | 1051 | if (i < 0) return(i); | |
1051 | if (i == 0) | 1052 | if (i == 0) | |
1052 | { | 1053 | { | |
1053 | SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); | 1054 | SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); | |
1054 | return(-1); | 1055 | return(-1); | |
1055 | } | 1056 | } | |
1056 | 1057 | |||
@@ -1163,27 +1164,28 @@ start: | @@ -1163,27 +1164,28 @@ start: | |||
1163 | s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, rr->data, 1, s, s->msg_callback_arg); | 1164 | s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, rr->data, 1, s, s->msg_callback_arg); | |
1164 | 1165 | |||
1165 | s->s3->change_cipher_spec=1; | 1166 | s->s3->change_cipher_spec=1; | |
1166 | if (!ssl3_do_change_cipher_spec(s)) | 1167 | if (!ssl3_do_change_cipher_spec(s)) | |
1167 | goto err; | 1168 | goto err; | |
1168 | else | 1169 | else | |
1169 | goto start; | 1170 | goto start; | |
1170 | } | 1171 | } | |
1171 | 1172 | |||
1172 | /* Unexpected handshake message (Client Hello, or protocol violation) */ | 1173 | /* Unexpected handshake message (Client Hello, or protocol violation) */ | |
1173 | if ((s->s3->handshake_fragment_len >= 4) && !s->in_handshake) | 1174 | if ((s->s3->handshake_fragment_len >= 4) && !s->in_handshake) | |
1174 | { | 1175 | { | |
1175 | if (((s->state&SSL_ST_MASK) == SSL_ST_OK) && | 1176 | if (((s->state&SSL_ST_MASK) == SSL_ST_OK) && | |
1176 | !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) | 1177 | !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && | |
1178 | (s->s3->flags & SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) | |||
1177 | { | 1179 | { | |
1178 | #if 0 /* worked only because C operator preferences are not as expected (and | 1180 | #if 0 /* worked only because C operator preferences are not as expected (and | |
1179 | * because this is not really needed for clients except for detecting | 1181 | * because this is not really needed for clients except for detecting | |
1180 | * protocol violations): */ | 1182 | * protocol violations): */ | |
1181 | s->state=SSL_ST_BEFORE|(s->server) | 1183 | s->state=SSL_ST_BEFORE|(s->server) | |
1182 | ?SSL_ST_ACCEPT | 1184 | ?SSL_ST_ACCEPT | |
1183 | :SSL_ST_CONNECT; | 1185 | :SSL_ST_CONNECT; | |
1184 | #else | 1186 | #else | |
1185 | s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT; | 1187 | s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT; | |
1186 | #endif | 1188 | #endif | |
1187 | s->new_session=1; | 1189 | s->new_session=1; | |
1188 | } | 1190 | } | |
1189 | i=s->handshake_func(s); | 1191 | i=s->handshake_func(s); |
--- src/crypto/dist/openssl/ssl/Attic/s3_srvr.c 2009/01/20 21:28:09 1.15.4.1
+++ src/crypto/dist/openssl/ssl/Attic/s3_srvr.c 2010/04/21 05:17:37 1.15.4.1.4.1
@@ -522,32 +522,34 @@ int ssl3_accept(SSL *s) | @@ -522,32 +522,34 @@ int ssl3_accept(SSL *s) | |||
522 | { | 522 | { | |
523 | int offset=0; | 523 | int offset=0; | |
524 | int dgst_num; | 524 | int dgst_num; | |
525 | s->state=SSL3_ST_SR_CERT_VRFY_A; | 525 | s->state=SSL3_ST_SR_CERT_VRFY_A; | |
526 | s->init_num=0; | 526 | s->init_num=0; | |
527 | 527 | |||
528 | /* We need to get hashes here so if there is | 528 | /* We need to get hashes here so if there is | |
529 | * a client cert, it can be verified | 529 | * a client cert, it can be verified | |
530 | * FIXME - digest processing for CertificateVerify | 530 | * FIXME - digest processing for CertificateVerify | |
531 | * should be generalized. But it is next step | 531 | * should be generalized. But it is next step | |
532 | */ | 532 | */ | |
533 | if (s->s3->handshake_buffer) | 533 | if (s->s3->handshake_buffer) | |
534 | ssl3_digest_cached_records(s); | 534 | ssl3_digest_cached_records(s); | |
535 | for (dgst_num=0; dgst_num<SSL_MAX_DIGEST;dgst_num++) | 535 | if (s->s3->handshake_dgst != NULL) { | |
536 | if (s->s3->handshake_dgst[dgst_num]) | 536 | for (dgst_num=0; dgst_num<SSL_MAX_DIGEST;dgst_num++) | |
537 | { | 537 | if (s->s3->handshake_dgst[dgst_num]) | |
538 | s->method->ssl3_enc->cert_verify_mac(s,EVP_MD_CTX_type(s->s3->handshake_dgst[dgst_num]),&(s->s3->tmp.cert_verify_md[offset])); | 538 | { | |
539 | offset+=EVP_MD_CTX_size(s->s3->handshake_dgst[dgst_num]); | 539 | s->method->ssl3_enc->cert_verify_mac(s,EVP_MD_CTX_type(s->s3->handshake_dgst[dgst_num]),&(s->s3->tmp.cert_verify_md[offset])); | |
540 | } | 540 | offset+=EVP_MD_CTX_size(s->s3->handshake_dgst[dgst_num]); | |
541 | } | |||
542 | } | |||
541 | } | 543 | } | |
542 | break; | 544 | break; | |
543 | 545 | |||
544 | case SSL3_ST_SR_CERT_VRFY_A: | 546 | case SSL3_ST_SR_CERT_VRFY_A: | |
545 | case SSL3_ST_SR_CERT_VRFY_B: | 547 | case SSL3_ST_SR_CERT_VRFY_B: | |
546 | 548 | |||
547 | /* we should decide if we expected this one */ | 549 | /* we should decide if we expected this one */ | |
548 | ret=ssl3_get_cert_verify(s); | 550 | ret=ssl3_get_cert_verify(s); | |
549 | if (ret <= 0) goto end; | 551 | if (ret <= 0) goto end; | |
550 | 552 | |||
551 | s->state=SSL3_ST_SR_FINISHED_A; | 553 | s->state=SSL3_ST_SR_FINISHED_A; | |
552 | s->init_num=0; | 554 | s->init_num=0; | |
553 | break; | 555 | break; | |
@@ -753,26 +755,34 @@ int ssl3_check_client_hello(SSL *s) | @@ -753,26 +755,34 @@ int ssl3_check_client_hello(SSL *s) | |||
753 | int ssl3_get_client_hello(SSL *s) | 755 | int ssl3_get_client_hello(SSL *s) | |
754 | { | 756 | { | |
755 | int i,j,ok,al,ret= -1; | 757 | int i,j,ok,al,ret= -1; | |
756 | unsigned int cookie_len; | 758 | unsigned int cookie_len; | |
757 | long n; | 759 | long n; | |
758 | unsigned long id; | 760 | unsigned long id; | |
759 | unsigned char *p,*d,*q; | 761 | unsigned char *p,*d,*q; | |
760 | SSL_CIPHER *c; | 762 | SSL_CIPHER *c; | |
761 | #ifndef OPENSSL_NO_COMP | 763 | #ifndef OPENSSL_NO_COMP | |
762 | SSL_COMP *comp=NULL; | 764 | SSL_COMP *comp=NULL; | |
763 | #endif | 765 | #endif | |
764 | STACK_OF(SSL_CIPHER) *ciphers=NULL; | 766 | STACK_OF(SSL_CIPHER) *ciphers=NULL; | |
765 | 767 | |||
768 | if (s->new_session | |||
769 | && !(s->s3->flags&SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) | |||
770 | { | |||
771 | al=SSL_AD_HANDSHAKE_FAILURE; | |||
772 | SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); | |||
773 | goto f_err; | |||
774 | } | |||
775 | ||||
766 | /* We do this so that we will respond with our native type. | 776 | /* We do this so that we will respond with our native type. | |
767 | * If we are TLSv1 and we get SSLv3, we will respond with TLSv1, | 777 | * If we are TLSv1 and we get SSLv3, we will respond with TLSv1, | |
768 | * This down switching should be handled by a different method. | 778 | * This down switching should be handled by a different method. | |
769 | * If we are SSLv3, we will respond with SSLv3, even if prompted with | 779 | * If we are SSLv3, we will respond with SSLv3, even if prompted with | |
770 | * TLSv1. | 780 | * TLSv1. | |
771 | */ | 781 | */ | |
772 | if (s->state == SSL3_ST_SR_CLNT_HELLO_A) | 782 | if (s->state == SSL3_ST_SR_CLNT_HELLO_A) | |
773 | { | 783 | { | |
774 | s->state=SSL3_ST_SR_CLNT_HELLO_B; | 784 | s->state=SSL3_ST_SR_CLNT_HELLO_B; | |
775 | } | 785 | } | |
776 | s->first_packet=1; | 786 | s->first_packet=1; | |
777 | n=s->method->ssl_get_message(s, | 787 | n=s->method->ssl_get_message(s, | |
778 | SSL3_ST_SR_CLNT_HELLO_B, | 788 | SSL3_ST_SR_CLNT_HELLO_B, |
--- src/crypto/dist/openssl/ssl/Attic/ssl_locl.h 2008/06/10 19:45:00 1.13
+++ src/crypto/dist/openssl/ssl/Attic/ssl_locl.h 2010/04/21 05:17:37 1.13.10.1
@@ -440,26 +440,28 @@ | @@ -440,26 +440,28 @@ | |||
440 | #define CERT_PUBLIC_KEY 1 | 440 | #define CERT_PUBLIC_KEY 1 | |
441 | #define CERT_PRIVATE_KEY 2 | 441 | #define CERT_PRIVATE_KEY 2 | |
442 | */ | 442 | */ | |
443 | 443 | |||
444 | #ifndef OPENSSL_NO_EC | 444 | #ifndef OPENSSL_NO_EC | |
445 | /* From ECC-TLS draft, used in encoding the curve type in | 445 | /* From ECC-TLS draft, used in encoding the curve type in | |
446 | * ECParameters | 446 | * ECParameters | |
447 | */ | 447 | */ | |
448 | #define EXPLICIT_PRIME_CURVE_TYPE 1 | 448 | #define EXPLICIT_PRIME_CURVE_TYPE 1 | |
449 | #define EXPLICIT_CHAR2_CURVE_TYPE 2 | 449 | #define EXPLICIT_CHAR2_CURVE_TYPE 2 | |
450 | #define NAMED_CURVE_TYPE 3 | 450 | #define NAMED_CURVE_TYPE 3 | |
451 | #endif /* OPENSSL_NO_EC */ | 451 | #endif /* OPENSSL_NO_EC */ | |
452 | 452 | |||
453 | #define SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x0010 | |||
454 | ||||
453 | typedef struct cert_pkey_st | 455 | typedef struct cert_pkey_st | |
454 | { | 456 | { | |
455 | X509 *x509; | 457 | X509 *x509; | |
456 | EVP_PKEY *privatekey; | 458 | EVP_PKEY *privatekey; | |
457 | } CERT_PKEY; | 459 | } CERT_PKEY; | |
458 | 460 | |||
459 | typedef struct cert_st | 461 | typedef struct cert_st | |
460 | { | 462 | { | |
461 | /* Current active set */ | 463 | /* Current active set */ | |
462 | CERT_PKEY *key; /* ALWAYS points to an element of the pkeys array | 464 | CERT_PKEY *key; /* ALWAYS points to an element of the pkeys array | |
463 | * Probably it would make more sense to store | 465 | * Probably it would make more sense to store | |
464 | * an index, not a pointer. */ | 466 | * an index, not a pointer. */ | |
465 | 467 |
--- src/crypto/dist/ssh/Attic/cipher.c 2009/06/29 23:01:24 1.21.8.1
+++ src/crypto/dist/ssh/Attic/cipher.c 2010/04/21 05:17:37 1.21.8.1.2.1
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: cipher.c,v 1.21.8.1 2009/06/29 23:01:24 snj Exp $ */ | 1 | /* $NetBSD: cipher.c,v 1.21.8.1.2.1 2010/04/21 05:17:37 matt Exp $ */ | |
2 | /* $OpenBSD: cipher.c,v 1.81 2006/08/03 03:34:42 deraadt Exp $ */ | 2 | /* $OpenBSD: cipher.c,v 1.81 2006/08/03 03:34:42 deraadt Exp $ */ | |
3 | /* | 3 | /* | |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | |
5 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 5 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | |
6 | * All rights reserved | 6 | * All rights reserved | |
7 | * | 7 | * | |
8 | * As far as I am concerned, the code I have written for this software | 8 | * As far as I am concerned, the code I have written for this software | |
9 | * can be used freely for any purpose. Any derived versions of this | 9 | * can be used freely for any purpose. Any derived versions of this | |
10 | * software must be clearly marked as such, and if the derived work is | 10 | * software must be clearly marked as such, and if the derived work is | |
11 | * incompatible with the protocol description in the RFC file, it must be | 11 | * incompatible with the protocol description in the RFC file, it must be | |
12 | * called by a name other than "ssh" or "Secure Shell". | 12 | * called by a name other than "ssh" or "Secure Shell". | |
13 | * | 13 | * | |
14 | * | 14 | * | |
@@ -27,27 +27,27 @@ | @@ -27,27 +27,27 @@ | |||
27 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | 27 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | |
28 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | 28 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | |
29 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | 29 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | |
30 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | 30 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | |
31 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | 31 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
32 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | 32 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
33 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | 33 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | |
34 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | 34 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
35 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 35 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | |
36 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 36 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
37 | */ | 37 | */ | |
38 | 38 | |||
39 | #include "includes.h" | 39 | #include "includes.h" | |
40 | __RCSID("$NetBSD: cipher.c,v 1.21.8.1 2009/06/29 23:01:24 snj Exp $"); | 40 | __RCSID("$NetBSD: cipher.c,v 1.21.8.1.2.1 2010/04/21 05:17:37 matt Exp $"); | |
41 | #include <sys/types.h> | 41 | #include <sys/types.h> | |
42 | 42 | |||
43 | #include <openssl/md5.h> | 43 | #include <openssl/md5.h> | |
44 | 44 | |||
45 | #include <string.h> | 45 | #include <string.h> | |
46 | #include <stdarg.h> | 46 | #include <stdarg.h> | |
47 | 47 | |||
48 | #include "xmalloc.h" | 48 | #include "xmalloc.h" | |
49 | #include "log.h" | 49 | #include "log.h" | |
50 | #include "cipher.h" | 50 | #include "cipher.h" | |
51 | 51 | |||
52 | extern const EVP_CIPHER *evp_ssh1_bf(void); | 52 | extern const EVP_CIPHER *evp_ssh1_bf(void); | |
53 | extern const EVP_CIPHER *evp_ssh1_3des(void); | 53 | extern const EVP_CIPHER *evp_ssh1_3des(void); |
--- src/crypto/dist/ssh/Attic/cipher.h 2009/06/29 23:01:24 1.2.28.1
+++ src/crypto/dist/ssh/Attic/cipher.h 2010/04/21 05:17:37 1.2.28.1.2.1
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: cipher.h,v 1.2.28.1 2009/06/29 23:01:24 snj Exp $ */ | 1 | /* $NetBSD: cipher.h,v 1.2.28.1.2.1 2010/04/21 05:17:37 matt Exp $ */ | |
2 | /* $OpenBSD: cipher.h,v 1.36 2006/03/25 22:22:42 djm Exp $ */ | 2 | /* $OpenBSD: cipher.h,v 1.36 2006/03/25 22:22:42 djm Exp $ */ | |
3 | 3 | |||
4 | /* | 4 | /* | |
5 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 5 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | |
6 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 6 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | |
7 | * All rights reserved | 7 | * All rights reserved | |
8 | * | 8 | * | |
9 | * As far as I am concerned, the code I have written for this software | 9 | * As far as I am concerned, the code I have written for this software | |
10 | * can be used freely for any purpose. Any derived versions of this | 10 | * can be used freely for any purpose. Any derived versions of this | |
11 | * software must be clearly marked as such, and if the derived work is | 11 | * software must be clearly marked as such, and if the derived work is | |
12 | * incompatible with the protocol description in the RFC file, it must be | 12 | * incompatible with the protocol description in the RFC file, it must be | |
13 | * called by a name other than "ssh" or "Secure Shell". | 13 | * called by a name other than "ssh" or "Secure Shell". | |
14 | * | 14 | * |
--- src/crypto/dist/ssh/Attic/packet.c 2009/06/29 23:01:24 1.30.8.1
+++ src/crypto/dist/ssh/Attic/packet.c 2010/04/21 05:17:37 1.30.8.1.2.1
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: packet.c,v 1.30.8.1 2009/06/29 23:01:24 snj Exp $ */ | 1 | /* $NetBSD: packet.c,v 1.30.8.1.2.1 2010/04/21 05:17:37 matt Exp $ */ | |
2 | /* $OpenBSD: packet.c,v 1.151 2008/02/22 20:44:02 dtucker Exp $ */ | 2 | /* $OpenBSD: packet.c,v 1.151 2008/02/22 20:44:02 dtucker Exp $ */ | |
3 | /* | 3 | /* | |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | |
5 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 5 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | |
6 | * All rights reserved | 6 | * All rights reserved | |
7 | * This file contains code implementing the packet protocol and communication | 7 | * This file contains code implementing the packet protocol and communication | |
8 | * with the other side. This same code is used both on client and server side. | 8 | * with the other side. This same code is used both on client and server side. | |
9 | * | 9 | * | |
10 | * As far as I am concerned, the code I have written for this software | 10 | * As far as I am concerned, the code I have written for this software | |
11 | * can be used freely for any purpose. Any derived versions of this | 11 | * can be used freely for any purpose. Any derived versions of this | |
12 | * software must be clearly marked as such, and if the derived work is | 12 | * software must be clearly marked as such, and if the derived work is | |
13 | * incompatible with the protocol description in the RFC file, it must be | 13 | * incompatible with the protocol description in the RFC file, it must be | |
14 | * called by a name other than "ssh" or "Secure Shell". | 14 | * called by a name other than "ssh" or "Secure Shell". | |
@@ -29,27 +29,27 @@ | @@ -29,27 +29,27 @@ | |||
29 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | 29 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | |
30 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | 30 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | |
31 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | 31 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | |
32 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | 32 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | |
33 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | 33 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
34 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | 34 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
35 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | 35 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | |
36 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | 36 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
37 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 37 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | |
38 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 38 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
39 | */ | 39 | */ | |
40 | 40 | |||
41 | #include "includes.h" | 41 | #include "includes.h" | |
42 | __RCSID("$NetBSD: packet.c,v 1.30.8.1 2009/06/29 23:01:24 snj Exp $"); | 42 | __RCSID("$NetBSD: packet.c,v 1.30.8.1.2.1 2010/04/21 05:17:37 matt Exp $"); | |
43 | 43 | |||
44 | #include <sys/types.h> | 44 | #include <sys/types.h> | |
45 | #include <sys/queue.h> | 45 | #include <sys/queue.h> | |
46 | #include <sys/socket.h> | 46 | #include <sys/socket.h> | |
47 | #include <sys/time.h> | 47 | #include <sys/time.h> | |
48 | #include <sys/param.h> | 48 | #include <sys/param.h> | |
49 | 49 | |||
50 | #include <netinet/in_systm.h> | 50 | #include <netinet/in_systm.h> | |
51 | #include <netinet/in.h> | 51 | #include <netinet/in.h> | |
52 | #include <netinet/ip.h> | 52 | #include <netinet/ip.h> | |
53 | 53 | |||
54 | #include <errno.h> | 54 | #include <errno.h> | |
55 | #include <stdarg.h> | 55 | #include <stdarg.h> |