Tue Feb 5 21:31:27 2013 UTC ()
merge changes


(christos)
diff -r1.3 -r1.4 src/crypto/external/bsd/openssl/dist/Configure
diff -r1.5 -r1.6 src/crypto/external/bsd/openssl/dist/apps/ca.c
diff -r1.5 -r1.6 src/crypto/external/bsd/openssl/dist/apps/speed.c
diff -r1.3 -r1.4 src/crypto/external/bsd/openssl/dist/apps/ocsp.c
diff -r1.3 -r1.4 src/crypto/external/bsd/openssl/dist/apps/s_client.c
diff -r1.3 -r1.4 src/crypto/external/bsd/openssl/dist/apps/s_server.c
diff -r1.2 -r1.3 src/crypto/external/bsd/openssl/dist/crypto/cryptlib.c
diff -r1.2 -r1.3 src/crypto/external/bsd/openssl/dist/crypto/cryptlib.h
diff -r1.2 -r1.3 src/crypto/external/bsd/openssl/dist/crypto/ppccap.c
diff -r1.3 -r1.4 src/crypto/external/bsd/openssl/dist/crypto/crypto.h
diff -r1.3 -r1.4 src/crypto/external/bsd/openssl/dist/crypto/mem.c
diff -r1.4 -r1.5 src/crypto/external/bsd/openssl/dist/crypto/opensslv.h
diff -r1.3 -r1.4 src/crypto/external/bsd/openssl/dist/crypto/ec/ectest.c
diff -r1.4 -r1.5 src/crypto/external/bsd/openssl/dist/crypto/evp/m_sha1.c
diff -r1.3 -r1.4 src/crypto/external/bsd/openssl/dist/crypto/md4/md4_dgst.c
diff -r1.2 -r1.3 src/crypto/external/bsd/openssl/dist/crypto/md5/md5_locl.h
diff -r1.2 -r1.3 src/crypto/external/bsd/openssl/dist/crypto/objects/o_names.c
diff -r1.3 -r1.4 src/crypto/external/bsd/openssl/dist/crypto/rand/md_rand.c
diff -r1.4 -r1.5 src/crypto/external/bsd/openssl/dist/crypto/rand/randfile.c
diff -r1.3 -r1.4 src/crypto/external/bsd/openssl/dist/crypto/ripemd/rmd_dgst.c
diff -r1.2 -r1.3 src/crypto/external/bsd/openssl/dist/crypto/ripemd/rmd_locl.h
diff -r1.4 -r1.5 src/crypto/external/bsd/openssl/dist/crypto/rsa/rsa_eay.c
diff -r1.3 -r1.4 src/crypto/external/bsd/openssl/dist/crypto/sha/sha256.c
diff -r1.3 -r1.4 src/crypto/external/bsd/openssl/dist/crypto/sha/sha_locl.h
diff -r1.4 -r1.5 src/crypto/external/bsd/openssl/dist/crypto/ui/ui_openssl.c
diff -r1.3 -r1.4 src/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c
diff -r1.2 -r1.3 src/crypto/external/bsd/openssl/dist/engines/ccgost/gost_eng.c
diff -r1.2 -r1.3 src/crypto/external/bsd/openssl/dist/ssl/d1_enc.c
diff -r1.4 -r1.5 src/crypto/external/bsd/openssl/dist/ssl/d1_pkt.c
diff -r1.4 -r1.5 src/crypto/external/bsd/openssl/dist/ssl/s3_enc.c
diff -r1.4 -r1.5 src/crypto/external/bsd/openssl/dist/ssl/ssltest.c
diff -r1.5 -r1.6 src/crypto/external/bsd/openssl/dist/ssl/s3_clnt.c
diff -r1.5 -r1.6 src/crypto/external/bsd/openssl/dist/ssl/ssl_ciph.c
diff -r1.5 -r1.6 src/crypto/external/bsd/openssl/dist/ssl/ssl_locl.h
diff -r1.5 -r1.6 src/crypto/external/bsd/openssl/dist/ssl/t1_enc.c
diff -r1.8 -r1.9 src/crypto/external/bsd/openssl/dist/ssl/s3_lib.c
diff -r1.10 -r1.11 src/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c
diff -r1.11 -r1.12 src/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c
diff -r1.3 -r1.4 src/crypto/external/bsd/openssl/dist/ssl/ssl.h
diff -r1.3 -r1.4 src/crypto/external/bsd/openssl/dist/ssl/ssl3.h
diff -r1.3 -r1.4 src/crypto/external/bsd/openssl/dist/ssl/ssl_err.c
diff -r1.7 -r1.8 src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c
cvs diff -r1.3 -r1.4 src/crypto/external/bsd/openssl/dist/Configure (expand / switch to unified diff)

--- src/crypto/external/bsd/openssl/dist/Configure 2012/07/26 19:58:36 1.3
+++ src/crypto/external/bsd/openssl/dist/Configure 2013/02/05 21:31:23 1.4
@@ -161,40 +161,41 @@ my %table=( @@ -161,40 +161,41 @@ my %table=(
161 161
162#"b", "${tcc}:${tflags}::${tlib}:${bits1}:${tbn_mul}::", 162#"b", "${tcc}:${tflags}::${tlib}:${bits1}:${tbn_mul}::",
163#"bl-4c-2c", "${tcc}:${tflags}::${tlib}:${bits1}BN_LLONG RC4_CHAR MD2_CHAR:${tbn_mul}::", 163#"bl-4c-2c", "${tcc}:${tflags}::${tlib}:${bits1}BN_LLONG RC4_CHAR MD2_CHAR:${tbn_mul}::",
164#"bl-4c-ri", "${tcc}:${tflags}::${tlib}:${bits1}BN_LLONG RC4_CHAR RC4_INDEX:${tbn_mul}::", 164#"bl-4c-ri", "${tcc}:${tflags}::${tlib}:${bits1}BN_LLONG RC4_CHAR RC4_INDEX:${tbn_mul}::",
165#"b2-is-ri-dp", "${tcc}:${tflags}::${tlib}:${bits2}IDEA_SHORT RC4_INDEX DES_PTR:${tbn_mul}::", 165#"b2-is-ri-dp", "${tcc}:${tflags}::${tlib}:${bits2}IDEA_SHORT RC4_INDEX DES_PTR:${tbn_mul}::",
166 166
167# Our development configs 167# Our development configs
168"purify", "purify gcc:-g -DPURIFY -Wall::(unknown)::-lsocket -lnsl::::", 168"purify", "purify gcc:-g -DPURIFY -Wall::(unknown)::-lsocket -lnsl::::",
169"debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown)::-lefence::::", 169"debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown)::-lefence::::",
170"debug-ben", "gcc:$gcc_devteam_warn -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DDEBUG_SAFESTACK -O2 -pipe::(unknown):::::", 170"debug-ben", "gcc:$gcc_devteam_warn -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DDEBUG_SAFESTACK -O2 -pipe::(unknown):::::",
171"debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", 171"debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
172"debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", 172"debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
173"debug-ben-debug", "gcc44:$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O2 -pipe::(unknown)::::::", 173"debug-ben-debug", "gcc44:$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O2 -pipe::(unknown)::::::",
 174"debug-ben-debug-64", "gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
174"debug-ben-macos", "cc:$gcc_devteam_warn -arch i386 -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -DL_ENDIAN -g3 -pipe::(unknown)::-Wl,-search_paths_first::::", 175"debug-ben-macos", "cc:$gcc_devteam_warn -arch i386 -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -DL_ENDIAN -g3 -pipe::(unknown)::-Wl,-search_paths_first::::",
175"debug-ben-macos-gcc46", "gcc-mp-4.6:$gcc_devteam_warn -Wconversion -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -DL_ENDIAN -g3 -pipe::(unknown)::::::", 176"debug-ben-macos-gcc46", "gcc-mp-4.6:$gcc_devteam_warn -Wconversion -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -DL_ENDIAN -g3 -pipe::(unknown)::::::",
176"debug-ben-no-opt", "gcc: -Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG -Werror -DL_ENDIAN -DTERMIOS -Wall -g3::(unknown)::::::", 177"debug-ben-no-opt", "gcc: -Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG -Werror -DL_ENDIAN -DTERMIOS -Wall -g3::(unknown)::::::",
177"debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::", 178"debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::",
178"debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", 179"debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
179"debug-bodo", "gcc:$gcc_devteam_warn -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", 180"debug-bodo", "gcc:$gcc_devteam_warn -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
180"debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations:::CYGWIN32:::${no_asm}:win32:cygwin-shared:::.dll", 181"debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations:::CYGWIN32:::${no_asm}:win32:cygwin-shared:::.dll",
181"debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 182"debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
182"debug-steve32", "gcc:$gcc_devteam_warn -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -g -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 183"debug-steve32", "gcc:$gcc_devteam_warn -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -g -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
183"debug-steve-opt", "gcc:$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 184"debug-steve-opt", "gcc:$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
184"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 185"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
185"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 186"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
186"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 187"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
187"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 188"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
188"debug-geoff32","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 189"debug-geoff32","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
189"debug-geoff64","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 190"debug-geoff64","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
190"debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", 191"debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
191"debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", 192"debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
192"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 193"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
193"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 194"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
194"debug-linux-ia32-aes", "gcc:-DAES_EXPERIMENTAL -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:x86cpuid.o:bn-586.o co-586.o x86-mont.o:des-586.o crypt586.o:aes_x86core.o aes_cbc.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o::ghash-x86.o::elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 195"debug-linux-ia32-aes", "gcc:-DAES_EXPERIMENTAL -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:x86cpuid.o:bn-586.o co-586.o x86-mont.o:des-586.o crypt586.o:aes_x86core.o aes_cbc.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o::ghash-x86.o::elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
195"debug-linux-generic32","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 196"debug-linux-generic32","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
196"debug-linux-generic64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 197"debug-linux-generic64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
197"debug-linux-x86_64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -DTERMIO -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", 198"debug-linux-x86_64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -DTERMIO -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
198"dist", "cc:-O::(unknown)::::::", 199"dist", "cc:-O::(unknown)::::::",
199 200
200# Basic configs that should work on any (32 and less bit) box 201# Basic configs that should work on any (32 and less bit) box
@@ -233,27 +234,27 @@ my %table=( @@ -233,27 +234,27 @@ my %table=(
233"solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 234"solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
234"solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64", 235"solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64",
235#### 236####
236"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 237"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
237"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 238"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
238 239
239#### SPARC Solaris with Sun C setups 240#### SPARC Solaris with Sun C setups
240# SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2. 241# SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2.
241# SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8 242# SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8
242# SC5.0 note: Compiler common patch 107357-01 or later is required! 243# SC5.0 note: Compiler common patch 107357-01 or later is required!
243"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 244"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
244"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 245"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
245"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 246"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
246"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-xarch=v9 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs::/64", 247"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-xarch=v9 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64",
247#### 248####
248"debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 249"debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
249"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",  250"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
250 251
251#### SunOS configs, assuming sparc for the gcc one. 252#### SunOS configs, assuming sparc for the gcc one.
252#"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:${no_asm}::", 253#"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:${no_asm}::",
253"sunos-gcc","gcc:-O3 -mv8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:${no_asm}::", 254"sunos-gcc","gcc:-O3 -mv8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:${no_asm}::",
254 255
255#### IRIX 5.x configs 256#### IRIX 5.x configs
256# -mips2 flag is added by ./config when appropriate. 257# -mips2 flag is added by ./config when appropriate.
257"irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 258"irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
258"irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 259"irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
259#### IRIX 6.x configs 260#### IRIX 6.x configs
@@ -454,28 +455,28 @@ my %table=( @@ -454,28 +455,28 @@ my %table=(
454"unixware-2.1","cc:-O -DFILIO_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::", 455"unixware-2.1","cc:-O -DFILIO_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
455"unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 456"unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
456"unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -march=pentium -Wall::-D_REENTRANT::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 457"unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -march=pentium -Wall::-D_REENTRANT::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
457# SCO 5 - Ben Laurie <ben@algroup.co.uk> says the -O breaks the SCO cc. 458# SCO 5 - Ben Laurie <ben@algroup.co.uk> says the -O breaks the SCO cc.
458"sco5-cc", "cc:-belf::(unknown)::-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 459"sco5-cc", "cc:-belf::(unknown)::-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
459"sco5-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown)::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 460"sco5-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown)::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
460 461
461#### IBM's AIX. 462#### IBM's AIX.
462"aix3-cc", "cc:-O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::BN_LLONG RC4_CHAR:::", 463"aix3-cc", "cc:-O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::BN_LLONG RC4_CHAR:::",
463"aix-gcc", "gcc:-O -DB_ENDIAN::-pthread:AIX::BN_LLONG RC4_CHAR:${ppc32_asm}:aix32:dlfcn:aix-shared::-shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X32", 464"aix-gcc", "gcc:-O -DB_ENDIAN::-pthread:AIX::BN_LLONG RC4_CHAR:${ppc32_asm}:aix32:dlfcn:aix-shared::-shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X32",
464"aix64-gcc","gcc:-maix64 -O -DB_ENDIAN::-pthread:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR:${ppc64_asm}:aix64:dlfcn:aix-shared::-maix64 -shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X64", 465"aix64-gcc","gcc:-maix64 -O -DB_ENDIAN::-pthread:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR:${ppc64_asm}:aix64:dlfcn:aix-shared::-maix64 -shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X64",
465# Below targets assume AIX 5. Idea is to effectively disregard $OBJECT_MODE 466# Below targets assume AIX 5. Idea is to effectively disregard $OBJECT_MODE
466# at build time. $OBJECT_MODE is respected at ./config stage! 467# at build time. $OBJECT_MODE is respected at ./config stage!
467"aix-cc", "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded:AIX::BN_LLONG RC4_CHAR:${ppc32_asm}:aix32:dlfcn:aix-shared::-q32 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32", 468"aix-cc", "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded -D_THREAD_SAFE:AIX::BN_LLONG RC4_CHAR:${ppc32_asm}:aix32:dlfcn:aix-shared::-q32 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32",
468"aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR:${ppc64_asm}:aix64:dlfcn:aix-shared::-q64 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64", 469"aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded -D_THREAD_SAFE:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR:${ppc64_asm}:aix64:dlfcn:aix-shared::-q64 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64",
469 470
470# 471#
471# Cray T90 and similar (SDSC) 472# Cray T90 and similar (SDSC)
472# It's Big-endian, but the algorithms work properly when B_ENDIAN is NOT 473# It's Big-endian, but the algorithms work properly when B_ENDIAN is NOT
473# defined. The T90 ints and longs are 8 bytes long, and apparently the 474# defined. The T90 ints and longs are 8 bytes long, and apparently the
474# B_ENDIAN code assumes 4 byte ints. Fortunately, the non-B_ENDIAN and 475# B_ENDIAN code assumes 4 byte ints. Fortunately, the non-B_ENDIAN and
475# non L_ENDIAN code aligns the bytes in each word correctly. 476# non L_ENDIAN code aligns the bytes in each word correctly.
476# 477#
477# The BIT_FIELD_LIMITS define is to avoid two fatal compiler errors: 478# The BIT_FIELD_LIMITS define is to avoid two fatal compiler errors:
478#'Taking the address of a bit field is not allowed. ' 479#'Taking the address of a bit field is not allowed. '
479#'An expression with bit field exists as the operand of "sizeof" ' 480#'An expression with bit field exists as the operand of "sizeof" '
480# (written by Wayne Schroeder <schroede@SDSC.EDU>) 481# (written by Wayne Schroeder <schroede@SDSC.EDU>)
481# 482#
cvs diff -r1.5 -r1.6 src/crypto/external/bsd/openssl/dist/apps/ca.c (expand / switch to unified diff)

--- src/crypto/external/bsd/openssl/dist/apps/ca.c 2012/07/26 19:58:36 1.5
+++ src/crypto/external/bsd/openssl/dist/apps/ca.c 2013/02/05 21:31:24 1.6
@@ -1398,26 +1398,27 @@ bad: @@ -1398,26 +1398,27 @@ bad:
1398 { 1398 {
1399 BIO_printf(bio_err,"error while loading CRL number\n"); 1399 BIO_printf(bio_err,"error while loading CRL number\n");
1400 goto err; 1400 goto err;
1401 } 1401 }
1402 1402
1403 if (!crldays && !crlhours && !crlsec) 1403 if (!crldays && !crlhours && !crlsec)
1404 { 1404 {
1405 if (!NCONF_get_number(conf,section, 1405 if (!NCONF_get_number(conf,section,
1406 ENV_DEFAULT_CRL_DAYS, &crldays)) 1406 ENV_DEFAULT_CRL_DAYS, &crldays))
1407 crldays = 0; 1407 crldays = 0;
1408 if (!NCONF_get_number(conf,section, 1408 if (!NCONF_get_number(conf,section,
1409 ENV_DEFAULT_CRL_HOURS, &crlhours)) 1409 ENV_DEFAULT_CRL_HOURS, &crlhours))
1410 crlhours = 0; 1410 crlhours = 0;
 1411 ERR_clear_error();
1411 } 1412 }
1412 if ((crldays == 0) && (crlhours == 0) && (crlsec == 0)) 1413 if ((crldays == 0) && (crlhours == 0) && (crlsec == 0))
1413 { 1414 {
1414 BIO_printf(bio_err,"cannot lookup how long until the next CRL is issued\n"); 1415 BIO_printf(bio_err,"cannot lookup how long until the next CRL is issued\n");
1415 goto err; 1416 goto err;
1416 } 1417 }
1417 1418
1418 if (verbose) BIO_printf(bio_err,"making CRL\n"); 1419 if (verbose) BIO_printf(bio_err,"making CRL\n");
1419 if ((crl=X509_CRL_new()) == NULL) goto err; 1420 if ((crl=X509_CRL_new()) == NULL) goto err;
1420 if (!X509_CRL_set_issuer_name(crl, X509_get_subject_name(x509))) goto err; 1421 if (!X509_CRL_set_issuer_name(crl, X509_get_subject_name(x509))) goto err;
1421 1422
1422 tmptm = ASN1_TIME_new(); 1423 tmptm = ASN1_TIME_new();
1423 if (!tmptm) goto err; 1424 if (!tmptm) goto err;
cvs diff -r1.5 -r1.6 src/crypto/external/bsd/openssl/dist/apps/speed.c (expand / switch to unified diff)

--- src/crypto/external/bsd/openssl/dist/apps/speed.c 2012/07/26 19:58:36 1.5
+++ src/crypto/external/bsd/openssl/dist/apps/speed.c 2013/02/05 21:31:24 1.6
@@ -244,27 +244,27 @@ static int do_multi(int multi); @@ -244,27 +244,27 @@ static int do_multi(int multi);
244#define RSA_NUM 4 244#define RSA_NUM 4
245#define DSA_NUM 3 245#define DSA_NUM 3
246 246
247#define EC_NUM 16 247#define EC_NUM 16
248#define MAX_ECDH_SIZE 256 248#define MAX_ECDH_SIZE 256
249 249
250static const char *names[ALGOR_NUM]={ 250static const char *names[ALGOR_NUM]={
251 "md2","mdc2","md4","md5","hmac(md5)","sha1","rmd160","rc4", 251 "md2","mdc2","md4","md5","hmac(md5)","sha1","rmd160","rc4",
252 "des cbc","des ede3","idea cbc","seed cbc", 252 "des cbc","des ede3","idea cbc","seed cbc",
253 "rc2 cbc","rc5-32/12 cbc","blowfish cbc","cast cbc", 253 "rc2 cbc","rc5-32/12 cbc","blowfish cbc","cast cbc",
254 "aes-128 cbc","aes-192 cbc","aes-256 cbc", 254 "aes-128 cbc","aes-192 cbc","aes-256 cbc",
255 "camellia-128 cbc","camellia-192 cbc","camellia-256 cbc", 255 "camellia-128 cbc","camellia-192 cbc","camellia-256 cbc",
256 "evp","sha256","sha512","whirlpool", 256 "evp","sha256","sha512","whirlpool",
257 "aes-128 ige","aes-192 ige","aes-256 ige","ghash"}; 257 "aes-128 ige","aes-192 ige","aes-256 ige","ghash" };
258static double results[ALGOR_NUM][SIZE_NUM]; 258static double results[ALGOR_NUM][SIZE_NUM];
259static int lengths[SIZE_NUM]={16,64,256,1024,8*1024}; 259static int lengths[SIZE_NUM]={16,64,256,1024,8*1024};
260#ifndef OPENSSL_NO_RSA 260#ifndef OPENSSL_NO_RSA
261static double rsa_results[RSA_NUM][2]; 261static double rsa_results[RSA_NUM][2];
262#endif 262#endif
263#ifndef OPENSSL_NO_DSA 263#ifndef OPENSSL_NO_DSA
264static double dsa_results[DSA_NUM][2]; 264static double dsa_results[DSA_NUM][2];
265#endif 265#endif
266#ifndef OPENSSL_NO_ECDSA 266#ifndef OPENSSL_NO_ECDSA
267static double ecdsa_results[EC_NUM][2]; 267static double ecdsa_results[EC_NUM][2];
268#endif 268#endif
269#ifndef OPENSSL_NO_ECDH 269#ifndef OPENSSL_NO_ECDH
270static double ecdh_results[EC_NUM][1]; 270static double ecdh_results[EC_NUM][1];
@@ -289,27 +289,27 @@ static SIGRETTYPE sig_done(int sig) @@ -289,27 +289,27 @@ static SIGRETTYPE sig_done(int sig)
289 run=0; 289 run=0;
290#ifdef LINT 290#ifdef LINT
291 sig=sig; 291 sig=sig;
292#endif 292#endif
293 } 293 }
294#endif 294#endif
295 295
296#define START 0 296#define START 0
297#define STOP 1 297#define STOP 1
298 298
299#if defined(_WIN32) 299#if defined(_WIN32)
300 300
301#if !defined(SIGALRM) 301#if !defined(SIGALRM)
302#define SIGALRM 302# define SIGALRM
303#endif 303#endif
304static unsigned int lapse,schlock; 304static unsigned int lapse,schlock;
305static void alarm_win32(unsigned int secs) { lapse = secs*1000; } 305static void alarm_win32(unsigned int secs) { lapse = secs*1000; }
306#define alarm alarm_win32 306#define alarm alarm_win32
307 307
308static DWORD WINAPI sleepy(VOID *arg) 308static DWORD WINAPI sleepy(VOID *arg)
309 { 309 {
310 schlock = 1; 310 schlock = 1;
311 Sleep(lapse); 311 Sleep(lapse);
312 run = 0; 312 run = 0;
313 return 0; 313 return 0;
314 } 314 }
315 315
cvs diff -r1.3 -r1.4 src/crypto/external/bsd/openssl/dist/apps/ocsp.c (expand / switch to unified diff)

--- src/crypto/external/bsd/openssl/dist/apps/ocsp.c 2009/12/27 00:48:55 1.3
+++ src/crypto/external/bsd/openssl/dist/apps/ocsp.c 2013/02/05 21:31:24 1.4
@@ -607,27 +607,27 @@ int MAIN(int argc, char **argv) @@ -607,27 +607,27 @@ int MAIN(int argc, char **argv)
607 BIO_printf (bio_err, "-no_chain don't chain verify response\n"); 607 BIO_printf (bio_err, "-no_chain don't chain verify response\n");
608 BIO_printf (bio_err, "-no_cert_checks don't do additional checks on signing certificate\n"); 608 BIO_printf (bio_err, "-no_cert_checks don't do additional checks on signing certificate\n");
609 BIO_printf (bio_err, "-port num port to run responder on\n"); 609 BIO_printf (bio_err, "-port num port to run responder on\n");
610 BIO_printf (bio_err, "-index file certificate status index file\n"); 610 BIO_printf (bio_err, "-index file certificate status index file\n");
611 BIO_printf (bio_err, "-CA file CA certificate\n"); 611 BIO_printf (bio_err, "-CA file CA certificate\n");
612 BIO_printf (bio_err, "-rsigner file responder certificate to sign responses with\n"); 612 BIO_printf (bio_err, "-rsigner file responder certificate to sign responses with\n");
613 BIO_printf (bio_err, "-rkey file responder key to sign responses with\n"); 613 BIO_printf (bio_err, "-rkey file responder key to sign responses with\n");
614 BIO_printf (bio_err, "-rother file other certificates to include in response\n"); 614 BIO_printf (bio_err, "-rother file other certificates to include in response\n");
615 BIO_printf (bio_err, "-resp_no_certs don't include any certificates in response\n"); 615 BIO_printf (bio_err, "-resp_no_certs don't include any certificates in response\n");
616 BIO_printf (bio_err, "-nmin n number of minutes before next update\n"); 616 BIO_printf (bio_err, "-nmin n number of minutes before next update\n");
617 BIO_printf (bio_err, "-ndays n number of days before next update\n"); 617 BIO_printf (bio_err, "-ndays n number of days before next update\n");
618 BIO_printf (bio_err, "-resp_key_id identify reponse by signing certificate key ID\n"); 618 BIO_printf (bio_err, "-resp_key_id identify reponse by signing certificate key ID\n");
619 BIO_printf (bio_err, "-nrequest n number of requests to accept (default unlimited)\n"); 619 BIO_printf (bio_err, "-nrequest n number of requests to accept (default unlimited)\n");
620 BIO_printf (bio_err, "-<dgst alg> use specified digest in the request"); 620 BIO_printf (bio_err, "-<dgst alg> use specified digest in the request\n");
621 goto end; 621 goto end;
622 } 622 }
623 623
624 if(outfile) out = BIO_new_file(outfile, "w"); 624 if(outfile) out = BIO_new_file(outfile, "w");
625 else out = BIO_new_fp(stdout, BIO_NOCLOSE); 625 else out = BIO_new_fp(stdout, BIO_NOCLOSE);
626 626
627 if(!out) 627 if(!out)
628 { 628 {
629 BIO_printf(bio_err, "Error opening output file\n"); 629 BIO_printf(bio_err, "Error opening output file\n");
630 goto end; 630 goto end;
631 } 631 }
632 632
633 if (!req && (add_nonce != 2)) add_nonce = 0; 633 if (!req && (add_nonce != 2)) add_nonce = 0;
cvs diff -r1.3 -r1.4 src/crypto/external/bsd/openssl/dist/apps/s_client.c (expand / switch to unified diff)

--- src/crypto/external/bsd/openssl/dist/apps/s_client.c 2012/07/26 19:58:36 1.3
+++ src/crypto/external/bsd/openssl/dist/apps/s_client.c 2013/02/05 21:31:24 1.4
@@ -347,27 +347,27 @@ static void sc_usage(void) @@ -347,27 +347,27 @@ static void sc_usage(void)
347 BIO_printf(bio_err," only \"smtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n"); 347 BIO_printf(bio_err," only \"smtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n");
348 BIO_printf(bio_err," are supported.\n"); 348 BIO_printf(bio_err," are supported.\n");
349#ifndef OPENSSL_NO_ENGINE 349#ifndef OPENSSL_NO_ENGINE
350 BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n"); 350 BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n");
351#endif 351#endif
352 BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); 352 BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
353 BIO_printf(bio_err," -sess_out arg - file to write SSL session to\n"); 353 BIO_printf(bio_err," -sess_out arg - file to write SSL session to\n");
354 BIO_printf(bio_err," -sess_in arg - file to read SSL session from\n"); 354 BIO_printf(bio_err," -sess_in arg - file to read SSL session from\n");
355#ifndef OPENSSL_NO_TLSEXT 355#ifndef OPENSSL_NO_TLSEXT
356 BIO_printf(bio_err," -servername host - Set TLS extension servername in ClientHello\n"); 356 BIO_printf(bio_err," -servername host - Set TLS extension servername in ClientHello\n");
357 BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions received\n"); 357 BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions received\n");
358 BIO_printf(bio_err," -status - request certificate status from server\n"); 358 BIO_printf(bio_err," -status - request certificate status from server\n");
359 BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n"); 359 BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n");
360# if !defined(OPENSSL_NO_NEXTPROTONEG) 360# ifndef OPENSSL_NO_NEXTPROTONEG
361 BIO_printf(bio_err," -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n"); 361 BIO_printf(bio_err," -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n");
362# endif 362# endif
363#endif 363#endif
364 BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n"); 364 BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
365 BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n"); 365 BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
366 BIO_printf(bio_err," -keymatexport label - Export keying material using label\n"); 366 BIO_printf(bio_err," -keymatexport label - Export keying material using label\n");
367 BIO_printf(bio_err," -keymatexportlen len - Export len bytes of keying material (default 20)\n"); 367 BIO_printf(bio_err," -keymatexportlen len - Export len bytes of keying material (default 20)\n");
368 } 368 }
369 369
370#ifndef OPENSSL_NO_TLSEXT 370#ifndef OPENSSL_NO_TLSEXT
371 371
372/* This is a context that we pass to callbacks */ 372/* This is a context that we pass to callbacks */
373typedef struct tlsextctx_st { 373typedef struct tlsextctx_st {
@@ -526,27 +526,27 @@ static int next_proto_cb(SSL *s, unsigne @@ -526,27 +526,27 @@ static int next_proto_cb(SSL *s, unsigne
526 for (i = 0; i < inlen; ) 526 for (i = 0; i < inlen; )
527 { 527 {
528 if (i) 528 if (i)
529 BIO_write(bio_c_out, ", ", 2); 529 BIO_write(bio_c_out, ", ", 2);
530 BIO_write(bio_c_out, &in[i + 1], in[i]); 530 BIO_write(bio_c_out, &in[i + 1], in[i]);
531 i += in[i] + 1; 531 i += in[i] + 1;
532 } 532 }
533 BIO_write(bio_c_out, "\n", 1); 533 BIO_write(bio_c_out, "\n", 1);
534 } 534 }
535 535
536 ctx->status = SSL_select_next_proto(out, outlen, in, inlen, ctx->data, ctx->len); 536 ctx->status = SSL_select_next_proto(out, outlen, in, inlen, ctx->data, ctx->len);
537 return SSL_TLSEXT_ERR_OK; 537 return SSL_TLSEXT_ERR_OK;
538 } 538 }
539# endif 539# endif /* ndef OPENSSL_NO_NEXTPROTONEG */
540#endif 540#endif
541 541
542enum 542enum
543{ 543{
544 PROTO_OFF = 0, 544 PROTO_OFF = 0,
545 PROTO_SMTP, 545 PROTO_SMTP,
546 PROTO_POP3, 546 PROTO_POP3,
547 PROTO_IMAP, 547 PROTO_IMAP,
548 PROTO_FTP, 548 PROTO_FTP,
549 PROTO_XMPP 549 PROTO_XMPP
550}; 550};
551 551
552int MAIN(int, char **); 552int MAIN(int, char **);
@@ -1893,33 +1893,39 @@ printf("read=%d pending=%d peek=%d\n",k, @@ -1893,33 +1893,39 @@ printf("read=%d pending=%d peek=%d\n",k,
1893 ret=0; 1893 ret=0;
1894shut: 1894shut:
1895 if (in_init) 1895 if (in_init)
1896 print_stuff(bio_c_out,con,full_log); 1896 print_stuff(bio_c_out,con,full_log);
1897 SSL_shutdown(con); 1897 SSL_shutdown(con);
1898 SHUTDOWN(SSL_get_fd(con)); 1898 SHUTDOWN(SSL_get_fd(con));
1899end: 1899end:
1900 if (con != NULL) 1900 if (con != NULL)
1901 { 1901 {
1902 if (prexit != 0) 1902 if (prexit != 0)
1903 print_stuff(bio_c_out,con,1); 1903 print_stuff(bio_c_out,con,1);
1904 SSL_free(con); 1904 SSL_free(con);
1905 } 1905 }
 1906#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
 1907 if (next_proto.data)
 1908 OPENSSL_free(next_proto.data);
 1909#endif
1906 if (ctx != NULL) SSL_CTX_free(ctx); 1910 if (ctx != NULL) SSL_CTX_free(ctx);
1907 if (cert) 1911 if (cert)
1908 X509_free(cert); 1912 X509_free(cert);
1909 if (key) 1913 if (key)
1910 EVP_PKEY_free(key); 1914 EVP_PKEY_free(key);
1911 if (pass) 1915 if (pass)
1912 OPENSSL_free(pass); 1916 OPENSSL_free(pass);
 1917 if (vpm)
 1918 X509_VERIFY_PARAM_free(vpm);
1913 if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); } 1919 if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); }
1914 if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); } 1920 if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); }
1915 if (mbuf != NULL) { OPENSSL_cleanse(mbuf,BUFSIZZ); OPENSSL_free(mbuf); } 1921 if (mbuf != NULL) { OPENSSL_cleanse(mbuf,BUFSIZZ); OPENSSL_free(mbuf); }
1916 if (bio_c_out != NULL) 1922 if (bio_c_out != NULL)
1917 { 1923 {
1918 BIO_free(bio_c_out); 1924 BIO_free(bio_c_out);
1919 bio_c_out=NULL; 1925 bio_c_out=NULL;
1920 } 1926 }
1921 apps_shutdown(); 1927 apps_shutdown();
1922 OPENSSL_EXIT(ret); 1928 OPENSSL_EXIT(ret);
1923 } 1929 }
1924 1930
1925 1931
cvs diff -r1.3 -r1.4 src/crypto/external/bsd/openssl/dist/apps/s_server.c (expand / switch to unified diff)

--- src/crypto/external/bsd/openssl/dist/apps/s_server.c 2012/07/26 19:58:36 1.3
+++ src/crypto/external/bsd/openssl/dist/apps/s_server.c 2013/02/05 21:31:24 1.4
@@ -1196,33 +1196,33 @@ int MAIN(int argc, char *argv[]) @@ -1196,33 +1196,33 @@ int MAIN(int argc, char *argv[])
1196 { 1196 {
1197 if (isxdigit((unsigned char)psk_key[i])) 1197 if (isxdigit((unsigned char)psk_key[i]))
1198 continue; 1198 continue;
1199 BIO_printf(bio_err,"Not a hex number '%s'\n",*argv); 1199 BIO_printf(bio_err,"Not a hex number '%s'\n",*argv);
1200 goto bad; 1200 goto bad;
1201 } 1201 }
1202 } 1202 }
1203#endif 1203#endif
1204#ifndef OPENSSL_NO_SRP 1204#ifndef OPENSSL_NO_SRP
1205 else if (strcmp(*argv, "-srpvfile") == 0) 1205 else if (strcmp(*argv, "-srpvfile") == 0)
1206 { 1206 {
1207 if (--argc < 1) goto bad; 1207 if (--argc < 1) goto bad;
1208 srp_verifier_file = *(++argv); 1208 srp_verifier_file = *(++argv);
1209 meth=TLSv1_server_method(); 1209 meth = TLSv1_server_method();
1210 } 1210 }
1211 else if (strcmp(*argv, "-srpuserseed") == 0) 1211 else if (strcmp(*argv, "-srpuserseed") == 0)
1212 { 1212 {
1213 if (--argc < 1) goto bad; 1213 if (--argc < 1) goto bad;
1214 srpuserseed = *(++argv); 1214 srpuserseed = *(++argv);
1215 meth=TLSv1_server_method(); 1215 meth = TLSv1_server_method();
1216 } 1216 }
1217#endif 1217#endif
1218 else if (strcmp(*argv,"-www") == 0) 1218 else if (strcmp(*argv,"-www") == 0)
1219 { www=1; } 1219 { www=1; }
1220 else if (strcmp(*argv,"-WWW") == 0) 1220 else if (strcmp(*argv,"-WWW") == 0)
1221 { www=2; } 1221 { www=2; }
1222 else if (strcmp(*argv,"-HTTP") == 0) 1222 else if (strcmp(*argv,"-HTTP") == 0)
1223 { www=3; } 1223 { www=3; }
1224 else if (strcmp(*argv,"-no_ssl2") == 0) 1224 else if (strcmp(*argv,"-no_ssl2") == 0)
1225 { off|=SSL_OP_NO_SSLv2; } 1225 { off|=SSL_OP_NO_SSLv2; }
1226 else if (strcmp(*argv,"-no_ssl3") == 0) 1226 else if (strcmp(*argv,"-no_ssl3") == 0)
1227 { off|=SSL_OP_NO_SSLv3; } 1227 { off|=SSL_OP_NO_SSLv3; }
1228 else if (strcmp(*argv,"-no_tls1") == 0) 1228 else if (strcmp(*argv,"-no_tls1") == 0)
@@ -1421,45 +1421,44 @@ bad: @@ -1421,45 +1421,44 @@ bad:
1421 ERR_print_errors(bio_err); 1421 ERR_print_errors(bio_err);
1422 goto end; 1422 goto end;
1423 } 1423 }
1424  1424
1425 s_cert2 = load_cert(bio_err,s_cert_file2,s_cert_format, 1425 s_cert2 = load_cert(bio_err,s_cert_file2,s_cert_format,
1426 NULL, e, "second server certificate file"); 1426 NULL, e, "second server certificate file");
1427  1427
1428 if (!s_cert2) 1428 if (!s_cert2)
1429 { 1429 {
1430 ERR_print_errors(bio_err); 1430 ERR_print_errors(bio_err);
1431 goto end; 1431 goto end;
1432 } 1432 }
1433 } 1433 }
1434 
1435# ifndef OPENSSL_NO_NEXTPROTONEG 
1436 if (next_proto_neg_in) 
1437 { 
1438 unsigned short len; 
1439 next_proto.data = next_protos_parse(&len, 
1440 next_proto_neg_in); 
1441 if (next_proto.data == NULL) 
1442 goto end; 
1443 next_proto.len = len; 
1444 } 
1445 else 
1446 { 
1447 next_proto.data = NULL; 
1448 } 
1449# endif 
1450#endif 1434#endif
1451 } 1435 }
1452 1436
 1437#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
 1438 if (next_proto_neg_in)
 1439 {
 1440 unsigned short len;
 1441 next_proto.data = next_protos_parse(&len, next_proto_neg_in);
 1442 if (next_proto.data == NULL)
 1443 goto end;
 1444 next_proto.len = len;
 1445 }
 1446 else
 1447 {
 1448 next_proto.data = NULL;
 1449 }
 1450#endif
 1451
1453 1452
1454 if (s_dcert_file) 1453 if (s_dcert_file)
1455 { 1454 {
1456 1455
1457 if (s_dkey_file == NULL) 1456 if (s_dkey_file == NULL)
1458 s_dkey_file = s_dcert_file; 1457 s_dkey_file = s_dcert_file;
1459 1458
1460 s_dkey = load_key(bio_err, s_dkey_file, s_dkey_format, 1459 s_dkey = load_key(bio_err, s_dkey_file, s_dkey_format,
1461 0, dpass, e, 1460 0, dpass, e,
1462 "second certificate private key file"); 1461 "second certificate private key file");
1463 if (!s_dkey) 1462 if (!s_dkey)
1464 { 1463 {
1465 ERR_print_errors(bio_err); 1464 ERR_print_errors(bio_err);
@@ -1720,35 +1719,35 @@ bad: @@ -1720,35 +1719,35 @@ bad:
1720 } 1719 }
1721 } 1720 }
1722 (void)BIO_flush(bio_s_out); 1721 (void)BIO_flush(bio_s_out);
1723 1722
1724 SSL_CTX_set_tmp_ecdh(ctx,ecdh); 1723 SSL_CTX_set_tmp_ecdh(ctx,ecdh);
1725#ifndef OPENSSL_NO_TLSEXT 1724#ifndef OPENSSL_NO_TLSEXT
1726 if (ctx2)  1725 if (ctx2)
1727 SSL_CTX_set_tmp_ecdh(ctx2,ecdh); 1726 SSL_CTX_set_tmp_ecdh(ctx2,ecdh);
1728#endif 1727#endif
1729 EC_KEY_free(ecdh); 1728 EC_KEY_free(ecdh);
1730 } 1729 }
1731#endif 1730#endif
1732  1731
1733 if (!set_cert_key_stuff(ctx,s_cert,s_key)) 1732 if (!set_cert_key_stuff(ctx, s_cert, s_key))
1734 goto end; 1733 goto end;
1735#ifndef OPENSSL_NO_TLSEXT 1734#ifndef OPENSSL_NO_TLSEXT
1736 if (ctx2 && !set_cert_key_stuff(ctx2,s_cert2,s_key2)) 1735 if (ctx2 && !set_cert_key_stuff(ctx2,s_cert2,s_key2))
1737 goto end;  1736 goto end;
1738#endif 1737#endif
1739 if (s_dcert != NULL) 1738 if (s_dcert != NULL)
1740 { 1739 {
1741 if (!set_cert_key_stuff(ctx,s_dcert,s_dkey)) 1740 if (!set_cert_key_stuff(ctx, s_dcert, s_dkey))
1742 goto end; 1741 goto end;
1743 } 1742 }
1744 1743
1745#ifndef OPENSSL_NO_RSA 1744#ifndef OPENSSL_NO_RSA
1746#if 1 1745#if 1
1747 if (!no_tmp_rsa) 1746 if (!no_tmp_rsa)
1748 { 1747 {
1749 SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb); 1748 SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb);
1750#ifndef OPENSSL_NO_TLSEXT 1749#ifndef OPENSSL_NO_TLSEXT
1751 if (ctx2)  1750 if (ctx2)
1752 SSL_CTX_set_tmp_rsa_callback(ctx2,tmp_rsa_cb); 1751 SSL_CTX_set_tmp_rsa_callback(ctx2,tmp_rsa_cb);
1753#endif  1752#endif
1754 } 1753 }
@@ -1883,27 +1882,35 @@ end: @@ -1883,27 +1882,35 @@ end:
1883 if (ctx != NULL) SSL_CTX_free(ctx); 1882 if (ctx != NULL) SSL_CTX_free(ctx);
1884 if (s_cert) 1883 if (s_cert)
1885 X509_free(s_cert); 1884 X509_free(s_cert);
1886 if (s_dcert) 1885 if (s_dcert)
1887 X509_free(s_dcert); 1886 X509_free(s_dcert);
1888 if (s_key) 1887 if (s_key)
1889 EVP_PKEY_free(s_key); 1888 EVP_PKEY_free(s_key);
1890 if (s_dkey) 1889 if (s_dkey)
1891 EVP_PKEY_free(s_dkey); 1890 EVP_PKEY_free(s_dkey);
1892 if (pass) 1891 if (pass)
1893 OPENSSL_free(pass); 1892 OPENSSL_free(pass);
1894 if (dpass) 1893 if (dpass)
1895 OPENSSL_free(dpass); 1894 OPENSSL_free(dpass);
 1895 if (vpm)
 1896 X509_VERIFY_PARAM_free(vpm);
1896#ifndef OPENSSL_NO_TLSEXT 1897#ifndef OPENSSL_NO_TLSEXT
 1898 if (tlscstatp.host)
 1899 OPENSSL_free(tlscstatp.host);
 1900 if (tlscstatp.port)
 1901 OPENSSL_free(tlscstatp.port);
 1902 if (tlscstatp.path)
 1903 OPENSSL_free(tlscstatp.path);
1897 if (ctx2 != NULL) SSL_CTX_free(ctx2); 1904 if (ctx2 != NULL) SSL_CTX_free(ctx2);
1898 if (s_cert2) 1905 if (s_cert2)
1899 X509_free(s_cert2); 1906 X509_free(s_cert2);
1900 if (s_key2) 1907 if (s_key2)
1901 EVP_PKEY_free(s_key2); 1908 EVP_PKEY_free(s_key2);
1902#endif 1909#endif
1903 if (bio_s_out != NULL) 1910 if (bio_s_out != NULL)
1904 { 1911 {
1905 BIO_free(bio_s_out); 1912 BIO_free(bio_s_out);
1906 bio_s_out=NULL; 1913 bio_s_out=NULL;
1907 } 1914 }
1908 apps_shutdown(); 1915 apps_shutdown();
1909 OPENSSL_EXIT(ret); 1916 OPENSSL_EXIT(ret);
@@ -2429,26 +2436,27 @@ static int init_ssl_connection(SSL *con) @@ -2429,26 +2436,27 @@ static int init_ssl_connection(SSL *con)
2429 BIO_printf(bio_s_out,"Client certificate\n"); 2436 BIO_printf(bio_s_out,"Client certificate\n");
2430 PEM_write_bio_X509(bio_s_out,peer); 2437 PEM_write_bio_X509(bio_s_out,peer);
2431 X509_NAME_oneline(X509_get_subject_name(peer),buf,sizeof buf); 2438 X509_NAME_oneline(X509_get_subject_name(peer),buf,sizeof buf);
2432 BIO_printf(bio_s_out,"subject=%s\n",buf); 2439 BIO_printf(bio_s_out,"subject=%s\n",buf);
2433 X509_NAME_oneline(X509_get_issuer_name(peer),buf,sizeof buf); 2440 X509_NAME_oneline(X509_get_issuer_name(peer),buf,sizeof buf);
2434 BIO_printf(bio_s_out,"issuer=%s\n",buf); 2441 BIO_printf(bio_s_out,"issuer=%s\n",buf);
2435 X509_free(peer); 2442 X509_free(peer);
2436 } 2443 }
2437 2444
2438 if (SSL_get_shared_ciphers(con,buf,sizeof buf) != NULL) 2445 if (SSL_get_shared_ciphers(con,buf,sizeof buf) != NULL)
2439 BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf); 2446 BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf);
2440 str=SSL_CIPHER_get_name(SSL_get_current_cipher(con)); 2447 str=SSL_CIPHER_get_name(SSL_get_current_cipher(con));
2441 BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)"); 2448 BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)");
 2449
2442#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) 2450#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
2443 SSL_get0_next_proto_negotiated(con, &next_proto_neg, &next_proto_neg_len); 2451 SSL_get0_next_proto_negotiated(con, &next_proto_neg, &next_proto_neg_len);
2444 if (next_proto_neg) 2452 if (next_proto_neg)
2445 { 2453 {
2446 BIO_printf(bio_s_out,"NEXTPROTO is "); 2454 BIO_printf(bio_s_out,"NEXTPROTO is ");
2447 BIO_write(bio_s_out, next_proto_neg, next_proto_neg_len); 2455 BIO_write(bio_s_out, next_proto_neg, next_proto_neg_len);
2448 BIO_printf(bio_s_out, "\n"); 2456 BIO_printf(bio_s_out, "\n");
2449 } 2457 }
2450#endif 2458#endif
2451 { 2459 {
2452 SRTP_PROTECTION_PROFILE *srtp_profile 2460 SRTP_PROTECTION_PROFILE *srtp_profile
2453 = SSL_get_selected_srtp_profile(con); 2461 = SSL_get_selected_srtp_profile(con);
2454 2462
@@ -2697,26 +2705,31 @@ static int www_body(char *hostname, int  @@ -2697,26 +2705,31 @@ static int www_body(char *hostname, int
2697 2705
2698 BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n"); 2706 BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
2699 BIO_puts(io,"<HTML><BODY BGCOLOR=\"#ffffff\">\n"); 2707 BIO_puts(io,"<HTML><BODY BGCOLOR=\"#ffffff\">\n");
2700 BIO_puts(io,"<pre>\n"); 2708 BIO_puts(io,"<pre>\n");
2701/* BIO_puts(io,SSLeay_version(SSLEAY_VERSION));*/ 2709/* BIO_puts(io,SSLeay_version(SSLEAY_VERSION));*/
2702 BIO_puts(io,"\n"); 2710 BIO_puts(io,"\n");
2703 for (i=0; i<local_argc; i++) 2711 for (i=0; i<local_argc; i++)
2704 { 2712 {
2705 BIO_puts(io,local_argv[i]); 2713 BIO_puts(io,local_argv[i]);
2706 BIO_write(io," ",1); 2714 BIO_write(io," ",1);
2707 } 2715 }
2708 BIO_puts(io,"\n"); 2716 BIO_puts(io,"\n");
2709 2717
 2718 BIO_printf(io,
 2719 "Secure Renegotiation IS%s supported\n",
 2720 SSL_get_secure_renegotiation_support(con) ?
 2721 "" : " NOT");
 2722
2710 /* The following is evil and should not really 2723 /* The following is evil and should not really
2711 * be done */ 2724 * be done */
2712 BIO_printf(io,"Ciphers supported in s_server binary\n"); 2725 BIO_printf(io,"Ciphers supported in s_server binary\n");
2713 sk=SSL_get_ciphers(con); 2726 sk=SSL_get_ciphers(con);
2714 j=sk_SSL_CIPHER_num(sk); 2727 j=sk_SSL_CIPHER_num(sk);
2715 for (i=0; i<j; i++) 2728 for (i=0; i<j; i++)
2716 { 2729 {
2717 c=sk_SSL_CIPHER_value(sk,i); 2730 c=sk_SSL_CIPHER_value(sk,i);
2718 BIO_printf(io,"%-11s:%-25s", 2731 BIO_printf(io,"%-11s:%-25s",
2719 SSL_CIPHER_get_version(c), 2732 SSL_CIPHER_get_version(c),
2720 SSL_CIPHER_get_name(c)); 2733 SSL_CIPHER_get_name(c));
2721 if ((((i+1)%2) == 0) && (i+1 != j)) 2734 if ((((i+1)%2) == 0) && (i+1 != j))
2722 BIO_puts(io,"\n"); 2735 BIO_puts(io,"\n");
cvs diff -r1.2 -r1.3 src/crypto/external/bsd/openssl/dist/crypto/cryptlib.c (expand / switch to unified diff)

--- src/crypto/external/bsd/openssl/dist/crypto/cryptlib.c 2012/07/27 18:10:40 1.2
+++ src/crypto/external/bsd/openssl/dist/crypto/cryptlib.c 2013/02/05 21:31:24 1.3
@@ -494,27 +494,27 @@ void CRYPTO_THREADID_current(CRYPTO_THRE @@ -494,27 +494,27 @@ void CRYPTO_THREADID_current(CRYPTO_THRE
494 CRYPTO_THREADID_set_numeric(id, id_callback()); 494 CRYPTO_THREADID_set_numeric(id, id_callback());
495 return; 495 return;
496 } 496 }
497#endif 497#endif
498 /* Else pick a backup */ 498 /* Else pick a backup */
499#ifdef OPENSSL_SYS_WIN16 499#ifdef OPENSSL_SYS_WIN16
500 CRYPTO_THREADID_set_numeric(id, (unsigned long)GetCurrentTask()); 500 CRYPTO_THREADID_set_numeric(id, (unsigned long)GetCurrentTask());
501#elif defined(OPENSSL_SYS_WIN32) 501#elif defined(OPENSSL_SYS_WIN32)
502 CRYPTO_THREADID_set_numeric(id, (unsigned long)GetCurrentThreadId()); 502 CRYPTO_THREADID_set_numeric(id, (unsigned long)GetCurrentThreadId());
503#elif defined(OPENSSL_SYS_BEOS) 503#elif defined(OPENSSL_SYS_BEOS)
504 CRYPTO_THREADID_set_numeric(id, (unsigned long)find_thread(NULL)); 504 CRYPTO_THREADID_set_numeric(id, (unsigned long)find_thread(NULL));
505#else 505#else
506 /* For everything else, default to using the address of 'errno' */ 506 /* For everything else, default to using the address of 'errno' */
507 CRYPTO_THREADID_set_pointer(id, &errno); 507 CRYPTO_THREADID_set_pointer(id, (void*)&errno);
508#endif 508#endif
509 } 509 }
510 510
511int CRYPTO_THREADID_cmp(const CRYPTO_THREADID *a, const CRYPTO_THREADID *b) 511int CRYPTO_THREADID_cmp(const CRYPTO_THREADID *a, const CRYPTO_THREADID *b)
512 { 512 {
513 return memcmp(a, b, sizeof(*a)); 513 return memcmp(a, b, sizeof(*a));
514 } 514 }
515 515
516void CRYPTO_THREADID_cpy(CRYPTO_THREADID *dest, const CRYPTO_THREADID *src) 516void CRYPTO_THREADID_cpy(CRYPTO_THREADID *dest, const CRYPTO_THREADID *src)
517 { 517 {
518 memcpy(dest, src, sizeof(*src)); 518 memcpy(dest, src, sizeof(*src));
519 } 519 }
520 520
@@ -694,26 +694,27 @@ void OPENSSL_cpuid_setup(void) @@ -694,26 +694,27 @@ void OPENSSL_cpuid_setup(void)
694 694
695 trigger=1; 695 trigger=1;
696 if ((env=getenv("OPENSSL_ia32cap"))) { 696 if ((env=getenv("OPENSSL_ia32cap"))) {
697 int off = (env[0]=='~')?1:0; 697 int off = (env[0]=='~')?1:0;
698#if defined(_WIN32) 698#if defined(_WIN32)
699 if (!sscanf(env+off,"%I64i",&vec)) vec = strtoul(env+off,NULL,0); 699 if (!sscanf(env+off,"%I64i",&vec)) vec = strtoul(env+off,NULL,0);
700#else 700#else
701 if (!sscanf(env+off,"%lli",(long long *)&vec)) vec = strtoul(env+off,NULL,0); 701 if (!sscanf(env+off,"%lli",(long long *)&vec)) vec = strtoul(env+off,NULL,0);
702#endif 702#endif
703 if (off) vec = OPENSSL_ia32_cpuid()&~vec; 703 if (off) vec = OPENSSL_ia32_cpuid()&~vec;
704 } 704 }
705 else 705 else
706 vec = OPENSSL_ia32_cpuid(); 706 vec = OPENSSL_ia32_cpuid();
 707
707 /* 708 /*
708 * |(1<<10) sets a reserved bit to signal that variable 709 * |(1<<10) sets a reserved bit to signal that variable
709 * was initialized already... This is to avoid interference 710 * was initialized already... This is to avoid interference
710 * with cpuid snippets in ELF .init segment. 711 * with cpuid snippets in ELF .init segment.
711 */ 712 */
712 OPENSSL_ia32cap_P[0] = (unsigned int)vec|(1<<10); 713 OPENSSL_ia32cap_P[0] = (unsigned int)vec|(1<<10);
713 OPENSSL_ia32cap_P[1] = (unsigned int)(vec>>32); 714 OPENSSL_ia32cap_P[1] = (unsigned int)(vec>>32);
714} 715}
715#endif 716#endif
716 717
717#else 718#else
718unsigned long *OPENSSL_ia32cap_loc(void) { return NULL; } 719unsigned long *OPENSSL_ia32cap_loc(void) { return NULL; }
719#endif 720#endif
@@ -914,13 +915,26 @@ void OpenSSLDie(const char *file,int lin @@ -914,13 +915,26 @@ void OpenSSLDie(const char *file,int lin
914 OPENSSL_showfatal( 915 OPENSSL_showfatal(
915 "%s(%d): OpenSSL internal error, assertion failed: %s\n", 916 "%s(%d): OpenSSL internal error, assertion failed: %s\n",
916 file,line,assertion); 917 file,line,assertion);
917#if !defined(_WIN32) || defined(__CYGWIN__) 918#if !defined(_WIN32) || defined(__CYGWIN__)
918 abort(); 919 abort();
919#else 920#else
920 /* Win32 abort() customarily shows a dialog, but we just did that... */ 921 /* Win32 abort() customarily shows a dialog, but we just did that... */
921 raise(SIGABRT); 922 raise(SIGABRT);
922 _exit(3); 923 _exit(3);
923#endif 924#endif
924 } 925 }
925 926
926void *OPENSSL_stderr(void) { return stderr; } 927void *OPENSSL_stderr(void) { return stderr; }
 928
 929int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len)
 930 {
 931 size_t i;
 932 const unsigned char *a = in_a;
 933 const unsigned char *b = in_b;
 934 unsigned char x = 0;
 935
 936 for (i = 0; i < len; i++)
 937 x |= a[i] ^ b[i];
 938
 939 return x;
 940 }
cvs diff -r1.2 -r1.3 src/crypto/external/bsd/openssl/dist/crypto/Attic/cryptlib.h (expand / switch to unified diff)

--- src/crypto/external/bsd/openssl/dist/crypto/Attic/cryptlib.h 2012/07/26 20:21:20 1.2
+++ src/crypto/external/bsd/openssl/dist/crypto/Attic/cryptlib.h 2013/02/05 21:31:24 1.3
@@ -90,22 +90,22 @@ extern "C" { @@ -90,22 +90,22 @@ extern "C" {
90#define X509_CERT_FILE "SSLCERTS:cert.pem" 90#define X509_CERT_FILE "SSLCERTS:cert.pem"
91#define X509_PRIVATE_DIR "SSLPRIVATE:" 91#define X509_PRIVATE_DIR "SSLPRIVATE:"
92#endif 92#endif
93 93
94#define X509_CERT_DIR_EVP "SSL_CERT_DIR" 94#define X509_CERT_DIR_EVP "SSL_CERT_DIR"
95#define X509_CERT_FILE_EVP "SSL_CERT_FILE" 95#define X509_CERT_FILE_EVP "SSL_CERT_FILE"
96 96
97/* size of string representations */ 97/* size of string representations */
98#define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1) 98#define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1)
99#define HEX_SIZE(type) (sizeof(type)*2) 99#define HEX_SIZE(type) (sizeof(type)*2)
100 100
101void OPENSSL_cpuid_setup(void); 101void OPENSSL_cpuid_setup(void);
102extern unsigned int OPENSSL_ia32cap_P[2]; 102extern unsigned int OPENSSL_ia32cap_P[2];
103void OPENSSL_showfatal(const char *,...); 103void OPENSSL_showfatal(const char *, ...);
104void *OPENSSL_stderr(void); 104void *OPENSSL_stderr(void);
105extern int OPENSSL_NONPIC_relocated; 105extern int OPENSSL_NONPIC_relocated;
106 106
107#ifdef __cplusplus 107#ifdef __cplusplus
108} 108}
109#endif 109#endif
110 110
111#endif 111#endif
cvs diff -r1.2 -r1.3 src/crypto/external/bsd/openssl/dist/crypto/ppccap.c (expand / switch to unified diff)

--- src/crypto/external/bsd/openssl/dist/crypto/ppccap.c 2012/07/27 23:01:23 1.2
+++ src/crypto/external/bsd/openssl/dist/crypto/ppccap.c 2013/02/05 21:31:24 1.3
@@ -1,18 +1,19 @@ @@ -1,18 +1,19 @@
1#include <stdio.h> 1#include <stdio.h>
2#include <stdlib.h> 2#include <stdlib.h>
3#include <string.h> 3#include <string.h>
4#include <setjmp.h> 4#include <setjmp.h>
5#include <signal.h> 5#include <signal.h>
 6#include <unistd.h>
6#include <crypto.h> 7#include <crypto.h>
7#include <openssl/bn.h> 8#include <openssl/bn.h>
8 9
9#define PPC_FPU64 (1<<0) 10#define PPC_FPU64 (1<<0)
10#define PPC_ALTIVEC (1<<1) 11#define PPC_ALTIVEC (1<<1)
11 12
12static int OPENSSL_ppccap_P = 0; 13static int OPENSSL_ppccap_P = 0;
13 14
14static sigset_t all_masked; 15static sigset_t all_masked;
15 16
16#ifdef OPENSSL_BN_ASM_MONT 17#ifdef OPENSSL_BN_ASM_MONT
17int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np, const BN_ULONG *n0, int num) 18int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np, const BN_ULONG *n0, int num)
18 { 19 {
@@ -43,26 +44,27 @@ int bn_mul_mont(BN_ULONG *rp, const BN_U @@ -43,26 +44,27 @@ int bn_mul_mont(BN_ULONG *rp, const BN_U
43 else if ((OPENSSL_ppccap_P&PPC_FPU64)) 44 else if ((OPENSSL_ppccap_P&PPC_FPU64))
44 /* this is a "must" on POWER6, but run-time detection 45 /* this is a "must" on POWER6, but run-time detection
45 * is not implemented yet... */ 46 * is not implemented yet... */
46 return bn_mul_mont_fpu64(rp,ap,bp,np,n0,num); 47 return bn_mul_mont_fpu64(rp,ap,bp,np,n0,num);
47 48
48 return bn_mul_mont_int(rp,ap,bp,np,n0,num); 49 return bn_mul_mont_int(rp,ap,bp,np,n0,num);
49 } 50 }
50#endif 51#endif
51 52
52static sigjmp_buf ill_jmp; 53static sigjmp_buf ill_jmp;
53static void ill_handler (int sig) { siglongjmp(ill_jmp,sig); } 54static void ill_handler (int sig) { siglongjmp(ill_jmp,sig); }
54 55
55void OPENSSL_ppc64_probe(void); 56void OPENSSL_ppc64_probe(void);
 57void OPENSSL_altivec_probe(void);
56 58
57void OPENSSL_cpuid_setup(void) 59void OPENSSL_cpuid_setup(void)
58 { 60 {
59 char *e; 61 char *e;
60 struct sigaction ill_oact,ill_act; 62 struct sigaction ill_oact,ill_act;
61 sigset_t oset; 63 sigset_t oset;
62 static int trigger=0; 64 static int trigger=0;
63 65
64 if (trigger) return; 66 if (trigger) return;
65 trigger=1; 67 trigger=1;
66  68
67 sigfillset(&all_masked); 69 sigfillset(&all_masked);
68 sigdelset(&all_masked,SIGILL); 70 sigdelset(&all_masked,SIGILL);
@@ -72,26 +74,35 @@ void OPENSSL_cpuid_setup(void) @@ -72,26 +74,35 @@ void OPENSSL_cpuid_setup(void)
72#endif 74#endif
73 sigdelset(&all_masked,SIGFPE); 75 sigdelset(&all_masked,SIGFPE);
74 sigdelset(&all_masked,SIGBUS); 76 sigdelset(&all_masked,SIGBUS);
75 sigdelset(&all_masked,SIGSEGV); 77 sigdelset(&all_masked,SIGSEGV);
76 78
77 if ((e=getenv("OPENSSL_ppccap")) != NULL) 79 if ((e=getenv("OPENSSL_ppccap")) != NULL)
78 { 80 {
79 OPENSSL_ppccap_P=strtoul(e,NULL,0); 81 OPENSSL_ppccap_P=strtoul(e,NULL,0);
80 return; 82 return;
81 } 83 }
82 84
83 OPENSSL_ppccap_P = 0; 85 OPENSSL_ppccap_P = 0;
84 86
 87#if defined(_AIX)
 88 if (sizeof(size_t)==4
 89# if defined(_SC_AIX_KERNEL_BITMODE)
 90 && sysconf(_SC_AIX_KERNEL_BITMODE)!=64
 91# endif
 92 )
 93 return;
 94#endif
 95
85 memset(&ill_act,0,sizeof(ill_act)); 96 memset(&ill_act,0,sizeof(ill_act));
86 ill_act.sa_handler = ill_handler; 97 ill_act.sa_handler = ill_handler;
87 ill_act.sa_mask = all_masked; 98 ill_act.sa_mask = all_masked;
88 99
89 sigprocmask(SIG_SETMASK,&ill_act.sa_mask,&oset); 100 sigprocmask(SIG_SETMASK,&ill_act.sa_mask,&oset);
90 sigaction(SIGILL,&ill_act,&ill_oact); 101 sigaction(SIGILL,&ill_act,&ill_oact);
91 102
92 if (sizeof(size_t)==4) 103 if (sizeof(size_t)==4)
93 { 104 {
94 if (sigsetjmp(ill_jmp,1) == 0) 105 if (sigsetjmp(ill_jmp,1) == 0)
95 { 106 {
96 OPENSSL_ppc64_probe(); 107 OPENSSL_ppc64_probe();
97 OPENSSL_ppccap_P |= PPC_FPU64; 108 OPENSSL_ppccap_P |= PPC_FPU64;
cvs diff -r1.3 -r1.4 src/crypto/external/bsd/openssl/dist/crypto/Attic/crypto.h (expand / switch to unified diff)

--- src/crypto/external/bsd/openssl/dist/crypto/Attic/crypto.h 2011/06/05 23:09:44 1.3
+++ src/crypto/external/bsd/openssl/dist/crypto/Attic/crypto.h 2013/02/05 21:31:24 1.4
@@ -478,30 +478,30 @@ void CRYPTO_get_mem_functions(void *(**m @@ -478,30 +478,30 @@ void CRYPTO_get_mem_functions(void *(**m
478void CRYPTO_get_locked_mem_functions(void *(**m)(size_t), void (**f)(void *)); 478void CRYPTO_get_locked_mem_functions(void *(**m)(size_t), void (**f)(void *));
479void CRYPTO_get_mem_ex_functions(void *(**m)(size_t,const char *,int), 479void CRYPTO_get_mem_ex_functions(void *(**m)(size_t,const char *,int),
480 void *(**r)(void *, size_t,const char *,int), 480 void *(**r)(void *, size_t,const char *,int),
481 void (**f)(void *)); 481 void (**f)(void *));
482void CRYPTO_get_locked_mem_ex_functions(void *(**m)(size_t,const char *,int), 482void CRYPTO_get_locked_mem_ex_functions(void *(**m)(size_t,const char *,int),
483 void (**f)(void *)); 483 void (**f)(void *));
484void CRYPTO_get_mem_debug_functions(void (**m)(void *,int,const char *,int,int), 484void CRYPTO_get_mem_debug_functions(void (**m)(void *,int,const char *,int,int),
485 void (**r)(void *,void *,int,const char *,int,int), 485 void (**r)(void *,void *,int,const char *,int,int),
486 void (**f)(void *,int), 486 void (**f)(void *,int),
487 void (**so)(long), 487 void (**so)(long),
488 long (**go)(void)); 488 long (**go)(void));
489 489
490void *CRYPTO_malloc_locked(int num, const char *file, int line); 490void *CRYPTO_malloc_locked(int num, const char *file, int line);
491void CRYPTO_free_locked(void *); 491void CRYPTO_free_locked(void *ptr);
492void *CRYPTO_malloc(int num, const char *file, int line); 492void *CRYPTO_malloc(int num, const char *file, int line);
493char *CRYPTO_strdup(const char *str, const char *file, int line); 493char *CRYPTO_strdup(const char *str, const char *file, int line);
494void CRYPTO_free(void *); 494void CRYPTO_free(void *ptr);
495void *CRYPTO_realloc(void *addr,int num, const char *file, int line); 495void *CRYPTO_realloc(void *addr,int num, const char *file, int line);
496void *CRYPTO_realloc_clean(void *addr,int old_num,int num,const char *file, 496void *CRYPTO_realloc_clean(void *addr,int old_num,int num,const char *file,
497 int line); 497 int line);
498void *CRYPTO_remalloc(void *addr,int num, const char *file, int line); 498void *CRYPTO_remalloc(void *addr,int num, const char *file, int line);
499 499
500void OPENSSL_cleanse(void *ptr, size_t len); 500void OPENSSL_cleanse(void *ptr, size_t len);
501 501
502void CRYPTO_set_mem_debug_options(long bits); 502void CRYPTO_set_mem_debug_options(long bits);
503long CRYPTO_get_mem_debug_options(void); 503long CRYPTO_get_mem_debug_options(void);
504 504
505#define CRYPTO_push_info(info) \ 505#define CRYPTO_push_info(info) \
506 CRYPTO_push_info_(info, __FILE__, __LINE__); 506 CRYPTO_push_info_(info, __FILE__, __LINE__);
507int CRYPTO_push_info_(const char *info, const char *file, int line); 507int CRYPTO_push_info_(const char *info, const char *file, int line);
@@ -564,26 +564,33 @@ void OPENSSL_init(void); @@ -564,26 +564,33 @@ void OPENSSL_init(void);
564 } \ 564 } \
565 int private_##alg##_Init(cx##_CTX *c) 565 int private_##alg##_Init(cx##_CTX *c)
566 566
567#define fips_cipher_abort(alg) \ 567#define fips_cipher_abort(alg) \
568 if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \ 568 if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
569 "Low level API call to cipher " #alg " forbidden in FIPS mode!") 569 "Low level API call to cipher " #alg " forbidden in FIPS mode!")
570 570
571#else 571#else
572#define fips_md_init_ctx(alg, cx) \ 572#define fips_md_init_ctx(alg, cx) \
573 int alg##_Init(cx##_CTX *c) 573 int alg##_Init(cx##_CTX *c)
574#define fips_cipher_abort(alg) while(0) 574#define fips_cipher_abort(alg) while(0)
575#endif 575#endif
576 576
 577/* CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. It
 578 * takes an amount of time dependent on |len|, but independent of the contents
 579 * of |a| and |b|. Unlike memcmp, it cannot be used to put elements into a
 580 * defined order as the return value when a != b is undefined, other than to be
 581 * non-zero. */
 582int CRYPTO_memcmp(const void *a, const void *b, size_t len);
 583
577/* BEGIN ERROR CODES */ 584/* BEGIN ERROR CODES */
578/* The following lines are auto generated by the script mkerr.pl. Any changes 585/* The following lines are auto generated by the script mkerr.pl. Any changes
579 * made after this point may be overwritten when the script is next run. 586 * made after this point may be overwritten when the script is next run.
580 */ 587 */
581void ERR_load_CRYPTO_strings(void); 588void ERR_load_CRYPTO_strings(void);
582 589
583/* Error codes for the CRYPTO functions. */ 590/* Error codes for the CRYPTO functions. */
584 591
585/* Function codes. */ 592/* Function codes. */
586#define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX 100 593#define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX 100
587#define CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID 103 594#define CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID 103
588#define CRYPTO_F_CRYPTO_GET_NEW_LOCKID 101 595#define CRYPTO_F_CRYPTO_GET_NEW_LOCKID 101
589#define CRYPTO_F_CRYPTO_SET_EX_DATA 102 596#define CRYPTO_F_CRYPTO_SET_EX_DATA 102
cvs diff -r1.3 -r1.4 src/crypto/external/bsd/openssl/dist/crypto/mem.c (expand / switch to unified diff)

--- src/crypto/external/bsd/openssl/dist/crypto/mem.c 2012/07/26 19:58:37 1.3
+++ src/crypto/external/bsd/openssl/dist/crypto/mem.c 2013/02/05 21:31:24 1.4
@@ -111,30 +111,30 @@ static void (*free_debug_func)(void *,in @@ -111,30 +111,30 @@ static void (*free_debug_func)(void *,in
111static void (*set_debug_options_func)(long) = CRYPTO_dbg_set_options; 111static void (*set_debug_options_func)(long) = CRYPTO_dbg_set_options;
112static long (*get_debug_options_func)(void) = CRYPTO_dbg_get_options; 112static long (*get_debug_options_func)(void) = CRYPTO_dbg_get_options;
113#else 113#else
114/* applications can use CRYPTO_malloc_debug_init() to select above case 114/* applications can use CRYPTO_malloc_debug_init() to select above case
115 * at run-time */ 115 * at run-time */
116static void (*malloc_debug_func)(void *,int,const char *,int,int) = NULL; 116static void (*malloc_debug_func)(void *,int,const char *,int,int) = NULL;
117static void (*realloc_debug_func)(void *,void *,int,const char *,int,int) 117static void (*realloc_debug_func)(void *,void *,int,const char *,int,int)
118 = NULL; 118 = NULL;
119static void (*free_debug_func)(void *,int) = NULL; 119static void (*free_debug_func)(void *,int) = NULL;
120static void (*set_debug_options_func)(long) = NULL; 120static void (*set_debug_options_func)(long) = NULL;
121static long (*get_debug_options_func)(void) = NULL; 121static long (*get_debug_options_func)(void) = NULL;
122#endif 122#endif
123 123
124 
125int CRYPTO_set_mem_functions(void *(*m)(size_t), void *(*r)(void *, size_t), 124int CRYPTO_set_mem_functions(void *(*m)(size_t), void *(*r)(void *, size_t),
126 void (*f)(void *)) 125 void (*f)(void *))
127 { 126 {
 127 /* Dummy call just to ensure OPENSSL_init() gets linked in */
128 OPENSSL_init(); 128 OPENSSL_init();
129 if (!allow_customize) 129 if (!allow_customize)
130 return 0; 130 return 0;
131 if ((m == 0) || (r == 0) || (f == 0)) 131 if ((m == 0) || (r == 0) || (f == 0))
132 return 0; 132 return 0;
133 malloc_func=m; malloc_ex_func=default_malloc_ex; 133 malloc_func=m; malloc_ex_func=default_malloc_ex;
134 realloc_func=r; realloc_ex_func=default_realloc_ex; 134 realloc_func=r; realloc_ex_func=default_realloc_ex;
135 free_func=f; 135 free_func=f;
136 malloc_locked_func=m; malloc_locked_ex_func=default_malloc_locked_ex; 136 malloc_locked_func=m; malloc_locked_ex_func=default_malloc_locked_ex;
137 free_locked_func=f; 137 free_locked_func=f;
138 return 1; 138 return 1;
139 } 139 }
140 140
cvs diff -r1.4 -r1.5 src/crypto/external/bsd/openssl/dist/crypto/Attic/opensslv.h (expand / switch to unified diff)

--- src/crypto/external/bsd/openssl/dist/crypto/Attic/opensslv.h 2012/07/26 19:58:37 1.4
+++ src/crypto/external/bsd/openssl/dist/crypto/Attic/opensslv.h 2013/02/05 21:31:24 1.5
@@ -15,31 +15,31 @@ @@ -15,31 +15,31 @@
15 * 0.9.4 0x0090400f 15 * 0.9.4 0x0090400f
16 * 1.2.3z 0x102031af 16 * 1.2.3z 0x102031af
17 * 17 *
18 * For continuity reasons (because 0.9.5 is already out, and is coded 18 * For continuity reasons (because 0.9.5 is already out, and is coded
19 * 0x00905100), between 0.9.5 and 0.9.6 the coding of the patch level 19 * 0x00905100), between 0.9.5 and 0.9.6 the coding of the patch level
20 * part is slightly different, by setting the highest bit. This means 20 * part is slightly different, by setting the highest bit. This means
21 * that 0.9.5a looks like this: 0x0090581f. At 0.9.6, we can start 21 * that 0.9.5a looks like this: 0x0090581f. At 0.9.6, we can start
22 * with 0x0090600S... 22 * with 0x0090600S...
23 * 23 *
24 * (Prior to 0.9.3-dev a different scheme was used: 0.9.2b is 0x0922.) 24 * (Prior to 0.9.3-dev a different scheme was used: 0.9.2b is 0x0922.)
25 * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for 25 * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
26 * major minor fix final patch/beta) 26 * major minor fix final patch/beta)
27 */ 27 */
28#define OPENSSL_VERSION_NUMBER 0x1000103fL 28#define OPENSSL_VERSION_NUMBER 0x1000104fL
29#ifdef OPENSSL_FIPS 29#ifdef OPENSSL_FIPS
30#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1c-fips 10 May 2012" 30#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1d-fips 5 Feb 2013"
31#else 31#else
32#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1c 10 May 2012" 32#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1d 5 Feb 2013"
33#endif 33#endif
34#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT 34#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
35 35
36 36
37/* The macros below are to be used for shared library (.so, .dll, ...) 37/* The macros below are to be used for shared library (.so, .dll, ...)
38 * versioning. That kind of versioning works a bit differently between 38 * versioning. That kind of versioning works a bit differently between
39 * operating systems. The most usual scheme is to set a major and a minor 39 * operating systems. The most usual scheme is to set a major and a minor
40 * number, and have the runtime loader check that the major number is equal 40 * number, and have the runtime loader check that the major number is equal
41 * to what it was at application link time, while the minor number has to 41 * to what it was at application link time, while the minor number has to
42 * be greater or equal to what it was at application link time. With this 42 * be greater or equal to what it was at application link time. With this
43 * scheme, the version number is usually part of the file name, like this: 43 * scheme, the version number is usually part of the file name, like this:
44 * 44 *
45 * libcrypto.so.0.9 45 * libcrypto.so.0.9
cvs diff -r1.3 -r1.4 src/crypto/external/bsd/openssl/dist/crypto/ec/Attic/ectest.c (expand / switch to unified diff)

--- src/crypto/external/bsd/openssl/dist/crypto/ec/Attic/ectest.c 2012/07/26 19:58:38 1.3
+++ src/crypto/external/bsd/openssl/dist/crypto/ec/Attic/ectest.c 2013/02/05 21:31:25 1.4
@@ -226,27 +226,27 @@ static void group_order_tests(EC_GROUP * @@ -226,27 +226,27 @@ static void group_order_tests(EC_GROUP *
226 if (!BN_mul(n2, n1, n2, ctx)) ABORT; 226 if (!BN_mul(n2, n1, n2, ctx)) ABORT;
227 if(!EC_POINT_mul(group, Q, NULL, P, n2, ctx)) ABORT; 227 if(!EC_POINT_mul(group, Q, NULL, P, n2, ctx)) ABORT;
228 if (0 != EC_POINT_cmp(group, Q, P, ctx)) ABORT; 228 if (0 != EC_POINT_cmp(group, Q, P, ctx)) ABORT;
229 fprintf(stdout, "ok\n"); 229 fprintf(stdout, "ok\n");
230 EC_POINT_free(P); 230 EC_POINT_free(P);
231 EC_POINT_free(Q); 231 EC_POINT_free(Q);
232 BN_free(n1); 232 BN_free(n1);
233 BN_free(n2); 233 BN_free(n2);
234 BN_free(order); 234 BN_free(order);
235 BN_CTX_free(ctx); 235 BN_CTX_free(ctx);
236 } 236 }
237 237
238static void prime_field_tests(void) 238static void prime_field_tests(void)
239 {  239 {
240 BN_CTX *ctx = NULL; 240 BN_CTX *ctx = NULL;
241 BIGNUM *p, *a, *b; 241 BIGNUM *p, *a, *b;
242 EC_GROUP *group; 242 EC_GROUP *group;
243 EC_GROUP *P_160 = NULL, *P_192 = NULL, *P_224 = NULL, *P_256 = NULL, *P_384 = NULL, *P_521 = NULL; 243 EC_GROUP *P_160 = NULL, *P_192 = NULL, *P_224 = NULL, *P_256 = NULL, *P_384 = NULL, *P_521 = NULL;
244 EC_POINT *P, *Q, *R; 244 EC_POINT *P, *Q, *R;
245 BIGNUM *x, *y, *z; 245 BIGNUM *x, *y, *z;
246 unsigned char buf[100]; 246 unsigned char buf[100];
247 size_t i, len; 247 size_t i, len;
248 int k; 248 int k;
249  249
250#if 1 /* optional */ 250#if 1 /* optional */
251 ctx = BN_CTX_new(); 251 ctx = BN_CTX_new();
252 if (!ctx) ABORT; 252 if (!ctx) ABORT;
cvs diff -r1.4 -r1.5 src/crypto/external/bsd/openssl/dist/crypto/evp/Attic/m_sha1.c (expand / switch to unified diff)

--- src/crypto/external/bsd/openssl/dist/crypto/evp/Attic/m_sha1.c 2011/06/05 23:09:46 1.4
+++ src/crypto/external/bsd/openssl/dist/crypto/evp/Attic/m_sha1.c 2013/02/05 21:31:25 1.5
@@ -55,27 +55,27 @@ @@ -55,27 +55,27 @@
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59#include <stdio.h> 59#include <stdio.h>
60#include "cryptlib.h" 60#include "cryptlib.h"
61 61
62#ifndef OPENSSL_FIPS 62#ifndef OPENSSL_FIPS
63 63
64#ifndef OPENSSL_NO_SHA 64#ifndef OPENSSL_NO_SHA
65 65
66#include <openssl/evp.h> 66#include <openssl/evp.h>
67#include <openssl/objects.h> 67#include <openssl/objects.h>
68#include <openssl/x509.h> 68#include <openssl/sha.h>
69#ifndef OPENSSL_NO_RSA 69#ifndef OPENSSL_NO_RSA
70#include <openssl/rsa.h> 70#include <openssl/rsa.h>
71#endif 71#endif
72 72
73 73
74static int init(EVP_MD_CTX *ctx) 74static int init(EVP_MD_CTX *ctx)
75 { return SHA1_Init(ctx->md_data); } 75 { return SHA1_Init(ctx->md_data); }
76 76
77static int update(EVP_MD_CTX *ctx,const void *data,size_t count) 77static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
78 { return SHA1_Update(ctx->md_data,data,count); } 78 { return SHA1_Update(ctx->md_data,data,count); }
79 79
80static int final(EVP_MD_CTX *ctx,unsigned char *md) 80static int final(EVP_MD_CTX *ctx,unsigned char *md)
81 { return SHA1_Final(md,ctx->md_data); } 81 { return SHA1_Final(md,ctx->md_data); }
cvs diff -r1.3 -r1.4 src/crypto/external/bsd/openssl/dist/crypto/md4/md4_dgst.c (expand / switch to unified diff)

--- src/crypto/external/bsd/openssl/dist/crypto/md4/md4_dgst.c 2011/06/05 23:09:47 1.3
+++ src/crypto/external/bsd/openssl/dist/crypto/md4/md4_dgst.c 2013/02/05 21:31:25 1.4
@@ -96,42 +96,43 @@ void md4_block_data_order (MD4_CTX *c, c @@ -96,42 +96,43 @@ void md4_block_data_order (MD4_CTX *c, c
96# define X(i) XX##i 96# define X(i) XX##i
97#else 97#else
98 MD4_LONG XX[MD4_LBLOCK]; 98 MD4_LONG XX[MD4_LBLOCK];
99# define X(i) XX[i] 99# define X(i) XX[i]
100#endif 100#endif
101 101
102 A=c->A; 102 A=c->A;
103 B=c->B; 103 B=c->B;
104 C=c->C; 104 C=c->C;
105 D=c->D; 105 D=c->D;
106 106
107 for (;num--;) 107 for (;num--;)
108 { 108 {
109 HOST_c2l(data,l); X( 0)=l; HOST_c2l(data,l); X( 1)=l; 109 (void)HOST_c2l(data,l); X( 0)=l;
 110 (void)HOST_c2l(data,l); X( 1)=l;
110 /* Round 0 */ 111 /* Round 0 */
111 R0(A,B,C,D,X( 0), 3,0); HOST_c2l(data,l); X( 2)=l; 112 R0(A,B,C,D,X( 0), 3,0); (void)HOST_c2l(data,l); X( 2)=l;
112 R0(D,A,B,C,X( 1), 7,0); HOST_c2l(data,l); X( 3)=l; 113 R0(D,A,B,C,X( 1), 7,0); (void)HOST_c2l(data,l); X( 3)=l;
113 R0(C,D,A,B,X( 2),11,0); HOST_c2l(data,l); X( 4)=l; 114 R0(C,D,A,B,X( 2),11,0); (void)HOST_c2l(data,l); X( 4)=l;
114 R0(B,C,D,A,X( 3),19,0); HOST_c2l(data,l); X( 5)=l; 115 R0(B,C,D,A,X( 3),19,0); (void)HOST_c2l(data,l); X( 5)=l;
115 R0(A,B,C,D,X( 4), 3,0); HOST_c2l(data,l); X( 6)=l; 116 R0(A,B,C,D,X( 4), 3,0); (void)HOST_c2l(data,l); X( 6)=l;
116 R0(D,A,B,C,X( 5), 7,0); HOST_c2l(data,l); X( 7)=l; 117 R0(D,A,B,C,X( 5), 7,0); (void)HOST_c2l(data,l); X( 7)=l;
117 R0(C,D,A,B,X( 6),11,0); HOST_c2l(data,l); X( 8)=l; 118 R0(C,D,A,B,X( 6),11,0); (void)HOST_c2l(data,l); X( 8)=l;
118 R0(B,C,D,A,X( 7),19,0); HOST_c2l(data,l); X( 9)=l; 119 R0(B,C,D,A,X( 7),19,0); (void)HOST_c2l(data,l); X( 9)=l;
119 R0(A,B,C,D,X( 8), 3,0); HOST_c2l(data,l); X(10)=l; 120 R0(A,B,C,D,X( 8), 3,0); (void)HOST_c2l(data,l); X(10)=l;
120 R0(D,A,B,C,X( 9), 7,0); HOST_c2l(data,l); X(11)=l; 121 R0(D,A,B,C,X( 9), 7,0); (void)HOST_c2l(data,l); X(11)=l;
121 R0(C,D,A,B,X(10),11,0); HOST_c2l(data,l); X(12)=l; 122 R0(C,D,A,B,X(10),11,0); (void)HOST_c2l(data,l); X(12)=l;
122 R0(B,C,D,A,X(11),19,0); HOST_c2l(data,l); X(13)=l; 123 R0(B,C,D,A,X(11),19,0); (void)HOST_c2l(data,l); X(13)=l;
123 R0(A,B,C,D,X(12), 3,0); HOST_c2l(data,l); X(14)=l; 124 R0(A,B,C,D,X(12), 3,0); (void)HOST_c2l(data,l); X(14)=l;
124 R0(D,A,B,C,X(13), 7,0); HOST_c2l(data,l); X(15)=l; 125 R0(D,A,B,C,X(13), 7,0); (void)HOST_c2l(data,l); X(15)=l;
125 R0(C,D,A,B,X(14),11,0); 126 R0(C,D,A,B,X(14),11,0);
126 R0(B,C,D,A,X(15),19,0); 127 R0(B,C,D,A,X(15),19,0);
127 /* Round 1 */ 128 /* Round 1 */
128 R1(A,B,C,D,X( 0), 3,0x5A827999L); 129 R1(A,B,C,D,X( 0), 3,0x5A827999L);
129 R1(D,A,B,C,X( 4), 5,0x5A827999L); 130 R1(D,A,B,C,X( 4), 5,0x5A827999L);
130 R1(C,D,A,B,X( 8), 9,0x5A827999L); 131 R1(C,D,A,B,X( 8), 9,0x5A827999L);
131 R1(B,C,D,A,X(12),13,0x5A827999L); 132 R1(B,C,D,A,X(12),13,0x5A827999L);
132 R1(A,B,C,D,X( 1), 3,0x5A827999L); 133 R1(A,B,C,D,X( 1), 3,0x5A827999L);
133 R1(D,A,B,C,X( 5), 5,0x5A827999L); 134 R1(D,A,B,C,X( 5), 5,0x5A827999L);
134 R1(C,D,A,B,X( 9), 9,0x5A827999L); 135 R1(C,D,A,B,X( 9), 9,0x5A827999L);
135 R1(B,C,D,A,X(13),13,0x5A827999L); 136 R1(B,C,D,A,X(13),13,0x5A827999L);
136 R1(A,B,C,D,X( 2), 3,0x5A827999L); 137 R1(A,B,C,D,X( 2), 3,0x5A827999L);
137 R1(D,A,B,C,X( 6), 5,0x5A827999L); 138 R1(D,A,B,C,X( 6), 5,0x5A827999L);
cvs diff -r1.2 -r1.3 src/crypto/external/bsd/openssl/dist/crypto/md5/Attic/md5_locl.h (expand / switch to unified diff)

--- src/crypto/external/bsd/openssl/dist/crypto/md5/Attic/md5_locl.h 2009/07/19 23:30:40 1.2
+++ src/crypto/external/bsd/openssl/dist/crypto/md5/Attic/md5_locl.h 2013/02/05 21:31:25 1.3
@@ -75,30 +75,30 @@ @@ -75,30 +75,30 @@
75 75
76void md5_block_data_order (MD5_CTX *c, const void *p,size_t num); 76void md5_block_data_order (MD5_CTX *c, const void *p,size_t num);
77 77
78#define DATA_ORDER_IS_LITTLE_ENDIAN 78#define DATA_ORDER_IS_LITTLE_ENDIAN
79 79
80#define HASH_LONG MD5_LONG 80#define HASH_LONG MD5_LONG
81#define HASH_CTX MD5_CTX 81#define HASH_CTX MD5_CTX
82#define HASH_CBLOCK MD5_CBLOCK 82#define HASH_CBLOCK MD5_CBLOCK
83#define HASH_UPDATE MD5_Update 83#define HASH_UPDATE MD5_Update
84#define HASH_TRANSFORM MD5_Transform 84#define HASH_TRANSFORM MD5_Transform
85#define HASH_FINAL MD5_Final 85#define HASH_FINAL MD5_Final
86#define HASH_MAKE_STRING(c,s) do { \ 86#define HASH_MAKE_STRING(c,s) do { \
87 unsigned long ll; \ 87 unsigned long ll; \
88 ll=(c)->A; HOST_l2c(ll,(s)); \ 88 ll=(c)->A; (void)HOST_l2c(ll,(s)); \
89 ll=(c)->B; HOST_l2c(ll,(s)); \ 89 ll=(c)->B; (void)HOST_l2c(ll,(s)); \
90 ll=(c)->C; HOST_l2c(ll,(s)); \ 90 ll=(c)->C; (void)HOST_l2c(ll,(s)); \
91 ll=(c)->D; HOST_l2c(ll,(s)); \ 91 ll=(c)->D; (void)HOST_l2c(ll,(s)); \
92 } while (0) 92 } while (0)
93#define HASH_BLOCK_DATA_ORDER md5_block_data_order 93#define HASH_BLOCK_DATA_ORDER md5_block_data_order
94 94
95#include "md32_common.h" 95#include "md32_common.h"
96 96
97/* 97/*
98#define F(x,y,z) (((x) & (y)) | ((~(x)) & (z))) 98#define F(x,y,z) (((x) & (y)) | ((~(x)) & (z)))
99#define G(x,y,z) (((x) & (z)) | ((y) & (~(z)))) 99#define G(x,y,z) (((x) & (z)) | ((y) & (~(z))))
100*/ 100*/
101 101
102/* As pointed out by Wei Dai <weidai@eskimo.com>, the above can be 102/* As pointed out by Wei Dai <weidai@eskimo.com>, the above can be
103 * simplified to the code below. Wei attributes these optimizations 103 * simplified to the code below. Wei attributes these optimizations
104 * to Peter Gutmann's SHS code, and he attributes it to Rich Schroeppel. 104 * to Peter Gutmann's SHS code, and he attributes it to Rich Schroeppel.
cvs diff -r1.2 -r1.3 src/crypto/external/bsd/openssl/dist/crypto/objects/o_names.c (expand / switch to unified diff)

--- src/crypto/external/bsd/openssl/dist/crypto/objects/o_names.c 2009/07/19 23:30:40 1.2
+++ src/crypto/external/bsd/openssl/dist/crypto/objects/o_names.c 2013/02/05 21:31:25 1.3
@@ -63,27 +63,27 @@ int OBJ_NAME_new_index(unsigned long (*h @@ -63,27 +63,27 @@ int OBJ_NAME_new_index(unsigned long (*h
63 int (*cmp_func)(const char *, const char *), 63 int (*cmp_func)(const char *, const char *),
64 void (*free_func)(const char *, int, const char *)) 64 void (*free_func)(const char *, int, const char *))
65 { 65 {
66 int ret; 66 int ret;
67 int i; 67 int i;
68 NAME_FUNCS *name_funcs; 68 NAME_FUNCS *name_funcs;
69 69
70 if (name_funcs_stack == NULL) 70 if (name_funcs_stack == NULL)
71 { 71 {
72 MemCheck_off(); 72 MemCheck_off();
73 name_funcs_stack=sk_NAME_FUNCS_new_null(); 73 name_funcs_stack=sk_NAME_FUNCS_new_null();
74 MemCheck_on(); 74 MemCheck_on();
75 } 75 }
76 if ((name_funcs_stack == NULL)) 76 if (name_funcs_stack == NULL)
77 { 77 {
78 /* ERROR */ 78 /* ERROR */
79 return(0); 79 return(0);
80 } 80 }
81 ret=names_type_num; 81 ret=names_type_num;
82 names_type_num++; 82 names_type_num++;
83 for (i=sk_NAME_FUNCS_num(name_funcs_stack); i<names_type_num; i++) 83 for (i=sk_NAME_FUNCS_num(name_funcs_stack); i<names_type_num; i++)
84 { 84 {
85 MemCheck_off(); 85 MemCheck_off();
86 name_funcs = OPENSSL_malloc(sizeof(NAME_FUNCS)); 86 name_funcs = OPENSSL_malloc(sizeof(NAME_FUNCS));
87 MemCheck_on(); 87 MemCheck_on();
88 if (!name_funcs) 88 if (!name_funcs)
89 { 89 {
cvs diff -r1.3 -r1.4 src/crypto/external/bsd/openssl/dist/crypto/rand/Attic/md_rand.c (expand / switch to unified diff)

--- src/crypto/external/bsd/openssl/dist/crypto/rand/Attic/md_rand.c 2012/03/07 10:17:47 1.3
+++ src/crypto/external/bsd/openssl/dist/crypto/rand/Attic/md_rand.c 2013/02/05 21:31:25 1.4
@@ -113,30 +113,30 @@ @@ -113,30 +113,30 @@
113 113
114#ifdef MD_RAND_DEBUG 114#ifdef MD_RAND_DEBUG
115# ifndef NDEBUG 115# ifndef NDEBUG
116# define NDEBUG 116# define NDEBUG
117# endif 117# endif
118#endif 118#endif
119 119
120#include <assert.h> 120#include <assert.h>
121#include <stdio.h> 121#include <stdio.h>
122#include <string.h> 122#include <string.h>
123 123
124#include "e_os.h" 124#include "e_os.h"
125 125
 126#include <openssl/crypto.h>
126#include <openssl/rand.h> 127#include <openssl/rand.h>
127#include "rand_lcl.h" 128#include "rand_lcl.h"
128 129
129#include <openssl/crypto.h> 
130#include <openssl/err.h> 130#include <openssl/err.h>
131 131
132#ifdef BN_DEBUG 132#ifdef BN_DEBUG
133# define PREDICT 133# define PREDICT
134#endif 134#endif
135 135
136/* #define PREDICT 1 */ 136/* #define PREDICT 1 */
137 137
138#define STATE_SIZE 1023 138#define STATE_SIZE 1023
139static int state_num=0,state_index=0; 139static int state_num=0,state_index=0;
140static unsigned char state[STATE_SIZE+MD_DIGEST_LENGTH]; 140static unsigned char state[STATE_SIZE+MD_DIGEST_LENGTH];
141static unsigned char md[MD_DIGEST_LENGTH]; 141static unsigned char md[MD_DIGEST_LENGTH];
142static long md_count[2]={0,0}; 142static long md_count[2]={0,0};
cvs diff -r1.4 -r1.5 src/crypto/external/bsd/openssl/dist/crypto/rand/randfile.c (expand / switch to unified diff)

--- src/crypto/external/bsd/openssl/dist/crypto/rand/randfile.c 2012/07/26 19:58:38 1.4
+++ src/crypto/external/bsd/openssl/dist/crypto/rand/randfile.c 2013/02/05 21:31:25 1.5
@@ -47,27 +47,29 @@ @@ -47,27 +47,29 @@
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 *  52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59/* We need to define this to get macros like S_IFBLK and S_IFCHR */ 59/* We need to define this to get macros like S_IFBLK and S_IFCHR */
 60#if !defined(OPENSSL_SYS_VXWORKS)
60#define _XOPEN_SOURCE 500 61#define _XOPEN_SOURCE 500
 62#endif
61 63
62#include <errno.h> 64#include <errno.h>
63#include <stdio.h> 65#include <stdio.h>
64#include <stdlib.h> 66#include <stdlib.h>
65#include <string.h> 67#include <string.h>
66 68
67#include "e_os.h" 69#include "e_os.h"
68#include <openssl/crypto.h> 70#include <openssl/crypto.h>
69#include <openssl/rand.h> 71#include <openssl/rand.h>
70#include <openssl/buffer.h> 72#include <openssl/buffer.h>
71 73
72#ifdef OPENSSL_SYS_VMS 74#ifdef OPENSSL_SYS_VMS
73#include <unixio.h> 75#include <unixio.h>
cvs diff -r1.3 -r1.4 src/crypto/external/bsd/openssl/dist/crypto/ripemd/rmd_dgst.c (expand / switch to unified diff)

--- src/crypto/external/bsd/openssl/dist/crypto/ripemd/rmd_dgst.c 2011/06/05 23:09:47 1.3
+++ src/crypto/external/bsd/openssl/dist/crypto/ripemd/rmd_dgst.c 2013/02/05 21:31:25 1.4
@@ -95,41 +95,41 @@ void ripemd160_block_data_order (RIPEMD1 @@ -95,41 +95,41 @@ void ripemd160_block_data_order (RIPEMD1
95 MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, 95 MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
96 XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15; 96 XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15;
97# define X(i) XX##i 97# define X(i) XX##i
98#else 98#else
99 RIPEMD160_LONG XX[16]; 99 RIPEMD160_LONG XX[16];
100# define X(i) XX[i] 100# define X(i) XX[i]
101#endif 101#endif
102 102
103 for (;num--;) 103 for (;num--;)
104 { 104 {
105 105
106 A=ctx->A; B=ctx->B; C=ctx->C; D=ctx->D; E=ctx->E; 106 A=ctx->A; B=ctx->B; C=ctx->C; D=ctx->D; E=ctx->E;
107 107
108 HOST_c2l(data,l); X( 0)=l; HOST_c2l(data,l); X( 1)=l; 108 (void)HOST_c2l(data,l); X( 0)=l;(void)HOST_c2l(data,l); X( 1)=l;
109 RIP1(A,B,C,D,E,WL00,SL00); HOST_c2l(data,l); X( 2)=l; 109 RIP1(A,B,C,D,E,WL00,SL00); (void)HOST_c2l(data,l); X( 2)=l;
110 RIP1(E,A,B,C,D,WL01,SL01); HOST_c2l(data,l); X( 3)=l; 110 RIP1(E,A,B,C,D,WL01,SL01); (void)HOST_c2l(data,l); X( 3)=l;
111 RIP1(D,E,A,B,C,WL02,SL02); HOST_c2l(data,l); X( 4)=l; 111 RIP1(D,E,A,B,C,WL02,SL02); (void)HOST_c2l(data,l); X( 4)=l;
112 RIP1(C,D,E,A,B,WL03,SL03); HOST_c2l(data,l); X( 5)=l; 112 RIP1(C,D,E,A,B,WL03,SL03); (void)HOST_c2l(data,l); X( 5)=l;
113 RIP1(B,C,D,E,A,WL04,SL04); HOST_c2l(data,l); X( 6)=l; 113 RIP1(B,C,D,E,A,WL04,SL04); (void)HOST_c2l(data,l); X( 6)=l;
114 RIP1(A,B,C,D,E,WL05,SL05); HOST_c2l(data,l); X( 7)=l; 114 RIP1(A,B,C,D,E,WL05,SL05); (void)HOST_c2l(data,l); X( 7)=l;
115 RIP1(E,A,B,C,D,WL06,SL06); HOST_c2l(data,l); X( 8)=l; 115 RIP1(E,A,B,C,D,WL06,SL06); (void)HOST_c2l(data,l); X( 8)=l;
116 RIP1(D,E,A,B,C,WL07,SL07); HOST_c2l(data,l); X( 9)=l; 116 RIP1(D,E,A,B,C,WL07,SL07); (void)HOST_c2l(data,l); X( 9)=l;
117 RIP1(C,D,E,A,B,WL08,SL08); HOST_c2l(data,l); X(10)=l; 117 RIP1(C,D,E,A,B,WL08,SL08); (void)HOST_c2l(data,l); X(10)=l;
118 RIP1(B,C,D,E,A,WL09,SL09); HOST_c2l(data,l); X(11)=l; 118 RIP1(B,C,D,E,A,WL09,SL09); (void)HOST_c2l(data,l); X(11)=l;
119 RIP1(A,B,C,D,E,WL10,SL10); HOST_c2l(data,l); X(12)=l; 119 RIP1(A,B,C,D,E,WL10,SL10); (void)HOST_c2l(data,l); X(12)=l;
120 RIP1(E,A,B,C,D,WL11,SL11); HOST_c2l(data,l); X(13)=l; 120 RIP1(E,A,B,C,D,WL11,SL11); (void)HOST_c2l(data,l); X(13)=l;
121 RIP1(D,E,A,B,C,WL12,SL12); HOST_c2l(data,l); X(14)=l; 121 RIP1(D,E,A,B,C,WL12,SL12); (void)HOST_c2l(data,l); X(14)=l;
122 RIP1(C,D,E,A,B,WL13,SL13); HOST_c2l(data,l); X(15)=l; 122 RIP1(C,D,E,A,B,WL13,SL13); (void)HOST_c2l(data,l); X(15)=l;
123 RIP1(B,C,D,E,A,WL14,SL14); 123 RIP1(B,C,D,E,A,WL14,SL14);
124 RIP1(A,B,C,D,E,WL15,SL15); 124 RIP1(A,B,C,D,E,WL15,SL15);
125 125
126 RIP2(E,A,B,C,D,WL16,SL16,KL1); 126 RIP2(E,A,B,C,D,WL16,SL16,KL1);
127 RIP2(D,E,A,B,C,WL17,SL17,KL1); 127 RIP2(D,E,A,B,C,WL17,SL17,KL1);
128 RIP2(C,D,E,A,B,WL18,SL18,KL1); 128 RIP2(C,D,E,A,B,WL18,SL18,KL1);
129 RIP2(B,C,D,E,A,WL19,SL19,KL1); 129 RIP2(B,C,D,E,A,WL19,SL19,KL1);
130 RIP2(A,B,C,D,E,WL20,SL20,KL1); 130 RIP2(A,B,C,D,E,WL20,SL20,KL1);
131 RIP2(E,A,B,C,D,WL21,SL21,KL1); 131 RIP2(E,A,B,C,D,WL21,SL21,KL1);
132 RIP2(D,E,A,B,C,WL22,SL22,KL1); 132 RIP2(D,E,A,B,C,WL22,SL22,KL1);
133 RIP2(C,D,E,A,B,WL23,SL23,KL1); 133 RIP2(C,D,E,A,B,WL23,SL23,KL1);
134 RIP2(B,C,D,E,A,WL24,SL24,KL1); 134 RIP2(B,C,D,E,A,WL24,SL24,KL1);
135 RIP2(A,B,C,D,E,WL25,SL25,KL1); 135 RIP2(A,B,C,D,E,WL25,SL25,KL1);
cvs diff -r1.2 -r1.3 src/crypto/external/bsd/openssl/dist/crypto/ripemd/Attic/rmd_locl.h (expand / switch to unified diff)

--- src/crypto/external/bsd/openssl/dist/crypto/ripemd/Attic/rmd_locl.h 2009/07/19 23:30:41 1.2
+++ src/crypto/external/bsd/openssl/dist/crypto/ripemd/Attic/rmd_locl.h 2013/02/05 21:31:25 1.3
@@ -77,31 +77,31 @@ @@ -77,31 +77,31 @@
77 77
78void ripemd160_block_data_order (RIPEMD160_CTX *c, const void *p,size_t num); 78void ripemd160_block_data_order (RIPEMD160_CTX *c, const void *p,size_t num);
79 79
80#define DATA_ORDER_IS_LITTLE_ENDIAN 80#define DATA_ORDER_IS_LITTLE_ENDIAN
81 81
82#define HASH_LONG RIPEMD160_LONG 82#define HASH_LONG RIPEMD160_LONG
83#define HASH_CTX RIPEMD160_CTX 83#define HASH_CTX RIPEMD160_CTX
84#define HASH_CBLOCK RIPEMD160_CBLOCK 84#define HASH_CBLOCK RIPEMD160_CBLOCK
85#define HASH_UPDATE RIPEMD160_Update 85#define HASH_UPDATE RIPEMD160_Update
86#define HASH_TRANSFORM RIPEMD160_Transform 86#define HASH_TRANSFORM RIPEMD160_Transform
87#define HASH_FINAL RIPEMD160_Final 87#define HASH_FINAL RIPEMD160_Final
88#define HASH_MAKE_STRING(c,s) do { \ 88#define HASH_MAKE_STRING(c,s) do { \
89 unsigned long ll; \ 89 unsigned long ll; \
90 ll=(c)->A; HOST_l2c(ll,(s)); \ 90 ll=(c)->A; (void)HOST_l2c(ll,(s)); \
91 ll=(c)->B; HOST_l2c(ll,(s)); \ 91 ll=(c)->B; (void)HOST_l2c(ll,(s)); \
92 ll=(c)->C; HOST_l2c(ll,(s)); \ 92 ll=(c)->C; (void)HOST_l2c(ll,(s)); \
93 ll=(c)->D; HOST_l2c(ll,(s)); \ 93 ll=(c)->D; (void)HOST_l2c(ll,(s)); \
94 ll=(c)->E; HOST_l2c(ll,(s)); \ 94 ll=(c)->E; (void)HOST_l2c(ll,(s)); \
95 } while (0) 95 } while (0)
96#define HASH_BLOCK_DATA_ORDER ripemd160_block_data_order 96#define HASH_BLOCK_DATA_ORDER ripemd160_block_data_order
97 97
98#include "md32_common.h" 98#include "md32_common.h"
99 99
100#if 0 100#if 0
101#define F1(x,y,z) ((x)^(y)^(z)) 101#define F1(x,y,z) ((x)^(y)^(z))
102#define F2(x,y,z) (((x)&(y))|((~x)&z)) 102#define F2(x,y,z) (((x)&(y))|((~x)&z))
103#define F3(x,y,z) (((x)|(~y))^(z)) 103#define F3(x,y,z) (((x)|(~y))^(z))
104#define F4(x,y,z) (((x)&(z))|((y)&(~(z)))) 104#define F4(x,y,z) (((x)&(z))|((y)&(~(z))))
105#define F5(x,y,z) ((x)^((y)|(~(z)))) 105#define F5(x,y,z) ((x)^((y)|(~(z))))
106#else 106#else
107/* 107/*
cvs diff -r1.4 -r1.5 src/crypto/external/bsd/openssl/dist/crypto/rsa/Attic/rsa_eay.c (expand / switch to unified diff)

--- src/crypto/external/bsd/openssl/dist/crypto/rsa/Attic/rsa_eay.c 2012/07/26 19:58:39 1.4
+++ src/crypto/external/bsd/openssl/dist/crypto/rsa/Attic/rsa_eay.c 2013/02/05 21:31:26 1.5
@@ -859,32 +859,32 @@ static int RSA_eay_mod_exp(BIGNUM *r0, c @@ -859,32 +859,32 @@ static int RSA_eay_mod_exp(BIGNUM *r0, c
859 if (!BN_mul(r1,r0,rsa->iqmp,ctx)) goto err; 859 if (!BN_mul(r1,r0,rsa->iqmp,ctx)) goto err;
860 860
861 /* Turn BN_FLG_CONSTTIME flag on before division operation */ 861 /* Turn BN_FLG_CONSTTIME flag on before division operation */
862 if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) 862 if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
863 { 863 {
864 pr1 = &local_r1; 864 pr1 = &local_r1;
865 BN_with_flags(pr1, r1, BN_FLG_CONSTTIME); 865 BN_with_flags(pr1, r1, BN_FLG_CONSTTIME);
866 } 866 }
867 else 867 else
868 pr1 = r1; 868 pr1 = r1;
869 if (!BN_mod(r0,pr1,rsa->p,ctx)) goto err; 869 if (!BN_mod(r0,pr1,rsa->p,ctx)) goto err;
870 870
871 /* If p < q it is occasionally possible for the correction of 871 /* If p < q it is occasionally possible for the correction of
872 * adding 'p' if r0 is negative above to leave the result still 872 * adding 'p' if r0 is negative above to leave the result still
873 * negative. This can break the private key operations: the following 873 * negative. This can break the private key operations: the following
874 * second correction should *always* correct this rare occurrence. 874 * second correction should *always* correct this rare occurrence.
875 * This will *never* happen with OpenSSL generated keys because 875 * This will *never* happen with OpenSSL generated keys because
876 * they ensure p > q [steve] 876 * they ensure p > q [steve]
877 */ 877 */
878 if (BN_is_negative(r0)) 878 if (BN_is_negative(r0))
879 if (!BN_add(r0,r0,rsa->p)) goto err; 879 if (!BN_add(r0,r0,rsa->p)) goto err;
880 if (!BN_mul(r1,r0,rsa->q,ctx)) goto err; 880 if (!BN_mul(r1,r0,rsa->q,ctx)) goto err;
881 if (!BN_add(r0,r1,m1)) goto err; 881 if (!BN_add(r0,r1,m1)) goto err;
882 882
883 if (rsa->e && rsa->n) 883 if (rsa->e && rsa->n)
884 { 884 {
885 if (!rsa->meth->bn_mod_exp(vrfy,r0,rsa->e,rsa->n,ctx,rsa->_method_mod_n)) goto err; 885 if (!rsa->meth->bn_mod_exp(vrfy,r0,rsa->e,rsa->n,ctx,rsa->_method_mod_n)) goto err;
886 /* If 'I' was greater than (or equal to) rsa->n, the operation 886 /* If 'I' was greater than (or equal to) rsa->n, the operation
887 * will be equivalent to using 'I mod n'. However, the result of 887 * will be equivalent to using 'I mod n'. However, the result of
888 * the verify will *always* be less than 'n' so we don't check 888 * the verify will *always* be less than 'n' so we don't check
889 * for absolute equality, just congruency. */ 889 * for absolute equality, just congruency. */
890 if (!BN_sub(vrfy, vrfy, I)) goto err; 890 if (!BN_sub(vrfy, vrfy, I)) goto err;
cvs diff -r1.3 -r1.4 src/crypto/external/bsd/openssl/dist/crypto/sha/sha256.c (expand / switch to unified diff)

--- src/crypto/external/bsd/openssl/dist/crypto/sha/sha256.c 2011/06/05 23:09:48 1.3
+++ src/crypto/external/bsd/openssl/dist/crypto/sha/sha256.c 2013/02/05 21:31:26 1.4
@@ -78,37 +78,37 @@ int SHA224_Final (unsigned char *md, SHA @@ -78,37 +78,37 @@ int SHA224_Final (unsigned char *md, SHA
78 * Note that FIPS180-2 discusses "Truncation of the Hash Function Output." 78 * Note that FIPS180-2 discusses "Truncation of the Hash Function Output."
79 * default: case below covers for it. It's not clear however if it's 79 * default: case below covers for it. It's not clear however if it's
80 * permitted to truncate to amount of bytes not divisible by 4. I bet not, 80 * permitted to truncate to amount of bytes not divisible by 4. I bet not,
81 * but if it is, then default: case shall be extended. For reference. 81 * but if it is, then default: case shall be extended. For reference.
82 * Idea behind separate cases for pre-defined lenghts is to let the 82 * Idea behind separate cases for pre-defined lenghts is to let the
83 * compiler decide if it's appropriate to unroll small loops. 83 * compiler decide if it's appropriate to unroll small loops.
84 */ 84 */
85#define HASH_MAKE_STRING(c,s) do { \ 85#define HASH_MAKE_STRING(c,s) do { \
86 unsigned long ll; \ 86 unsigned long ll; \
87 unsigned int nn; \ 87 unsigned int nn; \
88 switch ((c)->md_len) \ 88 switch ((c)->md_len) \
89 { case SHA224_DIGEST_LENGTH: \ 89 { case SHA224_DIGEST_LENGTH: \
90 for (nn=0;nn<SHA224_DIGEST_LENGTH/4;nn++) \ 90 for (nn=0;nn<SHA224_DIGEST_LENGTH/4;nn++) \
91 { ll=(c)->h[nn]; HOST_l2c(ll,(s)); } \ 91 { ll=(c)->h[nn]; (void)HOST_l2c(ll,(s)); } \
92 break; \ 92 break; \
93 case SHA256_DIGEST_LENGTH: \ 93 case SHA256_DIGEST_LENGTH: \
94 for (nn=0;nn<SHA256_DIGEST_LENGTH/4;nn++) \ 94 for (nn=0;nn<SHA256_DIGEST_LENGTH/4;nn++) \
95 { ll=(c)->h[nn]; HOST_l2c(ll,(s)); } \ 95 { ll=(c)->h[nn]; (void)HOST_l2c(ll,(s)); } \
96 break; \ 96 break; \
97 default: \ 97 default: \
98 if ((c)->md_len > SHA256_DIGEST_LENGTH) \ 98 if ((c)->md_len > SHA256_DIGEST_LENGTH) \
99 return 0; \ 99 return 0; \
100 for (nn=0;nn<(c)->md_len/4;nn++) \ 100 for (nn=0;nn<(c)->md_len/4;nn++) \
101 { ll=(c)->h[nn]; HOST_l2c(ll,(s)); } \ 101 { ll=(c)->h[nn]; (void)HOST_l2c(ll,(s)); } \
102 break; \ 102 break; \
103 } \ 103 } \
104 } while (0) 104 } while (0)
105 105
106#define HASH_UPDATE SHA256_Update 106#define HASH_UPDATE SHA256_Update
107#define HASH_TRANSFORM SHA256_Transform 107#define HASH_TRANSFORM SHA256_Transform
108#define HASH_FINAL SHA256_Final 108#define HASH_FINAL SHA256_Final
109#define HASH_BLOCK_DATA_ORDER sha256_block_data_order 109#define HASH_BLOCK_DATA_ORDER sha256_block_data_order
110#ifndef SHA256_ASM 110#ifndef SHA256_ASM
111static 111static
112#endif 112#endif
113void sha256_block_data_order (SHA256_CTX *ctx, const void *in, size_t num); 113void sha256_block_data_order (SHA256_CTX *ctx, const void *in, size_t num);
114 114
cvs diff -r1.3 -r1.4 src/crypto/external/bsd/openssl/dist/crypto/sha/Attic/sha_locl.h (expand / switch to unified diff)

--- src/crypto/external/bsd/openssl/dist/crypto/sha/Attic/sha_locl.h 2011/06/05 23:09:48 1.3
+++ src/crypto/external/bsd/openssl/dist/crypto/sha/Attic/sha_locl.h 2013/02/05 21:31:26 1.4
@@ -59,31 +59,31 @@ @@ -59,31 +59,31 @@
59#include <stdlib.h> 59#include <stdlib.h>
60#include <string.h> 60#include <string.h>
61 61
62#include <openssl/opensslconf.h> 62#include <openssl/opensslconf.h>
63#include <openssl/sha.h> 63#include <openssl/sha.h>
64 64
65#define DATA_ORDER_IS_BIG_ENDIAN 65#define DATA_ORDER_IS_BIG_ENDIAN
66 66
67#define HASH_LONG SHA_LONG 67#define HASH_LONG SHA_LONG
68#define HASH_CTX SHA_CTX 68#define HASH_CTX SHA_CTX
69#define HASH_CBLOCK SHA_CBLOCK 69#define HASH_CBLOCK SHA_CBLOCK
70#define HASH_MAKE_STRING(c,s) do { \ 70#define HASH_MAKE_STRING(c,s) do { \
71 SHA_LONG ll; \ 71 SHA_LONG ll; \
72 ll=(c)->h0; HOST_l2c(ll,(s)); \ 72 ll=(c)->h0; (void)HOST_l2c(ll,(s)); \
73 ll=(c)->h1; HOST_l2c(ll,(s)); \ 73 ll=(c)->h1; (void)HOST_l2c(ll,(s)); \
74 ll=(c)->h2; HOST_l2c(ll,(s)); \ 74 ll=(c)->h2; (void)HOST_l2c(ll,(s)); \
75 ll=(c)->h3; HOST_l2c(ll,(s)); \ 75 ll=(c)->h3; (void)HOST_l2c(ll,(s)); \
76 ll=(c)->h4; HOST_l2c(ll,(s)); \ 76 ll=(c)->h4; (void)HOST_l2c(ll,(s)); \
77 } while (0) 77 } while (0)
78 78
79#if defined(SHA_0) 79#if defined(SHA_0)
80 80
81# define HASH_UPDATE SHA_Update 81# define HASH_UPDATE SHA_Update
82# define HASH_TRANSFORM SHA_Transform 82# define HASH_TRANSFORM SHA_Transform
83# define HASH_FINAL SHA_Final 83# define HASH_FINAL SHA_Final
84# define HASH_INIT SHA_Init 84# define HASH_INIT SHA_Init
85# define HASH_BLOCK_DATA_ORDER sha_block_data_order 85# define HASH_BLOCK_DATA_ORDER sha_block_data_order
86# define Xupdate(a,ix,ia,ib,ic,id) (ix=(a)=(ia^ib^ic^id)) 86# define Xupdate(a,ix,ia,ib,ic,id) (ix=(a)=(ia^ib^ic^id))
87 87
88static void sha_block_data_order (SHA_CTX *c, const void *p,size_t num); 88static void sha_block_data_order (SHA_CTX *c, const void *p,size_t num);
89 89
@@ -246,41 +246,41 @@ static void HASH_BLOCK_DATA_ORDER (SHA_C @@ -246,41 +246,41 @@ static void HASH_BLOCK_DATA_ORDER (SHA_C
246 BODY_00_15( 8,E,T,A,B,C,D,X( 8)); X(10) = W[10]; 246 BODY_00_15( 8,E,T,A,B,C,D,X( 8)); X(10) = W[10];
247 BODY_00_15( 9,D,E,T,A,B,C,X( 9)); X(11) = W[11]; 247 BODY_00_15( 9,D,E,T,A,B,C,X( 9)); X(11) = W[11];
248 BODY_00_15(10,C,D,E,T,A,B,X(10)); X(12) = W[12]; 248 BODY_00_15(10,C,D,E,T,A,B,X(10)); X(12) = W[12];
249 BODY_00_15(11,B,C,D,E,T,A,X(11)); X(13) = W[13]; 249 BODY_00_15(11,B,C,D,E,T,A,X(11)); X(13) = W[13];
250 BODY_00_15(12,A,B,C,D,E,T,X(12)); X(14) = W[14]; 250 BODY_00_15(12,A,B,C,D,E,T,X(12)); X(14) = W[14];
251 BODY_00_15(13,T,A,B,C,D,E,X(13)); X(15) = W[15]; 251 BODY_00_15(13,T,A,B,C,D,E,X(13)); X(15) = W[15];
252 BODY_00_15(14,E,T,A,B,C,D,X(14)); 252 BODY_00_15(14,E,T,A,B,C,D,X(14));
253 BODY_00_15(15,D,E,T,A,B,C,X(15)); 253 BODY_00_15(15,D,E,T,A,B,C,X(15));
254 254
255 data += SHA_CBLOCK; 255 data += SHA_CBLOCK;
256 } 256 }
257 else 257 else
258 { 258 {
259 HOST_c2l(data,l); X( 0)=l; HOST_c2l(data,l); X( 1)=l; 259 (void)HOST_c2l(data,l); X( 0)=l; (void)HOST_c2l(data,l); X( 1)=l;
260 BODY_00_15( 0,A,B,C,D,E,T,X( 0)); HOST_c2l(data,l); X( 2)=l; 260 BODY_00_15( 0,A,B,C,D,E,T,X( 0)); (void)HOST_c2l(data,l); X( 2)=l;
261 BODY_00_15( 1,T,A,B,C,D,E,X( 1)); HOST_c2l(data,l); X( 3)=l; 261 BODY_00_15( 1,T,A,B,C,D,E,X( 1)); (void)HOST_c2l(data,l); X( 3)=l;
262 BODY_00_15( 2,E,T,A,B,C,D,X( 2)); HOST_c2l(data,l); X( 4)=l; 262 BODY_00_15( 2,E,T,A,B,C,D,X( 2)); (void)HOST_c2l(data,l); X( 4)=l;
263 BODY_00_15( 3,D,E,T,A,B,C,X( 3)); HOST_c2l(data,l); X( 5)=l; 263 BODY_00_15( 3,D,E,T,A,B,C,X( 3)); (void)HOST_c2l(data,l); X( 5)=l;
264 BODY_00_15( 4,C,D,E,T,A,B,X( 4)); HOST_c2l(data,l); X( 6)=l; 264 BODY_00_15( 4,C,D,E,T,A,B,X( 4)); (void)HOST_c2l(data,l); X( 6)=l;
265 BODY_00_15( 5,B,C,D,E,T,A,X( 5)); HOST_c2l(data,l); X( 7)=l; 265 BODY_00_15( 5,B,C,D,E,T,A,X( 5)); (void)HOST_c2l(data,l); X( 7)=l;
266 BODY_00_15( 6,A,B,C,D,E,T,X( 6)); HOST_c2l(data,l); X( 8)=l; 266 BODY_00_15( 6,A,B,C,D,E,T,X( 6)); (void)HOST_c2l(data,l); X( 8)=l;
267 BODY_00_15( 7,T,A,B,C,D,E,X( 7)); HOST_c2l(data,l); X( 9)=l; 267 BODY_00_15( 7,T,A,B,C,D,E,X( 7)); (void)HOST_c2l(data,l); X( 9)=l;
268 BODY_00_15( 8,E,T,A,B,C,D,X( 8)); HOST_c2l(data,l); X(10)=l; 268 BODY_00_15( 8,E,T,A,B,C,D,X( 8)); (void)HOST_c2l(data,l); X(10)=l;
269 BODY_00_15( 9,D,E,T,A,B,C,X( 9)); HOST_c2l(data,l); X(11)=l; 269 BODY_00_15( 9,D,E,T,A,B,C,X( 9)); (void)HOST_c2l(data,l); X(11)=l;
270 BODY_00_15(10,C,D,E,T,A,B,X(10)); HOST_c2l(data,l); X(12)=l; 270 BODY_00_15(10,C,D,E,T,A,B,X(10)); (void)HOST_c2l(data,l); X(12)=l;
271 BODY_00_15(11,B,C,D,E,T,A,X(11)); HOST_c2l(data,l); X(13)=l; 271 BODY_00_15(11,B,C,D,E,T,A,X(11)); (void)HOST_c2l(data,l); X(13)=l;
272 BODY_00_15(12,A,B,C,D,E,T,X(12)); HOST_c2l(data,l); X(14)=l; 272 BODY_00_15(12,A,B,C,D,E,T,X(12)); (void)HOST_c2l(data,l); X(14)=l;
273 BODY_00_15(13,T,A,B,C,D,E,X(13)); HOST_c2l(data,l); X(15)=l; 273 BODY_00_15(13,T,A,B,C,D,E,X(13)); (void)HOST_c2l(data,l); X(15)=l;
274 BODY_00_15(14,E,T,A,B,C,D,X(14)); 274 BODY_00_15(14,E,T,A,B,C,D,X(14));
275 BODY_00_15(15,D,E,T,A,B,C,X(15)); 275 BODY_00_15(15,D,E,T,A,B,C,X(15));
276 } 276 }
277 277
278 BODY_16_19(16,C,D,E,T,A,B,X( 0),X( 0),X( 2),X( 8),X(13)); 278 BODY_16_19(16,C,D,E,T,A,B,X( 0),X( 0),X( 2),X( 8),X(13));
279 BODY_16_19(17,B,C,D,E,T,A,X( 1),X( 1),X( 3),X( 9),X(14)); 279 BODY_16_19(17,B,C,D,E,T,A,X( 1),X( 1),X( 3),X( 9),X(14));
280 BODY_16_19(18,A,B,C,D,E,T,X( 2),X( 2),X( 4),X(10),X(15)); 280 BODY_16_19(18,A,B,C,D,E,T,X( 2),X( 2),X( 4),X(10),X(15));
281 BODY_16_19(19,T,A,B,C,D,E,X( 3),X( 3),X( 5),X(11),X( 0)); 281 BODY_16_19(19,T,A,B,C,D,E,X( 3),X( 3),X( 5),X(11),X( 0));
282 282
283 BODY_20_31(20,E,T,A,B,C,D,X( 4),X( 4),X( 6),X(12),X( 1)); 283 BODY_20_31(20,E,T,A,B,C,D,X( 4),X( 4),X( 6),X(12),X( 1));
284 BODY_20_31(21,D,E,T,A,B,C,X( 5),X( 5),X( 7),X(13),X( 2)); 284 BODY_20_31(21,D,E,T,A,B,C,X( 5),X( 5),X( 7),X(13),X( 2));
285 BODY_20_31(22,C,D,E,T,A,B,X( 6),X( 6),X( 8),X(14),X( 3)); 285 BODY_20_31(22,C,D,E,T,A,B,X( 6),X( 6),X( 8),X(14),X( 3));
286 BODY_20_31(23,B,C,D,E,T,A,X( 7),X( 7),X( 9),X(15),X( 4)); 286 BODY_20_31(23,B,C,D,E,T,A,X( 7),X( 7),X( 9),X(15),X( 4));
cvs diff -r1.4 -r1.5 src/crypto/external/bsd/openssl/dist/crypto/ui/ui_openssl.c (expand / switch to unified diff)

--- src/crypto/external/bsd/openssl/dist/crypto/ui/ui_openssl.c 2012/07/26 19:58:39 1.4
+++ src/crypto/external/bsd/openssl/dist/crypto/ui/ui_openssl.c 2013/02/05 21:31:26 1.5
@@ -112,29 +112,35 @@ @@ -112,29 +112,35 @@
112 * derivative of this code cannot be changed. i.e. this code cannot simply be 112 * derivative of this code cannot be changed. i.e. this code cannot simply be
113 * copied and put under another distribution licence 113 * copied and put under another distribution licence
114 * [including the GNU Public Licence.] 114 * [including the GNU Public Licence.]
115 */ 115 */
116 116
117 117
118#include <openssl/e_os2.h> 118#include <openssl/e_os2.h>
119 119
120/* need for #define _POSIX_C_SOURCE arises whenever you pass -ansi to gcc 120/* need for #define _POSIX_C_SOURCE arises whenever you pass -ansi to gcc
121 * [maybe others?], because it masks interfaces not discussed in standard, 121 * [maybe others?], because it masks interfaces not discussed in standard,
122 * sigaction and fileno included. -pedantic would be more appropriate for 122 * sigaction and fileno included. -pedantic would be more appropriate for
123 * the intended purposes, but we can't prevent users from adding -ansi. 123 * the intended purposes, but we can't prevent users from adding -ansi.
124 */ 124 */
 125#if defined(OPENSSL_SYSNAME_VXWORKS)
 126#include <sys/types.h>
 127#endif
 128
125#if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS) 129#if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS)
 130#ifndef _POSIX_C_SOURCE
126#define _POSIX_C_SOURCE 2 131#define _POSIX_C_SOURCE 2
127#endif 132#endif
 133#endif
128#include <signal.h> 134#include <signal.h>
129#include <stdio.h> 135#include <stdio.h>
130#include <string.h> 136#include <string.h>
131#include <errno.h> 137#include <errno.h>
132 138
133#if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS) 139#if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS)
134# include <unistd.h> 140# include <unistd.h>
135/* If unistd.h defines _POSIX_VERSION, we conclude that we 141/* If unistd.h defines _POSIX_VERSION, we conclude that we
136 * are on a POSIX system and have sigaction and termios. */ 142 * are on a POSIX system and have sigaction and termios. */
137# if defined(_POSIX_VERSION) 143# if defined(_POSIX_VERSION)
138 144
139# define SIGACTION 145# define SIGACTION
140# if !defined(TERMIOS) && !defined(TERMIO) && !defined(SGTTY) 146# if !defined(TERMIOS) && !defined(TERMIO) && !defined(SGTTY)
cvs diff -r1.3 -r1.4 src/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c (expand / switch to unified diff)

--- src/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c 2012/07/26 19:58:39 1.3
+++ src/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c 2013/02/05 21:31:26 1.4
@@ -862,38 +862,38 @@ static int get_crl_sk(X509_STORE_CTX *ct @@ -862,38 +862,38 @@ static int get_crl_sk(X509_STORE_CTX *ct
862 return 1; 862 return 1;
863 863
864 return 0; 864 return 0;
865 } 865 }
866 866
867/* Compare two CRL extensions for delta checking purposes. They should be 867/* Compare two CRL extensions for delta checking purposes. They should be
868 * both present or both absent. If both present all fields must be identical. 868 * both present or both absent. If both present all fields must be identical.
869 */ 869 */
870 870
871static int crl_extension_match(X509_CRL *a, X509_CRL *b, int nid) 871static int crl_extension_match(X509_CRL *a, X509_CRL *b, int nid)
872 { 872 {
873 ASN1_OCTET_STRING *exta, *extb; 873 ASN1_OCTET_STRING *exta, *extb;
874 int i; 874 int i;
875 i = X509_CRL_get_ext_by_NID(a, nid, 0); 875 i = X509_CRL_get_ext_by_NID(a, nid, -1);
876 if (i >= 0) 876 if (i >= 0)
877 { 877 {
878 /* Can't have multiple occurrences */ 878 /* Can't have multiple occurrences */
879 if (X509_CRL_get_ext_by_NID(a, nid, i) != -1) 879 if (X509_CRL_get_ext_by_NID(a, nid, i) != -1)
880 return 0; 880 return 0;
881 exta = X509_EXTENSION_get_data(X509_CRL_get_ext(a, i)); 881 exta = X509_EXTENSION_get_data(X509_CRL_get_ext(a, i));
882 } 882 }
883 else 883 else
884 exta = NULL; 884 exta = NULL;
885 885
886 i = X509_CRL_get_ext_by_NID(b, nid, 0); 886 i = X509_CRL_get_ext_by_NID(b, nid, -1);
887 887
888 if (i >= 0) 888 if (i >= 0)
889 { 889 {
890 890
891 if (X509_CRL_get_ext_by_NID(b, nid, i) != -1) 891 if (X509_CRL_get_ext_by_NID(b, nid, i) != -1)
892 return 0; 892 return 0;
893 extb = X509_EXTENSION_get_data(X509_CRL_get_ext(b, i)); 893 extb = X509_EXTENSION_get_data(X509_CRL_get_ext(b, i));
894 } 894 }
895 else 895 else
896 extb = NULL; 896 extb = NULL;
897 897
898 if (!exta && !extb) 898 if (!exta && !extb)
899 return 1; 899 return 1;
cvs diff -r1.2 -r1.3 src/crypto/external/bsd/openssl/dist/engines/ccgost/Attic/gost_eng.c (expand / switch to unified diff)

--- src/crypto/external/bsd/openssl/dist/engines/ccgost/Attic/gost_eng.c 2013/02/04 01:44:47 1.2
+++ src/crypto/external/bsd/openssl/dist/engines/ccgost/Attic/gost_eng.c 2013/02/05 21:31:26 1.3
@@ -68,26 +68,31 @@ static int gost_engine_destroy(ENGINE *e @@ -68,26 +68,31 @@ static int gost_engine_destroy(ENGINE *e
68 pmeth_GostR3410_94 = NULL; 68 pmeth_GostR3410_94 = NULL;
69 pmeth_GostR3410_2001 = NULL; 69 pmeth_GostR3410_2001 = NULL;
70 pmeth_Gost28147_MAC = NULL; 70 pmeth_Gost28147_MAC = NULL;
71 ameth_GostR3410_94 = NULL; 71 ameth_GostR3410_94 = NULL;
72 ameth_GostR3410_2001 = NULL; 72 ameth_GostR3410_2001 = NULL;
73 ameth_Gost28147_MAC = NULL; 73 ameth_Gost28147_MAC = NULL;
74 return 1; 74 return 1;
75 } 75 }
76 76
77static int bind_gost (ENGINE *e,const char *id)  77static int bind_gost (ENGINE *e,const char *id)
78 { 78 {
79 int ret = 0; 79 int ret = 0;
80 if (id && strcmp(id, engine_gost_id)) return 0; 80 if (id && strcmp(id, engine_gost_id)) return 0;
 81 if (ameth_GostR3410_94)
 82 {
 83 printf("GOST engine already loaded\n");
 84 goto end;
 85 }
81 86
82 if (!ENGINE_set_id(e, engine_gost_id))  87 if (!ENGINE_set_id(e, engine_gost_id))
83 { 88 {
84 printf("ENGINE_set_id failed\n");  89 printf("ENGINE_set_id failed\n");
85 goto end; 90 goto end;
86 }  91 }
87 if (!ENGINE_set_name(e, engine_gost_name))  92 if (!ENGINE_set_name(e, engine_gost_name))
88 { 93 {
89 printf("ENGINE_set_name failed\n"); 94 printf("ENGINE_set_name failed\n");
90 goto end; 95 goto end;
91 }  96 }
92 if (!ENGINE_set_digests(e, gost_digests))  97 if (!ENGINE_set_digests(e, gost_digests))
93 { 98 {
cvs diff -r1.2 -r1.3 src/crypto/external/bsd/openssl/dist/ssl/Attic/d1_enc.c (expand / switch to unified diff)

--- src/crypto/external/bsd/openssl/dist/ssl/Attic/d1_enc.c 2012/05/11 18:07:33 1.2
+++ src/crypto/external/bsd/openssl/dist/ssl/Attic/d1_enc.c 2013/02/05 21:31:26 1.3
@@ -116,67 +116,74 @@ @@ -116,67 +116,74 @@
116#include <stdio.h> 116#include <stdio.h>
117#include "ssl_locl.h" 117#include "ssl_locl.h"
118#ifndef OPENSSL_NO_COMP 118#ifndef OPENSSL_NO_COMP
119#include <openssl/comp.h> 119#include <openssl/comp.h>
120#endif 120#endif
121#include <openssl/evp.h> 121#include <openssl/evp.h>
122#include <openssl/hmac.h> 122#include <openssl/hmac.h>
123#include <openssl/md5.h> 123#include <openssl/md5.h>
124#include <openssl/rand.h> 124#include <openssl/rand.h>
125#ifdef KSSL_DEBUG 125#ifdef KSSL_DEBUG
126#include <openssl/des.h> 126#include <openssl/des.h>
127#endif 127#endif
128 128
 129/* dtls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
 130 *
 131 * Returns:
 132 * 0: (in non-constant time) if the record is publically invalid (i.e. too
 133 * short etc).
 134 * 1: if the record's padding is valid / the encryption was successful.
 135 * -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
 136 * an internal error occured. */
129int dtls1_enc(SSL *s, int send) 137int dtls1_enc(SSL *s, int send)
130 { 138 {
131 SSL3_RECORD *rec; 139 SSL3_RECORD *rec;
132 EVP_CIPHER_CTX *ds; 140 EVP_CIPHER_CTX *ds;
133 unsigned long l; 141 unsigned long l;
134 int bs,i,ii,j,k,n=0; 142 int bs,i,j,k,mac_size=0;
135 const EVP_CIPHER *enc; 143 const EVP_CIPHER *enc;
136 144
137 if (send) 145 if (send)
138 { 146 {
139 if (EVP_MD_CTX_md(s->write_hash)) 147 if (EVP_MD_CTX_md(s->write_hash))
140 { 148 {
141 n=EVP_MD_CTX_size(s->write_hash); 149 mac_size=EVP_MD_CTX_size(s->write_hash);
142 if (n < 0) 150 if (mac_size < 0)
143 return -1; 151 return -1;
144 } 152 }
145 ds=s->enc_write_ctx; 153 ds=s->enc_write_ctx;
146 rec= &(s->s3->wrec); 154 rec= &(s->s3->wrec);
147 if (s->enc_write_ctx == NULL) 155 if (s->enc_write_ctx == NULL)
148 enc=NULL; 156 enc=NULL;
149 else 157 else
150 { 158 {
151 enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx); 159 enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
152 if ( rec->data != rec->input) 160 if ( rec->data != rec->input)
153 /* we can't write into the input stream */ 161 /* we can't write into the input stream */
154 fprintf(stderr, "%s:%d: rec->data != rec->input\n", 162 fprintf(stderr, "%s:%d: rec->data != rec->input\n",
155 __FILE__, __LINE__); 163 __FILE__, __LINE__);
156 else if ( EVP_CIPHER_block_size(ds->cipher) > 1) 164 else if ( EVP_CIPHER_block_size(ds->cipher) > 1)
157 { 165 {
158 if (RAND_bytes(rec->input, EVP_CIPHER_block_size(ds->cipher)) <= 0) 166 if (RAND_bytes(rec->input, EVP_CIPHER_block_size(ds->cipher)) <= 0)
159 return -1; 167 return -1;
160 } 168 }
161 } 169 }
162 } 170 }
163 else 171 else
164 { 172 {
165 if (EVP_MD_CTX_md(s->read_hash)) 173 if (EVP_MD_CTX_md(s->read_hash))
166 { 174 {
167 n=EVP_MD_CTX_size(s->read_hash); 175 mac_size=EVP_MD_CTX_size(s->read_hash);
168 if (n < 0) 176 OPENSSL_assert(mac_size >= 0);
169 return -1; 
170 } 177 }
171 ds=s->enc_read_ctx; 178 ds=s->enc_read_ctx;
172 rec= &(s->s3->rrec); 179 rec= &(s->s3->rrec);
173 if (s->enc_read_ctx == NULL) 180 if (s->enc_read_ctx == NULL)
174 enc=NULL; 181 enc=NULL;
175 else 182 else
176 enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx); 183 enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
177 } 184 }
178 185
179#ifdef KSSL_DEBUG 186#ifdef KSSL_DEBUG
180 printf("dtls1_enc(%d)\n", send); 187 printf("dtls1_enc(%d)\n", send);
181#endif /* KSSL_DEBUG */ 188#endif /* KSSL_DEBUG */
182 189
@@ -221,69 +228,33 @@ int dtls1_enc(SSL *s, int send) @@ -221,69 +228,33 @@ int dtls1_enc(SSL *s, int send)
221 ds->cipher->iv_len); 228 ds->cipher->iv_len);
222 printf("\t\tIV: "); 229 printf("\t\tIV: ");
223 for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]); 230 for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]);
224 printf("\n"); 231 printf("\n");
225 printf("\trec->input="); 232 printf("\trec->input=");
226 for (ui=0; ui<l; ui++) printf(" %02x", rec->input[ui]); 233 for (ui=0; ui<l; ui++) printf(" %02x", rec->input[ui]);
227 printf("\n"); 234 printf("\n");
228 } 235 }
229#endif /* KSSL_DEBUG */ 236#endif /* KSSL_DEBUG */
230 237
231 if (!send) 238 if (!send)
232 { 239 {
233 if (l == 0 || l%bs != 0) 240 if (l == 0 || l%bs != 0)
234 return -1; 241 return 0;
235 } 242 }
236  243
237 EVP_Cipher(ds,rec->data,rec->input,l); 244 EVP_Cipher(ds,rec->data,rec->input,l);
238 245
239#ifdef KSSL_DEBUG 246#ifdef KSSL_DEBUG
240 { 247 {
241 unsigned long i; 248 unsigned long i;
242 printf("\trec->data="); 249 printf("\trec->data=");
243 for (i=0; i<l; i++) 250 for (i=0; i<l; i++)
244 printf(" %02x", rec->data[i]); printf("\n"); 251 printf(" %02x", rec->data[i]); printf("\n");
245 } 252 }
246#endif /* KSSL_DEBUG */ 253#endif /* KSSL_DEBUG */
247 254
248 if ((bs != 1) && !send) 255 if ((bs != 1) && !send)
249 { 256 return tls1_cbc_remove_padding(s, rec, bs, mac_size);
250 ii=i=rec->data[l-1]; /* padding_length */ 
251 i++; 
252 if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG) 
253 { 
254 /* First packet is even in size, so check */ 
255 if ((memcmp(s->s3->read_sequence, 
256 "\0\0\0\0\0\0\0\0",8) == 0) && !(ii & 1)) 
257 s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG; 
258 if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) 
259 i--; 
260 } 
261 /* TLS 1.0 does not bound the number of padding bytes by the block size. 
262 * All of them must have value 'padding_length'. */ 
263 if (i + bs > (int)rec->length) 
264 { 
265 /* Incorrect padding. SSLerr() and ssl3_alert are done 
266 * by caller: we don't want to reveal whether this is 
267 * a decryption error or a MAC verification failure 
268 * (see http://www.openssl.org/~bodo/tls-cbc.txt)  
269 */ 
270 return -1; 
271 } 
272 for (j=(int)(l-i); j<(int)l; j++) 
273 { 
274 if (rec->data[j] != ii) 
275 { 
276 /* Incorrect padding */ 
277 return -1; 
278 } 
279 } 
280 rec->length-=i; 
281 
282 rec->data += bs; /* skip the implicit IV */ 
283 rec->input += bs; 
284 rec->length -= bs; 
285 } 
286 } 257 }
287 return(1); 258 return(1);
288 } 259 }
289 260
cvs diff -r1.4 -r1.5 src/crypto/external/bsd/openssl/dist/ssl/Attic/d1_pkt.c (expand / switch to unified diff)

--- src/crypto/external/bsd/openssl/dist/ssl/Attic/d1_pkt.c 2012/07/26 19:58:39 1.4
+++ src/crypto/external/bsd/openssl/dist/ssl/Attic/d1_pkt.c 2013/02/05 21:31:26 1.5
@@ -366,35 +366,31 @@ dtls1_get_buffered_record(SSL *s) @@ -366,35 +366,31 @@ dtls1_get_buffered_record(SSL *s)
366 /* s->d1->next_expected_seq_num++; */ 366 /* s->d1->next_expected_seq_num++; */
367 return(1); 367 return(1);
368 } 368 }
369  369
370 return 0; 370 return 0;
371 } 371 }
372 372
373#endif 373#endif
374 374
375static int 375static int
376dtls1_process_record(SSL *s) 376dtls1_process_record(SSL *s)
377{ 377{
378 int i,al; 378 int i,al;
379 int clear=0; 
380 int enc_err; 379 int enc_err;
381 SSL_SESSION *sess; 380 SSL_SESSION *sess;
382 SSL3_RECORD *rr; 381 SSL3_RECORD *rr;
383 unsigned int mac_size; 382 unsigned int mac_size, orig_len;
384 unsigned char md[EVP_MAX_MD_SIZE]; 383 unsigned char md[EVP_MAX_MD_SIZE];
385 int decryption_failed_or_bad_record_mac = 0; 
386 unsigned char *mac = NULL; 
387 
388 384
389 rr= &(s->s3->rrec); 385 rr= &(s->s3->rrec);
390 sess = s->session; 386 sess = s->session;
391 387
392 /* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length, 388 /* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
393 * and we have that many bytes in s->packet 389 * and we have that many bytes in s->packet
394 */ 390 */
395 rr->input= &(s->packet[DTLS1_RT_HEADER_LENGTH]); 391 rr->input= &(s->packet[DTLS1_RT_HEADER_LENGTH]);
396 392
397 /* ok, we can now read from 's->packet' data into 'rr' 393 /* ok, we can now read from 's->packet' data into 'rr'
398 * rr->input points at rr->length bytes, which 394 * rr->input points at rr->length bytes, which
399 * need to be copied into rr->data by either 395 * need to be copied into rr->data by either
400 * the decryption or by the decompression 396 * the decryption or by the decompression
@@ -404,82 +400,101 @@ dtls1_process_record(SSL *s) @@ -404,82 +400,101 @@ dtls1_process_record(SSL *s)
404 /* We now have - encrypted [ MAC [ compressed [ plain ] ] ] 400 /* We now have - encrypted [ MAC [ compressed [ plain ] ] ]
405 * rr->length bytes of encrypted compressed stuff. */ 401 * rr->length bytes of encrypted compressed stuff. */
406 402
407 /* check is not needed I believe */ 403 /* check is not needed I believe */
408 if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) 404 if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH)
409 { 405 {
410 al=SSL_AD_RECORD_OVERFLOW; 406 al=SSL_AD_RECORD_OVERFLOW;
411 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG); 407 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
412 goto f_err; 408 goto f_err;
413 } 409 }
414 410
415 /* decrypt in place in 'rr->input' */ 411 /* decrypt in place in 'rr->input' */
416 rr->data=rr->input; 412 rr->data=rr->input;
 413 orig_len=rr->length;
417 414
418 enc_err = s->method->ssl3_enc->enc(s,0); 415 enc_err = s->method->ssl3_enc->enc(s,0);
419 if (enc_err <= 0) 416 /* enc_err is:
 417 * 0: (in non-constant time) if the record is publically invalid.
 418 * 1: if the padding is valid
 419 * -1: if the padding is invalid */
 420 if (enc_err == 0)
420 { 421 {
421 /* To minimize information leaked via timing, we will always 422 /* For DTLS we simply ignore bad packets. */
422 * perform all computations before discarding the message. 423 rr->length = 0;
423 */ 424 s->packet_length = 0;
424 decryption_failed_or_bad_record_mac = 1; 425 goto err;
425 } 426 }
426 427
427#ifdef TLS_DEBUG 428#ifdef TLS_DEBUG
428printf("dec %d\n",rr->length); 429printf("dec %d\n",rr->length);
429{ unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); } 430{ unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); }
430printf("\n"); 431printf("\n");
431#endif 432#endif
432 433
433 /* r->length is now the compressed data plus mac */ 434 /* r->length is now the compressed data plus mac */
434 if ( (sess == NULL) || 435 if ((sess != NULL) &&
435 (s->enc_read_ctx == NULL) || 436 (s->enc_read_ctx != NULL) &&
436 (s->read_hash == NULL)) 437 (EVP_MD_CTX_md(s->read_hash) != NULL))
437 clear=1; 438 {
438 439 /* s->read_hash != NULL => mac_size != -1 */
439 if (!clear) 440 unsigned char *mac = NULL;
440 { 441 unsigned char mac_tmp[EVP_MAX_MD_SIZE];
441 /* !clear => s->read_hash != NULL => mac_size != -1 */ 442 mac_size=EVP_MD_CTX_size(s->read_hash);
442 int t; 443 OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
443 t=EVP_MD_CTX_size(s->read_hash); 444
444 OPENSSL_assert(t >= 0); 445 /* orig_len is the length of the record before any padding was
445 mac_size=t; 446 * removed. This is public information, as is the MAC in use,
446 447 * therefore we can safely process the record in a different
447 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+mac_size) 448 * amount of time if it's too short to possibly contain a MAC.
 449 */
 450 if (orig_len < mac_size ||
 451 /* CBC records must have a padding length byte too. */
 452 (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
 453 orig_len < mac_size+1))
448 { 454 {
449#if 0 /* OK only for stream ciphers (then rr->length is visible from ciphertext anyway) */ 455 al=SSL_AD_DECODE_ERROR;
450 al=SSL_AD_RECORD_OVERFLOW; 456 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT);
451 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG); 
452 goto f_err; 457 goto f_err;
453#else 
454 decryption_failed_or_bad_record_mac = 1; 
455#endif  
456 } 458 }
457 /* check the MAC for rr->input (it's in mac_size bytes at the tail) */ 459
458 if (rr->length >= mac_size) 460 if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE)
459 { 461 {
 462 /* We update the length so that the TLS header bytes
 463 * can be constructed correctly but we need to extract
 464 * the MAC in constant time from within the record,
 465 * without leaking the contents of the padding bytes.
 466 * */
 467 mac = mac_tmp;
 468 ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len);
460 rr->length -= mac_size; 469 rr->length -= mac_size;
461 mac = &rr->data[rr->length]; 
462 } 470 }
463 else 471 else
464 rr->length = 0; 
465 i=s->method->ssl3_enc->mac(s,md,0); 
466 if (i < 0 || mac == NULL || memcmp(md, mac, mac_size) != 0) 
467 { 472 {
468 decryption_failed_or_bad_record_mac = 1; 473 /* In this case there's no padding, so |orig_len|
 474 * equals |rec->length| and we checked that there's
 475 * enough bytes for |mac_size| above. */
 476 rr->length -= mac_size;
 477 mac = &rr->data[rr->length];
469 } 478 }
 479
 480 i=s->method->ssl3_enc->mac(s,md,0 /* not send */);
 481 if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0)
 482 enc_err = -1;
 483 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+mac_size)
 484 enc_err = -1;
470 } 485 }
471 486
472 if (decryption_failed_or_bad_record_mac) 487 if (enc_err < 0)
473 { 488 {
474 /* decryption failed, silently discard message */ 489 /* decryption failed, silently discard message */
475 rr->length = 0; 490 rr->length = 0;
476 s->packet_length = 0; 491 s->packet_length = 0;
477 goto err; 492 goto err;
478 } 493 }
479 494
480 /* r->length is now just compressed */ 495 /* r->length is now just compressed */
481 if (s->expand != NULL) 496 if (s->expand != NULL)
482 { 497 {
483 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH) 498 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH)
484 { 499 {
485 al=SSL_AD_RECORD_OVERFLOW; 500 al=SSL_AD_RECORD_OVERFLOW;
cvs diff -r1.4 -r1.5 src/crypto/external/bsd/openssl/dist/ssl/s3_enc.c (expand / switch to unified diff)

--- src/crypto/external/bsd/openssl/dist/ssl/s3_enc.c 2012/01/05 17:32:02 1.4
+++ src/crypto/external/bsd/openssl/dist/ssl/s3_enc.c 2013/02/05 21:31:26 1.5
@@ -456,32 +456,41 @@ err: @@ -456,32 +456,41 @@ err:
456 456
457void ssl3_cleanup_key_block(SSL *s) 457void ssl3_cleanup_key_block(SSL *s)
458 { 458 {
459 if (s->s3->tmp.key_block != NULL) 459 if (s->s3->tmp.key_block != NULL)
460 { 460 {
461 OPENSSL_cleanse(s->s3->tmp.key_block, 461 OPENSSL_cleanse(s->s3->tmp.key_block,
462 s->s3->tmp.key_block_length); 462 s->s3->tmp.key_block_length);
463 OPENSSL_free(s->s3->tmp.key_block); 463 OPENSSL_free(s->s3->tmp.key_block);
464 s->s3->tmp.key_block=NULL; 464 s->s3->tmp.key_block=NULL;
465 } 465 }
466 s->s3->tmp.key_block_length=0; 466 s->s3->tmp.key_block_length=0;
467 } 467 }
468 468
 469/* ssl3_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
 470 *
 471 * Returns:
 472 * 0: (in non-constant time) if the record is publically invalid (i.e. too
 473 * short etc).
 474 * 1: if the record's padding is valid / the encryption was successful.
 475 * -1: if the record's padding is invalid or, if sending, an internal error
 476 * occured.
 477 */
469int ssl3_enc(SSL *s, int send) 478int ssl3_enc(SSL *s, int send)
470 { 479 {
471 SSL3_RECORD *rec; 480 SSL3_RECORD *rec;
472 EVP_CIPHER_CTX *ds; 481 EVP_CIPHER_CTX *ds;
473 unsigned long l; 482 unsigned long l;
474 int bs,i; 483 int bs,i,mac_size=0;
475 const EVP_CIPHER *enc; 484 const EVP_CIPHER *enc;
476 485
477 if (send) 486 if (send)
478 { 487 {
479 ds=s->enc_write_ctx; 488 ds=s->enc_write_ctx;
480 rec= &(s->s3->wrec); 489 rec= &(s->s3->wrec);
481 if (s->enc_write_ctx == NULL) 490 if (s->enc_write_ctx == NULL)
482 enc=NULL; 491 enc=NULL;
483 else 492 else
484 enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx); 493 enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
485 } 494 }
486 else 495 else
487 { 496 {
@@ -512,52 +521,36 @@ int ssl3_enc(SSL *s, int send) @@ -512,52 +521,36 @@ int ssl3_enc(SSL *s, int send)
512 521
513 /* we need to add 'i-1' padding bytes */ 522 /* we need to add 'i-1' padding bytes */
514 l+=i; 523 l+=i;
515 /* the last of these zero bytes will be overwritten 524 /* the last of these zero bytes will be overwritten
516 * with the padding length. */ 525 * with the padding length. */
517 memset(&rec->input[rec->length], 0, i); 526 memset(&rec->input[rec->length], 0, i);
518 rec->length+=i; 527 rec->length+=i;
519 rec->input[l-1]=(i-1); 528 rec->input[l-1]=(i-1);
520 } 529 }
521  530
522 if (!send) 531 if (!send)
523 { 532 {
524 if (l == 0 || l%bs != 0) 533 if (l == 0 || l%bs != 0)
525 { 
526 SSLerr(SSL_F_SSL3_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); 
527 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED); 
528 return 0; 534 return 0;
529 } 
530 /* otherwise, rec->length >= bs */ 535 /* otherwise, rec->length >= bs */
531 } 536 }
532  537
533 EVP_Cipher(ds,rec->data,rec->input,l); 538 EVP_Cipher(ds,rec->data,rec->input,l);
534 539
 540 if (EVP_MD_CTX_md(s->read_hash) != NULL)
 541 mac_size = EVP_MD_CTX_size(s->read_hash);
535 if ((bs != 1) && !send) 542 if ((bs != 1) && !send)
536 { 543 return ssl3_cbc_remove_padding(s, rec, bs, mac_size);
537 i=rec->data[l-1]+1; 
538 /* SSL 3.0 bounds the number of padding bytes by the block size; 
539 * padding bytes (except the last one) are arbitrary */ 
540 if (i > bs) 
541 { 
542 /* Incorrect padding. SSLerr() and ssl3_alert are done 
543 * by caller: we don't want to reveal whether this is 
544 * a decryption error or a MAC verification failure 
545 * (see http://www.openssl.org/~bodo/tls-cbc.txt) */ 
546 return -1; 
547 } 
548 /* now i <= bs <= rec->length */ 
549 rec->length-=i; 
550 } 
551 } 544 }
552 return(1); 545 return(1);
553 } 546 }
554 547
555void ssl3_init_finished_mac(SSL *s) 548void ssl3_init_finished_mac(SSL *s)
556 { 549 {
557 if (s->s3->handshake_buffer) BIO_free(s->s3->handshake_buffer); 550 if (s->s3->handshake_buffer) BIO_free(s->s3->handshake_buffer);
558 if (s->s3->handshake_dgst) ssl3_free_digest_list(s); 551 if (s->s3->handshake_dgst) ssl3_free_digest_list(s);
559 s->s3->handshake_buffer=BIO_new(BIO_s_mem());  552 s->s3->handshake_buffer=BIO_new(BIO_s_mem());
560 (void)BIO_set_close(s->s3->handshake_buffer,BIO_CLOSE); 553 (void)BIO_set_close(s->s3->handshake_buffer,BIO_CLOSE);
561 } 554 }
562 555
563void ssl3_free_digest_list(SSL *s)  556void ssl3_free_digest_list(SSL *s)
@@ -706,73 +699,117 @@ static int ssl3_handshake_mac(SSL *s, in @@ -706,73 +699,117 @@ static int ssl3_handshake_mac(SSL *s, in
706 699
707 EVP_MD_CTX_cleanup(&ctx); 700 EVP_MD_CTX_cleanup(&ctx);
708 701
709 return((int)ret); 702 return((int)ret);
710 } 703 }
711 704
712int n_ssl3_mac(SSL *ssl, unsigned char *md, int send) 705int n_ssl3_mac(SSL *ssl, unsigned char *md, int send)
713 { 706 {
714 SSL3_RECORD *rec; 707 SSL3_RECORD *rec;
715 unsigned char *mac_sec,*seq; 708 unsigned char *mac_sec,*seq;
716 EVP_MD_CTX md_ctx; 709 EVP_MD_CTX md_ctx;
717 const EVP_MD_CTX *hash; 710 const EVP_MD_CTX *hash;
718 unsigned char *p,rec_char; 711 unsigned char *p,rec_char;
719 unsigned int md_size; 712 size_t md_size, orig_len;
720 int npad; 713 int npad;
721 int t; 714 int t;
722 715
723 if (send) 716 if (send)
724 { 717 {
725 rec= &(ssl->s3->wrec); 718 rec= &(ssl->s3->wrec);
726 mac_sec= &(ssl->s3->write_mac_secret[0]); 719 mac_sec= &(ssl->s3->write_mac_secret[0]);
727 seq= &(ssl->s3->write_sequence[0]); 720 seq= &(ssl->s3->write_sequence[0]);
728 hash=ssl->write_hash; 721 hash=ssl->write_hash;
729 } 722 }
730 else 723 else
731 { 724 {
732 rec= &(ssl->s3->rrec); 725 rec= &(ssl->s3->rrec);
733 mac_sec= &(ssl->s3->read_mac_secret[0]); 726 mac_sec= &(ssl->s3->read_mac_secret[0]);
734 seq= &(ssl->s3->read_sequence[0]); 727 seq= &(ssl->s3->read_sequence[0]);
735 hash=ssl->read_hash; 728 hash=ssl->read_hash;
736 } 729 }
737 730
738 t=EVP_MD_CTX_size(hash); 731 t=EVP_MD_CTX_size(hash);
739 if (t < 0) 732 if (t < 0)
740 return -1; 733 return -1;
741 md_size=t; 734 md_size=t;
742 npad=(48/md_size)*md_size; 735 npad=(48/md_size)*md_size;
743 736
744 /* Chop the digest off the end :-) */ 737 /* kludge: ssl3_cbc_remove_padding passes padding length in rec->type */
745 EVP_MD_CTX_init(&md_ctx); 738 orig_len = rec->length+md_size+((unsigned int)rec->type>>8);
746 739 rec->type &= 0xff;
747 EVP_MD_CTX_copy_ex( &md_ctx,hash); 740
748 EVP_DigestUpdate(&md_ctx,mac_sec,md_size); 741 if (!send &&
749 EVP_DigestUpdate(&md_ctx,ssl3_pad_1,npad); 742 EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
750 EVP_DigestUpdate(&md_ctx,seq,8); 743 ssl3_cbc_record_digest_supported(hash))
751 rec_char=rec->type; 744 {
752 EVP_DigestUpdate(&md_ctx,&rec_char,1); 745 /* This is a CBC-encrypted record. We must avoid leaking any
753 p=md; 746 * timing-side channel information about how many blocks of
754 s2n(rec->length,p); 747 * data we are hashing because that gives an attacker a
755 EVP_DigestUpdate(&md_ctx,md,2); 748 * timing-oracle. */
756 EVP_DigestUpdate(&md_ctx,rec->input,rec->length); 749
757 EVP_DigestFinal_ex( &md_ctx,md,NULL); 750 /* npad is, at most, 48 bytes and that's with MD5:
758 751 * 16 + 48 + 8 (sequence bytes) + 1 + 2 = 75.
759 EVP_MD_CTX_copy_ex( &md_ctx,hash); 752 *
760 EVP_DigestUpdate(&md_ctx,mac_sec,md_size); 753 * With SHA-1 (the largest hash speced for SSLv3) the hash size
761 EVP_DigestUpdate(&md_ctx,ssl3_pad_2,npad); 754 * goes up 4, but npad goes down by 8, resulting in a smaller
762 EVP_DigestUpdate(&md_ctx,md,md_size); 755 * total size. */
763 EVP_DigestFinal_ex( &md_ctx,md,&md_size); 756 unsigned char header[75];
 757 unsigned j = 0;
 758 memcpy(header+j, mac_sec, md_size);
 759 j += md_size;
 760 memcpy(header+j, ssl3_pad_1, npad);
 761 j += npad;
 762 memcpy(header+j, seq, 8);
 763 j += 8;
 764 header[j++] = rec->type;
 765 header[j++] = rec->length >> 8;
 766 header[j++] = rec->length & 0xff;
 767
 768 ssl3_cbc_digest_record(
 769 hash,
 770 md, &md_size,
 771 header, rec->input,
 772 rec->length + md_size, orig_len,
 773 mac_sec, md_size,
 774 1 /* is SSLv3 */);
 775 }
 776 else
 777 {
 778 unsigned int md_size_u;
 779 /* Chop the digest off the end :-) */
 780 EVP_MD_CTX_init(&md_ctx);
 781
 782 EVP_MD_CTX_copy_ex( &md_ctx,hash);
 783 EVP_DigestUpdate(&md_ctx,mac_sec,md_size);
 784 EVP_DigestUpdate(&md_ctx,ssl3_pad_1,npad);
 785 EVP_DigestUpdate(&md_ctx,seq,8);
 786 rec_char=rec->type;
 787 EVP_DigestUpdate(&md_ctx,&rec_char,1);
 788 p=md;
 789 s2n(rec->length,p);
 790 EVP_DigestUpdate(&md_ctx,md,2);
 791 EVP_DigestUpdate(&md_ctx,rec->input,rec->length);
 792 EVP_DigestFinal_ex( &md_ctx,md,NULL);
 793
 794 EVP_MD_CTX_copy_ex( &md_ctx,hash);
 795 EVP_DigestUpdate(&md_ctx,mac_sec,md_size);
 796 EVP_DigestUpdate(&md_ctx,ssl3_pad_2,npad);
 797 EVP_DigestUpdate(&md_ctx,md,md_size);
 798 EVP_DigestFinal_ex( &md_ctx,md,&md_size_u);
 799 md_size = md_size_u;
764 800
765 EVP_MD_CTX_cleanup(&md_ctx); 801 EVP_MD_CTX_cleanup(&md_ctx);
 802 }
766 803
767 ssl3_record_sequence_update(seq); 804 ssl3_record_sequence_update(seq);
768 return(md_size); 805 return(md_size);
769 } 806 }
770 807
771void ssl3_record_sequence_update(unsigned char *seq) 808void ssl3_record_sequence_update(unsigned char *seq)
772 { 809 {
773 int i; 810 int i;
774 811
775 for (i=7; i>=0; i--) 812 for (i=7; i>=0; i--)
776 { 813 {
777 ++seq[i]; 814 ++seq[i];
778 if (seq[i] != 0) break;  815 if (seq[i] != 0) break;
cvs diff -r1.4 -r1.5 src/crypto/external/bsd/openssl/dist/ssl/Attic/ssltest.c (expand / switch to unified diff)

--- src/crypto/external/bsd/openssl/dist/ssl/Attic/ssltest.c 2012/07/26 19:58:39 1.4
+++ src/crypto/external/bsd/openssl/dist/ssl/Attic/ssltest.c 2013/02/05 21:31:27 1.5
@@ -533,28 +533,28 @@ int main(int argc, char *argv[]) @@ -533,28 +533,28 @@ int main(int argc, char *argv[])
533 /* client */ 533 /* client */
534 SRP_CLIENT_ARG srp_client_arg = {NULL,NULL}; 534 SRP_CLIENT_ARG srp_client_arg = {NULL,NULL};
535 /* server */ 535 /* server */
536 SRP_SERVER_ARG srp_server_arg = {NULL,NULL}; 536 SRP_SERVER_ARG srp_server_arg = {NULL,NULL};
537#endif 537#endif
538 int no_dhe = 0; 538 int no_dhe = 0;
539 int no_ecdhe = 0; 539 int no_ecdhe = 0;
540 int no_psk = 0; 540 int no_psk = 0;
541 int print_time = 0; 541 int print_time = 0;
542 clock_t s_time = 0, c_time = 0; 542 clock_t s_time = 0, c_time = 0;
543 int comp = 0; 543 int comp = 0;
544#ifndef OPENSSL_NO_COMP 544#ifndef OPENSSL_NO_COMP
545 COMP_METHOD *cm = NULL; 545 COMP_METHOD *cm = NULL;
546#endif 
547 STACK_OF(SSL_COMP) *ssl_comp_methods = NULL; 546 STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
 547#endif
548 int test_cipherlist = 0; 548 int test_cipherlist = 0;
549#ifdef OPENSSL_FIPS 549#ifdef OPENSSL_FIPS
550 int fips_mode=0; 550 int fips_mode=0;
551#endif 551#endif
552 552
553 verbose = 0; 553 verbose = 0;
554 debug = 0; 554 debug = 0;
555 cipher = 0; 555 cipher = 0;
556 556
557 bio_err=BIO_new_fp(stderr,BIO_NOCLOSE|BIO_FP_TEXT);  557 bio_err=BIO_new_fp(stderr,BIO_NOCLOSE|BIO_FP_TEXT);
558 558
559 CRYPTO_set_locking_callback(lock_dbg_cb); 559 CRYPTO_set_locking_callback(lock_dbg_cb);
560 560
cvs diff -r1.5 -r1.6 src/crypto/external/bsd/openssl/dist/ssl/Attic/s3_clnt.c (expand / switch to unified diff)

--- src/crypto/external/bsd/openssl/dist/ssl/Attic/s3_clnt.c 2012/07/26 19:58:39 1.5
+++ src/crypto/external/bsd/openssl/dist/ssl/Attic/s3_clnt.c 2013/02/05 21:31:26 1.6
@@ -449,27 +449,26 @@ int ssl3_connect(SSL *s) @@ -449,27 +449,26 @@ int ssl3_connect(SSL *s)
449 ret=ssl3_send_client_verify(s); 449 ret=ssl3_send_client_verify(s);
450 if (ret <= 0) goto end; 450 if (ret <= 0) goto end;
451 s->state=SSL3_ST_CW_CHANGE_A; 451 s->state=SSL3_ST_CW_CHANGE_A;
452 s->init_num=0; 452 s->init_num=0;
453 s->s3->change_cipher_spec=0; 453 s->s3->change_cipher_spec=0;
454 break; 454 break;
455 455
456 case SSL3_ST_CW_CHANGE_A: 456 case SSL3_ST_CW_CHANGE_A:
457 case SSL3_ST_CW_CHANGE_B: 457 case SSL3_ST_CW_CHANGE_B:
458 ret=ssl3_send_change_cipher_spec(s, 458 ret=ssl3_send_change_cipher_spec(s,
459 SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B); 459 SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);
460 if (ret <= 0) goto end; 460 if (ret <= 0) goto end;
461 461
462 
463#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG) 462#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
464 s->state=SSL3_ST_CW_FINISHED_A; 463 s->state=SSL3_ST_CW_FINISHED_A;
465#else 464#else
466 if (s->s3->next_proto_neg_seen) 465 if (s->s3->next_proto_neg_seen)
467 s->state=SSL3_ST_CW_NEXT_PROTO_A; 466 s->state=SSL3_ST_CW_NEXT_PROTO_A;
468 else 467 else
469 s->state=SSL3_ST_CW_FINISHED_A; 468 s->state=SSL3_ST_CW_FINISHED_A;
470#endif 469#endif
471 s->init_num=0; 470 s->init_num=0;
472 471
473 s->session->cipher=s->s3->tmp.new_cipher; 472 s->session->cipher=s->s3->tmp.new_cipher;
474#ifdef OPENSSL_NO_COMP 473#ifdef OPENSSL_NO_COMP
475 s->session->compress_meth=0; 474 s->session->compress_meth=0;
cvs diff -r1.5 -r1.6 src/crypto/external/bsd/openssl/dist/ssl/ssl_ciph.c (expand / switch to unified diff)

--- src/crypto/external/bsd/openssl/dist/ssl/ssl_ciph.c 2012/07/26 19:58:39 1.5
+++ src/crypto/external/bsd/openssl/dist/ssl/ssl_ciph.c 2013/02/05 21:31:27 1.6
@@ -302,26 +302,27 @@ static const SSL_CIPHER cipher_aliases[] @@ -302,26 +302,27 @@ static const SSL_CIPHER cipher_aliases[]
302 /* MAC aliases */  302 /* MAC aliases */
303 {0,SSL_TXT_MD5,0, 0,0,0,SSL_MD5, 0,0,0,0,0}, 303 {0,SSL_TXT_MD5,0, 0,0,0,SSL_MD5, 0,0,0,0,0},
304 {0,SSL_TXT_SHA1,0, 0,0,0,SSL_SHA1, 0,0,0,0,0}, 304 {0,SSL_TXT_SHA1,0, 0,0,0,SSL_SHA1, 0,0,0,0,0},
305 {0,SSL_TXT_SHA,0, 0,0,0,SSL_SHA1, 0,0,0,0,0}, 305 {0,SSL_TXT_SHA,0, 0,0,0,SSL_SHA1, 0,0,0,0,0},
306 {0,SSL_TXT_GOST94,0, 0,0,0,SSL_GOST94, 0,0,0,0,0}, 306 {0,SSL_TXT_GOST94,0, 0,0,0,SSL_GOST94, 0,0,0,0,0},
307 {0,SSL_TXT_GOST89MAC,0, 0,0,0,SSL_GOST89MAC, 0,0,0,0,0}, 307 {0,SSL_TXT_GOST89MAC,0, 0,0,0,SSL_GOST89MAC, 0,0,0,0,0},
308 {0,SSL_TXT_SHA256,0, 0,0,0,SSL_SHA256, 0,0,0,0,0}, 308 {0,SSL_TXT_SHA256,0, 0,0,0,SSL_SHA256, 0,0,0,0,0},
309 {0,SSL_TXT_SHA384,0, 0,0,0,SSL_SHA384, 0,0,0,0,0}, 309 {0,SSL_TXT_SHA384,0, 0,0,0,SSL_SHA384, 0,0,0,0,0},
310 310
311 /* protocol version aliases */ 311 /* protocol version aliases */
312 {0,SSL_TXT_SSLV2,0, 0,0,0,0,SSL_SSLV2, 0,0,0,0}, 312 {0,SSL_TXT_SSLV2,0, 0,0,0,0,SSL_SSLV2, 0,0,0,0},
313 {0,SSL_TXT_SSLV3,0, 0,0,0,0,SSL_SSLV3, 0,0,0,0}, 313 {0,SSL_TXT_SSLV3,0, 0,0,0,0,SSL_SSLV3, 0,0,0,0},
314 {0,SSL_TXT_TLSV1,0, 0,0,0,0,SSL_TLSV1, 0,0,0,0}, 314 {0,SSL_TXT_TLSV1,0, 0,0,0,0,SSL_TLSV1, 0,0,0,0},
 315 {0,SSL_TXT_TLSV1_2,0, 0,0,0,0,SSL_TLSV1_2, 0,0,0,0},
315 316
316 /* export flag */ 317 /* export flag */
317 {0,SSL_TXT_EXP,0, 0,0,0,0,0,SSL_EXPORT,0,0,0}, 318 {0,SSL_TXT_EXP,0, 0,0,0,0,0,SSL_EXPORT,0,0,0},
318 {0,SSL_TXT_EXPORT,0, 0,0,0,0,0,SSL_EXPORT,0,0,0}, 319 {0,SSL_TXT_EXPORT,0, 0,0,0,0,0,SSL_EXPORT,0,0,0},
319 320
320 /* strength classes */ 321 /* strength classes */
321 {0,SSL_TXT_EXP40,0, 0,0,0,0,0,SSL_EXP40, 0,0,0}, 322 {0,SSL_TXT_EXP40,0, 0,0,0,0,0,SSL_EXP40, 0,0,0},
322 {0,SSL_TXT_EXP56,0, 0,0,0,0,0,SSL_EXP56, 0,0,0}, 323 {0,SSL_TXT_EXP56,0, 0,0,0,0,0,SSL_EXP56, 0,0,0},
323 {0,SSL_TXT_LOW,0, 0,0,0,0,0,SSL_LOW, 0,0,0}, 324 {0,SSL_TXT_LOW,0, 0,0,0,0,0,SSL_LOW, 0,0,0},
324 {0,SSL_TXT_MEDIUM,0, 0,0,0,0,0,SSL_MEDIUM,0,0,0}, 325 {0,SSL_TXT_MEDIUM,0, 0,0,0,0,0,SSL_MEDIUM,0,0,0},
325 {0,SSL_TXT_HIGH,0, 0,0,0,0,0,SSL_HIGH, 0,0,0}, 326 {0,SSL_TXT_HIGH,0, 0,0,0,0,0,SSL_HIGH, 0,0,0},
326 /* FIPS 140-2 approved ciphersuite */ 327 /* FIPS 140-2 approved ciphersuite */
327 {0,SSL_TXT_FIPS,0, 0,0,~SSL_eNULL,0,0,SSL_FIPS, 0,0,0}, 328 {0,SSL_TXT_FIPS,0, 0,0,~SSL_eNULL,0,0,SSL_FIPS, 0,0,0},
@@ -1140,29 +1141,29 @@ static int ssl_cipher_process_rulestr(co @@ -1140,29 +1141,29 @@ static int ssl_cipher_process_rulestr(co
1140 alg_mac = 0; 1141 alg_mac = 0;
1141 alg_ssl = 0; 1142 alg_ssl = 0;
1142 algo_strength = 0; 1143 algo_strength = 0;
1143 1144
1144 for (;;) 1145 for (;;)
1145 { 1146 {
1146 ch = *l; 1147 ch = *l;
1147 buf = l; 1148 buf = l;
1148 buflen = 0; 1149 buflen = 0;
1149#ifndef CHARSET_EBCDIC 1150#ifndef CHARSET_EBCDIC
1150 while ( ((ch >= 'A') && (ch <= 'Z')) || 1151 while ( ((ch >= 'A') && (ch <= 'Z')) ||
1151 ((ch >= '0') && (ch <= '9')) || 1152 ((ch >= '0') && (ch <= '9')) ||
1152 ((ch >= 'a') && (ch <= 'z')) || 1153 ((ch >= 'a') && (ch <= 'z')) ||
1153 (ch == '-')) 1154 (ch == '-') || (ch == '.'))
1154#else 1155#else
1155 while ( isalnum(ch) || (ch == '-')) 1156 while ( isalnum(ch) || (ch == '-') || (ch == '.'))
1156#endif 1157#endif
1157 { 1158 {
1158 ch = *(++l); 1159 ch = *(++l);
1159 buflen++; 1160 buflen++;
1160 } 1161 }
1161 1162
1162 if (buflen == 0) 1163 if (buflen == 0)
1163 { 1164 {
1164 /* 1165 /*
1165 * We hit something we cannot deal with, 1166 * We hit something we cannot deal with,
1166 * it is no command or separator nor 1167 * it is no command or separator nor
1167 * alphanumeric, so we call this an error. 1168 * alphanumeric, so we call this an error.
1168 */ 1169 */
cvs diff -r1.5 -r1.6 src/crypto/external/bsd/openssl/dist/ssl/Attic/ssl_locl.h (expand / switch to unified diff)

--- src/crypto/external/bsd/openssl/dist/ssl/Attic/ssl_locl.h 2012/07/26 19:58:39 1.5
+++ src/crypto/external/bsd/openssl/dist/ssl/Attic/ssl_locl.h 2013/02/05 21:31:27 1.6
@@ -205,26 +205,35 @@ @@ -205,26 +205,35 @@
205 205
206#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \ 206#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \
207 *((c)++)=(unsigned char)(((l)>>16)&0xff), \ 207 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
208 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ 208 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
209 *((c)++)=(unsigned char)(((l) )&0xff)) 209 *((c)++)=(unsigned char)(((l) )&0xff))
210 210
211#define l2n6(l,c) (*((c)++)=(unsigned char)(((l)>>40)&0xff), \ 211#define l2n6(l,c) (*((c)++)=(unsigned char)(((l)>>40)&0xff), \
212 *((c)++)=(unsigned char)(((l)>>32)&0xff), \ 212 *((c)++)=(unsigned char)(((l)>>32)&0xff), \
213 *((c)++)=(unsigned char)(((l)>>24)&0xff), \ 213 *((c)++)=(unsigned char)(((l)>>24)&0xff), \
214 *((c)++)=(unsigned char)(((l)>>16)&0xff), \ 214 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
215 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ 215 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
216 *((c)++)=(unsigned char)(((l) )&0xff)) 216 *((c)++)=(unsigned char)(((l) )&0xff))
217 217
 218#define l2n8(l,c) (*((c)++)=(unsigned char)(((l)>>56)&0xff), \
 219 *((c)++)=(unsigned char)(((l)>>48)&0xff), \
 220 *((c)++)=(unsigned char)(((l)>>40)&0xff), \
 221 *((c)++)=(unsigned char)(((l)>>32)&0xff), \
 222 *((c)++)=(unsigned char)(((l)>>24)&0xff), \
 223 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
 224 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
 225 *((c)++)=(unsigned char)(((l) )&0xff))
 226
218#define n2l6(c,l) (l =((BN_ULLONG)(*((c)++)))<<40, \ 227#define n2l6(c,l) (l =((BN_ULLONG)(*((c)++)))<<40, \
219 l|=((BN_ULLONG)(*((c)++)))<<32, \ 228 l|=((BN_ULLONG)(*((c)++)))<<32, \
220 l|=((BN_ULLONG)(*((c)++)))<<24, \ 229 l|=((BN_ULLONG)(*((c)++)))<<24, \
221 l|=((BN_ULLONG)(*((c)++)))<<16, \ 230 l|=((BN_ULLONG)(*((c)++)))<<16, \
222 l|=((BN_ULLONG)(*((c)++)))<< 8, \ 231 l|=((BN_ULLONG)(*((c)++)))<< 8, \
223 l|=((BN_ULLONG)(*((c)++)))) 232 l|=((BN_ULLONG)(*((c)++))))
224 233
225/* NOTE - c is not incremented as per l2c */ 234/* NOTE - c is not incremented as per l2c */
226#define l2cn(l1,l2,c,n) { \ 235#define l2cn(l1,l2,c,n) { \
227 c+=n; \ 236 c+=n; \
228 switch (n) { \ 237 switch (n) { \
229 case 8: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \ 238 case 8: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
230 case 7: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \ 239 case 7: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
@@ -820,27 +829,28 @@ int ssl_cipher_list_to_bytes(SSL *s,STAC @@ -820,27 +829,28 @@ int ssl_cipher_list_to_bytes(SSL *s,STAC
820 int (*put_cb)(const SSL_CIPHER *, unsigned char *)); 829 int (*put_cb)(const SSL_CIPHER *, unsigned char *));
821STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth, 830STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth,
822 STACK_OF(SSL_CIPHER) **pref, 831 STACK_OF(SSL_CIPHER) **pref,
823 STACK_OF(SSL_CIPHER) **sorted, 832 STACK_OF(SSL_CIPHER) **sorted,
824 const char *rule_str); 833 const char *rule_str);
825void ssl_update_cache(SSL *s, int mode); 834void ssl_update_cache(SSL *s, int mode);
826int ssl_cipher_get_evp(const SSL_SESSION *s,const EVP_CIPHER **enc, 835int ssl_cipher_get_evp(const SSL_SESSION *s,const EVP_CIPHER **enc,
827 const EVP_MD **md,int *mac_pkey_type,int *mac_secret_size, SSL_COMP **comp); 836 const EVP_MD **md,int *mac_pkey_type,int *mac_secret_size, SSL_COMP **comp);
828int ssl_get_handshake_digest(int i,long *mask,const EVP_MD **md);  837int ssl_get_handshake_digest(int i,long *mask,const EVP_MD **md);
829int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk); 838int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk);
830int ssl_undefined_function(SSL *s); 839int ssl_undefined_function(SSL *s);
831int ssl_undefined_void_function(void); 840int ssl_undefined_void_function(void);
832int ssl_undefined_const_function(const SSL *s); 841int ssl_undefined_const_function(const SSL *s);
833X509 *ssl_get_server_send_cert(SSL *); 842CERT_PKEY *ssl_get_server_send_pkey(const SSL *s);
 843X509 *ssl_get_server_send_cert(const SSL *);
834EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *c, const EVP_MD **pmd); 844EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *c, const EVP_MD **pmd);
835int ssl_cert_type(X509 *x,EVP_PKEY *pkey); 845int ssl_cert_type(X509 *x,EVP_PKEY *pkey);
836void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher); 846void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher);
837STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s); 847STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
838int ssl_verify_alarm_type(long type); 848int ssl_verify_alarm_type(long type);
839void ssl_load_ciphers(void); 849void ssl_load_ciphers(void);
840 850
841int ssl2_enc_init(SSL *s, int client); 851int ssl2_enc_init(SSL *s, int client);
842int ssl2_generate_key_material(SSL *s); 852int ssl2_generate_key_material(SSL *s);
843void ssl2_enc(SSL *s,int send_data); 853void ssl2_enc(SSL *s,int send_data);
844void ssl2_mac(SSL *s,unsigned char *mac,int send_data); 854void ssl2_mac(SSL *s,unsigned char *mac,int send_data);
845const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p); 855const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p);
846int ssl2_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p); 856int ssl2_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
@@ -1078,27 +1088,28 @@ SSL_COMP *ssl3_comp_find(STACK_OF(SSL_CO @@ -1078,27 +1088,28 @@ SSL_COMP *ssl3_comp_find(STACK_OF(SSL_CO
1078 1088
1079#ifndef OPENSSL_NO_EC 1089#ifndef OPENSSL_NO_EC
1080int tls1_ec_curve_id2nid(int curve_id); 1090int tls1_ec_curve_id2nid(int curve_id);
1081int tls1_ec_nid2curve_id(int nid); 1091int tls1_ec_nid2curve_id(int nid);
1082#endif /* OPENSSL_NO_EC */ 1092#endif /* OPENSSL_NO_EC */
1083 1093
1084#ifndef OPENSSL_NO_TLSEXT 1094#ifndef OPENSSL_NO_TLSEXT
1085unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit);  1095unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit);
1086unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit);  1096unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit);
1087int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al); 1097int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al);
1088int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al); 1098int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al);
1089int ssl_prepare_clienthello_tlsext(SSL *s); 1099int ssl_prepare_clienthello_tlsext(SSL *s);
1090int ssl_prepare_serverhello_tlsext(SSL *s); 1100int ssl_prepare_serverhello_tlsext(SSL *s);
1091int ssl_check_clienthello_tlsext(SSL *s); 1101int ssl_check_clienthello_tlsext_early(SSL *s);
 1102int ssl_check_clienthello_tlsext_late(SSL *s);
1092int ssl_check_serverhello_tlsext(SSL *s); 1103int ssl_check_serverhello_tlsext(SSL *s);
1093 1104
1094#ifndef OPENSSL_NO_HEARTBEATS 1105#ifndef OPENSSL_NO_HEARTBEATS
1095int tls1_heartbeat(SSL *s); 1106int tls1_heartbeat(SSL *s);
1096int dtls1_heartbeat(SSL *s); 1107int dtls1_heartbeat(SSL *s);
1097int tls1_process_heartbeat(SSL *s); 1108int tls1_process_heartbeat(SSL *s);
1098int dtls1_process_heartbeat(SSL *s); 1109int dtls1_process_heartbeat(SSL *s);
1099#endif 1110#endif
1100 1111
1101#ifdef OPENSSL_NO_SHA256 1112#ifdef OPENSSL_NO_SHA256
1102#define tlsext_tick_md EVP_sha1 1113#define tlsext_tick_md EVP_sha1
1103#else 1114#else
1104#define tlsext_tick_md EVP_sha256 1115#define tlsext_tick_md EVP_sha256
@@ -1121,14 +1132,43 @@ int ssl_parse_serverhello_renegotiate_ex @@ -1121,14 +1132,43 @@ int ssl_parse_serverhello_renegotiate_ex
1121int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len, 1132int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
1122 int maxlen); 1133 int maxlen);
1123int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len, 1134int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,
1124 int *al); 1135 int *al);
1125long ssl_get_algorithm2(SSL *s); 1136long ssl_get_algorithm2(SSL *s);
1126int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize); 1137int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize);
1127int tls12_get_req_sig_algs(SSL *s, unsigned char *p); 1138int tls12_get_req_sig_algs(SSL *s, unsigned char *p);
1128 1139
1129int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen); 1140int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen);
1130int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al); 1141int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al);
1131int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen); 1142int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen);
1132int ssl_parse_serverhello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al); 1143int ssl_parse_serverhello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al);
1133 1144
 1145/* s3_cbc.c */
 1146void ssl3_cbc_copy_mac(unsigned char* out,
 1147 const SSL3_RECORD *rec,
 1148 unsigned md_size,unsigned orig_len);
 1149int ssl3_cbc_remove_padding(const SSL* s,
 1150 SSL3_RECORD *rec,
 1151 unsigned block_size,
 1152 unsigned mac_size);
 1153int tls1_cbc_remove_padding(const SSL* s,
 1154 SSL3_RECORD *rec,
 1155 unsigned block_size,
 1156 unsigned mac_size);
 1157char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx);
 1158void ssl3_cbc_digest_record(
 1159 const EVP_MD_CTX *ctx,
 1160 unsigned char* md_out,
 1161 size_t* md_out_size,
 1162 const unsigned char header[13],
 1163 const unsigned char *data,
 1164 size_t data_plus_mac_size,
 1165 size_t data_plus_mac_plus_padding_size,
 1166 const unsigned char *mac_secret,
 1167 unsigned mac_secret_length,
 1168 char is_sslv3);
 1169
 1170void tls_fips_digest_extra(
 1171 const EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *mac_ctx,
 1172 const unsigned char *data, size_t data_len, size_t orig_len);
 1173
1134#endif 1174#endif
cvs diff -r1.5 -r1.6 src/crypto/external/bsd/openssl/dist/ssl/t1_enc.c (expand / switch to unified diff)

--- src/crypto/external/bsd/openssl/dist/ssl/t1_enc.c 2012/07/26 19:58:39 1.5
+++ src/crypto/external/bsd/openssl/dist/ssl/t1_enc.c 2013/02/05 21:31:27 1.6
@@ -351,27 +351,27 @@ int tls1_change_cipher_state(SSL *s, int @@ -351,27 +351,27 @@ int tls1_change_cipher_state(SSL *s, int
351#ifdef KSSL_DEBUG 351#ifdef KSSL_DEBUG
352 printf("tls1_change_cipher_state(which= %d) w/\n", which); 352 printf("tls1_change_cipher_state(which= %d) w/\n", which);
353 printf("\talg= %ld/%ld, comp= %p\n", 353 printf("\talg= %ld/%ld, comp= %p\n",
354 s->s3->tmp.new_cipher->algorithm_mkey, 354 s->s3->tmp.new_cipher->algorithm_mkey,
355 s->s3->tmp.new_cipher->algorithm_auth, 355 s->s3->tmp.new_cipher->algorithm_auth,
356 comp); 356 comp);
357 printf("\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", c); 357 printf("\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", c);
358 printf("\tevp_cipher: nid, blksz= %d, %d, keylen=%d, ivlen=%d\n", 358 printf("\tevp_cipher: nid, blksz= %d, %d, keylen=%d, ivlen=%d\n",
359 c->nid,c->block_size,c->key_len,c->iv_len); 359 c->nid,c->block_size,c->key_len,c->iv_len);
360 printf("\tkey_block: len= %d, data= ", s->s3->tmp.key_block_length); 360 printf("\tkey_block: len= %d, data= ", s->s3->tmp.key_block_length);
361 { 361 {
362 int i; 362 int i;
363 for (i=0; i<s->s3->tmp.key_block_length; i++) 363 for (i=0; i<s->s3->tmp.key_block_length; i++)
364 printf("%02x", key_block[i]); printf("\n"); 364 printf("%02x", s->s3->tmp.key_block[i]); printf("\n");
365 } 365 }
366#endif /* KSSL_DEBUG */ 366#endif /* KSSL_DEBUG */
367 367
368 if (which & SSL3_CC_READ) 368 if (which & SSL3_CC_READ)
369 { 369 {
370 if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC) 370 if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
371 s->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM; 371 s->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM;
372 else 372 else
373 s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM; 373 s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM;
374 374
375 if (s->enc_read_ctx != NULL) 375 if (s->enc_read_ctx != NULL)
376 reuse_dd = 1; 376 reuse_dd = 1;
377 else if ((s->enc_read_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL) 377 else if ((s->enc_read_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
@@ -657,32 +657,41 @@ printf("\nkey block\n"); @@ -657,32 +657,41 @@ printf("\nkey block\n");
657 } 657 }
658 } 658 }
659  659
660 ret = 1; 660 ret = 1;
661err: 661err:
662 if (p2) 662 if (p2)
663 { 663 {
664 OPENSSL_cleanse(p2,num); 664 OPENSSL_cleanse(p2,num);
665 OPENSSL_free(p2); 665 OPENSSL_free(p2);
666 } 666 }
667 return(ret); 667 return(ret);
668 } 668 }
669 669
 670/* tls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
 671 *
 672 * Returns:
 673 * 0: (in non-constant time) if the record is publically invalid (i.e. too
 674 * short etc).
 675 * 1: if the record's padding is valid / the encryption was successful.
 676 * -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
 677 * an internal error occured.
 678 */
670int tls1_enc(SSL *s, int send) 679int tls1_enc(SSL *s, int send)
671 { 680 {
672 SSL3_RECORD *rec; 681 SSL3_RECORD *rec;
673 EVP_CIPHER_CTX *ds; 682 EVP_CIPHER_CTX *ds;
674 unsigned long l; 683 unsigned long l;
675 int bs,i,ii,j,k,pad=0; 684 int bs,i,j,k,pad=0,ret,mac_size=0;
676 const EVP_CIPHER *enc; 685 const EVP_CIPHER *enc;
677 686
678 if (send) 687 if (send)
679 { 688 {
680 if (EVP_MD_CTX_md(s->write_hash)) 689 if (EVP_MD_CTX_md(s->write_hash))
681 { 690 {
682 int n=EVP_MD_CTX_size(s->write_hash); 691 int n=EVP_MD_CTX_size(s->write_hash);
683 OPENSSL_assert(n >= 0); 692 OPENSSL_assert(n >= 0);
684 } 693 }
685 ds=s->enc_write_ctx; 694 ds=s->enc_write_ctx;
686 rec= &(s->s3->wrec); 695 rec= &(s->s3->wrec);
687 if (s->enc_write_ctx == NULL) 696 if (s->enc_write_ctx == NULL)
688 enc=NULL; 697 enc=NULL;
@@ -719,31 +728,31 @@ int tls1_enc(SSL *s, int send) @@ -719,31 +728,31 @@ int tls1_enc(SSL *s, int send)
719 } 728 }
720 ds=s->enc_read_ctx; 729 ds=s->enc_read_ctx;
721 rec= &(s->s3->rrec); 730 rec= &(s->s3->rrec);
722 if (s->enc_read_ctx == NULL) 731 if (s->enc_read_ctx == NULL)
723 enc=NULL; 732 enc=NULL;
724 else 733 else
725 enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx); 734 enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
726 } 735 }
727 736
728#ifdef KSSL_DEBUG 737#ifdef KSSL_DEBUG
729 printf("tls1_enc(%d)\n", send); 738 printf("tls1_enc(%d)\n", send);
730#endif /* KSSL_DEBUG */ 739#endif /* KSSL_DEBUG */
731 740
732 if ((s->session == NULL) || (ds == NULL) || 741 if ((s->session == NULL) || (ds == NULL) || (enc == NULL))
733 (enc == NULL)) 
734 { 742 {
735 memmove(rec->data,rec->input,rec->length); 743 memmove(rec->data,rec->input,rec->length);
736 rec->input=rec->data; 744 rec->input=rec->data;
 745 ret = 1;
737 } 746 }
738 else 747 else
739 { 748 {
740 l=rec->length; 749 l=rec->length;
741 bs=EVP_CIPHER_block_size(ds->cipher); 750 bs=EVP_CIPHER_block_size(ds->cipher);
742 751
743 if (EVP_CIPHER_flags(ds->cipher)&EVP_CIPH_FLAG_AEAD_CIPHER) 752 if (EVP_CIPHER_flags(ds->cipher)&EVP_CIPH_FLAG_AEAD_CIPHER)
744 { 753 {
745 unsigned char buf[13],*seq; 754 unsigned char buf[13],*seq;
746 755
747 seq = send?s->s3->write_sequence:s->s3->read_sequence; 756 seq = send?s->s3->write_sequence:s->s3->read_sequence;
748 757
749 if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) 758 if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER)
@@ -787,130 +796,80 @@ int tls1_enc(SSL *s, int send) @@ -787,130 +796,80 @@ int tls1_enc(SSL *s, int send)
787 if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) 796 if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG)
788 { 797 {
789 if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) 798 if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
790 j++; 799 j++;
791 } 800 }
792 for (k=(int)l; k<(int)(l+i); k++) 801 for (k=(int)l; k<(int)(l+i); k++)
793 rec->input[k]=j; 802 rec->input[k]=j;
794 l+=i; 803 l+=i;
795 rec->length+=i; 804 rec->length+=i;
796 } 805 }
797 806
798#ifdef KSSL_DEBUG 807#ifdef KSSL_DEBUG
799 { 808 {
800 unsigned long ui; 809 unsigned long ui;
801 printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n", 810 printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n",
802 ds,rec->data,rec->input,l); 811 ds,rec->data,rec->input,l);
803 printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n", 812 printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n",
804 ds->buf_len, ds->cipher->key_len, 813 ds->buf_len, ds->cipher->key_len,
805 DES_KEY_SZ, DES_SCHEDULE_SZ, 814 DES_KEY_SZ, DES_SCHEDULE_SZ,
806 ds->cipher->iv_len); 815 ds->cipher->iv_len);
807 printf("\t\tIV: "); 816 printf("\t\tIV: ");
808 for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]); 817 for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]);
809 printf("\n"); 818 printf("\n");
810 printf("\trec->input="); 819 printf("\trec->input=");
811 for (ui=0; ui<l; ui++) printf(" %02x", rec->input[ui]); 820 for (ui=0; ui<l; ui++) printf(" %02x", rec->input[ui]);
812 printf("\n"); 821 printf("\n");
813 } 822 }
814#endif /* KSSL_DEBUG */ 823#endif /* KSSL_DEBUG */
815 824
816 if (!send) 825 if (!send)
817 { 826 {
818 if (l == 0 || l%bs != 0) 827 if (l == 0 || l%bs != 0)
819 { 
820 if (s->version >= TLS1_1_VERSION) 
821 return -1; 
822 SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); 
823 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED); 
824 return 0; 828 return 0;
825 } 
826 } 829 }
827  830
828 i = EVP_Cipher(ds,rec->data,rec->input,l); 831 i = EVP_Cipher(ds,rec->data,rec->input,l);
829 if ((EVP_CIPHER_flags(ds->cipher)&EVP_CIPH_FLAG_CUSTOM_CIPHER) 832 if ((EVP_CIPHER_flags(ds->cipher)&EVP_CIPH_FLAG_CUSTOM_CIPHER)
830 ?(i<0) 833 ?(i<0)
831 :(i==0)) 834 :(i==0))
832 return -1; /* AEAD can fail to verify MAC */ 835 return -1; /* AEAD can fail to verify MAC */
833 if (EVP_CIPHER_mode(enc) == EVP_CIPH_GCM_MODE && !send) 836 if (EVP_CIPHER_mode(enc) == EVP_CIPH_GCM_MODE && !send)
834 { 837 {
835 rec->data += EVP_GCM_TLS_EXPLICIT_IV_LEN; 838 rec->data += EVP_GCM_TLS_EXPLICIT_IV_LEN;
836 rec->input += EVP_GCM_TLS_EXPLICIT_IV_LEN; 839 rec->input += EVP_GCM_TLS_EXPLICIT_IV_LEN;
837 rec->length -= EVP_GCM_TLS_EXPLICIT_IV_LEN; 840 rec->length -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
838 } 841 }
839 842
840#ifdef KSSL_DEBUG 843#ifdef KSSL_DEBUG
841 { 844 {
842 unsigned long i; 845 unsigned long i;
843 printf("\trec->data="); 846 printf("\trec->data=");
844 for (i=0; i<l; i++) 847 for (i=0; i<l; i++)
845 printf(" %02x", rec->data[i]); printf("\n"); 848 printf(" %02x", rec->data[i]); printf("\n");
846 } 849 }
847#endif /* KSSL_DEBUG */ 850#endif /* KSSL_DEBUG */
848 851
 852 ret = 1;
 853 if (EVP_MD_CTX_md(s->read_hash) != NULL)
 854 mac_size = EVP_MD_CTX_size(s->read_hash);
849 if ((bs != 1) && !send) 855 if ((bs != 1) && !send)
850 { 856 ret = tls1_cbc_remove_padding(s, rec, bs, mac_size);
851 ii=i=rec->data[l-1]; /* padding_length */ 
852 i++; 
853 /* NB: if compression is in operation the first packet 
854 * may not be of even length so the padding bug check 
855 * cannot be performed. This bug workaround has been 
856 * around since SSLeay so hopefully it is either fixed 
857 * now or no buggy implementation supports compression  
858 * [steve] 
859 */ 
860 if ( (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG) 
861 && !s->expand) 
862 { 
863 /* First packet is even in size, so check */ 
864 if ((memcmp(s->s3->read_sequence, 
865 "\0\0\0\0\0\0\0\0",8) == 0) && !(ii & 1)) 
866 s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG; 
867 if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) 
868 i--; 
869 } 
870 /* TLS 1.0 does not bound the number of padding bytes by the block size. 
871 * All of them must have value 'padding_length'. */ 
872 if (i > (int)rec->length) 
873 { 
874 /* Incorrect padding. SSLerr() and ssl3_alert are done 
875 * by caller: we don't want to reveal whether this is 
876 * a decryption error or a MAC verification failure 
877 * (see http://www.openssl.org/~bodo/tls-cbc.txt) */ 
878 return -1; 
879 } 
880 for (j=(int)(l-i); j<(int)l; j++) 
881 { 
882 if (rec->data[j] != ii) 
883 { 
884 /* Incorrect padding */ 
885 return -1; 
886 } 
887 } 
888 rec->length -=i; 
889 if (s->version >= TLS1_1_VERSION 
890 && EVP_CIPHER_CTX_mode(ds) == EVP_CIPH_CBC_MODE) 
891 { 
892 if (bs > (int)rec->length) 
893 return -1; 
894 rec->data += bs; /* skip the explicit IV */ 
895 rec->input += bs; 
896 rec->length -= bs; 
897 } 
898 } 
899 if (pad && !send) 857 if (pad && !send)
900 rec->length -= pad; 858 rec->length -= pad;
901 } 859 }
902 return(1); 860 return ret;
903 } 861 }
 862
904int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out) 863int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out)
905 { 864 {
906 unsigned int ret; 865 unsigned int ret;
907 EVP_MD_CTX ctx, *d=NULL; 866 EVP_MD_CTX ctx, *d=NULL;
908 int i; 867 int i;
909 868
910 if (s->s3->handshake_buffer)  869 if (s->s3->handshake_buffer)
911 if (!ssl3_digest_cached_records(s)) 870 if (!ssl3_digest_cached_records(s))
912 return 0; 871 return 0;
913 872
914 if (s->s3->handshake_dgst) { 873 if (s->s3->handshake_dgst) {
915 for (i=0;i<SSL_MAX_DIGEST;i++)  874 for (i=0;i<SSL_MAX_DIGEST;i++)
916 { 875 {
@@ -982,85 +941,117 @@ int tls1_final_finish_mac(SSL *s, @@ -982,85 +941,117 @@ int tls1_final_finish_mac(SSL *s,
982 EVP_MD_CTX_cleanup(&ctx); 941 EVP_MD_CTX_cleanup(&ctx);
983 942
984 if (err) 943 if (err)
985 return 0; 944 return 0;
986 else 945 else
987 return sizeof buf2; 946 return sizeof buf2;
988 } 947 }
989 948
990int tls1_mac(SSL *ssl, unsigned char *md, int send) 949int tls1_mac(SSL *ssl, unsigned char *md, int send)
991 { 950 {
992 SSL3_RECORD *rec; 951 SSL3_RECORD *rec;
993 unsigned char *seq; 952 unsigned char *seq;
994 EVP_MD_CTX *hash; 953 EVP_MD_CTX *hash;
995 size_t md_size; 954 size_t md_size, orig_len;
996 int i; 955 int i;
997 EVP_MD_CTX hmac, *mac_ctx; 956 EVP_MD_CTX hmac, *mac_ctx;
998 unsigned char buf[5];  957 unsigned char header[13];
999 int stream_mac = (send?(ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM):(ssl->mac_flags&SSL_MAC_FLAG_READ_MAC_STREAM)); 958 int stream_mac = (send?(ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM):(ssl->mac_flags&SSL_MAC_FLAG_READ_MAC_STREAM));
1000 int t; 959 int t;
1001 960
1002 if (send) 961 if (send)
1003 { 962 {
1004 rec= &(ssl->s3->wrec); 963 rec= &(ssl->s3->wrec);
1005 seq= &(ssl->s3->write_sequence[0]); 964 seq= &(ssl->s3->write_sequence[0]);
1006 hash=ssl->write_hash; 965 hash=ssl->write_hash;
1007 } 966 }
1008 else 967 else
1009 { 968 {
1010 rec= &(ssl->s3->rrec); 969 rec= &(ssl->s3->rrec);
1011 seq= &(ssl->s3->read_sequence[0]); 970 seq= &(ssl->s3->read_sequence[0]);
1012 hash=ssl->read_hash; 971 hash=ssl->read_hash;
1013 } 972 }
1014 973
1015 t=EVP_MD_CTX_size(hash); 974 t=EVP_MD_CTX_size(hash);
1016 OPENSSL_assert(t >= 0); 975 OPENSSL_assert(t >= 0);
1017 md_size=t; 976 md_size=t;
1018 977
1019 buf[0]=rec->type; 
1020 buf[1]=(unsigned char)(ssl->version>>8); 
1021 buf[2]=(unsigned char)(ssl->version); 
1022 buf[3]=rec->length>>8; 
1023 buf[4]=rec->length&0xff; 
1024 
1025 /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */ 978 /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */
1026 if (stream_mac)  979 if (stream_mac)
1027 { 980 {
1028 mac_ctx = hash; 981 mac_ctx = hash;
1029 } 982 }
1030 else 983 else
1031 { 984 {
1032 EVP_MD_CTX_copy(&hmac,hash); 985 EVP_MD_CTX_copy(&hmac,hash);
1033 mac_ctx = &hmac; 986 mac_ctx = &hmac;
1034 } 987 }
1035 988
1036 if (ssl->version == DTLS1_VERSION || ssl->version == DTLS1_BAD_VER) 989 if (ssl->version == DTLS1_VERSION || ssl->version == DTLS1_BAD_VER)
1037 { 990 {
1038 unsigned char dtlsseq[8],*p=dtlsseq; 991 unsigned char dtlsseq[8],*p=dtlsseq;
1039 992
1040 s2n(send?ssl->d1->w_epoch:ssl->d1->r_epoch, p); 993 s2n(send?ssl->d1->w_epoch:ssl->d1->r_epoch, p);
1041 memcpy (p,&seq[2],6); 994 memcpy (p,&seq[2],6);
1042 995
1043 EVP_DigestSignUpdate(mac_ctx,dtlsseq,8); 996 memcpy(header, dtlsseq, 8);
1044 } 997 }
1045 else 998 else
1046 EVP_DigestSignUpdate(mac_ctx,seq,8); 999 memcpy(header, seq, 8);
1047 1000
1048 EVP_DigestSignUpdate(mac_ctx,buf,5); 1001 /* kludge: tls1_cbc_remove_padding passes padding length in rec->type */
1049 EVP_DigestSignUpdate(mac_ctx,rec->input,rec->length); 1002 orig_len = rec->length+md_size+((unsigned int)rec->type>>8);
1050 t=EVP_DigestSignFinal(mac_ctx,md,&md_size); 1003 rec->type &= 0xff;
1051 OPENSSL_assert(t > 0); 1004
 1005 header[8]=rec->type;
 1006 header[9]=(unsigned char)(ssl->version>>8);
 1007 header[10]=(unsigned char)(ssl->version);
 1008 header[11]=(rec->length)>>8;
 1009 header[12]=(rec->length)&0xff;
 1010
 1011 if (!send &&
 1012 EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
 1013 ssl3_cbc_record_digest_supported(mac_ctx))
 1014 {
 1015 /* This is a CBC-encrypted record. We must avoid leaking any
 1016 * timing-side channel information about how many blocks of
 1017 * data we are hashing because that gives an attacker a
 1018 * timing-oracle. */
 1019 ssl3_cbc_digest_record(
 1020 mac_ctx,
 1021 md, &md_size,
 1022 header, rec->input,
 1023 rec->length + md_size, orig_len,
 1024 ssl->s3->read_mac_secret,
 1025 ssl->s3->read_mac_secret_size,
 1026 0 /* not SSLv3 */);
 1027 }
 1028 else
 1029 {
 1030 EVP_DigestSignUpdate(mac_ctx,header,sizeof(header));
 1031 EVP_DigestSignUpdate(mac_ctx,rec->input,rec->length);
 1032 t=EVP_DigestSignFinal(mac_ctx,md,&md_size);
 1033 OPENSSL_assert(t > 0);
 1034#ifdef OPENSSL_FIPS
 1035 if (!send && FIPS_mode())
 1036 tls_fips_digest_extra(
 1037 ssl->enc_read_ctx,
 1038 mac_ctx, rec->input,
 1039 rec->length, orig_len);
 1040#endif
 1041 }
1052  1042
1053 if (!stream_mac) EVP_MD_CTX_cleanup(&hmac); 1043 if (!stream_mac)
 1044 EVP_MD_CTX_cleanup(&hmac);
1054#ifdef TLS_DEBUG 1045#ifdef TLS_DEBUG
1055printf("sec="); 1046printf("sec=");
1056{unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",mac_sec[z]); printf("\n"); } 1047{unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",mac_sec[z]); printf("\n"); }
1057printf("seq="); 1048printf("seq=");
1058{int z; for (z=0; z<8; z++) printf("%02X ",seq[z]); printf("\n"); } 1049{int z; for (z=0; z<8; z++) printf("%02X ",seq[z]); printf("\n"); }
1059printf("buf="); 1050printf("buf=");
1060{int z; for (z=0; z<5; z++) printf("%02X ",buf[z]); printf("\n"); } 1051{int z; for (z=0; z<5; z++) printf("%02X ",buf[z]); printf("\n"); }
1061printf("rec="); 1052printf("rec=");
1062{unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); } 1053{unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); }
1063#endif 1054#endif
1064 1055
1065 if (ssl->version != DTLS1_VERSION && ssl->version != DTLS1_BAD_VER) 1056 if (ssl->version != DTLS1_VERSION && ssl->version != DTLS1_BAD_VER)
1066 { 1057 {
cvs diff -r1.8 -r1.9 src/crypto/external/bsd/openssl/dist/ssl/s3_lib.c (expand / switch to unified diff)

--- src/crypto/external/bsd/openssl/dist/ssl/s3_lib.c 2012/07/26 19:58:39 1.8
+++ src/crypto/external/bsd/openssl/dist/ssl/s3_lib.c 2013/02/05 21:31:26 1.9
@@ -1115,27 +1115,27 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] @@ -1115,27 +1115,27 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
1115 SSL_SHA256, 1115 SSL_SHA256,
1116 SSL_TLSV1_2, 1116 SSL_TLSV1_2,
1117 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1117 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1118 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1118 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1119 256, 1119 256,
1120 256, 1120 256,
1121 }, 1121 },
1122 1122
1123 /* Cipher 3E */ 1123 /* Cipher 3E */
1124 { 1124 {
1125 0, /* not implemented (non-ephemeral DH) */ 1125 0, /* not implemented (non-ephemeral DH) */
1126 TLS1_TXT_DH_DSS_WITH_AES_128_SHA256, 1126 TLS1_TXT_DH_DSS_WITH_AES_128_SHA256,
1127 TLS1_CK_DH_DSS_WITH_AES_128_SHA256, 1127 TLS1_CK_DH_DSS_WITH_AES_128_SHA256,
1128 SSL_kDHr, 1128 SSL_kDHd,
1129 SSL_aDH, 1129 SSL_aDH,
1130 SSL_AES128, 1130 SSL_AES128,
1131 SSL_SHA256, 1131 SSL_SHA256,
1132 SSL_TLSV1_2, 1132 SSL_TLSV1_2,
1133 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1133 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1134 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1134 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1135 128, 1135 128,
1136 128, 1136 128,
1137 }, 1137 },
1138 1138
1139 /* Cipher 3F */ 1139 /* Cipher 3F */
1140 { 1140 {
1141 0, /* not implemented (non-ephemeral DH) */ 1141 0, /* not implemented (non-ephemeral DH) */
@@ -1397,27 +1397,27 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] @@ -1397,27 +1397,27 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
1397 SSL_SHA256, 1397 SSL_SHA256,
1398 SSL_TLSV1_2, 1398 SSL_TLSV1_2,
1399 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1399 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1400 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1400 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1401 128, 1401 128,
1402 128, 1402 128,
1403 }, 1403 },
1404 1404
1405 /* Cipher 68 */ 1405 /* Cipher 68 */
1406 { 1406 {
1407 0, /* not implemented (non-ephemeral DH) */ 1407 0, /* not implemented (non-ephemeral DH) */
1408 TLS1_TXT_DH_DSS_WITH_AES_256_SHA256, 1408 TLS1_TXT_DH_DSS_WITH_AES_256_SHA256,
1409 TLS1_CK_DH_DSS_WITH_AES_256_SHA256, 1409 TLS1_CK_DH_DSS_WITH_AES_256_SHA256,
1410 SSL_kDHr, 1410 SSL_kDHd,
1411 SSL_aDH, 1411 SSL_aDH,
1412 SSL_AES256, 1412 SSL_AES256,
1413 SSL_SHA256, 1413 SSL_SHA256,
1414 SSL_TLSV1_2, 1414 SSL_TLSV1_2,
1415 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1415 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1416 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1416 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1417 256, 1417 256,
1418 256, 1418 256,
1419 }, 1419 },
1420 1420
1421 /* Cipher 69 */ 1421 /* Cipher 69 */
1422 { 1422 {
1423 0, /* not implemented (non-ephemeral DH) */ 1423 0, /* not implemented (non-ephemeral DH) */
@@ -1948,43 +1948,43 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] @@ -1948,43 +1948,43 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
1948 SSL_AEAD, 1948 SSL_AEAD,
1949 SSL_TLSV1_2, 1949 SSL_TLSV1_2,
1950 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1950 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1951 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1951 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1952 256, 1952 256,
1953 256, 1953 256,
1954 }, 1954 },
1955 1955
1956 /* Cipher A4 */ 1956 /* Cipher A4 */
1957 { 1957 {
1958 0, 1958 0,
1959 TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256, 1959 TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256,
1960 TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256, 1960 TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256,
1961 SSL_kDHr, 1961 SSL_kDHd,
1962 SSL_aDH, 1962 SSL_aDH,
1963 SSL_AES128GCM, 1963 SSL_AES128GCM,
1964 SSL_AEAD, 1964 SSL_AEAD,
1965 SSL_TLSV1_2, 1965 SSL_TLSV1_2,
1966 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1966 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1967 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1967 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1968 128, 1968 128,
1969 128, 1969 128,
1970 }, 1970 },
1971 1971
1972 /* Cipher A5 */ 1972 /* Cipher A5 */
1973 { 1973 {
1974 0, 1974 0,
1975 TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384, 1975 TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384,
1976 TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384, 1976 TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384,
1977 SSL_kDHr, 1977 SSL_kDHd,
1978 SSL_aDH, 1978 SSL_aDH,
1979 SSL_AES256GCM, 1979 SSL_AES256GCM,
1980 SSL_AEAD, 1980 SSL_AEAD,
1981 SSL_TLSV1_2, 1981 SSL_TLSV1_2,
1982 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1982 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1983 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1983 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1984 256, 1984 256,
1985 256, 1985 256,
1986 }, 1986 },
1987 1987
1988 /* Cipher A6 */ 1988 /* Cipher A6 */
1989 { 1989 {
1990 1, 1990 1,
@@ -2659,43 +2659,43 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] @@ -2659,43 +2659,43 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
2659 SSL_SHA384, 2659 SSL_SHA384,
2660 SSL_TLSV1_2, 2660 SSL_TLSV1_2,
2661 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2661 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2662 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2662 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2663 256, 2663 256,
2664 256, 2664 256,
2665 }, 2665 },
2666 2666
2667 /* Cipher C029 */ 2667 /* Cipher C029 */
2668 { 2668 {
2669 1, 2669 1,
2670 TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256, 2670 TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256,
2671 TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256, 2671 TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256,
2672 SSL_kECDHe, 2672 SSL_kECDHr,
2673 SSL_aECDH, 2673 SSL_aECDH,
2674 SSL_AES128, 2674 SSL_AES128,
2675 SSL_SHA256, 2675 SSL_SHA256,
2676 SSL_TLSV1_2, 2676 SSL_TLSV1_2,
2677 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2677 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2678 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 2678 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2679 128, 2679 128,
2680 128, 2680 128,
2681 }, 2681 },
2682 2682
2683 /* Cipher C02A */ 2683 /* Cipher C02A */
2684 { 2684 {
2685 1, 2685 1,
2686 TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384, 2686 TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384,
2687 TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384, 2687 TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384,
2688 SSL_kECDHe, 2688 SSL_kECDHr,
2689 SSL_aECDH, 2689 SSL_aECDH,
2690 SSL_AES256, 2690 SSL_AES256,
2691 SSL_SHA384, 2691 SSL_SHA384,
2692 SSL_TLSV1_2, 2692 SSL_TLSV1_2,
2693 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2693 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2694 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2694 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2695 256, 2695 256,
2696 256, 2696 256,
2697 }, 2697 },
2698 2698
2699 /* GCM based TLS v1.2 ciphersuites from RFC5289 */ 2699 /* GCM based TLS v1.2 ciphersuites from RFC5289 */
2700 2700
2701 /* Cipher C02B */ 2701 /* Cipher C02B */
@@ -2789,43 +2789,43 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] @@ -2789,43 +2789,43 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
2789 SSL_AEAD, 2789 SSL_AEAD,
2790 SSL_TLSV1_2, 2790 SSL_TLSV1_2,
2791 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2791 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2792 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2792 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2793 256, 2793 256,
2794 256, 2794 256,
2795 }, 2795 },
2796 2796
2797 /* Cipher C031 */ 2797 /* Cipher C031 */
2798 { 2798 {
2799 1, 2799 1,
2800 TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256, 2800 TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256,
2801 TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256, 2801 TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256,
2802 SSL_kECDHe, 2802 SSL_kECDHr,
2803 SSL_aECDH, 2803 SSL_aECDH,
2804 SSL_AES128GCM, 2804 SSL_AES128GCM,
2805 SSL_AEAD, 2805 SSL_AEAD,
2806 SSL_TLSV1_2, 2806 SSL_TLSV1_2,
2807 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2807 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2808 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 2808 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2809 128, 2809 128,
2810 128, 2810 128,
2811 }, 2811 },
2812 2812
2813 /* Cipher C032 */ 2813 /* Cipher C032 */
2814 { 2814 {
2815 1, 2815 1,
2816 TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384, 2816 TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384,
2817 TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384, 2817 TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384,
2818 SSL_kECDHe, 2818 SSL_kECDHr,
2819 SSL_aECDH, 2819 SSL_aECDH,
2820 SSL_AES256GCM, 2820 SSL_AES256GCM,
2821 SSL_AEAD, 2821 SSL_AEAD,
2822 SSL_TLSV1_2, 2822 SSL_TLSV1_2,
2823 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2823 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2824 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2824 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2825 256, 2825 256,
2826 256, 2826 256,
2827 }, 2827 },
2828 2828
2829#endif /* OPENSSL_NO_ECDH */ 2829#endif /* OPENSSL_NO_ECDH */
2830 2830
2831 2831
cvs diff -r1.10 -r1.11 src/crypto/external/bsd/openssl/dist/ssl/Attic/s3_pkt.c (expand / switch to unified diff)

--- src/crypto/external/bsd/openssl/dist/ssl/Attic/s3_pkt.c 2012/07/26 19:58:39 1.10
+++ src/crypto/external/bsd/openssl/dist/ssl/Attic/s3_pkt.c 2013/02/05 21:31:26 1.11
@@ -280,31 +280,28 @@ int ssl3_read_n(SSL *s, int n, int max,  @@ -280,31 +280,28 @@ int ssl3_read_n(SSL *s, int n, int max,
280 * ssl->s3->rrec.data, - data 280 * ssl->s3->rrec.data, - data
281 * ssl->s3->rrec.length, - number of bytes 281 * ssl->s3->rrec.length, - number of bytes
282 */ 282 */
283/* used only by ssl3_read_bytes */ 283/* used only by ssl3_read_bytes */
284static int ssl3_get_record(SSL *s) 284static int ssl3_get_record(SSL *s)
285 { 285 {
286 int ssl_major,ssl_minor,al; 286 int ssl_major,ssl_minor,al;
287 int enc_err,n,i,ret= -1; 287 int enc_err,n,i,ret= -1;
288 SSL3_RECORD *rr; 288 SSL3_RECORD *rr;
289 SSL_SESSION *sess; 289 SSL_SESSION *sess;
290 unsigned char *p; 290 unsigned char *p;
291 unsigned char md[EVP_MAX_MD_SIZE]; 291 unsigned char md[EVP_MAX_MD_SIZE];
292 short version; 292 short version;
293 int mac_size; 293 unsigned mac_size, orig_len;
294 int clear=0; 
295 size_t extra; 294 size_t extra;
296 int decryption_failed_or_bad_record_mac = 0; 
297 unsigned char *mac = NULL; 
298 295
299 rr= &(s->s3->rrec); 296 rr= &(s->s3->rrec);
300 sess=s->session; 297 sess=s->session;
301 298
302 if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) 299 if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
303 extra=SSL3_RT_MAX_EXTRA; 300 extra=SSL3_RT_MAX_EXTRA;
304 else 301 else
305 extra=0; 302 extra=0;
306 if (extra && !s->s3->init_extra) 303 if (extra && !s->s3->init_extra)
307 { 304 {
308 /* An application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER 305 /* An application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER
309 * set after ssl3_setup_buffers() was done */ 306 * set after ssl3_setup_buffers() was done */
310 SSLerr(SSL_F_SSL3_GET_RECORD, ERR_R_INTERNAL_ERROR); 307 SSLerr(SSL_F_SSL3_GET_RECORD, ERR_R_INTERNAL_ERROR);
@@ -391,95 +388,100 @@ fprintf(stderr, "Record type=%d, Length= @@ -391,95 +388,100 @@ fprintf(stderr, "Record type=%d, Length=
391 /* We now have - encrypted [ MAC [ compressed [ plain ] ] ] 388 /* We now have - encrypted [ MAC [ compressed [ plain ] ] ]
392 * rr->length bytes of encrypted compressed stuff. */ 389 * rr->length bytes of encrypted compressed stuff. */
393 390
394 /* check is not needed I believe */ 391 /* check is not needed I believe */
395 if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH+extra) 392 if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH+extra)
396 { 393 {
397 al=SSL_AD_RECORD_OVERFLOW; 394 al=SSL_AD_RECORD_OVERFLOW;
398 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG); 395 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
399 goto f_err; 396 goto f_err;
400 } 397 }
401 398
402 /* decrypt in place in 'rr->input' */ 399 /* decrypt in place in 'rr->input' */
403 rr->data=rr->input; 400 rr->data=rr->input;
 401 orig_len=rr->length;
404 402
405 enc_err = s->method->ssl3_enc->enc(s,0); 403 enc_err = s->method->ssl3_enc->enc(s,0);
406 if (enc_err <= 0) 404 /* enc_err is:
 405 * 0: (in non-constant time) if the record is publically invalid.
 406 * 1: if the padding is valid
 407 * -1: if the padding is invalid */
 408 if (enc_err == 0)
407 { 409 {
408 if (enc_err == 0) 410 al=SSL_AD_DECRYPTION_FAILED;
409 /* SSLerr() and ssl3_send_alert() have been called */ 411 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
410 goto err; 412 goto f_err;
411 
412 /* Otherwise enc_err == -1, which indicates bad padding 
413 * (rec->length has not been changed in this case). 
414 * To minimize information leaked via timing, we will perform 
415 * the MAC computation anyway. */ 
416 decryption_failed_or_bad_record_mac = 1; 
417 } 413 }
418 414
419#ifdef TLS_DEBUG 415#ifdef TLS_DEBUG
420printf("dec %d\n",rr->length); 416printf("dec %d\n",rr->length);
421{ unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); } 417{ unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); }
422printf("\n"); 418printf("\n");
423#endif 419#endif
424 420
425 /* r->length is now the compressed data plus mac */ 421 /* r->length is now the compressed data plus mac */
426 if ( (sess == NULL) || 422 if ((sess != NULL) &&
427 (s->enc_read_ctx == NULL) || 423 (s->enc_read_ctx != NULL) &&
428 (EVP_MD_CTX_md(s->read_hash) == NULL)) 424 (EVP_MD_CTX_md(s->read_hash) != NULL))
429 clear=1; 425 {
430 426 /* s->read_hash != NULL => mac_size != -1 */
431 if (!clear) 427 unsigned char *mac = NULL;
432 { 428 unsigned char mac_tmp[EVP_MAX_MD_SIZE];
433 /* !clear => s->read_hash != NULL => mac_size != -1 */ 
434 mac_size=EVP_MD_CTX_size(s->read_hash); 429 mac_size=EVP_MD_CTX_size(s->read_hash);
435 OPENSSL_assert(mac_size >= 0); 430 OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
436 431
437 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size) 432 /* orig_len is the length of the record before any padding was
 433 * removed. This is public information, as is the MAC in use,
 434 * therefore we can safely process the record in a different
 435 * amount of time if it's too short to possibly contain a MAC.
 436 */
 437 if (orig_len < mac_size ||
 438 /* CBC records must have a padding length byte too. */
 439 (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
 440 orig_len < mac_size+1))
438 { 441 {
439#if 0 /* OK only for stream ciphers (then rr->length is visible from ciphertext anyway) */ 442 al=SSL_AD_DECODE_ERROR;
440 al=SSL_AD_RECORD_OVERFLOW; 443 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
441 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG); 
442 goto f_err; 444 goto f_err;
443#else 
444 decryption_failed_or_bad_record_mac = 1; 
445#endif  
446 } 445 }
447 /* check the MAC for rr->input (it's in mac_size bytes at the tail) */ 446
448 if (rr->length >= (unsigned int)mac_size) 447 if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE)
449 { 448 {
 449 /* We update the length so that the TLS header bytes
 450 * can be constructed correctly but we need to extract
 451 * the MAC in constant time from within the record,
 452 * without leaking the contents of the padding bytes.
 453 * */
 454 mac = mac_tmp;
 455 ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len);
450 rr->length -= mac_size; 456 rr->length -= mac_size;
451 mac = &rr->data[rr->length]; 
452 } 457 }
453 else 458 else
454 { 459 {
455 /* record (minus padding) is too short to contain a MAC */ 460 /* In this case there's no padding, so |orig_len|
456#if 0 /* OK only for stream ciphers */ 461 * equals |rec->length| and we checked that there's
457 al=SSL_AD_DECODE_ERROR; 462 * enough bytes for |mac_size| above. */
458 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT); 463 rr->length -= mac_size;
459 goto f_err; 464 mac = &rr->data[rr->length];
460#else 
461 decryption_failed_or_bad_record_mac = 1; 
462 rr->length = 0; 
463#endif 
464 } 
465 i=s->method->ssl3_enc->mac(s,md,0); 
466 if (i < 0 || mac == NULL || memcmp(md, mac, (size_t)mac_size) != 0) 
467 { 
468 decryption_failed_or_bad_record_mac = 1; 
469 } 465 }
 466
 467 i=s->method->ssl3_enc->mac(s,md,0 /* not send */);
 468 if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0)
 469 enc_err = -1;
 470 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size)
 471 enc_err = -1;
470 } 472 }
471 473
472 if (decryption_failed_or_bad_record_mac) 474 if (enc_err < 0)
473 { 475 {
474 /* A separate 'decryption_failed' alert was introduced with TLS 1.0, 476 /* A separate 'decryption_failed' alert was introduced with TLS 1.0,
475 * SSL 3.0 only has 'bad_record_mac'. But unless a decryption 477 * SSL 3.0 only has 'bad_record_mac'. But unless a decryption
476 * failure is directly visible from the ciphertext anyway, 478 * failure is directly visible from the ciphertext anyway,
477 * we should not reveal which kind of error occured -- this 479 * we should not reveal which kind of error occured -- this
478 * might become visible to an attacker (e.g. via a logfile) */ 480 * might become visible to an attacker (e.g. via a logfile) */
479 al=SSL_AD_BAD_RECORD_MAC; 481 al=SSL_AD_BAD_RECORD_MAC;
480 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); 482 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
481 goto f_err; 483 goto f_err;
482 } 484 }
483 485
484 /* r->length is now just compressed */ 486 /* r->length is now just compressed */
485 if (s->expand != NULL) 487 if (s->expand != NULL)
@@ -735,26 +737,27 @@ static int do_ssl3_write(SSL *s, int typ @@ -735,26 +737,27 @@ static int do_ssl3_write(SSL *s, int typ
735 wb->offset = align; 737 wb->offset = align;
736 } 738 }
737 739
738 /* write the header */ 740 /* write the header */
739 741
740 *(p++)=type&0xff; 742 *(p++)=type&0xff;
741 wr->type=type; 743 wr->type=type;
742 744
743 *(p++)=(s->version>>8); 745 *(p++)=(s->version>>8);
744 /* Some servers hang if iniatial client hello is larger than 256 746 /* Some servers hang if iniatial client hello is larger than 256
745 * bytes and record version number > TLS 1.0 747 * bytes and record version number > TLS 1.0
746 */ 748 */
747 if (s->state == SSL3_ST_CW_CLNT_HELLO_B 749 if (s->state == SSL3_ST_CW_CLNT_HELLO_B
 750 && !s->renegotiate
748 && TLS1_get_version(s) > TLS1_VERSION) 751 && TLS1_get_version(s) > TLS1_VERSION)
749 *(p++) = 0x1; 752 *(p++) = 0x1;
750 else 753 else
751 *(p++)=s->version&0xff; 754 *(p++)=s->version&0xff;
752 755
753 /* field where we are to write out packet length */ 756 /* field where we are to write out packet length */
754 plen=p;  757 plen=p;
755 p+=2; 758 p+=2;
756 /* Explicit IV length, block ciphers and TLS version 1.1 or later */ 759 /* Explicit IV length, block ciphers and TLS version 1.1 or later */
757 if (s->enc_write_ctx && s->version >= TLS1_1_VERSION) 760 if (s->enc_write_ctx && s->version >= TLS1_1_VERSION)
758 { 761 {
759 int mode = EVP_CIPHER_CTX_mode(s->enc_write_ctx); 762 int mode = EVP_CIPHER_CTX_mode(s->enc_write_ctx);
760 if (mode == EVP_CIPH_CBC_MODE) 763 if (mode == EVP_CIPH_CBC_MODE)
@@ -1229,27 +1232,27 @@ start: @@ -1229,27 +1232,27 @@ start:
1229 * renegotiatie it presumably had a good reason and 1232 * renegotiatie it presumably had a good reason and
1230 * expects it to succeed. 1233 * expects it to succeed.
1231 * 1234 *
1232 * In future we might have a renegotiation where we 1235 * In future we might have a renegotiation where we
1233 * don't care if the peer refused it where we carry on. 1236 * don't care if the peer refused it where we carry on.
1234 */ 1237 */
1235 else if (alert_descr == SSL_AD_NO_RENEGOTIATION) 1238 else if (alert_descr == SSL_AD_NO_RENEGOTIATION)
1236 { 1239 {
1237 al = SSL_AD_HANDSHAKE_FAILURE; 1240 al = SSL_AD_HANDSHAKE_FAILURE;
1238 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_NO_RENEGOTIATION); 1241 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_NO_RENEGOTIATION);
1239 goto f_err; 1242 goto f_err;
1240 } 1243 }
1241#ifdef SSL_AD_MISSING_SRP_USERNAME 1244#ifdef SSL_AD_MISSING_SRP_USERNAME
1242 if (alert_descr == SSL_AD_MISSING_SRP_USERNAME) 1245 else if (alert_descr == SSL_AD_MISSING_SRP_USERNAME)
1243 return(0); 1246 return(0);
1244#endif 1247#endif
1245 } 1248 }
1246 else if (alert_level == 2) /* fatal */ 1249 else if (alert_level == 2) /* fatal */
1247 { 1250 {
1248 char tmp[16]; 1251 char tmp[16];
1249 1252
1250 s->rwstate=SSL_NOTHING; 1253 s->rwstate=SSL_NOTHING;
1251 s->s3->fatal_alert = alert_descr; 1254 s->s3->fatal_alert = alert_descr;
1252 SSLerr(SSL_F_SSL3_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr); 1255 SSLerr(SSL_F_SSL3_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr);
1253 BIO_snprintf(tmp,sizeof tmp,"%d",alert_descr); 1256 BIO_snprintf(tmp,sizeof tmp,"%d",alert_descr);
1254 ERR_add_error_data(2,"SSL alert number ",tmp); 1257 ERR_add_error_data(2,"SSL alert number ",tmp);
1255 s->shutdown|=SSL_RECEIVED_SHUTDOWN; 1258 s->shutdown|=SSL_RECEIVED_SHUTDOWN;
cvs diff -r1.11 -r1.12 src/crypto/external/bsd/openssl/dist/ssl/Attic/s3_srvr.c (expand / switch to unified diff)

--- src/crypto/external/bsd/openssl/dist/ssl/Attic/s3_srvr.c 2012/07/26 19:58:39 1.11
+++ src/crypto/external/bsd/openssl/dist/ssl/Attic/s3_srvr.c 2013/02/05 21:31:27 1.12
@@ -181,27 +181,28 @@ static const SSL_METHOD *ssl3_get_server @@ -181,27 +181,28 @@ static const SSL_METHOD *ssl3_get_server
181 181
182#ifndef OPENSSL_NO_SRP 182#ifndef OPENSSL_NO_SRP
183static int ssl_check_srp_ext_ClientHello(SSL *s, int *al) 183static int ssl_check_srp_ext_ClientHello(SSL *s, int *al)
184 { 184 {
185 int ret = SSL_ERROR_NONE; 185 int ret = SSL_ERROR_NONE;
186 186
187 *al = SSL_AD_UNRECOGNIZED_NAME; 187 *al = SSL_AD_UNRECOGNIZED_NAME;
188 188
189 if ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) && 189 if ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) &&
190 (s->srp_ctx.TLS_ext_srp_username_callback != NULL)) 190 (s->srp_ctx.TLS_ext_srp_username_callback != NULL))
191 { 191 {
192 if(s->srp_ctx.login == NULL) 192 if(s->srp_ctx.login == NULL)
193 { 193 {
194 /* There isn't any srp login extension !!! */ 194 /* RFC 5054 says SHOULD reject,
 195 we do so if There is no srp login name */
195 ret = SSL3_AL_FATAL; 196 ret = SSL3_AL_FATAL;
196 *al = SSL_AD_UNKNOWN_PSK_IDENTITY; 197 *al = SSL_AD_UNKNOWN_PSK_IDENTITY;
197 } 198 }
198 else 199 else
199 { 200 {
200 ret = SSL_srp_server_param_with_username(s,al); 201 ret = SSL_srp_server_param_with_username(s,al);
201 } 202 }
202 } 203 }
203 return ret; 204 return ret;
204 } 205 }
205#endif 206#endif
206 207
207IMPLEMENT_ssl3_meth_func(SSLv3_server_method, 208IMPLEMENT_ssl3_meth_func(SSLv3_server_method,
@@ -368,26 +369,27 @@ int ssl3_accept(SSL *s) @@ -368,26 +369,27 @@ int ssl3_accept(SSL *s)
368 if (ret != SSL_ERROR_NONE) 369 if (ret != SSL_ERROR_NONE)
369 { 370 {
370 ssl3_send_alert(s,SSL3_AL_FATAL,al);  371 ssl3_send_alert(s,SSL3_AL_FATAL,al);
371 /* This is not really an error but the only means to 372 /* This is not really an error but the only means to
372 for a client to detect whether srp is supported. */ 373 for a client to detect whether srp is supported. */
373 if (al != TLS1_AD_UNKNOWN_PSK_IDENTITY)  374 if (al != TLS1_AD_UNKNOWN_PSK_IDENTITY)
374 SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_CLIENTHELLO_TLSEXT);  375 SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_CLIENTHELLO_TLSEXT);
375 ret = SSL_TLSEXT_ERR_ALERT_FATAL;  376 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
376 ret= -1; 377 ret= -1;
377 goto end;  378 goto end;
378 } 379 }
379 } 380 }
380#endif  381#endif
 382
381 s->renegotiate = 2; 383 s->renegotiate = 2;
382 s->state=SSL3_ST_SW_SRVR_HELLO_A; 384 s->state=SSL3_ST_SW_SRVR_HELLO_A;
383 s->init_num=0; 385 s->init_num=0;
384 break; 386 break;
385 387
386 case SSL3_ST_SW_SRVR_HELLO_A: 388 case SSL3_ST_SW_SRVR_HELLO_A:
387 case SSL3_ST_SW_SRVR_HELLO_B: 389 case SSL3_ST_SW_SRVR_HELLO_B:
388 ret=ssl3_send_server_hello(s); 390 ret=ssl3_send_server_hello(s);
389 if (ret <= 0) goto end; 391 if (ret <= 0) goto end;
390#ifndef OPENSSL_NO_TLSEXT 392#ifndef OPENSSL_NO_TLSEXT
391 if (s->hit) 393 if (s->hit)
392 { 394 {
393 if (s->tlsext_ticket_expected) 395 if (s->tlsext_ticket_expected)
@@ -1181,27 +1183,27 @@ int ssl3_get_client_hello(SSL *s) @@ -1181,27 +1183,27 @@ int ssl3_get_client_hello(SSL *s)
1181 } 1183 }
1182 1184
1183#ifndef OPENSSL_NO_TLSEXT 1185#ifndef OPENSSL_NO_TLSEXT
1184 /* TLS extensions*/ 1186 /* TLS extensions*/
1185 if (s->version >= SSL3_VERSION) 1187 if (s->version >= SSL3_VERSION)
1186 { 1188 {
1187 if (!ssl_parse_clienthello_tlsext(s,&p,d,n, &al)) 1189 if (!ssl_parse_clienthello_tlsext(s,&p,d,n, &al))
1188 { 1190 {
1189 /* 'al' set by ssl_parse_clienthello_tlsext */ 1191 /* 'al' set by ssl_parse_clienthello_tlsext */
1190 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_PARSE_TLSEXT); 1192 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_PARSE_TLSEXT);
1191 goto f_err; 1193 goto f_err;
1192 } 1194 }
1193 } 1195 }
1194 if (ssl_check_clienthello_tlsext(s) <= 0) { 1196 if (ssl_check_clienthello_tlsext_early(s) <= 0) {
1195 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT); 1197 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
1196 goto err; 1198 goto err;
1197 } 1199 }
1198 1200
1199 /* Check if we want to use external pre-shared secret for this 1201 /* Check if we want to use external pre-shared secret for this
1200 * handshake for not reused session only. We need to generate 1202 * handshake for not reused session only. We need to generate
1201 * server_random before calling tls_session_secret_cb in order to allow 1203 * server_random before calling tls_session_secret_cb in order to allow
1202 * SessionTicket processing to use it in key derivation. */ 1204 * SessionTicket processing to use it in key derivation. */
1203 { 1205 {
1204 unsigned long Time; 1206 unsigned long Time;
1205 unsigned char *pos; 1207 unsigned char *pos;
1206 Time=(unsigned long)time(NULL); /* Time */ 1208 Time=(unsigned long)time(NULL); /* Time */
1207 pos=s->s3->server_random; 1209 pos=s->s3->server_random;
@@ -1403,26 +1405,36 @@ int ssl3_get_client_hello(SSL *s) @@ -1403,26 +1405,36 @@ int ssl3_get_client_hello(SSL *s)
1403 } 1405 }
1404  1406
1405 /* we now have the following setup.  1407 /* we now have the following setup.
1406 * client_random 1408 * client_random
1407 * cipher_list - our prefered list of ciphers 1409 * cipher_list - our prefered list of ciphers
1408 * ciphers - the clients prefered list of ciphers 1410 * ciphers - the clients prefered list of ciphers
1409 * compression - basically ignored right now 1411 * compression - basically ignored right now
1410 * ssl version is set - sslv3 1412 * ssl version is set - sslv3
1411 * s->session - The ssl session has been setup. 1413 * s->session - The ssl session has been setup.
1412 * s->hit - session reuse flag 1414 * s->hit - session reuse flag
1413 * s->tmp.new_cipher - the new cipher to use. 1415 * s->tmp.new_cipher - the new cipher to use.
1414 */ 1416 */
1415 1417
 1418 /* Handles TLS extensions that we couldn't check earlier */
 1419 if (s->version >= SSL3_VERSION)
 1420 {
 1421 if (ssl_check_clienthello_tlsext_late(s) <= 0)
 1422 {
 1423 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT);
 1424 goto err;
 1425 }
 1426 }
 1427
1416 if (ret < 0) ret=1; 1428 if (ret < 0) ret=1;
1417 if (0) 1429 if (0)
1418 { 1430 {
1419f_err: 1431f_err:
1420 ssl3_send_alert(s,SSL3_AL_FATAL,al); 1432 ssl3_send_alert(s,SSL3_AL_FATAL,al);
1421 } 1433 }
1422err: 1434err:
1423 if (ciphers != NULL) sk_SSL_CIPHER_free(ciphers); 1435 if (ciphers != NULL) sk_SSL_CIPHER_free(ciphers);
1424 return(ret); 1436 return(ret);
1425 } 1437 }
1426 1438
1427int ssl3_send_server_hello(SSL *s) 1439int ssl3_send_server_hello(SSL *s)
1428 { 1440 {
cvs diff -r1.3 -r1.4 src/crypto/external/bsd/openssl/dist/ssl/Attic/ssl.h (expand / switch to unified diff)

--- src/crypto/external/bsd/openssl/dist/ssl/Attic/ssl.h 2012/07/26 19:58:39 1.3
+++ src/crypto/external/bsd/openssl/dist/ssl/Attic/ssl.h 2013/02/05 21:31:27 1.4
@@ -483,26 +483,29 @@ struct ssl_session_st @@ -483,26 +483,29 @@ struct ssl_session_st
483 * the appropriate context. It is up to the application to set this, 483 * the appropriate context. It is up to the application to set this,
484 * via SSL_new */ 484 * via SSL_new */
485 unsigned int sid_ctx_length; 485 unsigned int sid_ctx_length;
486 unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; 486 unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
487 487
488#ifndef OPENSSL_NO_KRB5 488#ifndef OPENSSL_NO_KRB5
489 unsigned int krb5_client_princ_len; 489 unsigned int krb5_client_princ_len;
490 unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH]; 490 unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH];
491#endif /* OPENSSL_NO_KRB5 */ 491#endif /* OPENSSL_NO_KRB5 */
492#ifndef OPENSSL_NO_PSK 492#ifndef OPENSSL_NO_PSK
493 char *psk_identity_hint; 493 char *psk_identity_hint;
494 char *psk_identity; 494 char *psk_identity;
495#endif 495#endif
 496 /* Used to indicate that session resumption is not allowed.
 497 * Applications can also set this bit for a new session via
 498 * not_resumable_session_cb to disable session caching and tickets. */
496 int not_resumable; 499 int not_resumable;
497 500
498 /* The cert is the certificate used to establish this connection */ 501 /* The cert is the certificate used to establish this connection */
499 struct sess_cert_st /* SESS_CERT */ *sess_cert; 502 struct sess_cert_st /* SESS_CERT */ *sess_cert;
500 503
501 /* This is the cert for the other end. 504 /* This is the cert for the other end.
502 * On clients, it will be the same as sess_cert->peer_key->x509 505 * On clients, it will be the same as sess_cert->peer_key->x509
503 * (the latter is not enough as sess_cert is not retained 506 * (the latter is not enough as sess_cert is not retained
504 * in the external representation of sessions, see ssl_asn1.c). */ 507 * in the external representation of sessions, see ssl_asn1.c). */
505 X509 *peer; 508 X509 *peer;
506 /* when app_verify_callback accepts a session where the peer's certificate 509 /* when app_verify_callback accepts a session where the peer's certificate
507 * is not ok, we must remember the error for session reuse: */ 510 * is not ok, we must remember the error for session reuse: */
508 long verify_result; /* only for servers */ 511 long verify_result; /* only for servers */
@@ -525,27 +528,27 @@ struct ssl_session_st @@ -525,27 +528,27 @@ struct ssl_session_st
525 /* These are used to make removal of session-ids more 528 /* These are used to make removal of session-ids more
526 * efficient and to implement a maximum cache size. */ 529 * efficient and to implement a maximum cache size. */
527 struct ssl_session_st *prev,*next; 530 struct ssl_session_st *prev,*next;
528#ifndef OPENSSL_NO_TLSEXT 531#ifndef OPENSSL_NO_TLSEXT
529 char *tlsext_hostname; 532 char *tlsext_hostname;
530#ifndef OPENSSL_NO_EC 533#ifndef OPENSSL_NO_EC
531 size_t tlsext_ecpointformatlist_length; 534 size_t tlsext_ecpointformatlist_length;
532 unsigned char *tlsext_ecpointformatlist; /* peer's list */ 535 unsigned char *tlsext_ecpointformatlist; /* peer's list */
533 size_t tlsext_ellipticcurvelist_length; 536 size_t tlsext_ellipticcurvelist_length;
534 unsigned char *tlsext_ellipticcurvelist; /* peer's list */ 537 unsigned char *tlsext_ellipticcurvelist; /* peer's list */
535#endif /* OPENSSL_NO_EC */ 538#endif /* OPENSSL_NO_EC */
536 /* RFC4507 info */ 539 /* RFC4507 info */
537 unsigned char *tlsext_tick; /* Session ticket */ 540 unsigned char *tlsext_tick; /* Session ticket */
538 size_t tlsext_ticklen; /* Session ticket length */  541 size_t tlsext_ticklen; /* Session ticket length */
539 long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */ 542 long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */
540#endif 543#endif
541#ifndef OPENSSL_NO_SRP 544#ifndef OPENSSL_NO_SRP
542 char *srp_username; 545 char *srp_username;
543#endif 546#endif
544 }; 547 };
545 548
546#endif 549#endif
547 550
548#define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L 551#define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L
549#define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L 552#define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L
550/* Allow initial connection to servers that don't support RI */ 553/* Allow initial connection to servers that don't support RI */
551#define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L 554#define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L
@@ -917,51 +920,53 @@ struct ssl_ctx_st @@ -917,51 +920,53 @@ struct ssl_ctx_st
917 unsigned char tlsext_tick_key_name[16]; 920 unsigned char tlsext_tick_key_name[16];
918 unsigned char tlsext_tick_hmac_key[16]; 921 unsigned char tlsext_tick_hmac_key[16];
919 unsigned char tlsext_tick_aes_key[16]; 922 unsigned char tlsext_tick_aes_key[16];
920 /* Callback to support customisation of ticket key setting */ 923 /* Callback to support customisation of ticket key setting */
921 int (*tlsext_ticket_key_cb)(SSL *ssl, 924 int (*tlsext_ticket_key_cb)(SSL *ssl,
922 unsigned char *name, unsigned char *iv, 925 unsigned char *name, unsigned char *iv,
923 EVP_CIPHER_CTX *ectx, 926 EVP_CIPHER_CTX *ectx,
924 HMAC_CTX *hctx, int enc); 927 HMAC_CTX *hctx, int enc);
925 928
926 /* certificate status request info */ 929 /* certificate status request info */
927 /* Callback for status request */ 930 /* Callback for status request */
928 int (*tlsext_status_cb)(SSL *ssl, void *arg); 931 int (*tlsext_status_cb)(SSL *ssl, void *arg);
929 void *tlsext_status_arg; 932 void *tlsext_status_arg;
 933
930 /* draft-rescorla-tls-opaque-prf-input-00.txt information */ 934 /* draft-rescorla-tls-opaque-prf-input-00.txt information */
931 int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput, size_t len, void *arg); 935 int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput, size_t len, void *arg);
932 void *tlsext_opaque_prf_input_callback_arg; 936 void *tlsext_opaque_prf_input_callback_arg;
933#endif 937#endif
934 938
935#ifndef OPENSSL_NO_PSK 939#ifndef OPENSSL_NO_PSK
936 char *psk_identity_hint; 940 char *psk_identity_hint;
937 unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, char *identity, 941 unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, char *identity,
938 unsigned int max_identity_len, unsigned char *psk, 942 unsigned int max_identity_len, unsigned char *psk,
939 unsigned int max_psk_len); 943 unsigned int max_psk_len);
940 unsigned int (*psk_server_callback)(SSL *ssl, const char *identity, 944 unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
941 unsigned char *psk, unsigned int max_psk_len); 945 unsigned char *psk, unsigned int max_psk_len);
942#endif 946#endif
943 947
944#ifndef OPENSSL_NO_BUF_FREELISTS 948#ifndef OPENSSL_NO_BUF_FREELISTS
945#define SSL_MAX_BUF_FREELIST_LEN_DEFAULT 32 949#define SSL_MAX_BUF_FREELIST_LEN_DEFAULT 32
946 unsigned int freelist_max_len; 950 unsigned int freelist_max_len;
947 struct ssl3_buf_freelist_st *wbuf_freelist; 951 struct ssl3_buf_freelist_st *wbuf_freelist;
948 struct ssl3_buf_freelist_st *rbuf_freelist; 952 struct ssl3_buf_freelist_st *rbuf_freelist;
949#endif 953#endif
950#ifndef OPENSSL_NO_SRP 954#ifndef OPENSSL_NO_SRP
951 SRP_CTX srp_ctx; /* ctx for SRP authentication */ 955 SRP_CTX srp_ctx; /* ctx for SRP authentication */
952#endif 956#endif
953 957
954#ifndef OPENSSL_NO_TLSEXT 958#ifndef OPENSSL_NO_TLSEXT
 959
955# ifndef OPENSSL_NO_NEXTPROTONEG 960# ifndef OPENSSL_NO_NEXTPROTONEG
956 /* Next protocol negotiation information */ 961 /* Next protocol negotiation information */
957 /* (for experimental NPN extension). */ 962 /* (for experimental NPN extension). */
958 963
959 /* For a server, this contains a callback function by which the set of 964 /* For a server, this contains a callback function by which the set of
960 * advertised protocols can be provided. */ 965 * advertised protocols can be provided. */
961 int (*next_protos_advertised_cb)(SSL *s, const unsigned char **buf, 966 int (*next_protos_advertised_cb)(SSL *s, const unsigned char **buf,
962 unsigned int *len, void *arg); 967 unsigned int *len, void *arg);
963 void *next_protos_advertised_cb_arg; 968 void *next_protos_advertised_cb_arg;
964 /* For a client, this contains a callback function that selects the 969 /* For a client, this contains a callback function that selects the
965 * next protocol from the list provided by the server. */ 970 * next protocol from the list provided by the server. */
966 int (*next_proto_select_cb)(SSL *s, unsigned char **out, 971 int (*next_proto_select_cb)(SSL *s, unsigned char **out,
967 unsigned char *outlen, 972 unsigned char *outlen,
@@ -2196,26 +2201,27 @@ void ERR_load_SSL_strings(void); @@ -2196,26 +2201,27 @@ void ERR_load_SSL_strings(void);
2196#define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE 220 2201#define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE 220
2197#define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 173 2202#define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 173
2198#define SSL_F_SSL_CTX_USE_PRIVATEKEY 174 2203#define SSL_F_SSL_CTX_USE_PRIVATEKEY 174
2199#define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 175 2204#define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 175
2200#define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 176 2205#define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 176
2201#define SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT 272 2206#define SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT 272
2202#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 177 2207#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 177
2203#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 178 2208#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 178
2204#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179 2209#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179
2205#define SSL_F_SSL_DO_HANDSHAKE 180 2210#define SSL_F_SSL_DO_HANDSHAKE 180
2206#define SSL_F_SSL_GET_NEW_SESSION 181 2211#define SSL_F_SSL_GET_NEW_SESSION 181
2207#define SSL_F_SSL_GET_PREV_SESSION 217 2212#define SSL_F_SSL_GET_PREV_SESSION 217
2208#define SSL_F_SSL_GET_SERVER_SEND_CERT 182 2213#define SSL_F_SSL_GET_SERVER_SEND_CERT 182
 2214#define SSL_F_SSL_GET_SERVER_SEND_PKEY 317
2209#define SSL_F_SSL_GET_SIGN_PKEY 183 2215#define SSL_F_SSL_GET_SIGN_PKEY 183
2210#define SSL_F_SSL_INIT_WBIO_BUFFER 184 2216#define SSL_F_SSL_INIT_WBIO_BUFFER 184
2211#define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185 2217#define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185
2212#define SSL_F_SSL_NEW 186 2218#define SSL_F_SSL_NEW 186
2213#define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 300 2219#define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 300
2214#define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 302 2220#define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 302
2215#define SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT 310 2221#define SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT 310
2216#define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT 301 2222#define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT 301
2217#define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 303 2223#define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 303
2218#define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT 311 2224#define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT 311
2219#define SSL_F_SSL_PEEK 270 2225#define SSL_F_SSL_PEEK 270
2220#define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT 281 2226#define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT 281
2221#define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT 282 2227#define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT 282
cvs diff -r1.3 -r1.4 src/crypto/external/bsd/openssl/dist/ssl/Attic/ssl3.h (expand / switch to unified diff)

--- src/crypto/external/bsd/openssl/dist/ssl/Attic/ssl3.h 2012/07/26 19:58:39 1.3
+++ src/crypto/external/bsd/openssl/dist/ssl/Attic/ssl3.h 2013/02/05 21:31:27 1.4
@@ -568,28 +568,30 @@ typedef struct ssl3_state_st @@ -568,28 +568,30 @@ typedef struct ssl3_state_st
568#define SSL3_ST_CR_SRVR_DONE_A (0x160|SSL_ST_CONNECT) 568#define SSL3_ST_CR_SRVR_DONE_A (0x160|SSL_ST_CONNECT)
569#define SSL3_ST_CR_SRVR_DONE_B (0x161|SSL_ST_CONNECT) 569#define SSL3_ST_CR_SRVR_DONE_B (0x161|SSL_ST_CONNECT)
570/* write to server */ 570/* write to server */
571#define SSL3_ST_CW_CERT_A (0x170|SSL_ST_CONNECT) 571#define SSL3_ST_CW_CERT_A (0x170|SSL_ST_CONNECT)
572#define SSL3_ST_CW_CERT_B (0x171|SSL_ST_CONNECT) 572#define SSL3_ST_CW_CERT_B (0x171|SSL_ST_CONNECT)
573#define SSL3_ST_CW_CERT_C (0x172|SSL_ST_CONNECT) 573#define SSL3_ST_CW_CERT_C (0x172|SSL_ST_CONNECT)
574#define SSL3_ST_CW_CERT_D (0x173|SSL_ST_CONNECT) 574#define SSL3_ST_CW_CERT_D (0x173|SSL_ST_CONNECT)
575#define SSL3_ST_CW_KEY_EXCH_A (0x180|SSL_ST_CONNECT) 575#define SSL3_ST_CW_KEY_EXCH_A (0x180|SSL_ST_CONNECT)
576#define SSL3_ST_CW_KEY_EXCH_B (0x181|SSL_ST_CONNECT) 576#define SSL3_ST_CW_KEY_EXCH_B (0x181|SSL_ST_CONNECT)
577#define SSL3_ST_CW_CERT_VRFY_A (0x190|SSL_ST_CONNECT) 577#define SSL3_ST_CW_CERT_VRFY_A (0x190|SSL_ST_CONNECT)
578#define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT) 578#define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT)
579#define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT) 579#define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT)
580#define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT) 580#define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT)
 581#ifndef OPENSSL_NO_NEXTPROTONEG
581#define SSL3_ST_CW_NEXT_PROTO_A (0x200|SSL_ST_CONNECT) 582#define SSL3_ST_CW_NEXT_PROTO_A (0x200|SSL_ST_CONNECT)
582#define SSL3_ST_CW_NEXT_PROTO_B (0x201|SSL_ST_CONNECT) 583#define SSL3_ST_CW_NEXT_PROTO_B (0x201|SSL_ST_CONNECT)
 584#endif
583#define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT) 585#define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT)
584#define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT) 586#define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT)
585/* read from server */ 587/* read from server */
586#define SSL3_ST_CR_CHANGE_A (0x1C0|SSL_ST_CONNECT) 588#define SSL3_ST_CR_CHANGE_A (0x1C0|SSL_ST_CONNECT)
587#define SSL3_ST_CR_CHANGE_B (0x1C1|SSL_ST_CONNECT) 589#define SSL3_ST_CR_CHANGE_B (0x1C1|SSL_ST_CONNECT)
588#define SSL3_ST_CR_FINISHED_A (0x1D0|SSL_ST_CONNECT) 590#define SSL3_ST_CR_FINISHED_A (0x1D0|SSL_ST_CONNECT)
589#define SSL3_ST_CR_FINISHED_B (0x1D1|SSL_ST_CONNECT) 591#define SSL3_ST_CR_FINISHED_B (0x1D1|SSL_ST_CONNECT)
590#define SSL3_ST_CR_SESSION_TICKET_A (0x1E0|SSL_ST_CONNECT) 592#define SSL3_ST_CR_SESSION_TICKET_A (0x1E0|SSL_ST_CONNECT)
591#define SSL3_ST_CR_SESSION_TICKET_B (0x1E1|SSL_ST_CONNECT) 593#define SSL3_ST_CR_SESSION_TICKET_B (0x1E1|SSL_ST_CONNECT)
592#define SSL3_ST_CR_CERT_STATUS_A (0x1F0|SSL_ST_CONNECT) 594#define SSL3_ST_CR_CERT_STATUS_A (0x1F0|SSL_ST_CONNECT)
593#define SSL3_ST_CR_CERT_STATUS_B (0x1F1|SSL_ST_CONNECT) 595#define SSL3_ST_CR_CERT_STATUS_B (0x1F1|SSL_ST_CONNECT)
594 596
595/* server */ 597/* server */
@@ -619,53 +621,57 @@ typedef struct ssl3_state_st @@ -619,53 +621,57 @@ typedef struct ssl3_state_st
619#define SSL3_ST_SW_CERT_REQ_A (0x160|SSL_ST_ACCEPT) 621#define SSL3_ST_SW_CERT_REQ_A (0x160|SSL_ST_ACCEPT)
620#define SSL3_ST_SW_CERT_REQ_B (0x161|SSL_ST_ACCEPT) 622#define SSL3_ST_SW_CERT_REQ_B (0x161|SSL_ST_ACCEPT)
621#define SSL3_ST_SW_SRVR_DONE_A (0x170|SSL_ST_ACCEPT) 623#define SSL3_ST_SW_SRVR_DONE_A (0x170|SSL_ST_ACCEPT)
622#define SSL3_ST_SW_SRVR_DONE_B (0x171|SSL_ST_ACCEPT) 624#define SSL3_ST_SW_SRVR_DONE_B (0x171|SSL_ST_ACCEPT)
623/* read from client */ 625/* read from client */
624#define SSL3_ST_SR_CERT_A (0x180|SSL_ST_ACCEPT) 626#define SSL3_ST_SR_CERT_A (0x180|SSL_ST_ACCEPT)
625#define SSL3_ST_SR_CERT_B (0x181|SSL_ST_ACCEPT) 627#define SSL3_ST_SR_CERT_B (0x181|SSL_ST_ACCEPT)
626#define SSL3_ST_SR_KEY_EXCH_A (0x190|SSL_ST_ACCEPT) 628#define SSL3_ST_SR_KEY_EXCH_A (0x190|SSL_ST_ACCEPT)
627#define SSL3_ST_SR_KEY_EXCH_B (0x191|SSL_ST_ACCEPT) 629#define SSL3_ST_SR_KEY_EXCH_B (0x191|SSL_ST_ACCEPT)
628#define SSL3_ST_SR_CERT_VRFY_A (0x1A0|SSL_ST_ACCEPT) 630#define SSL3_ST_SR_CERT_VRFY_A (0x1A0|SSL_ST_ACCEPT)
629#define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT) 631#define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT)
630#define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT) 632#define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT)
631#define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT) 633#define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT)
 634#ifndef OPENSSL_NO_NEXTPROTONEG
632#define SSL3_ST_SR_NEXT_PROTO_A (0x210|SSL_ST_ACCEPT) 635#define SSL3_ST_SR_NEXT_PROTO_A (0x210|SSL_ST_ACCEPT)
633#define SSL3_ST_SR_NEXT_PROTO_B (0x211|SSL_ST_ACCEPT) 636#define SSL3_ST_SR_NEXT_PROTO_B (0x211|SSL_ST_ACCEPT)
 637#endif
634#define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT) 638#define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT)
635#define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT) 639#define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT)
636/* write to client */ 640/* write to client */
637#define SSL3_ST_SW_CHANGE_A (0x1D0|SSL_ST_ACCEPT) 641#define SSL3_ST_SW_CHANGE_A (0x1D0|SSL_ST_ACCEPT)
638#define SSL3_ST_SW_CHANGE_B (0x1D1|SSL_ST_ACCEPT) 642#define SSL3_ST_SW_CHANGE_B (0x1D1|SSL_ST_ACCEPT)
639#define SSL3_ST_SW_FINISHED_A (0x1E0|SSL_ST_ACCEPT) 643#define SSL3_ST_SW_FINISHED_A (0x1E0|SSL_ST_ACCEPT)
640#define SSL3_ST_SW_FINISHED_B (0x1E1|SSL_ST_ACCEPT) 644#define SSL3_ST_SW_FINISHED_B (0x1E1|SSL_ST_ACCEPT)
641#define SSL3_ST_SW_SESSION_TICKET_A (0x1F0|SSL_ST_ACCEPT) 645#define SSL3_ST_SW_SESSION_TICKET_A (0x1F0|SSL_ST_ACCEPT)
642#define SSL3_ST_SW_SESSION_TICKET_B (0x1F1|SSL_ST_ACCEPT) 646#define SSL3_ST_SW_SESSION_TICKET_B (0x1F1|SSL_ST_ACCEPT)
643#define SSL3_ST_SW_CERT_STATUS_A (0x200|SSL_ST_ACCEPT) 647#define SSL3_ST_SW_CERT_STATUS_A (0x200|SSL_ST_ACCEPT)
644#define SSL3_ST_SW_CERT_STATUS_B (0x201|SSL_ST_ACCEPT) 648#define SSL3_ST_SW_CERT_STATUS_B (0x201|SSL_ST_ACCEPT)
645 649
646#define SSL3_MT_HELLO_REQUEST 0 650#define SSL3_MT_HELLO_REQUEST 0
647#define SSL3_MT_CLIENT_HELLO 1 651#define SSL3_MT_CLIENT_HELLO 1
648#define SSL3_MT_SERVER_HELLO 2 652#define SSL3_MT_SERVER_HELLO 2
649#define SSL3_MT_NEWSESSION_TICKET 4 653#define SSL3_MT_NEWSESSION_TICKET 4
650#define SSL3_MT_CERTIFICATE 11 654#define SSL3_MT_CERTIFICATE 11
651#define SSL3_MT_SERVER_KEY_EXCHANGE 12 655#define SSL3_MT_SERVER_KEY_EXCHANGE 12
652#define SSL3_MT_CERTIFICATE_REQUEST 13 656#define SSL3_MT_CERTIFICATE_REQUEST 13
653#define SSL3_MT_SERVER_DONE 14 657#define SSL3_MT_SERVER_DONE 14
654#define SSL3_MT_CERTIFICATE_VERIFY 15 658#define SSL3_MT_CERTIFICATE_VERIFY 15
655#define SSL3_MT_CLIENT_KEY_EXCHANGE 16 659#define SSL3_MT_CLIENT_KEY_EXCHANGE 16
656#define SSL3_MT_FINISHED 20 660#define SSL3_MT_FINISHED 20
657#define SSL3_MT_CERTIFICATE_STATUS 22 661#define SSL3_MT_CERTIFICATE_STATUS 22
 662#ifndef OPENSSL_NO_NEXTPROTONEG
658#define SSL3_MT_NEXT_PROTO 67 663#define SSL3_MT_NEXT_PROTO 67
 664#endif
659#define DTLS1_MT_HELLO_VERIFY_REQUEST 3 665#define DTLS1_MT_HELLO_VERIFY_REQUEST 3
660 666
661 667
662#define SSL3_MT_CCS 1 668#define SSL3_MT_CCS 1
663 669
664/* These are used when changing over to a new cipher */ 670/* These are used when changing over to a new cipher */
665#define SSL3_CC_READ 0x01 671#define SSL3_CC_READ 0x01
666#define SSL3_CC_WRITE 0x02 672#define SSL3_CC_WRITE 0x02
667#define SSL3_CC_CLIENT 0x10 673#define SSL3_CC_CLIENT 0x10
668#define SSL3_CC_SERVER 0x20 674#define SSL3_CC_SERVER 0x20
669#define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT|SSL3_CC_WRITE)  675#define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT|SSL3_CC_WRITE)
670#define SSL3_CHANGE_CIPHER_SERVER_READ (SSL3_CC_SERVER|SSL3_CC_READ) 676#define SSL3_CHANGE_CIPHER_SERVER_READ (SSL3_CC_SERVER|SSL3_CC_READ)
671#define SSL3_CHANGE_CIPHER_CLIENT_READ (SSL3_CC_CLIENT|SSL3_CC_READ) 677#define SSL3_CHANGE_CIPHER_CLIENT_READ (SSL3_CC_CLIENT|SSL3_CC_READ)
cvs diff -r1.3 -r1.4 src/crypto/external/bsd/openssl/dist/ssl/ssl_err.c (expand / switch to unified diff)

--- src/crypto/external/bsd/openssl/dist/ssl/ssl_err.c 2012/07/26 19:58:39 1.3
+++ src/crypto/external/bsd/openssl/dist/ssl/ssl_err.c 2013/02/05 21:31:27 1.4
@@ -218,26 +218,27 @@ static ERR_STRING_DATA SSL_str_functs[]= @@ -218,26 +218,27 @@ static ERR_STRING_DATA SSL_str_functs[]=
218{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE), "SSL_CTX_use_certificate_chain_file"}, 218{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE), "SSL_CTX_use_certificate_chain_file"},
219{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE), "SSL_CTX_use_certificate_file"}, 219{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE), "SSL_CTX_use_certificate_file"},
220{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY), "SSL_CTX_use_PrivateKey"}, 220{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY), "SSL_CTX_use_PrivateKey"},
221{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1), "SSL_CTX_use_PrivateKey_ASN1"}, 221{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1), "SSL_CTX_use_PrivateKey_ASN1"},
222{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE), "SSL_CTX_use_PrivateKey_file"}, 222{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE), "SSL_CTX_use_PrivateKey_file"},
223{ERR_FUNC(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT), "SSL_CTX_use_psk_identity_hint"}, 223{ERR_FUNC(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT), "SSL_CTX_use_psk_identity_hint"},
224{ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY), "SSL_CTX_use_RSAPrivateKey"}, 224{ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY), "SSL_CTX_use_RSAPrivateKey"},
225{ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1), "SSL_CTX_use_RSAPrivateKey_ASN1"}, 225{ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1), "SSL_CTX_use_RSAPrivateKey_ASN1"},
226{ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE), "SSL_CTX_use_RSAPrivateKey_file"}, 226{ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE), "SSL_CTX_use_RSAPrivateKey_file"},
227{ERR_FUNC(SSL_F_SSL_DO_HANDSHAKE), "SSL_do_handshake"}, 227{ERR_FUNC(SSL_F_SSL_DO_HANDSHAKE), "SSL_do_handshake"},
228{ERR_FUNC(SSL_F_SSL_GET_NEW_SESSION), "SSL_GET_NEW_SESSION"}, 228{ERR_FUNC(SSL_F_SSL_GET_NEW_SESSION), "SSL_GET_NEW_SESSION"},
229{ERR_FUNC(SSL_F_SSL_GET_PREV_SESSION), "SSL_GET_PREV_SESSION"}, 229{ERR_FUNC(SSL_F_SSL_GET_PREV_SESSION), "SSL_GET_PREV_SESSION"},
230{ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_CERT), "SSL_GET_SERVER_SEND_CERT"}, 230{ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_CERT), "SSL_GET_SERVER_SEND_CERT"},
 231{ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_PKEY), "SSL_GET_SERVER_SEND_PKEY"},
231{ERR_FUNC(SSL_F_SSL_GET_SIGN_PKEY), "SSL_GET_SIGN_PKEY"}, 232{ERR_FUNC(SSL_F_SSL_GET_SIGN_PKEY), "SSL_GET_SIGN_PKEY"},
232{ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER), "SSL_INIT_WBIO_BUFFER"}, 233{ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER), "SSL_INIT_WBIO_BUFFER"},
233{ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_load_client_CA_file"}, 234{ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_load_client_CA_file"},
234{ERR_FUNC(SSL_F_SSL_NEW), "SSL_new"}, 235{ERR_FUNC(SSL_F_SSL_NEW), "SSL_new"},
235{ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT), "SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT"}, 236{ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT), "SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT"},
236{ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT), "SSL_PARSE_CLIENTHELLO_TLSEXT"}, 237{ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT), "SSL_PARSE_CLIENTHELLO_TLSEXT"},
237{ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT), "SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT"}, 238{ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT), "SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT"},
238{ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT), "SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT"}, 239{ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT), "SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT"},
239{ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT), "SSL_PARSE_SERVERHELLO_TLSEXT"}, 240{ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT), "SSL_PARSE_SERVERHELLO_TLSEXT"},
240{ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT), "SSL_PARSE_SERVERHELLO_USE_SRTP_EXT"}, 241{ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT), "SSL_PARSE_SERVERHELLO_USE_SRTP_EXT"},
241{ERR_FUNC(SSL_F_SSL_PEEK), "SSL_peek"}, 242{ERR_FUNC(SSL_F_SSL_PEEK), "SSL_peek"},
242{ERR_FUNC(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT), "SSL_PREPARE_CLIENTHELLO_TLSEXT"}, 243{ERR_FUNC(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT), "SSL_PREPARE_CLIENTHELLO_TLSEXT"},
243{ERR_FUNC(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT), "SSL_PREPARE_SERVERHELLO_TLSEXT"}, 244{ERR_FUNC(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT), "SSL_PREPARE_SERVERHELLO_TLSEXT"},
cvs diff -r1.7 -r1.8 src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c (expand / switch to unified diff)

--- src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c 2012/07/27 21:22:55 1.7
+++ src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c 2013/02/05 21:31:27 1.8
@@ -1067,27 +1067,28 @@ int ssl_parse_clienthello_tlsext(SSL *s, @@ -1067,27 +1067,28 @@ int ssl_parse_clienthello_tlsext(SSL *s,
1067 sdata = s->session->tlsext_ecpointformatlist; 1067 sdata = s->session->tlsext_ecpointformatlist;
1068 for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++) 1068 for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++)
1069 fprintf(stderr,"%i ",*(sdata++)); 1069 fprintf(stderr,"%i ",*(sdata++));
1070 fprintf(stderr,"\n"); 1070 fprintf(stderr,"\n");
1071#endif 1071#endif
1072 } 1072 }
1073 else if (type == TLSEXT_TYPE_elliptic_curves && 1073 else if (type == TLSEXT_TYPE_elliptic_curves &&
1074 s->version != DTLS1_VERSION) 1074 s->version != DTLS1_VERSION)
1075 { 1075 {
1076 unsigned char *sdata = data; 1076 unsigned char *sdata = data;
1077 int ellipticcurvelist_length = (*(sdata++) << 8); 1077 int ellipticcurvelist_length = (*(sdata++) << 8);
1078 ellipticcurvelist_length += (*(sdata++)); 1078 ellipticcurvelist_length += (*(sdata++));
1079 1079
1080 if (ellipticcurvelist_length != size - 2) 1080 if (ellipticcurvelist_length != size - 2 ||
 1081 ellipticcurvelist_length < 1)
1081 { 1082 {
1082 *al = TLS1_AD_DECODE_ERROR; 1083 *al = TLS1_AD_DECODE_ERROR;
1083 return 0; 1084 return 0;
1084 } 1085 }
1085 if (!s->hit) 1086 if (!s->hit)
1086 { 1087 {
1087 if(s->session->tlsext_ellipticcurvelist) 1088 if(s->session->tlsext_ellipticcurvelist)
1088 { 1089 {
1089 *al = TLS1_AD_DECODE_ERROR; 1090 *al = TLS1_AD_DECODE_ERROR;
1090 return 0; 1091 return 0;
1091 } 1092 }
1092 s->session->tlsext_ellipticcurvelist_length = 0; 1093 s->session->tlsext_ellipticcurvelist_length = 0;
1093 if ((s->session->tlsext_ellipticcurvelist = OPENSSL_malloc(ellipticcurvelist_length)) == NULL) 1094 if ((s->session->tlsext_ellipticcurvelist = OPENSSL_malloc(ellipticcurvelist_length)) == NULL)
@@ -1423,27 +1424,28 @@ int ssl_parse_serverhello_tlsext(SSL *s, @@ -1423,27 +1424,28 @@ int ssl_parse_serverhello_tlsext(SSL *s,
1423 *al = TLS1_AD_UNRECOGNIZED_NAME; 1424 *al = TLS1_AD_UNRECOGNIZED_NAME;
1424 return 0; 1425 return 0;
1425 } 1426 }
1426 tlsext_servername = 1;  1427 tlsext_servername = 1;
1427 } 1428 }
1428 1429
1429#ifndef OPENSSL_NO_EC 1430#ifndef OPENSSL_NO_EC
1430 else if (type == TLSEXT_TYPE_ec_point_formats && 1431 else if (type == TLSEXT_TYPE_ec_point_formats &&
1431 s->version != DTLS1_VERSION) 1432 s->version != DTLS1_VERSION)
1432 { 1433 {
1433 unsigned char *sdata = data; 1434 unsigned char *sdata = data;
1434 int ecpointformatlist_length = *(sdata++); 1435 int ecpointformatlist_length = *(sdata++);
1435 1436
1436 if (ecpointformatlist_length != size - 1) 1437 if (ecpointformatlist_length != size - 1 ||
 1438 ecpointformatlist_length < 1)
1437 { 1439 {
1438 *al = TLS1_AD_DECODE_ERROR; 1440 *al = TLS1_AD_DECODE_ERROR;
1439 return 0; 1441 return 0;
1440 } 1442 }
1441 s->session->tlsext_ecpointformatlist_length = 0; 1443 s->session->tlsext_ecpointformatlist_length = 0;
1442 if (s->session->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->session->tlsext_ecpointformatlist); 1444 if (s->session->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->session->tlsext_ecpointformatlist);
1443 if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL) 1445 if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL)
1444 { 1446 {
1445 *al = TLS1_AD_INTERNAL_ERROR; 1447 *al = TLS1_AD_INTERNAL_ERROR;
1446 return 0; 1448 return 0;
1447 } 1449 }
1448 s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length; 1450 s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length;
1449 memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length); 1451 memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length);
@@ -1753,81 +1755,51 @@ int ssl_prepare_serverhello_tlsext(SSL * @@ -1753,81 +1755,51 @@ int ssl_prepare_serverhello_tlsext(SSL *
1753 SSLerr(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT,ERR_R_MALLOC_FAILURE); 1755 SSLerr(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT,ERR_R_MALLOC_FAILURE);
1754 return -1; 1756 return -1;
1755 } 1757 }
1756 s->tlsext_ecpointformatlist_length = 3; 1758 s->tlsext_ecpointformatlist_length = 3;
1757 s->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_uncompressed; 1759 s->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_uncompressed;
1758 s->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime; 1760 s->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
1759 s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2; 1761 s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
1760 } 1762 }
1761#endif /* OPENSSL_NO_EC */ 1763#endif /* OPENSSL_NO_EC */
1762 1764
1763 return 1; 1765 return 1;
1764 } 1766 }
1765 1767
1766int ssl_check_clienthello_tlsext(SSL *s) 1768int ssl_check_clienthello_tlsext_early(SSL *s)
1767 { 1769 {
1768 int ret=SSL_TLSEXT_ERR_NOACK; 1770 int ret=SSL_TLSEXT_ERR_NOACK;
1769 int al = SSL_AD_UNRECOGNIZED_NAME; 1771 int al = SSL_AD_UNRECOGNIZED_NAME;
1770 1772
1771#ifndef OPENSSL_NO_EC 1773#ifndef OPENSSL_NO_EC
1772 /* The handling of the ECPointFormats extension is done elsewhere, namely in  1774 /* The handling of the ECPointFormats extension is done elsewhere, namely in
1773 * ssl3_choose_cipher in s3_lib.c. 1775 * ssl3_choose_cipher in s3_lib.c.
1774 */ 1776 */
1775 /* The handling of the EllipticCurves extension is done elsewhere, namely in  1777 /* The handling of the EllipticCurves extension is done elsewhere, namely in
1776 * ssl3_choose_cipher in s3_lib.c. 1778 * ssl3_choose_cipher in s3_lib.c.
1777 */ 1779 */
1778#endif 1780#endif
1779 1781
1780 if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0)  1782 if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0)
1781 ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg); 1783 ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg);
1782 else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0)  1784 else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0)
1783 ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg); 1785 ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg);
1784 1786
1785 /* If status request then ask callback what to do. 
1786 * Note: this must be called after servername callbacks in case  
1787 * the certificate has changed. 
1788 */ 
1789 if ((s->tlsext_status_type != -1) && s->ctx && s->ctx->tlsext_status_cb) 
1790 { 
1791 int r; 
1792 r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); 
1793 switch (r) 
1794 { 
1795 /* We don't want to send a status request response */ 
1796 case SSL_TLSEXT_ERR_NOACK: 
1797 s->tlsext_status_expected = 0; 
1798 break; 
1799 /* status request response should be sent */ 
1800 case SSL_TLSEXT_ERR_OK: 
1801 if (s->tlsext_ocsp_resp) 
1802 s->tlsext_status_expected = 1; 
1803 else 
1804 s->tlsext_status_expected = 0; 
1805 break; 
1806 /* something bad happened */ 
1807 case SSL_TLSEXT_ERR_ALERT_FATAL: 
1808 ret = SSL_TLSEXT_ERR_ALERT_FATAL; 
1809 al = SSL_AD_INTERNAL_ERROR; 
1810 goto err; 
1811 } 
1812 } 
1813 else 
1814 s->tlsext_status_expected = 0; 
1815 
1816#ifdef TLSEXT_TYPE_opaque_prf_input 1787#ifdef TLSEXT_TYPE_opaque_prf_input
1817 { 1788 {
1818 /* This sort of belongs into ssl_prepare_serverhello_tlsext(), 1789 /* This sort of belongs into ssl_prepare_serverhello_tlsext(),
1819 * but we might be sending an alert in response to the client hello, 1790 * but we might be sending an alert in response to the client hello,
1820 * so this has to happen here in ssl_check_clienthello_tlsext(). */ 1791 * so this has to happen here in
 1792 * ssl_check_clienthello_tlsext_early(). */
1821 1793
1822 int r = 1; 1794 int r = 1;
1823  1795
1824 if (s->ctx->tlsext_opaque_prf_input_callback != 0) 1796 if (s->ctx->tlsext_opaque_prf_input_callback != 0)
1825 { 1797 {
1826 r = s->ctx->tlsext_opaque_prf_input_callback(s, NULL, 0, s->ctx->tlsext_opaque_prf_input_callback_arg); 1798 r = s->ctx->tlsext_opaque_prf_input_callback(s, NULL, 0, s->ctx->tlsext_opaque_prf_input_callback_arg);
1827 if (!r) 1799 if (!r)
1828 { 1800 {
1829 ret = SSL_TLSEXT_ERR_ALERT_FATAL; 1801 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
1830 al = SSL_AD_INTERNAL_ERROR; 1802 al = SSL_AD_INTERNAL_ERROR;
1831 goto err; 1803 goto err;
1832 } 1804 }
1833 } 1805 }
@@ -1859,45 +1831,110 @@ int ssl_check_clienthello_tlsext(SSL *s) @@ -1859,45 +1831,110 @@ int ssl_check_clienthello_tlsext(SSL *s)
1859 } 1831 }
1860 1832
1861 if (r == 2 && s->s3->server_opaque_prf_input == NULL) 1833 if (r == 2 && s->s3->server_opaque_prf_input == NULL)
1862 { 1834 {
1863 /* The callback wants to enforce use of the extension, 1835 /* The callback wants to enforce use of the extension,
1864 * but we can't do that with the client opaque PRF input; 1836 * but we can't do that with the client opaque PRF input;
1865 * abort the handshake. 1837 * abort the handshake.
1866 */ 1838 */
1867 ret = SSL_TLSEXT_ERR_ALERT_FATAL; 1839 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
1868 al = SSL_AD_HANDSHAKE_FAILURE; 1840 al = SSL_AD_HANDSHAKE_FAILURE;
1869 } 1841 }
1870 } 1842 }
1871 1843
1872#endif 
1873 err: 1844 err:
 1845#endif
1874 switch (ret) 1846 switch (ret)
1875 { 1847 {
1876 case SSL_TLSEXT_ERR_ALERT_FATAL: 1848 case SSL_TLSEXT_ERR_ALERT_FATAL:
1877 ssl3_send_alert(s,SSL3_AL_FATAL,al);  1849 ssl3_send_alert(s,SSL3_AL_FATAL,al);
1878 return -1; 1850 return -1;
1879 1851
1880 case SSL_TLSEXT_ERR_ALERT_WARNING: 1852 case SSL_TLSEXT_ERR_ALERT_WARNING:
1881 ssl3_send_alert(s,SSL3_AL_WARNING,al); 1853 ssl3_send_alert(s,SSL3_AL_WARNING,al);
1882 return 1;  1854 return 1;
1883  1855
1884 case SSL_TLSEXT_ERR_NOACK: 1856 case SSL_TLSEXT_ERR_NOACK:
1885 s->servername_done=0; 1857 s->servername_done=0;
1886 default: 1858 default:
1887 return 1; 1859 return 1;
1888 } 1860 }
1889 } 1861 }
1890 1862
 1863int ssl_check_clienthello_tlsext_late(SSL *s)
 1864 {
 1865 int ret = SSL_TLSEXT_ERR_OK;
 1866 int al;
 1867
 1868 /* If status request then ask callback what to do.
 1869 * Note: this must be called after servername callbacks in case
 1870 * the certificate has changed, and must be called after the cipher
 1871 * has been chosen because this may influence which certificate is sent
 1872 */
 1873 if ((s->tlsext_status_type != -1) && s->ctx && s->ctx->tlsext_status_cb)
 1874 {
 1875 int r;
 1876 CERT_PKEY *certpkey;
 1877 certpkey = ssl_get_server_send_pkey(s);
 1878 /* If no certificate can't return certificate status */
 1879 if (certpkey == NULL)
 1880 {
 1881 s->tlsext_status_expected = 0;
 1882 return 1;
 1883 }
 1884 /* Set current certificate to one we will use so
 1885 * SSL_get_certificate et al can pick it up.
 1886 */
 1887 s->cert->key = certpkey;
 1888 r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
 1889 switch (r)
 1890 {
 1891 /* We don't want to send a status request response */
 1892 case SSL_TLSEXT_ERR_NOACK:
 1893 s->tlsext_status_expected = 0;
 1894 break;
 1895 /* status request response should be sent */
 1896 case SSL_TLSEXT_ERR_OK:
 1897 if (s->tlsext_ocsp_resp)
 1898 s->tlsext_status_expected = 1;
 1899 else
 1900 s->tlsext_status_expected = 0;
 1901 break;
 1902 /* something bad happened */
 1903 case SSL_TLSEXT_ERR_ALERT_FATAL:
 1904 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
 1905 al = SSL_AD_INTERNAL_ERROR;
 1906 goto err;
 1907 }
 1908 }
 1909 else
 1910 s->tlsext_status_expected = 0;
 1911
 1912 err:
 1913 switch (ret)
 1914 {
 1915 case SSL_TLSEXT_ERR_ALERT_FATAL:
 1916 ssl3_send_alert(s,SSL3_AL_FATAL,al);
 1917 return -1;
 1918
 1919 case SSL_TLSEXT_ERR_ALERT_WARNING:
 1920 ssl3_send_alert(s,SSL3_AL_WARNING,al);
 1921 return 1;
 1922
 1923 default:
 1924 return 1;
 1925 }
 1926 }
 1927
1891int ssl_check_serverhello_tlsext(SSL *s) 1928int ssl_check_serverhello_tlsext(SSL *s)
1892 { 1929 {
1893 int ret=SSL_TLSEXT_ERR_NOACK; 1930 int ret=SSL_TLSEXT_ERR_NOACK;
1894 int al = SSL_AD_UNRECOGNIZED_NAME; 1931 int al = SSL_AD_UNRECOGNIZED_NAME;
1895 1932
1896#ifndef OPENSSL_NO_EC 1933#ifndef OPENSSL_NO_EC
1897 /* If we are client and using an elliptic curve cryptography cipher 1934 /* If we are client and using an elliptic curve cryptography cipher
1898 * suite, then if server returns an EC point formats lists extension 1935 * suite, then if server returns an EC point formats lists extension
1899 * it must contain uncompressed. 1936 * it must contain uncompressed.
1900 */ 1937 */
1901 unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 1938 unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
1902 unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth; 1939 unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
1903 if ((s->tlsext_ecpointformatlist != NULL) && (s->tlsext_ecpointformatlist_length > 0) &&  1940 if ((s->tlsext_ecpointformatlist != NULL) && (s->tlsext_ecpointformatlist_length > 0) &&
@@ -2179,27 +2216,27 @@ static int tls_decrypt_ticket(SSL *s, co @@ -2179,27 +2216,27 @@ static int tls_decrypt_ticket(SSL *s, co
2179 * integrity checks on ticket. 2216 * integrity checks on ticket.
2180 */ 2217 */
2181 mlen = HMAC_size(&hctx); 2218 mlen = HMAC_size(&hctx);
2182 if (mlen < 0) 2219 if (mlen < 0)
2183 { 2220 {
2184 EVP_CIPHER_CTX_cleanup(&ctx); 2221 EVP_CIPHER_CTX_cleanup(&ctx);
2185 return -1; 2222 return -1;
2186 } 2223 }
2187 eticklen -= mlen; 2224 eticklen -= mlen;
2188 /* Check HMAC of encrypted ticket */ 2225 /* Check HMAC of encrypted ticket */
2189 HMAC_Update(&hctx, etick, eticklen); 2226 HMAC_Update(&hctx, etick, eticklen);
2190 HMAC_Final(&hctx, tick_hmac, NULL); 2227 HMAC_Final(&hctx, tick_hmac, NULL);
2191 HMAC_CTX_cleanup(&hctx); 2228 HMAC_CTX_cleanup(&hctx);
2192 if (memcmp(tick_hmac, etick + eticklen, mlen)) 2229 if (CRYPTO_memcmp(tick_hmac, etick + eticklen, mlen))
2193 return 2; 2230 return 2;
2194 /* Attempt to decrypt session data */ 2231 /* Attempt to decrypt session data */
2195 /* Move p after IV to start of encrypted ticket, update length */ 2232 /* Move p after IV to start of encrypted ticket, update length */
2196 p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx); 2233 p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx);
2197 eticklen -= 16 + EVP_CIPHER_CTX_iv_length(&ctx); 2234 eticklen -= 16 + EVP_CIPHER_CTX_iv_length(&ctx);
2198 sdec = OPENSSL_malloc(eticklen); 2235 sdec = OPENSSL_malloc(eticklen);
2199 if (!sdec) 2236 if (!sdec)
2200 { 2237 {
2201 EVP_CIPHER_CTX_cleanup(&ctx); 2238 EVP_CIPHER_CTX_cleanup(&ctx);
2202 return -1; 2239 return -1;
2203 } 2240 }
2204 EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen); 2241 EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen);
2205 if (EVP_DecryptFinal(&ctx, sdec + slen, &mlen) <= 0) 2242 if (EVP_DecryptFinal(&ctx, sdec + slen, &mlen) <= 0)
@@ -2404,38 +2441,38 @@ int tls1_process_sigalgs(SSL *s, const u @@ -2404,38 +2441,38 @@ int tls1_process_sigalgs(SSL *s, const u
2404 if (idx == SSL_PKEY_RSA_SIGN) 2441 if (idx == SSL_PKEY_RSA_SIGN)
2405 c->pkeys[SSL_PKEY_RSA_ENC].digest = md; 2442 c->pkeys[SSL_PKEY_RSA_ENC].digest = md;
2406 } 2443 }
2407 } 2444 }
2408 2445
2409 } 2446 }
2410 2447
2411 2448
2412 /* Set any remaining keys to default values. NOTE: if alg is not 2449 /* Set any remaining keys to default values. NOTE: if alg is not
2413 * supported it stays as NULL. 2450 * supported it stays as NULL.
2414 */ 2451 */
2415#ifndef OPENSSL_NO_DSA 2452#ifndef OPENSSL_NO_DSA
2416 if (!c->pkeys[SSL_PKEY_DSA_SIGN].digest) 2453 if (!c->pkeys[SSL_PKEY_DSA_SIGN].digest)
2417 c->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_dss1(); 2454 c->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1();
2418#endif 2455#endif
2419#ifndef OPENSSL_NO_RSA 2456#ifndef OPENSSL_NO_RSA
2420 if (!c->pkeys[SSL_PKEY_RSA_SIGN].digest) 2457 if (!c->pkeys[SSL_PKEY_RSA_SIGN].digest)
2421 { 2458 {
2422 c->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1(); 2459 c->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1();
2423 c->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1(); 2460 c->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1();
2424 } 2461 }
2425#endif 2462#endif
2426#ifndef OPENSSL_NO_ECDSA 2463#ifndef OPENSSL_NO_ECDSA
2427 if (!c->pkeys[SSL_PKEY_ECC].digest) 2464 if (!c->pkeys[SSL_PKEY_ECC].digest)
2428 c->pkeys[SSL_PKEY_ECC].digest = EVP_ecdsa(); 2465 c->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
2429#endif 2466#endif
2430 return 1; 2467 return 1;
2431 } 2468 }
2432 2469
2433#endif 2470#endif
2434 2471
2435#ifndef OPENSSL_NO_HEARTBEATS 2472#ifndef OPENSSL_NO_HEARTBEATS
2436int 2473int
2437tls1_process_heartbeat(SSL *s) 2474tls1_process_heartbeat(SSL *s)
2438 { 2475 {
2439 unsigned char *p = &s->s3->rrec.data[0], *pl; 2476 unsigned char *p = &s->s3->rrec.data[0], *pl;
2440 unsigned short hbtype; 2477 unsigned short hbtype;
2441 unsigned int payload; 2478 unsigned int payload;